From b7acfff8e75af537fdcb6c1f4e902ea81b095b29 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 8 May 2020 18:41:03 -0400 Subject: [PATCH 001/399] Fix OPENSSL_TSAN typo. We weren't actually reducing MAX_BLINDINGS_PER_RSA under TSan. Change-Id: Ib33dc1a1c0312bd3309a64f2600ec4d6e2ec9ddb Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41324 Commit-Queue: Steven Valdez Reviewed-by: Steven Valdez --- crypto/fipsmodule/rsa/rsa_impl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/fipsmodule/rsa/rsa_impl.c b/crypto/fipsmodule/rsa/rsa_impl.c index 81b5aa3895..2d9a9c9fa9 100644 --- a/crypto/fipsmodule/rsa/rsa_impl.c +++ b/crypto/fipsmodule/rsa/rsa_impl.c @@ -346,7 +346,7 @@ int RSA_encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, // MAX_BLINDINGS_PER_RSA defines the maximum number of cached BN_BLINDINGs per // RSA*. Then this limit is exceeded, BN_BLINDING objects will be created and // destroyed as needed. -#if defined(OPNESSL_TSAN) +#if defined(OPENSSL_TSAN) // Smaller under TSAN so that the edge case can be hit with fewer threads. #define MAX_BLINDINGS_PER_RSA 2 #else From be28dd623f0d6eb3a97ebc428f8cdc7f6bf4e8f4 Mon Sep 17 00:00:00 2001 From: Nick Harper Date: Wed, 13 May 2020 16:29:59 -0700 Subject: [PATCH 002/399] Add missing header to ec/wnaf.c a810d82 added calls to OPENSSL_malloc in this file, but openssl/mem.h was missing. Change-Id: I77e19e61e92b1e73702cb3eb93b9c6e22aca9596 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41344 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- crypto/fipsmodule/ec/wnaf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/fipsmodule/ec/wnaf.c b/crypto/fipsmodule/ec/wnaf.c index ff90dcd028..65cc89459e 100644 --- a/crypto/fipsmodule/ec/wnaf.c +++ b/crypto/fipsmodule/ec/wnaf.c @@ -72,6 +72,7 @@ #include #include +#include #include #include "internal.h" From 9cf9d3eb0681e0522db89ef5178c7bf8d5e7977f Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 8 May 2020 18:28:07 -0400 Subject: [PATCH 003/399] Still query getauxval if reading /proc/cpuinfo fails. If BoringSSL is used in a sandbox without /proc/cpuinfo, we will silently act as if the CPU is missing capabilities, even though getauxval may be available. We use /proc/cpuinfo to work around a missing AT_HWCAP2 and ignore a particular broken CPU. Ignoring the former fails closed, so it's safe to proceed. The latter fails closed, but it is now vanishingly rare (even missing AT_HWCAP2 has largely dropped off), so instead proceed with getauxval. This makes the /proc paths largely optional. Change-Id: Ib198c4f78ccdae874d55669b6a7508dfbeac0f44 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41325 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/cpu-arm-linux.c | 12 +++++++----- crypto/cpu-arm-linux_test.cc | 7 +++++++ 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/crypto/cpu-arm-linux.c b/crypto/cpu-arm-linux.c index ed30715ba2..c9d771ffee 100644 --- a/crypto/cpu-arm-linux.c +++ b/crypto/cpu-arm-linux.c @@ -146,11 +146,13 @@ extern uint32_t OPENSSL_armcap_P; static int g_has_broken_neon, g_needs_hwcap2_workaround; void OPENSSL_cpuid_setup(void) { - char *cpuinfo_data; - size_t cpuinfo_len; - if (!read_file(&cpuinfo_data, &cpuinfo_len, "/proc/cpuinfo")) { - return; - } + // We ignore the return value of |read_file| and proceed with an empty + // /proc/cpuinfo on error. If |getauxval| works, we will still detect + // capabilities. There may be a false positive due to + // |crypto_cpuinfo_has_broken_neon|, but this is now rare. + char *cpuinfo_data = NULL; + size_t cpuinfo_len = 0; + read_file(&cpuinfo_data, &cpuinfo_len, "/proc/cpuinfo"); STRING_PIECE cpuinfo; cpuinfo.data = cpuinfo_data; cpuinfo.len = cpuinfo_len; diff --git a/crypto/cpu-arm-linux_test.cc b/crypto/cpu-arm-linux_test.cc index 2b5bc1108c..0472537fc7 100644 --- a/crypto/cpu-arm-linux_test.cc +++ b/crypto/cpu-arm-linux_test.cc @@ -220,6 +220,13 @@ TEST(ARMLinuxTest, CPUInfo) { 0, false, }, + // If opening /proc/cpuinfo fails, we process the empty string. + { + "", + 0, + 0, + false, + }, }; for (const auto &t : kTests) { From 3e4dfbb2f81493e1f25b3ce83fee3ed999373a6c Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 21 Apr 2020 17:29:50 -0400 Subject: [PATCH 004/399] Add CRYPTO_pre_sandbox_init. The intent is to replace the logic in [0] and allows Chromium to set up the MADV_WIPEONFORK page without increasing sandbox syscall surface. From there we can remove RAND_set_urandom_fd and trim a bit of complexity from the PRNG logic. [0] https://source.chromium.org/chromium/chromium/src/+/master:content/app/content_main_runner_impl.cc;l=333-341;drc=975850fa57e140ec696114477e9416a19f06d29f Change-Id: I9b679e15da551a10302389556c6c77d192be662a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41326 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- README.md | 1 + SANDBOXING.md | 133 ++++++++++++++++++++++++++++++ crypto/crypto.c | 11 +++ crypto/fipsmodule/rand/internal.h | 6 ++ crypto/fipsmodule/rand/urandom.c | 8 +- crypto/thread_test.cc | 29 +++++++ include/openssl/crypto.h | 8 ++ 7 files changed, 194 insertions(+), 2 deletions(-) create mode 100644 SANDBOXING.md diff --git a/README.md b/README.md index 5d116c00f3..2a99b60b72 100644 --- a/README.md +++ b/README.md @@ -39,3 +39,4 @@ There are other files in this directory which might be helpful: * [FUZZING.md](/FUZZING.md): information about fuzzing BoringSSL. * [CONTRIBUTING.md](/CONTRIBUTING.md): how to contribute to BoringSSL. * [BREAKING-CHANGES.md](/BREAKING-CHANGES.md): notes on potentially-breaking changes. + * [SANDBOXING.md](/SANDBOXING.md): notes on using BoringSSL in a sandboxed environment. diff --git a/SANDBOXING.md b/SANDBOXING.md new file mode 100644 index 0000000000..95ac6e81c1 --- /dev/null +++ b/SANDBOXING.md @@ -0,0 +1,133 @@ +# Using BoringSSL in a Sandbox + +Sandboxes are a valuable tool for securing applications, so BoringSSL aims to +support them. However, it is difficult to make concrete API guarantees with +sandboxes. Sandboxes remove low-level OS resources and system calls, which +breaks platform abstractions. A syscall-filtering sandbox may, for instance, be +sensitive to otherwise non-breaking changes to use newer syscalls +in either BoringSSL or the C library. + +Some functions in BoringSSL, such as `BIO_new_file`, inherently need OS +resources like the filesystem. We assume that sandboxed consumers either avoid +those functions or make necessary resources available. Other functions like +`RSA_sign` are purely computational, but still have some baseline OS +dependencies. + +Sandboxes which drop privileges partway through a process's lifetime are +additionally sensitive to OS resources retained across the transitions. For +instance, if a library function internally opened and retained a handle to the +user's home directory, and then the application called `chroot`, that handle +would be a sandbox escape. + +This document attempts to describe these baseline OS dependencies and long-lived +internal resources. These dependencies may change over time, but we aim to +[work with sandboxed consumers](/BREAKING-CHANGES.md) when they do. However, +each sandbox imposes different constraints, so, above all, sandboxed consumers +must have ample test coverage to detect issues as they arise. + +## Baseline dependencies + +Callers must assume that any BoringSSL function may perform one of the following +operations: + +### Memory allocation + +Any BoringSSL function may allocate memory via `malloc` and related functions. + +### Thread synchronization + +Any BoringSSL function may call into the platform's thread synchronization +primitives, including read/write locks and the equivalent of `pthread_once`. +These must succeed, or BoringSSL will abort the process. Callers, however, can +assume that BoringSSL functions will not spawn internal threads, unless +otherwise documented. + +Syscall-filtering sandboxes should note that BoringSSL uses `pthread_rwlock_t` +on POSIX systems, which is less common and may not be part of other libraries' +syscall surface. Additionally, thread synchronization primitives usually have an +atomics-based fast path. If a sandbox blocks a necessary pthreads syscall, it +may not show up in testing without lock contention. + +### Standard error + +Any BoringSSL function may write to `stderr` or file descriptor +`STDERR_FILENO` (2), either via `FILE` APIs or low-level functions like `write`. +Writes to `stderr` may fail, but there must some file at `STDERR_FILENO` which +will tolerate error messages from BoringSSL. (The file descriptor must be +allocated so calls to `open` do not accidentally open something else there.) + +Note some C standard library implementations also log to `stderr`, so callers +should ensure this regardless. + +### Entropy + +Any BoringSSL function may draw entropy from the OS. On Windows, this uses +`RtlGenRandom` and, on POSIX systems, this uses `getrandom`, `getentropy`, or a +`read` from a file descriptor to `/dev/urandom`. These operations must succeed +or BoringSSL will abort the process. + +Note even deterministic algorithms may require OS entropy. For example, +RSASSA-PKCS1-v1_5 is deterministic, but BoringSSL draws entropy to implement +RSA blinding. + +Entropy gathering additionally has some initialization dependencies described in +the following section. + +## Initialization + +BoringSSL has some uncommon OS dependencies which are only used once to +initialize some state. Sandboxes which drop privileges after some setup work may +use `CRYPTO_pre_sandbox_init` to initialize this state ahead of time. Otherwise, +callers must assume any BoringSSL function may depend on these resources, in +addition to the operations above. + +### CPU capabilities + +On Linux ARM platforms, BoringSSL depends on OS APIs to query CPU capabilities. +32-bit and 64-bit ARM both depend on the `getauxval` function. 32-bit ARM, to +work around bugs in older Android devices, may additionally read `/proc/cpuinfo` +and `/proc/self/auxv`. + +If querying CPU capabilities fails, BoringSSL will still function, but may not +perform as well. + +### Entropy + +On Linux systems without a working `getrandom`, drawing entropy from the OS +additionally requires opening `/dev/urandom`. If this fails, BoringSSL will +abort the process. BoringSSL retains the resulting file descriptor, even across +privilege transitions. + +### Fork protection + +On Linux, BoringSSL allocates a page and calls `madvise` with `MADV_WIPEONFORK` +to protect single-use state from `fork`. This operation must not crash, but if +it fails, BoringSSL will use alternate fork-safety strategies, potentially at a +performance cost. If it succeeds, BoringSSL assumes `MADV_WIPEONFORK` is +functional and relies on it for fork-safety. Sandboxes must not report success +if they ignore the `MADV_WIPEONFORK` flag. As of writing, QEMU will ignore +`madvise` calls and report success, so BoringSSL detects this by calling +`madvise` with -1. Sandboxes must cleanly report an error instead of crashing. + +Once initialized, this mechanism does not require system calls in the steady +state, though note the configured page will be inherited across privilege +transitions. + +## C and C++ standard library + +BoringSSL depends on the C and C++ standard libraries which, themselves, do not +make any guarantees about sandboxes. If it produces the correct answer and has +no observable invalid side effects, it is possible, though unreasonable, for +`memcmp` to create and close a socket. + +BoringSSL assumes that functions in the C and C++ library only have the platform +dependencies which would be "reasonable". For instance, a function in BoringSSL +which aims not to open files will still freely call any libc memory and +string functions. + +Note some C functions, such as `strerror`, may read files relating to the user's +locale. BoringSSL may trigger these paths and assumes the sandbox environment +will tolerate this. BoringSSL additionally cannot make guarantees about which +system calls are used by standard library's syscall wrappers. In some cases, the +compiler may add dependencies. (Some C++ language features emit locking code.) +Syscall-filtering sandboxes may need updates as these dependencies change. diff --git a/crypto/crypto.c b/crypto/crypto.c index 297240ec33..6886aa4e1e 100644 --- a/crypto/crypto.c +++ b/crypto/crypto.c @@ -16,6 +16,8 @@ #include +#include "fipsmodule/rand/fork_detect.h" +#include "fipsmodule/rand/internal.h" #include "internal.h" @@ -174,6 +176,15 @@ int CRYPTO_has_asm(void) { #endif } +void CRYPTO_pre_sandbox_init(void) { + // Read from /proc/cpuinfo if needed. + CRYPTO_library_init(); + // Open /dev/urandom if needed. + CRYPTO_init_sysrand(); + // Set up MADV_WIPEONFORK state if needed. + CRYPTO_get_fork_generation(); +} + const char *SSLeay_version(int which) { return OpenSSL_version(which); } const char *OpenSSL_version(int which) { diff --git a/crypto/fipsmodule/rand/internal.h b/crypto/fipsmodule/rand/internal.h index 1b1592898b..db81c3378e 100644 --- a/crypto/fipsmodule/rand/internal.h +++ b/crypto/fipsmodule/rand/internal.h @@ -41,6 +41,10 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len, void CRYPTO_sysrand(uint8_t *buf, size_t len); #if defined(OPENSSL_URANDOM) +// CRYPTO_init_sysrand initializes long-lived resources needed to draw entropy +// from the operating system. +void CRYPTO_init_sysrand(void); + // CRYPTO_sysrand_for_seed fills |len| bytes at |buf| with entropy from the // operating system. It may draw from the |GRND_RANDOM| pool on Android, // depending on the vendor's configuration. @@ -53,6 +57,8 @@ void CRYPTO_sysrand_for_seed(uint8_t *buf, size_t len); // return 0. int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len); #else +OPENSSL_INLINE void CRYPTO_init_sysrand(void) {} + OPENSSL_INLINE void CRYPTO_sysrand_for_seed(uint8_t *buf, size_t len) { CRYPTO_sysrand(buf, len); } diff --git a/crypto/fipsmodule/rand/urandom.c b/crypto/fipsmodule/rand/urandom.c index c20340a64c..bf15edae1c 100644 --- a/crypto/fipsmodule/rand/urandom.c +++ b/crypto/fipsmodule/rand/urandom.c @@ -332,7 +332,7 @@ void RAND_set_urandom_fd(int fd) { *urandom_fd_requested_bss_get() = fd; CRYPTO_STATIC_MUTEX_unlock_write(rand_lock_bss_get()); - CRYPTO_once(rand_once_bss_get(), init_once); + CRYPTO_init_sysrand(); if (*urandom_fd_bss_get() == kHaveGetrandom) { close(fd); } else if (*urandom_fd_bss_get() != fd) { @@ -362,7 +362,7 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) { } #endif - CRYPTO_once(rand_once_bss_get(), init_once); + CRYPTO_init_sysrand(); if (block) { CRYPTO_once(wait_for_entropy_once_bss_get(), wait_for_entropy); } @@ -417,6 +417,10 @@ void CRYPTO_sysrand(uint8_t *out, size_t requested) { } } +void CRYPTO_init_sysrand(void) { + CRYPTO_once(rand_once_bss_get(), init_once); +} + #if defined(BORINGSSL_FIPS) void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) { if (!fill_with_entropy(out, requested, /*block=*/1, /*seed=*/1)) { diff --git a/crypto/thread_test.cc b/crypto/thread_test.cc index f9fad9beba..aa17e35691 100644 --- a/crypto/thread_test.cc +++ b/crypto/thread_test.cc @@ -15,6 +15,7 @@ #include "internal.h" #include +#include #include #include @@ -130,4 +131,32 @@ TEST(ThreadTest, RandState) { thread.join(); } +TEST(ThreadTest, InitThreads) { + constexpr size_t kNumThreads = 10; + + // |CRYPTO_library_init| is safe to call across threads. + std::vector threads; + threads.reserve(kNumThreads); + for (size_t i = 0; i < kNumThreads; i++) { + threads.emplace_back(&CRYPTO_library_init); + } + for (auto &thread : threads) { + thread.join(); + } +} + +TEST(ThreadTest, PreSandboxInitThreads) { + constexpr size_t kNumThreads = 10; + + // |CRYPTO_pre_sandbox_init| is safe to call across threads. + std::vector threads; + threads.reserve(kNumThreads); + for (size_t i = 0; i < kNumThreads; i++) { + threads.emplace_back(&CRYPTO_pre_sandbox_init); + } + for (auto &thread : threads) { + thread.join(); + } +} + #endif // OPENSSL_THREADS diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index e539bdb30e..0dc5373237 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -63,6 +63,14 @@ OPENSSL_EXPORT int FIPS_mode(void); // success and zero on error. OPENSSL_EXPORT int BORINGSSL_self_test(void); +// CRYPTO_pre_sandbox_init initializes the crypto library, pre-acquiring some +// unusual resources to aid running in sandboxed environments. It is safe to +// call this function multiple times and concurrently from multiple threads. +// +// For more details on using BoringSSL in a sandboxed environment, see +// SANDBOXING.md in the source tree. +OPENSSL_EXPORT void CRYPTO_pre_sandbox_init(void); + // Deprecated functions. From 78b3337a10a7f7b3495b6cb8140a74e265290898 Mon Sep 17 00:00:00 2001 From: Steven Valdez Date: Thu, 14 May 2020 15:00:28 -0400 Subject: [PATCH 005/399] Fix TRUST_TOKEN experiment_v1 SRR map. Change-Id: I9e5c9b016cc0b3b7926df850d470e6367eb9c0bc Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41364 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- crypto/trust_token/trust_token.c | 7 ++++++- crypto/trust_token/trust_token_test.cc | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/crypto/trust_token/trust_token.c b/crypto/trust_token/trust_token.c index 448def8948..1ade23e391 100644 --- a/crypto/trust_token/trust_token.c +++ b/crypto/trust_token/trust_token.c @@ -625,8 +625,13 @@ int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, assert(strlen(kClientDataLabel) < strlen(kExpiryTimestampLabel)); assert(strlen(kPublicLabel) < strlen(kPrivateLabel)); + size_t map_entries = 3; + if (ctx->method->use_token_hash) { + map_entries = 4; + } + if (!CBB_init(&srr, 0) || - !add_cbor_map(&srr, 3) || // SRR map + !add_cbor_map(&srr, map_entries) || // SRR map !add_cbor_text(&srr, kMetadataLabel, strlen(kMetadataLabel)) || !add_cbor_map(&srr, 2) || // Metadata map !add_cbor_text(&srr, kPublicLabel, strlen(kPublicLabel)) || diff --git a/crypto/trust_token/trust_token_test.cc b/crypto/trust_token/trust_token_test.cc index bbb7a8a31c..41bf55ddf5 100644 --- a/crypto/trust_token/trust_token_test.cc +++ b/crypto/trust_token/trust_token_test.cc @@ -462,7 +462,7 @@ TEST_P(TrustTokenMetadataTest, SetAndGetMetadata) { "\x65\x73\x74\x61\x6d\x70\x1a\x00\xcc\x15\x7a"; const uint8_t kExpectedSRRTokenHash[] = - "\xa3\x68\x6d\x65\x74\x61\x64\x61\x74\x61\xa2\x66\x70\x75\x62\x6c\x69" + "\xa4\x68\x6d\x65\x74\x61\x64\x61\x74\x61\xa2\x66\x70\x75\x62\x6c\x69" "\x63\x00\x67\x70\x72\x69\x76\x61\x74\x65\x00\x6a\x74\x6f\x6b\x65\x6e" "\x2d\x68\x61\x73\x68\x58\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" From 8f12996be3a7a8a53c1b674c0cef103628a7b779 Mon Sep 17 00:00:00 2001 From: Anna Sarai Rosenberg Date: Fri, 15 May 2020 20:53:22 -0700 Subject: [PATCH 006/399] Fix docs link for SSL_CTX_load_verify_locations Link is outdated; results in 404. Update link to match docs version in other links with redirected path to current link for that version. Change-Id: I4c9bb2fe48d1b2bbf699773259d5eebad9461ddd Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41385 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- include/openssl/ssl.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 613ab0a9ac..a61488e7cf 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2450,7 +2450,7 @@ OPENSSL_EXPORT int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); // one on success and zero on failure. // // See -// https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_load_verify_locations.html +// https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_load_verify_locations.html // for documentation on the directory format. OPENSSL_EXPORT int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *ca_file, @@ -4304,7 +4304,7 @@ OPENSSL_EXPORT int SSL_set1_sigalgs(SSL *ssl, const int *values, // SSL_CTX_set1_sigalgs_list takes a textual specification of a set of signature // algorithms and configures them on |ctx|. It returns one on success and zero // on error. See -// https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set1_sigalgs_list.html for +// https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set1_sigalgs_list.html for // a description of the text format. Also note that TLS 1.3 names (e.g. // "rsa_pkcs1_md5_sha1") can also be used (as in OpenSSL, although OpenSSL // doesn't document that). @@ -4317,7 +4317,7 @@ OPENSSL_EXPORT int SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str); // SSL_set1_sigalgs_list takes a textual specification of a set of signature // algorithms and configures them on |ssl|. It returns one on success and zero // on error. See -// https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set1_sigalgs_list.html for +// https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set1_sigalgs_list.html for // a description of the text format. Also note that TLS 1.3 names (e.g. // "rsa_pkcs1_md5_sha1") can also be used (as in OpenSSL, although OpenSSL // doesn't document that). From 7b31d69f19e85dafa97854bfe35adbfd0fb6d280 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 18 May 2020 14:01:29 -0400 Subject: [PATCH 007/399] Document that getrandom support must be consistent. Syscall-filtering sandboxes may make getrandom fail without crashing. This will sometimes trigger the /dev/urandom fallback and sometimes not. Change-Id: Ic824e5bfe6fcb99105fd285184243c4620447327 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41404 Reviewed-by: Adam Langley Commit-Queue: Adam Langley --- SANDBOXING.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/SANDBOXING.md b/SANDBOXING.md index 95ac6e81c1..b1a32df51f 100644 --- a/SANDBOXING.md +++ b/SANDBOXING.md @@ -64,7 +64,12 @@ should ensure this regardless. Any BoringSSL function may draw entropy from the OS. On Windows, this uses `RtlGenRandom` and, on POSIX systems, this uses `getrandom`, `getentropy`, or a `read` from a file descriptor to `/dev/urandom`. These operations must succeed -or BoringSSL will abort the process. +or BoringSSL will abort the process. BoringSSL only probes for `getrandom` +support once and assumes support is consistent for the lifetime of the address +space (and any copies made via `fork`). If a syscall-filtering sandbox is +enabled partway through this lifetime and changes whether `getrandom` works, +BoringSSL may abort the process. Sandboxes are recommended to allow +`getrandom`. Note even deterministic algorithms may require OS entropy. For example, RSASSA-PKCS1-v1_5 is deterministic, but BoringSSL draws entropy to implement From 9701e84eff26d0110d21f024debbab88d97e9c81 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 8 May 2020 18:55:54 -0400 Subject: [PATCH 008/399] Remove RAND_set_urandom_fd. Also update the documentation for RAND_enable_fork_unsafe_buffering. The fd parameter is no longer used. Update-Note: RAND_set_urandom_fd no longer exists. This was only called by Chromium, which now uses CRYPTO_pre_sandbox_init. Change-Id: I1659c1cc84a6f1edc01f6105fc07e80856e457fc Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41424 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/fipsmodule/rand/urandom.c | 77 ++++---------------------------- include/openssl/rand.h | 20 ++------- 2 files changed, 11 insertions(+), 86 deletions(-) diff --git a/crypto/fipsmodule/rand/urandom.c b/crypto/fipsmodule/rand/urandom.c index bf15edae1c..bae3fc3573 100644 --- a/crypto/fipsmodule/rand/urandom.c +++ b/crypto/fipsmodule/rand/urandom.c @@ -95,17 +95,10 @@ static ssize_t boringssl_getrandom(void *buf, size_t buf_len, unsigned flags) { #endif // USE_NR_getrandom -// rand_lock is used to protect the |*_requested| variables. -DEFINE_STATIC_MUTEX(rand_lock) - -// The following constants are magic values of |urandom_fd|. -static const int kUnset = 0; +// kHaveGetrandom in |urandom_fd| signals that |getrandom| or |getentropy| is +// available and should be used instead. static const int kHaveGetrandom = -3; -// urandom_fd_requested is set by |RAND_set_urandom_fd|. It's protected by -// |rand_lock|. -DEFINE_BSS_GET(int, urandom_fd_requested) - // urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|. DEFINE_BSS_GET(int, urandom_fd) @@ -144,14 +137,9 @@ static void maybe_set_extra_getrandom_flags(void) { DEFINE_STATIC_ONCE(rand_once) // init_once initializes the state of this module to values previously -// requested. This is the only function that modifies |urandom_fd| and -// |urandom_buffering|, whose values may be read safely after calling the -// once. +// requested. This is the only function that modifies |urandom_fd|, which may be +// read safely after calling the once. static void init_once(void) { - CRYPTO_STATIC_MUTEX_lock_read(rand_lock_bss_get()); - int fd = *urandom_fd_requested_bss_get(); - CRYPTO_STATIC_MUTEX_unlock_read(rand_lock_bss_get()); - #if defined(USE_NR_getrandom) int have_getrandom; uint8_t dummy; @@ -194,31 +182,16 @@ static void init_once(void) { abort(); #endif - if (fd == kUnset) { - do { - fd = open("/dev/urandom", O_RDONLY); - } while (fd == -1 && errno == EINTR); - } + int fd; + do { + fd = open("/dev/urandom", O_RDONLY); + } while (fd == -1 && errno == EINTR); if (fd < 0) { perror("failed to open /dev/urandom"); abort(); } - assert(kUnset == 0); - if (fd == kUnset) { - // Because we want to keep |urandom_fd| in the BSS, we have to initialise - // it to zero. But zero is a valid file descriptor too. Thus if open - // returns zero for /dev/urandom, we dup it to get a non-zero number. - fd = dup(fd); - close(kUnset); - - if (fd <= 0) { - perror("failed to dup /dev/urandom fd"); - abort(); - } - } - int flags = fcntl(fd, F_GETFD); if (flags == -1) { // Native Client doesn't implement |fcntl|. @@ -307,40 +280,6 @@ static void wait_for_entropy(void) { #endif // BORINGSSL_FIPS } -void RAND_set_urandom_fd(int fd) { - fd = dup(fd); - if (fd < 0) { - perror("failed to dup supplied urandom fd"); - abort(); - } - - assert(kUnset == 0); - if (fd == kUnset) { - // Because we want to keep |urandom_fd| in the BSS, we have to initialise - // it to zero. But zero is a valid file descriptor too. Thus if dup - // returned zero we dup it again to get a non-zero number. - fd = dup(fd); - close(kUnset); - - if (fd <= 0) { - perror("failed to dup supplied urandom fd"); - abort(); - } - } - - CRYPTO_STATIC_MUTEX_lock_write(rand_lock_bss_get()); - *urandom_fd_requested_bss_get() = fd; - CRYPTO_STATIC_MUTEX_unlock_write(rand_lock_bss_get()); - - CRYPTO_init_sysrand(); - if (*urandom_fd_bss_get() == kHaveGetrandom) { - close(fd); - } else if (*urandom_fd_bss_get() != fd) { - fprintf(stderr, "RAND_set_urandom_fd called after initialisation.\n"); - abort(); - } -} - // fill_with_entropy writes |len| bytes of entropy into |out|. It returns one // on success and zero on error. If |block| is one, this function will block // until the entropy pool is initialized. Otherwise, this function may fail, diff --git a/include/openssl/rand.h b/include/openssl/rand.h index 5d02e12b33..4847eb7539 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -36,26 +36,12 @@ OPENSSL_EXPORT void RAND_cleanup(void); // Obscure functions. #if !defined(OPENSSL_WINDOWS) -// RAND_set_urandom_fd causes the module to use a copy of |fd| for system -// randomness rather opening /dev/urandom internally. The caller retains -// ownership of |fd| and is at liberty to close it at any time. This is useful -// if, due to a sandbox, /dev/urandom isn't available. If used, it must be -// called before the first call to |RAND_bytes|, and it is mutually exclusive -// with |RAND_enable_fork_unsafe_buffering|. -// -// |RAND_set_urandom_fd| does not buffer any entropy, so it is safe to call -// |fork| at any time after calling |RAND_set_urandom_fd|. -OPENSSL_EXPORT void RAND_set_urandom_fd(int fd); - // RAND_enable_fork_unsafe_buffering enables efficient buffered reading of // /dev/urandom. It adds an overhead of a few KB of memory per thread. It must -// be called before the first call to |RAND_bytes| and it is mutually exclusive -// with calls to |RAND_set_urandom_fd|. +// be called before the first call to |RAND_bytes|. // -// If |fd| is non-negative then a copy of |fd| will be used rather than opening -// /dev/urandom internally. Like |RAND_set_urandom_fd|, the caller retains -// ownership of |fd|. If |fd| is negative then /dev/urandom will be opened and -// any error from open(2) crashes the address space. +// |fd| must be -1. We no longer support setting the file descriptor with this +// function. // // It has an unusual name because the buffer is unsafe across calls to |fork|. // Hence, this function should never be called by libraries. From 851943277fcbc6597d0d9d06f897e20b88afc32b Mon Sep 17 00:00:00 2001 From: Nick Harper Date: Wed, 20 May 2020 16:59:29 -0700 Subject: [PATCH 009/399] Modify how QUIC 0-RTT go/no-go decision is made. The previous implementation was too strict in its byte-for-byte equality check including Transport Parameters, because the Transport Parameters contain a field that QUIC requires be different on each connection. This change still has BoringSSL do a byte-for-byte check, but now it is only done over the quic_early_data_context. An additional requirement is imposed that the quic_early_data_context must be set for early data capable tickets to be issued. Bug: 295 Change-Id: I5145c10752b41908b6807c3a3c967653b0c13f37 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41427 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- include/openssl/ssl.h | 29 +++++----- ssl/internal.h | 9 +--- ssl/ssl_asn1.cc | 14 ++--- ssl/ssl_session.cc | 28 ++-------- ssl/ssl_test.cc | 123 ++++++++++++++++++++---------------------- ssl/tls13_server.cc | 21 ++++---- 6 files changed, 99 insertions(+), 125 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index a61488e7cf..5a5cbdc378 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -3153,12 +3153,15 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl); // QUIC may impose similar restrictions, for example HTTP/3's restrictions on // SETTINGS frames. // -// BoringSSL imposes a stricter check on the server to enforce these -// restrictions. BoringSSL requires that the transport parameters and -// application protocol state be a byte-for-byte match between the connection -// where the ticket was issued and the connection where it is used for 0-RTT. If -// there is a mismatch, BoringSSL will reject early data (but not reject the -// resumption attempt). +// BoringSSL implements this check by doing a byte-for-byte comparison of an +// opaque context passed in by the server. This context must be the same on the +// connection where the ticket was issued and the connection where that ticket +// is used for 0-RTT. If there is a mismatch, or the context was not set, +// BoringSSL will reject early data (but not reject the resumption attempt). +// This context is set via |SSL_set_quic_early_data_context| and should cover +// both transport parameters and any application state. +// |SSL_set_quic_early_data_context| must be called on the server with a +// non-empty context if the server is to support 0-RTT in QUIC. // // BoringSSL does not perform any client-side checks on the transport // parameters received from a server that also accepted early data. It is up to @@ -3166,12 +3169,6 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl); // limits, and to close the QUIC connection if that is not the case. The same // holds for any application protocol state remembered for 0-RTT, e.g. HTTP/3 // SETTINGS. -// -// The transport parameter check happens automatically with -// |SSL_set_quic_transport_params|. QUIC servers must set application state via -// |SSL_set_quic_early_data_context| to configure the application protocol -// check. No other mechanisms are provided to have BoringSSL reject early data -// because of QUIC transport or application protocol restrictions. // ssl_encryption_level_t represents a specific QUIC encryption level used to // transmit handshake messages. @@ -3321,8 +3318,12 @@ OPENSSL_EXPORT void SSL_get_peer_quic_transport_params( // SSL_set_quic_early_data_context configures a context string in QUIC servers // for accepting early data. If a resumption connection offers early data, the // server will check if the value matches that of the connection which minted -// the ticket. If not, resumption still succeeds but early data is rejected. For -// HTTP/3, this should be the serialized server SETTINGS frame. +// the ticket. If not, resumption still succeeds but early data is rejected. +// This should include all QUIC Transport Parameters except ones specified that +// the client MUST NOT remember. This should also include any application +// protocol-specific state. For HTTP/3, this should be the serialized server +// SETTINGS frame and the QUIC Transport Parameters (except the stateless reset +// token). // // This function may be called before |SSL_do_handshake| or during server // certificate selection. It returns 1 on success and 0 on failure. diff --git a/ssl/internal.h b/ssl/internal.h index e1b0925b49..b1c8bd1a63 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -2740,11 +2740,6 @@ struct SSL_CONFIG { bool jdk11_workaround : 1; }; -// Computes a SHA-256 hash of the transport parameters and early data context -// for QUIC, putting the hash in |SHA256_DIGEST_LENGTH| bytes at |hash_out|. -bool compute_quic_early_data_hash(const SSL_CONFIG *config, - uint8_t hash_out[SHA256_DIGEST_LENGTH]); - // From RFC 8446, used in determining PSK modes. #define SSL_PSK_DHE_KE 0x1 @@ -3559,9 +3554,9 @@ struct ssl_session_st { // is_quic indicates whether this session was created using QUIC. bool is_quic : 1; - // quic_early_data_hash is used to determine whether early data must be + // quic_early_data_context is used to determine whether early data must be // rejected when performing a QUIC handshake. - bssl::Array quic_early_data_hash; + bssl::Array quic_early_data_context; private: ~ssl_session_st(); diff --git a/ssl/ssl_asn1.cc b/ssl/ssl_asn1.cc index 7401d09929..e6274f1bf9 100644 --- a/ssl/ssl_asn1.cc +++ b/ssl/ssl_asn1.cc @@ -192,7 +192,7 @@ static const unsigned kEarlyALPNTag = CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 26; static const unsigned kIsQuicTag = CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 27; -static const unsigned kQuicEarlyDataHashTag = +static const unsigned kQuicEarlyDataContextTag = CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 28; static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb, @@ -402,10 +402,10 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb, } } - if (!in->quic_early_data_hash.empty()) { - if (!CBB_add_asn1(&session, &child, kQuicEarlyDataHashTag) || - !CBB_add_asn1_octet_string(&child, in->quic_early_data_hash.data(), - in->quic_early_data_hash.size())) { + if (!in->quic_early_data_context.empty()) { + if (!CBB_add_asn1(&session, &child, kQuicEarlyDataContextTag) || + !CBB_add_asn1_octet_string(&child, in->quic_early_data_context.data(), + in->quic_early_data_context.size())) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return 0; } @@ -752,8 +752,8 @@ UniquePtr SSL_SESSION_parse(CBS *cbs, kEarlyALPNTag) || !CBS_get_optional_asn1_bool(&session, &is_quic, kIsQuicTag, /*default_value=*/false) || - !SSL_SESSION_parse_octet_string(&session, &ret->quic_early_data_hash, - kQuicEarlyDataHashTag) || + !SSL_SESSION_parse_octet_string(&session, &ret->quic_early_data_context, + kQuicEarlyDataContextTag) || CBS_len(&session) != 0) { OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION); return nullptr; diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc index fa994e89f0..4c6d04578f 100644 --- a/ssl/ssl_session.cc +++ b/ssl/ssl_session.cc @@ -269,8 +269,8 @@ UniquePtr SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) { return nullptr; } - if (!new_session->quic_early_data_hash.CopyFrom( - session->quic_early_data_hash)) { + if (!new_session->quic_early_data_context.CopyFrom( + session->quic_early_data_context)) { return nullptr; } } @@ -349,25 +349,6 @@ const EVP_MD *ssl_session_get_digest(const SSL_SESSION *session) { session->cipher); } -bool compute_quic_early_data_hash(const SSL_CONFIG *config, - uint8_t hash_out[SHA256_DIGEST_LENGTH]) { - ScopedEVP_MD_CTX hash_ctx; - uint32_t transport_param_len = config->quic_transport_params.size(); - uint32_t context_len = config->quic_early_data_context.size(); - if (!EVP_DigestInit(hash_ctx.get(), EVP_sha256()) || - !EVP_DigestUpdate(hash_ctx.get(), &transport_param_len, - sizeof(transport_param_len)) || - !EVP_DigestUpdate(hash_ctx.get(), config->quic_transport_params.data(), - config->quic_transport_params.size()) || - !EVP_DigestUpdate(hash_ctx.get(), &context_len, sizeof(context_len)) || - !EVP_DigestUpdate(hash_ctx.get(), config->quic_early_data_context.data(), - config->quic_early_data_context.size()) || - !EVP_DigestFinal(hash_ctx.get(), hash_out, nullptr)) { - return false; - } - return true; -} - int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) { SSL *const ssl = hs->ssl; if (ssl->mode & SSL_MODE_NO_SESSION_CREATION) { @@ -384,9 +365,8 @@ int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) { session->ssl_version = ssl->version; session->is_quic = ssl->quic_method != nullptr; if (is_server && ssl->enable_early_data && session->is_quic) { - if (!session->quic_early_data_hash.Init(SHA256_DIGEST_LENGTH) || - !compute_quic_early_data_hash(hs->config, - session->quic_early_data_hash.data())) { + if (!session->quic_early_data_context.CopyFrom( + hs->config->quic_early_data_context)) { return 0; } } diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index fc7976e419..73f0b9dc96 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -5433,73 +5433,68 @@ TEST_F(QUICMethodTest, ZeroRTTRejectMismatchedParameters) { bssl::UniquePtr session = CreateClientSessionForQUIC(); ASSERT_TRUE(session); - for (bool change_transport_params : {false, true}) { - SCOPED_TRACE(change_transport_params); - for (bool change_context : {false, true}) { - if (!change_transport_params && !change_context) { - continue; - } - SCOPED_TRACE(change_context); - - ASSERT_TRUE(CreateClientAndServer()); - static const uint8_t new_transport_params[] = {3}; - static const uint8_t new_context[] = {4}; - if (change_transport_params) { - ASSERT_TRUE(SSL_set_quic_transport_params( - server_.get(), new_transport_params, sizeof(new_transport_params))); - } - if (change_context) { - ASSERT_TRUE(SSL_set_quic_early_data_context(server_.get(), new_context, - sizeof(new_context))); - } - SSL_set_session(client_.get(), session.get()); - - // The client handshake should return immediately into the early data - // state. - ASSERT_EQ(SSL_do_handshake(client_.get()), 1); - EXPECT_TRUE(SSL_in_early_data(client_.get())); - // The transport should have keys for sending 0-RTT data. - EXPECT_TRUE( - transport_->client()->HasWriteSecret(ssl_encryption_early_data)); - - // The server will consume the ClientHello, but it will not accept 0-RTT. - ASSERT_TRUE(ProvideHandshakeData(server_.get())); - ASSERT_EQ(SSL_do_handshake(server_.get()), -1); - EXPECT_EQ(SSL_ERROR_WANT_READ, SSL_get_error(server_.get(), -1)); - EXPECT_FALSE(SSL_in_early_data(server_.get())); - EXPECT_FALSE( - transport_->server()->HasReadSecret(ssl_encryption_early_data)); - - // The client consumes the server response and signals 0-RTT rejection. - for (;;) { - ASSERT_TRUE(ProvideHandshakeData(client_.get())); - ASSERT_EQ(-1, SSL_do_handshake(client_.get())); - int err = SSL_get_error(client_.get(), -1); - if (err == SSL_ERROR_EARLY_DATA_REJECTED) { - break; - } - ASSERT_EQ(SSL_ERROR_WANT_READ, err); - } + ASSERT_TRUE(CreateClientAndServer()); + static const uint8_t new_context[] = {4}; + ASSERT_TRUE(SSL_set_quic_early_data_context(server_.get(), new_context, + sizeof(new_context))); + SSL_set_session(client_.get(), session.get()); - // As in TLS over TCP, 0-RTT rejection is sticky. - ASSERT_EQ(-1, SSL_do_handshake(client_.get())); - ASSERT_EQ(SSL_ERROR_EARLY_DATA_REJECTED, - SSL_get_error(client_.get(), -1)); - - // Finish up the client and server handshakes. - SSL_reset_early_data_reject(client_.get()); - ASSERT_TRUE(CompleteHandshakesForQUIC()); - - // Both sides can now exchange 1-RTT data. - ExpectHandshakeSuccess(); - EXPECT_TRUE(SSL_session_reused(client_.get())); - EXPECT_TRUE(SSL_session_reused(server_.get())); - EXPECT_FALSE(SSL_in_early_data(client_.get())); - EXPECT_FALSE(SSL_in_early_data(server_.get())); - EXPECT_FALSE(SSL_early_data_accepted(client_.get())); - EXPECT_FALSE(SSL_early_data_accepted(server_.get())); + // The client handshake should return immediately into the early data + // state. + ASSERT_EQ(SSL_do_handshake(client_.get()), 1); + EXPECT_TRUE(SSL_in_early_data(client_.get())); + // The transport should have keys for sending 0-RTT data. + EXPECT_TRUE(transport_->client()->HasWriteSecret(ssl_encryption_early_data)); + + // The server will consume the ClientHello, but it will not accept 0-RTT. + ASSERT_TRUE(ProvideHandshakeData(server_.get())); + ASSERT_EQ(SSL_do_handshake(server_.get()), -1); + EXPECT_EQ(SSL_ERROR_WANT_READ, SSL_get_error(server_.get(), -1)); + EXPECT_FALSE(SSL_in_early_data(server_.get())); + EXPECT_FALSE(transport_->server()->HasReadSecret(ssl_encryption_early_data)); + + // The client consumes the server response and signals 0-RTT rejection. + for (;;) { + ASSERT_TRUE(ProvideHandshakeData(client_.get())); + ASSERT_EQ(-1, SSL_do_handshake(client_.get())); + int err = SSL_get_error(client_.get(), -1); + if (err == SSL_ERROR_EARLY_DATA_REJECTED) { + break; } + ASSERT_EQ(SSL_ERROR_WANT_READ, err); } + + // As in TLS over TCP, 0-RTT rejection is sticky. + ASSERT_EQ(-1, SSL_do_handshake(client_.get())); + ASSERT_EQ(SSL_ERROR_EARLY_DATA_REJECTED, SSL_get_error(client_.get(), -1)); + + // Finish up the client and server handshakes. + SSL_reset_early_data_reject(client_.get()); + ASSERT_TRUE(CompleteHandshakesForQUIC()); + + // Both sides can now exchange 1-RTT data. + ExpectHandshakeSuccess(); + EXPECT_TRUE(SSL_session_reused(client_.get())); + EXPECT_TRUE(SSL_session_reused(server_.get())); + EXPECT_FALSE(SSL_in_early_data(client_.get())); + EXPECT_FALSE(SSL_in_early_data(server_.get())); + EXPECT_FALSE(SSL_early_data_accepted(client_.get())); + EXPECT_FALSE(SSL_early_data_accepted(server_.get())); +} + +TEST_F(QUICMethodTest, NoZeroRTTTicketWithoutEarlyDataContext) { + server_quic_early_data_context_ = {}; + const SSL_QUIC_METHOD quic_method = DefaultQUICMethod(); + + SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH); + SSL_CTX_set_early_data_enabled(client_ctx_.get(), 1); + SSL_CTX_set_early_data_enabled(server_ctx_.get(), 1); + ASSERT_TRUE(SSL_CTX_set_quic_method(client_ctx_.get(), &quic_method)); + ASSERT_TRUE(SSL_CTX_set_quic_method(server_ctx_.get(), &quic_method)); + + bssl::UniquePtr session = CreateClientSessionForQUIC(); + ASSERT_TRUE(session); + EXPECT_FALSE(SSL_SESSION_early_data_capable(session.get())); } TEST_F(QUICMethodTest, ZeroRTTReject) { diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc index 683a2ca285..33f821e240 100644 --- a/ssl/tls13_server.cc +++ b/ssl/tls13_server.cc @@ -127,7 +127,10 @@ static bool add_new_session_tickets(SSL_HANDSHAKE *hs, bool *out_sent_tickets) { return false; } session->ticket_age_add_valid = true; - if (ssl->enable_early_data) { + bool enable_early_data = + ssl->enable_early_data && + (!ssl->quic_method || !ssl->config->quic_early_data_context.empty()); + if (enable_early_data) { // QUIC does not use the max_early_data_size parameter and always sets it // to a fixed value. See draft-ietf-quic-tls-22, section 4.5. session->ticket_max_early_data = @@ -152,7 +155,7 @@ static bool add_new_session_tickets(SSL_HANDSHAKE *hs, bool *out_sent_tickets) { return false; } - if (ssl->enable_early_data) { + if (enable_early_data) { CBB early_data; if (!CBB_add_u16(&extensions, TLSEXT_TYPE_early_data) || !CBB_add_u16_length_prefixed(&extensions, &early_data) || @@ -314,13 +317,13 @@ static bool quic_ticket_compatible(const SSL_SESSION *session, if (!session->is_quic) { return true; } - if (session->quic_early_data_hash.size() != SHA256_DIGEST_LENGTH) { - return false; - } - uint8_t early_data_hash[SHA256_DIGEST_LENGTH]; - if (!compute_quic_early_data_hash(config, early_data_hash) || - CRYPTO_memcmp(session->quic_early_data_hash.data(), early_data_hash, - SHA256_DIGEST_LENGTH) != 0) { + + if (session->quic_early_data_context.empty() || + config->quic_early_data_context.size() != + session->quic_early_data_context.size() || + CRYPTO_memcmp(config->quic_early_data_context.data(), + session->quic_early_data_context.data(), + session->quic_early_data_context.size()) != 0) { return false; } return true; From 81a998a637cc05d17f2173112fadf4c7943a50e2 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 26 May 2020 11:35:58 -0400 Subject: [PATCH 010/399] Bump minimum CMake version. CMake 3.2.1 was released in March 2015, which was over five years ago. Change-Id: I8b76e1de3dba8732a143f86a3956c83fbb4306a7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41444 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- CMakeLists.txt | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 75bf9981b0..0867601e58 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.0) +cmake_minimum_required(VERSION 3.3) # Defer enabling C and CXX languages. project(BoringSSL NONE) @@ -602,11 +602,6 @@ if(FUZZ) add_subdirectory(fuzz) endif() -if(NOT ${CMAKE_VERSION} VERSION_LESS "3.2") - # USES_TERMINAL is only available in CMake 3.2 or later. - set(MAYBE_USES_TERMINAL USES_TERMINAL) -endif() - if(UNIX AND NOT APPLE AND NOT ANDROID) set(HANDSHAKER_ARGS "-handshaker-path" $) endif() @@ -620,4 +615,4 @@ add_custom_target( ${HANDSHAKER_ARGS} ${RUNNER_ARGS} WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} DEPENDS all_tests bssl_shim handshaker - ${MAYBE_USES_TERMINAL}) + USES_TERMINAL) From 8819e0be623f3555d34ce69fee938c34f237fab4 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 20 May 2020 15:56:09 -0400 Subject: [PATCH 011/399] Test AES mode wrappers. AES_ctr128_encrypt, in particular, has a decent number of external callers but is completely untested. I haven't included AES_cfb128_encrypt because its EVP_CIPHER counterpart is tested in decrept_test. But the EVP_CIPHER counterpart simply calls AES_cfb128_encrypt, so it's tested transitively. Change-Id: I0133dbd5b13c2b4045a89a04f29240008a279186 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41425 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/cipher_extra/cipher_test.cc | 87 ++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) diff --git a/crypto/cipher_extra/cipher_test.cc b/crypto/cipher_extra/cipher_test.cc index 5ff308caa7..af7e0e7ab7 100644 --- a/crypto/cipher_extra/cipher_test.cc +++ b/crypto/cipher_extra/cipher_test.cc @@ -61,8 +61,10 @@ #include +#include #include #include +#include #include #include "../test/file_test.h" @@ -221,6 +223,91 @@ static void TestOperation(FileTest *t, const EVP_CIPHER *cipher, bool encrypt, EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tag.size(), rtag)); EXPECT_EQ(Bytes(tag), Bytes(rtag, tag.size())); } + + // Additionally test low-level AES mode APIs. Skip runs where |copy| because + // it does not apply. + if (!copy) { + int nid = EVP_CIPHER_nid(cipher); + bool is_ctr = nid == NID_aes_128_ctr || nid == NID_aes_192_ctr || + nid == NID_aes_256_ctr; + bool is_cbc = nid == NID_aes_128_cbc || nid == NID_aes_192_cbc || + nid == NID_aes_256_cbc; + bool is_ofb = nid == NID_aes_128_ofb128 || nid == NID_aes_192_ofb128 || + nid == NID_aes_256_ofb128; + if (is_ctr || is_cbc || is_ofb) { + AES_KEY aes; + if (encrypt || !is_cbc) { + ASSERT_EQ(0, AES_set_encrypt_key(key.data(), key.size() * 8, &aes)); + } else { + ASSERT_EQ(0, AES_set_decrypt_key(key.data(), key.size() * 8, &aes)); + } + + // The low-level APIs all work in-place. + bssl::Span input = *in; + result.clear(); + if (in_place) { + result = *in; + input = result; + } else { + result.resize(out->size()); + } + bssl::Span output = bssl::MakeSpan(result); + ASSERT_EQ(input.size(), output.size()); + + // The low-level APIs all use block-size IVs. + ASSERT_EQ(iv.size(), size_t{AES_BLOCK_SIZE}); + uint8_t ivec[AES_BLOCK_SIZE]; + OPENSSL_memcpy(ivec, iv.data(), iv.size()); + + if (is_ctr) { + unsigned num = 0; + uint8_t ecount_buf[AES_BLOCK_SIZE]; + if (chunk_size == 0) { + AES_ctr128_encrypt(input.data(), output.data(), input.size(), &aes, + ivec, ecount_buf, &num); + } else { + do { + size_t todo = std::min(input.size(), chunk_size); + AES_ctr128_encrypt(input.data(), output.data(), todo, &aes, ivec, + ecount_buf, &num); + input = input.subspan(todo); + output = output.subspan(todo); + } while (!input.empty()); + } + EXPECT_EQ(Bytes(*out), Bytes(result)); + } else if (is_cbc && chunk_size % AES_BLOCK_SIZE == 0) { + // Note |AES_cbc_encrypt| requires block-aligned chunks. + if (chunk_size == 0) { + AES_cbc_encrypt(input.data(), output.data(), input.size(), &aes, ivec, + encrypt); + } else { + do { + size_t todo = std::min(input.size(), chunk_size); + AES_cbc_encrypt(input.data(), output.data(), todo, &aes, ivec, + encrypt); + input = input.subspan(todo); + output = output.subspan(todo); + } while (!input.empty()); + } + EXPECT_EQ(Bytes(*out), Bytes(result)); + } else if (is_ofb) { + int num = 0; + if (chunk_size == 0) { + AES_ofb128_encrypt(input.data(), output.data(), input.size(), &aes, + ivec, &num); + } else { + do { + size_t todo = std::min(input.size(), chunk_size); + AES_ofb128_encrypt(input.data(), output.data(), todo, &aes, ivec, + &num); + input = input.subspan(todo); + output = output.subspan(todo); + } while (!input.empty()); + } + EXPECT_EQ(Bytes(*out), Bytes(result)); + } + } + } } static void TestCipher(FileTest *t) { From 2309f645e509507a1cc8f9845771110fcf986fd9 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 20 May 2020 17:16:20 -0400 Subject: [PATCH 012/399] Use ctr32 optimizations for AES_ctr128_encrypt. There are a decent number of uses of this function directly. I've attached this to bug 338. Arguably it makes it worse, though it does help with aligning on ctr32, if that works out. Bug: 338 Change-Id: I3dfc1305d359ec0c88d4f298fe1928bef7ec9877 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41426 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/fipsmodule/aes/mode_wrappers.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/crypto/fipsmodule/aes/mode_wrappers.c b/crypto/fipsmodule/aes/mode_wrappers.c index 206fcfd49e..d29fb27ebb 100644 --- a/crypto/fipsmodule/aes/mode_wrappers.c +++ b/crypto/fipsmodule/aes/mode_wrappers.c @@ -57,7 +57,23 @@ void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len, const AES_KEY *key, uint8_t ivec[AES_BLOCK_SIZE], uint8_t ecount_buf[AES_BLOCK_SIZE], unsigned int *num) { - CRYPTO_ctr128_encrypt(in, out, len, key, ivec, ecount_buf, num, AES_encrypt); + if (hwaes_capable()) { + CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, ivec, ecount_buf, num, + aes_hw_ctr32_encrypt_blocks); + } else if (vpaes_capable()) { +#if defined(VPAES_CTR32) + // TODO(davidben): On ARM, where |BSAES| is additionally defined, this could + // use |vpaes_ctr32_encrypt_blocks_with_bsaes|. + CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, ivec, ecount_buf, num, + vpaes_ctr32_encrypt_blocks); +#else + CRYPTO_ctr128_encrypt(in, out, len, key, ivec, ecount_buf, num, + vpaes_encrypt); +#endif + } else { + CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, ivec, ecount_buf, num, + aes_nohw_ctr32_encrypt_blocks); + } } void AES_ecb_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key, From 53a17f55247101105ae35767d5c5a6c311843a8e Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 26 May 2020 14:44:07 -0700 Subject: [PATCH 013/399] Add a |SSL_process_tls13_new_session_ticket|. This API processes a given NewSessionTicket message and returns a resumable |SSL_SESSION| object that contains the ticket. (Change by Cesar Ghali.) Change-Id: I7426933b043865ca54d3cf597f7ecd54d493bf35 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41464 Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- include/openssl/ssl.h | 14 ++++++++++ ssl/internal.h | 2 ++ ssl/ssl_lib.cc | 28 +++++++++++++++++++ ssl/ssl_test.cc | 65 +++++++++++++++++++++++++++++++++++++++++++ ssl/tls13_client.cc | 52 ++++++++++++++++++++-------------- 5 files changed, 140 insertions(+), 21 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 5a5cbdc378..8e11ef25e9 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2197,6 +2197,20 @@ struct ssl_ticket_aead_method_st { OPENSSL_EXPORT void SSL_CTX_set_ticket_aead_method( SSL_CTX *ctx, const SSL_TICKET_AEAD_METHOD *aead_method); +// SSL_process_tls13_new_session_ticket processes an unencrypted TLS 1.3 +// NewSessionTicket message from |buf| and returns a resumable |SSL_SESSION|, +// or NULL on error. The caller takes ownership of the returned session and +// must call |SSL_SESSION_free| to free it. +// +// |buf| contains |buf_len| bytes that represents a complete NewSessionTicket +// message including its header, i.e., one byte for the type (0x04) and three +// bytes for the length. |buf| must contain only one such message. +// +// This function may be used to process NewSessionTicket messages in TLS 1.3 +// clients that are handling the record layer externally. +OPENSSL_EXPORT SSL_SESSION *SSL_process_tls13_new_session_ticket( + SSL *ssl, const uint8_t *buf, size_t buf_len); + // Elliptic curve Diffie-Hellman. // diff --git a/ssl/internal.h b/ssl/internal.h index b1c8bd1a63..182b02f6ad 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -1863,6 +1863,8 @@ enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs); bool tls13_add_finished(SSL_HANDSHAKE *hs); bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg); +bssl::UniquePtr tls13_create_session_with_ticket(SSL *ssl, + CBS *body); bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs, Array *out_secret, diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc index 625f73363d..90c265e71b 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc @@ -2968,6 +2968,34 @@ void SSL_CTX_set_ticket_aead_method(SSL_CTX *ctx, ctx->ticket_aead_method = aead_method; } +SSL_SESSION *SSL_process_tls13_new_session_ticket(SSL *ssl, const uint8_t *buf, + size_t buf_len) { + if (SSL_in_init(ssl) || + ssl_protocol_version(ssl) != TLS1_3_VERSION || + ssl->server) { + // Only TLS 1.3 clients are supported. + OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return nullptr; + } + + CBS cbs, body; + CBS_init(&cbs, buf, buf_len); + uint8_t type; + if (!CBS_get_u8(&cbs, &type) || + !CBS_get_u24_length_prefixed(&cbs, &body) || + CBS_len(&cbs) != 0) { + OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); + return nullptr; + } + + UniquePtr session = tls13_create_session_with_ticket(ssl, &body); + if (!session) { + // |tls13_create_session_with_ticket| puts the correct error. + return nullptr; + } + return session.release(); +} + int SSL_set_tlsext_status_type(SSL *ssl, int type) { if (!ssl->config) { return 0; diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 73f0b9dc96..4f4a80f73c 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -6303,5 +6303,70 @@ TEST(SSLTest, CopyWithoutEarlyData) { EXPECT_EQ(session2.get(), session3.get()); } +TEST(SSLTest, ProcessTLS13NewSessionTicket) { + // Configure client and server to negotiate TLS 1.3 only. + bssl::UniquePtr cert = GetTestCertificate(); + bssl::UniquePtr key = GetTestKey(); + bssl::UniquePtr client_ctx(SSL_CTX_new(TLS_method())); + bssl::UniquePtr server_ctx(SSL_CTX_new(TLS_method())); + ASSERT_TRUE(client_ctx); + ASSERT_TRUE(server_ctx); + ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(), TLS1_3_VERSION)); + ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(), TLS1_3_VERSION)); + ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION)); + ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION)); + ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get())); + ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())); + + bssl::UniquePtr client, server; + ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(), + server_ctx.get())); + EXPECT_EQ(TLS1_3_VERSION, SSL_version(client.get())); + + // Process a TLS 1.3 NewSessionTicket. + static const uint8_t kTicket[] = { + 0x04, 0x00, 0x00, 0xb2, 0x00, 0x02, 0xa3, 0x00, 0x04, 0x03, 0x02, 0x01, + 0x01, 0x00, 0x00, 0xa0, 0x01, 0x06, 0x09, 0x11, 0x16, 0x19, 0x21, 0x26, + 0x29, 0x31, 0x36, 0x39, 0x41, 0x46, 0x49, 0x51, 0x03, 0x06, 0x09, 0x13, + 0x16, 0x19, 0x23, 0x26, 0x29, 0x33, 0x36, 0x39, 0x43, 0x46, 0x49, 0x53, + 0xf7, 0x00, 0x29, 0xec, 0xf2, 0xc4, 0xa4, 0x41, 0xfc, 0x30, 0x17, 0x2e, + 0x9f, 0x7c, 0xa8, 0xaf, 0x75, 0x70, 0xf0, 0x1f, 0xc7, 0x98, 0xf7, 0xcf, + 0x5a, 0x5a, 0x6b, 0x5b, 0xfe, 0xf1, 0xe7, 0x3a, 0xe8, 0xf7, 0x6c, 0xd2, + 0xa8, 0xa6, 0x92, 0x5b, 0x96, 0x8d, 0xde, 0xdb, 0xd3, 0x20, 0x6a, 0xcb, + 0x69, 0x06, 0xf4, 0x91, 0x85, 0x2e, 0xe6, 0x5e, 0x0c, 0x59, 0xf2, 0x9e, + 0x9b, 0x79, 0x91, 0x24, 0x7e, 0x4a, 0x32, 0x3d, 0xbe, 0x4b, 0x80, 0x70, + 0xaf, 0xd0, 0x1d, 0xe2, 0xca, 0x05, 0x35, 0x09, 0x09, 0x05, 0x0f, 0xbb, + 0xc4, 0xae, 0xd7, 0xc4, 0xed, 0xd7, 0xae, 0x35, 0xc8, 0x73, 0x63, 0x78, + 0x64, 0xc9, 0x7a, 0x1f, 0xed, 0x7a, 0x9a, 0x47, 0x44, 0xfd, 0x50, 0xf7, + 0xb7, 0xe0, 0x64, 0xa9, 0x02, 0xc1, 0x5c, 0x23, 0x18, 0x3f, 0xc4, 0xcf, + 0x72, 0x02, 0x59, 0x2d, 0xe1, 0xaa, 0x61, 0x72, 0x00, 0x04, 0x5a, 0x5a, + 0x00, 0x00, + }; + bssl::UniquePtr session(SSL_process_tls13_new_session_ticket( + client.get(), kTicket, sizeof(kTicket))); + ASSERT_TRUE(session); + ASSERT_TRUE(SSL_SESSION_has_ticket(session.get())); + + uint8_t *session_buf = nullptr; + size_t session_length = 0; + ASSERT_TRUE( + SSL_SESSION_to_bytes(session.get(), &session_buf, &session_length)); + bssl::UniquePtr session_buf_free(session_buf); + ASSERT_TRUE(session_buf); + ASSERT_GT(session_length, 0u); + + // Servers cannot call |SSL_process_tls13_new_session_ticket|. + ASSERT_FALSE(SSL_process_tls13_new_session_ticket(server.get(), kTicket, + sizeof(kTicket))); + + // Clients cannot call |SSL_process_tls13_new_session_ticket| before the + // handshake completes. + bssl::UniquePtr client2(SSL_new(client_ctx.get())); + ASSERT_TRUE(client2); + SSL_set_connect_state(client2.get()); + ASSERT_FALSE(SSL_process_tls13_new_session_ticket(client2.get(), kTicket, + sizeof(kTicket))); +} + } // namespace BSSL_NAMESPACE_END diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc index b889ac2836..cb379b0c95 100644 --- a/ssl/tls13_client.cc +++ b/ssl/tls13_client.cc @@ -931,26 +931,43 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { return true; } + CBS body = msg.body; + UniquePtr session = tls13_create_session_with_ticket(ssl, &body); + if (!session) { + return false; + } + + if ((ssl->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) && + ssl->session_ctx->new_session_cb != NULL && + ssl->session_ctx->new_session_cb(ssl, session.get())) { + // |new_session_cb|'s return value signals that it took ownership. + session.release(); + } + + return true; +} + +UniquePtr tls13_create_session_with_ticket(SSL *ssl, CBS *body) { UniquePtr session = SSL_SESSION_dup( ssl->s3->established_session.get(), SSL_SESSION_INCLUDE_NONAUTH); if (!session) { - return false; + return nullptr; } ssl_session_rebase_time(ssl, session.get()); uint32_t server_timeout; - CBS body = msg.body, ticket_nonce, ticket, extensions; - if (!CBS_get_u32(&body, &server_timeout) || - !CBS_get_u32(&body, &session->ticket_age_add) || - !CBS_get_u8_length_prefixed(&body, &ticket_nonce) || - !CBS_get_u16_length_prefixed(&body, &ticket) || + CBS ticket_nonce, ticket, extensions; + if (!CBS_get_u32(body, &server_timeout) || + !CBS_get_u32(body, &session->ticket_age_add) || + !CBS_get_u8_length_prefixed(body, &ticket_nonce) || + !CBS_get_u16_length_prefixed(body, &ticket) || !session->ticket.CopyFrom(ticket) || - !CBS_get_u16_length_prefixed(&body, &extensions) || - CBS_len(&body) != 0) { + !CBS_get_u16_length_prefixed(body, &extensions) || + CBS_len(body) != 0) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); - return false; + return nullptr; } // Cap the renewable lifetime by the server advertised value. This avoids @@ -960,7 +977,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { } if (!tls13_derive_session_psk(session.get(), ticket_nonce)) { - return false; + return nullptr; } // Parse out the extensions. @@ -975,7 +992,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { OPENSSL_ARRAY_SIZE(ext_types), 1 /* ignore unknown */)) { ssl_send_alert(ssl, SSL3_AL_FATAL, alert); - return false; + return nullptr; } if (have_early_data) { @@ -983,7 +1000,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { CBS_len(&early_data) != 0) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); - return false; + return nullptr; } // QUIC does not use the max_early_data_size parameter and always sets it to @@ -992,7 +1009,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { session->ticket_max_early_data != 0xffffffff) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); - return false; + return nullptr; } } @@ -1004,14 +1021,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { session->ticket_age_add_valid = true; session->not_resumable = false; - if ((ssl->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) && - ssl->session_ctx->new_session_cb != NULL && - ssl->session_ctx->new_session_cb(ssl, session.get())) { - // |new_session_cb|'s return value signals that it took ownership. - session.release(); - } - - return true; + return session; } BSSL_NAMESPACE_END From 88024df12147e56b6abd66b743ff441a0aaa09a8 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 2 Jun 2020 08:14:44 -0700 Subject: [PATCH 014/399] Remove -enable-ed25519 compat hack. Change-Id: I2d5843b2dc957f8ae8e4d9a41cecd3268220cc1d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41504 Commit-Queue: Adam Langley Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- ssl/test/test_config.cc | 6 ------ 1 file changed, 6 deletions(-) diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc index ad8ecdb0c7..d4b71b4c23 100644 --- a/ssl/test/test_config.cc +++ b/ssl/test/test_config.cc @@ -307,12 +307,6 @@ bool ParseFlag(char *flag, int argc, char **argv, int *i, return true; } - if (strcmp(flag, "-enable-ed25519") == 0) { - // Old argument; ignored for split-handshake compat testing. - // Remove after 2020-06-01. - return true; - } - fprintf(stderr, "Unknown argument: %s.\n", flag); return false; } From 251b5169fd44345f455438312ec4e18ae07fd58c Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 9 Jun 2020 12:32:52 -0400 Subject: [PATCH 015/399] Assert md_size > 0. md_size is the size of a hash, so it cannot be zero. Add an assert since it appears to have caused some confusion. The j >= md_size and j -= md_size logic implicitly assumes md_size > 0. (It's another way to stick a % md_size elsewhere which, likewise, assumes md_size > 0.) The bug report itself is a false positive, but locally documenting assumptions is good. Bug: chromium:1092697 Change-Id: I3be0992552a300c6786cf1dc5ecfa881173a42e6 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41544 Reviewed-by: Steven Valdez Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/cipher_extra/tls_cbc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/cipher_extra/tls_cbc.c b/crypto/cipher_extra/tls_cbc.c index 52353f2a57..5e97a1cd3a 100644 --- a/crypto/cipher_extra/tls_cbc.c +++ b/crypto/cipher_extra/tls_cbc.c @@ -133,6 +133,7 @@ void EVP_tls_cbc_copy_mac(uint8_t *out, size_t md_size, const uint8_t *in, assert(orig_len >= in_len); assert(in_len >= md_size); assert(md_size <= EVP_MAX_MD_SIZE); + assert(md_size > 0); // scan_start contains the number of bytes that we can ignore because // the MAC's position can only vary by 255 bytes. From fbaf1c0546987fea3e07778f7eaf384726057bfb Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 10 Jun 2020 15:12:30 -0700 Subject: [PATCH 016/399] acvptool: go fmt Change-Id: If90e35bf4ef75d12cdbddc118611127b74bbafe6 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41604 Reviewed-by: Adam Langley --- util/fipstools/acvp/acvptool/acvp/acvp.go | 30 +++++++++++------------ 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/util/fipstools/acvp/acvptool/acvp/acvp.go b/util/fipstools/acvp/acvptool/acvp/acvp.go index 7b4ff88485..8e610c72ad 100644 --- a/util/fipstools/acvp/acvptool/acvp/acvp.go +++ b/util/fipstools/acvp/acvptool/acvp/acvp.go @@ -45,9 +45,9 @@ type Server struct { // AccessToken is the top-level access token for the current session. AccessToken string - client *http.Client - prefix string - totpFunc func() string + client *http.Client + prefix string + totpFunc func() string } // NewServer returns a fresh Server instance representing the ACVP server at @@ -363,18 +363,18 @@ func (query Query) toURLParams() string { var NotFound = errors.New("acvp: HTTP code 404") func (server *Server) newRequestWithToken(method, endpoint string, body io.Reader) (*http.Request, error) { - token, err := server.getToken(endpoint) - if err != nil { - return nil, err - } - req, err := http.NewRequest(method, server.prefix+endpoint, body) - if err != nil { - return nil, err - } - if len(token) != 0 { - req.Header.Add("Authorization", "Bearer "+token) - } - return req, nil + token, err := server.getToken(endpoint) + if err != nil { + return nil, err + } + req, err := http.NewRequest(method, server.prefix+endpoint, body) + if err != nil { + return nil, err + } + if len(token) != 0 { + req.Header.Add("Authorization", "Bearer "+token) + } + return req, nil } func (server *Server) Get(out interface{}, endPoint string) error { From 0313b59d5f950a05f2269811732bbbf204059da5 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 10 Jun 2020 14:38:02 -0700 Subject: [PATCH 017/399] Let memory hooks override the size prefix. In order to efficiently track heap operations, the memory hooks may need to store other information in the prefix area than the size that BoringSSL uses by default. This change lets them manage the prefix how they wish. Change-Id: I5a4d98bed100aff2deaaabb3d23fab02f0be82aa Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41584 Reviewed-by: Adam Langley Reviewed-by: David Benjamin Commit-Queue: Adam Langley Commit-Queue: David Benjamin --- crypto/mem.c | 44 +++++++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 15 deletions(-) diff --git a/crypto/mem.c b/crypto/mem.c index 291d8d0cc5..0491f150b4 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -72,6 +72,8 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) #define OPENSSL_MALLOC_PREFIX 8 +OPENSSL_STATIC_ASSERT(OPENSSL_MALLOC_PREFIX >= sizeof(size_t), + "size_t too large"); #if defined(OPENSSL_ASAN) void __asan_poison_memory_region(const volatile void *addr, size_t size); @@ -101,13 +103,21 @@ static void __asan_unpoison_memory_region(const void *addr, size_t size) {} // linked. This isn't an ideal result, but its helps in some cases. WEAK_SYMBOL_FUNC(void, sdallocx, (void *ptr, size_t size, int flags)); -// The following two functions are for memory tracking. They are no-ops by -// default but can be overridden at link time if the application needs to -// observe heap operations. -WEAK_SYMBOL_FUNC(void, OPENSSL_track_memory_alloc, (void *ptr, size_t size)); -WEAK_SYMBOL_FUNC(void, OPENSSL_track_memory_free, (void *ptr, size_t size)); +// The following three functions can be defined to override default heap +// allocation and freeing. If defined, it is the responsibility of +// |OPENSSL_memory_free| to zero out the memory before returning it to the +// system. |OPENSSL_memory_free| will not be passed NULL pointers. +WEAK_SYMBOL_FUNC(void*, OPENSSL_memory_alloc, (size_t size)); +WEAK_SYMBOL_FUNC(void, OPENSSL_memory_free, (void *ptr)); +WEAK_SYMBOL_FUNC(size_t, OPENSSL_memory_get_size, (void *ptr)); void *OPENSSL_malloc(size_t size) { + if (OPENSSL_memory_alloc != NULL) { + assert(OPENSSL_memory_free != NULL); + assert(OPENSSL_memory_get_size != NULL); + return OPENSSL_memory_alloc(size); + } + if (size + OPENSSL_MALLOC_PREFIX < size) { return NULL; } @@ -120,9 +130,6 @@ void *OPENSSL_malloc(size_t size) { *(size_t *)ptr = size; __asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX); - if (OPENSSL_track_memory_alloc) { - OPENSSL_track_memory_alloc(ptr, size + OPENSSL_MALLOC_PREFIX); - } return ((uint8_t *)ptr) + OPENSSL_MALLOC_PREFIX; } @@ -131,13 +138,15 @@ void OPENSSL_free(void *orig_ptr) { return; } + if (OPENSSL_memory_free != NULL) { + OPENSSL_memory_free(orig_ptr); + return; + } + void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX; __asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX); size_t size = *(size_t *)ptr; - if (OPENSSL_track_memory_free) { - OPENSSL_track_memory_free(ptr, size + OPENSSL_MALLOC_PREFIX); - } OPENSSL_cleanse(ptr, size + OPENSSL_MALLOC_PREFIX); if (sdallocx) { sdallocx(ptr, size + OPENSSL_MALLOC_PREFIX, 0 /* flags */); @@ -151,10 +160,15 @@ void *OPENSSL_realloc(void *orig_ptr, size_t new_size) { return OPENSSL_malloc(new_size); } - void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX; - __asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX); - size_t old_size = *(size_t *)ptr; - __asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX); + size_t old_size; + if (OPENSSL_memory_get_size != NULL) { + old_size = OPENSSL_memory_get_size(orig_ptr); + } else { + void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX; + __asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX); + old_size = *(size_t *)ptr; + __asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX); + } void *ret = OPENSSL_malloc(new_size); if (ret == NULL) { From 9c256d1d7f2730d260c84eea2d9e97becd6dcc96 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 10 Jun 2020 15:12:39 -0700 Subject: [PATCH 018/399] acvptool: handle negative sizeConstraint. The NIST server has been updated and is now sending a sizeConstraint of -1 to indicate that the large-upload process isn't needed. However, the code was trying to put that in a uint64, which caused a parse error. Change-Id: I9ee16918df13c229b0e889fa1248eb2e0a6a5fb2 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41605 Reviewed-by: David Benjamin --- util/fipstools/acvp/acvptool/acvp.go | 4 +++- util/fipstools/acvp/acvptool/acvp/acvp.go | 11 ++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/util/fipstools/acvp/acvptool/acvp.go b/util/fipstools/acvp/acvptool/acvp.go index c539b3b3a5..2753dd3ad0 100644 --- a/util/fipstools/acvp/acvptool/acvp.go +++ b/util/fipstools/acvp/acvptool/acvp.go @@ -375,7 +375,9 @@ func main() { resultData := resultBuf.Bytes() resultSize := uint64(len(resultData)) + 32 /* for framing overhead */ - if resultSize >= server.SizeLimit { + if server.SizeLimit > 0 && resultSize >= server.SizeLimit { + // The NIST ACVP server no longer requires the large-upload process, + // suggesting that it may no longer be needed. log.Printf("Result is %d bytes, too much given server limit of %d bytes. Using large-upload process.", resultSize, server.SizeLimit) largeRequestBytes, err := json.Marshal(acvp.LargeUploadRequest{ Size: resultSize, diff --git a/util/fipstools/acvp/acvptool/acvp/acvp.go b/util/fipstools/acvp/acvptool/acvp/acvp.go index 8e610c72ad..52d7488758 100644 --- a/util/fipstools/acvp/acvptool/acvp/acvp.go +++ b/util/fipstools/acvp/acvptool/acvp/acvp.go @@ -39,8 +39,9 @@ type Server struct { // The keys of this map are strings like "acvp/v1/testSessions/1234" and the // values are JWT access tokens. PrefixTokens map[string]string - // SizeLimit is the maximum number of bytes that the server can accept as an - // upload before the large endpoint support must be used. + // SizeLimit is the maximum number of bytes that the server can accept + // as an upload before the large endpoint support must be used. Zero + // means that there is no limit. SizeLimit uint64 // AccessToken is the top-level access token for the current session. AccessToken string @@ -274,7 +275,7 @@ func (server *Server) Login() error { var reply struct { AccessToken string `json:"accessToken"` LargeEndpointRequired bool `json:"largeEndpointRequired"` - SizeLimit uint64 `json:"sizeConstraint"` + SizeLimit int64 `json:"sizeConstraint"` } if err := server.postMessage(&reply, "acvp/v1/login", map[string]string{"password": server.totpFunc()}); err != nil { @@ -287,10 +288,10 @@ func (server *Server) Login() error { server.AccessToken = reply.AccessToken if reply.LargeEndpointRequired { - if reply.SizeLimit == 0 { + if reply.SizeLimit <= 0 { return errors.New("login indicated largeEndpointRequired but didn't provide a sizeConstraint") } - server.SizeLimit = reply.SizeLimit + server.SizeLimit = uint64(reply.SizeLimit) } return nil From 7f90eda55ee39c6b8c0c84ea2923dd5dd826a778 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Fri, 12 Jun 2020 10:42:42 -0700 Subject: [PATCH 019/399] =?UTF-8?q?Add=20=E2=80=9CZ=20Computation=E2=80=9D?= =?UTF-8?q?=20KAT.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit FIPS updates will make this useful / mandatory in the future. Change-Id: I9921e4f3fc8a8315dc85dc366f331b456572d49e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41644 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- crypto/fipsmodule/self_check/self_check.c | 62 +++++++++++++++++++++++ util/fipstools/break-tests-android.sh | 2 +- util/fipstools/break-tests.sh | 2 +- 3 files changed, 64 insertions(+), 2 deletions(-) diff --git a/crypto/fipsmodule/self_check/self_check.c b/crypto/fipsmodule/self_check/self_check.c index d8a61c3928..4b954b77d4 100644 --- a/crypto/fipsmodule/self_check/self_check.c +++ b/crypto/fipsmodule/self_check/self_check.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include #include @@ -430,11 +431,44 @@ int boringssl_fips_self_test( 0xba, 0x4d, 0xd9, 0x86, 0x77, 0xda, 0x7d, 0x8f, 0xef, 0xc4, 0x1a, 0xf0, 0xcc, 0x81, 0xe5, 0xea, 0x3f, 0xc2, 0x41, 0x7f, 0xd8, }; + // kP256Point is SHA256("Primitive Z Computation KAT")×G within P-256. + const uint8_t kP256Point[65] = { + 0x04, 0x4e, 0xc1, 0x94, 0x8c, 0x5c, 0xf4, 0x37, 0x35, 0x0d, 0xa3, + 0xf9, 0x55, 0xf9, 0x8b, 0x26, 0x23, 0x5c, 0x43, 0xe0, 0x83, 0x51, + 0x2b, 0x0d, 0x4b, 0x56, 0x24, 0xc3, 0xe4, 0xa5, 0xa8, 0xe2, 0xe9, + 0x95, 0xf2, 0xc4, 0xb9, 0xb7, 0x48, 0x7d, 0x2a, 0xae, 0xc5, 0xc0, + 0x0a, 0xcc, 0x1b, 0xd0, 0xec, 0xb8, 0xdc, 0xbe, 0x0c, 0xbe, 0x52, + 0x79, 0x93, 0x7c, 0x0b, 0x92, 0x2b, 0x7f, 0x17, 0xa5, 0x80, + }; + // kP256Scalar is SHA256("Primitive Z Computation KAT scalar"). + const uint8_t kP256Scalar[32] = { + 0xe7, 0x60, 0x44, 0x91, 0x26, 0x9a, 0xfb, 0x5b, 0x10, 0x2d, 0x6e, + 0xa5, 0x2c, 0xb5, 0x9f, 0xeb, 0x70, 0xae, 0xde, 0x6c, 0xe3, 0xbf, + 0xb3, 0xe0, 0x10, 0x54, 0x85, 0xab, 0xd8, 0x61, 0xd7, 0x7b, + }; + // kP256PointResult is |kP256Scalar|×|kP256Point|. + const uint8_t kP256PointResult[65] = { + 0x04, 0xf1, 0x63, 0x00, 0x88, 0xc5, 0xd5, 0xe9, 0x05, 0x52, 0xac, + 0xb6, 0xec, 0x68, 0x76, 0xb8, 0x73, 0x7f, 0x0f, 0x72, 0x34, 0xe6, + 0xbb, 0x30, 0x32, 0x22, 0x37, 0xb6, 0x2a, 0x80, 0xe8, 0x9e, 0x6e, + 0x6f, 0x36, 0x02, 0xe7, 0x21, 0xd2, 0x31, 0xdb, 0x94, 0x63, 0xb7, + 0xd8, 0x19, 0x0e, 0xc2, 0xc0, 0xa7, 0x2f, 0x15, 0x49, 0x1a, 0xa2, + 0x7c, 0x41, 0x8f, 0xaf, 0x9c, 0x40, 0xaf, 0x2e, 0x4a, +#if !defined(BORINGSSL_FIPS_BREAK_Z_COMPUTATION) + 0x0c, +#else + 0x00, +#endif + }; EVP_AEAD_CTX aead_ctx; EVP_AEAD_CTX_zero(&aead_ctx); RSA *rsa_key = NULL; EC_KEY *ec_key = NULL; + EC_GROUP *ec_group = NULL; + EC_POINT *ec_point_in = NULL; + EC_POINT *ec_point_out = NULL; + BIGNUM *ec_scalar = NULL; ECDSA_SIG *sig = NULL; int ret = 0; @@ -602,6 +636,30 @@ int boringssl_fips_self_test( goto err; } + // Primitive Z Computation KAT (IG 9.6). + ec_group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); + if (ec_group == NULL) { + fprintf(stderr, "Failed to create P-256 group.\n"); + goto err; + } + ec_point_in = EC_POINT_new(ec_group); + ec_point_out = EC_POINT_new(ec_group); + ec_scalar = BN_new(); + uint8_t z_comp_result[65]; + if (ec_point_in == NULL || ec_point_out == NULL || ec_scalar == NULL || + !EC_POINT_oct2point(ec_group, ec_point_in, kP256Point, sizeof(kP256Point), + NULL) || + !BN_bin2bn(kP256Scalar, sizeof(kP256Scalar), ec_scalar) || + !EC_POINT_mul(ec_group, ec_point_out, NULL, ec_point_in, ec_scalar, + NULL) || + !EC_POINT_point2oct(ec_group, ec_point_out, POINT_CONVERSION_UNCOMPRESSED, + z_comp_result, sizeof(z_comp_result), NULL) || + !check_test(kP256PointResult, z_comp_result, sizeof(z_comp_result), + "Z Computation Result")) { + fprintf(stderr, "Z Computation KAT failed.\n"); + goto err; + } + // DBRG KAT CTR_DRBG_STATE drbg; if (!CTR_DRBG_init(&drbg, kDRBGEntropy, kDRBGPersonalization, @@ -642,6 +700,10 @@ int boringssl_fips_self_test( EVP_AEAD_CTX_cleanup(&aead_ctx); RSA_free(rsa_key); EC_KEY_free(ec_key); + EC_POINT_free(ec_point_in); + EC_POINT_free(ec_point_out); + EC_GROUP_free(ec_group); + BN_free(ec_scalar); ECDSA_SIG_free(sig); return ret; diff --git a/util/fipstools/break-tests-android.sh b/util/fipstools/break-tests-android.sh index f6d9b1a64f..a5289cf221 100644 --- a/util/fipstools/break-tests-android.sh +++ b/util/fipstools/break-tests-android.sh @@ -42,7 +42,7 @@ fi . build/envsetup.sh -TESTS="NONE ECDSA_PWCT CRNG RSA_PWCT AES_CBC AES_GCM DES SHA_1 SHA_256 SHA_512 RSA_SIG DRBG ECDSA_SIG" +TESTS="NONE ECDSA_PWCT CRNG RSA_PWCT AES_CBC AES_GCM DES SHA_1 SHA_256 SHA_512 RSA_SIG DRBG ECDSA_SIG Z_COMPUTATION" if [ "x$1" = "x32" ]; then lib="lib" diff --git a/util/fipstools/break-tests.sh b/util/fipstools/break-tests.sh index d0ec1df10c..670c4feff9 100644 --- a/util/fipstools/break-tests.sh +++ b/util/fipstools/break-tests.sh @@ -22,7 +22,7 @@ set -x -TESTS="NONE ECDSA_PWCT CRNG RSA_PWCT AES_CBC AES_GCM DES SHA_1 SHA_256 SHA_512 RSA_SIG DRBG ECDSA_SIG" +TESTS="NONE ECDSA_PWCT CRNG RSA_PWCT AES_CBC AES_GCM DES SHA_1 SHA_256 SHA_512 RSA_SIG DRBG ECDSA_SIG Z_COMPUTATION" if [ "x$1" = "xbuild" ]; then for test in $TESTS; do From 72b095d0d483e6b9df002427054a0b150ee76f49 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 11 Jun 2020 14:41:28 -0400 Subject: [PATCH 020/399] Reword some comments. There were a handful of comments that use "blacklist" and "whitelist". They are easy to fix. Change-Id: I49a9592393b43fc85e92b4a00a585b504dede75a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41645 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- ssl/ssl_versions.cc | 10 +++++----- util/check_imported_libraries.go | 6 +++--- util/read_symbols.go | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc index d95aeb306d..3bbb4e3c1c 100644 --- a/ssl/ssl_versions.cc +++ b/ssl/ssl_versions.cc @@ -193,11 +193,11 @@ bool ssl_get_version_range(const SSL_HANDSHAKE *hs, uint16_t *out_min_version, min_version = TLS1_3_VERSION; } - // OpenSSL's API for controlling versions entails blacklisting individual - // protocols. This has two problems. First, on the client, the protocol can - // only express a contiguous range of versions. Second, a library consumer - // trying to set a maximum version cannot disable protocol versions that get - // added in a future version of the library. + // The |SSL_OP_NO_*| flags disable individual protocols. This has two + // problems. First, prior to TLS 1.3, the protocol can only express a + // contiguous range of versions. Second, a library consumer trying to set a + // maximum version cannot disable protocol versions that get added in a future + // version of the library. // // To account for both of these, OpenSSL interprets the client-side bitmask // as a min/max range by picking the lowest contiguous non-empty range of diff --git a/util/check_imported_libraries.go b/util/check_imported_libraries.go index 835d5fdd7f..187e51441f 100644 --- a/util/check_imported_libraries.go +++ b/util/check_imported_libraries.go @@ -12,9 +12,9 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -// check_imported_libraries.go checks that each of its arguments only imports a -// whitelist of allowed libraries. This is used to avoid accidental dependencies -// on libstdc++.so. +// check_imported_libraries.go checks that each of its arguments only imports +// allowed libraries. This is used to avoid accidental dependencies on +// libstdc++.so. package main import ( diff --git a/util/read_symbols.go b/util/read_symbols.go index 791ea5d126..96c148ab5a 100644 --- a/util/read_symbols.go +++ b/util/read_symbols.go @@ -119,8 +119,8 @@ func main() { // should not be prefixed. It is a limitation of this // symbol-prefixing strategy that we cannot distinguish // our own inline symbols (which should be prefixed) - // from the system's (which should not), so we blacklist - // known system symbols. + // from the system's (which should not), so we skip known + // system symbols. "__local_stdio_printf_options", "__local_stdio_scanf_options", "_vscprintf", From cd8f3d36fe294b4896f26bf3add6a6a954218bfd Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 15 Jun 2020 11:16:06 -0400 Subject: [PATCH 021/399] Enforce the keyUsage extension in TLS 1.2 client certs. I've left this independent of SSL_set_enforce_rsa_key_usage because client certificates in TLS always use the digitalSignature bit, RSA or otherwise, so it's less likely that someone has messed it up, unlike TLS 1.2 RSA server certificates. Update-Note: Client certificates which do not support the digitalSignature key usage will be rejected. They should either include that bit or omit the keyUsage extension. Bug: 349 Change-Id: I97bbf0c8e394f219ff75b686e0c14019f6d8c9a8 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41664 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- ssl/handshake_client.cc | 4 +-- ssl/handshake_server.cc | 9 +++++++ ssl/test/runner/runner.go | 57 ++++++++++++++++++++++++++++++++------- 3 files changed, 58 insertions(+), 12 deletions(-) diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc index 9625b8e8d0..670e476434 100644 --- a/ssl/handshake_client.cc +++ b/ssl/handshake_client.cc @@ -1268,10 +1268,10 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) { uint32_t alg_k = hs->new_cipher->algorithm_mkey; uint32_t alg_a = hs->new_cipher->algorithm_auth; if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) { - CRYPTO_BUFFER *leaf = + const CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(hs->new_session->certs.get(), 0); CBS leaf_cbs; - CBS_init(&leaf_cbs, CRYPTO_BUFFER_data(leaf), CRYPTO_BUFFER_len(leaf)); + CRYPTO_BUFFER_init_CBS(leaf, &leaf_cbs); // Check the key usage matches the cipher suite. We do this unconditionally // for non-RSA certificates. In particular, it's needed to distinguish ECDH diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc index 924701f68f..2489428953 100644 --- a/ssl/handshake_server.cc +++ b/ssl/handshake_server.cc @@ -1436,6 +1436,15 @@ static enum ssl_hs_wait_t do_read_client_certificate_verify(SSL_HANDSHAKE *hs) { return ssl_hs_error; } + // The peer certificate must be valid for signing. + const CRYPTO_BUFFER *leaf = + sk_CRYPTO_BUFFER_value(hs->new_session->certs.get(), 0); + CBS leaf_cbs; + CRYPTO_BUFFER_init_CBS(leaf, &leaf_cbs); + if (!ssl_cert_check_key_usage(&leaf_cbs, key_usage_digital_signature)) { + return ssl_hs_error; + } + CBS certificate_verify = msg.body, signature; // Determine the signature algorithm. diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index ae9b40d109..deddb0342b 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -14627,7 +14627,7 @@ func addECDSAKeyUsageTests() { testCases = append(testCases, testCase{ testType: clientTest, - name: "ECDSAKeyUsage-" + ver.name, + name: "ECDSAKeyUsage-Client-" + ver.name, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14636,6 +14636,19 @@ func addECDSAKeyUsageTests() { shouldFail: true, expectedError: ":KEY_USAGE_BIT_INCORRECT:", }) + + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ECDSAKeyUsage-Server-" + ver.name, + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + Certificates: []Certificate{cert}, + }, + flags: []string{"-require-any-client-certificate"}, + shouldFail: true, + expectedError: ":KEY_USAGE_BIT_INCORRECT:", + }) } } @@ -14705,7 +14718,7 @@ func addRSAKeyUsageTests() { for _, ver := range tlsVersions { testCases = append(testCases, testCase{ testType: clientTest, - name: "RSAKeyUsage-WantSignature-GotEncipherment-" + ver.name, + name: "RSAKeyUsage-Client-WantSignature-GotEncipherment-" + ver.name, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14721,7 +14734,7 @@ func addRSAKeyUsageTests() { testCases = append(testCases, testCase{ testType: clientTest, - name: "RSAKeyUsage-WantSignature-GotSignature-" + ver.name, + name: "RSAKeyUsage-Client-WantSignature-GotSignature-" + ver.name, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14737,7 +14750,7 @@ func addRSAKeyUsageTests() { if ver.version < VersionTLS13 { testCases = append(testCases, testCase{ testType: clientTest, - name: "RSAKeyUsage-WantEncipherment-GotEncipherment" + ver.name, + name: "RSAKeyUsage-Client-WantEncipherment-GotEncipherment" + ver.name, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14751,7 +14764,7 @@ func addRSAKeyUsageTests() { testCases = append(testCases, testCase{ testType: clientTest, - name: "RSAKeyUsage-WantEncipherment-GotSignature-" + ver.name, + name: "RSAKeyUsage-Client-WantEncipherment-GotSignature-" + ver.name, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14768,7 +14781,7 @@ func addRSAKeyUsageTests() { // In 1.2 and below, we should not enforce without the enforce-rsa-key-usage flag. testCases = append(testCases, testCase{ testType: clientTest, - name: "RSAKeyUsage-WantSignature-GotEncipherment-Unenforced" + ver.name, + name: "RSAKeyUsage-Client-WantSignature-GotEncipherment-Unenforced" + ver.name, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14779,7 +14792,7 @@ func addRSAKeyUsageTests() { testCases = append(testCases, testCase{ testType: clientTest, - name: "RSAKeyUsage-WantEncipherment-GotSignature-Unenforced" + ver.name, + name: "RSAKeyUsage-Client-WantEncipherment-GotSignature-Unenforced" + ver.name, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14787,14 +14800,13 @@ func addRSAKeyUsageTests() { CipherSuites: dsSuites, }, }) - } if ver.version >= VersionTLS13 { // In 1.3 and above, we enforce keyUsage even without the flag. testCases = append(testCases, testCase{ testType: clientTest, - name: "RSAKeyUsage-WantSignature-GotEncipherment-Enforced" + ver.name, + name: "RSAKeyUsage-Client-WantSignature-GotEncipherment-Enforced" + ver.name, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14804,8 +14816,33 @@ func addRSAKeyUsageTests() { shouldFail: true, expectedError: ":KEY_USAGE_BIT_INCORRECT:", }) - } + + // The server only uses signatures and always enforces it. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "RSAKeyUsage-Server-WantSignature-GotEncipherment-" + ver.name, + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + Certificates: []Certificate{encCert}, + }, + shouldFail: true, + expectedError: ":KEY_USAGE_BIT_INCORRECT:", + flags: []string{"-require-any-client-certificate"}, + }) + + testCases = append(testCases, testCase{ + testType: serverTest, + name: "RSAKeyUsage-Server-WantSignature-GotSignature-" + ver.name, + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + Certificates: []Certificate{dsCert}, + }, + flags: []string{"-require-any-client-certificate"}, + }) + } } From 884614c24f8c04ebde9c72ec7ce8f50498e3cdae Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 16 Jun 2020 10:59:58 -0400 Subject: [PATCH 022/399] Use CMAKE_SIZEOF_VOID_P instead of CMAKE_CL_64 CMake's documentation says this is preferred. https://cmake.org/cmake/help/latest/variable/CMAKE_CL_64.html Reportedly, it also works better with MINGW, though we do not currently support MINGW with the CMake build. See https://boringssl-review.googlesource.com/c/boringssl/+/41704/ Change-Id: Ie5794306beeeff816b34ee98c7a0f8e0d4f99ec8 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41724 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- CMakeLists.txt | 2 +- util/generate_build_files.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 0867601e58..437870a421 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -471,7 +471,7 @@ elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "amd64") set(ARCH "x86_64") elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "AMD64") # cmake reports AMD64 on Windows, but we might be building for 32-bit. - if(CMAKE_CL_64) + if(CMAKE_SIZEOF_VOID_P EQUAL 8) set(ARCH "x86_64") else() set(ARCH "x86") diff --git a/util/generate_build_files.py b/util/generate_build_files.py index 23d7ea5397..623e7d33c5 100644 --- a/util/generate_build_files.py +++ b/util/generate_build_files.py @@ -489,7 +489,7 @@ def __init__(self): set(ARCH "x86_64") elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "AMD64") # cmake reports AMD64 on Windows, but we might be building for 32-bit. - if(CMAKE_CL_64) + if(CMAKE_SIZEOF_VOID_P EQUAL 8) set(ARCH "x86_64") else() set(ARCH "x86") From 8afdbf04bd665a76c81319bc9715a77d9bc32722 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 16 Jun 2020 14:06:07 -0400 Subject: [PATCH 023/399] Abstract fd operations better in tool. Windows and POSIX implement very similar fd operations, but differ slightly: - ssize_t in POSIX is usually int on Windows. - POSIX needs EINTR retry loops. - Windows wants _open rather than open, etc. - POSIX fds and sockets are the same thing, while Windows sockets are HANDLEs and leaves fd as a C runtime construct. Rather than ad-hoc macros and redefinitions of ssize_t (which reportedly upset MINGW), add some actual abstractions. While I'm here, add a scoped file descriptor type. That still leaves recv/send which are only used in one file, so defined a socket_result_t for them. Change-Id: I17fca2a50c77191f573852bfd27553996e3e9c3f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41725 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- tool/CMakeLists.txt | 1 + tool/digest.cc | 76 ++++++++++------------------ tool/fd.cc | 105 +++++++++++++++++++++++++++++++++++++++ tool/internal.h | 80 ++++++++++++++++++++++------- tool/pkcs12.cc | 55 ++++++++++---------- tool/transport_common.cc | 21 ++++---- 6 files changed, 232 insertions(+), 106 deletions(-) create mode 100644 tool/fd.cc diff --git a/tool/CMakeLists.txt b/tool/CMakeLists.txt index 7f340171d7..765871381c 100644 --- a/tool/CMakeLists.txt +++ b/tool/CMakeLists.txt @@ -8,6 +8,7 @@ add_executable( client.cc const.cc digest.cc + fd.cc file.cc generate_ed25519.cc genrsa.cc diff --git a/tool/digest.cc b/tool/digest.cc index 742fa7f4dd..4adaf8df61 100644 --- a/tool/digest.cc +++ b/tool/digest.cc @@ -37,7 +37,6 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3)) OPENSSL_MSVC_PRAGMA(warning(pop)) #include #define PATH_MAX MAX_PATH -typedef int ssize_t; #endif #include @@ -45,19 +44,6 @@ typedef int ssize_t; #include "internal.h" -struct close_delete { - void operator()(int *fd) { - BORINGSSL_CLOSE(*fd); - } -}; - -template -struct func_delete { - void operator()(T* obj) { - func(obj); - } -}; - // Source is an awkward expression of a union type in C++: Stdin | File filename. struct Source { enum Type { @@ -79,37 +65,31 @@ struct Source { static const char kStdinName[] = "standard input"; -// OpenFile opens the regular file named |filename| and sets |*out_fd| to be a -// file descriptor to it. Returns true on sucess or prints an error to stderr -// and returns false on error. -static bool OpenFile(int *out_fd, const std::string &filename) { - *out_fd = -1; - - int fd = BORINGSSL_OPEN(filename.c_str(), O_RDONLY | O_BINARY); - if (fd < 0) { +// OpenFile opens the regular file named |filename| and returns a file +// descriptor to it. +static ScopedFD OpenFile(const std::string &filename) { + ScopedFD fd = OpenFD(filename.c_str(), O_RDONLY | O_BINARY); + if (!fd) { fprintf(stderr, "Failed to open input file '%s': %s\n", filename.c_str(), strerror(errno)); - return false; + return ScopedFD(); } - std::unique_ptr scoped_fd(&fd); #if !defined(OPENSSL_WINDOWS) struct stat st; - if (fstat(fd, &st)) { + if (fstat(fd.get(), &st)) { fprintf(stderr, "Failed to stat input file '%s': %s\n", filename.c_str(), strerror(errno)); - return false; + return ScopedFD(); } if (!S_ISREG(st.st_mode)) { fprintf(stderr, "%s: not a regular file\n", filename.c_str()); - return false; + return ScopedFD(); } #endif - *out_fd = fd; - scoped_fd.release(); - return true; + return fd; } // SumFile hashes the contents of |source| with |md| and sets |*out_hex| to the @@ -119,16 +99,17 @@ static bool OpenFile(int *out_fd, const std::string &filename) { // error. static bool SumFile(std::string *out_hex, const EVP_MD *md, const Source &source) { - std::unique_ptr scoped_fd; + ScopedFD scoped_fd; int fd; if (source.is_stdin()) { fd = 0; } else { - if (!OpenFile(&fd, source.filename())) { + scoped_fd = OpenFile(source.filename()); + if (!scoped_fd) { return false; } - scoped_fd.reset(&fd); + fd = scoped_fd.get(); } static const size_t kBufSize = 8192; @@ -141,21 +122,18 @@ static bool SumFile(std::string *out_hex, const EVP_MD *md, } for (;;) { - ssize_t n; - - do { - n = BORINGSSL_READ(fd, buf.get(), kBufSize); - } while (n == -1 && errno == EINTR); - - if (n == 0) { - break; - } else if (n < 0) { + size_t n; + if (!ReadFromFD(fd, &n, buf.get(), kBufSize)) { fprintf(stderr, "Failed to read from %s: %s\n", source.is_stdin() ? kStdinName : source.filename().c_str(), strerror(errno)); return false; } + if (n == 0) { + break; + } + if (!EVP_DigestUpdate(ctx.get(), buf.get(), n)) { fprintf(stderr, "Failed to update hash.\n"); return false; @@ -221,25 +199,23 @@ struct CheckModeArguments { // returns false. static bool Check(const CheckModeArguments &args, const EVP_MD *md, const Source &source) { - std::unique_ptr> scoped_file; FILE *file; + ScopedFILE scoped_file; if (source.is_stdin()) { file = stdin; } else { - int fd; - if (!OpenFile(&fd, source.filename())) { + ScopedFD fd = OpenFile(source.filename()); + if (!fd) { return false; } - file = BORINGSSL_FDOPEN(fd, "rb"); - if (!file) { + scoped_file = FDToFILE(std::move(fd), "rb"); + if (!scoped_file) { perror("fdopen"); - BORINGSSL_CLOSE(fd); return false; } - - scoped_file = std::unique_ptr>(file); + file = scoped_file.get(); } const size_t hex_size = EVP_MD_size(md) * 2; diff --git a/tool/fd.cc b/tool/fd.cc new file mode 100644 index 0000000000..2c27ccdb3c --- /dev/null +++ b/tool/fd.cc @@ -0,0 +1,105 @@ +/* Copyright (c) 2020, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include + +#include +#include +#include + +#include + +#include "internal.h" + +#if defined(OPENSSL_WINDOWS) +#include +#else +#include +#include +#endif + + +ScopedFD OpenFD(const char *path, int flags) { +#if defined(OPENSSL_WINDOWS) + return ScopedFD(_open(path, flags)); +#else + int fd; + do { + fd = open(path, flags); + } while (fd == -1 && errno == EINTR); + return ScopedFD(fd); +#endif +} + +void CloseFD(int fd) { +#if defined(OPENSSL_WINDOWS) + _close(fd); +#else + close(fd); +#endif +} + +bool ReadFromFD(int fd, size_t *out_bytes_read, void *out, size_t num) { +#if defined(OPENSSL_WINDOWS) + // On Windows, the buffer must be at most |INT_MAX|. See + // https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/read?view=vs-2019 + int ret = _read(fd, out, std::min(size_t{INT_MAX}, num)); +#else + ssize_t ret; + do { + ret = read(fd, out, num); + } while (ret == -1 && errno == EINVAL); +#endif + + if (ret < 0) { + *out_bytes_read = 0; + return false; + } + *out_bytes_read = ret; + return true; +} + +bool WriteToFD(int fd, size_t *out_bytes_written, const void *in, size_t num) { +#if defined(OPENSSL_WINDOWS) + // The documentation for |_write| does not say the buffer must be at most + // |INT_MAX|, but clamp it to |INT_MAX| instead of |UINT_MAX| in case. + int ret = _write(fd, in, std::min(size_t{INT_MAX}, num)); +#else + ssize_t ret; + do { + ret = write(fd, in, num); + } while (ret == -1 && errno == EINVAL); +#endif + + if (ret < 0) { + *out_bytes_written = 0; + return false; + } + *out_bytes_written = ret; + return true; +} + +ScopedFILE FDToFILE(ScopedFD fd, const char *mode) { + ScopedFILE ret; +#if defined(OPENSSL_WINDOWS) + ret.reset(_fdopen(fd.get(), mode)); +#else + ret.reset(fdopen(fd.get(), mode)); +#endif + // |fdopen| takes ownership of |fd| on success. + if (ret) { + fd.release(); + } + return ret; +} diff --git a/tool/internal.h b/tool/internal.h index 4cace9d3d6..eb9e4ba8f5 100644 --- a/tool/internal.h +++ b/tool/internal.h @@ -18,32 +18,17 @@ #include #include +#include #include -OPENSSL_MSVC_PRAGMA(warning(push)) // MSVC issues warning C4702 for unreachable code in its xtree header when // compiling with -D_HAS_EXCEPTIONS=0. See // https://connect.microsoft.com/VisualStudio/feedback/details/809962 +OPENSSL_MSVC_PRAGMA(warning(push)) OPENSSL_MSVC_PRAGMA(warning(disable: 4702)) - #include - OPENSSL_MSVC_PRAGMA(warning(pop)) -#if defined(OPENSSL_WINDOWS) - #define BORINGSSL_OPEN _open - #define BORINGSSL_FDOPEN _fdopen - #define BORINGSSL_CLOSE _close - #define BORINGSSL_READ _read - #define BORINGSSL_WRITE _write -#else - #define BORINGSSL_OPEN open - #define BORINGSSL_FDOPEN fdopen - #define BORINGSSL_CLOSE close - #define BORINGSSL_READ read - #define BORINGSSL_WRITE write -#endif - struct FileCloser { void operator()(FILE *file) { fclose(file); @@ -52,6 +37,67 @@ struct FileCloser { using ScopedFILE = std::unique_ptr; +// The following functions abstract between POSIX and Windows differences in +// file descriptor I/O functions. + +// CloseFD behaves like |close|. +void CloseFD(int fd); + +class ScopedFD { + public: + ScopedFD() {} + explicit ScopedFD(int fd) : fd_(fd) {} + ScopedFD(ScopedFD &&other) { *this = std::move(other); } + ScopedFD(const ScopedFD &) = delete; + ~ScopedFD() { reset(); } + + ScopedFD &operator=(const ScopedFD &) = delete; + ScopedFD &operator=(ScopedFD &&other) { + reset(); + fd_ = other.fd_; + other.fd_ = -1; + return *this; + } + + explicit operator bool() const { return fd_ >= 0; } + + int get() const { return fd_; } + + void reset() { + if (fd_ >= 0) { + CloseFD(fd_); + } + fd_ = -1; + } + + int release() { + int fd = fd_; + fd_ = -1; + return fd; + } + + private: + int fd_ = -1; +}; + +// OpenFD behaves like |open| but handles |EINTR| and works on Windows. +ScopedFD OpenFD(const char *path, int flags); + +// ReadFromFD reads up to |num| bytes from |fd| and writes the result to |out|. +// On success, it returns true and sets |*out_bytes_read| to the number of bytes +// read. Otherwise, it returns false and leaves an error in |errno|. On POSIX, +// it handles |EINTR| internally. +bool ReadFromFD(int fd, size_t *out_bytes_read, void *out, size_t num); + +// WriteToFD writes up to |num| bytes from |in| to |fd|. On success, it returns +// true and sets |*out_bytes_written| to the number of bytes written. Otherwise, +// it returns false and leaves an error in |errno|. On POSIX, it handles |EINTR| +// internally. +bool WriteToFD(int fd, size_t *out_bytes_written, const void *in, size_t num); + +// FDToFILE behaves like |fdopen|. +ScopedFILE FDToFILE(ScopedFD fd, const char *mode); + enum ArgumentType { kRequiredArgument, kOptionalArgument, diff --git a/tool/pkcs12.cc b/tool/pkcs12.cc index a8ddb0e01d..3d8a1cd758 100644 --- a/tool/pkcs12.cc +++ b/tool/pkcs12.cc @@ -40,12 +40,6 @@ #include "internal.h" -#if defined(OPENSSL_WINDOWS) -typedef int read_result_t; -#else -typedef ssize_t read_result_t; -#endif - static const struct argument kArguments[] = { { "-dump", kOptionalArgument, @@ -65,51 +59,52 @@ bool DoPKCS12(const std::vector &args) { return false; } - int fd = BORINGSSL_OPEN(args_map["-dump"].c_str(), O_RDONLY); - if (fd < 0) { + ScopedFD fd = OpenFD(args_map["-dump"].c_str(), O_RDONLY); + if (!fd) { perror("open"); return false; } struct stat st; - if (fstat(fd, &st)) { + if (fstat(fd.get(), &st)) { perror("fstat"); - BORINGSSL_CLOSE(fd); return false; } const size_t size = st.st_size; std::unique_ptr contents(new uint8_t[size]); - read_result_t n; size_t off = 0; - do { - n = BORINGSSL_READ(fd, &contents[off], size - off); - if (n >= 0) { - off += static_cast(n); + while (off < size) { + size_t bytes_read; + if (!ReadFromFD(fd.get(), &bytes_read, contents.get() + off, size - off)) { + perror("read"); + return false; } - } while ((n > 0 && off < size) || (n == -1 && errno == EINTR)); - - if (off != size) { - perror("read"); - BORINGSSL_CLOSE(fd); - return false; + if (bytes_read == 0) { + fprintf(stderr, "Unexpected EOF\n"); + return false; + } + off += bytes_read; } - BORINGSSL_CLOSE(fd); - printf("Enter password: "); fflush(stdout); char password[256]; off = 0; - do { - n = BORINGSSL_READ(0, &password[off], sizeof(password) - 1 - off); - if (n >= 0) { - off += static_cast(n); + while (off < sizeof(password) - 1) { + size_t bytes_read; + if (!ReadFromFD(0, &bytes_read, password + off, + sizeof(password) - 1 - off)) { + perror("read"); + return false; } - } while ((n > 0 && OPENSSL_memchr(password, '\n', off) == NULL && - off < sizeof(password) - 1) || - (n == -1 && errno == EINTR)); + + off += bytes_read; + if (bytes_read == 0 || OPENSSL_memchr(password, '\n', off) != nullptr) { + break; + } + } char *newline = reinterpret_cast(OPENSSL_memchr(password, '\n', off)); if (newline == NULL) { diff --git a/tool/transport_common.cc b/tool/transport_common.cc index 7c5e962c75..88e91695f0 100644 --- a/tool/transport_common.cc +++ b/tool/transport_common.cc @@ -55,7 +55,6 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3)) #include OPENSSL_MSVC_PRAGMA(warning(pop)) -typedef int ssize_t; OPENSSL_MSVC_PRAGMA(comment(lib, "Ws2_32.lib")) #endif @@ -68,7 +67,10 @@ OPENSSL_MSVC_PRAGMA(comment(lib, "Ws2_32.lib")) #include "transport_common.h" -#if !defined(OPENSSL_WINDOWS) +#if defined(OPENSSL_WINDOWS) +using socket_result_t = int; +#else +using socket_result_t = ssize_t; static int closesocket(int sock) { return close(sock); } @@ -739,12 +741,13 @@ bool TransferData(SSL *ssl, int sock) { return true; } - ssize_t n; - do { - n = BORINGSSL_WRITE(1, buffer, ssl_ret); - } while (n == -1 && errno == EINTR); + size_t n; + if (!WriteToFD(1, &n, buffer, ssl_ret)) { + fprintf(stderr, "Error writing to stdout.\n"); + return false; + } - if (n != ssl_ret) { + if (n != static_cast(ssl_ret)) { fprintf(stderr, "Short write to stderr.\n"); return false; } @@ -786,7 +789,7 @@ class SocketLineReader { return false; } - ssize_t n; + socket_result_t n; do { n = recv(sock_, &buf_[buf_len_], sizeof(buf_) - buf_len_, 0); } while (n == -1 && errno == EINTR); @@ -871,7 +874,7 @@ static bool SendAll(int sock, const char *data, size_t data_len) { size_t done = 0; while (done < data_len) { - ssize_t n; + socket_result_t n; do { n = send(sock, &data[done], data_len - done, 0); } while (n == -1 && errno == EINTR); From c17985424391fcbaaa57f733b7197c5dd3e510aa Mon Sep 17 00:00:00 2001 From: Jesko Jochum Date: Tue, 16 Jun 2020 15:48:09 +0200 Subject: [PATCH 024/399] Fixes warning when redefining PATH_MAX when building with MINGW. Fixes warning thrown when compiling digest.cc with MinGW64, by only defining PATH_MAX, if it has not yet been defined. Else building with MinGW64, throws the following warning: \boringssl\src\tool\digest.cc:39: warning: "PATH_MAX" redefined 39 | #define PATH_MAX MAX_PATH | In file included from C:/msys64/mingw64/lib/gcc/x86_64-w64-mingw32/9.3.0/include-fixed/limits.h:194, from C:/msys64/mingw64/lib/gcc/x86_64-w64-mingw32/9.3.0/include-fixed/syslimits.h:7, from C:/msys64/mingw64/lib/gcc/x86_64-w64-mingw32/9.3.0/include-fixed/limits.h:34, from C:/msys64/mingw64/x86_64-w64-mingw32/include/pthread.h:67, from C:/msys64/mingw64/include/c++/9.3.0/x86_64-w64-mingw32/bits/gthr-default.h:35, from C:/msys64/mingw64/include/c++/9.3.0/x86_64-w64-mingw32/bits/gthr.h:148, from C:/msys64/mingw64/include/c++/9.3.0/ext/atomicity.h:35, from C:/msys64/mingw64/include/c++/9.3.0/memory:73, from /boringssl/src/include/openssl/base.h:473, from \boringssl\src\tool\digest.cc:15: C:/msys64/mingw64/x86_64-w64-mingw32/include/limits.h:20: note: this is the location of the previous definition 20 | #define PATH_MAX 260 | Change-Id: I29eb33ee8fad9e4e80d9348a0d5e4057dfac620c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41705 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- tool/digest.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tool/digest.cc b/tool/digest.cc index 4adaf8df61..3c8fd5a64e 100644 --- a/tool/digest.cc +++ b/tool/digest.cc @@ -36,8 +36,10 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3)) #include OPENSSL_MSVC_PRAGMA(warning(pop)) #include +#if !defined(PATH_MAX) #define PATH_MAX MAX_PATH #endif +#endif #include From 1b8194715eeb6b43f9534a310cedd3d44d62911c Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 9 Jun 2020 14:01:02 -0400 Subject: [PATCH 025/399] Test resumability of same, different, and default ticket keys. If we were to accidentally leave the ticket keys zero-initialized, the only tests that notice are DefaultTicketKeyInitialization (initial key is not all zeros) and DefaultTicketKeyRotation (old key is not new key), by way of querying the keys themselves. Add some tests which additionally test the effects on resumption itself. Change-Id: I3bfd3f1e082e3a466105dbdffa18621b81c53d17 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41564 Commit-Queue: Adam Langley Reviewed-by: Adam Langley --- ssl/ssl_test.cc | 105 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 4f4a80f73c..3c2d852a6e 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -6115,6 +6115,111 @@ TEST_P(SSLVersionTest, DoubleSSLError) { } } +TEST_P(SSLVersionTest, SameKeyResume) { + uint8_t key[48]; + RAND_bytes(key, sizeof(key)); + + bssl::UniquePtr server_ctx2 = CreateContext(); + ASSERT_TRUE(server_ctx2); + ASSERT_TRUE(UseCertAndKey(server_ctx2.get())); + ASSERT_TRUE( + SSL_CTX_set_tlsext_ticket_keys(server_ctx_.get(), key, sizeof(key))); + ASSERT_TRUE( + SSL_CTX_set_tlsext_ticket_keys(server_ctx2.get(), key, sizeof(key))); + + SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH); + SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH); + SSL_CTX_set_session_cache_mode(server_ctx2.get(), SSL_SESS_CACHE_BOTH); + + // Establish a session for |server_ctx_|. + bssl::UniquePtr session = + CreateClientSession(client_ctx_.get(), server_ctx_.get()); + ASSERT_TRUE(session); + ClientConfig config; + config.session = session.get(); + + // Resuming with |server_ctx_| again works. + bssl::UniquePtr client, server; + ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(), + server_ctx_.get(), config)); + EXPECT_TRUE(SSL_session_reused(client.get())); + EXPECT_TRUE(SSL_session_reused(server.get())); + + // Resuming with |server_ctx2| also works. + ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(), + server_ctx2.get(), config)); + EXPECT_TRUE(SSL_session_reused(client.get())); + EXPECT_TRUE(SSL_session_reused(server.get())); +} + +TEST_P(SSLVersionTest, DifferentKeyNoResume) { + uint8_t key1[48], key2[48]; + RAND_bytes(key1, sizeof(key1)); + RAND_bytes(key2, sizeof(key2)); + + bssl::UniquePtr server_ctx2 = CreateContext(); + ASSERT_TRUE(server_ctx2); + ASSERT_TRUE(UseCertAndKey(server_ctx2.get())); + ASSERT_TRUE( + SSL_CTX_set_tlsext_ticket_keys(server_ctx_.get(), key1, sizeof(key1))); + ASSERT_TRUE( + SSL_CTX_set_tlsext_ticket_keys(server_ctx2.get(), key2, sizeof(key2))); + + SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH); + SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH); + SSL_CTX_set_session_cache_mode(server_ctx2.get(), SSL_SESS_CACHE_BOTH); + + // Establish a session for |server_ctx_|. + bssl::UniquePtr session = + CreateClientSession(client_ctx_.get(), server_ctx_.get()); + ASSERT_TRUE(session); + ClientConfig config; + config.session = session.get(); + + // Resuming with |server_ctx_| again works. + bssl::UniquePtr client, server; + ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(), + server_ctx_.get(), config)); + EXPECT_TRUE(SSL_session_reused(client.get())); + EXPECT_TRUE(SSL_session_reused(server.get())); + + // Resuming with |server_ctx2| does not work. + ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(), + server_ctx2.get(), config)); + EXPECT_FALSE(SSL_session_reused(client.get())); + EXPECT_FALSE(SSL_session_reused(server.get())); +} + +TEST_P(SSLVersionTest, UnrelatedServerNoResume) { + bssl::UniquePtr server_ctx2 = CreateContext(); + ASSERT_TRUE(server_ctx2); + ASSERT_TRUE(UseCertAndKey(server_ctx2.get())); + + SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH); + SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH); + SSL_CTX_set_session_cache_mode(server_ctx2.get(), SSL_SESS_CACHE_BOTH); + + // Establish a session for |server_ctx_|. + bssl::UniquePtr session = + CreateClientSession(client_ctx_.get(), server_ctx_.get()); + ASSERT_TRUE(session); + ClientConfig config; + config.session = session.get(); + + // Resuming with |server_ctx_| again works. + bssl::UniquePtr client, server; + ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(), + server_ctx_.get(), config)); + EXPECT_TRUE(SSL_session_reused(client.get())); + EXPECT_TRUE(SSL_session_reused(server.get())); + + // Resuming with |server_ctx2| does not work. + ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(), + server_ctx2.get(), config)); + EXPECT_FALSE(SSL_session_reused(client.get())); + EXPECT_FALSE(SSL_session_reused(server.get())); +} + TEST(SSLTest, WriteWhileExplicitRenegotiate) { bssl::UniquePtr ctx(SSL_CTX_new(TLS_method())); ASSERT_TRUE(ctx); From 5ddc5b14d9260b481e628390551c0ac52ef9df6e Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 17 Jun 2020 14:07:25 -0400 Subject: [PATCH 026/399] Move crypto/x509 test data into its own directory. I'm about to add a lot more of these. Change-Id: I2556e301dbed3ceb450e7070ffed46dc4d6de2b4 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41744 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/x509/{ => test}/make_many_constraints.go | 0 crypto/x509/{ => test}/many_constraints.pem | 0 crypto/x509/{ => test}/many_names1.pem | 0 crypto/x509/{ => test}/many_names2.pem | 0 crypto/x509/{ => test}/many_names3.pem | 0 crypto/x509/{ => test}/some_names1.pem | 0 crypto/x509/{ => test}/some_names2.pem | 0 crypto/x509/{ => test}/some_names3.pem | 0 crypto/x509/x509_test.cc | 16 ++++++++-------- sources.cmake | 14 +++++++------- 10 files changed, 15 insertions(+), 15 deletions(-) rename crypto/x509/{ => test}/make_many_constraints.go (100%) rename crypto/x509/{ => test}/many_constraints.pem (100%) rename crypto/x509/{ => test}/many_names1.pem (100%) rename crypto/x509/{ => test}/many_names2.pem (100%) rename crypto/x509/{ => test}/many_names3.pem (100%) rename crypto/x509/{ => test}/some_names1.pem (100%) rename crypto/x509/{ => test}/some_names2.pem (100%) rename crypto/x509/{ => test}/some_names3.pem (100%) diff --git a/crypto/x509/make_many_constraints.go b/crypto/x509/test/make_many_constraints.go similarity index 100% rename from crypto/x509/make_many_constraints.go rename to crypto/x509/test/make_many_constraints.go diff --git a/crypto/x509/many_constraints.pem b/crypto/x509/test/many_constraints.pem similarity index 100% rename from crypto/x509/many_constraints.pem rename to crypto/x509/test/many_constraints.pem diff --git a/crypto/x509/many_names1.pem b/crypto/x509/test/many_names1.pem similarity index 100% rename from crypto/x509/many_names1.pem rename to crypto/x509/test/many_names1.pem diff --git a/crypto/x509/many_names2.pem b/crypto/x509/test/many_names2.pem similarity index 100% rename from crypto/x509/many_names2.pem rename to crypto/x509/test/many_names2.pem diff --git a/crypto/x509/many_names3.pem b/crypto/x509/test/many_names3.pem similarity index 100% rename from crypto/x509/many_names3.pem rename to crypto/x509/test/many_names3.pem diff --git a/crypto/x509/some_names1.pem b/crypto/x509/test/some_names1.pem similarity index 100% rename from crypto/x509/some_names1.pem rename to crypto/x509/test/some_names1.pem diff --git a/crypto/x509/some_names2.pem b/crypto/x509/test/some_names2.pem similarity index 100% rename from crypto/x509/some_names2.pem rename to crypto/x509/test/some_names2.pem diff --git a/crypto/x509/some_names3.pem b/crypto/x509/test/some_names3.pem similarity index 100% rename from crypto/x509/some_names3.pem rename to crypto/x509/test/some_names3.pem diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index 521d7573fb..e0e2ec69df 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -1317,26 +1317,26 @@ TEST(X509Test, TestCRL) { } TEST(X509Test, ManyNamesAndConstraints) { - bssl::UniquePtr many_constraints( - CertFromPEM(GetTestData("crypto/x509/many_constraints.pem").c_str())); + bssl::UniquePtr many_constraints(CertFromPEM( + GetTestData("crypto/x509/test/many_constraints.pem").c_str())); ASSERT_TRUE(many_constraints); bssl::UniquePtr many_names1( - CertFromPEM(GetTestData("crypto/x509/many_names1.pem").c_str())); + CertFromPEM(GetTestData("crypto/x509/test/many_names1.pem").c_str())); ASSERT_TRUE(many_names1); bssl::UniquePtr many_names2( - CertFromPEM(GetTestData("crypto/x509/many_names2.pem").c_str())); + CertFromPEM(GetTestData("crypto/x509/test/many_names2.pem").c_str())); ASSERT_TRUE(many_names2); bssl::UniquePtr many_names3( - CertFromPEM(GetTestData("crypto/x509/many_names3.pem").c_str())); + CertFromPEM(GetTestData("crypto/x509/test/many_names3.pem").c_str())); ASSERT_TRUE(many_names3); bssl::UniquePtr some_names1( - CertFromPEM(GetTestData("crypto/x509/some_names1.pem").c_str())); + CertFromPEM(GetTestData("crypto/x509/test/some_names1.pem").c_str())); ASSERT_TRUE(some_names1); bssl::UniquePtr some_names2( - CertFromPEM(GetTestData("crypto/x509/some_names2.pem").c_str())); + CertFromPEM(GetTestData("crypto/x509/test/some_names2.pem").c_str())); ASSERT_TRUE(some_names2); bssl::UniquePtr some_names3( - CertFromPEM(GetTestData("crypto/x509/some_names3.pem").c_str())); + CertFromPEM(GetTestData("crypto/x509/test/some_names3.pem").c_str())); ASSERT_TRUE(some_names3); EXPECT_EQ(X509_V_ERR_UNSPECIFIED, diff --git a/sources.cmake b/sources.cmake index a21825cd32..5454dde9bf 100644 --- a/sources.cmake +++ b/sources.cmake @@ -57,13 +57,13 @@ set( crypto/hmac_extra/hmac_tests.txt crypto/poly1305/poly1305_tests.txt crypto/siphash/siphash_tests.txt - crypto/x509/many_constraints.pem - crypto/x509/many_names1.pem - crypto/x509/many_names2.pem - crypto/x509/many_names3.pem - crypto/x509/some_names1.pem - crypto/x509/some_names2.pem - crypto/x509/some_names3.pem + crypto/x509/test/many_constraints.pem + crypto/x509/test/many_names1.pem + crypto/x509/test/many_names2.pem + crypto/x509/test/many_names3.pem + crypto/x509/test/some_names1.pem + crypto/x509/test/some_names2.pem + crypto/x509/test/some_names3.pem third_party/wycheproof_testvectors/aes_cbc_pkcs5_test.txt third_party/wycheproof_testvectors/aes_cmac_test.txt third_party/wycheproof_testvectors/aes_gcm_siv_test.txt From cbac9c3a2d20a05d5c634eaab8f8b07589838d57 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 18 Jun 2020 16:14:24 -0400 Subject: [PATCH 027/399] Work around Windows command-line limits in embed_test_data.go. Change-Id: I020f7c75d2ed160b16a62cb909d2113c318feb3c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41764 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- CMakeLists.txt | 15 +++++++++++++-- util/embed_test_data.go | 24 +++++++++++++++++++++--- 2 files changed, 34 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 437870a421..c266e1267b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -573,10 +573,21 @@ include_directories(third_party/googletest/include) # themselves as dependencies next to the target definition. add_custom_target(all_tests) +# On Windows, CRYPTO_TEST_DATA is too long to fit in command-line limits. +# TODO(davidben): CMake 3.12 has a list(JOIN) command. Use that when we've +# updated the minimum version. +set(EMBED_TEST_DATA_ARGS "") +foreach(arg ${CRYPTO_TEST_DATA}) + set(EMBED_TEST_DATA_ARGS "${EMBED_TEST_DATA_ARGS}${arg}\n") +endforeach() +file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/embed_test_data_args.txt" + "${EMBED_TEST_DATA_ARGS}") + add_custom_command( OUTPUT crypto_test_data.cc - COMMAND ${GO_EXECUTABLE} run util/embed_test_data.go ${CRYPTO_TEST_DATA} > - ${CMAKE_CURRENT_BINARY_DIR}/crypto_test_data.cc + COMMAND ${GO_EXECUTABLE} run util/embed_test_data.go -file-list + "${CMAKE_CURRENT_BINARY_DIR}/embed_test_data_args.txt" > + "${CMAKE_CURRENT_BINARY_DIR}/crypto_test_data.cc" DEPENDS util/embed_test_data.go ${CRYPTO_TEST_DATA} WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) diff --git a/util/embed_test_data.go b/util/embed_test_data.go index 5376fdd490..a0efdc46e7 100644 --- a/util/embed_test_data.go +++ b/util/embed_test_data.go @@ -18,11 +18,15 @@ package main import ( "bytes" + "flag" "fmt" "io/ioutil" "os" + "strings" ) +var fileList = flag.String("file-list", "", "if not empty, the path to a file containing a newline-separated list of files, to work around Windows command-line limits") + func quote(in []byte) string { var buf bytes.Buffer buf.WriteByte('"') @@ -60,6 +64,20 @@ func quote(in []byte) string { } func main() { + flag.Parse() + + var files []string + if len(*fileList) != 0 { + data, err := ioutil.ReadFile(*fileList) + if err != nil { + fmt.Fprintf(os.Stderr, "Error reading %s: %s.\n", *fileList, err) + os.Exit(1) + } + files = strings.FieldsFunc(string(data), func(r rune) bool { return r == '\r' || r == '\n' }) + } + + files = append(files, flag.Args()...) + fmt.Printf(`/* Copyright (c) 2017, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any @@ -77,7 +95,7 @@ func main() { /* This file is generated by: `) fmt.Printf(" * go run util/embed_test_data.go") - for _, arg := range os.Args[1:] { + for _, arg := range files { fmt.Printf(" \\\n * %s", arg) } fmt.Printf(" */\n") @@ -99,7 +117,7 @@ func main() { // literal, but this is less compact. const chunkSize = 8192 - for i, arg := range os.Args[1:] { + for i, arg := range files { data, err := ioutil.ReadFile(arg) if err != nil { fmt.Fprintf(os.Stderr, "Error reading %s: %s.\n", arg, err) @@ -133,7 +151,7 @@ std::string GetTestData(const char *path); std::string GetTestData(const char *path) { `, chunkSize, chunkSize, chunkSize) - for i, arg := range os.Args[1:] { + for i, arg := range files { fmt.Printf(" if (strcmp(path, %s) == 0) {\n", quote([]byte(arg))) fmt.Printf(" return AssembleString(kData%d, kLen%d);\n", i, i) fmt.Printf(" }\n") From fd86eaa868534ac480b0ae391d6e86c121835a53 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 17 Jun 2020 15:13:16 -0400 Subject: [PATCH 028/399] Fix x509v3_cache_extensions error-handling. This imports https://github.com/openssl/openssl/pull/10756 from upstream with a number of changes: - Add tests. - Rather than blindly return false in cert_self_signed, make that function a tri-state return. This gives better error-reporting when the leaf certificate has a bad extension and reduces the risk of confusing the verifier. - Give x509v3_cache_extensions a return value rather than expecting everyone to check EXFLAG_INVALID. Switch X509_check_purpose calls to it when applicable. - Rather than setting EXFLAG_INVALID on bad CRLs, fail the parse altogether. We're already in the d2i callback. (Nothing checks EXFLAG_INVALID on CRLs.) - I've intentionally left the error unchecked in X509_cmp. OpenSSL's strategy is to return -2, but that's not a consistent comparison and may mess up sorts that depend on transitivity. This retains the current behavior where we consider all undigestable certs as equal to each other (modulo the opportunistic TBSCertificate double-check which should work most of the time). This is terrible, so I've filed https://crbug.com/boringssl/355 to track fixes here. That last fix caught that I misread the spec when I generated kKnownCriticalCRL and kUnknownCriticalCRL2. This fixes those and uses the old kKnownCriticalCRL as a test for invalid extensions. (Those CRLs were assembled by hand, so they don't indicate any software has been encoding them wrong.) Update-Note: The X.509 verifier now correctly rejects syntax errors in important certificate extensions. This may break some malformed certificates which were incorrectly accepted before. Bug: 345 Change-Id: Ifb3a98ba62cd296920546bc718fda524bd55c024 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41745 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/err/x509.errordata | 1 + .../test/invalid_extension_intermediate.pem | 10 + ..._intermediate_authority_key_identifier.pem | 11 ++ ...tension_intermediate_basic_constraints.pem | 10 + ...d_extension_intermediate_ext_key_usage.pem | 10 + ...valid_extension_intermediate_key_usage.pem | 10 + ...xtension_intermediate_name_constraints.pem | 11 ++ ...xtension_intermediate_subject_alt_name.pem | 11 ++ ...on_intermediate_subject_key_identifier.pem | 11 ++ crypto/x509/test/invalid_extension_leaf.pem | 11 ++ ...xtension_leaf_authority_key_identifier.pem | 11 ++ ...valid_extension_leaf_basic_constraints.pem | 11 ++ .../invalid_extension_leaf_ext_key_usage.pem | 11 ++ .../test/invalid_extension_leaf_key_usage.pem | 11 ++ ...nvalid_extension_leaf_name_constraints.pem | 11 ++ ...nvalid_extension_leaf_subject_alt_name.pem | 10 + ..._extension_leaf_subject_key_identifier.pem | 11 ++ crypto/x509/test/invalid_extension_root.pem | 10 + ...xtension_root_authority_key_identifier.pem | 11 ++ ...valid_extension_root_basic_constraints.pem | 10 + .../invalid_extension_root_ext_key_usage.pem | 10 + .../test/invalid_extension_root_key_usage.pem | 10 + ...nvalid_extension_root_name_constraints.pem | 11 ++ ...nvalid_extension_root_subject_alt_name.pem | 10 + ..._extension_root_subject_key_identifier.pem | 11 ++ crypto/x509/test/make_invalid_extensions.go | 184 ++++++++++++++++++ crypto/x509/x509_cmp.c | 19 +- crypto/x509/x509_test.cc | 122 ++++++++++-- crypto/x509/x509_trs.c | 5 +- crypto/x509/x509_vfy.c | 37 +++- crypto/x509/x_crl.c | 45 +++-- crypto/x509v3/internal.h | 5 + crypto/x509v3/v3_purp.c | 109 +++++++---- include/openssl/x509.h | 1 + sources.cmake | 24 +++ 35 files changed, 724 insertions(+), 82 deletions(-) create mode 100644 crypto/x509/test/invalid_extension_intermediate.pem create mode 100644 crypto/x509/test/invalid_extension_intermediate_authority_key_identifier.pem create mode 100644 crypto/x509/test/invalid_extension_intermediate_basic_constraints.pem create mode 100644 crypto/x509/test/invalid_extension_intermediate_ext_key_usage.pem create mode 100644 crypto/x509/test/invalid_extension_intermediate_key_usage.pem create mode 100644 crypto/x509/test/invalid_extension_intermediate_name_constraints.pem create mode 100644 crypto/x509/test/invalid_extension_intermediate_subject_alt_name.pem create mode 100644 crypto/x509/test/invalid_extension_intermediate_subject_key_identifier.pem create mode 100644 crypto/x509/test/invalid_extension_leaf.pem create mode 100644 crypto/x509/test/invalid_extension_leaf_authority_key_identifier.pem create mode 100644 crypto/x509/test/invalid_extension_leaf_basic_constraints.pem create mode 100644 crypto/x509/test/invalid_extension_leaf_ext_key_usage.pem create mode 100644 crypto/x509/test/invalid_extension_leaf_key_usage.pem create mode 100644 crypto/x509/test/invalid_extension_leaf_name_constraints.pem create mode 100644 crypto/x509/test/invalid_extension_leaf_subject_alt_name.pem create mode 100644 crypto/x509/test/invalid_extension_leaf_subject_key_identifier.pem create mode 100644 crypto/x509/test/invalid_extension_root.pem create mode 100644 crypto/x509/test/invalid_extension_root_authority_key_identifier.pem create mode 100644 crypto/x509/test/invalid_extension_root_basic_constraints.pem create mode 100644 crypto/x509/test/invalid_extension_root_ext_key_usage.pem create mode 100644 crypto/x509/test/invalid_extension_root_key_usage.pem create mode 100644 crypto/x509/test/invalid_extension_root_name_constraints.pem create mode 100644 crypto/x509/test/invalid_extension_root_subject_alt_name.pem create mode 100644 crypto/x509/test/invalid_extension_root_subject_key_identifier.pem create mode 100644 crypto/x509/test/make_invalid_extensions.go diff --git a/crypto/err/x509.errordata b/crypto/err/x509.errordata index 6ed8fa3561..1426fbf8e5 100644 --- a/crypto/err/x509.errordata +++ b/crypto/err/x509.errordata @@ -6,6 +6,7 @@ X509,104,CANT_CHECK_DH_KEY X509,105,CERT_ALREADY_IN_HASH_TABLE X509,106,CRL_ALREADY_DELTA X509,107,CRL_VERIFY_FAILURE +X509,138,DELTA_CRL_WITHOUT_CRL_NUMBER X509,108,IDP_MISMATCH X509,109,INVALID_BIT_STRING_BITS_LEFT X509,110,INVALID_DIRECTORY diff --git a/crypto/x509/test/invalid_extension_intermediate.pem b/crypto/x509/test/invalid_extension_intermediate.pem new file mode 100644 index 0000000000..b86865fa94 --- /dev/null +++ b/crypto/x509/test/invalid_extension_intermediate.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBdTCCARugAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw +MFowKjEoMCYGA1UEAxMfSW52YWxpZCBFeHRlbnNpb25zIEludGVybWVkaWF0ZTBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI6fKiM3jFLkLyAn88cvlw4SwxuygRj +opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjODA2MA4G +A1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIDkCS9RrLeO556C9apswg90ZdI2kn3ru31bp +a4Rqp82BAiEAqJn5GbUzqjVaI5UthWdcu1zmpdTJntbheeNstXa7k+E= +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_intermediate_authority_key_identifier.pem b/crypto/x509/test/invalid_extension_intermediate_authority_key_identifier.pem new file mode 100644 index 0000000000..595703c118 --- /dev/null +++ b/crypto/x509/test/invalid_extension_intermediate_authority_key_identifier.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBhTCCASugAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw +MFowKjEoMCYGA1UEAxMfSW52YWxpZCBFeHRlbnNpb25zIEludGVybWVkaWF0ZTBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI6fKiM3jFLkLyAn88cvlw4SwxuygRj +opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjSDBGMA4G +A1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdIwQHSU5WQUxJRDAKBggqhkjOPQQDAgNIADBFAiEAl5TMKihFw6jD +ajc1I7R177t3d4HyW7qCB/M3PHu9HDsCIDI0oBBsuXAHX43N1Jx8LO0sMAzujYom +/NZn/qBanQnZ +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_intermediate_basic_constraints.pem b/crypto/x509/test/invalid_extension_intermediate_basic_constraints.pem new file mode 100644 index 0000000000..32f09f5199 --- /dev/null +++ b/crypto/x509/test/invalid_extension_intermediate_basic_constraints.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBdTCCARqgAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw +MFowKjEoMCYGA1UEAxMfSW52YWxpZCBFeHRlbnNpb25zIEludGVybWVkaWF0ZTBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI6fKiM3jFLkLyAn88cvlw4SwxuygRj +opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjNzA1MA4G +A1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHRMEB0lOVkFM +SUQwCgYIKoZIzj0EAwIDSQAwRgIhAK/zCwmg3s63Ndeg9piiBbMsUF6ZPcNFltEa +3cKSMPthAiEAkMq/CmljQigMgXVWOhacYeRLyzZyi2i9hOjrCeKFuno= +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_intermediate_ext_key_usage.pem b/crypto/x509/test/invalid_extension_intermediate_ext_key_usage.pem new file mode 100644 index 0000000000..20ff382f19 --- /dev/null +++ b/crypto/x509/test/invalid_extension_intermediate_ext_key_usage.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBbzCCARagAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw +MFowKjEoMCYGA1UEAxMfSW52YWxpZCBFeHRlbnNpb25zIEludGVybWVkaWF0ZTBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI6fKiM3jFLkLyAn88cvlw4SwxuygRj +opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjMzAxMA4G +A1UdDwEB/wQEAwICBDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdJQQHSU5WQUxJRDAK +BggqhkjOPQQDAgNHADBEAiAGr6/3ad6TX4h/HgD5oFiifT7SsRzYVD1yvfyHEYRI +qgIgYDbO0XKLN9kSUF8ZBaLPyC1AIbw+m9cQy4/GaJuzxH4= +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_intermediate_key_usage.pem b/crypto/x509/test/invalid_extension_intermediate_key_usage.pem new file mode 100644 index 0000000000..c31596c13c --- /dev/null +++ b/crypto/x509/test/invalid_extension_intermediate_key_usage.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBdDCCARugAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw +MFowKjEoMCYGA1UEAxMfSW52YWxpZCBFeHRlbnNpb25zIEludGVybWVkaWF0ZTBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI6fKiM3jFLkLyAn88cvlw4SwxuygRj +opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjODA2MBMG +A1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PBAdJTlZB +TElEMAoGCCqGSM49BAMCA0cAMEQCIE1gJ4wr8D0UPRfhQ5sx1WJWEOc+IEtktigk +giSupcouAiBFa441h0NvODAwsb39sQ/uaUhucb11vwKSZItwViMp/w== +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_intermediate_name_constraints.pem b/crypto/x509/test/invalid_extension_intermediate_name_constraints.pem new file mode 100644 index 0000000000..82c83a9dcb --- /dev/null +++ b/crypto/x509/test/invalid_extension_intermediate_name_constraints.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBhTCCASugAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw +MFowKjEoMCYGA1UEAxMfSW52YWxpZCBFeHRlbnNpb25zIEludGVybWVkaWF0ZTBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI6fKiM3jFLkLyAn88cvlw4SwxuygRj +opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjSDBGMA4G +A1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdHgQHSU5WQUxJRDAKBggqhkjOPQQDAgNIADBFAiB7QedoT6bEccGY +/Pofovdtfdzl/AXCtbJjiu59Yt3UTAIhANdfkR5PShTke3o9diKz6G/cVvL9jkF2 +SKzPRxnRVxNo +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_intermediate_subject_alt_name.pem b/crypto/x509/test/invalid_extension_intermediate_subject_alt_name.pem new file mode 100644 index 0000000000..6fd9bf61ed --- /dev/null +++ b/crypto/x509/test/invalid_extension_intermediate_subject_alt_name.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBhDCCASugAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw +MFowKjEoMCYGA1UEAxMfSW52YWxpZCBFeHRlbnNpb25zIEludGVybWVkaWF0ZTBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI6fKiM3jFLkLyAn88cvlw4SwxuygRj +opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjSDBGMA4G +A1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdEQQHSU5WQUxJRDAKBggqhkjOPQQDAgNHADBEAiA4J8X4tb775IOP +gBZ8BjlQZXPaRAgO/0d8a5Bgb5j0awIgN1i84TX34Dm8SjArcZLN38mm0zbrvEY0 +wILouqC75wI= +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_intermediate_subject_key_identifier.pem b/crypto/x509/test/invalid_extension_intermediate_subject_key_identifier.pem new file mode 100644 index 0000000000..a440757008 --- /dev/null +++ b/crypto/x509/test/invalid_extension_intermediate_subject_key_identifier.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBhTCCASugAwIBAgIBAjAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw +MFowKjEoMCYGA1UEAxMfSW52YWxpZCBFeHRlbnNpb25zIEludGVybWVkaWF0ZTBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI6fKiM3jFLkLyAn88cvlw4SwxuygRj +opP3FFBKHyUQvh3VVvfqSpSCSmp50QiajQ6Dg7CTpVZVVH+bguT7JTCjSDBGMA4G +A1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDgQHSU5WQUxJRDAKBggqhkjOPQQDAgNIADBFAiBXToga6ILFNSXj +FiwI/ZaZvJubBHzMcrEXtIv85ybV3wIhAL3DMOezrq+dSjf+RdshlTDKwvTY8QYX +ehvRzctnYHTd +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_leaf.pem b/crypto/x509/test/invalid_extension_leaf.pem new file mode 100644 index 0000000000..14bcb5a161 --- /dev/null +++ b/crypto/x509/test/invalid_extension_leaf.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBhzCCASygAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw +MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo1EwTzAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREE +EzARgg93d3cuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAJ1DkyH6QYsM +bxN/aXhKYGFc1upPpxfHrzmVrVrYq34GAiEAgzAn1bws7mwi4fTBJ4XY44OisCi6 +gPDLe2H4Esop38o= +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_leaf_authority_key_identifier.pem b/crypto/x509/test/invalid_extension_leaf_authority_key_identifier.pem new file mode 100644 index 0000000000..166b89c18c --- /dev/null +++ b/crypto/x509/test/invalid_extension_leaf_authority_key_identifier.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBljCCATygAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw +MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo2EwXzAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREE +EzARgg93d3cuZXhhbXBsZS5jb20wDgYDVR0jBAdJTlZBTElEMAoGCCqGSM49BAMC +A0gAMEUCIDCqsRJC3IrUHxm5txOfnjrpGmoeSvr1EhVFDhHCuV6GAiEAwJ15sf7y ++CGw0rzYTLUHw4nc5aJC9oKOhypg3SrQeGw= +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_leaf_basic_constraints.pem b/crypto/x509/test/invalid_extension_leaf_basic_constraints.pem new file mode 100644 index 0000000000..611f7cb1ed --- /dev/null +++ b/crypto/x509/test/invalid_extension_leaf_basic_constraints.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBiDCCAS6gAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw +MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo1MwUTAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGgYDVR0RBBMwEYIPd3d3LmV4YW1w +bGUuY29tMA4GA1UdEwQHSU5WQUxJRDAKBggqhkjOPQQDAgNIADBFAiEA6btgd6HI +SCvxfnaHqhAiBjLl665JJC/wpSejPlxFmI0CIGZ7pLkRuQKv132ffDBmobAsBBnT +YXmJWAHc4rsJCYEx +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_leaf_ext_key_usage.pem b/crypto/x509/test/invalid_extension_leaf_ext_key_usage.pem new file mode 100644 index 0000000000..2fa34ee005 --- /dev/null +++ b/crypto/x509/test/invalid_extension_leaf_ext_key_usage.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBgTCCASegAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw +MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo0wwSjAOBgNVHQ8BAf8E +BAMCAgQwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhhbXBsZS5jb20w +DgYDVR0lBAdJTlZBTElEMAoGCCqGSM49BAMCA0gAMEUCIH3jx0mZhPAY2QZHYVPQ +ld6RNFGris9CFCD8AMOaZTR+AiEAgr4hSxoIm3g/CVeQkDORqgSrXU0AuVvQL2KO +NM5UG1Q= +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_leaf_key_usage.pem b/crypto/x509/test/invalid_extension_leaf_key_usage.pem new file mode 100644 index 0000000000..82c7cf0c75 --- /dev/null +++ b/crypto/x509/test/invalid_extension_leaf_key_usage.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBhjCCASygAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw +MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo1EwTzATBgNVHSUEDDAK +BggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCD3d3dy5leGFtcGxl +LmNvbTAOBgNVHQ8EB0lOVkFMSUQwCgYIKoZIzj0EAwIDSAAwRQIgPoSLUcWwjnDx +3N+DJPzpgHRRSZtJz6w5njQ+zcyQvrQCIQDThWHI9F5s6xQN42stFw0sasdWFc/9 +No9QQf1zbGfGDw== +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_leaf_name_constraints.pem b/crypto/x509/test/invalid_extension_leaf_name_constraints.pem new file mode 100644 index 0000000000..f4e6105978 --- /dev/null +++ b/crypto/x509/test/invalid_extension_leaf_name_constraints.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBljCCATygAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw +MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo2EwXzAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREE +EzARgg93d3cuZXhhbXBsZS5jb20wDgYDVR0eBAdJTlZBTElEMAoGCCqGSM49BAMC +A0gAMEUCIQCYofdTDXH2HIpc/ZSI6IQVCM0L0/QbKbEOGeAwDtikGAIgV48ECoAt +8maDdh8y9qj/TZe6XA39BzkjtsLKhecCuV8= +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_leaf_subject_alt_name.pem b/crypto/x509/test/invalid_extension_leaf_subject_alt_name.pem new file mode 100644 index 0000000000..eae65f487b --- /dev/null +++ b/crypto/x509/test/invalid_extension_leaf_subject_alt_name.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBeTCCASCgAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw +MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo0UwQzAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAOBgNVHREE +B0lOVkFMSUQwCgYIKoZIzj0EAwIDRwAwRAIgDatlhmjkW4lgYc/eyrqJp1kxKrL8 +0WkPsmdUZmXiI1QCIC1bl+3ponxSaCvn81xKrQzuIq2OzWxy2PTHyNbPnGcz +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_leaf_subject_key_identifier.pem b/crypto/x509/test/invalid_extension_leaf_subject_key_identifier.pem new file mode 100644 index 0000000000..d082bf8ade --- /dev/null +++ b/crypto/x509/test/invalid_extension_leaf_subject_key_identifier.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBlzCCATygAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9JbnZhbGlk +IEV4dGVuc2lvbnMgSW50ZXJtZWRpYXRlMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAw +MTAxMDAwMDAwWjAaMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5w8u3SSwm7HZR +EvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5Xo2EwXzAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAaBgNVHREE +EzARgg93d3cuZXhhbXBsZS5jb20wDgYDVR0OBAdJTlZBTElEMAoGCCqGSM49BAMC +A0kAMEYCIQDNfoYMjJUzrw2qxHKwopCt9lTQIfOCJDzndJwHLSI97gIhAIDRRWkU +OpOxpzO5zJtvsPSuFJTPtFi6dKwyZA0VVX5m +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_root.pem b/crypto/x509/test/invalid_extension_root.pem new file mode 100644 index 0000000000..9236111de2 --- /dev/null +++ b/crypto/x509/test/invalid_extension_root.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBbjCCAROgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw +MFowIjEgMB4GA1UEAxMXSW52YWxpZCBFeHRlbnNpb25zIFJvb3QwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44TqChRYI6IeV9tI +B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjoltozgwNjAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAKBggq +hkjOPQQDAgNJADBGAiEAkLonK/c0Wai8LSe6Nhf3ln+dpPxIQD9z0e2bXzgp3ZgC +IQDUjv8fhl6szNN6cV4NElVrsuFRigAvt6Z5M132Ybgavw== +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_root_authority_key_identifier.pem b/crypto/x509/test/invalid_extension_root_authority_key_identifier.pem new file mode 100644 index 0000000000..c2321b7f0f --- /dev/null +++ b/crypto/x509/test/invalid_extension_root_authority_key_identifier.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBfTCCASOgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw +MFowIjEgMB4GA1UEAxMXSW52YWxpZCBFeHRlbnNpb25zIFJvb3QwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44TqChRYI6IeV9tI +B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjolto0gwRjAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HSMEB0lOVkFMSUQwCgYIKoZIzj0EAwIDSAAwRQIgO/L4Oi8esLDZ5HQgVYd/GUey +8yPPRUkfr8+ZH5YJ724CIQCToZDd4kEPRmwjS6R20n5qrDElE4SDBq8cmJEToh57 +3Q== +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_root_basic_constraints.pem b/crypto/x509/test/invalid_extension_root_basic_constraints.pem new file mode 100644 index 0000000000..4e507b3e2f --- /dev/null +++ b/crypto/x509/test/invalid_extension_root_basic_constraints.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBazCCARKgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw +MFowIjEgMB4GA1UEAxMXSW52YWxpZCBFeHRlbnNpb25zIFJvb3QwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44TqChRYI6IeV9tI +B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjoltozcwNTAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDgYDVR0TBAdJTlZBTElEMAoGCCqG +SM49BAMCA0cAMEQCICRNoNJx8TOSe4FKoB7EdfvG56/zvzVK8F4SDV35nbfTAiAF +QjSD7CDdbaRQymgX3ojBbAP3hj1fFbCzopKR7UUvxQ== +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_root_ext_key_usage.pem b/crypto/x509/test/invalid_extension_root_ext_key_usage.pem new file mode 100644 index 0000000000..17ac3a2b1f --- /dev/null +++ b/crypto/x509/test/invalid_extension_root_ext_key_usage.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ6gAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw +MFowIjEgMB4GA1UEAxMXSW52YWxpZCBFeHRlbnNpb25zIFJvb3QwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44TqChRYI6IeV9tI +B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjoltozMwMTAOBgNVHQ8BAf8E +BAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHSUEB0lOVkFMSUQwCgYIKoZIzj0E +AwIDSAAwRQIgVjuDRpd+kVlqUDJcX899ZsAoIvkSPxo/lCVJ+ae28BkCIQD/9Aig +0CaivgJ8Z6mUW9ozp6ClMPfSpCEUtrhm/dg2og== +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_root_key_usage.pem b/crypto/x509/test/invalid_extension_root_key_usage.pem new file mode 100644 index 0000000000..92ac0c6089 --- /dev/null +++ b/crypto/x509/test/invalid_extension_root_key_usage.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBbjCCAROgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw +MFowIjEgMB4GA1UEAxMXSW52YWxpZCBFeHRlbnNpb25zIFJvb3QwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44TqChRYI6IeV9tI +B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjoltozgwNjATBgNVHSUEDDAK +BggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwQHSU5WQUxJRDAKBggq +hkjOPQQDAgNJADBGAiEAmX21h0WJPZ8VjGRaGwYWAh2q7iS0Wzm+besT06qgnPwC +IQCEF2G9d/DaDL7H9aw51xA0B+WwHBN5r1kx6b9A5pJVtg== +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_root_name_constraints.pem b/crypto/x509/test/invalid_extension_root_name_constraints.pem new file mode 100644 index 0000000000..3511236660 --- /dev/null +++ b/crypto/x509/test/invalid_extension_root_name_constraints.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBfTCCASOgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw +MFowIjEgMB4GA1UEAxMXSW52YWxpZCBFeHRlbnNpb25zIFJvb3QwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44TqChRYI6IeV9tI +B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjolto0gwRjAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HR4EB0lOVkFMSUQwCgYIKoZIzj0EAwIDSAAwRQIhALYRk6SPzWoKF3wLI6N+bWh/ +iap7zpRrAZqmL3EDTlitAiB0CFMk9r5h/RDkvrP4Z+JZKum9ZVbGew73cdjDVBA3 +dA== +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_root_subject_alt_name.pem b/crypto/x509/test/invalid_extension_root_subject_alt_name.pem new file mode 100644 index 0000000000..0604bf60ab --- /dev/null +++ b/crypto/x509/test/invalid_extension_root_subject_alt_name.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBfDCCASOgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw +MFowIjEgMB4GA1UEAxMXSW52YWxpZCBFeHRlbnNpb25zIFJvb3QwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44TqChRYI6IeV9tI +B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjolto0gwRjAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HREEB0lOVkFMSUQwCgYIKoZIzj0EAwIDRwAwRAIgZKRMQGAIoUuzwYQS8UNkuTI5 +H9kJYpOGZhZ3esyfvC4CIAsJGY8kgzzFpLwd3e9Zp6WAPK/snDzF9Tb4KL+GB85n +-----END CERTIFICATE----- diff --git a/crypto/x509/test/invalid_extension_root_subject_key_identifier.pem b/crypto/x509/test/invalid_extension_root_subject_key_identifier.pem new file mode 100644 index 0000000000..eb17a7ea4c --- /dev/null +++ b/crypto/x509/test/invalid_extension_root_subject_key_identifier.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBfjCCASOgAwIBAgIBATAKBggqhkjOPQQDAjAiMSAwHgYDVQQDExdJbnZhbGlk +IEV4dGVuc2lvbnMgUm9vdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAw +MFowIjEgMB4GA1UEAxMXSW52YWxpZCBFeHRlbnNpb25zIFJvb3QwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44TqChRYI6IeV9tI +B6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjolto0gwRjAOBgNVHQ8BAf8E +BAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ4EB0lOVkFMSUQwCgYIKoZIzj0EAwIDSQAwRgIhAJbUNO8zfK439VpI2rrG9gTl +fjunP2fKsz3EK8NUtS12AiEA1m9Uzb+sUTCGhAlGEsDkjFbp3SCbvbWn7YhzqJkR +xvQ= +-----END CERTIFICATE----- diff --git a/crypto/x509/test/make_invalid_extensions.go b/crypto/x509/test/make_invalid_extensions.go new file mode 100644 index 0000000000..3d20942bac --- /dev/null +++ b/crypto/x509/test/make_invalid_extensions.go @@ -0,0 +1,184 @@ +/* Copyright (c) 2020, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +// make_invalid_extensions.go generates a number of certificate chains with +// invalid extension encodings. +package main + +import ( + "crypto/ecdsa" + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "fmt" + "math/big" + "os" + "time" +) + +type extension struct { + // The name of the extension, in a form suitable for including in a + // filename. + name string + // The extension's OID. + oid []int +} + +var extensions = []extension{ + {name: "authority_key_identifier", oid: []int{2, 5, 29, 35}}, + {name: "basic_constraints", oid: []int{2, 5, 29, 19}}, + {name: "ext_key_usage", oid: []int{2, 5, 29, 37}}, + {name: "key_usage", oid: []int{2, 5, 29, 15}}, + {name: "name_constraints", oid: []int{2, 5, 29, 30}}, + {name: "subject_alt_name", oid: []int{2, 5, 29, 17}}, + {name: "subject_key_identifier", oid: []int{2, 5, 29, 14}}, +} + +var leafKey, intermediateKey, rootKey *ecdsa.PrivateKey + +func init() { + leafKey = ecdsaKeyFromPEMOrPanic(leafKeyPEM) + intermediateKey = ecdsaKeyFromPEMOrPanic(intermediateKeyPEM) + rootKey = ecdsaKeyFromPEMOrPanic(rootKeyPEM) +} + +type templateAndKey struct { + template x509.Certificate + key *ecdsa.PrivateKey +} + +func generateCertificateOrPanic(path string, subject, issuer *templateAndKey) { + cert, err := x509.CreateCertificate(rand.Reader, &subject.template, &issuer.template, &subject.key.PublicKey, issuer.key) + if err != nil { + panic(err) + } + file, err := os.Create(path) + if err != nil { + panic(err) + } + defer file.Close() + err = pem.Encode(file, &pem.Block{Type: "CERTIFICATE", Bytes: cert}) + if err != nil { + panic(err) + } +} + +func main() { + notBefore, err := time.Parse(time.RFC3339, "2000-01-01T00:00:00Z") + if err != nil { + panic(err) + } + notAfter, err := time.Parse(time.RFC3339, "2100-01-01T00:00:00Z") + if err != nil { + panic(err) + } + + root := templateAndKey{ + template: x509.Certificate{ + SerialNumber: new(big.Int).SetInt64(1), + Subject: pkix.Name{CommonName: "Invalid Extensions Root"}, + NotBefore: notBefore, + NotAfter: notAfter, + BasicConstraintsValid: true, + IsCA: true, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + KeyUsage: x509.KeyUsageCertSign, + SignatureAlgorithm: x509.ECDSAWithSHA256, + }, + key: rootKey, + } + intermediate := templateAndKey{ + template: x509.Certificate{ + SerialNumber: new(big.Int).SetInt64(2), + Subject: pkix.Name{CommonName: "Invalid Extensions Intermediate"}, + NotBefore: notBefore, + NotAfter: notAfter, + BasicConstraintsValid: true, + IsCA: true, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + KeyUsage: x509.KeyUsageCertSign, + SignatureAlgorithm: x509.ECDSAWithSHA256, + }, + key: intermediateKey, + } + leaf := templateAndKey{ + template: x509.Certificate{ + SerialNumber: new(big.Int).SetInt64(3), + Subject: pkix.Name{CommonName: "www.example.com"}, + NotBefore: notBefore, + NotAfter: notAfter, + BasicConstraintsValid: true, + IsCA: false, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + KeyUsage: x509.KeyUsageCertSign, + SignatureAlgorithm: x509.ECDSAWithSHA256, + DNSNames: []string{"www.example.com"}, + }, + key: leafKey, + } + + // Generate a valid certificate chain from the templates. + generateCertificateOrPanic("invalid_extension_root.pem", &root, &root) + generateCertificateOrPanic("invalid_extension_intermediate.pem", &intermediate, &root) + generateCertificateOrPanic("invalid_extension_leaf.pem", &leaf, &intermediate) + + // Make copies of each of the three certificates with invalid extensions. + // These copies may be substituted into the valid chain. + for _, ext := range extensions { + invalidExtension := []pkix.Extension{{Id: ext.oid, Value: []byte("INVALID")}} + + rootInvalid := root + rootInvalid.template.ExtraExtensions = invalidExtension + generateCertificateOrPanic(fmt.Sprintf("invalid_extension_root_%s.pem", ext.name), &rootInvalid, &rootInvalid) + + intermediateInvalid := intermediate + intermediateInvalid.template.ExtraExtensions = invalidExtension + generateCertificateOrPanic(fmt.Sprintf("invalid_extension_intermediate_%s.pem", ext.name), &intermediateInvalid, &root) + + leafInvalid := leaf + leafInvalid.template.ExtraExtensions = invalidExtension + generateCertificateOrPanic(fmt.Sprintf("invalid_extension_leaf_%s.pem", ext.name), &leafInvalid, &intermediate) + } +} + +const leafKeyPEM = `-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgoPUXNXuH9mgiS/nk +024SYxryxMa3CyGJldiHymLxSquhRANCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5 +w8u3SSwm7HZREvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5X +-----END PRIVATE KEY-----` + +const intermediateKeyPEM = `-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgWHKCKgY058ahE3t6 +vpxVQgzlycgCVMogwjK0y3XMNfWhRANCAATiOnyojN4xS5C8gJ/PHL5cOEsMbsoE +Y6KT9xRQSh8lEL4d1Vb36kqUgkpqedEImo0Og4Owk6VWVVR/m4Lk+yUw +-----END PRIVATE KEY-----` + +const rootKeyPEM = `-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBwND/eHytW0I417J +Hr+qcPlp5N1jM3ACXys57bPujg+hRANCAAQmdqXYl1GvY7y3jcTTK6MVXIQr44Tq +ChRYI6IeV9tIB6jIsOY+Qol1bk8x/7A5FGOnUWFVLEAPEPSJwPndjolt +-----END PRIVATE KEY-----` + +func ecdsaKeyFromPEMOrPanic(in string) *ecdsa.PrivateKey { + keyBlock, _ := pem.Decode([]byte(in)) + if keyBlock == nil || keyBlock.Type != "PRIVATE KEY" { + panic("could not decode private key") + } + key, err := x509.ParsePKCS8PrivateKey(keyBlock.Bytes) + if err != nil { + panic(err) + } + return key.(*ecdsa.PrivateKey) +} diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 28f2e95ed7..cd025abcaf 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -67,6 +67,7 @@ #include #include "../internal.h" +#include "../x509v3/internal.h" int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) @@ -175,12 +176,18 @@ unsigned long X509_subject_name_hash_old(X509 *x) */ int X509_cmp(const X509 *a, const X509 *b) { - int rv; - /* ensure hash is valid */ - X509_check_purpose((X509 *)a, -1, 0); - X509_check_purpose((X509 *)b, -1, 0); - - rv = OPENSSL_memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); + /* Fill in the |sha1_hash| fields. + * + * TODO(davidben): This may fail, in which case the the hash will be all + * zeros. This produces a consistent comparison (failures are sticky), but + * not a good one. OpenSSL now returns -2, but this is not a consistent + * comparison and may cause misbehaving sorts by transitivity. For now, we + * retain the old OpenSSL behavior, which was to ignore the error. See + * https://crbug.com/boringssl/355. */ + x509v3_cache_extensions((X509 *)a); + x509v3_cache_extensions((X509 *)b); + + int rv = OPENSSL_memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); if (rv) return rv; /* Check for match against stored encoding too */ diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index e0e2ec69df..957c0b8304 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -354,16 +354,16 @@ static const char kBadIssuerCRL[] = // extension. static const char kKnownCriticalCRL[] = "-----BEGIN X509 CRL-----\n" - "MIIBujCBowIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n" + "MIIBuDCBoQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n" "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n" - "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCEwHzAKBgNV\n" - "HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+3\n" - "i+5e5Ub8sccfgOBs6WVJFI9c8gvJjrJ8/dYfFIAuCyeocs7DFXn1n13CRZ+URR/Q\n" - "mVWgU28+xeusuSPYFpd9cyYTcVyNUGNTI3lwgcE/yVjPaOmzSZKdPakApRxtpKKQ\n" - "NN/56aQz3bnT/ZSHQNciRB8U6jiD9V30t0w+FDTpGaG+7bzzUH3UVF9xf9Ctp60A\n" - "3mfLe0scas7owSt4AEFuj2SPvcE7yvdOXbu+IEv21cEJUVExJAbhvIweHXh6yRW+\n" - "7VVeiNzdIjkZjyTmAzoXGha4+wbxXyBRbfH+XWcO/H+8nwyG8Gktdu2QB9S9nnIp\n" - "o/1TpfOMSGhMyMoyPrk=\n" + "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoB8wHTAKBgNV\n" + "HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAs37Jq\n" + "3Htcehm6C2PKXOHekwTqTLOPWsYHfF68kYhdzcopDZBeoKE7jLRkRRGFDaR/tfUs\n" + "kwLSDNSQ8EwPb9PT1X8kmFn9QmJgWD6f6BzaH5ZZ9iBUwOcvrydlb/jnjdIZHQxs\n" + "fKOAceW5XX3f7DANC3qwYLsQZR/APkfV8nXjPYVUz1kKj04uq/BbQviInjyUYixN\n" + "xDx+GDWVVXccehcwAu983kAqP+JDaVQPBVksLuBXz2adrEWwvbLCnZeL3zH1IY9h\n" + "6MFO6echpvGbU/H+dRX9UkhdJ7gdwKVD3RjfJl+DRVox9lz8Pbo5H699Tkv9/DQP\n" + "9dMWxqhQlv23osLp\n" "-----END X509 CRL-----\n"; // kUnknownCriticalCRL is kBasicCRL but with an unknown critical extension. @@ -385,16 +385,32 @@ static const char kUnknownCriticalCRL[] = // point extension followed by an unknown critical extension static const char kUnknownCriticalCRL2[] = "-----BEGIN X509 CRL-----\n" - "MIIBzzCBuAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n" + "MIIBzTCBtgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n" + "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n" + "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoDQwMjAKBgNV\n" + "HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MBMGDCqGSIb3EgQBhLcJAAEB/wQAMA0G\n" + "CSqGSIb3DQEBCwUAA4IBAQBgSogsC5kf2wzr+0hmZtmLXYd0itAiYO0Gh9AyaEOO\n" + "myJFuqICHBSLXXUgwNkTUa2x2I/ivyReVFV756VOlWoaV2wJUs0zeCeVBgC9ZFsq\n" + "5a+8OGgXwgoYESFV5Y3QRF2a1Ytzfbw/o6xLXzTngvMsLOs12D4B5SkopyEZibF4\n" + "tXlRZyvEudTg3CCrjNP+p/GV07nZ3wcMmKJwQeilgzFUV7NaVCCo9jvPBGp0RxAN\n" + "KNif7jmjK4hD5mswo/Eq5kxQIc+mTfuUFdgHuAu1hfLYe0YK+Hr4RFf6Qy4hl7Ne\n" + "YjqkkSVIcr87u+8AznwdstnQzsyD27Jt7SjVORkYRywi\n" + "-----END X509 CRL-----\n"; + +// kBadExtensionCRL is kBasicCRL but with an incorrectly-encoded issuing +// distribution point extension. +static const char kBadExtensionCRL[] = + "-----BEGIN X509 CRL-----\n" + "MIIBujCBowIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n" "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n" - "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoDYwNDAKBgNV\n" - "HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wEwYMKoZIhvcSBAGEtwkAAQH/BAAw\n" - "DQYJKoZIhvcNAQELBQADggEBACTcpQC8jXL12JN5YzOcQ64ubQIe0XxRAd30p7qB\n" - "BTXGpgqBjrjxRfLms7EBYodEXB2oXMsDq3km0vT1MfYdsDD05S+SQ9CDsq/pUfaC\n" - "E2WNI5p8WircRnroYvbN2vkjlRbMd1+yNITohXYXCJwjEOAWOx3XIM10bwPYBv4R\n" - "rDobuLHoMgL3yHgMHmAkP7YpkBucNqeBV8cCdeAZLuhXFWi6yfr3r/X18yWbC/r2\n" - "2xXdkrSqXLFo7ToyP8YKTgiXpya4x6m53biEYwa2ULlas0igL6DK7wjYZX95Uy7H\n" - "GKljn9weIYiMPV/BzGymwfv2EW0preLwtyJNJPaxbdin6Jc=\n" + "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCEwHzAKBgNV\n" + "HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+3\n" + "i+5e5Ub8sccfgOBs6WVJFI9c8gvJjrJ8/dYfFIAuCyeocs7DFXn1n13CRZ+URR/Q\n" + "mVWgU28+xeusuSPYFpd9cyYTcVyNUGNTI3lwgcE/yVjPaOmzSZKdPakApRxtpKKQ\n" + "NN/56aQz3bnT/ZSHQNciRB8U6jiD9V30t0w+FDTpGaG+7bzzUH3UVF9xf9Ctp60A\n" + "3mfLe0scas7owSt4AEFuj2SPvcE7yvdOXbu+IEv21cEJUVExJAbhvIweHXh6yRW+\n" + "7VVeiNzdIjkZjyTmAzoXGha4+wbxXyBRbfH+XWcO/H+8nwyG8Gktdu2QB9S9nnIp\n" + "o/1TpfOMSGhMyMoyPrk=\n" "-----END X509 CRL-----\n"; // kEd25519Cert is a self-signed Ed25519 certificate. @@ -1314,6 +1330,9 @@ TEST(X509Test, TestCRL) { ASSERT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION, Verify(leaf.get(), {root.get()}, {root.get()}, {unknown_critical_crl2.get()}, X509_V_FLAG_CRL_CHECK)); + + // Parsing kBadExtensionCRL should fail. + EXPECT_FALSE(CRLFromPEM(kBadExtensionCRL)); } TEST(X509Test, ManyNamesAndConstraints) { @@ -2226,3 +2245,70 @@ TEST(X509Test, ServerGatedCryptoEKUs) { EXPECT_EQ(X509_V_OK, verify_cert(leaf)); } } + +// Test that invalid extensions are rejected by, if not the parser, at least the +// verifier. +TEST(X509Test, InvalidExtensions) { + bssl::UniquePtr root = CertFromPEM( + GetTestData("crypto/x509/test/invalid_extension_root.pem").c_str()); + ASSERT_TRUE(root); + bssl::UniquePtr intermediate = CertFromPEM( + GetTestData("crypto/x509/test/invalid_extension_intermediate.pem") + .c_str()); + ASSERT_TRUE(intermediate); + bssl::UniquePtr leaf = CertFromPEM( + GetTestData("crypto/x509/test/invalid_extension_leaf.pem").c_str()); + ASSERT_TRUE(leaf); + + // Sanity-check that the baseline chain is accepted. + EXPECT_EQ(X509_V_OK, + Verify(leaf.get(), {root.get()}, {intermediate.get()}, {})); + + static const char *kExtensions[] = { + "authority_key_identifier", + "basic_constraints", + "ext_key_usage", + "key_usage", + "name_constraints", + "subject_alt_name", + "subject_key_identifier", + }; + for (const char *ext : kExtensions) { + SCOPED_TRACE(ext); + bssl::UniquePtr invalid_root = CertFromPEM( + GetTestData((std::string("crypto/x509/test/invalid_extension_root_") + + ext + ".pem") + .c_str()) + .c_str()); + ASSERT_TRUE(invalid_root); + + bssl::UniquePtr invalid_intermediate = CertFromPEM( + GetTestData( + (std::string("crypto/x509/test/invalid_extension_intermediate_") + + ext + ".pem") + .c_str()) + .c_str()); + ASSERT_TRUE(invalid_intermediate); + + bssl::UniquePtr invalid_leaf = CertFromPEM( + GetTestData((std::string("crypto/x509/test/invalid_extension_leaf_") + + ext + ".pem") + .c_str()) + .c_str()); + ASSERT_TRUE(invalid_leaf); + + EXPECT_EQ( + X509_V_ERR_INVALID_EXTENSION, + Verify(invalid_leaf.get(), {root.get()}, {intermediate.get()}, {})); + + // If the invalid extension is on an intermediate or root, + // |X509_verify_cert| notices by way of being unable to build a path to + // a valid issuer. + EXPECT_EQ( + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, + Verify(leaf.get(), {root.get()}, {invalid_intermediate.get()}, {})); + EXPECT_EQ( + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, + Verify(leaf.get(), {invalid_root.get()}, {intermediate.get()}, {})); + } +} diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 18ac8839e0..019301ab8e 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -59,6 +59,8 @@ #include #include +#include "../x509v3/internal.h" + static int tr_cmp(const X509_TRUST **a, const X509_TRUST **b); static void trtable_free(X509_TRUST *p); @@ -293,7 +295,8 @@ static int trust_1oid(X509_TRUST *trust, X509 *x, int flags) static int trust_compat(X509_TRUST *trust, X509 *x, int flags) { - X509_check_purpose(x, -1, 0); + if (!x509v3_cache_extensions(x)) + return X509_TRUST_UNTRUSTED; if (x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED; else diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 87dcb47788..308ebbc3ae 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -146,14 +146,16 @@ static int null_callback(int ok, X509_STORE_CTX *e) return ok; } -/* Return 1 is a certificate is self signed */ -static int cert_self_signed(X509 *x) +/* cert_self_signed checks if |x| is self-signed. If |x| is valid, it returns + * one and sets |*out_is_self_signed| to the result. If |x| is invalid, it + * returns zero. */ +static int cert_self_signed(X509 *x, int *out_is_self_signed) { - X509_check_purpose(x, -1, 0); - if (x->ex_flags & EXFLAG_SS) - return 1; - else + if (!x509v3_cache_extensions(x)) { return 0; + } + *out_is_self_signed = (x->ex_flags & EXFLAG_SS) != 0; + return 1; } /* Given a certificate try and find an exact match in the store */ @@ -263,8 +265,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx) * X509_V_ERR_CERT_CHAIN_TOO_LONG error code * later. */ + int is_self_signed; + if (!cert_self_signed(x, &is_self_signed)) { + ctx->error = X509_V_ERR_INVALID_EXTENSION; + goto end; + } + /* If we are self signed, we break */ - if (cert_self_signed(x)) + if (is_self_signed) break; /* * If asked see if we can find issuer in trusted store first @@ -323,7 +331,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx) */ i = sk_X509_num(ctx->chain); x = sk_X509_value(ctx->chain, i - 1); - if (cert_self_signed(x)) { + + int is_self_signed; + if (!cert_self_signed(x, &is_self_signed)) { + ctx->error = X509_V_ERR_INVALID_EXTENSION; + goto end; + } + + if (is_self_signed) { /* we have a self signed certificate */ if (sk_X509_num(ctx->chain) == 1) { /* @@ -368,8 +383,12 @@ int X509_verify_cert(X509_STORE_CTX *ctx) /* If we have enough, we break */ if (depth < num) break; + if (!cert_self_signed(x, &is_self_signed)) { + ctx->error = X509_V_ERR_INVALID_EXTENSION; + goto end; + } /* If we are self signed, we break */ - if (cert_self_signed(x)) + if (is_self_signed) break; ok = ctx->get_issuer(&xtmp, ctx, x); diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c index 6450e84702..47e0ba5a94 100644 --- a/crypto/x509/x_crl.c +++ b/crypto/x509/x_crl.c @@ -86,7 +86,7 @@ struct x509_crl_method_st { }; static int X509_REVOKED_cmp(const X509_REVOKED **a, const X509_REVOKED **b); -static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp); +static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp); ASN1_SEQUENCE(X509_REVOKED) = { ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), @@ -226,6 +226,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, STACK_OF(X509_EXTENSION) *exts; X509_EXTENSION *ext; size_t idx; + int i; switch (operation) { case ASN1_OP_NEW_POST: @@ -242,26 +243,44 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, break; case ASN1_OP_D2I_POST: - X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); + if (!X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL)) { + return 0; + } + crl->idp = X509_CRL_get_ext_d2i(crl, - NID_issuing_distribution_point, NULL, + NID_issuing_distribution_point, &i, NULL); - if (crl->idp) - setup_idp(crl, crl->idp); + if (crl->idp != NULL) { + if (!setup_idp(crl, crl->idp)) { + return 0; + } + } else if (i != -1) { + return 0; + } crl->akid = X509_CRL_get_ext_d2i(crl, - NID_authority_key_identifier, NULL, + NID_authority_key_identifier, &i, NULL); + if (crl->akid == NULL && i != -1) { + return 0; + } crl->crl_number = X509_CRL_get_ext_d2i(crl, - NID_crl_number, NULL, NULL); + NID_crl_number, &i, NULL); + if (crl->crl_number == NULL && i != -1) { + return 0; + } - crl->base_crl_number = X509_CRL_get_ext_d2i(crl, - NID_delta_crl, NULL, + crl->base_crl_number = X509_CRL_get_ext_d2i(crl, NID_delta_crl, &i, NULL); + if (crl->base_crl_number == NULL && i != -1) { + return 0; + } /* Delta CRLs must have CRL number */ - if (crl->base_crl_number && !crl->crl_number) - crl->flags |= EXFLAG_INVALID; + if (crl->base_crl_number && !crl->crl_number) { + OPENSSL_PUT_ERROR(X509, X509_R_DELTA_CRL_WITHOUT_CRL_NUMBER); + return 0; + } /* * See if we have any unhandled critical CRL extensions and indicate @@ -319,7 +338,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, /* Convert IDP into a more convenient form */ -static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) +static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) { int idp_only = 0; /* Set various flags according to IDP */ @@ -352,7 +371,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) crl->idp_reasons &= CRLDP_ALL_REASONS; } - DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); + return DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); } ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = { diff --git a/crypto/x509v3/internal.h b/crypto/x509v3/internal.h index c143d735d7..245a5d1f6e 100644 --- a/crypto/x509v3/internal.h +++ b/crypto/x509v3/internal.h @@ -48,6 +48,11 @@ int x509v3_name_cmp(const char *name, const char *cmp); OPENSSL_EXPORT int x509v3_looks_like_dns_name(const unsigned char *in, size_t len); +// x509v3_cache_extensions fills in a number of fields relating to X.509 +// extensions in |x|. It returns one on success and zero if some extensions were +// invalid. +int x509v3_cache_extensions(X509 *x); + #if defined(__cplusplus) } /* extern C */ diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index d9d105e808..e41b657feb 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -68,6 +68,7 @@ #include #include "../internal.h" +#include "internal.h" #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) #define ku_reject(x, usage) \ @@ -77,8 +78,6 @@ #define ns_reject(x, usage) \ (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) -static void x509v3_cache_extensions(X509 *x); - static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca); static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, @@ -144,7 +143,10 @@ int X509_check_purpose(X509 *x, int id, int ca) { int idx; const X509_PURPOSE *pt; - x509v3_cache_extensions(x); + if (!x509v3_cache_extensions(x)) { + return -1; + } + if (id == -1) return 1; idx = X509_PURPOSE_get_by_id(id); @@ -368,7 +370,7 @@ int X509_supported_extension(X509_EXTENSION *ex) return 0; } -static void setup_dp(X509 *x, DIST_POINT *dp) +static int setup_dp(X509 *x, DIST_POINT *dp) { X509_NAME *iname = NULL; size_t i; @@ -381,7 +383,7 @@ static void setup_dp(X509 *x, DIST_POINT *dp) } else dp->dp_reasons = CRLDP_ALL_REASONS; if (!dp->distpoint || (dp->distpoint->type != 1)) - return; + return 1; for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); if (gen->type == GEN_DIRNAME) { @@ -392,19 +394,25 @@ static void setup_dp(X509 *x, DIST_POINT *dp) if (!iname) iname = X509_get_issuer_name(x); - DIST_POINT_set_dpname(dp->distpoint, iname); - + return DIST_POINT_set_dpname(dp->distpoint, iname); } -static void setup_crldp(X509 *x) +static int setup_crldp(X509 *x) { - size_t i; - x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL); - for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) - setup_dp(x, sk_DIST_POINT_value(x->crldp, i)); + int j; + x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, &j, NULL); + if (x->crldp == NULL && j != -1) { + return 0; + } + for (size_t i = 0; i < sk_DIST_POINT_num(x->crldp); i++) { + if (!setup_dp(x, sk_DIST_POINT_value(x->crldp, i))) { + return 0; + } + } + return 1; } -static void x509v3_cache_extensions(X509 *x) +int x509v3_cache_extensions(X509 *x) { BASIC_CONSTRAINTS *bs; PROXY_CERT_INFO_EXTENSION *pci; @@ -420,21 +428,22 @@ static void x509v3_cache_extensions(X509 *x) CRYPTO_MUTEX_unlock_read(&x->lock); if (is_set) { - return; + return (x->ex_flags & EXFLAG_INVALID) == 0; } CRYPTO_MUTEX_lock_write(&x->lock); if (x->ex_flags & EXFLAG_SET) { CRYPTO_MUTEX_unlock_write(&x->lock); - return; + return (x->ex_flags & EXFLAG_INVALID) == 0; } - X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); + if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL)) + x->ex_flags |= EXFLAG_INVALID; /* V1 should mean no extensions ... */ if (!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; /* Handle basic constraints */ - if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) { + if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &j, NULL))) { if (bs->ca) x->ex_flags |= EXFLAG_CA; if (bs->pathlen) { @@ -448,9 +457,11 @@ static void x509v3_cache_extensions(X509 *x) x->ex_pathlen = -1; BASIC_CONSTRAINTS_free(bs); x->ex_flags |= EXFLAG_BCONS; + } else if (j != -1) { + x->ex_flags |= EXFLAG_INVALID; } /* Handle proxy certificates */ - if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { + if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, &j, NULL))) { if (x->ex_flags & EXFLAG_CA || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0 || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) { @@ -462,9 +473,11 @@ static void x509v3_cache_extensions(X509 *x) x->ex_pcpathlen = -1; PROXY_CERT_INFO_EXTENSION_free(pci); x->ex_flags |= EXFLAG_PROXY; + } else if (j != -1) { + x->ex_flags |= EXFLAG_INVALID; } /* Handle key usage */ - if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { + if ((usage = X509_get_ext_d2i(x, NID_key_usage, &j, NULL))) { if (usage->length > 0) { x->ex_kusage = usage->data[0]; if (usage->length > 1) @@ -473,9 +486,11 @@ static void x509v3_cache_extensions(X509 *x) x->ex_kusage = 0; x->ex_flags |= EXFLAG_KUSAGE; ASN1_BIT_STRING_free(usage); + } else if (j != -1) { + x->ex_flags |= EXFLAG_INVALID; } x->ex_xkusage = 0; - if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) { + if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, &j, NULL))) { x->ex_flags |= EXFLAG_XKUSAGE; for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) { @@ -518,18 +533,28 @@ static void x509v3_cache_extensions(X509 *x) } } sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); + } else if (j != -1) { + x->ex_flags |= EXFLAG_INVALID; } - if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) { + if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, &j, NULL))) { if (ns->length > 0) x->ex_nscert = ns->data[0]; else x->ex_nscert = 0; x->ex_flags |= EXFLAG_NSCERT; ASN1_BIT_STRING_free(ns); + } else if (j != -1) { + x->ex_flags |= EXFLAG_INVALID; + } + x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &j, NULL); + if (x->skid == NULL && j != -1) { + x->ex_flags |= EXFLAG_INVALID; + } + x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, &j, NULL); + if (x->akid == NULL && j != -1) { + x->ex_flags |= EXFLAG_INVALID; } - x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL); - x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL); /* Does subject name match issuer ? */ if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) { x->ex_flags |= EXFLAG_SI; @@ -538,11 +563,17 @@ static void x509v3_cache_extensions(X509 *x) !ku_reject(x, KU_KEY_CERT_SIGN)) x->ex_flags |= EXFLAG_SS; } - x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); + x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &j, NULL); + if (x->altname == NULL && j != -1) { + x->ex_flags |= EXFLAG_INVALID; + } x->nc = X509_get_ext_d2i(x, NID_name_constraints, &j, NULL); - if (!x->nc && (j != -1)) + if (x->nc == NULL && j != -1) { + x->ex_flags |= EXFLAG_INVALID; + } + if (!setup_crldp(x)) { x->ex_flags |= EXFLAG_INVALID; - setup_crldp(x); + } for (j = 0; j < X509_get_ext_count(x); j++) { ex = X509_get_ext(x, j); @@ -559,6 +590,7 @@ static void x509v3_cache_extensions(X509 *x) x->ex_flags |= EXFLAG_SET; CRYPTO_MUTEX_unlock_write(&x->lock); + return (x->ex_flags & EXFLAG_INVALID) == 0; } /* check_ca returns one if |x| should be considered a CA certificate and zero @@ -579,7 +611,9 @@ static int check_ca(const X509 *x) int X509_check_ca(X509 *x) { - x509v3_cache_extensions(x); + if (!x509v3_cache_extensions(x)) { + return 0; + } return check_ca(x); } @@ -761,8 +795,10 @@ int X509_check_issued(X509 *issuer, X509 *subject) if (X509_NAME_cmp(X509_get_subject_name(issuer), X509_get_issuer_name(subject))) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; - x509v3_cache_extensions(issuer); - x509v3_cache_extensions(subject); + if (!x509v3_cache_extensions(issuer) || + !x509v3_cache_extensions(subject)) { + return X509_V_ERR_UNSPECIFIED; + } if (subject->akid) { int ret = X509_check_akid(issuer, subject->akid); @@ -819,15 +855,17 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) uint32_t X509_get_extension_flags(X509 *x) { - /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, -1); + if (!x509v3_cache_extensions(x)) { + return 0; + } return x->ex_flags; } uint32_t X509_get_key_usage(X509 *x) { - /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, -1); + if (!x509v3_cache_extensions(x)) { + return 0; + } if (x->ex_flags & EXFLAG_KUSAGE) return x->ex_kusage; return UINT32_MAX; @@ -835,8 +873,9 @@ uint32_t X509_get_key_usage(X509 *x) uint32_t X509_get_extended_key_usage(X509 *x) { - /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, -1); + if (!x509v3_cache_extensions(x)) { + return 0; + } if (x->ex_flags & EXFLAG_XKUSAGE) return x->ex_xkusage; return UINT32_MAX; diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 7bf4923628..252946fbcb 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1203,5 +1203,6 @@ BSSL_NAMESPACE_END #define X509_R_NAME_TOO_LONG 135 #define X509_R_INVALID_PARAMETER 136 #define X509_R_SIGNATURE_ALGORITHM_MISMATCH 137 +#define X509_R_DELTA_CRL_WITHOUT_CRL_NUMBER 138 #endif diff --git a/sources.cmake b/sources.cmake index 5454dde9bf..a5f2d2105f 100644 --- a/sources.cmake +++ b/sources.cmake @@ -57,6 +57,30 @@ set( crypto/hmac_extra/hmac_tests.txt crypto/poly1305/poly1305_tests.txt crypto/siphash/siphash_tests.txt + crypto/x509/test/invalid_extension_intermediate.pem + crypto/x509/test/invalid_extension_intermediate_authority_key_identifier.pem + crypto/x509/test/invalid_extension_intermediate_basic_constraints.pem + crypto/x509/test/invalid_extension_intermediate_ext_key_usage.pem + crypto/x509/test/invalid_extension_intermediate_key_usage.pem + crypto/x509/test/invalid_extension_intermediate_name_constraints.pem + crypto/x509/test/invalid_extension_intermediate_subject_alt_name.pem + crypto/x509/test/invalid_extension_intermediate_subject_key_identifier.pem + crypto/x509/test/invalid_extension_leaf.pem + crypto/x509/test/invalid_extension_leaf_authority_key_identifier.pem + crypto/x509/test/invalid_extension_leaf_basic_constraints.pem + crypto/x509/test/invalid_extension_leaf_ext_key_usage.pem + crypto/x509/test/invalid_extension_leaf_key_usage.pem + crypto/x509/test/invalid_extension_leaf_name_constraints.pem + crypto/x509/test/invalid_extension_leaf_subject_alt_name.pem + crypto/x509/test/invalid_extension_leaf_subject_key_identifier.pem + crypto/x509/test/invalid_extension_root.pem + crypto/x509/test/invalid_extension_root_authority_key_identifier.pem + crypto/x509/test/invalid_extension_root_basic_constraints.pem + crypto/x509/test/invalid_extension_root_ext_key_usage.pem + crypto/x509/test/invalid_extension_root_key_usage.pem + crypto/x509/test/invalid_extension_root_name_constraints.pem + crypto/x509/test/invalid_extension_root_subject_alt_name.pem + crypto/x509/test/invalid_extension_root_subject_key_identifier.pem crypto/x509/test/many_constraints.pem crypto/x509/test/many_names1.pem crypto/x509/test/many_names2.pem From dd86e75b24dcfd47d4ee6b3e4cdce907389335b2 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 17 Jun 2020 21:17:42 -0400 Subject: [PATCH 029/399] Check the X.509 version when parsing. This checks the X.509 version is valid and consistent with fields new to those versions. These checks are also implemented by Chromium's certificate verifier and should be compatible. Update-Note: The X.509 parser is now a bit stricter. This may break some malformed certificates which were previously incorrectly accepted. Bug: 348, 351 Change-Id: I56f35d768d5e72948d22a9546fba3d257a75f409 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41746 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/err/x509.errordata | 2 + crypto/x509/x509_test.cc | 130 ++++++++++++++++++++++++++++++++++++++ crypto/x509/x_x509.c | 32 +++++++++- include/openssl/x509.h | 2 + 4 files changed, 163 insertions(+), 3 deletions(-) diff --git a/crypto/err/x509.errordata b/crypto/err/x509.errordata index 1426fbf8e5..ffa42676be 100644 --- a/crypto/err/x509.errordata +++ b/crypto/err/x509.errordata @@ -10,10 +10,12 @@ X509,138,DELTA_CRL_WITHOUT_CRL_NUMBER X509,108,IDP_MISMATCH X509,109,INVALID_BIT_STRING_BITS_LEFT X509,110,INVALID_DIRECTORY +X509,139,INVALID_FIELD_FOR_VERSION X509,111,INVALID_FIELD_NAME X509,136,INVALID_PARAMETER X509,112,INVALID_PSS_PARAMETERS X509,113,INVALID_TRUST +X509,140,INVALID_VERSION X509,114,ISSUER_MISMATCH X509,115,KEY_TYPE_MISMATCH X509,116,KEY_VALUES_MISMATCH diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index 957c0b8304..fa703dd46b 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -2312,3 +2312,133 @@ TEST(X509Test, InvalidExtensions) { Verify(leaf.get(), {invalid_root.get()}, {intermediate.get()}, {})); } } + +// kExplicitDefaultVersionPEM is an X.509v1 certificate with the version number +// encoded explicitly, rather than omitted as required by DER. +static const char kExplicitDefaultVersionPEM[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIBfTCCASSgAwIBAAIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n" + "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n" + "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n" + "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n" + "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n" + "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n" + "HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w\n" + "BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ\n" + "FA==\n" + "-----END CERTIFICATE-----\n"; + +// kNegativeVersionPEM is an X.509 certificate with a negative version number. +static const char kNegativeVersionPEM[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIBfTCCASSgAwIB/wIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n" + "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n" + "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n" + "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n" + "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n" + "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n" + "HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w\n" + "BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ\n" + "FA==\n" + "-----END CERTIFICATE-----\n"; + +// kFutureVersionPEM is an X.509 certificate with a version number value of +// three, which is not defined. (v3 has value two). +static const char kFutureVersionPEM[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIBfTCCASSgAwIBAwIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n" + "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n" + "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n" + "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n" + "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n" + "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n" + "HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w\n" + "BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ\n" + "FA==\n" + "-----END CERTIFICATE-----\n"; + +// kOverflowVersionPEM is an X.509 certificate with a version field which +// overflows |uint64_t|. +static const char kOverflowVersionPEM[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIBoDCCAUegJgIkAP//////////////////////////////////////////////\n" + "AgkA2UwE2kl9v+swCQYHKoZIzj0EATBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwK\n" + "U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4X\n" + "DTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UEBhMCQVUxEzAR\n" + "BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5\n" + "IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWX\n" + "a7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsEw\n" + "CQYHKoZIzj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYdd\n" + "xAcCIHweeRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU\n" + "-----END CERTIFICATE-----\n"; + +// kV1WithExtensionsPEM is an X.509v1 certificate with extensions. +static const char kV1WithExtensionsPEM[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIByjCCAXECCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw\n" + "EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0\n" + "eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG\n" + "EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk\n" + "Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+\n" + "Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x\n" + "lC1Lz3IiwaNQME4wHQYDVR0OBBYEFKuE0qyrlfCCThZ4B1VXX+QmjYLRMB8GA1Ud\n" + "IwQYMBaAFKuE0qyrlfCCThZ4B1VXX+QmjYLRMAwGA1UdEwQFMAMBAf8wCQYHKoZI\n" + "zj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYddxAcCIHwe\n" + "eRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU\n" + "-----END CERTIFICATE-----\n"; + +// kV2WithExtensionsPEM is an X.509v2 certificate with extensions. +static const char kV2WithExtensionsPEM[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIBzzCCAXagAwIBAQIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n" + "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n" + "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n" + "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n" + "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n" + "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n" + "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n" + "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n" + "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n" + "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n" + "-----END CERTIFICATE-----\n"; + +// kV1WithIssuerUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID. +static const char kV1WithIssuerUniqueIDPEM[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw\n" + "EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0\n" + "eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG\n" + "EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk\n" + "Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+\n" + "Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x\n" + "lC1Lz3IiwYEJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb\n" + "7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf\n" + "MlJhXnXJFA==\n" + "-----END CERTIFICATE-----\n"; + +// kV1WithSubjectUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID. +static const char kV1WithSubjectUniqueIDPEM[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw\n" + "EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0\n" + "eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG\n" + "EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk\n" + "Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+\n" + "Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x\n" + "lC1Lz3IiwYIJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb\n" + "7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf\n" + "MlJhXnXJFA==\n" + "-----END CERTIFICATE-----\n"; + +// Test that the X.509 parser enforces versions are valid and match the fields +// present. +TEST(X509Test, InvalidVersion) { + EXPECT_FALSE(CertFromPEM(kExplicitDefaultVersionPEM)); + EXPECT_FALSE(CertFromPEM(kNegativeVersionPEM)); + EXPECT_FALSE(CertFromPEM(kFutureVersionPEM)); + EXPECT_FALSE(CertFromPEM(kOverflowVersionPEM)); + EXPECT_FALSE(CertFromPEM(kV1WithExtensionsPEM)); + EXPECT_FALSE(CertFromPEM(kV2WithExtensionsPEM)); + EXPECT_FALSE(CertFromPEM(kV1WithIssuerUniqueIDPEM)); + EXPECT_FALSE(CertFromPEM(kV1WithSubjectUniqueIDPEM)); +} diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index 9ece062d22..010b6254c5 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -115,11 +115,37 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ret->buf = NULL; break; - case ASN1_OP_D2I_POST: - if (ret->name != NULL) - OPENSSL_free(ret->name); + case ASN1_OP_D2I_POST: { + /* The version must be one of v1(0), v2(1), or v3(2). If the version is + * v1(0), it must be omitted because it is DEFAULT. */ + long version = 0; + if (ret->cert_info->version != NULL) { + version = ASN1_INTEGER_get(ret->cert_info->version); + if (version <= 0 || version > 2) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_VERSION); + return 0; + } + } + + /* Per RFC5280, section 4.1.2.8, these fields require v2 or v3. */ + if (version == 0 && (ret->cert_info->issuerUID != NULL || + ret->cert_info->subjectUID != NULL)) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION); + return 0; + } + + /* Per RFC5280, section 4.1.2.9, extensions require v3. */ + if (version != 2 && ret->cert_info->extensions != NULL) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION); + return 0; + } + + /* TODO(davidben): Remove this field once the few external accesses are + * removed. */ + OPENSSL_free(ret->name); ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0); break; + } case ASN1_OP_FREE_POST: CRYPTO_MUTEX_cleanup(&ret->lock); diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 252946fbcb..3a0391a970 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1204,5 +1204,7 @@ BSSL_NAMESPACE_END #define X509_R_INVALID_PARAMETER 136 #define X509_R_SIGNATURE_ALGORITHM_MISMATCH 137 #define X509_R_DELTA_CRL_WITHOUT_CRL_NUMBER 138 +#define X509_R_INVALID_FIELD_FOR_VERSION 139 +#define X509_R_INVALID_VERSION 140 #endif From a3cc7780e70d3065c87d35b44ee0fde647196059 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 18 Jun 2020 23:59:58 -0400 Subject: [PATCH 030/399] Remove some unimplemented prototypes. We don't have the corresponding functions anyway. Change-Id: I9771771f011da295db708ed8bc635b4748d0101b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41784 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- include/openssl/x509.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 3a0391a970..2a0e233b7a 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1082,8 +1082,6 @@ DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) OPENSSL_EXPORT EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); -OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken); -OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); OPENSSL_EXPORT int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version, int ptype, void *pval, From 9dd9d4fc242f31584f5a42e41e63d132c790421f Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 19 Jun 2020 10:16:22 -0400 Subject: [PATCH 031/399] Check AlgorithmIdentifier parameters for RSA and ECDSA signatures. This aligns with the Chromium certificate verifier, which allows NULL or empty for RSA and requires empty for ECDSA. Bug: 342 Change-Id: I34acf68f63b4d133dd47b73144b2f27224c499ee Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41804 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/x509/algorithm.c | 8 +++ crypto/x509/x509_test.cc | 116 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+) diff --git a/crypto/x509/algorithm.c b/crypto/x509/algorithm.c index 8f53fff6db..b9f3314c9b 100644 --- a/crypto/x509/algorithm.c +++ b/crypto/x509/algorithm.c @@ -142,6 +142,14 @@ int x509_digest_verify_init(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, return 0; } + /* RSA signature algorithms include an explicit NULL parameter but we also + * accept omitted values for compatibility. Other algorithms must omit it. */ + if (sigalg->parameter != NULL && (pkey_nid != EVP_PKEY_RSA || + sigalg->parameter->type != V_ASN1_NULL)) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PARAMETER); + return 0; + } + /* Otherwise, initialize with the digest from the OID. */ const EVP_MD *digest = EVP_get_digestbynid(digest_nid); if (digest == NULL) { diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index fa703dd46b..366e66e5e0 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -233,6 +233,13 @@ static const char kRSAKey[] = "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n" "-----END RSA PRIVATE KEY-----\n"; +static const char kP256Key[] = + "-----BEGIN PRIVATE KEY-----\n" + "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n" + "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n" + "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n" + "-----END PRIVATE KEY-----\n"; + // kCRLTestRoot is a test root certificate. It has private key: // // -----BEGIN RSA PRIVATE KEY----- @@ -2442,3 +2449,112 @@ TEST(X509Test, InvalidVersion) { EXPECT_FALSE(CertFromPEM(kV1WithIssuerUniqueIDPEM)); EXPECT_FALSE(CertFromPEM(kV1WithSubjectUniqueIDPEM)); } + +// The following strings are test certificates signed by kP256Key and kRSAKey, +// with missing, NULL, or invalid algorithm parameters. +static const char kP256NoParam[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIBIDCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX\n" + "DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0\n" + "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke\n" + "DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w\n" + "DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAqdIiF+bN9Cl44oUeICpy\n" + "aXd7HqhpVUaglYKw9ChmNUACIQCpMdL0fNkFNDbRww9dSl/y7kBdk/tp16HiqeSy\n" + "gGzFYg==\n" + "-----END CERTIFICATE-----\n"; +static const char kP256NullParam[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIBJDCByKADAgECAgIE0jAMBggqhkjOPQQDAgUAMA8xDTALBgNVBAMTBFRlc3Qw\n" + "IBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMA8xDTALBgNVBAMTBFRl\n" + "c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2niv2Wfl74vHg2UikzVl2u3\n" + "qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLBoxAw\n" + "DjAMBgNVHRMEBTADAQH/MAwGCCqGSM49BAMCBQADSQAwRgIhAKILHmyo+F3Cn/VX\n" + "UUeSXOQQKX5aLzsQitwwmNF3ZgH3AiEAsYHcrVj/ftmoQIORARkQ/+PrqntXev8r\n" + "t6uPxHrmpUY=\n" + "-----END CERTIFICATE-----\n"; +static const char kP256InvalidParam[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIBMTCBz6ADAgECAgIE0jATBggqhkjOPQQDAgQHZ2FyYmFnZTAPMQ0wCwYDVQQD\n" + "EwRUZXN0MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYD\n" + "VQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4N\n" + "lIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1L\n" + "z3IiwaMQMA4wDAYDVR0TBAUwAwEB/zATBggqhkjOPQQDAgQHZ2FyYmFnZQNIADBF\n" + "AiAglpDf/YhN89LeJ2WAs/F0SJIrsuhS4uoInIz6WXUiuQIhAIu5Pwhp5E3Pbo8y\n" + "fLULTZnynuQUULQkRcF7S7T2WpIL\n" + "-----END CERTIFICATE-----\n"; +static const char kRSANoParam[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIBWzCBx6ADAgECAgIE0jALBgkqhkiG9w0BAQswDzENMAsGA1UEAxMEVGVzdDAg\n" + "Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz\n" + "dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep\n" + "Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO\n" + "MAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4GBAC1f8W3W0Ao7CPfIBQYDSbPh\n" + "brZpbxdBU5x27JOS7iSa+Lc9pEH5VCX9vIypHVHXLPEfZ38yIt11eiyrmZB6w62N\n" + "l9kIeZ6FVPmC30d3sXx70Jjs+ZX9yt7kD1gLyNAQQfeYfa4rORAZT1n2YitD74NY\n" + "TWUH2ieFP3l+ecj1SeQR\n" + "-----END CERTIFICATE-----\n"; +static const char kRSANullParam[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIBXzCByaADAgECAgIE0jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRUZXN0\n" + "MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRU\n" + "ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdr\n" + "t6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQ\n" + "MA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAzVcfIv+Rq1KrMXqIL\n" + "fPq/cWZjgqFZA1RGaGElNaqp+rkJfamq5tDGzckWpebrK+jjRN7yIlcWDtPpy3Gy\n" + "seZfvtBDR0TwJm0S/pQl8prKB4wgALcwe3bmi56Rq85nzY5ZLNcP16LQxL+jAAua\n" + "SwmQUz4bRpckRBj+sIyp1We+pg==\n" + "-----END CERTIFICATE-----\n"; +static const char kRSAInvalidParam[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIBbTCB0KADAgECAgIE0jAUBgkqhkiG9w0BAQsEB2dhcmJhZ2UwDzENMAsGA1UE\n" + "AxMEVGVzdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsG\n" + "A1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8e\n" + "DZSKTNWXa7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQt\n" + "S89yIsGjEDAOMAwGA1UdEwQFMAMBAf8wFAYJKoZIhvcNAQELBAdnYXJiYWdlA4GB\n" + "AHTJ6cWWjCNrZhqiWWVI3jdK+h5xpRG8jGMXxR4JnjtoYRRusJLOXhmapwCB6fA0\n" + "4vc+66O27v36yDmQX+tIc/hDrTpKNJptU8q3n2VagREvoHhkOTYkcCeS8vmnMtn8\n" + "5OMNZ/ajVwOssw61GcAlScRqEHkZFBoGp7e+QpgB2tf9\n" + "-----END CERTIFICATE-----\n"; + +TEST(X509Test, AlgorithmParameters) { + // P-256 requires the parameter be omitted. + bssl::UniquePtr key = PrivateKeyFromPEM(kP256Key); + ASSERT_TRUE(key); + + bssl::UniquePtr cert = CertFromPEM(kP256NoParam); + ASSERT_TRUE(cert); + EXPECT_TRUE(X509_verify(cert.get(), key.get())); + + cert = CertFromPEM(kP256NullParam); + ASSERT_TRUE(cert); + EXPECT_FALSE(X509_verify(cert.get(), key.get())); + uint32_t err = ERR_get_error(); + EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); + EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err)); + + cert = CertFromPEM(kP256InvalidParam); + ASSERT_TRUE(cert); + EXPECT_FALSE(X509_verify(cert.get(), key.get())); + err = ERR_get_error(); + EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); + EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err)); + + // RSA parameters should be NULL, but we accept omitted ones. + key = PrivateKeyFromPEM(kRSAKey); + ASSERT_TRUE(key); + + cert = CertFromPEM(kRSANoParam); + ASSERT_TRUE(cert); + EXPECT_TRUE(X509_verify(cert.get(), key.get())); + + cert = CertFromPEM(kRSANullParam); + ASSERT_TRUE(cert); + EXPECT_TRUE(X509_verify(cert.get(), key.get())); + + cert = CertFromPEM(kRSAInvalidParam); + ASSERT_TRUE(cert); + EXPECT_FALSE(X509_verify(cert.get(), key.get())); + err = ERR_get_error(); + EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); + EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err)); +} From 991d31bbf11471d723f4a57a62100aff7f3cb9a5 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 19 Jun 2020 11:38:20 -0400 Subject: [PATCH 032/399] clang-format x509.h and run comment converter. We never updated it to OpenSSL's new indentation style and it's already pretty difficult to directly apply patches from upstream anyway. Change-Id: I78f7f644c6d427f27c29f51c4e8ba54476ddeb2b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41805 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- include/openssl/x509.h | 1454 +++++++++++++++++++++------------------- 1 file changed, 747 insertions(+), 707 deletions(-) diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 2a0e233b7a..8f78f4a176 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -4,21 +4,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -33,10 +33,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -48,7 +48,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -56,25 +56,22 @@ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECDH support in OpenSSL originally developed by + * ECDH support in OpenSSL originally developed by * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ #ifndef HEADER_X509_H #define HEADER_X509_H -#include - -#include - #include +#include #include #include #include #include +#include #include #include -#include #include #include #include @@ -83,481 +80,452 @@ #include #include #include +#include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif -/* Legacy X.509 library. - * - * This header is part of OpenSSL's X.509 implementation. It is retained for - * compatibility but otherwise underdocumented and not actively maintained. In - * the future, a replacement library will be available. Meanwhile, minimize - * dependencies on this header where possible. */ - - -#define X509_FILETYPE_PEM 1 -#define X509_FILETYPE_ASN1 2 -#define X509_FILETYPE_DEFAULT 3 - -#define X509v3_KU_DIGITAL_SIGNATURE 0x0080 -#define X509v3_KU_NON_REPUDIATION 0x0040 -#define X509v3_KU_KEY_ENCIPHERMENT 0x0020 -#define X509v3_KU_DATA_ENCIPHERMENT 0x0010 -#define X509v3_KU_KEY_AGREEMENT 0x0008 -#define X509v3_KU_KEY_CERT_SIGN 0x0004 -#define X509v3_KU_CRL_SIGN 0x0002 -#define X509v3_KU_ENCIPHER_ONLY 0x0001 -#define X509v3_KU_DECIPHER_ONLY 0x8000 -#define X509v3_KU_UNDEF 0xffff +// Legacy X.509 library. +// +// This header is part of OpenSSL's X.509 implementation. It is retained for +// compatibility but otherwise underdocumented and not actively maintained. In +// the future, a replacement library will be available. Meanwhile, minimize +// dependencies on this header where possible. + + +#define X509_FILETYPE_PEM 1 +#define X509_FILETYPE_ASN1 2 +#define X509_FILETYPE_DEFAULT 3 + +#define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +#define X509v3_KU_NON_REPUDIATION 0x0040 +#define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +#define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +#define X509v3_KU_KEY_AGREEMENT 0x0008 +#define X509v3_KU_KEY_CERT_SIGN 0x0004 +#define X509v3_KU_CRL_SIGN 0x0002 +#define X509v3_KU_ENCIPHER_ONLY 0x0001 +#define X509v3_KU_DECIPHER_ONLY 0x8000 +#define X509v3_KU_UNDEF 0xffff DEFINE_STACK_OF(X509_ALGOR) DECLARE_ASN1_SET_OF(X509_ALGOR) typedef STACK_OF(X509_ALGOR) X509_ALGORS; -struct X509_val_st - { - ASN1_TIME *notBefore; - ASN1_TIME *notAfter; - } /* X509_VAL */; - -struct X509_pubkey_st - { - X509_ALGOR *algor; - ASN1_BIT_STRING *public_key; - EVP_PKEY *pkey; - }; - -struct X509_sig_st - { - X509_ALGOR *algor; - ASN1_OCTET_STRING *digest; - } /* X509_SIG */; - -struct X509_name_entry_st - { - ASN1_OBJECT *object; - ASN1_STRING *value; - int set; - int size; /* temp variable */ - } /* X509_NAME_ENTRY */; +struct X509_val_st { + ASN1_TIME *notBefore; + ASN1_TIME *notAfter; +} /* X509_VAL */; + +struct X509_pubkey_st { + X509_ALGOR *algor; + ASN1_BIT_STRING *public_key; + EVP_PKEY *pkey; +}; + +struct X509_sig_st { + X509_ALGOR *algor; + ASN1_OCTET_STRING *digest; +} /* X509_SIG */; + +struct X509_name_entry_st { + ASN1_OBJECT *object; + ASN1_STRING *value; + int set; + int size; // temp variable +} /* X509_NAME_ENTRY */; DEFINE_STACK_OF(X509_NAME_ENTRY) DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) -/* we always keep X509_NAMEs in 2 forms. */ -struct X509_name_st - { - STACK_OF(X509_NAME_ENTRY) *entries; - int modified; /* true if 'bytes' needs to be built */ - BUF_MEM *bytes; -/* unsigned long hash; Keep the hash around for lookups */ - unsigned char *canon_enc; - int canon_enclen; - } /* X509_NAME */; +// we always keep X509_NAMEs in 2 forms. +struct X509_name_st { + STACK_OF(X509_NAME_ENTRY) * entries; + int modified; // true if 'bytes' needs to be built + BUF_MEM *bytes; + // unsigned long hash; Keep the hash around for lookups + unsigned char *canon_enc; + int canon_enclen; +} /* X509_NAME */; DEFINE_STACK_OF(X509_NAME) -struct X509_extension_st - { - ASN1_OBJECT *object; - ASN1_BOOLEAN critical; - ASN1_OCTET_STRING *value; - } /* X509_EXTENSION */; +struct X509_extension_st { + ASN1_OBJECT *object; + ASN1_BOOLEAN critical; + ASN1_OCTET_STRING *value; +} /* X509_EXTENSION */; typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; DEFINE_STACK_OF(X509_EXTENSION) DECLARE_ASN1_SET_OF(X509_EXTENSION) -/* a sequence of these are used */ -struct x509_attributes_st - { - ASN1_OBJECT *object; - int single; /* 0 for a set, 1 for a single item (which is wrong) */ - union { - char *ptr; -/* 0 */ STACK_OF(ASN1_TYPE) *set; -/* 1 */ ASN1_TYPE *single; - } value; - } /* X509_ATTRIBUTE */; +// a sequence of these are used +struct x509_attributes_st { + ASN1_OBJECT *object; + int single; // 0 for a set, 1 for a single item (which is wrong) + union { + char *ptr; + /* 0 */ STACK_OF(ASN1_TYPE) * set; + /* 1 */ ASN1_TYPE *single; + } value; +} /* X509_ATTRIBUTE */; DEFINE_STACK_OF(X509_ATTRIBUTE) DECLARE_ASN1_SET_OF(X509_ATTRIBUTE) -struct X509_req_info_st - { - ASN1_ENCODING enc; - ASN1_INTEGER *version; - X509_NAME *subject; - X509_PUBKEY *pubkey; - /* d=2 hl=2 l= 0 cons: cont: 00 */ - STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ - } /* X509_REQ_INFO */; - -struct X509_req_st - { - X509_REQ_INFO *req_info; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - CRYPTO_refcount_t references; - } /* X509_REQ */; - -struct x509_cinf_st - { - ASN1_INTEGER *version; /* [ 0 ] default of v1 */ - ASN1_INTEGER *serialNumber; - X509_ALGOR *signature; - X509_NAME *issuer; - X509_VAL *validity; - X509_NAME *subject; - X509_PUBKEY *key; - ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ - ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ - STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ - ASN1_ENCODING enc; - } /* X509_CINF */; - -/* This stuff is certificate "auxiliary info" - * it contains details which are useful in certificate - * stores and databases. When used this is tagged onto - * the end of the certificate itself - */ - -struct x509_cert_aux_st - { - STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ - STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ - ASN1_UTF8STRING *alias; /* "friendly name" */ - ASN1_OCTET_STRING *keyid; /* key id of private key */ - STACK_OF(X509_ALGOR) *other; /* other unspecified info */ - } /* X509_CERT_AUX */; +struct X509_req_info_st { + ASN1_ENCODING enc; + ASN1_INTEGER *version; + X509_NAME *subject; + X509_PUBKEY *pubkey; + // d=2 hl=2 l= 0 cons: cont: 00 + STACK_OF(X509_ATTRIBUTE) * attributes; // [ 0 ] +} /* X509_REQ_INFO */; + +struct X509_req_st { + X509_REQ_INFO *req_info; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + CRYPTO_refcount_t references; +} /* X509_REQ */; + +struct x509_cinf_st { + ASN1_INTEGER *version; // [ 0 ] default of v1 + ASN1_INTEGER *serialNumber; + X509_ALGOR *signature; + X509_NAME *issuer; + X509_VAL *validity; + X509_NAME *subject; + X509_PUBKEY *key; + ASN1_BIT_STRING *issuerUID; // [ 1 ] optional in v2 + ASN1_BIT_STRING *subjectUID; // [ 2 ] optional in v2 + STACK_OF(X509_EXTENSION) * extensions; // [ 3 ] optional in v3 + ASN1_ENCODING enc; +} /* X509_CINF */; + +// This stuff is certificate "auxiliary info" +// it contains details which are useful in certificate +// stores and databases. When used this is tagged onto +// the end of the certificate itself + +struct x509_cert_aux_st { + STACK_OF(ASN1_OBJECT) * trust; // trusted uses + STACK_OF(ASN1_OBJECT) * reject; // rejected uses + ASN1_UTF8STRING *alias; // "friendly name" + ASN1_OCTET_STRING *keyid; // key id of private key + STACK_OF(X509_ALGOR) * other; // other unspecified info +} /* X509_CERT_AUX */; DECLARE_STACK_OF(DIST_POINT) DECLARE_STACK_OF(GENERAL_NAME) -struct x509_st - { - X509_CINF *cert_info; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - CRYPTO_refcount_t references; - char *name; - CRYPTO_EX_DATA ex_data; - /* These contain copies of various extension values */ - long ex_pathlen; - long ex_pcpathlen; - unsigned long ex_flags; - unsigned long ex_kusage; - unsigned long ex_xkusage; - unsigned long ex_nscert; - ASN1_OCTET_STRING *skid; - AUTHORITY_KEYID *akid; - X509_POLICY_CACHE *policy_cache; - STACK_OF(DIST_POINT) *crldp; - STACK_OF(GENERAL_NAME) *altname; - NAME_CONSTRAINTS *nc; - unsigned char sha1_hash[SHA_DIGEST_LENGTH]; - X509_CERT_AUX *aux; - CRYPTO_BUFFER *buf; - CRYPTO_MUTEX lock; - } /* X509 */; +struct x509_st { + X509_CINF *cert_info; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + CRYPTO_refcount_t references; + char *name; + CRYPTO_EX_DATA ex_data; + // These contain copies of various extension values + long ex_pathlen; + long ex_pcpathlen; + unsigned long ex_flags; + unsigned long ex_kusage; + unsigned long ex_xkusage; + unsigned long ex_nscert; + ASN1_OCTET_STRING *skid; + AUTHORITY_KEYID *akid; + X509_POLICY_CACHE *policy_cache; + STACK_OF(DIST_POINT) * crldp; + STACK_OF(GENERAL_NAME) * altname; + NAME_CONSTRAINTS *nc; + unsigned char sha1_hash[SHA_DIGEST_LENGTH]; + X509_CERT_AUX *aux; + CRYPTO_BUFFER *buf; + CRYPTO_MUTEX lock; +} /* X509 */; DEFINE_STACK_OF(X509) DECLARE_ASN1_SET_OF(X509) -/* This is used for a table of trust checking functions */ +// This is used for a table of trust checking functions struct x509_trust_st { - int trust; - int flags; - int (*check_trust)(struct x509_trust_st *, X509 *, int); - char *name; - int arg1; - void *arg2; + int trust; + int flags; + int (*check_trust)(struct x509_trust_st *, X509 *, int); + char *name; + int arg1; + void *arg2; } /* X509_TRUST */; DEFINE_STACK_OF(X509_TRUST) -/* standard trust ids */ +// standard trust ids -#define X509_TRUST_DEFAULT (-1) /* Only valid in purpose settings */ +#define X509_TRUST_DEFAULT (-1) // Only valid in purpose settings -#define X509_TRUST_COMPAT 1 -#define X509_TRUST_SSL_CLIENT 2 -#define X509_TRUST_SSL_SERVER 3 -#define X509_TRUST_EMAIL 4 -#define X509_TRUST_OBJECT_SIGN 5 -#define X509_TRUST_OCSP_SIGN 6 -#define X509_TRUST_OCSP_REQUEST 7 -#define X509_TRUST_TSA 8 +#define X509_TRUST_COMPAT 1 +#define X509_TRUST_SSL_CLIENT 2 +#define X509_TRUST_SSL_SERVER 3 +#define X509_TRUST_EMAIL 4 +#define X509_TRUST_OBJECT_SIGN 5 +#define X509_TRUST_OCSP_SIGN 6 +#define X509_TRUST_OCSP_REQUEST 7 +#define X509_TRUST_TSA 8 -/* Keep these up to date! */ -#define X509_TRUST_MIN 1 -#define X509_TRUST_MAX 8 +// Keep these up to date! +#define X509_TRUST_MIN 1 +#define X509_TRUST_MAX 8 -/* trust_flags values */ -#define X509_TRUST_DYNAMIC 1 -#define X509_TRUST_DYNAMIC_NAME 2 +// trust_flags values +#define X509_TRUST_DYNAMIC 1 +#define X509_TRUST_DYNAMIC_NAME 2 -/* check_trust return codes */ +// check_trust return codes -#define X509_TRUST_TRUSTED 1 -#define X509_TRUST_REJECTED 2 -#define X509_TRUST_UNTRUSTED 3 +#define X509_TRUST_TRUSTED 1 +#define X509_TRUST_REJECTED 2 +#define X509_TRUST_UNTRUSTED 3 -/* Flags for X509_print_ex() */ +// Flags for X509_print_ex() -#define X509_FLAG_COMPAT 0 -#define X509_FLAG_NO_HEADER 1L -#define X509_FLAG_NO_VERSION (1L << 1) -#define X509_FLAG_NO_SERIAL (1L << 2) -#define X509_FLAG_NO_SIGNAME (1L << 3) -#define X509_FLAG_NO_ISSUER (1L << 4) -#define X509_FLAG_NO_VALIDITY (1L << 5) -#define X509_FLAG_NO_SUBJECT (1L << 6) -#define X509_FLAG_NO_PUBKEY (1L << 7) -#define X509_FLAG_NO_EXTENSIONS (1L << 8) -#define X509_FLAG_NO_SIGDUMP (1L << 9) -#define X509_FLAG_NO_AUX (1L << 10) -#define X509_FLAG_NO_ATTRIBUTES (1L << 11) -#define X509_FLAG_NO_IDS (1L << 12) +#define X509_FLAG_COMPAT 0 +#define X509_FLAG_NO_HEADER 1L +#define X509_FLAG_NO_VERSION (1L << 1) +#define X509_FLAG_NO_SERIAL (1L << 2) +#define X509_FLAG_NO_SIGNAME (1L << 3) +#define X509_FLAG_NO_ISSUER (1L << 4) +#define X509_FLAG_NO_VALIDITY (1L << 5) +#define X509_FLAG_NO_SUBJECT (1L << 6) +#define X509_FLAG_NO_PUBKEY (1L << 7) +#define X509_FLAG_NO_EXTENSIONS (1L << 8) +#define X509_FLAG_NO_SIGDUMP (1L << 9) +#define X509_FLAG_NO_AUX (1L << 10) +#define X509_FLAG_NO_ATTRIBUTES (1L << 11) +#define X509_FLAG_NO_IDS (1L << 12) -/* Flags specific to X509_NAME_print_ex() */ +// Flags specific to X509_NAME_print_ex() -/* The field separator information */ +// The field separator information -#define XN_FLAG_SEP_MASK (0xf << 16) +#define XN_FLAG_SEP_MASK (0xf << 16) -#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */ -#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */ -#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */ -#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */ -#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */ +#define XN_FLAG_COMPAT 0 // Traditional SSLeay: use old X509_NAME_print +#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) // RFC2253 ,+ +#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) // ,+ spaced: more readable +#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) // ;+ spaced +#define XN_FLAG_SEP_MULTILINE (4 << 16) // One line per field -#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */ +#define XN_FLAG_DN_REV (1 << 20) // Reverse DN order -/* How the field name is shown */ +// How the field name is shown -#define XN_FLAG_FN_MASK (0x3 << 21) +#define XN_FLAG_FN_MASK (0x3 << 21) -#define XN_FLAG_FN_SN 0 /* Object short name */ -#define XN_FLAG_FN_LN (1 << 21) /* Object long name */ -#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */ -#define XN_FLAG_FN_NONE (3 << 21) /* No field names */ +#define XN_FLAG_FN_SN 0 // Object short name +#define XN_FLAG_FN_LN (1 << 21) // Object long name +#define XN_FLAG_FN_OID (2 << 21) // Always use OIDs +#define XN_FLAG_FN_NONE (3 << 21) // No field names -#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */ +#define XN_FLAG_SPC_EQ (1 << 23) // Put spaces round '=' -/* This determines if we dump fields we don't recognise: - * RFC2253 requires this. - */ +// This determines if we dump fields we don't recognise: +// RFC2253 requires this. #define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) -#define XN_FLAG_FN_ALIGN (1 << 25) /* Align field names to 20 characters */ - -/* Complete set of RFC2253 flags */ - -#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ - XN_FLAG_SEP_COMMA_PLUS | \ - XN_FLAG_DN_REV | \ - XN_FLAG_FN_SN | \ - XN_FLAG_DUMP_UNKNOWN_FIELDS) - -/* readable oneline form */ - -#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ - ASN1_STRFLGS_ESC_QUOTE | \ - XN_FLAG_SEP_CPLUS_SPC | \ - XN_FLAG_SPC_EQ | \ - XN_FLAG_FN_SN) - -/* readable multiline form */ - -#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB | \ - XN_FLAG_SEP_MULTILINE | \ - XN_FLAG_SPC_EQ | \ - XN_FLAG_FN_LN | \ - XN_FLAG_FN_ALIGN) - -struct x509_revoked_st - { - ASN1_INTEGER *serialNumber; - ASN1_TIME *revocationDate; - STACK_OF(X509_EXTENSION) /* optional */ *extensions; - /* Set up if indirect CRL */ - STACK_OF(GENERAL_NAME) *issuer; - /* Revocation reason */ - int reason; - int sequence; /* load sequence */ - }; +#define XN_FLAG_FN_ALIGN (1 << 25) // Align field names to 20 characters + +// Complete set of RFC2253 flags + +#define XN_FLAG_RFC2253 \ + (ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | \ + XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS) + +// readable oneline form + +#define XN_FLAG_ONELINE \ + (ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | \ + XN_FLAG_SPC_EQ | XN_FLAG_FN_SN) + +// readable multiline form + +#define XN_FLAG_MULTILINE \ + (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | \ + XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN) + +struct x509_revoked_st { + ASN1_INTEGER *serialNumber; + ASN1_TIME *revocationDate; + STACK_OF(X509_EXTENSION) /* optional */ * extensions; + // Set up if indirect CRL + STACK_OF(GENERAL_NAME) * issuer; + // Revocation reason + int reason; + int sequence; // load sequence +}; DEFINE_STACK_OF(X509_REVOKED) DECLARE_ASN1_SET_OF(X509_REVOKED) -struct X509_crl_info_st - { - ASN1_INTEGER *version; - X509_ALGOR *sig_alg; - X509_NAME *issuer; - ASN1_TIME *lastUpdate; - ASN1_TIME *nextUpdate; - STACK_OF(X509_REVOKED) *revoked; - STACK_OF(X509_EXTENSION) /* [0] */ *extensions; - ASN1_ENCODING enc; - } /* X509_CRL_INFO */; +struct X509_crl_info_st { + ASN1_INTEGER *version; + X509_ALGOR *sig_alg; + X509_NAME *issuer; + ASN1_TIME *lastUpdate; + ASN1_TIME *nextUpdate; + STACK_OF(X509_REVOKED) * revoked; + STACK_OF(X509_EXTENSION) /* [0] */ * extensions; + ASN1_ENCODING enc; +} /* X509_CRL_INFO */; DECLARE_STACK_OF(GENERAL_NAMES) -struct X509_crl_st - { - /* actual signature */ - X509_CRL_INFO *crl; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - CRYPTO_refcount_t references; - int flags; - /* Copies of various extensions */ - AUTHORITY_KEYID *akid; - ISSUING_DIST_POINT *idp; - /* Convenient breakdown of IDP */ - int idp_flags; - int idp_reasons; - /* CRL and base CRL numbers for delta processing */ - ASN1_INTEGER *crl_number; - ASN1_INTEGER *base_crl_number; - unsigned char sha1_hash[SHA_DIGEST_LENGTH]; - STACK_OF(GENERAL_NAMES) *issuers; - const X509_CRL_METHOD *meth; - void *meth_data; - } /* X509_CRL */; +struct X509_crl_st { + // actual signature + X509_CRL_INFO *crl; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + CRYPTO_refcount_t references; + int flags; + // Copies of various extensions + AUTHORITY_KEYID *akid; + ISSUING_DIST_POINT *idp; + // Convenient breakdown of IDP + int idp_flags; + int idp_reasons; + // CRL and base CRL numbers for delta processing + ASN1_INTEGER *crl_number; + ASN1_INTEGER *base_crl_number; + unsigned char sha1_hash[SHA_DIGEST_LENGTH]; + STACK_OF(GENERAL_NAMES) * issuers; + const X509_CRL_METHOD *meth; + void *meth_data; +} /* X509_CRL */; DEFINE_STACK_OF(X509_CRL) DECLARE_ASN1_SET_OF(X509_CRL) -struct private_key_st - { - int version; - /* The PKCS#8 data types */ - X509_ALGOR *enc_algor; - ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ +struct private_key_st { + int version; + // The PKCS#8 data types + X509_ALGOR *enc_algor; + ASN1_OCTET_STRING *enc_pkey; // encrypted pub key - /* When decrypted, the following will not be NULL */ - EVP_PKEY *dec_pkey; + // When decrypted, the following will not be NULL + EVP_PKEY *dec_pkey; - /* used to encrypt and decrypt */ - int key_length; - char *key_data; - int key_free; /* true if we should auto free key_data */ + // used to encrypt and decrypt + int key_length; + char *key_data; + int key_free; // true if we should auto free key_data - /* expanded version of 'enc_algor' */ - EVP_CIPHER_INFO cipher; - } /* X509_PKEY */; + // expanded version of 'enc_algor' + EVP_CIPHER_INFO cipher; +} /* X509_PKEY */; #ifndef OPENSSL_NO_EVP -struct X509_info_st - { - X509 *x509; - X509_CRL *crl; - X509_PKEY *x_pkey; +struct X509_info_st { + X509 *x509; + X509_CRL *crl; + X509_PKEY *x_pkey; - EVP_CIPHER_INFO enc_cipher; - int enc_len; - char *enc_data; + EVP_CIPHER_INFO enc_cipher; + int enc_len; + char *enc_data; - } /* X509_INFO */; +} /* X509_INFO */; DEFINE_STACK_OF(X509_INFO) #endif -/* The next 2 structures and their 8 routines were sent to me by - * Pat Richard and are used to manipulate - * Netscapes spki structures - useful if you are writing a CA web page - */ -struct Netscape_spkac_st - { - X509_PUBKEY *pubkey; - ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ - } /* NETSCAPE_SPKAC */; - -struct Netscape_spki_st - { - NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ - X509_ALGOR *sig_algor; - ASN1_BIT_STRING *signature; - } /* NETSCAPE_SPKI */; - -/* PKCS#8 private key info structure */ - -struct pkcs8_priv_key_info_st - { - int broken; /* Flag for various broken formats */ -#define PKCS8_OK 0 -#define PKCS8_NO_OCTET 1 -#define PKCS8_EMBEDDED_PARAM 2 -#define PKCS8_NS_DB 3 -#define PKCS8_NEG_PRIVKEY 4 - ASN1_INTEGER *version; - X509_ALGOR *pkeyalg; - ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ - STACK_OF(X509_ATTRIBUTE) *attributes; - }; - -#ifdef __cplusplus +// The next 2 structures and their 8 routines were sent to me by +// Pat Richard and are used to manipulate +// Netscapes spki structures - useful if you are writing a CA web page +struct Netscape_spkac_st { + X509_PUBKEY *pubkey; + ASN1_IA5STRING *challenge; // challenge sent in atlas >= PR2 +} /* NETSCAPE_SPKAC */; + +struct Netscape_spki_st { + NETSCAPE_SPKAC *spkac; // signed public key and challenge + X509_ALGOR *sig_algor; + ASN1_BIT_STRING *signature; +} /* NETSCAPE_SPKI */; + +// PKCS#8 private key info structure + +struct pkcs8_priv_key_info_st { + int broken; // Flag for various broken formats +#define PKCS8_OK 0 +#define PKCS8_NO_OCTET 1 +#define PKCS8_EMBEDDED_PARAM 2 +#define PKCS8_NS_DB 3 +#define PKCS8_NEG_PRIVKEY 4 + ASN1_INTEGER *version; + X509_ALGOR *pkeyalg; + ASN1_TYPE *pkey; // Should be OCTET STRING but some are broken + STACK_OF(X509_ATTRIBUTE) * attributes; +}; + +#ifdef __cplusplus } #endif #include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif -#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) -/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ -#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) -#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) -#define X509_get_cert_info(x) ((x)->cert_info) -#define X509_extract_key(x) X509_get_pubkey(x) /*****/ -#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) -#define X509_REQ_get_subject_name(x) ((x)->req_info->subject) -#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) -#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) -#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) - -#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) +#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) +// #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) +#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) +#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) +#define X509_get_cert_info(x) ((x)->cert_info) +#define X509_extract_key(x) X509_get_pubkey(x) //*** +#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) +#define X509_REQ_get_subject_name(x) ((x)->req_info->subject) +#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +#define X509_name_cmp(a, b) X509_NAME_cmp((a), (b)) +#define X509_get_signature_type(x) \ + EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) + +#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); -#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) -#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) -#define X509_CRL_get_issuer(x) ((x)->crl->issuer) -#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) +#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) +#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) +#define X509_CRL_get_issuer(x) ((x)->crl->issuer) +#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) -#define X509_CINF_set_modified(c) ((c)->enc.modified = 1) -#define X509_CINF_get_issuer(c) (&(c)->issuer) -#define X509_CINF_get_extensions(c) ((c)->extensions) -#define X509_CINF_get_signature(c) ((c)->signature) +#define X509_CINF_set_modified(c) ((c)->enc.modified = 1) +#define X509_CINF_get_issuer(c) (&(c)->issuer) +#define X509_CINF_get_extensions(c) ((c)->extensions) +#define X509_CINF_get_signature(c) ((c)->signature) OPENSSL_EXPORT void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); OPENSSL_EXPORT X509_CRL_METHOD *X509_CRL_METHOD_new( - int (*crl_init)(X509_CRL *crl), - int (*crl_free)(X509_CRL *crl), - int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, - ASN1_INTEGER *ser, X509_NAME *issuer), - int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk)); + int (*crl_init)(X509_CRL *crl), int (*crl_free)(X509_CRL *crl), + int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *ser, + X509_NAME *issuer), + int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk)); OPENSSL_EXPORT void X509_CRL_METHOD_free(X509_CRL_METHOD *m); OPENSSL_EXPORT void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); OPENSSL_EXPORT void *X509_CRL_get_meth_data(X509_CRL *crl); -/* This one is only used so that a binary form can output, as in - * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */ -#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) +// This one is only used so that a binary form can output, as in +// i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) +#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) OPENSSL_EXPORT const char *X509_verify_cert_error_string(long n); @@ -569,14 +537,16 @@ OPENSSL_EXPORT int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); OPENSSL_EXPORT int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); OPENSSL_EXPORT int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); -OPENSSL_EXPORT NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len); -OPENSSL_EXPORT char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); +OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, + int len); +OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); OPENSSL_EXPORT int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); -OPENSSL_EXPORT int X509_signature_dump(BIO *bp,const ASN1_STRING *sig, int indent); +OPENSSL_EXPORT int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, + int indent); OPENSSL_EXPORT int X509_signature_print(BIO *bp, const X509_ALGOR *alg, const ASN1_STRING *sig); @@ -586,39 +556,40 @@ OPENSSL_EXPORT int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); OPENSSL_EXPORT int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); OPENSSL_EXPORT int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); OPENSSL_EXPORT int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); -OPENSSL_EXPORT int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); - -OPENSSL_EXPORT int X509_pubkey_digest(const X509 *data,const EVP_MD *type, - unsigned char *md, unsigned int *len); -OPENSSL_EXPORT int X509_digest(const X509 *data,const EVP_MD *type, - unsigned char *md, unsigned int *len); -OPENSSL_EXPORT int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type, - unsigned char *md, unsigned int *len); -OPENSSL_EXPORT int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type, - unsigned char *md, unsigned int *len); -OPENSSL_EXPORT int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type, - unsigned char *md, unsigned int *len); +OPENSSL_EXPORT int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, + const EVP_MD *md); + +OPENSSL_EXPORT int X509_pubkey_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +OPENSSL_EXPORT int X509_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +OPENSSL_EXPORT int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +OPENSSL_EXPORT int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +OPENSSL_EXPORT int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); #endif -/* X509_parse_from_buffer parses an X.509 structure from |buf| and returns a - * fresh X509 or NULL on error. There must not be any trailing data in |buf|. - * The returned structure (if any) holds a reference to |buf| rather than - * copying parts of it as a normal |d2i_X509| call would do. */ +// X509_parse_from_buffer parses an X.509 structure from |buf| and returns a +// fresh X509 or NULL on error. There must not be any trailing data in |buf|. +// The returned structure (if any) holds a reference to |buf| rather than +// copying parts of it as a normal |d2i_X509| call would do. OPENSSL_EXPORT X509 *X509_parse_from_buffer(CRYPTO_BUFFER *buf); #ifndef OPENSSL_NO_FP_API OPENSSL_EXPORT X509 *d2i_X509_fp(FILE *fp, X509 **x509); -OPENSSL_EXPORT int i2d_X509_fp(FILE *fp,X509 *x509); -OPENSSL_EXPORT X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl); -OPENSSL_EXPORT int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl); -OPENSSL_EXPORT X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req); -OPENSSL_EXPORT int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req); -OPENSSL_EXPORT RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa); -OPENSSL_EXPORT int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa); -OPENSSL_EXPORT RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa); -OPENSSL_EXPORT int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa); -OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa); -OPENSSL_EXPORT int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa); +OPENSSL_EXPORT int i2d_X509_fp(FILE *fp, X509 *x509); +OPENSSL_EXPORT X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); +OPENSSL_EXPORT int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl); +OPENSSL_EXPORT X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); +OPENSSL_EXPORT int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req); +OPENSSL_EXPORT RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); +OPENSSL_EXPORT int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa); +OPENSSL_EXPORT RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); +OPENSSL_EXPORT int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa); +OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); +OPENSSL_EXPORT int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa); #ifndef OPENSSL_NO_DSA OPENSSL_EXPORT DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); OPENSSL_EXPORT int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); @@ -626,14 +597,15 @@ OPENSSL_EXPORT DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); OPENSSL_EXPORT int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); #endif OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); -OPENSSL_EXPORT int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); +OPENSSL_EXPORT int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); -OPENSSL_EXPORT int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); -OPENSSL_EXPORT X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8); -OPENSSL_EXPORT int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8); -OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, - PKCS8_PRIV_KEY_INFO **p8inf); -OPENSSL_EXPORT int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf); +OPENSSL_EXPORT int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); +OPENSSL_EXPORT X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); +OPENSSL_EXPORT int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8); +OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp( + FILE *fp, PKCS8_PRIV_KEY_INFO **p8inf); +OPENSSL_EXPORT int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, + PKCS8_PRIV_KEY_INFO *p8inf); OPENSSL_EXPORT int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key); OPENSSL_EXPORT int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); @@ -641,18 +613,18 @@ OPENSSL_EXPORT int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); OPENSSL_EXPORT EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); #endif -OPENSSL_EXPORT X509 *d2i_X509_bio(BIO *bp,X509 **x509); -OPENSSL_EXPORT int i2d_X509_bio(BIO *bp,X509 *x509); -OPENSSL_EXPORT X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl); -OPENSSL_EXPORT int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl); -OPENSSL_EXPORT X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req); -OPENSSL_EXPORT int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req); -OPENSSL_EXPORT RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa); -OPENSSL_EXPORT int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa); -OPENSSL_EXPORT RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa); -OPENSSL_EXPORT int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa); -OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa); -OPENSSL_EXPORT int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa); +OPENSSL_EXPORT X509 *d2i_X509_bio(BIO *bp, X509 **x509); +OPENSSL_EXPORT int i2d_X509_bio(BIO *bp, X509 *x509); +OPENSSL_EXPORT X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); +OPENSSL_EXPORT int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl); +OPENSSL_EXPORT X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); +OPENSSL_EXPORT int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req); +OPENSSL_EXPORT RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); +OPENSSL_EXPORT int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa); +OPENSSL_EXPORT RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); +OPENSSL_EXPORT int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa); +OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); +OPENSSL_EXPORT int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa); #ifndef OPENSSL_NO_DSA OPENSSL_EXPORT DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); OPENSSL_EXPORT int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); @@ -660,14 +632,15 @@ OPENSSL_EXPORT DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); OPENSSL_EXPORT int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); #endif OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); -OPENSSL_EXPORT int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); +OPENSSL_EXPORT int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); -OPENSSL_EXPORT int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); -OPENSSL_EXPORT X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8); -OPENSSL_EXPORT int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8); -OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, - PKCS8_PRIV_KEY_INFO **p8inf); -OPENSSL_EXPORT int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf); +OPENSSL_EXPORT int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); +OPENSSL_EXPORT X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); +OPENSSL_EXPORT int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8); +OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio( + BIO *bp, PKCS8_PRIV_KEY_INFO **p8inf); +OPENSSL_EXPORT int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, + PKCS8_PRIV_KEY_INFO *p8inf); OPENSSL_EXPORT int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key); OPENSSL_EXPORT int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); @@ -683,7 +656,8 @@ OPENSSL_EXPORT X509_CRL *X509_CRL_dup(X509_CRL *crl); OPENSSL_EXPORT X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev); OPENSSL_EXPORT X509_REQ *X509_REQ_dup(X509_REQ *req); OPENSSL_EXPORT X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); -OPENSSL_EXPORT int X509_ALGOR_set0(X509_ALGOR *alg, const ASN1_OBJECT *aobj, int ptype, void *pval); +OPENSSL_EXPORT int X509_ALGOR_set0(X509_ALGOR *alg, const ASN1_OBJECT *aobj, + int ptype, void *pval); OPENSSL_EXPORT void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor); @@ -697,50 +671,53 @@ OPENSSL_EXPORT int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); OPENSSL_EXPORT int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, size_t *pderlen); -OPENSSL_EXPORT int X509_cmp_time(const ASN1_TIME *s, time_t *t); -OPENSSL_EXPORT int X509_cmp_current_time(const ASN1_TIME *s); -OPENSSL_EXPORT ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t); -OPENSSL_EXPORT ASN1_TIME * X509_time_adj_ex(ASN1_TIME *s, int offset_day, long offset_sec, time_t *t); -OPENSSL_EXPORT ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj); +OPENSSL_EXPORT int X509_cmp_time(const ASN1_TIME *s, time_t *t); +OPENSSL_EXPORT int X509_cmp_current_time(const ASN1_TIME *s); +OPENSSL_EXPORT ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +OPENSSL_EXPORT ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, int offset_day, + long offset_sec, time_t *t); +OPENSSL_EXPORT ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); -OPENSSL_EXPORT const char * X509_get_default_cert_area(void ); -OPENSSL_EXPORT const char * X509_get_default_cert_dir(void ); -OPENSSL_EXPORT const char * X509_get_default_cert_file(void ); -OPENSSL_EXPORT const char * X509_get_default_cert_dir_env(void ); -OPENSSL_EXPORT const char * X509_get_default_cert_file_env(void ); -OPENSSL_EXPORT const char * X509_get_default_private_dir(void ); +OPENSSL_EXPORT const char *X509_get_default_cert_area(void); +OPENSSL_EXPORT const char *X509_get_default_cert_dir(void); +OPENSSL_EXPORT const char *X509_get_default_cert_file(void); +OPENSSL_EXPORT const char *X509_get_default_cert_dir_env(void); +OPENSSL_EXPORT const char *X509_get_default_cert_file_env(void); +OPENSSL_EXPORT const char *X509_get_default_private_dir(void); -OPENSSL_EXPORT X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); -OPENSSL_EXPORT X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); +OPENSSL_EXPORT X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, + const EVP_MD *md); +OPENSSL_EXPORT X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey); DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) DECLARE_ASN1_FUNCTIONS(X509_VAL) DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) -OPENSSL_EXPORT int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); -OPENSSL_EXPORT EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); -OPENSSL_EXPORT int i2d_PUBKEY(const EVP_PKEY *a,unsigned char **pp); -OPENSSL_EXPORT EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp, - long length); -OPENSSL_EXPORT int i2d_RSA_PUBKEY(const RSA *a,unsigned char **pp); -OPENSSL_EXPORT RSA * d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp, - long length); +OPENSSL_EXPORT int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +OPENSSL_EXPORT EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); +OPENSSL_EXPORT int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp); +OPENSSL_EXPORT EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, + long length); +OPENSSL_EXPORT int i2d_RSA_PUBKEY(const RSA *a, unsigned char **pp); +OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, + long length); #ifndef OPENSSL_NO_DSA -OPENSSL_EXPORT int i2d_DSA_PUBKEY(const DSA *a,unsigned char **pp); -OPENSSL_EXPORT DSA * d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp, - long length); +OPENSSL_EXPORT int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp); +OPENSSL_EXPORT DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, + long length); #endif -OPENSSL_EXPORT int i2d_EC_PUBKEY(const EC_KEY *a, unsigned char **pp); -OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, - long length); +OPENSSL_EXPORT int i2d_EC_PUBKEY(const EC_KEY *a, unsigned char **pp); +OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, + long length); DECLARE_ASN1_FUNCTIONS(X509_SIG) DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) DECLARE_ASN1_FUNCTIONS(X509_REQ) DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) -OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); +OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, + void *value); DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) @@ -749,22 +726,25 @@ DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) DECLARE_ASN1_FUNCTIONS(X509_NAME) -OPENSSL_EXPORT int X509_NAME_set(X509_NAME **xn, X509_NAME *name); +OPENSSL_EXPORT int X509_NAME_set(X509_NAME **xn, X509_NAME *name); DECLARE_ASN1_FUNCTIONS(X509_CINF) DECLARE_ASN1_FUNCTIONS(X509) DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) -/* X509_up_ref adds one to the reference count of |x| and returns one. */ +// X509_up_ref adds one to the reference count of |x| and returns one. OPENSSL_EXPORT int X509_up_ref(X509 *x); -OPENSSL_EXPORT int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused, - CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func); +OPENSSL_EXPORT int X509_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_unused *unused, + CRYPTO_EX_dup *dup_unused, + CRYPTO_EX_free *free_func); OPENSSL_EXPORT int X509_set_ex_data(X509 *r, int idx, void *arg); OPENSSL_EXPORT void *X509_get_ex_data(X509 *r, int idx); -OPENSSL_EXPORT int i2d_X509_AUX(X509 *a,unsigned char **pp); -OPENSSL_EXPORT X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length); +OPENSSL_EXPORT int i2d_X509_AUX(X509 *a, unsigned char **pp); +OPENSSL_EXPORT X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, + long length); OPENSSL_EXPORT int i2d_re_X509_tbs(X509 *x, unsigned char **pp); @@ -774,9 +754,11 @@ OPENSSL_EXPORT int X509_get_signature_nid(const X509 *x); OPENSSL_EXPORT int X509_alias_set1(X509 *x, unsigned char *name, int len); OPENSSL_EXPORT int X509_keyid_set1(X509 *x, unsigned char *id, int len); -OPENSSL_EXPORT unsigned char * X509_alias_get0(X509 *x, int *len); -OPENSSL_EXPORT unsigned char * X509_keyid_get0(X509 *x, int *len); -OPENSSL_EXPORT int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int); +OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x, int *len); +OPENSSL_EXPORT unsigned char *X509_keyid_get0(X509 *x, int *len); +OPENSSL_EXPORT int (*X509_TRUST_set_default(int (*trust)(int, X509 *, + int)))(int, X509 *, + int); OPENSSL_EXPORT int X509_TRUST_set(int *t, int trust); OPENSSL_EXPORT int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); OPENSSL_EXPORT int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj); @@ -788,90 +770,100 @@ DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) DECLARE_ASN1_FUNCTIONS(X509_CRL) OPENSSL_EXPORT int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); -OPENSSL_EXPORT int X509_CRL_get0_by_serial(X509_CRL *crl, - X509_REVOKED **ret, ASN1_INTEGER *serial); -OPENSSL_EXPORT int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); +OPENSSL_EXPORT int X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret, + ASN1_INTEGER *serial); +OPENSSL_EXPORT int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, + X509 *x); -OPENSSL_EXPORT X509_PKEY * X509_PKEY_new(void ); -OPENSSL_EXPORT void X509_PKEY_free(X509_PKEY *a); +OPENSSL_EXPORT X509_PKEY *X509_PKEY_new(void); +OPENSSL_EXPORT void X509_PKEY_free(X509_PKEY *a); DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) #ifndef OPENSSL_NO_EVP -OPENSSL_EXPORT X509_INFO * X509_INFO_new(void); -OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a); -OPENSSL_EXPORT char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); +OPENSSL_EXPORT X509_INFO *X509_INFO_new(void); +OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a); +OPENSSL_EXPORT char *X509_NAME_oneline(X509_NAME *a, char *buf, int size); -OPENSSL_EXPORT int ASN1_digest(i2d_of_void *i2d,const EVP_MD *type,char *data, - unsigned char *md,unsigned int *len); +OPENSSL_EXPORT int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, + unsigned char *md, unsigned int *len); -OPENSSL_EXPORT int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data, - unsigned char *md,unsigned int *len); +OPENSSL_EXPORT int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, + void *data, unsigned char *md, + unsigned int *len); OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, - ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey); - -OPENSSL_EXPORT int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, - void *data, EVP_PKEY *pkey, const EVP_MD *type); -OPENSSL_EXPORT int ASN1_item_sign_ctx(const ASN1_ITEM *it, - X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx); + ASN1_BIT_STRING *signature, void *data, + EVP_PKEY *pkey); + +OPENSSL_EXPORT int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, void *data, + EVP_PKEY *pkey, const EVP_MD *type); +OPENSSL_EXPORT int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, void *asn, + EVP_MD_CTX *ctx); #endif -OPENSSL_EXPORT int X509_set_version(X509 *x,long version); -OPENSSL_EXPORT int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); -OPENSSL_EXPORT ASN1_INTEGER * X509_get_serialNumber(X509 *x); -OPENSSL_EXPORT int X509_set_issuer_name(X509 *x, X509_NAME *name); -OPENSSL_EXPORT X509_NAME * X509_get_issuer_name(X509 *a); -OPENSSL_EXPORT int X509_set_subject_name(X509 *x, X509_NAME *name); -OPENSSL_EXPORT X509_NAME * X509_get_subject_name(X509 *a); -OPENSSL_EXPORT int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); +OPENSSL_EXPORT int X509_set_version(X509 *x, long version); +OPENSSL_EXPORT int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x); +OPENSSL_EXPORT int X509_set_issuer_name(X509 *x, X509_NAME *name); +OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(X509 *a); +OPENSSL_EXPORT int X509_set_subject_name(X509 *x, X509_NAME *name); +OPENSSL_EXPORT X509_NAME *X509_get_subject_name(X509 *a); +OPENSSL_EXPORT int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x); OPENSSL_EXPORT ASN1_TIME *X509_getm_notBefore(X509 *x); -OPENSSL_EXPORT int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); +OPENSSL_EXPORT int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); OPENSSL_EXPORT const ASN1_TIME *X509_get0_notAfter(const X509 *x); OPENSSL_EXPORT ASN1_TIME *X509_getm_notAfter(X509 *x); -OPENSSL_EXPORT int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); -OPENSSL_EXPORT EVP_PKEY * X509_get_pubkey(X509 *x); -OPENSSL_EXPORT ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x); -OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +OPENSSL_EXPORT int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x); +OPENSSL_EXPORT ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); +OPENSSL_EXPORT STACK_OF(X509_EXTENSION) * X509_get0_extensions(const X509 *x); OPENSSL_EXPORT const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); -OPENSSL_EXPORT int X509_REQ_set_version(X509_REQ *x,long version); -OPENSSL_EXPORT int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name); +OPENSSL_EXPORT int X509_REQ_set_version(X509_REQ *x, long version); +OPENSSL_EXPORT int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); OPENSSL_EXPORT void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg); OPENSSL_EXPORT int X509_REQ_get_signature_nid(const X509_REQ *req); OPENSSL_EXPORT int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); -OPENSSL_EXPORT int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); -OPENSSL_EXPORT EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); -OPENSSL_EXPORT int X509_REQ_extension_nid(int nid); -OPENSSL_EXPORT const int * X509_REQ_get_extension_nids(void); -OPENSSL_EXPORT void X509_REQ_set_extension_nids(const int *nids); -OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); -OPENSSL_EXPORT int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, - int nid); -OPENSSL_EXPORT int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); +OPENSSL_EXPORT int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +OPENSSL_EXPORT EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +OPENSSL_EXPORT int X509_REQ_extension_nid(int nid); +OPENSSL_EXPORT const int *X509_REQ_get_extension_nids(void); +OPENSSL_EXPORT void X509_REQ_set_extension_nids(const int *nids); +OPENSSL_EXPORT STACK_OF(X509_EXTENSION) * + X509_REQ_get_extensions(X509_REQ *req); +OPENSSL_EXPORT int X509_REQ_add_extensions_nid(X509_REQ *req, + STACK_OF(X509_EXTENSION) * exts, + int nid); +OPENSSL_EXPORT int X509_REQ_add_extensions(X509_REQ *req, + STACK_OF(X509_EXTENSION) * exts); OPENSSL_EXPORT int X509_REQ_get_attr_count(const X509_REQ *req); OPENSSL_EXPORT int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, - int lastpos); -OPENSSL_EXPORT int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, - int lastpos); + int lastpos); +OPENSSL_EXPORT int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, + ASN1_OBJECT *obj, int lastpos); OPENSSL_EXPORT X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); OPENSSL_EXPORT X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); OPENSSL_EXPORT int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); OPENSSL_EXPORT int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len); -OPENSSL_EXPORT int X509_REQ_add1_attr_by_NID(X509_REQ *req, - int nid, int type, - const unsigned char *bytes, int len); + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, + int len); +OPENSSL_EXPORT int X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid, int type, + const unsigned char *bytes, + int len); OPENSSL_EXPORT int X509_REQ_add1_attr_by_txt(X509_REQ *req, - const char *attrname, int type, - const unsigned char *bytes, int len); + const char *attrname, int type, + const unsigned char *bytes, + int len); OPENSSL_EXPORT int X509_CRL_set_version(X509_CRL *x, long version); OPENSSL_EXPORT int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); @@ -888,195 +880,243 @@ OPENSSL_EXPORT int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); OPENSSL_EXPORT const ASN1_INTEGER *X509_REVOKED_get0_serialNumber( const X509_REVOKED *x); -OPENSSL_EXPORT int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); +OPENSSL_EXPORT int X509_REVOKED_set_serialNumber(X509_REVOKED *x, + ASN1_INTEGER *serial); OPENSSL_EXPORT const ASN1_TIME *X509_REVOKED_get0_revocationDate( const X509_REVOKED *x); -OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *r, + ASN1_TIME *tm); OPENSSL_EXPORT X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, - EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); + EVP_PKEY *skey, const EVP_MD *md, + unsigned int flags); -OPENSSL_EXPORT int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey); +OPENSSL_EXPORT int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); -OPENSSL_EXPORT int X509_check_private_key(X509 *x509, const EVP_PKEY *pkey); -OPENSSL_EXPORT int X509_chain_check_suiteb(int *perror_depth, - X509 *x, STACK_OF(X509) *chain, - unsigned long flags); -OPENSSL_EXPORT int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, - unsigned long flags); -OPENSSL_EXPORT STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); +OPENSSL_EXPORT int X509_check_private_key(X509 *x509, const EVP_PKEY *pkey); +OPENSSL_EXPORT int X509_chain_check_suiteb(int *perror_depth, X509 *x, + STACK_OF(X509) * chain, + unsigned long flags); +OPENSSL_EXPORT int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, + unsigned long flags); +OPENSSL_EXPORT STACK_OF(X509) * X509_chain_up_ref(STACK_OF(X509) * chain); -OPENSSL_EXPORT int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); -OPENSSL_EXPORT unsigned long X509_issuer_and_serial_hash(X509 *a); +OPENSSL_EXPORT int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +OPENSSL_EXPORT unsigned long X509_issuer_and_serial_hash(X509 *a); -OPENSSL_EXPORT int X509_issuer_name_cmp(const X509 *a, const X509 *b); -OPENSSL_EXPORT unsigned long X509_issuer_name_hash(X509 *a); +OPENSSL_EXPORT int X509_issuer_name_cmp(const X509 *a, const X509 *b); +OPENSSL_EXPORT unsigned long X509_issuer_name_hash(X509 *a); -OPENSSL_EXPORT int X509_subject_name_cmp(const X509 *a, const X509 *b); -OPENSSL_EXPORT unsigned long X509_subject_name_hash(X509 *x); +OPENSSL_EXPORT int X509_subject_name_cmp(const X509 *a, const X509 *b); +OPENSSL_EXPORT unsigned long X509_subject_name_hash(X509 *x); -OPENSSL_EXPORT unsigned long X509_issuer_name_hash_old(X509 *a); -OPENSSL_EXPORT unsigned long X509_subject_name_hash_old(X509 *x); +OPENSSL_EXPORT unsigned long X509_issuer_name_hash_old(X509 *a); +OPENSSL_EXPORT unsigned long X509_subject_name_hash_old(X509 *x); -OPENSSL_EXPORT int X509_cmp(const X509 *a, const X509 *b); -OPENSSL_EXPORT int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); -OPENSSL_EXPORT unsigned long X509_NAME_hash(X509_NAME *x); -OPENSSL_EXPORT unsigned long X509_NAME_hash_old(X509_NAME *x); +OPENSSL_EXPORT int X509_cmp(const X509 *a, const X509 *b); +OPENSSL_EXPORT int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +OPENSSL_EXPORT unsigned long X509_NAME_hash(X509_NAME *x); +OPENSSL_EXPORT unsigned long X509_NAME_hash_old(X509_NAME *x); -OPENSSL_EXPORT int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); -OPENSSL_EXPORT int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +OPENSSL_EXPORT int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +OPENSSL_EXPORT int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); #ifndef OPENSSL_NO_FP_API -OPENSSL_EXPORT int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag); -OPENSSL_EXPORT int X509_print_fp(FILE *bp,X509 *x); -OPENSSL_EXPORT int X509_CRL_print_fp(FILE *bp,X509_CRL *x); -OPENSSL_EXPORT int X509_REQ_print_fp(FILE *bp,X509_REQ *req); -OPENSSL_EXPORT int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags); +OPENSSL_EXPORT int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +OPENSSL_EXPORT int X509_print_fp(FILE *bp, X509 *x); +OPENSSL_EXPORT int X509_CRL_print_fp(FILE *bp, X509_CRL *x); +OPENSSL_EXPORT int X509_REQ_print_fp(FILE *bp, X509_REQ *req); +OPENSSL_EXPORT int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, + unsigned long flags); #endif -OPENSSL_EXPORT int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); -OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); -OPENSSL_EXPORT int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag); -OPENSSL_EXPORT int X509_print(BIO *bp,X509 *x); -OPENSSL_EXPORT int X509_ocspid_print(BIO *bp,X509 *x); -OPENSSL_EXPORT int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); -OPENSSL_EXPORT int X509_CRL_print(BIO *bp,X509_CRL *x); -OPENSSL_EXPORT int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); -OPENSSL_EXPORT int X509_REQ_print(BIO *bp,X509_REQ *req); - -OPENSSL_EXPORT int X509_NAME_entry_count(X509_NAME *name); -OPENSSL_EXPORT int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, - char *buf,int len); -OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, - char *buf,int len); - -/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use - * lastpos, search after that position on. */ -OPENSSL_EXPORT int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); -OPENSSL_EXPORT int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, - int lastpos); +OPENSSL_EXPORT int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); +OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, + unsigned long flags); +OPENSSL_EXPORT int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +OPENSSL_EXPORT int X509_print(BIO *bp, X509 *x); +OPENSSL_EXPORT int X509_ocspid_print(BIO *bp, X509 *x); +OPENSSL_EXPORT int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent); +OPENSSL_EXPORT int X509_CRL_print(BIO *bp, X509_CRL *x); +OPENSSL_EXPORT int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, + unsigned long cflag); +OPENSSL_EXPORT int X509_REQ_print(BIO *bp, X509_REQ *req); + +OPENSSL_EXPORT int X509_NAME_entry_count(X509_NAME *name); +OPENSSL_EXPORT int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, + char *buf, int len); +OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(X509_NAME *name, + const ASN1_OBJECT *obj, char *buf, + int len); + +// NOTE: you should be passsing -1, not 0 as lastpos. The functions that use +// lastpos, search after that position on. +OPENSSL_EXPORT int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, + int lastpos); +OPENSSL_EXPORT int X509_NAME_get_index_by_OBJ(X509_NAME *name, + const ASN1_OBJECT *obj, + int lastpos); OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); -OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); -OPENSSL_EXPORT int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, - int loc, int set); -OPENSSL_EXPORT int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len, int loc, int set); -OPENSSL_EXPORT int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, - const unsigned char *bytes, int len, int loc, int set); -OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, - const char *field, int type, const unsigned char *bytes, int len); -OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, - int type, const unsigned char *bytes, int len); -OPENSSL_EXPORT int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, - const unsigned char *bytes, int len, int loc, int set); -OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, - const ASN1_OBJECT *obj, int type,const unsigned char *bytes, - int len); -OPENSSL_EXPORT int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, - const ASN1_OBJECT *obj); -OPENSSL_EXPORT int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, - const unsigned char *bytes, int len); -OPENSSL_EXPORT ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); -OPENSSL_EXPORT ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); - -OPENSSL_EXPORT int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); -OPENSSL_EXPORT int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, - int nid, int lastpos); -OPENSSL_EXPORT int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, - const ASN1_OBJECT *obj,int lastpos); -OPENSSL_EXPORT int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, - int crit, int lastpos); -OPENSSL_EXPORT X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); -OPENSSL_EXPORT X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); -OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, - X509_EXTENSION *ex, int loc); - -OPENSSL_EXPORT int X509_get_ext_count(X509 *x); -OPENSSL_EXPORT int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); -OPENSSL_EXPORT int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos); -OPENSSL_EXPORT int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); +OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, + int loc); +OPENSSL_EXPORT int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, + int loc, int set); +OPENSSL_EXPORT int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len, int loc, int set); +OPENSSL_EXPORT int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, + int type, + const unsigned char *bytes, + int len, int loc, int set); +OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt( + X509_NAME_ENTRY **ne, const char *field, int type, + const unsigned char *bytes, int len); +OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID( + X509_NAME_ENTRY **ne, int nid, int type, const unsigned char *bytes, + int len); +OPENSSL_EXPORT int X509_NAME_add_entry_by_txt(X509_NAME *name, + const char *field, int type, + const unsigned char *bytes, + int len, int loc, int set); +OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ( + X509_NAME_ENTRY **ne, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +OPENSSL_EXPORT int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, + const ASN1_OBJECT *obj); +OPENSSL_EXPORT int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + const unsigned char *bytes, + int len); +OPENSSL_EXPORT ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); +OPENSSL_EXPORT ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); + +OPENSSL_EXPORT int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) * x); +OPENSSL_EXPORT int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) * x, + int nid, int lastpos); +OPENSSL_EXPORT int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) * x, + const ASN1_OBJECT *obj, int lastpos); +OPENSSL_EXPORT int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) * + x, + int crit, int lastpos); +OPENSSL_EXPORT X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) * + x, + int loc); +OPENSSL_EXPORT X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) * x, + int loc); +OPENSSL_EXPORT STACK_OF(X509_EXTENSION) * + X509v3_add_ext(STACK_OF(X509_EXTENSION) * *x, X509_EXTENSION *ex, int loc); + +OPENSSL_EXPORT int X509_get_ext_count(X509 *x); +OPENSSL_EXPORT int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); +OPENSSL_EXPORT int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos); +OPENSSL_EXPORT int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(X509 *x, int loc); OPENSSL_EXPORT X509_EXTENSION *X509_delete_ext(X509 *x, int loc); -OPENSSL_EXPORT int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); -OPENSSL_EXPORT void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); -OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, - unsigned long flags); - -OPENSSL_EXPORT int X509_CRL_get_ext_count(X509_CRL *x); -OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); -OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos); -OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos); +OPENSSL_EXPORT int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +OPENSSL_EXPORT void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); +OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, + unsigned long flags); + +OPENSSL_EXPORT int X509_CRL_get_ext_count(X509_CRL *x); +OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); +OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, + int lastpos); +OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, + int lastpos); OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); OPENSSL_EXPORT X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); -OPENSSL_EXPORT int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); -OPENSSL_EXPORT void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); -OPENSSL_EXPORT int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, - unsigned long flags); - -OPENSSL_EXPORT int X509_REVOKED_get_ext_count(X509_REVOKED *x); -OPENSSL_EXPORT int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); -OPENSSL_EXPORT int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos); -OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos); +OPENSSL_EXPORT int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, + int *idx); +OPENSSL_EXPORT int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, + int crit, unsigned long flags); + +OPENSSL_EXPORT int X509_REVOKED_get_ext_count(X509_REVOKED *x); +OPENSSL_EXPORT int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, + int lastpos); +OPENSSL_EXPORT int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, + ASN1_OBJECT *obj, int lastpos); +OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, + int lastpos); OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); -OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); -OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); -OPENSSL_EXPORT void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); -OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, - unsigned long flags); - -OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, - int nid, int crit, ASN1_OCTET_STRING *data); -OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, - const ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data); -OPENSSL_EXPORT int X509_EXTENSION_set_object(X509_EXTENSION *ex,const ASN1_OBJECT *obj); -OPENSSL_EXPORT int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); -OPENSSL_EXPORT int X509_EXTENSION_set_data(X509_EXTENSION *ex, - ASN1_OCTET_STRING *data); -OPENSSL_EXPORT ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); +OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, + int loc); +OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, + int loc); +OPENSSL_EXPORT void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, + int *crit, int *idx); +OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, + void *value, int crit, + unsigned long flags); + +OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_NID( + X509_EXTENSION **ex, int nid, int crit, ASN1_OCTET_STRING *data); +OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_OBJ( + X509_EXTENSION **ex, const ASN1_OBJECT *obj, int crit, + ASN1_OCTET_STRING *data); +OPENSSL_EXPORT int X509_EXTENSION_set_object(X509_EXTENSION *ex, + const ASN1_OBJECT *obj); +OPENSSL_EXPORT int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +OPENSSL_EXPORT int X509_EXTENSION_set_data(X509_EXTENSION *ex, + ASN1_OCTET_STRING *data); +OPENSSL_EXPORT ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); OPENSSL_EXPORT ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); -OPENSSL_EXPORT int X509_EXTENSION_get_critical(X509_EXTENSION *ex); - -OPENSSL_EXPORT int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); -OPENSSL_EXPORT int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, - int lastpos); -OPENSSL_EXPORT int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, const ASN1_OBJECT *obj, - int lastpos); -OPENSSL_EXPORT X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); -OPENSSL_EXPORT X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); -OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, - X509_ATTRIBUTE *attr); -OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len); -OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, - int nid, int type, - const unsigned char *bytes, int len); -OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, - const char *attrname, int type, - const unsigned char *bytes, int len); -OPENSSL_EXPORT void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, - ASN1_OBJECT *obj, int lastpos, int type); -OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, - int atrtype, const void *data, int len); -OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, - const ASN1_OBJECT *obj, int atrtype, const void *data, int len); -OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, - const char *atrname, int type, const unsigned char *bytes, int len); -OPENSSL_EXPORT int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); -OPENSSL_EXPORT int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len); +OPENSSL_EXPORT int X509_EXTENSION_get_critical(X509_EXTENSION *ex); + +OPENSSL_EXPORT int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) * x); +OPENSSL_EXPORT int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) * x, + int nid, int lastpos); +OPENSSL_EXPORT int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) * sk, + const ASN1_OBJECT *obj, int lastpos); +OPENSSL_EXPORT X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) * + x, + int loc); +OPENSSL_EXPORT X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) * x, + int loc); +OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) * + X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) * *x, X509_ATTRIBUTE *attr); +OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) * + X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) * *x, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) * + X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) * *x, int nid, int type, + const unsigned char *bytes, int len); +OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) * + X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) * *x, const char *attrname, + int type, const unsigned char *bytes, int len); +OPENSSL_EXPORT void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) * x, + ASN1_OBJECT *obj, int lastpos, + int type); +OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID( + X509_ATTRIBUTE **attr, int nid, int atrtype, const void *data, int len); +OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ( + X509_ATTRIBUTE **attr, const ASN1_OBJECT *obj, int atrtype, + const void *data, int len); +OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt( + X509_ATTRIBUTE **attr, const char *atrname, int type, + const unsigned char *bytes, int len); +OPENSSL_EXPORT int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, + const ASN1_OBJECT *obj); +OPENSSL_EXPORT int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + const void *data, int len); OPENSSL_EXPORT void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, - int atrtype, void *data); + int atrtype, void *data); OPENSSL_EXPORT int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr); OPENSSL_EXPORT ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); -OPENSSL_EXPORT ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); +OPENSSL_EXPORT ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, + int idx); -OPENSSL_EXPORT int X509_verify_cert(X509_STORE_CTX *ctx); +OPENSSL_EXPORT int X509_verify_cert(X509_STORE_CTX *ctx); -/* lookup a cert from a X509 STACK */ -OPENSSL_EXPORT X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name, - ASN1_INTEGER *serial); -OPENSSL_EXPORT X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name); +// lookup a cert from a X509 STACK +OPENSSL_EXPORT X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) * sk, + X509_NAME *name, + ASN1_INTEGER *serial); +OPENSSL_EXPORT X509 *X509_find_by_subject(STACK_OF(X509) * sk, X509_NAME *name); -/* PKCS#8 utilities */ +// PKCS#8 utilities DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) @@ -1084,27 +1124,27 @@ OPENSSL_EXPORT EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); OPENSSL_EXPORT int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, - int version, int ptype, void *pval, - unsigned char *penc, int penclen); + int version, int ptype, void *pval, + unsigned char *penc, int penclen); OPENSSL_EXPORT int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, - const unsigned char **pk, int *ppklen, - X509_ALGOR **pa, - PKCS8_PRIV_KEY_INFO *p8); + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8); -OPENSSL_EXPORT int X509_PUBKEY_set0_param(X509_PUBKEY *pub, const ASN1_OBJECT *aobj, - int ptype, void *pval, - unsigned char *penc, int penclen); +OPENSSL_EXPORT int X509_PUBKEY_set0_param(X509_PUBKEY *pub, + const ASN1_OBJECT *aobj, int ptype, + void *pval, unsigned char *penc, + int penclen); OPENSSL_EXPORT int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, - const unsigned char **pk, int *ppklen, - X509_ALGOR **pa, - X509_PUBKEY *pub); + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, X509_PUBKEY *pub); OPENSSL_EXPORT int X509_check_trust(X509 *x, int id, int flags); OPENSSL_EXPORT int X509_TRUST_get_count(void); -OPENSSL_EXPORT X509_TRUST * X509_TRUST_get0(int idx); +OPENSSL_EXPORT X509_TRUST *X509_TRUST_get0(int idx); OPENSSL_EXPORT int X509_TRUST_get_by_id(int id); -OPENSSL_EXPORT int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), - char *name, int arg1, void *arg2); +OPENSSL_EXPORT int X509_TRUST_add(int id, int flags, + int (*ck)(X509_TRUST *, X509 *, int), + char *name, int arg1, void *arg2); OPENSSL_EXPORT void X509_TRUST_cleanup(void); OPENSSL_EXPORT int X509_TRUST_get_flags(X509_TRUST *xp); OPENSSL_EXPORT char *X509_TRUST_get0_name(X509_TRUST *xp); @@ -1122,7 +1162,7 @@ DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) -#ifdef __cplusplus +#ifdef __cplusplus } #endif @@ -1160,8 +1200,8 @@ using ScopedX509_STORE_CTX = BSSL_NAMESPACE_END -} /* extern C++ */ -#endif /* !BORINGSSL_NO_CXX */ +} // extern C++ +#endif // !BORINGSSL_NO_CXX #define X509_R_AKID_MISMATCH 100 #define X509_R_BAD_PKCS7_VERSION 101 From beaf594f8b3969219d531e6ba77a08387befc929 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 19 Jun 2020 12:26:20 -0400 Subject: [PATCH 033/399] Remove X509_get_signature_type. This macro dates to SSLeay. It is never used and for good reason: it doesn't do anything. EVP_PKEY_type returns NID_undef if the NID is not key type, but it is being passed in a signature algorithm type. This means that, except for invalid certificates, or the rare algorithms where the two OIDs match (Ed25519), it always returns NID_undef. Update-Note: If there are any calls to X509_get_signature_type, remove them. It more-or-less always returned NID_undef. Change-Id: I6e2e41f171143c28f2afce2890f029b776cc36b5 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41806 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- include/openssl/x509.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 8f78f4a176..3efaea81d9 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -496,8 +496,6 @@ extern "C" { #define X509_REQ_get_subject_name(x) ((x)->req_info->subject) #define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) #define X509_name_cmp(a, b) X509_NAME_cmp((a), (b)) -#define X509_get_signature_type(x) \ - EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) #define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); From d206a11d483bd27065df25aa725289a0a7e740de Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 19 Jun 2020 14:54:52 -0400 Subject: [PATCH 034/399] Remove X509_CINF_get_issuer and X509_CINF_get_extensions. The X509_CINF_* macros were removed before OpenSSL 1.0.2 was released but after we forked. X509_CINF_set_modified and X509_CINF_get_signature have some users to clean up, but these two are unused. (OpenSSL 1.1.x's new X.509 API effectively no longer exposes X509_CINF at all. If we could align, that would simplify switching to retaining the full encoding rather than just TBSCertificate. But I think we'll need to add some functions to replace a few use cases they missed.) Update-Note: Two unused macros were removed. If there were uses, the X509-level accessors can be used instead. Change-Id: I9b5c7c08196885ee0bccc2658b1ad177bf3100e7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41807 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- include/openssl/x509.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 3efaea81d9..65c4e3a972 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -506,8 +506,6 @@ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); #define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) #define X509_CINF_set_modified(c) ((c)->enc.modified = 1) -#define X509_CINF_get_issuer(c) (&(c)->issuer) -#define X509_CINF_get_extensions(c) ((c)->extensions) #define X509_CINF_get_signature(c) ((c)->signature) OPENSSL_EXPORT void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); From 33f8d33af0dcb083610e978baad5a8b6e1cfee82 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 19 Jun 2020 12:25:34 -0400 Subject: [PATCH 035/399] Convert X.509 accessor macros to proper functions. We'll need the accessors to be functions if we ever make X509 opaque. Functions are also type-checked and avoid confusing code search's cross reference features. Update-Note: This should be compatible, but it is possible that someone, e.g., passed in a bssl::UniquePtr to an accessor and relied on operator->. Callers may also run afoul of const correctness. I mirrored OpenSSL 1.1.1's consts, so it should at least be compatible with third-party code. Change-Id: I65dadc4e9ac0042576dc4db0f194d2e6b786ccca Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41808 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/x509/x509_req.c | 10 ++++ crypto/x509/x509_set.c | 41 ++++++++++++++++ crypto/x509/x509cset.c | 25 ++++++++++ crypto/x509/x_crl.c | 3 ++ include/openssl/x509.h | 109 +++++++++++++++++++++++++++++++++-------- 5 files changed, 167 insertions(+), 21 deletions(-) diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index d918b09706..9ab6e9dab4 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -107,6 +107,16 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) return (NULL); } +long X509_REQ_get_version(const X509_REQ *req) +{ + return ASN1_INTEGER_get(req->req_info->version); +} + +X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req) +{ + return req->req_info->subject; +} + EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) { if ((req == NULL) || (req->req_info == NULL)) diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 5242e345c3..e7bfbe38af 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -60,6 +60,16 @@ #include #include +long X509_get_version(const X509 *x509) +{ + return ASN1_INTEGER_get(x509->cert_info->version); +} + +X509_CINF *X509_get_cert_info(const X509 *x509) +{ + return x509->cert_info; +} + int X509_set_version(X509 *x, long version) { if (x == NULL) @@ -137,6 +147,14 @@ ASN1_TIME *X509_getm_notBefore(X509 *x) return x->cert_info->validity->notBefore; } +ASN1_TIME *X509_get_notBefore(const X509 *x509) +{ + // In OpenSSL, this function is an alias for |X509_getm_notBefore|, but our + // |X509_getm_notBefore| is const-correct. |X509_get_notBefore| was + // originally a macro, so it needs to capture both get0 and getm use cases. + return x509->cert_info->validity->notBefore; +} + int X509_set_notAfter(X509 *x, const ASN1_TIME *tm) { ASN1_TIME *in; @@ -167,6 +185,14 @@ ASN1_TIME *X509_getm_notAfter(X509 *x) return x->cert_info->validity->notAfter; } +ASN1_TIME *X509_get_notAfter(const X509 *x509) +{ + // In OpenSSL, this function is an alias for |X509_getm_notAfter|, but our + // |X509_getm_notAfter| is const-correct. |X509_get_notAfter| was + // originally a macro, so it needs to capture both get0 and getm use cases. + return x509->cert_info->validity->notAfter; +} + int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) { if ((x == NULL) || (x->cert_info == NULL)) @@ -183,3 +209,18 @@ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) { return x->cert_info->signature; } + +void X509_CINF_set_modified(X509_CINF *cinf) +{ + cinf->enc.modified = 1; +} + +const X509_ALGOR *X509_CINF_get_signature(const X509_CINF *cinf) +{ + return cinf->signature; +} + +X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509) +{ + return x509->cert_info->key; +} diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index 6f2708c1d0..d2f2b8fa0b 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -135,6 +135,11 @@ int X509_CRL_up_ref(X509_CRL *crl) return 1; } +long X509_CRL_get_version(const X509_CRL *crl) +{ + return ASN1_INTEGER_get(crl->crl->version); +} + const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl) { return crl->crl->lastUpdate; @@ -145,6 +150,26 @@ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl) return crl->crl->nextUpdate; } +ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl) +{ + return crl->crl->lastUpdate; +} + +ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl) +{ + return crl->crl->nextUpdate; +} + +X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl) +{ + return crl->crl->issuer; +} + +STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl) +{ + return crl->crl->revoked; +} + void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg) { diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c index 47e0ba5a94..f8ec4a330c 100644 --- a/crypto/x509/x_crl.c +++ b/crypto/x509/x_crl.c @@ -126,6 +126,9 @@ static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, * affect the output of X509_CRL_print(). */ case ASN1_OP_D2I_POST: + /* TODO(davidben): Check that default |versions| are never encoded and + * that |extensions| is only present in v2. */ + (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp); break; } diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 65c4e3a972..342569c1ca 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -486,27 +486,94 @@ struct pkcs8_priv_key_info_st { extern "C" { #endif -#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) -// #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) -#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) -#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) -#define X509_get_cert_info(x) ((x)->cert_info) -#define X509_extract_key(x) X509_get_pubkey(x) //*** -#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) -#define X509_REQ_get_subject_name(x) ((x)->req_info->subject) +// X509_get_version returns the numerical value of |x509|'s version. That is, +// it returns zero for X.509v1, one for X.509v2, and two for X.509v3. Unknown +// versions are rejected by the parser, but a manually-created |X509| object may +// encode invalid versions. In that case, the function will return the invalid +// version, or -1 on overflow. +OPENSSL_EXPORT long X509_get_version(const X509 *x509); + +// X509_get_notBefore returns |x509|'s notBefore value. Note this function is +// not const-correct for legacy reasons. Use |X509_get0_notBefore| or +// |X509_getm_notBefore| instead. +OPENSSL_EXPORT ASN1_TIME *X509_get_notBefore(const X509 *x509); + +// X509_get_notAfter returns |x509|'s notAfter value. Note this function is not +// const-correct for legacy reasons. Use |X509_get0_notAfter| or +// |X509_getm_notAfter| instead. +OPENSSL_EXPORT ASN1_TIME *X509_get_notAfter(const X509 *x509); + +// X509_get_cert_info returns |x509|'s TBSCertificate structure. Note this +// function is not const-correct for legacy reasons. +// +// This function is deprecated and may be removed in the future. It is not +// present in OpenSSL and constrains some improvements to the library. +OPENSSL_EXPORT X509_CINF *X509_get_cert_info(const X509 *x509); + +// X509_extract_key is a legacy alias to |X509_get_pubkey|. Use +// |X509_get_pubkey| instead. +#define X509_extract_key(x) X509_get_pubkey(x) + +// X509_REQ_get_version returns the numerical value of |req|'s version. That is, +// it returns zero for a v1 request. If |req| is invalid, it may return another +// value, or -1 on overflow. +OPENSSL_EXPORT long X509_REQ_get_version(const X509_REQ *req); + +// X509_REQ_get_subject_name returns |req|'s subject name. Note this function is +// not const-correct for legacy reasons. +OPENSSL_EXPORT X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); + +// X509_REQ_extract_key is a legacy alias for |X509_REQ_get_pubkey|. #define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) + +// X509_name_cmp is a legacy alias for |X509_NAME_cmp|. #define X509_name_cmp(a, b) X509_NAME_cmp((a), (b)) -#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) -const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); -const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); -#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) -#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) -#define X509_CRL_get_issuer(x) ((x)->crl->issuer) -#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) +// X509_REQ_get_version returns the numerical value of |crl|'s version. That is, +// it returns zero for a v1 CRL and one for a v2 CRL. If |crl| is invalid, it +// may return another value, or -1 on overflow. +OPENSSL_EXPORT long X509_CRL_get_version(const X509_CRL *crl); + +// X509_CRL_get0_lastUpdate returns |crl|'s lastUpdate time. +OPENSSL_EXPORT const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); + +// X509_CRL_get0_lastUpdate returns |crl|'s nextUpdate time. +OPENSSL_EXPORT const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); + +// X509_CRL_get_lastUpdate returns a mutable pointer to |crl|'s lastUpdate time. +// Use |X509_CRL_get0_lastUpdate| or |X509_CRL_set_lastUpdate| instead. +OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl); -#define X509_CINF_set_modified(c) ((c)->enc.modified = 1) -#define X509_CINF_get_signature(c) ((c)->signature) +// X509_CRL_get_nextUpdate returns a mutable pointer to |crl|'s nextUpdate time. +// Use |X509_CRL_get0_nextUpdate| or |X509_CRL_set_nextUpdate| instead. +OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl); + +// X509_CRL_get_issuer returns |crl|'s issuer name. Note this function is not +// const-correct for legacy reasons. +OPENSSL_EXPORT X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); + +// X509_CRL_get_REVOKED returns the list of revoked certificates in |crl|. +// +// TOOD(davidben): This function was originally a macro, without clear const +// semantics. It should take a const input and give const output, but the latter +// would break existing callers. For now, we match upstream. +OPENSSL_EXPORT STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); + +// X509_CINF_set_modified marks |cinf| as modified so that changes will be +// reflected in serializing the structure. +// +// This function is deprecated and may be removed in the future. It is not +// present in OpenSSL and constrains some improvements to the library. +OPENSSL_EXPORT void X509_CINF_set_modified(X509_CINF *cinf); + +// X509_CINF_get_signature returns the signature algorithm in |cinf|. Note this +// isn't the signature itself, but the extra copy of the signature algorithm +// in the TBSCertificate. +// +// This function is deprecated and may be removed in the future. It is not +// present in OpenSSL and constrains some improvements to the library. Use +// |X509_get0_tbs_sigalg| instead. +OPENSSL_EXPORT const X509_ALGOR *X509_CINF_get_signature(const X509_CINF *cinf); OPENSSL_EXPORT void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); OPENSSL_EXPORT X509_CRL_METHOD *X509_CRL_METHOD_new( @@ -519,10 +586,10 @@ OPENSSL_EXPORT void X509_CRL_METHOD_free(X509_CRL_METHOD *m); OPENSSL_EXPORT void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); OPENSSL_EXPORT void *X509_CRL_get_meth_data(X509_CRL *crl); -// This one is only used so that a binary form can output, as in -// i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) -#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) - +// X509_get_X509_PUBKEY returns the public key of |x509|. Note this function is +// not const-correct for legacy reasons. Callers should not modify the returned +// object. +X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509); OPENSSL_EXPORT const char *X509_verify_cert_error_string(long n); From d1d8eee76bea03ca9a2667dc06ccaa6a1e2565b8 Mon Sep 17 00:00:00 2001 From: Pete Bentley Date: Mon, 22 Jun 2020 13:42:49 +0100 Subject: [PATCH 036/399] Remove uneeded switch statement. Warnings for switch statements with just a default case are now fatal with the latest Windows toolchain used by Github workflows. So indirectly this was breaking Conscrypt's continuous integration and possibly other projects using BoringSSL which run CI on Windows. Example: https://github.com/google/conscrypt/runs/793502854?check_suite_focus=true Change-Id: Ia09b86f3292299089c6536862a170677a8024984 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41844 Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- decrepit/bio/base64_bio.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/decrepit/bio/base64_bio.c b/decrepit/bio/base64_bio.c index 139d562509..eb87186faa 100644 --- a/decrepit/bio/base64_bio.c +++ b/decrepit/bio/base64_bio.c @@ -513,17 +513,10 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) { } static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb fp) { - long ret = 1; - if (b->next_bio == NULL) { return 0; } - switch (cmd) { - default: - ret = BIO_callback_ctrl(b->next_bio, cmd, fp); - break; - } - return ret; + return BIO_callback_ctrl(b->next_bio, cmd, fp); } static const BIO_METHOD b64_method = { From 430a7423039682e4bbc7b522e3b57b2c8dca5e3b Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 19 Jun 2020 17:58:27 -0400 Subject: [PATCH 037/399] Const-correct various functions in crypto/asn1. The const ASN1_TIME getters don't work well because some const functions aren't marked as such. I took a pass over the header and fixed the ones I noticed. Change-Id: I7eede530abc14ba0aab5763561c6f2dcf09e9659 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41824 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/asn1/a_bitstr.c | 6 +++--- crypto/asn1/a_enum.c | 6 +++--- crypto/asn1/a_int.c | 2 +- crypto/asn1/a_object.c | 6 +++--- crypto/asn1/a_time.c | 4 ++-- crypto/asn1/a_type.c | 2 +- crypto/asn1/asn1_lib.c | 2 +- crypto/asn1/asn1_test.cc | 2 +- crypto/asn1/asn_pack.c | 2 +- crypto/asn1/f_enum.c | 2 +- crypto/asn1/f_int.c | 2 +- crypto/asn1/f_string.c | 2 +- crypto/x509/a_strex.c | 8 ++++---- crypto/x509/asn1_gen.c | 8 ++++---- include/openssl/asn1.h | 44 ++++++++++++++++++++-------------------- 15 files changed, 49 insertions(+), 49 deletions(-) diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index 39426389e0..4024ed2b24 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -70,7 +70,7 @@ int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) return M_ASN1_BIT_STRING_set(x, d, len); } -int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) +int i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *a, unsigned char **pp) { int ret, j, bits, len; unsigned char *p, *d; @@ -233,7 +233,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) return (1); } -int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n) +int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n) { int w, v; @@ -250,7 +250,7 @@ int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n) * which is not specified in 'flags', 1 otherwise. * 'len' is the length of 'flags'. */ -int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a, +int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, unsigned char *flags, int flags_len) { int i, ok; diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c index 11e60ac39c..b99663b224 100644 --- a/crypto/asn1/a_enum.c +++ b/crypto/asn1/a_enum.c @@ -108,7 +108,7 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) return (1); } -long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) +long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a) { int neg = 0, i; @@ -147,7 +147,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) return r; } -ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai) { ASN1_ENUMERATED *ret; int len, j; @@ -183,7 +183,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) return (NULL); } -BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn) +BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn) { BIGNUM *ret; diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 7b483f2d4b..2eda6c08dc 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -115,7 +115,7 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) * followed by optional zeros isn't padded. */ -int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) +int i2c_ASN1_INTEGER(const ASN1_INTEGER *a, unsigned char **pp) { int pad = 0, ret, i, neg; unsigned char *p, *n, pb = 0; diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 97335bfd88..aa98453ef0 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -66,7 +66,7 @@ #include "../internal.h" -int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) +int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) { unsigned char *p, *allocated = NULL; int objsize; @@ -98,12 +98,12 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) return objsize; } -int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) +int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a) { return OBJ_obj2txt(buf, buf_len, a, 0); } -int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) +int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a) { char buf[80], *p = buf; int i; diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 51aae5d9fa..98a9c3e658 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -100,7 +100,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec); } -int ASN1_TIME_check(ASN1_TIME *t) +int ASN1_TIME_check(const ASN1_TIME *t) { if (t->type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_check(t); @@ -110,7 +110,7 @@ int ASN1_TIME_check(ASN1_TIME *t) } /* Convert an ASN1_TIME structure to GeneralizedTime */ -ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, +ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) { ASN1_GENERALIZEDTIME *ret = NULL; diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 734ff8b4d4..c12edfafc1 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -61,7 +61,7 @@ #include #include -int ASN1_TYPE_get(ASN1_TYPE *a) +int ASN1_TYPE_get(const ASN1_TYPE *a) { if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) return (a->type); diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 8526aba389..1091009177 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -430,7 +430,7 @@ void ASN1_STRING_length_set(ASN1_STRING *x, int len) return; } -int ASN1_STRING_type(ASN1_STRING *x) +int ASN1_STRING_type(const ASN1_STRING *x) { return M_ASN1_STRING_type(x); } diff --git a/crypto/asn1/asn1_test.cc b/crypto/asn1/asn1_test.cc index ff80e492e1..7f71c8c87e 100644 --- a/crypto/asn1/asn1_test.cc +++ b/crypto/asn1/asn1_test.cc @@ -174,7 +174,7 @@ TEST(ASN1Test, SerializeObject) { static const uint8_t kDER[] = {0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01}; const ASN1_OBJECT *obj = OBJ_nid2obj(NID_rsaEncryption); - TestSerialize(const_cast(obj), i2d_ASN1_OBJECT, kDER); + TestSerialize(obj, i2d_ASN1_OBJECT, kDER); } TEST(ASN1Test, SerializeBoolean) { diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c index eff54e55c6..3c7116ed32 100644 --- a/crypto/asn1/asn_pack.c +++ b/crypto/asn1/asn_pack.c @@ -93,7 +93,7 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) /* Extract an ASN1 object from an ASN1_STRING */ -void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it) +void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it) { const unsigned char *p; void *ret; diff --git a/crypto/asn1/f_enum.c b/crypto/asn1/f_enum.c index 7ce479dc4f..e28755d029 100644 --- a/crypto/asn1/f_enum.c +++ b/crypto/asn1/f_enum.c @@ -60,7 +60,7 @@ /* Based on a_int.c: equivalent ENUMERATED functions */ -int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a) +int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a) { int i, n = 0; static const char *h = "0123456789ABCDEF"; diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c index 79ea152b6c..25338d886b 100644 --- a/crypto/asn1/f_int.c +++ b/crypto/asn1/f_int.c @@ -58,7 +58,7 @@ #include -int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a) +int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a) { int i, n = 0; static const char *h = "0123456789ABCDEF"; diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c index 97c6ae7de3..01d9dec002 100644 --- a/crypto/asn1/f_string.c +++ b/crypto/asn1/f_string.c @@ -58,7 +58,7 @@ #include -int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type) +int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type) { int i, n = 0; static const char *h = "0123456789ABCDEF"; diff --git a/crypto/x509/a_strex.c b/crypto/x509/a_strex.c index 6dc183acf0..eeec5d15e7 100644 --- a/crypto/x509/a_strex.c +++ b/crypto/x509/a_strex.c @@ -296,7 +296,7 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, */ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, - ASN1_STRING *str) + const ASN1_STRING *str) { /* * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to @@ -354,7 +354,7 @@ static const signed char tag2nbyte[] = { */ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, - ASN1_STRING *str) + const ASN1_STRING *str) { int outlen, len; int type; @@ -610,13 +610,13 @@ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, } #endif -int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags) +int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags) { return do_print_ex(send_bio_chars, out, flags, str); } #ifndef OPENSSL_NO_FP_API -int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags) +int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags) { return do_print_ex(send_fp_chars, fp, flags, str); } diff --git a/crypto/x509/asn1_gen.c b/crypto/x509/asn1_gen.c index 98a6facd01..f61fdde831 100644 --- a/crypto/x509/asn1_gen.c +++ b/crypto/x509/asn1_gen.c @@ -123,7 +123,7 @@ typedef struct { int exp_count; } tag_exp_arg; -static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, +static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, int *perr); static int bitstr_cb(const char *elem, int len, void *bitstr); static int asn1_cb(const char *elem, int len, void *bitstr); @@ -136,7 +136,7 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); static int asn1_str2tag(const char *tagstr, int len); -ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf) +ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf) { X509V3_CTX cnf; @@ -147,7 +147,7 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf) return ASN1_generate_v3(str, &cnf); } -ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) +ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf) { int err = 0; ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err); @@ -156,7 +156,7 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) return ret; } -static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, +static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, int *perr) { ASN1_TYPE *ret; diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 6ae831b821..c1a8d5af47 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -619,14 +619,14 @@ typedef struct BIT_STRING_BITNAME_st { DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) -OPENSSL_EXPORT int ASN1_TYPE_get(ASN1_TYPE *a); +OPENSSL_EXPORT int ASN1_TYPE_get(const ASN1_TYPE *a); OPENSSL_EXPORT void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); OPENSSL_EXPORT int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); OPENSSL_EXPORT int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); OPENSSL_EXPORT ASN1_OBJECT * ASN1_OBJECT_new(void ); OPENSSL_EXPORT void ASN1_OBJECT_free(ASN1_OBJECT *a); -OPENSSL_EXPORT int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp); +OPENSSL_EXPORT int i2d_ASN1_OBJECT(const ASN1_OBJECT *a,unsigned char **pp); OPENSSL_EXPORT ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp, long length); OPENSSL_EXPORT ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp, @@ -648,23 +648,23 @@ OPENSSL_EXPORT int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len OPENSSL_EXPORT void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); OPENSSL_EXPORT int ASN1_STRING_length(const ASN1_STRING *x); OPENSSL_EXPORT void ASN1_STRING_length_set(ASN1_STRING *x, int n); -OPENSSL_EXPORT int ASN1_STRING_type(ASN1_STRING *x); +OPENSSL_EXPORT int ASN1_STRING_type(const ASN1_STRING *x); OPENSSL_EXPORT unsigned char * ASN1_STRING_data(ASN1_STRING *x); OPENSSL_EXPORT const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) -OPENSSL_EXPORT int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp); +OPENSSL_EXPORT int i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *a,unsigned char **pp); OPENSSL_EXPORT ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp, long length); OPENSSL_EXPORT int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length ); OPENSSL_EXPORT int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); -OPENSSL_EXPORT int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); -OPENSSL_EXPORT int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a, unsigned char *flags, int flags_len); +OPENSSL_EXPORT int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); +OPENSSL_EXPORT int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, unsigned char *flags, int flags_len); OPENSSL_EXPORT int i2d_ASN1_BOOLEAN(int a,unsigned char **pp); OPENSSL_EXPORT int d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length); DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) -OPENSSL_EXPORT int i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp); +OPENSSL_EXPORT int i2c_ASN1_INTEGER(const ASN1_INTEGER *a,unsigned char **pp); OPENSSL_EXPORT ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp, long length); OPENSSL_EXPORT ASN1_INTEGER * ASN1_INTEGER_dup(const ASN1_INTEGER *x); OPENSSL_EXPORT int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); @@ -713,15 +713,15 @@ DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t); OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s,time_t t, int offset_day, long offset_sec); -OPENSSL_EXPORT int ASN1_TIME_check(ASN1_TIME *t); -OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); +OPENSSL_EXPORT int ASN1_TIME_check(const ASN1_TIME *t); +OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); OPENSSL_EXPORT int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); -OPENSSL_EXPORT int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); -OPENSSL_EXPORT int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a); -OPENSSL_EXPORT int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a); -OPENSSL_EXPORT int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type); -OPENSSL_EXPORT int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a); +OPENSSL_EXPORT int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); +OPENSSL_EXPORT int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a); +OPENSSL_EXPORT int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a); +OPENSSL_EXPORT int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type); +OPENSSL_EXPORT int i2t_ASN1_OBJECT(char *buf,int buf_len, const ASN1_OBJECT *a); OPENSSL_EXPORT ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len, const char *sn, const char *ln); @@ -732,9 +732,9 @@ OPENSSL_EXPORT ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER * OPENSSL_EXPORT BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai,BIGNUM *bn); OPENSSL_EXPORT int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); -OPENSSL_EXPORT long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); -OPENSSL_EXPORT ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); -OPENSSL_EXPORT BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn); +OPENSSL_EXPORT long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +OPENSSL_EXPORT ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); +OPENSSL_EXPORT BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai,BIGNUM *bn); /* General */ /* given a string, return the correct type, max is the maximum length */ @@ -753,7 +753,7 @@ OPENSSL_EXPORT void *ASN1_item_dup(const ASN1_ITEM *it, void *x); #ifndef OPENSSL_NO_FP_API OPENSSL_EXPORT void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); OPENSSL_EXPORT int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); -OPENSSL_EXPORT int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); +OPENSSL_EXPORT int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); #endif OPENSSL_EXPORT int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); @@ -764,12 +764,12 @@ OPENSSL_EXPORT int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); OPENSSL_EXPORT int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); OPENSSL_EXPORT int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); -OPENSSL_EXPORT int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); +OPENSSL_EXPORT int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); OPENSSL_EXPORT const char *ASN1_tag2str(int tag); /* Used to load and write netscape format cert */ -OPENSSL_EXPORT void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); +OPENSSL_EXPORT void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); OPENSSL_EXPORT ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); @@ -793,8 +793,8 @@ OPENSSL_EXPORT ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char OPENSSL_EXPORT int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); OPENSSL_EXPORT int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); -OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); -OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); +OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); #ifdef __cplusplus From 86f86cbdf717876feb724e640ac4ea251a0cba31 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 29 Jun 2020 10:54:47 -0400 Subject: [PATCH 038/399] Add missing OPENSSL_EXPORT to X509_get_X509_PUBKEY. Thanks to Daniel Stenberg for noticing this. Change-Id: I4e1e75d879dc8a09a9d077d710a69804b31ad7bd Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41924 Commit-Queue: David Benjamin Commit-Queue: Steven Valdez Reviewed-by: Steven Valdez --- include/openssl/x509.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 342569c1ca..fb6d0bc890 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -589,7 +589,7 @@ OPENSSL_EXPORT void *X509_CRL_get_meth_data(X509_CRL *crl); // X509_get_X509_PUBKEY returns the public key of |x509|. Note this function is // not const-correct for legacy reasons. Callers should not modify the returned // object. -X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509); +OPENSSL_EXPORT X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509); OPENSSL_EXPORT const char *X509_verify_cert_error_string(long n); From b3c5ac51d533aa852530e7fa03ccd7d2ea5a8752 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 22 Jun 2020 15:02:49 -0400 Subject: [PATCH 039/399] Add a -wait-for-debugger flag to runner. xterm on macOS is surprisingly difficult to get at these days. Instead, add an option to make bssl_shim SIGSTOP itself so a debugger can resume it. Change-Id: Ie3cf02744557f46c8fa08c162276b5ff851a51c7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41864 Commit-Queue: Steven Valdez Reviewed-by: Steven Valdez --- ssl/test/bssl_shim.cc | 10 ++++++ ssl/test/runner/runner.go | 71 ++++++++++++++++++++++++++++----------- ssl/test/test_config.cc | 1 + ssl/test/test_config.h | 1 + 4 files changed, 63 insertions(+), 20 deletions(-) diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index d8652ea942..a91524adff 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -1198,6 +1198,16 @@ int main(int argc, char **argv) { return 0; } + if (initial_config.wait_for_debugger) { +#if defined(OPENSSL_WINDOWS) + fprintf(stderr, "-wait-for-debugger is not supported on Windows.\n"); + return 1; +#else + // The debugger will resume the process. + raise(SIGSTOP); +#endif + } + bssl::UniquePtr ssl_ctx; bssl::UniquePtr session; diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index deddb0342b..e34980ddde 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -53,13 +53,14 @@ var ( useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind") useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb") useLLDB = flag.Bool("lldb", false, "If true, run BoringSSL code under lldb") + waitForDebugger = flag.Bool("wait-for-debugger", false, "If true, jobs will run one at a time and pause for a debugger to attach") flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection") mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.") mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.") jsonOutput = flag.String("json-output", "", "The file to output JSON results to.") pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.") testToRun = flag.String("test", "", "The pattern to filter tests to run, or empty to run all tests") - numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.") + numWorkersFlag = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.") shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.") handshakerPath = flag.String("handshaker-path", "../../../build/ssl/test/handshaker", "The location of the handshaker binary.") resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.") @@ -249,6 +250,10 @@ func initCertificates() { garbageCertificate.PrivateKey = rsaCertificate.PrivateKey } +func useDebugger() bool { + return *useGDB || *useLLDB || *waitForDebugger +} + // delegatedCredentialConfig specifies the shape of a delegated credential, not // including the keys themselves. type delegatedCredentialConfig struct { @@ -725,7 +730,9 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, tr config.Time = func() time.Time { return time.Unix(1234, 1234) } } - conn = &timeoutConn{conn, *idleTimeout} + if !useDebugger() { + conn = &timeoutConn{conn, *idleTimeout} + } if test.protocol == dtls { config.Bugs.PacketAdaptor = newPacketAdaptor(conn) @@ -1168,7 +1175,7 @@ func acceptOrWait(listener *net.TCPListener, waitChan chan error) (net.Conn, err } connChan := make(chan connOrError, 1) go func() { - if !*useGDB { + if !useDebugger() { listener.SetDeadline(time.Now().Add(*idleTimeout)) } conn, err := listener.Accept() @@ -1196,7 +1203,7 @@ func translateExpectedError(errorStr string) string { return errorStr } -func runTest(test *testCase, shimPath string, mallocNumToFail int64) error { +func runTest(statusChan chan statusMsg, test *testCase, shimPath string, mallocNumToFail int64) error { // Help debugging panics on the Go side. defer func() { if r := recover(); r != nil { @@ -1324,6 +1331,10 @@ func runTest(test *testCase, shimPath string, mallocNumToFail int64) error { flags = append(flags, "-handshaker-path", *handshakerPath) + if *waitForDebugger { + flags = append(flags, "-wait-for-debugger") + } + var transcriptPrefix string var transcripts [][]byte if len(*transcriptDir) != 0 { @@ -1375,6 +1386,7 @@ func runTest(test *testCase, shimPath string, mallocNumToFail int64) error { if err := shim.Start(); err != nil { panic(err) } + statusChan <- statusMsg{test: test, statusType: statusShimStarted, pid: shim.Process.Pid} waitChan := make(chan error, 1) go func() { waitChan <- shim.Wait() }() @@ -1417,7 +1429,7 @@ func runTest(test *testCase, shimPath string, mallocNumToFail int64) error { listener = nil var childErr error - if *useGDB { + if !useDebugger() { childErr = <-waitChan } else { waitTimeout := time.AfterFunc(*idleTimeout, func() { @@ -15548,8 +15560,8 @@ func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sy if *mallocTest >= 0 { for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ { - statusChan <- statusMsg{test: test, started: true} - if err = runTest(test, shimPath, mallocNumToFail); err != errMoreMallocs { + statusChan <- statusMsg{test: test, statusType: statusStarted} + if err = runTest(statusChan, test, shimPath, mallocNumToFail); err != errMoreMallocs { if err != nil { fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err) } @@ -15558,21 +15570,30 @@ func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sy } } else if *repeatUntilFailure { for err == nil { - statusChan <- statusMsg{test: test, started: true} - err = runTest(test, shimPath, -1) + statusChan <- statusMsg{test: test, statusType: statusStarted} + err = runTest(statusChan, test, shimPath, -1) } } else { - statusChan <- statusMsg{test: test, started: true} - err = runTest(test, shimPath, -1) + statusChan <- statusMsg{test: test, statusType: statusStarted} + err = runTest(statusChan, test, shimPath, -1) } - statusChan <- statusMsg{test: test, err: err} + statusChan <- statusMsg{test: test, statusType: statusDone, err: err} } } +type statusType int + +const ( + statusStarted statusType = iota + statusShimStarted + statusDone +) + type statusMsg struct { - test *testCase - started bool - err error + test *testCase + statusType statusType + pid int + err error } func statusPrinter(doneChan chan *testresult.Results, statusChan chan statusMsg, total int) { @@ -15589,9 +15610,9 @@ func statusPrinter(doneChan chan *testresult.Results, statusChan chan statusMsg, fmt.Print(erase) } - if msg.started { + if msg.statusType == statusStarted { started++ - } else { + } else if msg.statusType == statusDone { done++ if msg.err != nil { @@ -15623,6 +15644,11 @@ func statusPrinter(doneChan chan *testresult.Results, statusChan chan statusMsg, if !*pipe { // Print a new status line. line := fmt.Sprintf("%d/%d/%d/%d/%d", failed, unimplemented, done, started, total) + if msg.statusType == statusShimStarted && *waitForDebugger { + // Note -wait-for-debugger limits the test to one worker, + // otherwise some output would be skipped. + line += fmt.Sprintf(" (%s: attach to process %d to continue)", msg.test.name, msg.pid) + } lineLen = len(line) os.Stdout.WriteString(line) } @@ -15683,8 +15709,13 @@ func main() { var wg sync.WaitGroup - statusChan := make(chan statusMsg, *numWorkers) - testChan := make(chan *testCase, *numWorkers) + numWorkers := *numWorkersFlag + if useDebugger() { + numWorkers = 1 + } + + statusChan := make(chan statusMsg, numWorkers) + testChan := make(chan *testCase, numWorkers) doneChan := make(chan *testresult.Results) if len(*shimConfigFile) != 0 { @@ -15702,7 +15733,7 @@ func main() { go statusPrinter(doneChan, statusChan, len(testCases)) - for i := 0; i < *numWorkers; i++ { + for i := 0; i < numWorkers; i++ { wg.Add(1) go worker(statusChan, testChan, *shimPath, &wg) } diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc index d4b71b4c23..062a43a7e7 100644 --- a/ssl/test/test_config.cc +++ b/ssl/test/test_config.cc @@ -152,6 +152,7 @@ const Flag kBoolFlags[] = { &TestConfig::expect_delegated_credential_used}, {"-expect-hrr", &TestConfig::expect_hrr}, {"-expect-no-hrr", &TestConfig::expect_no_hrr}, + {"-wait-for-debugger", &TestConfig::wait_for_debugger}, }; const Flag kStringFlags[] = { diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h index 0974a160aa..f424f8b7f2 100644 --- a/ssl/test/test_config.h +++ b/ssl/test/test_config.h @@ -177,6 +177,7 @@ struct TestConfig { std::string expect_early_data_reason; bool expect_hrr = false; bool expect_no_hrr = false; + bool wait_for_debugger = false; int argc; char **argv; From 5fa22ed85e94b456d32399dc7fba40f9db211553 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 22 Jun 2020 17:08:11 -0400 Subject: [PATCH 040/399] Avoid relying on SSL_get_session's behavior during the handshake. Mid-renegotiation, there are a lot of sets of TLS parameters flying around. We need to be clear which one we want for each operation. There were a few parts of TLS 1.2 which were relying on SSL_get_session to abstract between the resumption session and a new session. Implement that separately as ssl_handshake_session, so we're free to avoid SSL_get_session returning an incomplete session mid-renegotiation. This doesn't fixed the linked Chromium bug, but it is necessary to do so. (I'm trying to separate the SSL_get_session change from the dependencies within the library.) Update-Note: SSL_generate_key_block will now fail mid-handshake. It is ambiguous which key block to use and, in some cases, we may not even be able to compute the right key block. Bug: chromium:1010748 Change-Id: I30c8a683bb506310e37adbd05a28e3b8de6e6836 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41865 Reviewed-by: Steven Valdez Commit-Queue: David Benjamin --- include/openssl/ssl.h | 6 ++-- ssl/handoff.cc | 6 ++-- ssl/handshake.cc | 11 +++++-- ssl/internal.h | 20 ++++++++----- ssl/t1_enc.cc | 69 ++++++++++++++++++++++++++++--------------- 5 files changed, 74 insertions(+), 38 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 8e11ef25e9..f804928749 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -3604,11 +3604,13 @@ OPENSSL_EXPORT int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv, const uint8_t **out_write_iv, size_t *out_iv_len); -// SSL_get_key_block_len returns the length of |ssl|'s key block. +// SSL_get_key_block_len returns the length of |ssl|'s key block. It is an error +// to call this function during a handshake. OPENSSL_EXPORT size_t SSL_get_key_block_len(const SSL *ssl); // SSL_generate_key_block generates |out_len| bytes of key material for |ssl|'s -// current connection state. +// current connection state. It is an error to call this function during a +// handshake. OPENSSL_EXPORT int SSL_generate_key_block(const SSL *ssl, uint8_t *out, size_t out_len); diff --git a/ssl/handoff.cc b/ssl/handoff.cc index fdbac18da7..977fcc5e48 100644 --- a/ssl/handoff.cc +++ b/ssl/handoff.cc @@ -632,7 +632,7 @@ bool SSL_apply_handback(SSL *ssl, Span handback) { case handback_after_session_resumption: // The write keys are installed after server Finished, but the client // keys must wait for ChangeCipherSpec. - if (!tls1_configure_aead(ssl, evp_aead_seal, &key_block, session->cipher, + if (!tls1_configure_aead(ssl, evp_aead_seal, &key_block, session, write_iv)) { return false; } @@ -642,9 +642,9 @@ bool SSL_apply_handback(SSL *ssl, Span handback) { break; case handback_after_handshake: // The handshake is complete, so both keys are installed. - if (!tls1_configure_aead(ssl, evp_aead_seal, &key_block, session->cipher, + if (!tls1_configure_aead(ssl, evp_aead_seal, &key_block, session, write_iv) || - !tls1_configure_aead(ssl, evp_aead_open, &key_block, session->cipher, + !tls1_configure_aead(ssl, evp_aead_open, &key_block, session, read_iv)) { return false; } diff --git a/ssl/handshake.cc b/ssl/handshake.cc index 27fc3af23e..7bceb1dcbb 100644 --- a/ssl/handshake.cc +++ b/ssl/handshake.cc @@ -441,7 +441,7 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) { uint8_t finished[EVP_MAX_MD_SIZE]; size_t finished_len; if (!hs->transcript.GetFinishedMAC(finished, &finished_len, - SSL_get_session(ssl), !ssl->server) || + ssl_handshake_session(hs), !ssl->server) || !ssl_hash_message(hs, msg)) { return ssl_hs_error; } @@ -484,7 +484,7 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) { bool ssl_send_finished(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; - const SSL_SESSION *session = SSL_get_session(ssl); + const SSL_SESSION *session = ssl_handshake_session(hs); uint8_t finished[EVP_MAX_MD_SIZE]; size_t finished_len; @@ -541,6 +541,13 @@ bool ssl_output_cert_chain(SSL_HANDSHAKE *hs) { return true; } +const SSL_SESSION *ssl_handshake_session(const SSL_HANDSHAKE *hs) { + if (hs->new_session) { + return hs->new_session.get(); + } + return hs->ssl->session.get(); +} + int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) { SSL *const ssl = hs->ssl; for (;;) { diff --git a/ssl/internal.h b/ssl/internal.h index 182b02f6ad..2000409bfd 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -1940,6 +1940,11 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs); bool ssl_send_finished(SSL_HANDSHAKE *hs); bool ssl_output_cert_chain(SSL_HANDSHAKE *hs); +// ssl_handshake_session returns the |SSL_SESSION| corresponding to the current +// handshake. Note, in TLS 1.2 resumptions, this session is immutable. +const SSL_SESSION *ssl_handshake_session(const SSL_HANDSHAKE *hs); + + // SSLKEYLOGFILE functions. // ssl_log_secret logs |secret| with label |label|, if logging is enabled for @@ -2921,13 +2926,14 @@ int dtls1_dispatch_alert(SSL *ssl); // determined by |direction|) using the keys generated by the TLS KDF. The // |key_block_cache| argument is used to store the generated key block, if // empty. Otherwise it's assumed that the key block is already contained within -// it. Returns one on success or zero on error. -int tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction, - Array *key_block_cache, - const SSL_CIPHER *cipher, - Span iv_override); - -int tls1_change_cipher_state(SSL_HANDSHAKE *hs, evp_aead_direction_t direction); +// it. It returns true on success or false on error. +bool tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction, + Array *key_block_cache, + const SSL_SESSION *session, + Span iv_override); + +bool tls1_change_cipher_state(SSL_HANDSHAKE *hs, + evp_aead_direction_t direction); int tls1_generate_master_secret(SSL_HANDSHAKE *hs, uint8_t *out, Span premaster); diff --git a/ssl/t1_enc.cc b/ssl/t1_enc.cc index 73b6544a81..d8b6ea2b4d 100644 --- a/ssl/t1_enc.cc +++ b/ssl/t1_enc.cc @@ -189,21 +189,36 @@ static bool get_key_block_lengths(const SSL *ssl, size_t *out_mac_secret_len, return true; } -int tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction, - Array *key_block_cache, - const SSL_CIPHER *cipher, - Span iv_override) { +static bool generate_key_block(const SSL *ssl, Span out, + const SSL_SESSION *session) { + auto master_key = + MakeConstSpan(session->master_key, session->master_key_length); + static const char kLabel[] = "key expansion"; + auto label = MakeConstSpan(kLabel, sizeof(kLabel) - 1); + + const EVP_MD *digest = ssl_session_get_digest(session); + // Note this function assumes that |session|'s key material corresponds to + // |ssl->s3->client_random| and |ssl->s3->server_random|. + return tls1_prf(digest, out, master_key, label, ssl->s3->server_random, + ssl->s3->client_random); +} + +bool tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction, + Array *key_block_cache, + const SSL_SESSION *session, + Span iv_override) { size_t mac_secret_len, key_len, iv_len; - if (!get_key_block_lengths(ssl, &mac_secret_len, &key_len, &iv_len, cipher)) { - return 0; + if (!get_key_block_lengths(ssl, &mac_secret_len, &key_len, &iv_len, + session->cipher)) { + return false; } // Ensure that |key_block_cache| is set up. const size_t key_block_size = 2 * (mac_secret_len + key_len + iv_len); if (key_block_cache->empty()) { if (!key_block_cache->Init(key_block_size) || - !SSL_generate_key_block(ssl, key_block_cache->data(), key_block_size)) { - return 0; + !generate_key_block(ssl, MakeSpan(*key_block_cache), session)) { + return false; } } assert(key_block_cache->size() == key_block_size); @@ -224,15 +239,16 @@ int tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction, if (!iv_override.empty()) { if (iv_override.size() != iv_len) { - return 0; + return false; } iv = iv_override; } - UniquePtr aead_ctx = SSLAEADContext::Create( - direction, ssl->version, SSL_is_dtls(ssl), cipher, key, mac_secret, iv); + UniquePtr aead_ctx = + SSLAEADContext::Create(direction, ssl->version, SSL_is_dtls(ssl), + session->cipher, key, mac_secret, iv); if (!aead_ctx) { - return 0; + return false; } if (direction == evp_aead_open) { @@ -246,10 +262,10 @@ int tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction, /*secret_for_quic=*/{}); } -int tls1_change_cipher_state(SSL_HANDSHAKE *hs, - evp_aead_direction_t direction) { +bool tls1_change_cipher_state(SSL_HANDSHAKE *hs, + evp_aead_direction_t direction) { return tls1_configure_aead(hs->ssl, direction, &hs->key_block, - hs->new_cipher, {}); + ssl_handshake_session(hs), {}); } int tls1_generate_master_secret(SSL_HANDSHAKE *hs, uint8_t *out, @@ -286,6 +302,11 @@ BSSL_NAMESPACE_END using namespace bssl; size_t SSL_get_key_block_len(const SSL *ssl) { + // See |SSL_generate_key_block|. + if (SSL_in_init(ssl)) { + return 0; + } + size_t mac_secret_len, key_len, fixed_iv_len; if (!get_key_block_lengths(ssl, &mac_secret_len, &key_len, &fixed_iv_len, SSL_get_current_cipher(ssl))) { @@ -297,16 +318,16 @@ size_t SSL_get_key_block_len(const SSL *ssl) { } int SSL_generate_key_block(const SSL *ssl, uint8_t *out, size_t out_len) { - const SSL_SESSION *session = SSL_get_session(ssl); - auto out_span = MakeSpan(out, out_len); - auto master_key = - MakeConstSpan(session->master_key, session->master_key_length); - static const char kLabel[] = "key expansion"; - auto label = MakeConstSpan(kLabel, sizeof(kLabel) - 1); + // Which cipher state to use is ambiguous during a handshake. In particular, + // there are points where read and write states are from different epochs. + // During a handshake, before ChangeCipherSpec, the encryption states may not + // match |ssl->s3->client_random| and |ssl->s3->server_random|. + if (SSL_in_init(ssl)) { + OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } - const EVP_MD *digest = ssl_session_get_digest(session); - return tls1_prf(digest, out_span, master_key, label, ssl->s3->server_random, - ssl->s3->client_random); + return generate_key_block(ssl, MakeSpan(out, out_len), SSL_get_session(ssl)); } int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len, From 7361ee42cfff6039585c49a82e4b585cb633d5e3 Mon Sep 17 00:00:00 2001 From: Ilya Tokar Date: Fri, 19 Jun 2020 15:51:37 -0400 Subject: [PATCH 041/399] Enable shaext path for sha1. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This makes sha1 ~2x faster on Amd Rome: BM_SHA1Hash/2 10.9MB/s ± 1% 14.0MB/s ± 1% +28.77% (p=0.000 n=10+10) BM_SHA1Hash/4 21.9MB/s ± 1% 28.2MB/s ± 1% +28.56% (p=0.000 n=10+10) BM_SHA1Hash/8 43.9MB/s ± 1% 56.3MB/s ± 2% +28.36% (p=0.000 n=10+10) BM_SHA1Hash/16 88.1MB/s ± 1% 114.8MB/s ± 2% +30.40% (p=0.000 n=9+10) BM_SHA1Hash/32 178MB/s ± 1% 229MB/s ± 2% +28.64% (p=0.000 n=10+10) BM_SHA1Hash/64 240MB/s ± 1% 363MB/s ± 2% +51.57% (p=0.000 n=10+10) BM_SHA1Hash/512 629MB/s ± 1% 1129MB/s ± 2% +79.54% (p=0.000 n=9+10) BM_SHA1Hash/4k 794MB/s ± 0% 1538MB/s ± 1% +93.76% (p=0.000 n=8+10) BM_SHA1Hash/32k 820MB/s ± 1% 1610MB/s ± 2% +96.44% (p=0.000 n=10+10) BM_SHA1Hash/256k 822MB/s ± 1% 1624MB/s ± 1% +97.48% (p=0.000 n=10+10) BM_SHA1Hash/1M 822MB/s ± 1% 1625MB/s ± 1% +97.63% (p=0.000 n=10+10) BM_SHA1Hash/2M 824MB/s ± 1% 1626MB/s ± 1% +97.32% (p=0.000 n=10+10) BM_SHA1Hash/4M 826MB/s ± 1% 1631MB/s ± 0% +97.56% (p=0.000 n=10+8) BM_SHA1Hash/8M 824MB/s ± 1% 1625MB/s ± 1% +97.14% (p=0.000 n=10+10) BM_SHA1Hash/16M 823MB/s ± 1% 1625MB/s ± 1% +97.40% (p=0.000 n=10+10) Change-Id: Ic75eb717a71b35d0ca775c309e08396b2ab77641 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41884 Reviewed-by: David Benjamin Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/fipsmodule/sha/asm/sha1-x86_64.pl | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/crypto/fipsmodule/sha/asm/sha1-x86_64.pl b/crypto/fipsmodule/sha/asm/sha1-x86_64.pl index 5e98962d8b..0b0c151da7 100755 --- a/crypto/fipsmodule/sha/asm/sha1-x86_64.pl +++ b/crypto/fipsmodule/sha/asm/sha1-x86_64.pl @@ -108,10 +108,7 @@ # versions, but BoringSSL is intended to be used with pre-generated perlasm # output, so this isn't useful anyway. $avx = 2; - -# TODO(davidben): Consider enabling the Intel SHA Extensions code once it's -# been tested. -$shaext=0; ### set to zero if compiling for 1.0.1 +$shaext=1; ### set to zero if compiling for 1.0.1 open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; *STDOUT=*OUT; From 5d74463301bbfebc24f99fe232b922260d36ea90 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 15 Jun 2020 14:42:37 -0500 Subject: [PATCH 042/399] Use |crypto_word_t| and |size_t| more consistently in ECC scalar recoding. Use |crypto_word_t| as the type for secret values in scalar recoding. Use |size_t| as the type of array indexes in scalar recoding. Use explicit casts where a larger type is (losslessly) truncated to a smaller type. With this change, |uint64_t| is no longer used in the p256.c when building in 32-bit mode, |unsigned| is not used in any of the affected modules, and |uint8_t| and |char| are no longer used for secret values in the ECC recoding. When given the choice of doing non-array-indexing arithmetic (e.g. shifts) on |size_t| values or |crypto_word_t| values, prefer doing it on |crypto_word_t| values. More generally, try to use |size_t| only for sizes and array indexes. This is part of a bigger project to minimize the use of types other than |crypto_word_t| for secret values. This is also part of a larger project make the ECC code more consistent. Avoid changing the loop indexing in the P-256 scalar multiplication from |int| to |size_t|. The P-224 code does use |size_t| but it is less clear than the P-256 code where |i - 1| results in a negative/underflowed value when |i| is zero. Change-Id: I78cb404455c2340a4f8c9688d36c0d425bfcc50b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41685 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- crypto/fipsmodule/ec/internal.h | 3 +- crypto/fipsmodule/ec/p224-64.c | 24 ++++++++------- crypto/fipsmodule/ec/p256-x86_64.c | 47 +++++++++++++++--------------- crypto/fipsmodule/ec/p256.c | 36 +++++++++++++---------- crypto/fipsmodule/ec/simple_mul.c | 4 +-- crypto/fipsmodule/ec/util.c | 6 ++-- 6 files changed, 64 insertions(+), 56 deletions(-) diff --git a/crypto/fipsmodule/ec/internal.h b/crypto/fipsmodule/ec/internal.h index 836d3ca2cb..18aabb0ca4 100644 --- a/crypto/fipsmodule/ec/internal.h +++ b/crypto/fipsmodule/ec/internal.h @@ -703,7 +703,8 @@ void ec_GFp_mont_felem_to_bytes(const EC_GROUP *group, uint8_t *out, int ec_GFp_mont_felem_from_bytes(const EC_GROUP *group, EC_FELEM *out, const uint8_t *in, size_t len); -void ec_GFp_nistp_recode_scalar_bits(uint8_t *sign, uint8_t *digit, uint8_t in); +void ec_GFp_nistp_recode_scalar_bits(crypto_word_t *sign, crypto_word_t *digit, + crypto_word_t in); const EC_METHOD *EC_GFp_nistp224_method(void); const EC_METHOD *EC_GFp_nistp256_method(void); diff --git a/crypto/fipsmodule/ec/p224-64.c b/crypto/fipsmodule/ec/p224-64.c index c106de0db2..da4308c0be 100644 --- a/crypto/fipsmodule/ec/p224-64.c +++ b/crypto/fipsmodule/ec/p224-64.c @@ -866,7 +866,7 @@ static void p224_select_point(const uint64_t idx, size_t size, } // p224_get_bit returns the |i|th bit in |in| -static char p224_get_bit(const p224_felem_bytearray in, size_t i) { +static crypto_word_t p224_get_bit(const p224_felem_bytearray in, size_t i) { if (i >= 224) { return 0; } @@ -977,13 +977,13 @@ static void ec_GFp_nistp224_point_mul(const EC_GROUP *group, EC_RAW_POINT *r, // Add every 5 doublings. if (i % 5 == 0) { - uint64_t bits = p224_get_bit(scalar->bytes, i + 4) << 5; + crypto_word_t bits = p224_get_bit(scalar->bytes, i + 4) << 5; bits |= p224_get_bit(scalar->bytes, i + 3) << 4; bits |= p224_get_bit(scalar->bytes, i + 2) << 3; bits |= p224_get_bit(scalar->bytes, i + 1) << 2; bits |= p224_get_bit(scalar->bytes, i) << 1; bits |= p224_get_bit(scalar->bytes, i - 1); - uint8_t sign, digit; + crypto_word_t sign, digit; ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); // Select the point to add or subtract. @@ -1022,7 +1022,7 @@ static void ec_GFp_nistp224_point_mul_base(const EC_GROUP *group, } // First, look 28 bits upwards. - uint64_t bits = p224_get_bit(scalar->bytes, i + 196) << 3; + crypto_word_t bits = p224_get_bit(scalar->bytes, i + 196) << 3; bits |= p224_get_bit(scalar->bytes, i + 140) << 2; bits |= p224_get_bit(scalar->bytes, i + 84) << 1; bits |= p224_get_bit(scalar->bytes, i + 28); @@ -1080,14 +1080,15 @@ static void ec_GFp_nistp224_point_mul_public(const EC_GROUP *group, // Add multiples of the generator. if (i <= 27) { // First, look 28 bits upwards. - uint64_t bits = p224_get_bit(g_scalar->bytes, i + 196) << 3; + crypto_word_t bits = p224_get_bit(g_scalar->bytes, i + 196) << 3; bits |= p224_get_bit(g_scalar->bytes, i + 140) << 2; bits |= p224_get_bit(g_scalar->bytes, i + 84) << 1; bits |= p224_get_bit(g_scalar->bytes, i + 28); + size_t index = (size_t)bits; p224_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */, - g_p224_pre_comp[1][bits][0], g_p224_pre_comp[1][bits][1], - g_p224_pre_comp[1][bits][2]); + g_p224_pre_comp[1][index][0], g_p224_pre_comp[1][index][1], + g_p224_pre_comp[1][index][2]); assert(!skip); // Second, look at the current position. @@ -1095,20 +1096,21 @@ static void ec_GFp_nistp224_point_mul_public(const EC_GROUP *group, bits |= p224_get_bit(g_scalar->bytes, i + 112) << 2; bits |= p224_get_bit(g_scalar->bytes, i + 56) << 1; bits |= p224_get_bit(g_scalar->bytes, i); + index = (size_t)bits; p224_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */, - g_p224_pre_comp[0][bits][0], g_p224_pre_comp[0][bits][1], - g_p224_pre_comp[0][bits][2]); + g_p224_pre_comp[0][index][0], g_p224_pre_comp[0][index][1], + g_p224_pre_comp[0][index][2]); } // Incorporate |p_scalar| every 5 doublings. if (i % 5 == 0) { - uint64_t bits = p224_get_bit(p_scalar->bytes, i + 4) << 5; + crypto_word_t bits = p224_get_bit(p_scalar->bytes, i + 4) << 5; bits |= p224_get_bit(p_scalar->bytes, i + 3) << 4; bits |= p224_get_bit(p_scalar->bytes, i + 2) << 3; bits |= p224_get_bit(p_scalar->bytes, i + 1) << 2; bits |= p224_get_bit(p_scalar->bytes, i) << 1; bits |= p224_get_bit(p_scalar->bytes, i - 1); - uint8_t sign, digit; + crypto_word_t sign, digit; ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); // Select the point to add or subtract. diff --git a/crypto/fipsmodule/ec/p256-x86_64.c b/crypto/fipsmodule/ec/p256-x86_64.c index 973130f2e2..29ae1936f8 100644 --- a/crypto/fipsmodule/ec/p256-x86_64.c +++ b/crypto/fipsmodule/ec/p256-x86_64.c @@ -50,8 +50,8 @@ static const BN_ULONG ONE[P256_LIMBS] = { // Recode window to a signed digit, see |ec_GFp_nistp_recode_scalar_bits| in // util.c for details -static unsigned booth_recode_w5(unsigned in) { - unsigned s, d; +static crypto_word_t booth_recode_w5(crypto_word_t in) { + crypto_word_t s, d; s = ~((in >> 5) - 1); d = (1 << 6) - in - 1; @@ -61,8 +61,8 @@ static unsigned booth_recode_w5(unsigned in) { return (d << 1) + (s & 1); } -static unsigned booth_recode_w7(unsigned in) { - unsigned s, d; +static crypto_word_t booth_recode_w7(crypto_word_t in) { + crypto_word_t s, d; s = ~((in >> 7) - 1); d = (1 << 8) - in - 1; @@ -194,8 +194,8 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r, assert(p_scalar != NULL); assert(group->field.width == P256_LIMBS); - static const unsigned kWindowSize = 5; - static const unsigned kMask = (1 << (5 /* kWindowSize */ + 1)) - 1; + static const size_t kWindowSize = 5; + static const crypto_word_t kMask = (1 << (5 /* kWindowSize */ + 1)) - 1; // A |P256_POINT| is (3 * 32) = 96 bytes, and the 64-byte alignment should // add no more than 63 bytes of overhead. Thus, |table| should require @@ -232,17 +232,17 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r, BN_ULONG tmp[P256_LIMBS]; alignas(32) P256_POINT h; - unsigned index = 255; - unsigned wvalue = p_str[(index - 1) / 8]; + size_t index = 255; + crypto_word_t wvalue = p_str[(index - 1) / 8]; wvalue = (wvalue >> ((index - 1) % 8)) & kMask; ecp_nistz256_select_w5(r, table, booth_recode_w5(wvalue) >> 1); while (index >= 5) { if (index != 255) { - unsigned off = (index - 1) / 8; + size_t off = (index - 1) / 8; - wvalue = p_str[off] | p_str[off + 1] << 8; + wvalue = (crypto_word_t)p_str[off] | (crypto_word_t)p_str[off + 1] << 8; wvalue = (wvalue >> ((index - 1) % 8)) & kMask; wvalue = booth_recode_w5(wvalue); @@ -283,21 +283,22 @@ typedef union { P256_POINT_AFFINE a; } p256_point_union_t; -static unsigned calc_first_wvalue(unsigned *index, const uint8_t p_str[33]) { - static const unsigned kWindowSize = 7; - static const unsigned kMask = (1 << (7 /* kWindowSize */ + 1)) - 1; +static crypto_word_t calc_first_wvalue(size_t *index, const uint8_t p_str[33]) { + static const size_t kWindowSize = 7; + static const crypto_word_t kMask = (1 << (7 /* kWindowSize */ + 1)) - 1; *index = kWindowSize; - unsigned wvalue = (p_str[0] << 1) & kMask; + crypto_word_t wvalue = (p_str[0] << 1) & kMask; return booth_recode_w7(wvalue); } -static unsigned calc_wvalue(unsigned *index, const uint8_t p_str[33]) { - static const unsigned kWindowSize = 7; - static const unsigned kMask = (1 << (7 /* kWindowSize */ + 1)) - 1; +static crypto_word_t calc_wvalue(size_t *index, const uint8_t p_str[33]) { + static const size_t kWindowSize = 7; + static const crypto_word_t kMask = (1 << (7 /* kWindowSize */ + 1)) - 1; - const unsigned off = (*index - 1) / 8; - unsigned wvalue = p_str[off] | p_str[off + 1] << 8; + const size_t off = (*index - 1) / 8; + crypto_word_t wvalue = + (crypto_word_t)p_str[off] | (crypto_word_t)p_str[off + 1] << 8; wvalue = (wvalue >> ((*index - 1) % 8)) & kMask; *index += kWindowSize; @@ -325,8 +326,8 @@ static void ecp_nistz256_point_mul_base(const EC_GROUP *group, EC_RAW_POINT *r, p_str[32] = 0; // First window - unsigned index = 0; - unsigned wvalue = calc_first_wvalue(&index, p_str); + size_t index = 0; + crypto_word_t wvalue = calc_first_wvalue(&index, p_str); ecp_nistz256_select_w7(&p.a, ecp_nistz256_precomputed[0], wvalue >> 1); ecp_nistz256_neg(p.p.Z, p.p.Y); @@ -370,8 +371,8 @@ static void ecp_nistz256_points_mul_public(const EC_GROUP *group, p_str[32] = 0; // First window - unsigned index = 0; - unsigned wvalue = calc_first_wvalue(&index, p_str); + size_t index = 0; + size_t wvalue = calc_first_wvalue(&index, p_str); // Convert |p| from affine to Jacobian coordinates. We set Z to zero if |p| // is infinity and |ONE| otherwise. |p| was computed from the table, so it diff --git a/crypto/fipsmodule/ec/p256.c b/crypto/fipsmodule/ec/p256.c index 9355ac1910..9f5694c233 100644 --- a/crypto/fipsmodule/ec/p256.c +++ b/crypto/fipsmodule/ec/p256.c @@ -67,7 +67,7 @@ static fiat_p256_limb_t fiat_p256_nz( static void fiat_p256_copy(fiat_p256_limb_t out[FIAT_P256_NLIMBS], const fiat_p256_limb_t in1[FIAT_P256_NLIMBS]) { - for (int i = 0; i < FIAT_P256_NLIMBS; i++) { + for (size_t i = 0; i < FIAT_P256_NLIMBS; i++) { out[i] = in1[i]; } } @@ -393,7 +393,7 @@ static void fiat_p256_select_point(const fiat_p256_limb_t idx, size_t size, } // fiat_p256_get_bit returns the |i|th bit in |in| -static char fiat_p256_get_bit(const uint8_t *in, int i) { +static crypto_word_t fiat_p256_get_bit(const uint8_t *in, int i) { if (i < 0 || i >= 256) { return 0; } @@ -498,20 +498,20 @@ static void ec_GFp_nistp256_point_mul(const EC_GROUP *group, EC_RAW_POINT *r, // do other additions every 5 doublings if (i % 5 == 0) { - uint64_t bits = fiat_p256_get_bit(scalar->bytes, i + 4) << 5; + crypto_word_t bits = fiat_p256_get_bit(scalar->bytes, i + 4) << 5; bits |= fiat_p256_get_bit(scalar->bytes, i + 3) << 4; bits |= fiat_p256_get_bit(scalar->bytes, i + 2) << 3; bits |= fiat_p256_get_bit(scalar->bytes, i + 1) << 2; bits |= fiat_p256_get_bit(scalar->bytes, i) << 1; bits |= fiat_p256_get_bit(scalar->bytes, i - 1); - uint8_t sign, digit; + crypto_word_t sign, digit; ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); // select the point to add or subtract, in constant time. - fiat_p256_select_point(digit, 17, (const fiat_p256_felem(*)[3])p_pre_comp, - tmp); + fiat_p256_select_point((fiat_p256_limb_t)digit, 17, + (const fiat_p256_felem(*)[3])p_pre_comp, tmp); fiat_p256_opp(ftmp, tmp[1]); // (X, -Y, Z) is the negative point. - fiat_p256_cmovznz(tmp[1], sign, tmp[1], ftmp); + fiat_p256_cmovznz(tmp[1], (fiat_p256_limb_t)sign, tmp[1], ftmp); if (!skip) { fiat_p256_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], @@ -543,12 +543,13 @@ static void ec_GFp_nistp256_point_mul_base(const EC_GROUP *group, } // First, look 32 bits upwards. - uint64_t bits = fiat_p256_get_bit(scalar->bytes, i + 224) << 3; + crypto_word_t bits = fiat_p256_get_bit(scalar->bytes, i + 224) << 3; bits |= fiat_p256_get_bit(scalar->bytes, i + 160) << 2; bits |= fiat_p256_get_bit(scalar->bytes, i + 96) << 1; bits |= fiat_p256_get_bit(scalar->bytes, i + 32); // Select the point to add, in constant time. - fiat_p256_select_point_affine(bits, 15, fiat_p256_g_pre_comp[1], tmp); + fiat_p256_select_point_affine((fiat_p256_limb_t)bits, 15, + fiat_p256_g_pre_comp[1], tmp); if (!skip) { fiat_p256_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], @@ -566,7 +567,8 @@ static void ec_GFp_nistp256_point_mul_base(const EC_GROUP *group, bits |= fiat_p256_get_bit(scalar->bytes, i + 64) << 1; bits |= fiat_p256_get_bit(scalar->bytes, i); // Select the point to add, in constant time. - fiat_p256_select_point_affine(bits, 15, fiat_p256_g_pre_comp[0], tmp); + fiat_p256_select_point_affine((fiat_p256_limb_t)bits, 15, + fiat_p256_g_pre_comp[0], tmp); fiat_p256_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */, tmp[0], tmp[1], tmp[2]); } @@ -613,14 +615,15 @@ static void ec_GFp_nistp256_point_mul_public(const EC_GROUP *group, // constant-time lookup. if (i <= 31) { // First, look 32 bits upwards. - uint64_t bits = fiat_p256_get_bit(g_scalar->bytes, i + 224) << 3; + crypto_word_t bits = fiat_p256_get_bit(g_scalar->bytes, i + 224) << 3; bits |= fiat_p256_get_bit(g_scalar->bytes, i + 160) << 2; bits |= fiat_p256_get_bit(g_scalar->bytes, i + 96) << 1; bits |= fiat_p256_get_bit(g_scalar->bytes, i + 32); if (bits != 0) { + size_t index = (size_t)(bits - 1); fiat_p256_point_add(ret[0], ret[1], ret[2], ret[0], ret[1], ret[2], - 1 /* mixed */, fiat_p256_g_pre_comp[1][bits - 1][0], - fiat_p256_g_pre_comp[1][bits - 1][1], + 1 /* mixed */, fiat_p256_g_pre_comp[1][index][0], + fiat_p256_g_pre_comp[1][index][1], fiat_p256_one); skip = 0; } @@ -631,9 +634,10 @@ static void ec_GFp_nistp256_point_mul_public(const EC_GROUP *group, bits |= fiat_p256_get_bit(g_scalar->bytes, i + 64) << 1; bits |= fiat_p256_get_bit(g_scalar->bytes, i); if (bits != 0) { + size_t index = (size_t)(bits - 1); fiat_p256_point_add(ret[0], ret[1], ret[2], ret[0], ret[1], ret[2], - 1 /* mixed */, fiat_p256_g_pre_comp[0][bits - 1][0], - fiat_p256_g_pre_comp[0][bits - 1][1], + 1 /* mixed */, fiat_p256_g_pre_comp[0][index][0], + fiat_p256_g_pre_comp[0][index][1], fiat_p256_one); skip = 0; } @@ -642,7 +646,7 @@ static void ec_GFp_nistp256_point_mul_public(const EC_GROUP *group, int digit = p_wNAF[i]; if (digit != 0) { assert(digit & 1); - int idx = digit < 0 ? (-digit) >> 1 : digit >> 1; + size_t idx = (size_t)(digit < 0 ? (-digit) >> 1 : digit >> 1); fiat_p256_felem *y = &p_pre_comp[idx][1], tmp; if (digit < 0) { fiat_p256_opp(tmp, p_pre_comp[idx][1]); diff --git a/crypto/fipsmodule/ec/simple_mul.c b/crypto/fipsmodule/ec/simple_mul.c index 127e2b3f6f..0e6384ecd9 100644 --- a/crypto/fipsmodule/ec/simple_mul.c +++ b/crypto/fipsmodule/ec/simple_mul.c @@ -108,7 +108,7 @@ static void ec_GFp_mont_batch_get_window(const EC_GROUP *group, if (i > 0) { window |= bn_is_bit_set_words(scalar->words, width, i - 1); } - uint8_t sign, digit; + crypto_word_t sign, digit; ec_GFp_nistp_recode_scalar_bits(&sign, &digit, window); // Select the entry in constant-time. @@ -121,7 +121,7 @@ static void ec_GFp_mont_batch_get_window(const EC_GROUP *group, // Negate if necessary. EC_FELEM neg_Y; ec_felem_neg(group, &neg_Y, &out->Y); - BN_ULONG sign_mask = sign; + crypto_word_t sign_mask = sign; sign_mask = 0u - sign_mask; ec_felem_select(group, &out->Y, sign_mask, &neg_Y, &out->Y); } diff --git a/crypto/fipsmodule/ec/util.c b/crypto/fipsmodule/ec/util.c index 4f39f18bf4..c4323f2f9d 100644 --- a/crypto/fipsmodule/ec/util.c +++ b/crypto/fipsmodule/ec/util.c @@ -240,9 +240,9 @@ // P-384: ...01110011; w = 2, 5, 6, 7 are okay // P-256: ...01010001; w = 5, 7 are okay // P-224: ...00111101; w = 3, 4, 5, 6 are okay -void ec_GFp_nistp_recode_scalar_bits(uint8_t *sign, uint8_t *digit, - uint8_t in) { - uint8_t s, d; +void ec_GFp_nistp_recode_scalar_bits(crypto_word_t *sign, crypto_word_t *digit, + crypto_word_t in) { + crypto_word_t s, d; s = ~((in >> 5) - 1); /* sets all bits to MSB(in), 'in' seen as * 6-bit value */ From e2abade4245ac06b57195a8cbab0fa0157d68463 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 29 Jun 2020 13:12:58 -0700 Subject: [PATCH 043/399] sha1-x86_64: fix CFI. This issue only arises when SHAEXT is enabled, which it isn't (yet). Will upstream too. Change-Id: I92de51789d58ba1784b88eb872b1f9eca8eb78d8 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41944 Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- crypto/fipsmodule/sha/asm/sha1-x86_64.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/fipsmodule/sha/asm/sha1-x86_64.pl b/crypto/fipsmodule/sha/asm/sha1-x86_64.pl index 0b0c151da7..76e40770db 100755 --- a/crypto/fipsmodule/sha/asm/sha1-x86_64.pl +++ b/crypto/fipsmodule/sha/asm/sha1-x86_64.pl @@ -453,8 +453,8 @@ sub BODY_40_59 { .Lepilogue_shaext: ___ $code.=<<___; -.cfi_endproc ret +.cfi_endproc .size sha1_block_data_order_shaext,.-sha1_block_data_order_shaext ___ }}} From 939d426f6bc88e09b385d4de408918d528f6a494 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 29 Jun 2020 13:58:26 -0700 Subject: [PATCH 044/399] Maybe build for AArch64 Windows. Microsoft lists[1] this define to indicate AArch64, support for which is requested on https://github.com/grpc/grpc/issues/23310. More might well be needed, especially if the assembly code is to work, but maybe this'll work for gRPC. [1] https://docs.microsoft.com/en-us/cpp/preprocessor/predefined-macros?view=vs-2019 Change-Id: Id66d1c8ab7ab161f73c993dd4901e2252198bda8 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41945 Reviewed-by: Adam Langley Reviewed-by: David Benjamin Commit-Queue: Adam Langley --- crypto/fipsmodule/bn/internal.h | 12 +++++++++++- include/openssl/base.h | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/crypto/fipsmodule/bn/internal.h b/crypto/fipsmodule/bn/internal.h index af32b3d564..c3aa21bc4c 100644 --- a/crypto/fipsmodule/bn/internal.h +++ b/crypto/fipsmodule/bn/internal.h @@ -404,9 +404,19 @@ uint64_t bn_mont_n0(const BIGNUM *n); int bn_mod_exp_base_2_consttime(BIGNUM *r, unsigned p, const BIGNUM *n, BN_CTX *ctx); -#if defined(OPENSSL_X86_64) && defined(_MSC_VER) +#if defined(_MSC_VER) +#if defined(OPENSSL_X86_64) #define BN_UMULT_LOHI(low, high, a, b) ((low) = _umul128((a), (b), &(high))) +#elif defined(OPENSSL_AARCH64) +#define BN_UMULT_LOHI(low, high, a, b) \ + do { \ + const BN_ULONG _a = (a); \ + const BN_ULONG _b = (b); \ + (low) = _a * _b; \ + (high) = __umulh(_a, _b); \ + } while (0) #endif +#endif // _MSC_VER #if !defined(BN_ULLONG) && !defined(BN_UMULT_LOHI) #error "Either BN_ULLONG or BN_UMULT_LOHI must be defined on every platform." diff --git a/include/openssl/base.h b/include/openssl/base.h index 7f6accea1d..9235ed7b21 100644 --- a/include/openssl/base.h +++ b/include/openssl/base.h @@ -90,7 +90,7 @@ extern "C" { #elif defined(__x86) || defined(__i386) || defined(__i386__) || defined(_M_IX86) #define OPENSSL_32_BIT #define OPENSSL_X86 -#elif defined(__aarch64__) +#elif defined(__aarch64__) || defined(_M_ARM64) #define OPENSSL_64_BIT #define OPENSSL_AARCH64 #elif defined(__arm) || defined(__arm__) || defined(_M_ARM) From 25638f06e31593310f4bc6a6ac91074768b81af2 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 24 Jun 2020 18:27:57 -0400 Subject: [PATCH 045/399] Remove x509->name. Every X509 object, when parsed, would pretty-print the subject and stash the result in x509->name. This field was removed in upstream OpenSSL and all uses I found have now been fixed. Remove this to reduce unnecessary work in the X.509 parser. Update-Note: instead of x509->name, use X509_NAME_oneline and X509_get_subject_name. Change-Id: I1d1e69bed7429d59125a8bdea5cbba391cd1028c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41904 Reviewed-by: Adam Langley Commit-Queue: Adam Langley --- crypto/x509/x_x509.c | 6 ------ include/openssl/x509.h | 1 - 2 files changed, 7 deletions(-) diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index 010b6254c5..ff0dc34680 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -98,7 +98,6 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, switch (operation) { case ASN1_OP_NEW_POST: - ret->name = NULL; ret->ex_flags = 0; ret->ex_pathlen = -1; ret->skid = NULL; @@ -140,10 +139,6 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, return 0; } - /* TODO(davidben): Remove this field once the few external accesses are - * removed. */ - OPENSSL_free(ret->name); - ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0); break; } @@ -158,7 +153,6 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, GENERAL_NAMES_free(ret->altname); NAME_CONSTRAINTS_free(ret->nc); CRYPTO_BUFFER_free(ret->buf); - OPENSSL_free(ret->name); break; } diff --git a/include/openssl/x509.h b/include/openssl/x509.h index fb6d0bc890..d58e3ca44a 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -230,7 +230,6 @@ struct x509_st { X509_ALGOR *sig_alg; ASN1_BIT_STRING *signature; CRYPTO_refcount_t references; - char *name; CRYPTO_EX_DATA ex_data; // These contain copies of various extension values long ex_pathlen; From c655065273b3bf3792afffa3f07ebbad49e6463e Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 30 Jun 2020 17:37:13 -0700 Subject: [PATCH 046/399] acvp: add SP800-108 KDF support. Based on a change from Dan Janni. Change-Id: Ibe00e61cb43819ecad7c1376f8c013aca3667037 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41964 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- .../fipstools/acvp/acvptool/subprocess/kdf.go | 132 ++++++++++++ .../acvp/acvptool/subprocess/subprocess.go | 7 + .../acvptool/subprocess/subprocess_test.go | 86 ++++++++ .../testmodulewrapper/testmodulewrapper.go | 201 ++++++++++++++++++ 4 files changed, 426 insertions(+) create mode 100644 util/fipstools/acvp/acvptool/subprocess/kdf.go create mode 100644 util/fipstools/acvp/acvptool/testmodulewrapper/testmodulewrapper.go diff --git a/util/fipstools/acvp/acvptool/subprocess/kdf.go b/util/fipstools/acvp/acvptool/subprocess/kdf.go new file mode 100644 index 0000000000..e8e16a037d --- /dev/null +++ b/util/fipstools/acvp/acvptool/subprocess/kdf.go @@ -0,0 +1,132 @@ +// Copyright (c) 2020, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +package subprocess + +import ( + "bytes" + "encoding/hex" + "encoding/json" + "fmt" +) + +// The following structures reflect the JSON of ACVP KDF tests. See +// https://usnistgov.github.io/ACVP/artifacts/acvp_sub_kdf108.html#rfc.section.3 + +type kdfTestVectorSet struct { + Groups []kdfTestGroup `json:"testGroups"` +} + +type kdfTestGroup struct { + ID uint64 `json:"tgId"` + // KDFMode can take the values "counter", "feedback", or + // "double pipeline iteration". + KDFMode string `json:"kdfMode"` + MACMode string `json:"macMode"` + CounterLocation string `json:"counterLocation"` + OutputBits uint32 `json:"keyOutLength"` + CounterBits uint32 `json:"counterLength"` + ZeroIV bool `json:"zeroLengthIv"` + + Tests []struct { + ID uint64 `json:"tcId"` + Key string `json:"keyIn"` + Deferred bool `json:"deferred"` + } +} + +type kdfTestGroupResponse struct { + ID uint64 `json:"tgId"` + Tests []kdfTestResponse `json:"tests"` +} + +type kdfTestResponse struct { + ID uint64 `json:"tcId"` + KeyIn string `json:"keyIn,omitempty"` + FixedData string `json:"fixedData"` + KeyOut string `json:"keyOut"` +} + +type kdfPrimitive struct{} + +func (k *kdfPrimitive) Process(vectorSet []byte, m Transactable) (interface{}, error) { + var parsed kdfTestVectorSet + if err := json.Unmarshal(vectorSet, &parsed); err != nil { + return nil, err + } + + var respGroups []kdfTestGroupResponse + for _, group := range parsed.Groups { + groupResp := kdfTestGroupResponse{ID: group.ID} + + if group.OutputBits%8 != 0 { + return nil, fmt.Errorf("%d bit key in test group %d: fractional bytes not supported", group.OutputBits, group.ID) + } + + if group.KDFMode != "counter" { + // feedback mode would need the IV to be handled. + // double-pipeline mode is not useful. + return nil, fmt.Errorf("KDF mode %q not supported", group.KDFMode) + } + + switch group.CounterLocation { + case "after fixed data", "before fixed data": + break + default: + return nil, fmt.Errorf("Label location %q not supported", group.CounterLocation) + } + + counterBits := uint32le(group.CounterBits) + outputBytes := uint32le(group.OutputBits / 8) + + for _, test := range group.Tests { + testResp := kdfTestResponse{ID: test.ID} + + var key []byte + if test.Deferred { + if len(test.Key) != 0 { + return nil, fmt.Errorf("key provided in deferred test case %d/%d", group.ID, test.ID) + } + } else { + var err error + if key, err = hex.DecodeString(test.Key); err != nil { + return nil, fmt.Errorf("failed to decode Key in test case %d/%d: %v", group.ID, test.ID, err) + } + } + + // Make the call to the crypto module. + resp, err := m.Transact("KDF-counter", 3, outputBytes, []byte(group.MACMode), []byte(group.CounterLocation), key, counterBits) + if err != nil { + return nil, fmt.Errorf("wrapper KDF operation failed: %s", err) + } + + // Parse results. + testResp.ID = test.ID + if test.Deferred { + testResp.KeyIn = hex.EncodeToString(resp[0]) + } + testResp.FixedData = hex.EncodeToString(resp[1]) + testResp.KeyOut = hex.EncodeToString(resp[2]) + + if !test.Deferred && !bytes.Equal(resp[0], key) { + return nil, fmt.Errorf("wrapper returned a different key for non-deferred KDF operation") + } + + groupResp.Tests = append(groupResp.Tests, testResp) + } + respGroups = append(respGroups, groupResp) + } + + return respGroups, nil +} diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index d22f3d516a..b9a82ee0fc 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -85,6 +85,7 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess "HMAC-SHA2-512": &hmacPrimitive{"HMAC-SHA2-512", 64}, "ctrDRBG": &drbg{"ctrDRBG", map[string]bool{"AES-128": true, "AES-192": true, "AES-256": true}}, "hmacDRBG": &drbg{"hmacDRBG", map[string]bool{"SHA-1": true, "SHA2-224": true, "SHA2-256": true, "SHA2-384": true, "SHA2-512": true}}, + "KDF": &kdfPrimitive{}, } m.primitives["ECDSA"] = &ecdsa{"ECDSA", map[string]bool{"P-224": true, "P-256": true, "P-384": true, "P-521": true}, m.primitives} @@ -198,3 +199,9 @@ func (m *Subprocess) Process(algorithm string, vectorSet []byte) ([]byte, error) type primitive interface { Process(vectorSet []byte, t Transactable) (interface{}, error) } + +func uint32le(n uint32) []byte { + var ret [4]byte + binary.LittleEndian.PutUint32(ret[:], n) + return ret[:] +} diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go b/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go index eb70f9fb85..09214c47dc 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go @@ -96,6 +96,73 @@ var invalidSHA2_256 = []byte(`{ }] }`) +var validKDFJSON = []byte(`{ + "vsId": 1564, + "algorithm": "counterMode", + "revision": "1.0", + "testGroups": [{ + "tgId": 1, + "kdfMode": "counter", + "macMode": "CMAC-AES128", + "counterLocation": "after fixed data", + "keyOutLength": 1024, + "counterLength": 8, + "tests": [{ + "tcId": 1, + "keyIn": "5DA38931E8D9174BC3279C8942D2DB82", + "deferred": false + }, + { + "tcId": 2, + "keyIn": "58F5426A40E3D5D2C94F0F97EB30C739", + "deferred": false + } + ] + }] +}`) + +var callsKDF = []fakeTransactCall{ + fakeTransactCall{cmd: "KDF-counter", expectedNumResults: 3, args: [][]byte{ + uint32le(128), // outputBytes + []byte("CMAC-AES128"), // macMode + []byte("after fixed data"), // counterLocation + fromHex("5DA38931E8D9174BC3279C8942D2DB82"), // keyIn + uint32le(8), // counterLength + }}, + fakeTransactCall{cmd: "KDF-counter", expectedNumResults: 3, args: [][]byte{ + uint32le(128), // outputBytes + []byte("CMAC-AES128"), // macMode + []byte("after fixed data"), // counterLocation + fromHex("58F5426A40E3D5D2C94F0F97EB30C739"), // keyIn + uint32le(8), // counterLength + }}, +} + +var invalidKDFJSON = []byte(`{ + "vsId": 1564, + "algorithm": "counterMode", + "revision": "1.0", + "testGroups": [{ + "tgId": 1, + "kdfMode": "counter", + "macMode": "CMAC-AES128", + "counterLocation": "after fixed data", + "keyOutLength": 1024, + "counterLength": 8, + "tests": [{ + "tcId": 1, + "keyIn": "5DA38931E8D9174BC3279C8942D2DB82", + "deferred": false + }, + { + "tcId": abc, + "keyIn": "58F5426A40E3D5D2C94F0F97EB30C739", + "deferred": false + } + ] + }] +}`) + var validACVPAESECB = []byte(`{ "vsId" : 181726, "algorithm" : "ACVP-AES-ECB", @@ -292,6 +359,25 @@ func TestPrimitives(t *testing.T) { invalidJSON: invalidSHA2_256, expectedCalls: callsSHA2_256, }, + { + algo: "kdf", + p: &kdfPrimitive{}, + validJSON: validKDFJSON, + invalidJSON: invalidKDFJSON, + expectedCalls: callsKDF, + results: []fakeTransactResult{ + {bytes: [][]byte{ + fromHex("5DA38931E8D9174BC3279C8942D2DB82"), + []byte("data1"), + []byte("keyOut1"), + }}, + {bytes: [][]byte{ + fromHex("58F5426A40E3D5D2C94F0F97EB30C739"), + []byte("data2"), + []byte("keyOut2"), + }}, + }, + }, { algo: "ACVP-AES-ECB", p: &blockCipher{"AES", 16, false}, diff --git a/util/fipstools/acvp/acvptool/testmodulewrapper/testmodulewrapper.go b/util/fipstools/acvp/acvptool/testmodulewrapper/testmodulewrapper.go new file mode 100644 index 0000000000..284b5d378b --- /dev/null +++ b/util/fipstools/acvp/acvptool/testmodulewrapper/testmodulewrapper.go @@ -0,0 +1,201 @@ +// testmodulewrapper is a modulewrapper binary that works with acvptool and +// implements the primitives that BoringSSL's modulewrapper doesn't, so that +// we have something that can exercise all the code in avcptool. + +package main + +import ( + "bytes" + "crypto/hmac" + "crypto/rand" + "crypto/sha256" + "encoding/binary" + "errors" + "fmt" + "io" + "os" +) + +var handlers = map[string]func([][]byte) error{ + "getConfig": getConfig, + "KDF-counter": kdfCounter, +} + +func getConfig(args [][]byte) error { + if len(args) != 0 { + return fmt.Errorf("getConfig received %d args", len(args)) + } + + return reply([]byte(`[ + { + "algorithm": "KDF", + "revision": "1.0", + "capabilities": [{ + "kdfMode": "counter", + "macMode": [ + "HMAC-SHA2-256" + ], + "supportedLengths": [{ + "min": 8, + "max": 4096, + "increment": 8 + }], + "fixedDataOrder": [ + "before fixed data" + ], + "counterLength": [ + 32 + ] + }] + } +]`)) +} + +func kdfCounter(args [][]byte) error { + if len(args) != 5 { + return fmt.Errorf("KDF received %d args", len(args)) + } + + outputBytes32, prf, counterLocation, key, counterBits32 := args[0], args[1], args[2], args[3], args[4] + outputBytes := binary.LittleEndian.Uint32(outputBytes32) + counterBits := binary.LittleEndian.Uint32(counterBits32) + + if !bytes.Equal(prf, []byte("HMAC-SHA2-256")) { + return fmt.Errorf("KDF received unsupported PRF %q", string(prf)) + } + if !bytes.Equal(counterLocation, []byte("before fixed data")) { + return fmt.Errorf("KDF received unsupported counter location %q", counterLocation) + } + if counterBits != 32 { + return fmt.Errorf("KDF received unsupported counter length %d", counterBits) + } + + if len(key) == 0 { + key = make([]byte, 32) + rand.Reader.Read(key) + } + + // See https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-108.pdf section 5.1 + if outputBytes+31 < outputBytes { + return fmt.Errorf("KDF received excessive output length %d", outputBytes) + } + + n := (outputBytes + 31) / 32 + result := make([]byte, 0, 32*n) + mac := hmac.New(sha256.New, key) + var input [4 + 8]byte + var digest []byte + rand.Reader.Read(input[4:]) + for i := uint32(1); i <= n; i++ { + mac.Reset() + binary.BigEndian.PutUint32(input[:4], i) + mac.Write(input[:]) + digest = mac.Sum(digest[:0]) + result = append(result, digest...) + } + + return reply(key, input[4:], result[:outputBytes]) +} + +func reply(responses ...[]byte) error { + if len(responses) > maxArgs { + return fmt.Errorf("%d responses is too many", len(responses)) + } + + var lengths [4 * (1 + maxArgs)]byte + binary.LittleEndian.PutUint32(lengths[:4], uint32(len(responses))) + for i, response := range responses { + binary.LittleEndian.PutUint32(lengths[4*(i+1):4*(i+2)], uint32(len(response))) + } + + lengthsLength := (1 + len(responses)) * 4 + if n, err := os.Stdout.Write(lengths[:lengthsLength]); n != lengthsLength || err != nil { + return fmt.Errorf("write failed: %s", err) + } + + for _, response := range responses { + if n, err := os.Stdout.Write(response); n != len(response) || err != nil { + return fmt.Errorf("write failed: %s", err) + } + } + + return nil +} + +const ( + maxArgs = 8 + maxArgLength = 1 << 20 + maxNameLength = 30 +) + +func main() { + if err := do(); err != nil { + fmt.Fprintf(os.Stderr, "%s.\n", err) + os.Exit(1) + } +} + +func do() error { + var nums [4 * (1 + maxArgs)]byte + var argLengths [maxArgs]uint32 + var args [maxArgs][]byte + var argsData []byte + + for { + if _, err := io.ReadFull(os.Stdin, nums[:8]); err != nil { + return err + } + + numArgs := binary.LittleEndian.Uint32(nums[:4]) + if numArgs == 0 { + return errors.New("Invalid, zero-argument operation requested") + } else if numArgs > maxArgs { + return fmt.Errorf("Operation requested with %d args, but %d is the limit", numArgs, maxArgs) + } + + if numArgs > 1 { + if _, err := io.ReadFull(os.Stdin, nums[8:4+4*numArgs]); err != nil { + return err + } + } + + input := nums[4:] + var need uint64 + for i := uint32(0); i < numArgs; i++ { + argLength := binary.LittleEndian.Uint32(input[:4]) + if i == 0 && argLength > maxNameLength { + return fmt.Errorf("Operation with name of length %d exceeded limit of %d", argLength, maxNameLength) + } else if argLength > maxArgLength { + return fmt.Errorf("Operation with argument of length %d exceeded limit of %d", argLength, maxArgLength) + } + need += uint64(argLength) + argLengths[i] = argLength + input = input[4:] + } + + if need > uint64(cap(argsData)) { + argsData = make([]byte, need) + } else { + argsData = argsData[:need] + } + + if _, err := io.ReadFull(os.Stdin, argsData); err != nil { + return err + } + + input = argsData + for i := uint32(0); i < numArgs; i++ { + args[i] = input[:argLengths[i]] + input = input[argLengths[i]:] + } + + name := string(args[0]) + if handler, ok := handlers[name]; !ok { + return fmt.Errorf("unknown operation %q", name) + } else { + if err := handler(args[1:numArgs]); err != nil { + return err + } + } + } +} From fb0c05cac263476ed54f94d4d4763bf6b18d0db5 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 1 Jul 2020 13:23:55 -0700 Subject: [PATCH 047/399] acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- .../acvp/acvptool/subprocess/keyedMac.go | 153 ++++++++++++++++++ .../acvp/acvptool/subprocess/subprocess.go | 1 + .../acvptool/subprocess/subprocess_test.go | 62 ++++++- .../acvp/modulewrapper/modulewrapper.cc | 39 +++++ 4 files changed, 253 insertions(+), 2 deletions(-) create mode 100644 util/fipstools/acvp/acvptool/subprocess/keyedMac.go diff --git a/util/fipstools/acvp/acvptool/subprocess/keyedMac.go b/util/fipstools/acvp/acvptool/subprocess/keyedMac.go new file mode 100644 index 0000000000..c0feac4cba --- /dev/null +++ b/util/fipstools/acvp/acvptool/subprocess/keyedMac.go @@ -0,0 +1,153 @@ +// Copyright (c) 2020, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +package subprocess + +import ( + "bytes" + "encoding/hex" + "encoding/json" + "fmt" +) + +// The following structures reflect the JSON of CMAC-AES tests. See +// https://usnistgov.github.io/ACVP/artifacts/acvp_sub_mac.html#rfc.section.4.2 + +type keyedMACTestVectorSet struct { + Groups []keyedMACTestGroup `json:"testGroups"` +} + +type keyedMACTestGroup struct { + ID uint64 `json:"tgId"` + Type string `json:"testType"` + Direction string `json:"direction"` + MsgBits uint32 `json:"msgLen"` + KeyBits uint32 `json:"keyLen"` + MACBits uint32 `json:"macLen"` + Tests []struct { + ID uint64 `json:"tcId"` + KeyHex string `json:"key"` + MsgHex string `json:"message"` + MACHex string `json:"mac"` + } +} + +type keyedMACTestGroupResponse struct { + ID uint64 `json:"tgId"` + Tests []keyedMACTestResponse `json:"tests"` +} + +type keyedMACTestResponse struct { + ID uint64 `json:"tcId"` + MACHex string `json:"mac,omitempty"` + Passed *bool `json:"testPassed,omitempty"` +} + +type keyedMACPrimitive struct { + algo string +} + +func (k *keyedMACPrimitive) Process(vectorSet []byte, m Transactable) (interface{}, error) { + var vs keyedMACTestVectorSet + if err := json.Unmarshal(vectorSet, &vs); err != nil { + return nil, err + } + + var respGroups []keyedMACTestGroupResponse + for _, group := range vs.Groups { + respGroup := keyedMACTestGroupResponse{ID: group.ID} + + if group.KeyBits%8 != 0 { + return nil, fmt.Errorf("%d bit key in test group %d: fractional bytes not supported", group.KeyBits, group.ID) + } + if group.MsgBits%8 != 0 { + return nil, fmt.Errorf("%d bit message in test group %d: fractional bytes not supported", group.KeyBits, group.ID) + } + if group.MACBits%8 != 0 { + return nil, fmt.Errorf("%d bit MAC in test group %d: fractional bytes not supported", group.KeyBits, group.ID) + } + + var generate bool + switch group.Direction { + case "gen": + generate = true + case "ver": + generate = false + default: + return nil, fmt.Errorf("unknown test direction %q in test group %d", group.Direction, group.ID) + } + + outputBytes := uint32le(group.MACBits / 8) + + for _, test := range group.Tests { + respTest := keyedMACTestResponse{ID: test.ID} + + // Validate input. + if keyBits := uint32(len(test.KeyHex)) * 4; keyBits != group.KeyBits { + return nil, fmt.Errorf("test case %d/%d contains key of length %d bits, but expected %d-bit value", group.ID, test.ID, keyBits, group.KeyBits) + } + if msgBits := uint32(len(test.MsgHex)) * 4; msgBits != group.MsgBits { + return nil, fmt.Errorf("test case %d/%d contains message of length %d bits, but expected %d-bit value", group.ID, test.ID, msgBits, group.MsgBits) + } + + if generate { + if len(test.MACHex) != 0 { + return nil, fmt.Errorf("test case %d/%d contains MAC but should not", group.ID, test.ID) + } + } else { + if macBits := uint32(len(test.MACHex)) * 4; macBits != group.MACBits { + return nil, fmt.Errorf("test case %d/%d contains MAC of length %d bits, but expected %d-bit value", group.ID, test.ID, macBits, group.MACBits) + } + } + + // Set up Transact parameters. + key, err := hex.DecodeString(test.KeyHex) + if err != nil { + return nil, fmt.Errorf("failed to decode KeyHex in test case %d/%d: %v", group.ID, test.ID, err) + } + + msg, err := hex.DecodeString(test.MsgHex) + if err != nil { + return nil, fmt.Errorf("failed to decode MsgHex in test case %d/%d: %v", group.ID, test.ID, err) + } + + result, err := m.Transact(k.algo, 1, outputBytes, key, msg) + if err != nil { + return nil, fmt.Errorf("wrapper %s operation failed: %s", k.algo, err) + } + + calculatedMAC := result[0] + if len(calculatedMAC) != int(group.MACBits/8) { + return nil, fmt.Errorf("%s operation returned incorrect length value", k.algo) + } + + if generate { + respTest.MACHex = hex.EncodeToString(calculatedMAC) + } else { + expectedMAC, err := hex.DecodeString(test.MACHex) + if err != nil { + return nil, fmt.Errorf("failed to decode MACHex in test case %d/%d: %v", group.ID, test.ID, err) + } + ok := bytes.Equal(calculatedMAC, expectedMAC) + respTest.Passed = &ok + } + + respGroup.Tests = append(respGroup.Tests, respTest) + } + + respGroups = append(respGroups, respGroup) + } + + return respGroups, nil +} diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index b9a82ee0fc..990223ea5c 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -86,6 +86,7 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess "ctrDRBG": &drbg{"ctrDRBG", map[string]bool{"AES-128": true, "AES-192": true, "AES-256": true}}, "hmacDRBG": &drbg{"hmacDRBG", map[string]bool{"SHA-1": true, "SHA2-224": true, "SHA2-256": true, "SHA2-384": true, "SHA2-512": true}}, "KDF": &kdfPrimitive{}, + "CMAC-AES": &keyedMACPrimitive{"CMAC-AES"}, } m.primitives["ECDSA"] = &ecdsa{"ECDSA", map[string]bool{"P-224": true, "P-256": true, "P-384": true, "P-521": true}, m.primitives} diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go b/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go index 09214c47dc..c8c08533cc 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go @@ -299,6 +299,52 @@ var invalidCTRDRBG = []byte(`{ }] }`) +var validCMACAESJSON = []byte(`{ + "vsId": 1, + "algorithm": "CMAC-AES", + "revision": "1.0", + "testGroups": [{ + "tgId": 4, + "testType": "AFT", + "direction": "gen", + "keyLen": 128, + "msgLen": 2752, + "macLen": 64, + "tests": [{ + "tcId": 25, + "key": "E2547E38B28B2C24892C133FF4770688", + "message": "89DE09D747FB4B2669B59759A15BAAF068CAF31FD938DFCFFB38ECED53BA91DD659FD91E6CCCFEC5F972B1AD66BF78FE7FE319E58F514362FC75A346C144981B63FD18195A2AD482AF83711C9ADC449F7EAD32EBD5F4DB7EB93348404EAD496B8F4C89AB5FF7ACB2CFEFD96BD0FC9645B6F1F30AB02767ECA8771106DCA47188EE42183121FB9172B8E2133DE084F6CA3924E4BF3638ADA77DAAA6F06A6494E32CBAEFC6C6D0699BB12A425DCFE5974F687B6A71879D42DE08DF018A96429CFA40E32378D35E46A4956C5D7916B6877F353D33075FD4C64F32C3250D74FF070EA358135664CD8C9B82C9454EED75A12EEC758A9E514053533A884560FAC96DDBBA4AEEB8E473F4BFDB8447B22800D7782320D6E2DAC2599111F8CA598D6720CA7C6E4FC5EDC54FC3576460AAD1644B04E1D2C81B93EA49090FDB7E33374C243B2F19177405B94BEC3C69CC24CC686D8F2B01A6B2A350E394" + }] + }] +}`) + +var callsCMACAES = []fakeTransactCall{ + fakeTransactCall{cmd: "CMAC-AES", expectedNumResults: 1, args: [][]byte{ + uint32le(64 / 8), // outputBytes + fromHex("E2547E38B28B2C24892C133FF4770688"), // key + fromHex("89DE09D747FB4B2669B59759A15BAAF068CAF31FD938DFCFFB38ECED53BA91DD659FD91E6CCCFEC5F972B1AD66BF78FE7FE319E58F514362FC75A346C144981B63FD18195A2AD482AF83711C9ADC449F7EAD32EBD5F4DB7EB93348404EAD496B8F4C89AB5FF7ACB2CFEFD96BD0FC9645B6F1F30AB02767ECA8771106DCA47188EE42183121FB9172B8E2133DE084F6CA3924E4BF3638ADA77DAAA6F06A6494E32CBAEFC6C6D0699BB12A425DCFE5974F687B6A71879D42DE08DF018A96429CFA40E32378D35E46A4956C5D7916B6877F353D33075FD4C64F32C3250D74FF070EA358135664CD8C9B82C9454EED75A12EEC758A9E514053533A884560FAC96DDBBA4AEEB8E473F4BFDB8447B22800D7782320D6E2DAC2599111F8CA598D6720CA7C6E4FC5EDC54FC3576460AAD1644B04E1D2C81B93EA49090FDB7E33374C243B2F19177405B94BEC3C69CC24CC686D8F2B01A6B2A350E394"), // msg + }}, +} + +var invalidCMACAESJSON = []byte(`{ + "vsId": 1, + "algorithm": "CMAC-AES", + "revision": "1.0", + "testGroups": [{ + "tgId": 4, + "testType": "AFT", + "direction": "gen", + "keyLen": 128, + "msgLen": 2752, + "macLen": 64, + "tests": [{ + "tcId": abc, + "key": "E2547E38B28B2C24892C133FF4770688", + "message": "89DE09D747FB4B2669B59759A15BAAF068CAF31FD938DFCFFB38ECED53BA91DD659FD91E6CCCFEC5F972B1AD66BF78FE7FE319E58F514362FC75A346C144981B63FD18195A2AD482AF83711C9ADC449F7EAD32EBD5F4DB7EB93348404EAD496B8F4C89AB5FF7ACB2CFEFD96BD0FC9645B6F1F30AB02767ECA8771106DCA47188EE42183121FB9172B8E2133DE084F6CA3924E4BF3638ADA77DAAA6F06A6494E32CBAEFC6C6D0699BB12A425DCFE5974F687B6A71879D42DE08DF018A96429CFA40E32378D35E46A4956C5D7916B6877F353D33075FD4C64F32C3250D74FF070EA358135664CD8C9B82C9454EED75A12EEC758A9E514053533A884560FAC96DDBBA4AEEB8E473F4BFDB8447B22800D7782320D6E2DAC2599111F8CA598D6720CA7C6E4FC5EDC54FC3576460AAD1644B04E1D2C81B93EA49090FDB7E33374C243B2F19177405B94BEC3C69CC24CC686D8F2B01A6B2A350E394" + }] + }] +}`) + // fakeTransactable provides a fake to return results that don't go to the ACVP // server. type fakeTransactable struct { @@ -329,7 +375,7 @@ func (f *fakeTransactable) Transact(cmd string, expectedNumResults int, args ... return ret.bytes, ret.err } -func newFakeTransactable(name string, numResponses int) *fakeTransactable { +func newFakeTransactable(numResponses int) *fakeTransactable { ret := new(fakeTransactable) // Add results requested by caller. @@ -378,6 +424,18 @@ func TestPrimitives(t *testing.T) { }}, }, }, + { + algo: "CMAC-AES", + p: &keyedMACPrimitive{"CMAC-AES"}, + validJSON: validCMACAESJSON, + invalidJSON: invalidCMACAESJSON, + expectedCalls: callsCMACAES, + results: []fakeTransactResult{ + {bytes: [][]byte{ + fromHex("0102030405060708"), + }}, + }, + }, { algo: "ACVP-AES-ECB", p: &blockCipher{"AES", 16, false}, @@ -398,7 +456,7 @@ func TestPrimitives(t *testing.T) { } for _, test := range tests { - transactable := newFakeTransactable(test.algo, len(test.expectedCalls)) + transactable := newFakeTransactable(len(test.expectedCalls)) if len(test.results) > 0 { transactable.results = test.results } diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index d6a9b0aaef..5de8b5de7f 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -24,6 +24,7 @@ #include #include +#include #include #include #include @@ -299,6 +300,24 @@ static bool GetConfig(const Span args[]) { "SHA2-512" ] }] + }, + { + "algorithm": "CMAC-AES", + "revision": "1.0", + "capabilities": [{ + "direction": ["gen", "ver"], + "msgLen": [{ + "min": 0, + "max": 65536, + "increment": 8 + }], + "keyLen": [128, 256], + "macLen": [{ + "min": 32, + "max": 128, + "increment": 8 + }] + }] } ])"; return WriteReply( @@ -566,6 +585,25 @@ static bool ECDSASigVer(const Span args[]) { return WriteReply(STDOUT_FILENO, Span(reply)); } +static bool CMAC_AES(const Span args[]) { + uint8_t mac[16]; + if (!AES_CMAC(mac, args[1].data(), args[1].size(), args[2].data(), + args[2].size())) { + return false; + } + + uint32_t mac_len; + if (args[0].size() != sizeof(mac_len)) { + return false; + } + memcpy(&mac_len, args[0].data(), sizeof(mac_len)); + if (mac_len > sizeof(mac)) { + return false; + } + + return WriteReply(STDOUT_FILENO, Span(mac, mac_len)); +} + static constexpr struct { const char name[kMaxNameLength + 1]; uint8_t expected_args; @@ -591,6 +629,7 @@ static constexpr struct { {"ECDSA/keyVer", 3, ECDSAKeyVer}, {"ECDSA/sigGen", 4, ECDSASigGen}, {"ECDSA/sigVer", 7, ECDSASigVer}, + {"CMAC-AES", 3, CMAC_AES}, }; int main() { From b9fbf4069eca35bf58d760f7f904814820f6c111 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 6 Jul 2020 13:59:07 -0400 Subject: [PATCH 048/399] Clarify in-place rules for low-level AES mode functions. Change-Id: I9dde27f4a6b492d5a3f49041c8cdcac642c58335 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42004 Commit-Queue: David Benjamin Commit-Queue: Adam Langley Reviewed-by: Adam Langley --- include/openssl/aes.h | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/include/openssl/aes.h b/include/openssl/aes.h index e56062535f..496ec90d10 100644 --- a/include/openssl/aes.h +++ b/include/openssl/aes.h @@ -106,7 +106,10 @@ OPENSSL_EXPORT void AES_decrypt(const uint8_t *in, uint8_t *out, // AES_ctr128_encrypt encrypts (or decrypts, it's the same in CTR mode) |len| // bytes from |in| to |out|. The |num| parameter must be set to zero on the -// first call and |ivec| will be incremented. +// first call and |ivec| will be incremented. This function may be called +// in-place with |in| equal to |out|, but otherwise the buffers may not +// partially overlap. A partial overlap may overwrite input data before it is +// read. OPENSSL_EXPORT void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len, const AES_KEY *key, uint8_t ivec[AES_BLOCK_SIZE], @@ -114,26 +117,35 @@ OPENSSL_EXPORT void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out, unsigned int *num); // AES_ecb_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) a single, -// 16 byte block from |in| to |out|. +// 16 byte block from |in| to |out|. This function may be called in-place with +// |in| equal to |out|, but otherwise the buffers may not partially overlap. A +// partial overlap may overwrite input data before it is read. OPENSSL_EXPORT void AES_ecb_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key, const int enc); // AES_cbc_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len| // bytes from |in| to |out|. The length must be a multiple of the block size. +// This function may be called in-place with |in| equal to |out|, but otherwise +// the buffers may not partially overlap. A partial overlap may overwrite input +// data before it is read. OPENSSL_EXPORT void AES_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, const AES_KEY *key, uint8_t *ivec, const int enc); // AES_ofb128_encrypt encrypts (or decrypts, it's the same in OFB mode) |len| // bytes from |in| to |out|. The |num| parameter must be set to zero on the -// first call. +// first call. This function may be called in-place with |in| equal to |out|, +// but otherwise the buffers may not partially overlap. A partial overlap may +// overwrite input data before it is read. OPENSSL_EXPORT void AES_ofb128_encrypt(const uint8_t *in, uint8_t *out, size_t len, const AES_KEY *key, uint8_t *ivec, int *num); // AES_cfb128_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len| // bytes from |in| to |out|. The |num| parameter must be set to zero on the -// first call. +// first call. This function may be called in-place with |in| equal to |out|, +// but otherwise the buffers may not partially overlap. A partial overlap may +// overwrite input data before it is read. OPENSSL_EXPORT void AES_cfb128_encrypt(const uint8_t *in, uint8_t *out, size_t len, const AES_KEY *key, uint8_t *ivec, int *num, int enc); From d0637e901d6a1dbf8e66453da4abbdf1963926a7 Mon Sep 17 00:00:00 2001 From: Steven Valdez Date: Wed, 3 Jun 2020 15:43:49 -0400 Subject: [PATCH 049/399] Remove TRUST_TOKEN_experiment_v0. Update-Note: This gets rid of TRUST_TOKEN_experiment_v0. Existing callers should be updated to call TRUST_TOKEN_experiment_v1. Change-Id: I8ec9b808cbd35546425690d1548db671ff033e14 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41524 Reviewed-by: David Benjamin Commit-Queue: Steven Valdez --- crypto/ec_extra/hash_to_curve.c | 64 +--- crypto/ec_extra/internal.h | 22 -- crypto/fipsmodule/ec/ec_test.cc | 97 ----- crypto/trust_token/internal.h | 29 -- crypto/trust_token/pmbtoken.c | 479 ++++++------------------- crypto/trust_token/trust_token.c | 52 +-- crypto/trust_token/trust_token_test.cc | 139 +++---- include/openssl/trust_token.h | 11 +- tool/speed.cc | 30 -- 9 files changed, 178 insertions(+), 745 deletions(-) diff --git a/crypto/ec_extra/hash_to_curve.c b/crypto/ec_extra/hash_to_curve.c index 6f8b5995dc..9c824544a3 100644 --- a/crypto/ec_extra/hash_to_curve.c +++ b/crypto/ec_extra/hash_to_curve.c @@ -50,12 +50,10 @@ // expand_message_xmd implements the operation described in section 5.3.1 of // draft-irtf-cfrg-hash-to-curve-07. It returns one on success and zero on -// allocation failure or if |out_len| was too large. If |is_draft06| is one, it -// implements the operation from draft-irtf-cfrg-hash-to-curve-06 instead. +// allocation failure or if |out_len| was too large. static int expand_message_xmd(const EVP_MD *md, uint8_t *out, size_t out_len, const uint8_t *msg, size_t msg_len, - const uint8_t *dst, size_t dst_len, - int is_draft06) { + const uint8_t *dst, size_t dst_len) { int ret = 0; const size_t block_size = EVP_MD_block_size(md); const size_t md_size = EVP_MD_size(md); @@ -88,9 +86,8 @@ static int expand_message_xmd(const EVP_MD *md, uint8_t *out, size_t out_len, !EVP_DigestUpdate(&ctx, kZeros, block_size) || !EVP_DigestUpdate(&ctx, msg, msg_len) || !EVP_DigestUpdate(&ctx, l_i_b_str_zero, sizeof(l_i_b_str_zero)) || - (is_draft06 && !EVP_DigestUpdate(&ctx, &dst_len_u8, 1)) || !EVP_DigestUpdate(&ctx, dst, dst_len) || - (!is_draft06 && !EVP_DigestUpdate(&ctx, &dst_len_u8, 1)) || + !EVP_DigestUpdate(&ctx, &dst_len_u8, 1) || !EVP_DigestFinal_ex(&ctx, b_0, NULL)) { goto err; } @@ -114,9 +111,8 @@ static int expand_message_xmd(const EVP_MD *md, uint8_t *out, size_t out_len, if (!EVP_DigestInit_ex(&ctx, md, NULL) || !EVP_DigestUpdate(&ctx, b_i, md_size) || !EVP_DigestUpdate(&ctx, &i, 1) || - (is_draft06 && !EVP_DigestUpdate(&ctx, &dst_len_u8, 1)) || !EVP_DigestUpdate(&ctx, dst, dst_len) || - (!is_draft06 && !EVP_DigestUpdate(&ctx, &dst_len_u8, 1)) || + !EVP_DigestUpdate(&ctx, &dst_len_u8, 1) || !EVP_DigestFinal_ex(&ctx, b_i, NULL)) { goto err; } @@ -175,12 +171,11 @@ static void big_endian_to_words(BN_ULONG *out, size_t num_words, static int hash_to_field2(const EC_GROUP *group, const EVP_MD *md, EC_FELEM *out1, EC_FELEM *out2, const uint8_t *dst, size_t dst_len, unsigned k, const uint8_t *msg, - size_t msg_len, int is_draft06) { + size_t msg_len) { size_t L; uint8_t buf[4 * EC_MAX_BYTES]; if (!num_bytes_to_derive(&L, &group->field, k) || - !expand_message_xmd(md, buf, 2 * L, msg, msg_len, dst, dst_len, - is_draft06)) { + !expand_message_xmd(md, buf, 2 * L, msg, msg_len, dst, dst_len)) { return 0; } BN_ULONG words[2 * EC_MAX_WORDS]; @@ -196,12 +191,11 @@ static int hash_to_field2(const EC_GROUP *group, const EVP_MD *md, // group order rather than a field element. |k| is the security factor. static int hash_to_scalar(const EC_GROUP *group, const EVP_MD *md, EC_SCALAR *out, const uint8_t *dst, size_t dst_len, - unsigned k, const uint8_t *msg, size_t msg_len, - int is_draft06) { + unsigned k, const uint8_t *msg, size_t msg_len) { size_t L; uint8_t buf[EC_MAX_BYTES * 2]; if (!num_bytes_to_derive(&L, &group->order, k) || - !expand_message_xmd(md, buf, L, msg, msg_len, dst, dst_len, is_draft06)) { + !expand_message_xmd(md, buf, L, msg, msg_len, dst, dst_len)) { return 0; } @@ -310,10 +304,9 @@ static int map_to_curve_simple_swu(const EC_GROUP *group, const EC_FELEM *Z, static int hash_to_curve(const EC_GROUP *group, const EVP_MD *md, const EC_FELEM *Z, const EC_FELEM *c2, unsigned k, EC_RAW_POINT *out, const uint8_t *dst, size_t dst_len, - const uint8_t *msg, size_t msg_len, int is_draft06) { + const uint8_t *msg, size_t msg_len) { EC_FELEM u0, u1; - if (!hash_to_field2(group, md, &u0, &u1, dst, dst_len, k, msg, msg_len, - is_draft06)) { + if (!hash_to_field2(group, md, &u0, &u1, dst, dst_len, k, msg, msg_len)) { return 0; } @@ -376,7 +369,7 @@ int ec_hash_to_curve_p384_xmd_sha512_sswu_draft07( ec_felem_neg(group, &Z, &Z); return hash_to_curve(group, EVP_sha512(), &Z, &c2, /*k=*/192, out, dst, - dst_len, msg, msg_len, /*is_draft06=*/0); + dst_len, msg, msg_len); } int ec_hash_to_scalar_p384_xmd_sha512_draft07( @@ -388,38 +381,5 @@ int ec_hash_to_scalar_p384_xmd_sha512_draft07( } return hash_to_scalar(group, EVP_sha512(), out, dst, dst_len, /*k=*/192, msg, - msg_len, /*is_draft06=*/0); -} - -int ec_hash_to_curve_p521_xmd_sha512_sswu_draft06( - const EC_GROUP *group, EC_RAW_POINT *out, const uint8_t *dst, - size_t dst_len, const uint8_t *msg, size_t msg_len) { - // See section 8.3 of draft-irtf-cfrg-hash-to-curve-06. - if (EC_GROUP_get_curve_name(group) != NID_secp521r1) { - OPENSSL_PUT_ERROR(EC, EC_R_GROUP_MISMATCH); - return 0; - } - - // Z = -4, c2 = 8. - EC_FELEM Z, c2; - if (!felem_from_u8(group, &Z, 4) || - !felem_from_u8(group, &c2, 8)) { - return 0; - } - ec_felem_neg(group, &Z, &Z); - - return hash_to_curve(group, EVP_sha512(), &Z, &c2, /*k=*/256, out, dst, - dst_len, msg, msg_len, /*is_draft06=*/1); -} - -int ec_hash_to_scalar_p521_xmd_sha512_draft06( - const EC_GROUP *group, EC_SCALAR *out, const uint8_t *dst, size_t dst_len, - const uint8_t *msg, size_t msg_len) { - if (EC_GROUP_get_curve_name(group) != NID_secp521r1) { - OPENSSL_PUT_ERROR(EC, EC_R_GROUP_MISMATCH); - return 0; - } - - return hash_to_scalar(group, EVP_sha512(), out, dst, dst_len, /*k=*/256, msg, - msg_len, /*is_draft06=*/1); + msg_len); } diff --git a/crypto/ec_extra/internal.h b/crypto/ec_extra/internal.h index 940a414d32..55314ac730 100644 --- a/crypto/ec_extra/internal.h +++ b/crypto/ec_extra/internal.h @@ -48,28 +48,6 @@ OPENSSL_EXPORT int ec_hash_to_scalar_p384_xmd_sha512_draft07( const EC_GROUP *group, EC_SCALAR *out, const uint8_t *dst, size_t dst_len, const uint8_t *msg, size_t msg_len); -// ec_hash_to_curve_p521_xmd_sha512_sswu_draft06 hashes |msg| to a point on -// |group| and writes the result to |out|, implementing the -// P521_XMD:SHA-512_SSWU_RO_ suite from draft-irtf-cfrg-hash-to-curve-06. It -// returns one on success and zero on error. -// -// This function implements an older version of the draft and should not be used -// in new code. -OPENSSL_EXPORT int ec_hash_to_curve_p521_xmd_sha512_sswu_draft06( - const EC_GROUP *group, EC_RAW_POINT *out, const uint8_t *dst, - size_t dst_len, const uint8_t *msg, size_t msg_len); - -// ec_hash_to_scalar_p521_xmd_sha512_draft06 hashes |msg| to a scalar on |group| -// and writes the result to |out|, using the hash_to_field operation from the -// P521_XMD:SHA-512_SSWU_RO_ suite from draft-irtf-cfrg-hash-to-curve-06, but -// generating a value modulo the group order rather than a field element. -// -// This function implements an older version of the draft and should not be used -// in new code. -OPENSSL_EXPORT int ec_hash_to_scalar_p521_xmd_sha512_draft06( - const EC_GROUP *group, EC_SCALAR *out, const uint8_t *dst, size_t dst_len, - const uint8_t *msg, size_t msg_len); - #if defined(__cplusplus) } // extern C diff --git a/crypto/fipsmodule/ec/ec_test.cc b/crypto/fipsmodule/ec/ec_test.cc index 59d55b58a9..edcfeaac0a 100644 --- a/crypto/fipsmodule/ec/ec_test.cc +++ b/crypto/fipsmodule/ec/ec_test.cc @@ -1170,74 +1170,6 @@ TEST(ECTest, HashToCurve) { "37f2913224287b9dfb64742851f760eb14ca115ff9", "1510e764f1be968d661b7aaecb26a6d38c98e5205ca150f0ae426d" "2c3983c68e3a9ffb283c6ae4891d891b5705500475"}, - - // Note these tests do not match the tests vectors - // draft-irtf-cfrg-hash-to-curve-06 due to a - // spec issue. See - // https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/pull/238 for - // corrected test vectors. - {&ec_hash_to_curve_p521_xmd_sha512_sswu_draft06, NID_secp521r1, - "P521_XMD:SHA-512_SSWU_RO_TESTGEN", "", - "00758617b5e40aa8b30fcfd3c7453ad1abeff158de5697d6f1ccb8" - "4690aaa8bb6692986200d16206e85e4f39f1d2829fee1a5904a089" - "b4fab3b76873429877c58f99", - "016edf324d95fcbe4a30f06751f16cdd5d0b49921dd653cefb3ea2" - "dc2b5b903e36d9924a65407283588cc6c224ab6d6324c73cdc166c" - "e1530b46984b459e966349b3"}, - {&ec_hash_to_curve_p521_xmd_sha512_sswu_draft06, NID_secp521r1, - "P521_XMD:SHA-512_SSWU_RO_TESTGEN", "abc", - "00dcec1a83b676247293e96b1672f67aa5d041a4ded49f542a971a" - "60603dd39194f4d8e587f640563a9ab57dcc69af638129b220683f" - "f03ed9ad8cfdff3833a01452", - "01edc4b497be85361a0afc508058792dc7fc6499a4c51fa3475093" - "fd9951ea46fe055e1b007a12caf9be1ce3028bd0b4ca4ffa5200f9" - "d11e7fc96e068276ad1319c2"}, - {&ec_hash_to_curve_p521_xmd_sha512_sswu_draft06, NID_secp521r1, - "P521_XMD:SHA-512_SSWU_RO_TESTGEN", "abcdef0123456789", - "01f58bfb34825d028c392976a09cebee829734f7714c84b8a13580" - "afcc2eb4726e18e307476c1fccdc857a3d6767fd2882875ab132b7" - "fa7f3f6bae8954384001b1a1", - "00ee0d2d0bfb0bdc6215814fe7096a3dfbf020dce4f0645e8e21a9" - "0d6a6113a5ca61ae7d8f3b485b04f2eb2b85e34fc7f9f1bf367386" - "2e03932b0acc3655e84d480f"}, - {&ec_hash_to_curve_p521_xmd_sha512_sswu_draft06, NID_secp521r1, - "P521_XMD:SHA-512_SSWU_RO_TESTGEN", - "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "016d9a90619bb20c49a2a73cc8c6218cd9b3fb13c720fff2e1f8db" - "ac92862c7da4faf404faeff6b64f0d9b1c5824cec99b0d0ed02b3f" - "acb6275ce553404ea361503e", - "007e301e3357fb1d53961c56e53ce2763e44b297062a3eb14b9f8d" - "6aadc92162a74f7e254a606275e76ea0ac343b3bc746f99804bacd" - "7351a76fce44347c72a6fe9a"}, - - // Custom test vector which triggers long DST path. - {&ec_hash_to_curve_p521_xmd_sha512_sswu_draft06, NID_secp521r1, - "P521_XMD:SHA-512_SSWU_RO_TESTGEN_aaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "abcdef0123456789", - "0036b0c8bbec60335ff8b0397c2cb80283b97051cc949c5c190c28" - "92b279fafd6c372dcec3e71eab85c48ed440c14498332548ee46d0" - "c85442cbdc5b4032e86c3884", - "0081e32ca4378ae89b03142361d9c7fbe66acf0351aca3a71eca50" - "7a37fb8673b69cb108d079a248aedd74f06949d6623e7f7605ea10" - "f6f751ab574c005db7377d7f"}, }; for (const auto &test : kTests) { @@ -1269,8 +1201,6 @@ TEST(ECTest, HashToCurve) { EC_RAW_POINT p; static const uint8_t kDST[] = {0, 1, 2, 3}; static const uint8_t kMessage[] = {4, 5, 6, 7}; - EXPECT_FALSE(ec_hash_to_curve_p521_xmd_sha512_sswu_draft06( - p224.get(), &p, kDST, sizeof(kDST), kMessage, sizeof(kMessage))); EXPECT_FALSE(ec_hash_to_curve_p384_xmd_sha512_sswu_draft07( p224.get(), &p, kDST, sizeof(kDST), kMessage, sizeof(kMessage))); } @@ -1308,31 +1238,6 @@ TEST(ECTest, HashToScalar) { "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "750f2fae7d2b2f41ac737d180c1d4363d85a1504798b4976d40921" "1ddb3651c13a5b4daba9975cdfce18336791131915"}, - {&ec_hash_to_scalar_p521_xmd_sha512_draft06, NID_secp521r1, - "P521_XMD:SHA-512_SCALAR_TEST", "", - "01a6206c2fc677c11d51807bf46d64a17f92396673074c5cee9299" - "4d28eec5445d5ed89799b30b39c964ecf62f39d59e7d43de15d910" - "c2c1d69f3ebc01eab241e5dc"}, - {&ec_hash_to_scalar_p521_xmd_sha512_draft06, NID_secp521r1, - "P521_XMD:SHA-512_SCALAR_TEST", "abcdef0123456789", - "00af484a5d9389a9912f555234c578d4b1b7c4a6f5009018d133a4" - "069172c9f5ce2d853b8643fe7bb50a83427ed3520a7a793c41a455" - "a02aa99431434fb6b5b0b26e"}, - {&ec_hash_to_scalar_p521_xmd_sha512_draft06, NID_secp521r1, - "P521_XMD:SHA-512_SCALAR_TEST", - "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "00b2db2ceb64ad055cafc5a0fc92560525d6dcc4975b86bbb79013" - "a1c3ab5d412320cb55df8088a658039a70c5657d5aefaaaa81cc5d" - "eecdd40c03eb0517fe2e158c"}, }; for (const auto &test : kTests) { @@ -1358,8 +1263,6 @@ TEST(ECTest, HashToScalar) { EC_SCALAR scalar; static const uint8_t kDST[] = {0, 1, 2, 3}; static const uint8_t kMessage[] = {4, 5, 6, 7}; - EXPECT_FALSE(ec_hash_to_scalar_p521_xmd_sha512_draft06( - p224.get(), &scalar, kDST, sizeof(kDST), kMessage, sizeof(kMessage))); EXPECT_FALSE(ec_hash_to_scalar_p384_xmd_sha512_draft07( p224.get(), &scalar, kDST, sizeof(kDST), kMessage, sizeof(kMessage))); } diff --git a/crypto/trust_token/internal.h b/crypto/trust_token/internal.h index d65057f07c..a44de76c0a 100644 --- a/crypto/trust_token/internal.h +++ b/crypto/trust_token/internal.h @@ -77,27 +77,6 @@ OPENSSL_EXPORT void PMBTOKEN_PRETOKEN_free(PMBTOKEN_PRETOKEN *token); DEFINE_STACK_OF(PMBTOKEN_PRETOKEN) -// The following functions implement the corresponding |TRUST_TOKENS_METHOD| -// functions for |TRUST_TOKENS_experiment_v0|'s PMBTokens construction which -// uses P-521. -int pmbtoken_exp0_generate_key(CBB *out_private, CBB *out_public); -int pmbtoken_exp0_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key, - const uint8_t *in, size_t len); -int pmbtoken_exp0_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key, - const uint8_t *in, size_t len); -STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp0_blind(CBB *cbb, size_t count); -int pmbtoken_exp0_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, - size_t num_requested, size_t num_to_issue, - uint8_t private_metadata); -STACK_OF(TRUST_TOKEN) * - pmbtoken_exp0_unblind(const PMBTOKEN_CLIENT_KEY *key, - const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens, - CBS *cbs, size_t count, uint32_t key_id); -int pmbtoken_exp0_read(const PMBTOKEN_ISSUER_KEY *key, - uint8_t out_nonce[PMBTOKEN_NONCE_SIZE], - uint8_t *out_private_metadata, const uint8_t *token, - size_t token_len); - // The following functions implement the corresponding |TRUST_TOKENS_METHOD| // functions for |TRUST_TOKENS_experiment_v1|'s PMBTokens construction which // uses P-384. @@ -193,14 +172,6 @@ struct trust_token_method_st { uint8_t out_nonce[PMBTOKEN_NONCE_SIZE], uint8_t *out_private_metadata, const uint8_t *token, size_t token_len); - - // use_token_hash determines whether to include the token hash in the SRR and - // private metadata encryption. - int use_token_hash : 1; - - // batched_proof determines whether PMBToken uses a batched DLEQOR proof when - // signing tokens. - int batched_proof : 1; }; // Structure representing a single Trust Token public key with the specified ID. diff --git a/crypto/trust_token/pmbtoken.c b/crypto/trust_token/pmbtoken.c index 291cb868ab..5ea60c347f 100644 --- a/crypto/trust_token/pmbtoken.c +++ b/crypto/trust_token/pmbtoken.c @@ -52,9 +52,6 @@ typedef struct { // hash_c implements the H_c operation in PMBTokens. It returns one on success // and zero on error. hash_c_func_t hash_c; - // batched_proof determines whether PMBToken uses a batched DLEQOR proof when - // signing tokens. - int batched_proof : 1; } PMBTOKEN_METHOD; static const uint8_t kDefaultAdditionalData[32] = {0}; @@ -62,7 +59,7 @@ static const uint8_t kDefaultAdditionalData[32] = {0}; static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid, const uint8_t *h_bytes, size_t h_len, hash_t_func_t hash_t, hash_s_func_t hash_s, - hash_c_func_t hash_c, int batched_proof) { + hash_c_func_t hash_c) { method->group = EC_GROUP_new_by_curve_name(curve_nid); if (method->group == NULL) { return 0; @@ -71,7 +68,6 @@ static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid, method->hash_t = hash_t; method->hash_s = hash_s; method->hash_c = hash_c; - method->batched_proof = batched_proof; EC_AFFINE h; if (!ec_point_from_uncompressed(method->group, &h, h_bytes, h_len)) { @@ -724,37 +720,31 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method, return 0; } + if (num_to_issue > ((size_t)-1) / sizeof(EC_RAW_POINT) || + num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW); + return 0; + } + int ret = 0; - EC_RAW_POINT *Tps = NULL; - EC_RAW_POINT *Sps = NULL; - EC_RAW_POINT *Wps = NULL; - EC_RAW_POINT *Wsps = NULL; - EC_SCALAR *es = NULL; + EC_RAW_POINT *Tps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT)); + EC_RAW_POINT *Sps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT)); + EC_RAW_POINT *Wps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT)); + EC_RAW_POINT *Wsps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT)); + EC_SCALAR *es = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR)); CBB batch_cbb; CBB_zero(&batch_cbb); - if (method->batched_proof) { - if (num_to_issue > ((size_t)-1) / sizeof(EC_RAW_POINT) || - num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW); - goto err; - } - Tps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT)); - Sps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT)); - Wps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT)); - Wsps = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT)); - es = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR)); - if (!Tps || - !Sps || - !Wps || - !Wsps || - !es || - !CBB_init(&batch_cbb, 0) || - !point_to_cbb(&batch_cbb, method->group, &key->pubs) || - !point_to_cbb(&batch_cbb, method->group, &key->pub0) || - !point_to_cbb(&batch_cbb, method->group, &key->pub1)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); - goto err; - } + if (!Tps || + !Sps || + !Wps || + !Wsps || + !es || + !CBB_init(&batch_cbb, 0) || + !point_to_cbb(&batch_cbb, method->group, &key->pubs) || + !point_to_cbb(&batch_cbb, method->group, &key->pub0) || + !point_to_cbb(&batch_cbb, method->group, &key->pub1)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + goto err; } for (size_t i = 0; i < num_to_issue; i++) { @@ -793,25 +783,17 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method, goto err; } - if (!method->batched_proof) { - if (!CBB_add_u16_length_prefixed(cbb, &child) || - !dleq_generate(method, &child, key, &Tp, &jacobians[0], &jacobians[1], - &jacobians[2], private_metadata)) { - goto err; - } - } else { - if (!point_to_cbb(&batch_cbb, group, &Tp_affine) || - !point_to_cbb(&batch_cbb, group, &affines[0]) || - !point_to_cbb(&batch_cbb, group, &affines[1]) || - !point_to_cbb(&batch_cbb, group, &affines[2])) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); - goto err; - } - Tps[i] = Tp; - Sps[i] = jacobians[0]; - Wps[i] = jacobians[1]; - Wsps[i] = jacobians[2]; + if (!point_to_cbb(&batch_cbb, group, &Tp_affine) || + !point_to_cbb(&batch_cbb, group, &affines[0]) || + !point_to_cbb(&batch_cbb, group, &affines[1]) || + !point_to_cbb(&batch_cbb, group, &affines[2])) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + goto err; } + Tps[i] = Tp; + Sps[i] = jacobians[0]; + Wps[i] = jacobians[1]; + Wsps[i] = jacobians[2]; if (!CBB_flush(cbb)) { goto err; @@ -821,36 +803,34 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method, // The DLEQ batching construction is described in appendix B of // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional // computations all act on public inputs. - if (method->batched_proof) { - for (size_t i = 0; i < num_to_issue; i++) { - if (!hash_c_batch(method, &es[i], &batch_cbb, i)) { - goto err; - } - } - - EC_RAW_POINT Tp_batch, Sp_batch, Wp_batch, Wsp_batch; - if (!ec_point_mul_scalar_public_batch(group, &Tp_batch, - /*g_scalar=*/NULL, Tps, es, - num_to_issue) || - !ec_point_mul_scalar_public_batch(group, &Sp_batch, - /*g_scalar=*/NULL, Sps, es, - num_to_issue) || - !ec_point_mul_scalar_public_batch(group, &Wp_batch, - /*g_scalar=*/NULL, Wps, es, - num_to_issue) || - !ec_point_mul_scalar_public_batch(group, &Wsp_batch, - /*g_scalar=*/NULL, Wsps, es, - num_to_issue)) { + for (size_t i = 0; i < num_to_issue; i++) { + if (!hash_c_batch(method, &es[i], &batch_cbb, i)) { goto err; } + } - CBB proof; - if (!CBB_add_u16_length_prefixed(cbb, &proof) || - !dleq_generate(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch, - &Wsp_batch, private_metadata) || - !CBB_flush(cbb)) { - goto err; - } + EC_RAW_POINT Tp_batch, Sp_batch, Wp_batch, Wsp_batch; + if (!ec_point_mul_scalar_public_batch(group, &Tp_batch, + /*g_scalar=*/NULL, Tps, es, + num_to_issue) || + !ec_point_mul_scalar_public_batch(group, &Sp_batch, + /*g_scalar=*/NULL, Sps, es, + num_to_issue) || + !ec_point_mul_scalar_public_batch(group, &Wp_batch, + /*g_scalar=*/NULL, Wps, es, + num_to_issue) || + !ec_point_mul_scalar_public_batch(group, &Wsp_batch, + /*g_scalar=*/NULL, Wsps, es, + num_to_issue)) { + goto err; + } + + CBB proof; + if (!CBB_add_u16_length_prefixed(cbb, &proof) || + !dleq_generate(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch, + &Wsp_batch, private_metadata) || + !CBB_flush(cbb)) { + goto err; } // Skip over any unused requests. @@ -890,36 +870,29 @@ static STACK_OF(TRUST_TOKEN) * return NULL; } - EC_RAW_POINT *Tps = NULL; - EC_RAW_POINT *Sps = NULL; - EC_RAW_POINT *Wps = NULL; - EC_RAW_POINT *Wsps = NULL; - EC_SCALAR *es = NULL; + if (count > ((size_t)-1) / sizeof(EC_RAW_POINT) || + count > ((size_t)-1) / sizeof(EC_SCALAR)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW); + return 0; + } + EC_RAW_POINT *Tps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT)); + EC_RAW_POINT *Sps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT)); + EC_RAW_POINT *Wps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT)); + EC_RAW_POINT *Wsps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT)); + EC_SCALAR *es = OPENSSL_malloc(count * sizeof(EC_SCALAR)); CBB batch_cbb; CBB_zero(&batch_cbb); - if (method->batched_proof) { - if (count > ((size_t)-1) / sizeof(EC_RAW_POINT) || - count > ((size_t)-1) / sizeof(EC_SCALAR)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW); - goto err; - } - Tps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT)); - Sps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT)); - Wps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT)); - Wsps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT)); - es = OPENSSL_malloc(count * sizeof(EC_SCALAR)); - if (!Tps || - !Sps || - !Wps || - !Wsps || - !es || - !CBB_init(&batch_cbb, 0) || - !point_to_cbb(&batch_cbb, method->group, &key->pubs) || - !point_to_cbb(&batch_cbb, method->group, &key->pub0) || - !point_to_cbb(&batch_cbb, method->group, &key->pub1)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); - goto err; - } + if (!Tps || + !Sps || + !Wps || + !Wsps || + !es || + !CBB_init(&batch_cbb, 0) || + !point_to_cbb(&batch_cbb, method->group, &key->pubs) || + !point_to_cbb(&batch_cbb, method->group, &key->pub0) || + !point_to_cbb(&batch_cbb, method->group, &key->pub1)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + goto err; } for (size_t i = 0; i < count; i++) { @@ -928,7 +901,6 @@ static STACK_OF(TRUST_TOKEN) * uint8_t s[PMBTOKEN_NONCE_SIZE]; EC_AFFINE Wp_affine, Wsp_affine; - CBS proof; if (!CBS_copy_bytes(cbs, s, PMBTOKEN_NONCE_SIZE) || !cbs_get_prefixed_point(cbs, group, &Wp_affine) || !cbs_get_prefixed_point(cbs, group, &Wsp_affine)) { @@ -936,50 +908,29 @@ static STACK_OF(TRUST_TOKEN) * goto err; } - EC_RAW_POINT Tp, Wp, Wsp, Sp; - ec_affine_to_jacobian(group, &Tp, &pretoken->Tp); - ec_affine_to_jacobian(group, &Wp, &Wp_affine); - ec_affine_to_jacobian(group, &Wsp, &Wsp_affine); - if (!method->hash_s(group, &Sp, &pretoken->Tp, s)) { + ec_affine_to_jacobian(group, &Tps[i], &pretoken->Tp); + ec_affine_to_jacobian(group, &Wps[i], &Wp_affine); + ec_affine_to_jacobian(group, &Wsps[i], &Wsp_affine); + if (!method->hash_s(group, &Sps[i], &pretoken->Tp, s)) { goto err; } - if (!method->batched_proof) { - if(!CBS_get_u16_length_prefixed(cbs, &proof)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); - goto err; - } - - if (!dleq_verify(method, &proof, key, &Tp, &Sp, &Wp, &Wsp)) { - goto err; - } - - if (CBS_len(&proof) != 0) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); - goto err; - } - } else { - EC_AFFINE Sp_affine; - if (!point_to_cbb(&batch_cbb, group, &pretoken->Tp) || - !ec_jacobian_to_affine(group, &Sp_affine, &Sp) || - !point_to_cbb(&batch_cbb, group, &Sp_affine) || - !point_to_cbb(&batch_cbb, group, &Wp_affine) || - !point_to_cbb(&batch_cbb, group, &Wsp_affine)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); - goto err; - } - Tps[i] = Tp; - Sps[i] = Sp; - Wps[i] = Wp; - Wsps[i] = Wsp; + EC_AFFINE Sp_affine; + if (!point_to_cbb(&batch_cbb, group, &pretoken->Tp) || + !ec_jacobian_to_affine(group, &Sp_affine, &Sps[i]) || + !point_to_cbb(&batch_cbb, group, &Sp_affine) || + !point_to_cbb(&batch_cbb, group, &Wp_affine) || + !point_to_cbb(&batch_cbb, group, &Wsp_affine)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + goto err; } // Unblind the token. EC_RAW_POINT jacobians[3]; EC_AFFINE affines[3]; - if (!ec_point_mul_scalar(group, &jacobians[0], &Sp, &pretoken->r) || - !ec_point_mul_scalar(group, &jacobians[1], &Wp, &pretoken->r) || - !ec_point_mul_scalar(group, &jacobians[2], &Wsp, &pretoken->r) || + if (!ec_point_mul_scalar(group, &jacobians[0], &Sps[i], &pretoken->r) || + !ec_point_mul_scalar(group, &jacobians[1], &Wps[i], &pretoken->r) || + !ec_point_mul_scalar(group, &jacobians[2], &Wsps[i], &pretoken->r) || !ec_jacobian_to_affine_batch(group, affines, jacobians, 3)) { goto err; } @@ -1018,32 +969,30 @@ static STACK_OF(TRUST_TOKEN) * // The DLEQ batching construction is described in appendix B of // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional // computations all act on public inputs. - if (method->batched_proof) { - for (size_t i = 0; i < count; i++) { - if (!hash_c_batch(method, &es[i], &batch_cbb, i)) { - goto err; - } - } - - EC_RAW_POINT Tp_batch, Sp_batch, Wp_batch, Wsp_batch; - if (!ec_point_mul_scalar_public_batch(group, &Tp_batch, - /*g_scalar=*/NULL, Tps, es, count) || - !ec_point_mul_scalar_public_batch(group, &Sp_batch, - /*g_scalar=*/NULL, Sps, es, count) || - !ec_point_mul_scalar_public_batch(group, &Wp_batch, - /*g_scalar=*/NULL, Wps, es, count) || - !ec_point_mul_scalar_public_batch(group, &Wsp_batch, - /*g_scalar=*/NULL, Wsps, es, count)) { + for (size_t i = 0; i < count; i++) { + if (!hash_c_batch(method, &es[i], &batch_cbb, i)) { goto err; } + } - CBS proof; - if (!CBS_get_u16_length_prefixed(cbs, &proof) || - !dleq_verify(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch, - &Wsp_batch) || - CBS_len(&proof) != 0) { - goto err; - } + EC_RAW_POINT Tp_batch, Sp_batch, Wp_batch, Wsp_batch; + if (!ec_point_mul_scalar_public_batch(group, &Tp_batch, + /*g_scalar=*/NULL, Tps, es, count) || + !ec_point_mul_scalar_public_batch(group, &Sp_batch, + /*g_scalar=*/NULL, Sps, es, count) || + !ec_point_mul_scalar_public_batch(group, &Wp_batch, + /*g_scalar=*/NULL, Wps, es, count) || + !ec_point_mul_scalar_public_batch(group, &Wsp_batch, + /*g_scalar=*/NULL, Wsps, es, count)) { + goto err; + } + + CBS proof; + if (!CBS_get_u16_length_prefixed(cbs, &proof) || + !dleq_verify(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch, + &Wsp_batch) || + CBS_len(&proof) != 0) { + goto err; } ok = 1; @@ -1127,202 +1076,6 @@ static int pmbtoken_read(const PMBTOKEN_METHOD *method, } -// PMBTokens experiment v0. - -static int pmbtoken_exp0_hash_t(const EC_GROUP *group, EC_RAW_POINT *out, - const uint8_t t[PMBTOKEN_NONCE_SIZE]) { - const uint8_t kHashTLabel[] = "PMBTokensV0 HashT"; - return ec_hash_to_curve_p521_xmd_sha512_sswu_draft06( - group, out, kHashTLabel, sizeof(kHashTLabel), t, PMBTOKEN_NONCE_SIZE); -} - -static int pmbtoken_exp0_hash_s(const EC_GROUP *group, EC_RAW_POINT *out, - const EC_AFFINE *t, - const uint8_t s[PMBTOKEN_NONCE_SIZE]) { - const uint8_t kHashSLabel[] = "PMBTokensV0 HashS"; - int ret = 0; - CBB cbb; - uint8_t *buf = NULL; - size_t len; - if (!CBB_init(&cbb, 0) || - !point_to_cbb(&cbb, group, t) || - !CBB_add_bytes(&cbb, s, PMBTOKEN_NONCE_SIZE) || - !CBB_finish(&cbb, &buf, &len) || - !ec_hash_to_curve_p521_xmd_sha512_sswu_draft06( - group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); - goto err; - } - - ret = 1; - -err: - OPENSSL_free(buf); - CBB_cleanup(&cbb); - return ret; -} - -static int pmbtoken_exp0_hash_c(const EC_GROUP *group, EC_SCALAR *out, - uint8_t *buf, size_t len) { - const uint8_t kHashCLabel[] = "PMBTokensV0 HashC"; - return ec_hash_to_scalar_p521_xmd_sha512_draft06( - group, out, kHashCLabel, sizeof(kHashCLabel), buf, len); -} - -// H for PMBTokens v0 was generated with the following Python code. -/* -import hashlib - -SEED_H = 'PrivacyPass H' - -A = -3 -B = 0x051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00 -P = 2**521 - 1 - -def get_y(x): - y2 = (x**3 + A*x + B) % P - y = pow(y2, (P+1)/4, P) - if (y*y) % P != y2: - raise ValueError("point not on curve") - return y - -def bit(h,i): - return (ord(h[i/8]) >> (i%8)) & 1 - -b = 521 -def decode_point(so): - s = hashlib.sha256(so + '0').digest() + hashlib.sha256(so + '1').digest() + \ - hashlib.sha256(so + '2').digest() - - x = 0 - for i in range(0,b): - x = x + (long(bit(s,i))<= P: - raise ValueError("x out of range") - y = get_y(x) - if y & 1 != bit(s,b-1): y = P-y - return (x, y) - - -def gen_point(seed): - v = hashlib.sha256(seed).digest() - it = 1 - while True: - try: - x,y = decode_point(v) - except Exception, e: - print e - it += 1 - v = hashlib.sha256(v).digest() - continue - print "Found in %d iterations:" % it - print " x = %d" % x - print " y = %d" % y - print " Encoded (hex): (%x, %x)" % (x, y) - return (x, y) - -if __name__ == "__main__": - gen_point(SEED_H) -*/ -static int pmbtoken_exp0_ok = 0; -static PMBTOKEN_METHOD pmbtoken_exp0_method; -static CRYPTO_once_t pmbtoken_exp0_method_once = CRYPTO_ONCE_INIT; - -static void pmbtoken_exp0_init_method_impl(void) { - static const uint8_t kH[] = { - 0x04, 0x01, 0xf0, 0xa9, 0xf7, 0x9e, 0xbc, 0x12, 0x6c, 0xef, 0xd1, 0xab, - 0x29, 0x10, 0x03, 0x6f, 0x4e, 0xf5, 0xbd, 0xeb, 0x0f, 0x6b, 0xc0, 0x5c, - 0x0e, 0xce, 0xfe, 0x59, 0x45, 0xd1, 0x3e, 0x25, 0x33, 0x7e, 0x4c, 0xda, - 0x64, 0x53, 0x54, 0x4e, 0xf9, 0x76, 0x0d, 0x6d, 0xc5, 0x39, 0x2a, 0xd4, - 0xce, 0x84, 0x6e, 0x31, 0xc2, 0x86, 0x21, 0xf9, 0x5c, 0x98, 0xb9, 0x3d, - 0x01, 0x74, 0x9f, 0xc5, 0x1e, 0x47, 0x24, 0x00, 0x5c, 0x17, 0x62, 0x51, - 0x7d, 0x32, 0x5e, 0x29, 0xac, 0x52, 0x14, 0x75, 0x6f, 0x36, 0xd9, 0xc7, - 0xfa, 0xbb, 0xa9, 0x3b, 0x9d, 0x70, 0x49, 0x1e, 0xb4, 0x53, 0xbc, 0x55, - 0xea, 0xad, 0x8f, 0x26, 0x1d, 0xe0, 0xbc, 0xf3, 0x50, 0x5c, 0x7e, 0x66, - 0x41, 0xb5, 0x61, 0x70, 0x12, 0x72, 0xac, 0x6a, 0xb0, 0x6e, 0x78, 0x3d, - 0x17, 0x08, 0xe3, 0xdf, 0x3c, 0xff, 0xa6, 0xa0, 0xea, 0x96, 0x67, 0x92, - 0xcd, - }; - - pmbtoken_exp0_ok = - pmbtoken_init_method(&pmbtoken_exp0_method, NID_secp521r1, kH, sizeof(kH), - pmbtoken_exp0_hash_t, pmbtoken_exp0_hash_s, - pmbtoken_exp0_hash_c, /*batched_proof=*/0); -} - -static int pmbtoken_exp0_init_method(void) { - CRYPTO_once(&pmbtoken_exp0_method_once, pmbtoken_exp0_init_method_impl); - if (!pmbtoken_exp0_ok) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR); - return 0; - } - return 1; -} - -int pmbtoken_exp0_generate_key(CBB *out_private, CBB *out_public) { - if (!pmbtoken_exp0_init_method()) { - return 0; - } - - return pmbtoken_generate_key(&pmbtoken_exp0_method, out_private, out_public); -} - -int pmbtoken_exp0_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key, - const uint8_t *in, size_t len) { - if (!pmbtoken_exp0_init_method()) { - return 0; - } - return pmbtoken_client_key_from_bytes(&pmbtoken_exp0_method, key, in, len); -} - -int pmbtoken_exp0_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key, - const uint8_t *in, size_t len) { - if (!pmbtoken_exp0_init_method()) { - return 0; - } - return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp0_method, key, in, len); -} - -STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp0_blind(CBB *cbb, size_t count) { - if (!pmbtoken_exp0_init_method()) { - return NULL; - } - return pmbtoken_blind(&pmbtoken_exp0_method, cbb, count); -} - -int pmbtoken_exp0_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, - size_t num_requested, size_t num_to_issue, - uint8_t private_metadata) { - if (!pmbtoken_exp0_init_method()) { - return 0; - } - return pmbtoken_sign(&pmbtoken_exp0_method, key, cbb, cbs, num_requested, - num_to_issue, private_metadata); -} - -STACK_OF(TRUST_TOKEN) * - pmbtoken_exp0_unblind(const PMBTOKEN_CLIENT_KEY *key, - const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens, - CBS *cbs, size_t count, uint32_t key_id) { - if (!pmbtoken_exp0_init_method()) { - return NULL; - } - return pmbtoken_unblind(&pmbtoken_exp0_method, key, pretokens, cbs, count, - key_id); -} - -int pmbtoken_exp0_read(const PMBTOKEN_ISSUER_KEY *key, - uint8_t out_nonce[PMBTOKEN_NONCE_SIZE], - uint8_t *out_private_metadata, const uint8_t *token, - size_t token_len) { - if (!pmbtoken_exp0_init_method()) { - return 0; - } - return pmbtoken_read(&pmbtoken_exp0_method, key, out_nonce, - out_private_metadata, token, token_len); -} - - // PMBTokens experiment v1. static int pmbtoken_exp1_hash_t(const EC_GROUP *group, EC_RAW_POINT *out, @@ -1387,7 +1140,7 @@ static void pmbtoken_exp1_init_method_impl(void) { pmbtoken_exp1_ok = pmbtoken_init_method(&pmbtoken_exp1_method, NID_secp384r1, kH, sizeof(kH), pmbtoken_exp1_hash_t, pmbtoken_exp1_hash_s, - pmbtoken_exp1_hash_c, /*batched_proof=*/1); + pmbtoken_exp1_hash_c); } static int pmbtoken_exp1_init_method(void) { diff --git a/crypto/trust_token/trust_token.c b/crypto/trust_token/trust_token.c index 1ade23e391..87b827714c 100644 --- a/crypto/trust_token/trust_token.c +++ b/crypto/trust_token/trust_token.c @@ -27,21 +27,6 @@ // protocol for issuing and redeeming tokens built on top of the PMBTokens // construction. -const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v0(void) { - static const TRUST_TOKEN_METHOD kMethod = { - pmbtoken_exp0_generate_key, - pmbtoken_exp0_client_key_from_bytes, - pmbtoken_exp0_issuer_key_from_bytes, - pmbtoken_exp0_blind, - pmbtoken_exp0_sign, - pmbtoken_exp0_unblind, - pmbtoken_exp0_read, - 0 /* don't use token hash */, - 0 /* don't use batched proof */, - }; - return &kMethod; -} - const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void) { static const TRUST_TOKEN_METHOD kMethod = { pmbtoken_exp1_generate_key, @@ -51,8 +36,6 @@ const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void) { pmbtoken_exp1_sign, pmbtoken_exp1_unblind, pmbtoken_exp1_read, - 1 /* use token hash */, - 1 /* use batched proof */, }; return &kMethod; } @@ -597,16 +580,8 @@ int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, SHA256_Update(&sha_ctx, CBS_data(&token_copy), CBS_len(&token_copy)); SHA256_Final(token_hash, &sha_ctx); - uint8_t metadata_obfuscator; - if (ctx->method->use_token_hash) { - metadata_obfuscator = - get_metadata_obfuscator(ctx->metadata_key, ctx->metadata_key_len, - token_hash, sizeof(token_hash)); - } else { - metadata_obfuscator = - get_metadata_obfuscator(ctx->metadata_key, ctx->metadata_key_len, - CBS_data(&client_data), CBS_len(&client_data)); - } + uint8_t metadata_obfuscator = get_metadata_obfuscator( + ctx->metadata_key, ctx->metadata_key_len, token_hash, sizeof(token_hash)); // The SRR is constructed as per the format described in // https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit#heading=h.7mkzvhpqb8l5 @@ -625,10 +600,7 @@ int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, assert(strlen(kClientDataLabel) < strlen(kExpiryTimestampLabel)); assert(strlen(kPublicLabel) < strlen(kPrivateLabel)); - size_t map_entries = 3; - if (ctx->method->use_token_hash) { - map_entries = 4; - } + size_t map_entries = 4; if (!CBB_init(&srr, 0) || !add_cbor_map(&srr, map_entries) || // SRR map @@ -637,20 +609,10 @@ int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, !add_cbor_text(&srr, kPublicLabel, strlen(kPublicLabel)) || !add_cbor_int(&srr, public_metadata) || !add_cbor_text(&srr, kPrivateLabel, strlen(kPrivateLabel)) || - !add_cbor_int(&srr, private_metadata ^ metadata_obfuscator)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (ctx->method->use_token_hash) { - if (!add_cbor_text(&srr, kTokenHashLabel, strlen(kTokenHashLabel)) || - !add_cbor_bytes(&srr, token_hash, sizeof(token_hash))) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - if (!add_cbor_text(&srr, kClientDataLabel, strlen(kClientDataLabel)) || + !add_cbor_int(&srr, private_metadata ^ metadata_obfuscator) || + !add_cbor_text(&srr, kTokenHashLabel, strlen(kTokenHashLabel)) || + !add_cbor_bytes(&srr, token_hash, sizeof(token_hash)) || + !add_cbor_text(&srr, kClientDataLabel, strlen(kClientDataLabel)) || !CBB_add_bytes(&srr, CBS_data(&client_data), CBS_len(&client_data)) || !add_cbor_text(&srr, kExpiryTimestampLabel, strlen(kExpiryTimestampLabel)) || diff --git a/crypto/trust_token/trust_token_test.cc b/crypto/trust_token/trust_token_test.cc index 41bf55ddf5..f6ff86c2b5 100644 --- a/crypto/trust_token/trust_token_test.cc +++ b/crypto/trust_token/trust_token_test.cc @@ -44,18 +44,6 @@ BSSL_NAMESPACE_BEGIN namespace { -TEST(TrustTokenTest, KeyGenExp0) { - uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE]; - uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE]; - size_t priv_key_len, pub_key_len; - ASSERT_TRUE(TRUST_TOKEN_generate_key( - TRUST_TOKEN_experiment_v0(), priv_key, &priv_key_len, - TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE, pub_key, &pub_key_len, - TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, 0x0001)); - ASSERT_EQ(400u, priv_key_len); - ASSERT_EQ(409u, pub_key_len); -} - TEST(TrustTokenTest, KeyGenExp1) { uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE]; uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE]; @@ -91,7 +79,7 @@ TEST(TrustTokenTest, HExp1) { } static std::vector AllMethods() { - return {TRUST_TOKEN_experiment_v0(), TRUST_TOKEN_experiment_v1()}; + return {TRUST_TOKEN_experiment_v1()}; } class TrustTokenProtocolTestBase : public ::testing::Test { @@ -454,14 +442,7 @@ TEST_P(TrustTokenMetadataTest, SetAndGetMetadata) { const uint8_t kClientData[] = "\x70TEST CLIENT DATA"; uint64_t kRedemptionTime = 13374242; - const uint8_t kExpectedSRRNoTokenHash[] = - "\xa3\x68\x6d\x65\x74\x61\x64\x61\x74\x61\xa2\x66\x70\x75\x62\x6c\x69" - "\x63\x00\x67\x70\x72\x69\x76\x61\x74\x65\x00\x6b\x63\x6c\x69\x65\x6e" - "\x74\x2d\x64\x61\x74\x61\x70\x54\x45\x53\x54\x20\x43\x4c\x49\x45\x4e" - "\x54\x20\x44\x41\x54\x41\x70\x65\x78\x70\x69\x72\x79\x2d\x74\x69\x6d" - "\x65\x73\x74\x61\x6d\x70\x1a\x00\xcc\x15\x7a"; - - const uint8_t kExpectedSRRTokenHash[] = + const uint8_t kExpectedSRR[] = "\xa4\x68\x6d\x65\x74\x61\x64\x61\x74\x61\xa2\x66\x70\x75\x62\x6c\x69" "\x63\x00\x67\x70\x72\x69\x76\x61\x74\x65\x00\x6a\x74\x6f\x6b\x65\x6e" "\x2d\x68\x61\x73\x68\x58\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" @@ -498,50 +479,33 @@ TEST_P(TrustTokenMetadataTest, SetAndGetMetadata) { bssl::UniquePtr free_srr(srr); bssl::UniquePtr free_sig(sig); - if (method()->use_token_hash) { - const uint8_t kTokenHashDSTLabel[] = "TrustTokenV0 TokenHash"; - uint8_t token_hash[SHA256_DIGEST_LENGTH]; - SHA256_CTX sha_ctx; - SHA256_Init(&sha_ctx); - SHA256_Update(&sha_ctx, kTokenHashDSTLabel, sizeof(kTokenHashDSTLabel)); - SHA256_Update(&sha_ctx, token->data, token->len); - SHA256_Final(token_hash, &sha_ctx); - - // Check the token hash is in the SRR. - ASSERT_EQ(Bytes(token_hash), Bytes(srr + 41, sizeof(token_hash))); - - uint8_t decode_private_metadata; - ASSERT_TRUE(TRUST_TOKEN_decode_private_metadata( - method(), &decode_private_metadata, metadata_key, - sizeof(metadata_key), token_hash, sizeof(token_hash), srr[27])); - ASSERT_EQ(srr[18], public_metadata()); - ASSERT_EQ(decode_private_metadata, private_metadata()); - - // Clear out the metadata bits. - srr[18] = 0; - srr[27] = 0; - - // Clear out the token hash. - OPENSSL_memset(srr + 41, 0, sizeof(token_hash)); - - ASSERT_EQ(Bytes(kExpectedSRRTokenHash, sizeof(kExpectedSRRTokenHash) - 1), - Bytes(srr, srr_len)); - } else { - uint8_t decode_private_metadata; - ASSERT_TRUE(TRUST_TOKEN_decode_private_metadata( - method(), &decode_private_metadata, metadata_key, - sizeof(metadata_key), kClientData, sizeof(kClientData) - 1, srr[27])); - ASSERT_EQ(srr[18], public_metadata()); - ASSERT_EQ(decode_private_metadata, private_metadata()); - - // Clear out the metadata bits. - srr[18] = 0; - srr[27] = 0; - - ASSERT_EQ( - Bytes(kExpectedSRRNoTokenHash, sizeof(kExpectedSRRNoTokenHash) - 1), - Bytes(srr, srr_len)); - } + const uint8_t kTokenHashDSTLabel[] = "TrustTokenV0 TokenHash"; + uint8_t token_hash[SHA256_DIGEST_LENGTH]; + SHA256_CTX sha_ctx; + SHA256_Init(&sha_ctx); + SHA256_Update(&sha_ctx, kTokenHashDSTLabel, sizeof(kTokenHashDSTLabel)); + SHA256_Update(&sha_ctx, token->data, token->len); + SHA256_Final(token_hash, &sha_ctx); + + // Check the token hash is in the SRR. + ASSERT_EQ(Bytes(token_hash), Bytes(srr + 41, sizeof(token_hash))); + + uint8_t decode_private_metadata; + ASSERT_TRUE(TRUST_TOKEN_decode_private_metadata( + method(), &decode_private_metadata, metadata_key, sizeof(metadata_key), + token_hash, sizeof(token_hash), srr[27])); + ASSERT_EQ(srr[18], public_metadata()); + ASSERT_EQ(decode_private_metadata, private_metadata()); + + // Clear out the metadata bits. + srr[18] = 0; + srr[27] = 0; + + // Clear out the token hash. + OPENSSL_memset(srr + 41, 0, sizeof(token_hash)); + + ASSERT_EQ(Bytes(kExpectedSRR, sizeof(kExpectedSRR) - 1), + Bytes(srr, srr_len)); } } @@ -607,23 +571,14 @@ TEST_P(TrustTokenMetadataTest, TruncatedProof) { ASSERT_TRUE(CBB_add_u16(bad_response.get(), CBS_len(&tmp))); ASSERT_TRUE( CBB_add_bytes(bad_response.get(), CBS_data(&tmp), CBS_len(&tmp))); - if (!method()->batched_proof) { - ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp)); - CBB dleq; - ASSERT_TRUE(CBB_add_u16_length_prefixed(bad_response.get(), &dleq)); - ASSERT_TRUE(CBB_add_bytes(&dleq, CBS_data(&tmp), CBS_len(&tmp) - 2)); - ASSERT_TRUE(CBB_flush(bad_response.get())); - } } - if (method()->batched_proof) { - CBS tmp; - ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp)); - CBB dleq; - ASSERT_TRUE(CBB_add_u16_length_prefixed(bad_response.get(), &dleq)); - ASSERT_TRUE(CBB_add_bytes(&dleq, CBS_data(&tmp), CBS_len(&tmp) - 2)); - ASSERT_TRUE(CBB_flush(bad_response.get())); - } + CBS tmp; + ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp)); + CBB dleq; + ASSERT_TRUE(CBB_add_u16_length_prefixed(bad_response.get(), &dleq)); + ASSERT_TRUE(CBB_add_bytes(&dleq, CBS_data(&tmp), CBS_len(&tmp) - 2)); + ASSERT_TRUE(CBB_flush(bad_response.get())); uint8_t *bad_buf; size_t bad_len; @@ -675,25 +630,15 @@ TEST_P(TrustTokenMetadataTest, ExcessDataProof) { ASSERT_TRUE(CBB_add_u16(bad_response.get(), CBS_len(&tmp))); ASSERT_TRUE( CBB_add_bytes(bad_response.get(), CBS_data(&tmp), CBS_len(&tmp))); - if (!method()->batched_proof) { - ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp)); - CBB dleq; - ASSERT_TRUE(CBB_add_u16_length_prefixed(bad_response.get(), &dleq)); - ASSERT_TRUE(CBB_add_bytes(&dleq, CBS_data(&tmp), CBS_len(&tmp))); - ASSERT_TRUE(CBB_add_u16(&dleq, 42)); - ASSERT_TRUE(CBB_flush(bad_response.get())); - } } - if (method()->batched_proof) { - CBS tmp; - ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp)); - CBB dleq; - ASSERT_TRUE(CBB_add_u16_length_prefixed(bad_response.get(), &dleq)); - ASSERT_TRUE(CBB_add_bytes(&dleq, CBS_data(&tmp), CBS_len(&tmp))); - ASSERT_TRUE(CBB_add_u16(&dleq, 42)); - ASSERT_TRUE(CBB_flush(bad_response.get())); - } + CBS tmp; + ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp)); + CBB dleq; + ASSERT_TRUE(CBB_add_u16_length_prefixed(bad_response.get(), &dleq)); + ASSERT_TRUE(CBB_add_bytes(&dleq, CBS_data(&tmp), CBS_len(&tmp))); + ASSERT_TRUE(CBB_add_u16(&dleq, 42)); + ASSERT_TRUE(CBB_flush(bad_response.get())); uint8_t *bad_buf; size_t bad_len; diff --git a/include/openssl/trust_token.h b/include/openssl/trust_token.h index a73a8687d7..9ecf75f193 100644 --- a/include/openssl/trust_token.h +++ b/include/openssl/trust_token.h @@ -36,13 +36,8 @@ extern "C" { // // WARNING: This API is unstable and subject to change. -// TRUST_TOKEN_experiment_v0 is an experimental Trust Tokens protocol using -// PMBTokens and P-521. -OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v0(void); - // TRUST_TOKEN_experiment_v1 is an experimental Trust Tokens protocol using -// PMBTokens and P-384. This version is still under developement and should not -// be used yet. +// PMBTokens and P-384. OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void); // trust_token_st represents a single-use token for the Trust Token protocol. @@ -234,9 +229,6 @@ OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_issue( // returning the SRR to the client. If the value has been reused, the caller // must discard the SRR and report an error to the caller. Returning an SRR with // replayed values allows an attacker to double-spend tokens. -// -// The private metadata construction in |TRUST_TOKEN_experiment_v0| does not -// keep the value secret and should not be used when secrecy is required. OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_redeem( const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, size_t *out_len, TRUST_TOKEN **out_token, uint8_t **out_client_data, @@ -246,7 +238,6 @@ OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_redeem( // TRUST_TOKEN_decode_private_metadata decodes |encrypted_bit| using the // private metadata key specified by a |key| buffer of length |key_len| and the // nonce by a |nonce| buffer of length |nonce_len|. The nonce in -// |TRUST_TOKEN_experiment_v0| is the client-data field of the SRR. The nonce in // |TRUST_TOKEN_experiment_v1| is the token-hash field of the SRR. |*out_value| // is set to the decrypted value, either zero or one. It returns one on success // and zero on error. diff --git a/tool/speed.cc b/tool/speed.cc index 2c36c80c28..af81a603fd 100644 --- a/tool/speed.cc +++ b/tool/speed.cc @@ -955,32 +955,6 @@ static bool SpeedHashToCurve(const std::string &selected) { static const uint8_t kLabel[] = "label"; TimeResults results; - { - EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp521r1); - if (group == NULL) { - return false; - } - if (!TimeFunction(&results, [&]() -> bool { - EC_RAW_POINT out; - return ec_hash_to_curve_p521_xmd_sha512_sswu_draft06( - group, &out, kLabel, sizeof(kLabel), input, sizeof(input)); - })) { - fprintf(stderr, "hash-to-curve failed.\n"); - return false; - } - results.Print("hash-to-curve P521_XMD:SHA-512_SSWU_RO_"); - - if (!TimeFunction(&results, [&]() -> bool { - EC_SCALAR out; - return ec_hash_to_scalar_p521_xmd_sha512_draft06( - group, &out, kLabel, sizeof(kLabel), input, sizeof(input)); - })) { - fprintf(stderr, "hash-to-scalar failed.\n"); - return false; - } - results.Print("hash-to-scalar P521_XMD:SHA-512"); - } - { EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1); if (group == NULL) { @@ -1375,10 +1349,6 @@ bool Speed(const std::vector &args) { !SpeedRSAKeyGen(selected) || !SpeedHRSS(selected) || !SpeedHashToCurve(selected) || - !SpeedTrustToken("TrustToken-Exp0-Batch1", TRUST_TOKEN_experiment_v0(), 1, - selected) || - !SpeedTrustToken("TrustToken-Exp0-Batch10", TRUST_TOKEN_experiment_v0(), - 10, selected) || !SpeedTrustToken("TrustToken-Exp1-Batch1", TRUST_TOKEN_experiment_v1(), 1, selected) || !SpeedTrustToken("TrustToken-Exp1-Batch10", TRUST_TOKEN_experiment_v1(), From 5d7c2f8b1d2643856c74d63c5b455a5c0828bd83 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 6 Jul 2020 17:49:13 -0400 Subject: [PATCH 050/399] Implement i2d_PUBKEY and friends without crypto/asn1. Code which targets OpenSSL won't use EVP_parse_public_key. X509_PUBKEY is fairly deeply tied to the old ASN.1 stack, but there's no reason for i2d_PUBKEY and friends to be. Move them to crypto/evp and reimplement as wrappers over our functions. Bug: chromium:1102458 Change-Id: Ic11766acdac797602e4abe1253b0efe33faef298 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42005 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/evp/evp_asn1.c | 143 ++++++++++++++++++++++++++++++++++++++ crypto/x509/x_pubkey.c | 154 ----------------------------------------- include/openssl/evp.h | 69 ++++++++++++++++++ include/openssl/x509.h | 14 ---- 4 files changed, 212 insertions(+), 168 deletions(-) diff --git a/crypto/evp/evp_asn1.c b/crypto/evp/evp_asn1.c index fc1dce3175..4d13d59fd4 100644 --- a/crypto/evp/evp_asn1.c +++ b/crypto/evp/evp_asn1.c @@ -65,6 +65,7 @@ #include #include "internal.h" +#include "../bytestring/internal.h" #include "../internal.h" @@ -386,3 +387,145 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **out, const uint8_t **inp, EVP_PKEY_free(ret); return NULL; } + +EVP_PKEY *d2i_PUBKEY(EVP_PKEY **out, const uint8_t **inp, long len) { + if (len < 0) { + return NULL; + } + CBS cbs; + CBS_init(&cbs, *inp, (size_t)len); + EVP_PKEY *ret = EVP_parse_public_key(&cbs); + if (ret == NULL) { + return NULL; + } + if (out != NULL) { + EVP_PKEY_free(*out); + *out = ret; + } + *inp = CBS_data(&cbs); + return ret; +} + +int i2d_PUBKEY(const EVP_PKEY *pkey, uint8_t **outp) { + CBB cbb; + if (!CBB_init(&cbb, 128) || + !EVP_marshal_public_key(&cbb, pkey)) { + CBB_cleanup(&cbb); + return -1; + } + return CBB_finish_i2d(&cbb, outp); +} + +RSA *d2i_RSA_PUBKEY(RSA **out, const uint8_t **inp, long len) { + if (len < 0) { + return NULL; + } + CBS cbs; + CBS_init(&cbs, *inp, (size_t)len); + EVP_PKEY *pkey = EVP_parse_public_key(&cbs); + if (pkey == NULL) { + return NULL; + } + RSA *rsa = EVP_PKEY_get1_RSA(pkey); + EVP_PKEY_free(pkey); + if (rsa == NULL) { + return NULL; + } + if (out != NULL) { + RSA_free(*out); + *out = rsa; + } + *inp = CBS_data(&cbs); + return rsa; +} + +int i2d_RSA_PUBKEY(const RSA *rsa, uint8_t **outp) { + int ret = -1; + EVP_PKEY *pkey = EVP_PKEY_new(); + if (pkey == NULL || + !EVP_PKEY_set1_RSA(pkey, (RSA *)rsa)) { + goto err; + } + + ret = i2d_PUBKEY(pkey, outp); + +err: + EVP_PKEY_free(pkey); + return ret; +} + +DSA *d2i_DSA_PUBKEY(DSA **out, const uint8_t **inp, long len) { + if (len < 0) { + return NULL; + } + CBS cbs; + CBS_init(&cbs, *inp, (size_t)len); + EVP_PKEY *pkey = EVP_parse_public_key(&cbs); + if (pkey == NULL) { + return NULL; + } + DSA *dsa = EVP_PKEY_get1_DSA(pkey); + EVP_PKEY_free(pkey); + if (dsa == NULL) { + return NULL; + } + if (out != NULL) { + DSA_free(*out); + *out = dsa; + } + *inp = CBS_data(&cbs); + return dsa; +} + +int i2d_DSA_PUBKEY(const DSA *dsa, uint8_t **outp) { + int ret = -1; + EVP_PKEY *pkey = EVP_PKEY_new(); + if (pkey == NULL || + !EVP_PKEY_set1_DSA(pkey, (DSA *)dsa)) { + goto err; + } + + ret = i2d_PUBKEY(pkey, outp); + +err: + EVP_PKEY_free(pkey); + return ret; +} + +EC_KEY *d2i_EC_PUBKEY(EC_KEY **out, const uint8_t **inp, long len) { + if (len < 0) { + return NULL; + } + CBS cbs; + CBS_init(&cbs, *inp, (size_t)len); + EVP_PKEY *pkey = EVP_parse_public_key(&cbs); + if (pkey == NULL) { + return NULL; + } + EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(pkey); + EVP_PKEY_free(pkey); + if (ec_key == NULL) { + return NULL; + } + if (out != NULL) { + EC_KEY_free(*out); + *out = ec_key; + } + *inp = CBS_data(&cbs); + return ec_key; +} + +int i2d_EC_PUBKEY(const EC_KEY *ec_key, uint8_t **outp) { + int ret = -1; + EVP_PKEY *pkey = EVP_PKEY_new(); + if (pkey == NULL || + !EVP_PKEY_set1_EC_KEY(pkey, (EC_KEY *)ec_key)) { + goto err; + } + + ret = i2d_PUBKEY(pkey, outp); + +err: + EVP_PKEY_free(pkey); + return ret; +} diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 3d07d661b0..37dee49801 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -180,160 +180,6 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) return NULL; } -/* - * Now two pseudo ASN1 routines that take an EVP_PKEY structure and encode or - * decode as X509_PUBKEY - */ - -EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) -{ - X509_PUBKEY *xpk; - EVP_PKEY *pktmp; - xpk = d2i_X509_PUBKEY(NULL, pp, length); - if (!xpk) - return NULL; - pktmp = X509_PUBKEY_get(xpk); - X509_PUBKEY_free(xpk); - if (!pktmp) - return NULL; - if (a) { - EVP_PKEY_free(*a); - *a = pktmp; - } - return pktmp; -} - -int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp) -{ - X509_PUBKEY *xpk = NULL; - int ret; - if (!a) - return 0; - if (!X509_PUBKEY_set(&xpk, (EVP_PKEY *)a)) - return 0; - ret = i2d_X509_PUBKEY(xpk, pp); - X509_PUBKEY_free(xpk); - return ret; -} - -/* - * The following are equivalents but which return RSA and DSA keys - */ -RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length) -{ - EVP_PKEY *pkey; - RSA *key; - const unsigned char *q; - q = *pp; - pkey = d2i_PUBKEY(NULL, &q, length); - if (!pkey) - return NULL; - key = EVP_PKEY_get1_RSA(pkey); - EVP_PKEY_free(pkey); - if (!key) - return NULL; - *pp = q; - if (a) { - RSA_free(*a); - *a = key; - } - return key; -} - -int i2d_RSA_PUBKEY(const RSA *a, unsigned char **pp) -{ - EVP_PKEY *pktmp; - int ret; - if (!a) - return 0; - pktmp = EVP_PKEY_new(); - if (!pktmp) { - OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); - return 0; - } - EVP_PKEY_set1_RSA(pktmp, (RSA *)a); - ret = i2d_PUBKEY(pktmp, pp); - EVP_PKEY_free(pktmp); - return ret; -} - -#ifndef OPENSSL_NO_DSA -DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) -{ - EVP_PKEY *pkey; - DSA *key; - const unsigned char *q; - q = *pp; - pkey = d2i_PUBKEY(NULL, &q, length); - if (!pkey) - return NULL; - key = EVP_PKEY_get1_DSA(pkey); - EVP_PKEY_free(pkey); - if (!key) - return NULL; - *pp = q; - if (a) { - DSA_free(*a); - *a = key; - } - return key; -} - -int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp) -{ - EVP_PKEY *pktmp; - int ret; - if (!a) - return 0; - pktmp = EVP_PKEY_new(); - if (!pktmp) { - OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); - return 0; - } - EVP_PKEY_set1_DSA(pktmp, (DSA *)a); - ret = i2d_PUBKEY(pktmp, pp); - EVP_PKEY_free(pktmp); - return ret; -} -#endif - -EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) -{ - EVP_PKEY *pkey; - EC_KEY *key; - const unsigned char *q; - q = *pp; - pkey = d2i_PUBKEY(NULL, &q, length); - if (!pkey) - return (NULL); - key = EVP_PKEY_get1_EC_KEY(pkey); - EVP_PKEY_free(pkey); - if (!key) - return (NULL); - *pp = q; - if (a) { - EC_KEY_free(*a); - *a = key; - } - return (key); -} - -int i2d_EC_PUBKEY(const EC_KEY *a, unsigned char **pp) -{ - EVP_PKEY *pktmp; - int ret; - if (!a) - return (0); - if ((pktmp = EVP_PKEY_new()) == NULL) { - OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); - return (0); - } - EVP_PKEY_set1_EC_KEY(pktmp, (EC_KEY *)a); - ret = i2d_PUBKEY(pktmp, pp); - EVP_PKEY_free(pktmp); - return (ret); -} - int X509_PUBKEY_set0_param(X509_PUBKEY *pub, const ASN1_OBJECT *aobj, int ptype, void *pval, unsigned char *penc, int penclen) diff --git a/include/openssl/evp.h b/include/openssl/evp.h index fe6c8b6adb..b305225bdb 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -947,6 +947,75 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *ctx, OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +// i2d_PUBKEY marshals a public key from |pkey| as a DER-encoded +// SubjectPublicKeyInfo. If |outp| is not NULL, the result is written to |*outp| +// and |*outp| is advanced just past the output. It returns the number of bytes +// in the result, whether written or not, or a negative value on error. +// +// Use |EVP_marshal_public_key| instead. +OPENSSL_EXPORT int i2d_PUBKEY(const EVP_PKEY *pkey, uint8_t **outp); + +// d2i_PUBKEY parses a DER-encoded SubjectPublicKeyInfo from |len| bytes at +// |*inp|. It returns a newly-allocated result, or NULL on error. On success, +// |*inp| is advanced past the DER structure. If |out| is not NULL, it also +// frees any existing object pointed by |*out| and writes the result. +// +// Use |EVP_parse_public_key| instead. +OPENSSL_EXPORT EVP_PKEY *d2i_PUBKEY(EVP_PKEY **out, const uint8_t **inp, + long len); + +// i2d_RSA_PUBKEY marshals |rsa| as a DER-encoded SubjectPublicKeyInfo. If +// |outp| is not NULL, the result is written to |*outp| and +// |*outp| is advanced just past the output. It returns the number of bytes in +// the result, whether written or not, or a negative value on error. +// +// Use |EVP_marshal_public_key| instead. +OPENSSL_EXPORT int i2d_RSA_PUBKEY(const RSA *rsa, uint8_t **outp); + +// d2i_RSA_PUBKEY parses an RSA public key as a DER-encoded SubjectPublicKeyInfo +// from |len| bytes at |*inp|. It returns a newly-allocated result, or NULL on +// error. On success, |*inp| is advanced past the DER structure. If |out| is not +// NULL, it also frees any existing object pointed by |*out| and writes the +// result. +// +// Use |EVP_parse_public_key| instead. +OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY(RSA **out, const uint8_t **inp, long len); + +// i2d_DSA_PUBKEY marshals |dsa| as a DER-encoded SubjectPublicKeyInfo. If +// |outp| is not NULL, the result is written to |*outp| and |*outp| is advanced +// just past the output. It returns the number of bytes in the result, whether +// written or not, or a negative value on error. +// +// Use |EVP_marshal_public_key| instead. +OPENSSL_EXPORT int i2d_DSA_PUBKEY(const DSA *dsa, uint8_t **outp); + +// d2i_DSA_PUBKEY parses a DSA public key as a DER-encoded SubjectPublicKeyInfo +// from |len| bytes at |*inp|. It returns a newly-allocated result, or NULL on +// error. On success, |*inp| is advanced past the DER structure. If |out| is not +// NULL, it also frees any existing object pointed by |*out| and writes the +// result. +// +// Use |EVP_parse_public_key| instead. +OPENSSL_EXPORT DSA *d2i_DSA_PUBKEY(DSA **out, const uint8_t **inp, long len); + +// i2d_EC_PUBKEY marshals |ec_key| as a DER-encoded SubjectPublicKeyInfo. If +// |outp| is not NULL, the result is written to |*outp| and |*outp| is advanced +// just past the output. It returns the number of bytes in the result, whether +// written or not, or a negative value on error. +// +// Use |EVP_marshal_public_key| instead. +OPENSSL_EXPORT int i2d_EC_PUBKEY(const EC_KEY *ec_key, uint8_t **outp); + +// d2i_EC_PUBKEY parses an EC public key as a DER-encoded SubjectPublicKeyInfo +// from |len| bytes at |*inp|. It returns a newly-allocated result, or NULL on +// error. On success, |*inp| is advanced past the DER structure. If |out| is not +// NULL, it also frees any existing object pointed by |*out| and writes the +// result. +// +// Use |EVP_parse_public_key| instead. +OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY(EC_KEY **out, const uint8_t **inp, + long len); + // Preprocessor compatibility section (hidden). // diff --git a/include/openssl/x509.h b/include/openssl/x509.h index d58e3ca44a..58dfad36e4 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -758,20 +758,6 @@ DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) OPENSSL_EXPORT int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); OPENSSL_EXPORT EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); -OPENSSL_EXPORT int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp); -OPENSSL_EXPORT EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, - long length); -OPENSSL_EXPORT int i2d_RSA_PUBKEY(const RSA *a, unsigned char **pp); -OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, - long length); -#ifndef OPENSSL_NO_DSA -OPENSSL_EXPORT int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp); -OPENSSL_EXPORT DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, - long length); -#endif -OPENSSL_EXPORT int i2d_EC_PUBKEY(const EC_KEY *a, unsigned char **pp); -OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, - long length); DECLARE_ASN1_FUNCTIONS(X509_SIG) DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) From eda849d2e6e6a15a5a4dc728568ec12f21ebfb6d Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 6 Jul 2020 18:21:36 -0400 Subject: [PATCH 051/399] Opaquify PKCS8_PRIV_KEY_INFO. This is partially imported from upstream's 54dbf42398e23349b59f258a3dd60387bbc5ba13 which does something similar. In doing so, remove the pkcs8->broken field, which is a remnant of some parsing hacks we long since removed (PKCS8_set_broken). The immediate motivation is, if this sticks, this would make it easier to detach i2d_PKCS8_PRIV_KEY_INFO and d2i_PKCS8_PRIV_KEY_INFO from the old ASN.1 code. Update-Note: Direct accesses of PKCS8_PRIV_KEY_INFO now need to use the accessors. Code search suggests no one uses the fields. Even the accessors are virtually unused (the one thing which uses it doesn't need it). Bug: chromium:1102458 Change-Id: I57054de3fe412079f7387dc99291250e873b1471 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42006 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/pkcs8/internal.h | 7 ++++ crypto/pkcs8/pkcs8_x509.c | 41 +++++++++++++++++++++--- crypto/x509/x509.c | 67 --------------------------------------- include/openssl/x509.h | 15 --------- 4 files changed, 43 insertions(+), 87 deletions(-) diff --git a/crypto/pkcs8/internal.h b/crypto/pkcs8/internal.h index c3302f751d..b5d42bad08 100644 --- a/crypto/pkcs8/internal.h +++ b/crypto/pkcs8/internal.h @@ -63,6 +63,13 @@ extern "C" { #endif +struct pkcs8_priv_key_info_st { + ASN1_INTEGER *version; + X509_ALGOR *pkeyalg; + ASN1_OCTET_STRING *pkey; + STACK_OF(X509_ATTRIBUTE) *attributes; +}; + // pkcs8_pbe_decrypt decrypts |in| using the PBE scheme described by // |algorithm|, which should be a serialized AlgorithmIdentifier structure. On // success, it sets |*out| to a newly-allocated buffer containing the decrypted diff --git a/crypto/pkcs8/pkcs8_x509.c b/crypto/pkcs8/pkcs8_x509.c index 4458b56fbb..a2f90755c8 100644 --- a/crypto/pkcs8/pkcs8_x509.c +++ b/crypto/pkcs8/pkcs8_x509.c @@ -96,10 +96,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, // Since the structure must still be valid use ASN1_OP_FREE_PRE if (operation == ASN1_OP_FREE_PRE) { PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; - if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING && - key->pkey->value.octet_string) { - OPENSSL_cleanse(key->pkey->value.octet_string->data, - key->pkey->value.octet_string->length); + if (key->pkey) { + OPENSSL_cleanse(key->pkey->data, key->pkey->length); } } return 1; @@ -108,12 +106,45 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = { ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER), ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR), - ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY), + ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_OCTET_STRING), ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0) } ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) +int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version, + int ptype, void *pval, uint8_t *penc, int penclen) { + if (version >= 0 && + !ASN1_INTEGER_set(priv->version, version)) { + return 0; + } + + if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) { + return 0; + } + + if (penc != NULL) { + ASN1_STRING_set0(priv->pkey, penc, penclen); + } + + return 1; +} + +int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const uint8_t **pk, int *ppklen, + X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8) { + if (ppkalg) { + *ppkalg = p8->pkeyalg->algorithm; + } + if (pk) { + *pk = ASN1_STRING_data(p8->pkey); + *ppklen = ASN1_STRING_length(p8->pkey); + } + if (pa) { + *pa = p8->pkeyalg; + } + return 1; +} + EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) { uint8_t *der = NULL; int der_len = i2d_PKCS8_PRIV_KEY_INFO(p8, &der); diff --git a/crypto/x509/x509.c b/crypto/x509/x509.c index 188fd49634..9049a35d58 100644 --- a/crypto/x509/x509.c +++ b/crypto/x509/x509.c @@ -65,73 +65,6 @@ * it to avoid downstream churn. */ OPENSSL_DECLARE_ERROR_REASON(X509, UNSUPPORTED_ALGORITHM) -int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version, - int ptype, void *pval, uint8_t *penc, int penclen) { - uint8_t **ppenc = NULL; - if (version >= 0) { - if (!ASN1_INTEGER_set(priv->version, version)) { - return 0; - } - } - - if (penc) { - int pmtype; - ASN1_OCTET_STRING *oct; - - oct = ASN1_OCTET_STRING_new(); - if (!oct) { - return 0; - } - oct->data = penc; - ppenc = &oct->data; - oct->length = penclen; - if (priv->broken == PKCS8_NO_OCTET) { - pmtype = V_ASN1_SEQUENCE; - } else { - pmtype = V_ASN1_OCTET_STRING; - } - ASN1_TYPE_set(priv->pkey, pmtype, oct); - } - - if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) { - /* If call fails do not swallow 'enc' */ - if (ppenc) { - *ppenc = NULL; - } - return 0; - } - - return 1; -} - -int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const uint8_t **pk, int *ppklen, - X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8) { - if (ppkalg) { - *ppkalg = p8->pkeyalg->algorithm; - } - - if (p8->pkey->type == V_ASN1_OCTET_STRING) { - p8->broken = PKCS8_OK; - if (pk) { - *pk = p8->pkey->value.octet_string->data; - *ppklen = p8->pkey->value.octet_string->length; - } - } else if (p8->pkey->type == V_ASN1_SEQUENCE) { - p8->broken = PKCS8_NO_OCTET; - if (pk) { - *pk = p8->pkey->value.sequence->data; - *ppklen = p8->pkey->value.sequence->length; - } - } else { - return 0; - } - - if (pa) { - *pa = p8->pkeyalg; - } - return 1; -} - int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent) { const uint8_t *s; int i, n; diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 58dfad36e4..94dcc79441 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -460,21 +460,6 @@ struct Netscape_spki_st { ASN1_BIT_STRING *signature; } /* NETSCAPE_SPKI */; -// PKCS#8 private key info structure - -struct pkcs8_priv_key_info_st { - int broken; // Flag for various broken formats -#define PKCS8_OK 0 -#define PKCS8_NO_OCTET 1 -#define PKCS8_EMBEDDED_PARAM 2 -#define PKCS8_NS_DB 3 -#define PKCS8_NEG_PRIVKEY 4 - ASN1_INTEGER *version; - X509_ALGOR *pkeyalg; - ASN1_TYPE *pkey; // Should be OCTET STRING but some are broken - STACK_OF(X509_ATTRIBUTE) * attributes; -}; - #ifdef __cplusplus } #endif From de196121b05adea2f9b7e400271266495a40b0f4 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 9 Jul 2020 12:01:51 -0400 Subject: [PATCH 052/399] Allow explicitly-encoded X.509v1 versions for now. Sadly, we need to roll this one back for now, at least until we've cleared all the test failures it causes. This retains the other checks in https://boringssl-review.googlesource.com/c/boringssl/+/41746. We're only rolling back enforcement of the DEFAULT v1 encoding. Bug: 348, 364 Change-Id: I6a290311f5a5714ff4d5add3ae35ec4550398b32 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42104 Commit-Queue: David Benjamin Commit-Queue: Adam Langley Reviewed-by: Adam Langley --- crypto/x509/x509_test.cc | 5 ++++- crypto/x509/x_x509.c | 8 +++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index 366e66e5e0..38c9bc599a 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -2440,7 +2440,10 @@ static const char kV1WithSubjectUniqueIDPEM[] = // Test that the X.509 parser enforces versions are valid and match the fields // present. TEST(X509Test, InvalidVersion) { - EXPECT_FALSE(CertFromPEM(kExplicitDefaultVersionPEM)); + // kExplicitDefaultVersionPEM is invalid but, for now, we accept it. See + // https://crbug.com/boringssl/364. + EXPECT_TRUE(CertFromPEM(kExplicitDefaultVersionPEM)); + EXPECT_FALSE(CertFromPEM(kNegativeVersionPEM)); EXPECT_FALSE(CertFromPEM(kFutureVersionPEM)); EXPECT_FALSE(CertFromPEM(kOverflowVersionPEM)); diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index ff0dc34680..cddceb8210 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -115,12 +115,14 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, break; case ASN1_OP_D2I_POST: { - /* The version must be one of v1(0), v2(1), or v3(2). If the version is - * v1(0), it must be omitted because it is DEFAULT. */ + /* The version must be one of v1(0), v2(1), or v3(2). */ long version = 0; if (ret->cert_info->version != NULL) { version = ASN1_INTEGER_get(ret->cert_info->version); - if (version <= 0 || version > 2) { + /* TODO(https://crbug.com/boringssl/364): |version| = 0 should also + * be rejected. This means an explicitly-encoded X.509v1 version. + * v1 is DEFAULT, so DER requires it be omitted. */ + if (version < 0 || version > 2) { OPENSSL_PUT_ERROR(X509, X509_R_INVALID_VERSION); return 0; } From 8f88b27d6add3fc8f9ee548050e4958efa239f1f Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 9 Jul 2020 13:35:01 -0400 Subject: [PATCH 053/399] Link to ws2_32 more consistently. This fixes a couple issues: - Which libraries to use should be based on WIN32, not MSVC. - Windows libraries can be specified by #pragma comment lines in the source or by build dependencies. We specified #pragma lines in source, but also have build dependencies in crypto_test, etc. The latter was missing bssl. The comment line should be sufficient, but being explicit is useful, so fill in the missing one. This should help building with MINGW, which is missing support for the usual Windows pragma. Change-Id: Ide9328c7dd306738ebbb0792e47da96948fe12f4 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42105 Commit-Queue: Adam Langley Reviewed-by: Adam Langley --- crypto/CMakeLists.txt | 2 +- tool/CMakeLists.txt | 4 ++++ util/generate_build_files.py | 6 +++++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 0339e7d90a..0e2adaa7da 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -456,7 +456,7 @@ endif() SET_TARGET_PROPERTIES(crypto PROPERTIES LINKER_LANGUAGE C) -if(NOT MSVC AND NOT ANDROID) +if(NOT WIN32 AND NOT ANDROID) target_link_libraries(crypto pthread) endif() diff --git a/tool/CMakeLists.txt b/tool/CMakeLists.txt index 765871381c..e9e387b6ae 100644 --- a/tool/CMakeLists.txt +++ b/tool/CMakeLists.txt @@ -23,6 +23,10 @@ add_executable( add_dependencies(bssl global_target) +if(WIN32) + target_link_libraries(bssl ws2_32) +endif() + if(APPLE OR WIN32 OR ANDROID) target_link_libraries(bssl ssl crypto) else() diff --git a/util/generate_build_files.py b/util/generate_build_files.py index 623e7d33c5..6c3977d40f 100644 --- a/util/generate_build_files.py +++ b/util/generate_build_files.py @@ -608,10 +608,14 @@ def WriteFiles(self, files, asm_outputs): self.PrintExe(cmake, 'bssl', files['tool'], ['ssl', 'crypto']) cmake.write( -R'''if(NOT MSVC AND NOT ANDROID) +R'''if(NOT WIN32 AND NOT ANDROID) target_link_libraries(crypto pthread) endif() +if(WIN32) + target_link_libraries(bssl ws2_32) +endif() + ''') def FindCMakeFiles(directory): From 83b74c6a7a1ad33792be3adf10820ae287de8c40 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 13 Jul 2020 09:36:53 -0700 Subject: [PATCH 054/399] Add details of 20190808 FIPS certification. Change-Id: I4d17e1e6f24b623ee39a844def8f265eb5e6c6cc Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42144 Commit-Queue: Adam Langley Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- crypto/fipsmodule/FIPS.md | 1 + .../BoringCrypto-Security-Policy-20190808.docx | Bin 0 -> 153634 bytes 2 files changed, 1 insertion(+) create mode 100644 crypto/fipsmodule/policydocs/BoringCrypto-Security-Policy-20190808.docx diff --git a/crypto/fipsmodule/FIPS.md b/crypto/fipsmodule/FIPS.md index 5d742dd4ad..70f2531650 100644 --- a/crypto/fipsmodule/FIPS.md +++ b/crypto/fipsmodule/FIPS.md @@ -10,6 +10,7 @@ BoringCrypto has undergone the following validations: 1. 2017-06-15: certificate [#2964](https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Certificate/2964), [security policy](/crypto/fipsmodule/policydocs/BoringCrypto-Security-Policy-20170615.docx) (in docx format). 1. 2018-07-30: certificate [#3318](https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Certificate/3318), [security policy](/crypto/fipsmodule/policydocs/BoringCrypto-Security-Policy-20180730.docx) (in docx format). +1. 2019-08-08: certificate [#3678](https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Certificate/3678), [security policy](/crypto/fipsmodule/policydocs/BoringCrypto-Security-Policy-20190808.docx) (in docx format). ## Running CAVP tests diff --git a/crypto/fipsmodule/policydocs/BoringCrypto-Security-Policy-20190808.docx b/crypto/fipsmodule/policydocs/BoringCrypto-Security-Policy-20190808.docx new file mode 100644 index 0000000000000000000000000000000000000000..c4f6d8db413fd39a338780d40b32838158962bb6 GIT binary patch literal 153634 zcmeEtQ-VK;(G< zK>zyxU-@5r0!_)2GK2K+!mnaqf=4tKT59+~84Y{&AjEtImm7&I19a<)DL>qYJcL0C z3i1u%$euUdqlP3*9q&ygYJ5@~oe|lof+~KAI_7NEYnzvYdl4v*!HNTJ;3%5>25g6m ziSw6~e3W9>3d1I0`x%eKrh3AZ-T+a9~ zSTL}uZTT)dgb=q;P}#6K|E)0CF!9zot&V^o{f-NRk4gbD&!x-y=x14DOfJ$|ElU4$ z9tHJ6e3bnSsJV^A!ejwD+!*#oPOW@j92-GJcbbxPe9KCc)l<_PB$B%=@Pw#PpxIDj z#&b}D+vT(S;FXkq5j){16hLk1uI^P4%Z<|;s}g(3DU zTX%mQ11^O41X$;MBcwKPRLmA(dy{y$LvFGliz*?Lt% zzr`Ru4Bu_wci?=t{6;@|p$whj+$Q=uIE1FS6w>CJ#p=&D*V-D8_PM_3>T8-0Q(ij5@`{C+rYCp>w{TAgPR9&}50nXS zeJT@8Tmd@Gg^M8Iu&Y?Bs1TWcs|KxM7(H zrNkud8r|&)6)VsWzJ+qlU>Rq}%)H`CGPrYu#H2wTfUxdX7g~EuYiFPg6`-?rr^_hvn1g)DK z_MFkEv)j{rqx%hzIa>iql|Y@$y+yywlo~zVLU}HG5OfCbBB`WHms(9m6Ge8)_H+wM zVbB~vV+8t+rO?JHt zJXIqFSIh4~tmJ&e{c;cJAZF zhkCfjm##IGsY1c3w?r#dlbiS-=hMw~rfc*ad#?)z@k_D?T!yhQ817m4P~hfc zcx~jlZRF60xtH4WdDnW|&pLdne!yC}X)DlYP$MD1Ryf^$HDw@YA=lkOHD(nj`UY{S z_<;m%vMIfO)DsQe0U90)L9GVhlH4>ClOtV zQ?iS^>`A+GkHrH~uASZM(E+cCgG;O}g`RUAt!(fd06YLXb2M!U05VD{@61EC4B@DG zkl+t9>a9{1qDoqyra6BHmz#m=JiwBz1!Y*6v(GsHw7+2TlHIQ>XG|@`F}`={R=S9a zcb5#hW1hTDC?f_Be*OW@Lhp!)+eY6TC64AG=CO;SwOD6k*)_AyFA-Su@Br=8`8Jft z9l|1Zo!_c#S_tiiLM!MyX>jH5PYes)uF1dKcF-!9* zXup6Y1SwoDhB}2EIDz#F@P5jo)7+@M>zpKqpGICa^Ey$J_J<%3G7|z|gi(eAP*4t_ zFDhgxHUudLgdZ~Uo2ni=Jzvv6Y_xLyE|4so7#2+^_%l$51d)HrCZ)G`UIO@4-KX*d z^*)A5c~>4i4#g5Bl^;MtUq?2`n&Bh1~T*M|BDXy%QLpfx>f9 ziyx8{j!27F4$3y%Awnn0JOh=Ssm_9F?A{*D9U z`>+uV916U_Oz|1$3^n_fZvy!jz4;agt3O#%UVjqF_mNRv1Ke|}7^=JoJ_q-$E3`A| zf};TW{K2RDw`b5{0hgQQ2k}#*++9ZW23MpMgd|6}R;P9aO5m_Kz%p4Ey!Z2n zF&?#$r1mN@=Itc;`bJu4UR+2Fb3z%$$VyH+qlKleJUeXvYCVem8>o@Kj{wXn0`r0m z;!l@<^^OiqedJ-Zy*&sJqr7et|8L!qvW|;31I^9>^fO>-=jM(W26}v;#}#zNopQVU zWItUpr-?Ey*q@XlUPl9(@)Zx$wBzJS7j{b58jGNSoEU4s_5=OUUBe@+KjvAH-v;*Y z9*9wD{4Kjh6akmaG&L;auBwhn;fYi|&&uvMHw{q&`nsm6{9IXeA~6HhzY~9Hde$dx z@!GEpi&A)dt9(rMolxg1iIHYe5x85QOec;*pH+Z`mJUye=9|{7u^lvcKo>JW0K0FMRK0(yPGS zRjAU@`l6mFPyVQur%c_?WKNUL07bg7ZK~d~Jpd)W;;Ks+<+C6a30m}Zn{@{SSVHwK zIAp*%(YdceZ-GMd7{R`Gt-JWfv79_5E*Y+sXY7(lj>B5BO=8~*z?KQbg6eyx?xE1d z@agfM^@RWPoy6^s+%VZ+e5S;%HI)Ah;g9Gqnq07j50~VQ`9f}i`sdMILf!mo^Vn*g z`o;Qo;b61UZcG&Jx8F=2QEHp7ZdmaP$2etyLAo~y@jlpOAFt^Mw6<911s}@P2VFRe z_^UHPXW`s07M=8U0FdQ5+n55W3bM zS2_gUd~7H#>G`=P$aMQ1YLdUmD-0UjKwGIM#ol>hfQnhM=EUmjPb4^0?3VA(A#ZZA?(UnMiM#i3DrmpdEIDt@&fH{&leVyFd>8adp%gwZu)jIr@l1 zA7ymANk{R7UJh07h~P+9R4RvpnHN@x_>?5KD*9ydY{76rpgQi!V;1Fj+XBr?xmWR^ z_>@(Crsr|!EM86T4|xqMdv_6aX=N-kkm?mhSTw<_AnjTmd_@Jcp7!2@s|i5-=(lGWAX8|_SN^4$P(Y?|QcPyTur?+=&f z!h{*aVD6 z!Sm~@fXIW}(?l;!7WFo(Yr&-J5wFn^HS06@0`rh_O=p}1J)iUJcJ*yR=|RbR1VnlB z?Z6A4&K=aoNtW(v)hCyq8O*wJ^h4gnQelT+@aF4=3ug)b!A5Ly52bB^`@F#`Q3BfU z5b6ZN+{2W-4mF|K9kM;aNCo^RINVRN6-V=Y8YU-r{vdJtCcV(o0>T*jWvAS2N|y|xIa0iQ~lv5 zL9d5F*BY=p+ge!O%t#<6?Uf6!F7rXq40vkM8+2&v+F19J{V+P$z3$j1?sENwBy0t7 zX-l_)--9x#>=Qx-S^2XSeKJ##MjXM&4K@Zy=dlG!lDIh$k)~R;OoQ0&HS?uP__^@F zy`p2I=O4F`cQ5tlJj}X~wPd0kNiyv&4G^~!NJAx%!GtZ?^w&V|y9b=GK1W(rfO=S| zhcb14XIx*>oEX=R61DZ6?YG%xhc3ouDB%P~l_AZgByz-$yG?|4`*3AjotG~T>Z}N^ zE-FC}X0pokC}!7(53`^TBSr=d)@%M$UU6myAa8cVu-zuMGoD7)P8ug07{~0Ni(T;> zd(DTI(na024?UEoJlpA;7EIR^yAmYs`2o^Vx$r%5N*Kz!C?IR4$WhPTT?#V=+mHEw zmPFQFt~tWUUhD62CsUAFm9Z$=)NAV6T{O;Vt_QkcYbdqKK!5-W0dSefWKPr18dp=w zZB>|peW%s)96VMU%&63K-CG|rV^0k)Xjk1O3(njoF;;1jJD5C$9y<7UCZfCXII%3; zncu8_lIY@Yos5gPzsnzN#P@IVD`Ckls&0W~M1+@P35Dg4-FglmeWmvAQugjJk%%pR z4s+^8CJ!;Vk|T&{UoYz(-rYL(oO{XBT^9%_y#&MhVfup?L~8i1Eku!lJpheS%A0 zwkh-tg%nqV2DheH7;i?_cjyVH+82`HXq z!y>UM<0;H?bqB4kpn7sWK5;P|ObMI`S^hv>N$J#Vxp7muw-ZmEhJL%Y5!GaK+|-aO zubOD)Du`>-%ukWHQFCdv{7_D9BSb_AJMduMc-x?1ObxFd}3%WV*bx&O}%SkLxP{rUQ}3 z^CQNlHpRZ3l~98#nLK;)fIaa<7V}$e!eSZQ^5qAkI6m=fShqfnj6KpK?~zT z^%zI#7bJ%&k`SJUr*^1{01_MxDw!Xn1*Qi7+vkSJ^dd|NwSVLz5CJ41T#wXESt?Jh zeI9Jtnx*@sip5tE9g=oFTEQ9@Oama4B=79wue=&khO11yEaKWsz!fMXW{qFY>QbO; z33BC(0HOVsDgHdK>CIQpgLzBwB%>P+(_n5OK+tGH?}3|og@dz~>MErChkfGM)@_ixZy`v0T`tU^SJvU|n-K;}i*(K=;J+80skF zR4DPn@LdS*nZS@V^8%Q8c8mw}8_-*KmEJ0d(0t9oYd1Mk#rt_QQAimV9?rR(_unkb zM?8iaL>EZ|8WoY%7Xn~4HRX|ou-$yP{XH8n-F_J+=`~`{gv-L(UmfLKR)L@`p~@$pd9{D~7|TALoB&w8 zvEJ+APjCdM!9slbM$1)8fOCi|JVkNp4wGI`&H#K=T9p7}^MQ=~UNWHiL@R;9qLmCj zolyX+mPtz-`(Wg1r9ipFgI;1N^+cJDjw}6U#l1*NfpDlU^1+RYp3lz!r$L8W0NFk& zcO+9{@=C+~^vl6L&ioIdn^|XFlloUtEofYU|A725?s>reG#du{UI84fA7J-hF#GXI zE>Dm6`y&2u4)Vf@bFsed%7f|heCbYu%lm&Wtlh@GFzS3b&EXOp83@`2bs#9S;4EHw z7~}|jl5RxeBoYaJ;xIw=dNrM%e0yR}f?za9cmVXkSnB|P6-w_`1Lk#Pup6~?bO0-l z-gC82?4sS}zR4}f`1Kmn?yUm8twssUVqF^(Kb+@vUv!|>X~)Pc&oPRE{%I+) zG}UeLJ$TgS%>Ry|z}5xd_)RVme+zB8eHHZjcew&#v0=s^1J=C(ZxEg-fm-{K4(LO- z=x8EilYC!_(4=4&?^JW(;KXYz(IcjRrybfKc6H^)01jA$?VG?K_(tc#NEZ;4Rez)p zJW^&A(ZBkobYTS_w?TSTFB`CF9VmQ=IOq^+DM{V6Vj; z(p5U816=4=t);OTXLDdCAiFQ9#l9cN=MeLVbo?X-29-EZe!0Q1JN*|ei>U830a4&8 z^XNS8KnTn(Xol@7OQ_9dP59F?Uvh>a+qAufDH||3%cu;9Coi06)NK0RQtf$6A-7~`89G4O{axvWN20MgNEvvRb63N2$zdd^$p*g-6SLWa|Gpx;@bHoU zuh^;JkG2fDZ~OXOUO4j`T*y0P zL0kCyof#ajA?5~I$0(6rXF7`|^L_1z0&L6hJoim{a`CXCWHLDgY#lMa|WiIQuoUO zYl^__*lij9)g7-J0-p>2;F;2I*As6E#8-xdCl=Vt_JF4k!yx*znoQfV@lCgyqBeDp zo$8%i7Lm9ML#R zD567|sl0w2U)aP%6|A3Bu!KS|Ys;f?TK98gtnu;m&pM+?2v90|Y*9=PB%0?1t+TYs z7*Z?@$pX{|nZs{OgBSD!366S%7`62N>DFd~!zfu%Yd&E1AcpE1);P=07Ql;o14OTCfv=D3%8B9#t}1n5UZzOWDBB2~Z|k-;CZhp~MFmqF0&rFc$)SvgU|0dxTug0- zflUh7o=BhvSG;r@Vi%nNexXZ^hHNU1KsH$<_qa+3Lk=)P6i&TP{SSO-H_L>2yq&3Z z3rdbng96-Q&<)3y6xdJ^yF?rD;S&=CTBu22rc>GCxr1Ct zgH=~@e(Ot%5V7gQV%tJNO*UF3GNbOWguaEyTzop->n_~`+Djv~q5g|hBW@-rea*NjWYhPmDqzlU;?JP)nEX8xx4MkBW*mEQs)Nm_ z0sKCBzaDChKMva_4Y$^;uhyl%2CR=JH=QsIF(Twf7j2+}Ce}=|MI84aN{_Z?efnd;gIEgvn#m<@ zEXqjlE7^R;<9ZkS=^(-*@zo`d!5QS?T=~u-hv~X?t#$$LCz0QVOVemd(n0Eb@Jl8E znic^WU3;Lx! zJ@MkeD?)2)Iygoonf#Ik4n@=MZeUPe@-V5nie28+bQE?z zlHF8^v_9jo+8C{ffz+cew?7(RbY|gbm+(}!D9cD{b&UDp{l~=k7^b-QCe3*+T;h6y$VQ=ROZ# zGtgy+KyQ~`U*GC3KUX-__RP=@8OmSu&()TVy=gu7ZxB!3cx9yeKwh1!I#ZmdH5pDQ z)xM6{#(G)<@gnXtxOA@pxB9thB-(CbL1LLXl(*J=q-lqP46Pzc@v`v|^S1_odi4Mp()S5MHBU!V7M_ z#N=x1tHP~jQc#;qlCx>59B;O?cqYuIki+ex{wnb)H`0in#${PXH8gS5=b zHIf9Tb6FzDRm}qn!owK3xR;p~5>w$mX~Z3{csz(A!;8s$`u};fT}nJ&4$bF-3TYh4 z9lb(k%5?kfi{eUxlxZ_$NOua7f)yymSAOYz-ZfrM@%1vhg-`Vyr;1IgrG*_9*Gu1O z#G}ix1=ow6BuED#PCFa>a=9pQ!&5jU)`0+q%nM42-A%ng>2V~Iu_P~nbcSDD*&SU; zMQ6dyUd#W)hkna~)>T51ov$S~UHPksnOw*uPtN0DN3bv#nZy2UPP>{mx=)y#D`7;; z+a-cEinA*f*u^!7r#OuINFlS5+YHXX*zJy@luPg|=pg_q+S5zOV= zJupgLy6F=8vb`U03&lubl+u@!-m$-Khd7fYHI-jTd}GjXB^0dTj&^-XwPx=fgq7pR z(LysS!lmc395BtqRCV!3En-gp>bV0ZiREg+^AD{viu#)P1PhtQalwVUXwu z6aFdc=mQ^c2gjTqmf_n?_wnsgQ#56Vtts1{<$AYub*LEdO2lk;xweKWwBtoM2fI{B z=TMDdeWuB~~K2Tle0O z#aX+Lx|NwSh|{I^$3F)FZp1P^Ef_Dp4 zfC{v2OLRz$T61OEU>)Vv7n(|mt3gdMbj9!tIKlkknv=pJR%<*U(axk0EV3+9#}g;2 z_dS&cVoC%-?{#mQFD_~i5w5n`XzNDpGR#qCaSx(H8k*zs{2$~8qT@{HG;QOp&tCQn z=nv9z^Qp(nm*VsWENedje~bk)%Gblq-8Bkr0X)_ozmh#Ap}Sj%oWlVM1~3&?QQ^Js zZP%?z&+hQieR{>;W0nL=GU$Ec9^L@HbZHLd<}9FrgNbqB!0XM4RIN+q{W~f*V^ntI zc4_Y|t(@ayu8bi|hgKdy2ttNdU!_Q7Kkd?iC-3br_@cbFPt6qf8&2?NL4T-@AC$|} zJndA^LJ#+AF3zSl9@)_Bv}EK6pewyDGi)HsI0iInVE4{ zKv7xghUUk)9}+Q%6d^oVJCP~2fepNxpKyHkGQ_;x(cUGL{3>*-s6Kwq*p#9NVU}%e z4#6qXoMWc(RqrE8*Q?0aU#e?|RPg6-`oMIybY;!ddmat`QYrh9B30v7sK&y-G6^{6 z2x*~>s;-c>6u{%Jwh3rPbc%$0IRi;1O=IqN!9eFs*XytZlxD)pK>X|(C-rD~~AIeM#D*J4${S-tbyRvR+IiZ8Y>i?8}P9IfVYr8qcpDkincKcSsXJd-f% z>|0t%8OyuO2wCOth*4F233$zRA_?NCi?h=!TbQx8-W60(y?E2GvuufVZCc@RmdaGv$i+UzdVDV0Tfr!7y$uMUt{UOGjc}Ha{)-v(XreY~g9Q}INRdR<~!)N=ap zD^D7`%Kw9((GyI7x#0(l3Ab1~>azu;v6HcjhAI{Q#zcjdFd;DcXx9&2Sm(~ViVa75 zHR9>8o6%Th$Cn)Nr1|wXser%t8*li-U>z?@rk(Czf|5=;~IVZ#e1|ifPhqir_8o9aKkSp zPiC=mY(BvY{K|;N_dVf6RhtrqrKi4eaa#>~6N9o~8U=q6NhK1gCL=4ev1w|=-^|u= zoxkpD#bW{%FJ?<%<>f|&V`{I9j4aC~E2~F(sV}NbdUwK(-?q+aK+)`Z~1AbyG!fl>x<1R{i7?OC>1nbE+triG5PG1o$ zQexT+4xFc9LWIx#!yXA^K7}T(GR>3YMDI+$$8!!X;uF55gY9v&taH9>W4%aKAm?_7 zCr)Xzi`5toUT|j5S(|V!SF$+7sFxX+=?2oR9jGBJ5K_JRt*A6+f!i6>Xrvbv?F#I& zqU^2BI&4m%ReV)!V02)7fA_sk00Fe61$#EvF8VsG(d8_y)U2@qo;gcd0X*bd;+(I) z=->=Ca@%~a`@ok8YHA8kpyCfdYDf?ft&Rk%krMu5r7tq>%y80+1kM4(sCiZ1oFSs= zs~!<*Fr0uEL70JyQXRVJv2^c*o>LcWX`!qXJ^0|p1h|PMzn*SvUQ>*_%;xPJS@qd34Y==+i;<~SwBh`6AfASc!RCV3p>CTuLy z7F4@86!ajnNojzo*!h9}$ipKlZQJ?1zQlQf@2 zHm*H`Rm!aD#c^;BghG}sb9zsRQvHTuLMVR$*K_z)R>vEG#(*K7Xl{qJ$b}sd*VM$t zsPx|d`Lr*}UwmT7MFmUc0xyyUef3vGOX8OYPSIatnAn4Ub`4^NaYv3et&mahbWf+B zgDQX_5Klt66-`tc>InD9}b z3YCGGB1KF^l6?4%5><9X|KfX@ZdHOK)^H}5UIksgO_P*JVq!Ai7Q?#XUCGWK@ra~J z*(`nPQA}x8=jUtxqw-;&8{DHrg5uN_?Hz=}K^w{W@2U~m`C0dbw!LJbgq1T7Y z@Y_%JgD`rIAS+tcSwKy((G`@EKtqENh3dh;0YS~~00WjS))N*QUylTGu$OVO^ucS; zrocv};6Ke~i(u)F)-Ko*j5E9cDGHw4`3=+j(sBVd)X{vmsa69`v^YDLyE@J+2-3u` zWuCIOFI3K!`?b#J^nN2kxsR{goxIE>b8W=A!)AuoS}&WK%S~sZop(Uj@Omq^VIAC} zU*xO`9W~QQ1=>(TG#CZ=&%%J~Dm2Yg{LX^)CYk5T;~gq4g|2y^u7QV`ZBE$+$5V@Z zweSdMwsmvi_5=KA2Rc)7bc@y%fg_7fmLZb8h`nNdfk(Tzbl`r_rZ-?Ks4C;i-`JO2 zlzlA)`)m!837g$>Q@VBW38^QkFA0;#P$;Gpw4`r&+y>)#%Bk(S>}{i!u+-m!Q^vixr7C~gQMi4lR|zp>d|@9)Jk$Wk0^Bu)Bw*qX5hxCbWE;0>OX`rz1tXSP zlP7drS1k&N^(4BM;6#-T&MWA!%Rl$d=))c_)satT!wRFlHiGABOBZ*@58~SD&b{y0 zNljf5d@U54*ef0OabC*R`Z{P+bAs@BfHSU#)wUV@WrfIJ7#LpQdzyxGW3sjr?7VcZ z=4dt<>p%J;9wvwXz*hX>9g#E`<#5p=p~xJ4@Gdmq441aNkOU?JAXpng1=CkBH`r(*{J8O%P#ud|jJ0LicM4Z2($>b?+-H-D(VsD)@`}vK#M>;H91TZ-2O4Dw8;Tem zgfb)2W$RMqR0XVns_RX$KWf$={tw{=COo8SG3;|z&JSt_ITA8vsJu_a*C&+H=sfyM z!1Ga4gJwBe3V@PJcd`E#3JNVtl0){V$1_>aUu*f9!RuPDoeAWF1}*6-SlR$lj-F~sCORPF>Zmfzvfk{yPY7doXA`D)Q za(i*)ri=3-eiQ`*2U73*tBDU*! zR(?g$rTQguNSoZSu1x`?+GtI$$xg}^GgK@Z;tx<`0GQhVR=R#jIWO1*?fQQBNe zaE)qG8HZktyCydMZx$Ck9R04LQep82RtL=1g&0Qxx?ygIu>N6%?b!x@vEUW10Ij_9 zg+(vmV_>F>v9;D+FF(xZ#0KbyhRTWvjrj6ioJ(@^>g@bwW7G835=rZ&NSY-sF8vuI z_ee(Qmr1s;Vsqw|>B*29PSDnKc4T1EisMT7Ub;YCN4_M!%C=wRpbN?~IQ|1C7&;j1Emt&AGCZO;dAA z6L%#V9rhKuRg(){c*Sy#OLu5bUq<#7O*wi!6?79C6^F2+v)|29rk(Nr2-`aEiS#NX zsKA=L&!Zn;8NRSUM}-B_Hzh{JAFv&mR#oYZvvjhX-{-cFFkq1uk+Wg*Vg^|f z#^W`jA4l>{Z_+fVq7_>2eopzEcj{F^<)3)8FDn){ub5nu9&okxN$`|__PUG&Dutcf z9Idj5j<){RM5x?wWQ8j6NYWI(MjIf>M+nOoJ#Y8^y!*BuKW~61xzr8@@V{<$p0a5M zEK(sZEjhX;J6k`nB4;;&W1cK2`G6l4A;zF4P0b`7e^#kHXnCt z4T<(j)=iCcj(?8WBTMX^oE-ka%yW|*9J;9XcWkMQP!Z@Ty3SU||Vql)gWT2ex zs)L$9UCCXF9vB$2E_Hfxu9`Tq(GY-R$PcbIa9L~Am6Gc_966<)@Uu*;tXnu5D%~wk zSE{_ETA5;1Nx%~EkMzs-LI7mrvm(j=SVzzh_0)%@p-qt{J3PdaDqYC#07^MO)Y6EW zOXrF1MG=OC_QaQr;MkTuH>!_ObwQ`HAUQqL(0Gd2k`27l`OSyPz9*kIu8AZ=DTyU9 zT0Sx&Kt(`Qxxx`!tj=T^bS&lUNY6Hb4o zecU3i`?7Vc8s_P@L1OR2B?{XjXY{bDG02)UttlXW=qF&qIsdfEyU?A`CF3n2Qa;{l zmo06idpPGk+YLCj#Y^p_KpY>JAw~f&>@2k}ahI__JK#f6lw(WyWG1Ucdw}rt@J{<8 zH>W+l+4|1k(CvKiO}KL1RbE6EI|7wPd@m0LHzyH(H+A-!kT?42mrwlZZ&&`E=5^=o z`AqsdQJ-3nIf}wl+|eAKIQm4!yYqc~`Kd)|U@k{&u@Q&|{dZoKC+5~Cml6Y8+BZqa zBV(GBx5t~a+fyP3e34B7C;EuHxDA}?-Sp+HC2#%ljwT^;SyMSjr^gHXq6AFKGi1^u zdir+vxw=?1yx(eXsnkBsTC z?ceAhw1>7PEjc?J1$Z5#z5>e|B$sKvAqae282z{24fCiCq3GW+guc2hs~^Ky1Sc%m*!EuG52 zZoUoZN}OqHXSY?J?n_Nss%#w$^5y*z<-8=qFowXYHJ7Db%NDE*sRp83LR6v)tS8ob z>04AEYM8E4`E~LuT8kwKwmsl zyf?Fq3e)vXriX>Z4%K)4@)pU|z$c#Rd>f_bCd#T1Vajl2gJtsCk7}hK$NF?7+TZrJ z6@6d3QtvVvS2+GXK-zZw^_npLJ@As9#(;eilMGj#m79E*@fDX8F>&3SKuhV)(2BQc zmx2_sRkp}lTwU1FqKVG)FBxGE+>^om*UApGo7AHW zufzE}&+xp+lQqTe&}7jpV)g7yVhV+zj4*_es6Z}&C6}EmF~@G{kV9J!Plr5DUTOjS z$(SqY#{hyygTbyd_6P|9Nm}fnrk!}P%J7N~OZ3NtJoy3kgoF01=9Dg{3$sf1`9o_x zACvCWuNWh>CeKw(_e-~zSn*<#rz#4%a1$623higH$u(fyV1(9&PRLimfV&DBo8bCY z0`Qk%bl8m~EhfweE4j$i%k~vc*2{C1_SS`{Iieacu#qf9Rn8XU!FV?x;;%jcusb^l zl@=oe17^AuKmDEY#KK2O61^sbSd>KSgjC$t#59WJ!b3yeXi~>!;|4KVd1(>n$y|Zk z(vKd(?MAJ`#$)H7^HO7u3FcO^r$?Xc*$h1P8Q!^z@O&XfR$LqGqdgneRGtD4fkXu( zv7gM_s3zrzm#56+y_YTbR9U6vh%DLF@YI-_5J%&+a&?n&tDI=1CaWHa5QcJmDnwn9GB4j_icn2-VAvyRc1Y1SxYxs}*qiv;?Vz*dZ z<%jaeh15v(;3iU7l3>?lorO(g)vTrVuW)*eW`)s zB7L1PVoy7ts`sXt(WoFI6$rD-yx^ttznI81bMknpD66|Oz#OiI!n)Oz*Ov){LnHFQ ziJ)|)hpQ<^e-T_2wvNet&8P^!&@`uv@I!k%YnIbCuXxr=h(N;hPXMN*1A{Ei+_1+H zaYw)hAAh%0Pmbc->t9AYma2K{k`~U<@n(_trg|2}52Rh4AKIB~Fz>3YF`y*F>8zIE zywy}C015P~UmZ{*O7XSR1{J&zbZOALrdn2p5JHI7Tvqj<=(rFQL5U(l&v(hB@KjZD z2n%So@OdXR5;t|i87&%!Qb13DEq?J}Y1U;C#yHT2h%p=+Avh#X9SMl(B^y7YdnmS* z?GIp0CR&cIIIyKg*lI%q1uKbWLd1fjE_iZs-F6sFHg5b*_ap~a84)o z4rcuhYZ0ZglT={gGLjXg>L5`$1}|u$ucmOH3g&Y`alG(!kcXYh2rt1_5)%{0c3HqK z9&K)Mi8A1IPkBn7_`5(5CXh-e*>;4f4I>Nd1=bRU%sZlZE)aREd1p5`#k%* z7WdV}U2Lh-#=huXOSm%Zl}aK1neE^m9nL)~&h$jlEp19!z2asbO+Ae7#9zd^J}C(g zl6J_K8mvvj52No*Zs46fbL*5^{DQRmaQ6p_&`*Ae)CUrHNTQT;qLej?^SwO!OTl~u zEhAKu_NZfGkOt3X%Nydt<$FJS_Avj#%hsiPb#ho*{>b3bAm1`Tg~(5MF43{UN-;p_ zDs%{hJ>hrmAKWnjPqHyVu9|$3{%Ha*IrW@mPznWS4-uB5OpeyW^~6WjcTnkLE{u(L zWxULpEZ*SWpY?HM*$n7jNI?E0YbHIG7F1a-7;RLeHaxNls3~e*vxZYhiTVu7223@c z^(;1}8>Z*&AN@9gwc5XV*xn)M>dQ;wrh~ULdK}r60vfHm&HV-Btcj}6{gqp46i^TA zi)-#~lKN`h-DNMWrcayaswV97_3PEbGFT$4(F5v7@w3H~1dgg|@0 zGe6t(#u$TAtm;|zmOzLQ(T6Qc${&Yr3Eot5pt`JWi{m7qU=r;2>UNMhKgW8WdMVp#c7A+H3+cBpxs27LU>$MaW zBxbtiMR~(gvX80)%^N9HkJO6ujU{rJv58|~GDMJu`-uH4s&f1^N@wX{nEqoul-g1e z?PxD=WG;3g6TV#^4l#&4H#X}qAA-3jvW+$*zSPUwj>hUnc90N=(AU{BC3XOgpuql$ z_B}iHVxnzk2aA{xc0wMCB9B92F48ZA9hKwHc@+NIg+)7BQX5%>C;}1Dn+@gFiNz7% z?6pda`jLNb$!33PQATP z7Qc2;OjVXuEhu5^3YN3BycOpvH&6Ej*(WI1y|rV5vQev@0aVWfl{~t+a=sYgE6I^! zrCgdwgwI8avUD;`uI=%j$>2nE(?N_YE%I71CWHq8w5wfG5_*JKxwpL-zwQ->TW~xd zLD`^k2!c4u(^-3!vz^L0Z%Ed}nx;$BNCh}MsL)C;x>kh(KMV-4k1rf8Zr!WU%Tb{! zh4RYTU)Z1)lazWcBB~`(kI5dBjhKx7NbcsdhSU}HBmeAj9$SS@aNxQ=*mP#&FrgES zfe_d>Z!wEiU(|hjseS0=A`o9~HT;}>PgFC{>62nd7X`gl_yiLsxVNUDIY5G!`pI_y zW|35024=6IH^KExbn%B@czAvDVQ(98_4WY{5ROrs+B&^`@Ve~-g-PW|by101`BBV6 zp$Fp)TP!^$drThDkBTHBIqLnW9+R6ed2l}pVTd>bs)5we{V3NHkcCH*gWiw25X&HU zmbxh6t$ZcId?FxM-zb3(aNlz|Ty*wVA#;ynT3&B=yA@O635@+ zjBxBD&oW#Q3qS;z*|WTN;a{MMdXqkm2D5qASkk)0x3e`#&HdQ(A#inEnOsqwlf$l_9u$=4AgRXuSqQVi68a6?1v z!-PmFiLr386?aFNVvksrajp53@MGTTqoL<%rK!#9FWF!;Rb8OEEQDJHzL4)mj09HT zix3bKm@lZ83as8KXa%?GV8$kpZJC)QJjgt5g+g!~B42>jQrCm*1%vFUE+^)36mnrL zmqfrYcB#^J8~m+<)ZL-N7sYEi`UO(pvYq$G|PbZ@Ow4z+vG?V7*s#@Y-S&94y0kVP9p8;5aIAd91b2|Ls$Xy9=x1=*TU3FGFS-c31AG%GiSKW0gy zdOvs3sN1l6owsuwwldx=1cLPvZ!uCsz@jD%;UULr4)tGnnS_wpfkyz}C!GBE&l2Pp&zK)xA8?veHq zk+z!)(mI)(1zcU<&`S0|$>j3Qk?Sgemfsz6xv*;;yJ0?kGWmrYiqbDR;z4i_66xOR zY`iUZd;5*u7lF4e5{F$63*og&I_VRKUm{l8B@Vl>&>7|?Ob8Lc^QgIk^@+o;$S*xc z;xM5YgswL4%h>Y}LXpr+-lO%@WAAeG)+rK)S%3j2dc$l>+o}iS0l-*E+%rMw@j@sr zi3rlYoHt>zPaJ;TnA|pT7!pWAY}XWXQGjBCR*>n{-4UQ=s1Efb=jjq}iiB}QsLt^y zGoiYAJWz4hlkCVdOfm8BhNR`H`IPWu-qH9eE}alRy_II^n_oxQB6%K+?px>@7eUB@ zUA7A9LT~!$!UmYv>zW=b7rS8HB*Ta6Su#C*ItTSJr7W^~TA;uWLLpZ1jF$qx-py=< zzm9d>w@mPe7)QvrQ`8`csEf_q%pQ6@^!6Fgpph5GXki_0V~h3Bdu2=U(c&2{AR_d1 zq4XY;Jtmtl*)?rs352p+N-#yCy~lMNmlz8!VI%Aek(Ubj9^7rf{Xddyoc`lDIU_9a z83C|Ox7A+fzHV3^#U*0Ig8@YwYQOe)?D6=H4~J^&_waS~Q4C@l!`HG%_n7RC$>SA` z3WAt09iJ>=l6oNaV^?k4b;cw^@?UdKi*1&ci6XDpCPSYy^U~dg{hviW`CIWMeGAp8Ah zHppi3^Xa`Znbnv^14X^Re;MBqOtDW~T0CDknk3ys|INt<^gsWL!$0%jr%(@V`Mu6VoF)nf zv!r&ELNd_{%0M5DKV{?bg9Sm-l2i>3sTpE2x;IAGz%=Jy|NK9VJi`&C5bJ@|Jc3Uq z+4yU6zxJ4Xnm6)O>7CUi)p|+jsXiw8OWs{MpU1=X&o@m%wPWRX@+DK}bNcu+v%kCm zdZe{z0rQ+fRVngJTHVmK))eRh6h+Kz_HOnpF3WdCH{@we{S`HLsTZB+@x5F} z9L1jWKAAdFDLN11;c)y-EkdL5=z7UJMafNEibDtj1K68JQNylpPwCy0GoPiy^dF7w z*kXbx277qpVE8!B(%IAV)ETDJnVfJsD)fWjH~=Zi0&X*acRw1>TOh1hNaT;=bGO5F z)8T!VYQfdF3v9720!(@=DkKB!iV>y(;d^XNGHdM?7 z41}6~>RpwVGl-Gvc{s9WS!FplQ*KT5nIG4xuehW~kq@TPe!10u=$S1(73=>MWcbJ8 zDk?BC{YR(_$ktA=DLi_hvvrBz(_Y<6a2& z569@glo!%?KDtv@dZ%!;Qf`OlJL4W{waL;;eHSpS+paBnuU4?b@*WF63|MT%?_95hSa?>D=4gtp-%UQt-Q@4j&&e!H@0?_Gmwngaw72)k;@1vpyV6vv1*Pi- z0m8P`#W931j?qosQlj`s5X4c=$I}nCX4UzV3MSo+pC`j~Fq-|@ zp3a#N`pOZ}&6V@zVyOKtODDtR`b^0wUN&yqEdZ51TfJ4n5r~m@s-R210GJCvC2`M0 zx^~$@uks~pF^PbWIj5FU0$B(UMP?iC9+St$Bo-`&{9G{EX4hQ(w>@Ucx{)CYW7}h+ zK^$PBHRc&OmDFQ?(CTb`?^M1PMg3tgeUdcqpr^NU9&yA_9ImB0dD!>kQeIQ9r;h{4 zGeO@kf?PSj2zupw`t{>~|BZj_VlQlE!!qBcvB%mREbejG+ptHmVMz?7NuWb$W!r&x z5zVF5*gd)^XXC$(X*>rsp#*OG}nf30eJ(vbK%^7rc~BSpmUbF~0~5+AT^-ONQd(%ZMD? zsHeimv4<48jQ9qC!q+QCZ=<|IQCRP|@*;&{(*m-c3+i&80j?9Hdl$5KL7U|3crGaB zEaG+_847_HiJ;HzI4ve$kqe5V2)Z7$>a4*a6wp5t7nETxXy{sn+1se^-rKw|^F}pF z{gMqv)5$pNQt^K~$C8FYB&a^ZS^^gGLV;0ip3LnX%a;hZSK(N0v|F}INy1U+xx~&% z?QQ8-El9`9K5{7su24)Y!OwLOa2e=T_5qP*it#J5kV%N4%EPxI7gEODW%&7|7Bci) z6v?rhL+m$cUX$7Uez`rlAi#4RQ3 zV;D2EJjK{szOPFZ`VE;bP9)+Sd-fTE-ihotWKOst13U!1$TDh>i#_Di{#?sxF?o6J zrutD;4U!7ary;U7GYHlTg|@+$Fx#qHTyd!uQOBtUsWG@#4bm;1uc_BpgWN|oNZOKA z4G-Bb1MXjH5iCPPDP$&YAD6LmE8$=us zqz{6vNPr>+bit7|*)i`Nz0zV0{8!}{2gB*OQ4j=yoaK_<@}2LhOFA~a1o76kGINnFW$flP71d+tp&M&Ek`F{CU{pN)zIg+HAGiZG0_H5J>o6K*A>7A3R zwc$a&zPd=IWj|3b@R7E2%83Msq1el7Qr6i|yO~PH!d5Duy%5jEXginGWX!KBwe^BZ zYPw!w6jm0=v@au8tmo!s-_u2(^A}c^)GUevFD})G+;J$}IPx|$|I0(}3}74=#ef$e z&ORinuJ3}-6c;1jORY^st#vr;wdx+{K>(P&&Q-a`%_LouFZ1JCzDjDTkgvYhWZPiNtDWnUDs$kl9A#b*3&bov36SsrWonnE=V+y#%o`tM zy77TC8`rhYT@#=XMRLb#D$_R0D>Fsr8OCB7c7HezMnj*wv-`}wH(%!W8aX#U5 zFs=1pO)3LMQH(jZgRik%27u0<*(Zietx(LU(&5lrhpgt7Ed&L+g==}H#l_O7HwF$q z4zkBY#|$2m%o$ILY?M<}x84W@%6%Vl+ZwO*U~09aV`4F8^vCUf(cTHQRNd{^~+X7Pigw99j%R92ToaJy3*5Md~Q z70*WigfS3@H@EuS8dI&E2?Prb^}Y-IwlYYi>F0ScR7@UaU=ZB327IWMYyuI z&j4!sHur0xMgu4a(N=m1YA$3v48d-uT93br&}s+uVyGX5P-u&NA6^W?MWg0pcrj8c zLL3GvZLu_V7%%4=sJ{Eev&y)d2MXx zTRMB%r9kmk#wlh3avECuNYG;ua>K@ORd1ZWU^RY>NGX1s!a@J)}VC?nZNzS-n*9VLv%SweLazhfE zYAvP`NGlgShu7iqgPS*us*bdvJgL?`(o*!G&xzF^Y1zk-7Plp-8XmHTBQ4jC>d(E% zA#^@3GW&~^(ai@~78_s2@Iyce+$Q(`R((BJ=99r=iMY8O+7gEXmk4GjHo(}!!VS$_ zD8QuGS1DZP9W7kNrCQ-qDIZcb>r`{elKFG~p>+6FrG@K{6y%Wiep+sj>b&x|r7zeD zZ=u%y?FXKvgJJ%N9S)`;y{OqzjLTBI`w)uMeTlXtOYT2Owgp)-_+5W-_U_Zu_i1`J z7*^+}Rw8MU!C!S0iUAMi%CyXI7%~y)>PRJqdn(DXis5m{ILS{{ni(o>&pj=knXB#6 zqVFjL0Kw{?U#ulYzhC!-Z zX4T0`nYqP>&p>?am2-<{R4;>T@|dS{Nnx{JWz7K+5o~uhajw**^Vi$?Xf}5~rla{E zb+1q_U_R#YYC-Gz)(!^;A%j2%FL#_TYXT(1 zk=&+(Q4X3$-o+85BrnU>c5>tm^xt5%cetCY(c(V`L#?II3jb=QxORH8Qa^=$$mXM| zT$`PN^Zrw){u(KdeLPCk;w^p6MLwv!IQ>4ICC^i5I!W%*hg7cb>8NoI49S0u<6xT= zqjq)R8nKT?8YdduJvoEr!Dnms&hua-?Zc@f@2hlt`CD$&NQ3cyst7W0hT}(N$4GN$ z;bPsZuZ@!IjkBWszyA3jQ)e#Unww10zt`4hPV;Xgm5G}(Ks`zgK#plxbncPY2Qx>x zfYQTBwR%^d%pYvh?rr7D>axIf1AU6MyxSQwLPK35wk(1SmojV1E30v5KPzi{{%z@K zQSACI(Ax{;$eHVMOu4zgyVZ<~OQjiKsG+E1e`|)~Voz*8LuhuiLc^cn!^g4o0-mJ8 z`Okyr$$xcJt;Aon^tCfA_4$TsFfb_1kvOuzfP7962&_0)Ef@lXqE%M!Hee`DXIFw@ z1(eNT*oEDCeYe?779o)KVpyX_mxnr=6nTkUZP$l7jBJL3PW!Ef0|1io)Nbj40rZ4R zR)&!JAn;t02eDh|2IExv*)`fVFZ`CUe|Lv0#CUV96PZg4``O<^{ zq?4u(T5N;@`4-PQ5K1F2jIn1{)bA0{1p!Ozq6`1Me0TeR{6~y%muN%I&;XbLQgV-b z{&y}mBfabUL3ZDP{pxi6f!Xf{G4S$c1Lch*&KP%nv)WA0{x0nQWqhB!{Uw<_jXNQL zuqu0Qp9p|H_JpU;5gI|9IFyEgx%bs0pbG;2I&H`#R6p|1Er+E^x7cnfi)t8zBGRV_ z$~I_a^7q-;patR76I8}gtS{aU?tXvF#`Dqr(kZA;8TWyRJ#6JiQX>6nraL275X|rc z&5I>y3P6y%tV-A_>e8p?p22987=;kHxPva;)tKH1%9zDofY%Q73!h5mW0uF<63P`j z(>;_g1j;p^(y@H*943Ll9Tz8g(-q3?UD&;01pDSkb!lgZCTVnR+lj8w!jlHS_ z;Wf2~Js*al6X4#|VC88w{+52W9MGaPB3}ZJ^Y}kYqpCA;kR?TvTxN)b)%0+6H zxCL6&N$c2K%j)w178I>~R0RMiP$X9A2%8Kl^W!~)HbbbL*|KXiYbUb>F%gHp-QI_C zN?@S#emmRWkRfliRg%L6vk>H`6^;#;hO$(>#<4X{^{y{O-j!Uk(3OLz+njl@ma=?HsyVwZ&!|0VSh$(Eeb33^AfDsz! z36Z^eIcI|=8tKC=>3DSIh-C45lQb5#$2n`1W_40&YZXTMnQ(>A_+ZgTIGLlWklngE3X zarGmAtRbnwr-9!4FYA73=Lf{K6JB1hOAHAopl7BGTBtWJeh5Nu7-`oy%$m9&d= zi6MxHpBq@^$h8Mz;_1ANR;V@Z^r*cg)c*YC;#^`B_=4tP#u8?s4+#h(v)tK*V77OO zx5DhwB{q=z&Ga8U0$pL80zPRXR0knDsq;=E7Gk7LwX%=_;zv;quj?^6e$8&kwj12}`~^f0I0z zNXlR7$~1o+eJlR12ebN-Kfn-3KgLiSKV{<{g)s?q)6G}ngcFwu5!t<-7!puOS{O35 zB$&P=lA#W3MUdjk%;MfNzg$7PNYC7*!t(>Wj5_c`AH-m_7OX?r$cH!X^r*ck)c)43 z`^_mgt6}I;8d(bti6xYAe36*#J@c(FTX^OWQvbd$c>?9=NXJSOTL;_dD{uv zNxgFhMBqlT<((tSV-J>2Ml}nXhe#Nh-CBC@{6Yln%SSV8Ye`sfD&;%|TT@*Rz5#FH z8>o{3E=F6_)w&5j)=fEX-)6HCP@HNX@QTh7O3wlpR z=-Nr6J_u7p0Jjb*lL&Ip1LmeckKdPw-|*-6T`+snd<^QjuJ9E$%FZZosf)Oo=Y1iV z?V~8TsYHM?9^+E?qGsrZ2-0xb@S%^RT$H*sT0tli{CzSi zn$UFt^C>+@j36T%*m-e+#Sx`eLy}rBOO4BezTm(`g1Iex)sOruSs4^4aF_9ir9b5| zinvbrdL@E^Wz$uQHWT0G_`;B*sP@F5dkYc2N&lVg2-iv zdv=FF6bBR$GaYMpycU;^gx9lm7ta~Pg`?;Leu z+$;DdeH;yD^DHUpY$qH)PsSrTs{EAGr$L&PZeKZ7Un*byEy>b{qG0Eh^J#uNEMoP) z4TkA`-MX*_=$OUNZFzxZJE%l=V`qMQ+L{dhXsOksy^k0oh*aRa` zMD^Rg26b}Ts%*+yd2u}$3YXelv?(PFS%um!P3wsCF`W&DC0yS~-y*$B%)a9WRn?FD z>jv*CjT(=-Q3S0>y`-GS;Ho3SNsSr=0zYJSnQW$d@L|>%4(g4X;&@{a#}HdQM!t_i zFIw{WBBkR)x8iEs*)$~dT_Pges`g^n$GQvlrQ0;VcfGf;S}hf^zzlI{S%!qTQ4H|; z*)-dt@Y*2YH`^#$@0hUZsnrpsn-BaNu2)k(A*&Ce^AV6kjRArVY z?XHR4n1~M9rfp5iqDGR_?fTV^uo3fy{UnPEB@qy*yKGBF{V1h*1%Y$Eb3X`^EiCpu zfwMiY8<L_jz1&GIDp%}Mxr^DtW<&Iv&NR^th z&PuY|VIh~YKMu~X)S9+0r1~*8HKDGpWk-b53^|k!k|@n%I!zLP+1RJRAPgs)Y)u{Y zI0Kl*t45yQbnKHUtuS&NG}{NAUcm%@Ym9u(samn5AE9e<>VCe2vlu6KB?QPNsWgI* zeP(YHup$AhrNlrUW--zAqIExU3KK&0Hg$(f0M8h^C1J(|(^03Lve7G066{Km^&+q< z@E;a}0F*fh-Z*oI7HWM5fpUW)K;mBl3?gLPJeGa_~Na6L5cIRCW& z{5YIYf_UVl6Ok;8!zkXuh46ZGEbt6ER)_(knP$N{5oQSIFq>}s_iA*k$;-D2ra`G$ zO~R?uIOQ||_*~((5aEPOfq!Zv5kLgh9iv_s{n|6XLAY&RV%AmN`LlM?VZZF3%wNL> zgI;yXZsaZm1Vq5yGV>+m?z5G&CRmCaReDLI zhIyRV3`3NJdcOoqC=;3sv1$x#$qg|MbOPNSG_G2MH`!TQFnTWr-@r8(F@m82;WncMK> zh;^O%_Bx~Sx1xVt42$ct&TWwni_UjF83*6Y z5)zWergpbJ&xn%@0=t-F|MRR+l^kE3d@6dq`%Zsh zUP0~6jdftUz5dxrh+yz;h38BT88h2@`1vP>rcMhq^;)2*+XBt`Ef$TnDQ>cqc3x6% z2ou4w47<^UBo=Y3?bi+Ya9!HDEX(iro#FTMac4LVOsjjO(X`)D74?7rSf=umDrLh= zwu;ZV=_J9w{`o&Ta5Hz}{H`N~QE)ExjAEtCMnDLU=Nb?4Jj2x4D|D|jQ+=#T%6u4` z($ja#@<{WDGt+>rAw#qx{B!6#7*A8f=PL#k6C4{St`7KqW;6ycmv8ga4%+ z2EoN|=fSTccQYj?3!3RJ5!G^5A2#I)^4sKeEF&9TzC7o$c(A~ zaBnW^_I~sxmuP9H&wZYXPksIS+70U&tBowKC);IlQoViUmnc$Ty~vQ2xlb4wJkxl0%+nstF2T$NMw^(b@2jzxwtEW`||ohuIuPwFer!P zQ6M#!;HFeFp?VRixP%GU5pXiU2~jm~ZM;7}jt>*&ynGl3ooc>2Ge#ZXb;iMc=P9@> zOnOJRuSYaxYB}5@C~tytP{meGt(Q;cz7k^cr&`?0o<+ZGAQwO(sv#43x>5o4N*Mi5 z>vogVzsbd(+zbfQmr1Kx+Sa8q;MAYm(pG=XPV%z%aNn<;pB&Ja^vh4FM5gIqf0)0f zYGQ5hABWv*_0L=RE1zM;iU_Dc!8%M6gB9ixlRIrkjROW|p@?J~Ug@7x-AlwtoUfLt zQD5kasjm7r*1SV7`)|D|)JNu~u)MymW=;QD{3!bMzvb!r6syzqzb9|c=Uy~9^PBs^ zYJ~H5R442ks#RF*tJ2FjrMmU44v7JPPv6xXEQlqX6X4kRjnb--GS-qEH8Pke&J}!5 zzDEyMe&L^!1891LkL+XfLSRbAbLg^z*BCKS!BGRU=owzHmYVnWyp|*G$7Fkc!=Ed9-ahx*CR9okL>@m+Z>7vlCQP>Of=x)?3)Oek~un=PyMeeKlWt*_D>Bv?_~f7(5t_heiK(eAfc>3Q8h9c? z%xBhnyZQh#9LKqiR;{HzypW{CQH-eoZq^RXfWWz3^wu~9&cPbO+Gn0YQdTeAf_T3O zyZNC-7%wLUNtCB4fr@SFF{C()aH#84Uh^7lu^j(#CxwLe7d=YDO?!+~Fhq*3aVcjq z_)*AFOQwdWK>LE>>4G+9Equ+1WW!bXnxK%0C~^{jyjgHaW`QbkP9bx_PTJ;S=yXDC zqzl1Rjd>Fz*_Rs^?o4st1K3qV*@C;iif>;xY4^W(xQmG3B+VTOijzgpAPS(ZDyXIFx~f%5G$hZb$s1D}hwRwG;aC0eSK{gWvmZ60#f z{M)=-kfbcm-HoGR$`h%$+Tx*oxpJVgT&(4)DQymLR~IiJ%UZ~_xF7V&Clhg9#4#dN zJBOHueo&s7g%>9jV3Tz@{!m_zf?jttHgQyg8cEyT^I!1cm*7z@$6e4F7D2z91#DH# zz0|hVLpy;A56>1-#b-|g`ITLB$)l9yf&6+oo0C{>_4!ocAj zZl!HR(jrmI-RE!ZeW-F`kZs)0dP(*G{-E{v^Xr$36dC}{A=@_amZq!xk zSz3j4o;2*<-nE}M0=4!uH?F)R4ZkI>Jk_n2#g(z@UZB6nK1}EYQI^M*>-JDeLzIz~ z>>-$wDfu=lm3nXuYj~BG!)s~g=|9TBWKKttzc@6^T>Gf%3P zc*DCd%kj9p-~9dw1#NV@TABJhtgUIQ`zN%i=g`iGn9g>M4PaBo>~t1d?zi|v>t%C{ zV#cBW)uj4k%F`&F+eVi#j&sLAbFh7bC}@o;8|AZ*k&IuYzj$d z`*_Xfz7mc0##c)3?R77QU3J%FQ!eYE-UZ7#ay6R$sh_MDeKOkF3%?h`{^aO(aoj^3 z{$qn5&yl7%MNwk4r#z^y`z81yHtDgTkv{Mk+jRRI!dOZ;Q{8TUvM`o%mc>x_5O@t3 z>rwUf;m*Qxdi7(jQ!k%V5P<-uRUY${0AYyITr5d-@|vSZwRJQ{#6!%G8+H|tiZHRO zbEh;p2Ve|BsHvsC%O$tW6qU=SAiU3H}0<%axye3je2r~>LJ2j?Vq}XS+5-DDY zyh#Dc^%mU+7^HorD;S+>h=W5W156wmN4;bfaZ1N*A8!b(|E5@ zc>vlC01+T?0{L9akA(2V*wfbkTUU_s|4c)>F z13cHzC_yecr6a0Kvn_WN)D=MVOqSExMXY#8+bdCU@#{bXBoB4H3bpGD^t zs)IqCS!eXM^(yt#R5%dkFie>%_CnRIDb%}k&uFl{aG)U{x0bWIkHP`doypC4j;dKS z)8z{Xc2PLcnw#v5W5GjqR5)NIr>~KYjwgK7)W#CC1Y_p5g%&7JGF`(o`_>$X6wNZ! z>*R0FOh4jMeX0=#gU)Sj37W?M2u(yN9LFBYVj-~hA=k#x+Q*Tr?a`+LKClV~vlaSW z1p}^e^C~Y0Qr$+rzJ4jrdG738D+E=! ziw*17kbPAvX|PKWH`_m_ULmp4WG<+d&~4g+%c564s)AnAi=q=~c~p!GUErW<_ZMLY zNJ$QMus{5nZpPXU>AU@UNjFvN%JZ|4DQ{l%ku@G%@wFc=pPuJSYIPrfvEDeL@{RlT zB@}BUa?P71B^_4Tg^8ZE_M+2&EpF#$FlEcK3j`;%oo+Qo1y1hOy4$347{;a;%e=6; zNP{EHz%0|Ly^=i&F-pUvIyylckU=3Bcbs39P%v*ZAL^U`=|xbouNYQqGU1bEV_lQL zJT>pKeH^A45~}RgR>G-74-(miU?ZJ42dzd)^)p(mREP8^EU|Jq`JU~JtHz=2=rszZ zBm%#e;2V6E>Ouo<=}BI&oSJp_y_|WPuy9Fnm0wP^EUi*D5XI<9+Pk{(&j#zPv3S4h zOr_QyCt9DY`)?SFb6C^zR$OOM=(lDNBw|)`@HEJqwH@#E zAM3=6>pxpIhAv| z@uYTAH=el~=|!jxr`_wyXYF!*iw}Dzoph=-IkxXrfTt2lrS7tU7~57Y-HyvRizA}> zsqVp2{wv{lu=c@akKOC?kxLR7YKytPF6txCm3Any)-zw-GuQw1AfZo%=S-IgOPo#l zwR1Brqs^yf)8(cpb>ZMM`5zHh{@+nN{KZDtw9f<$^R znR?VBk6}chor$+Szs@V9UMlW{3y+cEv=tZp=yn2j_E|L%8uU8dzM{|#cx+qKZo7?4 z^B4)C_xrUXgBc`x#MzFrw9Ys;bGdJfJW|_#d zSewe;>^>f|o3JEhG*@_1_h4h5WFcN5AknU1G!*H3v)hB;%HX$yy8i?I`lUSq7IEVd zPDo2;!vVTrLO_AYU3C-WB8tGwt?eD1uN!gS3g68fD=kiy_rYxy+LQnMQ4G5`PlxDe zL3zY;qO+Omi5Vh{0I%&7yc@3cMxfV&R%XB>aRW>lC5snkI+D=8@(Q@dHmQds%BRa-f2fvUJfMa|2ibe`@ z4%WcWKBK{}I^@A`ziNMNnvYKHw{Y)BVPBdy{~;M*pve9ZlQ~4hIb@FSmV_t~h}&7I z9#TA{yf~!HrD%LFo`S~-10JB$08=P3s5djJ=PXhdftc8?JkNmMpm|1KJ07P2#x%^R zCfgd1VUULm6T5AJ=P}P?&&XphlbsPq0Hj*GtFr^kaL(iD1H9AVIGhF;B9Q>>6h$B= zC}PNV8u(b@foS+g94oAKEjmDR8gqaM%#_|<_s24phG8;IWb(}BneDYP+dF(B`Rzzb z9gD!ZxaXB;NDbGxFGr z7}X@nM9Q$!o;6Gni8J6M@yAy305gPgcY75a10*P0q29~u`CiX|K16Izd^a1uScrI> z0-^cy&%3vM#UbtlycMEQZL>DeIbYPh0tMlm#g6A1!6eNA*O2C6*Xx`w!A#ZeS#4mV z=!u0e6IKh`qxt%?6NJcn`Tvm0|KpgvUtuC9hYV{T_3VTQzF9Hzb1;&UwljVh7Lzg` z)uizd>w74G^L5TBj}jpd)bW|Kf%xQ_EJygEEiFMNyTlxziwq!`N^?`) zUXM&;_#R@bWq}yTnbY?Y@sx=))q>3nUoU)L0#ASIL5h39qLz&wdC=(fgq2@8~Av_)rVHgPxpimG}TWt_>fs)kr z5cjLcRVufXsgCKs>=vl^;t73P2dm8Fd141kzN5aM!+R zZ-eiNACHmsj^75yILSCpoZK&(=dnofjL}+o&)eXh_x8hkyR^YWf^e-`qTL232qct5 zim2)V8{dKAI6F{?gbJYh7}uTuC_y}r?eJV91+^<4_T?r#XAZqR@OvA0)m-*@@!R>5 zR;)F$I5q@78x|*DR7`E1R)6FY)i3rd~gnWeDKQA zKEdYvt}~SOiQ%>Xy##k6gi>zo;A6ub5(k%0<6;z)H^E?3JY1J2L#YLo_rY~%+}Qwx zUer4hfn2amCn(pwBO%IooZ8+>4?-S{0>G zbFY@?>@_)JfwxOnNghRY$KQhbff$OIxb*|xRdSrJ5|x}n=JwmA1m!$*GMO7GsN%lK z!FmrM>x}Ue&sfzXqDRCH5K;ME4%+n)F~A{YPQ%Lxr5GS)=SF&d^IHE)YyIB!U~uQS zTo0IoJj`?uw+2FxMH!}gH*gO^9)w<{>*37;kSK=T9}Ccl!SVX%Fk^yIq;SQ`@}gqyO^rqPX^yFq@Bq>uiG&=R^QU-jD?Fl)HU1){{3PBRSU6U@C8F3-9I4QOlb; zPe2qef`~@7jdjDk=EsVO$z5Lp`4{$%?N;* zvD%JJ9yVo>ZNLmK>!d=`rk1p8GXr8FO9WmhA{R4*mxi7}K8Ugy1^sdy6#wXs1NrLU zzPy%e*UlvB$J{)fB~4(fwx@|;$YPwi8efEYlBVif?@u}+e-gn7p^T{ys;xGLDHR;A z(3`8hG!9bC;%QaC?_9ZacxZ*gr{Jql^u7rkAa_%Xu0?=p+?~ zm{OJ)Rc=$*X>coe*x3{893wNKkiJbAIU@H23UeefK9@E?nEIBYl7a`ut}nP){fjWomaiq$y0ncMmcVeU9^u|q;5lkLSHZFL9tLqjh@cLS!4$?3$yadp``*Kz z$M(Zx8)sLjpUd7nsiQQ9IM;#mx;Q}$QVMOWNC+AwGwQEVb(TUllRcWMt3$0+%{zL> zK9?x33gvICzPh^cvMj&fcZT23$DQF=Uf5Ofem#zUN6q}-FUl)|L!6LEvvsxfZH-SA zJ1z98Bs_{ju7`fpyXJQtb+-D~g@&Wc;5Im$VqL9Rh(!49+(0B=f4H) z8%sZPJ+$e48xL_*s1+U;t)mnikk~Sv`sLZMEN>i&gJ8wETJV&XF&6!6Yj_J*E%?_z z|3~fUG738V>wur1je^m`KyB_gm##k{m#nWuMMW$XLCw=YjW`YgbrM5E&LS>VC7b>! zNupUtp?V0{I%Bq3rzC_?JN+xKiA3;<>H81&=Av%zM{jaTMa=Tt=c&+}e982NYKD6q zEe-TFMgQb)=gpYd$VyrqxvWG;jg?k;iCTlRhs$2~O0U!MMZxWhf+)pIBx*+MRwE@m z5!_BtbQZq1#gbWw|Y<=dA<%vhIfLms6jmS?>B5e;jtN z)jx0LuY892K#XxEGp)k}OBHAOh{>HRczz)O@hq!V6zWq!20;>5?USbt!Uz(`Cr;wU zb*V6-AU1}PcLz7SgImS=5+|`<|9JvmS@TyKHJ?&jb2UK9BDsdnN>c*koWd1sXq%*# z==U%u06$w7&8`MmrQ84YCwZB{@K>n>I~E!@Yw4J1N2vVo;k#|w8+?_ryg}$_c38l8 z8e#X#cv3IoB+nI#Er3|hcn8dQjSKeHxUt!YQM@UN(bcePcB^maQ7t9)lcw|8$`ezE zZe4+fd737~Ns@0?WwJ2D!Yq+jWooL-@Ke#fy;GXAo&(jw!kl;oI?k3cIR*vQiBENx z56ELiW{Jp~L=avaguQq3puL+J7w0VaqZoE?x>wum;=8RXvlV|~kTT9RmDar%g5?rw zRRO_%`RlQJT|V+sWerSSN!2o`k33gWNo1{OzPe|w|LZ|wq=LfFTE(fKoN;RBMuMMQ zQ&OGroOt-0XffWS?f7LO%!Ki89@)3IIH2F1oghTs%NPBqxwC7uQlDBh(+CmEYD5YYvO-9lzHr+kC`F5H%L=l!odC#G` zricqHvJE0;PM#xQ)(WAxHtw$R7|;WTWmAV$;Y|R zy{Kn69%f>El4qPOje#FN>!#Op>rO6?EBmBxn1Ln?Q?Huqzcn}`#Dfp;Vv>Nnmno|- z$h1Tj9s2mA4WvuFP-lHXH2DnC7auAFmG|Sl%mM$t)9DS-{};){OO0$5>b*ps9V+?2 z_ilU|k@VRoD3vhRn$<3k>px}uRc?=sJKrJ_*wfdBijyl>_g(TV$M~$+O&p{3U{_WM zxJ}}GuBZ_~=p!}Wnt4lk#K<}--aG5dFwQ*;)gog-gwVYs~?Tv`3+1FL%mrb5B$WV+!DOvIp;fRnZg*-?SCXP|A zYMx{q*z@S?QeiuH32;oFTBON5eMp|-F0dF z=8)4;55pE>T1W32gz_J6x%&Uh1)aZyTx3;qho|l-oL@SOz#Q0nt8~;V z9LT@d;TLgb`tu-~Eq`XAUMC4_H4uR+=_pxjWp}=$3`4lOqNOA1)2+XLbXHMsiydm>SmvyBIRdLoEY( zeE51`rf0w!2H3V9MZ7o=EhDuzkUfel7a80y`;$%3g=zz@eRGC@XlWpr2#3U}&+tXG zxv0=~RTfEHbIfz*L%vEaiR12eWJEUokxKO6nfyW`=X_?5_8$7-f$>C^{k4T5Pc=e; z(p5|w@HlMDf1e6bnr1?QnqkUGm5%|z+O1!H%Z2?@P@5kKa)ilGSDypkghPiWj4BmS zij}OEkJtHU*lqh5?Kn~aYBew33aEl5SjL|On+B^rsn=dH^2i4jf%%TkSlZ4WUCQUl z*LXvgl#AY3b}a`SLBtWSmExoKk&8`fM$4r)f(}|1Y`#5LQQS&0(boZ2l%<;4GFoXT ziRIzzH)7R6r`;s<=gBQPO(61p&aO_tr+1|#%0UHmVgjNXz*yv=rX)g}nl1<)4_G*j zFXlk~yIC-qp0u}UOHDOt|!48)AZaY5DspctR|Ma|shb-v^PU07+ge3Ml#x2(DpE#*T8nfdo`Hqdr< z4=!5tv@E%*TQ~Vw*r7etcINsQ zKbou+nuNJXs+%%|%emd&IV2b&KK{&yh3?#19W-1B9ugwEFISDzJ!-ntM)#cYOjazo zi~edNFCbWhTJpIo;k`W~WKk3seo`0X&i62Rt)ky=$ehQkRY|v4@#gByptM>o@XXmZ z!v0y;SEZz8UA5f)i{>9aV>$gF63|k|qTLHFH*DFfOc^!%h06)FJHC6`BGjn6^0~w; z*63g(*yw_>)KUYr7i{wnhPc<+Yo4g<@w}jl^D}Qc{i=p;>Tpq9#o@d_VZvinnS2b* z9RM|w#c<9*p1CmKt%sSY1rYflouT%P6B?&-^#)h^Jycj+SK9Xb+FP}$aGeBmF=MML zP!xlk>T!TDtPkSxSb<&R9D*I$+i2?77mLh-ML+tKfim`jgkcVwaQ#-I!BTNY2d)B? ziSJ)vwX_Ln8Ce`=T&Fivd$oJyS-EPu^bz=^5%r-u-^+%+UwbnoDC@?e9%Y{LP}E!B z0AbuS66t}|-?#!wsBta+B)Ar+Z6G>gisLUK3IUP5s2%MUUhB)JY{Y0@_LA5|$z7$n z1lS_P!mRWx>q8h)qF|FVVaq?E4t=6LBo3eMibDOXEnKsS!kw*923D*r_&YU`IA39Gqv!aTKdW4uIc&m?+$$7}? zW-}YL>;ZlZX3d2^Q1UzL!~zOA{)oCw{su*zTDhvN@fbLR;QxyA<>N*s1f`JZ;AxlQ zEi1$Nfk5uDV$PL(W*i5%^j(bY&BIv0HS1A*8eBzeP`Rtg+t2%(n>pCL<|c$G0n~`-(ryeLg12m;-rUnGlP0IPyIRf1jO`nPoN7S-~C2{-Fvn#1gCF z&XYzsf|~NQv#oc_jn__sFS={IrbowhQWb^&D?OOj&rxvMaO6aig*uyi(hiZ-wy0V% zz|CJH$?&A(RxwreSSx9$9tpOsKsRcvsEp*66bMzE`kz;9DL_e!9t+1NCOA!s#kMN8& z-sCe^LB$=@H80;fIBgwBKjas}<5EeDE)FZ>^k9;zuBmY~6I9ggaheNH$tREB6#173UcefbpXRSiM9FW$K>H<8 z`JAm+oF)Pmj4&t{%WzG+D#i%PtsVKCpgTi42b~vjI;mi=kEo?XcV)u zhChpjnpwi??+!K1ZX4R43+Pf`YxD%~{$8&}j2kMB7Pom(HS-RXukMARdNCu1pT>Y+ ziZyDbo?^aIvcmrcf>Iv>&k#5aD%Kiu$_NVm;v6qhN{Sg`_apE%hDiZ3Uwnf#4oh#RQJt^4oR1yc5Q@?KwW#{rTdiG zu1NbqivY%F_h#KFdJ$Eje1rj$&5SPWXG1TnOG~5t_8SgE?F>9hur{6EEx@IDmBSsX z6#cO4@3hS5lP2{)tfkqH^d8$A-v#I$ zaP_=Ax!%%#nu|P7hSNo#ca;G00Re+*hHiOX*y1GP3N*y@ja{=_{B^-ZGLi`$o`T|S zYqyH8U|s%~!B3GeHeFZ`8CwqcWPc#1w%MU47gbxNR%+>XW!O;xf_4B0%W$FP$X?(B}o!~`D+)j01iok z@3nNfjV1xz{vVyW&jCIrg1%p6KOT~ibv`8=H$IHW_}kws)~bO&5O;9Yl9c5iCUHzT zn+wFPSlOyr@oh-2XSQmxxqm z_;)Dz%;zrSRQNY{x$LuY+4Np;Zl)Rm$bKhE1_+YUQgG|)FYNw+TAx zcs@?A$UJ4mO<6g|kRy{c9P;R|I7lcU$3!n_E=Al0>2dysU2m}sb_DE~@`l1&8=yCy ziW2UQy!@Ih##&6#yXRJprUZabi23j9LAN#PI;i#51zAB%BMMg=4WF!%A=>AK| zavAq0xaC{exS+VoG}q?tn33Arz4j$oWiw^>TI<+*GuN1^SE#7OLKqicKd>>G?5a2m zMItA1h=&`Wg&UaMF{Er~dONf40KG9c=`WI``33}!YR!V@n1qbU)*Un$uBVxIa2jso zEac2)yk`ox(7Re)ZMgR+tVDyyV5ToRMMMZY6{H@62m5)RTft6fO5&vqB|hqU;6?NX%$d{&h>tHR-ibH9Nf^z-bkQ!i$<;n3>!cAtys!{bw*VbAW zc~&(?5xf#ZRPf{*Se}&{7yfEl6_E0)ighE}%})`JKhfl@A6kqO1W(ZKlrc>Kp)Q3{ z3n+hoTv#30{+T^(fOa9nRaZU4)I>-gieXKO0ez74ND7>)t*J@jU?+dZ}vr9%EeYnOrJ=;&|DO<>&OD0}Z(#VMnq?0-xLA9iV znlzOLr-s8v3NgyGMDQPjW$Owu@`^`<)Xr}GU5mXk6gS;rF%+N*}#}q;stHd2;83+MrrPkhNi%DhIiOxL+$i|Q znzARg_5Hx5@@?cOl~N0{+%VxMeOKhMTHlY4Qmxfo?}14oV-7My*~l@p5yq~-M`d|6 zHMNfBuult5xEu89MA%ymSM&tIp8Tz&rQ5s{uNX%5Fr%}homgv0a$9iitoFVksu&Ya zABu-k;*kgKcKrIBqSuVV1Q1y@(Q-=8gO_62tqZDxs2P?#0+`j8|y!WlR(IEB-}dX!OOR7XowD7*m9qt?C=wQH;#OEAiTo zPYy6|Kj+J>1M%bL%hRjO|+ChHF<=ZS*4 zqi+p3^`m0j3A6^7fThe zKoodg2Lcldrjc)u!NVwMat@U56y=h>VP0d1Rc7&FbkCZZb<7Ec>A+=`X(n#y3nA$G?_$Pp}Duu6t`{l$(Q~o>-W|zEuR^dgRyH9|U z``5S^fg!5x?obF*(Sh{f*7+n4~BdZ3A^R)qaRWd!QA4i;^WyxH6^C6 z+dCV)(MJRWfAs$Qt3}3UcXrWs0tcdLiR%y#A1-b7Bal+}wmqhTE37b*ZMhh*iSF%M zx(qZCZLTof+&I6=EtzxQY;es)$Xe}9GcYG}a zfjlKetPZxGz#uEi7FwUfKGqDKMKd?i);@1JaiigR)#~jpeHGRXa^%>x_A4O3n$9GK zemhGoaFNr4%6z1tU&F35@VW7FaYM0 zkGK%)O=L+|vzx+}OV;jqrVG?zUtq@8UgU_<3ZIFzKs({D3?vz3f}E5f)LR?ag_4e? z-=>bj;T;`drYwsU@r*UCDMxR(S!O*MA1+jLV`n#Jc>ry^*BibbP*?VWq;4 znL;nZ{qeKUPS;pbY2zY%kmO<(cg4G@Dio!iA2a*VU@lwk>FJmf-Q`GI-S^JN)yI`j z*Nf}ljt-o!H!I}7=Vi5?4`*9kmf;w3bzA-!0d7xO^kow&lSoNVZyhZ0hTg}H`_!IF z?A4wx>NJfzsh8CCz1Z_N2OfrJ{;$u^5%_EVEmayv5RF6>)9E+M)6$$9u}pevgCALy zi^txr)wT-`cvCX=1A|^GHP3|!9CK?n=tibbN6OboIn179PE#J4kk1B&#GBW{0Jf7PENMXjO|}JyJB(yt(gza(m{tX z573Kwz1Y&9ho?-LLQ|z0ln|m64%j8i^??==A3`c|c@qbu#YYh}N26?KGS%s6*qnf3b?J2M%?s-(-aT*PACzt|(zS|S#W!kgivSSO#z+6K9KvY6|4xk*Hs z>+jP=&h$1!-Q!J>Tk)JI*&!>aB*Y#qF^bwE$cW3F>AaSz<&?U^CG{b!5^5>q$X8q; zXP0-_c)Da4v@QlP73EZamAGnf#iraR!miF|9^a11HjZvD`9kH<6r__A4WK-NP}YT@ zb7pM@?II=!3k%if%f`7!_&+|pZ+BoTh5Kf=kytO~NC$OA8@o2nGdw>fr&?WENi;|C zXw-4%R-I%Noo46W%jJFwp$31s`H+J{{v;UH)IU8^Qw0xgby}^*&`55l+e9Z@2d;60 zwmDz0gOIJx#alb8ddCrUblW!GA1pa?j6UG zMY|?byBLT+F(>^f)3X~Xcwu!Cafq{y5Uw9ylDAt^YaKYv3OM47v1rfU{Olr5@zPlG zlw^HA#n`tpT118Lt0p=@!$c_!vd+jloEK?~5CP>hU45WyFL54>ELF#Rk-p))IEWd@ zZ_f^nIZ;;MXg~^^hdH5Ai5$D3HCgQ-#R$Nu>dfguH6`*P{KRlvBBWCv13Yz7Qe4A1 zNZh5vHjoLJ;b@UbHg=U@RL0SuYGgd9XWHuQ*3QGqzP6K&Te>z4vjf3jFY}qb%5NI_ zrP|p1LeB_sJ6tsUkeckBp5rIL#0vy6v?MVr+hrU{BVY{hkRDYgIuWdA6C~8GtI#wS zmlO~775i!05%0k^P8<~K$Q6}<7-QLF{yxjY_OA5H#jov@(sC5b!ax!6`N^lYzL269 zDcdE=b=;>t(M~Q(@g_4Q*}s{q(NV@a=~M~7mT>d2N)E}||8>Szmgk64@r&&o;hBrbmL8FplxIw2XZ zfkb3o$65miwk#wI{8@M-_^-AdR`legIs;vNN(eEt|E zi_gd+JAXc4VlKWCN^&|ndzePDyqsa3)t#0@6H&fO3lYU){F1Z6H)=)E($D;6S$t-d zP*Aox=4Z8@Ay@BUiCR%#YW`{BP#d@T&42CvY7*WGh$9j8IxqGE+k8KeiG|>LiVTX; zpy=0$TlfLzc4D%Un->CBYHs4-uZ2H!n?trJs@TXAuYV+nm8*NeaE(=Gy(&@fbi=YP z(g`Z5rS^n*Yey$HP3rZo?06djG7^DEtx#ZT}q zo?_j>lYmGlpK1|OiEVjNU+<`w0UO%|Uj-31R$pPNXFC5v5!_PcQ-e9zd~v`R_9&7+ zfdFiHICHTh_si(r|6-^XrC>$vCh>W}Y@ zj}Dc(Uk{9D0{2}hmkc1S+H%+&X1qpek^TMt75e%4{NMf9`(wiIyshFTXP_CS8ICV& z!@lCe=_!g%E$Y%tw}|AUj$|k&Fwongx}pqsOcQ6YyHsTbW4hZ#!Dy=cB=(rS+_>Pg zg?c@D?zz$}$7eu1|K#MSq_>S6H_cen)UeQKv)pqu6dx96uQ_&I_~SdG67Ab@{?;nf zD?ZZ1cs}m#6}6GtL-6Y9(BCLbg5=qC7jk1&=q_6Sw^wO zm3!-4;LaOqqs^O%ER;&1dN1E2?s=H;{ZMPcqFvw(@bhva5rI7VRQRV)*3X1#OdmP@ zGrD$0^U(fSK@WX~cmcBF#%}Fwlq)PrRvER6O$6yy$f?to=P6>QZD|}I=ciKCl_HCJ zR?1oHr6}I2a@X)zs%cugb1;RED=~D26-Sy;lPFDQghA=gQ)Svc9l3W@n<1>nM`9m> zg!!q1+yz!N%^z3SGUjSXVkZ5;`yk`jL1Sab6+Zktk_$E8RHahb%wIk%B#y=(T0i_i ze0$_d;FRLaO2>cYZN2b)5AGlN;mmcS(G2gn z+YWsAltom}A%3sA6w%61fk1nD=K8G2$q!H2p6e-<%DHT{`D|!;KI!o`!TKyfe5%xxg|82lGbj_b$W3{r`M&v=18ql3Wy4^Lv*3v&NHU%mCK4Uy$!hui zA@T-s;uXm^$A~geO1o0#o%j>elwu-SAZ0d)ka`Hpi&`D?6aa6FJ9rE3BP1d1xmZ); z>=9DS0IQM4kSAx_Ro+@|KxxCa6P~fGzVRC&{0W1JbVYmw1ZccdBLF=8_0uNgkK;vi z?-$LrW#lSr5Zm7izPG1ul$ed-#mhgJ_y}D;mL>4QtI-f*txcf7M6IZvwQbOqx^M;f zd&X#if+O;-0Sr7Qw$Ifn;0RGAf1=#M)tYB2)t!jcf`}#(Mj?sPA#=mEF0+9M9K)hM z(A~2orIzlz+X8H%6i6a9D&p+EYf8Jjlx(z*9>iINpt5)Eitgqplhf%)*NlvNuVBYu ze5m->i2&zU62Tf9D;qDc!Sfz}O)ac?RXh~ezBod=r0LOpG%PTl)g<(k;dVjC{a7z( zoxwm`H!XBXhYQ>c%1CK+fFldDm*>0H^|mlhl|#JiTiES#O{r72dO$<8ot7WI!EzRi zMZhhggdH{XVzG$bR_29sGgLVplm=-tyx&CqSzO#l1The+&5+f~4NkP4{UTqYSD=zp zMjOTmBHCZq)Zo)hOzyf0F1CM;MID5!RoAx_>`1L}fhC0O4R94NXR^yWCKCoW85g0_ znh_!yCt60>=ZG81tWk1CKSc^zoAf3p)ZxS3(~eoq2OC0}Q|e&Ces326#5r^nl2})5 zd5e?YMpap5Si|;4Azg9PR2}(=O`tKM8w9}b7iZkmm%L%gVw zbQNvqq23M^YN+hyIKjlwKY05(fNWNYczVZ^MQ<81>H&>Mq0R%#LJpQ6Cyx`=k#Ixo z`308K^o{VOW*2-t63=9%YY$X;2f5fj2!}}}l8kA5%MVr`O*$2JQ&;vOaTc!OWeQm+ z%o#$h{^W@*XnCX0WvgR{no|+wrKjYYO1Yecyh#&dvfNh5Y!)~K(UMSSbD&q_?YTbpLy znvCpr?sLV6xi|0a8y(S$_CTu~Df|eF_iEtjtXgo5JUuePvJ0fLYI!GL!`fn9|;0P1zd%`0Yo#X-}V&#b(aC2GGW8az9Nsi-HOA%)kUT;mLy?rT>`>RYXn3 z+<6f_KKx>;Q5h$h%+Zto+7nG9DKFtB&h%JYW|53b*b{8WJQD4H9<=*92`I`;#FM3= z#!z$JoNW2_s|)fjWDY=|tgfCuKuT-kyLGgs&^@tny`3fvwRV8>=>!hV$ZB zI5CMHE7kr^5Xz9$g<{cn>5FOd8RPMX}P&yJud6$4gV`4z$qS`_&25a zEuv^@(-Urig#nW)7FAw~O?rF5^3ZOEaPy-xm+`6iJM!w5>oqZ-om@6mqvP!%8vgJP z4`H>Evt+@9V9_x1iIS%J&=Yj-ku@92V40OuLFS!9a++3=eQ<^xT*dY#YZo2%>sy(P zh=TRP3+fz7LoDtgTeDYkEl8po*{wCTW={nqaW&a}5IJ_8U2E?e_r_c6EN29-F;EqX zDqhXKIHt|LxhIrA#l4eCenw|Ol38*+N5Y+kk@jrTCoEN{7p7=1X{~)C*WK_fuVpvk=$E~EZT^H-zp^}+eK1Hc zbd5Mags`V+XaXohoMJgT&GO#AT13Za+G9;82!D51;is8&AdhX-QG^EB(P#Ac*OOsq zM;36#F}xJUh&6}{-@)UM{FMa$gxY}nZJp4K{!b9Vq&1$?cWQ;=2`vbzKD+S1M)U_w zG}V;Lyh{3scMg4#h&znCmB}S$KXKvQkccc2WaZb`Mu$NcFn7NQ``jb8ttAe+jZW{8 zr-A!cFot?HLG3!lAJeUye6CcZKqDJD^OUNJ`oRlAcA2%t!nGh9F}|AJR5+ycR;TG+4$Wt)shGjCBSA< zRkX)urO?xy<_V?pfUo!CC#htj9Ru{L)4t}xW%y%rSn*|P&N{n!bLXY?miO6JY;GL7 zfQB)gq;y6uQFuLZ+#x&z)Q?3Fg~)+*{Wn6IlvQF#j;I8SPEz-jxF>9M6x=c$ei<;L zG1NQaf~?M<>5Xwo?Y4Tos)0BvqSj)MBICpZ9)e6Sy|ZOq58U31Cl5NBM+u4gm9nxp z2WhkRSnus(z^e!}a9WdKuR=E@U=o-$Z_I=c;9cS|~45 zK>V|@k+!3{nh4LunWM;u-H5GqwXm&Kam21`v1zDnFmGrs z1p*NT*pMn%{jzvqSW*DJOSW+fT4kk=6k~Ta=(6FDhJPzo9Q&1Vj}Ne)L=h06mDtg<7O89x*`ihke4rN-VMxjs_%g5EM)EF5I6 z{W!r^D+WRaHlzbNSCvJT9h+bDksJX>Igm#mCIEP~NITrkBuR;$UCB+4K@x=64K2w+ zlPFo_Ysr{1Pp$Dha^GmwQ2TQ&cm-CtDp7M_0*!RM{@+fB zARqEpE-(?BUBjk4|3rQy&UZzARJpPg=wzb(-a93~qKGElkbkZ?CNC4S=<2WEm)<2G z*ak)J2*v>ghXJRAl`_g0Gb-7%_E^*793p(w)C;5wH}UJdyIFx0W+owS`F5(qL}vV| z#e^fw2oBB2(3nUx=<4cSGtYuPYE`N5H8op$pAOj5Cg#Njgwt&tATjBVW8Gw9Yt3b# zp~I=8Z7koygNuna6;W0i<>RbKaA`!E-%fZKf;8Gd_fOV)hZ>}zPL}Pa$KP`V)14d$ zeE0}geVuVexWzIVL!b%Zq>vKhoif??bVwYY!|mueNRj(xhyYbf^*YmM1w}J*H)oTe z1b6%(N2>0l^WyeH6p8O2Lh#u(PB4?=Xx*4HAMU*T;7qlzCt5Y6J+NCE(!c_VG&x@> zobZp_xLL^_)eT zJuWf?ti@!?TI7&QR~&oV&w7sKx_(`StD}oY8W9Rb6cY`ha#IL6$hfVhG3X5v8FwiU z-~Yy$1DlBhlQ-4-!?%7x8Gol<4sslPJg~^6s%*Np zAA>vor;Y=T+yZB@eN+IbXG30fA zVNeC}U=)&7{6%mh{#{Vu4g2O|d}SPS4yW(F{`g-;p|9fh9I4)j0h&+^xQ0j0oU9)E z(bd=<3nm9|3oRT4B$})qn_b)M0FLOp79?(F{BGh-pJVM0A!6riI+|lbFIhA);RbZ< zfvg()8{;!wW2ao0qDQoDD1?>M?$1Y`X37Kgsj z`Cxp9e`)IvT~5wB2|td%XbjC;OWaXV@Y|&f6D5`z1#wfy8%As@=c;UqW>BNyRBOI6 zFxdEJ2cC*CnDpbqrZJ@y-&Q39?4PD=9CM3<5n_JhNuCcSPlsmO7cqKpR7YW}c}U=P z2WKBsx7uZR7%db5bN*3ucDwLa(C_;WojFOX@Zia`8#vcrNLACJar5P}@2k23RF|`$ z0YPgOY4l}uobRd1o>%7STw>yvqT)d7O`~D0jItA|>S&(%H1KwPxl1bs0PGbbW{o9J zOMJmZx2LnLMiNHnkUv<5 zqAavM*5abCQ!Ep%#a5U?x)y1`+ZF@OHuY&}P0f9Y?29YV^SQLm_ z?w~XbQ&D=@%XvQ#J5*WU&=!J1_ILg|8JVf=s9eH~J4|}ivPRrNBnx#Aav%7S?c!Wn zO%1>HCvhYE7$BsKNH3XZV3VnCMM?_)avDk~|pm#Q0};j^7bFBl%+?x_{onrUF{J%$u- z-Cdugit{3Tpy}f+Rz{z!00$3e6!~huO4PplDp1R>!bz~{m9U;3j*FxjA_+`hpq8s) z>U&3mk5)%s0!zg9*c%vIB+e3JkNVwafVsJV_hBLgX1uZo&wj}d?HqYXcy2i^2_q8pw{mIWgkZZX;U-W(LjTergELH8c*W^b; z*y5&i=Bv?XkV|f|Iq0MG8y0# zEz%NK?A;S|JU9M6?V*YoEeUNeG|a$-H`DEnNqJsKjLvF@8k+ICIO)vqR(32J%(n}L zgcqK+A5{^MUk~VqpbF(x&&+Ab5CXP;!{9#`9ftPexn(jM3Vg_5-q12)p9e0knjxOnowD+YB?ESY> zoJlzmInh|iX+QfBsqHlH#wm}xtVKY2>WL@a_I57)s<)PM^qbw5$(ngPCvRQbufyLsH6+w z7g0qld{a(t<*%*y*M}rM*E$M?tki_n&iL9-^OWcg5uYDMzt#^EeMOS(B83rce#rD} znVvGGqs}y*t?zsRn*h$o-HW;nhooiHq?lcxyD*wHG1xJ7^oYB028QJoJxRpIfZZ7Q z-LtY@k2n&q7_Y7$LK9yZ#>#gx>!~^KqYiTP$jIHXVHEsm55I~nh~yvG@b=}wyJi5D z_>3yel-aIBrvULJ-m$ETm5k$CG!Tw_78DZ~WN6#z46?EDlUG5BAGlI~^C@P(O z;KziMQh#Me_DKu)*n+jyoJ7E7k{hUEyk+obhKg0h8=QP2867S>HC9?~ z%{QCk`cKhA(Zet$>P<^wjQfd#h2a9xrAo*Je@+KQGRy?7E7YdEG#65WtIKh5%XCVq zvBl*Kz>9;##|^Usnj(@kl}ku!d{9z4j0yg~xNoAX5xHLmJ4u(}c$-0??IY zVUdo8nJ~H`><2ADYn}T78K^~@;)ud|?6U`UVDx93tTmd`!X2;=7+@G);_rVUQFGN@CzuJe#&_}wDNBCA5X(8Kg>|(qD@7Pb? zZR=dR-q4Cr0udUKqZV*fRcKYJ%5 ze{Z$Dr2cw|vVKerkIr42qQUkggWqk z?Unpb9mymr?qZq%8IF8A5reRVX)KFxm6$O;g_8(O%j8+eL`7pdRu4D|_FkTaEh*i) z54+PA+&R7w`}k9_6pq8{*$d`*q?Kn=fLJk<^ze!S#BTL_r}al9BPcDT=k`KFyVv3< zzhu#YV{TNT{`N0;5WcBPkY*|Xr6-*e<+vl9$#Z*&-MIRzB-dvm*rPcWa|6UHWB}#0 z$t;1Tr-HJ7mf|!i-(F0Pj$v`wNGfY^);kgY{STMgm)leMR+wXpCp#3?N@6t@?MAZ0 zga*T_ejh*h1+pP!mDh0fTVHSxkbnO!ve$p_w_}9piQbs_3p(Y>1(N$Asr*1szg+9P zlJyUW$IgtV!9nLup9F5_*{)DfNsfhIhF{|MIVX6K3FL!IDn>>U_$r|vdV=rYQroIC z@(`q%Cag7IBhr0+yg2h6ylt!VB&&qH%8lRm(Y8^a#@R9L8uQ_2m7z>!9aLtF61qNg zA3b>KxBZ$+09tY*q;eOCQX$V0kYd@$sA8Om_nRLa19Fxd?BN21 zVx>Np8+KL;sK_`wRxiU0!#0?d z*v{d&&wGg#MkTP#=n)s6{+gFq#a&=!w2Z)GbsBZv{V_7z@)I!I;{VNI+%_mtBftsD z=dlMaUT5W=39e9VOJq&W3;FW$Z+K))Ju$xi-BYYbd#*k!{%p$fbTO}l=6-7OJSIRB zY@_RVHqnM?W@MavRxv2XaHN+MUz{+{kLokckZa|sUtkVA4NT@Vt-h>+TqbTFyFpTP zFhH3^Gt6Qt-Hj`3^zL(|1%G?>GLWzyBupG6KhS$ZdeW(d84N`pCag%tMTGkFqY*m+ zHky+Rxk_2jczJ-al-^Hv=4Wh=-yskdz}*7XVU# z9x~}qNi9NTGL_L#sH+m-uwP7v#4NuFi*~`CTjb|OV4zxtU$nB#UJ7@>O?!v9>&#Cm zC7-WO>2x{h?|vqbgpq&p_(RI5b?3f4PfTg%2)?WwiMaFv#H<>>?}EB_8~Q{lB@uLsjtjUAQpmw?nZpC)d`Pb45MWFd%>W+BgP3B6ij`h0(Do~$tWr4zL#Y)T6< z_#(VN^qiV1=H3e2)1)(~HzWhku#5`Ys{ds`HyCzz?+q^I7ewv@eocMgr0DeUx_>cN zq2P&?G^m0cGG&81m9R>FvQjF%YTPgWsI0pI(kK$NoPVI7e7%2_W(G&4c3%l*ZG(M! z0<*w!A1?lo)i2i1<%BYVBrSkR4MC8Qy|0d!ZCm)17A<72*n6=n216Obtt?}VaM#T| zW^urKW0yidb=6+e&(W4r{WmGC78%3UQh+cpk<&1x#n@z`0e+?58}niS5lM~i=?nt7vdQ(ZHbH{p;hJDh zT+A-{M~M034noFey3On70xFSh3AG{f%c40^$X5a-wx@1F&R21lhYsG3m z5T!1Rwli*xROwb3jvMnnxbd~INt7_^fBI-mUQx2I0lSe{o3`)4mYW`^TL~HSI8P$> zyNYAgn=jodS1+Sx0a;0dABf$j-~y-bJA{!&6N8>PhTjH2~d{x$3Elae19kuWXsm{NaEo!v#r=#6)&VU1qM%;Gen z4o@gT?qFb2v>$hrC~kUFDeFWe?>O_iyF8deO3n}Dn$ zYfAdfM9YUi-(DFZb^>&{3yZ$iF67yp1<%e~vvmoDMTt1fzaoo&>hX^De?5U=jXCh& z)wo_ZVw+D`r}4mQ=U-$UW_4G#^@eYGpJV_$Og}XGz+a2$c)OxOy-YLq0}qvPnjqg-GdF-qP6)&I3o*CfGw`{(K6W=yZKv zlXIOvo5ah6bFJHKp27KuQ^=Tk>v^fN25d`7+v1H5`?9Vfe16J{u|({hiR!{Z zsbF;EYB{Eplf$i5OB}lcc~uIg@V3mWdbYZGNw}3(6U5(mqBhAp3;ss^`#9egOS*6O z$Y2ergb8utFJ9WNt}rDDl=kh*5Xf$E`dO4N=E$hs5vg-keXqAXPc8nCihXQ?bLaxn>`wlmk1wIPli&FY z-&RRQv8x@W9pYRsR$noP?Yo1P|7572;tg}kl^Ut! zK!(G|vL-Rl-?5$42Tu{-sU$KRrcpu-cwBI05+LN1NGRH*x`x_>n~ZdV3zR_nK+xKYgRd?xyc2p1oWSY1=TXO zPVH2+I48h@!A$^ibYb7*t9u{H{M$GoU+~yA08MV|eal1A5Q@%)^dqG`lkWW7c`EW* z4-H^U6`YQYIc7kYiLNYlXpfIv-dH%enEenfT`V-1Pq!_O!@qv>D5Lb9uc_Ay2#`hir959MH#U`XTp&djkh=Z%*n04Sj;jJ)ds);2w-AlW0gSl0xM*$ zWaKcg<0XcuBJqvN4Tn`@+eeWQQ;^wqq=~myeMXM@AivW%*5kEAUMBmTG3oD(_+A)3 zW+S0E<;RRpvD4gZp@)qyz-s)d^4%kC!3Fq>+cwz;Pp(XH1hrb~De;4amgF<-hzn1( zk1z^fNAQWm3=cMtnnz|$DlMqlcJNC+)Nk4@4r#6=r*X>p0MD+vZiPK2X?deL->gP= zI+x9|q|G?99bu^sF%ORO_q8_!y{^*IN+9aoqu+9$dROev-sRpX`%pcl5Ex4s0j$4< zkkasFeq)7o7?G_IBW5pzUD_zVWDDAwQzok3TNptQ+V81Y9)Bjvu5GqnR=kjnzQ4Ajz9Z1*F z{ZFFNm?F7-}-Oz|hO&vHHEWcSSJTI(alpiSB<%>6^n_G*j~0H4z7X#pMB^)(>J*K&li0; zVw@tXNr?bKw{K~epkV~xi8C&mrJbbF{WkIM-k{%tCg{zzzkcFx9V7C8bu?Yap|`vS z{NHphpf=vz9|8<40}c!f<-fXTVr%@rRWE52qtW zfh{tAW9=An5qEp#oM>P+D2=HM5}|ASoIHHvW7Ak~yB*_ZvQea3piFrgGV&WCMSo>| zxp&|Pie}Xalaj{!RZNFsIn_OX*r@bLlL~5@^8AEB1%y>jcWa^>Ss(e@8y4~uXkr8F zl&CqAT6H9`=<;QM9YK3P=hx?tVWwO{qlg*GN9JAjnun4@hT#2*I`%am-QX7e#kdDY zf9*_w76m2{WH2Q*PA4j|Br^YHT+ElS6#v)~_gLCtnnQ7kf_5O*)NAIRL$NC3cV}0D zAq1DJqNCxq$|WPk3#}R|7>(iVB8${HY>M}szBu)UsPNa)q%O1J{s71WCWGZ47L*Q= z4zxR({1*3gcg-`4O`i!A5Bs_Zs)>=Nse=Np4l`s(aZ9VyeLn;F zz`*RU`y7xXZf7s}e;HxkT36ki!bem&LMp6u=J+WBCzJLpB0WF(VDhdiZB}aWhM89{ z-JE1rZR*v7<^!Tv)+30~nEVBd&9HDCJ5Y^FZn-j==;eS?iF>NVZ5rFEx{PTVrF1%o zlvU0zhZ%nrmz4MRkDuO}Xg;u%x}pm@Q|LdDl_m-wLj~6BmfxWMZxRcZa05+&2nMD} z0tWW&zY_Z|Z(-uV_%B~^rnwxo+tT2L9OLs1mr#65siGVEN47FFHjh@;pgSy!W-XaQ zA^ED@Bf$m120f6}M6I>8#sA_YBO_S&=kOl+<4#sHXYt3wqa&JPAp9&?-z4k97p1(l zB`Dc%m)TZjCWj>&c{5`Xc+6jGUbS1BEzU0qKA(a+6KU!F(RQL{Ra2KHS@}ofFl34v zFGWpXh~TVY6t_$WtiMfn-9oGuNP*#{8L0;)e21}SmzkDN!vdIUwstQcUJ5z>)gU%S z7@BRg>lx$q>CyMW6#i?{@{AGU0sUY(QbFx17=_+vgRh}ce|Ccq52GNmtT-dI*guNYynnct?R37cac(^x>D3%{O^~op zgn+gW2pPkFEAozMo47h^H!q&<^hf)Y4kd=Wd>;vTpE$m$xXV{7eEa&uyR&&l5SY04 zi5qLu(My84lep_4{Ny>-N{SNJBlo3qlm&Ufq?6fq4ZN8hEEmtyOnj4(+KSlg+u;}4 zlMl>@U%?Xe(?un^%oMYaiUOQ^kuxWK~ZURCr3m=d^Y#NgOO#y4Q+?!C&LyZBW_x_&>#Gq%wv%_y-bB5_a(UKI28qgE=U&jQ`_N&6Hm z23Re+o5aFslMioMtIeVn10{&sG*#6$Uq(Hs4+nk)V`l!HZBd$;3~}r*4Ts-iBr^F< zEJ;C-MbX-{5^4v5j81UQ^Us;&__`AQPkjvBi@@36gs|UM$}nen zr{A)s+WzpI4yNG*<&Pr>$;(a+FtDHsb|JM(gy@jld$vxi){xlygL>J>S=RnwB`epO zaZe2AidUd}ilj}g{~iPNTjQubY}FTx7M=~}ma=k5Av^T2!1f_l0Lr_3vkbk@?9VAZ znEl>)PU;hX0FXRW;Wsg~;&1*i1j_1h(a2hYgkQXq4RtQ_G^Er!U?OxslVapkh{H*C zha-L+QpS=R)yGy^B2^c~^eiJ|aj=n~g@q%eE!m)jWnuc}{ob-|duTo~6oF{{qOeIN zY+NVe1b_DWu!Tp1s)3CE*NK_A1oy*uqf`+R19v}@r36kKl9t?WS5vYueVNOHp{En( zI{YVN4Sa`z&kL#%#BBMgUr0~jp{9G?b{VWjZk9&GOu1njv%UiYmjGs5cTWoS@Dm%7 zJ8~e3fwTZ7M>A?kS9?KV46#KZ(WFe;WXm>+6Z1VNFe_1np+%}uVhmt}ZD}R?H4HHk zxD-4Ux_&f?d#he0*q9bi3fWGM`og*&b2ckbx6E`-G92z3Y1nRFu*APi){XUQZ`~9`cteYPpkYMS$rofz<>Pj(U?Su+KYlKeQ?;%A&Pe;nDgSv)i$E^z*kz zfj6`k-37yo1_aV#MJU;Wrr!#0gfJ2hWpcGlxq8|1)Gm`16mi*P#((v~3EMNVHS;lv zx6pXD^RI=2YzsiM!jYBRz7cK$=ZBbjd{&i1ual5M3H1(ZekSEan)SP=J;DZx{}L%n z!{RglxJQzE{2`6;Jn506LI!_k=eL&5AKaz8;$a3o?t8dWnt4*nr8L(*qc%00ZL#)& z{o{zYRC#^s?gxf{5CR@Y5-?K5!Nl1m;=VMmmS;Z8|<@lc6 zKap}g!He=DXv}Z=XH^+~^5OPTfd@vCPA3NpYUSvUgLKB`8Aaxa{TV(2Zc*1ZfZX#L z%lAV#aAQRS3MhF>CeFEKfs&JV2SbFQ_Iv=jd_r*6EVuSVI1CiLoohuE#ucrrT9V~0gLHDhcuIWR~bZqj-%TZHQ^4@Z3&CpbD0X+v*Z zGRZ+V3mR~8^zJO-nXD-WW|0hDtC#_*la!*@grt8|?HqWpGnL#_5csQ3`)#=%8+Gb< zpo2~1`5D%Uj|*PtLJ%B#&*(CsIsLOsMG-0zMJA2;@_AR-As$$&NVOk|6C=WiFbT9oUTPQaAL?t*}`~9N0}KtR3yH{dUIWm56bV>hm0=3Yp^%q}yN?LPumc-9;=Q>Qx zAVN%o*nH#n>g{MG(-*Jbx+3Y@yPf+g=rEY+T>!pKY{^dZXM4D{&Ww4kvrON_5Pa;( zeHo`y^NJ-@a9w0u3UvKO!{a6o-Y3GU=)>KZrEh-EF3}czF!Hisv{Z-uK3vH_h!VSB z(am}q-}#PxrXEk;PKF(Iaa>2XfWifA{eI{gd%IziBF>K|=Kzpvl0>#UGY^|P_O zR5sCfKg!`fwBl9dJQHl_NB7;~Qk41%^YmH${GaRjbn@K%e?D`_?moNc*dFy;ngsHJ zx4FFX_F_}NUUb<*>Bj<--Q`=xIhMFfxRRMa86wh;wZ9pVri`pt>2nmBUy-K3O@V8YYlLUxvQwz)8EhKK#hb{*!)JFW2c zdKx^b?M9n0TI8UXcHPOs8s1m#WMizhku0o^N=KqN;lx@2`#dVw2_16MvtMnFBQ@im zwvv*A4?TlrE)NfH7E3)%$#YQ7X!p$ zApHPN8T-*V&aU}1Lz5Ym0oefMT^ZfzI68%J9FN`QNx_E6BM{}}yr5v{D+3K}lRbvx zLp~I4fz4rm}zZF z#E*C|{GE5|OHRY)Wm}**SA!g{*X2!|hPpN9Xz$C*2|M>~$rqF5)GNX6AgAe0mnOX7 zt;*#ezi7#6Mwhf)JyZr{Cvfd())*WTHW+i&zSkFKwhWMIgGI}4NFpkvQo+fvI~U|d zC1~&~b<{|z%DSmjZ}OG0?(VG}S2`AvRIOEDul$H_)nOA!6;*){b#pR>EGF3N5VK<- zQ?3@9Wv|ZrKFxizZ{pYyMF;Wx&ZgfD~4-Cw6o_;dB**=M^gFFV3D1Rb~!*Kp!?;)p6_kEEXt z_c))jUf0JNYuwwtU!0Tx7)RDTtdDf}cHes8@y6L}OzaBCIG5GwxboLLK2(jM8Pg!8 zJi|UqVT(&tbk?YK4!SSKMvR?8amW zG9SzbyCA0ee<(N*=Ktp)0-NU=YCjdfZoE!z|4e^?w74usJyHg zA{_R=?n0Ch7ghuVgG>ek14n=X@dse+o&@S(V1K|Qgawp;ubj0*t0^zHynA)_y>>ok z88u~jUW8^!r_|Y;TC}dR#h~9-BdWsLlCW+0H%# zBceb^Y%;m2-s{_sM01{dP~MPr*tzk~@BQcP=*wpy-T$2a(FFs5{@H(y7jSJ5m-wIK z2>KV}e?No$CFtt^pOZh{|No|c7UTaf#D8Ss|K){v*)uFwp>AlFn_vBFT_w-fo{>{f zp-pzu-}f*5{O2gd<+W!tCKh?N8FuELUcL-0LikGO1Ng;pJ-{f=+ z9YBBcHhcb}xG!9-uhwl7I4h9W+-@VhH>IXHg2e6FIzu<18xCV;y?n{{9vMCyJHSoG zANK;bpMUhnq8}ya!_`zOyOW0!*)J&O9bZ0Tf;lM|4o=piCUo&wZS37L3%o*dDmr6z zx~>Fumk%*du##f3?sI_^RwL-O9j%y$@fRPbhr5o5HZBgbk9Rklhn6Puh^@GSt`XP} zg}5%9r>Ne6V?s=^bC;I0i}w{YKh6&?sx|Zt9|>OzZoV{QB6$N2aF!>S>uahXNa~y% z7Kv)x3OiUi4hl;$KMVaYPRlcfoZh#K4{cv#!l_be&(|-NBmxE9=&mQ=;5V2YFX%3g zgAN{|naGBwSQ?!Mblb(SMK;JfK!d5)y%)#Dc%oax@;4^YVT7^eh?o!E2WH=+a`^G@ ziHkg27gKq9UNd{*6bW2iB5^N>NWZ5t(#Y>x6J0VJ69@JeohX{M|6+v7)Kjr*KeNcE z98li+uv-~QVRmdsxGbtMJ=gC?FWDpy?jC#2AG8DNJqe*;r z=dwZFd-LRIT$+7Vo-*~9+)5uK^SY%7=FOpt;>G7__P9~>!|zNO*vqsGAN!(v!GYvw z&q0ky;P!ZFcL)k8$XRXLR>usJLl4O()2yVm3vuY`3bVxv+wjY6$%$4KxWnk;h=Az| z9O^yA{0Tj4-kS4bHPZWx@}!DKwDXp`7QjVC8)7sPZ;$<5#IJ-HW#@DqnGSz=X;B4tA=m9BjXV1*ofQx zyLS^Xi0zUE)MU`|W8B3`$*L33KQFmYN<*JCG*@P@ zbwTh2g>MT}RckZ%m{vqZU0Vn$FpV}3p4Wh<_d7opV0S%ARXkywo=hV6nR&T?YaE5+ zO<`Fzf?e_->%frtZP?(_$Djs_j3gBMdHWB}D0i3#^}t^KrJ*K0%6v`li?WVa*~4kR zS%8&Ovoks0cpQ3jN){}o+ZyG z{JqRMgs(awnyb@&rc`r#$_H0+22Qf4&lCIbedIZ}>=V=Gnx?(K6!j_elc0mDT_@qW zz(r6yUHH*F?nDuN6wavrP(L9V2UkIv+27V=>P+5uvP4ARX{s_8P6jL91r4sb@rdRx z*`?tEl?Md&6?LuISP+UsEJI!zZZq6r&lg@Dv9ybyJuzC0w>k*1>h4R=KW6JMAAqEr zZYvw}qbwDrm1K84;{?bao<3c)G>7xA%1l+omVn2*M$`_2>k>a#qlA$D8IVCb#9DEX z>-Q!E2<0fZWOUSbg*YHfINF-EAD!KuB4Esk{x>#~zXdny~5sDMv8VA=% zf>)s}S1Z-r8U5fDqN3_54G(50cq7qTEBGscGR?1CfV!pwhdvv8V3LU z?Lgu{MWcJw)tY`7NE|Bk^G)!jDTu;LYg1H6nL5#akpN_AWKOPni6%=|3Q?M(fbPi| zf=(0IG)2k%Am@u2F2lKfeGC_PlUXTGIoY?aX*ofr_Uaz&taw5q9gTcq7%;Gb+rA}2 z9CvX5$$Vx?V=|Vo{3D{M6wo+twc=_%)(NI4~;$5a%rkA+D=XrDUUPk?0LUWa+ zZ;_I^LZ@laq9b-4+JSKhN6@EJKQj?^UX)pOB-4xpiIS#j)u}7e-Lp}PV$-{)OzaTo9DbVpL*^en58OT zXnX$7&xJ*#ni<2acgiQ2Y_?rlWm5L>|QkDou z_g7lcZcUcb4S&5+v6CfV30<^5;j7YDQ;(oXv?FFlUhZ4*iYva7pUnjWNo<8bv{cut zeHWT;LB%FFl2EJ_(zd3%gXPMPyvaP8tu8K)cHAc-m-S8XVXgOkbWrm+k>{VBdjhof z?2Wf@QayJm-T?n^-i(>cJ~akaQWN1!UiOUm`)!)0-FX;D>MQUfamNHDgOlNlXD)9s zbU|Flq8N3ZyRGdL@1EPme9Aa=5Gj$&jA|E5^apL_>e82hRnM;W>U_;!EqTYmN9gt8 z+g6KgkXJao(qnCMi9^vaA6prB+oXm6yocop3tNna%+j0uN#Z}5N(OXMtmwn%`DcX~ z@V)^>=G1y3%V{j4Utd^Z=91B!Bf_t5G3f?CHgoa9g|x+qg1b5g`0nf&ED9hwc6nG_ zEf4Kkb{}gkEws3Eet8WPCPnQRB#p7_Qz?-aRaR11w#r2a{iN>lw)&C0}w!iI=DjRo!L+Jn3-u`Op7r66;l$?bv`m-do$ zSMKTXNJ3{utKo~}dkwHNj%$hh_HZwQXGT{jM!H7#qadmHn-`|X`3K`;$U9OFY*TFz z#(Io^kEXge*8{ml75sYr)>68%%I3)x3SH1o!b&^KPEVRs8-DEwiH^^f9A`M4h!mPf zOn}iWc#~Q|gAovOUnMd&6e~8=_4_P-yru=hrKaxeZ@OzF&a(yoH6k;C9Qg$0ImrIC z`rA-qyrG9k&g2w@)u|KQZ;#$|qSt@JYvLED<`^%oB@?MTi^G)ZiHUY+BFm>6CVfQS z*_eoSHQgJf`Hm#pY%M8zB{iK`-(l+x?F@%4z%2&-QvvpPnT~3_{wR^X?7|l6BfyoXWO;^6V(S zx~C)Y{My@4*AzT5^2QIH_4mtCY-c5@!Dz9z1DsXbrY)0wMcy2d)dxZKN2i>A=RaxHrB-O)1fX!}3!yX!po)kzx znAmqK*JUMW946@1m}~&nDlnLgjpg%3Av@!qrPDgwXlZRbxgZx)6DO0$nZ8xOd5EID z8xTgfKE}keeS6;+zj;rc)2ZI^(`o7X zY^|vX*C|@QY^dfWtwl9T@66DMdj_L0YY$U#9{m6}Ic78>ANRsg-ND~(eY{2=asrQM z!zC-{9Hf2YHeaZ%(w!twnJdEu=yveax{NEAhhe{m7l35ZL#@chG4X;tpwr<0I&T8nh<@0U+(}wS6 z-sRM0ur2)v+|ufjEdCc~VncufZ0b^ro;9cJNM{qS9w^FESm!XV)akr+T4l_(YgD>5 zGsnikT*hB3(Wv;cn*846rADtinVd}^* zpMQ)jnmRQ`LG7~B*4#tofvf3nTStx8PeNkkD!N-6(N@fS#ApZI^MkJytGo5?O}ijp zhxn>})|Pjg&NX0}F1bVoqs_PrVSIHELrry>wJk^fAE|V@zr(@1)fK*6{Dsg_tk`}# ztw|cEZZ9|cOun>zZ4p7mkOXR7zyHH6)|^N8s-VUe;I)6D$VIX5^8gwGC&)MaDyD1H zfxr2C$g3RrfnHaoq9D(Kj?n-;X}%*mJoYzF z%{?H^v^{Yb-(^bo;6acs_P&=lqnF0brK00SZ6=Rm zQi|gdX>$1`QZoo9BjRO0pUp2i@x->b&2DU~VNAOkFikH(X%l)auWZ!qHb-}_E+%WO zT-HCVHg6^#|8mIn7}|H$K|pd=g2xBGGQm5zzM44YrLZs-vU$IIPJ4hXf#15x&2)-= zNLNSNhw+hGo(@8d`p9*tDI4m!Db(LgL#9K_yTpC zff1mg=8XKfPMeePA=#!Zl18xwaWR?&$`L^IJ&_n~b?I((6B( z)O~s~{|MuiJ<*9*Rt{}qvQwv&#PcZ%hN!wHb%Wpf&_%Py-W1Y|uPB z>Tt=nx{Z<0BLk&$rF%O^-XY^!DRz81hT3)S9tx&wSsNi5g%!`7r|sEfe*A0WnLgdN zSk9jQzx6Fxu0YPmSD}jzg<(+O6V$iflB@%wo2I_ZL zy4~a^BtTDwDdO*~K=)PDIcVxzH-W;lp7F75)gE(zKZ1;b1#RqpzADaRt7@mW85YvB zv-lk1KrAD#TNqGTOl=c6c&+4|+BjsL1YXKAh41nlpxx|Zx4!zu3WDxvlKbmo&sMJ7 zOsfW%b^7DBgQyp=RF969Cz_(=PASv?|B-KVa|#;keQ?b`dEEzG#I$=PW+kalBua{H z(L%}g7MAHH7ZsDRJkD(?W}3Xd_|G<1)D4pS@YU$mG4fFFB zh2FuH>DPr>)g2=I%<{r?-6W$mO8b0&oMX#@^Q}C8vC4_rvk5=mjk>VdBa0dIJyJNq zk7OF{2~vgO(4z)@P;d)^NmCw!XDL^?t5I%;d&yLT456m=;fxG~dr$pz`icip)N{KA zJ>--5rnBNyfEW7o&{0O*kK&V(-v5ej4WVISeXYTu1T_%sx%!;I*{cs6OXGR;xJtbV z|CY$m;^>}H2jSvxIEp=$S9!WA9~E(FbgU03>Ncv}HX5eMwQHJ{_(ll=7>TxYP_Nau zsY^7jMwNrsq2_M!&apq#*?Q#~?Al%)kz`3=VL;v}<;HR&P$2dfFHz3fVB zSAdBv;3}YF^a^DWbG^>)r@rN>99apYiJr`)DpIS*=bx*?Jl(q+tchL<`eBam{rKNK z9CJePfJ22}Y)Q0{Q?+e(QGidp+6YjJh%>9wJqiP;IRQ;M6|wgvx1m_P?O%l0x|M;L zLQkSaG0UUEkIHT7KFXAFOKxK0%(XhkV>fV}x!$e{Dt7#vPkU5flrY?0KoaT1&LmzD z5#{a!JnsWB4j?`Z{XlziDj*BLG_tqK{`TXR%&F1zhA`e6CPG%C{gLN*!6^EQW|P24 z?9`x#>ZBbZ-8$Wq#rK-rZb`;QG7k{1XD6m z2G@Fm#rg;#0>#&8gL#K3&P@*1v>qLT!gC)T8Fgjj!x^7cp7jmbGfgxcul@ii5@YFzY-QXt{K32{O0kYrgLCAxCPV%;G_+y! z$QZTPjiRN<%Y3sKmkj(cjtbBl;W$O*BuEDZBF(wa)zpzNn39uHYL2C9J{_lM&keHF ziDxeiV=fR|Ga9EtK&^jnWL;g}zjKmtR~ZLF+HJ>RDtB(f3#UJDFi-dy{ag!4M7hk) z+pA#Dv9vtC;f!y#?;Lf2-w0`k@Nnyc7G|FpL;dm|0nF_0z2H`EaRnoT#o) zv|Fu23I$5MSf)Zg-rNVbhz%09J9Y6H&(j4ba-SzpA!-{=Ece4&TY6DU5o4EF9}&ah{Zr&4cF<<4%j0nO z1H%}o=0I`=*xUxRnWB=%EGtiF1!Xh1j8CRp#mWg35uEne@asd=fBc*@|9zwlhzvgZ zh4~{dzDP8r;9|qqf5Hr7_8P_$L{Uw7>|RiEqGod~cqxgVQ`+%C!dJU6i5%%+Qkv*6mgzTU> zxPhZH#qZy!%4jS@Gwab;t)CBFcgA==YM996-RQV|mgc+6g0qtslu4=g9F4wY$&qKu zRXR>FTCZJ8dL?}BFT{sa0Z6KAfQ|v-*C4KYXU5g#3nBuHoV(ccu)Pg$Ph7qtu#zsQ zP`a!};xUAWoc-lGrD-681jKVXux8nf)d5VThllA~GoN>6#>e7y57jRAn6wZw{OGSY z2Uaj?W-UQGlMi~c!pAsnUDWv}Xt5L*1!~xbx^G>Up2YObpz2SY;p1yv3krl@-q#c) z0*eOv_4n9;nqp>`?`J(RQYEdxZm5C14u1jmH9>l2BB`R;{$@A!;Nx3XRapW1Ceeu| zoYb|h-(Oy??+|3T^!d#Ou&{JDDa-1v0BHY~fY!ii?>SyW{LI#bp}3oqf$bYf z>O>JzV}@(KNSimD)s~jmr(P*H8`NDx+?x=>&+`+UZ&O%w$ecm6f7$9CLC!16`Sd8C zJHlGaZog0X@s2lLn7+!?j`M(Zp(Us-cZ4-b*=aH`sPUPMl?#YjXg%2Vbmn(62x(#f zn1#x-xTxpPb~2-+f)WyxBro}%M|E&fT{shkK(p6*i)dpm6ugg#IhYZbsaETIWCOxz z$aC1KuEDG|*-VmHT39<< zfyPOnfkqn&g&AFeckHd$IuSC^>w1gr@vsdg1+#wW!tTx;u{KMq)#dT7jFr+e{T!$s zR(IE)9h7g1FM_Dl-_DpEZEwygR&)>`7B3;zF}NS6x;-;k?`fs$1MMC;_{Zr@bUokR z(Bof>8xoDWM@x|p4I}vUe-h@>K#1sf<3KuFJR1-EculEzKJF(JwbTCS_26kIhKW|r?c^Rb-l!=!l zlsOiA;W7{RZ#jC?v>%4^=l=8f^|_7@;gLBq4U#C{Jp1abl_&gO23&fZLTNG5vmhDpV~WNI-tZykL;6=^7R0 zSh|dzfU(D+7ku#pd>n@We?Rd@K_~cz{=TyA`rq{MYpJO39Y251obue#zPH&>WCJ?t z(smVZdQIxX1;YF{A;ms9A_I3(Z;zJsw_wRKzd8XfSx{-?MpnAej23`>2&UV;?}L!1 z<^UsK#_)4I-USn22O~RE7LwYEFgPfh)-$)}-V8ybwmAXS6He87;^{;zBH9crc;9&^ zMIRfQkJY~fX`an?CVqrvg|Q#|_?Bd00CpdGc}!1d4@mGq-?*2U;4ujTiZY}Z_Ls#( zygn2(KIXhVqj4)1j*OVcFDYY+FFW}ZqsKA0v&V)RMVVrX3!0pq(0!4tn;8&0j<+-$ z6q}Y^z&*&h9@GcEB8G~1$;{VU!^nbn!4=*yD#~nmiz6F&z4;=s)_49662$ za?Mx-+eJe7CTTNtiqCvrMh7@6bblYY&3_2#k;P?)rZ~aM5mV^4rQXl8SuXm=MrIFO z0s;lEiP&=|&p}m%uq{JpXG1v|o%cnMNOM?*OC5z33f+ zJf{SfhVdTd+2&((1o2g87_W2LR!3W*XcRJ#co-P4N@KAtmVZg-BL8zNa<6srf{*Sh zT=Lm8xZ#3MRLg@MH7@>6OaBh>e4+QQ71Pr^!?mXQRy>E>QIHM(d)8U_0LoM-qG-7;$##a@)6%9N z-)74_MMPQWa_1+*g_ng%S`9McO^_Kgq_Y3O6Rg(`);3_yd^9WJ9OT{!Ggb#f!z;0} z)sw6$*Rb0M;kTc5+7W7Gte|Y|U;{&nU>3O6rFrC+!X&9cgLKmsO$0@Pj$MMpNT40L zx#Yh$k}_Z=&M&!)k;GAcvm^<ld0RNbb>i`&Pu709$z%K!6yaW~DdL>RVbD8U_ z;nC0sY6}s$%dT*>dDS+3Q+r=TJUZbYNw#$l1T%es$r0t2maLH);1L z>K-O^Q$6KNHb&fY$mj;l0YcQV_WnB->0J{myKOH0eD8FkcAfh4>?zBn4r8|&!dy`x zzAP>!%SK-bj~@_^YMZ3L%-Fyk`NO_ce0CUU&DLG14S%+{d*ij};5 zhT8LUb$4HTk5kY}3TjLLrSIq~~b=lSyDqSgaYp~KRB*gij}^wr`5L_2O?QMXAmzg(3z8z zgG;lFp0q$EeI8WNJ8SKekX4zv{@;1tsM$Ba7~79b-)#pUCN{A44fi@rb){W7Qjz%% z<5LGL?HP+V*&2MB76b1l8+ZA#is&oq>nWNz@SJs+#v-=h`)OQ}$Pqa&@N<5%hm)lu zxNIm$_oRU+dtu_!qcil-!E4qutybJGJGN`%(@Vvx8qX01*Rux5rV7y@O0&}?+dH=1 zpwr4~btsW92Vg6c7(UHT$iTJTo8si1S4)mO4j1VG2;wIRS|~~}>w9XR3=vD={4?Ap zbO5xv>aQt`KU~gtyK^FDz8YRi3R5gOIp2MJglAa@*hd}jTju;}LXZ6!{)x41=;ZvE zS_3gSF3Z&BS=amWw!fM-DAfaa!iH(CGt(YXY4Rz4NxL@tSAiWEm?wwkO3MRR5Yx%U zVK4r(hze^}dYNTfP;%HwVc`Li4%=9CVqQQ@ENe5jQ4JN%Q;$rnIuogNWdXm2>?JNy zF5R2r$`wwc3aj0ZZg+H!3 zT|9T8rm8YR2uXi*MA+~SCIBTz#D{g1kG;tmsm`ybN}r0{3LXifwXFs7`B2YhInCwQ zd3`j1DY_nV#z46}72pouv6jl}o+}?G50TMNhLrr?4gM$%Ui*U{ZVBBXFE`(7$74^# z7LZW?b+yZFs+T|J#}ne_dJQ^u>t7#)jOqsHvDbUa14yiuo#b-otIT+a6jMWSuFiE2 z*Zjf+vIWb+i9nh6-8C#phmV_eFrVP6OjG$ooi~O zp;8^4mdRg~YPLZJTr67YssN8dPQxRUfN4>bnSsy=CU?fOyw+*!sh@9{R)JDkD6++k z9aO6Wu&hdA9Nm@vUKbKHS5ey-y3Eip=I24n>v3e6uQfxk2jZr^81{p0>4JRD5WkrE zexXls!x(ZlW`YF93YN6RWyu_{&AZSPfmDHNBhzjf*#97Ky?DttYdgR@Osiul8<5dBvyC_D=pV3uD{jm<-*)2I8oGwW7z5K5yY&)W;E5IlRb~VgH^TqZc zzx$NRB+iQB>1=a?1K|J2tznD%QTuN=jVx^CF=-z?BqBWr#T>QGSVa)+ZpX95mh0KH zX>&^yJ+ip#(_Pr#Pq;Hq_Vm5ZJUir@l&!qHvZVRhc%JPx$S^Q~3m|i4Zg>NMd#kj8neRT($5Vp1oj4ef%0Rn%Bf+O%Kr z1Y1hi!XB?rE=7hC>*B2;QzmX=I+DZE9x1Np4@%sZl#0;ANNTB$@RF7(EQnfBZWYVt zM`)OzZN<5jCG9OatW@{c2mT4fI$UR?X2fFxCA|@=MnQl_~<^M)F{V-g~a3+1rFf*8*VVL>^-(RaNAY^P&sRxNUw(Q z<~nGIlhy3D_6cdu;M-F*cV&dJK+a;W3t0v_PVJW)2MDSvCG~+oYl;`yC+F4yjy)MK zGyTB`FVhzZwQ^9d;`dxsT;JUwe1vrgCUH<>k&$i0eC11F4<)0(y`L}P*`GLP}uYZquEm4AO5j`!7=?2{rIh(hxLFhJMHq(CxMC=t>NSEY}#x%f-@)RcqKqWY2w*1?@ z0TG0Y*GO_Z@FFkUhT;WGmO81i6&Dy#N~)JGWA3W?_R45vO<$2Zv+bW%&wVI5%nL-# zBbqJ}W%nar@)jMn3z^nJE7zHrE8mDtI0Mn2e(KzP?7x>W&YFTYH~+yBvNYXTtfw^W zxHqZy9bf`6fq&l`=;)xP9rm_JvJOQ*Rmqipy&IJtpJBkGMP{) z1R=?4}I(`n_M3UWWh$q{*OeL?I@^T)S8chB9y}l${IhKO7H+1R3O~-EXd0S*O3Yx{_)A;r~R|qVXQ(k$ADAsc9i%-+!{X+Ype?DJ?-u-z%)jt?T|bV@^C2An+8 zO20gnN@4lW0bzC135maX#Zf$>1yL>Tu2h-2!D%z1jrrl?vj^BKF~DROieSwsgPs)= z0E5%%s6|3}cZ!Mi<`E-5%k-$(14qy_^Kuky>?lj51>krd#4)r}mSSEj(A;WFujoA7 z8Tj852{E_^kArF;c!W?@FC9qLm>c+5>wg^^=ng0IXA>@hw8hHSYp}oA%KROaSkrIB zBhi|nV+sd7w;$9MSX^CksP$b_Nu`sk7Gt1}OSNMWr`Vnn9zVaaHqhj5E}Xu3o?scY z-!jac>lpXcUUN+zhKthVue_)-w}P3jv7ftE%wwJ#U=Cx+HQ_y`ifM@}`>DUQ`+d-3 z!7n&CMy;j_Z&$NogRt=t&Nu6Po5j!;%ssTKkg~L1G{pL_9-jeX>{DV$+R-MLc0%ccUs3M$ zCQ6l^w%U+vc^(g;B9)`L#*YPF785zUE%RKu@dA6_7`7>!S>SdC_rHib%b+-yt!*d4 z-C^+HFu1$B2X_hX?oM#G;O-6~xa;8VPJ+9;ezW)a&U^arR84g~-MxCrb+2CNn?&K| zC=#y*speW($OcvvZchZy$|MNp5bo_vjesS1paxzfmcLvYhZWhor&hGM2cz`0sO>PH zKHX-gRX%jBdd(VA;~y@Y)=V-$Cv1s@5-#owPUe2mEb23)e8|J3HTG zX1zu8%*xjA>Z3PGfb%}AlK0jFSMFrpMA}yh4TDkJRtMnNB!k5o9w0i9h?REL zVki~$K8x?8?l-J%x4 z((E%%`Hs!ueVpD)phqKG3irkq0BPOr_sL3M@PGWKnWL`Im?BS6XJ?ub0N?}->y4V> z^@B8ptXC)6S^;1J)RI%CpFpR3?K?3i*Zt~S#`9uA0wdn4`k7l1ndEQwHh}%15V}c9 z;>qc+tCKvHn%L0Wh0aqE1WHo6jZGx)tS^N%&F=TgBpPv^Njj&$-@w=HnJZ$nfe<4j z50;FAC+{TKug~O-A{R((ofV|$9a;us#f?#aoFTKY%0=i6$+8C+lngg z07sV1Uqj==jdTaeR$j4d$LQ62%#j6KVv$S_v9JF1x2*K_RwcR+F@ssCZ= za-iv*Z6I`jPO2?%CcOD*Bvx%_a|V9aS$M-j(>683F}6KKkg+Q5n^{uah0%IPCMz65 z(8#@s)yWp?U}hm(zpVrDP;}(g$a~DGQki!3bMl9;+7<7>jKr7JZaCeKn(CGhS+}i+ ziCZ@u&mL9ZiO7thSyh4wGSX{4xc*5rgF6r{AQ%5Uz-hn&0<)I$FWU*^B zQxVD>IP#OGfY&vQHpeW1t5d79;4URBuna9aHH z_elHV?bRU8k`CGa9yP8W?_c}(sYK2D#{AQJAa4n^adBhl;)uB0<>5whz-~HRq`Uz6 zd;70t!Ex`ztV@VIHSUHv09GSGYIbo!R>AY<4Y0eVBA4-} zRB>CaE+t;3CG1lwtVawLdNvJeM3^>x5^X553iZz-C0BVu7pO?*>oH#MXX#`KDV0VU z`FTTd5jYszb@ygF;~Cp&qOJAtL3)8Y7)RtIRU%eauvK_S<^|@(a6u;tcY) zFEfYgh;L1)i~x7KLlRV%IOd_@YN#)DgO(B*Ol)pqPu3kXjCZ>TYQ``XHw`o1dGb~{dE#tHu=M^cWVw#-mm+3qp7hm{-Y>P8 zH!l80Jj z?toQkK+!7wP~-hUO(}Qmz=y-n-BAz+x<*+VYK|RWt)j+COQGTL)J))@*=O-XSv}<3 zQIV_uvFRgjSXH`DUtFtAntN-YzcakIXbH?ibqz3tM5bPRTAX={OUq4Eon>VhD zh`Xsr1^>m2ON-duwrcJ2tjp7DovKE=dN2xDUVg{*Z@igH*LX)?>3)6B8|>zGSHOAu zGw#%AzRPaYW!l$?0lJ=`pO#IDdOki$ogOP(q$@ixUFI>?U)fddZIm-t)_&!N8!TO{ zS^3iJ55`zFv{f{s!4b}JU3vX^& za>_mT(;hGxp70Bf@phY1wLofG-EuIyC5~|djdwD4bAGXC|3WhSQxuoLL;XKw1*c@9 z(L-QSwtgP=13ZMru@#1c`PgrT?k7WhjI!t9U@`QlAB)OsqNk-+SIG6qhY#CP?LQ|% z>^ZZ2mBEUUdTq=Og*C40eb~1YV7rw-@E&9m*#S*zklxmr4fLuvfv~s4nT1e^mVWDY*9mn*gD1bheF^1C$Vmd z9O+)gOSjsOScB>ak}1W!KJ3GFy@EOGpBuztT1xG6MLw1pg*``#JZBE+1Df^zw3q2r zQ&ActE|D{NiVPCQ`8_+bXLgud=iR0&<|Tgc$)>QnA0-p6fKpm04=b$!tVc z<*(7dt9}?OMv9+%7Yebo$KDepRUBnd6D3t{2)zPvJ2dqIhY93zOe z^TeekH)_&W#WKb;4=gfx9ntFA_&EG^^_LaMTK3D@YEXeBS(m>==UX!OyfV~=O3h(m zl<@PSf4ac!Z|Gv%ch(}s;F!I#XJHy}?vi3KH?;;6eh2-%?zsz*I)JV@XyAuTC zo*GSoBu=uJ?>i>J1v|N>S}OOxT@|GY4x>Unnfz~=5sw`!iADX#blZWr>woK)X8r!J zwiC?kDr;;t?UgNIo>JhNnPjy(sE{UGqCyo2e4obq?0zqY5JTed7FKbvL;)yj)`LnK z^Bp65KE^lo2EB|K;+8`kuo5K8aR9<91d##U=m(jIv_mF?m5`B~p>jM&R zcl6Vh|8(PIZ{?p_&$i@B#pxmj*7ib5B=PF_SWdlgf3wn3pMKO*+JvKf))2Q`#cTs? zvu2hs35 za*VmG6RQhB?Z>&nh-wm!K3dDGF9BNd!Z0dStqPKyKxe&Io;;vK-yMlgpj%!kr6dL3 z^%_=Nw#c0ilE}cKUBEK$rQ1|-vSMgcC!d%BT4}XFKkx+yBlCvHfO?cFmsx`z>svN! z{wc@$%5{fqH#APrR1QVtGRwIW;{PT|E>O^2USX|oHJXzc4j|)5ZVA;@2eOkBs*VM3 zYqA34d!x0ZdNbvHHFTf;EHO=$&7((zH6nh_y-BCGAtS7IxL+nw`p{5HVqd{4Ght-7 zI`daN_(Nd6@M-Js!*5<9s|dq_Bpsy}P0S8;CNFomw@5CZ`rl8<+LiKoj0~X_twMjE zr{D&Eq*F*QE1LBcNhs2IW79Z1_Cq$l*_&wf^3*WQTr>hq)OlZpb8rfY$Ts2sD{00t zz9ycT8Z4b)Z^+h02!g|WzHz*WJeG)YPd0)*z21h>cWx|3{_8{8>gAJ&by$uO=F90P1yvF1A1}yVS<+M^$43FLw8oFLty%x~ zM27le@Q!$vSKsP8r?31S)gL2jcy!1~|7?qJ_51^kiu2Wx4*OxTz5pzYjo1P6sYHFj za^rVoes^Yz(($w0iu0xaoz8MGx&&|?!q~9y9hG4aU1f4%Z6%{v*gkvO|0)_GrZxdlh#`M8=Fk%VNqRc+c69F8~9h$Wi9!lz+^iLLqr~Gl> znZY{^>@sBj39I5_R#>o|qs>_>W1x$8)T#1iNKoFR&siX;gr{t88xF-_#`QDBDb=A7 zQ+j|{XE!oVP=?JcA}7!e;eQ{t0*ngkTUrY4tx2b`Yz|76|pAAB9ayT*k6e6lC zOVoUw85fT*mKjNrTlp{LUfV`xSbGZIN7Gh=VMm~Fzv znHPBv4A90mPvaW%0)({VRR5b}UrQJT!}}*;W@u64v|n9o2eS(swO5Ogk%++FUO8uG zuH1+ndO`3ct!ObE%q)?-pIUdj7|%GUgY&nn>hQry;&8^aN-PX5+I)3dd?&E}7ylsB zr@&*%P92Visy;z%P997C>AK(qqq5??1yFEFOtk|y>!@hr&PS>0Y`Oq(tluHs0;mt! zyix0n=_UdnuV(|`BkccXC}UxB&eU+v{>X$qINg;vwnRL-hqtI&`K%KXNJ~{1B4CqF zcKN8hvGfS1$a18|Xx93YmfiDgV7kGo-CJJN>~XsoSGS|?;a7NUoe=<3Eg#T`J3_U* zV~m`=b#zwqv$*X8eUp7E$XnQ{wZ$zA|DsXB19Z{2+iuY-vP)X41077LyQ+S8=^|E) z)c9+t3;Gl)|Hru$fQJuJ2Buomi510fRg}I#lzyW|4)1ha=X?%dYJE}E2PRjPcM9Y( z%5=Svliy2Nif>Fu?JdMm`4me3g)*?RIR;p{+Uiy6^+4@wfTb*Ra}Y&4=_K(Zd%y+A z3`OLWPC@||kNzQra^)EIX%+VMUEL7n5u9-NDC={ReK2IHw#boSU7>pHcubeX$>z!j z)==FCb%1$`1hIY0r&M25d9j+`izVKylXxI13imzytvz&PaV=wj;`cpq>NL(~DG7fsVOI2N z74Lj?>5nkPU)gHTmEmAmCr1%#;RrtRHXOh0>H|2-cO6FP5w&W4|9-;qV6iFG20k8c z6caNH3ROJ7+v{m5Ln1Xro^9xi;$Da_&DtotO-IjYp zD?LO~4bdHCBst9}`4vIJD-SgR3lqLEMk>a{-+r~STBiN+M1ESj{bB$nrtjTAZ+?D$ zLt@ls7pl1EK9n%NYXh|-zilwI39hF4YAahG2&c?Tkk9C&fTX?~7VSN*P}=J6kr?|PO;hL$+-SJb(%`c5M=8d#C! zH10X)W-!&i8mLN{%x!u1lRaoFo8xNh@Jt}1M)lV`atxZ+91kU|-FS0c;ym7eE7PS| zy$*Q23D*SDcvtP$);mSEyBQ>f7%wMK?vL6y=f$n5SIc zT7g{vm=hJ6){c)(B8El#pW+&Rt_;xjv3#6(|2iX=N|#98JWJD|%10$O1-_y1PZuH> zi+rMMt-Lm|?UG$|)!9wJy9Wffs~<>m%e#w?BPgYdAk>KBlEqT6!Zd->zxB>U?ixY@ zC^*JwASQ|a=$3l|i(|aN03*?el?oQ|qbz$#Cgo5ir<+@d`YpbR;pZND@|MkH*_)i; zrf{u;q&gq6>Wta2AuzCU&s#&A#>TlMH%Oh}N2wa1#j2G{1;#fF_v9+%Yrs11*jJ{h z@aL6)is)?TON#t&d?H;^MJ!XS($Ir$yT70Y>74jz5Tb|uR}f-sQFubw8(m`B5`cT> z^~uhV^pst$mYD+`?e=2>TtWh7OSh5{lLGH;cwD5Qz`{Gd?9ob*ui-LT> zDn3D`XZ!P*F7U>nLE7$`wi{&CYC(CMrr!cEse#x1cp|dmSl! zk=5IqFej;3I%=TU%>~!dOIwYrSH-Qc9%4b3rymaX^r&Y9&5NB|FQN8u0C9zC1yyVD7`;by00q)5nA&KGN^lcQwS=Xir6XKCb0yMW)Kogb1MmiA zwQr8nfXmDlyoOa%L7w7j`1d?X3=~*kZk2V6clF>DtF-4a7ulN$dW952UDKyRla%lr z4Sd}(Vc10AuB}gQ@$Z7!n*uCOi&m)Aj+UO`^EAm|O*&k^LP<{wYp~E5dyPn6O8Ggd z?|SJ-i*dQDPIjDYJ}tvJi8UuSd|60g_faoR5nmL1Qe!P%tY}NYkbcYrnF;||RoJ$k zB@0SrGX3xv-k`ZGcvvCVsl5T0KjTM)h$3@iJ?1%&egeKf>qe&)@gl@%5wG?c>LNP3 zeG^SGt0U>$`NwsOmTetW-t-Axj4emI%8L`HgpV^;d04wJ zP-ZU6W$s+YQ@=yVI#C0BBFT?_c|p?+OylDe0+TpG2Z_FJ9*A7D`q1wva7)TI90;k= zn#{uZtsct(|FGspu2mFMW@*i0>SQ;K9R4v1|DsMEX%Dm_QY@Jlm;rNYj||Z6P1ELq zZvJ6Y&oOKpaQ`{eXnN7~k{yvU29=uy-+%~_6>*+fWY0+>vOV`vGfIn-COAPp9yGOf zJo`l7jc`zX_iBWw&Gd8A8K5_AY*_I>y51e{6CZAoHGhA>>3&1@3#`jtN-vsWfZlP` zm7OYS5~)-bEiR4o=e-HZw!hV;m8>8h=c1)+k-q)Dv#9b*pX)Cgcdovq@d?Jl$^xem=ywm!n&}g|PPw_cngS@sd|^?;@~K-3Bg0z5wL9|?jnm@Th* zCpBSPH1M?+l@5}{J#Plao8cYjkLD|c?n-}Ty43q+2~4>t7@(cmyEgo9&fbaNE+7%S z7x9aAOHsb;v;ur4>8_v3FhCk?!`N03(KKe!+4-16^Ll+XE03E)exR`sHH*AxfaCc(tU z*14lmbo8BitT+Yx&SDCz-ylE9(i9_JYumk+{tm0qQkV(k= zli=it#t2TPUhZhQI_bHH*JZ*V0vUd&E8Td6x?~Ww0Axa59hbRgl+WHJm0ncuxl9OX zfvZyVr?@xve<1_~PW&4H{vscy$M2L%htTv4(7A}6Q?E46%$ucL@1DoH(OZ!_?v*c@ zQ17x0-uFNJZt*SD~27d8ljo#Sf-*>ylH^LN%Wpcp+x=>Z%&fEk^NF>A4 z<`xHXD?kUu``a3=oF;ZvPs!qBU2Ltr4He9^4l5V_0}m@h=pZ4*P8*=enTU^G`*jhX zdmEdXN#ABEY6L}HdzG>I&sif%!l+4MNtjXl9gWkRr-YkQM9_0xQH9@|oz=_`x{BLi z;p@y2Ije1UGFduA)Wq_Xfx2=O+x&4s;;JcjhqzhR9zW!-P zqMg(txr$kLql&}Ib&ry54{v2vTJTuRbjI;Mc6Pdm$4(_U#xW4iJf}|Vs zuroTqyFWl1y+0isW2{?`DKUP=x)AICsewr;&*Hcf7885b%Juh8=`C`N741L0N!nwv zy!?vG2yi>qtACC-PsW(@ze+gmg=?1sra%^{V)$0o{RH_-OQR`9EdVfgX9Z{Al~hfy z4rL!Zy+dp2oKVpnqhQL?WPEt-F1})mRB1TuOnZtASvAe#;Pb+LO#o!UKs)xa6;|Ab zS;hP&0QA2!z}jmL`;poAZz@}$ElQYXcTqtbw{A(3=cj7d zO=>FjeP3e6FImf`O{K-01L?m{22xT}HP!YD+or0Wb_#OdHsDBdM?Bl~gwU6Prm&^J z&SED3OywPpfcZ@l$MV1#P7x#fjS(Nmdu1;nFs9>UC9Csb!7Q$CX>)`a(T;_h?Zj|p zr^uL`m)BHxrfT9ObQ=S%=eD=KYz~1?VF#w*N8bvSr9`Ei!Oe`kb6T&-yQ{iCIuqe$ z8KBvzg%4Ejxq=xAa99TP{h1c8u4queIDcWU-`ZxX?F`&AE)PBsd05mJT3Y?nHekHWFK*EE4qjm-s8#URGdRoDBjEN9iD~heEpFF*C`s=87 zjSO(Q3qy%c57gzcIxj1F@PWMV zCe|7BXW;2fxuPVG2!mWTHg927kV1NY51Ga3z=k!HYz7aw2n z{@^}T$Ti~4l`&@aSZwyr@*%B-hcp74pr>^uwT+guV3hJpPF@?XE@p5G0G&ARxpXp{ zej~fY)!0|+GW9UAt*=Yz))wCDWIvwB-&^udqjDAFHJXU-z!kLg;Hdl(+PMW*!!ut$ z+?fLx(fwI1ZYgb5BSbC0A{YWdY7knFJz6x;;)UzowA{=nkxRA}Oq@ z^O}OE9TrM5<{);kzBqk)WRTETT0pmgb}pF%eFZ=2?fYwR`m0sCRK`9Zh8|+6;7Cre zKPhEso(e&uZ%0~5eNi(3TP_1e#H5elT>1`>2sedjaST-~dumxN>wZU{e$Y#0FF#mfiY3RtxvY@N)<3TJ3 zwPnk-Rs}G|IT}pZ;?_)tb|&^?A4kL5kr~XR##_q&;t7-0J9mYC~BN`HQ zbXw!^&pm&Jbgh3BewxdV%t7tnyHB)fOVv`4Y3a|v8gEj5Hx7YDa2Je6bo3DABXkeP zI-0$2RgF$RqtQC*%U;=yZ{uk;xbDqzEuEOj(aW8uK}RDBETn@6;P!5&$r*wPDl44X z?<{lCh{u&jH*51Of2l6-tIJwS>05RTZ-YP7f5s+YXcQ-wa9^)<&zu{<1}#+<_dPf< zpZZJM`uD`5XX_!FdKdSc8ED7kuOtq{VN6(R ztNcVSa&WqM3S~d3ZE!ei>6VBlkgMHas#Wl7~LumqNq9BUD7#K)@6i>(C{Fm)kH^n;T@V*yu|jU(ZL*EQ!>1 z5fMgdqIe|vN9ChGyRFaSOX(%l7oBDcI8jat$gxQ1RYAU|IZ-NUqt%4+R$p~y?3D6@ z+f#vG!B>mrVi=kFU-{Ex!s~`Fd78qaP21CD4i)?{_BqfI7>_q+u*|0)GoqRt@ z8aiUq9#R^`>bso59a6U}wY8)goxN=IX&I{chqRbx1xM_lp=}`!A5k1;{FgyuxtPe} zgZc43orvK6&NxU1A=PN96`+Kt>sSa3a^B~U7E@;a?v6z?j!cZ4Gs?4 z0Mk>vYa34}$6YPO@^UuH8Q#B%UHzuMFh9&~zWLZWsfPsFZ)Z!^46)fzJh`*k_?DJn zFRCJr^J4V}qms*l0GVm+f%AC;KnV%IJ!bjSt}?)%wvwV>EAFfffk1~GoqVp%3yl(V zo_qI>)nT>IABBEyQ7v?#AD-O7@ec7f<6_jjrv>44J+N(biXg6Gnj0}|IN!i*9|HyL zZ|kW{k`dcL=Z_nM=3FqvZ3wr*NE2y;A!??snK`- zmesHI$IsPLe(8kndpl2Sr>9rpyg){08B+{jnNSm*jeex(NdmQgmq@v+3f~pE4M00l zi~gAfj~tfy*g@bZt~B&Xdu^7xMPM7ctfH%0W89K?DLVTl)K6aT^Ltm7BIMcYQ~una zHj{K-RpuUzD=o&@aCRu?gK&^M4-^37lH1|~NyTZ5GR7Dm2;E}j>N`Z?_+=g=BQ4b3 zQmmI4XFvf7hZwc;n3vpk6H5p2lZauY7>KJlW-BzZ_u#5#V#R? zwF9EWf|#G?XSyGtxUR|}Jp9A0*RB({F<<3-uI=&au!Y=k-+(MUH&}Wuf8k|{1UE2c z!l-1C7a-WP;K?VDG@_qBT{s)5C^Otb$-u>Iu&q(h5_uJsSO(B#*cxWuO@lTwP(>Wj zk_ww{p#hz*^%~$6@V@E6u_k{_KuaGZt`8-_yv3f|1&Rgeln8DwP+j7o7pHO_MfXHG zNk-$oM}_myd&9BJP&WkceD~|GjM{Xo%A1l0{aF~wqZAUCv+)hAjN!?yrpM81LKV7dMQ6cj+vePZLcpQ7IiCTLH&yv18D&d3_hE zRXS~9J%0Ix=8rJGj%M<(e-U^0flDo}C-cN@(Z- z!@A?|$%#5NGhCl=WE6zp0Fi1;;h{vUgv4fwci<+U{(FIA4 zWwHGH^R z!s|rIsL3=AeL5}8ytvdgo{gA_-I2SvcIyTEiux**ybDf#G*xY+etndcC-@FH2%nrE zc9#_0krCr=r=_>m^LRVHeR=5ODIZm5Jp5qP9~p%bPOldf*^ne*zTLSEids>}Ar{J? zN-fEw&@kq-j*6_nQQ+-kJoP0C_&8R)m05vP#b?4|=?N1PW&$nzuBf zs^2^*G}&o}5wm2MuyS1iCRDVk#r>AU+V5{H$(PzJ(<{6pmpSPXVj`vh{yhz5E|3X# z6Uu<#b$jHN0lJ8K1)3G)=$50bZqFzhqUyBXdyJXNA6GdkZ^q@gaDk~yoN6%q4bfiOJ|YP2VuTUpBWRovlZIAWp2TQj2g8h& zI{uf)YKYiT#>e4eU0m;rM&dGPlHYr>ml|m+{p!IhDfBVD>v$zTwbjf>S6l0|;iX?7 zW3i2=?H?ofo0f=Tu0EIojpeDli*T7sb zAPZPYG@X#7Jo^0mNHst`uPI4E;xk_#->|l& zYAond&plPimEjqQz>B?XY39N`!}dW3DBrlGL!ES)8Tk<79eaxp=NR%blS#@>gZ|~N z&{}%v>rad3n}F*ht}yvCFRCE9j<5p2*7wKN-KjFJJDE5KOc=uhU_b1#;4W*eHC z2n59PBXn4Jb|rw)2y9>tkBA5#s@RS#>*lZ7nnk=?0&L3xbR1NC#g{Fb`O{R;TSL!e z^?7zD_}Ptqa&91O(L_rug4gOuR|lgmIzM2@*yZEQRAet*P%Cextkk4m>ys`+9Ly?Z z9c`UMR02gp{0|inx8yJF6n$A*HikI=p+3U8Khu3$tzt4*I6b;jgYuwJo!)TrxBjHm zTS6h(8bIP;X?%0sm%vNQd)a9y#}c*I*Mi&BsK!LOO1$M0N|T7!IziyzHT=Xh!(;gJ zlR5Diu3mdaTkOP2asoT^LhmJ45v%QnS4A|Nw^a=afk2!!2yyPrR5U3*EKC1G`!_O)Jl_L3uk60U5Q)}IK z|MlbQ%z@AbU#Y!TJhbr{BYytHN**!nxT67oU%0M_?eIj7CVfZc5feS<2Q0G00jlD* ze1uaR{RMX!YPP%(*9m_33cwbrBQr2v&do!nmxeG{EeCuK{TE1GWq(|SClu+rBFkXG zi^sl?{BhbUUxgenv*+?SAfn*9fFxfmfu>}l$?gAp{#+!b#w-+Mwx4R3(Hd})Ge0P8 zl)BF3nx2+p@NsT=0EA8g-G>iz6`0XV`_8U2=jG`^Xd*h|7Mr`ENuvMqNc^o|WjdmV za{0IZhn4iNS@6Du4x{2Et{2Ha`tz2+VPVMEKZ`53I6uB^>ZpJ^{r(H`s82?EAyc$s zxJ8ehq`83>Goh&3ezyp_ptWknC;&9K!b*AsRaVhdCwq(vHE=+L)t&@chElSKep6!Z z8EAMwCaV;-{)kc$`Yn_ZSvP9>yS@r!&zLMX?C{81OXI4>P0DT)1DrF{s7&C`Bxt1g0Ib7 zRf4AMb3|qUN>+y6D-&>VO|}#}+e=bAuH0B85rL!QV-tK&Skczl2+-xYe~U<0;Zh?K zH_!nvTT&#FmzcZ2(r_~t%K*?_9^&-80tTd?^dVGK7do^kj&KRO%M`_;ts5NPwz)Gh z4W6#@lQhfvpa)E3*+*zRW~h~z?b2G^I&(QRfkG5lQ)3CBDznO2B-uP>hZSX2oJ&~n`+J>Qlw zi~Z~Y%lq^>Z;N{>vE_uWzXnQt!YkfF;pj;Jv&AI0?qS~N1@fRE>18NhBUqKIMz?KgE* z^blJ*14TU^geenB!bu~U@5p8cfYG+Q*FE)F+2i!?>RfRqxq@jwYs9PkW$PUjaQQ~0JWTk)O$^2IO6?;u5hck zT2+6_H)kd93sXiM5tVPIqPsxXh?Dp!%Q{aPmvE#127#7WiCG<#FUM}{OAh(6i7^#1 z@`MC)`VI6+<8@_Odb{PS9<997+d?f+V}Z|6B2k6MWBS+J>SMzz(1i*U7-M;cMr(Nh zA<_dKMMM-Qi7c$E5L;&4@ar927G@fXUpHVG8v>3?rdTFns>ekZ(3uhQpbd+K9W}SW zE0aH66hTwSDL0(>NGVXal1M;-4oSJ|TWSPV(Pk%NcY(XX zE^!(W`MKo6y4NIX+)TcCZsa3g2afErz`@dINi2Gkv8`YrvW<4EH%w4f-u-#YHawK=H8qPMx(adNwO8h+ z1)fphesjlQky`#`k_NMSh>t?T90zN)5EjIje}++<8e+iuZ?7J5kO=gCg!RweM!t~I zY0wj~XbZ7=|ERTv4c<5PPnV2ABYr6cZ~YLv^v}}ty5GSDz}u$hKCX;(g`(#mfOHm@ z?n?TL!{YAk4;_y-Ns~eN5C%0+ybX_jhgE0Mg##j7O<>d*-P$Dwk!o_<+jbfc^kq5N zf2C^pW$pr(e5ZV!f2s>IWLfdZ4L05uN_3~^%UFGmf6d-L5BQj*ryCNWWp+Wd^`W`~ zr&j*>V%TT2;;q2AqeP#Hfj&`JSacLAcGw)oXV6j%{UDv;&)rvN(X_z}YE&OA-A5S3 zhwFkn06k-FcNChZDrpvmGs1=S$H+4B7D@`qQ8ip8C`R=Nu{WZyHQv=SBGLOIoEWM7 z?6%@BHK&s9I>Aj~?w0y23RCd~flQ$O6*3Khe%+E#L}W3lkpZ*QLhL#xygm$)d{?>5 zg@NUG7`j>~WxEDni z(PW1Cd(V=}N2{J4nv@y`{XjuA<|SJYgop=3XHcBxkNqn8{R74=1t}3how*S4o>j#q zQL*12Br}ioy9s+yYM_Kww02B`SsyIC?YAEjGJ$2o+IcutC3Db`wujCg3va96!}_w^ zc(WB8MaDvrab=eA#!0;cT|zVx_=BfDH$0L=$&9cGixA?!p`CZF(JxJc?n64}PRTN3 z^%3g`Q!y3Ui>blM#IH~qG1+g0zjOA~K&7ea+`(UuxCgWlq6tLH8Vn55ATq3u@LW&z zSTqn0E`y`5Z(on6gF7lwvSY1CyC6c0y0OZEp=oe%LFi6#QBU-Lma8}Lw*nuKVn2-b zfu5`}_-JFf5Y}yzXDiuLRh;U$Wdnx#%Fm?fp!g6uDUE3yq8$!X62E2gyzq zk3TW3G8`QYAh_90i2D|AQJ0H~9@qr(aXfDzN2R>qPHhvlc*^i}f zc+Bcm72!N&&hkyBBb?};2d3Wf6&QpERw5YVq*~Yp5!<^`%tAs1dk{N@PlnYFH$4d{ z!giyQ(fr)67E4OnHT@=WhPoYeSa#WJS)?X0!HGccBU;(tXmBAvA|&vRYIW3ZH7zMg z8B|JqIOas%pBO75uPCS{Gzap1vB4q3l>O8XAT;DZBiIS-ZyN3Rv(wg!T1gE@fDH-y z%a>nJW#t!-p!q#sENk-SvbHm&fp=ohYF{x3XH5{^385fwb3@?#_(bg|{pU0ON@Ki4 zg5p1P-)SxvVF9p|M)tu<#fhFsM3C@wmP{-55~%{AtD|2+m4PblS$ew z(?vezdYf2S5W1E5jVQRErwN1SWS~C>-AX|~v^ihYNt)_~73CCElwjb6J2;30`5I)U;Cibry{`xy9O_|AD<-GVYruWE5KE{5uB_ib2-iADFf zRz&PI&iyCHt6~aURH}0ElmTW}#7SPi>o>%bJe)rmKkP|0MbJ}=$u1cAE?Wgie%V_X z*-kK}Rdrm4R!S7vgAmj@j(;Tz_EZI$IxGyAca($-C0#2gjqRCZFM?ASD3kmpb&GtL zF!%A1jYNaB?f!CQnij+SO3Yr+gEg7)$-@{^dEi&`o?JwuwxiHa(o#AUSo*bM`~zsJ|#68fu(H^cT(=;BvSi>M}V%4gpqS;-b6xOUix!M7AhkSzo;OMzFtct+4vs)bSqjQU^44 zHDh4I!bp||Z9B7X#e8~vNJKjlSQOmXI=WmQ*B&cpGZWIC^z_|!uUNGEd*nm~qB*1~ zJ21y^>WvDmR!7oEcIA6wJrClyRdA>or zRRSF11bt5ZNgN|ZIS@aeB_p=%)qQ4&{TxQspM>C2=a(1+V%>ANh>#T0ndn6xkd8Vj8CPu;N!d_$s& z3z!wr_eRbx6C&4e_;inO?@UW#YbIOAEv`#hOP?8Q;`%0&G6YY1%;CQsBSk%@Bqe2F z;*qOLUh|oDLKTffbhzaA?1ZJ0I8UFjS=B1A;ta*3>KD4p=MafZsIU*TiH1U2_Kryc zym#4TK|RWZB4`gXF{51+BYI9C zEa~9(BD`y;%02@l3Y1~R&`eG!0gn+y{#VaIVw1+R5Q!B963>Q z@%5h=`U6)}q+-v)FV$Eq*y(T?*As4=<$%{K3GTwF{NF}u-_)Xm*tUs-X;pILB1zD% zwJb|?5QM+{Uw|5DL3n@uGtLVVY`XlW>p4k6rf5=1AQ|%MvkU%ct?9e+>ehTL)u1d+ zAKub9P9vKRD_mFQY3G|cr=OOhB!2_t@xG(f(!Y?!%cjd#i4k&RLk2@2Zn2UQS$n6V zMzhak@0uo&yemy7kj=b zWto;}ix{h%(xui~KYpz=lr<)HHse4?4=9LivXE zqKPA^w%lC}yZPgjT-~#&!0k7m+UV@XUD2f3K(PU`8E0%h1QqIT?x9%r(OGvTTSeel zx0}MJ#Qz^vZvhlXv-J<-5Zs-R;7%5I5+Jy{LvZ)t1W1CrySux)EChFVcX$8K^W@(9 zz28=9imKGs?DX{MKIbQ=x5n7NAztj=R9x71~Q4~ z@Pf_e*CyX-Nmxm6b=o~N=oic2M&Q^V47)P=N#jsJ!Q3JdUdWYlp~yl;X$kFaFVz^R zMEQRd#e&BNwD^nDzEzBVyK1qc{k_H zby_n>fd?H}UL_DJ%W}uoHdZ8TWsIWqZk_SKHQgdV4)k@P);ng z#c{}5bba2Z7*ay0_vGhfJdXJrXqA|?<303)esRI95 zI}OIPk5aRVLN3p&i!UK>!7;WShB$_5gLB8GyQHFEh^fJ{5Cvt7U;jxAf!wfnFW%X?H@xJ1&Jiekrl` z$`Z82wtX)B45`|hkIoN6u1*k3D|(MYSd7+vDuv%GSbcQ@sipe+2O@#g@E@(f$f^X! z+>LhqJc5eL#9(9r?@UDgPP&oXw=GpT8lD6)j0O%w`_wK{S0eB0HU}R9FSOshqeDC;JY#uKyGqrq+#i)?^eslO zb;q4;%VkoWEr_&hwGG#rYNn4E^txKIx9FXWIX1~Uuh+4ICa_37PItl{^Fq&%{%0Cp)dm_-_u9HL2#+g}`TloQ zhDeWi#>q;Dg9EO^1GV$&lceuNkLo`NjXJSvzX=PgfD$1EJ;UkX5}UIm32z(Z!9M@{ z(Dgkr2+<6COxUT_K5Np|bKt zOxo>#;Y4FGR2K1E9c89YJQBXN$xNn(=H7ZQ8Y2`Eyi~3^grAE^>=ggsbz2Zh4ZCTBy2hyz7q@ z-L=X`Z=@rDd$1D>%{K6<2eo#HUFo@-+Zzk3=sB1d?L$b1pWv`tjHNk`)a0esd%H#XLA-tl>3=(9KP|q zZ#v^|msiT5&vmInn9+T(|1JIjT@V0ITebE?BgTH|jx?eM6gX?ndX4NG22?rPLU1Tg zys}w2fnzF6IEMA`{N{dKs@-oxwBJ`oLRfGQ+6#8_L>__(O4{>2V3Tpg-BG3Clt|V* z5nj+OI{!d_R%2Uw>#=)4!MW3-)AKy0!d=XDu-Oa=EH=BLqTuj75t;G7SdN+0!q;@J>^Aa|^>uX>6=C4H* zmTv%~hf%Qy?V*iYJ@r1T7{3nKmE|omzj^maPA`q3w@KuD>p-XWi&AB5wA6n6uQKBw zamJVsxUl$$tHQJb858cFvtXM&qvNGD7l_8R%!U`W3lG!qFI<1l{-_quKnH?0mmz~= zu7${7{NhTffkwc^!5=mA#>V+khni^=#l7=*U*p!a>R&=WCAh`;hGq^qP3rCU3PM4J znnC{lbriDQ#zTTG8z2ZUkp`yf2ypbOexzj7<#yG6FV`PeZUn2BZrL&Gu-S$W&X%=* z+O@j`s9|5nO&q`au*|K~J7c(!s*!i>5R9A>)v9cq3#KZ%u;Gwz;sW%Q8T+x~H^GK4 zN}#?&^KI{}R9W)Zpqpt|-jZaVA=z=L2LJ11k~g6{0Vd7&zdAzx>f3;8M&m!~A}GwO zaJnzrV>yJ0Dfvclj;0*XKDx*q?nE#O3kIHj7Nx;3k~OX(WCHMZg45kXt@_UVsqp&l z4(0SrycpP>lrWwc5#-sj7h<|stGSMPUmYZuqZH|w)*}W#>w1xOG>CAmeB5OD3Uzua z@=3)i?&nYtms6J!QU!m?6OX^r;e}<-AfMZJ`{!Hj^RmDpAwElyZW29tpJA#;A95zX zC*0<*6x&0VACX1|#B=|+ujY|`ZlnDz z?%Ig4e|jo6AXcoiN0GxjcNx6;YDL%c_MD#EupGn)_X?5rEVrS}tX=oN;rQnddGI{$ z240W_Vau!AQxHoo6?aY;v*$u1QVtoWU9~lk?9nAL_I+ty;aqOUHy%=k`m6r>&-G%W z5MPx^K`gd2ZM%_5l?bo0v6lCO`612C=~6I`kqwUI4ToMqtyj|@3GaWu7;01aXU~qx z%y)Tnz^rpdd9f0=IK+>927vK= z`2%b^Vco1L0)`DLM+bT65U_@N_AnE}uj*Q9dW^S%V)e`B6C3<0ym%kXkbK9~OLHEP^m zDGhe((`*tcldm_=f=H|^5-tq$K#m)XL}0rZlO*N!*Wme@iHD@vXuEv{V3PNqUFW@} zdQSC+h7G(_qnx4Q&9m)MMc|sNp-dAEYyIkZX1xXt9x-iBGT)lcj>kqHQ&@JXp;#2Q z#yrRK-&Ez<w4;mXK7X~rVR0_8y}{=_B4 z5i2fp%@Uuc@|?0j=)f`2$Q`U?Oh~VEe-WvFuE(&|l9pICgDzjd>sManETuP#YS;F}Aq6Zay<*s>?gt>#o$Ml)H z5OGG6>Rh9%W76dD2DFETNbK0ex%pKzNiR!VMcJL30NG>?ftwM2Mas}iwK7i9rd1ZI zUo{qM*KD;nCh^nBT>iv!o%bTfWV7^>vP2oFQ(X^w6E1eh;zfnFwuk%7aHR zNkAX`L=EZYr$~zMPgZ&Wf)ao`x$=WXyeB&M&hq_!1~zpE&*g5R(WG(1T}1p`#k@cI z|CXn!BM9V?Mb_D$#INRs_#|zBw@y%}G$X&Rq2248Lm4@Wi>wbTL7Zqzo#}3F?%1>4 zN7QukfFa4Ri;kwE#bh&8O|_wKz>iEp^T$ktfA}ki8;}iI;`|i!@5{I5H}Ga5+ew(S zT|ZYQ+`^zeo+Y2dtI&*(H^)3fwnI)EwK6+Wayx#7!285qQ~3jPt@cLGYd^K+bkad# zW!z0;t!tFi-oX9G2;1jQyx~#i016yHH7LN;=G2zqw~V3xNgd2gR3YFrNV`BY!pB_H zX0Xr2-$HRBLS;(t|IT)a7QL?^;pMz@RS=b6o;?OPOP-6h0XtsNRgx${SH5PWbjP^3 z&g1wy)?Q!z>s>5WyS|mhX_ez||FE%c7ULe2$pu!xF}Q`p$zD^r3lCGy)li9M z$|BMWf#hV~Qk{MLr1IyC&OL!xq)4&+y-{9Luzo(~-|GCI>|+J)gQ2MGH`Q{5!6Jk6 z2hY!v+}aNec;j>Nr&+-M<$v3yG!^2muJ;R&`9P?AKT!)6XD(i|I$)p+`*w_P@fiWV z4Cx&t;aiUHFD1L;X(e1-wf8)~3pG5L85C!yc2ldHw+Iu17deWKU%px&0TEi;T8yGc zfF+#XD0YSII)lR0we{}$(+@Nfp#x-EI3#Sul|LV^sSWpvlD>k)e7cMT?ZYN}9<9xw z8@0_WvdY8I^y;66RY6=VH!&Ck0w0oS%U+P-h9(&`XC^JZ#+AlH@#?Jcu8$?@Q}RT+ z%q)%si-H(Stu#qx{X|WR6I+Ndeih6Oh+68`Gy!3KrrtODhxJd5eoK!q)?} zhQGt}->^mgmu30q(pz4FkCxUGrwUF?)se3`FSI>Mpms)(ELqiN`+(_*N%7n;cp7f_hE=VYrYQ1#4im&i-gf#pvT#|NlAZOtyADgt#MErJ#xZpM zLEzLy&*CUmzwUE)sP73VE9L+?3>k0}y4az}U=7N~RZC|PtwYzAwwkU|Ium3h!{7M4 zA8@yo$pc*@_?qO7qhtVV_{yh`dkHf`VSFF3gB7cF1so7bGZJIIOWPY?VX&tp_sN3A zKI3h{Yqr<6+7DCb@7ks`_2tGPG^DVYK<_){m#MY(VU3|oaIRw2yZ+R|Jw1&gILc#^ zN}z!j`k>|?{3WLb*nVu1xyG2DEz}j%CtR1h4fS0mXZ@13o`6-$k8-c#4gD;}t|zv2 zSDZ{mJXnIh-D+L_KKmP*3bI&7ZjVL%6X~21R*A(9J8Mg$m>fvglB(yxRuXRu>kjtl zKo}#X`1hDsC7r`wP<}oJ|2e=otNCbdREbrD|CC?#+9F6T>mygsz>VbGoE-L3LKF(>`vlvw^~8% zyE2_$h~b|%hWxQK=O>fnNAzw`MCuaUe2_XHsLQna zgdD_^7qR3tP$h@xm6Za<#m?aUbTqOe!p5>|TkErq#Dx3*OlRNpcsxZBjq*ZLdeC#3 z7+KwB`~DI$%Kw}mG{~V6+SCN}7iH>ayA>?o!}zW>H*Q+u(TD!klL^4d3<+rWP32>7Np+FE9-^_J>!PANo{(m!TA?~PnJ-4Cdm*S!!36f`X zoo-|D=v-|UCr@BcFhS@vaqNjkf?QE#cj;;Vy5t5H{OI>)wOts1mZ+s3Rbn7-F74>B zZH*L>{21P*1mZCC_=o3VC^h5B2|6K7QhsKji_5abdrl;7dZiS+=cS>2%V=Qe%io)j zJ0r&DFAtX(bT3-p=_}ZiGt+mJJmSFGy5HLoJj5bkxE)P^?_$14PCD|ZjfX|_d+lWU zlZa0?^CP#t?5(kQWPJYGhEeC!y6S1w-SA3cwa1`QWkpicI&}10gxpu1Cjv%osl80) zlE|V3u+-g2&ZJa5wly1V%`r8(;sI|NqIRCQ>t!Px6duEI6bR>GA^-)R4h43A;^f1j7^e@9B z%OlLMIjnbu{OeW5A_yW$nbb^C1Kc<{TdW>D%KHEoB+kj+c2%9hl47tSk zIa-X`gyaS2+hyTu1*Zdsh<%F1J&gp88{`ovs-=UQuY>E`Db#S6p|^TQO|($8Kaukf zpSejpTAPQ?2fSYQ5*dxPWc}HmuAaNu?Z5P#;+HLb55@XShSSIpR^NpTDHe~=R|sbL z5fQHx=|(EZ=U8kgC{N@D-oS8CHMG7)w+kEVq|{zufb$b{MW%ff8!AmXY(PNzz;Oy{ zuj2mB$d3)1EhPR`+hl=2M=0S~t)Pjr!n@IyG)A@cwWrAshknk?OQ>@?Up@_JaL?Nz zq9QeR(8PGpZ^xxAb!VnRU$Ns-gFGvI5#oQ<{JVQlw5edpz1Qc-xCU*MsSscP&h~_$ z1bIOs+}z-d-$6?~`}kl>`qS(O)UYh4UHsw544}q;6*%f*M6|(SEjaI?;{b#MU7^I@ zYT*_J9ZFU0Cda8tssRSPwT|OS$H2NOHfm42iTY2toE@ZBYFQ>fo-T{%DhaSPAI0jL~zpE$R;Dq^&`ymPZOI< zP9&Xd)%FFb$?kerZv~43h|20`@dY2f;ApRI!{S|kf-43lB z-j2F<)YyDN-d~xwv*LsTsC6C0N8pBO@$I~XKKKcVHMw=2J(`p7RWqoRWi--acM<(( z7Qx?}t5#iCJBP#z9l-v4uIA|+tKn?B)x+tKm2bGc)x>l8Tpawxu+nbzf~USc?8IwH z8N?=-8{9?h+LshvUug*0BFXRRLtt)Lya=WY2CCKiyo6=zz3uDn?^xA2R&fDCTS^DR zuUSFe!J>`@pQIWJaS&w=nX2onj%rb}%9~7y*x)NeAHZ?>^{;^iU_w=0H{%<`(^UfL zTj7AnfZoVDhFl`$^v-#!&chjow&65#D?Y<7AeW$4(~TdhDW4G~3DQ#6;AG5Bh?_Iz zC<6G5Z4kpCEucvz8jzaJ*5x~FXhb$ySOhFZ5j~Ev(^V9g7I>i~J?_qj7CC^~#9!*I zBUP~(1}XN_acm!blXb}3cna!UcTF@s9IDD$zgrxlgWcgwz^DU?Zhejca+u7^^Y}xe zzv8y~2&3)1l7DC^>mo6|Dvtf8JclFl-WyK%^y!(>41q9c22s)-J;FLKW&d-vN@R87px5{9A{N(AXizphr zwF;uhm`z9x(qUL)$GPq{Z!-txWXSh*`oj?+%wgpQ_aY|2rid zyi`(jkdR9&+ryV0xbI0;glXvD?z?sz+=3}aBd41n^=q6|v7V~i4POGF>=%%5e)Vsq zp#KW;Es_SOvV1liw9pJMS!AodwI-a8gXi)lf|d5c!0DOZ0dWiAs>m`H3giiMm6*B= z4d<0M!-D(j>m1K(Q9lCi(vl&cK7AclNA9=IjnHzEQGOE(69wW!*({90QcJ;-Fk1j6 za)-K)9N7Rgl9jx$jPT^hi1)v`jBwh`8ebzz4K^gQY!)O50a&C7KtX0X54j6vYEglL zP}JF1AI<6rx8~b{<+T`CX09Vz-fu-O=p_Y3SZ&ML#u$J?HpZSG(KdA-xw%|_ZeZ$T^vJ`A5Htl1L~^7~ZbS!*F+a`{WWX{5Lwew2Tg8KESV(BQc;{V7G&7g5}n_wUo%&384=nFhK? z9bsiUghY=;8>+Y2zJdGVztEl zB;lm)4{M+xZ!Dtac}^{0-^U1#I;2=crg zlx#Zvh_fi_$<7sIoy17ddB~XCKDztdGCNgHY}x1Xg{BANUcDt&8=$ojI4a4sx4Qr}{b#Y=jx8r7DskRR{pi#~tA8^7Do41*n6s-9SPWhcl zQ{0)yLPWrgFMrDF96w{=Y?U&7vv6)uL9RRnz@_(7%KnY%iDFDqRvdfKd_yobZB7lg z2a@p)asF@78{VSgN%IwA&)3V71op16TZH(PMjB^WCQJz#y7G>aL=!2pN9ek<^(S?~ zfNHh9%~4-(m71ABA(TWYBG7G1;k%a9-2QBN){KmA?1N`lN;o9_omuC5$f^iw`fsPA zg;^0I;7)CjU1}87{wTAeG;t4wD5RQ9>On1k(D((UGICK%()n+`ppShxSeNh!Lu6l8 zQqnD{Mh&WlRq^mDzjZ*(ev_2l338$OB+?;Lv>X0+Apvk|pWISBeQ%uTNHuxg1U0%m z?AVVJ=$O@mE?>bAEsMTU1HsL=gO7SrsuCv}jN0lJ6OU+Jpo-*X`D#}{mX09HsC@4F z`DyHML4{NNU430;qk%MXlkFD$9ea9j4$Kh&y_dSGx6DcBH^-Evr<-@abhz(VCgGY2 zygfbW`ry8iG36X@LT9U8J35gQR^EBUtG#QKdnk#w#+36#KO^xT`MoT7{eEbO!L2Op zqD2ltn|@J!tu$MW2#m+nQD#ZQQ?oqFdYk3-sf%;N?ciw7ui^*DF-($vwQ>i#tjzip z$QG=2aHlxgssvaO?ky}#J~D8>wW5A(%hXiGj9~}B@@((wJR1TfJef3fRWlsi2J_%uY z0CvkA+_s;D)qx`$^FSA>__LWM!0ZohG+5{2r+$f2*1g(|q}vR!KW+Cq80u>?>jS*X z`oY3mcVEDtF>M6ty@=Yxu`KsuAnHF@u5q{^r^e%VnCUAs^4~F4(*KKP^it;=h!iCF zv`s;WW_%R*tO}|^qVqN_t#ZUMWEHT}My~Xe_t?Zp)Xx0#-owFNcWQQS`s44RI83V$ zQN#HMDqU7P?dUoGprVJ2_dE|@`PJ-}$OmdIL=j{14MI<}0V4B|1+h4yXhAhg(SF0j=+3aH*q6yg^4VF|^4!Of_ffZAYM^{mJaAAz z)KhmLezj24+Y-ck8V}RXH&8Kt4bsrsY7G>$t0EC;l6E8B$bBhbF0t1yquv%jZ-gWF zmK`h4Ehc!5_H8jV4=N71NpOYL<@nHMap=GC>2FyNh++*Ur2wHaPjf&N7j|`3{m4?2 zSdbIW7W6I+q)un!SFNW0KQ|E&ykY-fgm))IT2Hw)PHud_i$w-R##WG63k? zD?qQ%n)c;g6M*dL@b?f2c&{vbX$HtYG<)IU_Dv4Dk??V|Sv%ej*M;c;uq!u-5U@6+ zX&2^J9{`mH_~=dKh!l2zXRMxd8t;?n*U3`f-$E0eJ z*5g(EVM=_0*ITy)_pd^GGCjPQ!^5+*vq1aX-iSr4PnUt-Qy^CntAA&?s(qO;PChpvz5GX-Hv zYReS>^KtPGvm0KH&$C7JyC6tw45eVDsaCH#q5r!JLP6<(14n51^MuWg2vxPA?&npI z1@u0nO14FyMG|e>nEMqo$u|2&JCrvbj(k)(swQN!MS|3eR8qY=Taugo$p!Jg%gBD5 z^Wh=yyBaCaUP9~Y`NPnnYUNk>CBy4JBp4yWw4ioosOiOFf%$m>5eqZtaXzY;vM{3- zG~-V$+pM~Z6HbyyEnmR%vnKM>v#g$yNO)0-6gNxzvE6`*pHQAX;bNf4GM_2@RYI{N zZ!!rLlD1fmkJnvPo=ThoTZhw`>Yg$?^b?ntiSvaRIVOlEt{>|-KR8NF7bvg+zAyA` zxvJFq^r2IZ%^5Y`|D_DbaL`dNEy-_pFa#SKFJs!FH#IAKn+(Jc_lb;axJh+I=Jfzc z_vj-1dvq}QAwJR`0*C3_7LsQuU0?6@&tBZESPp?#4O(T8v!%VjNEu&QSON@Yw`-s3 zY(vHbB{3F}nVF{B7rnobbRc69zVXb659Uzt>4SMOKGYX&_X9@Oxu65LYw{SDK>)4fUkzT35 zNCni=ig9pi*y;UtYm+by=DaLNA)9}b;lA+Gx*uh*GRd~NGnl~IQ%7nH^+DXz{Xm06 zXk@m)HKtso#qbbdEP0q^e1*CjD0cyhT0RI_erxGBQnMrd!x%dr}9!KgqB!I{W%q&2jEya0f*;y#_J7j#+1&Eb+(dG{ z9Z4`ggP%ksxB#cKp%dX_^j~JpN&=jiuEUcPb`>(TL3^9>`VQD78pbF2osQFu=Q{D} z=5(5$=1I12BGSEKj-}sY3Qw1|iuIcslT1x=yUN06Bx^Or=aOHV4{-ChG=XujRfQ0L zxUa+_Cs(~X;)ZNtC+8cUjKn5r!3-ZWM=T$|U@C+Y5T?B9u23=5iCauZEHoLj(=%(0 zaWxUBk9X-;0tCWp&1G`bp35&(su=6N1g9@+Svf8uv%|RYoT-z&xS4&qMD zYBm7!kB*iGXBjnb#&#T*>K!5-;h5PLAjdYIgxoTbM4SRYRLF1FL^BrR`}|n`^pSLC z-dh;C6F+B4Dz7}fjgo>srnFFtEl&ybL(b);!R~UTop0wrnqytu^!o{g>X8rGdzA+M z9N|U_A&w7#fpzCsi&w?LW^yp(tbcG^Lb=ZPZnhjUQ-%3LNJ&KK*t5Z*gEW?h`b>V4 zr98n8_c#u*fe5(ptr$mr{!-?3?wiZ+ODIZs679$+mS_BmKLzA)p!KZ`Zp)j9@Vy5R ze)Xl!Q0DHabWIokO|n>&L*qPHl#x5*2Yib-N39tp@1Sze{QKhkT@mz zO=4|B#qlmc0o2<(a16`ea^0;~z3T0wD>ziaQ(}5otqSyFlj>jp>Xj`w>{w)lE3csy zF`u$qj&;;6;fxZh1F~~MlF6A&Oi2MCaDUN)azfq>FAg~3#Kh#O9=QA8rgl3gT`*9- zmg0--SeHkAOhq0Pl`+VHL)=AvmS#sWJWv|oI-ipS)d6bbbxlQb%fQ|)=3u%MAWB6A z85af!;S5t0lpQw&Kum41%u7MPx`5)3O3R~nkcHZ`YQB9!gL(!;l#5Onwt=7M01i}E zT^Zh^?;T8tFT}M`=tzw0nsvHr@NCa4&4)c!0DNjRiYeK2aD@$(*%Fu4PHQM2z$RIH zhkQ099HxbH%|Ynrkf+VxNlSIMWjO<6e2ZLyovDz5d~{S&{ovY@$mEfCDAL0hK%Xw6;L-oK-L zZsgfbbR8j9=?99R69rZQEga~~9NX(ub#crm?{6efimF*Z|4IZtLIWEfj-@S@B28vL z=J)}_ZVS3CGL_a%PyyseGm{@0jn2RE8E^}V+gZt)?5x-5RlpD_k>}e&@EzL|7fse| z5#U{phT9>WFCrJ7a4qxrcsBI?lQ9o9PXC!Nk*WQ3?k)X6ln%I9z3SnL` zL3Ha)bqir<=z%&aH*w-3snWO|4#z}wL}M+ZlP z8Q$FFS>Y=&RI(USf)*~T$LcIZm}#@L$X|*q*amQ>xfK45-s;XhB;uDC0GIO2PUmd6-HUJMa7IRv8cui)Cx4Hd z_RC$pL+^dlW4|$u8e3g0T5I7Cth>_bUfN?k!@b()Vs>bcB0AB#POf<$5|x_o2;!?f zdfrTDD#B{I2S?A7Jh`zmMSRX`ZktKzYOt@Ia@w7zI$ewDcpc4;<3-+f23Kl8e@(Kw z{Z=MOs|W1bYZz>Psz$#HXa0kVMCGUW)8R|Wnp_R8Iv zD!20YaP{QiZm?Qe6SyunbJ~*1=)06$k=k9b`;W6A>UkKt`H|-M^rZ;xiX^TUe|`^L zbtR=WAV1=)(zQ%&!_&HdgKjZY0mb0pq>Hmw4=DWhc-T zL_AYhCBv!R0NAi1G&L(l$3{3s|M&osDaH8M$^6(9=fX!bn-U!6;@LYz*7r2ZuK$zA zL(C?nWz}{25HBT7Np2u|_JgU!Eraw}Z&Bi!6B`(*wm_}-GFmEC5niR{_ zEzlSlJqWJ~3qZpU>pyeP8)_v_r#nnSy_$Ag-><{mM2)mrDW!DZeqzQeHj1^{%K$Bk zenrSK(iK^)Y6EOH~Odg>7TWU;nCw?}w{uMWCFLcSg9zbIbO z;gnjtyJI-9a)E4FSM;m7`cSiEzZ5N(9Xrkw+sGIugn5Jl&A6-`@3bP8JLR!nFuU3n zR3l+|(o{5G`j)w$!~Ocx`cDCKGVlft3|@X>UE-?I5K$mkK4i%g(BYnL6nzc$m_UT- zo(ST8OSEDP9bXkwdY1d zfNUToZ)>DviV)v`-9h2?*3vt#{xY&iT_Q5!<7LHBU~0Dv`k*n@hv%d^GkCO$CC6@Q zi{v1pAv5GJD z#TN)W}q0$Wu%+=sriN2x{OH*AU(I4>19yG;WUD20#@Y!ZG1!E9rcqk$bz?a_6 z107@jt~kNZ?x+#6-P69GVo>a(-o0&niGItBpJ8l; zMv?f_V!hGMy-k7n#T!1om>!!Dzq5Yy3*y&_w*BK{OfJ~i^7M&1gv^vX{T~V%fYGn# z=$af1C^mapd8a41*?1es67;N6yh9_#oCBX&xa%rCp5!K4239m{)EUB!^m#o*;}eQl zJc{+BT)b~?BYtg=5U0<>A<2t_6ZJCpH=x65zi7*S7G%&NyL)i!%bHqgSK@I*euiuw z>i8Y{)!5?^Pn9igu12uj?`iCW+5`L9!JD-V>Ngc$D!Q1}!v>_i*N5yECD0?#??$sR z>OvzHvdg`n6ssU{qW1a`g04?991}G_3{f1|IH~I{#zHIwJ1YT8*?)%%eW`EycvD6x z;l9*CquW>Uo0Gw9^E+;aCJ5PO>UVz1|Hw)9oKC{eT;!2Ef4_OmRhQNquZe}dJikM^ zA~JTOGnaUZ+=|puE{Q<hKvNfQeg(Hq)Rr!5l|h7Vn7p9sYAj zk(A}!xUL+rGU&e@Vj!!meHe|qukaE`(c#7N<64XKQ}AMR-Dd*XxN9J&Pgzw!_nz%y z%DWA8vxAZPH|0%Bf9{9dBM2+VBmAF)23X=ggngqrJpGex86xiay2-1OLQa@yX~Ja4 z;vmrAg7RYEPciWf47d#N0FVGh!<`%4>&{gs95}{cn!{q``#DnQvAMZjNwt2PM6l5f z2yF@s3AWNUT4jG_&7~Pm_l0o`BNSYGdx)Sm$^8@hSVj1F79srfvL2DpN0nNkCq zgvc-C#Ov+B_xeDON#yt(?@I-HeLtl|*MiLH+43&%S48~+siEoiuAuSlZq{b!{$Aw; z?rmCYTNe4!B79Ro_@v7L#J?1y@Mg7GgwA4i>%pJt+iLp&|&kVsHsT; z4ff;mvxDiHnXFqIYTuc4B;NNWphHi-$*qV$=0p-*{QKx4?y@jom0DZ|K`frXHMro7 zS{psJ@85Z!XP$aB9IiOt9(x_ml=0lPyL{V{_Gd{-l6Hl{;$ZDZhSI91{AER8Wb*fu z#Avd^s1-z}6}@E?9d!KQRctvJrMXg~))4*R)#iTlDq#4-Jg3UCcb;9EkW_op>B6(0 zJ5NwK_~P}@19vJuTwYBs3tEqA<9?lhVJ5VUu_DbF90Q5pjzbP;Ti5Z3k8 zMR)LCYUah45vH<&`x_$&7#yqiV<$8T;dE}-JQktvsa${E+A}9ADI!mgCN<3v1#s3A zJBL6r{jP7ji!wkK2YvW^uqOnbAkYw2`?<^Ke1IIe*0U@OMUGB2<3b9PDMsS8r8y5@ z`q>ou*_3Rt*LD`opvuVk$4O9IN3CYO32q^W=v&+MV_XZa?h839>DKJKChV=5Q>G%_ z@b~_QLT`y*@QZP%P2y21rz^hOIgmKaQ%};p%rH{(aFG;r9xTj6%uzE(^i8O+-{`Vm zMhdcD?!kH$gkEIToZVa(-HC(RBRxb1f@DKRirSs9e`jHB6FpR!6!J@hx@%q^oDAS;`*fP(k~L*e#0$Co9nfDXa$z+uMyLp+V9 z&e)QkU7Ls}Iq6&+0e8K9XF+9aO1y7MxV7CeJyrP25i3N*s1>EdQVAB8#)9{Y@g2T1!u6%w}H% zpEfLEEyKhkb^SyPKC<9=~`#H9m*+3SN292)% zZ=y;UZS)}PXp+mEW|^?A-nSr}`!H8a!gAaHeCeO~LJt8m>X7Rltxs@)vD?`g32SUkUO5{|e&Q*Xigmxh zK|fWbD)YbFgJ81%-+lPN>e~4$EYw~_sAK9g-S=OOu3!&&!M}dD^CB$5r>4dW7~?3;zF(mUuU=I2L< z#@@fP2LeKS8{5z}W8<^zy-?3ij2M1~C6|`Fh{KG7uG|B$aQCti<{J^#TatSoe&d+> zG$|z?mG;hmeZ z5;ffh-QS;y7bj1%IKRBIxR4+&@Ok9}W)Nq?-CjJWNdhNFz4HWVR)822#J8DyePI^=q0Jsj9lH|6@-=TltV|GcvQRu)kW)uGa|SGFl&=%M3>=Xc${ZNcxd2lPIBg9?W(Cu^SF1kAjFkWBnBnD< zK^`)y=Gwa+H`DTX|M7rG%i}D=0Enl)`Y!s%a*K;l6-FzG?@!!3kjD(H-&41+-l#W> zPNd#F*CG5Jlgynu#<#@fz*x-Jil-au#nA}3-*;bbAV!Dw8>Qe;uvns%m1t6+|TIP_p;~M13+f zc9fYF)D)*B`Wrkmawi88A&b(oTcpmw5N>|XJZpBbOE<~K4##FqeT#WS>AxqZ?h)_y z;}-aL3U+?IwXBBEl2=!sxp+|O2iz@a%XC4xx%Em@vul0y^;uqadRd(dnJ2S#w_0u@ znwZ@MdusZV(C4z4h=*q>F{q=~!4vFUUMu6)2XndjmPcA>)_)S%K!S63^mK?qC&E=!IURvU!S{W_ucp; zw$-De_z-3%L-8ek(kr#SecMaUx3quMH6hYzr{-?-$nnCye2+%8uo{%7WnX=sGhy>Ne zn@YonU%qdlIQC*>T;4D5{(Xv0Eu^N+J1o@3_VncWzP7x!Z#;iqn}?B;CnRH!;T6!x^Fe}BK|?&}1lTD7 z%!C^@FHoS?g|En0cuR+hFm?^1-+a1bSYBUfaYAM7_Xft2F73EQL1il6ywoNWF z87SXwD8S?^ZXzyvh^mad3+CYE?7&S?IlxU0N)FD+?>ABo4ILT4M2QmDUYSnNTgbOi z{c~}Um%E%?w4m~kS&*CW=wyLm{q4;ss99k#Z=)#BFa~LIB>PQvgdw0Hjt4fs5hf3o z8YfJaDOg3h(#)7DMoDpH11seSJN6JWl`vUzaz&69J6N`~$-DCpt>x;Hpy!`LA7-lq z;){qO7rsTbgAnuu~5F*J2AD&M+ zg<1JUaVz~1ig<79Ufa`DgLp{kK)law7H2L)qUBV?V%V^ry6etbEGhFVTI50`$E zd^D-1I|}MpYqO2m9!CS37Rx6Nyc7-l&!%aZrU)=((|_vI?NyF4SK>IGNo54+HFTC_ zhs&I~c@FlCaMWBf+e&z9_|h}8aK4-S)`mb~AzEn3Cmq3<|7P-u{N26O_kM&# z*tXrJq_#oU`H2dgsH^^RYDU~kO&Vw~(L+gBv&lC)MZe234?;_v_f}}Y{w48vmc3wd zFZMT7v_ENSc~IGG?Am<0MB@w{EA_OHTUcJCFSVHa{*J{Z}d7oUC1lP*< zxCM6zo{c3yaCdjN5L`E|!GgP6aEFb%TY|di6I0^44NEmzB55Nc&rp7?8W zHQYsV(!akecJ>Ux_~T@ zk(GT&w1t@wpcPq2$y;|RoTNGXE0rfdr)t+-*TZlzYw|=_bM?D{tTUQaLOvb^=4FEn zuVPRx(poa_b|ee}SmBS)20?7(cakz7N%efLcZ`llc_Eo14ypO)+OC`rKYojMVVL)~ zW4bnL@A|VynNQ;Cq7JiXvJ|&_wahUG)m#m=_XSnrhL6$3SbixAd7Bvi4`elsl8a1d z0pgSgG8N;*Dd-B&d|Og%1fJZQBi!gvC8rz?d*0CgG6`i zK(a9koYZUoRmhCB^>HCCJAr-?*QlVg7lN5!Pey=y_nT)`Cz?bF8QW|sl;sQK%UoPO z#y11Ph7K2sqE;r;#$c<{v)U&cZ^i43c)eS{c1sb9`JJ2gr*b+%_hsKdGv+OmSY4xZ zVz|=FD(C(~p${jA)Fjt^%E;~&8r-KGxS5Sh7dRxRsy3%5%wMB(MwTfa0}D~AreYW5 zG+&86YcRe511K1pqK4*R>m_F1GSFIX%b%(#L}Hwa0uu>VquA6e(1W<8xjuiF2rE|M zs*{D5qe_BnM&M!Qp%*nU)=_k|&V5hzxgQrEv3Su2uVuFOYT(3EpzTXXEqbCBGglj> zwu7Oi{18Y04U@-%LqU{2GnM16H+4-|{)#MYgq6%6fcUcw*Oyy6woA)~{)LHR#655} zO31t(exX=~PM(iNDDxB?vV1)P#0g&&Y}QHelWz`|vZ)6$T5B3*+&?B6e8xNa9W#IO zg5aKc7nJx_*Auh)5GUQB7S(T{{wCD(L_!d(ya4M+-`l7FjGtxR=HgH45(X0#+Eb${ z?yDTN+*Nxc5}{X}50+vld)i&xFIHJj3#iQ(*OgN-=Wh47g ztLz-xxC!ouA3w#_d3)Jy$`~?52C{@)f1Z-IICG4ZPGL;UPz+7pb|d?W|1IVeu7tt-yv~IA{tE2A3Cq8o-z7T z(20S;_x)nB-`wQd9~Ca7eZ6Qy`TcUWz|}9f)93QJK$hwY2s+u7?@m zrqym|1mJ?ZU^rX1f=m4L7!aNSd@o_l%jy>%DJI_vLX1H|cP#ne2fZ__(CiIajt_@T zWM-)?z#U`=77?A8qlE#?M0?D9)Ym(ik+P5NE%jCIV`=e<7drz5M5v!AtIh&r++X!S z=Gtl!cW~}KD`<|k2{yC@nzSJPR6^n69Lqn2h;PHwyTMuzGPeG6NYj#s1O z*YG-*Ok8MU)v;e&^1UYqXFsOLSkwL>9*mu@<{F@LYib|w+yUUz=TU}Z^#;R)=im64 zwIsAh3IzAr{L(|2*}ajF6$Lx3nie&|x3@7md_(NsVD1weDeg~lSKacG zl%klSbvMy%p4tnOs@0_%UnHsL`A&CZu(bU_ciL&PfosnJCmi@Rt#!-*?5W*HwdW2^ zH8v!|&~OL}6_v;-6=uxamvYs}M*jBkvS}df)h6j}P{((0sMy0HT02 zeOvsWX^xL3NVyEjs)GcJb)GhH<2$Dbom%bNk$34k?|#$XvI>5fT8Z1{I?6q|bQ zDyL^n4`f5D9=?JCZ5&UMEIz-7u3P8UT_OPA>b%O*;`N(wJkzieMgAUXNPu@clPCVy zlxsW#^@3S8uF@`+0LEZFwB1rhtw&QSJfV(3m}vSf>G#35hY{i~GZ)GE>59S4{d`j7 zWv=gi#&qxjouPpwvhJ?|+bH*l9X4hU$2EZ!&ZI*qNSc!o& z+3f&?gOcIuox&NT`AY-TK7+=0O^UJDaCt<%!aQCoTJx%&vrYNxJ#1iyu_XqbKF~LP z^XGUu0o;M8K>vNWgmsnEwJBYs$+JUx`WnbN9av^;Jh_0+H502VevdG@%);+9#sEGb zr!;n_f>oy(Yk{Yu)@wE`K23dy-;2K=fh?rQg`v$jy9)v0t$>iJ`$An7HdNYbvc=TW zSY9kW0TXpY*TR0F8mfQw6$IOS^d;@>r=s6~B-_Vr$pTF(SJ;w+QZQ}Cn0Q~(LtbT$ zeUU3($xOgq{7(Psc_^juxue0FJiOdEBzELwidZSRqFX>8;az{x3!5+H4YLev2d|0S zQ2nyw-MWu_!(e!Ow3&OW$eHp}*-$o=^E}7KvHVE`*?2lj#@UcTQRYRqf)L23Eo5dtv zb_vciSQK?fDL#v7OCJLRZ?aFXbuzh?F6guX4N-9-wm4iPOyP^s7D=K4q!!;SL=N=) z6?b-?pG76YM<=9 zL6(;uz1Ky<;7iq$RBB0;8sE6F@r~rTEBwdv76`TL#WFNAAZg1`9JiG!{eTgAx_HNR zM>9}}_oXR>OuJc3q3VzKQ&CBfqOV@7p2}#IzYw_{HI0I@6c!C)9*YLVt&M^OhE;c} zdt=R?+^`|IqRy@wD;LP-uSTt}Zr5H`3U^Ojxc~(gKyO#E&U2Fwu`_G$Z(t^iMtq7N zNjWbE1#X$)30cktV}l-2vL6`?qi{16jZv0^*nzE+QUG~*N#F^|)ECtefiQ2Gm8Ziu z#Qtkj+BsU*;8- zJ5-XADKC{?S#!+E z>3OblZ#n|3LT-}qg?KSuBga_Ye2*yB+s?tVBCC42ms@UVbQRhAP6r|Ctn_D^1yaRa zh0{tN9tyGF>i!1pq5Bk1kE`|R=~m|5%r0kt@%1fU7#ZD#c8mDt<)IA1x)}^Z-;dDV zuk$|%=&AN`2`>OexOOTT7{MpSd9l-STPGh+LjCm)%%UWsm3-uPzs=w>99*WGYr`AL zl8?9DrxY&k>{ZBfwbh;M`N}PoIKx(9rq6dTfIRg>nqc%zh$!ynCuJswRN@Cr=-Ubl zw!U3cnamFOr0?r`-2Y5JQ185Q_|?;c^2tZ^vw&N0zucP&rSSQHx{^TunG>dYL{Zga zV8sffO9d95GR;}OyB>$#jBNZSTfz9R8aCV5H4V2WjKjyv(9l->4%!`gX<8~ROh2tq zgJ{4qSLfVPsLII1R&KgUDTR0hH(2iWzDJs6HrFelKxCjkj8^`+c5k6M573yjzN^6~5qnJ^rRD+tg{cGbt`@_}fUMw|g-(eH3P zAcD5QD7eI;H+Vp57@X*?x$>&~oS|}2akK}AflB=H`#)2lm9^(vRa5&!6aPU=c`3Mv zHY)DY!X_ERQjgyrBcXsp3WJGWnJt%cA=pp7lrb?ybrK+fLuS0!(KV-+aN`w>WW%lZ z@lJ?Sa?ayNal_lG%*Rf-hVl;u_d7KXI>9OY!^y3-2S6dm` z)V|XJF0@#aWbm-LoX|TS3))FtRr=K!d^CQSHo0r(m4_wVY-z9a+t6}V-IKe{b-zjZ zt8uErM;>Vwt_PZzhdI8w%60lfb@tomtX(aY`SL4WM+V-in`f{RaxI(R0Nby3+RftQ z^*2w3mzi3RCr9Z;Bp$O^hDH|Wbh1gl2hQ1NG99emz+ACTjpKXH%UGD};B}H2Eo=Jb zonO64QnE>uS?-N9(L4HxRs7FDc>;K>$vLLG1RQFr4!Qj)Jnj}pAi#f}?bASJVc$=v~0Z-l$*|1|)PxYjw!D|?;3 z1!1GxEBz_9JvMb2Q*xx@Q4UvKXE9{qgCb;I)2h6-RpgX? zt=+P1$>s>4QSCIkDs1)*A&LIMo?OcN2ttKQACjhv30RzGdpZ~KwK#xWcYPlVh96e8ccCV5ky zn0;*)D;06EgzRe_2sX|SMIt62uNuUIwVC=by57N4O$V{=uvu4Cm@apv%5^Bj z3urwgrh-VPdu(RT-!WuN=G)^UG($RLrMCJE(yAn$yVNa!shOnpbBJs1-gp7#kxq3S zAE-TmW|3sD#=nWpDJ>#&$Nmo+AP{;!gXK4d`_QxXmDP3#WW#%oLwg2Kw$G3Mz8Q{s zOAj}!hppS}wbA2#9d;4}l>s7>G@Ubv%emCmsY~YOD!I7wC`TxbJhovUg?$Ezz6tI3 zFxhk$CH<6XaK!SHx;&d*HY9?$i>7{todiTg*d#Y0qmeE~a>}#8rC}?qJsOKk5i*}h`MH$b0G!Mo zzH~{eWjvyxlf7I=+4ez{4i=NHM0?%bIHZZS+FIl=ccsNbqVg(yfy;{qHFad9$gJ)% za=X=3r&{^4%ju%l4kyxJwC($@` zVth0SSpnF0Wg`7S-k1NH6u)33n8J0sWX{QeIX*m?T9BdaKv%33KGggdf!$+K(3U;9 z6E9u)UaUc@7QWcsyNt92>nG1s$wq+vuFL!;_KlnI4j5R*dLzkt^sF0h!uhJma;N=s zZZqQ|KfT{cYU z^*X1h6=sSV)?2_ia?Zo^O!`IzaI!wh?s-1a(UVvd^hI~3NT2SpgcsHWRF69}?(x=z zDgH>&9kxu^<>OAdi<|J*TsBaN0yunV!*9Bdfw)jW{gpBw1iN5vBsH(f`?Pep>ry`9 zOpmZGZ}r?6D_xTMJ(VlaGWF4Lk`7QI9FnHWn^tePAf;0i@BT8qiO;(0+&GBb8P%U6 z^f`y&V*LFuDhO^fG-&FJ2^GodEUtG~`}$qO!pOqhSeTuwqv*bF)GMSz<2x0Q?<)U> zo3rMre?fZ)^qD$0r=W=x%-L4?0s~qA!lPzZqbXRz@KT;}2H|6?U(SOi>C}@A=qJ3Y zsN*`Bx0I2mUSgZeZR+e$+s|1?JOdJrfdIuG#x|1NXj-Ti$$NEM$*y^JF7@;M&)n`; zHcqyg{4Vx4A#ok}l$6E>8?AOl_?{E$g}Mw9FWvhnq3s*sC4u!|#!O9@1yvQ55m4MW|e2 zuo34V+sV0xJ;!pES)?1fehZU__piaX_I7SDwhZV$4f=0ph1?>*L7vQ6D_w~(M76$ergvxW8wXg1&k`n ziq`A;5OLGjZqOJz=M8#@|G-w-9KnK(plE7=!{>#~Hry5Yqi0@-c@2^!#1~kr*)GEu z_&GE$&hI;ib6}x8`k!&z_mt5}2Y`8FTqi|6Yi2>pOy$2?chzLM?J%~0i`~^GtPJT- z)6-$65p%kZ7z%=k|H;#^_N7OX{pJ?GJD6U`mR5dV-vozU%dN-C>V%f)NZQf2KZaAD z=q&(QR%i7Z-Y93jAqs=+fU~9e-)59hhUa5-p$GIe!Ouh+^g0 zdyS}Q#{p3YWIPqMqIT_pUFS&d;g#LwV5_qU^J~G~*%@v&hK|I-jnXok6Su%Teg|ZM z)aUuh$7E$FPI6NN6U}qlx#hwZ%R*E@W9w!X5Y1(L0Em?|pDfj#YoG2~a;>i;txY z9&$OCZ#Lc5)>;O|N`sjZ3F###Qnd$3H<`JbAnQab4D8=_ugkxlkT{!Hu~BO*yh5ap zTMhpp9bi4`QQ{;`Ir6w53#5C$2B0Oze&K7oo3R-reYs!S#~eE>3UISJY$zaK<2-#A zR|jYga;&?UG{}Hlwtt92Mktjj1X0KZM&=!H-3BJ_7C-s>&@IzQfeIook$o#fnj0!C zunj3aec30*KO8(6cXwX$GjHGO>pS(0nRHi9O+I_>?89|#pAl%m(evasV4Hju;TFvQ zw6Nbf*}K9gT(4~I9?u3<=DVV$y(*TO13n2A3B@#S-RG^WqZ(^PRx&!CAy9l zxd*)uQLPo(ZsJ%fxU=O7$%VB#BK?e(3R0`~jOhe0>JWo8a2IzQeis!|&$EhK8E!1umK`qox;p36{+5&|ZlH=x>=3|^Cr7%`SerjaWk97JHgXT7 z9dj?YaBQST_pc;#Ph;ZF-fl;>gBKkn^Uuds(7pWT)^^9f{MX9l=yKE5UF9r9FY0cH7(V!TWc`4Gv3#UZ>%IdgvI@S6GM92GGm77&SLL zWmVRfRF;?Io7Q?en&_MR4Qxov{=Gk)v9&2DVIhEE2xxkDM4N+lvW5bF`n6~LTzArVkUIM1ijO`@`F?Zi&YniBt7_m@sKWYXd`YYGvT%%7s z%!zA@^|XXxyn$=){m0LRI^#x9RLR*Us;#f`)Q{XlvsL=%EkZ&4Kr%P@Zf>prOddh< z1M43Y0sN@(C*#V9RJ6gre-8z<=JCJILhVBT+hG4a&q4YhwHxr|*FDs~wPAlxjlxMV z{r&vcpDiCC2mH^MAD3^G{&|~!kEEgf|N2)y9xy^g9H~>gwxuaC_E7%UwOOfRB${EV zuhQQ7Zd}~I^@+vyG9`ZdKX;NAzSZ_-Y6A)WT?8th?AK}I2 zTyfLH)1!&iedYgkCl*rlI1Sg49cSS=)YuM9JohoU_tVENvOG7aKLPbe0ghV5;pVP7 z+sgm-t6g~^!Dmm0$v5dva*M01Up$wiD{GtYokAzLx!j@u+Y!-R zo-(b|g}nS}N6M`GTE&91 z7LS1P_n`hwtzE6X?BUw4J$mtZ`kxS+!dnCnd%-_x}s-0qVAfwHmfFF%XdXL7n~b6YT_Ut zaxh*b7@-5yQ`3Sww)XgrP!^~*w``b&vqPHhSQ{=goXMOI5%};kMce!U-*Y-&H+S#* z<|WKUQmq7~2{R`df+%|gf?sY;_08$=gnX09f9G79G{nmNqI32WGq62_((7ykibv7D zP~@n7HAm=ay<^mikp#qQPn5M4nn{dQSXWE&qGYY^`uI_eZ;bdOlC)F-iP7iz=25}C zO8P4Y6a6k;hl-Sfuf}h>rBC~hD(XJV9{WiN2mP3PqN(@Nws-T%Ntl+sjjlbt)&&F$ z^BB3MOB5COjmu0lfY21A+mUa%6_O5=;MSl(o}QqaSpd={s`>yBGr1u5TT$!>q6Ce7 zD;cAsgQfgF4(&mUO)AEr7VH)VTt==-nvDu$`tM$)*wfUQqu`01a(#aMMhi|DIT?l= zCs;9)%!Nn(x*I`m*1n);NLYvE`ZV{KGDqCS7DpQU4f#N8SUDfmJUn-U@JQb6z#>yX z>NS981|E7Z3>1#c|D#D3BC3wE9H9e=%)`T^zlP&|;*~z#D0c2S##O6*v65@HkrO!< zIcBm&6(Zi)N~)wzYWhIWHp@?aN<-1G5Z7nSmo>Xd4t3|22>j`_)XM zQGd^56F*>v-5#O6_|#&D#HSonlSpBD$$ezJtjSZtt+KAYOn+A%SyG%v=wYzGyHnRe z$)WG;s51qXZ7VkLQvTr%D0kst@Wp~mOW!>CW;jwPayaJ1z}5ci5Y=84^fsJugN>72 z!*ECggM?X=$&sKet(a+3ecdZSsf+3R6^lTD3#;326RX4lwL&o##g{4xQe5A5gX=PA zfD!OqHxv)8caD0R@7@e;2gY;3MR=gYT>fnM606m!<35U^%Uf1i99-skB21xf%pj<# zwF;+7_7R@^;|}YCeIZE`(Br~?JS`}WzBwWivM-p}UU0}%EN`Q89V+(LNi|%{`cVX; zg+z6Y#Cp(Rt%odAA%Ue}{5!F(rZ#UKI|{%`%| zW-m8foQDo4V&`92T5!X76^6Oogm9lTeh=%~Hs^TP_>S_@mA22|=uh(ZpWiSWDi3zr z(|Nhle{*Hk%$RZW#c;BR^Yoe~Zgru@D5$8ddUnlqrKhlQ)irwm%43-`dmc%D?q1T; zuJ{SWd(A`j53$Sq5csHi8l6>E0l0aShiCdqNzTf^T!#!6Z{FU&XXQ=$24DuDvIUEW zhK}0y%;@iu1{}2rUE$1y`;p;_bVwW^dLvzoooLa8j&pxRuI1CJzujXUc_u)O51vxG zUtO#y|EuZ{%}>+^4V;kecg2NGMrGv^5@fPa`7eK=iX`s&SivPoX<iMSuPR6ogkH*|*kRQKKK1Rg%` zapNCqI6-w;)^47MW}Y)EZww8b=hIW>ZCYm=PatN zM|wtQFs{>$tD!SX2UNpVmOuH}etLOC2O~$(R8ouKw*-K#PKujvAR(giM^D0-VWq(n z2@!3z$DaGiqV8yN^sN?aINyK%BqFS>ZV_)F7t4-|WSl*2o7MgPYmX#N==k>ojbuk9 zgvL_)L9qrw(40Mdxkf4_@Ay;2=?P(qB2g6de-`t#CAyN+=F+gkqg0M_F2CQ*zk)D6 zf@V<=7?vq$Rsa$_8G~HcV>16ZYjA=jlOC0|PY9zLgI%XMqba~)CH~0K0Tdze$Ao57C<0am=f$)<$B#b9#ZbV- z>RnLfTKO6py%xLU@M6jI&g93+mOk6xB9DBlk&nC)5BgI}RzKn^2{_ zw-SS8P2ipRg|aQLOh8vh*h?ZheQclPUzt_>T->f*BvgETv8RTcy(W9CJ27|JwgT|G z%2XiOiMW&#;*6p%lUh0jytU_-h-2}ml8!$be@*FO0erg@9pv%rYFU}7j5#5!xM|09 zS0VOH=A>x$K##iPIonqzAh3qG%FM?0`Cc5lp$9v~BZ+!vDr-o|JSkF^;RSN4rL+j@ z@N%`^M-c`pKFn}?-je-0O9Cp5pXJgLGKnh9sP@s%{Z#9Flngyyb6^WhL7JA zS#~>E;NkJBia6&T%>f4tZ5d06Hf-$0;iwd5igUCekD;`2lWc#MLH*6WVOo7UrD&fR9jeLtKQO0-1_aMdaZ z8+-E9ZQTk-*s2?w-87Nn^rjhcK<2PfpUzN+K2wPFv$Zt2pG6deiJR?cpSrl7Vr`mA zPyP&b(}*v?lfl`I$1*(q;r3^)D>$m9+3J5YB3-?gRNm@ zYWl6u_$OcsO~;wUMLEko?Xo@%yBglIOzuj((ZOI5!~zL*_@IreYx(Z1)EfJ1~UHE zH}A8KpX2{#VF)>ys=ej*m|EyBm6{4qZ&QEs`)C48pdq!PO(X7ciq-XAczK?elh(+6 z_t!ARMI?+Q*PC60yz%hDo0n?h?8^<}nCGcc`RVQ)q3q9`9dbh%)m2RtnFfvbG&Knk zWo!0s5R7({HMWLYMo(j~q4*f*+_36)DXG$az_t37ZlNkA9|R5H??^S=h71Bai*Eou z4-lm@<>Urf^d;tNM>IKQr;`z3@;vE{-02i=^3llEr9Yj4;I0?0{mm2%K2-_a8>IE5c#tejDnGV!xawl`}|b}Rh4-w=(In@N%06z%JP!W z6EUWbcEaXw^dk^8HIW#y&{ZV6W_2pv48BPRsObp@!hP%y`y5EFE@CdU1mYujvy{)4f8olfwj2Mo^6rCDf3aCHc^n6I&M zw$PW&ql1uS|a z{goYKpUM0eqjR=*KZumnT}M1$CjaT5N<|>fsiFHTnOe+snb%p-#T*;W25IJ}$LqN) z&KY`I-s)b2bwL?;*|n9{*R&R33QH!+GaW3#0Y;1NV1*>iBODm%xja4a@}MTu{kGO- zDru%#qK^=RS*I+BmLt)}#B%+^+GQ6RCblh91r?=fude=QLgJ%MT)w=uD?lD<$Y}d! zK>bR`i5OH^+YOJ&^YHzHpSJA*gTv&-VDiE7ZBuS{JYK5exxO+oYS8XprsG&_x5?#J zg(}6-0R5?79v+_5B(|qIaZrOJh-=Oe6o~#GwEtrjjxlL>E7i;&X`6Vt=r@1b(1$-1 z^ulZog3g*lez@(aixn2vmEAdo&R9MBg!a;@-k&LvJAmz>4!G*l{nTc^s;b4+3_-Nw zc#HCCY&ObaidxGLyVqWudae(F8esbsh!gicPJn^~c*y;v5us&Ur^)DjyQo1XSuTJ}*#uii z%hzXTY)Giugr6@9DHd70f|u-rqaKG+6D`+)6aG%6SQ3pmdAHF$1i)A??oiJAq$Oebb?pH8nFoeNkHBVgZd)#* zXQ6Kg>;43TCNklCe4oT#&yb7#yW&EpxqG4;VG95`2bFm35&Ppw&5x`{)H$> z(`~xn^TFy;=Y!(@_9|gxL~BO!MQa|Ogqq!-+lO*Mnl8?*bti|GsXSw!nCm)=1zq>r z9I~4hI?wxGZ|6r>i^P&JOKqAj2M-?=c#YI}|MRD5(_ z^VOiYJ|Ji+4Zu&;6zc(uiTwSv!g9Zn9RRqdYf-F@NuG?>)Mn<&zVys3=daeBg$|Sp zJx)7kVNE;tSA2L6pZI={kBvYXkx^RePgQP*W8_>toKkMHN*E&Bl|4a1UD)5IMbqGK-*M&<(6+y)jhyJ zG0ZCS(6{Uv$i&z^b!`h3DIz*U;mzoLvnOBbiBd^Mn97YoMTna#Ej@GW*#(GkLj>($ zLKy@r9Ixa(N&?RF3SJkm{04r*<^jSFfwpA5>6d%VzLdll@lPI@_Qlww4q*>z`Da;6 zF6p>HUZK8kl5^3;qvQDbAivemq3s~5gkP=yP;XE_R+E5i(o_=>7M*?;ZT_AE;)I#+ zjqfRv)*f-b%BE8kd!0wpdT3{I5W@|!SgvLl!SrBP4`~C5OfwGfXYgZd#qEUT9nH^) zAwk*7(ejRw8!eYZwL=RUELQ!1P@?QOt^;j#CD$Fc&=`k(@I+WsbG1EhohVt6jO&F5 zOXZbjcUE`0%e(ND7D(dC1e`Ew)6cvU*g)Q4aC~e)ZedqWLm+39oJMr^4@0aTcwnV%{w+&j1 zkRCvn|EB7`8Y5lK6u&88wf+MGX~ozC+@qKYimoqUmA#%dka5Do(4<-{4?r!j3N}P0 z!icNB_uCPKy(e0zZ-6`wb3|N{<`u+}g=Igbn;ZO#Oi#c#;HT@{39cp(B@As|$~%HA zG^B4OM1`Y{oE(ou3lepwUD9=R;@UfL5%-Z3C*LFfcWHs~vG}Y#wl~D3fot#kbb4lt zQBzVu&}h!3aDy$T(Jw4|?Ihd@O?L{wu#J|k&C4jgyRWPtRM;|Z-bWWTCFs$&Dwd^c z&y?OV7LQx;`#Jb?eSIluZRK zceB|1AY!0+${umb0g)(KCz_Y{R#!QEyG|Ai7n>0Ll1Jr_pC(omrH2vLV~UIq zYl-ijt;d~@S`9#oO+?rrF)6R~z_yN~@^{$^jg>-3lJt|#h#n^L6SjyRC-1XPh4QJf z2E_3yimiQYfviH@=%?;cG^eBj!w(0Hh8_?=DLdR*ypaIx?g6~ti(n7`6tKLYw%DuF zRb+|vzA0&Dq{v4M6xm^ISCN&5E3uJrN5m;-RK(zsOznkl%=0JN$$O@np-h}L;VUB_ zOVyop%Sx^BF*|`EgS^iAqazL{?QJ9{`tjSkr9iA@*3U(b^uk(R%M8k61(Eta4GKfD z2MIz|9zTdfC`q%JF!D3GnkNh$ zt^Mlh6g2|mOr39KuWsbaJ2ISAnmx~pj`7ofp6;inCF}CGVVl*M;b-b7@Jt$t+g-us zKgNyzDY9ZlO-QHa?p@Xuvw2ln{WS&9HlZ&bZr_8XRIWHuM-E9-#0W`AQaA103Nuk) z{Tym9wmRoYs;b&N$Jsdo|0Ad|3knv{xrdzIr;g$0B4Gh z@7s0S|KjEvfBIq~+N7ZGCeC~sMi=}a&QeEa`8f_Cw8)Lo7OThd;CO!XO^Q&F2 zXajYuzpr3L#Qyr`lA>}V2N7BxGb-F<%+9Y9W@h<)x^;w!8(hsezW9Xo8*N;|eqIf{i3z zUS5qWze7L3H~8^T!e2yx_}lu0egC#ISCW|$^-nA;HRVV@=%Zr}=|)-e4MF`~v{|yL zY}ciGD{YVEx-Idqb(XWmDJnujZ!zrnTERHMjGbT1Cn;%Z50;u7oK#$+ zTw|mN@jwzMLKp)uWUAHgHA10C5eyspn-}7+D9ah5!}6luQH2M?$%A=0;6uK>mz=IC zziY;-O#or%fYBGVV!QME7akNDf;YlwPKv*e*Ei}8V82Iinp2Y&Eh{R+msHc1hW`;v z>k?wt@M8lMy}?nwV&OnTNlD4XR5j!JkyfHxNlD0Br5U*#^2y()a7k3(78iBDnt5u! z`EAaJ9Ay7SsbdOO1d0T+q#$zSoDX*9qVM9EuqR?ljlkT#!Ha74qC)T?@pU{{F-Gw* z(c~CjBkr+Q*S(@z<^8#qc5ty2lqU;}S~IPz3EztAiE+p8 z13$x|<$n_5hg=IxRWCD13i-O`NZKZ(R4;z6Cl<>2hKz~rf0Q>pVWj}STpF$O0r_oL z%_O>rlEAn8<^+ke(mla6a16R`OK2EuVjqJN_FHhlndrrxhY7Iu6LYU zjEH(hzYv4(?`#uvXR0LgDC7v*%3w+degt#6*!unp<+AvXOh)HobWP4$R2hRfmAac{ zU-C-71fNOq=yuIZmFwb8VCxX7JC@da)gI;-dma6qr*%JeRHCX?PMo!Ca#AKn(ef|% zaI}tb6x0y&brRGn$Y#vb;EIQTUu21Q5{Bwb_=Zk=YiZtbp1RKhHdVUDGIFG$e zXszt`pV$rBi?2@8)h>}KSj%R|nit7uDS%veGj89S!*?>k*ZDqXz;_NEDgDbTe?UX< z{o4R@{kQ$!Cj0;Mq%DTa4CMtdx)G6(G(+CK>DE|>CCT7*KUr}lYOz>}u4tn>mMuPE95NN;&|D?0CwQOI; zbd>Xj<&jkOL&kGD_40N$OB|_YZuSc2LpT@oUg+;a=`$U>mkQ15b##iN!^6WON~)od z2S?S-1#${QS(BZe;$B)Vy9=GFp5*BL{Zn?cxzDER)?*~U>%Q`%((2KX zEcua7CTcWm3Q!2X*vdZ7Nd@mobXR&JTt}(d+UroDc?VDgA$4{Ip}1aE`3l3;At&>g zPeu~Y3kM-)v>WcfQ|CG#*L}*^(HX;ZU(|5<*U2HcNebkr2J{{#Tg= zY&u%V8m&<185ct#1I1tf6ntQKZLz$CB(@F>Sq?WNMRg$5hK;s#u^<&9hR@SoQMYY$ zDcCgn*JMGo4q~vHKomJzNqFnhQbrpIG6G7MYXui?F$e!EQdmBR@%iMvBob3U$l;?? z&jo}gr@;gq6vJlfoTIym$P1-QQ#(dcxj`+L@s{}Qn4oar#_lgcKf}H#QL)OColhF@ z-mV5j)4+oT2hg7>r^1MM>h}&eno^V5Ex)&YnyW(f5!{fIlWMlx43vn>Q^~AJz|`DC zWa`fTmfG3Lz8ViaU=}?DpEd3J4?Y`6lMJg;||F;TJOq z3Pl~INu@3VRZQq$uv&}TvT|g9E~|m1tAo;RKK<-(AKrGsslP|#kHPiA(MBm-ovDZ_8J!f?F{05F z5#uc%F%U7r;(Ee!lnX{^bj4#?HZb*f}>%HEFd?bswIr%o!ZmN;q(5#pk}I^d`= zb8E~gYz(MKk%w+cR7yE*cpyT2XvBFv54I##usSJ6Gbq%SBBS_)f}A;0+j3|X)TI^t z_Ezhtvg;EC$o5ptIG@^>=@hMtL}+EzX7S6vwiO?9E|@5R1wHrZKUWIc{jU9`w@~bO zMN&qUt92f9TG6>zef)*_Wu7|hS8&d?X0uV%+-LD9)#?OgLUofTpq_aG&bz@UT@9j$MR<|l4c`x!gZW(-Xa=S*(Z1OW zq^&3m1S^LCOVTP2%5)eF;gC);eJQpsDK3$Z-&a!#U!D@3TKu=1;`bkLM&-le(&O)# z+!TRKRi=rpR^)Y4aepxjZ5Cl zl;PcjWW)%`j zK4q3EAab(N@zU|}>0o1Lk|EH9KZ2liW{1_g-2l{Ha@f*>3XO{T782u1LAk>b1xE>) ze0s)>ZB0xhm;Fx0n`Zy}k3GD5DxI(K4wZ}+h;&jhKM0K!d+f@!wqe?+U;q7_ul8iB za1YBGuD2jfyV+hZ5rj5V1#%xyv5!H8jUkxKecKPkWtRx^Iq$?)izPtTN&iGg*RnPd zc*t$PDs1?8@#m#=r2td)cWjvVV|sQrJ|3QS?66oE;^*_}(SeQPL}*1F{5si#xWn<~ zeO6c&)gRmy+PU_8M`Xt(?5cC{C)~Cb_vGqB8A1;FFZXs9lX-gc5ryiPZ!^3whv8TF zX+-6{vBGaZFpncZc^&%Ns06A-MmAdQGqNqe*biB}u1(3Y`+fQQZHKA|w_}_{J#pxc z5r09R0a^IJ&A|RaR(U%cZEh#KrPUwq`?pUw2lA@jK&r8v{=Nr^%)fcD5!D&X!irq2 z|MvbPUQqk>oX_#YY89lA+suEy1FE+v6DrIp8amqyEF9Tla=9^M&I||0k;$GUzM6&)@H}2iyMdQXF{Ddu;bG;83ZJzlKtrZJmta|>91I z6?z-UET2(NV04S3P2PUzuWB*yY`HC0`G-=6Pw zNw4TR+D@3%gGW(-i`w|Nnwl}g<9copfO0LLS${|gaN9kPVHe{cvkvCk;`FMp+IPH- zV|~1BeE8k$#{%bQqj*Y&d;*o0bTgX97;rLf+CuDOtMtv;`9MLWjpgomegzn$dlBv( zxwAbWOKken!otAc`v}L zCk+JQsL11ehxmR}oWB$)09L8pl)*+jAre?Ls`3!f8qZ&$Ba9vvcIRccFnW!SH<_sk z{$5EH6KzCIrHeeNTl_?0qobKG<(gMLnQJf^m0HezIvBj%ueTTBV~$n@34=7K=t;!q zPsZz=a*eGBtYP~8O!i_sffxRn18pnX{h->Np#|5@jKy=V#uAhZBSPGKZvUl;3>)+TD=fcasS% z-5h<6=l)z4o@q-BuRq~xON9x&cD^2$V}|yV92)HuSX{Gk*&CmqPc{ky7u0g+(x`85 zloAAf_38o)IcU%X4(H)1r$&yA{*z2yT+|f~M|!BCt^Uc53cf~T(h#w2Ub@CaDZI&U zr8EB>d=*okIWh~39a@v1FFaJkO+EfTmz7YMDu0wrVp{j)11qW4D%-O7LV$8LGK0SdX#=u}TQ0@6`0 z3jE1JW%c@m2QCeyZI`$HQH7x3d(p{aHMWin3L^R==+To^3!l>(M8z)K>2>PjtHkOy z;QUIP&y7vBg^aXUYO9(HiIsS*d@kv+c6Vfv|Mc`^Zodw1hVWTyQ9^j})!D!wAcW*^ z<=>z0PLK)N94`|t!Q%xNI#&XCKdzi{7Y)0YzM9rCMLT^JK_anQr@-R6CKeO~VC zSV*ULg?8h}AMP?Uu8evc4^H#D6K?wjzgAT_9Q1ko4Q4m2*HwZN zSl&NV=seCiRT9(+k=;95Z#jzxehG<4Ztzqg&5PB1cao|rO&>vtWP*Zu{1pCX!TY}V zM=#|X)&e?BwvB9zjWaDzPX@3KpAn|e0t`*s@8e>gsJ}}-KH7dNWx-_lcnRiz0mJ5(1?4!y(Cz?XH52I7 zjkX!ujpmJazX6}oIYrC6EpoELrH8W>jc>+I1lXz#b<@Q%_1;R#oqZ+k676$E!yngy z`~}#R~roQB>gk%~)~fwRNr8 zmNQZC=_;Jq-7n9A=FJw~^V9{Qk+S!S310S(*PSsdqB30M-z=zv{30{6K~4rS6h~}Rn!SVm`lge4@UBMINuEX@6^WT(YJSW8f&5cVg5KoSAOid-H)JeOATaQZpbPU7QG!y0x}Id}7=&-dFg zkI0J^B4Dp(c5ev&NsMkVck<|7sj7KGziory$X^Owk#UTEf~3TU5lVIovyIwcjNH5j zmxThRmL@0darP!wJD^nrq1uId0uGAzq)@v$EuDZxXM|nK!lKKHLk{-N3-#%b$zBv1 zg*9yZ21jIUcE*>J)PGSrF4g#_>BXxYgIY%EZlO=X8fl@gLjF5mUO{Y#9tMu(?)qg(htAaiY2S1tnt7c3_n}<9rJ17z2JCe6; zPc%FF6jpM+Um8C}#Bw-dXa<4tH?S_+O4zf-A{Qx5dgjg)FuJZrmZQ7Y8y$}Bc;GO+ z-}l*6yj;&IfV*8*i_EygFfF6a_$jCL#`LCnV5!(KIUF=?^dgV0%gUaTfANz+Bm;PO z8)G99E~Q*snDw9e03u{Q{ESMfmz$O?T8nM zF6>NiZ#wG1jF@g499rG}jPDIbuJkU3zeMpJwi~xabW7CSrP*aC>l}4sMfro4VeXq|$46i_PbEJ6^@M zx_p-s7|@r-vG3$~{-b-jOeAw1E9K(!49u-^-3Zh{?}Hk z*QIyoL1C;IsacPI|&ex+1akIBxCV1i~L$pK-dU^~QgS@@ z53A|67Akej%!;}{{Bmu#{mo}m0H_P?ZaG;cnUNQ6Jwub9TfJu5Y&Xj5^xbm1Kl1c5 zsJ+LpM-X7%Hr}1ml7|)mLQV7Ki|=l=^W5L`m+Qayu-8)pOX=Mj1hQDgt7XqT^8o9% zfT2O(wJl*4G%7E1_c0>X}LIuobE zdWS|e%oRIJjY(_R>#52;Kqa~oUUx6u6g#0W_|`0J2!RP%P)_9CJa;I1m}j57>h-d3 zc5X1o;s}a9$OwyzKlULDjR^weUscH3gR^H7pGbSke>5XG>vaF5&bQr2G8GLGfB&cS z=tciW@a}T?xu4jL4jT&s`~KC@&OUf`=aw< z!8nV=$kMXJ#}fw~eFwZUDLq}|+qdAlxt~OE=%kdCMSd^$^%j%+uL&fpAu%yAb#--| zHVY|fX-VNwTUh#@1m-18R1lbVErNvy=|GoPv60VPve-@APh=%cqjhnydc~NM)Is zd&KoijW*c+)+VHKqN2ez6ylP@aeiyVhs%xh5yd`cbYx_`B(j`Tn}sa$Rl$H-M@dQf z_P7%deAn2hsNPAJgNY;Kfx*FT`&@YU-Cj(_~0dTq<4^M|Uf&-O0(x7_5&Jm;<4pppbSuppvAfUJFkZr7ao-45JsxhzUR3 zuGDD`>kYaO(J7{zKH4%!T<5b0jdycGlw_!aMTSIszIlC$zEt#c&|2;PvxnaC_y}-> zi!!oKu>@LOd0Y>%Ua)D&$srMJ@FZlbm%nXMn(a5b^zuZlkN?(Nq^coyZ7pcgZ_+|x zDWhTsp)M|fs3M$q_xIPi=s;kO;*yfRmHf~JSP|gFu1;+qYMsy_=>!u{vee793r|eN9sSKm zN%JnD+A+9@hDrK9owk)JpwdGex*ksb?qAf0JGp`NzxOZESZO-LV%AsJRu7|Jy#$wF zO;5&DHroikiGv2~LzV3{c|;*pK-u3XZL9Mp0u$}6%p>bY90U~G-p~2FyU?%;ojwo1Ll&rQNFqJ|OCJBsL~ab96%v%EN-HMY zw>AimQ)`@c++R;mx3yP7eIsTsLEQo6<>h5$WR#JLy9?)Eg6Z3xLb8h7WpM0rJ$IDv z|6JDRH8C6GDb$E?a*7s zo)_M<(!iLg0>NX%=b%ii=mDktbjlKB0R!T+)Kr0w*BcmQqJG6MaYO>gxYW=nyMw~*x@ zBp~>lbI6w>!d*|<^?;PRPJqFo_D~NxDeNpg@aoW8PyA!U!%Hnr$*eY8#rai2_e;V* zzTO3VTy#4-J101U37`OU9Ie&o1*UserZnP2lRn#@)O@eGg{IIdn7VzO;;c9W& z>@ZP>)&aBXAcCU*3mFq09tnW-QkpMKkNF=@`H|?$ z0cMizl6oETHrUQvkNo_?6^I3cgcTTG0W$#*N0(H7(kS*KK!CdmPf;R96Mq7yUTgQ@ zUY<^LZuqqTNGW-UJbb%S^bJD}Jin?C6qdh*Yc4EUrR|a$=@z7qqBb~>B(N*b86E9I zcuC`6lNbTIJHt0+C#87#ERIB-OKffev^W}|@=w;`6JiXI=l&Rl-20uE z2|D4UmA!bT9HF-JGwku5#F+L6`lQ z;F}>jBwu}fJK~50vqEeDIMx1Tt}uPA4d&(Pxyf#k>8eqqp|${7gpM`Lui_%dki@Zu zXch=XQKkig6#TKVqI8bTv+zf6EzlDY)aGGr5ze0N1rK7KW$EoDQiqa1)e}9DOacCG zRt$*;J9gJZ;GUpI@i7{j#+;v)SIO}_=!H1QzM-( z2|@f6a>%z1mKnemGIWNmM@i(BQbNrwMUvI9_(}e}?XfXXiN%;@ zGn<~zs|bc0q!1C>f&z9l45jw+Mcikwy%I5p7>&p*u6MnDR524b>bdu)vJdwk_{Omx zozSzYonL?vqt(Z%NoJ;v%ssl$XKZPeeM}f2eT-yfe=t=MI|3Yj-1A-2Ei}*(@BRibf%nsq?CPEK^d9$afSL- zd>j!a7K1ABDeTW%P(e-zTf~G@>3(r6e|hC4 zJoi%54Sz|-F?@8$-%m_ByPx@=)`}Rn2nv`Z4u=SRaozX;1p_#kP^DPm{^o7~lRq3e zgFw)>MSQw!gI1*&$+w}qg<6pP2pL%jcIc0aL3I3@u3;$I9>4)6Ml-3v#^}Ia6!Yju zk;wJ*Ewx0pwhJ};$a=F^F;7HHE;rddR1q|iIlnzCs*RT@|7f=rpd_@^WanILA%fDy~1t1ZyN86$_Bj23lFk2!yOHriLm77i*VknWEK^pcoctiD%gEn_0b67m(k-ph=Jgn@=((r3Lp8@QkAiu9vDR$h-`nZGvrku~WJ{ZP=osj%$bV&8q+FI5o&1lY zKuf37PHfUnOOIHF_U5DG0w5j9wJ@4eU;l-dShqwR0qen?*SvoNjVv=T@Ah~;q^@@o z`YXa0CiJTC$PMPu)W_{HsI_|MmBj->lg%G*^KB(JCDu$(TebWRd+|11vQ|CS257p) zq<|`4LAkWXUKps;R_%@Y569QETYQ%R|DSUG6pqphg{cqdT&#B44;dD~1;5s86C3ZC zn?99Q@_3&?XjC$QpE~k&RZO8*< ze#lbsn7K4`S=|Z`uJEu}?Cl!|%m?;~f&M?4?#_w$MADG&(jm z)q!_j4~qy=@kLM`AWUC<{qiI5P~RS_1u^Jfh!!dh5Qw`Kx_+1pj&zB$sINzgiLbpQ z>R{x4aoZoWVj&3ND548})<^&SWJFoh{cNnC-VeJ}?nn+jMnwPoh1tu}e#zcX zN$~5RKXn&{fE3h8B^caFoF#N-jsIasK;Dc&&KTtCGZ+o5!7nB;_lxzWt8@Tub z`S6e#ib=KR6X2| za)Ni|WXB3IH3AjMI)I^`d^>Z=X&V*+!DWYF#Y?y~@(r#XV-e5aIh&sXF=(q#YQ4?P z=3wG9Apu1Nmcd$SY}7hmK#~Y;uy>bM#V{*4ysBBY9Olf*LY%Y54ey`qMZPthNPgX$ z)lskB?nBa23K&pw_O<{N2Y`3RiwX$|iTP)aq*MTmO?-FS83d}A%E1#hz#B66YkOpD zOqJQLd<|_X;aarRn^L}YAPDTb#XwGpMzh6?I1HpHD~mp>5tAn+Gz4 zeu%5hOsmkJVnk@`(LnhwX7JZurtB$3xq;r3X+)imJk@s()A6s~z!NF(>{DToXoA}h z+rv$v$;kP+ePS1w*2ARyes4sQu^b+hGSK}!H(Z+7$~#s0cxUjz3XnbgHx0pkIPZY83za1R<>3716vh&hPJ$czAnAqFgja^R6z3jwl4 zYDx+${{N&XhKGlzcz{UfN^2NxZe|wQUQrRFN--?i{` zyV*r=A{GrBfZdpvw33#Vc5phi%c<5{>K2dT*TCqWJa$E2mH@mE)!!&hQu;m9XvBL^P2Mz1cC~Q_$g>P z?xG4?y}8xua`658_irjHd(qPq;)x+D$J%u5_Q98$M9-Q+7xOJnCe+>JbDcgOLmT;2 zu-7%#2^W*1lyr?IJ`9n*^@I`8(daIyaln!lrXNA25jHiQtKFf#?&b%3h{@dBT4}WD zHkwU4JXCh9*3B&>@8&h59EV?HrEQuT=^>Kz!~?vyIXMJ8QG~viwf=A_9t>Zdov*k0 z!i`#b88=b`2?5qZi>Cw@Y4v!u$VSxnbs#$3@!{ctvs+!8_qcR=IzHaldn}{#1Uzes?)5r+C^u=pMozzZg@N^P#TS@KLpam zCq#qDf^~pqT&i-M+Ji}h{@1BY0yBAO1ucUcpc2*~2F3MRU+qb5U{7t`0**VM%E79x;Lpq_(w=|1?3prqhW1qU~Q zycVX-lV*B!t@>I^k75sM-MFbrHTeoCLNUl2_f$aC4(7j=)MUVF&o|E&@Zov^Nqw)W znYt%8EGjDcWaY%XXCy2P<_YjQ8jY3!sm|qzXZks|#I2yRSUwvI5AS)Ldm{qbG7^h> z3fo5hL0`v?u-RM(6G&ov=v;~eE|UVqc*~QMlO(wt{TGe%@W#f*u7dCH@2IG#s)Tv) zhhmiyQ8s`|hj_ia>f;rG>NJ+Y8khOibIBBHq?pV+DO^%Ha?lF17nAtMch` zW4Y7MvS}Z?ysHMgo__`Fy#CUV~>K=6sCqnG}t!a_|%xU^n)jM7DX( zdw7n`hU9CofJEtk^}6{YL;;Kbzx&4jPyUD+^A@igbIHN1La|RCN2^zjTJ=aobS2Tc zQ3^Ty8n&q1&ZU3AcckHIg|&w}Or+d7p#Vm)FVS&71~;8KfLqAQXrk($u`PyB$lb$U zztVz(j#tKSzFOsAqPxA_>Taghd5x#(A`A@5%aXy=BK;)!@$nHbfsJQz z5^`8>zCt6Yta~B6f{b(ct0Z{n53NN~b z4!CVJNhoGJ7}8G?E%LUcC=%ooc(2x0fL&a8hJt}fPtlBGq&%zuR6R|G0ov$v(VJH@ z*aN21mtJaS!q>278_VWc2;&{>FvNt9Z*70WWGbWA(i!MPg6s7PS z`m|1c6S<@J^UGxrmx5j`0T0;*U|Mv82=RG;2Pdh-gDAkC{kD+|g^Z1Hd;TVsfF9gv ze-n_fRzNCd2VKJ$jDZ!WRz9oq^n#2)yjmdQ2gmRYb=QaxBKM;C?!?Bgz@lP*1M>+N z9X-T87T7TSkkt?mW1y{(SW;4wbg3r@5>@XCoC1S0l>U1Uc-ZOaM){1mg5Oe<$#Yq&`3H6-x}xH@1kXga7;)H8hOgvpftFXJwD!47CEiM+B9OT&kBH z@OqW=q1jVn0@OBXfxx@dNt!)``B}@jYBx5Fx$9K2Ms?c8*&;V0*NPbO{T!S66>bVj z_T@iYpp2Tt$jI`s=RK@{Z^FA)J);&PoXHMVa8LodG_)U50F5b)=5Xnl6*P>5QYfW$ zFrOB*8uZ}%Dd9@t?-WH55pYDIk{@de>u@3R-UrAV2GCZNh-1TH-L6`>Q6Wu{ghE_^ zlIkl80UJrHr6wVI-d6aVNnDHcZSi2@Gu-D8Z`-Ast>hnhSYAD9kA2&r0S}vo7*g1J z8lX1KtnY#pInapp2-p*&t_WFEWMU>@VRGG!;hV#d+mPzU8=Dn))bi7^eZ@&P0V;0!>U_5?wdq#cavRsb9 z!C)+YUoT8wfTDht`#x2Qr~fmeWnuG%?ozD@wHx;8r{se%g*mOjCM3BT?WY&9j6-T7 zhpC!E#z_&O)m$#O5rKzwKC=;wqNU#)nV*Aua3D}V8BZG2D5VstgRPKRGR{P;f|5%P zOy2Z$?z+~ss`Ul@sbvsKFf{#ux}}xUqc*%SzYss2(Lmp7Gn3t1SkLCO?RTpG$FWuJ zU0_^-nM3RiQDJ@=87Cq#kcO7P!oe`+^muLIcTwHs9*nX;v}ncu`JC+!i&4lPoEjn@ z`XGyWOJ( z%q2%Iugnj7`88D{VpH0HsDR=z$f`sFoD)xIQEQDSka^QA(9q$* zAwHgxTJQ+n@bJfv7a#8zL`rD@+5kj?$LHsHdw?VJ^AHvmzS}wY$7O#)LmzEk(gm2f zrl(rB6Lqn9J9#Bt-BXqK`OMoDB5(tP4OWvu9PtbQp}YE+j3cwNvCYk&N`L)&RZ}-S ze<~cEl9~$OugZpoloO77`jVeN``MRQjB8K-*2BaBst8V5rwyARk$^V`P%yBMkf~B2 z(^rt3_%`>So>dacj8&mY1Oewe_Xw-%)>ox*siY&4H|=reJacNs+U~vB6j~Ve!iT6S zGPAz__Pt#_C_}IFWKc>4IT1(1wHLpb!2_rGLjBl8657~3)zYRTvzZ|S#d=6etn`5o zamGnm1juT7ZLYs3fp3wK9u8V3`;N>5AgX|Sy9c7 z01d_e{&*h2{?>#YiN53`A_6vs!4j4D#KpQrnU_5cI_Zap-`%_hfb{{;!l1(-ZZUb#JI#v@*v1a**m4lpcLX8@&9XY|7UUk@4fHS zo|>APmM2=;+SY>t@b07AJsZO%CGYZW9{uN7)FBPgq@Ec`Noc63g?4LzY6Zw%?DlW# zO?El}6MS!G+@g%devQI*;@(*htHjIRbsXCTs_)qHG>)~n4%siVN zbo6DM*%kbCiCtNlBh;YorcNDD+SwueR6(vnkD{kFRwe9uyavq7ac|*P)jDTU^%-r; z`O8<;)G1KFP&Vq_^H`z{MIK#D&$RALk%lBECvVXT4N#Mt zeD3W*7eXeYQ$pPeix;7*I_&?d2Kv_!&{Gz88DO`-VCRW}o(Gt=)dbsJZZ<>89L>hX zRADPHk)e4sY_DS0V~EI#>g`fwY(9-|N$`sYB_}5#5iJSvn%e^4C}ltv<}(q*$LlNe zKgWJP;P(eSw&q7OMRXlpRZdy2BdPQWT2YQq?H4IMf_ua=t2-CO38{^0qir{olr2~o zuOCK~4i5)RX}F^6El!XS4&%#2cj676Kd>IzLN+T+u~FHcnD z`uh5S$1T7+49XJ-&gQgPetr)G(3bNFfFJr`gv4I>>+H|Me_49c1}kiS|Gon_`Dfc7 zh#yX$=1~xc5rwzI;31Uz`oi@(z30tlM29zt1W0Sj+-sSqpa%*usNPe)4_1zi$vqa- zi+YJB_QD+N#j@?0l&h_fGuc9!^$Pbz{3$>r(BOiXp^G(cRzg9m6Je=s1%b%u2xzJ+ zC3ckg$418qzgRkkeEMwb@CHcZ9E{rDvirXP7L^Jw1ObUq72*f1JCRW)H67t|2qKEYR3dDNqWoshPfZ!w3sOsJGj2U@B=)bN z0$A<`9qt`uJT_H`;^OX)`aiiTb2Ua{o?MnwC<7_|)2)e%{eM&ne3XT70`x4)QXa@M z@Mmb;5uiy)=@_bkN=FH<1iUnMcsMcQpMHdbPkE8C(y)1SlzIGgk^3JeoDLbU zqa^;Z51=2=cqvra9$aVm6^<%{gBAVBPn%~Ls7)*!8UcJrF5dIK(T!HQWxzZrrW`^v zt;o-$jZh}0MfUwW`41v&yU2vUd`+_A364_*LB^F4q_edq#ePpdsm4HKLNGON?TF3L z5HTqHClX&NMWXgM!;x+ro^lEy*~s8fvAJ-pSU?YQVj^xM2O z9l)8tOwBN-i;fmkFn}cs(3C*ZuDvz%3ih`afU6KgZt<$`7`{7M#HRcU*eZd&MA)oc zDapvmVUP%5&!93{cg48eWX&T-4m>=#B}C>@L`v~WL@H64YC)6Q>@c0g0ZI&24kM&&aV0%y0wpcKqHnnVpDKf`*|I@ zMFfV&f%%UZ?&}!=6$MGBrL!G>JmV#mFwIjWA&o{@>HI7ssu-*lUeC}+ZSEr$E$6B zw`f*sOE8`*5HlA3T@ZOhNeBO|%ecSDdHkf=ZH9%Xz4tC)Iy|*W)Cu?{|y^bT$d3O%; ze?uStzf5GQ+;ve}Q=mswz9Ki(KoCA@QBxY<^YdSxv7kH?o8o<~zed9;_zRRrcOi*4D=1vbFt|!7G)4(3=#eBcS0#m=m*Bqv* zs4FF%5`$_6ciw`)uo}&mAK(t2n~oY+3wa&+C7#!wV(-+ql|hmvrk{ta4{l5zCq5Cx zggj~z7boH%H`*vuq#TF(RhL?XwWO0ZGXd2dDMiM^qR3Zx%YZBt4@bGHTGd2M)MRM3 z>=_LKRq337blJ%$mz7Vj=b`9CiGo7Tbv5eUWt0zl#DD-T(p^h3yGl8&(2wz-dg zTQ}PPZKI>=o+}Swz|fGq!jaZPnLTtZ3>((Ap+^+3uldp{1C ziQnF@uXfVo{q?Fk89i_*jr7mQ6*pdQZeiYptxR6k7PdfqO{uT_yU~g+&e69{d*k^65p77T<3M4Y|YqT{A3>p!c!C<1{ zVPOLUk|>52BCa#faIv-;aOUv~T+jo#V0u492iCwR$9UFdlhw9j8|%sr%>A#H204>A zEjqA-e;1IrI`}gtNzNnX%}|U&_T}N3q(~KNT;~X~jcrleWh0Ch1=zObY9d|F(Tc+( z<|$xyry_pI9kNCKW=6mlxokGd?&MR5SI&MG6l6pS_;rX zb|dZlT;FWd(QRCB_X|;%+i_G}V+L{fnyZ&CZOxbX$^AHkE1YpxY+W!jYs;SDu$1Ua zw+FX1$zl@LhDhl*>zkLP`4Lk3Be1Qy1Ubdb!8G)2V>NiQ@Jdr0-7L>2>?4+z3B|Tk(sh-0J;-Q-0b@u-tTlF0)={km(wgF0;aOIzCVx*}EaF<+5}V zq}0ZYjd205cMtpJWe3Q0aah_yrdbkGx=a?EqH(S(TXOy)rVYe}xC|=u^dRF>UW|zt zIGUW>8nx!Ef*a5H*x6}ow>w>QsD!b>!b|N~u}rGjX-RgUz-IMopF;nsHnIZKjc{>$ z)@1QD(eJHzz6fxg^(scwO*NLZccBcoi!=0&JUr3@Xb+t!s33gMt>zPLs)5(ToPeIG zoXZO5=>2lk$&u$WNg@JwvN#hWc?&;RxZ>Z%v$3L20%lQmc;gF0myI%H_^m-y=94^O z>>3Xu zHCMxRlmqGNxX5`jwXoCM|195A=2&kwmBN_T0;O@w2xb;LuIbPIITK@FTTT6IV873z zs=#|y`QlE>nJAkDjUCa(dG@rkqj$}tuC>msSybx7zSyYIT6LKA)t}4maA0Gy?sopCndddTpFSR-%oH_Nii^3WfKcQS0_ zP~NVodgrnh6JLk?l&;$Km2N`5740F*=&zNhX!|$oA3ytd@?Msw`d8nh#E|`HIWD$A z-Wn3rW7t?ZxvKPdxGI|ylEu@L&j?~YF|I+lsWVE(7b-` zR4*mu@GkNvx4aL3>v3odN7g%#4(YTPxWo%lFID~=oU~X%^IYj(dNgmXSN+%SbH{mK z5wO2~`9-Q1XLW7>u$}P72PD|P4P^dT7F6!>4LJS`21Y9g28Igc#s6#|<6`FOYGrTX z@-G86=;%1C4r2N^dVe4~AE?`N zfS|TRA>F^;8Oz~$a0&B$TZ})M{~K<<#P~8k&l4~(G1)fWVZgxcp>goxtHG3YQ@^%k zk9AhI;i_?D2t>Y5wW$i@im9di#@Kv%N?4vt2Xk zWfSqjnY2)N`=}dVN5GQ)*vnlLVLJEdyt8i`Moi|-4#(U4Q(sLcVR4Hl^MP3RiNlc9 za7A~g-bDM3P%&y>bA=C1((_Ya+e*v}CUdyG1jlXm+M9Db-+0q|XFaNCK-O+wwcU1~ zx10BQV!gxCxrq>iVC*B-^)K+1!hDZ*LO9D#UeuOVe&&jM?05{9fEX@>v}KuHHU1;{9k_sD%<0WBi+j#jLyKHoxIo^`b3=K zef1_SHa6^@3p=$?dHOflji>+SwH$~4`X9aA{oS!$`Rp=7Q1@kUf|)vScYZ@Z z{!BW4(tX9gaXEX_cfOJ1W#`o1a?zB(nD2!(`n<_cGxlOR`=oYbMvPc{8H71Rd+=~J zH8Eu0vfkv9#dx3Xbf{5$fc3WV!kR>i^piRq^&xuexoge+h~?^h{KUU0+nzvUIoB`4 zjX3huzLww*t8IF;+soClF3a98T&8J^`1+MDV(z!4H*2b*wu^vZWt%8loBsRE)A)9H_*%llHH**oH%W%e~j?S}B+J;}L?$S7%cy8l;1OpZu5#T)orrMC( z&kb%_T5+G^DlYsEhiVN19vV8S^*@Lyyq;R0zb)yXGTOF1W-{#E(wNZVp7aOJ!1+lI zV`J;FkmdGAYzAM*ztW3GeZ!DsXa*;Xs$DV^=QthSs79H*Y!VR`8v^%>k6HlG4&NKP7(c2iDE4*x)1 z-5kAFlZJ=M3rT6GwLxy1b!0eV$npq%my>%8!7>)K8?ngR@yAn0^5-X+Ap9eI8WsBr zPEGisVwpuX8Cv0f*JB>JnsG@4eIgBhpHG0Zj+)liSbR?t*ChK> z{FNMC$&X&ycsEtg9X5UHgd$@<1R3KCvS2vO$|yMteyX~Jn%$&twZWQ%wN&Qk-=I-B z1%`QDI%aJ%2QV-uAm<4GH1=gq{e*^)QGg#HObMpA!*mo%svsIdqiq~$BQLUZySJt< z5=S>$-^Srz16Sz(4cxxivqz*#2w6VXnACy#TEa4*)?vxx*Du7Qq*=+Zyf zj%>~|Rr9ykcbPKF4wae5D2%8v#1nXdEP>TjSsvctTPEvj(1XVr}pDc@vTMQE_*>9b7EH&iFfIJLVu2=d<+>79tWPf0H5#j38%6^*;cyqDFrOeBhk_DianW%!!w)l{hwRfe%5iBwU0% zn}2n2l(!*tfXEyFYEWRNRm^dJ1v0h$y-+Wsk&Y66LX6MRH$5h~jlZx?0~x2qg=Xg| z_ia_o!HV5WP)?^Q)q4U9i`7oGhGq4SH7E+aY8IB8FZcz=H&&#^vPiNmx`sdB(KxfeMX$s; zh4N{|ZR1u6!qR@8gOvJ9Ql*=Vg8LwqyDMS1JbbrJ6s00+DDN6o_6zS@X)a;WbTKxB zK3TBQi<350jsc$?o~;lC!8mJmrOcN+UPUMH*?kG546dm0Psfef-s@8`x(!hx7orgZ zyfP8h(o9xbTMGLGLx!SqA*B<$DYZmO{(&wOQn*fLxyA@h49>gjqUWAucsBf@-7zL< z2g{qVhoOI3wjaKILh_QA9_$oh#vJm)7EKz!pvl9yHP-(NsGO?1n!e`ZrDh5&LYK?V zzUQa0)-}`*lGvvk9jvJNQJ!K>=*#iNu6=DjnMcYfbp_wRepTGgDcs^=*=C1-DT?Jhi3WXIsoRtE~D zU5szPx}e`vsV167xF!*x^&6dsiNR4;VC&m~Z%+<(L*7N|>t)Jd6!AfBik+oIMXla} zS5E)Pf*_sp$~{jvpo_A{FFsUcC?`i&#Wc6>70^9E<@|P4w!099q{QE1N2nUgq>%*o zqr8~#gv=VVR1g$9Gx?BRI(&+SW}C8~V#tTjGL)~e#|3l=(Jkyo8CZ_(u-I5gs*QSz zlU{P;QtL!1NaU_2CND-k8eagZq3?urz-ZEChgUl-P8m=qSn zg$d?tmR6!h8HA`TBfLroM?&ZlMmlFERvKIG$}CLUaFpz}g-?cwVatvI|9+HdMM?%X zeU0)vi$J|}dKjcpYSZhcldO`Z1oA?BJThV3QuzrL`zAEw8BZcA9V1mth&g)0N)(>G}z{i@%n;nxou&FALvBP`EV3Bspld_IK zrAPzBkF0ZZhtCCj(`99#fuKDJGh%=g5X@H?t!4-RvX`Yp3IO6wQof~a{6OlfH7B+N zkb-@;!qF*DAn=|cC7ck5I#&`PZ{R?N?frt3vu47fU&U+H#i=%HP(2)ZF1g`rTkiwx z;40@Sj1=s?X(ZpevY0Sj1r_U7@vSJ21Z@@YyA+eA0kYEG@lKv&4`ygdt4{`eHQ>Bl z#>^7zm&Bz3o;wt3hI&|)27Kza?>z*`D-+FtZrmJHff$BGbWJJrPV#N`H_Nac+&Xz2 zO^~z`;vfbMMd5W}IQmwj?CJD{(BG*}c*zN;0YP&~~PoiJ7ZYIWv2q$eL z9yWW-f>sVm@>U%R*6I3U8eFLfe!Qqe@P1bag>ky)ld??z%>btJ4v{1wy;XtQZ$*Y` z-2Ky)FU$KwG}vmcLaLO8fGc0fXn*D=!~AL>!-tt7ikqlh8R~+jN1h~T)0^!pcMdNu zZm%S#rc?o69t|S#Zf7r6x`o=t$-;!BNi@!`hpNT&)3oCTqL$H^gP=4tS35g^^MP|c zjR>zGgh##hDCW=-hg0Lj!SsT2lSk&wZ8zYAp=E(cV1(VPdj`P=?>^`V!V7=?XsxSY zl1!5zvhqjmmNCe#Szu{}e^E0_+-iPpk9AkC_I9tUYG;zwgV1Edt8v+f_}bvh^Q!5y zWn(iJd+tu@n)`ink;j5{V~|a(_3`cWow=Kf;Q1bFPK-DG{MzGF-$(|RzJ655i-za% z?}ZuTlYL=39_x-LwL6=8nV#*1ayL^K{9Y}EStluz{H#k~eCD0I%$wbOoSydVTYMHO zRUZu+Z;x@F_kZ}oK8#}coZN)<6#|cxpP9VR4g+M7Y&z2Q#v_mRy2=<|oxBIVq@RRN zyLeN)aW#3reaAZtg#HE`T5?^oTKG)xuom!W6lKS*ad~kv5WBmdtzwuovL~8$@K~6+ z@#Mi8`!Kp>W$LoD9-I-l-!W8 z+B4V<=zj}_9Y7P2KCnQ@0u~$508{`2CkICxD>W-iMl(kvt6$1d;v8}SRW?|C`oFo# zqC3sIm|h3!^z62C9efUt&O@IkTzK1%>1>DphIv-0YC5Lq+eBCv7DMoJZg{%pOIj+18?X565i^!t^sbTumKl)MH^ z#j7u=PsAfTB?&k3-0(AcUMy$`p|(*El^<)J5Xg_yT@Vn~JS#fwj>92lEP4q%7(BO} zEYe)q*~XS?dqZKJM^>rDjr!S~S_%iU!tdWd#L?H)KhZ9F|Eu6U?_`d&25$I!a4PnH z^^bzRjjhA~Q75HGcS?6NAqSrLpCE5%%7!~FXr(f=6juT5IxRS47lh*C$uYz{U6lFC zCFHv}yM}LAuhzQccC~^`TQ_VQKl|1xx3gNW+IoBSVq_=h9c*r9Y_Ia+r!J(mggwYn z;KU)_$JdE9>)G?eBI?u``PcVRwxX4N6C-iHt)`=CrH7vvSPUbhU9b`QaCDy1uP0-+ zjD|X0R345eXpt1uhNM~$u1DN{5;5_uw8uONCfD)ZRP5FDh}>A2n|Gs*BT=PYL<7`? z&QOmg#YPbE&Ka7da-3jELZ$XN2;52kJ-j$)%+mOf0f33`5CBwgj$e8QYbPsxBYUvs z;g{+?W5N1>12gahI@tvVauVk_nB3b4;2D1H*3yH%qt9cF zI{mSG+t%)zbi|~_$up`{#vS?6g>ldMG(r9d3B409LjG&V2-Cf1`kXr|O@<9O(AuF@ zQ>(T-=l#5OL!ap_A(9-0VcYl+llmu}MhE0IsqoCn+99+(RJ0yAC#B3#IC-P%*istV z?mUXn$`ZCX5>Dk$T*}rIZG3TWIML`w4TnZl>TdXY8;T(9Uem039_U-#7tl2=d>CX6!WM}1>eYuf`cr;qiG&|N$n%$Pbi z5{@s8H-Md`*4saM`;(XStih&h^>(~^msOS;xL}WWDR}?7iYvefG6L* z;8^3f^59?hI;rJ|x?iR_qiSTU@<=el5coYS#*|)_JcX2Kd>hqS(81x&vqS>j5;f`X3@-^mXBbMSU$*pcPN zqw#|o-owd&m6~ov{ft+5z?L`G#lny+iVf`K_>%l+ts9$XayJnDVeI|kE8rd+`Evwt ziw3skfJk2zTYwHYZd-T1<>X#}QJJ+a7L`Iq=!W%)*;I5O3`ey|zLe=a$M#m@Jkc<5 zjwR*d*orGehlGO6*~fP2oj0pjMp>`Uw?^CZheoj`H~IU0ayNF58S|E8OYfaKZ$Tz2 z-iMJ*`nw*kr|P@1OLYz#in%ZP>o_tOSVUdpt~{FZ1W_P;No`WGv9nG4{Vm| z+)$X0*g(`7-FRH9r;pWM2*I&-VC@ciyG$I#$p?Zrf~^M+S-_>(JY;5Z?7qqv;)`{)ZaSj2Z)$A@XUC6)V38< zlPw4Y9xmWXyxeLd_$JkBe-#<$zkQgoSP(Jqs=>r*#!8eqbAc!XbIBPNuVs)SCQu6TokC=1sUApN`B-S$vRk8P{mE!_386s&Xc@Y7_D{ zgB^jfjZt|zJCkc=>L}$(=n+{uqB*8Fa*BP-MnrLO-B;Wct->vxqm$E}gX8Jnk&(#S zY*}sIP|u}CZa5Y+O)3^vvDex2TyV*mz*Zu&8a2E;aFsKGf5)Pxr(ybLKp=IJdtJ^X z_S+AI4M+di(XRPSFLp(9TO`h|DD#BuLnQr(UryX3QR-FyysPOj&J${h^U9=-4$yyd z+Lzm13+~=5O;Yd!c>yZ^B349+eLMNdcy%-+0e)RR_6)U;XudEpk;ESa8%?n5wLrd5 zPNGwJ4y&Ny?dqB#^R2!Ue&~88>lsapXf1Va&7O^LMd$h2>YgbpPXw%?5 z8~EfZ9BYu$T(yG9xziAMwo^II6<*;DyCSGoc)D-;!8?~K6r(&bg93lb+~@I5NAb&E zfKQH^MdNe#iJZGWgP@w#4ZC76EiRQq-3vTPu2si0A7s0LU|NEFY81O_g80a$39}4R zl)j=(Oz+)b+N{T76uUr*<^&>!b?Kd8Y0-2&spDyh(54B+d{Pt>mH~Rt=U_C^mCZVJ ze6JLfML+auyXc&U*RW|Q5-AWxZ|E5>j;9jSw#7&#$SWfn;xehga6PLE(^0W3-q+83eJs@HL0t5lsWXpY1o%RVcB z^wD(l?H$O!&d-e`E`E#31du6}cQ~!&b(0iROtsewtHFLK@)9{(fKAA`K2k7OeE1>9 zYQEAE6EWZD{uHzSSPq>z8vMoNe6*f@@^!cqQgIY~f%G|2j}3cd*g7YAhZBk|m3Jxg z>(G@=Qp6q`55h-6l63`8;Cf@+<`XI>n#qblZSdRs6o@z9)R;EaMFsSIlpK)-g-GUEvIHBjlp!ah)F)m$O{1USs`s!OV=l3?d&ML=E$PkfBJ1tvBwPoABF&4P|?r78gxF0_tq@3yiJmI&p7DqMEmfk{fu z;8-PjuWY}!DPg@tlK#Z7_Q)we|M-)`#1c#T7RTfJp1{Ls@aDfo({G^Vqvg#(ZPW**xp%I75(<)18PD_QD?J+=v zK4c1Qw`%Wa-xvJ)%)V8Voqhi+hF|aO3|!(TEi;b0!zv4I^JlkWn#1|+X1;adB=_!@ zWRYOIz|o*q^A|bQe#Q0$z=n*4!qLmYYl| z&dlI1&emB1le7z!N9(L@KcD#;aQ}{Cc;eoDb^S}l5sIoX<{+QqwwrK1)dgR?dc0f1 zWH`&HwPEgXZKev)s&*z5X8+~Z~r67O=F?x=2P@T>74<5 zbBEVUvYVMt#+y%aWt#Cmd6{;di%(zivELTF22Jkztr86oqajkCBHcoRUOW{~fxYg@ zU8kH!O*tSYuiQA!?0BC+fD`5f`vXMaz&8-jzCJYUAAP`!Y5^z?zcutiUWjh+G@bHK z2D5ev@R|w&uc@ctH5ELZr^pD^bj@2jo3xg1L1>pwqf+(93<;#5NwrF+Cy;|_$SM&S zT6j$OIaBvk9xJs|kW!UlP*5q#RoCkyo7WA}|4@1+NF)v(d7J3tUd#B+q72UW4qSfZ z9i7;>6!=QND4{{h#WEfqT=3@z&-O+4z(Sd=x4J_p-mt1k1||&Uj_dtT#5Cz zkax}mTxwef!WWx;zv|`Q|82e*y{YrlN0(E129#g@GPOiDg$C|EVb$K()UX{kylu|*kI5b(qD_y(qnnGuC)MFURit4HxVpXIIP;7{# zI=&ZneW)i@&!@r_?3j8-!!MV7xJU49SN0lq_=iUx)J=aO|ad*+c~PCmGs^wL{&ZN~QEC5$pJS!k)kBPr~QbA)TgQtl=Lyg-plt^RfS* zCe6|}gC{)-yB{m|FP_=liEkxX{%zWlfw}DKd|w$xQ^%DjjZ--+T@7p=`{%2^t@Kqf z97o;77_(%*gfq=+%JCbcCGKm_F&m@Jo-+r>2d9a>_zV=1%NLu>1`5?qkJ0MdTql@g zTHg(42k1OZuS;;^9Q>}jw_DTqCV%66v7C%#6;c$vOI*Yfw9N@WX=DarqZ+Z}r zyh@=CHW*OgofCe9>qemZoaK2~={UuxHEt=`h1k@g_)cP!rq{@&anSC*z`M*`)A>sg zzQhE5hp}eEooduOm(f(aISy5?3_h7J)K`wze};VwZO<22;32vs6ggxW%1qm5rzyVUP26V!bA!e$m+N5Fb%A@V zZ@U*(2wjLGNv98c*#drH~O!=8;G9W#IP>SRJ zVAKcHrE{!fa%UjJ5(Pm%cc5j<(K2-Lcn}vy*F?rE_z-d|^-a#&tmVStnzfC8?rv|U z>q$(=#X~TPLlJ)~igNPIm05|&j0nADNgSd%uTxJVRC7bSQMa;%a zrA8HwMp3+G2nFq+{?#yw_nhh6x$~g05mxq5b~rlOobTE(6R`cf6Y)44PL|jCX6`v`mJ?wL&V z*8Ex+Rk%21YtJF4^LZLkRz$(%dVlE3+by+2%Elh%*jBZS0~b<6uMZa@c!3@q=aX0m z;0KmNDDza#f874`j;;0Pqh#HNjl;J??;31}F|KuM4t}rqpj*$?&}$^__Yp9FI~Q0F zNVe~be%yWP_f)*^8cs}469Nv>Gq~_V8fH5gZ3OdCWK)PTBeX*}<~rHu#B6ey$U~g< z?6E#=Ch^944oJH4Jw;ipz1tTOLV|s`v1~?HMK)QR77@B$WSyJq-bwddg=FryM<&3- zT7PEvN)Z}DamTxUak?qHkGy`Zh^)*IV()2^(Qxi@_Gzi8jXdN0$#Sr-8&gu&DWOYd!BHA0#)w7P)vwPpmbHdzq}QX~iSV zU_hTSAlk{`>v`E4=tEk#RuJn37Q#UqyB2_NDB*BTDpc~u@Xe$@b1NkaJLGYiWmQ}j zjN$Lee&(J?6UM7(Orwet3vQ&{D%T$jJN{^6K(It1aPS;-!%-5j?{%*H%yD(&LddAZ z*#-VZ0_z?Bz^LVjFotqbd-h>0%o=@pf;T~HaOK&}=jEuQF)j(Nk)YCUykotSIjWSX z(d8y7n;${4%bT@mep5qcGv1!j8*^*R+dEzKhr56o#Z+#GkH%`ym>|C>W9|$F(v>rY zpp{t^izbcf+}OzlyyrTuRy$zn`*VL}jCbII)|g5X*^ z;`$J-CdUxw3*-ASSh(#1nyy_uxOZ(=HRu?YYi~Dn*~m}9zNt|d;hXJC@F;cFrsv0fY-7-D1|+#T+Ff_%Aszh>DyI2IQ%7 z@p(;CQ)nMzd%|bw3lh7qAxfFMQq4x8PY$+~v5on0GoEYM3UddA~O!E~3^jC!ex`6K*qSES7I;P-_*aBF&MqS~C(#Q?Z@_ z4Ut9fdw6+)Q|l?X!#rfr+8^$3N69K})4?KA$31IuPQT92OJN#%JvfbawQa1AyhLmN zv>{}))XuUt^-NINXt^41*lp3Ba+TFoB8pQ>=n;g+Dtgjn5V%X=JB-{$8l#Ah5j#xP zW)O#y;}XpxlAVijh+;bqH@K055#Jc1irhn?j)46#nZz9ldKlSM;uAO!Fex#KWaDE5 zYjD$uzU8F}5c(tF`>x?*3~qqK0vC;FwVg_^zq1OA-#^1pb(`Yipdty}ydnwIAEC$9 z&No-sEgc;2BtB7bM8YYKMZ%H%9uy+sy36q~aVr?5Mo{Wi5Y6#m`1G?@0K9aEd&CLBchUB7B=Y%g z6pT0KU3D#yw27kG6as=3^DC$0 z#87tE&BebeA)u5My<)mn5uvguA&DoLW@6GW4unxFIr>N5l!a_HV4DpU#^s5qol?cbTS!IOJWyOIC&MIA<1c~OszWKPMx?r%X$_s1{ zFd6$a@?fNS^qbsYgd~vQEV^RszSV`e!XLoU`6A5s@o>{rf$VmR#4>2zPW`FG3|toe zm~*idRw?vmFo|=hn)Ucu zQL0onYTl4dH(3@Z{EU=lXV73#ju=WzE$TITC#$jmZNlo0@joVS)Z|l?Ks)z~gDY+~ zr$h_RI3NS2FwenFqGwn950ChN5`Pt9Sn!WT+5fJA`=}@>be6CB35e}x(TnjoB5P^u z=`;$>TS_T*{1y+EzcK3m`vCAvn(Bl`)@+{WbhEvt4b$eWWnf>$C=M(rY=8bi{xc}A z3=$oy9bw3-s)?zCNZyL805NPq^`fIjjAV9P1-61BixTkEg8+wu?AF-l$#dkgKJllZ)z0N($Se-J&pesH+S(6s)@LVSf5p zEy{9s&}1_o=#v+2rptrH=um7mrGlP)POEUz-eV*Z$~`T5Ka?wY~fy?t`p24tVu^YIMN}gT$LG1LO*^96EFf34iW?VFt1(W??duA?|a-F)-lZ^pA zOACyRNlsg_Ly!$4O%=XHc)@rT@_bIE1hiY>+DFFEvv(LF8#nE(smCKpy@o?t zkr^4`Mr_5IEB#S;cw5RbFYzGcN;t`U8Wutpk0j|w*$~IvN@lXHt5sc#3OvNySEHGy zgZXm3eJrZ!U1)AJewD)o6mjE{o|o-AEyn7X4=P4 zKFM^P8@+si6rEp}Dz?<|#7>2HYAXvxs%xXHyj`{APTnNy{ho!21&*V()RgC%mKs^*6Z@bN6%bQ+%+?>OqBgeiT4% zAt`TJU7OIM!CX0rgyX92y|1&c8JEuvbhw8yV!Do7=qmNqn4?|Bw<8<(yEsnbpL}N~ zobmSh9V%Eh+s+8>oE!JG$srhMMcQ0`ka20J+M-sjkhb-x&?)`koOt_yNAn|H#X$Pg z;>F8n<;Ig@8V=y$7b>AIulvj!GkBKFqsAEu4vL|qG|*u2f)vne>~g6DYdXRXRD_HL zZ`d{*pcoUp>n*x{OIkOlW!fS8q2=I4OM)2bEL;s|;#CWUGI4PiFgggrlc%EU3oM!o zEgu!9RBN#U+d#^kW$kxCSP3Gx3`|7f9Ka`(Lp2;B<+~uB>&)GOc!fnix%*Oq4_pqZ&N7EqNJO>}k=+%!F=` z60*o8-2?md4*n&v&)EGv<%D4R0o7IIlu@w{;kH0r^vSizA~Fk3R0909iD-LZIWuYB zCyn+>0!Geru(yJ4IsI$6aW$u|0bix1ky?n3td^|aCt9aP;Va+x$pMF0rPfNzyn?3e z5MpINFDm|o{ict?2^@%KvgxV&csGb}YIHh_c{MJ)6sq%Y6BNuOTsi8`H-aBkQ{Dj^ z;mKntYlfP{LQpY3Qv%)$`ZMrS9Q-_xgZjF!a=Dov3$(XeeX1Uxtnzr(#`c{vsPFY zlq^$xsR-0J*KQJEzrv^1Kt$pbhrkMqmy}eWLqA6#=yVIZW~(HF-60eIjas+Yg~5`#N0w|Jt( zcwZg3vvs}yq7Rej3)d@Tac)twa`9%>w4;VuqiQ0XxX`a%2N3A#mI`U+&&5ZLO8RjF zc@7qnL_LPK`?$3u?DusaY%1vGfMb*MS@UkC%v7q*Tjmq7)THLwql75s;#q;iF0$6t zXYH+9>ok+oNN0wPAT5Kz4=c<1r%vpRXPj)U`_AjLvp!7az#pD7@3r#=StW{VXu?7L z#pfqYsd!Swnyyyh{{RFlUGWKG=a07KwbpG-zdp9S`PX!5m zNn#>A_yX)@m80p%$XM|0@lV8!h z+{{r&rd*}2l7NoVaFDEb%L>tadwM@DdyBQL<225e;8As7hx^;t`*eX9zLjHp6CCV3 zTFW`og<%@gd&GbmB^M~BAN#X{=%s$6sPSI-#Xz^Pu9tmTN|mQF%#TA{SaO9jSk<#F z69k%J&$x&0QsuKFp`IIaPQHdFA8+gxY%+wXTnPvU$b#z!n_%C0mN|?U9Z%Pd@G9bV+UoPrFLB0_7{q#*-9J%}&^x^j9wgU;wI4 z*(yJZDaKCZOAcn~*#Jo%b_hk)k5RdP`=HA@I>EW(Pe=>9*E}u!c~I@U#JwJbOYRy@ ze&rRf%6xRR7=S(7klSxbw4t@6MqVNi={cgnp%k{Lj3-tPtG-N<3u>-Xxa%Hr58z2n zm@3L@Fe)h>+H)+X$naH_sqA_k24gEm8U=HmMPZABqOBcXDG$U%(PIE&I+y0V!Cl;5 zWv*}VI}xyZt`th?jWU1a)?w%?r8SZ@A1jagq!W2Z^l8bXsczMW4nKd2#K(mAGq+jU z{>6>ptrSSK5b*)s=@D2vaHSHCmc_@wzg0%5pq$~i4oUgx4sM1^czE82rwxKWWrij` z@cyAv#dK_hGj`A^q38Xa-Y9A=am00x(q5`|sE?80GxWdNEOm=H@#TRvi~>*qz)yAJ zFPkM7BYow+9hZuala=52X~so+!D5b8hAR4CfzASpy=p~&?UrHTjLto8O;ORk% zXS_2tw0+3Vffrw#OhtuGeW>$lt0=3<9+e&nw%;eV1MY_#M+fHtQlcj6CgB$jsvk{e z!mYE5)EsVV>P;Z)x880m z4Jh<&kf&4=ZnTSZ*2F`qQZ?Ypm|j)C5EEtdCM#c=EIApYas1>&_0=O)qBOFwnT;s< z5(Jf(Z@XLlnhdw#q)04=Pgeb1=?h(+*GvKs!vS=G%*Om=6k8~LT};D{QD^mmKuoik zr3wU|Oj^?M(h$>@qL-Yb+cht(BuQM_1#@XE+~pZ5_HOn0GUVp{@x$DwDO@xa6MJOi zF*gwhtD-1~#-W>+JyE=cJ#aPkVTuHMierq{aB1<`0x{EKHdazwdaE>rY~WQSANm_1 zcmsI$Et6TED|7YKUHI;h%{;MNSZ_=o^u}HlZ{aOwYw(ouH63#(T(!A9dCj`T z{qjbQhV+&zSWXYXG%6~0tB=1pQb5@Spo(yfELwHNx2%F=U=;A?(usoWtcNt_2a+X5 ze9Zr`MfLi9L-*@qWkr2!3V0HniETv&;lRz&_inMUs-&{p0jO=T1~3nA#mJEKP{iJ{ zfIb+~1~xk%h=dgDp=;7h6`MC)kyu)gTquRUrZxIL4E9kKd`d4He~8Q+EA?6Qv;2r& z38%e^u^ZG9L2eY38K=K%PKE1pEhI?Tx6tEg{FrW2{+R@mM!fFW@mOif9)!oUH^ z7sGqLWDU>GwPAyJy8P?GDMdJXYJPaFuU1})EWRWzu^G+_X_j#0B(GzBvo5?=6zNyp zd|w5voSdvsN{I1)F zdR8%xH80V)6RqsgHz9U{(n$B(K2duo;~H7i&ToWejCW$0=J#|M!ix@Q#x|HM$sZMy zDx08ryy@k#qx@3Du2`ahAvOORjq)RBF=+z&D(wfltIW$39*id>eu0#kbFr%w6Hqr{ zpNve3EKNkZTxDtW^u|&z)5~UZ@qH=L>zj7;AB^3JAZ)0+iU27Emlnf`fZz}qpVNK6dpqOa~&1{Tm zMl0tqEXa>v7(E=bRCJu5S<6>=LAVaEoqeIJ8f)) zcS;{AvF`SyC@g8hKPIqZ;?tZe5}RegeIeHnO;g(M!IVCxeEV7CY@{jHKoaZ-ltJM3 z)oy&XgF2-BK+NPT>;*qbL`mvbd5?}_@X`Ll5N}K`*;2?ai^Od6pKCvtdnzZwS-|^9 zKdfgjd$7ZlmZYlGs^V_T?_Mk&i9AfH?e)?^kdNj`D(XSFiAU)LgLV#hVGbjM$h*Hm zNNk)xq#l^Iv3EABPG)gN`Uq*^PnylY*uz=3^B3X83;6v)La$(lxJLP@1@GJvS3o zgC{@dULqeAbvcP9RlP7HhXsB5_Cqb{mZ3Bp(*(!hq3UM!le?X4DDo$>fQDD9n=pQh z=c8G(y&BL0G%zovldDJ{u$N*dh;PP1m^$k^Wh}fXNdvtltQKfsT~ym0bxF$$CSQJ< zfhq9Y{ubeHsGv!>E+K|T8`p8FLPW4{rz)~j7yQ*HPw*$*D+B+0b>_TggtPP7cpuhpe|ARqv)B=OuJjxE~ zq6WXzZGRK+9sVKv#`ktn%SYJN^vwEO|M?r4)Z{QRv@cbYI&yBxMd+693Svvf6 z=7Ztq*Z((D{+KD@qt&6{)&14#X~Y&>2`L$aAvJTemG9Rb!j4VfyLeu`{ay;30GJJGNg$pX>=22UVYiMQc@fW+hTDw>9Yi01OFHW5Rmj> zVdg(hkr)>MZ+?n68(;wl?T<$O?NdVp{90^e?Wm*TW^3f2^>fiwc=t~N!Wi7f6EH*$ ze5eTiZ%_c>XOVvlre9;|cc5CTN?}$T0N@Y_`^yomlcryy7Wgg0$qHQjzm2QB|)c6bUF!U$h$lCCKgahKwp(()*In>F1?oxlh-hBUC z@kaK)P8a=AIJl%=7YSgRr?3A07y$SgF#Zk(xG(&PwlXp_(_=KV(laq)X0Ww3`JKX3 zosS4c5CHfY{z*|d2=Pbz|3<;`7sX$r=y%sze^q217V-~@-yLoJ-iyEcCHaeD7x_<$ zzk4b99sbYLYkz?O00<(;e>=+2%8TC_eix1ZV%V4Xli?qN^6&V6iV1(A z!F$X*NWgyy4Zp+x`NH;h_@wOL;D5fp{f_?UmiBk_iNfEX;J Date: Thu, 16 Jul 2020 14:45:51 -0400 Subject: [PATCH 055/399] Add a JSON output to generate_build_files.py. gRPC are currently importing generate_build_files.py, injecting a custom printer, and running into problems with the symlinks they set up to make this work, as well as needing to delete duplicate generated files. https://github.com/grpc/grpc/blob/53a5ad34c0b5fca2cc9fd9ec4b354ff79c12948b/src/boringssl/gen_build_yaml.py#L130 https://boringssl-review.googlesource.com/c/boringssl/+/42164 Rather than layer on more hacks, add a JSON output to generate_build_files.py. This outputs a sources.json file that folks with especially custom builds can consume. (Looks like gRPC converts to some home-grown YAML format which I imagine is further processed by some other generator?) We can then add it to master-with-bazel's output. Change-Id: I82b4ea0647386ca6c76a977f057b9962f40d41c8 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42204 Reviewed-by: Adam Langley --- util/generate_build_files.py | 40 +++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/util/generate_build_files.py b/util/generate_build_files.py index 6c3977d40f..793652875e 100644 --- a/util/generate_build_files.py +++ b/util/generate_build_files.py @@ -618,6 +618,14 @@ def WriteFiles(self, files, asm_outputs): ''') +class JSON(object): + def WriteFiles(self, files, asm_outputs): + sources = dict(files) + for ((osname, arch), asm_files) in asm_outputs: + sources['crypto_%s_%s' % (osname, arch)] = asm_files + with open('sources.json', 'w+') as f: + json.dump(sources, f, sort_keys=True, indent=2) + def FindCMakeFiles(directory): """Returns list of all CMakeLists.txt files recursively in directory.""" cmakefiles = [] @@ -947,10 +955,20 @@ def NotSSLHeaderFiles(path, filename, is_dir): return 0 +ALL_PLATFORMS = { + 'android': Android, + 'android-cmake': AndroidCMake, + 'bazel': Bazel, + 'cmake': CMake, + 'eureka': Eureka, + 'gn': GN, + 'gyp': GYP, + 'json': JSON, +} if __name__ == '__main__': - parser = optparse.OptionParser(usage='Usage: %prog [--prefix=]' - ' [android|android-cmake|bazel|eureka|gn|gyp]') + parser = optparse.OptionParser(usage='Usage: %%prog [--prefix=] [%s]' % + '|'.join(sorted(ALL_PLATFORMS.keys()))) parser.add_option('--prefix', dest='prefix', help='For Bazel, prepend argument to all source files') parser.add_option( @@ -967,22 +985,10 @@ def NotSSLHeaderFiles(path, filename, is_dir): platforms = [] for s in args: - if s == 'android': - platforms.append(Android()) - elif s == 'android-cmake': - platforms.append(AndroidCMake()) - elif s == 'bazel': - platforms.append(Bazel()) - elif s == 'eureka': - platforms.append(Eureka()) - elif s == 'gn': - platforms.append(GN()) - elif s == 'gyp': - platforms.append(GYP()) - elif s == 'cmake': - platforms.append(CMake()) - else: + platform = ALL_PLATFORMS.get(s) + if platform is None: parser.print_help() sys.exit(1) + platforms.append(platform()) sys.exit(main(platforms)) From f0558c359ca13a4e312164a47fa4cfe5e5ecb2dd Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Thu, 16 Jul 2020 14:14:15 -0700 Subject: [PATCH 056/399] Kick the bots. This should make them update and generate JSON outputs due to 8c0a6ebfc245bdbb3d7315cf8a47b91e4326fa44. Change-Id: I7e2fa7ace2ed0216fee6b553c4cf7e16a7d7457d --- util/whitespace.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/whitespace.txt b/util/whitespace.txt index 08ccc0a1dd..31dbb63ce9 100644 --- a/util/whitespace.txt +++ b/util/whitespace.txt @@ -1 +1 @@ -This file is ignored. It exists to make no-op commits to trigger new builds. +This file is ignored. It exists to make no-op commits to trigger new builds. From 1a63507c4110684363981918d6508f0d9dc48491 Mon Sep 17 00:00:00 2001 From: Daniel McArdle Date: Mon, 20 Jul 2020 12:30:05 -0400 Subject: [PATCH 057/399] Add line number to doc.go error messages. Change-Id: I00f35648a6d354abdc908314fef48b3fa573d825 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42224 Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- util/doc.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util/doc.go b/util/doc.go index 33bcc66bc5..bdcfcb0265 100644 --- a/util/doc.go +++ b/util/doc.go @@ -410,7 +410,7 @@ func (config *Config) parseHeader(path string) (*HeaderFile, error) { break } if line == cppGuard { - return nil, errors.New("hit ending C++ guard while in section") + return nil, fmt.Errorf("hit ending C++ guard while in section on line %d", lineNo) } var comment []string @@ -422,7 +422,7 @@ func (config *Config) parseHeader(path string) (*HeaderFile, error) { } } if len(lines) == 0 { - return nil, errors.New("expected decl at EOF") + return nil, fmt.Errorf("expected decl at EOF on line %d", lineNo) } declLineNo := lineNo decl, lines, lineNo, err = extractDecl(lines, lineNo) From d054e1bc61bcb23982ab5434fbe58020de31b775 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 23 Jul 2020 15:53:03 -0400 Subject: [PATCH 058/399] Fix unterminated clang-format off. We should probably ponder what to do about clang-format. That we disagree on chains of && is a little annoying, but peppering the code with clang-format off seems problematic. Change-Id: I0547e4e41817e8c0b585d5fabe759ef25ed00cf7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42264 Reviewed-by: Adam Langley --- ssl/tls_record.cc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ssl/tls_record.cc b/ssl/tls_record.cc index 464c5c5acd..acff1ad9f1 100644 --- a/ssl/tls_record.cc +++ b/ssl/tls_record.cc @@ -447,13 +447,15 @@ static bool tls_seal_scatter_suffix_len(const SSL *ssl, size_t *out_suffix_len, // TLS 1.3 adds an extra byte for encrypted record type. extra_in_len = 1; } - if (type == SSL3_RT_APPLICATION_DATA && // clang-format off + // clang-format off + if (type == SSL3_RT_APPLICATION_DATA && in_len > 1 && ssl_needs_record_splitting(ssl)) { // With record splitting enabled, the first byte gets sealed into a separate // record which is written into the prefix. in_len -= 1; } + // clang-format on return ssl->s3->aead_write_ctx->SuffixLen(out_suffix_len, in_len, extra_in_len); } @@ -465,8 +467,8 @@ static bool tls_seal_scatter_suffix_len(const SSL *ssl, size_t *out_suffix_len, // |tls_seal_scatter_record| implements TLS 1.0 CBC 1/n-1 record splitting and // may write two records concatenated. static bool tls_seal_scatter_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out, - uint8_t *out_suffix, uint8_t type, - const uint8_t *in, size_t in_len) { + uint8_t *out_suffix, uint8_t type, + const uint8_t *in, size_t in_len) { if (type == SSL3_RT_APPLICATION_DATA && in_len > 1 && ssl_needs_record_splitting(ssl)) { assert(ssl->s3->aead_write_ctx->ExplicitNonceLen() == 0); From 54858b63c1d886f6c8d903d4a4f594f1485de189 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 23 Jul 2020 17:45:45 -0400 Subject: [PATCH 059/399] Switch clang-format IncludeBlocks to Preserve. clang-format now reorders includes. It used to simply sort within blocks, but later it added a "regroup" option. The regroup option is a bit aggressive and does not take into account our project headers being referenced in style. (It also won't be able to recognize the header corresponding to the source file, but perhaps we should drop that rule.) For now, just revert it to Preserve. Change-Id: Ief82b5c3f91c16a8def14f91ef6bf6cde502bb79 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42265 Reviewed-by: Adam Langley --- .clang-format | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.clang-format b/.clang-format index 5865a7068d..3ccecaac1f 100644 --- a/.clang-format +++ b/.clang-format @@ -4,4 +4,8 @@ AllowShortIfStatementsOnASingleLine: false AllowShortLoopsOnASingleLine: false DerivePointerAlignment: false PointerAlignment: Right +# TODO(davidben): The default for Google style is now Regroup, but the default +# IncludeCategories does not recognize . We should +# reconfigure IncludeCategories to match. For now, keep it at Preserve. +IncludeBlocks: Preserve From cac93924ab4eb4a5af0488d4523872a4c00fccc4 Mon Sep 17 00:00:00 2001 From: Nick Harper Date: Thu, 7 May 2020 13:53:23 -0700 Subject: [PATCH 060/399] Disallow TLS 1.3 compatibility mode in QUIC. Bug: 335 Change-Id: I3caa780284d4a3e646414d1fd85cc2528ebeceff Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41264 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- crypto/err/ssl.errordata | 1 + include/openssl/ssl.h | 1 + ssl/test/runner/common.go | 4 ++++ ssl/test/runner/handshake_client.go | 3 +++ ssl/test/runner/runner.go | 16 ++++++++++++++++ ssl/tls13_server.cc | 5 +++++ 6 files changed, 30 insertions(+) diff --git a/crypto/err/ssl.errordata b/crypto/err/ssl.errordata index ab6b15f420..46fae66b49 100644 --- a/crypto/err/ssl.errordata +++ b/crypto/err/ssl.errordata @@ -202,6 +202,7 @@ SSL,300,TOO_MUCH_READ_EARLY_DATA SSL,270,TOO_MUCH_SKIPPED_EARLY_DATA SSL,221,UNABLE_TO_FIND_ECDH_PARAMETERS SSL,293,UNCOMPRESSED_CERT_TOO_LARGE +SSL,306,UNEXPECTED_COMPATIBILITY_MODE SSL,222,UNEXPECTED_EXTENSION SSL,279,UNEXPECTED_EXTENSION_ON_EARLY_DATA SSL,223,UNEXPECTED_MESSAGE diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index f804928749..46ed1122c5 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -5179,6 +5179,7 @@ BSSL_NAMESPACE_END #define SSL_R_INCONSISTENT_CLIENT_HELLO 303 #define SSL_R_CIPHER_MISMATCH_ON_EARLY_DATA 304 #define SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED 305 +#define SSL_R_UNEXPECTED_COMPATIBILITY_MODE 306 #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go index 26f4885d71..3a104d97fb 100644 --- a/ssl/test/runner/common.go +++ b/ssl/test/runner/common.go @@ -1670,6 +1670,10 @@ type ProtocolBugs struct { // DisableDelegatedCredentials, if true, disables client support for delegated // credentials. DisableDelegatedCredentials bool + + // CompatModeWithQUIC, if true, enables TLS 1.3 compatibility mode + // when running over QUIC. + CompatModeWithQUIC bool } func (c *Config) serverInit() { diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go index 27e9a955d5..8548b78899 100644 --- a/ssl/test/runner/handshake_client.go +++ b/ssl/test/runner/handshake_client.go @@ -389,6 +389,9 @@ NextCipherSuite: return errors.New("tls: short read from Rand: " + err.Error()) } } + if c.config.Bugs.MockQUICTransport != nil && !c.config.Bugs.CompatModeWithQUIC { + hello.sessionId = []byte{} + } if c.config.Bugs.SendCipherSuites != nil { hello.cipherSuites = c.config.Bugs.SendCipherSuites diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index e34980ddde..a340e1eb96 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -3375,6 +3375,22 @@ read alert 1 0 expectedError: ":SERVER_ECHOED_INVALID_SESSION_ID:", expectedLocalError: "remote error: illegal parameter", }) + + // Servers should reject QUIC client hellos that have a legacy + // session ID. + testCases = append(testCases, testCase{ + name: "QUICCompatibilityMode", + testType: serverTest, + protocol: quic, + config: Config{ + MinVersion: VersionTLS13, + Bugs: ProtocolBugs{ + CompatModeWithQUIC: true, + }, + }, + shouldFail: true, + expectedError: ":UNEXPECTED_COMPATIBILITY_MODE:", + }) } func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol protocol) { diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc index 33f821e240..25c13ef915 100644 --- a/ssl/tls13_server.cc +++ b/ssl/tls13_server.cc @@ -196,6 +196,11 @@ static enum ssl_hs_wait_t do_select_parameters(SSL_HANDSHAKE *hs) { return ssl_hs_error; } + if (ssl->quic_method != nullptr && client_hello.session_id_len > 0) { + OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_COMPATIBILITY_MODE); + ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + return ssl_hs_error; + } OPENSSL_memcpy(hs->session_id, client_hello.session_id, client_hello.session_id_len); hs->session_id_len = client_hello.session_id_len; From 8b601c88fb9b82b49407b018ff5e626a59600669 Mon Sep 17 00:00:00 2001 From: Daniel McArdle Date: Thu, 16 Jul 2020 14:10:52 -0400 Subject: [PATCH 061/399] Implement HPKE. draft-ietf-tls-esni-07 uses HPKE for encryption. Bug: 275 Change-Id: I4af39be4df534f8c1c991c4df82d38c6adcf2574 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41304 Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- crypto/CMakeLists.txt | 2 + crypto/hpke/hpke.c | 459 ++++++++++++++++++++++++++ crypto/hpke/hpke_test.cc | 382 +++++++++++++++++++++ crypto/hpke/hpke_test_vectors.txt | 407 +++++++++++++++++++++++ crypto/hpke/internal.h | 192 +++++++++++ crypto/hpke/test-vectors.json | 1 + crypto/hpke/translate_test_vectors.py | 81 +++++ sources.cmake | 1 + 8 files changed, 1525 insertions(+) create mode 100644 crypto/hpke/hpke.c create mode 100644 crypto/hpke/hpke_test.cc create mode 100644 crypto/hpke/hpke_test_vectors.txt create mode 100644 crypto/hpke/internal.h create mode 100644 crypto/hpke/test-vectors.json create mode 100755 crypto/hpke/translate_test_vectors.py diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 0e2adaa7da..26295d4b1f 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -299,6 +299,7 @@ add_library( evp/sign.c ex_data.c hkdf/hkdf.c + hpke/hpke.c hrss/hrss.c lhash/lhash.c mem.c @@ -519,6 +520,7 @@ add_executable( fipsmodule/rand/fork_detect_test.cc fipsmodule/sha/sha_test.cc hkdf/hkdf_test.cc + hpke/hpke_test.cc hmac_extra/hmac_test.cc hrss/hrss_test.cc impl_dispatch_test.cc diff --git a/crypto/hpke/hpke.c b/crypto/hpke/hpke.c new file mode 100644 index 0000000000..0c3f9d77cf --- /dev/null +++ b/crypto/hpke/hpke.c @@ -0,0 +1,459 @@ +/* Copyright (c) 2020, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "../internal.h" +#include "internal.h" + + +// As of writing, the editor's draft of HPKE has a number of changes on top of +// the latest IETF draft (draft-irtf-cfrg-hpke-04). This file implements the +// editor's draft as of July 15, 2020. +// +// TODO(dmcardle): Remove this comment when draft-irtf-cfrg-hpke-05 is +// published. + +#define KEM_CONTEXT_LEN (2 * X25519_PUBLIC_VALUE_LEN) + +// HPKE KEM scheme IDs. +#define HPKE_DHKEM_X25519_HKDF_SHA256 0x0020 + +// This is strlen("HPKE") + 3 * sizeof(uint16_t). +#define HPKE_SUITE_ID_LEN 10 + +#define HPKE_MODE_BASE 0 + +static const char kHpkeRfcId[] = "RFCXXXX "; + +static int add_label_string(CBB *cbb, const char *label) { + return CBB_add_bytes(cbb, (const uint8_t *)label, strlen(label)); +} + +// The suite_id for the KEM is defined as concat("KEM", I2OSP(kem_id, 2)). Note +// that the suite_id used outside of the KEM also includes the kdf_id and +// aead_id. +static const uint8_t kX25519SuiteID[] = { + 'K', 'E', 'M', HPKE_DHKEM_X25519_HKDF_SHA256 >> 8, + HPKE_DHKEM_X25519_HKDF_SHA256 & 0x00ff}; + +// The suite_id for non-KEM pieces of HPKE is defined as concat("HPKE", +// I2OSP(kem_id, 2), I2OSP(kdf_id, 2), I2OSP(aead_id, 2)). +static int hpke_build_suite_id(uint8_t out[HPKE_SUITE_ID_LEN], uint16_t kdf_id, + uint16_t aead_id) { + CBB cbb; + int ret = CBB_init_fixed(&cbb, out, HPKE_SUITE_ID_LEN) && + add_label_string(&cbb, "HPKE") && + CBB_add_u16(&cbb, HPKE_DHKEM_X25519_HKDF_SHA256) && + CBB_add_u16(&cbb, kdf_id) && + CBB_add_u16(&cbb, aead_id); + CBB_cleanup(&cbb); + return ret; +} + +static int hpke_labeled_extract(const EVP_MD *hkdf_md, uint8_t *out_key, + size_t *out_len, const uint8_t *salt, + size_t salt_len, const uint8_t *suite_id, + size_t suite_id_len, const char *label, + const uint8_t *ikm, size_t ikm_len) { + // labeledIKM = concat("RFCXXXX ", suite_id, label, IKM) + CBB labeled_ikm; + int ok = CBB_init(&labeled_ikm, 0) && + add_label_string(&labeled_ikm, kHpkeRfcId) && + CBB_add_bytes(&labeled_ikm, suite_id, suite_id_len) && + add_label_string(&labeled_ikm, label) && + CBB_add_bytes(&labeled_ikm, ikm, ikm_len) && + HKDF_extract(out_key, out_len, hkdf_md, CBB_data(&labeled_ikm), + CBB_len(&labeled_ikm), salt, salt_len); + CBB_cleanup(&labeled_ikm); + return ok; +} + +static int hpke_labeled_expand(const EVP_MD *hkdf_md, uint8_t *out_key, + size_t out_len, const uint8_t *prk, + size_t prk_len, const uint8_t *suite_id, + size_t suite_id_len, const char *label, + const uint8_t *info, size_t info_len) { + // labeledInfo = concat(I2OSP(L, 2), "RFCXXXX ", suite_id, label, info) + CBB labeled_info; + int ok = CBB_init(&labeled_info, 0) && + CBB_add_u16(&labeled_info, out_len) && + add_label_string(&labeled_info, kHpkeRfcId) && + CBB_add_bytes(&labeled_info, suite_id, suite_id_len) && + add_label_string(&labeled_info, label) && + CBB_add_bytes(&labeled_info, info, info_len) && + HKDF_expand(out_key, out_len, hkdf_md, prk, prk_len, + CBB_data(&labeled_info), CBB_len(&labeled_info)); + CBB_cleanup(&labeled_info); + return ok; +} + +static int hpke_extract_and_expand(const EVP_MD *hkdf_md, uint8_t *out_key, + size_t out_len, + const uint8_t dh[X25519_PUBLIC_VALUE_LEN], + const uint8_t kem_context[KEM_CONTEXT_LEN]) { + uint8_t prk[EVP_MAX_MD_SIZE]; + size_t prk_len; + static const char kEaePrkLabel[] = "eae_prk"; + if (!hpke_labeled_extract(hkdf_md, prk, &prk_len, NULL, 0, kX25519SuiteID, + sizeof(kX25519SuiteID), kEaePrkLabel, dh, + X25519_PUBLIC_VALUE_LEN)) { + return 0; + } + const char kPRKExpandLabel[] = "zz"; + if (!hpke_labeled_expand(hkdf_md, out_key, out_len, prk, prk_len, + kX25519SuiteID, sizeof(kX25519SuiteID), + kPRKExpandLabel, kem_context, KEM_CONTEXT_LEN)) { + return 0; + } + return 1; +} + +static const EVP_AEAD *hpke_get_aead(uint16_t aead_id) { + switch (aead_id) { + case EVP_HPKE_AEAD_AES_GCM_128: + return EVP_aead_aes_128_gcm(); + case EVP_HPKE_AEAD_AES_GCM_256: + return EVP_aead_aes_256_gcm(); + case EVP_HPKE_AEAD_CHACHA20POLY1305: + return EVP_aead_chacha20_poly1305(); + } + OPENSSL_PUT_ERROR(EVP, ERR_R_INTERNAL_ERROR); + return NULL; +} + +static const EVP_MD *hpke_get_kdf(uint16_t kdf_id) { + switch (kdf_id) { + case EVP_HPKE_HKDF_SHA256: + return EVP_sha256(); + case EVP_HPKE_HKDF_SHA384: + return EVP_sha384(); + case EVP_HPKE_HKDF_SHA512: + return EVP_sha512(); + } + OPENSSL_PUT_ERROR(EVP, ERR_R_INTERNAL_ERROR); + return NULL; +} + +static int hpke_key_schedule(EVP_HPKE_CTX *hpke, const uint8_t *zz, + size_t zz_len, const uint8_t *info, + size_t info_len) { + // Attempt to get an EVP_AEAD*. + const EVP_AEAD *aead = hpke_get_aead(hpke->aead_id); + if (aead == NULL) { + return 0; + } + + uint8_t suite_id[HPKE_SUITE_ID_LEN]; + if (!hpke_build_suite_id(suite_id, hpke->kdf_id, hpke->aead_id)) { + return 0; + } + + // pskID_hash = LabeledExtract(zero(0), "pskID_hash", pskID) + static const char kPskIdHashLabel[] = "pskID_hash"; + uint8_t psk_id_hash[EVP_MAX_MD_SIZE]; + size_t psk_id_hash_len; + if (!hpke_labeled_extract(hpke->hkdf_md, psk_id_hash, &psk_id_hash_len, NULL, + 0, suite_id, sizeof(suite_id), kPskIdHashLabel, + NULL, 0)) { + return 0; + } + + // info_hash = LabeledExtract(zero(0), "info_hash", info) + static const char kInfoHashLabel[] = "info_hash"; + uint8_t info_hash[EVP_MAX_MD_SIZE]; + size_t info_hash_len; + if (!hpke_labeled_extract(hpke->hkdf_md, info_hash, &info_hash_len, NULL, 0, + suite_id, sizeof(suite_id), kInfoHashLabel, info, + info_len)) { + return 0; + } + + // key_schedule_context = concat(mode, pskID_hash, info_hash) + uint8_t context[sizeof(uint8_t) + 2 * EVP_MAX_MD_SIZE]; + size_t context_len; + CBB context_cbb; + if (!CBB_init_fixed(&context_cbb, context, sizeof(context)) || + !CBB_add_u8(&context_cbb, HPKE_MODE_BASE) || + !CBB_add_bytes(&context_cbb, psk_id_hash, psk_id_hash_len) || + !CBB_add_bytes(&context_cbb, info_hash, info_hash_len) || + !CBB_finish(&context_cbb, NULL, &context_len)) { + return 0; + } + + // psk_hash = LabeledExtract(zero(0), "psk_hash", psk) + // + // For our purposes, the draft's psk parameter is just the default empty PSK. + static const char kPskHashLabel[] = "psk_hash"; + uint8_t psk_hash[EVP_MAX_MD_SIZE]; + size_t psk_hash_len; + if (!hpke_labeled_extract(hpke->hkdf_md, psk_hash, &psk_hash_len, NULL, 0, + suite_id, sizeof(suite_id), kPskHashLabel, NULL, + 0)) { + return 0; + } + + // secret = LabeledExtract(psk_hash, "secret", zz) + static const char kSecretExtractLabel[] = "secret"; + uint8_t secret[EVP_MAX_MD_SIZE]; + size_t secret_len; + if (!hpke_labeled_extract(hpke->hkdf_md, secret, &secret_len, psk_hash, + psk_hash_len, suite_id, sizeof(suite_id), + kSecretExtractLabel, zz, zz_len)) { + return 0; + } + + // key = LabeledExpand(secret, "key", key_schedule_context, Nk) + static const char kKeyExpandLabel[] = "key"; + uint8_t key[EVP_AEAD_MAX_KEY_LENGTH]; + const size_t kKeyLen = EVP_AEAD_key_length(aead); + if (!hpke_labeled_expand(hpke->hkdf_md, key, kKeyLen, secret, secret_len, + suite_id, sizeof(suite_id), kKeyExpandLabel, context, + context_len)) { + return 0; + } + + // Initialize the HPKE context's AEAD context, storing a copy of |key|. + if (!EVP_AEAD_CTX_init(&hpke->aead_ctx, aead, key, kKeyLen, 0, NULL)) { + return 0; + } + + // nonce = LabeledExpand(secret, "nonce", key_schedule_context, Nn) + static const char kNonceExpandLabel[] = "nonce"; + if (!hpke_labeled_expand(hpke->hkdf_md, hpke->nonce, + EVP_AEAD_nonce_length(aead), secret, secret_len, + suite_id, sizeof(suite_id), kNonceExpandLabel, + context, context_len)) { + return 0; + } + + // exporter_secret = LabeledExpand(secret, "exp", key_schedule_context, Nh) + static const char kExporterSecretExpandLabel[] = "exp"; + if (!hpke_labeled_expand(hpke->hkdf_md, hpke->exporter_secret, + EVP_MD_size(hpke->hkdf_md), secret, secret_len, + suite_id, sizeof(suite_id), + kExporterSecretExpandLabel, context, context_len)) { + return 0; + } + + return 1; +} + +// The number of bytes written to |out_zz| is the size of the KEM's KDF +// (currently we only support SHA256). +static int hpke_encap(EVP_HPKE_CTX *hpke, uint8_t out_zz[SHA256_DIGEST_LENGTH], + const uint8_t public_key_r[X25519_PUBLIC_VALUE_LEN], + const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN], + const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]) { + uint8_t dh[X25519_PUBLIC_VALUE_LEN]; + if (!X25519(dh, ephemeral_private, public_key_r)) { + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY); + return 0; + } + + uint8_t kem_context[KEM_CONTEXT_LEN]; + OPENSSL_memcpy(kem_context, ephemeral_public, X25519_PUBLIC_VALUE_LEN); + OPENSSL_memcpy(kem_context + X25519_PUBLIC_VALUE_LEN, public_key_r, + X25519_PUBLIC_VALUE_LEN); + if (!hpke_extract_and_expand(EVP_sha256(), out_zz, SHA256_DIGEST_LENGTH, dh, + kem_context)) { + return 0; + } + return 1; +} + +static int hpke_decap(const EVP_HPKE_CTX *hpke, + uint8_t out_zz[SHA256_DIGEST_LENGTH], + const uint8_t enc[X25519_PUBLIC_VALUE_LEN], + const uint8_t public_key_r[X25519_PUBLIC_VALUE_LEN], + const uint8_t secret_key_r[X25519_PRIVATE_KEY_LEN]) { + uint8_t dh[X25519_PUBLIC_VALUE_LEN]; + if (!X25519(dh, secret_key_r, enc)) { + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY); + return 0; + } + uint8_t kem_context[KEM_CONTEXT_LEN]; + OPENSSL_memcpy(kem_context, enc, X25519_PUBLIC_VALUE_LEN); + OPENSSL_memcpy(kem_context + X25519_PUBLIC_VALUE_LEN, public_key_r, + X25519_PUBLIC_VALUE_LEN); + if (!hpke_extract_and_expand(EVP_sha256(), out_zz, SHA256_DIGEST_LENGTH, dh, + kem_context)) { + return 0; + } + return 1; +} + +void EVP_HPKE_CTX_init(EVP_HPKE_CTX *ctx) { + OPENSSL_memset(ctx, 0, sizeof(EVP_HPKE_CTX)); + EVP_AEAD_CTX_zero(&ctx->aead_ctx); +} + +void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx) { + EVP_AEAD_CTX_cleanup(&ctx->aead_ctx); +} + +int EVP_HPKE_CTX_setup_base_s_x25519( + EVP_HPKE_CTX *hpke, uint8_t out_enc[X25519_PUBLIC_VALUE_LEN], + uint16_t kdf_id, uint16_t aead_id, + const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN], + const uint8_t *info, size_t info_len) { + // The GenerateKeyPair() step technically belongs in the KEM's Encap() + // function, but we've moved it up a layer to make it easier for tests to + // inject an ephemeral keypair. + uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN]; + X25519_keypair(out_enc, ephemeral_private); + return EVP_HPKE_CTX_setup_base_s_x25519_for_test( + hpke, kdf_id, aead_id, peer_public_value, info, info_len, + ephemeral_private, out_enc); +} + +int EVP_HPKE_CTX_setup_base_s_x25519_for_test( + EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id, + const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN], + const uint8_t *info, size_t info_len, + const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN], + const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]) { + hpke->is_sender = 1; + hpke->kdf_id = kdf_id; + hpke->aead_id = aead_id; + hpke->hkdf_md = hpke_get_kdf(kdf_id); + if (hpke->hkdf_md == NULL) { + return 0; + } + uint8_t zz[SHA256_DIGEST_LENGTH]; + if (!hpke_encap(hpke, zz, peer_public_value, ephemeral_private, + ephemeral_public) || + !hpke_key_schedule(hpke, zz, sizeof(zz), info, info_len)) { + return 0; + } + return 1; +} + +int EVP_HPKE_CTX_setup_base_r_x25519( + EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id, + const uint8_t enc[X25519_PUBLIC_VALUE_LEN], + const uint8_t public_key[X25519_PUBLIC_VALUE_LEN], + const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info, + size_t info_len) { + hpke->is_sender = 0; + hpke->kdf_id = kdf_id; + hpke->aead_id = aead_id; + hpke->hkdf_md = hpke_get_kdf(kdf_id); + if (hpke->hkdf_md == NULL) { + return 0; + } + uint8_t zz[SHA256_DIGEST_LENGTH]; + if (!hpke_decap(hpke, zz, enc, public_key, private_key) || + !hpke_key_schedule(hpke, zz, sizeof(zz), info, info_len)) { + return 0; + } + return 1; +} + +static void hpke_nonce(const EVP_HPKE_CTX *hpke, uint8_t *out_nonce, + size_t nonce_len) { + assert(nonce_len >= 8); + + // Write padded big-endian bytes of |hpke->seq| to |out_nonce|. + OPENSSL_memset(out_nonce, 0, nonce_len); + uint64_t seq_copy = hpke->seq; + for (size_t i = 0; i < 8; i++) { + out_nonce[nonce_len - i - 1] = seq_copy & 0xff; + seq_copy >>= 8; + } + + // XOR the encoded sequence with the |hpke->nonce|. + for (size_t i = 0; i < nonce_len; i++) { + out_nonce[i] ^= hpke->nonce[i]; + } +} + +size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *hpke) { + assert(hpke->is_sender); + return EVP_AEAD_max_overhead(hpke->aead_ctx.aead); +} + +int EVP_HPKE_CTX_open(EVP_HPKE_CTX *hpke, uint8_t *out, size_t *out_len, + size_t max_out_len, const uint8_t *in, size_t in_len, + const uint8_t *ad, size_t ad_len) { + if (hpke->is_sender) { + OPENSSL_PUT_ERROR(EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (hpke->seq == UINT64_MAX) { + OPENSSL_PUT_ERROR(EVP, ERR_R_OVERFLOW); + return 0; + } + + uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH]; + const size_t nonce_len = EVP_AEAD_nonce_length(hpke->aead_ctx.aead); + hpke_nonce(hpke, nonce, nonce_len); + + if (!EVP_AEAD_CTX_open(&hpke->aead_ctx, out, out_len, max_out_len, nonce, + nonce_len, in, in_len, ad, ad_len)) { + return 0; + } + hpke->seq++; + return 1; +} + +int EVP_HPKE_CTX_seal(EVP_HPKE_CTX *hpke, uint8_t *out, size_t *out_len, + size_t max_out_len, const uint8_t *in, size_t in_len, + const uint8_t *ad, size_t ad_len) { + if (!hpke->is_sender) { + OPENSSL_PUT_ERROR(EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (hpke->seq == UINT64_MAX) { + OPENSSL_PUT_ERROR(EVP, ERR_R_OVERFLOW); + return 0; + } + + uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH]; + const size_t nonce_len = EVP_AEAD_nonce_length(hpke->aead_ctx.aead); + hpke_nonce(hpke, nonce, nonce_len); + + if (!EVP_AEAD_CTX_seal(&hpke->aead_ctx, out, out_len, max_out_len, nonce, + nonce_len, in, in_len, ad, ad_len)) { + return 0; + } + hpke->seq++; + return 1; +} + +int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *hpke, uint8_t *out, + size_t secret_len, const uint8_t *context, + size_t context_len) { + uint8_t suite_id[HPKE_SUITE_ID_LEN]; + if (!hpke_build_suite_id(suite_id, hpke->kdf_id, hpke->aead_id)) { + return 0; + } + static const char kExportExpandLabel[] = "sec"; + if (!hpke_labeled_expand(hpke->hkdf_md, out, secret_len, + hpke->exporter_secret, EVP_MD_size(hpke->hkdf_md), + suite_id, sizeof(suite_id), kExportExpandLabel, + context, context_len)) { + return 0; + } + return 1; +} diff --git a/crypto/hpke/hpke_test.cc b/crypto/hpke/hpke_test.cc new file mode 100644 index 0000000000..61db58cca0 --- /dev/null +++ b/crypto/hpke/hpke_test.cc @@ -0,0 +1,382 @@ +/* Copyright (c) 2020, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include +#include +#include + +#include + +#include +#include +#include +#include +#include + +#include "../test/file_test.h" +#include "../test/test_util.h" +#include "internal.h" + + +namespace bssl { +namespace { + +// HpkeTestVector corresponds to one array member in the published +// test-vectors.json. +class HpkeTestVector { + public: + explicit HpkeTestVector() = default; + ~HpkeTestVector() = default; + + bool ReadFromFileTest(FileTest *t); + + void Verify() const { + // Set up the sender. + ScopedEVP_HPKE_CTX sender_ctx; + ASSERT_GT(secret_key_e_.size(), 0u); + + ASSERT_TRUE(EVP_HPKE_CTX_setup_base_s_x25519_for_test( + sender_ctx.get(), kdf_id_, aead_id_, public_key_r_.data(), info_.data(), + info_.size(), secret_key_e_.data(), public_key_e_.data())); + + // Set up the receiver. + ScopedEVP_HPKE_CTX receiver_ctx; + + ASSERT_TRUE(EVP_HPKE_CTX_setup_base_r_x25519( + receiver_ctx.get(), kdf_id_, aead_id_, public_key_e_.data(), + public_key_r_.data(), secret_key_r_.data(), info_.data(), + info_.size())); + + VerifyEncryptions(sender_ctx.get(), receiver_ctx.get()); + VerifyExports(sender_ctx.get()); + VerifyExports(receiver_ctx.get()); + } + + private: + void VerifyEncryptions(EVP_HPKE_CTX *sender_ctx, + EVP_HPKE_CTX *receiver_ctx) const { + for (const Encryption &task : encryptions_) { + std::vector encrypted(task.plaintext.size() + + EVP_HPKE_CTX_max_overhead(sender_ctx)); + size_t encrypted_len; + ASSERT_TRUE(EVP_HPKE_CTX_seal( + sender_ctx, encrypted.data(), &encrypted_len, encrypted.size(), + task.plaintext.data(), task.plaintext.size(), task.aad.data(), + task.aad.size())); + + ASSERT_EQ(Bytes(encrypted.data(), encrypted_len), Bytes(task.ciphertext)); + + std::vector decrypted(task.ciphertext.size()); + size_t decrypted_len; + ASSERT_TRUE(EVP_HPKE_CTX_open( + receiver_ctx, decrypted.data(), &decrypted_len, decrypted.size(), + task.ciphertext.data(), task.ciphertext.size(), task.aad.data(), + task.aad.size())); + + ASSERT_EQ(Bytes(decrypted.data(), decrypted_len), Bytes(task.plaintext)); + } + } + + void VerifyExports(EVP_HPKE_CTX *ctx) const { + for (const Export &task : exports_) { + std::vector exported_secret(task.exportLength); + + ASSERT_TRUE(EVP_HPKE_CTX_export( + ctx, exported_secret.data(), exported_secret.size(), + task.exportContext.data(), task.exportContext.size())); + ASSERT_EQ(Bytes(exported_secret), Bytes(task.exportValue)); + } + } + + struct Encryption { + std::vector aad; + std::vector ciphertext; + std::vector plaintext; + }; + + struct Export { + std::vector exportContext; + size_t exportLength; + std::vector exportValue; + }; + + uint16_t kdf_id_; + uint16_t aead_id_; + std::vector context_; + std::vector info_; + std::vector public_key_e_; + std::vector secret_key_e_; + std::vector public_key_r_; + std::vector secret_key_r_; + std::vector encryptions_; + std::vector exports_; +}; + +// Match FileTest's naming scheme for duplicated attribute names. +std::string BuildAttrName(const std::string &name, int iter) { + return iter == 1 ? name : name + "/" + std::to_string(iter); +} + +// Parses |s| as an unsigned integer of type T and writes the value to |out|. +// Returns true on success. If the integer value exceeds the maximum T value, +// returns false. +template +bool ParseIntSafe(T *out, const std::string &s) { + T value = 0; + for (char c : s) { + if (c < '0' || c > '9') { + return false; + } + if (value > (std::numeric_limits::max() - (c - '0')) / 10) { + return false; + } + value = 10 * value + (c - '0'); + } + *out = value; + return true; +} + +// Read the |key| attribute from |file_test| and convert it to an integer. +template +bool FileTestReadInt(FileTest *file_test, T *out, const std::string &key) { + std::string s; + return file_test->GetAttribute(&s, key) && ParseIntSafe(out, s); +} + + +bool HpkeTestVector::ReadFromFileTest(FileTest *t) { + if (!FileTestReadInt(t, &kdf_id_, "kdfID") || + !FileTestReadInt(t, &aead_id_, "aeadID") || + !t->GetBytes(&info_, "info") || + !t->GetBytes(&secret_key_r_, "skRm") || + !t->GetBytes(&public_key_r_, "pkRm") || + !t->GetBytes(&secret_key_e_, "skEm") || + !t->GetBytes(&public_key_e_, "pkEm")) { + return false; + } + + for (int i = 1; t->HasAttribute(BuildAttrName("aad", i)); i++) { + Encryption encryption; + if (!t->GetBytes(&encryption.aad, BuildAttrName("aad", i)) || + !t->GetBytes(&encryption.ciphertext, BuildAttrName("ciphertext", i)) || + !t->GetBytes(&encryption.plaintext, BuildAttrName("plaintext", i))) { + return false; + } + encryptions_.push_back(std::move(encryption)); + } + + for (int i = 1; t->HasAttribute(BuildAttrName("exportContext", i)); i++) { + Export exp; + if (!t->GetBytes(&exp.exportContext, BuildAttrName("exportContext", i)) || + !FileTestReadInt(t, &exp.exportLength, + BuildAttrName("exportLength", i)) || + !t->GetBytes(&exp.exportValue, BuildAttrName("exportValue", i))) { + return false; + } + exports_.push_back(std::move(exp)); + } + return true; +} + +} // namespace + +TEST(HPKETest, VerifyTestVectors) { + FileTestGTest("crypto/hpke/hpke_test_vectors.txt", [](FileTest *t) { + HpkeTestVector test_vec; + EXPECT_TRUE(test_vec.ReadFromFileTest(t)); + test_vec.Verify(); + }); +} + +// The test vectors used fixed sender ephemeral keys, while HPKE itself +// generates new keys for each context. Test this codepath by checking we can +// decrypt our own messages. +TEST(HPKETest, RoundTrip) { + uint16_t kdf_ids[] = {EVP_HPKE_HKDF_SHA256, EVP_HPKE_HKDF_SHA384, + EVP_HPKE_HKDF_SHA512}; + uint16_t aead_ids[] = {EVP_HPKE_AEAD_AES_GCM_128, EVP_HPKE_AEAD_AES_GCM_256, + EVP_HPKE_AEAD_CHACHA20POLY1305}; + + const uint8_t info_a[] = {1, 1, 2, 3, 5, 8}; + const uint8_t info_b[] = {42, 42, 42}; + const uint8_t ad_a[] = {1, 2, 4, 8, 16}; + const uint8_t ad_b[] = {7}; + Span info_values[] = {{nullptr, 0}, info_a, info_b}; + Span ad_values[] = {{nullptr, 0}, ad_a, ad_b}; + + // Generate the receiver's keypair. + uint8_t secret_key_r[X25519_PRIVATE_KEY_LEN]; + uint8_t public_key_r[X25519_PUBLIC_VALUE_LEN]; + X25519_keypair(public_key_r, secret_key_r); + + for (uint16_t kdf_id : kdf_ids) { + for (uint16_t aead_id : aead_ids) { + for (const Span &info : info_values) { + for (const Span &ad : ad_values) { + // Set up the sender. + ScopedEVP_HPKE_CTX sender_ctx; + uint8_t enc[X25519_PUBLIC_VALUE_LEN]; + ASSERT_TRUE(EVP_HPKE_CTX_setup_base_s_x25519( + sender_ctx.get(), enc, kdf_id, aead_id, public_key_r, info.data(), + info.size())); + + // Set up the receiver. + ScopedEVP_HPKE_CTX receiver_ctx; + ASSERT_TRUE(EVP_HPKE_CTX_setup_base_r_x25519( + receiver_ctx.get(), kdf_id, aead_id, enc, public_key_r, + secret_key_r, info.data(), info.size())); + + const char kCleartextPayload[] = "foobar"; + + // Have sender encrypt message for the receiver. + std::vector ciphertext( + sizeof(kCleartextPayload) + + EVP_HPKE_CTX_max_overhead(sender_ctx.get())); + size_t ciphertext_len; + ASSERT_TRUE(EVP_HPKE_CTX_seal( + sender_ctx.get(), ciphertext.data(), &ciphertext_len, + ciphertext.size(), + reinterpret_cast(kCleartextPayload), + sizeof(kCleartextPayload), ad.data(), ad.size())); + + // Have receiver decrypt the message. + std::vector cleartext(ciphertext.size()); + size_t cleartext_len; + ASSERT_TRUE(EVP_HPKE_CTX_open(receiver_ctx.get(), cleartext.data(), + &cleartext_len, cleartext.size(), + ciphertext.data(), ciphertext_len, + ad.data(), ad.size())); + + // Verify that decrypted message matches the original. + ASSERT_EQ(Bytes(cleartext.data(), cleartext_len), + Bytes(kCleartextPayload, sizeof(kCleartextPayload))); + } + } + } + } +} + +// Verify that the DH operations inside Encap() and Decap() both fail when the +// public key is on a small-order point in the curve. +TEST(HPKETest, X25519EncapSmallOrderPoint) { + // Borrowed from X25519Test.SmallOrder. + static const uint8_t kSmallOrderPoint[32] = { + 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, + 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, + 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, + }; + + // Generate a valid keypair for the receiver. + uint8_t secret_key_r[X25519_PRIVATE_KEY_LEN]; + uint8_t public_key_r[X25519_PUBLIC_VALUE_LEN]; + X25519_keypair(public_key_r, secret_key_r); + + uint16_t kdf_ids[] = {EVP_HPKE_HKDF_SHA256, EVP_HPKE_HKDF_SHA384, + EVP_HPKE_HKDF_SHA512}; + uint16_t aead_ids[] = {EVP_HPKE_AEAD_AES_GCM_128, EVP_HPKE_AEAD_AES_GCM_256, + EVP_HPKE_AEAD_CHACHA20POLY1305}; + + for (uint16_t kdf_id : kdf_ids) { + for (uint16_t aead_id : aead_ids) { + // Set up the sender, passing in kSmallOrderPoint as |peer_public_value|. + ScopedEVP_HPKE_CTX sender_ctx; + uint8_t enc[X25519_PUBLIC_VALUE_LEN]; + ASSERT_FALSE(EVP_HPKE_CTX_setup_base_s_x25519( + sender_ctx.get(), enc, kdf_id, aead_id, kSmallOrderPoint, nullptr, + 0)); + + // Set up the receiver, passing in kSmallOrderPoint as |enc|. + ScopedEVP_HPKE_CTX receiver_ctx; + ASSERT_FALSE(EVP_HPKE_CTX_setup_base_r_x25519( + receiver_ctx.get(), kdf_id, aead_id, kSmallOrderPoint, public_key_r, + secret_key_r, nullptr, 0)); + } + } +} + +// Test that Seal() fails when the context has been initialized as a receiver. +TEST(HPKETest, ReceiverInvalidSeal) { + const uint8_t kMockEnc[X25519_PUBLIC_VALUE_LEN] = {0xff}; + const char kCleartextPayload[] = "foobar"; + + // Generate the receiver's keypair. + uint8_t secret_key_r[X25519_PRIVATE_KEY_LEN]; + uint8_t public_key_r[X25519_PUBLIC_VALUE_LEN]; + X25519_keypair(public_key_r, secret_key_r); + + // Set up the receiver. + ScopedEVP_HPKE_CTX receiver_ctx; + ASSERT_TRUE(EVP_HPKE_CTX_setup_base_r_x25519( + receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_GCM_128, + kMockEnc, public_key_r, secret_key_r, nullptr, 0)); + + // Call Seal() on the receiver. + size_t ciphertext_len; + uint8_t ciphertext[100]; + ASSERT_FALSE(EVP_HPKE_CTX_seal( + receiver_ctx.get(), ciphertext, &ciphertext_len, sizeof(ciphertext), + reinterpret_cast(kCleartextPayload), + sizeof(kCleartextPayload), nullptr, 0)); +} + +// Test that Open() fails when the context has been initialized as a sender. +TEST(HPKETest, SenderInvalidOpen) { + const uint8_t kMockCiphertext[100] = {0xff}; + const size_t kMockCiphertextLen = 80; + + // Generate the receiver's keypair. + uint8_t secret_key_r[X25519_PRIVATE_KEY_LEN]; + uint8_t public_key_r[X25519_PUBLIC_VALUE_LEN]; + X25519_keypair(public_key_r, secret_key_r); + + // Set up the sender. + ScopedEVP_HPKE_CTX sender_ctx; + uint8_t enc[X25519_PUBLIC_VALUE_LEN]; + ASSERT_TRUE(EVP_HPKE_CTX_setup_base_s_x25519( + sender_ctx.get(), enc, EVP_HPKE_HKDF_SHA256, EVP_HPKE_AEAD_AES_GCM_128, + public_key_r, nullptr, 0)); + + // Call Open() on the sender. + uint8_t cleartext[128]; + size_t cleartext_len; + ASSERT_FALSE(EVP_HPKE_CTX_open(sender_ctx.get(), cleartext, &cleartext_len, + sizeof(cleartext), kMockCiphertext, + kMockCiphertextLen, nullptr, 0)); +} + +TEST(HPKETest, InternalParseIntSafe) { + uint8_t u8 = 0xff; + ASSERT_FALSE(ParseIntSafe(&u8, "-1")); + + ASSERT_TRUE(ParseIntSafe(&u8, "0")); + ASSERT_EQ(u8, 0); + + ASSERT_TRUE(ParseIntSafe(&u8, "255")); + ASSERT_EQ(u8, 255); + + ASSERT_FALSE(ParseIntSafe(&u8, "256")); + + uint16_t u16 = 0xffff; + ASSERT_TRUE(ParseIntSafe(&u16, "257")); + ASSERT_EQ(u16, 257); + + ASSERT_TRUE(ParseIntSafe(&u16, "65535")); + ASSERT_EQ(u16, 65535); + + ASSERT_FALSE(ParseIntSafe(&u16, "65536")); +} + + +} // namespace bssl diff --git a/crypto/hpke/hpke_test_vectors.txt b/crypto/hpke/hpke_test_vectors.txt new file mode 100644 index 0000000000..7ec99de564 --- /dev/null +++ b/crypto/hpke/hpke_test_vectors.txt @@ -0,0 +1,407 @@ +kdfID = 1 +aeadID = 1 +info = 4f6465206f6e2061204772656369616e2055726e +skRm = b3e438a60baef3800d7efd1c4c83c67e003c7c2b36b671b3e51d570f5c224cc6 +skEm = 46baf826b58e5ad2e6277de734fe5c0bc88d49a3d26d937f2f8b0ef0e361adcc +pkRm = 1b033b44a9f9fa57fddd7b583a310f3f8e550099d3af284709ca9eab4fa34673 +pkEm = 7d832f404f70071d69f285292f0758291f966274fdc5fa494bf6f1bbf81c2252 +# encryptions[0] +aad = 436f756e742d30 +ciphertext = 437ee37ee8210fcda87a7aae7c5e97b0caf37b93e70b916444cd9762fa3aa2fc877bae2fe16dee3924968063bf +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[1] +aad = 436f756e742d31 +ciphertext = 448fdab5b1331bc2daf1c3e4de42da186c1180235cccf69af0062cb22d646e48cdcd8babe828c3367ba1056c2c +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[2] +aad = 436f756e742d32 +ciphertext = 78af7509a1b84eae6f59b1bdccef888421b020a97f1a6be270363e5c45005389418e73235a942f9fd46b37a352 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[3] +aad = 436f756e742d33 +ciphertext = 5152f55bf389fba1eeb972a88b7a7391f1102b2105f78b1a03baad2543b0ac008f7a59ea64ec044d43d7aeebf8 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[4] +aad = 436f756e742d34 +ciphertext = d4939ff18065a54b1e988c72649aa81b1bbdcf9496d150efbe2c03c084f6477653bc03fd58a58a03d4ab78e47b +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[5] +aad = 436f756e742d35 +ciphertext = 771277b0c50eab4b1aa802b019391f52d2e08459ffea6ca84de9ad691414d15ed9f6f091b3a2190d01e364394c +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[6] +aad = 436f756e742d36 +ciphertext = 914144c371d68501260ce1281e9d4b86710a4184f734e0d00dca765c8e2ffbde118ca63019b749717afc99cc6a +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[7] +aad = 436f756e742d37 +ciphertext = 91c6f9894280f4185b9a1f66d11afd94a81884306c73159b9bad702cf568bbcb5424ecb32388fdf1b0523b99ba +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[8] +aad = 436f756e742d38 +ciphertext = 8901bd3602f5fc51b85367695a4f003e0094e86f01a8564434b12ca2ad290d13476772ae87fbbb091b1a755981 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[9] +aad = 436f756e742d39 +ciphertext = e996c46f77eadd23098140d3223c4b890d1a9ed5b8e02941ab5c93fc370ddbf9477edc26b48b3ec6b8067e32d2 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# exports[0] +exportContext = 436f6e746578742d30 +exportLength = 32 +exportValue = 9bc841c822d823b56312319e28775373eb5ba1259b6c721393f9bf9868f0ba8e +# exports[1] +exportContext = 436f6e746578742d31 +exportLength = 32 +exportValue = dd76d8a3fbfd50a6468c0a332ebd50ac518ca1747ce5014b4d6fb584968246eb +# exports[2] +exportContext = 436f6e746578742d32 +exportLength = 32 +exportValue = 3a70fe6e8409f204bcfada3d8795c59a676de533d2451b4d5e7506ec48529277 +# exports[3] +exportContext = 436f6e746578742d33 +exportLength = 32 +exportValue = 1a5df4a86790fbbe9164463d927ba7b7c7f3daea8d1f39576076b00f03b7372e +# exports[4] +exportContext = 436f6e746578742d34 +exportLength = 32 +exportValue = 03d04b52901947dea1d034489cbc07d8cb94aa3365842c5bb1b6ca52969b86ba + +kdfID = 1 +aeadID = 2 +info = 4f6465206f6e2061204772656369616e2055726e +skRm = da634eee68734edcd50b2b14c73262fa3ed2726cc85d3c328ccdaabbbec9d53d +skEm = e28ec716ac495417440ef674ccf438722932da41b5481b8826f4f7947c4d9069 +pkRm = 1ea4497701b05912be470df9d06ee114b825b9f9feec09f6aa9b2ca6b7be1360 +pkEm = 1a468c14ca9d0615f9a14b565c0625058f9b56485006dcab10d762e5260d3041 +# encryptions[0] +aad = 436f756e742d30 +ciphertext = bb9270559e7f209f764aca4e186040a561e6f2a4f34d6edc59163786ccc41231166f40bf6699f45bc11e25163f +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[1] +aad = 436f756e742d31 +ciphertext = d6743a322f18e3fff2d06e3912b3d484c315772bee09929dba1a27e8e93f11fbced8efbf45d422210bb09f52e5 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[2] +aad = 436f756e742d32 +ciphertext = 89964cbd1aedd4398a9e0fcca0ac245d04e6823666ea639be02bb9ad1bb297e9a974ea1c489414a8e5032a3609 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[3] +aad = 436f756e742d33 +ciphertext = bc8f37b1f7b179b6e97ae97dd08674a7124e9af73b6131b3bff3a071027c27a3e8210522130ad7c2ad20afbbec +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[4] +aad = 436f756e742d34 +ciphertext = e2477e3230130508f8ff9a076b3ff0b4d162defd595962f10dceb9caf72ddddfd8739b184c92a7546e1ad93d49 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[5] +aad = 436f756e742d35 +ciphertext = ee5d485f2e6670b65d7a31fb134823016d3f9059b12bfbda706c4e592f862aca43631f94619f7ad2126bbdf771 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[6] +aad = 436f756e742d36 +ciphertext = a7ebc5793d72288bd382222aae883355a5eab73ba5c7271d66328e1825f3b9f0418e1b204933374e4dd55d8316 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[7] +aad = 436f756e742d37 +ciphertext = 2a5bb8b837de5b0bfea4070918c27c9aadea777bc043189a12dd78aacc197aef16ec3f4d90e7889f8962181bfe +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[8] +aad = 436f756e742d38 +ciphertext = 5fbab7888d1df36f9a7f7607dfc67eb2878e87cb4972fb5e0f2dd6570153c5f64a21bd042fa1a07135482e9767 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[9] +aad = 436f756e742d39 +ciphertext = ac94f708e42b900361fabe181d638d03faf663530bdb635944d5fc48425ee2598b311ba6c7b2495ab9cec34338 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# exports[0] +exportContext = 436f6e746578742d30 +exportLength = 32 +exportValue = 57c5a85e2538d066a529c321a740e0dba3ab413b5d7a74fd5e9c535dc92a9c93 +# exports[1] +exportContext = 436f6e746578742d31 +exportLength = 32 +exportValue = adae370a00458fe0815fb39e0c6708a1e32d8a41d299ec6ec3ff0b3aafa5e9ef +# exports[2] +exportContext = 436f6e746578742d32 +exportLength = 32 +exportValue = 68ddde9847cf50fc0c31eb94a5071c119a4f018bbcff323614b4664808e9567b +# exports[3] +exportContext = 436f6e746578742d33 +exportLength = 32 +exportValue = 6d0684b38f5f05aceefeaaa17bf71b39d5379940761bd38cb0499161565394cf +# exports[4] +exportContext = 436f6e746578742d34 +exportLength = 32 +exportValue = c694953e7e6df9c1d74550b5d54b62a316227c5b08c8f1ff51f124d29b3ae2f8 + +kdfID = 1 +aeadID = 3 +info = 4f6465206f6e2061204772656369616e2055726e +skRm = 677b64ff70915fb0404a1905139013a33fcdbc39f3d1914a007984e2413eca48 +skEm = 22e0948a3fd086e7ec1cb96155499962bc470680db725dd008d39d25f6191bf6 +pkRm = 02bd698c34ef1c3ec60d5b209135310d52e125038a0ce0bf1e0ee2c8dfc20e55 +pkEm = de17360c5c7f244cd06ebc73f2808195329ea69ff829410a6450040d50af363f +# encryptions[0] +aad = 436f756e742d30 +ciphertext = b706a7523384a553fb1c44d5d3186bb78484947cd17e72f15f1c83152510e49680cac8f057f175187e94f18083 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[1] +aad = 436f756e742d31 +ciphertext = cdc1a9425ceea83e9f1d0a2be77525460cbe259d1a9314eba520c5f5f879376a9ad7f8672ec943de425c6655c8 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[2] +aad = 436f756e742d32 +ciphertext = 5bb2028896d91f156cd6e171d1470361bc07aa804a3ed64163ea67da67bce84e3d2f73b8d75f9a4dcb452b97e6 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[3] +aad = 436f756e742d33 +ciphertext = 220790f4242aa714ad2c44967810cc8c9483e1833d7f9dadd08999abd892aeb3fb1ca54a29c4ea22d1395d85d3 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[4] +aad = 436f756e742d34 +ciphertext = 73973035d480c8299d1773522b738af626a5c834fc6af5ef5f8778fa6a767da89660f4aea7b4241b1f8b5cdebd +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[5] +aad = 436f756e742d35 +ciphertext = 2e35688b0bed657bc213ce0c960e478e2d708700b3b3ff7048bc62130f23a0752ad867167f1d1b709a48ea89c8 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[6] +aad = 436f756e742d36 +ciphertext = 14dd79e4ee9e416dfb954e4f0d73c44757ad375018a802cd0c4a7ba3fe378e5c8cc4cf21e648e6a8645a085cad +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[7] +aad = 436f756e742d37 +ciphertext = a996ed2f2680a15351eeb87643b99b558a59d8c1114a214acc8bf3dbe6b40c4d41e06ce8b1e11e795e37c75143 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[8] +aad = 436f756e742d38 +ciphertext = 8123ec5ffb77c7395bdf2baf9c73cd2b1bbfa0ec79870a1d6260189b559af29a9478c2675c82bd1e19d2e422bb +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[9] +aad = 436f756e742d39 +ciphertext = 55c9731edc92dee7683bbabc425fafa4dd199aaf74569bec1bbf79e082eab9006392ea1b3a2d07622b62bf0bbf +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# exports[0] +exportContext = 436f6e746578742d30 +exportLength = 32 +exportValue = bed211016a1fcc4328de46fd11d8be1f00a7e2c17979450e760c152fb77bc825 +# exports[1] +exportContext = 436f6e746578742d31 +exportLength = 32 +exportValue = f1c29485807379d0deec17a65606307c2723a1653ecb1bb601ed5f703623fec9 +# exports[2] +exportContext = 436f6e746578742d32 +exportLength = 32 +exportValue = 477680ef89421fd862866dfe00b70ac8906785c2346db09c8a868b0c23c28e98 +# exports[3] +exportContext = 436f6e746578742d33 +exportLength = 32 +exportValue = d0d5e1460ed084ae579eb5408d03d99482d74b5293e7aa19df06acbf16af8fab +# exports[4] +exportContext = 436f6e746578742d34 +exportLength = 32 +exportValue = f5fec947f00eccf828dcd4f1b405a115001cce97f3bc0d6f8c831f1cbebce36f + +kdfID = 3 +aeadID = 1 +info = 4f6465206f6e2061204772656369616e2055726e +skRm = 2ad8f8d251b97bdb392dcf671af13d6d26041e411faad5c984f68efaaa3b88b6 +skEm = b841f4832197fc363c965592a97fa762b04683114a9126f56dfff82c49a6f207 +pkRm = 6421cec0bf7fdead5b4d3f70acbf6f08577fe73961708e31d6df522d4ad6b20e +pkEm = 04ecf81b3a34094121586e4d237fcb9df92df22bb7ae2c0c7c187d839c29b953 +# encryptions[0] +aad = 436f756e742d30 +ciphertext = 9c4a9834cf1d2bfd16c7fe0a19f9f66afaecb805e06c212f08c245f772de9123e1bf41678f2e910a20158a0273 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[1] +aad = 436f756e742d31 +ciphertext = 1bb872e187c72ac6f89db81309d0fe2c57787efc3d076aab394e0218e33955039650da12e3f0241fd52cef41a5 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[2] +aad = 436f756e742d32 +ciphertext = c5a95f473b853e190b5eab703080c9ddf313d7e6751b2af382ad7f8e910c897757d7256801ef83e408795453c9 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[3] +aad = 436f756e742d33 +ciphertext = 1b5a3d36a34781f93f5508dabc74bd3c82a47bd05af7b2729ef254f42d5a068fa86a918c9cbe1db552d2d8d4d9 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[4] +aad = 436f756e742d34 +ciphertext = 46d9196849ad448e03a7603bb0eb2775586463051f2497f39cdd9211d1fd8ff71c97428639b0764f0ffba29f32 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[5] +aad = 436f756e742d35 +ciphertext = 346a0ecb07e20f32174095a32ef87fde07cefa99fbc70d2cda903fdb8128c204037e7c659b40047e66fc416e19 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[6] +aad = 436f756e742d36 +ciphertext = 41331c5365a8354fe9f221f0ebc6344bd86dfffe253da5cfa06d08089a6e0312e9c18ef57509c9faa2d0995650 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[7] +aad = 436f756e742d37 +ciphertext = b2ff99114ab4b8267f005bb6554b766d6f6c8274c2c669a325354cfb27034afaf0f6f7eb56901292ff804e7553 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[8] +aad = 436f756e742d38 +ciphertext = ae653f1d8dc035745b7e3fc2f81e4e6636f0597a9b6f6f1c7d5b0a23c50d76e1dc0a7cf4fa3b3126e12011302c +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[9] +aad = 436f756e742d39 +ciphertext = 0266729d852d16e9af909841bbe2444bccfab0575cd1c84ff6ddbf3259627fd5b73d24f402bb60bfbee1715951 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# exports[0] +exportContext = 436f6e746578742d30 +exportLength = 32 +exportValue = 3dba6be0ff119e093d6260766375f0f80c461c6592735ff58a1cf8989805192d +# exports[1] +exportContext = 436f6e746578742d31 +exportLength = 32 +exportValue = e43ef15f82fd672484625d6d3d8b1b157a98a20a6f55c4c084d2fd76b63d3be7 +# exports[2] +exportContext = 436f6e746578742d32 +exportLength = 32 +exportValue = 237c2e9a25524ca44ff5683b62e2fb366c583fbb72644b7208e7594e9d3221a5 +# exports[3] +exportContext = 436f6e746578742d33 +exportLength = 32 +exportValue = b421f68b38b2bb916e0925a21c80d1a8227ec6ad9a1e1539229142486f88c8af +# exports[4] +exportContext = 436f6e746578742d34 +exportLength = 32 +exportValue = 7736ddde377f0bf3da742d7baac698812a267441c3bcf86b72fed0503bfbac0c + +kdfID = 3 +aeadID = 2 +info = 4f6465206f6e2061204772656369616e2055726e +skRm = 7dddb757b5c12c7c28b4f7a7e3f4d10f5d077e5d410a66997cb4e73b69e824d7 +skEm = 089af845076a811768c8eaed47322755f47f4907d2610a1629893d6e1143acca +pkRm = ffe3129f906112823ec1c619e0025f5a44cd5a93e0807c61c91336aa22222f6e +pkEm = 9bf7495a8ed10966c9f285170ce99ee8aa686095cb1f44500324fae45aba7953 +# encryptions[0] +aad = 436f756e742d30 +ciphertext = b2263e5b1651fae482259475f2d71d5a95e430ea360c88cfe656ef8cef6a97fec94d0bfb996bd794a183269368 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[1] +aad = 436f756e742d31 +ciphertext = b502c5fb389b8c128f58065f6767063132c53a401300679df875a1688f0d05a0b2e3859add4fe82891356690c8 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[2] +aad = 436f756e742d32 +ciphertext = a0afe304ea046340a3c8c8806f227a2ad6d8a48b583bc6a766af0cd0b0231dc3806d597651b5805cd9062e1f87 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[3] +aad = 436f756e742d33 +ciphertext = 75b462e185cd1af728b4853152379f59af8a29af409a206c9d63b02042089d28662eac4d2af800138bcc52cd34 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[4] +aad = 436f756e742d34 +ciphertext = 2d6a758ac9da40a3a1b965152941bf58602f56e12db95636ad5d9c465a1872884e795ec232bd591ea804829458 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[5] +aad = 436f756e742d35 +ciphertext = dd2e30e1c9b30a0130e88e96239ade666961a8de16d79b75d638ede224d662509a17404e7479097c1658921047 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[6] +aad = 436f756e742d36 +ciphertext = bc20bc221ea15f84e41774bc11b684f074d414be09659b147f186891325f7d52b7d19ae57d9fff88cc4ba825a2 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[7] +aad = 436f756e742d37 +ciphertext = 6ef4d0678cf026651f56c53719a678b178105e1a791051076f2567364a536e8aac76bac03178b2276337e12320 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[8] +aad = 436f756e742d38 +ciphertext = 5da431e3723f549ccada9d122ccd127b031c9a221c7bb360e742e7c0f68fc81d012df7aa1c6181980ce793644c +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[9] +aad = 436f756e742d39 +ciphertext = 9ba2c8e0477d370d71b486c3f52a9f9ef99d7e8991eb50b2692d777e552801f0a7f7deb8d0567ca8575b4c2331 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# exports[0] +exportContext = 436f6e746578742d30 +exportLength = 32 +exportValue = 9fda6d97dafe3768680d87a5e10fe251aa46693329ebdf56f49b3c467b76e9c0 +# exports[1] +exportContext = 436f6e746578742d31 +exportLength = 32 +exportValue = 4c9e496f3265a28a73ce85b3143a5ffba3b55ce8025d735e9ed39aebaab80efe +# exports[2] +exportContext = 436f6e746578742d32 +exportLength = 32 +exportValue = 2425dfcdf16879e51f6c6f3c0d0d0f814d132ad575ce416b7485facd34bb42b9 +# exports[3] +exportContext = 436f6e746578742d33 +exportLength = 32 +exportValue = 51f1bdf3bf8bce5b10b76c957034ce3630fe7fc1be7c00bcec7e837ceed2f3cd +# exports[4] +exportContext = 436f6e746578742d34 +exportLength = 32 +exportValue = 80ad324b3e7763a7309ce0615fe8bb5723065be5aa7f68a7ca9e3d3a76c0a0f3 + +kdfID = 3 +aeadID = 3 +info = 4f6465206f6e2061204772656369616e2055726e +skRm = 124759e117f6aa5677c747d09a2d82607db2a388a6473647aeb605b66822819c +skEm = 70fe54f14893759e23b4c975cfcb8cbc1ae9b8a4d78a48789a5f47324bda5b84 +pkRm = 0b9c41a605aba4ffa30f336a976cf4f30a1dd5e8fdf0d4da0f745a147e491828 +pkEm = 147b25161de4080624c11d1cde83d5a571ba17201385ca22302b9509d1101e46 +# encryptions[0] +aad = 436f756e742d30 +ciphertext = 77f434a667845f41c5bf5e6e6113484d45fbf7fd61cc36a141b920e4bb5b6ad3a61c67033a15dc495e8595ef45 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[1] +aad = 436f756e742d31 +ciphertext = e5f64ec06a92fb2f81ad6203629d981c265aee092b3e20ddc161e163c0a29d1b9fcc7ddb5dede6d34571406f50 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[2] +aad = 436f756e742d32 +ciphertext = 9252583ed8c5258877afa5dac29acb338cf57c702b03d20130b86234b231e3866b1732369cf6c7fdaace68c246 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[3] +aad = 436f756e742d33 +ciphertext = d5c2e0a633d6786a7d919f40c26ee8a1491a4101a441460d51720ff769b86a71ff74fc9601bd8f4c597d95c057 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[4] +aad = 436f756e742d34 +ciphertext = 807165bdd35f448b9b649ce3ec8a9835836ef88dab28c5a77d0f46bac1dd6f543ebd64bbd7840c860c5a2d1ee5 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[5] +aad = 436f756e742d35 +ciphertext = 208e3adb17a694d567a84428ecf76a562d38fbee827e245eb0e96426429c3a32805f9f675b99a28325c11a9d51 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[6] +aad = 436f756e742d36 +ciphertext = f34e3f00d1b731786b5b7ab0e4bf23fd8f3889d6ee75ca9de755d22f8e099ef0d92a6ab4d6e635c788faaac588 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[7] +aad = 436f756e742d37 +ciphertext = fd45de4d582f57bd5228688c0e08553c3e3d6a875bcd1c67e196b94fc6238ddbf69a17186416669b0ee124bddb +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[8] +aad = 436f756e742d38 +ciphertext = 6416f410aa1aecb24c8c17cd9b6eabda1bfee2bd13aa52c5dfc80c482236b99568de15b3543522486dc594dc13 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[9] +aad = 436f756e742d39 +ciphertext = 2bc1f3380dc05ce46a004a679dca47cdc46d25b02662274442562e1f03db3860d1abf28027718cb73a6c2c05f8 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# exports[0] +exportContext = 436f6e746578742d30 +exportLength = 32 +exportValue = 73ceb7e41223a42a3e6661f15530ae494ecfd2c6a9e809c67243a0910ee75794 +# exports[1] +exportContext = 436f6e746578742d31 +exportLength = 32 +exportValue = 9af39f0e6462be9a3efb1fe2eedc6e2d2942c0c9ecae1ee4e8831d675cce6fc4 +# exports[2] +exportContext = 436f6e746578742d32 +exportLength = 32 +exportValue = 0ea567aa2da373a71ff88cc6b91abc8b1dd48baaf032f878a5e6d9335f813003 +# exports[3] +exportContext = 436f6e746578742d33 +exportLength = 32 +exportValue = ee6ca654a57a66cd0315716d709d4c52f5f41a69249776c13077967c4c418af2 +# exports[4] +exportContext = 436f6e746578742d34 +exportLength = 32 +exportValue = 50dfd00952f71e8c1bd51ed6acde15bd558c97581f7dc17fe6e637d61e12df02 diff --git a/crypto/hpke/internal.h b/crypto/hpke/internal.h new file mode 100644 index 0000000000..79f65aaeb3 --- /dev/null +++ b/crypto/hpke/internal.h @@ -0,0 +1,192 @@ +/* Copyright (c) 2020, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H +#define OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H + +#include +#include +#include + +#if defined(__cplusplus) +extern "C" { +#endif + + +// Hybrid Public Key Encryption. +// +// Hybrid Public Key Encryption (HPKE) enables a sender to encrypt messages to a +// receiver with a public key. +// +// See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-04. + +// EVP_HPKE_AEAD_* are AEAD identifiers. +#define EVP_HPKE_AEAD_AES_GCM_128 0x0001 +#define EVP_HPKE_AEAD_AES_GCM_256 0x0002 +#define EVP_HPKE_AEAD_CHACHA20POLY1305 0x0003 + +// EVP_HPKE_HKDF_* are HKDF identifiers. +#define EVP_HPKE_HKDF_SHA256 0x0001 +#define EVP_HPKE_HKDF_SHA384 0x0002 +#define EVP_HPKE_HKDF_SHA512 0x0003 + +// EVP_HPKE_MAX_OVERHEAD contains the largest value that +// |EVP_HPKE_CTX_max_overhead| would ever return for any context. +#define EVP_HPKE_MAX_OVERHEAD EVP_AEAD_MAX_OVERHEAD + + +// Encryption contexts. + +// An |EVP_HPKE_CTX| is an HPKE encryption context. +typedef struct evp_hpke_ctx_st { + const EVP_MD *hkdf_md; + EVP_AEAD_CTX aead_ctx; + uint16_t kdf_id; + uint16_t aead_id; + uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH]; + uint8_t exporter_secret[EVP_MAX_MD_SIZE]; + uint64_t seq; + int is_sender; +} EVP_HPKE_CTX; + +// EVP_HPKE_CTX_init initializes an already-allocated |EVP_HPKE_CTX|. The caller +// should then use one of the |EVP_HPKE_CTX_setup_*| functions. +// +// It is safe, but not necessary to call |EVP_HPKE_CTX_cleanup| in this state. +OPENSSL_EXPORT void EVP_HPKE_CTX_init(EVP_HPKE_CTX *ctx); + +// EVP_HPKE_CTX_cleanup releases memory referenced by |ctx|. |ctx| must have +// been initialized with |EVP_HPKE_CTX_init|. +OPENSSL_EXPORT void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx); + + +// Setting up HPKE contexts. +// +// In each of the following functions, |hpke| must have been initialized with +// |EVP_HPKE_CTX_init|. |kdf_id| selects the KDF for non-KEM HPKE operations and +// must be one of the |EVP_HPKE_HKDF_*| constants. |aead_id| selects the AEAD +// for the "open" and "seal" operations and must be one of the |EVP_HPKE_AEAD_*" +// constants." +// +// See https://www.ietf.org/id/draft-irtf-cfrg-hpke-04.html#section-5.1.1. + +// EVP_HPKE_CTX_setup_base_s_x25519 sets up |hpke| as a sender context that can +// encrypt for the private key corresponding to |peer_public_value| (the +// recipient's public key). It returns one on success, and zero otherwise. Note +// that this function may fail if |peer_public_value| is invalid. +// +// This function writes the encapsulated shared secret to |out_enc|. +OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_s_x25519( + EVP_HPKE_CTX *hpke, uint8_t out_enc[X25519_PUBLIC_VALUE_LEN], + uint16_t kdf_id, uint16_t aead_id, + const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN], + const uint8_t *info, size_t info_len); + +// EVP_HPKE_CTX_setup_base_s_x25519_for_test behaves like +// |EVP_HPKE_CTX_setup_base_s_x25519|, but takes a pre-generated ephemeral +// sender key. +OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_s_x25519_for_test( + EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id, + const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN], + const uint8_t *info, size_t info_len, + const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN], + const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]); + +// EVP_HPKE_CTX_setup_base_r_x25519 sets up |hpke| as a recipient context that +// can decrypt messages. |private_key| is the recipient's private key, and |enc| +// is the encapsulated shared secret from the sender. Note that this function +// may fail if |enc| is invalid. +OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_r_x25519( + EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id, + const uint8_t enc[X25519_PUBLIC_VALUE_LEN], + const uint8_t public_key[X25519_PUBLIC_VALUE_LEN], + const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info, + size_t info_len); + + +// Using an HPKE context. + +// EVP_HPKE_CTX_open uses the HPKE context |hpke| to authenticate |in_len| bytes +// from |in| and |ad_len| bytes from |ad| and to decrypt at most |in_len| bytes +// into |out|. It returns one on success, and zero otherwise. +// +// This operation will fail if the |hpke| context is not set up as a receiver. +// +// Note that HPKE encryption is stateful and ordered. The sender's first call to +// |EVP_HPKE_CTX_seal| must correspond to the recipient's first call to +// |EVP_HPKE_CTX_open|, etc. +// +// At most |in_len| bytes are written to |out|. In order to ensure success, +// |max_out_len| should be at least |in_len|. On successful return, |*out_len| +// is set to the actual number of bytes written. +OPENSSL_EXPORT int EVP_HPKE_CTX_open(EVP_HPKE_CTX *hpke, uint8_t *out, + size_t *out_len, size_t max_out_len, + const uint8_t *in, size_t in_len, + const uint8_t *ad, size_t ad_len); + +// EVP_HPKE_CTX_seal uses the HPKE context |hpke| to encrypt and authenticate +// |in_len| bytes of ciphertext |in| and authenticate |ad_len| bytes from |ad|, +// writing the result to |out|. It returns one on success and zero otherwise. +// +// This operation will fail if the |hpke| context is not set up as a sender. +// +// Note that HPKE encryption is stateful and ordered. The sender's first call to +// |EVP_HPKE_CTX_seal| must correspond to the recipient's first call to +// |EVP_HPKE_CTX_open|, etc. +// +// At most, |max_out_len| encrypted bytes are written to |out|. On successful +// return, |*out_len| is set to the actual number of bytes written. +// +// To ensure success, |max_out_len| should be |in_len| plus the result of +// |EVP_HPKE_CTX_max_overhead| or |EVP_HPKE_MAX_OVERHEAD|. +OPENSSL_EXPORT int EVP_HPKE_CTX_seal(EVP_HPKE_CTX *hpke, uint8_t *out, + size_t *out_len, size_t max_out_len, + const uint8_t *in, size_t in_len, + const uint8_t *ad, size_t ad_len); + +// EVP_HPKE_CTX_export uses the HPKE context |hpke| to export a secret of +// |secret_len| bytes into |out|. This function uses |context_len| bytes from +// |context| as a context string for the secret. This is necessary to separate +// different uses of exported secrets and bind relevant caller-specific context +// into the output. It returns one on success and zero otherwise. +OPENSSL_EXPORT int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *hpke, uint8_t *out, + size_t secret_len, + const uint8_t *context, + size_t context_len); + +// EVP_HPKE_CTX_max_overhead returns the maximum number of additional bytes +// added by sealing data with |EVP_HPKE_CTX_seal|. The |hpke| context must be +// set up as a sender. +OPENSSL_EXPORT size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *hpke); + + +#if defined(__cplusplus) +} // extern C +#endif + +#if !defined(BORINGSSL_NO_CXX) +extern "C++" { + +BSSL_NAMESPACE_BEGIN + +using ScopedEVP_HPKE_CTX = + internal::StackAllocated; + +BSSL_NAMESPACE_END + +} // extern C++ +#endif + +#endif // OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H diff --git a/crypto/hpke/test-vectors.json b/crypto/hpke/test-vectors.json new file mode 100644 index 0000000000..166e579913 --- /dev/null +++ b/crypto/hpke/test-vectors.json @@ -0,0 +1 @@ +[{"mode":0,"kemID":32,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"887d7568a924f21f2736760a98ffdee7961bae159e5718c277cc86c34d9e6a1a","seedE":"a4386430cc425a34cb4dc59b6770504b87dfb40ea49314b2e2896d2abb4c6168","skRm":"b3e438a60baef3800d7efd1c4c83c67e003c7c2b36b671b3e51d570f5c224cc6","skEm":"46baf826b58e5ad2e6277de734fe5c0bc88d49a3d26d937f2f8b0ef0e361adcc","pkRm":"1b033b44a9f9fa57fddd7b583a310f3f8e550099d3af284709ca9eab4fa34673","pkEm":"7d832f404f70071d69f285292f0758291f966274fdc5fa494bf6f1bbf81c2252","enc":"7d832f404f70071d69f285292f0758291f966274fdc5fa494bf6f1bbf81c2252","zz":"a7815531e7ceb236ddf324d38be707652f807da5fc2a92c4ef930cf1b4ed2b83","keyScheduleContext":"005f59a87af52c687cb9e55e42cd7be07d4f1714b7c32c1586037310f1042ce238e2315be921bff8bea06dd5e9a1813a3f909b9eb7a8dbd90ac60b906e50ab910d","secret":"92618dbeba8b439353c831055e702a38d04bc194ec9f3980f349eeda6fe4a833","key":"7aa0d855767daea21e59a0bd8cd5559a","nonce":"3fe5faf065fd9c005755dd66","exporterSecret":"bc98ab04d503d3876233fdfdc2c78e253997f5861d4c72c70682e8fe965b795c","encryptions":[{"aad":"436f756e742d30","ciphertext":"437ee37ee8210fcda87a7aae7c5e97b0caf37b93e70b916444cd9762fa3aa2fc877bae2fe16dee3924968063bf","nonce":"3fe5faf065fd9c005755dd66","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"448fdab5b1331bc2daf1c3e4de42da186c1180235cccf69af0062cb22d646e48cdcd8babe828c3367ba1056c2c","nonce":"3fe5faf065fd9c005755dd67","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"78af7509a1b84eae6f59b1bdccef888421b020a97f1a6be270363e5c45005389418e73235a942f9fd46b37a352","nonce":"3fe5faf065fd9c005755dd64","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"5152f55bf389fba1eeb972a88b7a7391f1102b2105f78b1a03baad2543b0ac008f7a59ea64ec044d43d7aeebf8","nonce":"3fe5faf065fd9c005755dd65","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d4939ff18065a54b1e988c72649aa81b1bbdcf9496d150efbe2c03c084f6477653bc03fd58a58a03d4ab78e47b","nonce":"3fe5faf065fd9c005755dd62","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"771277b0c50eab4b1aa802b019391f52d2e08459ffea6ca84de9ad691414d15ed9f6f091b3a2190d01e364394c","nonce":"3fe5faf065fd9c005755dd63","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"914144c371d68501260ce1281e9d4b86710a4184f734e0d00dca765c8e2ffbde118ca63019b749717afc99cc6a","nonce":"3fe5faf065fd9c005755dd60","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"91c6f9894280f4185b9a1f66d11afd94a81884306c73159b9bad702cf568bbcb5424ecb32388fdf1b0523b99ba","nonce":"3fe5faf065fd9c005755dd61","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8901bd3602f5fc51b85367695a4f003e0094e86f01a8564434b12ca2ad290d13476772ae87fbbb091b1a755981","nonce":"3fe5faf065fd9c005755dd6e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e996c46f77eadd23098140d3223c4b890d1a9ed5b8e02941ab5c93fc370ddbf9477edc26b48b3ec6b8067e32d2","nonce":"3fe5faf065fd9c005755dd6f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"9bc841c822d823b56312319e28775373eb5ba1259b6c721393f9bf9868f0ba8e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"dd76d8a3fbfd50a6468c0a332ebd50ac518ca1747ce5014b4d6fb584968246eb"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"3a70fe6e8409f204bcfada3d8795c59a676de533d2451b4d5e7506ec48529277"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"1a5df4a86790fbbe9164463d927ba7b7c7f3daea8d1f39576076b00f03b7372e"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"03d04b52901947dea1d034489cbc07d8cb94aa3365842c5bb1b6ca52969b86ba"}]},{"mode":1,"kemID":32,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"aecde81a39413cb368a34fe373ae4d0b04627d8c4c9d314be383a613190489cf","seedE":"76c93930b53d48e43a1388d499c537b4d18f282223fc0377a38b3ec678ac17a1","skRm":"108da77586f47bbdedca2bc43a1a1f99a48a31a2db8d46113761878d067c0255","skEm":"fff57ea7bc794ceb283e4fa1d1b2dbe748f1dbc6274bee25aaad03a2951144a1","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"10b3301db3a78d0fa94cb5ff6858d7b8bb1f2bba8cbc8fe94866ae6b7d868443","pkEm":"0c0e9fb920a836c5ef42fd393589ac9d01af39f52c08caa7d80df9fec966d74b","enc":"0c0e9fb920a836c5ef42fd393589ac9d01af39f52c08caa7d80df9fec966d74b","zz":"5d9866637d1d10db5d9e80e672d5a249f083eba7c02d928ef81446158dfd151f","keyScheduleContext":"01dd2330a5ef651db37cebe3393a6bf27b38c3f8c4e954a5fe3c61df61ca3d8cb5e2315be921bff8bea06dd5e9a1813a3f909b9eb7a8dbd90ac60b906e50ab910d","secret":"39359ef40e95feeb2cc8274af171cc9144733a0d06a007bb570a7718a0e87abb","key":"9fcd938926bff5649971a302cb6ad4e9","nonce":"52aaae05295ab893fc603a3d","exporterSecret":"097204ac8b3f5bc894e6c2daeea4555acae24c069e9c9b3f60e57eba46322efd","encryptions":[{"aad":"436f756e742d30","ciphertext":"ea822a474afa4c7f3068e6094b6921972040091bc8f623aaab7a7c4f346607b7a8736d78fc24a0ad9d6948997a","nonce":"52aaae05295ab893fc603a3d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"bbe0e814ee486d1089d87d3887d83445094dd527deebb2de29e4cc98adc0ec3ff2eb89b8a876c9c60cadc45d65","nonce":"52aaae05295ab893fc603a3c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"9aff8102a2e733203edc9515c23140a3ab4b441efc31fdf589b6d30035a45e442a7a8001f286f2df183dad6d8b","nonce":"52aaae05295ab893fc603a3f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"624e1debe443fed48ae69aa7c9ebe48e3d20d20a20bc591d006c47401ef42fedf57b9788cc4b659519aaa02bf2","nonce":"52aaae05295ab893fc603a3e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d713dd26d7cf97cbf71066fdd3f050f0b0b01f966ad776682903fe438adf626fa754459e124e8a296e1d94170b","nonce":"52aaae05295ab893fc603a39","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1b56e1864079bd69d9b159741f370cb596dd0559d2d8ca46a9b4ba33aa310084462fce4b5b3ab509841206f57f","nonce":"52aaae05295ab893fc603a38","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"47570e893307b59980461e68b68c3da216ab5aa9259b43f7fd9e7a92def10d930cc28ffafb6f2119bba07ec368","nonce":"52aaae05295ab893fc603a3b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"abdf103b8560e0dc72c8bb9e3b1e17af36a534ac2ea2924f6fc51d57fe406e44050c7820da43184118950c9e82","nonce":"52aaae05295ab893fc603a3a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d2eae567b21dab03951d7acf1140f01e1e2013cb6216d0ed8cad0da1260b2386d46b8b829c94546a9fe6cf73fc","nonce":"52aaae05295ab893fc603a35","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"dabb5448157bfb60f0a77b19e4f95ae3ff0222e2dd68bc11b5ea9bf670605e783512b90eb610889e079fa65b91","nonce":"52aaae05295ab893fc603a34","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"6be00fcf37b00ced4d47b42fc9aee66026044879b56c7646b1a67aec253aac33"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"d020d8431dd820e6569d40339b7751169d0121050825c7dcb838a960e67258ab"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b005a4c2647f47e3af7033b9c19f99a8925133e57fb0586bdd200358693a3394"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"fee4e332350f2549cd64270501756659265b694347a2370d0cab8dc3d9699977"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"b865d4e12ca086df91837a264564beb2fdb6517bec481ea7ec7b2e9f173fe0b6"}]},{"mode":2,"kemID":32,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"87a91eb9ef6e96e901df4103d1671314aec5ee6474d667c0c2b4168c0e22b1c5","seedS":"eac00dbd269e725e8859e3862be47bfd17cf2d47e5be094ae77ff0ed836e7e95","seedE":"9f06a1c6641f4636066457ed4a502a8e23573f579ff2982eef6045b4d863d2ce","skRm":"6c0a018ecd71b0752532e33444cc9bb960f963553613f54afc08c0064dca99f1","skSm":"272f25db7679f8a1712418bbe6f7be123de4d507952adba2042145e27e18d567","skEm":"066c70df66ea1468d34355b30185663c8f45ea15451210f027a3593fb6a21688","pkRm":"91e14b11ce51fde83982907cfd2e077fb47203614d0dd36fbb4c5152921aca7b","pkSm":"8bdeda8a180e2ecaae23ad7f5a2e1aa2643068b80bf526e2cdb5f82160d18163","pkEm":"3f593e5fd05782bd7bda37171ae5d794ec6be72d60495a673a0764afdb7f9a53","enc":"3f593e5fd05782bd7bda37171ae5d794ec6be72d60495a673a0764afdb7f9a53","zz":"857c81b1681ede76b437a6075d6f93f348d5ae9b51da78e95d200b0196fc1e37","keyScheduleContext":"025f59a87af52c687cb9e55e42cd7be07d4f1714b7c32c1586037310f1042ce238e2315be921bff8bea06dd5e9a1813a3f909b9eb7a8dbd90ac60b906e50ab910d","secret":"15944a2b4517e879342fe24e6ed0340b32d4a44a2b2c6c2e83bb626e5e14cd12","key":"4f6826cc55ce4d0d344bfbe590855daa","nonce":"2465c7d4270d235531c3d695","exporterSecret":"f862a23f69dc83f0de76fe2546764c9c1d23dddedf8c7a0cc50b3e0872fb138d","encryptions":[{"aad":"436f756e742d30","ciphertext":"c37551008a6b7848ebc9d062c461f02d91323f4e5bde9720d4a53613bd6339112b287ff7b66c79cff05890eff5","nonce":"2465c7d4270d235531c3d695","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"4a5c4a6d0d20f6e1672a32fc757946a80bfedf17bfc6f761a6cb42b3bc9275800b6af087efc903b00a96ce276d","nonce":"2465c7d4270d235531c3d694","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"e7c100bbfeb8c7264587fb08efd9da552903175f752f70ee0feddfd5ca3732ceee38f9e2df8a55d91d28428c7f","nonce":"2465c7d4270d235531c3d697","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b42f263b69df0d3a76d9b24dd3c8ab15e442a3452c4c70a23adcc9ea0e6237737d0f52528ebfce6620267b027d","nonce":"2465c7d4270d235531c3d696","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"febc849423b1fa5d750f1f9c599c2cc7d45ddd5d3667132abaf7de0f3fec985599b7f977edb91ab93d33af657d","nonce":"2465c7d4270d235531c3d691","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"775b2d233531302f47061c661dc2eb571bf4bf6e3433fe55868e917405f6a1a1961c5db61701ec7d12cce0f90b","nonce":"2465c7d4270d235531c3d690","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"73923a25850805c19e4745c3e4823f32136a381cc4d3f6aa8310e7eb97db32961c3d4ff2242497a453e274eb54","nonce":"2465c7d4270d235531c3d693","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"0be8462602fdd1c5b3b7347b5a162fb2f010526c0ec50e8c589b1a8d50e443852a5a2c6928db5dbab58372faa1","nonce":"2465c7d4270d235531c3d692","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"39939638e09f0af50245a0aad254f2140a135cea88e430d4bb75a13fe67d81b44e070649da15c7fb1941c5820c","nonce":"2465c7d4270d235531c3d69d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"3107cd1ab34a06c906a9cb06fcdf38aaa4a9ca0a452089ff0c2117dd0b3ca50fbfdeceb5b7edfdf8bf88ae6f9e","nonce":"2465c7d4270d235531c3d69c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e83aa8be97d063147e4eb5836a3600cb7dff6691c1f545177dd10f1ca0328737"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9e8b1e99dd357ae12ba6004390897931c7d7b3000b9c1bc51337905951c9e6a4"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"c3573a4368ac2ad398b1447ef7b986fde7768c7021e6644b1088ec75a763c11c"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"7392071b78693b3cbb391394f006b7151f23685be3a46f1a480cdcf01ed258f5"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e09755f25fc90245341439cc05421bdb942889f25a1e4017c82909f1b8d4b7dd"}]},{"mode":3,"kemID":32,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"faf28a99df2695912139d1b61b8e7a94a79f88e12d8a577fff9e3b49ff5e6ec7","seedS":"a2e1018c6a854ade9cb5d69bc582b107f1c20e3763bfff7b7d23fb9b38fbfbcf","seedE":"3f56378b5ec0239842e4be3aeac8ab5e0adc8190f8cc356fddb722df3911d778","skRm":"2737e162d9f9e264ab6c8e0730985de78c651b7333a247849023cf76cc896499","skSm":"0940eefb87baf5a4cf0f591a4695e64bcdc8792d0d67f0cf38c2b228c9147325","skEm":"141d242baa3764b3dea77d0125f4d41b98627b6d21e243110cc885ed9d3c63cb","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"81f8aea86eb716a6190f8151c3e4858d3aabf0781579feef7853d9bb4be19d55","pkSm":"157bf2ac29e4eed6a6b1060173e6167f5ea816df6d1c6bb0572bca17462c1d56","pkEm":"a45fd7250d40aa64a17f8e14e4987513086c01e7a753a43bcd03176a0f8c4606","enc":"a45fd7250d40aa64a17f8e14e4987513086c01e7a753a43bcd03176a0f8c4606","zz":"db00fa0e38cca7e958979d8ae5f8e55f5a13bfbf1be1aadf8de1ddd13dbb7ed2","keyScheduleContext":"03dd2330a5ef651db37cebe3393a6bf27b38c3f8c4e954a5fe3c61df61ca3d8cb5e2315be921bff8bea06dd5e9a1813a3f909b9eb7a8dbd90ac60b906e50ab910d","secret":"58e0302d66abf9bb268435cfe1e0802b4c3ac1f1e16f03f9795db038c88a2887","key":"4c79170f71e74212557131685a7354fc","nonce":"c7f42ab714a4606e414c05b6","exporterSecret":"d65c46f0189bfc224e894b11f128fd528941178f028360f4bc2379862ad60e40","encryptions":[{"aad":"436f756e742d30","ciphertext":"56c24debbd281afa727712725c72a40834fff4920c8d9aeef3b08c684c2997a2d0d2b0fa2768c4823c7e5212f3","nonce":"c7f42ab714a4606e414c05b6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ffde5f5cfbcaac29450846b02499831f6db54775fa7c68e3e6a6f28cea6a70bd57ce03c57cb339bfca09c048fc","nonce":"c7f42ab714a4606e414c05b7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b8e91378fefa33ef428173db4d64cb3e15c1cbce7e9d1f129884af766798bed723bec7ef871696dd4ed72e9cb4","nonce":"c7f42ab714a4606e414c05b4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"6379d82685e7572cba439d7c88430f7d35ab17029729d618eff4a10e286eab61676a5b523ebd96d7823eee718a","nonce":"c7f42ab714a4606e414c05b5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"ebbc30676d69daa70a91c654b9cb1ab8ae8af629bd6c909a053f3cea242107fa1170916a4daa273038b52d1b8e","nonce":"c7f42ab714a4606e414c05b2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"488e71bde2c3effde0f6ed186a31600a751e88415320d39517eb513f34431fee5924b0c7e16e2c57577d2e1414","nonce":"c7f42ab714a4606e414c05b3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"0fd4adeb521ec824c52f5650c6ec445e099eed6b2e55953760f79a3cc30ea6adee2e96d52e7851b3ab4003fd99","nonce":"c7f42ab714a4606e414c05b0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"45b4dd4f8f69392c06826fd71d4f8f71dd6971da419944e7274895b7a65cd9640dfbedaf5ae1e9917dac758556","nonce":"c7f42ab714a4606e414c05b1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"44be3e1f8d498e1202fddde22e33956f393c536ccc48608dfdab7665b6c841144f8af12e43e7d08d69f905c9e7","nonce":"c7f42ab714a4606e414c05be","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"2b93e40a41d6876c499dd4754d364ffcf5f7adf1f88aaed1c571592bf1c7a247d8c05462adba9bfdceaa0235f7","nonce":"c7f42ab714a4606e414c05bf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c7c47ec29d6759c2da9cbae54adec57e786f474398f9034541cc757942762a19"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"2426016b2b0bbd67f26e240be632ad0b9c6f3a88d07342377e62665170256cf2"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"cf379771838ba34a0739ec97782c3d8ddbb6783cc454c54886b588f70afe08f3"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b17029e142154399de434ff4e3abcbd41cf339558fb6d2196aeaca38028a1a93"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"50609537bec289e80dd99bb1b86b334d6eb6ba2395ddf4283599bb09c022c02a"}]},{"mode":0,"kemID":32,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0a16b20b51d5ea005fc98700fa0ba9e2f3b22fed7df93637cf31baa5907bf204","seedE":"deb191324ca39e9728eeb648018cf53de42329c8952e0c298c3bd5154afb0633","skRm":"da634eee68734edcd50b2b14c73262fa3ed2726cc85d3c328ccdaabbbec9d53d","skEm":"e28ec716ac495417440ef674ccf438722932da41b5481b8826f4f7947c4d9069","pkRm":"1ea4497701b05912be470df9d06ee114b825b9f9feec09f6aa9b2ca6b7be1360","pkEm":"1a468c14ca9d0615f9a14b565c0625058f9b56485006dcab10d762e5260d3041","enc":"1a468c14ca9d0615f9a14b565c0625058f9b56485006dcab10d762e5260d3041","zz":"c31565932c0e5ae4582c7053e33b5e77e371b0dfe1ac5301272e28bdfcf26c77","keyScheduleContext":"001c6907359a7daf67953ca146bcee91341462b6f068c235c0e42eb6c0a39b2f5aea4ccc5c4d1ab53cb3cf7430d10e4517e439bd45970f921cde7bd35842365cb3","secret":"3b064fdfdd0d10cbf422c8da9a303d9ccdcd6e1b1824d637165fe4180d2fd144","key":"2053d49ca8be215fe6802fef61c8da2b3e231df0f15a642b50e91a0ef1e9951d","nonce":"c88874b9b2cf47037984bd5d","exporterSecret":"c39930e5828e5ccff62c40d05a75605eec31aeac8a1657032142a9e67f9a855c","encryptions":[{"aad":"436f756e742d30","ciphertext":"bb9270559e7f209f764aca4e186040a561e6f2a4f34d6edc59163786ccc41231166f40bf6699f45bc11e25163f","nonce":"c88874b9b2cf47037984bd5d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d6743a322f18e3fff2d06e3912b3d484c315772bee09929dba1a27e8e93f11fbced8efbf45d422210bb09f52e5","nonce":"c88874b9b2cf47037984bd5c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"89964cbd1aedd4398a9e0fcca0ac245d04e6823666ea639be02bb9ad1bb297e9a974ea1c489414a8e5032a3609","nonce":"c88874b9b2cf47037984bd5f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"bc8f37b1f7b179b6e97ae97dd08674a7124e9af73b6131b3bff3a071027c27a3e8210522130ad7c2ad20afbbec","nonce":"c88874b9b2cf47037984bd5e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"e2477e3230130508f8ff9a076b3ff0b4d162defd595962f10dceb9caf72ddddfd8739b184c92a7546e1ad93d49","nonce":"c88874b9b2cf47037984bd59","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"ee5d485f2e6670b65d7a31fb134823016d3f9059b12bfbda706c4e592f862aca43631f94619f7ad2126bbdf771","nonce":"c88874b9b2cf47037984bd58","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"a7ebc5793d72288bd382222aae883355a5eab73ba5c7271d66328e1825f3b9f0418e1b204933374e4dd55d8316","nonce":"c88874b9b2cf47037984bd5b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"2a5bb8b837de5b0bfea4070918c27c9aadea777bc043189a12dd78aacc197aef16ec3f4d90e7889f8962181bfe","nonce":"c88874b9b2cf47037984bd5a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5fbab7888d1df36f9a7f7607dfc67eb2878e87cb4972fb5e0f2dd6570153c5f64a21bd042fa1a07135482e9767","nonce":"c88874b9b2cf47037984bd55","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ac94f708e42b900361fabe181d638d03faf663530bdb635944d5fc48425ee2598b311ba6c7b2495ab9cec34338","nonce":"c88874b9b2cf47037984bd54","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"57c5a85e2538d066a529c321a740e0dba3ab413b5d7a74fd5e9c535dc92a9c93"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"adae370a00458fe0815fb39e0c6708a1e32d8a41d299ec6ec3ff0b3aafa5e9ef"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"68ddde9847cf50fc0c31eb94a5071c119a4f018bbcff323614b4664808e9567b"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"6d0684b38f5f05aceefeaaa17bf71b39d5379940761bd38cb0499161565394cf"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c694953e7e6df9c1d74550b5d54b62a316227c5b08c8f1ff51f124d29b3ae2f8"}]},{"mode":1,"kemID":32,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"1775ecb21a043f63f0d320d817bbf9591c913e8e01de27c4c9312493f6801c97","seedE":"7373cae944073cc787f70261bab090d33e0f15402685e7f8ad0fdd668985c8c3","skRm":"be8bd96ddb41da0902d736084fafaa3fa3be2871dd27f073d2b9aae55230dea4","skEm":"db448556c26950d7f1ed95661744670eca3fbc680e287ce22a147c9a91f0609c","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"9827b681cf3c77faa1953f4ef6e8c049d8051f5ae867c9ebe17dc142e4f46632","pkEm":"f101495bdb9d304ff4b5e5c61a775e15bc5a9a0302f260a2953ec66fbf894a62","enc":"f101495bdb9d304ff4b5e5c61a775e15bc5a9a0302f260a2953ec66fbf894a62","zz":"ba4401d5d3579931047148de93e1bd36dd8a2c14f0faeee79210ca4dec592a40","keyScheduleContext":"01809b00e0a8c66ab0062f825e52b36209266d6836f95f0404c3dca851ee0af863ea4ccc5c4d1ab53cb3cf7430d10e4517e439bd45970f921cde7bd35842365cb3","secret":"2591911467a941a90577f5d9d20fda215c5dc092095749ee41586247dfaa42cf","key":"015d5b695dc8917141852848f0ada695de11404c5a84f5c58917ca28f4fc5e1f","nonce":"e12157c5686a7c5b7947f5ac","exporterSecret":"f9d9f7e40ab05a3108d9e51c8391ab0b95a97610386728618b34c3572da9b2a7","encryptions":[{"aad":"436f756e742d30","ciphertext":"b661abcbb621a01ec812ac82dfe19c53154feae79a844be639e851302430dc4dae24468510c6ee6d155b1c64c3","nonce":"e12157c5686a7c5b7947f5ac","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d4b772a280902304dd1479e9739eb420ef6101ddf1dd1ab90338dbacb474b5e51527cfd3bdd3b5f7168cda6aba","nonce":"e12157c5686a7c5b7947f5ad","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b95c0b799af60d5ee28a42e330aaec1a2002b249c2f62de9ad2a37d6a26271e14544f7423412f4d9ff708805dc","nonce":"e12157c5686a7c5b7947f5ae","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"05ed898ce754accada006ce4e6ef5cf549c4b3f6c9b2f2fa157f159891f614be35b9e5f57a0d29a6447af0ca3d","nonce":"e12157c5686a7c5b7947f5af","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"010ad151a2bb23dba811964c5861c6b25b85d3019325867df7f44a23471b812f86449e4a8ddf8b72bec2f3fbdd","nonce":"e12157c5686a7c5b7947f5a8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"123c5950ca64e49597f261a6cfffba2cc90402c58d0371095b8b6ae22d5703c64d5ee9a2ecb57b4d720978d818","nonce":"e12157c5686a7c5b7947f5a9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"d486ad77fa2a70bd0868b6c207c436379c85240416c805b5d4ee1a6e4e83309805515547e18283bef075bb9052","nonce":"e12157c5686a7c5b7947f5aa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"64d6339f547a73c71e19e45d21b8fc251a5c14cd9cb99579cc363105d09c25cc5f6554d22d269a2bbbfedf3f94","nonce":"e12157c5686a7c5b7947f5ab","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"0b7f3c3d3114f5a0664a4d9c1fdd98fb04339248af2b6a1b82f4adf1ea28899f21c880bdbb0a02b9f08d763638","nonce":"e12157c5686a7c5b7947f5a4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"b373a3e7c20d52826789739e67f1183629db916b819f0b0c8c720f423ed29bada1a68b93bfcbc6014168682e68","nonce":"e12157c5686a7c5b7947f5a5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"08733eaecbfa1b61ba3e86661b666f5cad74aedad20fdab743622183d0e5861e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9f91ddfadd00a6de4150e67e9375d02a2eaceaf14a03cf3e040b53b961be9944"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"86ee76034b35a1b613a760f697c59379db3a9e9f5e75a90bae30f689c84e7bc6"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"f73903ff3e3188a5b0ab9b439f7f6eb3ff59904820eb97ae3aa223296b4862cd"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"46dff8607d2097273ac864eb01a48c00ac2d3535f489fb685ba1cb494c071ecd"}]},{"mode":2,"kemID":32,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b1df4eed21bc535f51a359ea62b4b91f799c0b54ba61d1b850988e5b0276ae52","seedS":"e3e3df041389115650783738165bee473422bd401af7963f692f785e3dbfc125","seedE":"8c85e2575f9eeb377c906a0433e452861f32d5405841944a651f37299ea07923","skRm":"2d893a042ca33a25ca852a97ca868f49477ec074026d0e9af691d399990e6dfa","skSm":"1c4755105e91318c22bab7d2f0955f3076cca9c2a1b670b862785ea18b3680c8","skEm":"a70a0477a2dbb244f81d832fae6a48ec4c362e59cab7dbaffa820cfe77d732db","pkRm":"fc78aba8e710e03b8a4cfe685c9681fb632057c0ec6bf270185f66a73385ae2d","pkSm":"2b0752b99b30eeb8e2e90c293d71110dbd0aeddfa8e2c8124fbe01c4eb599e20","pkEm":"c2d68f417250ecc3a7ac77e08bb47fb07480f65411f3e17089903ad0a257d904","enc":"c2d68f417250ecc3a7ac77e08bb47fb07480f65411f3e17089903ad0a257d904","zz":"b559c29033fc9d8582cfb52566ff77e6017d1d38e2a5bdf75589e8f1bee14b99","keyScheduleContext":"021c6907359a7daf67953ca146bcee91341462b6f068c235c0e42eb6c0a39b2f5aea4ccc5c4d1ab53cb3cf7430d10e4517e439bd45970f921cde7bd35842365cb3","secret":"1e7d06949a7d21e18dd2964e96f4e7cda230ad7315505aa4439328154ba81faa","key":"611f9a88c8ec4fcf29dc3020f1a7049bc399336ea20efc9f50c3aaf75c5eee22","nonce":"2f7cbaa49e6c61f1cfd79b4b","exporterSecret":"01494d2770a7c4a8a6d5cd8882606057c88bdb354888ac0b2f5e0edd081ca9af","encryptions":[{"aad":"436f756e742d30","ciphertext":"eed68a6e60cf55bfd3fb2c62fbd5c8a2c917f72593d3547b99d9d2dc04d761c56dff01d1ba5b484f379d1adcf0","nonce":"2f7cbaa49e6c61f1cfd79b4b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"21ff1d042196518645d0e23b0a7f303fb7527f1615a631377f31f38de36bc499c1650125df9c8d70583fbb76ac","nonce":"2f7cbaa49e6c61f1cfd79b4a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"85312357b0994328d1b9e180d8c15760dc3f044a2c128aec76d7a94c5af6c7d8cdaa39868f368693afbda9942d","nonce":"2f7cbaa49e6c61f1cfd79b49","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"8aa03974e17286fccb0a2796e30d11a38eb9b9b4c7e4d7c6cca6ded9882ef60b01f3ef35282220e636b721e065","nonce":"2f7cbaa49e6c61f1cfd79b48","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"87d4e723f20b1bfbba7e9ee501abf7c4ae29ab6ae639e3bf048401e21af5dc5c875be18d4d80283a3abff6fb49","nonce":"2f7cbaa49e6c61f1cfd79b4f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"e8e60ca3bff8a7e34c976cef3ca003b7209264ae63fb3309a3795f80390986779efda6275560a233c41f1d8de7","nonce":"2f7cbaa49e6c61f1cfd79b4e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"0b733a3930403ae2cdfd9ecd5f71825545b3245b937c8782a4dac5052ff1f538c2bc9a4b89c5b8aa5219046184","nonce":"2f7cbaa49e6c61f1cfd79b4d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"dcc903ef0d3715d269968398af67cc9557c4da4a84cbda50261862d6bad31047a1b1a911cfbd775b9c9210846c","nonce":"2f7cbaa49e6c61f1cfd79b4c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"2053caccfeef092a39c9b346c563494d29a05ae2a12bdb9014c8ec5067cac1df9718cb432786240dd5aac4df60","nonce":"2f7cbaa49e6c61f1cfd79b43","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c1aa877d388868b420164a3b6c84f56ad44cb45512a58375aad059cb20ebf800e7fee1669a2e039453eac990ca","nonce":"2f7cbaa49e6c61f1cfd79b42","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"8c201eb4d4e5c66018ed3515acfd1a574c91cfd9a805c6746a3bd5317bffbfab"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"464971ec701dc7806f4829c7142ea114832937222c8feae6ef74c09d01383ac1"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b3edc6f27c03b2db1311fb672653e96fab4e4ff25d5d87b6307f1a06f2ed220d"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"8206dc954e3c3064bd89e24bdf39b360d91deeda19bb559dad610810ddfbc3f8"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"6dd2d06434511d0199cf92b5840ed90d1add59095a401eec8e8b2bc8c3f3aed5"}]},{"mode":3,"kemID":32,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"eafc0894ff171bdc21c16c7c0c651d586a381422eece40061bc51d0beeb1f0d3","seedS":"ff9f42e80e6f52510de8d9b4d924370af5b2082292c99704ceeae682d8d52074","seedE":"913a3a34612a7b1c98a7f1ccba72a8ddd2c6f746d185b25205a50638eef8b469","skRm":"581e34b21ba3a3022a9e4df3f30fdeef4ca1c1a7d099f6da53dff2c05dabe8d1","skSm":"1afdb55df58dc47322e855c104ff067cded782251a71d16ffe26200a5ac0765d","skEm":"4f60052b73e8ba20bfafaf3b8ccdf305c467fe01ea3059f824f3c7367110c716","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"85843fd9ac77d46e175b30d9b24ccc1eb1a31db16d714aa879934445c5e2f32e","pkSm":"5123532c38eca9b83f7fdafad1fac7b41db6df9d104c50b02e6f20fdfa661a03","pkEm":"74c9453a52e290cb336acb310a78f3ff1d798e2fea97b40264471e33a7247866","enc":"74c9453a52e290cb336acb310a78f3ff1d798e2fea97b40264471e33a7247866","zz":"0b0d58b62e0d589db4a483489b4647db66702a8378ea3a4c4741761dbf000776","keyScheduleContext":"03809b00e0a8c66ab0062f825e52b36209266d6836f95f0404c3dca851ee0af863ea4ccc5c4d1ab53cb3cf7430d10e4517e439bd45970f921cde7bd35842365cb3","secret":"497efac284f5a49d8e6b8132a96c81d9ab6be7111fcebc96477a5aa3e47fa157","key":"f53e8125cf04b878742c869c4f4eb9363f4f4a11d437d34badb904ee38d0814f","nonce":"ada247df987fceb8d4e93191","exporterSecret":"d2029b9e5140c609b45b14af4058538818904f335a1abb6f66bea28508a55baa","encryptions":[{"aad":"436f756e742d30","ciphertext":"549c726a9ed8e3137af6beeccdfce2ab4c4958140327dbe50831c25cf4eb587ea0e6ec67ae1f9888c72d5060f5","nonce":"ada247df987fceb8d4e93191","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"810431c67452c001e8c1b75e4f88f9f44bfc497d0bc2a8ba3b7ee6a9aa6b6c3bc30477e905da9a66a1b10bef31","nonce":"ada247df987fceb8d4e93190","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"5f710762f75150b8e8838cd909700e3972646aa7ab0efe0b68bcc6902354b65d91636b33865b05df3feaa72c69","nonce":"ada247df987fceb8d4e93193","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"341e06fcdfa07af7a83e69c04a87f10ff38db14c76c2c7d479fbec4cc5952a96f03422775d1ceb8514ade326e3","nonce":"ada247df987fceb8d4e93192","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"db726c504eddb11b6d599b7f8198d0c789ea07e4635e5857882d5448f420617837747edabe9189050acde314a9","nonce":"ada247df987fceb8d4e93195","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"3f4e6911b3e329ecf8f5275d397df81696d8c153b79f898a7b41f5dc9f84d9d8eda651cfa37c3ed952ed972a27","nonce":"ada247df987fceb8d4e93194","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"4359d31a9c5e54771320fab1c94280845ea9d32b7ed8da63cc8ed0daf25094fbdd25aca5d23b47ffc97d1551e2","nonce":"ada247df987fceb8d4e93197","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"4ed6be7a0d93829563ce6c160ec75b1177303fe869b03f0548d4b04f36dbfbb1bfe8d7d7b321ff066092b0fba9","nonce":"ada247df987fceb8d4e93196","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"b84331ebcdba2e296f43f9a29f265b6ca080b02212a55377cca69108bf8195102942aafc444608ce537e3574d1","nonce":"ada247df987fceb8d4e93199","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a67fe82f3ce1aafbd3861073508d107503096ca9cf9c7b72f5115ffc11d899039732ec27ff2a534e96e0e45898","nonce":"ada247df987fceb8d4e93198","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"0a19d17b7a935437de8b6055355f25ad448d5a5553c5446720db7aafbd7060e9"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"bdf3a83e49720d2851ee58010aa2e4f5f04729c58e57dd1ae3b8005b654c0e86"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"553bff03ae560593379a2f89998492683419b0ef8a7d628440c1f360d2d8713d"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"0936226ceb9e19082aa1356ae502552b4f31c3b7dc1401a829e0d5ec9ccaaedb"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"50b3f4d023f32aed2016364f2196d934f415d31285f54d773ad7077e5f1ce326"}]},{"mode":0,"kemID":32,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"2f74ee420165e497b22d2d5148eb66dc06e167e6b6a25297eb4d96747b86cdf4","seedE":"8b76b8dd43faf7faecf684ed9cc5b4cb937604d34b4f8efb830063ca047c763d","skRm":"677b64ff70915fb0404a1905139013a33fcdbc39f3d1914a007984e2413eca48","skEm":"22e0948a3fd086e7ec1cb96155499962bc470680db725dd008d39d25f6191bf6","pkRm":"02bd698c34ef1c3ec60d5b209135310d52e125038a0ce0bf1e0ee2c8dfc20e55","pkEm":"de17360c5c7f244cd06ebc73f2808195329ea69ff829410a6450040d50af363f","enc":"de17360c5c7f244cd06ebc73f2808195329ea69ff829410a6450040d50af363f","zz":"3d63a46a8d9ad4e3830175f7998bebb213bd3a8401b50cb6e2c42670356e9953","keyScheduleContext":"002ed6ef5e5a1e10b8ce95d98a132e9042fdb39eb661fa2fff0353f29b397c31aceec26b8f681b7d42f5ce9979f35b851fd772d56055040326cc392f2a2bcc5d3b","secret":"fefa11bd4b906e90bae2c34db054d68c32428acd590d832c7090879027cc6d87","key":"f85c77a1e881337552d20297e3200801741de39212c5f18cdb57062f99864f99","nonce":"2084a09dc1e85528844144d0","exporterSecret":"ca58ae00ecc470614f8839c668203a3bb0905a6441559b4f1328f3b20d15b3b4","encryptions":[{"aad":"436f756e742d30","ciphertext":"b706a7523384a553fb1c44d5d3186bb78484947cd17e72f15f1c83152510e49680cac8f057f175187e94f18083","nonce":"2084a09dc1e85528844144d0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"cdc1a9425ceea83e9f1d0a2be77525460cbe259d1a9314eba520c5f5f879376a9ad7f8672ec943de425c6655c8","nonce":"2084a09dc1e85528844144d1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"5bb2028896d91f156cd6e171d1470361bc07aa804a3ed64163ea67da67bce84e3d2f73b8d75f9a4dcb452b97e6","nonce":"2084a09dc1e85528844144d2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"220790f4242aa714ad2c44967810cc8c9483e1833d7f9dadd08999abd892aeb3fb1ca54a29c4ea22d1395d85d3","nonce":"2084a09dc1e85528844144d3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"73973035d480c8299d1773522b738af626a5c834fc6af5ef5f8778fa6a767da89660f4aea7b4241b1f8b5cdebd","nonce":"2084a09dc1e85528844144d4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"2e35688b0bed657bc213ce0c960e478e2d708700b3b3ff7048bc62130f23a0752ad867167f1d1b709a48ea89c8","nonce":"2084a09dc1e85528844144d5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"14dd79e4ee9e416dfb954e4f0d73c44757ad375018a802cd0c4a7ba3fe378e5c8cc4cf21e648e6a8645a085cad","nonce":"2084a09dc1e85528844144d6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"a996ed2f2680a15351eeb87643b99b558a59d8c1114a214acc8bf3dbe6b40c4d41e06ce8b1e11e795e37c75143","nonce":"2084a09dc1e85528844144d7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8123ec5ffb77c7395bdf2baf9c73cd2b1bbfa0ec79870a1d6260189b559af29a9478c2675c82bd1e19d2e422bb","nonce":"2084a09dc1e85528844144d8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"55c9731edc92dee7683bbabc425fafa4dd199aaf74569bec1bbf79e082eab9006392ea1b3a2d07622b62bf0bbf","nonce":"2084a09dc1e85528844144d9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"bed211016a1fcc4328de46fd11d8be1f00a7e2c17979450e760c152fb77bc825"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f1c29485807379d0deec17a65606307c2723a1653ecb1bb601ed5f703623fec9"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"477680ef89421fd862866dfe00b70ac8906785c2346db09c8a868b0c23c28e98"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"d0d5e1460ed084ae579eb5408d03d99482d74b5293e7aa19df06acbf16af8fab"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"f5fec947f00eccf828dcd4f1b405a115001cce97f3bc0d6f8c831f1cbebce36f"}]},{"mode":1,"kemID":32,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"6dbaa03c19b18e089416805b98b97e9be59b5b43348313f6c894aa749bd863ea","seedE":"d2a61539bff0e4c64e88af0a3815b0269b78032f45d84fb82b6b5c0309f5cdd0","skRm":"a009f3a71c03eff914098e1fa804047b803e41b2b7fd412a48d765e788d844b5","skEm":"1c671b5cdeda763fe49fc4ebbc9bc39257eb64cb7c80f85489d6099d94c34277","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"d1034e51de83cd6ae397ac7bf5826c3488956301a43a6ba0a9966b5be0d38066","pkEm":"c4b91e87a49f07ae2b70020bc2dbaeba491de362b918db4589d1b64dabf3624b","enc":"c4b91e87a49f07ae2b70020bc2dbaeba491de362b918db4589d1b64dabf3624b","zz":"32db4a665545350d97e322d68efee9dceeb8a2deff566762b89314b6d5519be3","keyScheduleContext":"01d2265ec86e8178427811787de22a5a66596c3a7c65806869a25166bce01ce008eec26b8f681b7d42f5ce9979f35b851fd772d56055040326cc392f2a2bcc5d3b","secret":"ba68621396bce80210a653cb6b7c6c53e3412587f2a3d359b5433717fe10ec1d","key":"0801b8427755e38ec575ca82c1a023976d1c6a05c962bebd5b711fb1e38790c5","nonce":"642d83347562610ba01a5986","exporterSecret":"5d97c23cbf481d5e7c9f5fe2ea1c4968d0e7512d01b81a2b897b80d5614c3d68","encryptions":[{"aad":"436f756e742d30","ciphertext":"be00a3d72559ea2091cf65a02a8dff3b79176a880caa47b214e75debbc4228c8028a0eaa31a9207fdd595d4443","nonce":"642d83347562610ba01a5986","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e62e5472c78f6c88f40fbbcb9f41e89daf78c5be7ae963cc75ac9221ec1fffa7f112717074a635ee1a415e2a16","nonce":"642d83347562610ba01a5987","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"91d12fa708d5926578a7e9fa56a4342e0fa71e824908781d4c937a00163d581fdd23af55d60bdb310289fdbc49","nonce":"642d83347562610ba01a5984","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"11886e4b2aa6c8ecb1ef527a3df7e859d9c8834131d45ebf12152a53cf03685cd2298a7fc3641982c2f50faf7d","nonce":"642d83347562610ba01a5985","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c5ab4ff7fab32e3c6809b16bedfa2d4c72fc5f9b9061daa39fa3a7624d39a797173c8e99649ef69b2362223981","nonce":"642d83347562610ba01a5982","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"be65dd3783bb46c973448d1f11ca607e03cc435572f1552135f5c69fc0af9b70b91c2cc62100c2fef4b730272f","nonce":"642d83347562610ba01a5983","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"740f2fe43dcdbe5333e18fad90dc3da3ec38afce3ecf915468acc697011876754d0bc577541291c18d531e6e4c","nonce":"642d83347562610ba01a5980","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"513f1838920594476b17e682b832ef9f0b264c629b9c02843cb8b10971c7d4f1a8b4e78afbd37a889a123af1fd","nonce":"642d83347562610ba01a5981","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"078c919a344f7e86fc980c93bc891c10aa17ef3c3d76fe1649ccfae7ed4b79dd3d32e710a2a955b0b70afb8396","nonce":"642d83347562610ba01a598e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"4f4f92df2e9ae8b9567acce2afca2031cae8129e046c4487773bc4add1cc804f8187441b63606e084b557b1448","nonce":"642d83347562610ba01a598f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"a8eadf8c898fa14a87510c9b699ecca1ee46234929ad8f1187f8b9cf7f77ecf2"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"453b5a78d35fb8f62bfccf20d9cbab68521e73afa15ff83f09aec847d7d8bab0"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"95ae6cabcc0ed5ef610a90d3b67954897c7a67b0f61e1851ca2f6e92431a848f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c2fa1c0a7e10158e4f3c87502bac83f77451377d1c47d87800d3f6868399aff9"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"64ec1009174fa7468a4239288ceb7bdffded598bf040b62cb3db6cced114cb71"}]},{"mode":2,"kemID":32,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"9f6e9796f20a88e8c5887e50f152e064136969764e6e32389e8eea78ebf0f95f","seedS":"ce0ba3357818e370eab3832a829dd5288638e201c8a00b6719d99bed3ec1f672","seedE":"d6ee4cfacf3ba765b5a8b6eeccb582eb5dff114865c8cc5dabf6f7c8ae173d0d","skRm":"8a9bc9357435fec0d3f5c7835db552dd0e94c22a8564facbea3b07979d51f868","skSm":"53e0f32f9505cb8573b9c317feebc4db9cc68f43783e8925c5fa034414ad2548","skEm":"ac85033e48bf3a535d7837639d9c67cb291386858d314316ae1471256181adc5","pkRm":"792245f1da20e58edf96456c0105df0f8175185e5822ad187c503fe8b9e1d570","pkSm":"08f48962079a2d52bed897979ab332b5b2c3db8891b90a99a1a591cd6311b668","pkEm":"3df68fc4ccaaee084af119b988cd50d18f72992a7184a3bcd0e2b0589b90304d","enc":"3df68fc4ccaaee084af119b988cd50d18f72992a7184a3bcd0e2b0589b90304d","zz":"2ca27bef5ce8b14e9480f9682bf7ecee181d3518c518e2a968d2ad65a186e3ea","keyScheduleContext":"022ed6ef5e5a1e10b8ce95d98a132e9042fdb39eb661fa2fff0353f29b397c31aceec26b8f681b7d42f5ce9979f35b851fd772d56055040326cc392f2a2bcc5d3b","secret":"0940b3fc4471901fd46e150287f576fdf679cb35ce9355bf0caefd00e4aba24e","key":"43c8db462fd0e25605aacc57639114f5c7db1333a6539fa0b9b068bce4458e22","nonce":"419e8f333efe8f64810bea51","exporterSecret":"2f5a9b5f204f64437505841208e952e65583951e773c4ba51a27adba6f96118f","encryptions":[{"aad":"436f756e742d30","ciphertext":"5cb775f56c42202bed1d67ac0ead881db3295d7ed2f34abcf41d2dcf3c6b40bcee2bcd191aae8826219f0eeb54","nonce":"419e8f333efe8f64810bea51","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"17b380e3fdcc5c446a4033215da6baa26ccf86ca2812710ac5d0246af489b35eef16107ab39507761b26494884","nonce":"419e8f333efe8f64810bea50","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"2c093b8997256aec1139498cf6ea920a7e38a80392a6a2860e502d7a44f02b8d9c648b1112d622d23f2b4a61e7","nonce":"419e8f333efe8f64810bea53","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"0e230d977e8b8d9127112b2ac41fa573b49662f1873c9389a4db80cc332983adcc2bd632ca69472d024609833e","nonce":"419e8f333efe8f64810bea52","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"ff803471129292e117ec4fb05e93db8104f46b0faf8137a663a121c12503dd8a5b0802c2b2f8883a9d93615d1b","nonce":"419e8f333efe8f64810bea55","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"711c9394dfb65d232823a2ebb55f5d820d10d0476948b193fbeb5f4793f28ac7ae91a44a4a78e263365b251238","nonce":"419e8f333efe8f64810bea54","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"75aec9c91e92e1e387b0c0928aa9040119b5a6e1a96bd474e451a0aa245055ea95e2e5944f5059e65acdca3434","nonce":"419e8f333efe8f64810bea57","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e1745821e50c7246c579a3e334173eb3b5b42f5355ae0b44f21ef7225ab91702d2624fa830039428437b9b76e0","nonce":"419e8f333efe8f64810bea56","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"daef46eaf2a980b525268b5c2587432b691d28276900516db9be81be7aab96c8a76dd7ebe9f83881855275c257","nonce":"419e8f333efe8f64810bea59","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"66ae7661e60aacddd75320cd7d54393b1cd29aba4af66d03cddf94a8d3711b4f50f8c198b106e172b6fe8db195","nonce":"419e8f333efe8f64810bea58","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"502ecf31381c7affd8cee9b8912a2ae6e8d9735fff6b429a2b5828d65c293210"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"2f26a83b576bf9631888c1aa4ae666c1a4c7929eb9f9d2fc4da162afdb3db2cd"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0563405ac6382a837016591032a5244200d601ff09b1dfcd1803703fdec5d146"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"788bf6b79f6dd155aa7936aca4c74ae985a335214a23b3244db625020c181212"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"812ee13a54908003649cfc5c86ab352aecb83d997a4b99ac4da5f0b80d45199f"}]},{"mode":3,"kemID":32,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"4276d8976e15fd43ee257205337352f11b3454cc73f7a66963a84381ec977ce5","seedS":"54acfce7960bed685529f6e135ce9eae67d8c5e125ca296269d84eb1b65eb158","seedE":"ebb6e3d16e1d36a2ab0573176c222afe150e50ea126473eec6b0c5e9fd718bc2","skRm":"ffebee94be45a55865290a001db23d05238d68c6beae3e6b05b5998061be8435","skSm":"223dfcc32d61b1ff5f3a0cc8c4e64d3c705754f5caddaf55415a9c14df6cd329","skEm":"f713b661a87e423b8cf67fa0d454d42ec78e6bbe72b19d1b4f7099127203254b","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"2c1f07ac3a2681a6f9e379ec56d8da9ef4c086bb8e4d864ba624b1301415593a","pkSm":"72e38f304d598e18673b00e3e46daf1174f4df13c32815e089ad18f6b406021a","pkEm":"a1803ccf6b2a44513e02b2fddcb9aa49030ced3610f4d5eb6715bd8b9ad51333","enc":"a1803ccf6b2a44513e02b2fddcb9aa49030ced3610f4d5eb6715bd8b9ad51333","zz":"1b0154acd11f266da0e70e48953c3e9f4732aa0c6a10a44171a309ff52a8cac4","keyScheduleContext":"03d2265ec86e8178427811787de22a5a66596c3a7c65806869a25166bce01ce008eec26b8f681b7d42f5ce9979f35b851fd772d56055040326cc392f2a2bcc5d3b","secret":"a0bf6443710d30369eced70bfbf7cdb9fe374478ad85f95d75f3e504815b9a10","key":"eeb2d470a0c034af57e70511e0ced37dc354c4683ade1e093bb022a89fab5d5d","nonce":"8d67733e25a72e043b920f92","exporterSecret":"9e1fdb2b0ef7d0c26dff4ba52390f6e81d3748370b598bc93e8d0ef6d19df1c3","encryptions":[{"aad":"436f756e742d30","ciphertext":"87f3ba9450a7e2390a34297659d297b262bddedadc9d17fa0a746c8ccd11f5c93e58d4e9aa8b0af96cc7b84ba6","nonce":"8d67733e25a72e043b920f92","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"b22c6c2554ad966ad3054de7a568de0f146b69a7efac7c60decf4fd541d3e062efefbfb7d6dbfc57be689284b8","nonce":"8d67733e25a72e043b920f93","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7c7c587a58ec45edf596b4df3fd72aa3b5d313b85596225c96038f36599c42b34e8bd2ade51da9496b4fe0285b","nonce":"8d67733e25a72e043b920f90","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"cf0f8ca1d2b97f9ee339f090e65781f66de62c8e2ec1a2b2442f8644c3c365419a2c5dffc74c5fb5317e3377f8","nonce":"8d67733e25a72e043b920f91","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"1ad7b70f3dcf0c3b16c01b916afc18a53e0c7f16a93fe89336ee0e7fa55add7e4aa61bcea06cabb5d9414c8c6e","nonce":"8d67733e25a72e043b920f96","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"0a306038e4a7d35d300eb703a1d1f27e59a97d2e6921ac6d3ef143a47088ceb4c9b3b244148231ff4e2a51fd66","nonce":"8d67733e25a72e043b920f97","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"921e1e50784bc475924a3f928512ac6ccee6b77a1d5ea6830f2de22cac7f1c47c967c30b1df9b3aa21feefd19c","nonce":"8d67733e25a72e043b920f94","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"06dc8f9139fe0c25b6dc2aaee83649ef04805c95d68324f5426bd046e96cfbe7bdd5769d4436be2975766cd53f","nonce":"8d67733e25a72e043b920f95","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"4536effebaf8ce1c1fe30e738bdd7b8bb631b0db48d278d990427f4ab7252c5aa06dfa0177e71c0ceea65a952d","nonce":"8d67733e25a72e043b920f9a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0ec5384b0879ee351e44ed146748bf3e8083aef1160d098e0703ab10e6a299013ba3c24e128ab96ccde1209b9b","nonce":"8d67733e25a72e043b920f9b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f86fcfa1037837bc789bd3cc502b4fe88af94d60f3d1bf5406735425b90065f9"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"291d221b01ba200cb0c650780e6ca0f8509af4ecbbc2a7217b3b4ba9fb997683"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"3d2e081f1f02e06db9c0f0cc7ed7d1446e8a0c24463599c965f74d9dbfd6deec"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"7a3d1a12416614734edf94e095ece8e6e0081435a2b52e0476d9a6bf8673c434"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"80b50a2dc36988cddeec25954fbbc24986a3b7aba1012507fb0f92cbc933829f"}]},{"mode":0,"kemID":32,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"ffa86fe0b789b8f018fc61687973b0e9111e8778fa77a4a9e9ff8666e68a9876","seedE":"019c9573aef4f64bcf499cc17ca307d41c58c96ddb50e39de0eedc257ee90764","skRm":"2ad8f8d251b97bdb392dcf671af13d6d26041e411faad5c984f68efaaa3b88b6","skEm":"b841f4832197fc363c965592a97fa762b04683114a9126f56dfff82c49a6f207","pkRm":"6421cec0bf7fdead5b4d3f70acbf6f08577fe73961708e31d6df522d4ad6b20e","pkEm":"04ecf81b3a34094121586e4d237fcb9df92df22bb7ae2c0c7c187d839c29b953","enc":"04ecf81b3a34094121586e4d237fcb9df92df22bb7ae2c0c7c187d839c29b953","zz":"47f911d0314c3cd311b2aa9b8095379eff46ca4e749fef38a38c0cdb25c15b11","keyScheduleContext":"0047373f05d58573ca241f94c6c6cf7457d4b8edf9238f310cf1ff672d9f1e6cf1249f2d1d0799e0a1e6fe5c516e05e769250040cdb2b78354a488cdcc2c1f17d44c0a2784a97b2ea34e6f2672ffced994ee825d2dff0ad1485955852e62f4783a38ea6bc0353a313cf8f12683b97d0e1040d203bb2807982dbaefe5b5ce3001bf","secret":"e59d60f7b5c8b4d97901a806e9512360a925b0d62ce6d1a162ada718dde5645103d55098659ec7523fdc0a7809d6fc58d30345bde62edf905cbb34605b1927d4","key":"5eb1d87d6b23df2641aa5151da19eabb","nonce":"df9ca3b2547334d55845b772","exporterSecret":"53e1bbde98c062c87c777c0e36037a2a0101e84b4fff0b2a98270ca7d1902373acc8195f62a1501c4470d80e746fd3d12a6fde2b761a0484b7c79e83556b708e","encryptions":[{"aad":"436f756e742d30","ciphertext":"9c4a9834cf1d2bfd16c7fe0a19f9f66afaecb805e06c212f08c245f772de9123e1bf41678f2e910a20158a0273","nonce":"df9ca3b2547334d55845b772","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"1bb872e187c72ac6f89db81309d0fe2c57787efc3d076aab394e0218e33955039650da12e3f0241fd52cef41a5","nonce":"df9ca3b2547334d55845b773","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"c5a95f473b853e190b5eab703080c9ddf313d7e6751b2af382ad7f8e910c897757d7256801ef83e408795453c9","nonce":"df9ca3b2547334d55845b770","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1b5a3d36a34781f93f5508dabc74bd3c82a47bd05af7b2729ef254f42d5a068fa86a918c9cbe1db552d2d8d4d9","nonce":"df9ca3b2547334d55845b771","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"46d9196849ad448e03a7603bb0eb2775586463051f2497f39cdd9211d1fd8ff71c97428639b0764f0ffba29f32","nonce":"df9ca3b2547334d55845b776","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"346a0ecb07e20f32174095a32ef87fde07cefa99fbc70d2cda903fdb8128c204037e7c659b40047e66fc416e19","nonce":"df9ca3b2547334d55845b777","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"41331c5365a8354fe9f221f0ebc6344bd86dfffe253da5cfa06d08089a6e0312e9c18ef57509c9faa2d0995650","nonce":"df9ca3b2547334d55845b774","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"b2ff99114ab4b8267f005bb6554b766d6f6c8274c2c669a325354cfb27034afaf0f6f7eb56901292ff804e7553","nonce":"df9ca3b2547334d55845b775","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"ae653f1d8dc035745b7e3fc2f81e4e6636f0597a9b6f6f1c7d5b0a23c50d76e1dc0a7cf4fa3b3126e12011302c","nonce":"df9ca3b2547334d55845b77a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0266729d852d16e9af909841bbe2444bccfab0575cd1c84ff6ddbf3259627fd5b73d24f402bb60bfbee1715951","nonce":"df9ca3b2547334d55845b77b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"3dba6be0ff119e093d6260766375f0f80c461c6592735ff58a1cf8989805192d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e43ef15f82fd672484625d6d3d8b1b157a98a20a6f55c4c084d2fd76b63d3be7"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"237c2e9a25524ca44ff5683b62e2fb366c583fbb72644b7208e7594e9d3221a5"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b421f68b38b2bb916e0925a21c80d1a8227ec6ad9a1e1539229142486f88c8af"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"7736ddde377f0bf3da742d7baac698812a267441c3bcf86b72fed0503bfbac0c"}]},{"mode":1,"kemID":32,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"9446c975d18b1baba9f3436700e2d607719ab8dc6e8ee892d918286036d01404","seedE":"0342db938b432a2e8134ff65c15b5b221e03ffe7cc6bf7899cd7ce70a9b66268","skRm":"e6b757a7ab174fd5e0fc9e52ac17a09355c4edec2c19758a05b3cd0e1e234bfe","skEm":"02cb2e63be9c1ced5e59b7e55e1de954175eb7e58ef3f2a741657df8fcae4338","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"8c5054f74ef994e5dee90a8b3f5c75581de4d765c36eb1ca048495d2c36d2005","pkEm":"f19da62e3969c31f8b6021b88d1bb01ce7dcb53eed90f277cdbcf3144577a672","enc":"f19da62e3969c31f8b6021b88d1bb01ce7dcb53eed90f277cdbcf3144577a672","zz":"4742cdcaee9dbddb5571a5e1cb9f884b16d9730f529efe66fd10f10ade7faaf1","keyScheduleContext":"014641f79c7b30a1db8d6b3e8336a1bf2266f1f59c9f220f2af51aa82ea91fbbb8921cf5443fc333347188ebdb08e44099cc35d0a057b0d9d37b974933a1f213e84c0a2784a97b2ea34e6f2672ffced994ee825d2dff0ad1485955852e62f4783a38ea6bc0353a313cf8f12683b97d0e1040d203bb2807982dbaefe5b5ce3001bf","secret":"500ab220f1b4e3f35abf50690ba7d4383dc5d3392717e21fffbf68601ddeee93f5e9a262329986251f03560d3cbc23c33dcb723ad0e827ef750bd0937f4bb2c6","key":"63fb7225924da67d6b6c0568315f2a2f","nonce":"0d373de295bf9a566712f758","exporterSecret":"94583411870adc666dcacb7fd62fcd7e4d7ab7bb325266843bbaebf94b861c56c44312b729cce29a41718244b56dcc9e8aea8bfe31ff4559a87d89087c11a17c","encryptions":[{"aad":"436f756e742d30","ciphertext":"96a490d59ddd3c47cd1b157d1bd00a725bfac64548ea92b632301ba782588dbcd52482a7603f20530d6841efd2","nonce":"0d373de295bf9a566712f758","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"60cd13c450142e32cb51163c754494e09e9da855e216ca7636d50dbc56e4502fce97da9ab2ab7309fda4086a6b","nonce":"0d373de295bf9a566712f759","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"e51e7c41cd7e13d457cc08f1b2f8157146b6707983175a69cc06e2379cd1662b20520274ddc6dcc7d30720862c","nonce":"0d373de295bf9a566712f75a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"5200046fc8a298f0814158f707f4545f5cb79cad164ddbeb322162660ffd75ec4625f4cba216ea06bfee06ec0b","nonce":"0d373de295bf9a566712f75b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c9e2696f8c34a46173eb0be7e95fa2e72f31b315e9e009e713ed0cdc068987c77cfef466b118a5ed9fae653ebd","nonce":"0d373de295bf9a566712f75c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"999fec81ec8d284ed8a3979ffbe65a52d0945a9441d997dd3561147d126aea4784982f4ceb273a1590484c32c5","nonce":"0d373de295bf9a566712f75d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"dadb3cd20b0dd29928abb01d14a41cf5f1fc229f7115b71b6510b729e1450a7da6f1e28128ba622b497bd00fdd","nonce":"0d373de295bf9a566712f75e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"1a44924b95da2652eeee1cdb98bc221ee54cd996789e3cd8fc1329aa1fdeb27441d67b3d23be37daf1cfac13b4","nonce":"0d373de295bf9a566712f75f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"7680cf6da89372ec80d6b02937045944c09e2567d1522556920d45feb53b4998a849974c0d0782513236a1c63e","nonce":"0d373de295bf9a566712f750","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"b4c324757226579116b5e0476e7f1aa14ec873e0ce465ba59c175cb7a3fab1adae12abc1acff8b796bc2c2b242","nonce":"0d373de295bf9a566712f751","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"41f7701971b0f9a89d0caf576d341916d65a11642a3da8308b94b00afde59a53"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"972298bef03317db96271447ba87248ca6a7d9270cb1208d01bd7b89d00da436"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"d1e62ca9414a1bff14eae1260a0d7ac0d2fa21b1e0eb19eb54408c1fc0266797"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"3bd9bd2d1509a765c349e722ffd09be5f5e7a8de6cddf806270506be934fbde2"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"157d2696a7e5013184a64704349fca3916326a9f0ad20216d8fca58b558a201c"}]},{"mode":2,"kemID":32,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"5951aea8c8e7dd572e64fa5777fc9b98990767bdea3003ab03c54ea97d47d8c6","seedS":"f580737d45dc0af2b312e1e7e07a27cdc5e1420cedde37f63684c92a4896a733","seedE":"cd30841dc219f996eeb46873cae7a744b406c4d41902db3e47ca2b218b1c6a8f","skRm":"4496dcf5bde2d376f8bee1b0c2bdedeb544d817d3f13af9a0df927f72b939168","skSm":"6e162667b61ac1eb927ea2fad369d048906f3e89ef99503546140e31e721c815","skEm":"4a9ad7b20ed7e9a920c9b2129367bc1bd0c18064c0b629c144a5ad63b9993fec","pkRm":"3b70707dcf565a639ac6fefcf87ae7216d585121fd1a044c42c0be83c533ef7b","pkSm":"7f3e4cd5f73dd4a9abbb1a8131b47135a272904f805f9f6d2c9de7d0157acc71","pkEm":"354bf7021970c1867c2794b6ca5b5429fbb021c8167f771120027e55cd98ea33","enc":"354bf7021970c1867c2794b6ca5b5429fbb021c8167f771120027e55cd98ea33","zz":"04bd840f269c645f70ca2e46cead24317934bddb161d33d410ada1b59c233f10","keyScheduleContext":"0247373f05d58573ca241f94c6c6cf7457d4b8edf9238f310cf1ff672d9f1e6cf1249f2d1d0799e0a1e6fe5c516e05e769250040cdb2b78354a488cdcc2c1f17d44c0a2784a97b2ea34e6f2672ffced994ee825d2dff0ad1485955852e62f4783a38ea6bc0353a313cf8f12683b97d0e1040d203bb2807982dbaefe5b5ce3001bf","secret":"155a2812d942c64e3f2f6f23c41b88d0db779c214f875b33b595002b0ea98e606397a098994559d5462db0ffcda68b69204968be1a2d1c08a90887a4883d04d3","key":"f2eedd8b91d4176ba43109e371a08489","nonce":"d99075d0baf29bd83daace85","exporterSecret":"287b7bdb571c981ce6f252dae8c6288a2ee8d75e70b8f6f988542e12e36b603cdb7e67c6c6edfdce8297b7a3b57a2586ddcd07ee05330ab7842099dd09b79476","encryptions":[{"aad":"436f756e742d30","ciphertext":"7bbecbe1236ea2c457eca642bb2627841966714f1bf94d50921d0f8cd2385919af6971eeb6727cbecd1ceec1db","nonce":"d99075d0baf29bd83daace85","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"664f7435017f058f78c80f0ca503ef72456f3b623be29e4c59704905d18363d15cfcf8b521051cfea33a31a3e9","nonce":"d99075d0baf29bd83daace84","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7849ed013aec42e039f5c3b3689454214728690306967334a95a8fdea452b2ea5c83226ba69705352fb020c1c1","nonce":"d99075d0baf29bd83daace87","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b76657a0e9bb04d3559c8d80b860ef88efaec9832997c2fb4fe938ee297bb8e3c66d1d77cb8766c8a3947d461e","nonce":"d99075d0baf29bd83daace86","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"4c69d2c004127ccd7557879e5dc8bc466caee7c245f6af0067f9c36a72e7bc98ff2c49790104be8d5ef95ed3ed","nonce":"d99075d0baf29bd83daace81","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"c4f3212eb0ea2a1f5449a0a18b3800dae5367710be27cf1d8033fdfa0e53693bc2ab43359fb3850cfca9712abb","nonce":"d99075d0baf29bd83daace80","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"223491b4d177ef7554837609e363e6971a1cd385595e07d91f07a1e1cbb2d764eb5506af4353ee9e08d0aee3e1","nonce":"d99075d0baf29bd83daace83","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"699ba396da00bb95788876d178725b740ad844e901f62d616d8a9804da9d4df9266077a022e295c7cf344758cd","nonce":"d99075d0baf29bd83daace82","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d96ccff3d0e6b3401124b1673a8090cdf9bb0ef32d0c5094fe8ed0b853f8f14f07f5c782b0139128654d17b43d","nonce":"d99075d0baf29bd83daace8d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"dba5e1624c7531ee02e453479f6ad574fca45bee0c64cacc582bc20609c6469bb3f1a7a80db2e35f28b774f664","nonce":"d99075d0baf29bd83daace8c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"b0533fb03a3887e6ebdbd77f92d978dabdf74a9d51bd4b1b30ccb5c0dd62ffa1"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"53937a3e9dab6afcb32d298da617b71077987bfabada015d21f2af1768b20b2a"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"91480c0bc1437645db171cb10af33fd01b747bc59d0549aeb72b54a4ab139453"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"f48e028b7a42ad220318af5cf66c29f76b8945a570618777bb7f027f729cb977"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"4a1f65ac21b2ec9b72528be575d1c7fc8cce055dfecedb546643296bb46a8969"}]},{"mode":3,"kemID":32,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"4ec2af02876dc61838cfb84767e34bfc97bbe4e10da8b5ff6e7fc0897f25279e","seedS":"5b445ea3cf854e011da46c1d99a04a79362aac3f4dcdbcda47debad9ebd9dd8c","seedE":"771527f082d024fa1d38fe4f5b7514df02f00cab4c08881b892a7b8dab86aaf2","skRm":"2dd8a9dacaf7a1311133b8a74120a79da1dbc04d4d5d890bad8e1c8614e7a290","skSm":"2c70cb5b12134300237a0a894941ef36034724c0bb7d05ad880287b268032e70","skEm":"f93b2a38f54a81167b7aea6064e1ee19658778b94ef38577f006ccffaafd7d7b","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"2e279426e6aafb838478bd6d43a839b87274b00b26c5e883be2c3ac3ae45d51b","pkSm":"d37ef27b3756ec8b332f3d9fb6f84de277d89719e642bfe38676f65a05393915","pkEm":"5a371253518c412cdec154923c927c15c3fa7e245cc6e312625e8dfa4e3f874b","enc":"5a371253518c412cdec154923c927c15c3fa7e245cc6e312625e8dfa4e3f874b","zz":"7ecbac1b4813d8645cf5bebe1438f3bb3dccf66e9873c3aef6a0e10e40aadb2e","keyScheduleContext":"034641f79c7b30a1db8d6b3e8336a1bf2266f1f59c9f220f2af51aa82ea91fbbb8921cf5443fc333347188ebdb08e44099cc35d0a057b0d9d37b974933a1f213e84c0a2784a97b2ea34e6f2672ffced994ee825d2dff0ad1485955852e62f4783a38ea6bc0353a313cf8f12683b97d0e1040d203bb2807982dbaefe5b5ce3001bf","secret":"68627f6c4525bf14c8a46d210b52892f662d06ef86151b7698dc1bca6e657a42d4e77e1ca52d0907d29a4d5ea004f937096b6832cacb99ddb8269efca27ae5c5","key":"d10f60405606f3b7bbd5bcc235caacf7","nonce":"02bb70245959fd669da1e195","exporterSecret":"47441cada4f5959b253df4e604af89af696da700b5e4025931870bee5315a87d5e073ec5696a8e4935ff69e6d99dd5eee1a4ac6dd3dcd74318f7e8fb19c613b7","encryptions":[{"aad":"436f756e742d30","ciphertext":"f29e2721d5c0a868c1023ee0081f46ae202bcb32c51941cb1e7513f96df8785ede67af4a4ce3e4852c9953b8c5","nonce":"02bb70245959fd669da1e195","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"47d08f648b07d8e2611e34c9ea08f3c3b10eacd885998045909d0d0bf4fcfdb0c7d750bda0f8777f1d50d1aacf","nonce":"02bb70245959fd669da1e194","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"06c5b6666cdc9eb6878d1de1c5278f6846608ac5a3dc24f4c9da674f1ea2434c8367e0251456af35dc589abd6a","nonce":"02bb70245959fd669da1e197","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"a0a3ea4e630081dc01662cd5e661bae55e0ea3278653d1e6c64399e189e96aca789e16daf4b78a2cb219c19507","nonce":"02bb70245959fd669da1e196","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"3b7093808a3e0b076d4511452156ddb281c11805f12866271ca2799247bcebede52d3df8ced963fd940bd6fa7c","nonce":"02bb70245959fd669da1e191","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"031bd6c95859e0a90b42c8eaf7934984de8b5d2a9ceaa9163f65cb27dca5e38753c823bfd42a8c7c4b2c8d7415","nonce":"02bb70245959fd669da1e190","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"4db8309a9f56032beffe2739e2b15b2b2709ae2a4d76bede4f1b2cfceb0dcb8169e3b6d0055191bd00d0a0ed23","nonce":"02bb70245959fd669da1e193","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f1a83bc13b60a14e47481a6620afc91429be537dc01ad94742fa11b931f2123f6e085f7e99d8c878129c8b6e46","nonce":"02bb70245959fd669da1e192","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"7b421ddb3f66bb2a8127e103c37e9258c2b99c6004b724fdbd6e27eb306f3dee04c7d54def3139116f84b0db3e","nonce":"02bb70245959fd669da1e19d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"7bf15df203fdf8e088b888ca42c1b13180a06f34322dc3cfafcbd8a7fc3a313c879b870527aa6add32c7008f6f","nonce":"02bb70245959fd669da1e19c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"3dbf85ef0d93ec5dd8134ed96ea54da09caf4a00841f852491c6c025c7928474"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"ec96a5286bbd38f70118c371aaebbca8f2d5bb4e10b44537e935eb79ff4c7ee9"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"a93118f7c5597efcdb3a60fd92f25ab52d44cbb8eb9535146d114ab1ca2a213b"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"a996342d8183f1dbce4fa4257998c4f4d301609ba33499b6ac528a14ca307f32"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"2d5f6e41eeeb9ef698e55fc2d742139b065426a9b25001d90ada1ca342f8c16f"}]},{"mode":3,"kemID":32,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b6c5b1dddaaf1efcd1738ebb0132b90a5a5d12c2c4cf9c3ef990ab1172bac605","seedS":"b74563479cf37ffff6f5586b5611e5d580f56c9bce82ff1af73cd8431f496ce0","seedE":"607d7f32cbccf9b52d6bea8be53c8930f7803658cc3cac6f0e0fa5339457003d","skRm":"fe575b7bd1bc492426d0698585ebba65d00798197dec5fb5878d098dd5c7f92a","skSm":"e1c6e76d0cc790c1ee47c465048812d616bb37563708066d33f14b16df138900","skEm":"252cbe6ae4ed17b993af7e7b3e9ddf025fdedb99033ac0ef3d4ee129180394e9","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"2805f90fb91b94086dcb4cbb5fcbae268937d5f67a2822447449698950d6f00a","pkSm":"3a76162f29a4aad1a4c20384a2ef6e781fffd8b82a4127e7708529bad744165e","pkEm":"db6b8364c3083fe8290ec0c51917f803e53047207fe0957c541c653c4ac9dc4b","enc":"db6b8364c3083fe8290ec0c51917f803e53047207fe0957c541c653c4ac9dc4b","zz":"595796741df8fefbd6c670c10699d8ea8b44b1674284f0dfffb3780ac5012e36","keyScheduleContext":"03a269fe1daef9ec729965db5bb2ade11b73184bae52acb8bf4ef8f5a9afdd27e2455eda372f6c3726ced11901bdbe05392daabdb03c2c375ff04873a577cf1c4bca1c1140d8998b560025aa13564984843b6aad081ac096963d5d8241af0cf321aa3f187b7f4e4c3e5bfe31eaed257a6d6359200d59eade217f9179499b190b0e","secret":"1258c35a30a51710deee9a741f9f1259130bb61c0aa45789d1233bf2de004daca0d4d8dc68efae236c6c51ba69491f8ad528855704364b3b4adf19f0a25facba","key":"2ea37ff556629b93f2667e1802385279b475ac1c7246a570b32d073562ef2452","nonce":"1ee4d7c663fcb61efc81e4bd","exporterSecret":"80d75fbedcdf7e966393aa0dd9ddf733f4b8efe2dd2c56c8a02990cddecb6c7969612a65bfde9ea30bc7acd8b573a4c01a3f6473ff9676ec9cf61b0f7ffa7d09","encryptions":[{"aad":"436f756e742d30","ciphertext":"7248425fa67da8bd7a9deb328738826a3802eec3fcd5d4e5f9ba112f1dede62399b1ae55ab1ef63ebccd75e394","nonce":"1ee4d7c663fcb61efc81e4bd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"7b2fc0579b9dc20d2a5fc787f3f4295a3d722ef77e162822d80846a43f3859b856bca782367163f20c4eb41128","nonce":"1ee4d7c663fcb61efc81e4bc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"903d53835a29d1e8ded7bff32d877440d742853d8e71d1974f6055fe4db003eb7b79863f675ed2150b0e098ccc","nonce":"1ee4d7c663fcb61efc81e4bf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"869726eef0d15457ce7463d73ec1ea3eb3204e3e69c010eea86143f4fe36374c167cb002a3ee88bc4ee94317d0","nonce":"1ee4d7c663fcb61efc81e4be","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c29e7b9d0626b38703aa9d4d96c44be6c628d9d69c89193d8fed0bb6d1254ea1a48de43f2e9c567e87a2b46be9","nonce":"1ee4d7c663fcb61efc81e4b9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"862752d5b0c803faf7e1b6415741237ad2e96cd3458611a1989a13fc68fcdf0fd63b495b71501c05f0888f58a7","nonce":"1ee4d7c663fcb61efc81e4b8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"b893e68844882f266eef71dbfbc4fd1566f48826af30f8ebb7e5241ea4c78e68a48a078f3dd5ff71a6beee2639","nonce":"1ee4d7c663fcb61efc81e4bb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"21c3b3840fa255f3011175c70f74e0ce18d5fc0918957ab07151193ac6f360ec3fdc9afe0fb25e6cd2402f1e06","nonce":"1ee4d7c663fcb61efc81e4ba","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"26e1bdcba22e42f81040fad835a820a28f74a6597c51b62c2807e5bc9f31b78f1001a32282106a07ee079f2def","nonce":"1ee4d7c663fcb61efc81e4b5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c2a79f8c35b4d71d6f68a6cb0c9cb4469a7f292cd44783b2411ae39b6b516d53ad122bf4074be17c4a2a451d23","nonce":"1ee4d7c663fcb61efc81e4b4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"00d0633db16a0b52c3d586ea6e3b8a161437ea61b0653f39e71509cfdd0aa865"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"94e0d842d9169185e80a741a4fb069f2b98742d122fae94986ed112aac017159"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"62943f169c344e17db4fd1879a8dfaa844bf951fccffb196609d4124c501fbdf"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"a2e759df596434105a942628915dc4186434e97a517575f160ab3b334ddd472a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c9e6c59365208a485b2019e67cf2e29a801c1375ecb155bf8ff3c0029fb2c08a"}]},{"mode":0,"kemID":32,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3b3e28ef6e891e6ade7e35ea5d27b4745028a5c8580aa33b9bca78b36b45cbe2","seedE":"ddd46e2926c3cef422515b139aff5e6d45dbf4cfa630a355da967d0ced009197","skRm":"7dddb757b5c12c7c28b4f7a7e3f4d10f5d077e5d410a66997cb4e73b69e824d7","skEm":"089af845076a811768c8eaed47322755f47f4907d2610a1629893d6e1143acca","pkRm":"ffe3129f906112823ec1c619e0025f5a44cd5a93e0807c61c91336aa22222f6e","pkEm":"9bf7495a8ed10966c9f285170ce99ee8aa686095cb1f44500324fae45aba7953","enc":"9bf7495a8ed10966c9f285170ce99ee8aa686095cb1f44500324fae45aba7953","zz":"2f278c4984f76ff85ba7b971fcc4ddb450c7ba3f1b583437ca27794b3b586223","keyScheduleContext":"00ad749ac8921777cd850df5ded8b93dbcfc0bc07d3b20053b47cb9706bd7791bad48cb637cb7b83dba58556623b472c5963e6f273351e934ebccfcea136f4a80aca1c1140d8998b560025aa13564984843b6aad081ac096963d5d8241af0cf321aa3f187b7f4e4c3e5bfe31eaed257a6d6359200d59eade217f9179499b190b0e","secret":"5778e69431793a7fa9a878c5aeb15ced5a351da2ac5cdda349bbcfed81807b8890e8bf7bb1b372a9b5de66ecca95327ead06a3a86bfabc85919144ae669d6f0b","key":"6a6da10e065acbbe145f814db5013da0add3ebe87ea4eee425c1e2c83a5b0a28","nonce":"a3050767f62c69692ba031dc","exporterSecret":"b48eddb2737950e6011769964fc5e6479a72f4428150ef872812a3d4b24c6ed2cb0491e9d6c600556db5fd25d1410c9ef3659289413de12572b4e6f958633c5b","encryptions":[{"aad":"436f756e742d30","ciphertext":"b2263e5b1651fae482259475f2d71d5a95e430ea360c88cfe656ef8cef6a97fec94d0bfb996bd794a183269368","nonce":"a3050767f62c69692ba031dc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"b502c5fb389b8c128f58065f6767063132c53a401300679df875a1688f0d05a0b2e3859add4fe82891356690c8","nonce":"a3050767f62c69692ba031dd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"a0afe304ea046340a3c8c8806f227a2ad6d8a48b583bc6a766af0cd0b0231dc3806d597651b5805cd9062e1f87","nonce":"a3050767f62c69692ba031de","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"75b462e185cd1af728b4853152379f59af8a29af409a206c9d63b02042089d28662eac4d2af800138bcc52cd34","nonce":"a3050767f62c69692ba031df","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2d6a758ac9da40a3a1b965152941bf58602f56e12db95636ad5d9c465a1872884e795ec232bd591ea804829458","nonce":"a3050767f62c69692ba031d8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"dd2e30e1c9b30a0130e88e96239ade666961a8de16d79b75d638ede224d662509a17404e7479097c1658921047","nonce":"a3050767f62c69692ba031d9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"bc20bc221ea15f84e41774bc11b684f074d414be09659b147f186891325f7d52b7d19ae57d9fff88cc4ba825a2","nonce":"a3050767f62c69692ba031da","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"6ef4d0678cf026651f56c53719a678b178105e1a791051076f2567364a536e8aac76bac03178b2276337e12320","nonce":"a3050767f62c69692ba031db","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5da431e3723f549ccada9d122ccd127b031c9a221c7bb360e742e7c0f68fc81d012df7aa1c6181980ce793644c","nonce":"a3050767f62c69692ba031d4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9ba2c8e0477d370d71b486c3f52a9f9ef99d7e8991eb50b2692d777e552801f0a7f7deb8d0567ca8575b4c2331","nonce":"a3050767f62c69692ba031d5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"9fda6d97dafe3768680d87a5e10fe251aa46693329ebdf56f49b3c467b76e9c0"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4c9e496f3265a28a73ce85b3143a5ffba3b55ce8025d735e9ed39aebaab80efe"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"2425dfcdf16879e51f6c6f3c0d0d0f814d132ad575ce416b7485facd34bb42b9"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"51f1bdf3bf8bce5b10b76c957034ce3630fe7fc1be7c00bcec7e837ceed2f3cd"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"80ad324b3e7763a7309ce0615fe8bb5723065be5aa7f68a7ca9e3d3a76c0a0f3"}]},{"mode":1,"kemID":32,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"66a0d794ddef06eae4557043b7e1d2f297ad37eaf66e13bd6852eda7513c6fb6","seedE":"813a815b1cf84d05db389a6eb97414eb156724c614a2755e7308e6eb08e05217","skRm":"8923c9cf4177fba8f606674949ed5141bccdbd2a8c888a98521aa644a81f4527","skEm":"cc0b8b104b0ccf21c9ec15f341d3b120935f8b320303c8535132813673f17c76","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"729e391bb90d127bbb00d67b1fe3bda8294e56d252523970d8520f36567b8265","pkEm":"8e8155f4537a5d2d08d7f7b6b2cbc307b9f641df3c4345b161d780d3a12fa417","enc":"8e8155f4537a5d2d08d7f7b6b2cbc307b9f641df3c4345b161d780d3a12fa417","zz":"9f32a407f88c910bc7fe625ec7f20fcef5660e7b72ae6fff99e8e04db344d2ba","keyScheduleContext":"01a269fe1daef9ec729965db5bb2ade11b73184bae52acb8bf4ef8f5a9afdd27e2455eda372f6c3726ced11901bdbe05392daabdb03c2c375ff04873a577cf1c4bca1c1140d8998b560025aa13564984843b6aad081ac096963d5d8241af0cf321aa3f187b7f4e4c3e5bfe31eaed257a6d6359200d59eade217f9179499b190b0e","secret":"60dcae9c0541dfe7ab3487debd23f76976157eac6d9ce85c8eaf789b89f92977d3fc91d04902d672e78d1ca873b9b35a5fedfd961a3da253f824c4db80ece379","key":"6c12a6b3ccdf5bc4bc9205514e2fab54b0133a9060cab83ccd4db2de610b350e","nonce":"1968ea8a81118bbee6788079","exporterSecret":"b123193f5b8a49bb4744c6e93a74085ad865136481f3d633a79e3f4e1efd8407c1f95440fc0ceee04207c6c767fde1b7af89bc6862618d82bb8738d24c71d973","encryptions":[{"aad":"436f756e742d30","ciphertext":"cf58e1f69a41cac1dfa94705a2769c0fe9d0cd2766ce60a1efc423f13277e862798ae80db3e2e4035b850146d9","nonce":"1968ea8a81118bbee6788079","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d97ce971fa76ba344a51eec5ed62178ecf1fbe036d521b48e5c5df31426891bedce0f7c5001a421382b100b17d","nonce":"1968ea8a81118bbee6788078","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"247cfb7413223e216fec4cf544496070480460ed25ea9643d622feb31ed6df09cdef3ff70f3d943d297e46d2d5","nonce":"1968ea8a81118bbee678807b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"3d79106fbea5cc72241ed2a76699d93991cedb35184dcbb9f1dad7adef0cfe7f6039230c5e7603cc1eabe4e578","nonce":"1968ea8a81118bbee678807a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"7f97b4a758bd14fa84bbc740068cefb626aa1b55e988631067e8c3d5bb6ea98fec836791ae60069996497390ae","nonce":"1968ea8a81118bbee678807d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"179817a120e687f131b69098a992f92b280150165a50c374424242dd773c2a4d56923180a32e101b87d6fab76c","nonce":"1968ea8a81118bbee678807c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"5d65d87f20cf3e9f9397df1362d6207b45a5bf75369ed2748e3c37205925349ad5c0b867cb3ceff90c21c0c031","nonce":"1968ea8a81118bbee678807f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"3fa9e1090cbb846acfe671ee4a922262f921e19a1a8c093cebc3f30eb228437e15087555f3b58996c28e1c4079","nonce":"1968ea8a81118bbee678807e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"2a9c776d264ad0f9b2bc56bea49d1a27ae66b0a1acaebea1153c06e515759027f9451ee7d01f33aa61f39f8e46","nonce":"1968ea8a81118bbee6788071","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"6b993f0df1a7ed6e8327b0fcddb85e4174d52f762894f9ed14a9d0587235da3fb2ddca177ca4cac5d094a85228","nonce":"1968ea8a81118bbee6788070","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"87459c1f9f95c243202d5b1f8a31adf397399b9bde8b6f606a2c0b7858cfb663"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"5d3b1261d86fa732345ec120163744eb99087ce6391a55f8b0ef92d0f94a564e"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"6b7062fde379475221269e0ec32f9b235fffe1bd125a50dbcef2807f333ece95"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"157aa526879bf35c1d3db5c8731cc9d54ad6ff4ee14a5f3226ac85d2c3722e14"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"8cd6617c9b33c65dbbb9a9bfe600d9529d929067eb336caab406e7dafd58fb67"}]},{"mode":2,"kemID":32,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"afed55d37f911c7fc7d60d4c340231b70ad0e1edf1897743aedb7dd0ae199b62","seedS":"10013d94bf885cd60d24b0633432028761c60319057f0a12d0946dfd1895ca58","seedE":"f4f03b8fc9ceefcb08b36252054b78d663a11dee0e5f7b0611536871ca84fdca","skRm":"2dd47d8d622835d04bfe35049adb1fa4e16ba7808543ebacd0eab9f8aedbeb48","skSm":"384f3b1f6a321a7ea4ba04a5227d36162784e6ead48d8285c3379bdd35c406e4","skEm":"e137be22ffda4d165a519bbd5c40c36f0fd5b0a2118f8f45ffc84df5dba441f4","pkRm":"741c43d090d4cd11cdb56cc3375eb6358073112ae4688a427a200e0ec2e34f6e","pkSm":"5bbcaf364924996b4581f266b9ba562d9800a551259498b6a27a28e14f313662","pkEm":"80739d2eec999b59071ac79da5a8e8ce7b773c1766cff15e3e512c859525de4f","enc":"80739d2eec999b59071ac79da5a8e8ce7b773c1766cff15e3e512c859525de4f","zz":"a3e14740d15f398177707f4817c3511e04adee4ddbaf3bd349cf511fa64ba462","keyScheduleContext":"02ad749ac8921777cd850df5ded8b93dbcfc0bc07d3b20053b47cb9706bd7791bad48cb637cb7b83dba58556623b472c5963e6f273351e934ebccfcea136f4a80aca1c1140d8998b560025aa13564984843b6aad081ac096963d5d8241af0cf321aa3f187b7f4e4c3e5bfe31eaed257a6d6359200d59eade217f9179499b190b0e","secret":"7377039c58d2566bfa0b50583120258a9337b84351c4c42ef7dbc3b65f48f6fee024cd503aaa4603ec717e9a3283991f3b44fdf95450c285e02181258a98ca64","key":"c118161e94a45344b5c0b9b03605002ed40d33da0f706fc5966b96c3df1a51e1","nonce":"d53d1e214d7b3a92a717acf9","exporterSecret":"a5d6555cf8c9b190d1c5933b59a1b4c3c77846ffd625e361fc87cdd9acd36b9a017ff39be3bbab9f229405c4120fb6d1dac71c6180dd6396010b46384743fe75","encryptions":[{"aad":"436f756e742d30","ciphertext":"94b5fc21f394594575cf0fc979e2cf5a23ac7e74c1ca4164e04699b7da9b00288165ee547c6700e52fb8274ada","nonce":"d53d1e214d7b3a92a717acf9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e8a282a637b8913cb1e5e8de5ce1b56c883c75a7a6195b7a4c8b3eebbafd8912a379b9de9b4f226cf15a7d6c5d","nonce":"d53d1e214d7b3a92a717acf8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"228df2de913bf74872ff0c7d1ed79049ef4e1b93398a84779ba77c66407f883d953fd1e4fea28fa223b1816a61","nonce":"d53d1e214d7b3a92a717acfb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"82c60ef7b77b801e088293acbfb526b5eea3fda3e6514500308f9a0590cf6e3744ac6b821c6f1cd9c7a5d2877f","nonce":"d53d1e214d7b3a92a717acfa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"908006e11b9f976c6915ec306bb31da0fbf4d187b166821c2dd24091588900240f0229e1e21dc4d79af0869d64","nonce":"d53d1e214d7b3a92a717acfd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"814f4b187db698eddc9e17c9a620cae0340f5f30423bb51b5dc1b3dcc4cac454bdb64804d36f9718fa00c44097","nonce":"d53d1e214d7b3a92a717acfc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"d518dd8764b0b8fd41a1ed175bea66a07b825f4b7f8c81f0bd319030d22cc509f7b07150f6951eeea8f7658ec2","nonce":"d53d1e214d7b3a92a717acff","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"44162068342ac202e2684464da2acd80e5ec8e358af9b2e6d403741ad08c0b5c0ea22f729936d0bebb9daa3e5d","nonce":"d53d1e214d7b3a92a717acfe","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"abc1748c92d12298e77a6ef0f4a0901b694bcd8dc291e6958f089d2916d9cf0ca72ba230c4c042f757292510cd","nonce":"d53d1e214d7b3a92a717acf1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"b1463adbf4f763b00a93802e121ed44ddf3cb02a4dedfd1b6d5678ace54baad88db1a7cf2d37530a03aac4e0a3","nonce":"d53d1e214d7b3a92a717acf0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"436e07ad1044210b96c494d0ce803a83cef752a13ed6a2433eef3b1a8282d865"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e53b178fa95d18a313ca7fbd623e443428b25f7f44b66b45131c02828c8a84c7"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"6f201bd4fe194d95b3b784dafee7b723ee4d2eccc06359ec49a256f4f6429b94"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"7af9608c172334f22607326a686ca31cc1a84d45d462f494957c792766de80ed"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"3a264ca692d28b501e3c249df188c0abbae7420e2d881740ab4f81e5fa14ae57"}]},{"mode":1,"kemID":32,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"8f2b5fc392dca9158310611805b0114f1779de773178d98e6baf04d2a20f7c99","seedE":"edc699c6ed92cae379d7f3981a974070e8ca25a479ccd5b0e1e03477acdd91ed","skRm":"e665547b8ca44cbeac68a646a7238f03201b6aa638545ca5653272fe5b761002","skEm":"14d22271b302cca6909e81fdf12181968486f3be9b2a4e9e05e1c38d4a513aaf","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"f6fa86fd9b2ad6052f42d054b626f45d8a38ea73cd0428db99072af9aa862e29","pkEm":"67d495825d626087ae3151831af00754ba24a46c528fa4da5fd4742c0d046933","enc":"67d495825d626087ae3151831af00754ba24a46c528fa4da5fd4742c0d046933","zz":"253b062d81155957ebac4f3c9e4103fb6d68db03e942d9def790c4ba8ed1029e","keyScheduleContext":"015524525a35476a768bfa4c6148bc0a1c6f4d2236e85323808dfc1b8b11e4f2668558db7e9b7535318bbdc44394b85e79c3e064689ee02a6bcf9dc5b51449e06714f5a8d3337d71b5cac2996e7994b4f15bc6804c6c85b5ba753411b4a37c3324047f2f20465ca57bf005f3ec6c8371b8b7b290edcd975264402b7175ba2a5b38","secret":"e2fedf63b7986cd9e3e104c103a80635db331f62426fb62a6266c1fa58595e8cb860028fb65d1c49620d564f15aabd8d26a3f840c0238343e41b955df47d6587","key":"5dd4629e9aca99acdc26646af706e27190e50dced12b031e199f4f809a1ff754","nonce":"7fdebd4f940a34369f0d84a6","exporterSecret":"13a910fa210aaa0aae141a832dd5c324da18ead54e464334504facf2f92fadd2678e5d1e7e801d46d49f77401247a7615aff68157ae9f8fcf9518b189bb6f667","encryptions":[{"aad":"436f756e742d30","ciphertext":"2f8f8fb9d8c805e79e31a5cc3d4c99345eab7629c262dc328a5dee51ad8dbe82664dd95463593cd2df12b24e70","nonce":"7fdebd4f940a34369f0d84a6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"8d886778c4fa50badc821ca669bfce7da8b1f2a2683be2d2d3636bdf7e11638655d3da815c855e83d6226386d1","nonce":"7fdebd4f940a34369f0d84a7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"e6cafb0adcf68868a8d57cc9bd5c9dd8e2e15d51f135db10bdc043c2e89363b3f25f7c94bfbe09415cffc00a4d","nonce":"7fdebd4f940a34369f0d84a4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"17ac4cce8fa4c0b36bf104b5faf278dd32716f08d8fadfe2fd2b334d4f56076259af1b27a605b4d6c657101ddc","nonce":"7fdebd4f940a34369f0d84a5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"deb2186e3540947e689d09064c1b02564a311e54033b51bd3406a7ce6368e9f512fa7b4e1e1d683ba44d01276f","nonce":"7fdebd4f940a34369f0d84a2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"9bb0c2c4f1185710195c3cab991e8651bfe2356fe324018d88ef0eb9048b7b46cde2d297bb21a9527f1126601e","nonce":"7fdebd4f940a34369f0d84a3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"05f9eab15ee6fedaf8a19108b0945edc5906cc2e352125d225e321d2e94434b65526a2575ae7c6a643892a5346","nonce":"7fdebd4f940a34369f0d84a0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"ed6ea76e3b526a0fad3b76805690812348a9d284470ca4475edbb4082170a090f24a7e4526c5b4c15f591cd256","nonce":"7fdebd4f940a34369f0d84a1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"2741bc1e210fb692f107a00cd5191230ff6177bea2565e50ac4b33ec8ac01bfb029206787d2aaee3ded10103d2","nonce":"7fdebd4f940a34369f0d84ae","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c4f8b5e5d611ad5ed48054f85581a657ffd581cee7f779715bb16a466b35b7040b59e62b2a131b13907d990ca2","nonce":"7fdebd4f940a34369f0d84af","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"ec23384de0d5711a0819c22fba3b58a8d205177832ff205ff132d80674d1d724"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e03236ad5997fee0fc66f74f437dee7b1f8759ff37bc9476ee3151ed5c3c7c38"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1428335a465feeab4cad0e5edbb9399117ddffa2f00090c466f78600f4ec799d"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"bd4c6b587e0e0c1ec5b08706a1a85504acd0c24ddce0e64bd6275f29e73920cf"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5dc3abfb7820a892ee44d22f849489aa6b87af5d48c61e2e630d6a5a3d7155e2"}]},{"mode":2,"kemID":32,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"29017ae37566fb79aa2a67dae036989196068fccdd45f1bf2953724fbbc9c58e","seedS":"e9d9f16d3df1081da28a4a6cd8a2adcc60f49e92e1da3d4aadc1d08852b55db3","seedE":"476c60855c5965f3c0b10032957d1f6ad94c403af227b3613d8f4c787e1cf62c","skRm":"46386e9a27bf29d21b0ca32b1d17e6a3738ba8468894f2c7fd91311daa90edd1","skSm":"0c4ea17a0ad31887704bbb3753e75ef963757c3ab7d7406cef9438653ae76a30","skEm":"d0bf7f10252535b18f421176957cc8939c2a4609fd545a8d52a36078553857b4","pkRm":"ab6eca02efa79b64554d8c8ed4a595146396e211ee8064b1c4969b51a7b78c7c","pkSm":"753250e77dea078e6ac848ae241443d77b2746d664f6eccbfa1e0619653bbf38","pkEm":"fc3dd2977f2fa74772114c4ef33b9471eb6398d06604c10e968febd75349ed53","enc":"fc3dd2977f2fa74772114c4ef33b9471eb6398d06604c10e968febd75349ed53","zz":"1fdb8ad1ebe887e7da1c07928639ba8c371d8ef868cca958349ded14c6bebdcd","keyScheduleContext":"0204d657eeb1afc6c88ba18abd84b299d9e3d946298a6419684ef589063085bcfab58e1b9810edc78099ab8b5ce0afd032dd1b7bce92bd8efb321612ae00a4ef2e14f5a8d3337d71b5cac2996e7994b4f15bc6804c6c85b5ba753411b4a37c3324047f2f20465ca57bf005f3ec6c8371b8b7b290edcd975264402b7175ba2a5b38","secret":"5b2a9cf84c9db114329deaccdbd127f967de5a88f3c4156519c27c7b82bb106d00ac36e88550071d9ca28b6eebdcceeae9784583d110af536113c49ea174e5c5","key":"dfd33b2f35e225addad4e1dd346749670e599f5acc7f153e985726ff09e49ee8","nonce":"938d0cbd4b175a5649f8a331","exporterSecret":"6294524ffb3cd9edd80a3eaf945667f3bbe9abbb7e8d3a5ddc125a18bd095c81f2d828abad0e0e8f856d50b48a5ac100b2052e35e08fdb1fb693304e5d024261","encryptions":[{"aad":"436f756e742d30","ciphertext":"ca19350649157e779fc082db376db407136dbf1fb7fdecb970662f61e200824d680a82f4d51a61c40f1a631f23","nonce":"938d0cbd4b175a5649f8a331","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"1d703b6fc01f3b18ed1960b0be6f7f94fbff1dc7146eef840c8afe1743dfbca72ce23256b4ec63dd2606cba75b","nonce":"938d0cbd4b175a5649f8a330","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"f6687a90e286ee8700d1577ec3ccdca6d6f0bc4cb5dfa11cf0fbbc5c11535af3a37d11d0c384d437d1b19d5d9f","nonce":"938d0cbd4b175a5649f8a333","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"f4802da5eefaf8fc5cfc7e0892ebf1cd3cb8e4b9f8bf5d8e0592b697de0f8a92cf9f8a28b55cfb02ab2bc26ccb","nonce":"938d0cbd4b175a5649f8a332","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"fcfb9f07424c83ac5f9a069e952e914990a7e937dfb36f33d30fe18b3c952da73050001dec293104c66016427a","nonce":"938d0cbd4b175a5649f8a335","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"fd5229fc91dbcf56a7b98428298fac0ba3b6c2c75dd15cc8a608dec091996a563637bd10d0c7d241952f49abbc","nonce":"938d0cbd4b175a5649f8a334","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"5bec238075a3a7b5c5b6d78fae0d1ff28d31245ccaf0fb21d98274cc977e7bcdab6fb25b9a1e084790b128aa46","nonce":"938d0cbd4b175a5649f8a337","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"8f23d8749ebdf199c40bbd54e158040a8d36c3948c425163a6afb708145bb2f94dea570b69d167fe49074ce430","nonce":"938d0cbd4b175a5649f8a336","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"3ed94bd853ac34951a196886df613224f659ae6d87ae8741ffa9ce1bdeeae18c80ff93a81c2c4dfeb3866a7563","nonce":"938d0cbd4b175a5649f8a339","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"be5191e6459707f8d36722731557ae2244d7771361ca5b3a4c8a189be38972b3a5a5ced55c7a39d597e04d0093","nonce":"938d0cbd4b175a5649f8a338","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"812100ba6a09e878bfe6cf9930d6ff316816cde714b97329b393c50f291cc96b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"2df90e298a4eedfbcd12fa693b68a4a45fb418fed1b572c1a66f34e30b8345c8"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9e34e4dc8e73572420d64ba592eebf2d0ed8aa17879f3dfe04246d3ceec8cde0"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"138fcee734cf8b975d5c687b460c6d74b7999f13787d9a087f3916e175cd2b5a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ba192b730041afaad06163c6984f0329c159d13cf3a8a1885749f290f323fbf4"}]},{"mode":3,"kemID":32,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b7c833f0fea82c5800805aae8bcb8534e28cff89d3e1e9fd6e4cd4afe3ec1712","seedS":"f5be3df47090bae362a1c9279cf5bb4ac7828adbc8e16b4fabc6c17ae340a7fc","seedE":"a7c19c1f4d24b2c0ff88ef50c88c9ad47272d1b581881d601c7edd8de967b3e9","skRm":"08d2de3bbf0e77524de2870e225386f8dd31d0861769684fe0bdb59fe448142d","skSm":"eb1424100df6b4cd18b4e4f41818d2827b24b36c060c4195fd23fb54eac0c8c7","skEm":"e26aae8bfa87002b30bf95e1801ea5152cac8e083d1fb324223a6fc62412b522","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"e6763d4fdf8f6bbf6000bbcb758b028bbda668c5396141f030c414084f0ed133","pkSm":"2b7a32b69c98dff200999149dd51efc469e10803101e4d8fad27daea97ba0d7b","pkEm":"f573e8f32a03940ab28a129723a393d19dce6700ae26b058c7a2cf657c27ce66","enc":"f573e8f32a03940ab28a129723a393d19dce6700ae26b058c7a2cf657c27ce66","zz":"5080efe9e624173eb70809450e1b3d1f343a291a4a90fd886422f473f389d3fb","keyScheduleContext":"035524525a35476a768bfa4c6148bc0a1c6f4d2236e85323808dfc1b8b11e4f2668558db7e9b7535318bbdc44394b85e79c3e064689ee02a6bcf9dc5b51449e06714f5a8d3337d71b5cac2996e7994b4f15bc6804c6c85b5ba753411b4a37c3324047f2f20465ca57bf005f3ec6c8371b8b7b290edcd975264402b7175ba2a5b38","secret":"7edc6a0be50eb9dfe851f9c276ae380899785d673ce986642a14a45ab32fcff9c9a5ae33583fa7b7194955d49335c08ee5767a66232d88b0550542a1e079b4c4","key":"439f321af9e43f8e04021f7f9ab014d02ed832b67e7c1dc648875b1044be767b","nonce":"201e118daa17fa06d3a21d3d","exporterSecret":"0eb5cdd0f337174b07a71e035a76e1403922f541d9578e26ce370be8d359f9e3fef6da91a8c9d59d37398c9dab74b2bcdbbb20010e1cdf8eee4cf689b838e3f3","encryptions":[{"aad":"436f756e742d30","ciphertext":"46e20b0d89144c2850677d81d4a3cf877d28094b909558b9af4931b51dce8288f41532ce49b2d97710467d84b3","nonce":"201e118daa17fa06d3a21d3d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"067ea1ba8ef5c4809d088c8e41e0595bf02f35b7c483c431204d86dad8421ca85cc389075bf1420a4fe48353e6","nonce":"201e118daa17fa06d3a21d3c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"75489efffe7ad2dca0207a71d0c5b1649d6c383f29e416ba1d033a967462178e4b50a6927d92e6c4fc161a1975","nonce":"201e118daa17fa06d3a21d3f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ad8adbb244758920cc77cf7faabbf254b7002f58588e4dc640099ff2fb12b0ee5a81166cfe6d68753b85ea9d07","nonce":"201e118daa17fa06d3a21d3e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"395066860ffaac684feadf752486cae0431606bd1efbfb7ade65efe5504941b28526e01f99ca68b35cd80812e7","nonce":"201e118daa17fa06d3a21d39","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"8c1cc29f4cc108077072bf195c7a9085bb4b49d4d8b407d34ad9ba20510f395d00143cde3d97910637b03dfeda","nonce":"201e118daa17fa06d3a21d38","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ce4526edcf03014a63f89f72eb03595a4de00718f202bfcbcde9ef02cadace67258d0d6075ba4d4e9d1cb4f0ce","nonce":"201e118daa17fa06d3a21d3b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"8076d1a0ab485a1f32eda6c2771ecd3ef2eb5a3af838bd993c1fbc7e23cb415d3bbb68921179d4f5f0b02d4ea3","nonce":"201e118daa17fa06d3a21d3a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a6b5a90f5e4e618557fa7a255d13c24b5930cb8debe2d488ee0faf818c1c9f16fe15529ff3b0b322cdf36040eb","nonce":"201e118daa17fa06d3a21d35","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"38612a2735f86d911980a6868f79c41f0babdc1ba90eadff1f78b18ebe5362cf05d58198f0befba75c553285b6","nonce":"201e118daa17fa06d3a21d34","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"13f4956760ac7f63d336e82e2249c17d9c5fc84a5785de9aa8032465f5c7ff1b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"41578cd0c36cf5a1aea4b34abf965e24c7d394a6e1fe316bdea91d27bfac5ba5"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"7bd2266106ecba1850649a66359ab87c7c472292d9cba3665cab382fe0be5356"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"5f5ec2f9a45116a5fb738b77faaf521ab528bd2f4618dcfe9ed0a88f3a1fdb08"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"aad132f467b40c90d68f8e6872e39d24d8e906a72f0576da529711f6f565a7ba"}]},{"mode":0,"kemID":32,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"22d24f20f0830d87fc47729c5ae41ab7cac29304e6f46d007a955adad9d36b5b","seedE":"e5097668e431be6e2d9fdab0e64921248c760e68fd565e1360142388803ad230","skRm":"124759e117f6aa5677c747d09a2d82607db2a388a6473647aeb605b66822819c","skEm":"70fe54f14893759e23b4c975cfcb8cbc1ae9b8a4d78a48789a5f47324bda5b84","pkRm":"0b9c41a605aba4ffa30f336a976cf4f30a1dd5e8fdf0d4da0f745a147e491828","pkEm":"147b25161de4080624c11d1cde83d5a571ba17201385ca22302b9509d1101e46","enc":"147b25161de4080624c11d1cde83d5a571ba17201385ca22302b9509d1101e46","zz":"feac9d7b88bf6bde1f0a9d28488ddface8eaf691cfec08a3120140a345b6d7db","keyScheduleContext":"0004d657eeb1afc6c88ba18abd84b299d9e3d946298a6419684ef589063085bcfab58e1b9810edc78099ab8b5ce0afd032dd1b7bce92bd8efb321612ae00a4ef2e14f5a8d3337d71b5cac2996e7994b4f15bc6804c6c85b5ba753411b4a37c3324047f2f20465ca57bf005f3ec6c8371b8b7b290edcd975264402b7175ba2a5b38","secret":"bb217a9ad613299919fbf64b37c1aa54d1f63561bcdaceebefb4f5659bebf10a7cdebc103ce94eef4310bb718b9447042a0c65b23738de4038b06dd4a5218dad","key":"98963d0664e7c6360b83760586ff3292a6d99cc6a8d7f9ef152994b163df1451","nonce":"d120fa833befd667ff8afa47","exporterSecret":"8edce1824416c1c30e98e7b351c5eefd117b4933ff03fd834df8e1dea538946525cc104d4c348700e5b7f3e558d66af09f554ea9c7ce3e2b142d899930fb5c68","encryptions":[{"aad":"436f756e742d30","ciphertext":"77f434a667845f41c5bf5e6e6113484d45fbf7fd61cc36a141b920e4bb5b6ad3a61c67033a15dc495e8595ef45","nonce":"d120fa833befd667ff8afa47","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e5f64ec06a92fb2f81ad6203629d981c265aee092b3e20ddc161e163c0a29d1b9fcc7ddb5dede6d34571406f50","nonce":"d120fa833befd667ff8afa46","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"9252583ed8c5258877afa5dac29acb338cf57c702b03d20130b86234b231e3866b1732369cf6c7fdaace68c246","nonce":"d120fa833befd667ff8afa45","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d5c2e0a633d6786a7d919f40c26ee8a1491a4101a441460d51720ff769b86a71ff74fc9601bd8f4c597d95c057","nonce":"d120fa833befd667ff8afa44","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"807165bdd35f448b9b649ce3ec8a9835836ef88dab28c5a77d0f46bac1dd6f543ebd64bbd7840c860c5a2d1ee5","nonce":"d120fa833befd667ff8afa43","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"208e3adb17a694d567a84428ecf76a562d38fbee827e245eb0e96426429c3a32805f9f675b99a28325c11a9d51","nonce":"d120fa833befd667ff8afa42","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"f34e3f00d1b731786b5b7ab0e4bf23fd8f3889d6ee75ca9de755d22f8e099ef0d92a6ab4d6e635c788faaac588","nonce":"d120fa833befd667ff8afa41","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"fd45de4d582f57bd5228688c0e08553c3e3d6a875bcd1c67e196b94fc6238ddbf69a17186416669b0ee124bddb","nonce":"d120fa833befd667ff8afa40","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"6416f410aa1aecb24c8c17cd9b6eabda1bfee2bd13aa52c5dfc80c482236b99568de15b3543522486dc594dc13","nonce":"d120fa833befd667ff8afa4f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"2bc1f3380dc05ce46a004a679dca47cdc46d25b02662274442562e1f03db3860d1abf28027718cb73a6c2c05f8","nonce":"d120fa833befd667ff8afa4e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"73ceb7e41223a42a3e6661f15530ae494ecfd2c6a9e809c67243a0910ee75794"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9af39f0e6462be9a3efb1fe2eedc6e2d2942c0c9ecae1ee4e8831d675cce6fc4"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0ea567aa2da373a71ff88cc6b91abc8b1dd48baaf032f878a5e6d9335f813003"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ee6ca654a57a66cd0315716d709d4c52f5f41a69249776c13077967c4c418af2"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"50dfd00952f71e8c1bd51ed6acde15bd558c97581f7dc17fe6e637d61e12df02"}]},{"mode":2,"kemID":33,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b3ab7bd5c9105c375142ee48fdca0fc20fa40a0eb785b22611a0cf205aab091f752c392b4853324084b1964fe4ac9787ede201a3fdf9bd36","seedS":"172a879f102a34446325172051cb121e290dacc3bd3897b9ab6b3786d0420fe8930656880833c138741a832a77d189691f99e552abece51a","seedE":"9621d7215e126919cc411c4c86f01c4d908c84ae4070837ec11bce3c23c461fd8d7b384b594b9f5411e2cd74c3a9d0be861712aca56a8ef6","skRm":"eb502cc60ebd6d89fc0126c567d56c33f61a39ca0f2a0d99d886a96c0484cc1ff1b92ae9e6f67675cf1bd3fc7496881fd95872d6d0227d67","skSm":"3e9d07b931a12615cfd8b8a222480bc162b859f59680a999a2ab7f36d3b36b5404e351f32249099009c4f60c73561fba3d918aad25ca30e6","skEm":"92865ef161138538a32e3b6676c3ce4906b2f9bf00428c111f46c444356304191ba0e680331c457bef57fbeeeb41df5a5646ba48f4858c84","pkRm":"fdcc36d264b3c68ebd31a53870d0b2c2753725956c8331eccde724e4e512f4e82a92571e8d9eee13ec2d1b1c67f9371500f7a4bb71f80044","pkSm":"a7a593874786a526cf708de60e03a3e90d154d46c38f04c2175472de7e1a3eaebfb4d75a256cbd7c7792add79abdfe75c56c2b00b1a6b979","pkEm":"94def812e8c05921542c0f4fe1bf5960b5dff92abd54620e8cc4eebe9286c448da6487d04aaf2b964d313abbb4985512084bf4f2a3fa6db0","enc":"94def812e8c05921542c0f4fe1bf5960b5dff92abd54620e8cc4eebe9286c448da6487d04aaf2b964d313abbb4985512084bf4f2a3fa6db0","zz":"1a6781034b60c3177587647a0548e44e9c124b7e1b02ebded8e88b38babb7bba5426fe2ee745acf9178f218a16c4f950dd342813eeb3d51e315396c50d85119c","keyScheduleContext":"027e0e27c7aee65742769bf5c88d4b95fd21824f42f56de09e58353e72bc1fa178f539b8e83a13cbcf27ce9d52f7006c6c9ba283cccda6c13363264465f55edcd0","secret":"5a9170ff5bcc4f1dce2ae2c436e6254c3f01ad2d6ab2a786f80c9278d9e34e9a","key":"2dc9846c02871cd70f268f98aa091b08","nonce":"7cb471b604d72c9c8c718680","exporterSecret":"b7ffd885b6962970bcdcc60a83dca3e4ec41fac8c712d8bac28fd820eef204bf","encryptions":[{"aad":"436f756e742d30","ciphertext":"a9f117c16874ea96cf492524092574d88f3081925286cbe459a81186b9b2f9507066fa9d84468b956df376fb87","nonce":"7cb471b604d72c9c8c718680","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d040072ffd3b06764deecc2cc99240d5b7fb4c2878587c879d10f10e6da1ddf57b27efccc50720eac0ac5cd680","nonce":"7cb471b604d72c9c8c718681","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"98b949e840b371138aa0b35f734692179510bdd903f31c057dc9792d06238c9710c86e8fe903aee48f1387e989","nonce":"7cb471b604d72c9c8c718682","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9e318c3314ba58e90414547927e6430efa240e817e7fd0f11e36f6bb79bf60f180cb29004abc869256dc004ae5","nonce":"7cb471b604d72c9c8c718683","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"45aa09fede5f6b68574ae6939263a84f1c23a70a24ac2280a539d4c38e292307e1648e2075cfd8bf689a213af6","nonce":"7cb471b604d72c9c8c718684","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"edbbb3a3c36714cd19f21d954880fdcbe109856a1b6c6042e95ab5602e156bfe8cb92902b6041216983ffc47fc","nonce":"7cb471b604d72c9c8c718685","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"d8f5266d8198056d3167dfd2e4d3dea7be6cfc7fd6ca52e9231343ecab9adfd4c6875e82c84161147d3c68da24","nonce":"7cb471b604d72c9c8c718686","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"efda1b9de28c429fb458527bc470edcb2463ff537ad2bf1702aa5294cf796bcbd0679e3ef8fe0c330530d7faa0","nonce":"7cb471b604d72c9c8c718687","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"60afadffa39c3f19972b47ba3b24b5c4b08456b7e2f6fd56601a5d12c4c209406e0e5ef7e824a3421c655fd166","nonce":"7cb471b604d72c9c8c718688","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"bd57b3027e81c5bd26d776ce3caa55018c1b8c7415481b9a05c0f588f68e5a6918c2695b6d0fde4453d07741f6","nonce":"7cb471b604d72c9c8c718689","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f7a47d8d6ed95d073a4ce1ad6a9b5b012c7ba723df26081df235f4b4fcb6ec92"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"eb0fa8bbf095ead0b4c77c10238f01c63b4115d1f8fdee9899a9d67ffccf6cac"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9e9b91eb85d21533349f87dc76c7924ca27db54a95db80f1b61348ccca8162fe"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"8244da406b1053fbe4564479030f290062b01301c00a1dbc2ef0f1e9b425f2b8"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e4b64a1ea189c07d8233dc0ded2c7c202c16a955567e67db8388f3d8ee3984fa"}]},{"mode":3,"kemID":33,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"cf1661d2775ba93695f16b65742a78b0109748ff6cdb45f25930e32925a67121bd90b13d3e6a24cae8b80f0a1542a78673109db287828f1c","seedS":"1ba123ee5181aa1cc2e3bd44810a3f6c3c6c84a93e6f1b987abb64ce5d45595725281ed4c9d17d22baf3e24e4845b3a9826b4fb3536ef645","seedE":"3a356e9c74b0d4be25c20ea42b0509a94f0dec3b4c63142353bc8e7d95f1d367d2f1534fc1273df70164ddf7454550a1414df924ec0446c8","skRm":"45e8e4467d16d6521db4a938a3c7f4d9180935da0223e6f5b42434162f0a2cf8bc6c4db4c0a97f0217377870ff1b4d7e96ab6e150939beac","skSm":"b270d3ff5cf33d1bdafa0c9f9ac75e4a198bbf33beff67e66cdcb081cd038e99c5746202bced3e3be9a820f0fe3132d5cd340d80e3d2d3bd","skEm":"d84d2cebf7514702364d6fc492e59bf09058ddb8613c764ccb899f1e955b45c4b16d41aad260c6aa0d2a130e91600cf891875b99a0ea0d1e","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"22adce195d3aa7202df9a7a41ef1b1a999ef02aa5de27d945a4c0848860b8d1df804a56dc9f824308ac4da81e9236551980c11415723227c","pkSm":"b2be308b373cd0c317142cbe31d249c53dfa1374d88fb7b195f5978d46c7fa4fba8b02ea3edf02fdeb0a3b85e934f0ec2fef415de5e8c377","pkEm":"7e9d954b5b74bf02bd383274a4583c52da1abde51660c2360c2df18fd38c59058f0a3872ff2444d6df49a4edcc5c6205ccd92dde1e827fbb","enc":"7e9d954b5b74bf02bd383274a4583c52da1abde51660c2360c2df18fd38c59058f0a3872ff2444d6df49a4edcc5c6205ccd92dde1e827fbb","zz":"66650a6316bdbec65af97b50b483f873f63c328a003e68fc1d8568946597e0552bd1423db8deec744b5548dcae5148f8cc65bb406cd49f68572a69e8e5bacdf0","keyScheduleContext":"0357e59caafa16d233eaeac1b30c7b02527c88ed306aa4a9d02e190172f1b7d4fef539b8e83a13cbcf27ce9d52f7006c6c9ba283cccda6c13363264465f55edcd0","secret":"d5295270c61a380b7f764c4e3584993b7b872d4e1a072ffaecee3cfe86fb7300","key":"3fc8c08303c5b3f192a545a5916713f0","nonce":"47c5250cfef16da851783fcb","exporterSecret":"daf3832ca34314c13f40fe7d831f4cd2343f0d29e2f34ba1ff44a1a43aeeca96","encryptions":[{"aad":"436f756e742d30","ciphertext":"97d8f34d7f2a5a8470233d2ef1ea8a4951425922972043b7ab72ffc61f17f3451e8ff16e6d6c8870495e6b53fa","nonce":"47c5250cfef16da851783fcb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"1062f535cdd373f44b365d8f2fcc1c4c17eb73ad5b1047702dfcfb168bf1d564a5aa2bf7545e2f5357f42d0f8c","nonce":"47c5250cfef16da851783fca","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"967219f01c8713f0d9573538ff46fbc81467e2e442fef2eb0fffbe201de10e41041acbb7b44b051c9982866087","nonce":"47c5250cfef16da851783fc9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"576b38ffc7aa2b870d89e226da0f7f6267ef6c82c19b81182d497f4e2e7ecf1a8ec762980169bb12b8b8c538c4","nonce":"47c5250cfef16da851783fc8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"748b36c90ade8aa60e17cda2fbc4f219913bdae33863023339dcdcb6f0f749deb3bdad30d9c1150deb4033e552","nonce":"47c5250cfef16da851783fcf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"9e52ffa2f236afaafc4150b89ca0ae6eb2a2f738837a9c632cda89495f470380f59d19a6b866a67b3250ccaeee","nonce":"47c5250cfef16da851783fce","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"f86b2acf3345bcb33de6d9617a3859171539e375b7126f7ff795675a806b458ef2cd8857f031a2d3c886f36455","nonce":"47c5250cfef16da851783fcd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"9fbb13ed0619300520681b562bcd655c97b5bedb4d01a9bd077d938ebfcbe3f307c82d71e6d7298fdb75dbf88e","nonce":"47c5250cfef16da851783fcc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d4afe074236f753e762e11c444f447c30bda01f3018f295875d60479c32e8c274c90c5c6438000e27cc7250120","nonce":"47c5250cfef16da851783fc3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0cca5d42b16a880d8ba88a96f2d1fd3608f2ca50bfaad5de5969010753586a259947c3f7cf4b07c97e3c4a514b","nonce":"47c5250cfef16da851783fc2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5fc9abbb87e2213c4404c1c689539dbfe1d914b262e39ac9c52e20d881ab2e98"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"819633d7477ed2c92655ed0434e8ab36bfb8aceadff30d020d910a93e9d32574"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"c57293b41469352cf6356f646dc2c7e7ecba6843b20ba0cdbc2d510a2e1f6f5d"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c31276a53f731e17a16ec1bad1c2455547aaa892241b4e46fffa6dd23e6c40a4"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"1ad9cec5b1bfb5cd91fab2cd9e5f7fd577f09c6685afd8dfe4ea94b761369cc1"}]},{"mode":0,"kemID":33,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"8edcd666400d6b5e9269cb29cce03b5fbf64fde5f4eff8d08ec94ea2fa58164c650a29e6b4dfc2a30b52b1a85246d9942252bd4147649868","seedE":"7cb2ee2c70e19dfcc0c356aff100893b5663411ea3987660255f3560892eca91b78e82737da6ab0dafb7807d7eef19f1d78e4a9d611fcb91","skRm":"ae955f68150f127c27279ec812e56269a6bc0793700b29e18b11ede48f0c9b697a60f1bfef35b7c992a9add47d44c13faa301725d3f12697","skEm":"3c51d512fc58af4f357dc7c4cd18fadd66d7875bf1fcf3649385f2812eebd55bbe72658fb1f4baa1b4c2c7b1635a74f8d5a866c4424ea1ac","pkRm":"6be19f510a66b27e46f75df5272aa519cd25a1b5fac36460c64f5479a46a73782b8c5899ca0126ec695b763fa172f1b3cb4b81e1fdfa0e30","pkEm":"7be9b718ed33ab6c5af42174a6ed656235203cb4e4dc3fcec1915504c17d013d64a6fcaabc212f2f03ee88af684fb7f34704c5d486578ebb","enc":"7be9b718ed33ab6c5af42174a6ed656235203cb4e4dc3fcec1915504c17d013d64a6fcaabc212f2f03ee88af684fb7f34704c5d486578ebb","zz":"327cb25a3ab6eb409ccaeaf838dc63f8d5233acdf37409f60026772baf954b89f6c84028d08c4fb7c43d01893ecad1969abb9efdb938cea23dd4c0dde688d5a1","keyScheduleContext":"007e0e27c7aee65742769bf5c88d4b95fd21824f42f56de09e58353e72bc1fa178f539b8e83a13cbcf27ce9d52f7006c6c9ba283cccda6c13363264465f55edcd0","secret":"f5fdfc9b01412eb6913c2deffe708a5c1b8ab4d09f7f5d8869c98fb2d9ec9daf","key":"d8324ad0a439db4cf1061f5c0d7f203c","nonce":"2735f4643131145ffb9cbc5c","exporterSecret":"867843377cc0be9f876ba133ded25446c95d7548dd5880599b4c7fe6710f2ac4","encryptions":[{"aad":"436f756e742d30","ciphertext":"816561bed785826076ccf84a2ec7380e75d0025b35dd6f419a03e98d33c7ac333266083ce36aa6c7ed80c96efd","nonce":"2735f4643131145ffb9cbc5c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"065c64368a7a43392f662de73af9ba07fce6c624d263f9ef1729543f93f0e2a346cefb15b196a1abd3d8ea0087","nonce":"2735f4643131145ffb9cbc5d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"eb8ce98f859c630b77882232649c1a71dc8fdd7c18caf696c3182ea82f149ee217ba27c3329fb93ed2d606d50b","nonce":"2735f4643131145ffb9cbc5e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"bdbeca234fbe1158f5d8b6006d644cbf39d70dc15ce9e6aab88a9d1a7676508c0152fd456d6f903c34fe09639e","nonce":"2735f4643131145ffb9cbc5f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"9be810fd601eed5ec5713762a92633ed5121ebd2d9d94f006f783e91e8d9c18db457a9b99f4e82223e1ef2908c","nonce":"2735f4643131145ffb9cbc58","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"ea2a6fbcaf73cbb60352ca7f87b4440e949f0a4626e33dc2de74a46fcea07dfc54de21ee59cc120f6a46c766c9","nonce":"2735f4643131145ffb9cbc59","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"05a1a0db14d5e59f96ce5ee271474eb6dfc1ce55e5d9ba62601e11be39ccb96896af4236c71361e6d8c757eb2a","nonce":"2735f4643131145ffb9cbc5a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"cf91f6f3ca81d9920511464bd1ba6ed8615f41ef2050bee40c0a2f7aadf97c791d97ae388d81e3ec364af52890","nonce":"2735f4643131145ffb9cbc5b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"57994faa5df99f6a2871fd9599b00b1ce64aeeff10b058b395521cb6efb6ac4cebbfe7d78ef2ac2bc993d6d8ea","nonce":"2735f4643131145ffb9cbc54","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"809730a5fee3f7846bf45f0b8a318c3faee45b4da1e37a9622dfdc2a3361a0e5c9381c4dfa7e71fee4fe7dc18c","nonce":"2735f4643131145ffb9cbc55","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5650bd5ad95b7b210538840f952afe844d7944851b0eabfe29759d32c829bf17"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"136b4f4f24448d25f88c673e542f723710c15fde5f09f3b55a248adfa8433c3d"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"6d2d89908482a09f6d7cd9afc004e86715de8595ef7662491c39578fb5e1f903"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b6f3844b5285276d3091ee17473d68d4a781330b9324ad6cd58ae7ddd16e1f50"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"2f9051954ee50703f31d9d2af3fe404fe0cbf7df081c2028b41181f1a2af0b81"}]},{"mode":1,"kemID":33,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"69641395e93e4e6dfa9fcc0fcc8db66b16bf0bf247a987fa628d4c792b0853281b54203fba7afce7c1edce169cbf25c35c82c3acd1678dfc","seedE":"a3e0f1cd7562fed669e5803287039f864fe6bae0017ebfd29bdca555057a32a941b74d7d9cb521c4fb2cda508301cc225b8b192219a67b37","skRm":"54a255b1b3c70680200a63e6ded2559b12e521bc4c39d7fd47d62c9f3233501c4e7699613c4ae0a0ee95a73d037468df5eb61a649e989f40","skEm":"2b24a3c25e559a3814c8100a5170a2a5c3a1f251a64fa6ad3b2ab18da8f3199c9ef1d44d227c3ec50aa470897634407084751fe7205e3763","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"c393216afc3686ff9856048e308f208c1f52e6acd870d2b13678fd48e3637eed5e1aa5a1c67c25293c673ce8b18a9d29c968719110030152","pkEm":"383e49ff0561d1774a23ce0780acec63b8153e483c91bb57f91fa9a9c94876078d2386e76a630307cd21897488a13194b85e70daee8e9937","enc":"383e49ff0561d1774a23ce0780acec63b8153e483c91bb57f91fa9a9c94876078d2386e76a630307cd21897488a13194b85e70daee8e9937","zz":"47b0496dd0871de3bab8f67df0483de0a9899254d74106a24608f60c2822e87b5d8a78b17e1d9ec6b6ab41fa3d9939551c01b87044b3a69c8a7bf894cd8ff7c7","keyScheduleContext":"0157e59caafa16d233eaeac1b30c7b02527c88ed306aa4a9d02e190172f1b7d4fef539b8e83a13cbcf27ce9d52f7006c6c9ba283cccda6c13363264465f55edcd0","secret":"1fce183ff63d63eeaa97a2a9df312abace4942b8a54838361108f300f2fc1f48","key":"9607006d7c898d63101f3d7643b2efa6","nonce":"d8b02b95e65ab82cd71a63ce","exporterSecret":"ff4aa0cee06918cea3e98dbf62e9156ad55462a887342ac3c625c4c5bde4b71b","encryptions":[{"aad":"436f756e742d30","ciphertext":"a17a4de88a9689ba8ecaf78624c4aa23c0764c704719e5d1f49e884ce880927a91ddd21970e9761da8348db3bb","nonce":"d8b02b95e65ab82cd71a63ce","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"64bfba53a8df09932001d8fcd08fb37dc75be7632f5dd59e3a3ef65c0b9852d583df5df715427c19f29514c3d9","nonce":"d8b02b95e65ab82cd71a63cf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"76194aa831f06a18c5df8e7fc3a0bb4ecb169254d858ea73bea4d81a387f7d40ead2ed34a104e02354a93d7115","nonce":"d8b02b95e65ab82cd71a63cc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"e6a87b0a5dbc765f7cdd3dcb94d3300994ce1aa17ffa39f084c4589a637e2850192f266c839dae778f6c065c3e","nonce":"d8b02b95e65ab82cd71a63cd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"8609cddcac178a8f7eb5f1d3a3411cb140731894b8c3cb7f3c8220d6e58fb92a3a446a67169d156f8912ae2e07","nonce":"d8b02b95e65ab82cd71a63ca","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"5cdba97e539768e8c9974a8893abea49fc53084265f88d7e97c5b052a166ce5200678a7ca286931ef0b8914dac","nonce":"d8b02b95e65ab82cd71a63cb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"c3e17a7ebd5cf04381528c1e717547196e2e7051dd9a097db6b7b35f9988ab6c42c8bab8f6158f6aaafaff2d1d","nonce":"d8b02b95e65ab82cd71a63c8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"a95ed161d49bd3a02f79b97dc30dcbc60665e3d9466f896b9b3e50db7d30b904414054ac8e70b59e133404e0d5","nonce":"d8b02b95e65ab82cd71a63c9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"432decd9cbacf9f79106c6e833e7e9b8fb258022a285b937bb2fb83a0049b86b3e003cb12cb5abbd74e823f219","nonce":"d8b02b95e65ab82cd71a63c6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a8ed6c79ba32d02ab3326cc4321910761da4388bb2ca5b5a9fe995bcc831a0e7617e8547821be19f52caae533b","nonce":"d8b02b95e65ab82cd71a63c7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5c89df3b86c1a3cf617201fe57c6e79f13f677e040629de6a6cc92a118ed49e5"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"5e54c8dc88123fc61e2f08a95696e8b2e0f605b47a5682f74caaa39aad99ea1e"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"13821ce03f668205549db46ee19c4186cb036657f2f1019fd7cb4581a5b08e82"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"a4740a09894acf1031698b774b48869adc4c05d03553be2bfa3ab8de025051a4"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ace58796ae5d42a4b444fdf2ebc863a0d80ce33e7d183b709ac785745c9f1cb0"}]},{"mode":0,"kemID":33,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"f9ca9b32d4d4db615f08836b2b528841f05a59641a3025fa45d69d049a378c123cc79d722d4af61c188ad83a01b7f4bc5f1891bae54d0e89","seedE":"fcca6625edc4ebe92161540cc9374a37da066d042f522dabf503748429e8d63a8c669b8d40829f7690746cb8532aee098ced5e4ee32c42c8","skRm":"cc158467389a8a8fcebd534eefa301116d0f00039187a4ddb88eec53016d998d630fb6b50668008068cad08d7d142a5f48a52b0937740062","skEm":"57afa525666898d2db99a54ad6a0921b05da896e97fd20b5739af4936533cdac60998e7f82834868f8927ce2be86462e1a2c2fecb5003bad","pkRm":"bb5a4642a129b35dc0fd6fe4a2a0052c2cc93c44b9a4e85493623925330847d7934d5a845fec10c978b6ae4823df1f6fca000db799439349","pkEm":"9833622ebbb5e9ab68e8dd90c5636957bac46a74e00d562ce170ee115ab56171912dd32b43ac810b13cc6f2e297604a1dce8ef0b8856baca","enc":"9833622ebbb5e9ab68e8dd90c5636957bac46a74e00d562ce170ee115ab56171912dd32b43ac810b13cc6f2e297604a1dce8ef0b8856baca","zz":"8d85a667a4eb8e37c51ac9ea3054e948180482b4375e7ea119b8580a579875fca652cb4a7f154e2299f4eeac37b14b7823a5064885557cb8a7b912d83d2668b5","keyScheduleContext":"00b38e206cfe3cafaea8dfeb1220e61937e3507ef4155116425c4a14369caec2b5fc81b834fdc6d841cc3b65d8b12cb4caca26b99e5f144b1a7f39b7fe8b4538c9","secret":"07ce57e238c95d80244f9f070e6f171f2278a93b4794b11daca79534327c689e","key":"ebf4ca9ed9c85893b0f062a4bcf97f3653d8969710a097ab469c429e7c1fe262","nonce":"f9a6117a0f6a165b9d934cf1","exporterSecret":"db9d6de5fb2077baf1916bc8a4e0ba1299bd79acbfe445b99776c2394b1cc1d1","encryptions":[{"aad":"436f756e742d30","ciphertext":"c51a2b634d30029e9b64942a6d7c32f3c7de57c2f0bdbd066dac0f861b2d8049fe3658c79894a821b07326f6a1","nonce":"f9a6117a0f6a165b9d934cf1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"752aacc1927fb5280e3c7cff965ca2af627261335c32e805c3814ca9868341731810271d045e8c311801294506","nonce":"f9a6117a0f6a165b9d934cf0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"5820ee983d01737af97cd33a09bcddd2b6963a07dbcf601a85dae418d14e86c69d526eff309418ae9eab2cee23","nonce":"f9a6117a0f6a165b9d934cf3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ae09510913b1111e0b4ecd51ce1bf5738f70da5fa758feb865653f5315a46c1990a1dcba6e4acad8b8cc0f0bf9","nonce":"f9a6117a0f6a165b9d934cf2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"142df106eec5ac8ccf0c57049117dfad3df20339b479d4adf2fde7522936e8fdbb6d8f79e6b5e59c2a71d45bea","nonce":"f9a6117a0f6a165b9d934cf5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"4d68d32a15eb3eb4435ff027d61ac11e4321082752f3de4972092242be8ce8e2370b19e84564971b5c7934a6ee","nonce":"f9a6117a0f6a165b9d934cf4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"14cffed087fd8de09fd8d2b7f9062662baba0f62ec10b974d98a54046198e3f7feee00c133e4e9c333fbb550ea","nonce":"f9a6117a0f6a165b9d934cf7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"3316b1e5235aa25c31b429b8dd8d8799a533c2a8dc3a49f5ef95b44e4259394e316f35c3d56ac81862e80700f3","nonce":"f9a6117a0f6a165b9d934cf6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"eba3afd8ced691f532026099ac78ad118c38433efbc0b95e122d7d15766aef433e983b063d5c645d956eabd6ef","nonce":"f9a6117a0f6a165b9d934cf9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e1a9ff68e523db3e5a36f14b5e5e6be519dd5a699267ca74ff73ce76aa4c6045b5565aa1da4ae12e140b9656c0","nonce":"f9a6117a0f6a165b9d934cf8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"b29f55453584032fbd8939dd157bd74acdcb84b079f1dca338a0f4243c55d633"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"cf2e1f285ffb2f586288da491fbfe97581020704e13b17ca0e49a2c51dded126"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"ec08e527cbe5774df47108b454cd73c39a2074eda89cee7d78d5377aab7f6682"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"3fcb8083051fcec610a4f7711dc8392b9bab8f8c7b28633455a08ad686d3c751"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5565ddb58ed0ee9e31c3fee42ab038c48aa95e87a50786852ca8055fbd3e3b24"}]},{"mode":1,"kemID":33,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"e72364f9f50ff5166fecba5a2579499e64c71e5482090b1af568e59681184302b237f7c13fd24086d61a638801ed71ce2677ce23f7682edd","seedE":"3a3cab77c67b2ad868cb884f94c26c555f7adc8e9909abcc50605b412796172ccb3b8d822b244501be9e8a50ee4bbdffc3b7146a57b8742a","skRm":"8fd8485d33ee886ff2f4f58030b49f8d4de55ef17ac543dcc217a2b07d52aef75bcc2eae1fdb07623b288e81cae4020e6664e33f5a58e1c5","skEm":"132b4bb87cdc878586dda138d93349bb92bad8eaa064975f5fb2bff136b175e171d9fe9b4d47be58512f928619879f907c6b354064f16bd5","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"9722cdd22bcda32643199a1f3d9c1ec91106e1dcc0fc3189aa09054b9b3f7a36ecbf852cd5a6888d424311ecc5190b50bbf81b10a35ca1a4","pkEm":"b0ce852601625fe07c9d8aa251977bec59d646e38db54667afd7cc94c4920ffea0929c4ac3933087d9783166fb3f081813c9823a465579d7","enc":"b0ce852601625fe07c9d8aa251977bec59d646e38db54667afd7cc94c4920ffea0929c4ac3933087d9783166fb3f081813c9823a465579d7","zz":"9846630546acf820dbff68bcbdbddfc841007a4dd80f59a3fd5422773f1a9a2543164bd908ec6deb21f7c7c3db9f888338c287afe2bf4f4aab0794709393a879","keyScheduleContext":"0110921bed02defbdaf22418db3c0caa69dcf1788c1bf432939fa47f0ac7951aa6fc81b834fdc6d841cc3b65d8b12cb4caca26b99e5f144b1a7f39b7fe8b4538c9","secret":"f38f4f68d5fb83787fa9b79b96c746857fe97ed3f03dcf2d48a5343d851518f9","key":"c5bcf142efcae0e9c0023d9695c8c3cc562f708c9be3269f86fcdf572aef49c5","nonce":"5d6ae9dbd546e0bd13e23cf5","exporterSecret":"c1725b848cd3b098e6938316fe789645d1c7bd7f6f4394be1cc3f24f5c116d64","encryptions":[{"aad":"436f756e742d30","ciphertext":"b9eb1ce2d8ec15062eb30cdcc04de58726cdc972cddac6b862a6089c09cced1e999984cd99cc0f4a98ae5ec483","nonce":"5d6ae9dbd546e0bd13e23cf5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"4438d65d8b00838e568737dd20337fe7aed17f8cdd69f745781b864710da61350e7ad6142d52ab4bca14e18ad9","nonce":"5d6ae9dbd546e0bd13e23cf4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"953ee96156080270a73ee9bbfa1444d491594524d8b70a078d6c7b4edcdbee07b55a22f853c36dd1aeb200835e","nonce":"5d6ae9dbd546e0bd13e23cf7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"f55a63ede99957b50d87f04405df1142034c5e0be7fd78df0fd7c34850a7473e3cd470d5199dd0caf19e4dc971","nonce":"5d6ae9dbd546e0bd13e23cf6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"f5b5833fa526743e6bf9c6ebe70c8d116c4ff36845c5161a32ce20ce3b43c113ed83333819290f1db17cacc876","nonce":"5d6ae9dbd546e0bd13e23cf1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"a964720835f90a8edb6eb3d572af308ef3394e808d8331bd143c0dd3f0b262e8a5b4fb3f2eb8637971c1587b02","nonce":"5d6ae9dbd546e0bd13e23cf0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"674171084e5bdb9999bfade9287aae24e394b619de4dee7c0ccb16356c24c53070c64417a8c147f2aa3f86439e","nonce":"5d6ae9dbd546e0bd13e23cf3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"10008e5b71813275d66fba831c53e26807950bfd2137f5c62aaae90344be35e73eee6822869da6518fd55bdb2c","nonce":"5d6ae9dbd546e0bd13e23cf2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a569798e5417ac60dbbbd1aba5f5a81ac5e20921afdc245ba5a0e3c3c63904d009acba4244851fca120917964a","nonce":"5d6ae9dbd546e0bd13e23cfd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e7778d3617ff61ee49bc9de09f9370f47a81acab5c22ffd233629467befede7e549d7a23b6cba8054caaf2a78e","nonce":"5d6ae9dbd546e0bd13e23cfc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5b0a2d6095700c6084fdd3d06ff3537bda19d9ca52340b5d4269b8b59342b27f"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"b6b3685a3453d2a0ff2f9102011666d167f72edc945df8a724f403c88148f117"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9440dbb41c86e5d5172814e91a782502cbd3ae51ab4ea5fd914d9e919f6419a1"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"de1e99f297db6d52b009c8b16a0a407146b585162f7659bac5783b6de8c378ea"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"3da601952bd6986b03e2a25ea7ffd2d307d7036aadbebf0ca89b5cc4e19661f1"}]},{"mode":2,"kemID":33,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"18c09622e6548eb90b7fe99789ed09b45dc572fe38a966eac41ced50160d6b8e4b57050c67366ffb014a43cf012e05e8af1b3e719d7c0c05","seedS":"948456acdd8a786281bd002cdb6c82f2db8d832a19906923faec7abbfc8ae20f0f672676eea62623cd5ee51d0d3d5bdee8cde0bd9fda63e3","seedE":"8150d19bc28035c3b36ee33044efbd11cd96bf558b474e7157657dcc12415371c05ae0478fd4d4532e1691cddd1d25baec7386eab24a2511","skRm":"60a4eca26015269ad83aa0539554e6976b05cce6745c08da3808e070b90532af5f9966cd631bde1c133a24182925ae134b3194aaf3f52ca5","skSm":"1c290b350421d173866047521d123506d57a600c5917e5abd919b0fefe6b38c590321563039d71fc3daabb74ff76aadc257423c3770f32f9","skEm":"efb367b5ce8f0c03bd07b3246a4592ec3020c4718181f3dabb3b4aa6a366f86d3e2a6ff6266100652bdd9469d38591f628f6131d08dd3f80","pkRm":"a4278e311128e67dcd0bdfbc4b420f2aef87999e189d96343703d91f478524d995f0562b5dc22c8e71bf56960dfd6bec1215086d732afc10","pkSm":"178c698534c71ad9b30d74a8310595c10c916812f22f324766e660ea66320b82790c542123a9511c24d756b37c3f1a241e88d5b76a0641a7","pkEm":"06c018aa6d66fe5e8554babab09db9a328a2caea4ecdebb5ccac99c9847b0058705a337b2d8764aa7149b55c135cbcc21c85fc0f9f36c782","enc":"06c018aa6d66fe5e8554babab09db9a328a2caea4ecdebb5ccac99c9847b0058705a337b2d8764aa7149b55c135cbcc21c85fc0f9f36c782","zz":"77d0c1d1eff9e31747773bcf27eeafcd9d1c98728fcf3d3a1f6e773f1e6a3c1637f7e587a766090d0dbeb6850b53aa9e2f0c13d100c1d09f692e8d4d54d46fdb","keyScheduleContext":"02b38e206cfe3cafaea8dfeb1220e61937e3507ef4155116425c4a14369caec2b5fc81b834fdc6d841cc3b65d8b12cb4caca26b99e5f144b1a7f39b7fe8b4538c9","secret":"c2ac8abeaeb9827f559bae8b31eda0df2cc68ab8fa1e6c87c451a7b42e493341","key":"9a9d9a30fb24d4b247384369335645f8a13bfcea603ca766a8ab52678e175f23","nonce":"05ce87b7ec111f95918f4204","exporterSecret":"768e0008029ec0ea0ad4fd38b11b42f5d10e595e49ceff014f189352757d5294","encryptions":[{"aad":"436f756e742d30","ciphertext":"2217590136ad642947a6f8bbd57d9ffa2aa6ce01b4deb4799ee6ee07ad717a615706e7af4e3d42a4ced6a66ef2","nonce":"05ce87b7ec111f95918f4204","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"bdb26127917209d8a0952a6482186ce8316f36040079b337b25fa3061b99bf4a97b4cd547317d922a40d7fb98b","nonce":"05ce87b7ec111f95918f4205","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"42660383cc3605586362884991acd7a4bf533454ee1d267909cbb2676cf3de9097ad414ecd90c7627451c5a020","nonce":"05ce87b7ec111f95918f4206","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c9bb5088479d4f70ae5aab25bbb579cfba0935247a14ac6ffd6a3da1a0d3583e6cd6c7e900c1badd0f5509e07e","nonce":"05ce87b7ec111f95918f4207","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"7b50cb8a6de12499025e91518e76898af0d2717bc629d14420d4f3bfa60e644ed076859b29269d7ec9b092fd43","nonce":"05ce87b7ec111f95918f4200","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"6c810ccb09880427021701ec636cead370dca29676a0c613bf9c944ca18d6891bc6f0a52038838034de1d43f18","nonce":"05ce87b7ec111f95918f4201","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ceb770c04722c7b67d50e09c169e77a62283288b3d3c55a1cc10ba1425b93ae1468bd9f1755d9480510a1b3cdd","nonce":"05ce87b7ec111f95918f4202","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"07ce33b7e74dc3282e54b83053890a6e038986cf31913366930766a324c2126bbe2acec8821f6365b76b9236f9","nonce":"05ce87b7ec111f95918f4203","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"fa6e932153939b97cd3d7ab7aee7f1f57a628a3db83bbae4e01629be72f0cab7a0907d62e784cd317774ef0017","nonce":"05ce87b7ec111f95918f420c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"b2e7de448cdf6f1d48f3a9cfd3c7a418dd8153baaa8d4efe4eef91e55ce4610481265670fd5df29e8769a906bd","nonce":"05ce87b7ec111f95918f420d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"d761f2981e17f03beac3b03b135b1dca4e6756c9865a9360c916d74e4ae9fc5e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"410b498367d8e34ea96356bc5e60f3d25f38ad0e8847e01eec3c0e7aec3f23ab"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"f72a5a36aa804d282f4bedd7c0da1c7d437ebc1fc7317150e43af62e1117d389"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"6b601a9d2cf035a9f106a6a1137eb0fe1e49f437abd1d60e8aaa0caf2d5548c1"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"137b8a29cb1b8bab38fded49d08a0d4251c0da8a5e4303be169e704588a12518"}]},{"mode":3,"kemID":33,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"71063a5cef2e697e3c99bf86c483220f74b6f1b12ccc29aa511b09824d929751e6fd016427fd2ce89b9ce16df675e0ece68a96144d524ca5","seedS":"d5004164ecef8546acd392bf7ec8c721151861f1dff517612c7f86f54f63f7faac6b75977994601d9f2a870cd1f861cb3530103c415cdfcc","seedE":"f4902129a7b9595e72fc8d80cae254c4ef43d633282f55241694c76d4a99d48c403379d232706a9500301f05b59d01788898c35f1b1d562c","skRm":"84b3d877a7e4b8e12c4b1b429d8067fbfa89b7964ea5f68a05090a4413d889f0b1037b430a8390a84c49005a00984dec1bebc5fef1d88ac2","skSm":"4a4acb8e8cccbd7cca49efe5f99bf2bb99a7e8219cdaef4d5d37d80aabc7ac93c505d6aba218b24531b704774c61e5e95d9e6c6c8314db7b","skEm":"6fc37551bff6f4096b63ed7d62f81b448579104a83700b680e83b5eeb3f7ebe2dc26615024109a497490369b6e8a704b7550431d580b937e","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"165e1c20fe05f1d17dc1ca90a78c46b6e1db4dc85a0534917241ddb73e6f33209cb0e7f655df53c03a8faa2e133a8f6805d2bb5b9d27e740","pkSm":"0cca5699dacd2aac547f732608e7715d848b9ea165d0b6696f03d37a6a495cb5974b01f3c4e3415bfbe4e13ed40dfdfa183b7d0e322a17af","pkEm":"f4f65f4d58230ae0b8fca259721c5e0bf2159a5f9c03b1f0e3414ac7ef0090036332b5fba9503aa0939fa27af4d3649eb5a1f3f0294bc970","enc":"f4f65f4d58230ae0b8fca259721c5e0bf2159a5f9c03b1f0e3414ac7ef0090036332b5fba9503aa0939fa27af4d3649eb5a1f3f0294bc970","zz":"b5880e1388594737a5faa2c7161a34346823252b8db0fc618e7bdb6cd18b508da048829ac1b9d88b56da5276fc9ffebc29441589916156c6bca59944d03090c3","keyScheduleContext":"0310921bed02defbdaf22418db3c0caa69dcf1788c1bf432939fa47f0ac7951aa6fc81b834fdc6d841cc3b65d8b12cb4caca26b99e5f144b1a7f39b7fe8b4538c9","secret":"016984fad46248e0e6b5cea1228dcaa2796cb7b0ef703eb92268ce2b1f68718c","key":"92d404c1c6775a66193239cc86ceb8de4182b313df7b0d86cc96d1a85dcd665a","nonce":"67d4fb74a596c5298011e4df","exporterSecret":"f39448e4675003eccfc1b160ab6d86b41a4489ed342e69d762fb3a709a2ebed2","encryptions":[{"aad":"436f756e742d30","ciphertext":"2df0eca9b1fdafae30a5e95bb0755381590b100d9adcc3a3b2aab91497bf27f5f617475d7b702a9f02990aa3a3","nonce":"67d4fb74a596c5298011e4df","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"333772de241400004f959bc2c3787c6da654139381b00e085c414de590659ef44233a72e94548a6d6bcb9982ca","nonce":"67d4fb74a596c5298011e4de","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"08f1c522ebc52b4ff736ee3e71493eca4d8c9c8c3d12be2a3453da4ea726e018ab4182f48c103da650d5d04431","nonce":"67d4fb74a596c5298011e4dd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"73d17003e2125d96d5ba86ed88506857f999a8aa45c4523dc58d36b955b2e72e13529984635a61a06761c3bd26","nonce":"67d4fb74a596c5298011e4dc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"59753bc65e714d6c1543e7955433d1cf09dd8cd6882bd4c6a18a4bacbc838445b9ffe13e12c529496d374f61ab","nonce":"67d4fb74a596c5298011e4db","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"00131b12fa905a940193898ac83142dfd6ed5f9feada61316206a96d9f91e109a166f5773e667fd3d58bf4be9d","nonce":"67d4fb74a596c5298011e4da","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"74b8f714cfac3fdfa5fcf1412be6edf90cb28261f78cd659fdf98ab6bac18a90bd8f0ae5c209c68f5fd7bf23b5","nonce":"67d4fb74a596c5298011e4d9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"aa5642787d2ef073d0a7c8c9997d7252439030e886264bec1ba4f25f7e15c7a93d9bf4b9c48aac1de57cbb6586","nonce":"67d4fb74a596c5298011e4d8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a122ff06b1f8c4592f2ddb4e347a93671646ced8e9f13e1c1a6494ea27088a25cee43a6a917f2616d975b96bbf","nonce":"67d4fb74a596c5298011e4d7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"04a301871e16155d2748c099c4c436d54f9e9e720cd6afe0046e1bddaa2181090034cf369947935553bb22a17c","nonce":"67d4fb74a596c5298011e4d6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"ac4002641c60c47c8b6759aa385327f3e468fa434b46614427cc35f6558dad7e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"23c23e5d7ff6e3430514da6d984a898097dbb6329c1788f79a946a72c58b7bd0"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"888d30a10a65a5ebc62f269354146572de2fdf2bbf5ef04c00a53bfc01147b7f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"85454464eb4cf18f33e6ee2c1499808fdc9174eec436a3232d93b0c86125bca7"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d0b08ea6dd1f552206cf770bfe35911cab26ad75ab44a6d425fcdbc914084840"}]},{"mode":3,"kemID":33,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0228146efd4eadd1da0a12d3f66f2bbbb687f3d00d16cc2c1bc26cfe692e7254e2acab338ba891f8f5039d4f17ca1f170444a7c98285d963","seedS":"079735162b50ea7b7d626cb12acffdffd9ae3cc680ba987c0d8d196efcf4cd06689229d7db1c6603a054a1041921104cef8496eaf40789fe","seedE":"8ab4a7c237eec957bca4b79888a4f40456abb4cbbe4ec84a426c04773b5225aedb19d420a247dd83a22647e3e392f33f59ea73fd0a9126c5","skRm":"7669b46626c6b599a7fab5e630596f84c58fd9dc20a02fc8d9b72d1f3c317f1387d40070d49e8df8fa157ed0c6d415ea20cb63c1c49b9e60","skSm":"2e47a09b00fd844705af6b8378b2a17ab6a368d80798c2414a41952e3bd2bc9e673447d18fb0331e9771d7defd3b67d99e83b631867db09a","skEm":"391f7c57ed6b9f343e72279f394ce80d09a928231a9013a7fdd96f54f5361a2e59edb3c2ed54e3acf4f1bb851417aa3e6daba07894902a13","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"87e18c8ec7e63590b46e8de7ee79b359f30c9fe1d1ec074b7c4f1318bbcf77beb48808b718981630e675d74b87cdd4acf47169ea0af86ada","pkSm":"7d380c56b10af331aa2d64c206093521801407ecfb4c3c3ac3dd33a9fc511f0a4d5eca3fa6edfe8d324746c7c91befbba164ee5510248b0b","pkEm":"e1e35b13bae4430e8b41f9594877661d7a5dab4105997d804a4bbb06a6d877a7b5e6275e21d35179f84bbf7513b346be4ca60e6bc96346b9","enc":"e1e35b13bae4430e8b41f9594877661d7a5dab4105997d804a4bbb06a6d877a7b5e6275e21d35179f84bbf7513b346be4ca60e6bc96346b9","zz":"5489a3d45ea14a9591c1f047b911313af66a53796d725bcd889c6e7296a4cc34d8cd1b2ebdbc2f61c5a6a2c9bd0fe2e89fb3286f9964bd24b0e15f6b06d89ba5","keyScheduleContext":"036366463e2d52fe91d8e3cb904dc281e2654afb6d098759bb57a303710ccbcb4636c327586dfcb1023a92cfdce8dd7f6cb02f033197001ad3a1193a60376b3bfb","secret":"a58f2d928480043ed7af69411fd8ac5521d48a6552d9136a801bed712dd44710","key":"fdfa97dc53349b26ed6a0ee96954f8abbe4e56168fbd377f459d211a5f38299f","nonce":"70861ea599f0676a8943bfa4","exporterSecret":"5fe5e167c83b6a692524bf9709e2761fbcbf1168cd9f2835d4c06622254eeb40","encryptions":[{"aad":"436f756e742d30","ciphertext":"a74a7d67281a6471a74fefd7d7d34960566ee3d6f74ae79b9511948c5617d9cf11652dc0fa3370c91c7b9df995","nonce":"70861ea599f0676a8943bfa4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"0ef4cf39ecb5171ece07f171285132ba63c2fb383e5e562c5fd85d0b2b8945b4efec64ef4fe667df7b5e80fc6a","nonce":"70861ea599f0676a8943bfa5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"69545070980258cb89572f4c67f36d12953f52a6ee78155c572315f57a55c1b0f0064bdf56c9b6c2234193b658","nonce":"70861ea599f0676a8943bfa6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"4d529010cd527c085d59bb6711603889888a79127c04d0d40acb9a073c4c2d7dffcdf624bf3c95320678d32d26","nonce":"70861ea599f0676a8943bfa7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"574ad1e4e0b508cbebee14243ab3fa3dc98be157c63c94b94c320fe17d78cb20bfd01439c23971986e8efca48f","nonce":"70861ea599f0676a8943bfa0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"c6fc7e646d24956477061788777e380210a3959f0fde59e73acdffe477cb939391499b8cbb03c1da0e1fe0093a","nonce":"70861ea599f0676a8943bfa1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"10c32371c255a53ee34bcefe38e31f3b51b26bd511164a38289a83b49bbc8b6095fd787205aeaee837b85c745c","nonce":"70861ea599f0676a8943bfa2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"4e93bf37136cba6b847dc916f58f36567dc3789860b32fd4a884f40a63102cdb71603d309a2579b5b3f561885c","nonce":"70861ea599f0676a8943bfa3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"12698cd41375798400d4a4a543abc9012a9aee7527f860a74f95142036c7babcf7424510b53a1c92b08a87c15b","nonce":"70861ea599f0676a8943bfac","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ac24e3e6737f197dccd7ef04ab2e825f40c0c82100e2b9fac4f45503f95ffb4a211bc28b5c8eac2ab139b286e9","nonce":"70861ea599f0676a8943bfad","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"ddade89c3abd8f18a2484a34bd805efe7b144526da4c29648b06cfbc4d765d73"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"7eaab113c4306afd28f92f4fd2f9ddb559a77c2257612d0f68fab1fd056a3a39"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"8053737fbc3b0aab61dce1949126a0c5c110c687d25c2a38dd1dbad86740d4c7"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c54da397781644621c3f6cf33170b9cb7e201de8d060b686777a635eb4941ef9"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"069bf495aca08d6b7ed79e8d83e35098f682b660d42b5fe6d8c50ce323356807"}]},{"mode":0,"kemID":33,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"da6dfd826f5c0ce5ed0f63d43bab36dfe17eb16d5d91a58730f9d7419605ccaa0acfd8259f35bd7bd61d82eaad112bd2e77813afc538af77","seedE":"897690023f70cdd5d0ff6801e9532252ad3bcce7532c41c00eda401d72f07db46774c3c70c3fe791462f81343caa295c5e6113d5b62c847a","skRm":"cf7a99aac31a0884f051c083bdda1c3bdd2a061f5697c577d2ce287e54c179987dddb4dd7416ffd91f2c54eba79f18f0a82c2ff4e069b1dc","skEm":"f3b5ba337c5bc441cca2c472eac6e48ccaaeba192be706e80cf26d7d596a31d37346afde4eb3d898f80611fd6756643782efef4181659538","pkRm":"daa07000a59cbc48d6aa57b8254b5d861463e0dad22b69b55388421fdd5dd0370b7ec462dc0a45de7e4cde11e343e0d9ca07e75702dac852","pkEm":"212e98b2713ec94c78666c859d5a208fed622f459709621e99f949871631fe772dc79f1b81455488e100b1d31bd64c677cf145f3c0b568c3","enc":"212e98b2713ec94c78666c859d5a208fed622f459709621e99f949871631fe772dc79f1b81455488e100b1d31bd64c677cf145f3c0b568c3","zz":"4ed23bb6bf91ed217762688c0af3553297e7677ccddb95942d391e144969a98fc7856ca8e06fcc5b0085faf916870446e1090c6198bf82ddff352277d7e77963","keyScheduleContext":"00ed5b51ff9937e3c7e1f94b49824da3ac70afea7e7f89e2e212f3419880f1334f36c327586dfcb1023a92cfdce8dd7f6cb02f033197001ad3a1193a60376b3bfb","secret":"8d90962fc01d88dfbf7415d3750e4c4d732eed78b1a681b83da90bad6d9f303a","key":"35effe5844a4ee632e6e96a18da43fcdd94967faebaff7e2d12d99537dc0413b","nonce":"07679ef0620bf576f46a9059","exporterSecret":"59e9a9fd021bc373c4954ca952a58f7af881ecf4bd95d5d64394317dd2717d11","encryptions":[{"aad":"436f756e742d30","ciphertext":"03898194e6970527fcf331515b1ab8570f305f51a59d216b602704e3ee7e447f332d01c8c02397a05c69fc8958","nonce":"07679ef0620bf576f46a9059","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"96cd226c3962829a49c589a073e49b5966d645d8e564383c3492ae5b98bf6514285c0b3fd16283a98641dcd057","nonce":"07679ef0620bf576f46a9058","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"295caa70209f34a82dd02c020cadc891c3dfee86208b4859beeb6f96627f61f316019a966be33e26a9f9081c2c","nonce":"07679ef0620bf576f46a905b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"997d08022f30f339883a2c5a5d1ec0b49c7ac60169e63a1e3005f861bf5c581e664b291d1a8dee9dde0e157d20","nonce":"07679ef0620bf576f46a905a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"4baf0e4d085043b22ecdbbaea92de2822c628d1c803b4a48d058c8af0c4852d7921c83f9325e930a1b5cd378af","nonce":"07679ef0620bf576f46a905d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1fe321ada84862b956ed806a01758624a354299c5a19a80515c59a18efc16586eca08deb13d08f117aef4970a9","nonce":"07679ef0620bf576f46a905c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"57b32d78e600a40135243e25a83b90a370b42d4e55d64f47b894562a03eb03a5279c6657130f065cd975b5dd74","nonce":"07679ef0620bf576f46a905f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"9bf0a8c405946c44a97de689a372b57ed96d93250bf2887a5588848a9a583748ef7a41efacf0196ef4f1bbe1b0","nonce":"07679ef0620bf576f46a905e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8bee3f0840ef5547681bf033d578a8b2a3424655d42cb9653fefcdcabd044d3e13c1800d8bced8772cd2bc4ea8","nonce":"07679ef0620bf576f46a9051","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"da2abb17df5dcd6ad4bc574225a4ad2bef4b2af69582dba95022375641166242e0549fc8f003f72a2093515065","nonce":"07679ef0620bf576f46a9050","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"03f94a57604081d6091109e48b28fe429a1d49bd7aeae238875e5bcb87f8c159"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"dea19b635e736e517939bd58a30397ae603a9abaa2e1c492f54dfd279b1b7c89"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"d34fadabad541d865e5a7d513c094ef20f0936d8d50505134c56377ace3f1ced"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"449170a692380dbb52e4e79d54eea1a68baeca66ff9a12494c863a01a486745e"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"4e2f6a02e62b1d2e62ad758f1e0e69b8c1d217886f3c882c7b560fe1d727c64e"}]},{"mode":1,"kemID":33,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"c9a5427245463ac6be91b3f755050f1c7da1626bf23edfe04ae105e92df1e91c0e998f65a5350fa4a68971bec6176338b987453c09c67ccc","seedE":"f3989ddec15b028184f039bea5d9976a43d37fda198458d4e128a135dd074335c83c9895a75958a74d6224b30bd75ecb28479bb8fcef572b","skRm":"b3f583efc1da0e373b35b856fe455ac61418b2fafa5cf16aa93c17aa0a969bdab6b92223712644cb8661daf76bfc588323679fa7df8a1d29","skEm":"de0da484451bd6a971b6832411dc16fb0a101e52693f896f68238e2325bd320a9293c5fdfbda9428e26c1c57ded2f227d4eafc3b1b10324f","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"65ee23a8d56e23316b0f2e7f6e9eb35322f24d1cc6336d6391e3403bdcc8afb53bfd4267e3e398f147f23722fc48b63d5b2598622947d4c8","pkEm":"122239cc97ac5cfe4180f933b9660304c63ac0446e5b407c8f19104e74062e6c594b2166d7db790ee65ce5fffb7e320505391da28ea10451","enc":"122239cc97ac5cfe4180f933b9660304c63ac0446e5b407c8f19104e74062e6c594b2166d7db790ee65ce5fffb7e320505391da28ea10451","zz":"71698567c1cdefb74fdb631f10f246fe5195d7167a5ccbd328b41cae2f541f065b0ac23775ea050513c90cca0f35fa1a11cb92277d8064d7549417b9b7481ecf","keyScheduleContext":"016366463e2d52fe91d8e3cb904dc281e2654afb6d098759bb57a303710ccbcb4636c327586dfcb1023a92cfdce8dd7f6cb02f033197001ad3a1193a60376b3bfb","secret":"45702f0f06be9b99206141aad562e943d264af78062239e344ca4fdaf51fe58c","key":"bb115b4e00a25d5d8d4d1b907db993004ee4a723809fdec178a1c9cc33ab86b0","nonce":"d376afde51c7503de435970c","exporterSecret":"38fdcd4d97fa43b638461cc0c1cd8e5020393fe607aa39ec28066ab0cc517d48","encryptions":[{"aad":"436f756e742d30","ciphertext":"d8bedd9c6d78f6e7387b71353089f525a4912ed6a93ba5f943b71c67ed7183b93a463215025548b2345d703c6d","nonce":"d376afde51c7503de435970c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"5a6ae1f01cbca3e33701e10d502ab2756a4f221cce85186120db40db3a21723c081e8964e39a65bb8a515f4df8","nonce":"d376afde51c7503de435970d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"71311dd54f3a43d84ddf6af408c2939917389ac0a3b9ac55fc270746fcbef656457f9230671fb6945e8e57b2f9","nonce":"d376afde51c7503de435970e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"571456ec8e57c5a46830b1be892b6aa65a4cbcb2c52309cb22f40a1fea43d923f5a3bbdbe2981607dc2f7cc71f","nonce":"d376afde51c7503de435970f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"1ae75f8ca109dbc1d8262867da6c13401552c69bcf817fe8e3399e6b3b81a1c3bdceb41a641f2f3df34b21372e","nonce":"d376afde51c7503de4359708","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"fcb9f18f5d9c02052c94f550babf95a0e63606f157d0cb33d145ee7c2ede07e0ef862396e243e6e1060f6bcbac","nonce":"d376afde51c7503de4359709","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"2c73440a1b0b675325d94507ac5039d2443bedc1eec54e03a7a930fcfbfdb1b5bf18267f940c8767f65fc5b5dc","nonce":"d376afde51c7503de435970a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"07673204d9f12f600fadbba1d53404da15f907638dc31a5e1b618032b7aae2e25cca5534f31c81b7740b79ea5f","nonce":"d376afde51c7503de435970b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e3b51f70dc2ac5305008a05ce41a426c83c7de7d52c47383799adad0d52e1a7ac7a3898613174459d4cb579892","nonce":"d376afde51c7503de4359704","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9c71506fa35d7dd7ce2674ed67188ad3c1276cae1dc1e69c397f4a6b8a7b1f2ba79908eb2ecd47a7927235298b","nonce":"d376afde51c7503de4359705","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"83d92ceab0801bd6c8df2dbdc56c569ca7871547bdfed0e6e1b5f50c96678d56"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"77273b871f886b8097203dd2140b48148bf7113d17d5bbbf60bd10d96e4e856d"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"87a9ea0d49e01e146a4675d9517c844927dea372917428804dea904917987521"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c13a05ec99a8f8a25cd7c1701a8b147379ac7bd0f37b3828aac53ffcf9d235ed"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"9622dfd80b4bc2351537fe2b9be79ad0d8dbccf596e0bdbc640859a6a2c92725"}]},{"mode":2,"kemID":33,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"392313de2af8e90cdd7425d4697156193a193404771a4bbebd06c343f38d0e70f603f817a35473f7d8895dbdfee10b011f38f1f351140450","seedS":"e85141b3b6dd80a9deaaba957eaf0c51f87f231fc9086223b0f4f1b48c2b9e99385616133e7f0946c2de71def382a3433eb340bf6a294b73","seedE":"8ad8a6b5816e49bbbb1756832933377049ca46ace95f29cc4c620ac1dd6ea3edacc2d8c61b0c3a0c454c29168e35df5d308298226138abf2","skRm":"2aaec074e70fa0e1141d3e8b9749b76bdf23368bd2c9cea62da70544311005f097f8953716b64f4c4ee2a580fec672490838df96c6dfc179","skSm":"36cfa4929e60d2b0675ecad646e1b8b8ce02c9751bc9f97171ef59af12595141d0a3868c6249a67974857f0c3817321aa656b3611ec27446","skEm":"d8ef5a64e43264ca610d31d619bfb109f51b72f2d1778bf3673b001c762cf3f22b6c008f51719641454207675219f5829327e1cb05946e61","pkRm":"36392c7f9db1d4d36559f0ddb0f43e475df19a721323d4c2305070ca660e8e970b3bd358767749e249de2aa933ee87c2926f0b9f52bd89ec","pkSm":"f2e6d7e21235838e1a5a39d6dbeea837ab68ba3c72200e5b01e5db10a093888585cef01b3c8a667345fe69fd5033d303111163df85f5b571","pkEm":"9aa1866f86229ab58627465fdfbe0271096a5bc5b0809adcf9fa7c3da69ec23b63939db05ba7d563b64ac20f6661b42ec2096225739d2ea2","enc":"9aa1866f86229ab58627465fdfbe0271096a5bc5b0809adcf9fa7c3da69ec23b63939db05ba7d563b64ac20f6661b42ec2096225739d2ea2","zz":"4664415d5f01b20a9ae0181b8e0f713180ba4ece76bd94ea989b5bcdf775ed85364540ae44b4247ba837af2c6d19d1de903a3b207be17742eb3c06f6373f1312","keyScheduleContext":"02ed5b51ff9937e3c7e1f94b49824da3ac70afea7e7f89e2e212f3419880f1334f36c327586dfcb1023a92cfdce8dd7f6cb02f033197001ad3a1193a60376b3bfb","secret":"9b7d7d601e4cbbc5011ce0ed06f449d4e0d202535b5969c645112a9557525875","key":"ce910d3654ab5173d4f41321f172796e108fe1decdf96fcdd2ab153a78704c42","nonce":"c8f3bf355cc0f31bdb29d983","exporterSecret":"bf1610f50af2bfc4329c556476fc13d941d0a351bb457266891b38d24382a755","encryptions":[{"aad":"436f756e742d30","ciphertext":"c3ba5400da927685708875addedc83b7dc53019249fd8cd9a7bd86f3a9423bf14bbd188b8d372e21052b157d5f","nonce":"c8f3bf355cc0f31bdb29d983","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"331e997403fbb80829c4a9e8a8779a07e54b44014bd4329cd1c0ee70c8dfcd51f68cdbd3f0afb9634966e68644","nonce":"c8f3bf355cc0f31bdb29d982","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7558c7062094fd958f83724e9af057c7354166a65d11e7cc02d3bdcad5bc1e6835e50ddca6909587febe4ae272","nonce":"c8f3bf355cc0f31bdb29d981","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c03c4e684a085079f6900e72c941372f72891b46c5f3f2bde2f30871fe14d2839c0f9f4ed7c4cdfa615588b624","nonce":"c8f3bf355cc0f31bdb29d980","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5bcc2aa78e13da11782faac532c6ffe06584c57dec84a30e7505f84bf4062b106e25d913b4ad68df699c4b0bf8","nonce":"c8f3bf355cc0f31bdb29d987","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d3f4416b6819b91b16946c07c53770e9b57da77e9fe88b70a7a89fe5895175990e7bf38b9acef851cb71c1ecd8","nonce":"c8f3bf355cc0f31bdb29d986","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"c02d97beac4c4f6a603b98fdcc7f514b1224179eb85e8617b76b0d64f02ffcb1fb98bd7ddfde337d02dd181eb5","nonce":"c8f3bf355cc0f31bdb29d985","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"39ccacadd3fa386e6cbff7ec41a54050c8ae241272e32b72a876a3c3a99b224be5d9ef88db5aa46aa7c6517130","nonce":"c8f3bf355cc0f31bdb29d984","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"6fe9c0b5b6f0326ccd807cf3a7c83bd4fad6233deeb5fba28e69b84f756b51c11620dea349c3a9d824042f232a","nonce":"c8f3bf355cc0f31bdb29d98b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"b94f529631cf9702268e2c28a6d60a340fd62633fd1779c5884b43e8a695eab9f6c8ead5a4d95f9693bdb5e7eb","nonce":"c8f3bf355cc0f31bdb29d98a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"6026049f558243553290399d15b9296d9f76aa9b7bdc4d48de81da6c5bf2ac00"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4fad1d7eef160a2339b56371c9b08814c6989de77e39817061c6297889de92cf"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"a98e21de64276ab90d9cd399d6c36317b8255665aebb6ce7d3ebf64129d322b3"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"36054e3a417ba4b518a24ea76e31ff21176d024a6aa6b2001d35220bcbb22228"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"da1315eded520e58239d4e136990c612214bb1bf4de4e4e0ce47844ec51008b8"}]},{"mode":1,"kemID":33,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b4fa639abd3dc43911459dad07ca35e41dc2c55a392b5caced6b004804ee10bdb12aa8f7239ae0812e57d5e2e4dc143ba598c49e4f069119","seedE":"40e1b58c8396c45a5ce44a3ad4f6db734730e58c0c3555b2875e072e370663804ae620850914fefe46d233c3e2dc2ad201f82c5805a2896a","skRm":"ec57630d5eec85cc24ab3f0c2f4fdae40c3beed83c74519d34eb057ea8cfa7c84f3069cc8d2b86167c3298ac8cce03cd5fd7670d54f08f23","skEm":"3e52b02ed71ba2df418a19f8339372bc216fa2ca11ef8fc9ccfe0f38ae10fc53c31f89c086d3cb122ceeaa39ce77ca50c7ccb06d12c4a698","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"d2219c493b829920a71ba6a70e498a68570ca42f1f64568f7dc6f358fa95a98a5882a90a51a358315eac671fcef38477a77fc9b1674c7050","pkEm":"a3b836ff999aad66e1ea93ebed985abb4c4ab6d03df1573b9958bb4f35686d2d056603f94f55f6fdf6e7c85ccd5fa2dce65c947ff43753d5","enc":"a3b836ff999aad66e1ea93ebed985abb4c4ab6d03df1573b9958bb4f35686d2d056603f94f55f6fdf6e7c85ccd5fa2dce65c947ff43753d5","zz":"2cbc7464800343658633291f4a525de31462724b8cdeb8974beb73c16d41bc4735d5298a173ce51d59be99d84064cdb3f4791d1afe0aa298a7e3a55357186594","keyScheduleContext":"01c54e5b1dd672205c2c8b9e2c176d458c9057b588ca7b8d16190445052db25e282894d65c96a54e59b45e097cb00f88270b71d500da4d8cf082c66d965145e4f3401e19bb8a9ae3c6a96a7c6410401c6187a0ab4f5ce8de519a688cc9d84e92c6fac4c7c06107437c2516b317906710ec75d92e79d39d07b3354b3e7893d35111","secret":"1462df9b59de4e7a1fe976bd09af094d52834c3163ac5e1ee9524cb1e956d5b297f77bbecae5af1b4017240124b2d497b8cb3aa023ac97953a5f5c43424e2938","key":"690bf10d27764c915a9231496d617447","nonce":"f28deadd657c6b10fe31e996","exporterSecret":"21376dcc6c2f6d45ac3a749b36b0815ef28564af6d7ea2d92610a963ea3a5811b1af3207e70bfacea07e86033a89399cc326d4c406afe0b620cac00be3f2e053","encryptions":[{"aad":"436f756e742d30","ciphertext":"2998057577ddb9908f3b36dbabea721996157535dc9008ec607dcfa4ddb00df92bfd3a9c4a6e941f901b08b770","nonce":"f28deadd657c6b10fe31e996","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d5b76b6388af7aaa80a4d900448cf2ac11f577b5247e5fe822a06391735e79e15ea11639b73b65ff9062c641d2","nonce":"f28deadd657c6b10fe31e997","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"5ec8bb230de0677558717fee7d13a449210d91b6f682d3faa1c061ce562a86ca09ff6902bd8a3395c532a0b48b","nonce":"f28deadd657c6b10fe31e994","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b88b24013b85791bf362ee5bfbb2a1176e1ba5a31ed91cccbb64ec61d1fbfe8c76339cdad2e9eb668038e8fc51","nonce":"f28deadd657c6b10fe31e995","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"979e438f2afd5562ba5bffa452c40d7ccc1143e3f3dacf5fcdcbe939753d5796144e06b5b6d10564f920aa544a","nonce":"f28deadd657c6b10fe31e992","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"e374c6cef4f8df1556aca60f998b50f789cee3c5bf72a7cc1e975854e7c165a223631086a9894066727bbb505b","nonce":"f28deadd657c6b10fe31e993","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"2b17858cfe138fb5fd3982e81400b2d4d0dc5d0058790637c7fdb69df6c23ca93e71e3104913c5755e68f6929c","nonce":"f28deadd657c6b10fe31e990","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"65a956153f13c5d443dc16344570bda9f5500f5852a4fc622c754b61543a0a6aa6660180f5d393c7d81797c314","nonce":"f28deadd657c6b10fe31e991","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e0812893101c737502134df6aa37443fdeca89bc36c4c17b48c67e282f7183ec1991da3541a3e87d2fac1ece8c","nonce":"f28deadd657c6b10fe31e99e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c094820f8e8d0c432da2a89e72961e55732f978e780863963f9c33a0395cd1d4ffe5d3ad701e0341ad4b2a20a1","nonce":"f28deadd657c6b10fe31e99f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"7aa5eb7354d23dc767e260624e5d6756f72bfae247f533d036fabaed00f98452"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"742ad8801443cdaf6ae91d52d21fd9f534a44639ce030d6a0a06268749128ab6"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"61cc38d3ab53f4bc43b05592b59c22851f3a5e755c31323e10637a8b0c32a873"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"2aa48952c65f5c190a402bc88ce074148778a0f52229a7f2e9b9833301d741a5"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"15427b7da3db0eb36ab34a0982e62186f592f61b7cee6b01677c96147cb1b0bf"}]},{"mode":2,"kemID":33,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0f2efffe0cf61ddc539d97c9fbc312e9a2e883122522a2b199d8cb5d59833d5dcfd2564826f5dd2b4b8af75a3b041fb817b7892edd5dc836","seedS":"4dea3598ca5e33dd2f5ec0d807a29a22660f7a5353d9bdc89298c7de75a770cb1d37347f3b47c82507341fe787bdcd9249b6883bf174629f","seedE":"b4dd070ed4c4b152e7bcf3dfdcc3dff7c09d3f02348849e32b677e6eb550decdffc6c4bc722f9b6bd328303d146d1dc8ea1e80a09c25155a","skRm":"f83742d9f873d7258c785bf2d1a800be9a7e720cf4454263c89c18d2d17cfaeedc8c8caee104e2678103609c991b66a912f99a0f7f20414a","skSm":"4397c7c6e9ed65ff1211032894d68fbf01d59ed1d68a8f2d1f1891ee332217eac297fc46df6b0668b6cb21bece34cb64f0236fe6f6e68f44","skEm":"caf4c99876556882262e98825edbd19b59d8dbefb92097490ef71b81997ece13a84ee1aaefe11f6ddad98ec9c2b803c9f68473a03d24a690","pkRm":"48be30465f11741983423e1d39e2838e7dad3c1773b3a2ed22baa7527225a317f08630036dd5012913ccfad7e2f1d02301965a05d5a00c01","pkSm":"48552eae0546f2da65f5f1953196ece38e268b7a2831d23dfac00ff3c795f7fe53237ce00a01360fe833fbf3a2901b656eccd78a960c3996","pkEm":"e539a91b56c1e82efee0a371bf0c2137eaa9fec8770629e334e6ea4a631cfa218bdbb7f234e0931245deb30575844d48008f3baea8b4d00d","enc":"e539a91b56c1e82efee0a371bf0c2137eaa9fec8770629e334e6ea4a631cfa218bdbb7f234e0931245deb30575844d48008f3baea8b4d00d","zz":"90adb1147730fe9412e2a3c4ce7e266a537d29bfd23c08473c567ba0ce6287675afccee853ec908880b9f58f29dbc3de1fc8fd7f19195ab8cdc934e3d3b06e2d","keyScheduleContext":"02cbf449bb5b8b89e34866dae2fc40170dce18dd2b9ec6b3085ed757ba854e325dcd24af316de46f9442ba687191f7295b4651cac73610605bedfd46ae6a7be7ca401e19bb8a9ae3c6a96a7c6410401c6187a0ab4f5ce8de519a688cc9d84e92c6fac4c7c06107437c2516b317906710ec75d92e79d39d07b3354b3e7893d35111","secret":"6e73d486661ce3328be729bae557fe7e4f60ef20561549731fd84ad4a30de7c324e7a14e93f41bb2c3bec876877c597bf94ba3bad298dbfd84fd5d3f7c05f90e","key":"66deeb0c304155da68c9f29ec23fe64d","nonce":"62475f2aa26deebecf2b22ef","exporterSecret":"def0faf40a613cf810a48f57edbd4ed88f95a9f7c7c439917e12ba9eb7e20fddfbdf6a4d86c3005cbae80bed13cd80a1fe730ad15d40d06699a85f81cadec93a","encryptions":[{"aad":"436f756e742d30","ciphertext":"b27e7f3a5aeaf82a32d0c6beb12f379df3e8b60ab3e7af09711593db8dc06e1947a59c9cc4bf1300e97271e6e0","nonce":"62475f2aa26deebecf2b22ef","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"07823e1d097e586d90ca7862e5afec59b49569d32e924b449f51c0cc79cc8970f72ad85c9fe57e72d64baf15d8","nonce":"62475f2aa26deebecf2b22ee","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"05fbdb168a7a9d37f1a100d6e6a4da11a587dc42fe25da7e01326a9da6e142070c961a41824f4af60e3ec68052","nonce":"62475f2aa26deebecf2b22ed","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"720b7062d80bddaa466c5c4b78dc66e2ffea72308478b44d6bdf915448decdb262ac0615e2900a99a4bd62ed89","nonce":"62475f2aa26deebecf2b22ec","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"855f8fc6758e41bd1b263f9842841a87dbc48c775e8c8bc8a523a25b414bfc74e67db41467d3cbf5df3f437aed","nonce":"62475f2aa26deebecf2b22eb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"cc331837852078fe439cad64c9c77ea1d79137a25078a39712c4f61c820031896f95c9774293b39a1b6149acde","nonce":"62475f2aa26deebecf2b22ea","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"31db89a1cb73c7eeb54b03599b46afd4a738cebfd3119fd17ded16cde7d20eb7c2b3f8d5f29a9ea5c765e3b8dc","nonce":"62475f2aa26deebecf2b22e9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e1006ac5eb72025399b53ed0e817ad67838b4c6976b74844b778ab93998b559661ea6dddfcf40ce76cc7ca831c","nonce":"62475f2aa26deebecf2b22e8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"141122dddc105a40d810cc7b8c13c0c330c2f8a9efdb79724c510afcedd5aa10ef2b96cb8f5336777e078b6bfa","nonce":"62475f2aa26deebecf2b22e7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"cac5ba9069478b3b459caf061eaa9177757d05c0d1d705dd5d1bd159e447fd4f5bff18458399de2b433a3cef91","nonce":"62475f2aa26deebecf2b22e6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1115066c59427416b27220b6e3076bf35c09dab5346c3f1d2e3bd5e1c50b925f"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"18ff211735b31d1bd4cfbffd000cf75d334abc4ec23e7a48458250788b7d2090"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1ae50344c78eb109d1ad2d7b73ab13f1fca12564102baebf61f4e174a62ad64f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"3cb65832adccd8951ca1cd5e5916566d30920fb848c44e643fc4c2a13ad27435"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"a49c7a465b38db82b2d71480bbc899b9449f5fac3a4bfa7e821739a125caf973"}]},{"mode":3,"kemID":33,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"2616113b776081d66d1966180512f3f8fc1ead4a9b05bbc94b706cdb293ce0300c0a05e1f3b9952e42669340b879f699476b357a07c4e507","seedS":"1899b9ba7ccf199ee7c0602e483fbfd4615b944649c213b55fe4fb2f9ec03f09ac6e6d9cf104a9edee3c4ebdd995d3b3053631add5bfc2c7","seedE":"1a051257f823cb26c8677e7d029dbbc4faca884d108722a9d0e07da68a7102eae28886eee62abe55f14e7476aeef16f4de627f16d1bd9738","skRm":"54e4d22999390d768e850a287347fdb33925476553f05d6bb3cf7ef303e92514c30e83eb1d899214c35d768d2fd71bde1a2d15b8b56c96ca","skSm":"5cf3f3945b87ff9cc6f35dcfdb9cdb00a28a8a08a75188aecb7d738b2863459c0fc2333b21dcac45ef8668faeaa56b1488d6384f6b4ba8bf","skEm":"2282093374213baaf4c7365e2abfe0b7d1987facf5f6137d070eb66a0c7438afb2855b9685174f2831e41d120432ee6678f2302c11ada74c","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"b3da558c9b23160cb57aab9dc2fe8b10c70146f8da968baf1bd56ed5c9e426822c75a20f5b399bf45f37c56ae5c280bc4d380a3408c25bb8","pkSm":"8b04b4df9d5988fa78119852553347e950192a48754fa54057aa22323082088a090dc8de8d34fe3584b1e051c15978c558ab990c5a11f9f4","pkEm":"4bb6669ee06e74f010654caebd20c39f7681dd774c18dceed6cd572507362efdc8e22907501e284207f0942b2d053101346a6241382cff58","enc":"4bb6669ee06e74f010654caebd20c39f7681dd774c18dceed6cd572507362efdc8e22907501e284207f0942b2d053101346a6241382cff58","zz":"cffef2a95ee48fe378df736f3325dededbd804cb60c69e75e8c1c9974674c19dbc8065206f4b1d41cd81f5496e41a30b5a4c55b8b634a4bc2c6188d1ebc3c687","keyScheduleContext":"03c54e5b1dd672205c2c8b9e2c176d458c9057b588ca7b8d16190445052db25e282894d65c96a54e59b45e097cb00f88270b71d500da4d8cf082c66d965145e4f3401e19bb8a9ae3c6a96a7c6410401c6187a0ab4f5ce8de519a688cc9d84e92c6fac4c7c06107437c2516b317906710ec75d92e79d39d07b3354b3e7893d35111","secret":"b583adb2894077dd0f187e0c5743920d6f9353d2ad9dadadf68034f1d264ff7c46142dd449536066a88f5a69ff2420efcd19c3b2717d3f91429c41932a9309e9","key":"acbbf10cd03098a3255a02a9305ac029","nonce":"c60acbc41e265fa6d5792596","exporterSecret":"884f46f96fb0fa7f2c8e37a801148c550a89b411dffa089e9c6f98ff70fc99119fcbd343842dd4eb25e767be408e7b8abeb58886a2fa4dad36e5b67fcf1ab7ea","encryptions":[{"aad":"436f756e742d30","ciphertext":"c77b6ff369fe83bffc6578e200277dbc46566ff3b3e9c62182e8ae420de49ce83e0536fe4296acb6f645f51c4f","nonce":"c60acbc41e265fa6d5792596","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"5886cd4462b02fddb9f48474467cfab6161dc53d4861381ff6c3870fa8345cbbe1b9b1a78246a9e507203362b1","nonce":"c60acbc41e265fa6d5792597","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"af1dfe52027b49bd6d456f676e5c6a26df0208d4b314978b7aa162c2506b2547ecec028c1aeaee7e326f400bff","nonce":"c60acbc41e265fa6d5792594","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"8e390eeae7c987908e7deb1b8d6f93b9c7b3c4fe2fc020f255ee244143011b5989ad3c253ac39f9384c972f058","nonce":"c60acbc41e265fa6d5792595","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"fafdc67a3e86fa3a79ccd995a3643f83cb6071f01e4ff4ddb76e04cfa5b0b7cd2bf5c7ae52c9b5f2482d4998d1","nonce":"c60acbc41e265fa6d5792592","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"3fd0a0f861b1f99da10afd3f7280e0c0d1d0cd3412b11de1e0e1d8ab14da3e529dbd9f98d2b955363542f736cd","nonce":"c60acbc41e265fa6d5792593","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"19ba61b277ea0f1ae49700a10a489e18c788b9f9680d8eaacb10aa2df002257b2bd1c9badc001def83b52dc54d","nonce":"c60acbc41e265fa6d5792590","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"70b888175818545e073a20bb54a43e153a7515821779b262816ed6c344ef15bb0464f036d220302d32ab2bb696","nonce":"c60acbc41e265fa6d5792591","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a71198975d4ffad2d5d16c8e150b4e1c72407bf8c29723dc838ccad16409a5f6b9f270fe179587d0605722dbe4","nonce":"c60acbc41e265fa6d579259e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"1e45b5f4f30077ba28f7672144f659a9f1f5a31ca6c9ee4d348f8a528988f7ad527f43f93a9109a1f0b1806ddc","nonce":"c60acbc41e265fa6d579259f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"705bdfa7a1887887e7b4db61437dc93592aecf05c3ad95f38dd1c57700f20a2f"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"157ca57049d4baa33b92d5ec56512a759d9a8d299a1f6c7b48bbd68aa3cbe043"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"e06d228f0eb174413cc21917f08f7bd205b53f963abfd8d7a2da617e22232109"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"96c121284223f84989e7727a89125f03c770d4fcf050f8cd7e39f70937fc5626"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"114e6862d13aea34598fbc36bdefcaa9b305bc498ca2ae6fa729605d9a483249"}]},{"mode":0,"kemID":33,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"13b5e165c2cc004ba56cc0886c03f84612fbdbcd5f02de1ae03367ed24bae531900c3c67acc7b7adb58856f979ff87d90000000000000000","seedE":"d1b75bc7b211e52ec447117faafe26beef62cb5a49fe8609442bebc8a101b9802e0c3afeba1687c75792e493ad683ba5725833d845c2a094","skRm":"55b8b80a7ade8696a08b07786f71b4cb0dbd0285461a1a234e4f21880a8db9c3952d6a8c3b1be8b04f1e8dd07e5b642d87b6eadd238abd5a","skEm":"2bfb3bdfd964964452ef2f695d456cdf193ba05c0e50c8732b18e4536704d4ed67fe634da96c815a4449a4cf977baaf4c8ee41b38bdfbd5a","pkRm":"69e8bf62aa32c191976abe0095fdda952a60ca2699e661adfd025d4d5772e82f02a0db4a735fd3ab7c3765097c92ace8e0f4256cf32a4556","pkEm":"0d3275aed90f4b43c0fd8f056159469e4e6a571e18c3c074998008810b0aad4cac7ebb4821d21bfe61a9d414ea632987019423047b1f4ed1","enc":"0d3275aed90f4b43c0fd8f056159469e4e6a571e18c3c074998008810b0aad4cac7ebb4821d21bfe61a9d414ea632987019423047b1f4ed1","zz":"b5dd4b88bc6823eace7da65fd198d55fda273b3568728436a6b512ce2e72f96d3b7cfdea071c40c6f93c85de1fd339e84c8294afa7b93abfdcb5bcf4b8586ec3","keyScheduleContext":"00cbf449bb5b8b89e34866dae2fc40170dce18dd2b9ec6b3085ed757ba854e325dcd24af316de46f9442ba687191f7295b4651cac73610605bedfd46ae6a7be7ca401e19bb8a9ae3c6a96a7c6410401c6187a0ab4f5ce8de519a688cc9d84e92c6fac4c7c06107437c2516b317906710ec75d92e79d39d07b3354b3e7893d35111","secret":"46b54ddfda30adabe5387f3d46d33cb809f6b51d4717a7ffb0d3d53e1202e6e3ed93abd5eb7a88444d6eb28bb6c1eb3cbc5a07731fb3236651ceb260234c26a4","key":"41bb09bc8715fb8d0218d49b54c43ea3","nonce":"7353ab158ba6501782bf922e","exporterSecret":"3a08dd2c9e46e0466fe4f958aac94dde4f8a691a8532f5919046e7b9664602ff211d83697e9971f2a19fa9bc8827210414a550f6bbeb0ef23644c7a2b21873ea","encryptions":[{"aad":"436f756e742d30","ciphertext":"1b6647a4e8bd49c35e63586a39be09f32dee5ad955f08c451b8e77eebaae371f94dcdf8a51be868003d79db5de","nonce":"7353ab158ba6501782bf922e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"2d0ae1fa8361b31798cc1a4c50e38488e62e787dd6bfbf4f9a759fc3622920521bf9f0805ace7a67c1391f7b5e","nonce":"7353ab158ba6501782bf922f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"144e9df004fe47934fe0d07dcdbee7497eaa571fbc44c682088c6cf9c7065a966c2dcc805d5eed761da33c823a","nonce":"7353ab158ba6501782bf922c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b1bf7bf4e8cac417222252dc888bbc205ddfd775dea22b85720b02a74c28d9058ae0d44de0e0fb751cb7493023","nonce":"7353ab158ba6501782bf922d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"ccc8deb689cbcaba698a9679042566022ea9107f8ae113bf6d31ad70a11fd5a37d50323a509e2f3ec2c75c0b55","nonce":"7353ab158ba6501782bf922a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"8110c4c243144d3e1d8d16008233fc8235cb91b3027a8af06008e64abbdc301be0fd413361881f30cc78abb777","nonce":"7353ab158ba6501782bf922b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"607e46f873ed62d9c7ca5403b60aa336bc4a41d9a234085aee7c3270c8379e1d894d0bd7d8375cc496659e12c5","nonce":"7353ab158ba6501782bf9228","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"cad634ea4b5d34f57ae143c6ec8b680d618c72bf2033db7d69c1e87330baee59979d0c401579455e19561747b9","nonce":"7353ab158ba6501782bf9229","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"39ad93fb255308ca5d6f6fa5c406e7edd59e018c541b6c859fe7f1276590e7ebaf77152dc9f4b84513fbedc928","nonce":"7353ab158ba6501782bf9226","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"21c1779d7f5bc92e6ce9f2b23ffcf4426edcd7637dfa1664604753bfcb9df7444e99b5b2767fd08ae26f533bed","nonce":"7353ab158ba6501782bf9227","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"500df4edfd43f5b8a0849b0a48d99ae01ceb0def4fbc144ac7870d25e85667a9"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"c2d4d3064fb9f39d8aa61a3c414736e839c175537eb2d10bcdaf3f78e882a30c"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"5ed653b1d6b72989bcb85294fadd579937dc671a43e3bda43b38fa8ac51a8534"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"dfd8fd2090bf77ced7b6a24b1507f5cfd6dc5fdeb22c1a605a1781a4a7bdb085"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"b2afccb35320e2b351b96967835321bf5a40e65c667b7af1f48611bb935054dd"}]},{"mode":0,"kemID":33,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"bf6be8c63df0c3a38f10a87acf71b31adfdc97cae2a832dd01957d91b4e79bebc3fd043e33df25cdf647a993ce1cffcdac5b89153ed83f57","seedE":"ec3ea0b4aab80ad4c3b6f3e53837eaa2d8c0364f477d9199868111ebd2375ebfaf12badde02e7b88382f0fe6404616bd65a73d4277bb65f5","skRm":"9b21a4bb39a9782549d38823c6854f0010ab446586671323bd4351446818bae63cd6fb8cb31d1ac75550ecf639c90a02853e61c712897973","skEm":"3cd911413fcdf42059eab343e5571fcbab5f9092851ef2ab347ed8d2d9c1e55036691f6c92a4c9a60994c435237444a24c9dbebce960dd53","pkRm":"ca422b8d077d66c8bb9ee86da1b484ec4694c288e0748175a8793c2bfd318ecd97cdb9064f6f65f97b2cd1492e1da47d06beb63a8bd4f552","pkEm":"64100e0cf7d3558b2a58780c9eaf09bfe7a43c2603c866eb19dd4fb58b02b91be49283d0208e7de901daff769936e4aa2f76ed7767e0e476","enc":"64100e0cf7d3558b2a58780c9eaf09bfe7a43c2603c866eb19dd4fb58b02b91be49283d0208e7de901daff769936e4aa2f76ed7767e0e476","zz":"5137fe627d5d57c7afc658c255298923194e10dd3a22bfa6c6cd90907ff078803479ed152231ee399d0ed6d9811a00f37a084a510a7cf8c04507276ebcfcf218","keyScheduleContext":"0006ab4a22571ba508e45da859d30828e573ad2d87c11295c9b79e2813f0328025286b2dcb8563e17a25d1309780e345b59d53edefa74fcbf7b619b12f7c80f7955e277f8262efcc58882e48c4f84e98cb4281a84db820f970a2e60c64bc49fd947db6869ce4bfe8d6d04fc71851bec65d9871259ba54259acb13f32d26179b1cc","secret":"a749d433f6ed0b6b5f4bec69bf5c96c565d5c7377ee550306988dc37a2f3e134e7b0ed45652d5b329f36161ca1ab39fd7152fae73f21e884f0cbe99118040c18","key":"cd0d6f813b1945e616ae8149f4e18ffbcc1ddc1c9f5c68488d655b34fdadff62","nonce":"5b380ca7dbde8e6605775025","exporterSecret":"53a11f11678978277efc6df13c91c8abf016e11f2082e1a3b95bd236e67dbad08b7f00844e563a5ace922ebad39fe4e9bddcf179889d0e30bd8212081dd0df68","encryptions":[{"aad":"436f756e742d30","ciphertext":"4e153715199c5bbd9a75222b8d000a7a13643f2d5e33d12165407bc80a4823d320a13bcea22fbae61908f530b9","nonce":"5b380ca7dbde8e6605775025","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"43248c4138210c3b3015dce9805e24a21cadbe851f03fad272787c9fc7bd370dee6fd539a78b492671696995c4","nonce":"5b380ca7dbde8e6605775024","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b41a976ffcb752a73897dd593c8bc83799d71ccfbc75bbb0e93c41e006d92b185e057b61c68df64f3ac06a2323","nonce":"5b380ca7dbde8e6605775027","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1b7b5efd1cec1b15f1b1782928d0dc5db8d9fb10984cd15c07ee88c947576cd68063f9c4defce1697a1fe05f90","nonce":"5b380ca7dbde8e6605775026","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5da34ba04242cd6f9ed8e400869a465960a1433787a317b46e0c55355ccffb022174bc8ff34aac859fb2894544","nonce":"5b380ca7dbde8e6605775021","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"400d06912772bf6ca7f6c024ebf9429c7f103249f0a2a393a30e57c718198406343f8b9ef232d4a13a3527820f","nonce":"5b380ca7dbde8e6605775020","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"51b9629777d25a5922910416761bd1502cceb9c91e517fdcdd1cf89894d3db7e2f26e05c3c429060420488cb2e","nonce":"5b380ca7dbde8e6605775023","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"8f10b3631ab7eebf1a6e2fead119d3cc44af39b7f756c6abb72dd4b6db6a637005e15ce34b1fff96c315b55f8d","nonce":"5b380ca7dbde8e6605775022","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e36043954b350145e015f4d6ae0d77eba38c7594e3a1fe24432fe1e75541b3a9efd7bcaa3eaf99ede2e09465f5","nonce":"5b380ca7dbde8e660577502d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"18f2c407269707a5c59e158c73df74155c75a50c1d5b6d678bb5c6764bcd9233598b9edcb1cb3ff0b1c4b1809f","nonce":"5b380ca7dbde8e660577502c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"b3ccb68fd84a600d69e8c26543dfbafffa505b40009b1c533fd1e025fa16dc0d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a2b4a1cb1065b8340b9ad5ec0fd5e4e2de344b436804a67892cf110a89f4084e"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b5c20139a395a3bbce8026ca8251be839cdaf9a7d1bd2e41ec80a84ccca6f6aa"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e9200568363d2dda6491608f0f8752f0efe8d04c4eaf7e11fcb518d8fa89f7fe"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"2c926a516adbf408d33c7b8027ef34db9597fd723549bcbe931c24b914a8875e"}]},{"mode":1,"kemID":33,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"a88da11a0370cdd701a55b6036606b7bc7a99f9db064cb3f13d09dbb26b5cfb280e521515144bc56042ce261299cc78ed633be4a828af614","seedE":"faaafc6a45d511a616e966a167864dffa25825d95c9404ae96fd4744c2ee1d19ba9653a8f7bc1d93d636a890b380d669e2aab0eaaaa72d07","skRm":"b503032cb8688cc242453f5a7aa93b1a6fe55161394ca36e2a2fd53a1851a6307eab498c0c4458c1eae583ad63744fb9ad77947844e31edc","skEm":"6d3ac10306445bc29e45fb93626eaf9c7dca184c3ecef2e9c2e2062e21a1d3ff95e9e437e4de0e822c5338f6dea53244711f52f9fb7ad062","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"fe993191aac8935e2ea61bd89d22cee833d4bf863635b1b0c95cbd4a512a03ba7f82ddc059e61ea9ef4977926d9c1f208221c4263405e565","pkEm":"917d2662991f96efc1078f6a96fde7b617cd5568f704866bae1e03e26b64ddbbbcf67c43d4249a38e501e65b4e1dbc3c65d7237d8b8c6fef","enc":"917d2662991f96efc1078f6a96fde7b617cd5568f704866bae1e03e26b64ddbbbcf67c43d4249a38e501e65b4e1dbc3c65d7237d8b8c6fef","zz":"55a397a783deb98da1ef2f965a4c4122ceae623534a3f0db460c4bca8631daa578f24251d84da171c95fdc7389ff5e11befc7462bfac00aab356f6e5d8707808","keyScheduleContext":"013d6477855cd1c2ce864e843e54d33999c2f98fa4acae309ff228877ef764a613827cd87d6da8fcc9e4dbadf2e2e9c260c87165f865c47040a0ebe4015e3b6e005e277f8262efcc58882e48c4f84e98cb4281a84db820f970a2e60c64bc49fd947db6869ce4bfe8d6d04fc71851bec65d9871259ba54259acb13f32d26179b1cc","secret":"7415cfcb55c63f4426aa212f07296e252806e137d3c5a7a8fea96a4661d4331ed34ffc3687c5c92b1b5704a9850c6ceabc7b0dff46aa1b9482d3c5b7e0b3609f","key":"aa5337ee1a04564690cfcf6013b745a8a2345872dd0787d0e582a0539c269244","nonce":"b8bbc2630708911a2014da83","exporterSecret":"68e782c51446c5fb7df6b0f78674457e8dcb322e93c1b8409f744eb80f9230c704df80e871e8f0b902308dede78e532baae77f695cd7fc4adc08ed05a3ae9170","encryptions":[{"aad":"436f756e742d30","ciphertext":"40fdc2d176c807e89c38e2affe9fe82a4ffa991490eb94c5752ee31ba15d812b295cd996ef93f65fc7ff67d104","nonce":"b8bbc2630708911a2014da83","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"1bc91117493d03c47cb234fe91653b278cb519429c276adcf950511f477335e9a568ddcfa8ae5fbd0b41e6f695","nonce":"b8bbc2630708911a2014da82","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"3454fde9d4f2b8b5b549dbafb8a0dad7dd09405ab3a8d25e14b2d414260d70fda0646ffef37357798059499374","nonce":"b8bbc2630708911a2014da81","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ce9a079bf5271faa6264067c2ee79f12b2cec83342e056b615389a82174d9cb0c877c626c4f1eed7cd1b9e659a","nonce":"b8bbc2630708911a2014da80","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"f6b7ac6fc0c6dc8551a13c9e8fc8b1b5b37088c8f943f130f6e008482f65e916fdf9592fdb73e8756aafa82586","nonce":"b8bbc2630708911a2014da87","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"95de9cfa4810fb5b205c10ccf580b61c1686a23d399ab492b23c5a4b86007754ff0315491f9256d8a27931652e","nonce":"b8bbc2630708911a2014da86","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1d690ee4fa69a8859e12acf7cf71e02bf73742816714183c8385c2784352542e47330e5007532c641c86327c1e","nonce":"b8bbc2630708911a2014da85","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f2b4c49d7e2391954c1b853d0545c21626ae48de2de9ae518295e961519bf1260b3a0b2191c1808974db7ad66c","nonce":"b8bbc2630708911a2014da84","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"b724d92fcd4ede88d019b69fd817df1b4824d73ea9db439f653410b0c0fe869e7fa416f2ecb0111ebbabe13fc6","nonce":"b8bbc2630708911a2014da8b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9ab4e77794a477d4d855e26475877bb5e2c23424c0c427f61f8b4e1e4ea32dcbc869d64fd1bf0eb3c2c426a062","nonce":"b8bbc2630708911a2014da8a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"0442ee215dcd6b9e45edd1da7a666aaf9f0b1509902cc7d0d10b73ecf4ea43b4"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f9fbc4c08d79553aa96e8e5b3eb15d25dcab3e9980535506b0a2d2dcc83d853b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"cb73f3534eb39e5326f285e84631022d345031fb7cef19bd36f267a1ab876e66"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"7b02a7de0442a57662e2c9e31c827949b2bdd2888260f2f9dfce0539b1af8bb0"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ea1f68cae208eed22b03643372d822f85c28c478138ded7e7ba98696c92ce1cd"}]},{"mode":2,"kemID":33,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"796501489894a8af58d8f63b8041ccf52298ef7f7839ffeb9ba61f5f55fcfb6f4488037f6fc8d62f23798d392e3405ebd00993dac23dd109","seedS":"2359556191f9968a6f029462a786fd9945870ce5ec654e8b11cb7261fd44622080556b995fc2ecb20cc3b51860429e0eb427968b887564af","seedE":"687558b2e67cc9aa65dab1ca6c99a64f967d75c0de1d03dd43aaa4557c8c95393f51484bc41509cde0e6fd7247bb1ad997843b23adf46f02","skRm":"135929fbf54dad6f7ac11058183996873a2ae962acd3d3efe698bd33ba3b229d67b992be7f6c10332b20e22fade527181ff950ea87d80ad2","skSm":"cd8d3e48789f46a49487c52763630c47fdaee227899fdee67b947167ad4e9a921221516748c340c589f3386464186f9fee29990d3b5ee70e","skEm":"22b3fff6886ec97cdcf907bd2d3fb713b85c99dca408523986fa56f872b6d2f93a84fd2c5c5cd820148db17bddd3bf95fceb693803c25d7d","pkRm":"868bc50d0171f727a77dbe6c56bc8c1803c189012878667b823999124e081f9ce19649cc3cc24c7670769ea234d57590da64a1f919ccae8b","pkSm":"a0089d8d0f6a34a5bf5ed03b08283d45ae862548c84620b02443cb8cf1c354b3a14de59efb58af0a0f0e81ea674f9b55ce29e57bf6ff85d4","pkEm":"8f70050b0acf98dc06da59d922a2ad1aeea19c17685bb80744dfc97bcb79b243c6e63eccc51c3d15461796cb0b1d4694977b706075f71755","enc":"8f70050b0acf98dc06da59d922a2ad1aeea19c17685bb80744dfc97bcb79b243c6e63eccc51c3d15461796cb0b1d4694977b706075f71755","zz":"335a97dc9200a12a48ef523e9b3356319e3624e06796b124069460f153472e5c6ffa304d032208d1a0c099d84d976a50958ae623151335ea791d513c70886e2c","keyScheduleContext":"0206ab4a22571ba508e45da859d30828e573ad2d87c11295c9b79e2813f0328025286b2dcb8563e17a25d1309780e345b59d53edefa74fcbf7b619b12f7c80f7955e277f8262efcc58882e48c4f84e98cb4281a84db820f970a2e60c64bc49fd947db6869ce4bfe8d6d04fc71851bec65d9871259ba54259acb13f32d26179b1cc","secret":"f21502199eb9304e7403827e20a0053d1a9039a4d405526b78c9cfbd44269ec925d47c1104a35a534ad15aea850ce2f576a4b46d7a11e27fdbb9820dfa184f96","key":"6ae430ac4ddd73d6a49cf5fe904c4e2ff0cd3d1534e82cc91bf8e191329962c1","nonce":"92b06510f1bcb510990c04f2","exporterSecret":"7bc5adb9b6a1a183384411b0dcc256edfc498a5f76471befd5c897fda86d56ba3c0438636dfad3095432f179adf07eb1a328486ca6de924f2d9db2e763f67b04","encryptions":[{"aad":"436f756e742d30","ciphertext":"f5b656f3505be81f436e64e0a6eca934276e154225d3e38209d97c05350cb7bcf8bdaf70d5e559b3075540378b","nonce":"92b06510f1bcb510990c04f2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"7dca8e3d85dc4a69cfdd33d9a0da48a53652b122f6caa245542b2b915a6869ead2d64dc05c722a0b0c30b982d2","nonce":"92b06510f1bcb510990c04f3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b55cd670b7b8260ee96aeb5ddd8f2db56f77d3a3b947b359c8a6b8de1ba37c248bdc357c2776098b938e3c4ed2","nonce":"92b06510f1bcb510990c04f0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"0e5245eebc14ab49cec56c4bf154d9a33235e1a457462f755ac741fb6cda51ee0a4d7690ef328e9bf55f6ac0b2","nonce":"92b06510f1bcb510990c04f1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"e57de9998bdd3aa7a3cf59201070ef030560447e63dd34b92157e34159cc9eb081bfaba25eceaee4dbf0c7c583","nonce":"92b06510f1bcb510990c04f6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"5e78ff4e9fd9f770f9ef6ee9e777c4bf7736ddae26ce3b4d445a36a44d0436a217b3582014e2591543eea6e6f9","nonce":"92b06510f1bcb510990c04f7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"9186523e23595476b7956dad0e6653c1b0878008b7c44573ca1f53c532628215adc4655b70ad373dda8b4a28ca","nonce":"92b06510f1bcb510990c04f4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"b47fd5b1fbb158f18f7c3643af0200bc7d7041c6cb7910910072ccb3f4fb01bdab8f36117a2f746c43ac600177","nonce":"92b06510f1bcb510990c04f5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d919ae305a880267cb9eff9c77510af85eb27d1de1252b24e672a53112d403fbf1b2e4556954ea325b1cb4986c","nonce":"92b06510f1bcb510990c04fa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"04a9f58972db46e065c4ea710729216b3367ec222123f98b99713c26f79ec20effab0f1b198107ec04d5c542da","nonce":"92b06510f1bcb510990c04fb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e398c47b8d959dffe69c43ba785c81c1ece461254204b5b4550f6fe3d9c54200"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"818535184a009d9d539220810f3d6ee62b23cb5213edfee1c8cb6be452287251"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"bc3b69698fd58fbd4111878059d4b1016cde272cf0ce3e69caae06547303c57b"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b46f16351c61149897324f46f6a3c9245b40d99d4e72dcfdbdeb224fbf4e79c3"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"23ccd667a544ab2ff240137c1ecfa9e13652f7756a92313f7e44089211d93c1a"}]},{"mode":3,"kemID":33,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3ea9b4708e829b6ea50ef0e03cd612348a3e4d7517ba2a0e2700f8926425d705b2ee5131c828fbb51d1f035a32650bf1a27e32ff7bf084b4","seedS":"241953813316582e3bb89e67077cfaddd294542b349b5371e0ecd771218fc3e04bd367b832aa9ee0cdb2531f64d516437b90f44f7a3e3532","seedE":"a1ca4bcfba4df86aa130636a52798fbb8703b7fd60ab0a827212dfd00db2bf39fdaec9743d590ced3c158b7db7fa99d403df642366860a83","skRm":"29fce5d1694761adf8d927c18ca8cd4e02fec21cbf732ddc7e1fd718f6d294375cf6b7fef357724d76b3b3f882ee00b52110885e33006f37","skSm":"384d8f1567d905f7449e570224f380b932a37c4979e05f023754af4669bc289d32e9bbf0642a316f06fd2a577256caee826fcf63fafb75cf","skEm":"db5ac7c263b31814f086ac43f49d1da8230cc720fd819e160ab34c87fa719b7317ab61f414b58eeb7ddfa915562dc5f1136a8ad7faec9abc","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"57d863257c99e194d4fac85653489425be68f13efa692bdde2325df4e7ae756dce5a4ce163219c89d5bbce2947ed6e83ef73108ac8db85b9","pkSm":"dec9b84d58ce36aa15289b9ff946ffd5d44dd71570272b1bd0e72d7ed81cfa9d2961ceea153a2500ead79344c591210abd822daf39cc19f9","pkEm":"2ccc47b233ad00110f62dc40c649ee139f715a50c03f0d78a1e4367404bc1c5ff35ed6c8c55383aef6d16d0843debd1fcb92a90b7a698dfa","enc":"2ccc47b233ad00110f62dc40c649ee139f715a50c03f0d78a1e4367404bc1c5ff35ed6c8c55383aef6d16d0843debd1fcb92a90b7a698dfa","zz":"10d1d472c0dbfa9c0b09a099f90df1fec7e79e41fe3c4b42537d45116d9ea4ad53504ea70c5b30553e3a821907fbeb89b6cbf2b2751152896f1530d0928af316","keyScheduleContext":"033d6477855cd1c2ce864e843e54d33999c2f98fa4acae309ff228877ef764a613827cd87d6da8fcc9e4dbadf2e2e9c260c87165f865c47040a0ebe4015e3b6e005e277f8262efcc58882e48c4f84e98cb4281a84db820f970a2e60c64bc49fd947db6869ce4bfe8d6d04fc71851bec65d9871259ba54259acb13f32d26179b1cc","secret":"e25ff74fc323161c9813115c0d283002fdf5d38c0e30675a6347b922fc1e1df5d93113b6d5714bbb2387501cd242934d7f7bd3fbb46d81ab40521314892a3f9f","key":"fd4e1ac15784888c03143796d875ca1a07f1ee08d601ee7d9dbb453e1f8af823","nonce":"a7134e61ce77726db24d1733","exporterSecret":"46d5edb580035f75ce7ca4744beecb86a7e285f2eb7bd7ccb3da70099f91e72b25cfcd8ae153e96cd21a9930ec8db9ba6b71eabc7f17977a4d77d3c1bf35ffb8","encryptions":[{"aad":"436f756e742d30","ciphertext":"98db8ffac1fcbf965a2517b7c8579c8b125009ef8a14edfe774f4b41a47b71a613f77cbfe186047f699206dad4","nonce":"a7134e61ce77726db24d1733","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"f61bd7b01fe7f388df6877c9993e97421c07a8c9a9f7077531c61e43765277e8ac0dca2363936ffc58b38ac0fe","nonce":"a7134e61ce77726db24d1732","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0ce800d8fc1b32d631ef1607ead5b72d77ce2ff0c151f150c8fe6911009cf1e761971035baf22c3ddea093df35","nonce":"a7134e61ce77726db24d1731","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d61e9571e1bd426db7f25cc778192008f8cd21ac30b93437ab781eee216ab089791a638a556f01f3e65aef7a35","nonce":"a7134e61ce77726db24d1730","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"bd55ede55de38923c43c20e647f4b378a1e69a8dab1add5e9b5ee7fbad4b34a93e2bb00469d118f675fa11a768","nonce":"a7134e61ce77726db24d1737","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"772be4f832d9eed70d308e33fb9c7d61f42aba2679d2543eeebd2b14db912e650789d465c76027d2965165b79d","nonce":"a7134e61ce77726db24d1736","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"95f7368cc5565a801bd1e3ce09e8673443ac55b3bf129e2212f9e4815f6b37e1a2775ed58de98338d44e4053e7","nonce":"a7134e61ce77726db24d1735","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e2d45b4d185a316764235fc4c16816b23b6fbae892e7c0661215167c0aa34e5748b5d84b5fa7074ec2e3c6050b","nonce":"a7134e61ce77726db24d1734","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"9444a8a5ddb0e11d4e5cb8b8eef9db827772c225ef45e8e7861f8e591156dc69b4f08088eb26fd575186df581c","nonce":"a7134e61ce77726db24d173b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0fc0bce60e682b8a97a2ae41cfaaeca59ab3a016c82db05e3b18e069107160e41c30d5bde8ca298d42d592e2ff","nonce":"a7134e61ce77726db24d173a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"562f48f60d852dcbcb755d7577ae173dda07caec1bf746dfa1c3b9fd35baa51f"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"ebab0bf00beb5fa4e51af36c63609c8bd4ee76f4f6435c16008541b8f1d50a08"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1af2c584de3a651c091b3e0b8ebf5af3c8bc760ef8904d281bca0e088ba044d8"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"9c30dc56cda00c2496025dd41dd0f0c4d1dc4d1f9f5fa379f5570fafbe739c1d"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"04a3812f499967dd4d0b76eea8e766705aea3d3da71252b15b23937492880215"}]},{"mode":0,"kemID":33,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"773311987cca021e0ad043c2cd3f0ea784cd2388ad8288a597feea57efcbf850074c5863fa28201aad62fb0d9c054dde4de10537e971e05b","seedE":"60bf43f151c3e6f5fa00281c884b7a3e02386c2325c99e4f86c93c3d35adb28a8db3b6e26809f64330e4265b3601ca273c05bf1f74c630dd","skRm":"3e95f4e7dbf4af1c7f64570e42040cfb0b91fa46d0f7842d049b45f79140a5f7deab8ecadc372d8a2c9c1bdba87727759ffbb14ea6aa4be3","skEm":"7a619c58a2cf01db63605b8836de04d3ca1c9c33eb2e02b36ee5289c5a62540eb334778d5d66b43cc3c27c9faf2c47372d85c276e6268367","pkRm":"7d3a8b900cd817c6cfe77713434f0e371127ca67bcbbb6ae12b5016b3027d023ada2f7117848f68a6268d5025432569f2e6057da68f20f39","pkEm":"dc3d9a32b503137ec6c7f5eaf8ba389924def16897f55c2a9d475a96ef48b6a71fd42cb6a7ccebff91171fd07ded442714fe2b992ee26214","enc":"dc3d9a32b503137ec6c7f5eaf8ba389924def16897f55c2a9d475a96ef48b6a71fd42cb6a7ccebff91171fd07ded442714fe2b992ee26214","zz":"fbea86a8f6ddc27b45ff5ef0100a040813b8040c0d998b3c0a0d7c5e6b458176c848773ecc8e2ab894e591cc7f3a3a49d0a88c0d3a836294dbc0b359adda2124","keyScheduleContext":"0094b5dde6f9bf6cd272b090b3dea8e5463c0fdf05e935efa2358cf1888ab42977d7d22e587223cb6f59ae6ff0a4cc6ff03bb8dcb2a7e197ea536e405da071bce128413e21d6e3764d56a0e28b006e21ccd0275652290ba369a202ad1cc07365cda843a52863800c322f9883beab13f885be1ac28654d4d4eaca08757d01a34666","secret":"6cf4cdd25d028c7ff42773c15bd1f69c5d56ebe3e015a1a2ef6a798de7287dc33d6d4985890f355f65092b2ab8d2f14066398ee4e89f9ba50f0b69146fe6bd8a","key":"a9008406f83777b50c8b66db7dd971350f5af79effe1df2e4ffccb8974d9bed6","nonce":"d9abf3a1f83b9b439b7cbc4e","exporterSecret":"bf9e059a76550a74f0cb3968777f3f11f1601ee8d9706dfd9b509698b8b2cdf1415435cf5a32509e6c2299f8df7f91bea42c128268e4e60cc16694bd3699e8a9","encryptions":[{"aad":"436f756e742d30","ciphertext":"8a153b6d3952b167adb3acd39e6aa8998ad004297b15b93e955c88001d672fcaf49e778685754dd9d0e17a8819","nonce":"d9abf3a1f83b9b439b7cbc4e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"a4d7948e5658560e3f22a00368c23ebd9bd65ef67396a41f64d660d406c53c74ec291c7600feead4ac3c88661f","nonce":"d9abf3a1f83b9b439b7cbc4f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"53a70f73c885c579c2693e0dfb7e67985cb54fb2c8f13aac1db4789cb76b264f721fc7113f21651ddaaf6b224b","nonce":"d9abf3a1f83b9b439b7cbc4c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"72ab8ffa400b9005c069847457e2b8411520b6c9a83417471a75044db39f47a0c9ce8a9dc26547eef5835084d1","nonce":"d9abf3a1f83b9b439b7cbc4d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"89833b52d42bd3e432bf3bb40e97e545ae863ffd206e8ae65dd1377fd1a340c481c56056946500c2dc0f89f517","nonce":"d9abf3a1f83b9b439b7cbc4a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"9cecd3c12abcacd88a63705ccf80d3793cfaf86e2db2399866ae1355ef52926ae290408b71c98889e2bdeccdfb","nonce":"d9abf3a1f83b9b439b7cbc4b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"114269ee5ccceb422e62edc54371457c04085026ec9d99556ee5cde83af465e71c9795eaa9bc91e63a79e35ce7","nonce":"d9abf3a1f83b9b439b7cbc48","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e29d5364d8bdcbfb821a1e71849d3d6d50d7c1025f38cb46c50e27cdab3995f6905ed057d71e5684fbf97f7f4d","nonce":"d9abf3a1f83b9b439b7cbc49","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"dae47c007a262722c550b9589287dea65092ec15d0204fa14f9cf9b4d995e87f47256589ca967a78388e66c2ec","nonce":"d9abf3a1f83b9b439b7cbc46","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"34a0dc7a45b99560eb2b9f15beabd4271764de1a64b330a86ad322bbdfdd03d3c5ff29ec889cd891f2852dffd6","nonce":"d9abf3a1f83b9b439b7cbc47","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"6bd36dd38825b84261ecf446907315d1c59a496cdfd277ea9cc03a98bf5fd5a7"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"ef7817e6b38171cfaa4a6b56192454258ba5ed4bec26ccc5014cf9b757e9d977"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"37678ba87d76690e196fd5f90b5fff904623551dcb9e7d1122309fd183ab3fe4"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"cffaaf9dc4a6dfd0678dd39125ff532b7c8411db2501d44728083cfbcf435456"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ff38d646f2148882fff9761676113341fe04cfde29caf625ef945c82aac140a2"}]},{"mode":1,"kemID":33,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3c5e1aab6c48f2cdc7fecfd15e077b4894a317b59fc4f80898ccbc033fd68e1b4bbc3631e569bc7b9fc58e756e3d7cf7d460d46083b4232f","seedE":"a8e95f47fae1cc6334be2ad52164c839648dfbeb3532766b399a5c8154d818a1cecaf650d48f1b760a33b1c3004389b672fd98234476afe7","skRm":"781dcfae9784de3aa4fa0a89ee15a8bd223d034eabc99971850cd87d73be9fdca6ca61dfa0644eaca9f883866d9f7df5b974ae36e909d740","skEm":"c7a09cf993cd4f1f9fbe9e7bf611868fab11dee77cc5e4978dac1e3c20f07c6f8348eca3fe329cfdd34e726b19010bf6fac0fdf87b10692a","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"cc1c830b88584fc98d52fcb6da355866d8539d334218b1ce9a951b487434c48fb164e3c3bda8340ab84fad1076b20b232a1f0280ef53b935","pkEm":"8acb0d93d78677711eee89d8eecd20f2bcc5de6172d18535248b51b35f0b0eba15704b14a370f6260cd0471e3598017a68ac5aa3874fd58a","enc":"8acb0d93d78677711eee89d8eecd20f2bcc5de6172d18535248b51b35f0b0eba15704b14a370f6260cd0471e3598017a68ac5aa3874fd58a","zz":"171a83668087150e488ed56956f28a9196cbd987168acc7cafb3e793f050414739eeab46384d8e0a91ae66674188ab3a867b0e1fbf8bcf9aa391b166f83275f4","keyScheduleContext":"0168c13fef8839eacef076df6c8bdabff6a9c17437109dbaa873555895998cef1ea2d3ac1f0e1fc83b91061edd6d044c46234a66788fa6681137c5b300871b313b28413e21d6e3764d56a0e28b006e21ccd0275652290ba369a202ad1cc07365cda843a52863800c322f9883beab13f885be1ac28654d4d4eaca08757d01a34666","secret":"bc4d47ce5101dcebccf75bdd558f57e6a854e1d7de98c3cd359e38fb50f6692f18d716f075282422ff86f2712795f045dc2b486ef7dd3967b5d8a52d4baeddbe","key":"641b9c908d22ecc5a80d4d9743ca5e490794a1c30e66b98b0bcc1855acfb7d31","nonce":"9460e6130c9a84c9269d5de4","exporterSecret":"7a6707d7f074966f9f0726631878223c9beb78ef367b6e6f4578b87c61171fe73628af3512ef0a76c4448db93273d402567c2b63bb04effdffa6cc1a1e5927f7","encryptions":[{"aad":"436f756e742d30","ciphertext":"e87df6906df70463376669dfed835e11b2110f7c8ff3dbece8cb599ef0b0cc7bcc3329fd572f2abfa953ec44da","nonce":"9460e6130c9a84c9269d5de4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"9f34f7a46f557872ae122ab66b7d29dd52a2715070f10488535cc2fe447b9432c223b7de952a04f612a07d8bd8","nonce":"9460e6130c9a84c9269d5de5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"521d81f3eee81cdf900569f33fdf2e7b41f0a91854faf6ad3f1042885f88ab9a22b2c8337018a4560937a9030c","nonce":"9460e6130c9a84c9269d5de6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"32f2483c7b3c6c3e51cdc1e6e0bf691c60cf62ccefcc71f2e9fbfb2040a90f45d5837834a66bfdbea95f676054","nonce":"9460e6130c9a84c9269d5de7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2d99821a05b3f2c49548ae4bb9a4078a035b63c0788d2c5271d9c9fbf7642a3ea5bb4cd5d6c6e2efa04ecc5c6a","nonce":"9460e6130c9a84c9269d5de0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"0396245e8cc322010d7f8d32f21500017038120d13a1f001439e1cc4f1caf4773cad4dd7318e3d886de1036ef4","nonce":"9460e6130c9a84c9269d5de1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"a5e7d85c96fc68d9d20b4c3b53bb406b89983f7f69fbe87fe7078bfa414e2528fb2aec7abc7856a35383c7ee29","nonce":"9460e6130c9a84c9269d5de2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"94a828ed0213ed473d71f25dbd7b4a4aa40f2500222f0e0ad4dc3cd5545418b83688c55baf06b95b783a520742","nonce":"9460e6130c9a84c9269d5de3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5151a44972ab74466f1bb152471ea22409e27c81659d748ce5eb2d3de61b4d2a7a3d5c68cdf8f69b6db48edc64","nonce":"9460e6130c9a84c9269d5dec","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"87a8aa5470b90b476c2b13306b5adae29e6e71580e75bead1e1fd17345fdbadfccf4292b74e1817f7a9c09cc12","nonce":"9460e6130c9a84c9269d5ded","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"98e9df1aafc0cadb3117e3afe73402d0fd2f28c2fb3ffd4ffa97f32a61b3a1b4"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"fefdec317fe936c4bcc7201bca910064fa90a7b76d77ec8735f2b28c68c73759"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"367e0971516a4f4b4f2cb1c394f02232df55f463d3406c68d491dc12182e2c50"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"1922b57fcedcb9c3100d054322c1e8597b9d3e668bd4b9b06ed4d7bc9718308e"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ce5a742ea299401a8523a0371fa0f3d54d0aa0b97150a3bbd20fb5c82473258a"}]},{"mode":2,"kemID":33,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"fb32abf0997aefbac48ded556120eaca7c9ff7bf0250bb2a7b22a1fc3a418b471b2814ee7a12970b7a8402f861a430c471f76f39bcf3b518","seedS":"8b28358d1817857f27442ac83f0526710e9ddab3f2c59c21416ee2dce04580b987cc399af980b196abe3ee7b22285b8b18e49885f77d270b","seedE":"528fcffa43b1df019bb98b4db3260df0c5271ebf85f96d3e00930f31223c950e8792ae358cb77652af917f9a0d65e14e1716f605c14e23f0","skRm":"8a58674b3dc4061955e084ee444d4e38e3b37a5dfda1aa48be64291ad37b2aee95d6c8f994e041b8458dc3b9a11c5b513240171fb20e8c7c","skSm":"60babe81261f616498b3660783e3c096bf212871d1308122badd95aea9288eb1a2fc0f88de39cac9ffb7a3eb0deec62e252df67e4c0d102c","skEm":"0f8d115aa0f39f8a4c803d3447c389eaf92a7b93bbeb14961214399ff1e7dbd16ffe1a18f827dfa5979fed259ca9b8297d34d1e82cdd6f84","pkRm":"db996e2c0be4c35f939a97bd5735a562425004c675745c762f46d11c94e0b8f3982a33e073f843a27f277af9928dbcfe4936f589580c0557","pkSm":"7f61255b053b135b3def525c477fcec454e636e3b390c630761b503e32fca90d125ad1e6bb45b65960501ca3305c7a0eff0573aaf6bf61c7","pkEm":"013164ce86971d039290ce166e5b7d7d2cf2eeb4834d2ab3f624fde238a0e78fbed3264b86b286535c4468a92e591cb5acf7be013604176b","enc":"013164ce86971d039290ce166e5b7d7d2cf2eeb4834d2ab3f624fde238a0e78fbed3264b86b286535c4468a92e591cb5acf7be013604176b","zz":"17bed8bc80711a9e6202815733d138c7d87daa626e0f7a628b4e822f7db2f1df3fedc42034029aa274f7b28db8aae688ee756d08f3761e06917293897e125514","keyScheduleContext":"0294b5dde6f9bf6cd272b090b3dea8e5463c0fdf05e935efa2358cf1888ab42977d7d22e587223cb6f59ae6ff0a4cc6ff03bb8dcb2a7e197ea536e405da071bce128413e21d6e3764d56a0e28b006e21ccd0275652290ba369a202ad1cc07365cda843a52863800c322f9883beab13f885be1ac28654d4d4eaca08757d01a34666","secret":"416c4d4bf279a1e7e27ebea9bfad288942a1299cd7318a586a42510f6fcbf6f4f04f9cb9687fc284a8a3854b37d21f68d6cbd7ea12500eeec3db742a93b261f3","key":"47e2561363fc96fe8e0d39b99406b48ff91f3837ae760dd6fc6604d0334aec50","nonce":"cea54c84246157c286d95747","exporterSecret":"6ce7fd2e0de4849c3f43f1aeb11f6496c5716f6e1e8bd19f8407858346379fe617c12af6279bf5b8ead293aeb4ee06779111c857b62115dcf17c2daa9cb81ae4","encryptions":[{"aad":"436f756e742d30","ciphertext":"5f34c16266862c9c94c8063d704790a2e60363253564ab89c9e51bd5eda0e2e9019df974f3e0149f498d4c1f06","nonce":"cea54c84246157c286d95747","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"b164ccaf73aa17b4298bc6c9c2dfd910f3727e607c46b046ae3b850e9f7c461fa1352f8ea2bcafa4fa0e095605","nonce":"cea54c84246157c286d95746","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"80979c550e239c97a752054c11f218f0cb96985f569aef721bf1981c928b6342109d9648753a7a9f647157312d","nonce":"cea54c84246157c286d95745","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"fec420d2c5b616e8fb1a19f2d7d16f30ef068c1621fa396859826613c3fab631b44747db9c3429a850c7bc7562","nonce":"cea54c84246157c286d95744","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"7ff7e8c25779c03dd772a35ff408adc42c29fcca593bba132d76d8bb9571de66efca99c77d9507f50218fa5cca","nonce":"cea54c84246157c286d95743","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"ca641e4771a5e7932a1f0058afc356f1b02edf6c97256939066ff2b7fc287ab2caff59861e151c399da9fb3bef","nonce":"cea54c84246157c286d95742","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"e9ce9168ca83296f7ef3e2706d015fa6c81612b9a9089e059da38b950787614a2108bd7be867d1c3ca65969f47","nonce":"cea54c84246157c286d95741","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"c9dd89a66246139e8754df77391fbcc29f0b46983177d64bc823eba707b222f66eb3a31e4afc5da5c7bf4e91f7","nonce":"cea54c84246157c286d95740","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"7def88ac064479bc8624fd9a865142b6c7aa05e8b5846d6c354e5a7bbd6f9e20ed6af6efa5839316178a20c8a1","nonce":"cea54c84246157c286d9574f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"d7e2985d07b8ce101882cd413588cecf23ffe8ee1925dc732874bfb608dbac5101b41dd380b9e33245cacad221","nonce":"cea54c84246157c286d9574e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"ee124b612708862d679a995a427c07e7b3a1dc409b3bd83853a5b1231dd49394"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"c4d3aec86a615dc5daaa8b6418f187290954875f0f16b54cb862845c0eb2eb2d"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"30a4f5023105f67491c6ec098343c38abae9e19ffef8e50ea299408380e36e5a"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"018af27895c8faaaae0bbf5b0fea3ca3f3a11ad7c69e2ebd1efb98d1690ede71"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"07f1c0f373eb58d907540cd6fa29932d0ccf6c208063ebac49298deab4854be1"}]},{"mode":3,"kemID":33,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"9579db0b650bca44e3f6c48cdceb54d318e45a5b02ac7d40f9835c6f20685d89c0d8103907805e591f91393f4632a6f951d8c92a869b9c86","seedS":"2c14be8e64a408f168725cbf679198182e7483bf1aa0f7ed35ec28c9385413cdcdbfc0cc75a9d03060cae37651f141a835b1fee6c776c3ab","seedE":"93585409f39f7dc5744bfc135c8f3e15e4c9403ac2c0e7089b6a7ed8f9bd3d160af5f5ed0f0ad8a6a3332021e624304d631da745fcfc85ed","skRm":"91a46765b97ba0015e868513af7ae742627f3e7f4b7cdebdbcf01d90b2b8b1f0bd6aa08b0139d2ed9e11e2754fc3593e2cdf113d2ad80ab7","skSm":"1ef1422a71787cc86c2f6a5e9401e7b7f3ced4ca1e1c9f28871d89a29a05a7ff87c5a435a3d9348f3bb6188b19b310ec8d44b7b704dee438","skEm":"26436e6151a4b6e8e872519be8ccea627ffe2ef848488ec1a39c83554be831fd47c20a3c81af2a5ab24cf1054a462ece2accd878c4dc03ea","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"497c989bf13d912359efdfed8a6140c1f03627598627044c72e92bde13a106d30cfa87e2b5addc70164293435e25aa093fe8da95f0c451c9","pkSm":"dccf8d9af68cf21c0fa596f9f16e634dabd606c8f4f28faf0da5a6f57d5b893464e7ab97f62bfbd6e797578a6f18a73d12016740a0a146c4","pkEm":"d74c97c9883308a70218c8e8668149a622884a2e4e10c5b7b985d11e719e7ebb7b191f51c26b9f9273874556ac55841bf658fbc38052f69e","enc":"d74c97c9883308a70218c8e8668149a622884a2e4e10c5b7b985d11e719e7ebb7b191f51c26b9f9273874556ac55841bf658fbc38052f69e","zz":"b785ff21fdb4d1c6c0cf7e38d9c444a17a78d0c2e27603db05f4467ed11e6773e09bc0dc304d13034bf5213b609f9635734227c810d353bb6d3922aa7c8c591c","keyScheduleContext":"0368c13fef8839eacef076df6c8bdabff6a9c17437109dbaa873555895998cef1ea2d3ac1f0e1fc83b91061edd6d044c46234a66788fa6681137c5b300871b313b28413e21d6e3764d56a0e28b006e21ccd0275652290ba369a202ad1cc07365cda843a52863800c322f9883beab13f885be1ac28654d4d4eaca08757d01a34666","secret":"4ca81aaec4ac7e5408d0a4d62f199406c33b5ec613572c5a1f7d89fb71d29cfcf7e91e3800f3f2df3bb31cb35ae47a6512d17956ee83865d789ed7407638db4f","key":"4513872831a0fb06e251cda948793db6417e9edc1357295c9905c13fbcc7e6c3","nonce":"7e54dbb57c10e2a9097696b0","exporterSecret":"575bc5397be880976d11845be35cbc0eddda686b03a2d14736e1e5db25e843372b6eb3c29bf399b3408a381908f8b2851e5ab0ffed8c64d4a36979bd3faa30b6","encryptions":[{"aad":"436f756e742d30","ciphertext":"43db1bb30bf6f3fb70bf30a9f650055dee5334283e3223da2859116269f46bff9f7e714aa9b4d7c3053bcb314b","nonce":"7e54dbb57c10e2a9097696b0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"f95054bef7ba837b3eebea90b52144c549e7ce2ee7422ac9ef86d8c89f1e1639d358b225d600b146fbd49c8553","nonce":"7e54dbb57c10e2a9097696b1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"afc9b2ed791377efb654377f789d6b5a4d946888f33b8da24e51799bcbe049b195055f29bb7f602460c6d353c3","nonce":"7e54dbb57c10e2a9097696b2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"a3fc0e6bbbadaed922ef5e354035a7db16d2fc4ae1a79a2661e7837c38d10fc3c01f0e303ca865b44b3497f9d3","nonce":"7e54dbb57c10e2a9097696b3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"fa2b1cc190592561a70bf9211a28c94e59823520efa18b161028bce5de0a01f5a6634e2ef7c33aef96eda9c344","nonce":"7e54dbb57c10e2a9097696b4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"efb6388c6e0a9f46a7494ca76dc2cbab24930831030154304234153f7fc833e71ae60b4cf37f7f30ca9e743471","nonce":"7e54dbb57c10e2a9097696b5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"e3b68f9d87a62a0a5b1fd466bb93fe0f774244797a62250405c08afa421eeb4a385e521086454c54681452b4eb","nonce":"7e54dbb57c10e2a9097696b6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"33688c3913ff93a0a66c0b91b3990c876cfd33a7c09cefbc7c331e0570b3f23f065d2a6c39bc3f23d5448e525c","nonce":"7e54dbb57c10e2a9097696b7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"0b7c55327ddfa5308c02b8e85adf5bf9e2ce7ae0b06e80c31eb608092391290b009839d474f3695c24e75acb76","nonce":"7e54dbb57c10e2a9097696b8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"935b348951748413e45681cc3aaaf94e93430b02988dd282ee0f0c8906813af67bf26454696a3cc297150a186e","nonce":"7e54dbb57c10e2a9097696b9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"86ae52c4f9cc32dd5b801e550d4c9cd07380a80be4c6855754fc766e736d8824"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"0f79a6825a32111de308a8628f54f930fd9668c4f1d6ebdaf9fa48745996a1d5"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1a2d821ccff61b31be6dc91792e91ecd4fc9d434e7a3f98a848452d68dad6692"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"d85ec4cad4d6cb62641d737d1279d0c02becd2ddc4792d426aec87e4f897bb75"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"cae26b8a5250daba2fa8312ab6eafc570500889fd6d0f972e867b762f3075dbe"}]},{"mode":0,"kemID":16,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"fd8472c1450b15ae078be91f12b951149a851f4da782a0c0e9db19612990e9f9","seedE":"2df5e86c1df01da4ad46e8ed41c74f099eb3c8d93f00896f70f49571305eed9c","skRm":"4748b3f9f3dd03b5cb3a1619cc5cddc2ed5b70605de52d136ebc0001287ed034","skEm":"5867eb7b812dcdb2c6b6a2b80e5953723ba86d8e9f31ec23716f8482ed9fb177","pkRm":"04afeaa92aa71fa8aa40b0ff2a7413ee5f4d861cebac0ce0d383fbeb58ce0f1dc932e4ed5b6c0481c7e1a04019bfc90e11add8c6509c1125b9c02612f90a1ad3df","pkEm":"04bbf2f400b2e54c85df0a5e342f13ca6d5879a8d4579edbccb6cebe5c6f43f4649c2a9a54f181113f8c3c2349c8ffbd2e1fb967bfb95efe218f51db0cc346de93","enc":"04bbf2f400b2e54c85df0a5e342f13ca6d5879a8d4579edbccb6cebe5c6f43f4649c2a9a54f181113f8c3c2349c8ffbd2e1fb967bfb95efe218f51db0cc346de93","zz":"b404bfbf8f6acb91d51f6cf50dbf1d37acfe0f9a88628694f5572e4c6421bf21","keyScheduleContext":"00e0dcf00f27a233e6bc08a1289e07973ea4c6c2f9bd940420c2a5d088f5ab42c6a6681b21466f477ed6d484a65f575c97c76db906c1d59a3c077b833a271c5f1f","secret":"86c8c6aab49eefd2813f0ecde8e81c1c8b7f17e75f19e35442c90ef4815c49a5","key":"48b9243d7a8f8937aa3eae2efa633501","nonce":"89f8032e5db8b3a9b3a910a3","exporterSecret":"841a22e061ea43fc64a35485230c88dff04df25b7f41098bd0c531590338a1bd","encryptions":[{"aad":"436f756e742d30","ciphertext":"a339992013bfb46ef084f698e4912c3039af55a491dde5e72219be0a35f2cf38714dee46a2c95f6c981ad2bc81","nonce":"89f8032e5db8b3a9b3a910a3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"9bd5a58920a4acdf6416eb9bf44b184a7f7a46ef91e731661fc9720e990091e3ba6feaaf2c3ef56802d9e0ec9f","nonce":"89f8032e5db8b3a9b3a910a2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b156d40cc31fc8ba33c31a5265475ac9301eddf908ba725e45de13df88e24af2bafde5da1b90fbafc1d648134c","nonce":"89f8032e5db8b3a9b3a910a1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"374814a5f6affb493b930d41012a5634a0da7c528c1da07209516e121cfe04d590864d46f41fbefa87e58ba9b5","nonce":"89f8032e5db8b3a9b3a910a0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"4a9c3f75cbf5790d11a26767b5f64902bfbc6509b210193761db4ba4171f00e69dccd489164d0e6f2fd9a990f6","nonce":"89f8032e5db8b3a9b3a910a7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"87ca5862e0a315327a5b324cfd09c8870381206d06a724813249cc069ad66b0224c17d6721720ffe8fcf7c4a58","nonce":"89f8032e5db8b3a9b3a910a6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"5225cece95d927c657ab7785982c666cb884925e22993681232332140c21154a64dcc0d9bf7e4dc0e8791f1bb2","nonce":"89f8032e5db8b3a9b3a910a5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"17cac24a5eb16a3ea42cb94803a4696e9f7ec257b2998e75fb2ef69bec2c1fb5737d13a5ec739a8e79b0d9d6c5","nonce":"89f8032e5db8b3a9b3a910a4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5980b620f34e5154fbd854fb4e3a660b055b269c2e9274400973f9249b56840289aeac9ea6b2524d072b8240a3","nonce":"89f8032e5db8b3a9b3a910ab","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"294ba66b3c9880aa21fcde43981b1514a16b73ccc36b9e1e438084c9c58d7f61711b1a36e60eaeb35b5570114d","nonce":"89f8032e5db8b3a9b3a910aa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"56a43434cd73638b2a7fc277dbd07ac5583a16240c1b341f19f4cd17267a56b6"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"b04a76396ad11efaacc0dc723fdc059859f11e77ed8811d4b22a651141847857"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"055135672272d296d7d88bc6980319957c0982ce474d20890d682137c418694f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c6a7048eed59589db75883e50badda62193b2ce73c058d1dcef17893a02ff17e"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"a58f657cee6ba3a5a8c11b5add5f23638387b5542a0038ae264eaecc2810e165"}]},{"mode":1,"kemID":16,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"9bdc0ed2d5e213a03787e1fb2fcdf0c566ae3d6ea0f3d9ac58c6139f17e38e63","seedE":"a14de6a6af07d0c99a16885bd373ee1e52b558a01696e2f1dc95518c27547734","skRm":"782e4776fe8f1218382cead3d8fcbb49ec587ec3239aa12efae61f98c5da6082","skEm":"629e48d98bc22deab1d8f00f0407de557eb6f942029296e5d18b3c08b81e6734","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04cc0d62185ac3374554f54481760d19a5c27be89f093b552bc37340bdec8658eda9696a8625800b6bc1ef14d9335eb533d98df049534abf00ce5856cad34e974c","pkEm":"04b133250fe67fc7515f3bc896c805263748e3419a1bc27026c44f718254cdd0b059f1b183ec274f911f252f1b923487600b48fbbfd8121ec5c33f38719d85a17a","enc":"04b133250fe67fc7515f3bc896c805263748e3419a1bc27026c44f718254cdd0b059f1b183ec274f911f252f1b923487600b48fbbfd8121ec5c33f38719d85a17a","zz":"ec872a7720c29868743a4ac497642b99d2f2949570128c716b8652971b41e8c0","keyScheduleContext":"0181ae34db4efb62b462aa17cb9d7a0b1986b1a404c76cf4bafe3dec690d5d97fea6681b21466f477ed6d484a65f575c97c76db906c1d59a3c077b833a271c5f1f","secret":"c5357fb9d30430847830fc1161af5e8b6ac877e5e26c7dcc7454687d192d0541","key":"2fc357b77491d0de800bbda785e865b3","nonce":"b53f0b112c17bf32a0f95f23","exporterSecret":"776f756912c4d9fb82abb6c8cac99e3013f1f56d87fa9819ad979d773b28b7f1","encryptions":[{"aad":"436f756e742d30","ciphertext":"33d0ad0aec9d6a329efa8eff3d8dcb8c136549631212afcbbbee04b55a9aff35e112378c1078dce240685b189f","nonce":"b53f0b112c17bf32a0f95f23","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"3d28f40846ba302878bac52985f4ef08951c446abe1ab33ec38f7b6e84268a1fb857c01e513eadec3759f02fe8","nonce":"b53f0b112c17bf32a0f95f22","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"126e24d8a636680b3e9580d9418083f4845f4d97bc85177f5a57098b5139dd0387d71b46b9a52a6c879fed9987","nonce":"b53f0b112c17bf32a0f95f21","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"2ed3aa8fa7de329d26487bdd9dd5354a6aaa6d4cedf3144e5e5a79cd300f1fe854c503adf16a0ba419b8254fa9","nonce":"b53f0b112c17bf32a0f95f20","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"a234b6c1c4efe8d69df543584ae9e6a876f001a0ec2ae411abdc5bbad71c2016dae4d98e6c85c396abb512f5d3","nonce":"b53f0b112c17bf32a0f95f27","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d730e4af0691a87b91f129546b4f31773d4b1ac79eaf624f406de77f17b85d107202cab2acfd8ce0808cb573d0","nonce":"b53f0b112c17bf32a0f95f26","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"5373038c85a46bf3908e0bf1044804f2e35ce92f3835dc07fc5b0adf8f3e3d49fae512dcb913020fb0c842ac08","nonce":"b53f0b112c17bf32a0f95f25","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"7ca8f63d8ac16164308481eaf6727bd50483948e9d35f4327ec12fba18b5536ec3b9baf83005e3fb90faa5c7cc","nonce":"b53f0b112c17bf32a0f95f24","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"11a6fac99ca4682bc0fa6396e9531bda2f94091912d1c44aa3b3c78c29391edbf3d5e5160d9fe138510775ff47","nonce":"b53f0b112c17bf32a0f95f2b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"deee7820732b63a77a0a257c4dd64158f5fe24efa796ded6c509e5be213a8d96cd7f5cc90b94ed3e6a1cd59485","nonce":"b53f0b112c17bf32a0f95f2a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"8e5cbcd57de6b86d172575e0f1bea7d798fc73780092df5411f8fe93b549566b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"05ac67732d83b0b7b83ce46dbc351d3901aa545f33ab4b14938d5ba9e39f045b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"bc64a06c2d9b0540b19f7f3d6ce630dd15e886599177a0677d5c5a2662d4e596"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"5247c842d95dc8470aefc53ddf4ada63ebd40fe4305fa23031bf3ebad4ee78a6"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"7e66f4baf1d18ad6cfee5467ab380de726fae2049cb94f754e9e9a8783b0a5b9"}]},{"mode":2,"kemID":16,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"08fc3ed5e5e019a07abf59ccb5d887700cb39597315c68cea21e3872566fa0b3","seedS":"4938c3ad9e91da4812b9785cc621745d3942c59dfb5c69eff7074cbc1bae80b4","seedE":"f0e67ee793eb17e2d83c6c6013a2ea5abf8ce39df2ee20817253a453422cf292","skRm":"ba0a33b0e40081573692b0901e74330cdb88424587a9ea1863c097eb693cf5d0","skSm":"88314c83500eff1272c32fc1baa2530b6198907ed4cd369e474070e081840a8a","skEm":"d41b166370170b183e4872c13f2fc8af9c4624c52ed1ce0591c648de74f6f40e","pkRm":"04272c3a3ac43ef5d0a02fec7d768b5d02dcd61d3b8a74c807a7bf40fe36419b791934de29ed6d118ce56c31b806c475f78545ab8fbc96df89eb5fc5a6ea6c49e3","pkSm":"0456961db0f747197b31e724d612d02fce25285a822f27e33d3a80a05818e79f0279faf8e18e07406aa9af226e78fd5edf0416acdd24c016cde7a0f48b27124b78","pkEm":"04b1b108178f1a8452ad27e700b6abbd64275cca5874622ccb21fe3983b5200eed6dae796da4307ec4bbed5cb93a3fa911f8a7969fcf6c94b547f81ff91ee9dc68","enc":"04b1b108178f1a8452ad27e700b6abbd64275cca5874622ccb21fe3983b5200eed6dae796da4307ec4bbed5cb93a3fa911f8a7969fcf6c94b547f81ff91ee9dc68","zz":"d76be19dbf9d85271f749f2d48d106345816b6a3075753431041c1ae419500d2","keyScheduleContext":"02e0dcf00f27a233e6bc08a1289e07973ea4c6c2f9bd940420c2a5d088f5ab42c6a6681b21466f477ed6d484a65f575c97c76db906c1d59a3c077b833a271c5f1f","secret":"53f3bd7a851ee64688e82f4dc610c590b0dfc6c74b8f9ca111686f754104eb92","key":"77d7dbc6f09f8d2383b1f79cb42179de","nonce":"43b5709b9d143bbf988f465e","exporterSecret":"0b82772d4c0526df905e21d48f838cfe2fe7fa0d3cc2f28e422b63a794dcdc21","encryptions":[{"aad":"436f756e742d30","ciphertext":"3e6363671802325a9a84d6917e6a0960353dd2dbf41e295db6b534409a444037745c3b065a791684fc30ce93ef","nonce":"43b5709b9d143bbf988f465e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"a367b19b0c417b953f7784ec762990ce2b4b0f47493f2af9faaef67d84be5c78b81fad29494404441079227d71","nonce":"43b5709b9d143bbf988f465f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"d4d5255a94c76bc41f3e5702f85802f53d296ee6ae68a4d496618f4cfac3fe917f0f722a26f6131134e331e00e","nonce":"43b5709b9d143bbf988f465c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"a13f0848a77a491d11b715b3ae678fb409a3417bcf0028e79ed30af1b3695287a0227a55ae3925da0fb6a552f5","nonce":"43b5709b9d143bbf988f465d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c0ae22f898bc7f56e94c31cda758a650b82275925880d434b1aa4dd3d661b45e245378966e11b50da1b4c6c6ab","nonce":"43b5709b9d143bbf988f465a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"faa3390aa19a55008c00a3dba2e902690a969ed1e35bd1a3a0dc0c0f97866c6c87a3e37fdc4228ab4896c89761","nonce":"43b5709b9d143bbf988f465b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"bfcefa53173db0c3d802a21fec9d5436d4d57ec99afb1b15e4ec75f16a8f390493afd19857067a18f4ef438257","nonce":"43b5709b9d143bbf988f4658","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"280d24c054f5a4f5de1b69ec06924dfab3884a9ddb776be44f2931abfc64d90f3a9d3ae9a4ea8f0e943a72c208","nonce":"43b5709b9d143bbf988f4659","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"fdb1f01d801e8112b4a043ccdc699b1881b9828fe40aeeec285ded3fb989e5021bf8db33fd921f08290528d210","nonce":"43b5709b9d143bbf988f4656","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9f7ceaec91c836866ac6532867bd4d732e0b596590f50249382843b76457e8512907873de8866c829bf1a0f32e","nonce":"43b5709b9d143bbf988f4657","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1910799746fe2df85ae1ff10477c624cd151fbb5b60ff0ddb470799f5681672c"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a253b94a1227e33595468589dc197fd23f09a9eba1443f4b2a850fa78e8f9abf"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"27139e0ccdbe73ea3bbb88b5cb4b2c5f3025c85c50a19562241601aa2b9386a0"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e88ead328ad25edf6b61c54980efcab17d67c29e8b04cb7f07249f55cc52c867"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"04515c9cc92a7bbbc9a21d9b5c5d705671c007567ca643d1923e7777c538fa54"}]},{"mode":3,"kemID":16,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"a01ceec0728863d3c573ce7e465b5e34f2ac6257629fff6a045b6f31b8f2ff1b","seedS":"863ce961c760889834b34784cfe7cac608beeca3ec22f35e7253cb5cd873bc01","seedE":"a638ed4a0e82c55c98689a83bc4b0ed03b9aee31ddd3b13e025aa97cbf0517ba","skRm":"9d420b01b39aa5e364d07e8444d628d7ed0d706beec9dd6210193992d052a065","skSm":"5287d3a4a42615f9cbdd3d31c7d3f84edea866c00381c0432640912d21d36f53","skEm":"ea801b21f4e95f6328e112826a0315816fa8877329b1b563e648029522d1ed6e","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"043e807d018096ae973381ec56b2ca167bf6a5240e4c2ad356059963ef36466f1031b6abffbf32c8a77563f6ae97c4fcad997e7fdb6a6ada163a6ae67a5db1bb5d","pkSm":"0468aa3d41058942b955fe1d9c443793b32d78a883b1b12e261f2578edd40f224a6c384b787f12d62d6dce9db1d08a6c0d096fd60340afab4deda961cf498ee5df","pkEm":"0474f07529324c40599a765fbeea3f7f65c09da831463d11ce154fc41ff5317dae32266c7addec86c150f4679b799eb547e6edff592926322d01d2de0874fce293","enc":"0474f07529324c40599a765fbeea3f7f65c09da831463d11ce154fc41ff5317dae32266c7addec86c150f4679b799eb547e6edff592926322d01d2de0874fce293","zz":"c2d1d27c6833a7e02d206a74260e49bd9b09211eea39b1a3f6ffecbc8f29342a","keyScheduleContext":"0381ae34db4efb62b462aa17cb9d7a0b1986b1a404c76cf4bafe3dec690d5d97fea6681b21466f477ed6d484a65f575c97c76db906c1d59a3c077b833a271c5f1f","secret":"61e5daf3e0e4c4db3162a4cc5d990dd21cede0190174e2827b5d826e89505f59","key":"9ca74e9341d4d380fd8b57f03e2d5bd5","nonce":"ba8393b301c837f56441f54e","exporterSecret":"25b2a4eb11c9efe0b974d0bd69bac1690550769cbe152c576b82b391168b43f7","encryptions":[{"aad":"436f756e742d30","ciphertext":"26cecc37bb3b8628b5e3ae55aa252c4eac737c2248fc8645636f9f3c63f3303414accc963885d26a444146c96d","nonce":"ba8393b301c837f56441f54e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"0d7025d24c159ab7d63865085e5d8325d027481a862ec9ba46e0e46e081d060109bcfa0fe905f046d1eef59049","nonce":"ba8393b301c837f56441f54f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"ec2f30e4236ea44075ead7af40d443ae72d87df2434b4f8133de843c28dea90d06c1e0a7077c84ab3a98aadf4c","nonce":"ba8393b301c837f56441f54c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ae7f70435d869b4caaba852df3eefedb08fb57c03edf7f37c580f6d34d41be805bb207130c059d16df0a581b39","nonce":"ba8393b301c837f56441f54d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d405b7c8b38f94fd0a5b25b35dd530ed47340c2316dde471f60651f8dd5407701e90046e367ff31dab104ae77a","nonce":"ba8393b301c837f56441f54a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b48127cb5c6a8060c1053d610e257c9e3f82dbbc97a3b34c10a37f08c5ad20ad1f1ec9176ba31d9eecac911fe1","nonce":"ba8393b301c837f56441f54b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"62d38211ade1537f438210401aad80a34eacc421743a9dde1b94be4a35a71f2cb0aed028496c5eeee87ad1d0ac","nonce":"ba8393b301c837f56441f548","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"2a7572e31d318b90b436509355448e09e7cb2869d3d8e6d170c89e2220c4d39858d66eeff339a4b16563536a23","nonce":"ba8393b301c837f56441f549","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"0021abdd529ad0dad7d0f7108b41fc949fc3a0667a137770b752c907eff4e5494cc05b42bfea8536265c1dcc24","nonce":"ba8393b301c837f56441f546","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"21d5d6346ab48c2399a84aea7ea243adb1337ff1c227465d0358f46389ba91a13cbced83346bdd3eed9ab14287","nonce":"ba8393b301c837f56441f547","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"d7968834c95edf93ee47795c8ab872608ed118b239954e24d51cdf6484256647"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"09ce44ae8c0082b7ae6b34d79ef409f20b50e5a671c53e0bb8ac69ba12e446ae"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"ee15f5313aff2ecee83d0b50810ebd19c5d300b86b966da3e3450f05baf09013"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"8031c14197d2a958b61ab0eadb2ec01ce90b18f61927e72a6674a2eb056bdbbd"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"43231f6359cc9e89e4422a70d43a64dfbed03a836b5effb2e59265d50a5545ff"}]},{"mode":0,"kemID":16,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3fc28835c6358c14af667a64e8fdde21b65c429fab6bb4cdac1726c920a6705a","seedE":"15bfbbf2e5db9ff37143c5422055c0a9f06172b7e9ab96bfb97a158c31eed18f","skRm":"bf9cce5b6e47c87bcccf015cd86a44b506470640c3c5dd0445707d4f6fbfb776","skEm":"0d7c40d81e3f755208a43c612f284848c9b60f7978c061947fc1a2435d8a0ed7","pkRm":"0400fc204eb8aab36dcbc428f38cf4f25dd1e81561b9553cc9d8c0dce8692079e39a499578852aab32cdf9cdfcfbdef2b122d2dd84ea094d4a87a6f13512710f3e","pkEm":"04d7a264d4d2a0bb5cc65ecc04282974b21c3d314ef1abb8404a26e829cad5289c8b0c8858ff8988a6e2e6ac36d20e81e29ca3e50a76e7527eb36c37376172fb2a","enc":"04d7a264d4d2a0bb5cc65ecc04282974b21c3d314ef1abb8404a26e829cad5289c8b0c8858ff8988a6e2e6ac36d20e81e29ca3e50a76e7527eb36c37376172fb2a","zz":"b993ba6d26866b0b984c3f1c8f1c4c1cfb6a5157be9a0a8c29fb360529e658b8","keyScheduleContext":"0022292de1e395ea9d74dd6b69563421b959b173cf02c5181a02f826ed43bbd894d76245ed95140f8bb9496c973e21f10f7854b95e63373ee019a666ba2c75318c","secret":"522634fa4b7f451ba49f212e6b55ebc3e5af7f7c4afa37c127b4dd6ea54d513e","key":"294ee07f82a288bcbe4ca0fc250ff8cc9de3d2ef26458ed97ae13fa967cb57b8","nonce":"5aba591306aee5aa06b7e5df","exporterSecret":"f2da0cdc8c77c7bd4efd227b87be8f613fdc889b609c73aa609228385e798fb6","encryptions":[{"aad":"436f756e742d30","ciphertext":"60e7df16c489abe33fee3e42d7524481dd01268643833bdc05e68c15b9e8eb7ad1b8330d6f92372b2744e8553c","nonce":"5aba591306aee5aa06b7e5df","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"9d0f6f1677166423a81d8d793de06215ad8d30588172b055add149bb02a3b1ed20a83ad1dfcfdad573789adcdb","nonce":"5aba591306aee5aa06b7e5de","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7b1213c97e5b1ab93732fc0ad01f9f567e97a5c0e146a1b8d743e5df49b8fa055522c014d8051b492c2bd451fc","nonce":"5aba591306aee5aa06b7e5dd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b4e836ec145281c69d91b5ec5180e7660ff86028e87496b83ef3b6a80d4168b8517f1ae4662210aa1b9b2a1917","nonce":"5aba591306aee5aa06b7e5dc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c9fbe7f1c010f8edbf82905be2c5578b731fd1e9088f01d88a359822076ccb699113bf544853c4627bad0d50aa","nonce":"5aba591306aee5aa06b7e5db","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1962bd6ecbf65e4df72d1ad0a5ed6a86ac7d4037fe956119450ed6326ef3b4a04d63b7e849f4bd78fd81b7008d","nonce":"5aba591306aee5aa06b7e5da","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ac6c963bbacc6b6d0de19f5ec5712386e39fb200e758c6a9f6dd45619189898bc035d20c99315abfabd0f43f25","nonce":"5aba591306aee5aa06b7e5d9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"acea7b4856ccd86ad7265132de503ed1504fe9bee5e60274967709a73309d7e4028b6893809cafef31b3b70e62","nonce":"5aba591306aee5aa06b7e5d8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"eafd032be17f7687b157d06bca697f6921dced112bdbfb96384447fdca843bf5b5dcf201f77ed53b20829422f3","nonce":"5aba591306aee5aa06b7e5d7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"52fcb168bf3ed001bf2e115bf93f64dec797e29c20cc35668484bda7a601ae2f3240217a83f867e7b5c9907244","nonce":"5aba591306aee5aa06b7e5d6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"21b93f02414b072863d503e99688525582f7ab00e532c13f4a8d413b6c50d495"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9c8dbafe3880c4e6f6b7dc839ab1290318cac69692edc5f4daf9cc60a58f0faf"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"f22163270e550df868a9f0501a2e62240005a4afde3011bc2ace207eafc0e117"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"874490570376b644109b6e17351ec53655bacfcd1887a5380b18ad633dbf6d9d"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"43b95135170ced7ad7e362a3d9c4455da1107ca3f4e5feba82b4fd9ad801843b"}]},{"mode":1,"kemID":16,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"6fc07047e29dc091ac121de3a65d3676b995197aad7df458f73caa4f15fdd9c4","seedE":"1bb8bd0c8a9b554f56b2379665a8623954e154e685af7e257a87ba669697aefa","skRm":"2de89adccc16277604a2daaaa2b5789d9920dd20a55a6a07e4d5e791a22f8777","skEm":"31ff8fb96da5f044c8e572eac9b50e974803c48ed10c798642358bcde5a02942","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04d1145a32822109206efe59f460e074eb0a1e1c64f6e0047fbd742e8982a3af219d664525aefd1ae883f6b20ac9638af6e3755297fe482f8c75c539c5df46b7dd","pkEm":"0441ab4c2194bf5e54156097135630eb894c018a54f810444322ee74c6045ccca6a7715744fedb1670c8f49742666f29c66dd970d76531976e2b21ff7f10b2790a","enc":"0441ab4c2194bf5e54156097135630eb894c018a54f810444322ee74c6045ccca6a7715744fedb1670c8f49742666f29c66dd970d76531976e2b21ff7f10b2790a","zz":"37ad6f6e3e4c9901d69a2ece4e48f2ae14f08461f545dd8cfabe7f3476ff08ee","keyScheduleContext":"0149a639e59885c0c2ac77f931d86d30d5573eea1b44ff27606ccb9e8b49bedb2ad76245ed95140f8bb9496c973e21f10f7854b95e63373ee019a666ba2c75318c","secret":"4caa9417a93507d6e9ed97876ec0f86e98524a92f7cf197fe4d171d6f79f41af","key":"96a117518c9a525c501c5912de8940123a5eb75a193543ca43d5fdca6b3d1f1e","nonce":"303e565f9633de4922f4965b","exporterSecret":"2173035bbc2aafc7840152112aa7c0d2389d1829b22eada924bb6e6633df8260","encryptions":[{"aad":"436f756e742d30","ciphertext":"db2f333978763ed2576da1e2c32fde86ba9ad77379186ed3c8ccd031ae05521c0866639331f9752e48a72b509a","nonce":"303e565f9633de4922f4965b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ab922920a8b2e8fd578b24bd5b487127a579a1cb2c33b78d9d1303465053b0419591002fd8deef5cc8802be158","nonce":"303e565f9633de4922f4965a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"43cf6aa3e0b7ec2610ed42f9e6d83c2fac726d139d822c2db527754c92eca56d9ba17f7952175f627c9a59861d","nonce":"303e565f9633de4922f49659","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9a3f83399fe109ccb7ebb5a932f50957f3a20a0b562b5a942b4a83a51a6eae54f8e2b6f23f95c7f2a34fbf28e5","nonce":"303e565f9633de4922f49658","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"0a0ad83aad6a22fce071d8541f1e57f9b1b490a4e5b0e879a2ac7853c92cade128b6d31a522b552fdc0cde855e","nonce":"303e565f9633de4922f4965f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"a535fa1f286845564f03b910379ebc782f3a63e02513bfda309630d74df783aaa1f32ff55b706f6ef3ef084791","nonce":"303e565f9633de4922f4965e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"a39a3fec0409068f7f4076653a3e743fb423e29bd708e27d071378261dccb78a14768166da5e1a1b58c1e3a4e8","nonce":"303e565f9633de4922f4965d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"c4952d7ed8e62e0ac11888acd6e0e2be138cd63fdfbab9b0af8e993d203c70cd90cd8f59ea3da6d439f53dae86","nonce":"303e565f9633de4922f4965c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8d814aeb150d465eb131948b99fdb70c8e3e9c9659ed56902964dd72130989b3c2323177429b2ec9cc1ba592a6","nonce":"303e565f9633de4922f49653","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"d5b7869a3ab596003105309487c830f1639d4e659615cf4fa8d0aee2b69882a0ed3942e77111c1b340c9f0270d","nonce":"303e565f9633de4922f49652","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"a6fa562c091349840f6d1b5960561ca8e2b8610150fa56a9592eb414281ca6b0"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9695513f39110cab02822bc8bff5c0cc4794f5501c0ce84e922ec535c889cb48"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"f298f9ee56f04f935d4022eca5f35365736a5fc626c6dadd5a14417169d462b2"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"7ba835169c4d7793af2c1dc094d6f2ac8a97dee6bc1045c807cf3b8429581804"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e3206ed3229cfffeb91f72f89deab5cc248da2e56ce5617ed31d637b02276db5"}]},{"mode":2,"kemID":16,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"21fcaeb996ae33f149cec55f8cc3cbe6ca6ddb5adc42bc0270bb1a411fe4c980","seedS":"7010eab10870e73e93a9d44c85a872b6ed7596d951e04022669ec23dd6aeb51c","seedE":"126a57a60653ccecac44dc9c5ac90e4e221b46d8ec3cd774d4988507324a6e39","skRm":"06659b9f357e0b93c7ab137b048263dd54afb0d00820d941e55cef5f1a435e55","skSm":"921b2d6ac50ef16e1ecc48ac71ec5517ae42076f33bcc33abdf1fb00d8e232d8","skEm":"a98f66e051e72ea5840a01b053449cf3112e85106f2281b57573451160dbbeeb","pkRm":"04156d7a13c33d6e4bff2befdf53cba69dc16b504a30bb40facbff9207fb9edf19baa6ffd7837b94b370234c597c70a8ca260649cab6f52b48ea127ae09f5b113b","pkSm":"044fb674b5f79bef7ed061babfd59523e599498106db25aec226030bcac77dc869faa4e4c492f1055c5f85d3873adc3be6bd9c25b1621568295f1572aa08655902","pkEm":"0433d24b1104f8942765c1176386c708e50349f7cce532b76b300f754eb6e6fa6516d7e870df5f3d2fc339ef3acbdfd6e440b0bea106c087f26e12a6728270d3e0","enc":"0433d24b1104f8942765c1176386c708e50349f7cce532b76b300f754eb6e6fa6516d7e870df5f3d2fc339ef3acbdfd6e440b0bea106c087f26e12a6728270d3e0","zz":"c6492e73ad6ec18d05f17bd62be8bcbf48fed700b8442909a4f05ee7694b7894","keyScheduleContext":"0222292de1e395ea9d74dd6b69563421b959b173cf02c5181a02f826ed43bbd894d76245ed95140f8bb9496c973e21f10f7854b95e63373ee019a666ba2c75318c","secret":"aa14c3f13aca763f745abc1e1935e8702423c63b34fcbb7a89e3737b75bc9f15","key":"96e00ecdc637c02e9933bfe81250e423059fb498542fecb6cbcd3ef317a32d48","nonce":"44d213ec799f975d7b76337e","exporterSecret":"8e7ac10053d71a204961988381b83ba6cecaf5b38613a447e5b3fdc1713d9a43","encryptions":[{"aad":"436f756e742d30","ciphertext":"7053b878f6c6581b8edaedc86d035f7b9dbf9c7fd47fe1bf327f84d35c9368782769cc536995aa6cca32dbc945","nonce":"44d213ec799f975d7b76337e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"32b7cd0ed4403b7ca95eafa992e10d78446300fcffe47637d87b8b25cba6ff5e23860f5478438c35591072a0cb","nonce":"44d213ec799f975d7b76337f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"aa2b44052305dce229072c7039e99811e34766cc373eef834553622f83f770e11bbc5b12d5b4e86f8c9f2f8dac","nonce":"44d213ec799f975d7b76337c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"26024c9333a5016d9ab65122ce77dbfeca2edf06520a6084700ec2e34c9c5938a053792d1b47b606ae46437b51","nonce":"44d213ec799f975d7b76337d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"f85440864596f271cbb62d9a42e0233a30399cbc5b0b70541554ebc126becf1a460857194eba80d43c3cf830d1","nonce":"44d213ec799f975d7b76337a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d97348373faca415861f944ef259f58149f8e460a8f22d030a318e53dacee8538a7e6720b27edc1c553374d314","nonce":"44d213ec799f975d7b76337b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"6da06eef053a8bf3cf216787d52c37459a34d476a0b73e2379bf3975314556ccf71a244f5457ef40aacdf75cad","nonce":"44d213ec799f975d7b763378","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e7bfbdc0e5fc0c08504d78ddcb048f09b3cb931e0bfd4ab56740de24c566d22bfa93381a1d467ae21591573576","nonce":"44d213ec799f975d7b763379","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"b72c8b385eb20b348f992cc23c95eac8f6959fc14daf87c49390c00f2e91699d271b982d2c9163502486ccf176","nonce":"44d213ec799f975d7b763376","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"83e1f42d8b75a48acfb876aab6ea0e7a2f87ac3e3bb0eaba88f55e7e55a73834fa358a7d240a00a0af8f3b4bc8","nonce":"44d213ec799f975d7b763377","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"168f2889bc25f4dfd523fdf48a060efab391398c285ecacf0c5056f88e035678"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9e87b0aa3d138bca254282c5c774176a8f4080f880cccbd91c01cf259f58d525"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"f7f3ddc87665ce38ea033f8b10c75e8c2d55f45f629ac163d84b6b204b0c0124"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"0d2e531f47085ccbb974f371a237f352412058bbd089b8585da38516809f5d06"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"9732dd08fcca082be845ba6811da75253dbb349598d1674d81c14232b29dcc27"}]},{"mode":3,"kemID":16,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"19bc4b51f7cf31052f53060a96162ffb35a16ee4ecb4ae27a8c530a1121a0e06","seedS":"82e708b3291401c8265a3e32fa8b0605dec7ff464ee1ac9fa97e2e3db4b143bd","seedE":"d4d5d3913b488e7404679591e29502eccdb26b2e6af869ded2a6548f0ea1af8c","skRm":"db78b3c28a82d60bfb5f9793464876b25c82645a01cc5230e69bf3a9563bf89b","skSm":"5e41187022de8d2b917ebcbab4733eea52ef3935cf93cde0f2443fcea0d62ad5","skEm":"4879fee5971065221f34e8355742637cc56123ff1d8f059506e15b7395debb0a","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"048c4cb880a9465fe73e577a051bcddf718d0edf1c0af870aa025db7c49ef9068350ba3ac9fd6dcbe42b76fa7fd9dbdcbf1a52573aeaad0bcf48aefb930e3c962e","pkSm":"04507448f0f9f8e7a5e6ef5e36c561b8ffff2d29029ca68a550d4d35004e4a8e6f66f44b23418b7570f1c2066f4a281f6640b55809cb983d7aaa14e3950ae6d38c","pkEm":"04b9409eb2c562a74cb94850eeab590fd637b56f19f980b4c920b54ff2e1081a82a57427158112934cdb9be4b4519a2fbeae22262cf0040b0f52e0c3e3cdc90b83","enc":"04b9409eb2c562a74cb94850eeab590fd637b56f19f980b4c920b54ff2e1081a82a57427158112934cdb9be4b4519a2fbeae22262cf0040b0f52e0c3e3cdc90b83","zz":"4444bb09021ccab9b8d9634c4d93229c12951d56aae2a1c94bfa03b65dc6b8f9","keyScheduleContext":"0349a639e59885c0c2ac77f931d86d30d5573eea1b44ff27606ccb9e8b49bedb2ad76245ed95140f8bb9496c973e21f10f7854b95e63373ee019a666ba2c75318c","secret":"4090af92bc19378cb64b9e852fe4c3e766480990af56ebdb74e5d6467f8c2a30","key":"118468c4876f60f36612ae56cba9c12773f6a42b0d4613531ba1adb9e3285048","nonce":"425e16fef6a16bd00bfa9aba","exporterSecret":"4c4b9340063797e8f2b929ff4c6f6a766fe1ab0c3dfe17ac4f0cc5211aff1dcc","encryptions":[{"aad":"436f756e742d30","ciphertext":"6f3e2fe4e51260ff11842d064d617345dd57cdcebab951212f501808edaa8862244cffd108b217bd6238cd9c4d","nonce":"425e16fef6a16bd00bfa9aba","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"8d3ca4f6dd93d4097fef4c3ca4bc3c4352c913ad028bffea6b1460be188d79c0db3c9fa9e7b1f8e7eb268e8954","nonce":"425e16fef6a16bd00bfa9abb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"c483a832b466a1397036421d7797e3e39627126e26565d1d007d49742b1d5fb07afd4cefeb997168f14c76c37a","nonce":"425e16fef6a16bd00bfa9ab8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"3fafb7155e9ae1064641a9e4cadf85176006423a5e64fba7f4797e0c9a973db2610e0c57f4049bebac2c7e3f9e","nonce":"425e16fef6a16bd00bfa9ab9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"a6f1bd5f881398180c04b3405b5e57819d9bf48cefa4c76321f2ad8d3020a8750b8751d3b1166845c09ffb7d52","nonce":"425e16fef6a16bd00bfa9abe","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"9721ef3e49c221a6b1d40708e4dcae6bb7cf8e100a83b62bac1c4da36d76228274b4106837f11fc912e4fcc860","nonce":"425e16fef6a16bd00bfa9abf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"760d7d3ecfc1b76c804964d09bd4bb214b05553263eb07b197d6614753f84cbf45168893a3a11037683c14a2fa","nonce":"425e16fef6a16bd00bfa9abc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"61e43f34a306228866b686749f6cc5da3a0fcb9f99937889fed4070d13cd8eb669fc46f6304392c18f01c6170a","nonce":"425e16fef6a16bd00bfa9abd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"b490797dbe8e58ebcf2529132c1a6e6162f6038f89ede56e947b40e8b7c173988f62ad0620106fc90312b34e2c","nonce":"425e16fef6a16bd00bfa9ab2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9a1180c82dde07495c1a8018478d8a2903b06e6c3a31a3a4f3d4d1f1d98945eb1a6ca556e4b247ae567eab0c0a","nonce":"425e16fef6a16bd00bfa9ab3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e7cd40be63f705cf0deffa42a21027aa594f86ba2a545da1475862f34967f7cc"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"00f6b02ea03b2c5d73e6f354bd1cd511f3fdecd5fbd304f22c154c46a50010b4"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0fb432a56ab7c2b1599b3d58824f81ba6e76a90f5156ef84f7a036f7fe14ed87"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e492dc2e6ee1e839b8dadbb0f559f3ad90c720f759ddf9c4bcb18cc5bb7b98ea"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"4658b7c8e95a717840d55d0b36f960f0afee3ee6fe0f3ceddeffc3702522fbf9"}]},{"mode":0,"kemID":16,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b8cf55fff54a44eb4cf6f951e580405c03f72aade8474e8b6e86a7118d3f1342","seedE":"859c4d4661cfccf02e8c4b75abde884bb08dbcc318b2e56acc4f595b81704753","skRm":"e1ddeb890f47d37df5ab42e09d10e3dbe8a07a7a65e21843e6d46997e1cd6c1b","skEm":"d0afb2bc6fe1537feaa0e699e53cd3803de978a88adaee434b7c49294c6fcd32","pkRm":"0403182ee491b92dd763585075bbe14ebca251fb8e7c466e53c0d99e03acb7550ade27f7a11dd99d456bfad8c30e94a9da7121accaaca356cc637aa64cc2d0d9c1","pkEm":"04cfe80978baabb7b767255d3a196feffc4a77e7b09b45c19ee49d947c5036e33a254124d6f89d3d9368c42a38f3d0baa6bbdbb84b22406f5b1395e34d08602d33","enc":"04cfe80978baabb7b767255d3a196feffc4a77e7b09b45c19ee49d947c5036e33a254124d6f89d3d9368c42a38f3d0baa6bbdbb84b22406f5b1395e34d08602d33","zz":"8c59704a49eaf34699eb27b5016fc888b4be693890dbbad2b56545a968828b70","keyScheduleContext":"00e8c0e7b7e1350f45ba50f2fd8fb2e9bea10d5bd28e9cb917c3adae0b6f8b19eee61cf47a1398afb2012077e2fafa0cf228d64ab9f22b63b07fb3896a495ce272","secret":"6229f2fd32e867b396a36f9ff548086f4915ddaa7628cb1af6fade352d7cf6ca","key":"38b214d8ebea4305d2ead33e169596228eb067147dc261816f952b33062f12c3","nonce":"bf35a7db7279cd71b8664309","exporterSecret":"889d607ea5a873eadb3468063c554ad2ab5afe9ae6ae65559b51fbf2dbdc7c1f","encryptions":[{"aad":"436f756e742d30","ciphertext":"658d3427e21bc7fba87cc10fd26a235e526eec111b805c16ba985359b91029f8c8acc022ddd16265d981e8b452","nonce":"bf35a7db7279cd71b8664309","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"5fc0be104d84a79c0b853c5dfd1273b24741165446617e99356179c968aabb0094ab5d5bdda3d9fe8e5cf763a3","nonce":"bf35a7db7279cd71b8664308","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0125ccecd83a0f97fe18fcbef9ff3dd229b199f2e9aa15d649299f4719494910c6213f3ca12b4a684c36955866","nonce":"bf35a7db7279cd71b866430b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d0f14e0eb2d0cacd9bdfe71265e3de53c5bc8c45d9503545f7e4d7aaee685bf3efc2b642e2a9da877b3e1ab60e","nonce":"bf35a7db7279cd71b866430a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5cc5dce6cb7858be2bd6f35443a006ffd527a03d13b39fe43242f6ec72e675b929efdf2c39caa989adeda00ed3","nonce":"bf35a7db7279cd71b866430d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d3f681017cde45618d70376f49afad398af85083fb4a1d9c95eb2eaf1b2feb7cadd4ad7e2aefccb5071b992539","nonce":"bf35a7db7279cd71b866430c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"8c7829f126c3f3bfe9a4f74de21ecf71d407802443c52deb1158e75d165f13b261b1681baf07d1012d4a80bd8c","nonce":"bf35a7db7279cd71b866430f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"9be6a8931e0beb7910f8b6a4c16dd173240802cd3e7ae07c5f69f66f90ed00ce139f9b01835254c62a167dc010","nonce":"bf35a7db7279cd71b866430e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"4f1b353f157d04f59bdeef7eec5dbbf7277f7a9551f42b3af81a3cb45227d870cdc4cb6923730253710299f70b","nonce":"bf35a7db7279cd71b8664301","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"cb624a8f7559fabf4ef2837c8ea464b1f07e64092429e657346b5415fa7c41a6dc35fecf2d93b8946c2ff31af3","nonce":"bf35a7db7279cd71b8664300","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e3dce03ccf722ea3ed13a494ea0e873a68c8985dd1eca23f79171a48834fb2d6"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"3728292af7600e4f81d966580ea205cdac027a9338b0805cc0eebc7afda85676"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"747b96352e13336f55ddb1802b62cf02584f6c35e37773bfcb75c25dc848ca05"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"262c1dc11a12635cadb1d23b30ed08d5d8bcbd15292cdb0bfe86daf4ef7835ea"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"48da19f891452dde87ef9c7c60a1d39d3be76725a543880ab90428896b8abe42"}]},{"mode":1,"kemID":16,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"e247b41b5f35fcc6b8eee0c045903e3501c4435e61b9495121c4d806a5535af8","seedE":"4d20e125e23418fdd9fed2377a109823d62696a7ac538097d6ff9cde7333b8ca","skRm":"f2c42be5b9d94619d1986aefa857b0576baabd041678602598d98746d9c2bbf9","skEm":"0cb07eff0577caa07edbe6418cd32cfafa015666f6062501f0bb023d8b80ac3f","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04dcfc4d475199822b979f529886d44b14cbaec4ecb39ec1976456e3d405d54c36630d46f4ff2590d4c6d2394294371707a9355e81bcaf01318366a402e8eb3caa","pkEm":"0486c02a28ac70f3ac99cc9476bd097839bf46068a63707972eb5e0a08a461f5841e3051021735d371ab16674af4ada3eb4931d3b160b9e01068588c3d932c06c7","enc":"0486c02a28ac70f3ac99cc9476bd097839bf46068a63707972eb5e0a08a461f5841e3051021735d371ab16674af4ada3eb4931d3b160b9e01068588c3d932c06c7","zz":"532f0da9ee52441d9541d69fe3733b5e9bbf4614702ccfb37f2481cbf5d12fd1","keyScheduleContext":"018713a4542d222c26d332326846e339b2247a082724788524ff6a4eb9dbc23a79e61cf47a1398afb2012077e2fafa0cf228d64ab9f22b63b07fb3896a495ce272","secret":"5c38cceddbff3fbed605e22c8ae2b55eda874384f224f8321f0e0d4dfadc61fa","key":"17d653b3702094cb983571257564514eca6de37bc6d7dc94bfabc885461c54f9","nonce":"7af011ab27644b86060082ed","exporterSecret":"8a13a35e5f65fe72b9e44b1ab313acbb8ce33d140fd6d67f5783f96b2a06cea8","encryptions":[{"aad":"436f756e742d30","ciphertext":"5f3a98cf297dea317c9c46a5ca99d449ce1b37b949f20859b776b652b012ec2306c11377a3a7e9b638693504d9","nonce":"7af011ab27644b86060082ed","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d7f76140fc09e177d2e69e79ae3b8cb8fbebb9aea64afe03f0e540c74e3f056e8d8883fe3b4571570650fcee12","nonce":"7af011ab27644b86060082ec","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"635028bfd49d41f6bbb32305b9e4b04ba9586d2a8f9f1a7f69635dffc82af7d3bf243cee2995b992b8fde9ffd4","nonce":"7af011ab27644b86060082ef","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b07d5f404abde6f0c5813794c4c15975ae69196d559e0b756933521bfcbe177a007d8213e0385b27114061f524","nonce":"7af011ab27644b86060082ee","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2b16063b4995efb0fb4e594bbccee4c056db445a5b8a781a6b15cef76790e0bcfe907aaafe8aedb047dff8fbc9","nonce":"7af011ab27644b86060082e9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"0e09800706237d940beb13f8783f7a70bccb182bb1ab0359b2fb644a779b66069b19febe99f8d5461c4f99293c","nonce":"7af011ab27644b86060082e8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"3603985f08e6250a4b7e3cdb9c1a8a9687ff67daf7e7bde2340a9df52896e729e12e4d517a78a7427ce48d42ff","nonce":"7af011ab27644b86060082eb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"b02b692f80e91a5961f6a13e0d00201d2aefe467c31dd4abd4671f835100cebbcaa5366c7d460075ef04cd8476","nonce":"7af011ab27644b86060082ea","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"de2678d8c95ceb2225cc91dd334533806131e00df8bb01c555126014adcdfb915c0678d19ff6934bf75f6721cb","nonce":"7af011ab27644b86060082e5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"77fe32facf3c440721dde73d59da95eee20b401b721ef6357c37f9722a59ddae92803c61a916fc916fdf257402","nonce":"7af011ab27644b86060082e4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"8fa3a96428a242a2faa65f40272de3731952041cbb9485a731192073095e184d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"894ec2b8a321cbe17c5032592f1f0a23ab6af673689a49d47c90e3f3e8df1f98"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"926d91f3481137757267004f39af8f5662cdcfbe123123a375f4a9b89ed639fc"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"de096242de50659d386f440f9765caca606c02e75b8ad99ab86bdb10cf8e0755"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"35d9d008df26904758ae167a2beab8fe78fe3bfb99ab8bec34a924c0d75244b1"}]},{"mode":2,"kemID":16,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"effd0c0e02a3b9149a07708efadd52e6239f3d15867e3dbec69963fff77f48fe","seedS":"e8af7d29c6da474f3815e9061851fa2651b00898870000ff27ec373d4117d8a7","seedE":"60c8ac4057df119fd55487fde761fa1582f98e4293c0a2834bc818d270570ef0","skRm":"0371977c0427af606d987728d34fec4b2732cdb12e4880344ae41f1dafcbb1ed","skSm":"a12e9c979843ac49cef8b53435c1c00f14ce0592d07e4500a4ddbd85ad622d85","skEm":"501211b680e72820e051d81bd54ce993431b6b88b4da25d25f3b8fa613444fbc","pkRm":"04920e56712f2fcf2ac209f4bf842d29d44f1bdd5d153a7803d107da72f7922b2b1312a43d8e9a3caa38c121abc5340a3012b9c514cf7f2ce22df86b68e4f7b2b7","pkSm":"04d50685d1b3e5e2df964fad40cdecb7338a0bbda59c6eaea258a79cec57f46a436bf3cb1c6b57d1324e705a92c49e38f181663e5aa87cef5c6ace0aa9cf8677d4","pkEm":"0423653686046168ece7a52b8ae90b4759e98ae2d562b9b4f5bd9d67c037a4954124d84fa4074bd1823a4bd1967b90fcaa64a301edfce48c46b7850e64a4104a3c","enc":"0423653686046168ece7a52b8ae90b4759e98ae2d562b9b4f5bd9d67c037a4954124d84fa4074bd1823a4bd1967b90fcaa64a301edfce48c46b7850e64a4104a3c","zz":"2b22a14ffb954acb4a2d366c318918026de11141d5ee55f1c3bbab843f156268","keyScheduleContext":"02e8c0e7b7e1350f45ba50f2fd8fb2e9bea10d5bd28e9cb917c3adae0b6f8b19eee61cf47a1398afb2012077e2fafa0cf228d64ab9f22b63b07fb3896a495ce272","secret":"a8d835b8b556ff5fa0e096868307b358d6b9e53f646d8fe2070b6fb8f606b420","key":"a09e54a17cf1db07f2ab0788f8440f6d978796d087ea008cefe9a9ed22ee9a2d","nonce":"fb4a23c48fa7e685a7d6e76a","exporterSecret":"106b5404cb13e19335c0c875ac2f080d4ddf83e87fab0e69742591d2c771171c","encryptions":[{"aad":"436f756e742d30","ciphertext":"e01296706f40181f5538c977cb61c83fc3cabffc02aa855b5e4f26a1f151c0f28c6f7531bd9df252adf77c6a7a","nonce":"fb4a23c48fa7e685a7d6e76a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"01b86de4080d828e02e3e05273cd06d9e27dc506f313fba1def09d2b3a3b3591ac1260f6fb100c32d875445c45","nonce":"fb4a23c48fa7e685a7d6e76b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"96ad1ea7d9baade04e9e10afc70c23e11c246be80e3a6b83403ff0e6ca6090054f6c0e7740d6ced45560b94eb8","nonce":"fb4a23c48fa7e685a7d6e768","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d07cc4e696c518eb2e8202eee79d6c19d56bb8fa473b93c5ec5a869649a2a45e10532ad2f2ac57ef711968695d","nonce":"fb4a23c48fa7e685a7d6e769","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"02f60d81bed2d51acd6b28d903e17ba7c6b7267953137b119dd4ecaa6f827f5ddb65fc16a6940aabb8e7a42313","nonce":"fb4a23c48fa7e685a7d6e76e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d1745ecfa642c7be457777b86f74b6fc18766e144e83dc02d87112b69e117c88b1620943e0e6606dfbf317b36d","nonce":"fb4a23c48fa7e685a7d6e76f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"305803b6aa77d835335f661169cb5523bd17d6c7ad0035723b980344d238af8ff9328aadc2ebef233761f2c673","nonce":"fb4a23c48fa7e685a7d6e76c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"6c83970f2d9fcd81927a1f0f629357235ad7007c8324b12cc40bfdcd1593b8e59adc58c5245f2df5787b844923","nonce":"fb4a23c48fa7e685a7d6e76d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8fafad07e9128d393b9d41f1d4c646a0c147f8008361c284aaa305205e500448369c4bdac02703cb4751231319","nonce":"fb4a23c48fa7e685a7d6e762","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"7366941ffab930c766c981430859619e6084d288bb597a1aa28551bcdbfbe06325652095d651d43e9126cb03e5","nonce":"fb4a23c48fa7e685a7d6e763","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e856031b050ccdbdba8acab9fc1607ecdcbe1fb4d847d6f9e066346545315968"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f900b8b8ff49cf6bffbb75932830311b80461759ba9b281c21766c850ef5b595"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0ec686402cd4e6661f2e2498f544bc6a284305e46f3ef520ec89a235258562d1"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ab2d8dc5dad3e3ce5c1a95fc6cb6b771d2321c398ea16c6320c5416867eea5d5"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ac23052c271ae28aba8b015190f6722a21577379a42b45f51f8bb2428c099d92"}]},{"mode":3,"kemID":16,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b8ee6bf7de2ba6fa4b1e17c3b4c7d1c4473efd04dedb57b51fc16da70e8bc694","seedS":"07906968002ca42b7e020ed5688888d6d39adf28bfce6e1676040867a44e30d2","seedE":"988b9b7057d1231fbde4335f3bbcdcdac6eec0aa47809bf44e21bc7eada1e9cd","skRm":"79824807ea8ec488adf71cebfc942499656daf84b1b813958d3dcedd14ae9e76","skSm":"e298a327cb011cfe01a18aec7144ecf017ef558de65e2f37f0519f5ce55cd8bb","skEm":"3b1b91da8f715f7f2930dda670cf4c0249460146175f226eae4757ec78e27b98","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"049f73853a74526498c76eb581272bee811face7aad80fae58a38d8003daeff0c118bcdbf43914f58ad4925be713c7c714e549fc36c7eea9ef5c399d1566fb32a1","pkSm":"048d180fb853deb154e567e6b29f9c7e9ed61c43f1e955343c01eff2efd299529f4e1b937088ad52af3fe238371b86785c6404b60b2b1b6f2836afd228ebd0e8b7","pkEm":"04e07278d6acc2d11873fe0810c6fb2f428e10271b57b9fdfbd0d1f33add904fb16753627b77df60b730bf50577d8c1d6402fbd4abc5c46a84dd8f27cc328c1e7c","enc":"04e07278d6acc2d11873fe0810c6fb2f428e10271b57b9fdfbd0d1f33add904fb16753627b77df60b730bf50577d8c1d6402fbd4abc5c46a84dd8f27cc328c1e7c","zz":"80fe17e2d0a6fd7de53fae4ce3c7fd8f98f31909e0467dd8818b0e2fe8fb86f2","keyScheduleContext":"038713a4542d222c26d332326846e339b2247a082724788524ff6a4eb9dbc23a79e61cf47a1398afb2012077e2fafa0cf228d64ab9f22b63b07fb3896a495ce272","secret":"b9ffe6a3945361e1f03be9d00f3126a95cd34b6fd7c2ef5d382cad859010c6ff","key":"c6f8a68c636353a02efd5163e4d643d3e8860a15096166c9e4a9794805dafa3f","nonce":"0825f842847edabba2b83b54","exporterSecret":"5e70f200d85c466fc8088c6362273190b7c30cdd545bed8f4905ada80982d704","encryptions":[{"aad":"436f756e742d30","ciphertext":"6f1b2bd7b94fc1eb19ceca585094e19de6b0c78d4a7e5ad6f338119cfdcfba48adef480e3768032e4daf56f1a7","nonce":"0825f842847edabba2b83b54","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"6d0b86549862cb8d400425e924cc30b2121f5cfcc02c8fc9eca04b15e53412edf811e2d15b2ed6601e73769a3e","nonce":"0825f842847edabba2b83b55","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b3b2ee91f84de1be1db778227b49ebcd5226b9eab55b9b4eab73cb3214d02ee798e90b86d47d1becb30586130e","nonce":"0825f842847edabba2b83b56","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"435df053b8edc227570e324b96c88cc3c4a13cd948a160716fd964c04b2ef7baa9e4e9290108e956c96baa5142","nonce":"0825f842847edabba2b83b57","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"0eeffe74e03f6c1d4fdcbc84bdacb1ccea00ee2b139c5bd2f27b8870524e39d9e428fa45a56eb87c4b7dd6f76b","nonce":"0825f842847edabba2b83b50","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"841e478241e10f48decefaa62b6c7c29264dec59b3e5436f9bf7458369455c867bbc231fd12a3ed2e32c597797","nonce":"0825f842847edabba2b83b51","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"0a9bcf04f706ba32ace825f40f37771322ea33969afeca4d1041d4a012abfc7e6f78d012d5d771142bbf72ff0c","nonce":"0825f842847edabba2b83b52","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"14b4144c71a2e4323bfcd56c01c209f72156ed20311fca72a3a63c6ab8a083080dcea5143bdde94939781a5c09","nonce":"0825f842847edabba2b83b53","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5475c4bdb18073b8f489785d73f0f2d4d25672d0ab4017c53ad933f0bc26de595c5d8bb43b21c676c9c8f77159","nonce":"0825f842847edabba2b83b5c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e5e0f576701b8193147cb5488d97ce7a125f1a0bd4dd9632dfcd0212a563ab7241475e189540518e4d286589d8","nonce":"0825f842847edabba2b83b5d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f575239cdc76dcc010f7af0ceee4fb29632d69650995a2958d89d28a77684f4d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4d63713eef29fe9341aaa762b926536b7ce0940dcff89bf3bf66444dec2edba1"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"64e5848db27a605448c67360b9dd4282360d43501f9447d613460a7aa9f6de0a"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"d7f504e7e9c25557733cf1fccfd6469ac8c4e886a23cedeab2dfd76ef1964607"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"4194b2f0bfb4e278016251bcc95487475bb678404bbaacdeb46438c917de068b"}]},{"mode":0,"kemID":16,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3e6989036e77d0558fa75a6576627dc007d8edd2cccd5c740add86f6e99c20cd","seedE":"d939e84813ae98d59266f1c7081993a6c8cdaeb54c316b8dc589fe1bc6136a4e","skRm":"370b1529bec509ab610781c4fb68f3cfe593fc4ef911d65052dd37ae33cd89c4","skEm":"9328773b640b71507b822f7e62b6f91ad556a23eea3e5c0303ce474439517a9e","pkRm":"040757d70703181908fe2bf1dc7a348510e3fe5fe9c6b6f6d4324a16d6699fd94742ad00760be59bb1251683aeb6b7319c18739b6fc18365e84c49370e04a76809","pkEm":"04ae189ee3ce43ddef10dfc3624d3737982c823050ad9b6fa46b5b4d3cb1098801fea7f8e3602d63eff6fe52df6f306dc63081da8534c55e4789ed0a6a0bcbbb41","enc":"04ae189ee3ce43ddef10dfc3624d3737982c823050ad9b6fa46b5b4d3cb1098801fea7f8e3602d63eff6fe52df6f306dc63081da8534c55e4789ed0a6a0bcbbb41","zz":"8fc302fea08b164d6dfd910b80df7438f303f4de09583cfad7d8abe106004617","keyScheduleContext":"00abd88abcae4d2699e5a3ca4de95539e53837460d423028afdd5348e6bfdc6d6085a04fc074868e0e70c9e3ca4d2ec11c1c22fa8b8057328fa8c857cd1ea5c52860d548824e2c7f8ca19ca3ac1ecb906bafeada3fb5081476ae7c4c13c8a230ea91ebb2ca7bc2c58f5ce466d049f20dd1cfd09043cdcd3ba0aeebd5693adb68f2","secret":"6040d5829424d75816e221252d3434c3790ccd301f4c7ee95fb7d9eaa3c6d1cea1cc0d3f43d27a1b6e1c22a8ab66595758ef4083972ff31c483870cce7a3485f","key":"30d29b09f1a05b2ff6db6ba05cda6e59","nonce":"7d23240ba70f43d4cf5eb7fa","exporterSecret":"d780b1d8921704c69fa40cf460acd5aa0f127a6e9fe9b8b385a8992f5d0d381a860f7b198fda18b57da4afe71d155ace5d0832474870e8f7aa5c22903bc319e3","encryptions":[{"aad":"436f756e742d30","ciphertext":"eb38ab32939bac76c001ca624fd85429212d8f4ad171cb7d81baab739d49932f4863020705f30e2f4f8815cbcf","nonce":"7d23240ba70f43d4cf5eb7fa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d4a65024e1e3ed4a5b731275083ed16a9329f38629767f2f7b549df771515d7bed754fe9086df3999ce61df4ba","nonce":"7d23240ba70f43d4cf5eb7fb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"86519eb5a8fc9e19e5851d31895764aebf78b75c703251507fe3cda301c4ec2c6be2a6879510ff13074a4ff0b6","nonce":"7d23240ba70f43d4cf5eb7f8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"7bfe4da4b72056186b15986c829f9a3c9f6e4decb3cf3d4d68a2d21d035e04b3e974f839d0be7885615d276669","nonce":"7d23240ba70f43d4cf5eb7f9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b0254170e087ac3c47a66bb183218153ccdccaa45f00c4979486fb240eb3a9ba57655fba9f7696c5521ab69c7b","nonce":"7d23240ba70f43d4cf5eb7fe","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"162d5bf68f244c540ca3379b04f838c5492f2fc46f637a7063e99d962a8d116cd41cea8ae282b4b0b61d53e1f3","nonce":"7d23240ba70f43d4cf5eb7ff","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"f5a778510667ec14621c4234d4e0b4a156057fb2abc3e63c286d499a2d69b4776cfc569d0d0d0f0f31fa546a13","nonce":"7d23240ba70f43d4cf5eb7fc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"88ee8789dd770a5f44189f64657babd187392fd7d7216f55ffe1ccc01d0650e7fa2ba8e9ef247a7d6eee55edd8","nonce":"7d23240ba70f43d4cf5eb7fd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"194080e42e26c88d382deca35f12969a324f70c7f898e6936d9f5f5a3ecf5c5a46cc746c6703d7a429b6f5b4c4","nonce":"7d23240ba70f43d4cf5eb7f2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e22cf796f9f13ab2b5e065e6a9b502823345560a67f0a8401b53db9a4974266f75c6f31f92ca38aaafd4400ead","nonce":"7d23240ba70f43d4cf5eb7f3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"7f2570513de0149a89b10e18fc59c481e435fe413f1cab273c76e95f2d4ead90"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"64a6deb1e75de1ef25da1dcc2312546a2d38c638545241a79c5d8946d7b16166"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1dd73d57c34a188a1f2c6e08442b8aa708f83b15676f38fbf39a03b9830f5288"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e99b3e820671ad48b0497540cc9eafa07c97ab4e29d391a7454b9fef91bb006f"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"2375ba517898ae83458136eb1a08e4c6702a4f1086518889a619e6fd2f5fc843"}]},{"mode":1,"kemID":16,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"5291a1cc6288175975fb5b515c622a7902fd1015b689f300faae4a14f19d0f1c","seedE":"1dec8fcfc067644ab259502398c5040e799cc5ddf6f8531f85964c09b3ff8e5c","skRm":"b74cd5d11fdfe86389b6d53ff4cf94de3e1463543e088f8e85a3bc35303a34d6","skEm":"26926f110669d4b22789fbe474ac1c78c1d6a96402652edefa0a5dd9f257d9f5","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"041da0b6f466294dbe9a94e8fc83241528c2f44efeede245d155b291fcfcb55262b8af9f23600128d5b75a48591f8b5b2f6e7324a512614b420b28d8d0370a36e3","pkEm":"04c58697f83fa52c26ca1677b1d6834759250b2df244c0ddc0405aec823f40ab88bb3bdec551a5dff75ffc4e68afea289c5f86e143da2a9f7287a541e487176f70","enc":"04c58697f83fa52c26ca1677b1d6834759250b2df244c0ddc0405aec823f40ab88bb3bdec551a5dff75ffc4e68afea289c5f86e143da2a9f7287a541e487176f70","zz":"112c7836ca5b77c6ea9f4e32193f4ce57bc466002d1eaceff887a39ba4e4023b","keyScheduleContext":"01e8343773236a54e26b7ff0893a27417760ece2a634789921c319887f06a1a0b285deb7c839be8ee619962df67af85550255e2388934c22561bafeafb36905c6e60d548824e2c7f8ca19ca3ac1ecb906bafeada3fb5081476ae7c4c13c8a230ea91ebb2ca7bc2c58f5ce466d049f20dd1cfd09043cdcd3ba0aeebd5693adb68f2","secret":"222ad5af3dd2e5d4e7851603196ceafbde5dc40b8adf1036e96888f8daccd15924d7857d01414a4b06060d6bb08110f6ef8716e23a19d5b7fe24e21297923b83","key":"8e4c7bf0e13bad8e4b7c415fd128f882","nonce":"75e5f194be082b09efe70b7b","exporterSecret":"e53d0870d184f0eb45327f0bfb6911487dff0c70058b6d13c4d7c864837126fb86a5c43ee2a7ce6b72dab78549e7fbb9fd0c796882806a89152582a27413fc3f","encryptions":[{"aad":"436f756e742d30","ciphertext":"14b03e6b03c43f78032f9507dd5e9ef86dcb2ff1e223d007001ec45e7251f63657954242f04e4b4f4452ff5c0e","nonce":"75e5f194be082b09efe70b7b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"136d307d1c9c8536e3c1f9d9f2cf86d51518bc714e15ba268fb5cc80ee63b3e82bb4f3f5172b21c896bf4a38b6","nonce":"75e5f194be082b09efe70b7a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7fc395829e9bc0faca6ede42c024e7b5c00a40504be155f6a4a8d5e3580447d9a95328fb7d61f18dcc7c43a8ff","nonce":"75e5f194be082b09efe70b79","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"945b7299aa1c8c91504ad77b5ee64833c795c1440d50b1f05f6ea39474d8a152c6f41adb1d7c7aecc85c293755","nonce":"75e5f194be082b09efe70b78","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d12481e81e53c40b9fae2ab18738de0326f36b2e3f0134e53e9fafc6152812f630cbb0436764b68d5fedb7bb85","nonce":"75e5f194be082b09efe70b7f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"a439178a43fb7f68e467f849ddad63e0114a50667521c76eae31ad7f845c75155bfa0583a21f958d0f9d0e5472","nonce":"75e5f194be082b09efe70b7e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"abb49c11b666c1426bfa0ca3281f5e3a0e19f1042ae2be7112c11a513618d3914e2051fcb73fa99c7c97979839","nonce":"75e5f194be082b09efe70b7d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e275d4fecb635cd6d1ba9e5793713c05e4f2516869a32ac5f864a58e3cf1f6adc322efcd7a5de08d0ce317b292","nonce":"75e5f194be082b09efe70b7c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"41d789dd424f2665910a0dc0bdb6c7b0978eef45c5670a37811bcaea58a66f95c8c4bc1baba1697749cbbbd208","nonce":"75e5f194be082b09efe70b73","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c15e394de915fc8a4faff2d35006ea4c67ca6239ad08a2369a287c0124c220e9bf238c555635d149735dd301ad","nonce":"75e5f194be082b09efe70b72","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"79de0dca7638c6f48cd638555e84420700281c0e47ee4d7698be8be78a6c5fe6"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"1cb1bcffc8bf94fa3d036fb40c9ab9272ca757d5c114bc34347e89755a42d12b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"af6781553972d60c8eca90487cf2d37aa4b3315c97dc7db75ba93b4871cd8efa"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"9404cca8392312105f8d7c649ac153ba19b7276371c9fe645525211086b4407f"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"f1745f2b0818a0b0072a4b523cbf692ef0f4c59b99eac693a1596a484583dc93"}]},{"mode":2,"kemID":16,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"c68e13264f187106f2a45e7c5f216ba660dc9a42c5d1f2465d6221336d17df05","seedS":"24cbd40f047e304504e90a0a735d3eb6324ae2f62118fec2590c4989973bb40f","seedE":"cdc0a079835613b678b9eb196a2f2f3387d908e9dedec325d757418134f43ad0","skRm":"79b60ff40206f29921a0af4c77b099bb06f9ed5959a394c34d85c11b027cb003","skSm":"ff5ab362e3aeab0c7ecbb98f85ee13d24e4bd95cc632df968e2e897c0c44ab75","skEm":"c39473011bd27e6fd39c7620a2ce78772a769273677e4ce093c977f321341a49","pkRm":"0413db6f7b08f4d0bc1d582ef7f9bb1204b04f83a8dd26791b0dbf1cf356fe8bab1317f8ebc93b7ce09fb9cda8ddab5923f6445897f3866c5e8f5e4136c6f01b78","pkSm":"04f86107123a4f0ed9d33e5fd390eb043c0bd8d41e8dff96fcbab98b9b7a96c683a86e9327b97328b240fba4b11aeeceabadabf1f3b50fc7c61364d6c946a4cbd4","pkEm":"044e9122402741b34dd9ae2c38e03c233fa3ebc11b85d88314a73378bd90066d3a9731ff495b440b5e263d524550640c81f34eb28b3f431aca0553aabede055951","enc":"044e9122402741b34dd9ae2c38e03c233fa3ebc11b85d88314a73378bd90066d3a9731ff495b440b5e263d524550640c81f34eb28b3f431aca0553aabede055951","zz":"740b0b696bb89b7e2d795d29c8c60a980c6bf385552c91b8786db5165ad3d073","keyScheduleContext":"02abd88abcae4d2699e5a3ca4de95539e53837460d423028afdd5348e6bfdc6d6085a04fc074868e0e70c9e3ca4d2ec11c1c22fa8b8057328fa8c857cd1ea5c52860d548824e2c7f8ca19ca3ac1ecb906bafeada3fb5081476ae7c4c13c8a230ea91ebb2ca7bc2c58f5ce466d049f20dd1cfd09043cdcd3ba0aeebd5693adb68f2","secret":"02385ab6a55006c63293739dfb9faca60c8d4e5f73ae38f6efa7d2e1856533673c30b2fde5cc8d6a194af810bb2c447a8c21da1dc78948a33bb02085c2afed8d","key":"d40a33d3eb1333a46ec39470e9df9b09","nonce":"d22cb027f855722a5a33e0da","exporterSecret":"470889adfc6368edff8933eb68b4397c6d56bc34963c7ec75966acd0f6ddebc99c64c4dd208c49e98cafab9184854614b4d9451d0b0f260593688530111031fd","encryptions":[{"aad":"436f756e742d30","ciphertext":"188cb9d4b33c852962c83e8f2c0f8bb04fdac7d994629899470df6e807b51cee87c4a1e0a56565250eb741c251","nonce":"d22cb027f855722a5a33e0da","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"5570cee6c3c25b9af180ec2344dedc0aa93ce3af94abb6901fbca70ce9b01da4b73d66c740d19622153002a07a","nonce":"d22cb027f855722a5a33e0db","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"27d383d2526f8857b9007b07def5002d61a92af06b4c6581a0c8f03ea394376a548308005d97d4294a759d0ac0","nonce":"d22cb027f855722a5a33e0d8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"a0e4253b27519b0c59289af4b7aafbb137e455af97730f7ae1ff1b4dabe9483ba41e1b03a391c53543fc88ce18","nonce":"d22cb027f855722a5a33e0d9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"decb4c425d413c1e29080cebd8fbf8b455c3b8611978f57ac4bde93185674e9e368d7c923b4774abe0845f426b","nonce":"d22cb027f855722a5a33e0de","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"4fbb758161b72bec42be499a21b024812e7d3e1ddf5cc42b5020e511d133adaa525873c684a336e469f3adec34","nonce":"d22cb027f855722a5a33e0df","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"c8ea4f4367e5ea820f87073b75d8af0f29a8d945e4cbb5e0f9465bd65b08e78149a82618d1f1b2a3b0d2da668e","nonce":"d22cb027f855722a5a33e0dc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"de20fe71b53ce20e452bb9e76eba52fea997ebb37e5fe8b9e513e5f1b2d5fa254472923c4ae189101229b4c253","nonce":"d22cb027f855722a5a33e0dd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e0dde2dbc80f8045df88ac2e8a483db668ce9999712bf10cbfb7f1513c34c307915f708ce3f27ee4eb8e755d7b","nonce":"d22cb027f855722a5a33e0d2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e8f9af58e5656b4066dca1670f6db58eea71d30d573823a7639d6e67b0505d487f93ca20148c99ceb80ed2beeb","nonce":"d22cb027f855722a5a33e0d3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e973ae39dbe1c742b510f30123f1e3d7b80e76998e5af6268833d1bcfb5030de"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"557df3b21e52df3c57d14826272b4aa001dadc38899786052611923e031615ad"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b0cf4e0623d1100bba08b49356c1d45adcee8fd81a94e879ec4d0bfd49ae521f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"f13274064583a938a06988fffa02b8dd8c7a730d2541c20b920d9011968ce953"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"baa447376985984ea3445287a83cdc61ec4b4620d4a45f729b2855285910a5b4"}]},{"mode":3,"kemID":16,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0d9f2c5cd2f95f8f79bd2078465fccad6471739b64ca7ecc809bb120370d7b1c","seedS":"c546199996c2799c558770964f8ecc2f8740ea7738868a2a75f1a648a4884ed1","seedE":"274652973211968bbc52a22e7d6e9627422e32fcf3827693109973b0d38b8067","skRm":"9f4143ef2963150e07bcb000b3484238cb780facba9ba1bd860df122adc72ec4","skSm":"4f050252e30c04d0a90a6e36bb5643fc61da42720384f609e0fa190d12f5bc83","skEm":"acf64dfd0e91c3d7840af790f3b77b3d88bf1b5a5b8b9dead0b93c7470ce6d46","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04f5051ace1f2e32c41243b7c8def6eef473ed5c8b8ace61a5f6f01ad66bc9293027fd6bbad30d0a9186608aea99fb62276419dc728f9e1a63df11620b3363380b","pkSm":"046e7aac4ca12c951eaea9a11746f2006ef0cb9fb1d51c2c35e85cfa0cf767e13f8fc4d41e831a42ab8d21c44aac52073037525e9d037bbaf280e566014fae3b50","pkEm":"04aa8c698136e67faf0008719a7508e117887d675ee0502eef2d64247cdfc2c81fcfeffb054aa32478f014a1837adfa25da37727e8a31381434c6225ce678d85bd","enc":"04aa8c698136e67faf0008719a7508e117887d675ee0502eef2d64247cdfc2c81fcfeffb054aa32478f014a1837adfa25da37727e8a31381434c6225ce678d85bd","zz":"e755f3ed764a75070f3f4b205a5376db29fce90f206c5f76d782ab3a5c6b6f48","keyScheduleContext":"03e8343773236a54e26b7ff0893a27417760ece2a634789921c319887f06a1a0b285deb7c839be8ee619962df67af85550255e2388934c22561bafeafb36905c6e60d548824e2c7f8ca19ca3ac1ecb906bafeada3fb5081476ae7c4c13c8a230ea91ebb2ca7bc2c58f5ce466d049f20dd1cfd09043cdcd3ba0aeebd5693adb68f2","secret":"4b7b40a7d4e2bff9c87fe8b7aa032549d80b725613c7152a1070c3bfd42e0d9cdc13e287ffae530b5684da29b5a70fca846c1fcaec005ffb9c04da10f74cbbab","key":"b622eb59242daf8f75deb2314016a5ce","nonce":"74b870a2f1861ecce1a7da7e","exporterSecret":"52d34722269754492aeaeebe70703b1ace387244af511b7d20c4e91dcbe107ec1e8174c049fd7b30feb3adb103383f7112a6f3d0302209c2c9f899a7f42daf84","encryptions":[{"aad":"436f756e742d30","ciphertext":"98b5c97bb3bb44b82f48a494b61edb26f132251165da7ba9401627b82e1a5d272491a6b5a1f5aeb7bc250900f8","nonce":"74b870a2f1861ecce1a7da7e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ab72bcf84d4045e350f2d49b83033ab9872d9b0508a90a5852c2f41ea5130608f70c5af09f5938d0b2fe03802e","nonce":"74b870a2f1861ecce1a7da7f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"8738cd5fb99b6ac42016875286155494a44210e11294844622348ee435335357fd6ea6c1c69f5abd553017317d","nonce":"74b870a2f1861ecce1a7da7c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"3e732fd974c1b390c419ab5aa63578934c26cc6d90592bb8ea66f5d591c5b017da3108a7daa675515d1e4a4785","nonce":"74b870a2f1861ecce1a7da7d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"848f8801acc16e794b7e31965c257c389659ddd6a97a007681581e1906be9e73af7b460500933e57a1d658b334","nonce":"74b870a2f1861ecce1a7da7a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"dd91340a58de838b6d7e87511c116e0e2027815dee7d49fc133c5a4c574377cc2248602c983ba2b850ec61b70d","nonce":"74b870a2f1861ecce1a7da7b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"46d2946eed905ec82fd59a072ac0e35623e0af291d660fe3aa6bc2d0fda232220a45abf42d64bf0e11bd6f8170","nonce":"74b870a2f1861ecce1a7da78","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"686b6747e3b6bb0c88a33dbc97e80af3c2c68cddedbfe78c989bd80f80d013b68887afba3d89ccfd27e6466119","nonce":"74b870a2f1861ecce1a7da79","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d7d18a064b8b4e011ab278db1134623e9c6abfbc6b8bbed4b7376ffdae12e239b63589663f41a2a34ab7315a49","nonce":"74b870a2f1861ecce1a7da76","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"7a58769afc6070c8cbded1e28d9d7f03548c6ee271298b2b1815541a727bddfd0802968dc6e5a1e5534fc66743","nonce":"74b870a2f1861ecce1a7da77","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c0d423c9e652d5fad0be9b0cf0f693a11bbf8294bd65c580ead91092d1ccd115"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4f855b625ac96746e27b84c0a2f94aa6085d1dcb60ddff63d048886816462f47"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"57cbbff7706cf547ffe113fe53a8d3ded124a7f180fdea22652c55e81d687ed4"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e283faacea6c310980c7ec6cf155d15ebe6be84c5ba27c066361da25fc74930b"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e9e65066cceb46f39742335f7b2a0d7e50fb33616782cbf81afb028961c432b7"}]},{"mode":0,"kemID":16,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"8073ebebb59e89c89bfb5b019b6b24e13f0f6057c70ff904904d9c13a81bbf33","seedE":"ccf56fe0c1c615874707636466311e635417b2e67892038054342daa90bacae8","skRm":"3b7d9685ce5559f8e69a4cdff573ec333a87508d9890bde4826622d699c42468","skEm":"c02fff0c42058c2cc1c0632b2826efc53fecbc5a20e4e52cf10b3f1cfd198746","pkRm":"047a436bac667fc60d35a7e24c1e5c57805541a84a9a4e66bb4afdf043259a8217e0c7312cdb5b880ef957a8f39633f95bb776f5425923bc6c735426fc9358bae3","pkEm":"04c42055358f2b54b6845c6c51e2e67b26e634f2b2ba65a3216468d40b11c742ba975a38b46cfa0372fc5bc25ff8b1ca1f700f59675e234060273792d5528ff351","enc":"04c42055358f2b54b6845c6c51e2e67b26e634f2b2ba65a3216468d40b11c742ba975a38b46cfa0372fc5bc25ff8b1ca1f700f59675e234060273792d5528ff351","zz":"c377e4e0f436fd11ea0de8ef4a83b2deb8572df67c9c6f2e177384797562cf66","keyScheduleContext":"006bd8ba5c5510a73bfd5eacf62d45fcdde0621c8a06edf107d3318a094f162d7fce0d1af573c2327d3badbae39f4e2f95e8692f6d4eb3cde043460e24c75cdbc19a23bdeca096e9a88172c66e0945e8c5624bf797349c390eb6c7a312feb766865c104385339b729c5e747fd9ce4e94c31c156c0398e2453794095c98f21bbb05","secret":"e5d8845aa05337db5755daf135240b8d7c1576f8790f8b15ce43e10040954ad4d83df2d8cb86660c8aa7487aee16881f1202efb9179dd7662d01b915f12fed46","key":"1f380fc99b14a9ac01d204b3f883de76e3a5726a78893f58be0b0788b1cbae7d","nonce":"39c74af64bdaee83ed9d6a17","exporterSecret":"7c91e7d2b586ee81bea3c30d783058b94ca5efcc5a78769b7ed48ab93fb06db5b0e69136baf4b62f501ea29d3e9a18eaddc8a6344dac75b8aeaafb142a162829","encryptions":[{"aad":"436f756e742d30","ciphertext":"9a3a142996e4ac6e4539d7d9500a61f8862dc5db5bf21b1ef608491a8d8bf75f483da2545dea51b27d284b7c17","nonce":"39c74af64bdaee83ed9d6a17","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"4fbf7cbf7ec0040fe76c66876b82cff55b0e52bfa47828229568361af6acfda56b8ae163498790d1615499a53c","nonce":"39c74af64bdaee83ed9d6a16","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"ef7b949143058ad3cca97378799649a89828eaca1109f7f08536b4d8e83c2782fa130f0555842207d532c9bd8f","nonce":"39c74af64bdaee83ed9d6a15","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"73293b5cceca0798705d94a6dabfc81bf3359f69d2416eeb8b93ec8cdc8a51e2f2dc21cd60b4ccf86e8c237e4f","nonce":"39c74af64bdaee83ed9d6a14","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5503ada5783a3d23687ad590c827f245a98b58ca06571356aa068ef5d2170236a460a7faa6ef9932d715607193","nonce":"39c74af64bdaee83ed9d6a13","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1e99c10eb386608ae50543a42020159089a635fd1de41f8a42a5229a2ffee87413bb1c44b99f4cb868849906d4","nonce":"39c74af64bdaee83ed9d6a12","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"db8e95a2ef79f1fa8c5850e6c7d9d67078dc1360a6a5fa6f627f3c8110f438bd86593c8101cdef472b3cac1408","nonce":"39c74af64bdaee83ed9d6a11","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"deaffca4893da114e5e45084392d0e7d2c1a8e9e8800965bb6470690d25ed52b5094d6ac0cd970719d1ec49ed6","nonce":"39c74af64bdaee83ed9d6a10","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"67b8be591a8ae06dea396a43e5a85440dc05b69d6ac2ac50b6524bb79e3203ff4712fee497a4a1fb728696f56b","nonce":"39c74af64bdaee83ed9d6a1f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"f9c4d2b03b0e3dabd192c6c067195ab51d66305b88199154385c9757e81ad10596f7441d12aa0c6634301567ed","nonce":"39c74af64bdaee83ed9d6a1e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"77321385b3be51742fcf96593cf61c71e61967f1ee0db08a6082385960549e5b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"80fe3a2521ae0702ae2d3343ac502c23eb9c531b2aa7cd8cc0a3c8b5c1c5eb81"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"fb827cf8913d05d27fbc43050cb49582bda6540126ef8c9ef2cf78d7f0dea4ee"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"a61976531b505acc29a98c614adcbb21ccc9635349a6f18189153cdc3c72f84b"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"03536dfd85350fb0ef48452f34f4d7157a4dca147ac6f0dcb8fa1a089b1808ae"}]},{"mode":1,"kemID":16,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"c24a233fa83f0521880878061915448aaa5db29952e30292f29aa5cfed4d9b6a","seedE":"1781d5e3f68095d979493425e742d74b49c05d9d540311744e0b83868fc41065","skRm":"552f196638917e691d95bd84d97303a42e07f1f7ab6a748fba5124b5311520fd","skEm":"1e39f03947bc6d9dcad47788990c22589bfe981b29f72068e2ae349ee2668c41","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04588c4346265f6e7556c176d55ba1ee0dbb4bad0887485f2bd23a0fb13aa6ed3f5c53347c13304f637876fec9f2210ec45106c7935228d1012d0409a0b31e9104","pkEm":"0490f0bdaacf9d5d2739a15533c23c638dcfcd1d5c047ab1a240d656f73d2689e870460acff7b01bd80a9bb7792243de4aeafabd7667d92f77b4bff30a90d5e4fd","enc":"0490f0bdaacf9d5d2739a15533c23c638dcfcd1d5c047ab1a240d656f73d2689e870460acff7b01bd80a9bb7792243de4aeafabd7667d92f77b4bff30a90d5e4fd","zz":"46503a7c9a209f9429417e97d442fc0081eea1b8e9698d8ff5e01a6eebe888be","keyScheduleContext":"019b38fd49b7cec069330bed53f07eb48c5b5a4bd870f738f6fa35ceecb7a9c6bc5e13ea271ffb24982862ea92c63a196330e3b5161a11e373ec25ecd1e0111c409a23bdeca096e9a88172c66e0945e8c5624bf797349c390eb6c7a312feb766865c104385339b729c5e747fd9ce4e94c31c156c0398e2453794095c98f21bbb05","secret":"116c9a79cd7f1881ea91deb902dca36e4e2652a8753b4b2d4e414220d79033c186a4015fff353828e17c1eb200a3d07e6237e2129023cff6233861b8d5c16833","key":"6c08fbfa8a34f5fb8ed6c1c938dd9e7e37af4a234d989f020db7cb670cdec0ae","nonce":"07cdd2f7eb97f42e956ded4d","exporterSecret":"6330867dd1a906424ddf70c186b5023b6f2dc25d8f6554e3ce0dd9c9a6923c4ace9c9eb8e3702cc703807db1fb0b5bf12c190d60b825479c3cbe12450b15de54","encryptions":[{"aad":"436f756e742d30","ciphertext":"9444f596bc324e8635b1a8d9c11bb86de6bf800e9076cdec80fec36ba224eb998bae5e3254f2f7e66953ffa48e","nonce":"07cdd2f7eb97f42e956ded4d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d9810f2d742a0847ff8ff2ab4bb2ad9ff73f7a15f1a01111d61e744676a9a351866efde0bf4962e1821ea617ce","nonce":"07cdd2f7eb97f42e956ded4c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"f4498cc4057863c940bcf43e30c1ae2bda6fd2114533788b763b5ddab29d19c6ace03af43f73c95a66720de5bb","nonce":"07cdd2f7eb97f42e956ded4f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ef18b7c142bd4f33966a57cd8f7d4b226db7629a735d469c44eb01fdf3f8f8b9099ab85ac5b76c402e132ab9c8","nonce":"07cdd2f7eb97f42e956ded4e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"9e6b5477d7343767107f0d452e24aa9a8df8bedfde50d926b4f21ebf5a351c7d4ea65f17a8aab08ec97f4e4734","nonce":"07cdd2f7eb97f42e956ded49","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"73f4ad139187c847630dcffef266e332312038a735580721d6db71a2369c2e1b852d7be6b481f642cc66921f34","nonce":"07cdd2f7eb97f42e956ded48","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"761d879bd1cf38432e1b7adf86397db9b85ce8731c1796197767451d10b45ac5e7b2646cdc22fd4c8654600189","nonce":"07cdd2f7eb97f42e956ded4b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"2a8f6daee451ef805bc167fcdb7ae3f77890a7e99f9ab41b2ea5adc2aef40d48981883a08ff0d31a730fd799bc","nonce":"07cdd2f7eb97f42e956ded4a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d8e6b2bf8c66d019a510efc03382791111ad8c89e69d05af9ee7398586d3ebce950753287b4fd73c4a6919ef85","nonce":"07cdd2f7eb97f42e956ded45","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"88599aed9d5bbc6f56aebbd8f52ddabdfe85e682698cb0f965be126a8f2e1c03cb3e4dac1cded82fe77b20e3ce","nonce":"07cdd2f7eb97f42e956ded44","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"b8e23c63cf4d55e100e2f0b896b5d34c86214c3ac146f62fbf20be975470035e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4ea22c323ee3655a61490ad71da81f4ef4f5f36c40756a3facb2faff7169d031"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9214e7d9dff836b4c85b6a83b3445c0a77cc545a2efb6b6cdb7be855a686fe25"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"226e23ebb3565ed698509f8bc231ce395e8d49587d4edfe65ca17c48ba0d778c"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"b68e1a86f528b2b853d35215c58fef3804f9418121824ad13e23ac0b5f12d6af"}]},{"mode":2,"kemID":16,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"ad4ebfe63f9514fa832f104379b2d00f095f85cf84c0c615f89429f85840116d","seedS":"c30d1d91939bb03ab4af876889b01fb0f865ad94a628b2b7a71e1fedb9fca622","seedE":"3e946bfbd6092eb8bbc987a12bfdecb14be4357f9ebe09c18e83ffbfd8c9902a","skRm":"b9af524800539f98e2778c921f114f79f8172b7c3318a2d8146b146c9094fb63","skSm":"840d20013297650207c4734f3262380f4dbbc2761c9dbc7d952f6dfd7b0347db","skEm":"3d95122e887d3ac906f91ac8a5d493d2848c18d21f32a8e48df86457ac2596a7","pkRm":"04f0f6b2fba410acb562d6bc4c93e86431301d3d2bb69aeeb1fcb61f4c35bab8a9e028d2ee504f6b6855ce9a60cfa0fc40305439f0d1dddec7b3ffb06f764852d4","pkSm":"0406b1657b7256084159ff495199cda50061aac5b9aab0d366e5fc88ffba15d76fb29156615631a213353a8224d2d18b335818a357e33df789bbfd3116c24c0b1d","pkEm":"04b8e3d6bb66943717b78b01da3479dcb64b362d13a3d3443896f5505c3cda3b14ef482a374b83e1c6e45d858e28e198b7fc57a5d0b49aafb167f0a9e1dbb0e452","enc":"04b8e3d6bb66943717b78b01da3479dcb64b362d13a3d3443896f5505c3cda3b14ef482a374b83e1c6e45d858e28e198b7fc57a5d0b49aafb167f0a9e1dbb0e452","zz":"39473ca42a84fd911c03d46796433af9e88e39df6865790735947417c3308f60","keyScheduleContext":"026bd8ba5c5510a73bfd5eacf62d45fcdde0621c8a06edf107d3318a094f162d7fce0d1af573c2327d3badbae39f4e2f95e8692f6d4eb3cde043460e24c75cdbc19a23bdeca096e9a88172c66e0945e8c5624bf797349c390eb6c7a312feb766865c104385339b729c5e747fd9ce4e94c31c156c0398e2453794095c98f21bbb05","secret":"844df825619b882822777be5bdb6aedb97c1840c70b7400d93394ed2d14b66af776ee7fba6fa60ff97bc68d8743d693db75ec53775edeb3d8e73babd3df37a66","key":"b1bda7e7747ab71bbb96c3633e6019bbb51838b03db91ce8bcd4b7dc43c1fbbc","nonce":"5bef97224d9909e2a29ac76a","exporterSecret":"aa03a27217f419a2beb2cc548d7b35207d4fdb1035055fe4b818ff5658ee5a284028d16cc9344ff733b59c43d5deac63d429245b9e3beb6bbfbbc1263a8b2df6","encryptions":[{"aad":"436f756e742d30","ciphertext":"f6520f508ee6bbd7be614cfb9647c2b8be6cc6a57b28bbbc36f63e3d3c1475c71c9f3328bc359d2117af81be99","nonce":"5bef97224d9909e2a29ac76a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"3d3cb422d63f47051eeed7d4b03e48d31447953bd90bdb101d3fea1c9fda2ced80c0f3407434de18488dd8895f","nonce":"5bef97224d9909e2a29ac76b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"fe505e0566d487759453c872955da02f9615a29e8b10a15c750234888bcdb4599857205f2b4ca1f48bdd788c5a","nonce":"5bef97224d9909e2a29ac768","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c819c8cc523b2cfc30efcb4cbbdefe4308fc99e7e767ebb540834267f4ffd8a74655f67aeba453d8c0616f40a4","nonce":"5bef97224d9909e2a29ac769","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b8b7b1879f67dd97cfe7f2c30db94bad145e896a5d0e88b83e7290434e4503c0f277f180cbddcd9987357112cd","nonce":"5bef97224d9909e2a29ac76e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"5ca142ce1cd1d1634f5b76a9ecfc17b24dc5eb1153f474d291bda96ca2164247e124e438f66d9aa3d405e0f66b","nonce":"5bef97224d9909e2a29ac76f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1220bfc55d61e97885f6b7e079ecbf407d2a4adee2b780ac31834b4b22ac9fc6d5dd20a1b663a995348a342adb","nonce":"5bef97224d9909e2a29ac76c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"51bbdb975018b5476ae936b5050c2d2f7407945f33f34c028a30067434e26130263704a4398b1d067a9ff2cfa0","nonce":"5bef97224d9909e2a29ac76d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"1d0266dddc20270f4d9f68c5979501cb1b10786c30d4d41c1401c2158ede72c6f43580ebd9396cb7e381f2f96d","nonce":"5bef97224d9909e2a29ac762","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"969c247b995de0be388ea9ca3872ab67c55c1f8af5baf8e41bd114045aab74690a426dea46e30991f38092c245","nonce":"5bef97224d9909e2a29ac763","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e77d88319e9d862e67f345f6c17451d4ab1c09262e5652cb0dcd1ac1d319a214"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"0df0f5d565797f3fd0a3a986c55e944dc0150cd9eb6a3226bac719ade03683b4"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"4de4f2cf26e0b6fd81b4c7fe217ac91ba8432a25eb9c9ae11bce8feb07c31663"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"001eeabaae24c368d99e9c2799986290a0e3c09bbdfb568439882de201b6fb32"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c56fcc3710ddc7ae520d42245ed7d708726886c4e964fd6228eccf4f6fabc084"}]},{"mode":3,"kemID":16,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"63a60e9f73f3f707dc9daf4ed11be3944368024fd2392c0d4875a7ec6011fe36","seedS":"31a0dc4adbf3cf10c1332a1895d59a53469199d029cd39d74890bc0181e07e37","seedE":"4f969828bc2d517c68e5a90b81e33dc2aeb223d749af0197a196bceb100e4c32","skRm":"7ac5ddf8ae903dc26288f56bd4a84eb652e38c956b0f74fd1ea234895cd94149","skSm":"6d48021bb5fbe5adb334ce1a0d7c1cc79ffd9b2ec517ed53597e72323af2a321","skEm":"0aa19d0ad732820068a2e9ce6e3e73a6e4d3ac4e8d9909810a6ba08785d61808","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04434c150d6f0d206e173ffd15f2015f775c985fed5425c66741ccf62c7f4059a171291ef2079e573e009de84a47c972da356b845641982ee27324f910d1eb7e9d","pkSm":"0412717dc0d8f78c420122b3aeaafac47db7a0359ccddbc258cf3e77b1f8ea64f4fe698e84897e6775377daa0cc768b63723ef7340ad3876dfc83d071fe0297776","pkEm":"04d73558deea38ad9adda563b34e0ccd04735d36b3d8c0c6f71a171db99707d2caaa8b410a9bd681a7981ac589adb76072b6a902dc9712a8338e2d3cba4b72f482","enc":"04d73558deea38ad9adda563b34e0ccd04735d36b3d8c0c6f71a171db99707d2caaa8b410a9bd681a7981ac589adb76072b6a902dc9712a8338e2d3cba4b72f482","zz":"4f999eba389a096706f7eb190c50ea333736ca8dfe23dce403d074c40ab14a3d","keyScheduleContext":"039b38fd49b7cec069330bed53f07eb48c5b5a4bd870f738f6fa35ceecb7a9c6bc5e13ea271ffb24982862ea92c63a196330e3b5161a11e373ec25ecd1e0111c409a23bdeca096e9a88172c66e0945e8c5624bf797349c390eb6c7a312feb766865c104385339b729c5e747fd9ce4e94c31c156c0398e2453794095c98f21bbb05","secret":"87a1ba8b83ffd9a2fb687b27ced3b6d1b15c63321d6e60a325139495e77ccbd4421adc572b2f20615e0d2ac660c0067fbc71385aea19fb73f66f5f3d6bc1d82b","key":"35b0c99eec403eac70d48adddabd13efbfbc1eb97848ab152f63aaee9ed5edd1","nonce":"40a11b650ae44dc420a6bc36","exporterSecret":"cb138e869a515226b52d9c50946860564756865f6de28857b79a47fff367ca27d2dab6ea675ebb6c01912eb79f241eb4372351f98e1d23705833ca4523beccb5","encryptions":[{"aad":"436f756e742d30","ciphertext":"135ecdbf211f8881f02062b769c6aa75482ac838000c50685bbc4d3a8e6720a851fb9e86d293bce7669c719f93","nonce":"40a11b650ae44dc420a6bc36","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"8ad08c4b32ed8361a9f0eb7c6eed7c8bba4ae695be9dbe106bed968834808a4a65264ae673118b63eee6006162","nonce":"40a11b650ae44dc420a6bc37","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"45246a707c3ae26facd7cf8a262d28aa1f400ff005949b37ec4d1926dd1cf53e95efeba126989f8432c49f8fac","nonce":"40a11b650ae44dc420a6bc34","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1f32e1dda4e09e48cad72fec1613857382dfe381335fc415f6670abb9815594d23858003b665328d186ce9a7bc","nonce":"40a11b650ae44dc420a6bc35","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"131cd270263c2cd9c7e6501d7cd4bf12f5668dea0076fe8656d32c44b90f29d0d2fd5955c2474b7e7dd4354497","nonce":"40a11b650ae44dc420a6bc32","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"ea67e01765f08be6fc8a0729ef90ccff6643d06caf44607aaa7a4e75c500e01a572ad8f12b3ca87c6a4e2109c5","nonce":"40a11b650ae44dc420a6bc33","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"18a94bd72b0837fd1785c0123e7b0bfa9fc49d2ad77886ba1315ad9c5f6c7788566e027b69f46a1b4dac0436b9","nonce":"40a11b650ae44dc420a6bc30","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"2d822f4a45439e83ad6b3046d124172f267f4d7641a05e52f3409191ec8bc3b6e8cfff9556e988dfac00eafdbf","nonce":"40a11b650ae44dc420a6bc31","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"52a75c6f23b83bc8beccb6da2586467ed2cbd75e3b292cae62e97b8cb2c2f427f7fc1e45387c328aeed37fb997","nonce":"40a11b650ae44dc420a6bc3e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"142b81eadf44f83d2aa530107c0e8a2e8a2458a97deb9e0f6887be262c08c7304b1f3f951084c63b33d425d181","nonce":"40a11b650ae44dc420a6bc3f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c30e3c96639eba891066ef53b2645da88c88c77e3ee7cc63b4778ebe1eafa8e0"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"fc7e75215718307fc714e89e8d65c60cbc678be62a6e20208ed76cbffb9b56a5"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1875ce80f8a244c1004c56ae484dc95c3ba3f513190563aa0be522b6fb90ac89"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"1888e63662dfc997a91b8822c9b99ebb43c292def06504d3a970a9fec9863e55"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"6f0f998b8ab0a777761f8e82d17ef53eb3adf8f8289c44b3031885be7191be40"}]},{"mode":0,"kemID":16,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"fde8afb06c71917220f1d262838b5d4a2cd17a232c930ee68b2c8ad699d67181","seedE":"7e802cda13a945a4dcc2c75c20105edfa95230828cbdd5845ab6c63799d193a2","skRm":"d8c99aad6c57ba6187705a0f2aa5f642015618209b3b949bf40890002156a801","skEm":"ff1df87ae3b5977e2ce38713355a9e9457b57d5b4fad5d3a5d2bd4e1890c0a63","pkRm":"04314bddad8b7028d5f9821a7074241fbc0f12354899a58b1321883beb794da1e2dece4707f6b9041c2787c14cbd50ab268c8748e03bbc029d06c5af61dd778b92","pkEm":"0444b094ff8c75d8bc825eb3b7d1d29ca58d83982a25c4a5eb9233214b64c1b4e70b84a9132fa4ab6955e39afa4ad7b4d4a4c7907b15ea9ba6d057c3cbe3d63869","enc":"0444b094ff8c75d8bc825eb3b7d1d29ca58d83982a25c4a5eb9233214b64c1b4e70b84a9132fa4ab6955e39afa4ad7b4d4a4c7907b15ea9ba6d057c3cbe3d63869","zz":"09e3d0b0f1602145d0867ee241914ad2e4a4d97c3ce9b59cf809e6b98b1b7368","keyScheduleContext":"007b7e5d7ad89f81f6a86d7af8782a03754b91b6b958fa5dce795b3ba56a4e93f3f6eb4fcb72cc52b7753fdd9a31065d0c6eeb438ffcb90db9e69db37c512e6539a4b4c90fde6e6b7305b0ef33289c0b623ddd707546e67c24bf2c57d2cf0835f1fe35768824537113465a6e7cc658470fc487c12e7fce583a5542ba7e3e11690a","secret":"7747f6408e30fa23ccd2731ec7bc2ef45946d5cc6f0f35ed1e43dfae3f66bc570699727ac86312e1f7f570d2be7688a875a9244280e0042eaf9cf7d503b5097f","key":"29e324f20b70df6e5a1fa53319128eaf8b9b39a712f8807804ee6b1d67eaf8fb","nonce":"a9cacdf7a8372927384a0cfa","exporterSecret":"a92714fc26c79748ddbc104fa59d720ed9c344d58bfb560b89f258d8a47dbb065a595eb7a0bca8b7ce6a46509ef4793c128adb843a35952106b7f92de67d6e4f","encryptions":[{"aad":"436f756e742d30","ciphertext":"91c568ddaf6be3ec20f0250f11e691681da4218efaefd40ea6e88396b08998a191ab2b41b262df9a142dd56f1c","nonce":"a9cacdf7a8372927384a0cfa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"8cd8ffebe179811d495f796a07f4143b820064850344670d99561039378b7ba4d313afe7a1b71ad78df63caf21","nonce":"a9cacdf7a8372927384a0cfb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"2199065f34033559e3f3395b81de4f69e4401fe1864f386122bc5e60f1c3f23de0e01525b25ba941afa96fb083","nonce":"a9cacdf7a8372927384a0cf8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"69cbe69ab9e66de8c789fe4d33fc7f2c1e602703bfedabe4d9b4cf37a9c053386efda992109ddf91ff850a8151","nonce":"a9cacdf7a8372927384a0cf9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2a502c7a6ec293fda60b1dce44e0fd55345f5517aeb85400037f11d83dc5d644a9d870df14930497ceead538a9","nonce":"a9cacdf7a8372927384a0cfe","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"dfbfa4e6e929e5fe43f137a58a53e668f958a8d47b22741ad4a8f599771395f9218584538e91a04d72fa6dcd31","nonce":"a9cacdf7a8372927384a0cff","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"fcafb1fbaa7bacfdfd8590666245030b237dcf11682ba1f6778c1e4d1d8224ac31f68b386695924363b6c8959b","nonce":"a9cacdf7a8372927384a0cfc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"a5f1f24fd47e85fb46f8bcf2d74c9abf126bfc68ed93a04d0e3685203bf29e4de7dc48089f0cc17e210c89ae8f","nonce":"a9cacdf7a8372927384a0cfd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"131181df190848f80a94bdfcf52e5f4509e3f9d620ce68f5c19510a8b52d79f8b99b7914311be7ac36d80ffb2a","nonce":"a9cacdf7a8372927384a0cf2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ed6149a3906485a0c60917cf8e2932cc18f0480ac4d00c88350becc106b6a232a35d50b936c164bb915b16c90a","nonce":"a9cacdf7a8372927384a0cf3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"960b76beb45d30d4c087d8b5ca6f82d71603cfd507d6cb9355f1fd4fe9d66913"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"3c81bdd47101adda7c19dce3ff9253fbcbf5af2e91dd52ed178c753b136f1e69"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"29acad2066d8b33bbff1f672f549aac2ec3487ab6bcc629eef142655fc3415eb"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"7f665f4c3f1a755c70f28949b25883aabd57e18a8d3256f9d0db6b4c4e1a48cf"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"0d67f1f7b1cc87d2d93d41ee9bcd5dd7cf1bedc8e8f6886f6913fdccd688583b"}]},{"mode":1,"kemID":16,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"f12cd64c006927719a5e659e13397713a6a66d174b69ffe59bc9c742c583c086","seedE":"8915ce31f37e5cccc86ed65da9448d0a60095d00b7f31737e282d43d3722869a","skRm":"05c7aaf4842e975d9276a018afb6ba3cf69c6f88cf537ff66cee805e9cc29caa","skEm":"5efb212aad564aa27fdfcc762a561014c2dc99e3f7d2bfa86e9b715b5abcc28d","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04fede682d31bef2037a1754d27a56092d381be576fa42366d7729c9e2aabad569bc754dd6bb5fd20010e382079ce90ed6db5b225334fbdb3574796d4f064f191c","pkEm":"04eb5fa6bd089a1c52095954d5b19969fa6c5b474f54780d1bdf88131741a2ad67bbd8a30a5bf1183531ef7b3fb9783f7665e84358e90880f1323555caa0c368a8","enc":"04eb5fa6bd089a1c52095954d5b19969fa6c5b474f54780d1bdf88131741a2ad67bbd8a30a5bf1183531ef7b3fb9783f7665e84358e90880f1323555caa0c368a8","zz":"187cbd951d36ff3de9ad95720e75a72ab2bb376c8f3680d6923173bdbd658cd3","keyScheduleContext":"0133f807a9c2cd7993ce299f721c0f42536ce307c0172a364850464a7f7d46a834ba6da878797a24757b8037a17384cddafaf76fc6eb12dc58da48558a2fd32d8ca4b4c90fde6e6b7305b0ef33289c0b623ddd707546e67c24bf2c57d2cf0835f1fe35768824537113465a6e7cc658470fc487c12e7fce583a5542ba7e3e11690a","secret":"bb4da6b41ae9a8245750c7a3bd030b84777d3d29b6a7350b0f6bcd3c9dd0e126224e0bdac16806a78f7086078a9f76b07d5d7b2bdeaa53cd9637d4093933f143","key":"1eaacd2fe1b69f65e9e03f1c6457dd7c4fbb5e28bb022a0840970556d8d2b557","nonce":"7f70afeec5a141ebe90e4824","exporterSecret":"b6a7a5d944002a3bc2616f92cbe8ab088d3bf289b00077204ecbc0b2a9c284d8cfc90c0baa73b7694cd684fd9e93682e9aa1b602facf04cf517ad7feaa943b90","encryptions":[{"aad":"436f756e742d30","ciphertext":"798cc63b66ad3eae0ef7a2eaee0a5866f8d90d4210bb9b98e283506b4e8e9a21d34f89a296f4022524885c21b0","nonce":"7f70afeec5a141ebe90e4824","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"920e88a6b895b26ca5bdedf9d49383e456052a870838d52a2fb1d1f440387ebbce0897aeda31bdea63c0ca6bf4","nonce":"7f70afeec5a141ebe90e4825","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"dd7ef972f45a60ba8cb966e5533df98dbc5dea99645f7e91bdf0264c73fcd74e1458454d11fd4137e26793e2ca","nonce":"7f70afeec5a141ebe90e4826","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b8300fb7565d94a323e474871f2ac4d6fe839bd2e8db4a7cc60dcd191a31364ee12bf046bb5f1cc01d1eb670e5","nonce":"7f70afeec5a141ebe90e4827","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2a176de9604776ad9db11eac9c4a37028528736277acdcacf022747256530cb11ebd27dc1b02d8c29ffbf74488","nonce":"7f70afeec5a141ebe90e4820","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"4e21c4e2c2aa57da2e8785ec401fa60dd6cde48c246a5d63aa51a246e83e84e41b7f93ab6dc14a6cda18142df4","nonce":"7f70afeec5a141ebe90e4821","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"7ea88c369abd93b7f7fdd13b4125d942e275c5ddc151256481d3782dd49fcad5fc6cf2da348f8a277846c2005c","nonce":"7f70afeec5a141ebe90e4822","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"2e09e973036e0df65f9f048c0780911c6ab5359a17fc60e5cf3e3b019c13987d78435cbfea851a20c78a31243a","nonce":"7f70afeec5a141ebe90e4823","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"7e16d10494a0da272b3377c702f4445a9fbd92cdbfc182ea10bf5c674db7095f1cada1a35f1e676365d79aa914","nonce":"7f70afeec5a141ebe90e482c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0e4c82848df4e1b920f73b6272a9df8935dca359557e87bad69844ae3ed9ed406418b27456577589333e3dc58a","nonce":"7f70afeec5a141ebe90e482d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e3177552b0cdb135c5d1c276d46745ac3c8e1bf08b8ccafaeb1504aa202a0611"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"bc9ac8a8a966245215368c157cec237178dd1e5ae62ad2440ecdb1d91eea0994"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"eeced1099a9a8bc46bb63724601af98ad541a8d55dfbc30e9ae2a81200daae51"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"a9e4413f10d9b49e019de89c038c3218971e900d62c0139b951f3b93915dd209"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"dca6d959f36476d6e282d2d8df7f92fbc73f12922373db90c8549b95ad4ed41e"}]},{"mode":2,"kemID":16,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"c05d89351b29837e7038ce12e6f82a0dcde8c927ef8bb4c06fe5d9190e9baa69","seedS":"e338b56a26c566b7aabcf7601c316b40d9756959e4e55bc63f796b7c94ecaa71","seedE":"81366e2abb297360e0e707295a201005225cbaead8398e1759888f98d394aef7","skRm":"fba0d0531f15ab19cceb4851af266253b32d8f19a0bd38ca71c67c88f9edd4d1","skSm":"2ccc35d436b0009b3512fe66aff6727ab8c297da86c9e9e6283696897fc4b810","skEm":"3dc14bc28d77993b718d98617a1c8b52c432852e8abb81d29fa1945332860c69","pkRm":"04ce1547b480d8c1660afbafd13ab395fba38ce3bfc077bfa39ff057b0d294bc34ded4f40ec95d5b4d12c1e56842f7923e5c46792f22c53068325d5dcf511e6c7f","pkSm":"0407fcf2edc3330e65ed915f897906295b300d59e7373ea87b78adc2013bb5e5fefbf7ceaceb0980a5b1985150f4245718a32f83a394362195915b554ca35a5a81","pkEm":"04386104d32ea78d696947809190405e98da6cfd5b46e7c25818475bb90f6fa54c994385da991c15e53c6d79427f172fb23835d118139307fa98d0865291820abc","enc":"04386104d32ea78d696947809190405e98da6cfd5b46e7c25818475bb90f6fa54c994385da991c15e53c6d79427f172fb23835d118139307fa98d0865291820abc","zz":"63a032bc3d14584e3e25dd45cfbd33a9d57ae3c81848e91990713893e9e86533","keyScheduleContext":"027b7e5d7ad89f81f6a86d7af8782a03754b91b6b958fa5dce795b3ba56a4e93f3f6eb4fcb72cc52b7753fdd9a31065d0c6eeb438ffcb90db9e69db37c512e6539a4b4c90fde6e6b7305b0ef33289c0b623ddd707546e67c24bf2c57d2cf0835f1fe35768824537113465a6e7cc658470fc487c12e7fce583a5542ba7e3e11690a","secret":"be07e7c510d5ba3ef80d6b919c014c7011687ee2e58798e372ce2305ef7a2e7b8a8a00c1f915eb11e25669c2f2efd76a51b3b2bf7232e7c0ae21f0c46d1f5a0b","key":"96377e4b68580be070b79d4006f103183685a00599ce59a2117dbdd3deb19345","nonce":"38d40fd3abd46128916cfdcc","exporterSecret":"4993f68de4a3d54f63cf432576d4c7e1ff1afd1edc6d4f19f06ebe787e608ae7d4efcc5db3f10e5994910509e29e1ba95eb15beb3a7c82a44f9005db5084bdc3","encryptions":[{"aad":"436f756e742d30","ciphertext":"8d71988d614cf7d6a599efda5c96e4e78eeeabcd3eb2757d31540423994c0c70e040e769bd6ffa1a2a444c2e76","nonce":"38d40fd3abd46128916cfdcc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ab9ce056a854ef12d8d96c1cc0b8784f56f709ae3d884372485838b80aa83237fb635dfc662f9d3c748b7d606f","nonce":"38d40fd3abd46128916cfdcd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0a293fe3eeed9a13881c6715bd3659614f9f2e1b633a2b1d90deda00b97cbb70bc89102b249ba013eb4c925f34","nonce":"38d40fd3abd46128916cfdce","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"eae519c0f2a5c4a623d0f004392faa7f2ffbb4799fc9212d30dd8e0c99bcc43048c5baf63f2d9c4bb9e2f01bce","nonce":"38d40fd3abd46128916cfdcf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"6a2a031fd75835df40e7cdb0fbdb205d40ae183f8855835fdc5025419d2ce81b8cbd35b308a3859f5e1d1409bb","nonce":"38d40fd3abd46128916cfdc8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"148f4198d9c2d345e960b3b298f99f7e2fe708406d148b156890996b5492035a2e956e991647c895dd8995e6be","nonce":"38d40fd3abd46128916cfdc9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"dafc442ae72728d32933650208fbe069ef5f06aed78466473ad3f71cc7f654fa8cfdc7f561b7d4cccff0391fd0","nonce":"38d40fd3abd46128916cfdca","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"c19511ffc2206eecb79990195daae1777ff29d12757d4251c0ca0f1d1f6ee2b723dacbbf7a689afc73d0bf5102","nonce":"38d40fd3abd46128916cfdcb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"9478f126b80affc318a1ec5b6dc40f571d03947110839a239255eccfa14125090cda2a73eb632b27cdfcc0c545","nonce":"38d40fd3abd46128916cfdc4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"282dec09ac626e81930b3540837672443960c6639903ae1a42662fa75301b6ea30529cd40b034ab7ca271f7f52","nonce":"38d40fd3abd46128916cfdc5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1c98a92ff988e3c3013e9a119696ae3a1fa6502a56da1fc8874b9336f7f67539"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"af175caffdb3616677afb7ee3de12c7c039b8e434284b766632261a30409c8f1"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"50615abc4fba1ef39f62bca6c68050be8f07b8379b8dbb6d10fc37631e7c15cc"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c095d6e850bb723e5ae31e3effe12a44d128c88f6dc3dc7c0c0ca69333b25bb9"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"3813b2cbb5691d51c2daa77a36f20ad01a13afa3c84608b17d0b3b75882b5d1f"}]},{"mode":3,"kemID":16,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"702fed8f2c313b36af4458c8b7396a2438a477d0f17d7d9e709fde1f24a059c5","seedS":"3b2be32fd05c850b9e5ae9772cd0fd8444a1c64bd30924ee05a5a3d1a3d01046","seedE":"0300c5c8614488b5e05751cb9e796ec655a706e3f11cddff6354ebddf6a573f1","skRm":"ace9114c346687b1fd4252d5e2ce25b0f347e4482ca49baa7a778b785b3272ae","skSm":"d45208a6830005a2e00b49b0459e730f9e64c4f39268b3d7348d8b97234289bc","skEm":"0ba40ab030dc2304c68421f601ee653ba2fe14d332ec32f4ac219d57120507b9","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"042fc85b81704d26bb3172df4c714657faef18ac0b0052e73f38cbb3e571be4b70d82aab94ca64b330d2b66d3d5d8267f295469f3e310356846cbf2c0c73ca91ee","pkSm":"046ed94f6df3b90c6f344d0035ced6af3a6a014a852ae3dce047e94ca43634a3e293d877bdc8c470ef39124210cb20e2c97b1cc44b1da8ef80697a2671900c60f7","pkEm":"047debae5c1c4475251d242b03d840c8f2a7761ed76e7acba4fd139f48bfa379115f14569dbb7747c65a06170f6bcf77d3daf8d8529773536125914ac04b058160","enc":"047debae5c1c4475251d242b03d840c8f2a7761ed76e7acba4fd139f48bfa379115f14569dbb7747c65a06170f6bcf77d3daf8d8529773536125914ac04b058160","zz":"7253739095309dca0a16d4726ddfdd08887ba7b6b867c8277bfbd02c68801738","keyScheduleContext":"0333f807a9c2cd7993ce299f721c0f42536ce307c0172a364850464a7f7d46a834ba6da878797a24757b8037a17384cddafaf76fc6eb12dc58da48558a2fd32d8ca4b4c90fde6e6b7305b0ef33289c0b623ddd707546e67c24bf2c57d2cf0835f1fe35768824537113465a6e7cc658470fc487c12e7fce583a5542ba7e3e11690a","secret":"5860f09c174191d77de4d677849d510a98ff51b55f0670812e2e489183f45c468c4e073f7bb1c3105fad32d056c53ef6ef9baeb58a616324ce0ef9bb7712f82d","key":"2984f0f54b84e938e27c9c93b2ba494fd3af2dcac03aeb13d56fbbd78ec51d28","nonce":"21bda668f7adf98d48b807c6","exporterSecret":"995a229fdf04117945f748cc31f450f0112b859bd460f1610735e224f5f0d3e8cfd1433c65ea6e183002b2da72e391c76a6cb9adf5559b25f66c18baf74aeb7b","encryptions":[{"aad":"436f756e742d30","ciphertext":"986713411bac42c07d5d2289f32ac6347d2b9e4615c46edfa4e96645d8aa0a3ff7e07bd5093ad6e03478a8b1bf","nonce":"21bda668f7adf98d48b807c6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"fee84160f49303ab235641a64ccfbf0452ae79f7941e662ec7472f7ea9e6a404dd724427600b6866a3ca4b41c4","nonce":"21bda668f7adf98d48b807c7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"fd6e894ac469589ba69746a25c8b55f0b59e627a8047113757aa59e725669824ec6c19918f8147ac69e97d0f5b","nonce":"21bda668f7adf98d48b807c4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9f30718224d87e368f456a765ae9aab25a146bd4f54a765ac42b00b694a08189042d37ba2ccc74394c69e89598","nonce":"21bda668f7adf98d48b807c5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"515bfe7bfa171fad7de52ed6c3b025bd082a65423cd5723f2edd6a64c5b9e839360cc2912f50b52ff9c1842a39","nonce":"21bda668f7adf98d48b807c2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"c2ab5aa5b32eb02058123e9438a5bc1902a92e0a206deb45228d8855515725c65f6f4da71ab4a268d2681de2a1","nonce":"21bda668f7adf98d48b807c3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"b0b1007ba457129df225b54d25d2a1dee75175efbaa74e43f09aab47cdc4a92cb6182477819d37bc3ab12e696c","nonce":"21bda668f7adf98d48b807c0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f79867a4321b7c0b8fad39f35f95f4209f690914dafdfe48a23e0305b051dbf8747f8f683ee7ce672e9a359a85","nonce":"21bda668f7adf98d48b807c1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e7a5d4fbccbb5347c7087b3edd01206e9ef77df1ab51c5b03c2ded7c849307aa458ac805e545c16e9dd7e2c0a7","nonce":"21bda668f7adf98d48b807ce","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a48d137dcdd936e8323d0dc07e88cb97c47889bb4f3da6a6b925a77efb2f64502f0d30fa1d11b385a7d784cdfb","nonce":"21bda668f7adf98d48b807cf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"d91d17d246f39229a82eabfe17b73d9d48fe86a9239454452f6423949cccb942"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"ecd48f612b1151bd0673fe58c8c0fce85de6ff28a1c494043f66e367b623c360"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"ae5a5b5823fb20ef2bb77ba3d76fc7b2793edb7fa9a0210d10c6ce5a5c7624a1"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"16034a7bfa5d9cfe2a3ea91fc0b620a3121f7121d80e9c8971906a19428b9aff"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d61fc02611244be9d122a89d3a114981ee853ee1c597de9a46cab1fc5dbd5b9a"}]},{"mode":0,"kemID":18,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"cdbf469c01f4034652e2081f400971bc35d00c2ae3f1a60f2ede7aa5855ca6cc9596b1731b843485552a2aad8f80ae7092c362ea367305b317ecb6c783e16555293f","seedE":"32345ce797e66c758465e2613fb6cea74ebee9b45836cebb09ee196eef5e3a4b7dddc0df6c4f33dab0e8a7a5a4a2f6fe71a09d5f0662150a0b01b8a9d3de7aa92d90","skRm":"0052ed68f533f4079e5275e2d1edadc42d09690761b21c73dcd59082df410b1faf66d53aaec5297a8dce98bfcec778782427c1babb0941313a56aeefb75614b76c9d","skEm":"0170ea0ae7a69d7fee896afed61f3ef9b0087a5a6802538dae7ae51f601cc2b53b48fe1f7cbd0921aae8a6ffc7c550347f14b604f9a2453ac82fa3e01945d2bfe7f9","pkRm":"0400c7142489f719efec0661889eed548b2e4c55eeb14c725f65bdfb4077a70ad0c2693a5325f7bee2b5e4bd326af61074344fc62f9cbf88ab7ded694233227087301b005361fad54416691d78bc67df961c1f1d11aeec5f9ed020b5cf9f423f0934d081a2ef886b90fdce170b301db84ec9b5d14ad9ecd6b365eb99e5500d0e9c09efc55b","pkEm":"0401746a001b7bc677c7a86a36fb9a1987558a414fea40cc2e284e98d19f3f3b1f510f99bfbc54c36dca07db31636b81208a5be0d4469e91f5dfe9b9ba10fb5a657f970158cb3bd236386703ba2b885a073742c291ea13809a1781c480982ba3da27b8c6f71ad33ea2e2822a87986b0b7c5873e7be8c8848f04aef1bff425255e44f0515c5","enc":"0401746a001b7bc677c7a86a36fb9a1987558a414fea40cc2e284e98d19f3f3b1f510f99bfbc54c36dca07db31636b81208a5be0d4469e91f5dfe9b9ba10fb5a657f970158cb3bd236386703ba2b885a073742c291ea13809a1781c480982ba3da27b8c6f71ad33ea2e2822a87986b0b7c5873e7be8c8848f04aef1bff425255e44f0515c5","zz":"a8147b0b607f749a4dfaf2bace7ac2497cc12988fb0a7c8b9423a3d42260343ecad52e407768b06e89f8202adea43a0b1a3a51e344e53c377716edcb8ea5fa0c","keyScheduleContext":"00ad608a7fc70dbe6b42fb754224828dd1b01d8f3f37403962d897076ad3414b25e7c212e9238d15d034591a719f1355a18e7d77daf2b44bcd721b21cbcaf95108","secret":"d9e75f6176ceb896ec6273fb4c34b104f9501beedf9b6deefd7810b304119075","key":"225ab01c955c1b09ca4f0a83f82e2706","nonce":"da6327ca2904524e490be9e1","exporterSecret":"2fa6007e6e2cb35f3339d72c10d973bf9a3bb060b44d73983502af432f12911f","encryptions":[{"aad":"436f756e742d30","ciphertext":"ed2b7d0fd1dd75e99dd33a49f361d2ee191f4549fd75502d4aafd2df318b27cfe35324a61036363aad3baae9f7","nonce":"da6327ca2904524e490be9e1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"acf7ce3a2facd234ea4c58c8ce45217efc178ec8aa09fe4c6f0494b7e7d792937bd25c6c7fc7bada396a771086","nonce":"da6327ca2904524e490be9e0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"ac52a9d4d6d008fd937ffb58ca585284e02fa554e7e4a30442e04b28309c56f3cd90ef401b22fac4da7f3db6b8","nonce":"da6327ca2904524e490be9e3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c15c56c7dae4cd40c826e49f886333af1a45ed7a4bdbfd015ab4cab76ed3e1da44e0bead5cfa46f99eec48efc0","nonce":"da6327ca2904524e490be9e2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"7b8455c8aa55f20c40a720f85d73e364ae28422759142c74e8872a440f9e2767ad8aa03ca5847b27e649565a35","nonce":"da6327ca2904524e490be9e5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1f551ceba9c8ec50f4b2eb66e0293f4155f8ee3dc499a20c2cb63ef89add66ab869a619c55332dea57185c60ef","nonce":"da6327ca2904524e490be9e4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1cb02ae9c38cfad8e06c2413000fc12e9fb30df015ea939acb929120da9475a423795cde69864d5b9fb7b189fc","nonce":"da6327ca2904524e490be9e7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"8927c400d4180c3d6b6b1ae9534b930435dd6af9b8c31e158d145f42ac2a1055b667bd4b83ea74909c8993254a","nonce":"da6327ca2904524e490be9e6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"46342bbe05983c61483cf88a34376bbfba860871beda657d66fdd7adb5ffdc79658b176dd6f1c89358a8c7481d","nonce":"da6327ca2904524e490be9e9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"cc5447834effc596deafa67e65b172938462ffe450974ef784db364dc5e29ff9f76e150f79f3fb2144d2ed3664","nonce":"da6327ca2904524e490be9e8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e407fbc1b0c8347979fe85732332214a4247da04582b9442b66c14a6a659b1e5"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a1624ccf93c6a26ef9b0451c3a7164e11925002eff33c61873221271f75d30bd"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"bf243a7105b98abb24eb63b8f2645692d604035a952161ea419acfd0e4b0d275"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ffb09bbeca45f4b7f6652c06ddfa5320550db552c3adced0ea41443f70ebb63a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"b466a237daab450de064fb696c883ac2ca4d540afac9b16783fbc37ba3c8c893"}]},{"mode":1,"kemID":18,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"4971142bb2920de2637857558bfbdeebf9e735d9844ec453f3e1cc9b52b9c1dbd0906b41c45e4a0143783b2767770966a57a271b36c9fbf48ada07513d9a8e556b4e","seedE":"0dd281cfa561adfdefbc9d9d6af41bd22c61ef53780a1ba2a564903c160e656a1873d7a63f3f620a06d9e69c271addb85f151bc5846b149e6870dfa27e20c71ed2d5","skRm":"01528f347456a59e762e5bc5aaa0b17890692d6d7b51491fcd04822accd8ef9ed0a1a0130cee4fe7cd5a370dfabf5ecc4ad805ef4cac7e4913a916731393c463e169","skEm":"00bb6180f0eb28f03ff5c6a8e50c400ddcef50fea324a690039ab09450405e2b96573f082d21773c9664e5e6e9261bbb4d47149d34939a90f447acc42c7163213445","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040144e2702e04e0c76c1f50ee630a13334d2c582d7a749d17b0b92de949cbb68ad2ea31eada7dc4f905de0134161165ee2899523c2fdb52924e6e0c73006c98a9ffbb0150394e1160975c1fc72675a9342ba5377f24a62a7f89887a189b4e84221b77d23fb28bb4c4e52d41d64950bc2c5f66511afc0b3e26a1794ea56f331c2459afc7b1","pkEm":"040173c4073e5c86203a014a997fcde5ebcbb97b3321e5e865bab238fbd6dbdc92748e594a9e6cad63ccd407b49d41c5671bb4f55cab671a8caa4cfa14aa2c3e4624eb005ac25baf1d3a3448e65f12d5797443cf4ec3404a86f486a2f535b60b075a246b5b3f4e809463b9363d49eb84cb334ea3ab2b4e53854f06b70c4a1067618b33b651","enc":"040173c4073e5c86203a014a997fcde5ebcbb97b3321e5e865bab238fbd6dbdc92748e594a9e6cad63ccd407b49d41c5671bb4f55cab671a8caa4cfa14aa2c3e4624eb005ac25baf1d3a3448e65f12d5797443cf4ec3404a86f486a2f535b60b075a246b5b3f4e809463b9363d49eb84cb334ea3ab2b4e53854f06b70c4a1067618b33b651","zz":"639c3b231118e89280849454a738878cf2307616f4f2f05226c707596aa9763051c7f9d755f06c8bcda655ca1d6fe95022559dcae78947a820102308f196559d","keyScheduleContext":"01d1ec3dc8b12dc2405fc29bf282b782bfdac2ff3ba302e515efc61813fc5270c9e7c212e9238d15d034591a719f1355a18e7d77daf2b44bcd721b21cbcaf95108","secret":"cac45132b29a7119cb949eccc3a029105bd0323b0b02fad4db801b5841f70be6","key":"7a7ac93767eee99b4eb0ae578b5f0d3c","nonce":"30ba0dff7a6ae0fe9aae6dd1","exporterSecret":"f775c60848853aa424883aa150ed399d3bb18e470aed9dd83d3f86305024658d","encryptions":[{"aad":"436f756e742d30","ciphertext":"a9b1431ff90b2504b7321e18519f08a7a2f48685a23a6a6e45f9ff982af07d4f14e6bd578944f71fce9f9e0827","nonce":"30ba0dff7a6ae0fe9aae6dd1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ccbe4a03c91230b5dc4495801892c3584979000f57fab2d6d5798021fca0695594dbce27769f80fc16c91be9b4","nonce":"30ba0dff7a6ae0fe9aae6dd0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"ba71710ace4a0d73db1f501fdd44f9d3a6943627b6f7964baa3847bfd010b11bd8a2c1f4dd8e032d7d51221ef1","nonce":"30ba0dff7a6ae0fe9aae6dd3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"651be4d15b42b242d5213888ba211f011a7f9372b1472b5670d943763511e88a0a1868880aa81658f49c131795","nonce":"30ba0dff7a6ae0fe9aae6dd2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"45f0c612424f046de69fc7f6aeac395fc9ef46ec396e312efcc3d805264b26200ee27e7f96d6bf576fecc38bd6","nonce":"30ba0dff7a6ae0fe9aae6dd5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"c4f82869ec2cb42a475b7a6c032fd6c8f977e044e4dab1de073f1a053639c3a6bfaac1c08039872f4519f774e5","nonce":"30ba0dff7a6ae0fe9aae6dd4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"38d6db2626b408189f6f01818e6f54c3adba2b4668a577814156b2f004a6a3c8ed63e20b4749c67a01f4ad406a","nonce":"30ba0dff7a6ae0fe9aae6dd7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"b8c702fa1c51b5b2f37ebda4c6c8be30b0e956f7d0889ba399768f7c3774f8550e60f14f328c81a1b5b3c1a170","nonce":"30ba0dff7a6ae0fe9aae6dd6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"fbbb9bf14c76a475fa3e75a4d563b8e60fb0350112167e1916307c8df65c5b9a5abeecd530715584bf7904f787","nonce":"30ba0dff7a6ae0fe9aae6dd9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"46e6ce0014439e1b5ecca0efc4967f88052a46fd8b0c60a623223d18aa60332768eb5ae54f7e38a410ae259676","nonce":"30ba0dff7a6ae0fe9aae6dd8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e24fd627897b89279dfc18935ccf5df44c558d1d022b6ef4d34dee1daba98566"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"73e6e8119d8677835d5b02d2b797090313d3c53490a3f9593891835c355bbec8"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"461710b9d75a6d5fd69eceac79dc5ef2871e92e13ae1b180111471645786764a"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c8f0cacc4a917acd4fe3ad22bb710518077e88098efb8b4cf9e19f9f5d2d993b"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"941c674548682166b978e9c21a28c86c5710651eeb5939d08c1a26d6d836d905"}]},{"mode":2,"kemID":18,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3ae881c55c2ac80f7cc3327e13f99b8e514de993bbf6f32784b5f499a9414f742dec97247f8c569eed5da52a7539d83fa54efb299a391fe67e4387a7a86fc5d3e7a8","seedS":"bb4db0fe34489ffe43cdd50d22f880c2e7ba2104e86cd0e3f41b625015c00ca7701b2d1abeccfa88be204659637450d3bdf423cd42969fb37b4f4958f842d9aea930","seedE":"42500565d83de4e56a369b021f0c01c3634e37c85231dcc73f44d629995802f514226b365e49e1b44d9ed5f20f3c3d086eabf62649ed56694e3fbe88f0e4c66f63be","skRm":"011ebb944ec25bb47fb4f4acdeee47c0d85a1783be6e14b6c071a7857d03bba047f9fb9742e414dca8d667edc599888a48f3edaa74418c89434ba9dca376e7bc8ef5","skSm":"0108f7bec9e20710ed878f1d862c8b5e9eb2bf7fabe05f985f113d6c24296724d116222e84288054b433426519f82d604702430868551e661eb4601417ae3e81d7f4","skEm":"0062987eff0d407d3d89425a62870d2a3fb437c8b51ebc35c67a917af46afccbe93fcbcbd7ea09425e209ec21830fe13ee78778843776a0fe6791e5171312d9e8158","pkRm":"0401c2808f5f8384a7a4ee4d09f9b080ef102d7516c5a0ea0f6216d9d772339a0c04bbdef530c74c043c735e5376a7fe5be08e7d6a9127a7d62e7dcd621a58b3aaa89b0105384a3be9ac1c8e697aacd82703bf1e92ffbd41466202b7edfcceb14b1156c964d1cb6e6cca0a143d47a39766b719fefbf00f2249f60a429440ea435443a2a62a","pkSm":"0400ad35406813e4ec6b27978916c349e8cb5ed4514f9fa9ff01777d9088ce5dae703ebb6bc520ab16b8d1ce04fae456be11fcf67aa8dd337591c822a5ebea919e12a60125cd0272092f49012d896b1e9d9839aae21b806e98e566d38470e4d51114d2d7a7c2c6c7c2449ce24c3fe5826f8c258b1e5f0f3f14ee67a269f688c7fdb11cafc4","pkEm":"0401bd21c9c35a8f7e5c371e439044096e6b5e42e8db211b024834896738808bb91f7582675032e2090f3b3b2d8c6630ad06de002859fc90e6708b1106b205268b50ec00a2311d2295969f16c33ffb1d1e3081d32a91e6cc354fdcb2fb8ac574737ef1ccc3b7b62be07db46eae8aea98f87f3158ca7341eb851cfc96588d8d3ef21c63fd27","enc":"0401bd21c9c35a8f7e5c371e439044096e6b5e42e8db211b024834896738808bb91f7582675032e2090f3b3b2d8c6630ad06de002859fc90e6708b1106b205268b50ec00a2311d2295969f16c33ffb1d1e3081d32a91e6cc354fdcb2fb8ac574737ef1ccc3b7b62be07db46eae8aea98f87f3158ca7341eb851cfc96588d8d3ef21c63fd27","zz":"7940adabdb773de2f454f349cb23f42ce3e4c8cc9596ecd265a4c6034e66132ec972a88b1b5ff31e9d8f00794a73f7401063a26ceea52e24c3a98bb74c33e75b","keyScheduleContext":"02ad608a7fc70dbe6b42fb754224828dd1b01d8f3f37403962d897076ad3414b25e7c212e9238d15d034591a719f1355a18e7d77daf2b44bcd721b21cbcaf95108","secret":"08e71baa706e96694da1aa7e1bfd8bba13b65e53df7b5e6cb4a812aabf75fb55","key":"1ffdfc00d83c26f82402e26eded03c34","nonce":"cef36f35fb88c5c98ce375b0","exporterSecret":"38cc47496de3b92325d7530f8b6dfe48faf7da8f7685d1e61cfb1d3f685f37bd","encryptions":[{"aad":"436f756e742d30","ciphertext":"6031112c2a109782bdca1ddbf1330786bfda0b11f893c14858bf523ab1d813756ba2792891cf681024640121e6","nonce":"cef36f35fb88c5c98ce375b0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"a38d6f5dc868d2cc68c81d147e77fea859384ec366c49456e29a0c742acdfd77e32443483e541372bcfe7d6657","nonce":"cef36f35fb88c5c98ce375b1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"24aa012306431770798d95b62f7d4783358d329846ae3dbece64f0d1bb5831af5c3514f5728a878e46718adb1b","nonce":"cef36f35fb88c5c98ce375b2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"6c4690ed4e5feb923cd09441f5b7318d6d4ab4e83a89f5348ed3dd3f625bc801a5ff477a9d70e1b32a9ef6d8fb","nonce":"cef36f35fb88c5c98ce375b3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"6aa6f7dac3d5471051ece10eacab2b5cc4c05ed77e9bb401914963ad81c8e48a94022c62ef02fe2ae286982290","nonce":"cef36f35fb88c5c98ce375b4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"5a878b4c8d17a0dd7daeb123d1fe366fa9a191715352c4f5167c49ed65195511e302ecc01ef85439f3d1dffd79","nonce":"cef36f35fb88c5c98ce375b5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ae98d27e7d67bb82101469ec008c5da670422b352d0d235fbc0502eb44e47757af911646f892b54834e74f60aa","nonce":"cef36f35fb88c5c98ce375b6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"10c90f13cecc29bcce1373b3eb2077139eebe7d32d0b07623e3cfcbf3620c0e7995bb00a855fbd221578520ef2","nonce":"cef36f35fb88c5c98ce375b7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"2965c4a08cf1bc9c3c939d22235d46caf4bd8558214beb2ad0ed9d86195e43c63625e39f3929090ec0f650f65c","nonce":"cef36f35fb88c5c98ce375b8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"79dc629056707a5866785cd03b96ce0c62e76be3e728676d581880521bb08670f2d75179a0c4156d50ee8e4fa7","nonce":"cef36f35fb88c5c98ce375b9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"3878a91cad7ddd19eaa1b1982c6d4c007a0bd36774f62f970960f2c18df07bf7"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f84cfa009a4ec62b181217f5de4f8211a591a2a4ef67493892e7e1c8bebcba9f"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"d78eedb38f0674d74627e7b21f0840ee8db2055b462442b08563672c013a1b26"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"d4c29caff01c3fe4fa0a6333fb4f47e841383437b0f48245bf0ba3029e3194de"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"787787fe41a99e48339136b4d6211a256eef265dbea062922585259ae4d9b031"}]},{"mode":3,"kemID":18,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"f0e3458433c7747f42078f6c610675855f91d15d8e994f9ab9af383b286a3649cca071c971d3b22afb0cac5f56d9d80887e6fc4534ce11c467e0c73ecc260bb60db8","seedS":"1f1aca41685d325e1bfe774bee713ee3659808fdaa0c327eb5f3f7d18305f7556489ebbdab3e1099e6256cf0ed75acca4f0f4907a8ae0d7f64113c5661c2384cd8a2","seedE":"c8f6e113a1eac7f40ee8fc9ef4a7f90ac0576cadde56020359f47c2cc2d38829bcd2659f7cd0d87206c33d04d16d18e0b064f0322d2f79acc24a74ca6ea874268e7b","skRm":"0179719033020c90eb633beec1ec5ae59feea2bf33f1781a709874dbd3e05da19ec49cd0babc36ac25a62eb43bba77a7b35c84c4bb202d9f2239b6d5fc7683678fd4","skSm":"006b95e0b8933b44a27891e27ddbabb576857a25766917dfefdd321f6d61bd9e800129171a23abf2523f5f6f9953352ac379c4a09229c68304e6cf0168a7000bc1af","skEm":"017bffa100703e55c3a7ec4e9e0d83fccf5760e5401ad36810761333943ab43f938c9b4f8caf619b72baeb8465550ef3eb382520839233c8ca196ff613c9fc105b9a","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04010a98eb3869be0439d837a5268cb84f1898d2d5b4a813a47c3c54f83be6f4d435ae2c7c9909b8ccde503d37342794a711f6eb1831d70ff7a9ac2a6bd12d940bbd57019419caeb6158559651d3d4c8d79adbb0968d4d695ea8c8e65fdbaea6a1715a54c20e78643dc91e579d9fc4a6fa73d31ff5376b211b4baee013caba1ce6308bb94f","pkSm":"0400cf9a9b3e51e571892b3ea4d17e57a6d2f0299f228a149a7de401cfcf8416ffbd355b550049b6e8310c1fae30b0fa8994fbe3495f59c42089baa222074c0d0825130119de526497ca2beae899cb06ec039feff9e32382deefd16e91d10a0890431a781d459edeb6942d8efecc422c2281572da196059c6a0888aabe14408cb6187ee51d","pkEm":"04001364a368ae99e1f911bc74541b9c8abc7aec9e3b2a137d7b32899290c5f3d44abe4393ac4868199a77cff47fd6310ba9788a24e31c6f7ec7ea1e0fa4f5cb8bef8a00e0ad4353aa31b1b06b4224d11697361c5e6999223a7de01581ffb82a421a1837320bf0a565dfd1bf68d6aaa2b3dc78d4fdba39221f2fb5f84345fddf91e98e66e7","enc":"04001364a368ae99e1f911bc74541b9c8abc7aec9e3b2a137d7b32899290c5f3d44abe4393ac4868199a77cff47fd6310ba9788a24e31c6f7ec7ea1e0fa4f5cb8bef8a00e0ad4353aa31b1b06b4224d11697361c5e6999223a7de01581ffb82a421a1837320bf0a565dfd1bf68d6aaa2b3dc78d4fdba39221f2fb5f84345fddf91e98e66e7","zz":"13a8be10247f4aeec47016752a2945c55d4e474ce4fb5bada6e6adfe14529432b613bae99874a95d057f27e8864a5e8a650b35eb0b3f34264ea3e51e0b1997b1","keyScheduleContext":"03d1ec3dc8b12dc2405fc29bf282b782bfdac2ff3ba302e515efc61813fc5270c9e7c212e9238d15d034591a719f1355a18e7d77daf2b44bcd721b21cbcaf95108","secret":"41948592035524299fc774646662445f5c2271d11d7ebc37e3a8772f9ff92d57","key":"a9f20bd806d8cf2d54f2ec18cd2bd10a","nonce":"678c967f941c0627553a4c37","exporterSecret":"29123c2db0da4cae013424cdedb5267f1efa97f6d0bb1c3eba6f649b1b8a6385","encryptions":[{"aad":"436f756e742d30","ciphertext":"7bb97ae8bc975c142e671ee9e1b4f085d7ec6f81db26fe44bb4ce32fb451d72daad890cedf3cef3ef6f7993465","nonce":"678c967f941c0627553a4c37","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"f4536c460d6cc2b14be63abe70b759aa9921df5089779cab1c49cd1c09b01a315f405d0460ba1457f0ce3d3df5","nonce":"678c967f941c0627553a4c36","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"c02dccf8e0874f78189e9829bdb0f3ac32c6e1b29024fdb4a4043c0e12c0838795b32f8731923441224fe1c277","nonce":"678c967f941c0627553a4c35","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"766c27c3a817fa2244dba88e48a432aec432414992d266c9b4013944bd226b0f5e9210f2bec755a290ba0093de","nonce":"678c967f941c0627553a4c34","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2f84ec94e0af2bae889ac0486de50b63433d68ef4a8f6c745993e7250bea145cc0dd17c3ed49b10b339df422b5","nonce":"678c967f941c0627553a4c33","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"4ee8043bb646bf63ee108adafecaebe4765a5d64dd2694c172bc171e0c2a6219bb6b7771c076bd829cd90bc45c","nonce":"678c967f941c0627553a4c32","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"a3dba5fdaf204e9dd5120a270ec4d30f49903391b9dc9988804f76c6e585daeab2225a56939d868e3b73340dca","nonce":"678c967f941c0627553a4c31","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"316777b028b4bfd43962c9c506e10990ec38f0d10d0239850710bd9bdce37a2c87c776c790bea73072b7e51f9d","nonce":"678c967f941c0627553a4c30","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5e6cc110d76035fb9d160812901f5efab94f33980ad114a9d6e63106b9f9647637c250ac6bed8e763407a5463d","nonce":"678c967f941c0627553a4c3f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e590265c46b268f5d6599c887f7ea3edb5d1a75885224d368bbd46adad77e93e119d96c2faa43876cb6b9dd916","nonce":"678c967f941c0627553a4c3e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"859f73ae2a94ab7d1ad4aa39dc8e67f493e5aa4bea4492ab96156afe66bafeb3"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"d366ad607f2cf4c2395e4488728ae80439aa1a789e1aee65cbd5306519874b5f"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"ed47801e36db47ce6aa3f31f202fe3be9cf0a5245ddab120d8fed9e3b2b6fc2f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c66074978a4104867d7c04eac97e90d1d0a40be29843d51136c0330346f3ac3f"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"030f85e1cc1bfebc6ec8fc42500838bd416d67ade2e0bad7613c81e5fc4744e8"}]},{"mode":0,"kemID":18,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"dd3aa7c6912567f98f51a95c152e75cb56f1dbbe289952a490018bb24d02dabdb3e8c7dbac88b5c609ab5ed5c7f115036d0c28afbd725e8a99fd27d8e12c79ac7e3c","seedE":"a02aa20a8e5fc1d49c002bc2ea8bf1062926fb231899c09c22a4fa3e35287bf88cb809495effab2ce21e5267c860299f826af7838f5601b641b52a3d7dafcfcee405","skRm":"011773418cf0fda1001e07637acdc491fab289d1010bbc51415d7ea169fa1929326583f15757b010dba4809b63ce0cb5a04700dea4aa8cb0ac179869e5bf9c864466","skEm":"014b1d59a32e0d2dd1764faededd3f83a30e3523a778d31b8361b6c2086c739f12af0fe26685dcb2bd5d0a59bec89e0a2c8ffe5b055ce61bd37748cace0d527b056b","pkRm":"0401f82654632ef4be04d46f54f0280358ea948ee32f630a968edd91a4759c682af0cbdb89c800b6a1486bfede7c40d0816dd843122f87e0a7dda282c526ceada0adf90055232f6f7954c7f137c36810cc0ab6b220eb39a6e1fb6754e0ce5cc688545dfefadafa956dac9e8f4eed5ad51870dfa98c3719218955185b5c00daa5480ff756d0","pkEm":"04000cb9d703589b11fdd9d18c677956179a64cdb423b0c4b0c04f604c357548962b8ee6d07ecef5fac1434da040374eeae6125602d875c1cb7242dd4cd7196851a4e900f2452a9d4aec78be5ced20e836fef925ea33ee2f359590103600fa4e4fb63cc8d2f1303835f348747cb14ed508cd0b2320109bd8ff48a206995d315b1ae4f6d204","enc":"04000cb9d703589b11fdd9d18c677956179a64cdb423b0c4b0c04f604c357548962b8ee6d07ecef5fac1434da040374eeae6125602d875c1cb7242dd4cd7196851a4e900f2452a9d4aec78be5ced20e836fef925ea33ee2f359590103600fa4e4fb63cc8d2f1303835f348747cb14ed508cd0b2320109bd8ff48a206995d315b1ae4f6d204","zz":"c2404970853e9970ee14141dafacd5c2dbf12808db7c3ae00a19066a65cd907d39591cc1981090845a8a80d4d9fcaf9e881ee5abba8e64a74866cd7c8fabfc27","keyScheduleContext":"0096d3962148a57989476a8b2657768e74de4869fcd4501a77483fb58efc5a7379c88d1ed4d11358a5b2764607c8f85d37432ef517fb1d38f34aeba887f47102c8","secret":"40c7add55910d0159b213a16c20d62e34ce4b64e5b33fae5d85066c665b00ccf","key":"29a4e9b357075f16aec10699d2550dc1a5ce5e4d17d39660155cb284a1e9f570","nonce":"4ab90260a609e148d7aa93c2","exporterSecret":"72a0f5f600f6a00124dec056be2c409c3cc2efa0c95ea627222a7980cb199e68","encryptions":[{"aad":"436f756e742d30","ciphertext":"1830b0f64596943fbc44eee24b161bd3e93873ef67929d838c1bfe97efc04f34b2b0706942799d24786d958e71","nonce":"4ab90260a609e148d7aa93c2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"2393fc16eddc3cd114819841e140f855199e26de24e5878d1af98c0495e89c827d03b4865a0523897387417a7e","nonce":"4ab90260a609e148d7aa93c3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"f23a25d51de035fcbd1895f72bc629d0ac01d71266a72504a115ef1b3060908d911a295a3818385857a8ca07dc","nonce":"4ab90260a609e148d7aa93c0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9c239d1b616204509a1eafde2ced9ec76e4c30263c141843282449a945f14ed0e6902d543c52036377b4419116","nonce":"4ab90260a609e148d7aa93c1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b5532644e88b9c0ab5e4ad53234ab95a0e81196c736cca951ecb931be245f7e729e2e038f8ac0fe7f4a6cc636e","nonce":"4ab90260a609e148d7aa93c6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"7c61b1b93847094626d5617abe2244c08d4283165cda22b9d8818a5ef3ba44f1221ef27d93c6a868993c31fa75","nonce":"4ab90260a609e148d7aa93c7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"433d207e4cfc9c9a3ca30a010bf1abd39ed1606993cfb2b9a4b0654b6ab5eae89ed7494015bb220e7109d24d92","nonce":"4ab90260a609e148d7aa93c4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"2a5e7b803884a85fbc6db6023a698a369fea23e9bc7ad379dedc0016ba7f1a4bc2a14cd6982f70b730d2690ed7","nonce":"4ab90260a609e148d7aa93c5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5355c72d4035595230f2e76cf4065b007cb51f942db3094ddc86abbf4ba5027463036a905f2b347169e02cb240","nonce":"4ab90260a609e148d7aa93ca","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"74505735ae0ac3d186b1992a6b818346361e617d9493614a2de69449480bd9c7b29bb640cddcaa17f42a8c5bb2","nonce":"4ab90260a609e148d7aa93cb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"9559197d1c0c3888d348d25b1bb0925dc150aa862da92812286f725903d02a8b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"bf1a3960bd6fc81b80ffb7a9ecafa8f19f97dcb2dba0776a520fab7ca2ef06f6"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"da19fb76708cfa8b4e68a238cd412f9a7e7329d7d85d439cc49acd33eb50bb77"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"713087fcc0187cf746ebc0ae83425da1b2dba42b3dd2fed086f9a58b25ae3a6f"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e1794ebf77e7460d5c564fc2d18b5a07e54ef421a0686cb4eaa70c24dcfaa5a8"}]},{"mode":1,"kemID":18,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0aaba1fcf48190f71b6b2d7ed4d9ba7e0a75c42fad3d888065be1f308e85bcf9fc55bbe0ae279451cbd0d9cea638533facc3f372eb968e06a46fd269f3b0334d039b","seedE":"bffb76d61de67734c39ff2d55824a4ea34ef596c59575783b1aecd37c7a6168b129dbb0c80a065003d9deb87a4ae8d41b97f5175e03a67008fedbaad66c22272d3af","skRm":"00a71738518de7c210b78af73b8eb3f9f2795cd30c1aabb64a856919b997fbd74367baf0b806788c2ccfd40efc0ddf08dd661d0054d5b313fadebc891c3eb6cf311a","skEm":"008f614b1a49b8255b41836952a7fe07137a78e1e4dfde64598fd137f11e4701c9c651fc2dd0864009678a4b68f92b04db2c509cb6d0790d6c887afe80660b313422","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040016a021afcd41e2cc30002ab0dda8fb6ff5dc4d3c012af19245b931aad6c2e1870120c1429a46d99b0b6eb98a940ea6c69c2e0d4bf8812832c8213b82b654030c2e01103585a04c80fa2d52bb30cc8da741032b4e176ed7dafb8c685fdfec011e78007aed81914a21ebe9dee9cba4915e9a764cc2243bc8f0dd812a3cc4e832b6163e8c","pkEm":"0401f640356073bc103feb9ba387a9306d6942a2149689999556750040ca63b79fa35ab911aee23ad3239d96bfc6bb46ae590a1a4044198efafdd73c0a794faa442b4f01264d9559fd81abe24e0f2f6274e341c0f0f0ce11ac2087b2c54065075a35ac14322fe0ede809dbc37b01a60215e2315e300717e988541930c6119a6ad54e96abbd","enc":"0401f640356073bc103feb9ba387a9306d6942a2149689999556750040ca63b79fa35ab911aee23ad3239d96bfc6bb46ae590a1a4044198efafdd73c0a794faa442b4f01264d9559fd81abe24e0f2f6274e341c0f0f0ce11ac2087b2c54065075a35ac14322fe0ede809dbc37b01a60215e2315e300717e988541930c6119a6ad54e96abbd","zz":"33a0f33e2947aa566dae0f31834ff8a5001fcf92a04afcf1953da098e8feedd287d373303efd38b80a3a688310201888b9edf68f0f89a1e107ec400cf952ea95","keyScheduleContext":"010b01cffaa255be429bcc24dd98960a4cbc8d2f42df3afdd57a4deb82ed9542c7c88d1ed4d11358a5b2764607c8f85d37432ef517fb1d38f34aeba887f47102c8","secret":"e3fc4db9144149753d610ef43ba2b7eb5771c105d8f0d05e823c3010382c68d8","key":"8eeef22f6f3bae069f04d978cdc2a6bd280eec6c7d7b37f1a6910c5548901a5c","nonce":"1de94e171c2aaaef50480b0b","exporterSecret":"feb9b7e312c75afcf77eccf865cbc1a25323305511ca35f7c5238351eb83cfc3","encryptions":[{"aad":"436f756e742d30","ciphertext":"8a6de72e1ac2b6dd5b541874894c2d176cb9756396e992017b3235a5d33aba275540d236e9292c4f74941f18cb","nonce":"1de94e171c2aaaef50480b0b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"b0eb73ea5927558b478724b589eb9b586d3653b46610ced76752db8b516868ecf2345548e8fc50e05b1a5ff32b","nonce":"1de94e171c2aaaef50480b0a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"2d311d6308cfd8473ae02ee4ca9ddb04104fc7f85b6bbc5ead518de4e304e66b8594d4c605df859857e2eb2e01","nonce":"1de94e171c2aaaef50480b09","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"61410eb948412f5af57b9a1f68dce46377c7fffd1f100c5081a38f3613efd64f51b608693da188a9b0d6e8f818","nonce":"1de94e171c2aaaef50480b08","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"1268328f0bbb3f2b91bb3ded1c5e65bba44573680be471c78b90cdfe2b4dfd84d8aeaf0f01767a1f4498ee1054","nonce":"1de94e171c2aaaef50480b0f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b1f0bdef9b960b77fdb04b0a1dd30a8a5bed04ffdead5d3f38ad3e7125fe0c72042a73690ba572a85c971481f8","nonce":"1de94e171c2aaaef50480b0e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"696f33cf81d4ad4288ea27148818cddecd39d1b6cfdff1d454ab1e7228b9634fc597c2dfd8a371174965a434fa","nonce":"1de94e171c2aaaef50480b0d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"7dc0550877c63068fac9ba27910c808e8cdda9764ba60994e2bd3304d98fbc3a391db3971ee96f5e711ea260bb","nonce":"1de94e171c2aaaef50480b0c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"4053a4cd97c9a517ff325897e5df8b30f89ae0ec367003d4ad2ec90df37681ffbb14366c33004cf44cda27d735","nonce":"1de94e171c2aaaef50480b03","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"98c78ee357df3ce8ba575184bde168bdaf14656ce58157dff85e779b86929c8b323af27ca65ef9946d695b6db1","nonce":"1de94e171c2aaaef50480b02","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"a40f70d6c7f9928aee44ae2238fe15fdbaa328aa4b989ffcccc7e767c977dead"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9535743721f0c5b6f3cdb22d723d44a2c3187bcdfa38d980f2586b1696e5545d"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"3e6873c46537398feb9ca8e37d2258cbc2d4c33d4e5e0ebaaca41d7a794e7dd7"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"33e65be27a6f33a6d8d6618e887672aee16967dc17dc9ac784769f39c767f46f"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c3f912184689b9f72e5baad5356c147ffa8294c189d69862315e1112cbd8bf73"}]},{"mode":2,"kemID":18,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"2a87a37b0637ddb6c23408b6c401b2c834b5cccecc831ad8ffa50aaedd63510bf2a800a4eb18844851c8c7c1d6c03e8549c94d005d9e7ca47e290245f341cbbef2d2","seedS":"ece4d9000fcd786ddd979467cf98b47824f1e74b0f52de39f52569a5f8d0eb2c1dda18da2e43ca05ed2822fda406b48e2cf19940e3f3208eacd9c79bd4eceb30d7f9","seedE":"49e54a13000c300e73da0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","skRm":"00bf5f76e30df84a758d84ed8432a9847c61eb988c31853635b2c91db1187aa0a9e9c1802c89d9dd0c2d09c1c5efaa5cd63cc606255f2cc643836a598e3aa37930d5","skSm":"018dd757905d02b7d6c3d3873ef75f121a114c6cfc5abf382998b4524762d5b25d4d6165594c4e66e81c3c3a01f8e7d3ddc327afdbe9085492235cc3c03a49e2fbbe","skEm":"01223eb1383bb2336820b2fb9642d4a2ca03fe5884550f3cadb28d789ed1adc9212d7829bc36639f6ac46fa2732e0242da5b30659cb741edd8b99ec901240fc64bf3","pkRm":"0400e22c46183fefee875a9d695e152722086163ee91f4e278d11578ef05061304dbf91ed66bf0709ce501a3d47566a3128a65f1d32d20244b175b54c1b977a8fab3c901b859c99ba79c22f2e21135b4b3498c3488f2d84a9d31f6c3725f6f0904c5200186d4ea473a49ef1264ef7e6d1e6490ef497b6fec3023cea092bf8bbdcec7eedd38","pkSm":"040194d98f2c116c1009c75ad1fc6b9b13d6726b5b9f31528cbaa079c6906b559a9fcf9bfa1e16398926b812cd3139da3d3599d7418cb1a89d9e14ea5635cb80ee67f7005396167c64cab0af70134649576c849e002a8acb2b3d0f6a1d09859d3f4824fbbbb49302371fdcda1b71d85ad01d04e7a32d6f575528ecc3a7d6534c095681160b","pkEm":"04000b2248254512e043c07d6ae553e2a4b3649cd4afcf431fadcc06e8ab39d7a08baabb27a134571ab13ce341772d07b91cd7a5aeeb11b9feac156ee5817f9cbe774d01640d67d4aaf843721fb895ccbe35923fb66d83b042eb6702a50a7661fe0d5b0efe771cffa10d1a2842ffc3cb669629b15fb488386fcdb560b31be468307080a360","enc":"04000b2248254512e043c07d6ae553e2a4b3649cd4afcf431fadcc06e8ab39d7a08baabb27a134571ab13ce341772d07b91cd7a5aeeb11b9feac156ee5817f9cbe774d01640d67d4aaf843721fb895ccbe35923fb66d83b042eb6702a50a7661fe0d5b0efe771cffa10d1a2842ffc3cb669629b15fb488386fcdb560b31be468307080a360","zz":"82a3b103e8716edde7ac419b5306b7f3c16244e2472d0a3051fa449fdab2aa51d43651041d9ac57c3ca0a455ae9d1b4455bd5616d0e1d6e317815baecdd2e76e","keyScheduleContext":"0296d3962148a57989476a8b2657768e74de4869fcd4501a77483fb58efc5a7379c88d1ed4d11358a5b2764607c8f85d37432ef517fb1d38f34aeba887f47102c8","secret":"d83a34911b2c78c670a43e0b4ed28c2938d63aaf6e02fba50df56461ec175812","key":"84bcdfacefbcae0cee336390ea436fcddba57542b6c8b5f215ba48c3bed22a49","nonce":"728db3c397a38a092ca0d552","exporterSecret":"74ae82b8b7c82d18ed71445d684cecce70e57df53cf1f792689a67070d0bd8f5","encryptions":[{"aad":"436f756e742d30","ciphertext":"eb7c8e5e7986a69d22b0d7877db739e71fec1a826394a1ce3fea85511fb550bce6ec75c53cf36d8900c38cd27d","nonce":"728db3c397a38a092ca0d552","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"5d46673df9d066446b370a727f27cc786e1165d569f7a9d40b3bdbe22a25b438e5a3fe6719646862224ee13f5a","nonce":"728db3c397a38a092ca0d553","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"f43ce3ada2f970d336d7a2d31680e1f4632eca4aa7cc4788d2b2687a26bce46971ab7a7141bd8337854f679e9b","nonce":"728db3c397a38a092ca0d550","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c9952e7f4b7655a8e85b4485c7fe9169dd8c8cf10caa0bd00a57a7db01e5d1a03198b3fabc68dbdab800942fea","nonce":"728db3c397a38a092ca0d551","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"eb523efddd9404da9abd9b0a73d677b4dcb5544a17c69b049edb6ddb7f3d230421c9a96a1eaf363d21424bb978","nonce":"728db3c397a38a092ca0d556","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"8730fae9fbc3dfd2b33854ed67a483e67a27513f5ba45ed715c9487cdd55335863c26a12e4cbf2ebac29dfd7e9","nonce":"728db3c397a38a092ca0d557","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"9fc95fafdab74ac0a8a2282df79e6aed786c32dfedd227589447798a948ec19e762827298dfdf890977d15e608","nonce":"728db3c397a38a092ca0d554","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"9c24af003cbd713f2b94bf9519b20508d15883ede07ed69eeeda629e7b3e617901db909241aa51cdfdf1ee7466","nonce":"728db3c397a38a092ca0d555","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"84274327aadf7fda6c4fae3a2e0a7cc2db0d9dfe6f10d8911fd6644e428e2ba832bf5ad618dd609ab8a376757d","nonce":"728db3c397a38a092ca0d55a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"6ab19f7fe4046f0b2ed6026a273b21eef40c1adb45d5d1a6f372415e62120b6e44e5b6d6a2e3519082e5cf178c","nonce":"728db3c397a38a092ca0d55b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c50ce864d24342aec4a43d3361c76712579e38a009bd3846e28d19d4e03f425e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"80b54c009a99cc26fb06a6b23289fa93a48dfec1a9f0560eb92b19491a2c2889"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"5df257c14d3b45befeae568defdd182e78bc14d19f19f626e3bb70e65eca36eb"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ff3b1dc4b826b8ce1a51cd3f8d74e4faf3ff327e46a242cb707a444b4a445032"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"f33a1b879e31590932fb18dc5f35122c26cc81c283115f27741db505148a4ebf"}]},{"mode":3,"kemID":18,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"c4cea914575540fc2d5521cf134c46453a5301128cf0755655ba01fef2983b3b9981476f6d49d7d24207cc1d3bd5022245510e35e6dbc0e5f894efe0d6b1dc2b2f66","seedS":"fd3a8b3e6f935f83da0507547913ec27de3da134cbd6a675dfef8bce9fbe1eedac19c1a185eecf6f9133d3c4ab5fdfe6674648172db8ed810b70b5aac9363e79e38b","seedE":"0bc62bf4f60c93ac622a2c3efdfe3992778eba97432b68681c7e67e5f3f9833ca90ca5688c6f06de29e608d831fb367b6f48d7680dd02ea391f77ace54902d11bb5e","skRm":"005a6520b179f79e1954579f7e280b0b0b7dbd62011405cd87c4e333f12a4aa264956610b45d9d9075ef076f76abff7df1fa761a2b9e291f68683e225f54e77d966c","skSm":"00fb3c43917d053c169d218151b2dabf45410b187a7ec17864559abbb6e2d2ea36b4e5413fa1d5e09cb7157637200b805a187f31318f7fc4ea2c397319c5ce82ae2c","skEm":"00cdb2b0ffa5509f5aa484274b135c1a749fb2e3a03d5259fefefbfa2d825bc6cb0cb678a7307b685a5621966ed952233bbb6306c731257ec9c4e4aa3cd878eb3cfa","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040007922f22d398cfc2cc465e050043aa66699c3754afefd14f7cff62c3e993521329598a3e7e66384ef897c1840a045268063f243e6e5a519a73bb940964a65bcb7f0124c92e838629240460f9e09708c54e373ce7bb42f04b5e921ef9e622b81b27e12c9d00f57202985fa78dd86242dd5896ea1ae97430814a6af132be6bd770e5cbcb","pkSm":"040157f8bf032b8beacea61e44fb57c513be273f0643d393303820419e733c7a46de92ae7f71196b5358a89e2862673fa291d40c41638ea787f3f784894a5b4b9f7913005d216b1ae7498399d04c30af883ec348814c63eaed1f5d6832d7f2a8ea4a33c7fcf8074f0277d2138ba778c97eaf63eb75632c45b6996b1b48b79070012ea0a1d8","pkEm":"0401b9c10dd9bcb9c617f06f951be150b6c0c942e2d6f0afe3513fe8cc3a26bd166c7bfa09f862a4c1d65c5ee759d0d5ef9696315361e668f76d5d33d83f842d0402ae01fb705df5b26b12bca752587d691cf6ca5926bd84e2d8709e0f999ab56159840c00d0099f23dd083fa787f991b768bd29e2ae1943841c5a2780f8ade732456f8a1c","enc":"0401b9c10dd9bcb9c617f06f951be150b6c0c942e2d6f0afe3513fe8cc3a26bd166c7bfa09f862a4c1d65c5ee759d0d5ef9696315361e668f76d5d33d83f842d0402ae01fb705df5b26b12bca752587d691cf6ca5926bd84e2d8709e0f999ab56159840c00d0099f23dd083fa787f991b768bd29e2ae1943841c5a2780f8ade732456f8a1c","zz":"9ffadac21823c74a0422fc03f4d5df5503a33629abac8efd2c206a43b8511720e3eb34bf9ba1c4cd3a9c3f6490e64af032ff2b3d417473ef140716da0270fb16","keyScheduleContext":"030b01cffaa255be429bcc24dd98960a4cbc8d2f42df3afdd57a4deb82ed9542c7c88d1ed4d11358a5b2764607c8f85d37432ef517fb1d38f34aeba887f47102c8","secret":"e8c1c6ce6675cee12ad34e0b23d4913817e464dda36290c703fb548664825628","key":"e7c0f8400e6516c5b4a10185bf419934a963efc12ef006661a9ea1658d313e5f","nonce":"97466b24ce97e70efcfcc2f8","exporterSecret":"a93090dc32266c924543056c54e6e8073969a6865648c02ad1b886dd7a462028","encryptions":[{"aad":"436f756e742d30","ciphertext":"c133cb4d4fab273f73901535a1e7b441fbfcb0363c6de69581c0ef40a7926abe4e1a486265f83d70133c2f317d","nonce":"97466b24ce97e70efcfcc2f8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"dab5e3bc86a44d80c6cde6622e46786588ae4e9eac00e4a3dbe43f8780f4aed908c7ada1d7e63b5b3cc70aefc4","nonce":"97466b24ce97e70efcfcc2f9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"2d7f24ed35cfed91ea1c13f81546ebc1693c1ae4205fcd631bf371f7e021f8e4265c7ec96c41b8d309ec782762","nonce":"97466b24ce97e70efcfcc2fa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"39eb8b1949b6730ed76c60eb0389352730b55b3b2eaf227e77a8c81fe46a81742e633812f4da85454359473148","nonce":"97466b24ce97e70efcfcc2fb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d18ae5f500b9a29859f34c7a296d4abd6fc27ca0ae661b0d8297b61f1daf6795d693971f613b1903b239bf81db","nonce":"97466b24ce97e70efcfcc2fc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"751aa7bbe024932f6f08dae06eac107a3da1c4d4a6242193ba1ae4fca4393e7490b7d8b3d2d4c9228022b5d14c","nonce":"97466b24ce97e70efcfcc2fd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"821464a4e1a69924350a3e7ccb0203a123e4c0053a8d63a6dd2e8df8008a017bd2059894172d0cf891312be0f5","nonce":"97466b24ce97e70efcfcc2fe","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"dae842bc33b48be96b78898a236bb8274a502e69106565fe452031e8bd55d810333f2093749c60ff7f3b61d225","nonce":"97466b24ce97e70efcfcc2ff","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"efe230fc2fbae0371dacccd6f458185d4f0cbe58ef8c44bebc19a35eeb1ec2baa0ee9593afc0c067b2c49114eb","nonce":"97466b24ce97e70efcfcc2f0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"bdab7db495b0b937ef125180ce0ef3c034cfc6b72dced2d248b2c603dcadee0291cae415603ac9361bbb0e940a","nonce":"97466b24ce97e70efcfcc2f1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"97c036bc19ca286478e6140f34780bf43fd54759ef82a241d0a54624fc46a4bb"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"d35fbb8bcef528dbc7361ecbdfcb887cc8ead1ca08cd80f19a3afb35f2e543aa"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"273bd48ad64edadf91524ca73d04c16d1cf840134acb706dbaf3f860e8eebec4"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"252360d4b28eb25fae31cc58f1f8e00c6d86c9aee6ed9b91b01781517c4ed1ed"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ef479106761c502bff7ad1ad11f7f4df0d5882c81d1cbeba832cd1f0db7b1dab"}]},{"mode":0,"kemID":18,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"cfe0be829a77ac0cc564a1d38b00d1764e4aead1581e59f91a0dc9714a4e4a310f8da7efab625c4bbb65aababaeacf5bf7b1490fd9b92ae1cc13e56ef9aa4ae42a17","seedE":"b13f095b3e64f5e43531a70efb3b995243b5c721f9a1b69c5de083cb487d5859d4f6b03b19b63f9a8d89d8c898fb13546090ef992790594ef34a311b939e7dd84fd3","skRm":"01b10e57a36ef1b0d8f839af8f5309b8a2710f6f79febba2e3bd92bff8440cac8bf360842f5e417a038a95499b11c4c5c0d1338edc1f40e2ca26215d591157256222","skEm":"018d97914ca72f09c14da87a70b306ff2fef5087cf6fce54955f341aeb2bf62584fe22f47f92b58037f8759e543910fa3a4009ee17fffb99d92342dadec22277fb72","pkRm":"04015fe68915756a588628e83c8fcff870d82b598f77a63c26b4d56ba6eaf89353e9a5f4cd769c71fcb9fe258583455047df95fae31ae9e41ddb63cf8cf4ad2c9a50ed00d5181e32b78e1bdfc501c3a8be2fece9680fe0e0cf22ef2f4d799e2faa09a66f73e91e38d8255d5f5bbdcd6a957753ea54c17f06bd1c97738b7146f177c73b179a","pkEm":"040186767cd7eefeb889e565210a7b5996785a48641a3663673b2c4d7aefbc33e8967bcbff4df4811299a3ee6645d9e3ace89186231137002faf4c7f5b526d95ccd30e01150ca289d857390dd1eb843eba923f1eb8af7da5835bd7ed46b13b8bbc74cbce3fa66cb063e7c7434f7a9a8c5c953faf606acf7410bad0f9508ee2da71256f5dd8","enc":"040186767cd7eefeb889e565210a7b5996785a48641a3663673b2c4d7aefbc33e8967bcbff4df4811299a3ee6645d9e3ace89186231137002faf4c7f5b526d95ccd30e01150ca289d857390dd1eb843eba923f1eb8af7da5835bd7ed46b13b8bbc74cbce3fa66cb063e7c7434f7a9a8c5c953faf606acf7410bad0f9508ee2da71256f5dd8","zz":"b4110eeacc0a95e422554f2c5ef367c628e72aaf6b5f77e713c35d54c6ab1a33b6bbb8f86aaae3cbb452d4117a0e85fc4ae7d95df91a984e2783ca945cf1d71c","keyScheduleContext":"00e28ce5a24e358b8490bf8282ea21c65e142ac95b55f6441b23604ebff82f8b1b5927b9caeca93d6d45f1abcbf4790a909d8fdbc0e9371348fd8ab6ac9c0af530","secret":"2b15c6556b3355e71cd765636452e1f678d052ccd224860d59e04f30473e1e36","key":"38247a17c563d50919e5b93bef7604bbc9691b46b1f412a0fb507f2cfbbd3d46","nonce":"2d407a0f962fc6ef3736ab67","exporterSecret":"067f17849f43a62ac5c91ad7d958cf09f60b69706b86f856830ea6d1d6c4faf3","encryptions":[{"aad":"436f756e742d30","ciphertext":"ef1fe01f98d128cda0770ccd121f200714c4949acabb2c445e327972e36f332b964bb058e7206bc9e87430b7cd","nonce":"2d407a0f962fc6ef3736ab67","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"0f247ab844f03976d984a57ffa978c82fe7bfd69210a4e26419379621096a93ddfd26da856520f45f67dd09b7d","nonce":"2d407a0f962fc6ef3736ab66","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"13f36d828fab3d77c813beacb2c5bfd6927efa8caf420711d30aa7d198f5034165ba1d4cc8440ec34555b783b1","nonce":"2d407a0f962fc6ef3736ab65","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"48b5f2f10f095b7523fb678ad8145c92faeb4d10307c69954e803b7fa41f3401244e8bd6df854847cad66a5a0a","nonce":"2d407a0f962fc6ef3736ab64","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"99aa42f76051f7db2b531292638426d38e4b82b7cd45d00a2249c96d02711870035c77f53fae8fd991c62e157b","nonce":"2d407a0f962fc6ef3736ab63","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"233e58fbffeefc033ce97f10c5f7e850c9e3a8ff0e79399db3667980835279c58f1503e9c3c69a548c3beea039","nonce":"2d407a0f962fc6ef3736ab62","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"dff051a98d156a979215475bf41c48a1fb00d4c211a5a78330525f01109a53a2775d9914530f02bd87ec1b91ef","nonce":"2d407a0f962fc6ef3736ab61","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"28c6c08c6b4ac9d77b725c3e23b3aeeddac7ddb5d863aee54d18d1712c7e60385e3fea92bc700d4e2cc3870513","nonce":"2d407a0f962fc6ef3736ab60","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"ceafb19ea46889c4795d3d03a48ce0c17ebc9d9ad9c0b2c6d0ef93301afd6c556ca517ab64f9c10c2c4db9516a","nonce":"2d407a0f962fc6ef3736ab6f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"2867bb62d7f42887483b9180d706a75a638c650fb5b76d8bb171f759ded90e83c80806d689a6309c4cda86d0e5","nonce":"2d407a0f962fc6ef3736ab6e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"42e75565a2170ff08e95329ace2342af076d26ea0a90db026472fc665607249d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"c5ec16e021b40edba3028716d7a83648fee6bc58e4047496921e6a9d5cc8dda0"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"288f2f09069a315ad62d1a89e44e5f46bb8af71516dda77ca30fb8f062ccefa9"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"02f70806d470fc2a86e4a41cf5c65f20dc3e04e9ce06a7eb09d44b39327623cf"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"3065ce72cb82b649d5d647c5a77ea758c91f281c9192ef1195c6cd037ff34c2e"}]},{"mode":1,"kemID":18,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b9c72e9f447a68c57341d3f7e499d4492451ce6373ca1387747d95cfb98a4069321ecd769b8450409344d7fc6de1553d4a7f9cd10d5f6cde2398289e94d1e925b104","seedE":"d6de3fd3b8c260c438352a017352a322116669b3c13da99628b1eb34a0665129960ac20551868be10b803fe5043cd7fb04cd575b1b5ae4e09b947458cbcfd54a3b29","skRm":"016bd1ddc8ce8394cdb8ed07160b73577dee8cc66bfbe93d939e4a727f96cd6fdd773bc2d671cffdd6f200d3aef4258c64bf5fe27ffa33d4db4ae9d17bad233acb8f","skEm":"0091994d4053f53e48f398933f7d84412e1fee8f2d45c197363e12f6a6b461901d8f5d8526b801b113c2d6286f8617616ac820d5ccb9a8ddcbe8e71c136881e7ce5c","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04017c2cb25f3326ff555e4fd0bce05615ee953b83daccf42d655c89efb84c7a7720cbc5e4e33dd802940d2a0a3687c8346646240d97630d6d89e62d22992bb31e6936003fd4f21b68b0e015c0fdfef17b5b097bd2ef46240da1f1a08f0958e3af42c179bdba25550e4a7abe07bd3643e32e88871dc0c3d5a3ca49a350a473ae09682329cb","pkEm":"04006d7002ff1ad41b97c4c8f95dbecbff5f71ed71aed3292ba195b1a8feb692705df175f4e48eb6d5f865b31cd853e1a8b81727f063eff57916f241cf12e66e2098ba01c425e95b2820cbbdc95e33962bfab6ad42b14e80e3b7e3135c642ad8066ecc63cdd77c890d4ff476c95ab89eeeb284375ba21440e81703e60ffe6f6cc18ef4c53e","enc":"04006d7002ff1ad41b97c4c8f95dbecbff5f71ed71aed3292ba195b1a8feb692705df175f4e48eb6d5f865b31cd853e1a8b81727f063eff57916f241cf12e66e2098ba01c425e95b2820cbbdc95e33962bfab6ad42b14e80e3b7e3135c642ad8066ecc63cdd77c890d4ff476c95ab89eeeb284375ba21440e81703e60ffe6f6cc18ef4c53e","zz":"f5303cb57bf4c65a324a9d89c569e4825b924b00d8cc4db67de01c06b9d32a01a79cd4d2ddc71cb64927c706c650991b6b9069219aeb89e1676d06d55a4d8109","keyScheduleContext":"01b157924e50ac7edbb81958411ce102f616391dd10d3276246e86cb25a9ee01735927b9caeca93d6d45f1abcbf4790a909d8fdbc0e9371348fd8ab6ac9c0af530","secret":"7c2767df6794689d5c18c9b46658c23ec0ec931725fabd403c88dbc5dfc01db1","key":"5848cbae4105cfdab29196c67f84146fa3a2047900b06025f73e6c1313d14ad7","nonce":"5ca185a78908f9c4629c52f3","exporterSecret":"46b6a397b9967c70f26b0761e099e63f48085d433eeae7aa72d65ea3d0d0f928","encryptions":[{"aad":"436f756e742d30","ciphertext":"b803e69518ff68488c2ea7612111afef6195b61419bb8b49e973605718627ef2febde529446b92a693cd11cf25","nonce":"5ca185a78908f9c4629c52f3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"25e4a5b10935300e00dcbe54cb75501adaf331f389f8476782397cd8a6e78719eb45669bcae248ff3bcdf353b1","nonce":"5ca185a78908f9c4629c52f2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"dfa33f605c25b89a40c4ad8cd400250a1271e6e94d250c9250eb412c8d28bd9a2fd44e6602ac21f9c537acc758","nonce":"5ca185a78908f9c4629c52f1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1cf9f30fd3c116681359c9856cb86b947119c4427aa1b2be7838d5fb237f2cb36d0292619577063f8db111da78","nonce":"5ca185a78908f9c4629c52f0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5827750a5507da4fbff432edc14ce46039182a796f1d17fbfe2425858fc27ed5eebd3f53cc5913b72c34f23305","nonce":"5ca185a78908f9c4629c52f7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"075d1fdcdf7c6a65842d6c9742b681af618928b14928a270b9eeaf15009ee868aa8d9299a162ab3a0bbb18329d","nonce":"5ca185a78908f9c4629c52f6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"2da9166013bfb5d5f6a77af1f38446d3e60e34d69deda926e2b4af82ae5572221d35b38488f98e5fe8b852ff56","nonce":"5ca185a78908f9c4629c52f5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"c2a06f79c2263a822fa72104650f1c98e42f34e58dc83c982c3ddcf6bda19372854e77212207509e58e1675803","nonce":"5ca185a78908f9c4629c52f4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"6ce87ff0796aacb976ae610ab0018fe24e556053184df852d85f82d2a57e3a4ff5cb0221e5fc0b3f64d16f85b9","nonce":"5ca185a78908f9c4629c52fb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"cde81b896a215e2d45ec7b5dc15934e93885a5059b83038532495b48b76bfef4339e9ac9c23f31dd7a278ce396","nonce":"5ca185a78908f9c4629c52fa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"221f18855f57e753b9530fa9acc4d7b627168f1b5b927043e8deaa2a2cde9dbe"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f52caf3c9291e4058cc388a0f858a453bd2203f86819df377310aff3ec95abbf"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b4e3daae32f79ac7b5153dbe01098afc9834b9c1bd63dec088a6f57e57e0075a"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e38efa499cedad6aa98e466991c2dc1f082d936beb4985fffe1c3f2f71dd96b4"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"352ad1a21720ff5eeef7cb9d579bda31a0841b6e8bef409f36ecc1046420731c"}]},{"mode":2,"kemID":18,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"056078d916bd3376284d2da46e1ea1b874c5cc27a08e42a60a96ac805c64cc3d2487e52bd5a3cbb0dacaeb798f83fd7d060b0fe1f13d4f11d9bc60207bf778d29187","seedS":"6c65a40cec1c9f1355a21af2639e109da1735d9176710346ecffeed636f5595e949e0de9a6481cd80842470c81887e6113bb7ab3795889ba031f7deff8668ad5287b","seedE":"7c4fcf016dc51dc871aa5b04d42f8a56e7ba4faaa0e951047b5fc8134a325b5b5e63d821aba250d775ec4618d2a6046a27b4897012373ff18f3591491ec66c00e39a","skRm":"00aab83f1acb92fffe7275b42b17e4da2bd6d5844890704947ff01df5821bd328f7c1588eb78a990e727e3d1df0be28c67f1c20edfee90f1d99ea035004fcaf9e1b4","skSm":"010c46cb683784602e56221ed87011b6e50d1811d58ff2c9784e851973760ec7262771247323a3b70f223aea8519145601589030f2d019b78d8f1d6f10447b976596","skEm":"012227f9b670a1d927c698506499530e2191c83b661f5104cc2382a7f6477c29686c2b1ecd2b63698c14a90d1f05a54d276ef37b7e4ed8c9eb033d1bc509c9790908","pkRm":"040135a5be0066da74a1eecc62ab4c9ee926dbaa6d4ae093ca6a8698f0f86c8baeeb97fa8dd367074444584f089d8df70341b11bf921380e9ce42cf838109ca7292892009a0da1bbf3d19b7ab121d627078e2c17af094f35038e972b27cb9e880494c12a4514c24719c795d19cc3abddc729e74482a5431a76530c9da08b0a905ee58dbe99","pkSm":"0401336cceffbdf4cdd3f7624da9c326f4e12d9f81e42e8b8f41fdd88e2098db329987551a63d14bc3f603c850e83c4555cfcc624c34427a5beaa4bc444c3c0cd4d01c01c985e384478d24eb730112a4edca93ee64af1ff81f445be2c6d234ccdf23b89a69fb13d9101b519f2c6fe2fa62011e0ceffd47d6aad12e6c8b0d91150a2e2cf0b2","pkEm":"0400c6a837fa79f4104e82355c56b9d4375ade295d03588d00275c432aff27dc4381ac479111a1246af9f309aec2c398b1d0206b224a1aaf2cefcc0cf49fc10c71478800dc0b8c991b19e8f9f942ed484112e0cb1d9d39b5fcf45de74dd388d3239f14d7bebd9532a78a800cc9835ce5c1bece641012785d779ec77be44dc95a710a9e81fd","enc":"0400c6a837fa79f4104e82355c56b9d4375ade295d03588d00275c432aff27dc4381ac479111a1246af9f309aec2c398b1d0206b224a1aaf2cefcc0cf49fc10c71478800dc0b8c991b19e8f9f942ed484112e0cb1d9d39b5fcf45de74dd388d3239f14d7bebd9532a78a800cc9835ce5c1bece641012785d779ec77be44dc95a710a9e81fd","zz":"de1e97c2c462086b1df534c300a5a9ea08353ba1395128a5e2129f4e4d2a3e5b593e4068c9e9c73aecd4fc3f4487f517e158eab609303042fd9995c751917c26","keyScheduleContext":"02e28ce5a24e358b8490bf8282ea21c65e142ac95b55f6441b23604ebff82f8b1b5927b9caeca93d6d45f1abcbf4790a909d8fdbc0e9371348fd8ab6ac9c0af530","secret":"67323a87c2e2f6fd131a53e111976765b53b7ff86814f60f56ab33d55171e253","key":"c5ba9df366aa2c1a721c33ca060ef5e34160b5d78118d832b3710649a59ab527","nonce":"0918c7feaa5d88f6aad4ce03","exporterSecret":"b5577b34d04505a909ee33c28f68d527aabc91c4aa8615ba87b469d52e8c34c9","encryptions":[{"aad":"436f756e742d30","ciphertext":"04c6f63dec8ea7a4fba1706c7e16856a0b4b39619b7a239a6c3b80a95907522f21f9c39bc6c5c5a766eeda8859","nonce":"0918c7feaa5d88f6aad4ce03","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"4e87fa8da5bc1e7abbdfcb3425bcb1313c5fd6e975a58cfd334da0c5f406b6ecfed81dcc6999a1807a01f98f8f","nonce":"0918c7feaa5d88f6aad4ce02","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"8d120874788b7d6a0fc0c86c5fc8a284484030f02d3256fb8660fd909a81e29817a1ee8a383c08af791292cdac","nonce":"0918c7feaa5d88f6aad4ce01","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d8d5bb592af1b826f8a2916b4ca200fb85c37666db4b39f7bf9a764db11491ec18701985f7f3f8d39316491732","nonce":"0918c7feaa5d88f6aad4ce00","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"ff035a50904393ddd275a29f16c9e73e5b2bdc8934c3189efbe5e9ddb958615f19da4cd3c56c1916279b705299","nonce":"0918c7feaa5d88f6aad4ce07","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"26b87f83884d363928208a0dc75873a79730e90b8f376891d18aebcef296ca132dee80c2b4e155a00fef2edaef","nonce":"0918c7feaa5d88f6aad4ce06","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"f2a589f04d36d513444789e635fee33825ab5fc7a42c31887785c71e3c92c4c180b3035df7a63dcf544b07ccdc","nonce":"0918c7feaa5d88f6aad4ce05","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"60f00ad9ef6f19837fe3cda849592ab88c54b4f589bd164d4c7a66627d22ed833fde5d936ad19fdc87e17b6648","nonce":"0918c7feaa5d88f6aad4ce04","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d3e5cd5ef08d341c97f355882a1acc959f2da4855cf591a4489126ec7f7e2d1e6201f43c1dc9865ecadd9e370d","nonce":"0918c7feaa5d88f6aad4ce0b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"d8060ea09a1077922e540502b0da01a0a1f0689ee464fbd8759ab7692785c3210705d5de400aff25a1354c6939","nonce":"0918c7feaa5d88f6aad4ce0a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"ce2a8ad86893b663def6f02f524cfe3e70c70c4db42031a8dc5813144ab6a807"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"c5591bcfac06d7719494cb0b977d4d162f745286a22605b804177ddc8815bb29"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b3edb9665471c9fa52516626e4a4a70cb132e2068dc2bf4671917ea162a60828"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ce21bce49a76a166b33619670246194c3d947b3099e7e582581b247010da8a43"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"2df4b4b752454850bf7c679c6037d761fb039f29874e670cbd4883d1940ca571"}]},{"mode":3,"kemID":18,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"8e6e144bc07a8d551ba9adc199c3c8e943df1f715c3a9e42c7358acb10f921f3f2677e410366e64f85f8fc93cd3b98bfff8a1b4ac5953439d35522ad32c30f7ba744","seedS":"6dba3a07cbf143f42f8b9650b0c56a47610d0b6e37df269733991827af62b3055f2c907859217ee04ee019bb2714ddd2f99a8cb9847da942c0080346684b80996960","seedE":"4fea2db782e20175dc934a78cad5af25224a9f1d70383d5dc85223719a782ec84bb91bb5732b69046f6d7d0c52bb050c50e820affff91e217dff8557930b19c3aa12","skRm":"01b1c0a534aec14876993627f8d1b9dc7bd9d47475d407d18daba103db3d8b6f2b9e795c8a3aba87d0b06ffe845f69861fa94cccdfdac634fd75c626bfbd5f576af9","skSm":"013f25a4b10d7cccc464ff7372791034e579c52febc8a118ca8c492c3fbcc3564cee87f735dbc7effa0c386abb03b6e23c2101a4d06a83a17dc373aadfb0eb7f3003","skEm":"017ead0178f34652e45070e6dd01283a4b1ad764a6612e25c46416d653883bbec0d90451ce9a3c77212a79b6535c0a9dc25cea0f7c4a061512037765d7f902c726a7","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0400b30e3f6bf641d572439b031107c8c64b2cd8da8266ae2d10339fc23310c2950b31c0d4d2869fa8053179036ea04e3e60bad3fbb472585e19c1e8e82d15fc766f0201efc0a51b43a3185141f0dee7f4f9f2138934c5c973c71bd5576e0bfb365edb419f29dbe75c92d64839a5aac9430e9421a47355780309f30a08078b9325c71d1292","pkSm":"04010e1905fdded12680449ba3bd6e207cb609c230f8a41cc0b35a6686b07aa576429e82db620c9ab87cbcf4eee4b4e16fcace1bcedd53db80adf0a1e29c53cee73ee900b697a64dfcf834345d07972c28b877fbb4d23c6f76f26b07f2c7f2c2e564f172cb4def765b272b0247383ba51ef67102783c1e13e13b8fa321b24f50e13ec1e167","pkEm":"04018e56a8ce010613e2737d1e80af5c1dc1fd7c362552c22193f2a1c82ccbe23bbe5894171fb541d69e1657d93d22fb28c96f961b6c108f5f5bdee4606fb162f3be850017c053de2f70a364f5802a6a28bf359341dba3858845b06feab56b76f92a6fa0a9428116b659191e587d632be731f1c3b793d7c828f414b5a2e9fce2901f0704e4","enc":"04018e56a8ce010613e2737d1e80af5c1dc1fd7c362552c22193f2a1c82ccbe23bbe5894171fb541d69e1657d93d22fb28c96f961b6c108f5f5bdee4606fb162f3be850017c053de2f70a364f5802a6a28bf359341dba3858845b06feab56b76f92a6fa0a9428116b659191e587d632be731f1c3b793d7c828f414b5a2e9fce2901f0704e4","zz":"5843dbee249347c066b2646cb9040d57ad4b21624dc986b73b026ad32d36b6bfb6a6742d8d7db41e2022ab7f2cbf9824fb51b2a8e199f7d9a1bfac14e56e8000","keyScheduleContext":"03b157924e50ac7edbb81958411ce102f616391dd10d3276246e86cb25a9ee01735927b9caeca93d6d45f1abcbf4790a909d8fdbc0e9371348fd8ab6ac9c0af530","secret":"a1453fd45773cedbb4825ce3c24ce22d14082dd11e5767530fa1093905d1c2ce","key":"bf69e0cc15048fe9df803c77f33f630df72c535e7dee02870a3eec959c3ffcad","nonce":"4ad987ad566748602532a18b","exporterSecret":"6dc46b2bf6014726ad72b5ea2b7bef3cfe36bda9de0cdc2a40ec18e691ad09dc","encryptions":[{"aad":"436f756e742d30","ciphertext":"cc8046d1d570d549da90415648f1921d970e99491b11a38bd90ab52c6519fbe817bb2ff1d545bfda63ef3527c0","nonce":"4ad987ad566748602532a18b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"0791f1065e9fcb1f580d2c03470326fb8036e22eba8482b62c4c176b45cb60cc2974e78552278838b376f9d421","nonce":"4ad987ad566748602532a18a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"6b46e45d742451457d40b643029d74880023864365b2318c2c589897320891ee85a0a6e84f5a75e7cc2715a3d2","nonce":"4ad987ad566748602532a189","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"38cff738de56c9489e3779d331d59e2a8d39e555bf70a9be5744661577a7879e96e9aee1a3550b92cfc6eb35a9","nonce":"4ad987ad566748602532a188","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d46fb7b4571b155dd9f79ff131d52ee6ee12b175738278d2f595447bfa6084bc091ae98609a1e07c2753834814","nonce":"4ad987ad566748602532a18f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"779373e5831c03a417966bffcde8af217dad08847f4af82aa9890dff25bfb2f4503483a5936eea91d8c1b8a6da","nonce":"4ad987ad566748602532a18e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"061f0e9e3f1755972bef887e4bfcbe618d01c6696db5a7ad012c57b6b6786742ebe9586e582734fe7ad52019c7","nonce":"4ad987ad566748602532a18d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"1a3c7cd1d6e17762e249020c5233b86593fadec29b14688b3e7c4386f057a8e5b25c65195babbb4736bcc2cbf4","nonce":"4ad987ad566748602532a18c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"c5729e045b0e5cbb8e8e9c1f1b2ebca6f40b9a0ad7512e6cc0c9ce28200b3835fc7978ae8e149b629637b43128","nonce":"4ad987ad566748602532a183","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e73c8b444edc08d4c5368cfc54e74caab34f35440e5fa9a4872b929d113a152308dd7b94c532ebbb8151cca208","nonce":"4ad987ad566748602532a182","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"9e4a204c553896d9b49447de6ca7390a42927cf8756f4752a9734467f3c6f4d4"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4098de7fe298ac8888aa7cc30bc2cc225b79737a3b75ac74601ca161631e1d91"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"db1e33fa8ed59838c7b7de0bf023b5f7c4223483c617f77102949f38c6b90c61"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b85d7c94e53bef40be06aa55b07da5500f154ebefa0f9049924dbc90f91b2189"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"211c836eff0561fc247cc1ae221c329fa48d18303dbe0ab67430d68c0aad5298"}]},{"mode":0,"kemID":18,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"a35629fddc01a5b82c39841ec2f376eaf06094c3706a06b8679ee89c94db23bf669d5fbf4cc47ad88bb27095c3b246c532bf4c1c76ae1d11b02e446a4e1adbd753b9","seedE":"de23bd043bda909bd4431f3f277058fcfa7a35413f283e1b2b8c4c257769e6e78cd6a7f3462eda6efbad4c97aa9de36b0c3f9c9e96301ae1ed2854947dbf0be16d39","skRm":"019bcf89b7c3d27c9c6a2ae5389db4801824cc3679bab4bf89f1d03c144f804e4d82c75e614ea0ba05a1d12561a1ef029c7c2a96bdf84bc6415d0cdea88429fbca41","skEm":"005c5b48bd6bc695620fffcf3a85717e1d37f08e366b8e50b3c478304fa082d21f6f9b1e78fc6992713559fe61e040b71ec0e4151c330d5b8a3b7f63c4dce1f4be65","pkRm":"0401d47c41047463323e590f195da50682b672cbc0a007facf53b2a671f384f6c01a231960ab3a7b167a14f733c6446364848306892d2139048976231570d41ac78f5400cd7206dd1b2e660e0568b8ac3d2f374630e13e2cb03d234ecb99eb8330c3fedc97f25881316a2e83dcb7a0a61e26ddf88dec541056760655666dfabb839b12970d","pkEm":"04004d9a9c3780acf562b559f70a8e569390140af25a67a36480f2bde6fda9a889055ef982c8458e76d57ed179534e0a05584ad1f3b771065584281fcb873554a2948601d55d2d4a700430c9757262a088fb4679fc8574db6834dac28e12c380a4251798ef8ea683fe50234287190d8a94292d06c99e1e2420d257d750976e693f062b2a47","enc":"04004d9a9c3780acf562b559f70a8e569390140af25a67a36480f2bde6fda9a889055ef982c8458e76d57ed179534e0a05584ad1f3b771065584281fcb873554a2948601d55d2d4a700430c9757262a088fb4679fc8574db6834dac28e12c380a4251798ef8ea683fe50234287190d8a94292d06c99e1e2420d257d750976e693f062b2a47","zz":"4bd0556a9f1dc68cd3c370ac7e740ebb4dd8e9830fe77e5f603dbdb0ab0a26111f389ad1ea10fed85e3300aaf3deaada87aaa01fa1c179b342bda07b6b798615","keyScheduleContext":"00e918a4b8da538db2cdb83a1a8b42911265d63ab8ad390dbcc73b7b99fd40c477cc3060c86cd8cfd5a996e5d1b0a8563469a7ea70e1431955a664b7b48b233856909777ff7b767aa75ac2ac753206778004708d750421111aaa6b1617274426dda5f0f60fc2caf6d71d0b39fe311b780fb01b8bf76a9ec305e2e1fe47f94f3ba0","secret":"1b0f02ab49dc8dbc75d82b63770af70611405a8a5e5980c7ca8d91937e7d7f06d13e4446755a92bb800bd1554b0a4e9725c6be412f28b575239a2ff7320c61f1","key":"829640ce95637714d73d19f1a9c2fc00","nonce":"5a8409bb47c824eaa66daad6","exporterSecret":"e2fdafd240c43e026bb99928b802c9dc7d5b0b337b615bd7cc82ffc6182f053cd8b827d3fdafd84decfdeb1f7a36cbfb23a9bfec767fdba6153dd89e81e739e8","encryptions":[{"aad":"436f756e742d30","ciphertext":"17143b0ec7e97c8413768724f5e5a8ef9f1f7226b7b9da5d8382224dc846544cbfc3d55404abd8174ff5112462","nonce":"5a8409bb47c824eaa66daad6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"fdc5022fbe03cac85bb4e0352f066e6994766df1a14854fa8218e87676016fd1ee7a7335a3c63d6b07951ab119","nonce":"5a8409bb47c824eaa66daad7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"fe7d57811674bb5487589c583ed3ad01407bc055421dd6e30614f2e130c9bf6b4045bad7ccd733961af7e92b5d","nonce":"5a8409bb47c824eaa66daad4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"50ac2f833307a275c6dbbc48f1b520fa73d39dc99066d11826e786d9e19552edd47976c46396f12fb695a9d17f","nonce":"5a8409bb47c824eaa66daad5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"a53ef6954dc85730be28bfe421ff58fef6487015c82ae064100b5879d9b3b81fe68e0998168d8c74b752aa7306","nonce":"5a8409bb47c824eaa66daad2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"940061cf67517a16fe2ea1da80243a3c59d5e750ca00248342357108dc445194e888db7cc828a98b90d4aad276","nonce":"5a8409bb47c824eaa66daad3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"58d98d83a9ada247175a7114e38e438a821c7405747ed65465bcf159006afcc85ee1101127634fe88963e00658","nonce":"5a8409bb47c824eaa66daad0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"4176abc92ed18062da92fea42ad1371cfbd8f0e47e5d2f2768911e1ddf980de016ae935f9fc3623cd1f677c76b","nonce":"5a8409bb47c824eaa66daad1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"b384fefa7b9664f30de9703ba2d8f1a1576f08a949aa784f589694c34d7b70593d7c5a603ce3bb5bf6317b51c7","nonce":"5a8409bb47c824eaa66daade","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"df316a9f24887d37a33cbb53d2558ecace8788b4aff5dbfb777a8892fc07e0dc55088dd09c853c5add7e4afbde","nonce":"5a8409bb47c824eaa66daadf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"554b27dbd75582441ec41ea6e9355509a5541e978c10cd3266064e52abace1eb"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a46a9c358c7cacc1e32d957c3fce0ff8cfae979dec9716c2933fc549b1f7af8e"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"f21e44dd2c3a047a31d73b5d897f4d01c1cae7099abbc642ae07489af2be0a65"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"7b336919c0956707a39000c975fa316c2eb0a708368b84ca957a98f4d503a91c"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"2c22b7c54d75384af990c7c2e8ca25a74d382257af3b3b82daa22538c2423132"}]},{"mode":1,"kemID":18,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"cb96118d63ebe968731baece101462125af75a0798c9b5b36744c123be2a262643cff8302a7b2ae9d8cff4f2dc1b398ecd1b637dff08c8c08167d2dd78f257cb22b5","seedE":"a1bee532c21bd63cbbd728ab7104e7e8ba27b46fac59172e2c01626ad412bbe395e1bb9669adc18d4af0740075f36e6586c1458386002101cc5c4c295fd62a86396a","skRm":"00a6a922c51dcf04c79bac367cb79cde32b6265c0d79b13aec1a2b0833fc75d58078814877ff53d8111c2d8c560dd920f3522d06e81276170d2dd446e6b4e897cc58","skEm":"008d891b07a56f710aa7bbc8cb966d423a9e0e3cc44d63ca766df4d579ed9e78e91dd0b250326056e9e6ccf83d0a825381dae453595f99ccf53d81179db87a10a4ce","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0400f951103fed0ad3ccd0bfe4bac75ed38daf76516a0fe71dfd5d072d00abde65b1e1863328759b53e4729431f130d8629b9f1d0b7680986f44591f4ccf38d6e3726c00aeed3c69a715f641e94ae1c697ab4b98805f8e0ac5c12e47318ed1f01a967a1981d63f35cbb303a44635c3493f09603f754247fca8c9ebd160c172cbee2b26ce73","pkEm":"040082734ee249dc72fb198af116d50658eba33b5d1e8de04736dead47d3a751fd464fe2b7c287b475a59cd7f7c58d5382872434c107d482c82e620079519c886416820074a074f91daa1441cb4742e2d5bda0a7cdbe653a812d27b274a9f2b874fb691949d842342934a3dff8071782dd65923c09ca72140bf5e1ca39beb895d05aa70211","enc":"040082734ee249dc72fb198af116d50658eba33b5d1e8de04736dead47d3a751fd464fe2b7c287b475a59cd7f7c58d5382872434c107d482c82e620079519c886416820074a074f91daa1441cb4742e2d5bda0a7cdbe653a812d27b274a9f2b874fb691949d842342934a3dff8071782dd65923c09ca72140bf5e1ca39beb895d05aa70211","zz":"30a6e76b28c79b2bd149d01ae8470c10933e52c3ee5869a4727812c5002614c4f548f12162cfcb74732eae625c0bd8bdc4816250d79d22b447768acbf7b326e4","keyScheduleContext":"01432ee399d8d03ae3e131e64a5702b3c1565281bb72c4d84fffc01029fb86db38e0c2c5aa6a5d4f6df6f13a68e4ff3e2dbd1e04d9f96f9a5b0682cce3086e3a37909777ff7b767aa75ac2ac753206778004708d750421111aaa6b1617274426dda5f0f60fc2caf6d71d0b39fe311b780fb01b8bf76a9ec305e2e1fe47f94f3ba0","secret":"12204109dd0d2dedbc93700a4b8a8da9a956b7b4f10c895d1eff9fb3a82fbde8a60bf6983d2d2637381186bf40555047fcbfa19e2ec9cb5e826f160bbba1b04f","key":"3fce28049ff39344ff8dab6aca03d9d1","nonce":"0b296d51e904fe1f42078a8d","exporterSecret":"ea9e4905b5fdccf4783de2a0b05a010b5be60206927ed1d667a837433b36807d2cbd284daf4db9eb6dd30645a114add13137c6bbad66a3c42075f0085ac4bd88","encryptions":[{"aad":"436f756e742d30","ciphertext":"a0f55510ff94f8b1b175bc31815342c63ad7d54a705821773af2e1c722ce413c9cc8d5b96ec951552f43b941ec","nonce":"0b296d51e904fe1f42078a8d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"fbcc9a610834cfbdebcd40d20ad521c646696814af4ead9b3a9668b5d18a46a76c95751db2c234a9260ec25cd3","nonce":"0b296d51e904fe1f42078a8c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"6df013a2b6239d3aff4928aa06a23e61b380512f5cd2cbec57db05001228fe1d03c706bfb5d924d214f0f590b5","nonce":"0b296d51e904fe1f42078a8f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"0492be82cbd1d07bafba3b8231b9cdd3efaf9d53fd03aa0fface32a48f61d4f57b828897a3640e5b412c845536","nonce":"0b296d51e904fe1f42078a8e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"1879095212bcfea28f639c9aad4c34eb2d32ccb91dcf856b4defa4a1386cc01e9f328eef72ae2efe3d78596e03","nonce":"0b296d51e904fe1f42078a89","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"de1e5248947a887180e46d6a1c3de6757e73012b0959d9cb3096acd1934049b71500aa67703d6cd8636e4d47e6","nonce":"0b296d51e904fe1f42078a88","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"e15f8a9715bd41ddae6640260934baf866a96932a84f51dc91f9b9951450a0549314a3fec373032b4796429750","nonce":"0b296d51e904fe1f42078a8b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"0105f1fe076a16f50249df9eb760c69412daa5abdba8c20bdb409e1c8159a45ec5dbc0c4a67d9a62b99f0d1cfa","nonce":"0b296d51e904fe1f42078a8a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"4dca4a110be866a010e35edaf906732bdd7644cd2d3c7bfb42f34374b7c90a2643f6df6915c35dda0faaebda8a","nonce":"0b296d51e904fe1f42078a85","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c9b0a8e1773cf6ad76a05a81ad4c67a19d188ef673e45db1b645c7ab4fdf6b9e6d3205860ce3436e50dfbfbd46","nonce":"0b296d51e904fe1f42078a84","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e81d913988f6df8a2009d4d3bf9370be4a7832882973cf3988aa77f20c43f44b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"ca505e216f624af139c083e889b244326ae8cb741ae6ee847b577211cbaab2b6"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"23c0817cac18d0bde897b56fb4cc5367ed3ad837d4bb972c59724929c369dcfc"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"0a51ed7e061c3a96cbd2c578937346fdc3f819dde9fabc56b5383ac28188a7d4"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"772f4e9e4383b442e9eb28ca6c266dd86d8a21195007074e160dfb1689ac61c3"}]},{"mode":2,"kemID":18,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"5a4794754e56d4448bf8baa1a28a2fcf4bc73d34108d3203af958e11355c12f34a13802e91bba09a15a609f8aceb59305d684bb5df38a798f28684d97a4afe333510","seedS":"080acd54e25ba2ee8770a16889f5a5692ce7b7e93ed42fe5f658091b327f8fddce52c86a26813c38da0d9bc696fb83e84f9d5c69813c4079c37320cec40ade2a0a3e","seedE":"c42759879b01753b73ff71365974f77137f1c1801673435464d8f79e6d8a7a2150e6a2a73a2b1f1aa06480292222f98afc48b66648f5052ffe6af5bc3ea5703c5847","skRm":"0168c6d5cb94559331e480520b6ad7e742017c4a1a45eca900eb1e767911f2b7bf7370e51529bbb10d0844ce5d9a4706ce1af2b8d6c4c79ed023b7144a9420a4f3b9","skSm":"002a8c2c720b2824d3a5e841647b46f971f7fa7dca404ab6c5f47019f350f009ac929de7a04a4a678102f940b831fcae5051064280efd960c74b3c97491ad7f2c278","skEm":"0090c886346c35e171199ccda9520821f01970cfd8a924a64ce4fa58d1d717e86a57bc68823ccd500493ee9b18518db697ad45324dd15860f923b74bade2dd1019d4","pkRm":"04011b1164abb0fd04f3938ab24357c54bdfb08229aa698aff634a9c73c910505ce4eaa92676b19aa4b81c4f9364d28681966a93b30c1eb4ed5c9fdbe5ddae3fcf671301a1f47c3b8d3b926f2e272534af0c701b803d2207b686aa0e8e69c301f7dccc0ee98a7b1a946aaffc41727fd1bd38f0bfe4a843f2bc8ef5fb4a1488c8b15cd6baae","pkSm":"04003c70013e96e1157e39dad1bcb46cfdfdf481faf49c7830a7bcb3cbd51d2843c4317859481361de98809e726821a659a5d74cf08373d88cb2ec94588e64eb22070801e798c8d69ec1bdb35a4e4c5cd64e793b35a2748783c3bb6922f74fbdf82fe7753027fa14272ace7e2dde013da8343f1da47a102814a6354815c480e65969d4d855","pkEm":"04009ec72d62729c9dd562a729155c2389607dbb843037e820b9239bae159a2e2f6185d48ac961c5c65cd247b65d8d1e788aa1dee5e22ce92cc57fe1af9da9ac4b1b7a0163d42d82f79bbb16f7c5c968b5478d28a28b87d80b50c8443f0ad80293f2a76a1ecd1de2d416bf297085db6f726bcaa290d9203a57e2b2e7a2473d3f0a65063130","enc":"04009ec72d62729c9dd562a729155c2389607dbb843037e820b9239bae159a2e2f6185d48ac961c5c65cd247b65d8d1e788aa1dee5e22ce92cc57fe1af9da9ac4b1b7a0163d42d82f79bbb16f7c5c968b5478d28a28b87d80b50c8443f0ad80293f2a76a1ecd1de2d416bf297085db6f726bcaa290d9203a57e2b2e7a2473d3f0a65063130","zz":"d4cbe5764b9152305a0b64a1f72cb63f3f72ae3960f5af70e812142fb4188175182ff05a732fd6986ea487c68a157699c2203427b94d96d10fea6e3e880c2a38","keyScheduleContext":"02e918a4b8da538db2cdb83a1a8b42911265d63ab8ad390dbcc73b7b99fd40c477cc3060c86cd8cfd5a996e5d1b0a8563469a7ea70e1431955a664b7b48b233856909777ff7b767aa75ac2ac753206778004708d750421111aaa6b1617274426dda5f0f60fc2caf6d71d0b39fe311b780fb01b8bf76a9ec305e2e1fe47f94f3ba0","secret":"e1fa28f559db66db7953073fc5641f8cb6fbe79426d879bae7283c5d40708590ac7ce2e719445af7d2959a6e78bdee299be4ca2c086509750993b288d83531ae","key":"bd80e89b24cc8949d637257d05403905","nonce":"6682d7d2296edc251325f3b5","exporterSecret":"4d449f2683f13ae7ab479b3a19f7ea1ecf9855a9550d7e9c0c1db4abb25aba502efe2478e77e0da738075849b007f6df796b45b3cd91e8ed2cb9410f66ba9a79","encryptions":[{"aad":"436f756e742d30","ciphertext":"2e78302d3ee611490a3e7b057b54bff3c2f8e29f7d93df2f2f16506ed5c4cbc181db47827611f35a02c218ac1d","nonce":"6682d7d2296edc251325f3b5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"7ec371636ad3efe001f1f974b2b2015f9b3dc9886895b502f359264032028c5417a49daae63aa439ea23b6a3cb","nonce":"6682d7d2296edc251325f3b4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"5cdc617bc0ef6fa0ef020ea8dfb99c2522fe21363b961c0421ea923b2aea5b1856b0418180fa26aaa8d5f97460","nonce":"6682d7d2296edc251325f3b7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ad1c0be1fb1bf7d34e00ab625b6314fe61042873b22b318e323cc6ae2dbec1f0db40546f1e3904a237a8d80e6a","nonce":"6682d7d2296edc251325f3b6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"55698c2cb09f8243c637e2ed7b0817459a39cde9629eaa4382deb24bab39737c8e01e005a4b33beece67f4e172","nonce":"6682d7d2296edc251325f3b1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1cb50dbbc367dee81b7db51199a68ad09b12c4a5e5dc0cd9af55349062f97272b13b60da1d747281b0f8e48e3a","nonce":"6682d7d2296edc251325f3b0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"93e07b2e1bc9b3ce6320b6e58644fda3d4d1153584ce49a9caa20640346f1e24a25517a0bcb8404616bda58ea6","nonce":"6682d7d2296edc251325f3b3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f5b2f7c420711829b0e3d6079feaf5082e9967d678da3de18bf57231f6995cbd98531bce1f86b9182307b906e3","nonce":"6682d7d2296edc251325f3b2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"6abc6641c7d6cb0424888bdf87ce7b176febf482df8290c30316fa9b193f8d8d237bb757835a2d382cbe951c14","nonce":"6682d7d2296edc251325f3bd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a502d53f52f5d93c1e98576a5c49748882242a6b42b9cf24586ed4cf4fc791d5f70529a3fea4d6c97929ea5f85","nonce":"6682d7d2296edc251325f3bc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1a6ce8fbcac2710c1f41af825c7235e83b1983bcb9147b0c154f0207d56d97eb"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"85786454ad7fbe0ee9c9cbe492eb6dfb2835204cd8116b4f07e6a3d6abb7e8c2"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"fb94d9650b8fc33d7d898e4f4a7977ef1aca292c32dc30b780997a9503f770b4"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"dda82da487c05b4e842bfb8caef8693723ded83fcebae33ddfb2eb1a82161ec2"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"13b05be4e846822aac4d836615d73e91b48ccc05a3f59801151d570fe54cef0a"}]},{"mode":3,"kemID":18,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"1c15ce71a8fc33cff9e14e28506e69fe21e6e2bd4021eaa2ac800b64c5d62f76890b43d4f4578bb4cbf5edea1c3e07ca36435dcad1295b2af07610bac33b74363cb8","seedS":"3632766a5ab7d1630cac09403e82fad6e409e0148ba5d08fd65b8bc53c046a835a6ff8183960ffad393eea910808ce03c7552d1e58789364620bfcb3af01faca0c3e","seedE":"2dfdc249646a04d07ac7510d65bb9ab51f36ccd37325a5ec2b776bd30ae2d9638a998ff63f30b7c8a806a77dd71d2bc475554f3ed2793e4ef40993af34ccf827d504","skRm":"00b57d47633e54f6e8315d6a5f04ca53a651cb7fbeffa81e70e99a1a8b3f447635ef196adc029d06794f871f9b11804f00b40b75e4867f3065846a1071759b27f788","skSm":"0140ef445dc0612c08be2911fa32aad1b42c10553fc2d8de7051d0ca50e920c6e31d87aa89fb4995baf9c84c2b5efaf51a86e8937023cf9fbbb060edae1131cb4ad9","skEm":"00af7a1a73330f7617341acf3564a467b0484788e93ee908b6be2250123f40c053f0d99b76f155b594d8b846a562dd94e29a7c880a3c857853a9e0d4285ef9056f50","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0400ecd9f21d9292113b647d1e74e4c18144c274535e3a9206dc38b3df284691517727d109ae8e223b72ace2389fdaea846f52ac2922ddbee68625b986b1fbd227e74100f53e181b178beec66b1b43f692a5a9cdcb495e07db4042a1a316f649632141eab3f269f9bd9c90bf6e560a13ac723afc737adb498d1d04100f2222471172237168","pkSm":"04012b9244f160daa6f812c6d197bbd4c405e4267822c0a7ae5f587cd47cb5762d9fe70d6de90210be9762e8be13ef5d394c4f89ee3e50e4bf91125c189e162bfb591d01aa11f4a49f594f1ee40206debe41c5f5d3272303597f62a4ef3d9bf0fe68a2a751e29f0b40c92d1fbd2b423a9e803c165899c39bb08bd7600035ea201853929199","pkEm":"040016ca5f88fa6e201e22dc352e7ce07a8f833a778e4479d1be154e42ebcfa601de479cffac596e2689fbbec99f8adccc28802a4f9d486b9823efb7f429106dc7b61601a48c1bfd44f26e23db8af4fb9f73aa61262cc39a2678a4b142581e01eb633c09e575d7aff320b5048550361efe235b2bd02116928dedd844cecfb34c556794fedb","enc":"040016ca5f88fa6e201e22dc352e7ce07a8f833a778e4479d1be154e42ebcfa601de479cffac596e2689fbbec99f8adccc28802a4f9d486b9823efb7f429106dc7b61601a48c1bfd44f26e23db8af4fb9f73aa61262cc39a2678a4b142581e01eb633c09e575d7aff320b5048550361efe235b2bd02116928dedd844cecfb34c556794fedb","zz":"6dcd352741997117abdc75bab884f6c53f34746125289446b5ac472774f7ed4bbb2cb954d3f21b5abc8f103394b324f2263fc77024f7beea21df722c669d813b","keyScheduleContext":"03432ee399d8d03ae3e131e64a5702b3c1565281bb72c4d84fffc01029fb86db38e0c2c5aa6a5d4f6df6f13a68e4ff3e2dbd1e04d9f96f9a5b0682cce3086e3a37909777ff7b767aa75ac2ac753206778004708d750421111aaa6b1617274426dda5f0f60fc2caf6d71d0b39fe311b780fb01b8bf76a9ec305e2e1fe47f94f3ba0","secret":"7de4dd83d2f4d7b5e5a8d319f0cbec7dd746b98b1c644ba1b2c493bfb8940f973e06592aa3585fa989f518ee1f21c5d425bb70f63ef9a3202dac94e2004ce1dd","key":"d0bb92a04efe0b907a2469dfdbff6cc0","nonce":"e8d34068a510fbc7d86e1480","exporterSecret":"74743638e3e166babfa4aab213382cc474e9bc60e5cc72f3f7d6865f366611abab4ae08e6a32b9403ba4f612d4de980f9767bf1bcd183b80e3d571bd9a69fd0b","encryptions":[{"aad":"436f756e742d30","ciphertext":"3b9cd4c1dd521c85cbfc20c9a70d454790fb422aedb1de522ed6d082dab57c5ea5b1fe48d0f1950a397fde63a6","nonce":"e8d34068a510fbc7d86e1480","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ebc0997378fb0893c47fb9b1eafe721e84eac89358eff1a1d8915513104b2813fc292cce3e2ef64c1f6642f6b6","nonce":"e8d34068a510fbc7d86e1481","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0d8bddfb05539deb9d7aa3f1cb8972fbab307cc61ea734c951e383a037d3363172681a537b74e3ae4d770a722e","nonce":"e8d34068a510fbc7d86e1482","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"0a15d8d8ce28c28f3f4619e28fcc5abba550de16af0149dd6bab5ae1b057241d7a11db33d65ece476382d94ebb","nonce":"e8d34068a510fbc7d86e1483","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"55647228e0c249668c6b6d9bebf208bd8327b20819b23502ea0793ecd1b511b48c0615e377899e749f2a60db95","nonce":"e8d34068a510fbc7d86e1484","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"664fa897d401f8f1d53c13abeeb6d5e7d25886ecad08d8d0cf59fc0b3eb4ca2ff16d400dc3644337d7b5fc8829","nonce":"e8d34068a510fbc7d86e1485","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"48cd9c93b381bdafd607533fe276533425e6ba926a42325f58c8d5e31879dc483b083ecae004a5c1e4db693d0e","nonce":"e8d34068a510fbc7d86e1486","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"ae1661ccf122566730e300ceb9456c454757a4688d168234bb313daef47772ca33154ef1d1176ac1c793492cc6","nonce":"e8d34068a510fbc7d86e1487","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"c0e36a4c99addb72701273c87d8a6aef96556bd34abd76209d148cb8b70507bc6aa60c688aada766ea17f64ff2","nonce":"e8d34068a510fbc7d86e1488","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c8d8ed2a81f02e4641d99e75ed353e18e9057d47148d856c3731b06c74f596bce26099d0e5f65938868bcbcca9","nonce":"e8d34068a510fbc7d86e1489","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"786e21a0411b13bbe1b383266a98f1f8deeb5b527404724109685634e027bd70"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4e8e4d0c44cce56428b7a805cbb6682d91ef449f22c5ead897a407c2395177e7"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9740c41bb19ea5e4d13257b02f2fe1ec37a2236d20319ab16f1330061e2fe841"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"a7b7795759ec9a48ac6b1a9bc665e364113ff356939d6e779baef369d2246de0"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"a8a104be5a3aa1dfaf1019ec90ff6f04f929ba6c5357e3606284b2ffcfc68abc"}]},{"mode":0,"kemID":18,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"fc3b1856d60632c6e9799c1f8a4b8add20ed637e24d0a0fec53e6ee58b55b318ea403be8ecdbd080361963ab8a228803acfce7710121ac6dd59720444185c7775b81","seedE":"dd6e705e673002e5c94e5b659feaf099c551f1728d7620967026c8443d48001da8ce074df809d97fe06c927eb073824faf63f311d668c8e4491c1cc81d63e12acc69","skRm":"01be888eea2c3abd87858bea7d6f32a5e9c917da11ca9d92f53a5f8fceda6a5966eb4ae3f5ea04707edd19eca0074af7b1c27c90fe8a79888cd0399896ee8a95b0df","skEm":"00300a2fa0f33ae54cd14608c19d9cf3862051971958377af05dddf804ca9653f3e6d8a998a87d1526a901737bf481e176afa4ba3285e9a05dfaffcebe67e701b50a","pkRm":"0400e38a93314645eddd1fd5fe4b498a8bbd7f9a2fecfec8d32863938cdd701904a08b814da5dd02b5a05f3d37d99d5d0eaf3cb49c7f8bd495970ca47a9af191b9022400567f173622d13d7c50f3b8d478980f6fb6d7f7f85a88fe9192a10eb17e841530c7bf9c726e298b493e84fc64f88dfcc2f4ae09fe6e2e9d948fb8ae6a4890b74ea5","pkEm":"04001073f3527876a5857e7a011acbb3b9d0b38f4783030cf233f1c558855c3de25363c8cb58ec4d445d30ca28625ac3f8add94744df72343b41e663a98ead861cf9f500a85d9b8cbebaa45b0baf5f0f7e996d6832fa309c2098e6d45363e4b60913fd1853597d9e8e79c5ec2d2474964aa6e497b42be4b056ece8115d3ac307a290a06a02","enc":"04001073f3527876a5857e7a011acbb3b9d0b38f4783030cf233f1c558855c3de25363c8cb58ec4d445d30ca28625ac3f8add94744df72343b41e663a98ead861cf9f500a85d9b8cbebaa45b0baf5f0f7e996d6832fa309c2098e6d45363e4b60913fd1853597d9e8e79c5ec2d2474964aa6e497b42be4b056ece8115d3ac307a290a06a02","zz":"f46024e7680e702f4fc513de6d3b106027e65403e798c9830b744faa50454258564102f3c74db431505f10a8764ac8bac64f34fc4dc8f8f2834d711421c161f1","keyScheduleContext":"0031b1707e578c589d960c9e211aa23e80ed7fe6e9361b65be091962f9c84213e0d93df4d0e9f252cc30daba089600ce93e4c80425e21db501113eaf11f300739a2227566e0c425a324c9ec8639c51a8cbcd760aaf0176b6b7f8a06d80dad6e785313a099e0c1571efa8e7a038620d2daacee82943f29d6eea8361da9aa7f771d6","secret":"5ee8c136f812639497351658521f982bb6bdeb4d54cfe89c4b4ade2519cc1b36033f26eec32f022275abb9b0e7a25c6fb88c72abb744be13cc9af1804f4b499e","key":"0f6b2e6e9d696571d9889ed8401d3f88e93df2f535b5906182fa5e7b84cbc19a","nonce":"a391721e4955098083bb1ae7","exporterSecret":"4391300196396818b4e88976bd00bff473b652cf68eea0f7a24fb752417d476ec92c7d1ccb84b8096ce45dde590f530298d16ee86ac98d38722c49e3bb508f1e","encryptions":[{"aad":"436f756e742d30","ciphertext":"578e325476a1c9b47c5f035491ae8994c222203ad5240a655e72a822e29c093c94cb5efab049a86c43ac36ea05","nonce":"a391721e4955098083bb1ae7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"fb7d85b6485014ddb9c321f63fc474ab51bea80cb055bf2fb5b0a4ec464d23ecca8e1dcb2376a4222f51a0fbd1","nonce":"a391721e4955098083bb1ae6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"979936bf5e76f02031f47c1700f0a3ce05c624341c85ada26b952a24a1f2c6aee62255e5111503baafe2d00668","nonce":"a391721e4955098083bb1ae5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c5a5a34c17743ce14f79e31f0194f58a6c0058219e8fa7f828ff4fefd0b2d0553ecf00b38e6f40aaf7c80f7e7a","nonce":"a391721e4955098083bb1ae4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2a1590599a5cfdee61ce850865e7279407572696fcc9b92938e35da4cf3f462e9579b3946886265427d4e7bdd8","nonce":"a391721e4955098083bb1ae3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"77183c778f5c38e45e0b5e7f06dd6d70554d67e83b44ad5a9ed77acbb1467fb21e98a6f1bb69598ef4c8dc0831","nonce":"a391721e4955098083bb1ae2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"85b8eadcf650b0b3ddc3675eac5eec1bf39e8a7f0cd6538408f01e2e655379779cca0be30164dfd8d7da920c5f","nonce":"a391721e4955098083bb1ae1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"01ae4678bf627586922e15966fd11f0f9ebcbfab7e844235d436c628ba82f74068a45f61a32908df4e0d108bfd","nonce":"a391721e4955098083bb1ae0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"491e964524b506b65190c101b848d897c8155350eec313975e456c29523718667fd09053b20103219ef3871eea","nonce":"a391721e4955098083bb1aef","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"414d49fec96619c24e5d264747d4e6146cc0d64721cc8a2094e6dc2a2e7549b01dd3e339a9ef3aba154fc6c82b","nonce":"a391721e4955098083bb1aee","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"03fbd9ab072b3731c1c65050faa1508cd3a6517188f49aa0b714eff45bbdfb44"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"8e21ed1995364a98bbcb39a7b4a2dcd1db2d76b6428c0dc614f1b0c3290856f6"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"002a6db168a5933b30ff0564a507c693aad335fd18b07782c329e9a18e8c75d6"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"9ab7e47317533ede3d7b43ddc9318f74aa16723fd650ddbf2a6a699441e05248"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"b4feb203b836e06b1a081660daa1e47171c636b2eadcd085acf0a31ebc4a26aa"}]},{"mode":1,"kemID":18,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"bb3691655168b474a874554b92b434f124ad6b1c67612287be279362ba4113d32e8d8fd018072ec05d028c987506876945d16764b2c9d9291faa19dca77ed5bacc2a","seedE":"d31e42fd27084475953b3e1ced1f6db8395467b5ac15d440c0485f1bd6822da2087a6c4cdf6d251a47f85b4175f7c7fc920ec78dcbbb1c1a0633025095b23104f11c","skRm":"01a4a620e2798effa1594d4781738883e559dfd1927abf3f940b33f012b1e9228b52c8ceee8155e24dc07bcac2655ab04aa7c6adeefa36778f2fdd37a3c3da5cf2aa","skEm":"004aada4a96d146de759ee46f0b2b67cdf2925c5ca97d80b9dbc856c76e1f371e0ed8a90f1537a05c10aaaf82bcd5ead3114eb3179d9ed156eab3b2f2619bf5e8a4c","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040150c7aaca76578e947d5034dab41d099198afeda0bc8e867a60570e2eed87d12fb6e67b8d2f60b77208e4ef18bf5cb40e0e696d3d10f419ac92bc960f982b1c4a23014c43382c156624a69452f7f1f32b56b8f7b0b3663a1b8d2d20f2bf3f2c1aeff61f70838bd1a6095dbf3581c84bd599e870d9249bd9f5942412658a8dc8ca460df7","pkEm":"0400069a9efaa43ddf59f2ea683b8ca95d50f180875cdeba520660a10b946ace183c2bf2a74f1b5fe6ec29513b565fdccc45d56e736b1d56207ad37a1b874bc72d9f180111854b81703909791e27dc829a85d24e8a971ddc4ce75369baaeec8f9591796e544ceace77f8da1e61ec906e4ff3be1437ff03d0147b30706730990b25361a75e0","enc":"0400069a9efaa43ddf59f2ea683b8ca95d50f180875cdeba520660a10b946ace183c2bf2a74f1b5fe6ec29513b565fdccc45d56e736b1d56207ad37a1b874bc72d9f180111854b81703909791e27dc829a85d24e8a971ddc4ce75369baaeec8f9591796e544ceace77f8da1e61ec906e4ff3be1437ff03d0147b30706730990b25361a75e0","zz":"766f6350e71360de43585dabb1f09a87181763a047e40587e0c9e39f26595c51dc66e824b6717297db62f73ceabf1ec71a5fc4456adb6dd141135507f2169c9a","keyScheduleContext":"01dc74dedbec9f7a36503b6c263059c9a11a79e4670a12bd245269d81c85a0feaffcf1b23b0748db53bb52b72eec5935e174a97db18d00f324ecdcb45295660a092227566e0c425a324c9ec8639c51a8cbcd760aaf0176b6b7f8a06d80dad6e785313a099e0c1571efa8e7a038620d2daacee82943f29d6eea8361da9aa7f771d6","secret":"ccb20e86ae05a432c2f22963c89a403a01b33f4a1d4a02f0da2fee0e813cd3d6372fadf3fb90307221c50d46042196f537510ba37338cf7681e33b7e5eacce88","key":"d2303f1fdc620e3577e85dac2ac76b5e5e66a9be2b07b353552587f1bf17dfcd","nonce":"601c3f5c01b69eee6c273aa7","exporterSecret":"ed44e02da7e1aaaf00b678cc2982823f974ff2c6d0ecb1ac6e17692834ab8826e1e94ff0f54d07703e490bfb5aca572e6fb0d8c938e126efa36bfcac1d97a8cf","encryptions":[{"aad":"436f756e742d30","ciphertext":"93814c57b802da5404225d38c9b78b64fcd29b0f332501dca6765e74a85e7ac6bddcd55c82e741d172251bbd6d","nonce":"601c3f5c01b69eee6c273aa7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e2144f2b780e3b9cfb9f1a50cfc6dfabc71c5030184668ede14be3259b02d0a6b96c8ec99408ccb57ccd5ba05f","nonce":"601c3f5c01b69eee6c273aa6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"585e1a1855856c32d2c1dc9ac2a71db03e0f5ceb72e15443195c226456db4f1374dde2913ba961acfaf154f9cb","nonce":"601c3f5c01b69eee6c273aa5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"67d5a698c12dc8bceb69b0555f320cf739eee40d23dde3762148f8901d93055def8c9df5d5b50c0d8e751b210f","nonce":"601c3f5c01b69eee6c273aa4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"edaf9feb5d6081ba123b3fe891ba3d8e10d2161cca205b04ea7405357e500354b0984cf9f6740023bee0e71b53","nonce":"601c3f5c01b69eee6c273aa3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d0cdbd7658c5ce2f934614d73767f524fa8aaaae22866b2a807fc87466c0c589eb5408ea3bc05ba4fd300bc0dd","nonce":"601c3f5c01b69eee6c273aa2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"141f824eaacbd687b737aca18c3e8442033ca4ad9d7781723d65fb99ef8dc0a1f67defe8764c5bf39312612829","nonce":"601c3f5c01b69eee6c273aa1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"069df00231db1c5a20ecc42c28dce5737ceef484d4906dc90cbb3562b73d6bdecea6472d42ff70670d0c283e5c","nonce":"601c3f5c01b69eee6c273aa0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"31bf7eae75f78c1b9d2bdb29c63a844ed3b9d0798faa915cba162f6332993238dc8b4e241fffc70fc8d39594ba","nonce":"601c3f5c01b69eee6c273aaf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"6951857d02851ee082289aa17010187072408c617d930c5c192ea396ba110a095a6e815944dbbf87accf2e45d7","nonce":"601c3f5c01b69eee6c273aae","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1e60de5db3c7d4e85cb23118859f88de2f6f352deb4642abb3c6769f899f0f3d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"b63fd7bb908673f171871d3a20d70b3dfc1ed79ee38c7a17dc876d13b340662f"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"3c3930f044157634ece44d9247187a96d22edb15442df401e82ca4f1fede3b13"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"af4cd8ce366ca3f833ec2abad937d825770e1f604a0b709c7e3c8e19d0d5d76c"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c98ffc5da279f36ee59da8e7f5fddb6e1ba52d04629521f570bd19f40513eac5"}]},{"mode":2,"kemID":18,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"1463b22bcd9c86918827ccb4997c26b9d53f6dcc81183989b81bb86f0c494eae2888d2d27dd350332471799fbd63e47af14ea4e3aa4b751f91da32e14b8668e5d54e","seedS":"5434fa30107088f247e33fe1b8f1453ec5b80222bf39dd500d3fe3b21692490c7d5f76ebec5664299ff029c447517c3769c0d93abfcfb02758f4576400ff9b4adb46","seedE":"9f59abeaa47658a5803e02dec0920660e31b08b987d3e9ebb0976a4dafa6fda5b8f05610ac2c22632c2a5205ea504b12f896074d8b575d1af7dc1b056c4606302199","skRm":"01695707ebdd894bfde36db66d34f921f0801d0616bf20f04f7d43d0cffcf7b1099af96f717674599cea0be059b4da672d38798b07841ef953ef2bd20084f7496c12","skSm":"004895db15ac5e49d8cbc4f19f7e6bb5d281729183102ad8f3fa9487bc92af26056baabd4b2f9d73cc4b9f76dcedeceb65f47c1e4269d71824c77382ebd058aa4a53","skEm":"01088c9b422245bd8533c137131c7ce8409e86786ccbcf71ae1991e0db396368c960b6ccc14e2a88b65da41ad1d8676ada577210d3d55ed07ff3ee7b2d0371134697","pkRm":"04006da3b3541beec076fe34f1e769ec4e1871660e14646ef8f9e76adc7086c51423a00b654bbf3c83abe50036f69571be588fbed874f46e8b166622c353f9aee4229001cf8b502cb8c01b1d582eb77e3d4e8eca439e44d7fbd54fabe5a7f55e79f6e4dcf1bc6b4ff91e59b2f203497a4d102d9504cdc8f3f7d2565e1395ca54449c845682","pkSm":"040109cdaa94b0029c181b4dddb6802176b874b8ec2930edf1123e3793b9cb4398c18b124a065ef796e8e4a54a51cc191af0e3ef74622e1d548fb3bb372e7fb84c352c01edc445874f902dbd2be7ab90d32c3a7b4889d035ffe36b27d1ca4b779fe7850299d31c6619e56d65920c56fa558387e2729d23ed00669b2dbeb6d668aa47e80ede","pkEm":"04014c24eb4dd68f75e665ae3464807088c96cd968aae391177049f9e70718595557da6e315c91ccb0bf8d1683e7454acf292d94705c5ff8993e6179e2fac3903753c40058562f4a0b857135a5678d718c4f341c46b8d2d61c4a9e6b9d7391b1a4d4e37db73a907874d03b8a4906a8978426e716d7f054ea78c6c5f6238e057814aa00d7ba","enc":"04014c24eb4dd68f75e665ae3464807088c96cd968aae391177049f9e70718595557da6e315c91ccb0bf8d1683e7454acf292d94705c5ff8993e6179e2fac3903753c40058562f4a0b857135a5678d718c4f341c46b8d2d61c4a9e6b9d7391b1a4d4e37db73a907874d03b8a4906a8978426e716d7f054ea78c6c5f6238e057814aa00d7ba","zz":"42a47e9144cd6e466b6e384d92f75eb57597f47a33c87ad4daadfc10f345e49897a947adcdf804ee8dcbfe878197e802181eee1367ab7b349d1a8b5ff4444f98","keyScheduleContext":"0231b1707e578c589d960c9e211aa23e80ed7fe6e9361b65be091962f9c84213e0d93df4d0e9f252cc30daba089600ce93e4c80425e21db501113eaf11f300739a2227566e0c425a324c9ec8639c51a8cbcd760aaf0176b6b7f8a06d80dad6e785313a099e0c1571efa8e7a038620d2daacee82943f29d6eea8361da9aa7f771d6","secret":"b72b53c4d6f9c32137afdcc2622c491475eb36713acad5b6f4dd3093798289e9a6aaaeb1e174d3398d25bd678e0ddcadd2a97ae47e44065034570ce34876ed9e","key":"de6efd0bd35add5381ebcd61e054d47a4ed8a8c781adba21f529c6eeb367375e","nonce":"4d46b458eb11975de36b5d28","exporterSecret":"7f10cc2f8ac59a785023ec945f861eeebc119ab8f78e946db4d09f0380141526170cb640e13679e141c242a0fce887fea6cb182854a30cfb0a8f899ba030bef8","encryptions":[{"aad":"436f756e742d30","ciphertext":"f8b756d66cf04835114ed82d0624d3a6a591108d0685cad9d31f9afce3e2b437be3acab04cd40351f319944ee8","nonce":"4d46b458eb11975de36b5d28","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"30dd97ad75e13ed76c9ac2fe66f1f7333070532744e291d4730efcbb486f58702b108ead631843e8216982541a","nonce":"4d46b458eb11975de36b5d29","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"54d1146fd0aaf20916b3d4c6db54076fe6ddd91eb29b895c27e58075fbefda2d6b0cc8ffbd9be766c1167719c8","nonce":"4d46b458eb11975de36b5d2a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c1427aa9418493cef1f15818c10a6ff54481dbd3ea68cef7f57667589241cc1ab1858bf62b29b531eda5f3c491","nonce":"4d46b458eb11975de36b5d2b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"4c065e11b3862704afbc026001653798ba49d455dd33fbad81195c67896d32ef9fc859f8c519a4185e849126d0","nonce":"4d46b458eb11975de36b5d2c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"fa66ff823424a066c35c9b493b5f93fd9606a3b9411ff5c18b5a5247aa10aa0709be7b15cb81fac1e9b86dcd81","nonce":"4d46b458eb11975de36b5d2d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"bd6f76cb2a2cf0fab563f897060b1d228075416c34afd7886027b14bc70c5205544a1b0aadd4cc1392429154c6","nonce":"4d46b458eb11975de36b5d2e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"1d7a78c429704f86b1f917a16efbdeb14cb73e1e6f60368869972486f2dbd6fc37bebf280278b44d7a217e80b8","nonce":"4d46b458eb11975de36b5d2f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"2ff20e41fa35c07ea5fdd9f9860d5ecded8a2c1672c60c3a793b113637dcc58bdbc35c6fda2fbf562ca9d4e8c0","nonce":"4d46b458eb11975de36b5d20","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"b9c5957025d0574a30be542a726e20e15b6d66ea6ee7cbd21609c33f6df2e253db9e521ac12579f92998fb70c5","nonce":"4d46b458eb11975de36b5d21","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"7756c9323a1ac46902f1ed4531075d5bcc7384e25dd32bf689912fe3cb85716e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"c7dfe756ec5629248462126edd150e18284abd25ffd4dce792af48ce8b33e0d0"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0e651869553c71810fef32f4061fc304327ea2bb3866f93d50964c417142af36"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"69fe31a07145fc6199644f721061531a1a5bd7f3f954fd8861ea8eab645e43d6"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"3ea3cf57c4902e1f130de0c95ce3f8c2940f29f551fd5a906818b0798cb90436"}]},{"mode":3,"kemID":18,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"61d7bec5cd139d101df42e03fabe6f7810b89e6c73495dd85adcccf0f87ab00744cbbd233a421352a48f4a078a42c882d98aa5f9dc7fe16d4f0633aa7eed7fad6d6c","seedS":"87037aa1958c47f24062d8cb32edf298f7a45abe81a930891977fc59ce15c766d784bffc400651ddeb49e7cf3c682b1f3bbeb6a6e5417c8ea78e426ba7874ead67db","seedE":"73ba1253ccbbd30ae850c55e0e3faab5d8ad03be092b9fc29b1958bcc10ce8293b9071368103e28a2b41eacc7b8d826b8f7edc193c121ff5410b60a31d68aea74f55","skRm":"00c057cb3804a79897991bd87b211210e5e841635ae3f2665d78c5b713d73a23b73d83df8b1665dc13edba93714d1d829548c7548fe2c5aafa743a0188fbb5ea9913","skSm":"00ebe0d913cf95ed67f322962431cf38eea2e769c1ba84d4eae4f6a55dfed3594e408657e942e09c245e2e6dcbc2c917a0bd477bb643a52a1fc6f834cd1b49082967","skEm":"01599c268bd648cc2c7e4fba7472d8dcbf046ae95de38337fa7511e6e5f87718ea1509ee4bf44ae1a232b873aff06d5f361fa2130902a43fa03d77338c5e04503d74","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0400c37cd4ae6fabd9151f6220edbd70de53d551008125c78e3302c655f9bccb3fb185ec8b5caf84b50071ea03210e82260386b416ec81e2307d3f4c136fc0bbc2d86801b9ae763617dd921637bc8ae24f4998608ee1aca4580ddbf30e99ff75ec5d80ac7fe5c5b4acbb265310544ffc0ec982b3458d88ae399ff6bbfa286a4c230dff5b69","pkSm":"0400cf8d733e2dc5a3fe535e06f8c2fc23fc82ffaf0ea2f88f6ed1da080df70bd81a6a6092cfd403cc1a6845ae5b03801f403bd3fea3aceaeeb98c6f958c7fdece272601a001deca7d2d0ee7de6db3cdad0372b9768a3dc1e10765b963721f887346c9d2e8545c1f5f2919c14df7222856730f00f96fb118713f5b03146d4a10c79776ddd3","pkEm":"0400bfe56b4c738593724849154dc503675c4bd54fedf881dd5ddebd16ef026a86a4970bbfaa243dd9397b4dc364875c5766d9fd8b69b400ca1d528e6c09f57e3d854900d978fb363e0bdababf52c9e11a16aefb04a8ffa6ea4b67913784ac01ca72fb32ea9c2c54571a02e071ae35ca3a63c3b33e8a8c18f303250f30fd6ec28e20d9c88f","enc":"0400bfe56b4c738593724849154dc503675c4bd54fedf881dd5ddebd16ef026a86a4970bbfaa243dd9397b4dc364875c5766d9fd8b69b400ca1d528e6c09f57e3d854900d978fb363e0bdababf52c9e11a16aefb04a8ffa6ea4b67913784ac01ca72fb32ea9c2c54571a02e071ae35ca3a63c3b33e8a8c18f303250f30fd6ec28e20d9c88f","zz":"509afba7e787893312cefcf3ec155b0863707ae22127e62807e6022e79d306fa4db171e822d504cc552c3c6e5caeb28f391fa9ef4087f713e2433cc684de32b4","keyScheduleContext":"03dc74dedbec9f7a36503b6c263059c9a11a79e4670a12bd245269d81c85a0feaffcf1b23b0748db53bb52b72eec5935e174a97db18d00f324ecdcb45295660a092227566e0c425a324c9ec8639c51a8cbcd760aaf0176b6b7f8a06d80dad6e785313a099e0c1571efa8e7a038620d2daacee82943f29d6eea8361da9aa7f771d6","secret":"85de2399b07f57a0017fe3a302ba65be4fda12e7aa27888d9404f6f133d398f5b48d3ab276b0a59043476da4fd0048d5955cfc8d589d0c5484aa62f2f43d843f","key":"42ea571ac39e5469bbd03578265089e3ff00222a337db8b5e37b7267624d32e4","nonce":"04f4e49ae4a880bc7bfddddd","exporterSecret":"c4df767f335de8bbe59252e312e4d3cb66789050c51c7dce4ef55232311cf9ad7c02750c05eaf78491e01bc6ea08256d42bc4f9167d284484951819836244aba","encryptions":[{"aad":"436f756e742d30","ciphertext":"3404301ce6c21a7c48e354fc45f962dfd6ec99f7fd42ac235fbc4c542854f9849d60829290d76b785691c33c25","nonce":"04f4e49ae4a880bc7bfddddd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"5c92917722cef9831726b376e4d869e7e4eeb0d759fc1386cb668ee4928500c1738e847862519258a094c44cdb","nonce":"04f4e49ae4a880bc7bfddddc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"8a018a7d01e378ef2f27baff5ab50ad75e2c67264aa84f33d8161d429e2a068edc7b91b628bf28f3d3fefe3928","nonce":"04f4e49ae4a880bc7bfddddf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d49eb157dcb4306d008925ca26733787f503ca9ca5a2f54d1a83fbd0b5b20778a8daa198fd08942818e0cd4bae","nonce":"04f4e49ae4a880bc7bfdddde","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"e2a140f6f88f7cd2416af37e9573042e916e7e2778540e97b74de8a9f00d9e16b35e3107f6dcef3c6b7a70f357","nonce":"04f4e49ae4a880bc7bfdddd9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"16ca5b70e0396d09458b2e8bd16a55aff7d9dba914c70b1261e91a822f3733b6889989aeede196c06728069480","nonce":"04f4e49ae4a880bc7bfdddd8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"aedf2b7f6ac3b8e45e441357f7024c36b1825f846cc41a88f09a8ffab02a900c1858ef4bf02748c91595dc0124","nonce":"04f4e49ae4a880bc7bfddddb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"63449c05d57669b742037e2076f634960038bf302e9d1e7fafec03cfc44331c0f96ee4f9d7efcc78eb9f815f1d","nonce":"04f4e49ae4a880bc7bfdddda","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a3078e8bef3eb00036c49ce352decfe65f06c86b286ae752aed589dc3665621de2fb58389e54bf2b0a402c25e2","nonce":"04f4e49ae4a880bc7bfdddd5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"29d08c189c18aefa492a51976ab6afe332b4601aecb519a275306482c4823a7d9387e21b0059fe38eb3259adf2","nonce":"04f4e49ae4a880bc7bfdddd4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"caa384c3c641c23d343ad24d21a0d2d8574e559b30a3226bce93346bfc441f2e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"5d935178c23ef5f91570f70d6b11eca98837a381180dbf0a4374971cdbdeabd8"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"4874acc1eda1f042066ab9c50437016bf9f3471b984d3cad44c18cc6d1325b7c"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c3e6e2696e10225d0b02c15d3c9bcb391be2416331f711b4e468a95d91a8d014"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"0383b19b875c844ac219a730f69ca52d782eec3942b2082140558998a72e45aa"}]},{"mode":0,"kemID":18,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"2ca8db4fd908f8c1756815cff21c1767bb1ddfcced1a6456461eb66c43a41bcbb47ed64a3ce333d725509096d585293b9b3dc73deaf5c29ec95b8ed26f02f0e15b7d","seedE":"9fc9495e9a86ece6c3b52b777c8ea3c0817b9775c8b19e1530347c37df274bc03c4230f24b18ea81d30a3f36677a89faf9c8be41e11bebec022ed2407b9689b5ae6f","skRm":"01d86cde74d6d2f6daadfe06eeb5c17ade692c8f85335c5badd91d4cb1b9b9366bc45e2cbab80f42d8f59f6f41914fd6c300a7bf991f3eb893568cf573a9ddcbcb79","skEm":"01f289fc234ba0e35d577747ce6c3261cfd74e2f42fb00b49e6a8ae28d904feb2aa809875a4875c3f6ca6a122e968b12d35026d6939f51a5dea7f1844f40036be957","pkRm":"0401811e5963d30f5c34bb6027c4d0854505fba252444ff07941ac9d55f49ec738c2008d7ec95b9172e9230ebcdc694316c7651aad08d96862de414fe4538f5040d7ba00f90c04ff08592fcc14c663faacc532bc836d9ea81f2a9600167f9eaad14f6a5a1ac973a1344ec17fa3049707458027e50027dd58bc38305c2b819860f1af55e5ef","pkEm":"04000b779a15e3916b0e2a2ef912fd8b3395ccd5db709c8b06f0622f19cf4ef9bb447ca872198cc9c0820dffc9c5c284de69c1a8359ce00afdec7d0f984e29155f1535006186084749fa6d89ea42a26e2bafdcdd46ea48cc43757dc34b081347907e5a209750d2eb70c4a1790abb75100e9ee709a92989b1fcbe12473a5203053b9376125a","enc":"04000b779a15e3916b0e2a2ef912fd8b3395ccd5db709c8b06f0622f19cf4ef9bb447ca872198cc9c0820dffc9c5c284de69c1a8359ce00afdec7d0f984e29155f1535006186084749fa6d89ea42a26e2bafdcdd46ea48cc43757dc34b081347907e5a209750d2eb70c4a1790abb75100e9ee709a92989b1fcbe12473a5203053b9376125a","zz":"252cb6b9bc62bb0ffed8853d66cab9f3cea79650330d8a3e246f02b798b27c41c673cbf6e35a49a38aaf8b1adb04554ef2776d3a5ffc4a4a3acf1cbc7cf0155e","keyScheduleContext":"00e4f4dfd3794cf4a43072eb8db0e77d57ee9044d7d4eed600cf7323ab9bec79731ba2ad802571f9781e8919769a5a2a2cf6260ec277c0d2fa765e59c24eaed80d6a046af684c77cae358817a75250505c4805d54db8f367d9e1b4d993b6ab1f8e647804c55f0d421e4086b1382c49e4ada08fd351dbd75d0926e0a423e0a4e927","secret":"d0140e6e57335925956a26340089d6ea547df36b56da7277d3dbe86708b17ccbdaf143391eba90c98f38ffe7b3920390ff0247447d20b8bace9842883e0a170c","key":"fcb3086fe1f08b31b8ff1e441de464198b43e9b1c247db30fba517f3ced6ea96","nonce":"6350321902a74e668c59dd08","exporterSecret":"19412b34af760c554242482d300b29e7169b2f47ccc93807a92a66ae50bbab8fd1d6c78bccb20f27b91221663b7382a5fb4d7d0c88bbfaba13e8fc7368a7e357","encryptions":[{"aad":"436f756e742d30","ciphertext":"ed4b979ae8e222740470310ae84b1a16ee6815d3951f30e48107fca00e1f29617ff532f57396966c15ebea77e9","nonce":"6350321902a74e668c59dd08","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d8820457aa24e24429dc38e9b46cd7506bd90d86d1d737a38a4d6adbfe912e0f7957eb9b2acf6996e7c61fe061","nonce":"6350321902a74e668c59dd09","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"289569cf3ac5805b674a84e44bb737c441be4b669162d40c406dbdde24fde83ee621696cb35fbaf1a384a5faf2","nonce":"6350321902a74e668c59dd0a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"699db48d52b6e3c6c7987eda0449a2c732f97652b6d3125d81b85408233192dae0385fbb53f7695f11806adc2f","nonce":"6350321902a74e668c59dd0b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"22301497731db1d6bd9b19825fd1063d34570429cb9aec958f541f256fca7dcc1fe5deb47966dda78384fd19f2","nonce":"6350321902a74e668c59dd0c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"061185729f2011951323dd5e941c8d627177ec49a8fb97d499071fa896144b818592d74e048af45b22539104df","nonce":"6350321902a74e668c59dd0d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"7a8e13c2aee2ec1e1d022c1ce6d28fd6ba4d55804ae61585da2bcc341f3663bba16613afc954dea88825fcab85","nonce":"6350321902a74e668c59dd0e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e6d71c68a4c9567568bb1af17ad8f76c704e3dbbf3ba2b7ae664b27182f351b2c01fea1c7f7080891b8c87d7c5","nonce":"6350321902a74e668c59dd0f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"33f48370b121eca882c61cf5e7f177b4371d841c8161b13428e9491cfb354b33e1aabab2b68964b3b983af1feb","nonce":"6350321902a74e668c59dd00","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"63e7420b8b096525dfa7125b1382b9fc9f55b5aa8568b1b2aeae7118350929c8276c100e0805dfacc0cc3e0cc0","nonce":"6350321902a74e668c59dd01","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"295857eedeb9c19b9ae880865b667eb5b42b6530d9bf53492d66a7029b2e9a16"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e66a82aed5993cae03d9a057aa8e4283ddc457a8f736a755757247aa19d76e0f"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"2db828d16734c177ceb7ed62fb66ba3f3e2960748d6e1db3feafbc4c1c0e4eb2"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"826094612b465fbc2866085d4bc1cad1bb048a4d142b44b51027d5992ddeba95"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"3db38f511dbc696186f156875ee93f3e6c154b23650b756cc83b61dc3630750e"}]},{"mode":1,"kemID":18,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0d34e47a1472995541132808352149952fcc1603533c89033c8a082afa1157998fba43e4b3144d537c0236d63579f1dd64b616ac6b86ae4c19d05f1a1aaa00b67110","seedE":"4d26fc04688f04031c0cb6acdf047886db985da037a3d39d3166fae096440e3e031170d5d6cb63edb3997b00b811afb50912c16acebd3d8714693c35624eb9c6a727","skRm":"00593e6bed7a199e14d560454de23aaee42b629400fdd6427b008e228f40141fe0d39817f3d2a180d7c6ec3c08cd675a8b035cdd57fce2ccb9a5aec49e6233edac72","skEm":"0093cf624906a171946fdb451ea3b67660396d622571fe2d91fbc70c7eb00e286ca08263c35bebe1afe68792f8db8b7daa0878b945aafd7b3128df95617b37263a8a","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0400672dc56610eaf7a7509ff2a8f91521adadb7ad68d7f70a499aa8dc98a477067896a2959ac26890d16a72a0e4ec7baeabc26eff0182c253b2e2a7fd4484b34e242f0007129b996df6637f1f0c15fbbee170ec3956ad0ba79773e763d11cf50b344a7ec0a819c37286413da44f64b7d3717786a3efcc507d23b03beea2649c0c730fe9d5","pkEm":"040023d28812ec1795aa23d8ddd6d63b45f02c0f18c50822a29993b928da1d7477e046ea5497903d924893b41e078d8475ca57164a2e78fb0c59d7c0043e4447a3e44700cafca65d78665ef4bbcadebe649f603d897ff22e5c3744b44775b206312b6271244d073fc97fa2baaba683e3cc7099252972963683c96beca586b9b0bf322f6743","enc":"040023d28812ec1795aa23d8ddd6d63b45f02c0f18c50822a29993b928da1d7477e046ea5497903d924893b41e078d8475ca57164a2e78fb0c59d7c0043e4447a3e44700cafca65d78665ef4bbcadebe649f603d897ff22e5c3744b44775b206312b6271244d073fc97fa2baaba683e3cc7099252972963683c96beca586b9b0bf322f6743","zz":"0dd7d07e3f19571fb29dab14aadf18892b2074c011bc21920d073a65193d303b35ca820ba322f13d1a7a9a47f23d8181561f0e5a8fa3167311b9e4ad86e36951","keyScheduleContext":"01a22e3de26f73596110b2b1a2ea1f26f666169885e0e147bb3995bfda4f515993c7d9dd6d0b7b869303a9ba5342d8faeb81d829ff7e63621d1b4c98e206abb7dc6a046af684c77cae358817a75250505c4805d54db8f367d9e1b4d993b6ab1f8e647804c55f0d421e4086b1382c49e4ada08fd351dbd75d0926e0a423e0a4e927","secret":"e8d4066fabcd50cab172206c8289a8734d685c1926fa1a50603bec69ab3e6deb47c49a4ebf8f45d241f9c0cf3cf66403fa7f5bc162734f13014a76c9d3309576","key":"9871d05b321a6df4f1055982b8bbc6191d756326549a2a6c2e3b9d73a2d75048","nonce":"846b21786e6cc90fed8b7bf1","exporterSecret":"f1aedcb6cfb48a1034cc002302c5c5467a1f746cce5345ed2141fe904f19cd5f456c99c37ec63d135d8e5b3644f044ef0a9f76699423a63caa96381d4a5ec9a3","encryptions":[{"aad":"436f756e742d30","ciphertext":"4a0466c5ec89f05e9acaedf5f9813c420d4e639ad91ed23f6b6dc72248d258661f6fe158b45d790ec30de2c3e4","nonce":"846b21786e6cc90fed8b7bf1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"f9398b286212608713823406280f487dcc7205bc913d373ac381856dc3d2db16b08781f669331be1d274e20d0e","nonce":"846b21786e6cc90fed8b7bf0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"60aa01e94dc3d5c345d59721d4fcf4019ca37ed974ab373850bd634fce7f2536c7f92c77f67747bb8e05334cdb","nonce":"846b21786e6cc90fed8b7bf3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"6b780e2fb91e8743429c1b5577da2b64266939e77f86fdde4f21cff4b82d83d9dfedb7b456736173fbba29d4a3","nonce":"846b21786e6cc90fed8b7bf2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"f5fc349a568b90715e1272fbbd1bbacd502725489cc69682f5e2a078ed0f0331627a8ef569765ed8c575b456ba","nonce":"846b21786e6cc90fed8b7bf5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"c799fae44f1f7fff5f758e9335919fdc90da6bfcd9b58bb7d2717526749ff8b173f5b4d98d164b5ffc0e2f2b0d","nonce":"846b21786e6cc90fed8b7bf4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"28cf140c3569c94abb5f5155f4e98be3881260eb7f83104b38dce1fd41cbdecd023ee9e9e8e742265ecddb21b5","nonce":"846b21786e6cc90fed8b7bf7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"55c0b60e9f2e135ce3a6c1037dc4c7f2b6ee5e8c8df997261022f2e212bba1b2935c77e416de8ba3aed02d7341","nonce":"846b21786e6cc90fed8b7bf6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"4f777f080c12ecc7e9db68f375f0368f26caef580559febd9054d6e3d0f14e92a107a600ed3209e3061f83616f","nonce":"846b21786e6cc90fed8b7bf9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"69fac45ea4a6558dbe119736203613a4c796bf2c94c11ea4760e8b8787f212cc3f29f5b553849cea215154e930","nonce":"846b21786e6cc90fed8b7bf8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"a8cfa900cd85614d272b06e457cd66aacd27cda4a4b19292578945695f74746b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e3e686910be467c366d3b95fe31d0cbe08d2b990dd597815b83132f99785eba9"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"be046bbd2d1524b2eee588f84b177e5c806f9f1165f0527d3d58d615b24a8f67"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"625df7f5b4c062d7efa767a7c09430bdb568d3e37221c756b5cda0c116a104eb"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5666ed8a8a340eca5c578fb3c61b9e194fbb3863948555d74927c122f4685fee"}]},{"mode":2,"kemID":18,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3b91cb8f4f2200476e28ec89688c639b7f5c8ff58b96700c26dd4813b5da598620cd89805f26f5431e0535b3218400fec2b4bb20662be1b445d7e8eef92f92ce190f","seedS":"202ef3f6aa29277f55f69688ad360892e53eeaf2453ed36aad3f702883d59b190ec45efc9bdfa01e619d76f6274216fdba24fa494ce33b5936c1e54ea1f96a5d5563","seedE":"3b23e5c425b83480adbfd8a34d106466b2fe2c676a0289a006ee04cb0ca7b22f856fb47ed478677c99d5d8780c4b8686395d4ff329c9e882e75ce279bc5174d4b895","skRm":"009412590fffbbfd2edfb9ee69966c6f4067bacf5747b9bd3cf835cee7d6c8de0195732627449a5e1a63e8534b1ab2c3fab0639cee02155b0a1022b899dbb354864d","skSm":"01df9c29e3e7b043925f13cdc217ea81f5695af5f1bffda23424fdeb2c6b23ef5006d33defae48f95cf8cfe43fcc3538cd70bb66cda506b61f718257819c159c7774","skEm":"0128af36e0e3c4415393deaee4d876d943e7ec418ddbfecd1ca8da9828078611e18c37be6e08b1f15f0e16c511e6cfdac43d236098155fe91e7c72be84127dbcfcf4","pkRm":"040056e6e200d6c687ad21eda2521d78bf95065fb80ece580f0f151295b71f159a04c56282db30989ed04b2f2832329062bde5cf231fade3323cd9d7f971e6bd1ae61d00b2e5de150bafecdddfc93f8ae446661c5f0739aa0a00caca2162ba6b6c8cf66f4a3165760a0edb37c382c55437633a14ce654dde821aa53a0fc4628c4881d7f4ed","pkSm":"0401cbab994d737fd11e5e160982f1e9d06cbd24565aab85f154a1624a4c4f9826944434ce7b5b9b54102ad975622fc786c851f03e374d84ab0999c920fc9642173c990110da5f66805869554aeb17e4e619946a338ad25380f4fa20fb122c43c09d98c4393b86744ea95ce1a66e15d4d8a0bbaebee10a61bee1a3eee35095f386a3aa91fb","pkEm":"04000b87720e13ee133a02b2dc4238d321c7e7b09cf9d19241e316d9d09e57e08d2dcacceffd2e971b890acc064741681790763af4f69e31c06bd1eab1e54bd2903b3e01a080ce96ff2b8660f52b537efefdcab6ff1817064a96a1366b08f497a57f227dee9a9c4fc5cb401fd9eb3bb9bb7d65159580bbd61019cb03d1bee358a883718e72","enc":"04000b87720e13ee133a02b2dc4238d321c7e7b09cf9d19241e316d9d09e57e08d2dcacceffd2e971b890acc064741681790763af4f69e31c06bd1eab1e54bd2903b3e01a080ce96ff2b8660f52b537efefdcab6ff1817064a96a1366b08f497a57f227dee9a9c4fc5cb401fd9eb3bb9bb7d65159580bbd61019cb03d1bee358a883718e72","zz":"1f4b4721cb5d74d98110ca566b7dd7755d10b2a0fae4b4bcb0dda7bbf87d01a9f224bf0f611dbd46e894b2e9361fa520cd91142c96f25e5dc9b5cb09e3373e8a","keyScheduleContext":"02e4f4dfd3794cf4a43072eb8db0e77d57ee9044d7d4eed600cf7323ab9bec79731ba2ad802571f9781e8919769a5a2a2cf6260ec277c0d2fa765e59c24eaed80d6a046af684c77cae358817a75250505c4805d54db8f367d9e1b4d993b6ab1f8e647804c55f0d421e4086b1382c49e4ada08fd351dbd75d0926e0a423e0a4e927","secret":"347275a1044d8f29dfd11ccf2b09063800d9fea3de519f87458fa7640fbecd0459366d491f15694593336aab93dfa9dd814db05a1d7696a0447e903b682516f4","key":"4605a8a14b4a65d5d13b66e38d1623a76bd3eb40bba215632592818d976071e6","nonce":"564fde9f478cd36031346907","exporterSecret":"07fdffeb6dbe023261e51f140ce393be16ce7bd0973fe16a12143a951f770b7720e226d18a26a5c937544c934d29ce915c8ac5f26de39cc8e8c6e852976e5ec2","encryptions":[{"aad":"436f756e742d30","ciphertext":"6de726ac216d0cc579035bc2650a9c36384cf20959ae9b2c66255eb6b1a85c6d0b3fbcb0fbcaf6059e3558df12","nonce":"564fde9f478cd36031346907","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"b755f2ceaedc367be587c8c945e4fa287ce291e2f6e0d9d5bb09177a0ce00cd2c108f752ceb3800f2c9bb996f2","nonce":"564fde9f478cd36031346906","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"3922e15b9d8102e67cfa9dae2a2fedfc899a78b4f66eeafcb4df30aef787887cfb33c69d67f1f196f51dea3573","nonce":"564fde9f478cd36031346905","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"994f3b6ceaa6f37f128f73bc4f84c96f26b7407a39b83678d16f43edd0f3576fd36ae300cc3c9222ac6f162e1a","nonce":"564fde9f478cd36031346904","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"7131065f9c60e4131785f9a6dbf4b005062315cc6247afc1a5883ea9f047abbaca96ce6c44c6ca8d6333616ffa","nonce":"564fde9f478cd36031346903","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"6307ea95b89ca30b24e1cb3fb44560031a82a03ad14aae5107f9c0aa7311697c9a70dfcdf5e2867db6e4e7db70","nonce":"564fde9f478cd36031346902","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"af4f03dec299b953a3cdc504154a0bb69000dda9535e8d8600237a3fa264dc3e558836a5b758b88ed88e2ac946","nonce":"564fde9f478cd36031346901","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"3f8de4bd26f2db25e7eb60a0c617dbfa546aff39537f797c20456175df5b33ef0f4f4bd6540bc5a90f3ace3a95","nonce":"564fde9f478cd36031346900","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"c043b2ea983bf510e54592899f720f7c135834af905386bc433d99195c2df391d411442622bf8804877858741a","nonce":"564fde9f478cd3603134690f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"4080561160e86f5206858d5e8673e0c5ed554d23cd825a6443c714d55c92b206c144019d07c80eef0496ee770e","nonce":"564fde9f478cd3603134690e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"2410541134c7b475f9475c663d0a70bd87791875d8be849fc1426e01c9ad3199"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"5b857a254e1a40f5f4307f815518582baef0d53ac0deabf455e2f8a26a12cb29"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9eb7839a3c8f88ec2e2cd1ecb1623bf24a1639aaf3416c52430fd4837d577b94"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"2bfc06807066d8491eff073cf1a7a5b9a1546170b14a4fd057b7135f0d5b11e3"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e25d0266e78bec3b4a45ba3bd4d01aeb832d119de9e3f967e6ffeee4ece783eb"}]},{"mode":3,"kemID":18,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"ed5de2119c25250d734d16c05516e22d43a327dc45e3f95cd7857dc13423ee4fa575561d5d6e22d2d3dc1f8cb308035a317b95bd88370c654cfbf9c0b32fb06e11f9","seedS":"52e45cd901269701f293f7fd34490c376c8a6c1189f458d5e6c63096406655fa51c07ede00ce5ae9b1d9f289210e2ff8a1c165a397ba30654ed3dbbf7f207e976773","seedE":"cb9fcf6266105edebc7a2de807785747ed6325ed44dd0c9aed220f6133277b56310f2a4cbac3843d4013a4c8c600b5959d8575b4e34c6dd79e0b2b39c5d696ce7deb","skRm":"00599742c057aa55eca20368077bc055cbaecf2e9398d7b58f4e36429ee788b40d21d5f627c8c22a7dea12f0ad246261b4d375d9fc3f00066c6906f1313208a70b5f","skSm":"0112d76807290e7b4cbf1970aba723060298519e3231be92cbd463c449826c2fa648f39d48ffc4a42303df9c34531750b13978b734c94bb2d126ad5795aff3004cc1","skEm":"01197646e60c9d23f91ab455c9f8aaf9e52541b6836ede2c49ef23ba2077d6d2fc81860216a132911b8777b9a94339a67ee36f07d3144af262ef37cf0279d81a11ac","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04014e36144fb99f0f5a33554b81df9aafe2f4dc8a2f6c26d7f6ebf950e8a3759b9f40e0c957fa3519184ca6ea5e0892c3699bf8003235ef3947c904978218a6a5447100cbecd8c1c3b01d0ffcf5770346fac77d4f16323d01bb5efbed9b30c54d5079ef9a56e1e206edd4b0bd677314b032eb939cd8d0b8ddafe65df8da4ad19a34616e68","pkSm":"040017df2c0dca8bd445be0f803445624181d895560c82f10dba6271583c2d39fa116dc2809f727b03c947a20d66ba5a5bff8e4594f3c289affd2d90989e770a0f91ad00bf0357a451d75e375a9cd8b186a1c0b0f31e90f37e46d7cbfe248069cc5a5e462a919fc91ec1d38f7c8697d5768413a5a76b264988638e0ff999fb1f36e23336cd","pkEm":"0400b42126ff855228bca301cceaafb46baeb689f0bf7595877b56b5cf85259c3994aad94145f6445e26424530cdf526ffaa44f413de90e824ac33f33eac5ff48073f000595c0aad526f39e2c8fe41fca355d7b3bc428903b10c947c927dc9f7f38e3462bff43ef6e06ac50404f80c06686cc24010b2fb362f856461cc89c1c24dfb5c9e39","enc":"0400b42126ff855228bca301cceaafb46baeb689f0bf7595877b56b5cf85259c3994aad94145f6445e26424530cdf526ffaa44f413de90e824ac33f33eac5ff48073f000595c0aad526f39e2c8fe41fca355d7b3bc428903b10c947c927dc9f7f38e3462bff43ef6e06ac50404f80c06686cc24010b2fb362f856461cc89c1c24dfb5c9e39","zz":"d14b3745d7ae625324a6c567822f0ee1d7d398d090379c5f8d1a048b88c08080297bf1e432734ef4116cdf3bd311bf5cc72ffb3f66c940ee61329e1147fbffb4","keyScheduleContext":"03a22e3de26f73596110b2b1a2ea1f26f666169885e0e147bb3995bfda4f515993c7d9dd6d0b7b869303a9ba5342d8faeb81d829ff7e63621d1b4c98e206abb7dc6a046af684c77cae358817a75250505c4805d54db8f367d9e1b4d993b6ab1f8e647804c55f0d421e4086b1382c49e4ada08fd351dbd75d0926e0a423e0a4e927","secret":"d523d62ef469c28ad42281184be836c67e83ca72e854c7ea7ae1210384aef7ee5fc4f9bbbcf7da9dd4fe1c872965c31c50cf16d3c4ee27817c1a235d045fecbb","key":"8e051245c22c63eda4e922a1186b7864966b97f546b68fa1ac09825203e0420e","nonce":"e16068173a8343274c3a4ada","exporterSecret":"c1b6e6abaf691eebf40ff383195d604b6f492e68776efd4d718dccc1206ff3da603535fb74c77fd10ab399fee342b7210055191099d554d78e5211091d5a74b3","encryptions":[{"aad":"436f756e742d30","ciphertext":"e52b55750804ce827a7309631ee87342373303ec39de203f66c4cc73e9e11883f1198a78bea94670cee08d5a67","nonce":"e16068173a8343274c3a4ada","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e34c7d8999e941543f17df43d36b76449819277efdbc1be0e0e2152e743091d4e7ac6186b0733e1c7939cc5b57","nonce":"e16068173a8343274c3a4adb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0ba33db4b74af3fd62064a6c4c9960961e31a83cddf0a6e4d6b54e6c51c3940afa97543caa4dac22bab31d2b7a","nonce":"e16068173a8343274c3a4ad8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b93f69c02a9367544a1e83d2c8f0d4aa3054851f5feb4bb6acc98bbe19ea1fbeb013e4fd8396e22a30f630afc5","nonce":"e16068173a8343274c3a4ad9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"49235c130045a7d168ae811be5847cd9a01a554b81ab05999732c1599cce7d67054e849f8fcc8af7819edb567f","nonce":"e16068173a8343274c3a4ade","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b4cab15b719343b18112625bee3264dbcd94aea48377a0f1d1f8c90e57a615252d704abec3c13fe85e811f5a02","nonce":"e16068173a8343274c3a4adf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ef49383de5c872ccc74b8df1ae50cd81cfc452c2c22a6063d12e2fb4e4450764358ea54154735335829000063b","nonce":"e16068173a8343274c3a4adc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"aefd40961e07326b59a9cad25619b75734e5cec44029a040f76bbcc35128b7eae512e0d1767356f7df427f0d97","nonce":"e16068173a8343274c3a4add","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"61bffac9f45222a68e4612f2248bc1b865f1a5723c342711695eaaf60033e24086c1eb39eb4d5da6688f7b1092","nonce":"e16068173a8343274c3a4ad2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a80964c0ef2c759301bd0b70c99fd4e0def94080f4f0bd12ed81299c7a4e596bbbda50664a0843aaf964c3bc9b","nonce":"e16068173a8343274c3a4ad3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"381a47986c43596bd8e2009e2e1747a64fde9f7ef589b1b0832678fc07a8aef1"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f8b6acc14cbe4581f8e944b3344a48fcd3f4b54e19e18b8a2c643ff9d31a2e08"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"91e6a765ee9636b1198b18dc2039f1599a7a7872e1d5694b1301e8fd049b971c"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e77928b9dca67af2bba39bac2acf9aa2b3c43525b2f62e5964133ea0a9cc4b95"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"527971e61c00944313665d642c90ed9482b8385907a6bd5d695c4228f0e9aef4"}]}] \ No newline at end of file diff --git a/crypto/hpke/translate_test_vectors.py b/crypto/hpke/translate_test_vectors.py new file mode 100755 index 0000000000..05669bd727 --- /dev/null +++ b/crypto/hpke/translate_test_vectors.py @@ -0,0 +1,81 @@ +#!/usr/bin/env python +# coding=utf-8 +# Copyright (c) 2020, Google Inc. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +"""This script translates JSON test vectors to BoringSSL's "FileTest" format. + +Usage: translate_test_vectors.py TEST_VECTORS_JSON_FILE + +The TEST_VECTORS_JSON_FILE is expected to come from the HPKE reference +implementation at https://github.com/cisco/go-hpke. The output file is +hardcoded as "hpke_test_vectors.txt". +""" + +import collections +import json +import sys + +HPKE_MODE_BASE = 0 +HPKE_DHKEM_X25519_SHA256 = 0x0020 + + +def read_test_vectors_and_generate_code(json_file_in_path, test_file_out_path): + """Translates JSON test vectors into BoringSSL's FileTest language. + + Args: + json_file_in_path: Path to the JSON test vectors file. + test_file_out_path: Path to output file. + """ + + # Load the JSON file into |test_vecs|. + with open(json_file_in_path) as file_in: + test_vecs = json.load(file_in) + + lines = [] + for test in test_vecs: + # Filter out test cases that we don't use. + if (test["mode"] != HPKE_MODE_BASE or + test["kemID"] != HPKE_DHKEM_X25519_SHA256): + continue + + for key in ("kdfID", "aeadID", "info", "skRm", "skEm", "pkRm", "pkEm"): + lines.append("{} = {}".format(key, str(test[key]))) + + for i, enc in enumerate(test["encryptions"]): + lines.append("# encryptions[{}]".format(i)) + for key in ("aad", "ciphertext", "plaintext"): + lines.append("{} = {}".format(key, str(enc[key]))) + + for i, exp in enumerate(test["exports"]): + lines.append("# exports[{}]".format(i)) + for key in ("exportContext", "exportLength", "exportValue"): + lines.append("{} = {}".format(key, str(exp[key]))) + + lines.append("") + + with open(test_file_out_path, "w") as file_out: + file_out.write("\n".join(lines)) + + +def main(argv): + if len(argv) != 2: + print(__doc__) + sys.exit(1) + + read_test_vectors_and_generate_code(argv[1], "hpke_test_vectors.txt") + + +if __name__ == "__main__": + main(sys.argv) diff --git a/sources.cmake b/sources.cmake index a5f2d2105f..e20aef08d4 100644 --- a/sources.cmake +++ b/sources.cmake @@ -55,6 +55,7 @@ set( crypto/fipsmodule/modes/gcm_tests.txt crypto/fipsmodule/rand/ctrdrbg_vectors.txt crypto/hmac_extra/hmac_tests.txt + crypto/hpke/hpke_test_vectors.txt crypto/poly1305/poly1305_tests.txt crypto/siphash/siphash_tests.txt crypto/x509/test/invalid_extension_intermediate.pem From db129f3f3fdf2c2dd880e9c59fe4240eb3ebd490 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 28 Jul 2020 10:32:24 -0400 Subject: [PATCH 062/399] Add X509_SIG_get0 and X509_SIG_getm. Change-Id: I1bef3ea54f871003f7e4a076c5cfb0dbb7f89f73 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42344 Reviewed-by: Adam Langley --- crypto/x509/x_sig.c | 20 ++++++++++++++++++++ include/openssl/x509.h | 11 +++++++++++ 2 files changed, 31 insertions(+) diff --git a/crypto/x509/x_sig.c b/crypto/x509/x_sig.c index e18024a72c..ca08c64433 100644 --- a/crypto/x509/x_sig.c +++ b/crypto/x509/x_sig.c @@ -67,3 +67,23 @@ ASN1_SEQUENCE(X509_SIG) = { } ASN1_SEQUENCE_END(X509_SIG) IMPLEMENT_ASN1_FUNCTIONS(X509_SIG) + +void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **out_alg, + const ASN1_OCTET_STRING **out_digest) { + if (out_alg != NULL) { + *out_alg = sig->algor; + } + if (out_digest != NULL) { + *out_digest = sig->digest; + } +} + +void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **out_alg, + ASN1_OCTET_STRING **out_digest) { + if (out_alg != NULL) { + *out_alg = sig->algor; + } + if (out_digest != NULL) { + *out_digest = sig->digest; + } +} diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 94dcc79441..d3b32a83b5 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -559,6 +559,17 @@ OPENSSL_EXPORT void X509_CINF_set_modified(X509_CINF *cinf); // |X509_get0_tbs_sigalg| instead. OPENSSL_EXPORT const X509_ALGOR *X509_CINF_get_signature(const X509_CINF *cinf); +// X509_SIG_get0 sets |*out_alg| and |*out_digest| to non-owning pointers to +// |sig|'s algorithm and digest fields, respectively. Either |out_alg| and +// |out_digest| may be NULL to skip those fields. +OPENSSL_EXPORT void X509_SIG_get0(const X509_SIG *sig, + const X509_ALGOR **out_alg, + const ASN1_OCTET_STRING **out_digest); + +// X509_SIG_getm behaves like |X509_SIG_get0| but returns mutable pointers. +OPENSSL_EXPORT void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **out_alg, + ASN1_OCTET_STRING **out_digest); + OPENSSL_EXPORT void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); OPENSSL_EXPORT X509_CRL_METHOD *X509_CRL_METHOD_new( int (*crl_init)(X509_CRL *crl), int (*crl_free)(X509_CRL *crl), From 281a8f5ea393ffe67924249d2f0636d97a609c1f Mon Sep 17 00:00:00 2001 From: Nick Harper Date: Tue, 28 Jul 2020 10:12:49 -0700 Subject: [PATCH 063/399] Disable ClientHello padding for QUIC. Bug: 327 Change-Id: I415deee8e6b2dc4cd5bdfb5e329d889dd3a5baa7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42364 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- ssl/t1_lib.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc index dad0fcf58f..5032af5f0b 100644 --- a/ssl/t1_lib.cc +++ b/ssl/t1_lib.cc @@ -3047,7 +3047,7 @@ bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, last_was_empty = false; } - if (!SSL_is_dtls(ssl)) { + if (!SSL_is_dtls(ssl) && !ssl->quic_method) { size_t psk_extension_len = ext_pre_shared_key_clienthello_length(hs); header_len += 2 + CBB_len(&extensions) + psk_extension_len; size_t padding_len = 0; From 70fee172042c9727f98ea2e6659eb77336e0dc7f Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 7 Jul 2020 17:56:05 -0400 Subject: [PATCH 064/399] Use golang.org/x/crypto in runner. The CI should be set up to retain the Go module and build caches, so we'll avoid downloading it multiple times. This avoids having to replicate some code. Update-Note: The tests now have a golang.org/x/crypto dependency. This should be fetched transparently with Go modules. Monorepos with different import path conventions may need to rewrite these imports. Change-Id: If5ba52e051f180536d72109c2e690bbd13d58e7c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42044 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- go.mod | 2 + go.sum | 8 + ssl/test/runner/chacha20_poly1305.go | 194 -- ssl/test/runner/chacha20_poly1305_test.go | 135 - ssl/test/runner/cipher_suites.go | 4 +- ssl/test/runner/curve25519/const_amd64.h | 8 - ssl/test/runner/curve25519/const_amd64.s | 20 - ssl/test/runner/curve25519/cswap_amd64.s | 88 - ssl/test/runner/curve25519/curve25519.go | 841 ----- ssl/test/runner/curve25519/curve25519_test.go | 29 - ssl/test/runner/curve25519/doc.go | 23 - ssl/test/runner/curve25519/freeze_amd64.s | 73 - ssl/test/runner/curve25519/ladderstep_amd64.s | 1377 -------- ssl/test/runner/curve25519/mont25519_amd64.go | 240 -- ssl/test/runner/curve25519/mul_amd64.s | 169 - ssl/test/runner/curve25519/square_amd64.s | 132 - ssl/test/runner/deterministic.go | 8 +- ssl/test/runner/hkdf.go | 57 - ssl/test/runner/hkdf_test.go | 101 - ssl/test/runner/key_agreement.go | 2 +- ssl/test/runner/poly1305/poly1305.go | 33 - ssl/test/runner/poly1305/poly1305_test.go | 132 - ssl/test/runner/poly1305/sum_amd64.go | 22 - ssl/test/runner/poly1305/sum_amd64.s | 125 - ssl/test/runner/poly1305/sum_arm.go | 22 - ssl/test/runner/poly1305/sum_arm.s | 427 --- ssl/test/runner/poly1305/sum_noasm.go | 14 - ssl/test/runner/poly1305/sum_ref.go | 139 - ssl/test/runner/poly1305/sum_s390x.go | 49 - ssl/test/runner/poly1305/sum_s390x.s | 400 --- ssl/test/runner/poly1305/sum_vmsl_s390x.s | 931 ------ ssl/test/runner/poly1305/vectors_test.go | 2943 ----------------- ssl/test/runner/prf.go | 10 +- 33 files changed, 29 insertions(+), 8729 deletions(-) create mode 100644 go.sum delete mode 100644 ssl/test/runner/chacha20_poly1305.go delete mode 100644 ssl/test/runner/chacha20_poly1305_test.go delete mode 100644 ssl/test/runner/curve25519/const_amd64.h delete mode 100644 ssl/test/runner/curve25519/const_amd64.s delete mode 100644 ssl/test/runner/curve25519/cswap_amd64.s delete mode 100644 ssl/test/runner/curve25519/curve25519.go delete mode 100644 ssl/test/runner/curve25519/curve25519_test.go delete mode 100644 ssl/test/runner/curve25519/doc.go delete mode 100644 ssl/test/runner/curve25519/freeze_amd64.s delete mode 100644 ssl/test/runner/curve25519/ladderstep_amd64.s delete mode 100644 ssl/test/runner/curve25519/mont25519_amd64.go delete mode 100644 ssl/test/runner/curve25519/mul_amd64.s delete mode 100644 ssl/test/runner/curve25519/square_amd64.s delete mode 100644 ssl/test/runner/hkdf.go delete mode 100644 ssl/test/runner/hkdf_test.go delete mode 100644 ssl/test/runner/poly1305/poly1305.go delete mode 100644 ssl/test/runner/poly1305/poly1305_test.go delete mode 100644 ssl/test/runner/poly1305/sum_amd64.go delete mode 100644 ssl/test/runner/poly1305/sum_amd64.s delete mode 100644 ssl/test/runner/poly1305/sum_arm.go delete mode 100644 ssl/test/runner/poly1305/sum_arm.s delete mode 100644 ssl/test/runner/poly1305/sum_noasm.go delete mode 100644 ssl/test/runner/poly1305/sum_ref.go delete mode 100644 ssl/test/runner/poly1305/sum_s390x.go delete mode 100644 ssl/test/runner/poly1305/sum_s390x.s delete mode 100644 ssl/test/runner/poly1305/sum_vmsl_s390x.s delete mode 100644 ssl/test/runner/poly1305/vectors_test.go diff --git a/go.mod b/go.mod index 20f42f8592..17f946837c 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,5 @@ module boringssl.googlesource.com/boringssl go 1.13 + +require golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 diff --git a/go.sum b/go.sum new file mode 100644 index 0000000000..8b7d318c6b --- /dev/null +++ b/go.sum @@ -0,0 +1,8 @@ +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/ssl/test/runner/chacha20_poly1305.go b/ssl/test/runner/chacha20_poly1305.go deleted file mode 100644 index 446fb55782..0000000000 --- a/ssl/test/runner/chacha20_poly1305.go +++ /dev/null @@ -1,194 +0,0 @@ -// Copyright (c) 2016, Google Inc. -// -// Permission to use, copy, modify, and/or distribute this software for any -// purpose with or without fee is hereby granted, provided that the above -// copyright notice and this permission notice appear in all copies. -// -// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -package runner - -import ( - "crypto/cipher" - "crypto/subtle" - "encoding/binary" - "errors" - - "boringssl.googlesource.com/boringssl/ssl/test/runner/poly1305" -) - -// See RFC 7539. - -func leftRotate(a uint32, n uint) uint32 { - return (a << n) | (a >> (32 - n)) -} - -func chaChaQuarterRound(state *[16]uint32, a, b, c, d int) { - state[a] += state[b] - state[d] = leftRotate(state[d]^state[a], 16) - - state[c] += state[d] - state[b] = leftRotate(state[b]^state[c], 12) - - state[a] += state[b] - state[d] = leftRotate(state[d]^state[a], 8) - - state[c] += state[d] - state[b] = leftRotate(state[b]^state[c], 7) -} - -func chaCha20Block(state *[16]uint32, out []byte) { - var workingState [16]uint32 - copy(workingState[:], state[:]) - for i := 0; i < 10; i++ { - chaChaQuarterRound(&workingState, 0, 4, 8, 12) - chaChaQuarterRound(&workingState, 1, 5, 9, 13) - chaChaQuarterRound(&workingState, 2, 6, 10, 14) - chaChaQuarterRound(&workingState, 3, 7, 11, 15) - chaChaQuarterRound(&workingState, 0, 5, 10, 15) - chaChaQuarterRound(&workingState, 1, 6, 11, 12) - chaChaQuarterRound(&workingState, 2, 7, 8, 13) - chaChaQuarterRound(&workingState, 3, 4, 9, 14) - } - for i := 0; i < 16; i++ { - binary.LittleEndian.PutUint32(out[i*4:i*4+4], workingState[i]+state[i]) - } -} - -// sliceForAppend takes a slice and a requested number of bytes. It returns a -// slice with the contents of the given slice followed by that many bytes and a -// second slice that aliases into it and contains only the extra bytes. If the -// original slice has sufficient capacity then no allocation is performed. -func sliceForAppend(in []byte, n int) (head, tail []byte) { - if total := len(in) + n; cap(in) >= total { - head = in[:total] - } else { - head = make([]byte, total) - copy(head, in) - } - tail = head[len(in):] - return -} - -func chaCha20(out, in, key, nonce []byte, counter uint64) { - var state [16]uint32 - state[0] = 0x61707865 - state[1] = 0x3320646e - state[2] = 0x79622d32 - state[3] = 0x6b206574 - for i := 0; i < 8; i++ { - state[4+i] = binary.LittleEndian.Uint32(key[i*4 : i*4+4]) - } - - switch len(nonce) { - case 8: - state[14] = binary.LittleEndian.Uint32(nonce[0:4]) - state[15] = binary.LittleEndian.Uint32(nonce[4:8]) - case 12: - state[13] = binary.LittleEndian.Uint32(nonce[0:4]) - state[14] = binary.LittleEndian.Uint32(nonce[4:8]) - state[15] = binary.LittleEndian.Uint32(nonce[8:12]) - default: - panic("bad nonce length") - } - - for i := 0; i < len(in); i += 64 { - state[12] = uint32(counter) - - var tmp [64]byte - chaCha20Block(&state, tmp[:]) - count := 64 - if len(in)-i < count { - count = len(in) - i - } - for j := 0; j < count; j++ { - out[i+j] = in[i+j] ^ tmp[j] - } - - counter++ - } -} - -// chaCha20Poly1305 implements the AEAD from -// RFC 7539 and draft-agl-tls-chacha20poly1305-04. -type chaCha20Poly1305 struct { - key [32]byte -} - -func newChaCha20Poly1305(key []byte) (cipher.AEAD, error) { - if len(key) != 32 { - return nil, errors.New("bad key length") - } - aead := new(chaCha20Poly1305) - copy(aead.key[:], key) - return aead, nil -} - -func (c *chaCha20Poly1305) NonceSize() int { - return 12 -} - -func (c *chaCha20Poly1305) Overhead() int { return 16 } - -func (c *chaCha20Poly1305) poly1305(tag *[16]byte, nonce, ciphertext, additionalData []byte) { - input := make([]byte, 0, len(additionalData)+15+len(ciphertext)+15+8+8) - input = append(input, additionalData...) - var zeros [15]byte - if pad := len(input) % 16; pad != 0 { - input = append(input, zeros[:16-pad]...) - } - input = append(input, ciphertext...) - if pad := len(input) % 16; pad != 0 { - input = append(input, zeros[:16-pad]...) - } - input, out := sliceForAppend(input, 8) - binary.LittleEndian.PutUint64(out, uint64(len(additionalData))) - input, out = sliceForAppend(input, 8) - binary.LittleEndian.PutUint64(out, uint64(len(ciphertext))) - - var poly1305Key [32]byte - chaCha20(poly1305Key[:], poly1305Key[:], c.key[:], nonce, 0) - - poly1305.Sum(tag, input, &poly1305Key) -} - -func (c *chaCha20Poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte { - if len(nonce) != c.NonceSize() { - panic("Bad nonce length") - } - - ret, out := sliceForAppend(dst, len(plaintext)+16) - chaCha20(out[:len(plaintext)], plaintext, c.key[:], nonce, 1) - - var tag [16]byte - c.poly1305(&tag, nonce, out[:len(plaintext)], additionalData) - copy(out[len(plaintext):], tag[:]) - - return ret -} - -func (c *chaCha20Poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { - if len(nonce) != c.NonceSize() { - panic("Bad nonce length") - } - if len(ciphertext) < 16 { - return nil, errors.New("chacha20: message authentication failed") - } - plaintextLen := len(ciphertext) - 16 - - var tag [16]byte - c.poly1305(&tag, nonce, ciphertext[:plaintextLen], additionalData) - if subtle.ConstantTimeCompare(tag[:], ciphertext[plaintextLen:]) != 1 { - return nil, errors.New("chacha20: message authentication failed") - } - - ret, out := sliceForAppend(dst, plaintextLen) - chaCha20(out, ciphertext[:plaintextLen], c.key[:], nonce, 1) - return ret, nil -} diff --git a/ssl/test/runner/chacha20_poly1305_test.go b/ssl/test/runner/chacha20_poly1305_test.go deleted file mode 100644 index b59bb02beb..0000000000 --- a/ssl/test/runner/chacha20_poly1305_test.go +++ /dev/null @@ -1,135 +0,0 @@ -// Copyright (c) 2016, Google Inc. -// -// Permission to use, copy, modify, and/or distribute this software for any -// purpose with or without fee is hereby granted, provided that the above -// copyright notice and this permission notice appear in all copies. -// -// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -package runner - -import ( - "bytes" - "testing" -) - -// See RFC 7539, section 2.1.1. -func TestChaChaQuarterRound(t *testing.T) { - state := [16]uint32{0x11111111, 0x01020304, 0x9b8d6f43, 0x01234567} - chaChaQuarterRound(&state, 0, 1, 2, 3) - - a, b, c, d := state[0], state[1], state[2], state[3] - if a != 0xea2a92f4 || b != 0xcb1cf8ce || c != 0x4581472e || d != 0x5881c4bb { - t.Errorf("Incorrect results: %x", state) - } -} - -// See RFC 7539, section 2.2.1. -func TestChaChaQuarterRoundState(t *testing.T) { - state := [16]uint32{ - 0x879531e0, 0xc5ecf37d, 0x516461b1, 0xc9a62f8a, - 0x44c20ef3, 0x3390af7f, 0xd9fc690b, 0x2a5f714c, - 0x53372767, 0xb00a5631, 0x974c541a, 0x359e9963, - 0x5c971061, 0x3d631689, 0x2098d9d6, 0x91dbd320, - } - chaChaQuarterRound(&state, 2, 7, 8, 13) - - expected := [16]uint32{ - 0x879531e0, 0xc5ecf37d, 0xbdb886dc, 0xc9a62f8a, - 0x44c20ef3, 0x3390af7f, 0xd9fc690b, 0xcfacafd2, - 0xe46bea80, 0xb00a5631, 0x974c541a, 0x359e9963, - 0x5c971061, 0xccc07c79, 0x2098d9d6, 0x91dbd320, - } - for i := range state { - if state[i] != expected[i] { - t.Errorf("Mismatch at %d: %x vs %x", i, state, expected) - } - } -} - -// See RFC 7539, section 2.3.2. -func TestChaCha20Block(t *testing.T) { - state := [16]uint32{ - 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574, - 0x03020100, 0x07060504, 0x0b0a0908, 0x0f0e0d0c, - 0x13121110, 0x17161514, 0x1b1a1918, 0x1f1e1d1c, - 0x00000001, 0x09000000, 0x4a000000, 0x00000000, - } - out := make([]byte, 64) - chaCha20Block(&state, out) - - expected := []byte{ - 0x10, 0xf1, 0xe7, 0xe4, 0xd1, 0x3b, 0x59, 0x15, - 0x50, 0x0f, 0xdd, 0x1f, 0xa3, 0x20, 0x71, 0xc4, - 0xc7, 0xd1, 0xf4, 0xc7, 0x33, 0xc0, 0x68, 0x03, - 0x04, 0x22, 0xaa, 0x9a, 0xc3, 0xd4, 0x6c, 0x4e, - 0xd2, 0x82, 0x64, 0x46, 0x07, 0x9f, 0xaa, 0x09, - 0x14, 0xc2, 0xd7, 0x05, 0xd9, 0x8b, 0x02, 0xa2, - 0xb5, 0x12, 0x9c, 0xd1, 0xde, 0x16, 0x4e, 0xb9, - 0xcb, 0xd0, 0x83, 0xe8, 0xa2, 0x50, 0x3c, 0x4e, - } - if !bytes.Equal(out, expected) { - t.Errorf("Got %x, wanted %x", out, expected) - } -} - -var chaCha20Poly1305TestVectors = []struct { - key, input, nonce, ad, output string -}{ - { - // See RFC 7539, section 2.8.2. - key: "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", - input: "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e", - nonce: "070000004041424344454647", - ad: "50515253c0c1c2c3c4c5c6c7", - output: "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691", - }, - { - // See RFC 7539, section A.5. - key: "1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0", - input: "496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d", - nonce: "000000000102030405060708", - ad: "f33388860000000000004e91", - output: "64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709beead9d67890cbb22392336fea1851f38", - }, -} - -// See draft-agl-tls-chacha20poly1305-04, section 7. -func TestChaCha20Poly1305(t *testing.T) { - for i, tt := range chaCha20Poly1305TestVectors { - key := decodeHexOrPanic(tt.key) - input := decodeHexOrPanic(tt.input) - nonce := decodeHexOrPanic(tt.nonce) - ad := decodeHexOrPanic(tt.ad) - output := decodeHexOrPanic(tt.output) - - aead, err := newChaCha20Poly1305(key) - if err != nil { - t.Fatal(err) - } - - out, err := aead.Open(nil, nonce, output, ad) - if err != nil { - t.Errorf("%d. Open failed: %s", i, err) - } else if !bytes.Equal(out, input) { - t.Errorf("%d. Open gave %x, wanted %x", i, out, input) - } - - out = aead.Seal(nil, nonce, input, ad) - if !bytes.Equal(out, output) { - t.Errorf("%d. Open gave %x, wanted %x", i, out, output) - } - - out[0]++ - _, err = aead.Open(nil, nonce, out, ad) - if err == nil { - t.Errorf("%d. Open on malformed data unexpectedly succeeded", i) - } - } -} diff --git a/ssl/test/runner/cipher_suites.go b/ssl/test/runner/cipher_suites.go index e827c52461..48dfa5705e 100644 --- a/ssl/test/runner/cipher_suites.go +++ b/ssl/test/runner/cipher_suites.go @@ -16,6 +16,8 @@ import ( "crypto/sha512" "crypto/x509" "hash" + + "golang.org/x/crypto/chacha20poly1305" ) // a keyAgreement implements the client and server side of a TLS key agreement @@ -305,7 +307,7 @@ func (x *xorNonceAEAD) Open(out, nonce, plaintext, additionalData []byte) ([]byt } func aeadCHACHA20POLY1305(version uint16, key, fixedNonce []byte) *tlsAead { - aead, err := newChaCha20Poly1305(key) + aead, err := chacha20poly1305.New(key) if err != nil { panic(err) } diff --git a/ssl/test/runner/curve25519/const_amd64.h b/ssl/test/runner/curve25519/const_amd64.h deleted file mode 100644 index 80ad2220fd..0000000000 --- a/ssl/test/runner/curve25519/const_amd64.h +++ /dev/null @@ -1,8 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// This code was translated into a form compatible with 6a from the public -// domain sources in SUPERCOP: http://bench.cr.yp.to/supercop.html - -#define REDMASK51 0x0007FFFFFFFFFFFF diff --git a/ssl/test/runner/curve25519/const_amd64.s b/ssl/test/runner/curve25519/const_amd64.s deleted file mode 100644 index 0ad539885b..0000000000 --- a/ssl/test/runner/curve25519/const_amd64.s +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// This code was translated into a form compatible with 6a from the public -// domain sources in SUPERCOP: http://bench.cr.yp.to/supercop.html - -// +build amd64,!gccgo,!appengine - -// These constants cannot be encoded in non-MOVQ immediates. -// We access them directly from memory instead. - -DATA ·_121666_213(SB)/8, $996687872 -GLOBL ·_121666_213(SB), 8, $8 - -DATA ·_2P0(SB)/8, $0xFFFFFFFFFFFDA -GLOBL ·_2P0(SB), 8, $8 - -DATA ·_2P1234(SB)/8, $0xFFFFFFFFFFFFE -GLOBL ·_2P1234(SB), 8, $8 diff --git a/ssl/test/runner/curve25519/cswap_amd64.s b/ssl/test/runner/curve25519/cswap_amd64.s deleted file mode 100644 index 45484d1b59..0000000000 --- a/ssl/test/runner/curve25519/cswap_amd64.s +++ /dev/null @@ -1,88 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// This code was translated into a form compatible with 6a from the public -// domain sources in SUPERCOP: http://bench.cr.yp.to/supercop.html - -// +build amd64,!gccgo,!appengine - -// func cswap(inout *[5]uint64, v uint64) -TEXT ·cswap(SB),7,$0 - MOVQ inout+0(FP),DI - MOVQ v+8(FP),SI - - CMPQ SI,$1 - MOVQ 0(DI),SI - MOVQ 80(DI),DX - MOVQ 8(DI),CX - MOVQ 88(DI),R8 - MOVQ SI,R9 - CMOVQEQ DX,SI - CMOVQEQ R9,DX - MOVQ CX,R9 - CMOVQEQ R8,CX - CMOVQEQ R9,R8 - MOVQ SI,0(DI) - MOVQ DX,80(DI) - MOVQ CX,8(DI) - MOVQ R8,88(DI) - MOVQ 16(DI),SI - MOVQ 96(DI),DX - MOVQ 24(DI),CX - MOVQ 104(DI),R8 - MOVQ SI,R9 - CMOVQEQ DX,SI - CMOVQEQ R9,DX - MOVQ CX,R9 - CMOVQEQ R8,CX - CMOVQEQ R9,R8 - MOVQ SI,16(DI) - MOVQ DX,96(DI) - MOVQ CX,24(DI) - MOVQ R8,104(DI) - MOVQ 32(DI),SI - MOVQ 112(DI),DX - MOVQ 40(DI),CX - MOVQ 120(DI),R8 - MOVQ SI,R9 - CMOVQEQ DX,SI - CMOVQEQ R9,DX - MOVQ CX,R9 - CMOVQEQ R8,CX - CMOVQEQ R9,R8 - MOVQ SI,32(DI) - MOVQ DX,112(DI) - MOVQ CX,40(DI) - MOVQ R8,120(DI) - MOVQ 48(DI),SI - MOVQ 128(DI),DX - MOVQ 56(DI),CX - MOVQ 136(DI),R8 - MOVQ SI,R9 - CMOVQEQ DX,SI - CMOVQEQ R9,DX - MOVQ CX,R9 - CMOVQEQ R8,CX - CMOVQEQ R9,R8 - MOVQ SI,48(DI) - MOVQ DX,128(DI) - MOVQ CX,56(DI) - MOVQ R8,136(DI) - MOVQ 64(DI),SI - MOVQ 144(DI),DX - MOVQ 72(DI),CX - MOVQ 152(DI),R8 - MOVQ SI,R9 - CMOVQEQ DX,SI - CMOVQEQ R9,DX - MOVQ CX,R9 - CMOVQEQ R8,CX - CMOVQEQ R9,R8 - MOVQ SI,64(DI) - MOVQ DX,144(DI) - MOVQ CX,72(DI) - MOVQ R8,152(DI) - MOVQ DI,AX - MOVQ SI,DX - RET diff --git a/ssl/test/runner/curve25519/curve25519.go b/ssl/test/runner/curve25519/curve25519.go deleted file mode 100644 index 6918c47fc2..0000000000 --- a/ssl/test/runner/curve25519/curve25519.go +++ /dev/null @@ -1,841 +0,0 @@ -// Copyright 2013 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// We have a implementation in amd64 assembly so this code is only run on -// non-amd64 platforms. The amd64 assembly does not support gccgo. -// +build !amd64 gccgo appengine - -package curve25519 - -// This code is a port of the public domain, "ref10" implementation of -// curve25519 from SUPERCOP 20130419 by D. J. Bernstein. - -// fieldElement represents an element of the field GF(2^255 - 19). An element -// t, entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77 -// t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on -// context. -type fieldElement [10]int32 - -func feZero(fe *fieldElement) { - for i := range fe { - fe[i] = 0 - } -} - -func feOne(fe *fieldElement) { - feZero(fe) - fe[0] = 1 -} - -func feAdd(dst, a, b *fieldElement) { - for i := range dst { - dst[i] = a[i] + b[i] - } -} - -func feSub(dst, a, b *fieldElement) { - for i := range dst { - dst[i] = a[i] - b[i] - } -} - -func feCopy(dst, src *fieldElement) { - for i := range dst { - dst[i] = src[i] - } -} - -// feCSwap replaces (f,g) with (g,f) if b == 1; replaces (f,g) with (f,g) if b == 0. -// -// Preconditions: b in {0,1}. -func feCSwap(f, g *fieldElement, b int32) { - var x fieldElement - b = -b - for i := range x { - x[i] = b & (f[i] ^ g[i]) - } - - for i := range f { - f[i] ^= x[i] - } - for i := range g { - g[i] ^= x[i] - } -} - -// load3 reads a 24-bit, little-endian value from in. -func load3(in []byte) int64 { - var r int64 - r = int64(in[0]) - r |= int64(in[1]) << 8 - r |= int64(in[2]) << 16 - return r -} - -// load4 reads a 32-bit, little-endian value from in. -func load4(in []byte) int64 { - var r int64 - r = int64(in[0]) - r |= int64(in[1]) << 8 - r |= int64(in[2]) << 16 - r |= int64(in[3]) << 24 - return r -} - -func feFromBytes(dst *fieldElement, src *[32]byte) { - h0 := load4(src[:]) - h1 := load3(src[4:]) << 6 - h2 := load3(src[7:]) << 5 - h3 := load3(src[10:]) << 3 - h4 := load3(src[13:]) << 2 - h5 := load4(src[16:]) - h6 := load3(src[20:]) << 7 - h7 := load3(src[23:]) << 5 - h8 := load3(src[26:]) << 4 - h9 := load3(src[29:]) << 2 - - var carry [10]int64 - carry[9] = (h9 + 1<<24) >> 25 - h0 += carry[9] * 19 - h9 -= carry[9] << 25 - carry[1] = (h1 + 1<<24) >> 25 - h2 += carry[1] - h1 -= carry[1] << 25 - carry[3] = (h3 + 1<<24) >> 25 - h4 += carry[3] - h3 -= carry[3] << 25 - carry[5] = (h5 + 1<<24) >> 25 - h6 += carry[5] - h5 -= carry[5] << 25 - carry[7] = (h7 + 1<<24) >> 25 - h8 += carry[7] - h7 -= carry[7] << 25 - - carry[0] = (h0 + 1<<25) >> 26 - h1 += carry[0] - h0 -= carry[0] << 26 - carry[2] = (h2 + 1<<25) >> 26 - h3 += carry[2] - h2 -= carry[2] << 26 - carry[4] = (h4 + 1<<25) >> 26 - h5 += carry[4] - h4 -= carry[4] << 26 - carry[6] = (h6 + 1<<25) >> 26 - h7 += carry[6] - h6 -= carry[6] << 26 - carry[8] = (h8 + 1<<25) >> 26 - h9 += carry[8] - h8 -= carry[8] << 26 - - dst[0] = int32(h0) - dst[1] = int32(h1) - dst[2] = int32(h2) - dst[3] = int32(h3) - dst[4] = int32(h4) - dst[5] = int32(h5) - dst[6] = int32(h6) - dst[7] = int32(h7) - dst[8] = int32(h8) - dst[9] = int32(h9) -} - -// feToBytes marshals h to s. -// Preconditions: -// |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. -// -// Write p=2^255-19; q=floor(h/p). -// Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))). -// -// Proof: -// Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4. -// Also have |h-2^230 h9|<2^230 so |19 2^(-255)(h-2^230 h9)|<1/4. -// -// Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9). -// Then 0> 25 - q = (h[0] + q) >> 26 - q = (h[1] + q) >> 25 - q = (h[2] + q) >> 26 - q = (h[3] + q) >> 25 - q = (h[4] + q) >> 26 - q = (h[5] + q) >> 25 - q = (h[6] + q) >> 26 - q = (h[7] + q) >> 25 - q = (h[8] + q) >> 26 - q = (h[9] + q) >> 25 - - // Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. - h[0] += 19 * q - // Goal: Output h-2^255 q, which is between 0 and 2^255-20. - - carry[0] = h[0] >> 26 - h[1] += carry[0] - h[0] -= carry[0] << 26 - carry[1] = h[1] >> 25 - h[2] += carry[1] - h[1] -= carry[1] << 25 - carry[2] = h[2] >> 26 - h[3] += carry[2] - h[2] -= carry[2] << 26 - carry[3] = h[3] >> 25 - h[4] += carry[3] - h[3] -= carry[3] << 25 - carry[4] = h[4] >> 26 - h[5] += carry[4] - h[4] -= carry[4] << 26 - carry[5] = h[5] >> 25 - h[6] += carry[5] - h[5] -= carry[5] << 25 - carry[6] = h[6] >> 26 - h[7] += carry[6] - h[6] -= carry[6] << 26 - carry[7] = h[7] >> 25 - h[8] += carry[7] - h[7] -= carry[7] << 25 - carry[8] = h[8] >> 26 - h[9] += carry[8] - h[8] -= carry[8] << 26 - carry[9] = h[9] >> 25 - h[9] -= carry[9] << 25 - // h10 = carry9 - - // Goal: Output h[0]+...+2^255 h10-2^255 q, which is between 0 and 2^255-20. - // Have h[0]+...+2^230 h[9] between 0 and 2^255-1; - // evidently 2^255 h10-2^255 q = 0. - // Goal: Output h[0]+...+2^230 h[9]. - - s[0] = byte(h[0] >> 0) - s[1] = byte(h[0] >> 8) - s[2] = byte(h[0] >> 16) - s[3] = byte((h[0] >> 24) | (h[1] << 2)) - s[4] = byte(h[1] >> 6) - s[5] = byte(h[1] >> 14) - s[6] = byte((h[1] >> 22) | (h[2] << 3)) - s[7] = byte(h[2] >> 5) - s[8] = byte(h[2] >> 13) - s[9] = byte((h[2] >> 21) | (h[3] << 5)) - s[10] = byte(h[3] >> 3) - s[11] = byte(h[3] >> 11) - s[12] = byte((h[3] >> 19) | (h[4] << 6)) - s[13] = byte(h[4] >> 2) - s[14] = byte(h[4] >> 10) - s[15] = byte(h[4] >> 18) - s[16] = byte(h[5] >> 0) - s[17] = byte(h[5] >> 8) - s[18] = byte(h[5] >> 16) - s[19] = byte((h[5] >> 24) | (h[6] << 1)) - s[20] = byte(h[6] >> 7) - s[21] = byte(h[6] >> 15) - s[22] = byte((h[6] >> 23) | (h[7] << 3)) - s[23] = byte(h[7] >> 5) - s[24] = byte(h[7] >> 13) - s[25] = byte((h[7] >> 21) | (h[8] << 4)) - s[26] = byte(h[8] >> 4) - s[27] = byte(h[8] >> 12) - s[28] = byte((h[8] >> 20) | (h[9] << 6)) - s[29] = byte(h[9] >> 2) - s[30] = byte(h[9] >> 10) - s[31] = byte(h[9] >> 18) -} - -// feMul calculates h = f * g -// Can overlap h with f or g. -// -// Preconditions: -// |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. -// |g| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. -// -// Postconditions: -// |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. -// -// Notes on implementation strategy: -// -// Using schoolbook multiplication. -// Karatsuba would save a little in some cost models. -// -// Most multiplications by 2 and 19 are 32-bit precomputations; -// cheaper than 64-bit postcomputations. -// -// There is one remaining multiplication by 19 in the carry chain; -// one *19 precomputation can be merged into this, -// but the resulting data flow is considerably less clean. -// -// There are 12 carries below. -// 10 of them are 2-way parallelizable and vectorizable. -// Can get away with 11 carries, but then data flow is much deeper. -// -// With tighter constraints on inputs can squeeze carries into int32. -func feMul(h, f, g *fieldElement) { - f0 := f[0] - f1 := f[1] - f2 := f[2] - f3 := f[3] - f4 := f[4] - f5 := f[5] - f6 := f[6] - f7 := f[7] - f8 := f[8] - f9 := f[9] - g0 := g[0] - g1 := g[1] - g2 := g[2] - g3 := g[3] - g4 := g[4] - g5 := g[5] - g6 := g[6] - g7 := g[7] - g8 := g[8] - g9 := g[9] - g1_19 := 19 * g1 // 1.4*2^29 - g2_19 := 19 * g2 // 1.4*2^30; still ok - g3_19 := 19 * g3 - g4_19 := 19 * g4 - g5_19 := 19 * g5 - g6_19 := 19 * g6 - g7_19 := 19 * g7 - g8_19 := 19 * g8 - g9_19 := 19 * g9 - f1_2 := 2 * f1 - f3_2 := 2 * f3 - f5_2 := 2 * f5 - f7_2 := 2 * f7 - f9_2 := 2 * f9 - f0g0 := int64(f0) * int64(g0) - f0g1 := int64(f0) * int64(g1) - f0g2 := int64(f0) * int64(g2) - f0g3 := int64(f0) * int64(g3) - f0g4 := int64(f0) * int64(g4) - f0g5 := int64(f0) * int64(g5) - f0g6 := int64(f0) * int64(g6) - f0g7 := int64(f0) * int64(g7) - f0g8 := int64(f0) * int64(g8) - f0g9 := int64(f0) * int64(g9) - f1g0 := int64(f1) * int64(g0) - f1g1_2 := int64(f1_2) * int64(g1) - f1g2 := int64(f1) * int64(g2) - f1g3_2 := int64(f1_2) * int64(g3) - f1g4 := int64(f1) * int64(g4) - f1g5_2 := int64(f1_2) * int64(g5) - f1g6 := int64(f1) * int64(g6) - f1g7_2 := int64(f1_2) * int64(g7) - f1g8 := int64(f1) * int64(g8) - f1g9_38 := int64(f1_2) * int64(g9_19) - f2g0 := int64(f2) * int64(g0) - f2g1 := int64(f2) * int64(g1) - f2g2 := int64(f2) * int64(g2) - f2g3 := int64(f2) * int64(g3) - f2g4 := int64(f2) * int64(g4) - f2g5 := int64(f2) * int64(g5) - f2g6 := int64(f2) * int64(g6) - f2g7 := int64(f2) * int64(g7) - f2g8_19 := int64(f2) * int64(g8_19) - f2g9_19 := int64(f2) * int64(g9_19) - f3g0 := int64(f3) * int64(g0) - f3g1_2 := int64(f3_2) * int64(g1) - f3g2 := int64(f3) * int64(g2) - f3g3_2 := int64(f3_2) * int64(g3) - f3g4 := int64(f3) * int64(g4) - f3g5_2 := int64(f3_2) * int64(g5) - f3g6 := int64(f3) * int64(g6) - f3g7_38 := int64(f3_2) * int64(g7_19) - f3g8_19 := int64(f3) * int64(g8_19) - f3g9_38 := int64(f3_2) * int64(g9_19) - f4g0 := int64(f4) * int64(g0) - f4g1 := int64(f4) * int64(g1) - f4g2 := int64(f4) * int64(g2) - f4g3 := int64(f4) * int64(g3) - f4g4 := int64(f4) * int64(g4) - f4g5 := int64(f4) * int64(g5) - f4g6_19 := int64(f4) * int64(g6_19) - f4g7_19 := int64(f4) * int64(g7_19) - f4g8_19 := int64(f4) * int64(g8_19) - f4g9_19 := int64(f4) * int64(g9_19) - f5g0 := int64(f5) * int64(g0) - f5g1_2 := int64(f5_2) * int64(g1) - f5g2 := int64(f5) * int64(g2) - f5g3_2 := int64(f5_2) * int64(g3) - f5g4 := int64(f5) * int64(g4) - f5g5_38 := int64(f5_2) * int64(g5_19) - f5g6_19 := int64(f5) * int64(g6_19) - f5g7_38 := int64(f5_2) * int64(g7_19) - f5g8_19 := int64(f5) * int64(g8_19) - f5g9_38 := int64(f5_2) * int64(g9_19) - f6g0 := int64(f6) * int64(g0) - f6g1 := int64(f6) * int64(g1) - f6g2 := int64(f6) * int64(g2) - f6g3 := int64(f6) * int64(g3) - f6g4_19 := int64(f6) * int64(g4_19) - f6g5_19 := int64(f6) * int64(g5_19) - f6g6_19 := int64(f6) * int64(g6_19) - f6g7_19 := int64(f6) * int64(g7_19) - f6g8_19 := int64(f6) * int64(g8_19) - f6g9_19 := int64(f6) * int64(g9_19) - f7g0 := int64(f7) * int64(g0) - f7g1_2 := int64(f7_2) * int64(g1) - f7g2 := int64(f7) * int64(g2) - f7g3_38 := int64(f7_2) * int64(g3_19) - f7g4_19 := int64(f7) * int64(g4_19) - f7g5_38 := int64(f7_2) * int64(g5_19) - f7g6_19 := int64(f7) * int64(g6_19) - f7g7_38 := int64(f7_2) * int64(g7_19) - f7g8_19 := int64(f7) * int64(g8_19) - f7g9_38 := int64(f7_2) * int64(g9_19) - f8g0 := int64(f8) * int64(g0) - f8g1 := int64(f8) * int64(g1) - f8g2_19 := int64(f8) * int64(g2_19) - f8g3_19 := int64(f8) * int64(g3_19) - f8g4_19 := int64(f8) * int64(g4_19) - f8g5_19 := int64(f8) * int64(g5_19) - f8g6_19 := int64(f8) * int64(g6_19) - f8g7_19 := int64(f8) * int64(g7_19) - f8g8_19 := int64(f8) * int64(g8_19) - f8g9_19 := int64(f8) * int64(g9_19) - f9g0 := int64(f9) * int64(g0) - f9g1_38 := int64(f9_2) * int64(g1_19) - f9g2_19 := int64(f9) * int64(g2_19) - f9g3_38 := int64(f9_2) * int64(g3_19) - f9g4_19 := int64(f9) * int64(g4_19) - f9g5_38 := int64(f9_2) * int64(g5_19) - f9g6_19 := int64(f9) * int64(g6_19) - f9g7_38 := int64(f9_2) * int64(g7_19) - f9g8_19 := int64(f9) * int64(g8_19) - f9g9_38 := int64(f9_2) * int64(g9_19) - h0 := f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38 - h1 := f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19 - h2 := f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38 - h3 := f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19 - h4 := f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38 - h5 := f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19 - h6 := f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38 - h7 := f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19 - h8 := f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38 - h9 := f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0 - var carry [10]int64 - - // |h0| <= (1.1*1.1*2^52*(1+19+19+19+19)+1.1*1.1*2^50*(38+38+38+38+38)) - // i.e. |h0| <= 1.2*2^59; narrower ranges for h2, h4, h6, h8 - // |h1| <= (1.1*1.1*2^51*(1+1+19+19+19+19+19+19+19+19)) - // i.e. |h1| <= 1.5*2^58; narrower ranges for h3, h5, h7, h9 - - carry[0] = (h0 + (1 << 25)) >> 26 - h1 += carry[0] - h0 -= carry[0] << 26 - carry[4] = (h4 + (1 << 25)) >> 26 - h5 += carry[4] - h4 -= carry[4] << 26 - // |h0| <= 2^25 - // |h4| <= 2^25 - // |h1| <= 1.51*2^58 - // |h5| <= 1.51*2^58 - - carry[1] = (h1 + (1 << 24)) >> 25 - h2 += carry[1] - h1 -= carry[1] << 25 - carry[5] = (h5 + (1 << 24)) >> 25 - h6 += carry[5] - h5 -= carry[5] << 25 - // |h1| <= 2^24; from now on fits into int32 - // |h5| <= 2^24; from now on fits into int32 - // |h2| <= 1.21*2^59 - // |h6| <= 1.21*2^59 - - carry[2] = (h2 + (1 << 25)) >> 26 - h3 += carry[2] - h2 -= carry[2] << 26 - carry[6] = (h6 + (1 << 25)) >> 26 - h7 += carry[6] - h6 -= carry[6] << 26 - // |h2| <= 2^25; from now on fits into int32 unchanged - // |h6| <= 2^25; from now on fits into int32 unchanged - // |h3| <= 1.51*2^58 - // |h7| <= 1.51*2^58 - - carry[3] = (h3 + (1 << 24)) >> 25 - h4 += carry[3] - h3 -= carry[3] << 25 - carry[7] = (h7 + (1 << 24)) >> 25 - h8 += carry[7] - h7 -= carry[7] << 25 - // |h3| <= 2^24; from now on fits into int32 unchanged - // |h7| <= 2^24; from now on fits into int32 unchanged - // |h4| <= 1.52*2^33 - // |h8| <= 1.52*2^33 - - carry[4] = (h4 + (1 << 25)) >> 26 - h5 += carry[4] - h4 -= carry[4] << 26 - carry[8] = (h8 + (1 << 25)) >> 26 - h9 += carry[8] - h8 -= carry[8] << 26 - // |h4| <= 2^25; from now on fits into int32 unchanged - // |h8| <= 2^25; from now on fits into int32 unchanged - // |h5| <= 1.01*2^24 - // |h9| <= 1.51*2^58 - - carry[9] = (h9 + (1 << 24)) >> 25 - h0 += carry[9] * 19 - h9 -= carry[9] << 25 - // |h9| <= 2^24; from now on fits into int32 unchanged - // |h0| <= 1.8*2^37 - - carry[0] = (h0 + (1 << 25)) >> 26 - h1 += carry[0] - h0 -= carry[0] << 26 - // |h0| <= 2^25; from now on fits into int32 unchanged - // |h1| <= 1.01*2^24 - - h[0] = int32(h0) - h[1] = int32(h1) - h[2] = int32(h2) - h[3] = int32(h3) - h[4] = int32(h4) - h[5] = int32(h5) - h[6] = int32(h6) - h[7] = int32(h7) - h[8] = int32(h8) - h[9] = int32(h9) -} - -// feSquare calculates h = f*f. Can overlap h with f. -// -// Preconditions: -// |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. -// -// Postconditions: -// |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. -func feSquare(h, f *fieldElement) { - f0 := f[0] - f1 := f[1] - f2 := f[2] - f3 := f[3] - f4 := f[4] - f5 := f[5] - f6 := f[6] - f7 := f[7] - f8 := f[8] - f9 := f[9] - f0_2 := 2 * f0 - f1_2 := 2 * f1 - f2_2 := 2 * f2 - f3_2 := 2 * f3 - f4_2 := 2 * f4 - f5_2 := 2 * f5 - f6_2 := 2 * f6 - f7_2 := 2 * f7 - f5_38 := 38 * f5 // 1.31*2^30 - f6_19 := 19 * f6 // 1.31*2^30 - f7_38 := 38 * f7 // 1.31*2^30 - f8_19 := 19 * f8 // 1.31*2^30 - f9_38 := 38 * f9 // 1.31*2^30 - f0f0 := int64(f0) * int64(f0) - f0f1_2 := int64(f0_2) * int64(f1) - f0f2_2 := int64(f0_2) * int64(f2) - f0f3_2 := int64(f0_2) * int64(f3) - f0f4_2 := int64(f0_2) * int64(f4) - f0f5_2 := int64(f0_2) * int64(f5) - f0f6_2 := int64(f0_2) * int64(f6) - f0f7_2 := int64(f0_2) * int64(f7) - f0f8_2 := int64(f0_2) * int64(f8) - f0f9_2 := int64(f0_2) * int64(f9) - f1f1_2 := int64(f1_2) * int64(f1) - f1f2_2 := int64(f1_2) * int64(f2) - f1f3_4 := int64(f1_2) * int64(f3_2) - f1f4_2 := int64(f1_2) * int64(f4) - f1f5_4 := int64(f1_2) * int64(f5_2) - f1f6_2 := int64(f1_2) * int64(f6) - f1f7_4 := int64(f1_2) * int64(f7_2) - f1f8_2 := int64(f1_2) * int64(f8) - f1f9_76 := int64(f1_2) * int64(f9_38) - f2f2 := int64(f2) * int64(f2) - f2f3_2 := int64(f2_2) * int64(f3) - f2f4_2 := int64(f2_2) * int64(f4) - f2f5_2 := int64(f2_2) * int64(f5) - f2f6_2 := int64(f2_2) * int64(f6) - f2f7_2 := int64(f2_2) * int64(f7) - f2f8_38 := int64(f2_2) * int64(f8_19) - f2f9_38 := int64(f2) * int64(f9_38) - f3f3_2 := int64(f3_2) * int64(f3) - f3f4_2 := int64(f3_2) * int64(f4) - f3f5_4 := int64(f3_2) * int64(f5_2) - f3f6_2 := int64(f3_2) * int64(f6) - f3f7_76 := int64(f3_2) * int64(f7_38) - f3f8_38 := int64(f3_2) * int64(f8_19) - f3f9_76 := int64(f3_2) * int64(f9_38) - f4f4 := int64(f4) * int64(f4) - f4f5_2 := int64(f4_2) * int64(f5) - f4f6_38 := int64(f4_2) * int64(f6_19) - f4f7_38 := int64(f4) * int64(f7_38) - f4f8_38 := int64(f4_2) * int64(f8_19) - f4f9_38 := int64(f4) * int64(f9_38) - f5f5_38 := int64(f5) * int64(f5_38) - f5f6_38 := int64(f5_2) * int64(f6_19) - f5f7_76 := int64(f5_2) * int64(f7_38) - f5f8_38 := int64(f5_2) * int64(f8_19) - f5f9_76 := int64(f5_2) * int64(f9_38) - f6f6_19 := int64(f6) * int64(f6_19) - f6f7_38 := int64(f6) * int64(f7_38) - f6f8_38 := int64(f6_2) * int64(f8_19) - f6f9_38 := int64(f6) * int64(f9_38) - f7f7_38 := int64(f7) * int64(f7_38) - f7f8_38 := int64(f7_2) * int64(f8_19) - f7f9_76 := int64(f7_2) * int64(f9_38) - f8f8_19 := int64(f8) * int64(f8_19) - f8f9_38 := int64(f8) * int64(f9_38) - f9f9_38 := int64(f9) * int64(f9_38) - h0 := f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38 - h1 := f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38 - h2 := f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19 - h3 := f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38 - h4 := f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38 - h5 := f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38 - h6 := f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19 - h7 := f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38 - h8 := f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38 - h9 := f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2 - var carry [10]int64 - - carry[0] = (h0 + (1 << 25)) >> 26 - h1 += carry[0] - h0 -= carry[0] << 26 - carry[4] = (h4 + (1 << 25)) >> 26 - h5 += carry[4] - h4 -= carry[4] << 26 - - carry[1] = (h1 + (1 << 24)) >> 25 - h2 += carry[1] - h1 -= carry[1] << 25 - carry[5] = (h5 + (1 << 24)) >> 25 - h6 += carry[5] - h5 -= carry[5] << 25 - - carry[2] = (h2 + (1 << 25)) >> 26 - h3 += carry[2] - h2 -= carry[2] << 26 - carry[6] = (h6 + (1 << 25)) >> 26 - h7 += carry[6] - h6 -= carry[6] << 26 - - carry[3] = (h3 + (1 << 24)) >> 25 - h4 += carry[3] - h3 -= carry[3] << 25 - carry[7] = (h7 + (1 << 24)) >> 25 - h8 += carry[7] - h7 -= carry[7] << 25 - - carry[4] = (h4 + (1 << 25)) >> 26 - h5 += carry[4] - h4 -= carry[4] << 26 - carry[8] = (h8 + (1 << 25)) >> 26 - h9 += carry[8] - h8 -= carry[8] << 26 - - carry[9] = (h9 + (1 << 24)) >> 25 - h0 += carry[9] * 19 - h9 -= carry[9] << 25 - - carry[0] = (h0 + (1 << 25)) >> 26 - h1 += carry[0] - h0 -= carry[0] << 26 - - h[0] = int32(h0) - h[1] = int32(h1) - h[2] = int32(h2) - h[3] = int32(h3) - h[4] = int32(h4) - h[5] = int32(h5) - h[6] = int32(h6) - h[7] = int32(h7) - h[8] = int32(h8) - h[9] = int32(h9) -} - -// feMul121666 calculates h = f * 121666. Can overlap h with f. -// -// Preconditions: -// |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. -// -// Postconditions: -// |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. -func feMul121666(h, f *fieldElement) { - h0 := int64(f[0]) * 121666 - h1 := int64(f[1]) * 121666 - h2 := int64(f[2]) * 121666 - h3 := int64(f[3]) * 121666 - h4 := int64(f[4]) * 121666 - h5 := int64(f[5]) * 121666 - h6 := int64(f[6]) * 121666 - h7 := int64(f[7]) * 121666 - h8 := int64(f[8]) * 121666 - h9 := int64(f[9]) * 121666 - var carry [10]int64 - - carry[9] = (h9 + (1 << 24)) >> 25 - h0 += carry[9] * 19 - h9 -= carry[9] << 25 - carry[1] = (h1 + (1 << 24)) >> 25 - h2 += carry[1] - h1 -= carry[1] << 25 - carry[3] = (h3 + (1 << 24)) >> 25 - h4 += carry[3] - h3 -= carry[3] << 25 - carry[5] = (h5 + (1 << 24)) >> 25 - h6 += carry[5] - h5 -= carry[5] << 25 - carry[7] = (h7 + (1 << 24)) >> 25 - h8 += carry[7] - h7 -= carry[7] << 25 - - carry[0] = (h0 + (1 << 25)) >> 26 - h1 += carry[0] - h0 -= carry[0] << 26 - carry[2] = (h2 + (1 << 25)) >> 26 - h3 += carry[2] - h2 -= carry[2] << 26 - carry[4] = (h4 + (1 << 25)) >> 26 - h5 += carry[4] - h4 -= carry[4] << 26 - carry[6] = (h6 + (1 << 25)) >> 26 - h7 += carry[6] - h6 -= carry[6] << 26 - carry[8] = (h8 + (1 << 25)) >> 26 - h9 += carry[8] - h8 -= carry[8] << 26 - - h[0] = int32(h0) - h[1] = int32(h1) - h[2] = int32(h2) - h[3] = int32(h3) - h[4] = int32(h4) - h[5] = int32(h5) - h[6] = int32(h6) - h[7] = int32(h7) - h[8] = int32(h8) - h[9] = int32(h9) -} - -// feInvert sets out = z^-1. -func feInvert(out, z *fieldElement) { - var t0, t1, t2, t3 fieldElement - var i int - - feSquare(&t0, z) - for i = 1; i < 1; i++ { - feSquare(&t0, &t0) - } - feSquare(&t1, &t0) - for i = 1; i < 2; i++ { - feSquare(&t1, &t1) - } - feMul(&t1, z, &t1) - feMul(&t0, &t0, &t1) - feSquare(&t2, &t0) - for i = 1; i < 1; i++ { - feSquare(&t2, &t2) - } - feMul(&t1, &t1, &t2) - feSquare(&t2, &t1) - for i = 1; i < 5; i++ { - feSquare(&t2, &t2) - } - feMul(&t1, &t2, &t1) - feSquare(&t2, &t1) - for i = 1; i < 10; i++ { - feSquare(&t2, &t2) - } - feMul(&t2, &t2, &t1) - feSquare(&t3, &t2) - for i = 1; i < 20; i++ { - feSquare(&t3, &t3) - } - feMul(&t2, &t3, &t2) - feSquare(&t2, &t2) - for i = 1; i < 10; i++ { - feSquare(&t2, &t2) - } - feMul(&t1, &t2, &t1) - feSquare(&t2, &t1) - for i = 1; i < 50; i++ { - feSquare(&t2, &t2) - } - feMul(&t2, &t2, &t1) - feSquare(&t3, &t2) - for i = 1; i < 100; i++ { - feSquare(&t3, &t3) - } - feMul(&t2, &t3, &t2) - feSquare(&t2, &t2) - for i = 1; i < 50; i++ { - feSquare(&t2, &t2) - } - feMul(&t1, &t2, &t1) - feSquare(&t1, &t1) - for i = 1; i < 5; i++ { - feSquare(&t1, &t1) - } - feMul(out, &t1, &t0) -} - -func scalarMult(out, in, base *[32]byte) { - var e [32]byte - - copy(e[:], in[:]) - e[0] &= 248 - e[31] &= 127 - e[31] |= 64 - - var x1, x2, z2, x3, z3, tmp0, tmp1 fieldElement - feFromBytes(&x1, base) - feOne(&x2) - feCopy(&x3, &x1) - feOne(&z3) - - swap := int32(0) - for pos := 254; pos >= 0; pos-- { - b := e[pos/8] >> uint(pos&7) - b &= 1 - swap ^= int32(b) - feCSwap(&x2, &x3, swap) - feCSwap(&z2, &z3, swap) - swap = int32(b) - - feSub(&tmp0, &x3, &z3) - feSub(&tmp1, &x2, &z2) - feAdd(&x2, &x2, &z2) - feAdd(&z2, &x3, &z3) - feMul(&z3, &tmp0, &x2) - feMul(&z2, &z2, &tmp1) - feSquare(&tmp0, &tmp1) - feSquare(&tmp1, &x2) - feAdd(&x3, &z3, &z2) - feSub(&z2, &z3, &z2) - feMul(&x2, &tmp1, &tmp0) - feSub(&tmp1, &tmp1, &tmp0) - feSquare(&z2, &z2) - feMul121666(&z3, &tmp1) - feSquare(&x3, &x3) - feAdd(&tmp0, &tmp0, &z3) - feMul(&z3, &x1, &z2) - feMul(&z2, &tmp1, &tmp0) - } - - feCSwap(&x2, &x3, swap) - feCSwap(&z2, &z3, swap) - - feInvert(&z2, &z2) - feMul(&x2, &x2, &z2) - feToBytes(out, &x2) -} diff --git a/ssl/test/runner/curve25519/curve25519_test.go b/ssl/test/runner/curve25519/curve25519_test.go deleted file mode 100644 index 14b0ee87cd..0000000000 --- a/ssl/test/runner/curve25519/curve25519_test.go +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package curve25519 - -import ( - "fmt" - "testing" -) - -const expectedHex = "89161fde887b2b53de549af483940106ecc114d6982daa98256de23bdf77661a" - -func TestBaseScalarMult(t *testing.T) { - var a, b [32]byte - in := &a - out := &b - a[0] = 1 - - for i := 0; i < 200; i++ { - ScalarBaseMult(out, in) - in, out = out, in - } - - result := fmt.Sprintf("%x", in[:]) - if result != expectedHex { - t.Errorf("incorrect result: got %s, want %s", result, expectedHex) - } -} diff --git a/ssl/test/runner/curve25519/doc.go b/ssl/test/runner/curve25519/doc.go deleted file mode 100644 index ebeea3c2d6..0000000000 --- a/ssl/test/runner/curve25519/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package curve25519 provides an implementation of scalar multiplication on -// the elliptic curve known as curve25519. See http://cr.yp.to/ecdh.html -package curve25519 // import "golang.org/x/crypto/curve25519" - -// basePoint is the x coordinate of the generator of the curve. -var basePoint = [32]byte{9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} - -// ScalarMult sets dst to the product in*base where dst and base are the x -// coordinates of group points and all values are in little-endian form. -func ScalarMult(dst, in, base *[32]byte) { - scalarMult(dst, in, base) -} - -// ScalarBaseMult sets dst to the product in*base where dst and base are the x -// coordinates of group points, base is the standard generator and all values -// are in little-endian form. -func ScalarBaseMult(dst, in *[32]byte) { - ScalarMult(dst, in, &basePoint) -} diff --git a/ssl/test/runner/curve25519/freeze_amd64.s b/ssl/test/runner/curve25519/freeze_amd64.s deleted file mode 100644 index 536479bf62..0000000000 --- a/ssl/test/runner/curve25519/freeze_amd64.s +++ /dev/null @@ -1,73 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// This code was translated into a form compatible with 6a from the public -// domain sources in SUPERCOP: http://bench.cr.yp.to/supercop.html - -// +build amd64,!gccgo,!appengine - -#include "const_amd64.h" - -// func freeze(inout *[5]uint64) -TEXT ·freeze(SB),7,$0-8 - MOVQ inout+0(FP), DI - - MOVQ 0(DI),SI - MOVQ 8(DI),DX - MOVQ 16(DI),CX - MOVQ 24(DI),R8 - MOVQ 32(DI),R9 - MOVQ $REDMASK51,AX - MOVQ AX,R10 - SUBQ $18,R10 - MOVQ $3,R11 -REDUCELOOP: - MOVQ SI,R12 - SHRQ $51,R12 - ANDQ AX,SI - ADDQ R12,DX - MOVQ DX,R12 - SHRQ $51,R12 - ANDQ AX,DX - ADDQ R12,CX - MOVQ CX,R12 - SHRQ $51,R12 - ANDQ AX,CX - ADDQ R12,R8 - MOVQ R8,R12 - SHRQ $51,R12 - ANDQ AX,R8 - ADDQ R12,R9 - MOVQ R9,R12 - SHRQ $51,R12 - ANDQ AX,R9 - IMUL3Q $19,R12,R12 - ADDQ R12,SI - SUBQ $1,R11 - JA REDUCELOOP - MOVQ $1,R12 - CMPQ R10,SI - CMOVQLT R11,R12 - CMPQ AX,DX - CMOVQNE R11,R12 - CMPQ AX,CX - CMOVQNE R11,R12 - CMPQ AX,R8 - CMOVQNE R11,R12 - CMPQ AX,R9 - CMOVQNE R11,R12 - NEGQ R12 - ANDQ R12,AX - ANDQ R12,R10 - SUBQ R10,SI - SUBQ AX,DX - SUBQ AX,CX - SUBQ AX,R8 - SUBQ AX,R9 - MOVQ SI,0(DI) - MOVQ DX,8(DI) - MOVQ CX,16(DI) - MOVQ R8,24(DI) - MOVQ R9,32(DI) - RET diff --git a/ssl/test/runner/curve25519/ladderstep_amd64.s b/ssl/test/runner/curve25519/ladderstep_amd64.s deleted file mode 100644 index 7074e5cd9d..0000000000 --- a/ssl/test/runner/curve25519/ladderstep_amd64.s +++ /dev/null @@ -1,1377 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// This code was translated into a form compatible with 6a from the public -// domain sources in SUPERCOP: http://bench.cr.yp.to/supercop.html - -// +build amd64,!gccgo,!appengine - -#include "const_amd64.h" - -// func ladderstep(inout *[5][5]uint64) -TEXT ·ladderstep(SB),0,$296-8 - MOVQ inout+0(FP),DI - - MOVQ 40(DI),SI - MOVQ 48(DI),DX - MOVQ 56(DI),CX - MOVQ 64(DI),R8 - MOVQ 72(DI),R9 - MOVQ SI,AX - MOVQ DX,R10 - MOVQ CX,R11 - MOVQ R8,R12 - MOVQ R9,R13 - ADDQ ·_2P0(SB),AX - ADDQ ·_2P1234(SB),R10 - ADDQ ·_2P1234(SB),R11 - ADDQ ·_2P1234(SB),R12 - ADDQ ·_2P1234(SB),R13 - ADDQ 80(DI),SI - ADDQ 88(DI),DX - ADDQ 96(DI),CX - ADDQ 104(DI),R8 - ADDQ 112(DI),R9 - SUBQ 80(DI),AX - SUBQ 88(DI),R10 - SUBQ 96(DI),R11 - SUBQ 104(DI),R12 - SUBQ 112(DI),R13 - MOVQ SI,0(SP) - MOVQ DX,8(SP) - MOVQ CX,16(SP) - MOVQ R8,24(SP) - MOVQ R9,32(SP) - MOVQ AX,40(SP) - MOVQ R10,48(SP) - MOVQ R11,56(SP) - MOVQ R12,64(SP) - MOVQ R13,72(SP) - MOVQ 40(SP),AX - MULQ 40(SP) - MOVQ AX,SI - MOVQ DX,CX - MOVQ 40(SP),AX - SHLQ $1,AX - MULQ 48(SP) - MOVQ AX,R8 - MOVQ DX,R9 - MOVQ 40(SP),AX - SHLQ $1,AX - MULQ 56(SP) - MOVQ AX,R10 - MOVQ DX,R11 - MOVQ 40(SP),AX - SHLQ $1,AX - MULQ 64(SP) - MOVQ AX,R12 - MOVQ DX,R13 - MOVQ 40(SP),AX - SHLQ $1,AX - MULQ 72(SP) - MOVQ AX,R14 - MOVQ DX,R15 - MOVQ 48(SP),AX - MULQ 48(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 48(SP),AX - SHLQ $1,AX - MULQ 56(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 48(SP),AX - SHLQ $1,AX - MULQ 64(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 48(SP),DX - IMUL3Q $38,DX,AX - MULQ 72(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 56(SP),AX - MULQ 56(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 56(SP),DX - IMUL3Q $38,DX,AX - MULQ 64(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 56(SP),DX - IMUL3Q $38,DX,AX - MULQ 72(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 64(SP),DX - IMUL3Q $19,DX,AX - MULQ 64(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 64(SP),DX - IMUL3Q $38,DX,AX - MULQ 72(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 72(SP),DX - IMUL3Q $19,DX,AX - MULQ 72(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ $REDMASK51,DX - SHLQ $13,CX:SI - ANDQ DX,SI - SHLQ $13,R9:R8 - ANDQ DX,R8 - ADDQ CX,R8 - SHLQ $13,R11:R10 - ANDQ DX,R10 - ADDQ R9,R10 - SHLQ $13,R13:R12 - ANDQ DX,R12 - ADDQ R11,R12 - SHLQ $13,R15:R14 - ANDQ DX,R14 - ADDQ R13,R14 - IMUL3Q $19,R15,CX - ADDQ CX,SI - MOVQ SI,CX - SHRQ $51,CX - ADDQ R8,CX - ANDQ DX,SI - MOVQ CX,R8 - SHRQ $51,CX - ADDQ R10,CX - ANDQ DX,R8 - MOVQ CX,R9 - SHRQ $51,CX - ADDQ R12,CX - ANDQ DX,R9 - MOVQ CX,AX - SHRQ $51,CX - ADDQ R14,CX - ANDQ DX,AX - MOVQ CX,R10 - SHRQ $51,CX - IMUL3Q $19,CX,CX - ADDQ CX,SI - ANDQ DX,R10 - MOVQ SI,80(SP) - MOVQ R8,88(SP) - MOVQ R9,96(SP) - MOVQ AX,104(SP) - MOVQ R10,112(SP) - MOVQ 0(SP),AX - MULQ 0(SP) - MOVQ AX,SI - MOVQ DX,CX - MOVQ 0(SP),AX - SHLQ $1,AX - MULQ 8(SP) - MOVQ AX,R8 - MOVQ DX,R9 - MOVQ 0(SP),AX - SHLQ $1,AX - MULQ 16(SP) - MOVQ AX,R10 - MOVQ DX,R11 - MOVQ 0(SP),AX - SHLQ $1,AX - MULQ 24(SP) - MOVQ AX,R12 - MOVQ DX,R13 - MOVQ 0(SP),AX - SHLQ $1,AX - MULQ 32(SP) - MOVQ AX,R14 - MOVQ DX,R15 - MOVQ 8(SP),AX - MULQ 8(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 8(SP),AX - SHLQ $1,AX - MULQ 16(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 8(SP),AX - SHLQ $1,AX - MULQ 24(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 8(SP),DX - IMUL3Q $38,DX,AX - MULQ 32(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 16(SP),AX - MULQ 16(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 16(SP),DX - IMUL3Q $38,DX,AX - MULQ 24(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 16(SP),DX - IMUL3Q $38,DX,AX - MULQ 32(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 24(SP),DX - IMUL3Q $19,DX,AX - MULQ 24(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 24(SP),DX - IMUL3Q $38,DX,AX - MULQ 32(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 32(SP),DX - IMUL3Q $19,DX,AX - MULQ 32(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ $REDMASK51,DX - SHLQ $13,CX:SI - ANDQ DX,SI - SHLQ $13,R9:R8 - ANDQ DX,R8 - ADDQ CX,R8 - SHLQ $13,R11:R10 - ANDQ DX,R10 - ADDQ R9,R10 - SHLQ $13,R13:R12 - ANDQ DX,R12 - ADDQ R11,R12 - SHLQ $13,R15:R14 - ANDQ DX,R14 - ADDQ R13,R14 - IMUL3Q $19,R15,CX - ADDQ CX,SI - MOVQ SI,CX - SHRQ $51,CX - ADDQ R8,CX - ANDQ DX,SI - MOVQ CX,R8 - SHRQ $51,CX - ADDQ R10,CX - ANDQ DX,R8 - MOVQ CX,R9 - SHRQ $51,CX - ADDQ R12,CX - ANDQ DX,R9 - MOVQ CX,AX - SHRQ $51,CX - ADDQ R14,CX - ANDQ DX,AX - MOVQ CX,R10 - SHRQ $51,CX - IMUL3Q $19,CX,CX - ADDQ CX,SI - ANDQ DX,R10 - MOVQ SI,120(SP) - MOVQ R8,128(SP) - MOVQ R9,136(SP) - MOVQ AX,144(SP) - MOVQ R10,152(SP) - MOVQ SI,SI - MOVQ R8,DX - MOVQ R9,CX - MOVQ AX,R8 - MOVQ R10,R9 - ADDQ ·_2P0(SB),SI - ADDQ ·_2P1234(SB),DX - ADDQ ·_2P1234(SB),CX - ADDQ ·_2P1234(SB),R8 - ADDQ ·_2P1234(SB),R9 - SUBQ 80(SP),SI - SUBQ 88(SP),DX - SUBQ 96(SP),CX - SUBQ 104(SP),R8 - SUBQ 112(SP),R9 - MOVQ SI,160(SP) - MOVQ DX,168(SP) - MOVQ CX,176(SP) - MOVQ R8,184(SP) - MOVQ R9,192(SP) - MOVQ 120(DI),SI - MOVQ 128(DI),DX - MOVQ 136(DI),CX - MOVQ 144(DI),R8 - MOVQ 152(DI),R9 - MOVQ SI,AX - MOVQ DX,R10 - MOVQ CX,R11 - MOVQ R8,R12 - MOVQ R9,R13 - ADDQ ·_2P0(SB),AX - ADDQ ·_2P1234(SB),R10 - ADDQ ·_2P1234(SB),R11 - ADDQ ·_2P1234(SB),R12 - ADDQ ·_2P1234(SB),R13 - ADDQ 160(DI),SI - ADDQ 168(DI),DX - ADDQ 176(DI),CX - ADDQ 184(DI),R8 - ADDQ 192(DI),R9 - SUBQ 160(DI),AX - SUBQ 168(DI),R10 - SUBQ 176(DI),R11 - SUBQ 184(DI),R12 - SUBQ 192(DI),R13 - MOVQ SI,200(SP) - MOVQ DX,208(SP) - MOVQ CX,216(SP) - MOVQ R8,224(SP) - MOVQ R9,232(SP) - MOVQ AX,240(SP) - MOVQ R10,248(SP) - MOVQ R11,256(SP) - MOVQ R12,264(SP) - MOVQ R13,272(SP) - MOVQ 224(SP),SI - IMUL3Q $19,SI,AX - MOVQ AX,280(SP) - MULQ 56(SP) - MOVQ AX,SI - MOVQ DX,CX - MOVQ 232(SP),DX - IMUL3Q $19,DX,AX - MOVQ AX,288(SP) - MULQ 48(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 200(SP),AX - MULQ 40(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 200(SP),AX - MULQ 48(SP) - MOVQ AX,R8 - MOVQ DX,R9 - MOVQ 200(SP),AX - MULQ 56(SP) - MOVQ AX,R10 - MOVQ DX,R11 - MOVQ 200(SP),AX - MULQ 64(SP) - MOVQ AX,R12 - MOVQ DX,R13 - MOVQ 200(SP),AX - MULQ 72(SP) - MOVQ AX,R14 - MOVQ DX,R15 - MOVQ 208(SP),AX - MULQ 40(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 208(SP),AX - MULQ 48(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 208(SP),AX - MULQ 56(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 208(SP),AX - MULQ 64(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 208(SP),DX - IMUL3Q $19,DX,AX - MULQ 72(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 216(SP),AX - MULQ 40(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 216(SP),AX - MULQ 48(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 216(SP),AX - MULQ 56(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 216(SP),DX - IMUL3Q $19,DX,AX - MULQ 64(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 216(SP),DX - IMUL3Q $19,DX,AX - MULQ 72(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 224(SP),AX - MULQ 40(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 224(SP),AX - MULQ 48(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 280(SP),AX - MULQ 64(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 280(SP),AX - MULQ 72(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 232(SP),AX - MULQ 40(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 288(SP),AX - MULQ 56(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 288(SP),AX - MULQ 64(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 288(SP),AX - MULQ 72(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ $REDMASK51,DX - SHLQ $13,CX:SI - ANDQ DX,SI - SHLQ $13,R9:R8 - ANDQ DX,R8 - ADDQ CX,R8 - SHLQ $13,R11:R10 - ANDQ DX,R10 - ADDQ R9,R10 - SHLQ $13,R13:R12 - ANDQ DX,R12 - ADDQ R11,R12 - SHLQ $13,R15:R14 - ANDQ DX,R14 - ADDQ R13,R14 - IMUL3Q $19,R15,CX - ADDQ CX,SI - MOVQ SI,CX - SHRQ $51,CX - ADDQ R8,CX - MOVQ CX,R8 - SHRQ $51,CX - ANDQ DX,SI - ADDQ R10,CX - MOVQ CX,R9 - SHRQ $51,CX - ANDQ DX,R8 - ADDQ R12,CX - MOVQ CX,AX - SHRQ $51,CX - ANDQ DX,R9 - ADDQ R14,CX - MOVQ CX,R10 - SHRQ $51,CX - ANDQ DX,AX - IMUL3Q $19,CX,CX - ADDQ CX,SI - ANDQ DX,R10 - MOVQ SI,40(SP) - MOVQ R8,48(SP) - MOVQ R9,56(SP) - MOVQ AX,64(SP) - MOVQ R10,72(SP) - MOVQ 264(SP),SI - IMUL3Q $19,SI,AX - MOVQ AX,200(SP) - MULQ 16(SP) - MOVQ AX,SI - MOVQ DX,CX - MOVQ 272(SP),DX - IMUL3Q $19,DX,AX - MOVQ AX,208(SP) - MULQ 8(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 240(SP),AX - MULQ 0(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 240(SP),AX - MULQ 8(SP) - MOVQ AX,R8 - MOVQ DX,R9 - MOVQ 240(SP),AX - MULQ 16(SP) - MOVQ AX,R10 - MOVQ DX,R11 - MOVQ 240(SP),AX - MULQ 24(SP) - MOVQ AX,R12 - MOVQ DX,R13 - MOVQ 240(SP),AX - MULQ 32(SP) - MOVQ AX,R14 - MOVQ DX,R15 - MOVQ 248(SP),AX - MULQ 0(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 248(SP),AX - MULQ 8(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 248(SP),AX - MULQ 16(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 248(SP),AX - MULQ 24(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 248(SP),DX - IMUL3Q $19,DX,AX - MULQ 32(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 256(SP),AX - MULQ 0(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 256(SP),AX - MULQ 8(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 256(SP),AX - MULQ 16(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 256(SP),DX - IMUL3Q $19,DX,AX - MULQ 24(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 256(SP),DX - IMUL3Q $19,DX,AX - MULQ 32(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 264(SP),AX - MULQ 0(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 264(SP),AX - MULQ 8(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 200(SP),AX - MULQ 24(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 200(SP),AX - MULQ 32(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 272(SP),AX - MULQ 0(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 208(SP),AX - MULQ 16(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 208(SP),AX - MULQ 24(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 208(SP),AX - MULQ 32(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ $REDMASK51,DX - SHLQ $13,CX:SI - ANDQ DX,SI - SHLQ $13,R9:R8 - ANDQ DX,R8 - ADDQ CX,R8 - SHLQ $13,R11:R10 - ANDQ DX,R10 - ADDQ R9,R10 - SHLQ $13,R13:R12 - ANDQ DX,R12 - ADDQ R11,R12 - SHLQ $13,R15:R14 - ANDQ DX,R14 - ADDQ R13,R14 - IMUL3Q $19,R15,CX - ADDQ CX,SI - MOVQ SI,CX - SHRQ $51,CX - ADDQ R8,CX - MOVQ CX,R8 - SHRQ $51,CX - ANDQ DX,SI - ADDQ R10,CX - MOVQ CX,R9 - SHRQ $51,CX - ANDQ DX,R8 - ADDQ R12,CX - MOVQ CX,AX - SHRQ $51,CX - ANDQ DX,R9 - ADDQ R14,CX - MOVQ CX,R10 - SHRQ $51,CX - ANDQ DX,AX - IMUL3Q $19,CX,CX - ADDQ CX,SI - ANDQ DX,R10 - MOVQ SI,DX - MOVQ R8,CX - MOVQ R9,R11 - MOVQ AX,R12 - MOVQ R10,R13 - ADDQ ·_2P0(SB),DX - ADDQ ·_2P1234(SB),CX - ADDQ ·_2P1234(SB),R11 - ADDQ ·_2P1234(SB),R12 - ADDQ ·_2P1234(SB),R13 - ADDQ 40(SP),SI - ADDQ 48(SP),R8 - ADDQ 56(SP),R9 - ADDQ 64(SP),AX - ADDQ 72(SP),R10 - SUBQ 40(SP),DX - SUBQ 48(SP),CX - SUBQ 56(SP),R11 - SUBQ 64(SP),R12 - SUBQ 72(SP),R13 - MOVQ SI,120(DI) - MOVQ R8,128(DI) - MOVQ R9,136(DI) - MOVQ AX,144(DI) - MOVQ R10,152(DI) - MOVQ DX,160(DI) - MOVQ CX,168(DI) - MOVQ R11,176(DI) - MOVQ R12,184(DI) - MOVQ R13,192(DI) - MOVQ 120(DI),AX - MULQ 120(DI) - MOVQ AX,SI - MOVQ DX,CX - MOVQ 120(DI),AX - SHLQ $1,AX - MULQ 128(DI) - MOVQ AX,R8 - MOVQ DX,R9 - MOVQ 120(DI),AX - SHLQ $1,AX - MULQ 136(DI) - MOVQ AX,R10 - MOVQ DX,R11 - MOVQ 120(DI),AX - SHLQ $1,AX - MULQ 144(DI) - MOVQ AX,R12 - MOVQ DX,R13 - MOVQ 120(DI),AX - SHLQ $1,AX - MULQ 152(DI) - MOVQ AX,R14 - MOVQ DX,R15 - MOVQ 128(DI),AX - MULQ 128(DI) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 128(DI),AX - SHLQ $1,AX - MULQ 136(DI) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 128(DI),AX - SHLQ $1,AX - MULQ 144(DI) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 128(DI),DX - IMUL3Q $38,DX,AX - MULQ 152(DI) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 136(DI),AX - MULQ 136(DI) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 136(DI),DX - IMUL3Q $38,DX,AX - MULQ 144(DI) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 136(DI),DX - IMUL3Q $38,DX,AX - MULQ 152(DI) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 144(DI),DX - IMUL3Q $19,DX,AX - MULQ 144(DI) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 144(DI),DX - IMUL3Q $38,DX,AX - MULQ 152(DI) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 152(DI),DX - IMUL3Q $19,DX,AX - MULQ 152(DI) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ $REDMASK51,DX - SHLQ $13,CX:SI - ANDQ DX,SI - SHLQ $13,R9:R8 - ANDQ DX,R8 - ADDQ CX,R8 - SHLQ $13,R11:R10 - ANDQ DX,R10 - ADDQ R9,R10 - SHLQ $13,R13:R12 - ANDQ DX,R12 - ADDQ R11,R12 - SHLQ $13,R15:R14 - ANDQ DX,R14 - ADDQ R13,R14 - IMUL3Q $19,R15,CX - ADDQ CX,SI - MOVQ SI,CX - SHRQ $51,CX - ADDQ R8,CX - ANDQ DX,SI - MOVQ CX,R8 - SHRQ $51,CX - ADDQ R10,CX - ANDQ DX,R8 - MOVQ CX,R9 - SHRQ $51,CX - ADDQ R12,CX - ANDQ DX,R9 - MOVQ CX,AX - SHRQ $51,CX - ADDQ R14,CX - ANDQ DX,AX - MOVQ CX,R10 - SHRQ $51,CX - IMUL3Q $19,CX,CX - ADDQ CX,SI - ANDQ DX,R10 - MOVQ SI,120(DI) - MOVQ R8,128(DI) - MOVQ R9,136(DI) - MOVQ AX,144(DI) - MOVQ R10,152(DI) - MOVQ 160(DI),AX - MULQ 160(DI) - MOVQ AX,SI - MOVQ DX,CX - MOVQ 160(DI),AX - SHLQ $1,AX - MULQ 168(DI) - MOVQ AX,R8 - MOVQ DX,R9 - MOVQ 160(DI),AX - SHLQ $1,AX - MULQ 176(DI) - MOVQ AX,R10 - MOVQ DX,R11 - MOVQ 160(DI),AX - SHLQ $1,AX - MULQ 184(DI) - MOVQ AX,R12 - MOVQ DX,R13 - MOVQ 160(DI),AX - SHLQ $1,AX - MULQ 192(DI) - MOVQ AX,R14 - MOVQ DX,R15 - MOVQ 168(DI),AX - MULQ 168(DI) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 168(DI),AX - SHLQ $1,AX - MULQ 176(DI) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 168(DI),AX - SHLQ $1,AX - MULQ 184(DI) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 168(DI),DX - IMUL3Q $38,DX,AX - MULQ 192(DI) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 176(DI),AX - MULQ 176(DI) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 176(DI),DX - IMUL3Q $38,DX,AX - MULQ 184(DI) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 176(DI),DX - IMUL3Q $38,DX,AX - MULQ 192(DI) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 184(DI),DX - IMUL3Q $19,DX,AX - MULQ 184(DI) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 184(DI),DX - IMUL3Q $38,DX,AX - MULQ 192(DI) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 192(DI),DX - IMUL3Q $19,DX,AX - MULQ 192(DI) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ $REDMASK51,DX - SHLQ $13,CX:SI - ANDQ DX,SI - SHLQ $13,R9:R8 - ANDQ DX,R8 - ADDQ CX,R8 - SHLQ $13,R11:R10 - ANDQ DX,R10 - ADDQ R9,R10 - SHLQ $13,R13:R12 - ANDQ DX,R12 - ADDQ R11,R12 - SHLQ $13,R15:R14 - ANDQ DX,R14 - ADDQ R13,R14 - IMUL3Q $19,R15,CX - ADDQ CX,SI - MOVQ SI,CX - SHRQ $51,CX - ADDQ R8,CX - ANDQ DX,SI - MOVQ CX,R8 - SHRQ $51,CX - ADDQ R10,CX - ANDQ DX,R8 - MOVQ CX,R9 - SHRQ $51,CX - ADDQ R12,CX - ANDQ DX,R9 - MOVQ CX,AX - SHRQ $51,CX - ADDQ R14,CX - ANDQ DX,AX - MOVQ CX,R10 - SHRQ $51,CX - IMUL3Q $19,CX,CX - ADDQ CX,SI - ANDQ DX,R10 - MOVQ SI,160(DI) - MOVQ R8,168(DI) - MOVQ R9,176(DI) - MOVQ AX,184(DI) - MOVQ R10,192(DI) - MOVQ 184(DI),SI - IMUL3Q $19,SI,AX - MOVQ AX,0(SP) - MULQ 16(DI) - MOVQ AX,SI - MOVQ DX,CX - MOVQ 192(DI),DX - IMUL3Q $19,DX,AX - MOVQ AX,8(SP) - MULQ 8(DI) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 160(DI),AX - MULQ 0(DI) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 160(DI),AX - MULQ 8(DI) - MOVQ AX,R8 - MOVQ DX,R9 - MOVQ 160(DI),AX - MULQ 16(DI) - MOVQ AX,R10 - MOVQ DX,R11 - MOVQ 160(DI),AX - MULQ 24(DI) - MOVQ AX,R12 - MOVQ DX,R13 - MOVQ 160(DI),AX - MULQ 32(DI) - MOVQ AX,R14 - MOVQ DX,R15 - MOVQ 168(DI),AX - MULQ 0(DI) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 168(DI),AX - MULQ 8(DI) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 168(DI),AX - MULQ 16(DI) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 168(DI),AX - MULQ 24(DI) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 168(DI),DX - IMUL3Q $19,DX,AX - MULQ 32(DI) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 176(DI),AX - MULQ 0(DI) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 176(DI),AX - MULQ 8(DI) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 176(DI),AX - MULQ 16(DI) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 176(DI),DX - IMUL3Q $19,DX,AX - MULQ 24(DI) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 176(DI),DX - IMUL3Q $19,DX,AX - MULQ 32(DI) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 184(DI),AX - MULQ 0(DI) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 184(DI),AX - MULQ 8(DI) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 0(SP),AX - MULQ 24(DI) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 0(SP),AX - MULQ 32(DI) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 192(DI),AX - MULQ 0(DI) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 8(SP),AX - MULQ 16(DI) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 8(SP),AX - MULQ 24(DI) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 8(SP),AX - MULQ 32(DI) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ $REDMASK51,DX - SHLQ $13,CX:SI - ANDQ DX,SI - SHLQ $13,R9:R8 - ANDQ DX,R8 - ADDQ CX,R8 - SHLQ $13,R11:R10 - ANDQ DX,R10 - ADDQ R9,R10 - SHLQ $13,R13:R12 - ANDQ DX,R12 - ADDQ R11,R12 - SHLQ $13,R15:R14 - ANDQ DX,R14 - ADDQ R13,R14 - IMUL3Q $19,R15,CX - ADDQ CX,SI - MOVQ SI,CX - SHRQ $51,CX - ADDQ R8,CX - MOVQ CX,R8 - SHRQ $51,CX - ANDQ DX,SI - ADDQ R10,CX - MOVQ CX,R9 - SHRQ $51,CX - ANDQ DX,R8 - ADDQ R12,CX - MOVQ CX,AX - SHRQ $51,CX - ANDQ DX,R9 - ADDQ R14,CX - MOVQ CX,R10 - SHRQ $51,CX - ANDQ DX,AX - IMUL3Q $19,CX,CX - ADDQ CX,SI - ANDQ DX,R10 - MOVQ SI,160(DI) - MOVQ R8,168(DI) - MOVQ R9,176(DI) - MOVQ AX,184(DI) - MOVQ R10,192(DI) - MOVQ 144(SP),SI - IMUL3Q $19,SI,AX - MOVQ AX,0(SP) - MULQ 96(SP) - MOVQ AX,SI - MOVQ DX,CX - MOVQ 152(SP),DX - IMUL3Q $19,DX,AX - MOVQ AX,8(SP) - MULQ 88(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 120(SP),AX - MULQ 80(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 120(SP),AX - MULQ 88(SP) - MOVQ AX,R8 - MOVQ DX,R9 - MOVQ 120(SP),AX - MULQ 96(SP) - MOVQ AX,R10 - MOVQ DX,R11 - MOVQ 120(SP),AX - MULQ 104(SP) - MOVQ AX,R12 - MOVQ DX,R13 - MOVQ 120(SP),AX - MULQ 112(SP) - MOVQ AX,R14 - MOVQ DX,R15 - MOVQ 128(SP),AX - MULQ 80(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 128(SP),AX - MULQ 88(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 128(SP),AX - MULQ 96(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 128(SP),AX - MULQ 104(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 128(SP),DX - IMUL3Q $19,DX,AX - MULQ 112(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 136(SP),AX - MULQ 80(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 136(SP),AX - MULQ 88(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 136(SP),AX - MULQ 96(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 136(SP),DX - IMUL3Q $19,DX,AX - MULQ 104(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 136(SP),DX - IMUL3Q $19,DX,AX - MULQ 112(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 144(SP),AX - MULQ 80(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 144(SP),AX - MULQ 88(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 0(SP),AX - MULQ 104(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 0(SP),AX - MULQ 112(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 152(SP),AX - MULQ 80(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 8(SP),AX - MULQ 96(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 8(SP),AX - MULQ 104(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 8(SP),AX - MULQ 112(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ $REDMASK51,DX - SHLQ $13,CX:SI - ANDQ DX,SI - SHLQ $13,R9:R8 - ANDQ DX,R8 - ADDQ CX,R8 - SHLQ $13,R11:R10 - ANDQ DX,R10 - ADDQ R9,R10 - SHLQ $13,R13:R12 - ANDQ DX,R12 - ADDQ R11,R12 - SHLQ $13,R15:R14 - ANDQ DX,R14 - ADDQ R13,R14 - IMUL3Q $19,R15,CX - ADDQ CX,SI - MOVQ SI,CX - SHRQ $51,CX - ADDQ R8,CX - MOVQ CX,R8 - SHRQ $51,CX - ANDQ DX,SI - ADDQ R10,CX - MOVQ CX,R9 - SHRQ $51,CX - ANDQ DX,R8 - ADDQ R12,CX - MOVQ CX,AX - SHRQ $51,CX - ANDQ DX,R9 - ADDQ R14,CX - MOVQ CX,R10 - SHRQ $51,CX - ANDQ DX,AX - IMUL3Q $19,CX,CX - ADDQ CX,SI - ANDQ DX,R10 - MOVQ SI,40(DI) - MOVQ R8,48(DI) - MOVQ R9,56(DI) - MOVQ AX,64(DI) - MOVQ R10,72(DI) - MOVQ 160(SP),AX - MULQ ·_121666_213(SB) - SHRQ $13,AX - MOVQ AX,SI - MOVQ DX,CX - MOVQ 168(SP),AX - MULQ ·_121666_213(SB) - SHRQ $13,AX - ADDQ AX,CX - MOVQ DX,R8 - MOVQ 176(SP),AX - MULQ ·_121666_213(SB) - SHRQ $13,AX - ADDQ AX,R8 - MOVQ DX,R9 - MOVQ 184(SP),AX - MULQ ·_121666_213(SB) - SHRQ $13,AX - ADDQ AX,R9 - MOVQ DX,R10 - MOVQ 192(SP),AX - MULQ ·_121666_213(SB) - SHRQ $13,AX - ADDQ AX,R10 - IMUL3Q $19,DX,DX - ADDQ DX,SI - ADDQ 80(SP),SI - ADDQ 88(SP),CX - ADDQ 96(SP),R8 - ADDQ 104(SP),R9 - ADDQ 112(SP),R10 - MOVQ SI,80(DI) - MOVQ CX,88(DI) - MOVQ R8,96(DI) - MOVQ R9,104(DI) - MOVQ R10,112(DI) - MOVQ 104(DI),SI - IMUL3Q $19,SI,AX - MOVQ AX,0(SP) - MULQ 176(SP) - MOVQ AX,SI - MOVQ DX,CX - MOVQ 112(DI),DX - IMUL3Q $19,DX,AX - MOVQ AX,8(SP) - MULQ 168(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 80(DI),AX - MULQ 160(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 80(DI),AX - MULQ 168(SP) - MOVQ AX,R8 - MOVQ DX,R9 - MOVQ 80(DI),AX - MULQ 176(SP) - MOVQ AX,R10 - MOVQ DX,R11 - MOVQ 80(DI),AX - MULQ 184(SP) - MOVQ AX,R12 - MOVQ DX,R13 - MOVQ 80(DI),AX - MULQ 192(SP) - MOVQ AX,R14 - MOVQ DX,R15 - MOVQ 88(DI),AX - MULQ 160(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 88(DI),AX - MULQ 168(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 88(DI),AX - MULQ 176(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 88(DI),AX - MULQ 184(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 88(DI),DX - IMUL3Q $19,DX,AX - MULQ 192(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 96(DI),AX - MULQ 160(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 96(DI),AX - MULQ 168(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 96(DI),AX - MULQ 176(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 96(DI),DX - IMUL3Q $19,DX,AX - MULQ 184(SP) - ADDQ AX,SI - ADCQ DX,CX - MOVQ 96(DI),DX - IMUL3Q $19,DX,AX - MULQ 192(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 104(DI),AX - MULQ 160(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 104(DI),AX - MULQ 168(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 0(SP),AX - MULQ 184(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 0(SP),AX - MULQ 192(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 112(DI),AX - MULQ 160(SP) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 8(SP),AX - MULQ 176(SP) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 8(SP),AX - MULQ 184(SP) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 8(SP),AX - MULQ 192(SP) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ $REDMASK51,DX - SHLQ $13,CX:SI - ANDQ DX,SI - SHLQ $13,R9:R8 - ANDQ DX,R8 - ADDQ CX,R8 - SHLQ $13,R11:R10 - ANDQ DX,R10 - ADDQ R9,R10 - SHLQ $13,R13:R12 - ANDQ DX,R12 - ADDQ R11,R12 - SHLQ $13,R15:R14 - ANDQ DX,R14 - ADDQ R13,R14 - IMUL3Q $19,R15,CX - ADDQ CX,SI - MOVQ SI,CX - SHRQ $51,CX - ADDQ R8,CX - MOVQ CX,R8 - SHRQ $51,CX - ANDQ DX,SI - ADDQ R10,CX - MOVQ CX,R9 - SHRQ $51,CX - ANDQ DX,R8 - ADDQ R12,CX - MOVQ CX,AX - SHRQ $51,CX - ANDQ DX,R9 - ADDQ R14,CX - MOVQ CX,R10 - SHRQ $51,CX - ANDQ DX,AX - IMUL3Q $19,CX,CX - ADDQ CX,SI - ANDQ DX,R10 - MOVQ SI,80(DI) - MOVQ R8,88(DI) - MOVQ R9,96(DI) - MOVQ AX,104(DI) - MOVQ R10,112(DI) - RET diff --git a/ssl/test/runner/curve25519/mont25519_amd64.go b/ssl/test/runner/curve25519/mont25519_amd64.go deleted file mode 100644 index 5822bd5338..0000000000 --- a/ssl/test/runner/curve25519/mont25519_amd64.go +++ /dev/null @@ -1,240 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build amd64,!gccgo,!appengine - -package curve25519 - -// These functions are implemented in the .s files. The names of the functions -// in the rest of the file are also taken from the SUPERCOP sources to help -// people following along. - -//go:noescape - -func cswap(inout *[5]uint64, v uint64) - -//go:noescape - -func ladderstep(inout *[5][5]uint64) - -//go:noescape - -func freeze(inout *[5]uint64) - -//go:noescape - -func mul(dest, a, b *[5]uint64) - -//go:noescape - -func square(out, in *[5]uint64) - -// mladder uses a Montgomery ladder to calculate (xr/zr) *= s. -func mladder(xr, zr *[5]uint64, s *[32]byte) { - var work [5][5]uint64 - - work[0] = *xr - setint(&work[1], 1) - setint(&work[2], 0) - work[3] = *xr - setint(&work[4], 1) - - j := uint(6) - var prevbit byte - - for i := 31; i >= 0; i-- { - for j < 8 { - bit := ((*s)[i] >> j) & 1 - swap := bit ^ prevbit - prevbit = bit - cswap(&work[1], uint64(swap)) - ladderstep(&work) - j-- - } - j = 7 - } - - *xr = work[1] - *zr = work[2] -} - -func scalarMult(out, in, base *[32]byte) { - var e [32]byte - copy(e[:], (*in)[:]) - e[0] &= 248 - e[31] &= 127 - e[31] |= 64 - - var t, z [5]uint64 - unpack(&t, base) - mladder(&t, &z, &e) - invert(&z, &z) - mul(&t, &t, &z) - pack(out, &t) -} - -func setint(r *[5]uint64, v uint64) { - r[0] = v - r[1] = 0 - r[2] = 0 - r[3] = 0 - r[4] = 0 -} - -// unpack sets r = x where r consists of 5, 51-bit limbs in little-endian -// order. -func unpack(r *[5]uint64, x *[32]byte) { - r[0] = uint64(x[0]) | - uint64(x[1])<<8 | - uint64(x[2])<<16 | - uint64(x[3])<<24 | - uint64(x[4])<<32 | - uint64(x[5])<<40 | - uint64(x[6]&7)<<48 - - r[1] = uint64(x[6])>>3 | - uint64(x[7])<<5 | - uint64(x[8])<<13 | - uint64(x[9])<<21 | - uint64(x[10])<<29 | - uint64(x[11])<<37 | - uint64(x[12]&63)<<45 - - r[2] = uint64(x[12])>>6 | - uint64(x[13])<<2 | - uint64(x[14])<<10 | - uint64(x[15])<<18 | - uint64(x[16])<<26 | - uint64(x[17])<<34 | - uint64(x[18])<<42 | - uint64(x[19]&1)<<50 - - r[3] = uint64(x[19])>>1 | - uint64(x[20])<<7 | - uint64(x[21])<<15 | - uint64(x[22])<<23 | - uint64(x[23])<<31 | - uint64(x[24])<<39 | - uint64(x[25]&15)<<47 - - r[4] = uint64(x[25])>>4 | - uint64(x[26])<<4 | - uint64(x[27])<<12 | - uint64(x[28])<<20 | - uint64(x[29])<<28 | - uint64(x[30])<<36 | - uint64(x[31]&127)<<44 -} - -// pack sets out = x where out is the usual, little-endian form of the 5, -// 51-bit limbs in x. -func pack(out *[32]byte, x *[5]uint64) { - t := *x - freeze(&t) - - out[0] = byte(t[0]) - out[1] = byte(t[0] >> 8) - out[2] = byte(t[0] >> 16) - out[3] = byte(t[0] >> 24) - out[4] = byte(t[0] >> 32) - out[5] = byte(t[0] >> 40) - out[6] = byte(t[0] >> 48) - - out[6] ^= byte(t[1]<<3) & 0xf8 - out[7] = byte(t[1] >> 5) - out[8] = byte(t[1] >> 13) - out[9] = byte(t[1] >> 21) - out[10] = byte(t[1] >> 29) - out[11] = byte(t[1] >> 37) - out[12] = byte(t[1] >> 45) - - out[12] ^= byte(t[2]<<6) & 0xc0 - out[13] = byte(t[2] >> 2) - out[14] = byte(t[2] >> 10) - out[15] = byte(t[2] >> 18) - out[16] = byte(t[2] >> 26) - out[17] = byte(t[2] >> 34) - out[18] = byte(t[2] >> 42) - out[19] = byte(t[2] >> 50) - - out[19] ^= byte(t[3]<<1) & 0xfe - out[20] = byte(t[3] >> 7) - out[21] = byte(t[3] >> 15) - out[22] = byte(t[3] >> 23) - out[23] = byte(t[3] >> 31) - out[24] = byte(t[3] >> 39) - out[25] = byte(t[3] >> 47) - - out[25] ^= byte(t[4]<<4) & 0xf0 - out[26] = byte(t[4] >> 4) - out[27] = byte(t[4] >> 12) - out[28] = byte(t[4] >> 20) - out[29] = byte(t[4] >> 28) - out[30] = byte(t[4] >> 36) - out[31] = byte(t[4] >> 44) -} - -// invert calculates r = x^-1 mod p using Fermat's little theorem. -func invert(r *[5]uint64, x *[5]uint64) { - var z2, z9, z11, z2_5_0, z2_10_0, z2_20_0, z2_50_0, z2_100_0, t [5]uint64 - - square(&z2, x) /* 2 */ - square(&t, &z2) /* 4 */ - square(&t, &t) /* 8 */ - mul(&z9, &t, x) /* 9 */ - mul(&z11, &z9, &z2) /* 11 */ - square(&t, &z11) /* 22 */ - mul(&z2_5_0, &t, &z9) /* 2^5 - 2^0 = 31 */ - - square(&t, &z2_5_0) /* 2^6 - 2^1 */ - for i := 1; i < 5; i++ { /* 2^20 - 2^10 */ - square(&t, &t) - } - mul(&z2_10_0, &t, &z2_5_0) /* 2^10 - 2^0 */ - - square(&t, &z2_10_0) /* 2^11 - 2^1 */ - for i := 1; i < 10; i++ { /* 2^20 - 2^10 */ - square(&t, &t) - } - mul(&z2_20_0, &t, &z2_10_0) /* 2^20 - 2^0 */ - - square(&t, &z2_20_0) /* 2^21 - 2^1 */ - for i := 1; i < 20; i++ { /* 2^40 - 2^20 */ - square(&t, &t) - } - mul(&t, &t, &z2_20_0) /* 2^40 - 2^0 */ - - square(&t, &t) /* 2^41 - 2^1 */ - for i := 1; i < 10; i++ { /* 2^50 - 2^10 */ - square(&t, &t) - } - mul(&z2_50_0, &t, &z2_10_0) /* 2^50 - 2^0 */ - - square(&t, &z2_50_0) /* 2^51 - 2^1 */ - for i := 1; i < 50; i++ { /* 2^100 - 2^50 */ - square(&t, &t) - } - mul(&z2_100_0, &t, &z2_50_0) /* 2^100 - 2^0 */ - - square(&t, &z2_100_0) /* 2^101 - 2^1 */ - for i := 1; i < 100; i++ { /* 2^200 - 2^100 */ - square(&t, &t) - } - mul(&t, &t, &z2_100_0) /* 2^200 - 2^0 */ - - square(&t, &t) /* 2^201 - 2^1 */ - for i := 1; i < 50; i++ { /* 2^250 - 2^50 */ - square(&t, &t) - } - mul(&t, &t, &z2_50_0) /* 2^250 - 2^0 */ - - square(&t, &t) /* 2^251 - 2^1 */ - square(&t, &t) /* 2^252 - 2^2 */ - square(&t, &t) /* 2^253 - 2^3 */ - - square(&t, &t) /* 2^254 - 2^4 */ - - square(&t, &t) /* 2^255 - 2^5 */ - mul(r, &t, &z11) /* 2^255 - 21 */ -} diff --git a/ssl/test/runner/curve25519/mul_amd64.s b/ssl/test/runner/curve25519/mul_amd64.s deleted file mode 100644 index b162e65159..0000000000 --- a/ssl/test/runner/curve25519/mul_amd64.s +++ /dev/null @@ -1,169 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// This code was translated into a form compatible with 6a from the public -// domain sources in SUPERCOP: http://bench.cr.yp.to/supercop.html - -// +build amd64,!gccgo,!appengine - -#include "const_amd64.h" - -// func mul(dest, a, b *[5]uint64) -TEXT ·mul(SB),0,$16-24 - MOVQ dest+0(FP), DI - MOVQ a+8(FP), SI - MOVQ b+16(FP), DX - - MOVQ DX,CX - MOVQ 24(SI),DX - IMUL3Q $19,DX,AX - MOVQ AX,0(SP) - MULQ 16(CX) - MOVQ AX,R8 - MOVQ DX,R9 - MOVQ 32(SI),DX - IMUL3Q $19,DX,AX - MOVQ AX,8(SP) - MULQ 8(CX) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 0(SI),AX - MULQ 0(CX) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 0(SI),AX - MULQ 8(CX) - MOVQ AX,R10 - MOVQ DX,R11 - MOVQ 0(SI),AX - MULQ 16(CX) - MOVQ AX,R12 - MOVQ DX,R13 - MOVQ 0(SI),AX - MULQ 24(CX) - MOVQ AX,R14 - MOVQ DX,R15 - MOVQ 0(SI),AX - MULQ 32(CX) - MOVQ AX,BX - MOVQ DX,BP - MOVQ 8(SI),AX - MULQ 0(CX) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 8(SI),AX - MULQ 8(CX) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 8(SI),AX - MULQ 16(CX) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 8(SI),AX - MULQ 24(CX) - ADDQ AX,BX - ADCQ DX,BP - MOVQ 8(SI),DX - IMUL3Q $19,DX,AX - MULQ 32(CX) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 16(SI),AX - MULQ 0(CX) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 16(SI),AX - MULQ 8(CX) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 16(SI),AX - MULQ 16(CX) - ADDQ AX,BX - ADCQ DX,BP - MOVQ 16(SI),DX - IMUL3Q $19,DX,AX - MULQ 24(CX) - ADDQ AX,R8 - ADCQ DX,R9 - MOVQ 16(SI),DX - IMUL3Q $19,DX,AX - MULQ 32(CX) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 24(SI),AX - MULQ 0(CX) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ 24(SI),AX - MULQ 8(CX) - ADDQ AX,BX - ADCQ DX,BP - MOVQ 0(SP),AX - MULQ 24(CX) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 0(SP),AX - MULQ 32(CX) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 32(SI),AX - MULQ 0(CX) - ADDQ AX,BX - ADCQ DX,BP - MOVQ 8(SP),AX - MULQ 16(CX) - ADDQ AX,R10 - ADCQ DX,R11 - MOVQ 8(SP),AX - MULQ 24(CX) - ADDQ AX,R12 - ADCQ DX,R13 - MOVQ 8(SP),AX - MULQ 32(CX) - ADDQ AX,R14 - ADCQ DX,R15 - MOVQ $REDMASK51,SI - SHLQ $13,R9:R8 - ANDQ SI,R8 - SHLQ $13,R11:R10 - ANDQ SI,R10 - ADDQ R9,R10 - SHLQ $13,R13:R12 - ANDQ SI,R12 - ADDQ R11,R12 - SHLQ $13,R15:R14 - ANDQ SI,R14 - ADDQ R13,R14 - SHLQ $13,BP:BX - ANDQ SI,BX - ADDQ R15,BX - IMUL3Q $19,BP,DX - ADDQ DX,R8 - MOVQ R8,DX - SHRQ $51,DX - ADDQ R10,DX - MOVQ DX,CX - SHRQ $51,DX - ANDQ SI,R8 - ADDQ R12,DX - MOVQ DX,R9 - SHRQ $51,DX - ANDQ SI,CX - ADDQ R14,DX - MOVQ DX,AX - SHRQ $51,DX - ANDQ SI,R9 - ADDQ BX,DX - MOVQ DX,R10 - SHRQ $51,DX - ANDQ SI,AX - IMUL3Q $19,DX,DX - ADDQ DX,R8 - ANDQ SI,R10 - MOVQ R8,0(DI) - MOVQ CX,8(DI) - MOVQ R9,16(DI) - MOVQ AX,24(DI) - MOVQ R10,32(DI) - RET diff --git a/ssl/test/runner/curve25519/square_amd64.s b/ssl/test/runner/curve25519/square_amd64.s deleted file mode 100644 index 4e864a83ef..0000000000 --- a/ssl/test/runner/curve25519/square_amd64.s +++ /dev/null @@ -1,132 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// This code was translated into a form compatible with 6a from the public -// domain sources in SUPERCOP: http://bench.cr.yp.to/supercop.html - -// +build amd64,!gccgo,!appengine - -#include "const_amd64.h" - -// func square(out, in *[5]uint64) -TEXT ·square(SB),7,$0-16 - MOVQ out+0(FP), DI - MOVQ in+8(FP), SI - - MOVQ 0(SI),AX - MULQ 0(SI) - MOVQ AX,CX - MOVQ DX,R8 - MOVQ 0(SI),AX - SHLQ $1,AX - MULQ 8(SI) - MOVQ AX,R9 - MOVQ DX,R10 - MOVQ 0(SI),AX - SHLQ $1,AX - MULQ 16(SI) - MOVQ AX,R11 - MOVQ DX,R12 - MOVQ 0(SI),AX - SHLQ $1,AX - MULQ 24(SI) - MOVQ AX,R13 - MOVQ DX,R14 - MOVQ 0(SI),AX - SHLQ $1,AX - MULQ 32(SI) - MOVQ AX,R15 - MOVQ DX,BX - MOVQ 8(SI),AX - MULQ 8(SI) - ADDQ AX,R11 - ADCQ DX,R12 - MOVQ 8(SI),AX - SHLQ $1,AX - MULQ 16(SI) - ADDQ AX,R13 - ADCQ DX,R14 - MOVQ 8(SI),AX - SHLQ $1,AX - MULQ 24(SI) - ADDQ AX,R15 - ADCQ DX,BX - MOVQ 8(SI),DX - IMUL3Q $38,DX,AX - MULQ 32(SI) - ADDQ AX,CX - ADCQ DX,R8 - MOVQ 16(SI),AX - MULQ 16(SI) - ADDQ AX,R15 - ADCQ DX,BX - MOVQ 16(SI),DX - IMUL3Q $38,DX,AX - MULQ 24(SI) - ADDQ AX,CX - ADCQ DX,R8 - MOVQ 16(SI),DX - IMUL3Q $38,DX,AX - MULQ 32(SI) - ADDQ AX,R9 - ADCQ DX,R10 - MOVQ 24(SI),DX - IMUL3Q $19,DX,AX - MULQ 24(SI) - ADDQ AX,R9 - ADCQ DX,R10 - MOVQ 24(SI),DX - IMUL3Q $38,DX,AX - MULQ 32(SI) - ADDQ AX,R11 - ADCQ DX,R12 - MOVQ 32(SI),DX - IMUL3Q $19,DX,AX - MULQ 32(SI) - ADDQ AX,R13 - ADCQ DX,R14 - MOVQ $REDMASK51,SI - SHLQ $13,R8:CX - ANDQ SI,CX - SHLQ $13,R10:R9 - ANDQ SI,R9 - ADDQ R8,R9 - SHLQ $13,R12:R11 - ANDQ SI,R11 - ADDQ R10,R11 - SHLQ $13,R14:R13 - ANDQ SI,R13 - ADDQ R12,R13 - SHLQ $13,BX:R15 - ANDQ SI,R15 - ADDQ R14,R15 - IMUL3Q $19,BX,DX - ADDQ DX,CX - MOVQ CX,DX - SHRQ $51,DX - ADDQ R9,DX - ANDQ SI,CX - MOVQ DX,R8 - SHRQ $51,DX - ADDQ R11,DX - ANDQ SI,R8 - MOVQ DX,R9 - SHRQ $51,DX - ADDQ R13,DX - ANDQ SI,R9 - MOVQ DX,AX - SHRQ $51,DX - ADDQ R15,DX - ANDQ SI,AX - MOVQ DX,R10 - SHRQ $51,DX - IMUL3Q $19,DX,DX - ADDQ DX,CX - ANDQ SI,R10 - MOVQ CX,0(DI) - MOVQ R8,8(DI) - MOVQ R9,16(DI) - MOVQ AX,24(DI) - MOVQ R10,32(DI) - RET diff --git a/ssl/test/runner/deterministic.go b/ssl/test/runner/deterministic.go index 2b71076b1d..50ae47fcd4 100644 --- a/ssl/test/runner/deterministic.go +++ b/ssl/test/runner/deterministic.go @@ -16,6 +16,8 @@ package runner import ( "encoding/binary" + + "golang.org/x/crypto/chacha20" ) // Use a different key from crypto/rand/deterministic.c. @@ -31,7 +33,11 @@ func (d *deterministicRand) Read(buf []byte) (int, error) { } var nonce [12]byte binary.LittleEndian.PutUint64(nonce[:8], d.numCalls) - chaCha20(buf, buf, deterministicRandKey, nonce[:], 0) + cipher, err := chacha20.NewUnauthenticatedCipher(deterministicRandKey, nonce[:]) + if err != nil { + return 0, err + } + cipher.XORKeyStream(buf, buf) d.numCalls++ return len(buf), nil } diff --git a/ssl/test/runner/hkdf.go b/ssl/test/runner/hkdf.go deleted file mode 100644 index c60e4ccf96..0000000000 --- a/ssl/test/runner/hkdf.go +++ /dev/null @@ -1,57 +0,0 @@ -// Copyright (c) 2016, Google Inc. -// -// Permission to use, copy, modify, and/or distribute this software for any -// purpose with or without fee is hereby granted, provided that the above -// copyright notice and this permission notice appear in all copies. -// -// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -package runner - -import ( - "crypto/hmac" - "hash" -) - -// hkdfExtract implements HKDF-Extract from RFC 5869. -func hkdfExtract(hash func() hash.Hash, salt, ikm []byte) []byte { - if salt == nil { - salt = make([]byte, hash().Size()) - } - hmac := hmac.New(hash, salt) - hmac.Write(ikm) - return hmac.Sum(nil) -} - -// hkdfExpand implements HKDF-Expand from RFC 5869. -func hkdfExpand(hash func() hash.Hash, prk, info []byte, length int) []byte { - hashSize := hash().Size() - if length > 255*hashSize { - panic("hkdfExpand: length too long") - } - if len(prk) < hashSize { - panic("hkdfExpand: prk too short") - } - var lastBlock []byte - counter := byte(0) - okm := make([]byte, length) - hmac := hmac.New(hash, prk) - for length > 0 { - hmac.Reset() - counter++ - hmac.Write(lastBlock) - hmac.Write(info) - hmac.Write([]byte{counter}) - block := hmac.Sum(nil) - lastBlock = block - copy(okm[(int(counter)-1)*hashSize:], block) - length -= hashSize - } - return okm -} diff --git a/ssl/test/runner/hkdf_test.go b/ssl/test/runner/hkdf_test.go deleted file mode 100644 index 4e6958ea99..0000000000 --- a/ssl/test/runner/hkdf_test.go +++ /dev/null @@ -1,101 +0,0 @@ -// Copyright (c) 2016, Google Inc. -// -// Permission to use, copy, modify, and/or distribute this software for any -// purpose with or without fee is hereby granted, provided that the above -// copyright notice and this permission notice appear in all copies. -// -// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -package runner - -import ( - "bytes" - "crypto" - _ "crypto/sha1" - _ "crypto/sha256" - "testing" -) - -var hkdfTests = []struct { - hash crypto.Hash - ikm, salt, info, prk, okm []byte -}{ - { - crypto.SHA256, - []byte{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, - []byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c}, - []byte{0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9}, - []byte{0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, 0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63, 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31, 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5}, - []byte{0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 0x58, 0x65}, - }, - { - crypto.SHA256, - []byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f}, - []byte{0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf}, - []byte{0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff}, - []byte{0x06, 0xa6, 0xb8, 0x8c, 0x58, 0x53, 0x36, 0x1a, 0x06, 0x10, 0x4c, 0x9c, 0xeb, 0x35, 0xb4, 0x5c, 0xef, 0x76, 0x00, 0x14, 0x90, 0x46, 0x71, 0x01, 0x4a, 0x19, 0x3f, 0x40, 0xc1, 0x5f, 0xc2, 0x44}, - []byte{0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1, 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34, 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8, 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c, 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72, 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09, 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8, 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71, 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87, 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f, 0x1d, 0x87}, - }, - { - crypto.SHA256, - []byte{ - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, - []byte{}, - []byte{}, - []byte{0x19, 0xef, 0x24, 0xa3, 0x2c, 0x71, 0x7b, 0x16, 0x7f, 0x33, 0xa9, 0x1d, 0x6f, 0x64, 0x8b, 0xdf, 0x96, 0x59, 0x67, 0x76, 0xaf, 0xdb, 0x63, 0x77, 0xac, 0x43, 0x4c, 0x1c, 0x29, 0x3c, 0xcb, 0x04}, - []byte{0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31, 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e, 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d, 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, 0x96, 0xc8}, - }, - { - crypto.SHA1, - []byte{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, - []byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c}, - []byte{0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9}, - []byte{0x9b, 0x6c, 0x18, 0xc4, 0x32, 0xa7, 0xbf, 0x8f, 0x0e, 0x71, 0xc8, 0xeb, 0x88, 0xf4, 0xb3, 0x0b, 0xaa, 0x2b, 0xa2, 0x43}, - []byte{0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69, 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81, 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15, 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2, 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3, 0xf8, 0x96}, - }, - { - crypto.SHA1, - []byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f}, - []byte{0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf}, - []byte{0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff}, - []byte{0x8a, 0xda, 0xe0, 0x9a, 0x2a, 0x30, 0x70, 0x59, 0x47, 0x8d, 0x30, 0x9b, 0x26, 0xc4, 0x11, 0x5a, 0x22, 0x4c, 0xfa, 0xf6}, - []byte{0x0b, 0xd7, 0x70, 0xa7, 0x4d, 0x11, 0x60, 0xf7, 0xc9, 0xf1, 0x2c, 0xd5, 0x91, 0x2a, 0x06, 0xeb, 0xff, 0x6a, 0xdc, 0xae, 0x89, 0x9d, 0x92, 0x19, 0x1f, 0xe4, 0x30, 0x56, 0x73, 0xba, 0x2f, 0xfe, 0x8f, 0xa3, 0xf1, 0xa4, 0xe5, 0xad, 0x79, 0xf3, 0xf3, 0x34, 0xb3, 0xb2, 0x02, 0xb2, 0x17, 0x3c, 0x48, 0x6e, 0xa3, 0x7c, 0xe3, 0xd3, 0x97, 0xed, 0x03, 0x4c, 0x7f, 0x9d, 0xfe, 0xb1, 0x5c, 0x5e, 0x92, 0x73, 0x36, 0xd0, 0x44, 0x1f, 0x4c, 0x43, 0x00, 0xe2, 0xcf, 0xf0, 0xd0, 0x90, 0x0b, 0x52, 0xd3, 0xb4}, - }, - { - crypto.SHA1, - []byte{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, - []byte{}, - []byte{}, - []byte{0xda, 0x8c, 0x8a, 0x73, 0xc7, 0xfa, 0x77, 0x28, 0x8e, 0xc6, 0xf5, 0xe7, 0xc2, 0x97, 0x78, 0x6a, 0xa0, 0xd3, 0x2d, 0x01}, - []byte{0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61, 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06, 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06, 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0, 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3, 0x49, 0x18}, - }, - { - crypto.SHA1, - []byte{0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c}, - []byte{}, - []byte{}, - []byte{0x2a, 0xdc, 0xca, 0xda, 0x18, 0x77, 0x9e, 0x7c, 0x20, 0x77, 0xad, 0x2e, 0xb1, 0x9d, 0x3f, 0x3e, 0x73, 0x13, 0x85, 0xdd}, - []byte{0x2c, 0x91, 0x11, 0x72, 0x04, 0xd7, 0x45, 0xf3, 0x50, 0x0d, 0x63, 0x6a, 0x62, 0xf6, 0x4f, 0x0a, 0xb3, 0xba, 0xe5, 0x48, 0xaa, 0x53, 0xd4, 0x23, 0xb0, 0xd1, 0xf2, 0x7e, 0xbb, 0xa6, 0xf5, 0xe5, 0x67, 0x3a, 0x08, 0x1d, 0x70, 0xcc, 0xe7, 0xac, 0xfc, 0x48}, - }, -} - -func TestHKDF(t *testing.T) { - for i, tt := range hkdfTests { - prk := hkdfExtract(tt.hash.New, tt.salt, tt.ikm) - if !bytes.Equal(prk, tt.prk) { - t.Errorf("%d. got hkdfExtract(%x, %x) = %x; wanted %x", i+1, tt.salt, tt.ikm, prk, tt.prk) - } - - okm := hkdfExpand(tt.hash.New, tt.prk, tt.info, len(tt.okm)) - if !bytes.Equal(okm, tt.okm) { - t.Errorf("%d. got hkdfExpand(%x, %x, %d) = %x; wanted %x", i+1, tt.prk, tt.info, len(tt.okm), okm, tt.okm) - } - } -} diff --git a/ssl/test/runner/key_agreement.go b/ssl/test/runner/key_agreement.go index 266163ec5b..b435f18469 100644 --- a/ssl/test/runner/key_agreement.go +++ b/ssl/test/runner/key_agreement.go @@ -17,8 +17,8 @@ import ( "io" "math/big" - "boringssl.googlesource.com/boringssl/ssl/test/runner/curve25519" "boringssl.googlesource.com/boringssl/ssl/test/runner/hrss" + "golang.org/x/crypto/curve25519" ) type keyType int diff --git a/ssl/test/runner/poly1305/poly1305.go b/ssl/test/runner/poly1305/poly1305.go deleted file mode 100644 index f562fa5712..0000000000 --- a/ssl/test/runner/poly1305/poly1305.go +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -/* -Package poly1305 implements Poly1305 one-time message authentication code as -specified in https://cr.yp.to/mac/poly1305-20050329.pdf. - -Poly1305 is a fast, one-time authentication function. It is infeasible for an -attacker to generate an authenticator for a message without the key. However, a -key must only be used for a single message. Authenticating two different -messages with the same key allows an attacker to forge authenticators for other -messages with the same key. - -Poly1305 was originally coupled with AES in order to make Poly1305-AES. AES was -used with a fixed key in order to generate one-time keys from an nonce. -However, in this package AES isn't used and the one-time key is specified -directly. -*/ -package poly1305 // import "golang.org/x/crypto/poly1305" - -import "crypto/subtle" - -// TagSize is the size, in bytes, of a poly1305 authenticator. -const TagSize = 16 - -// Verify returns true if mac is a valid authenticator for m with the given -// key. -func Verify(mac *[16]byte, m []byte, key *[32]byte) bool { - var tmp [16]byte - Sum(&tmp, m, key) - return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1 -} diff --git a/ssl/test/runner/poly1305/poly1305_test.go b/ssl/test/runner/poly1305/poly1305_test.go deleted file mode 100644 index 256bdbba2f..0000000000 --- a/ssl/test/runner/poly1305/poly1305_test.go +++ /dev/null @@ -1,132 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package poly1305 - -import ( - "encoding/hex" - "flag" - "testing" - "unsafe" -) - -var stressFlag = flag.Bool("stress", false, "run slow stress tests") - -type test struct { - in string - key string - tag string -} - -func (t *test) Input() []byte { - in, err := hex.DecodeString(t.in) - if err != nil { - panic(err) - } - return in -} - -func (t *test) Key() [32]byte { - buf, err := hex.DecodeString(t.key) - if err != nil { - panic(err) - } - var key [32]byte - copy(key[:], buf[:32]) - return key -} - -func (t *test) Tag() [16]byte { - buf, err := hex.DecodeString(t.tag) - if err != nil { - panic(err) - } - var tag [16]byte - copy(tag[:], buf[:16]) - return tag -} - -func testSum(t *testing.T, unaligned bool, sumImpl func(tag *[TagSize]byte, msg []byte, key *[32]byte)) { - var tag [16]byte - for i, v := range testData { - in := v.Input() - if unaligned { - in = unalignBytes(in) - } - key := v.Key() - sumImpl(&tag, in, &key) - if tag != v.Tag() { - t.Errorf("%d: expected %x, got %x", i, v.Tag(), tag[:]) - } - } -} - -func TestBurnin(t *testing.T) { - // This test can be used to sanity-check significant changes. It can - // take about many minutes to run, even on fast machines. It's disabled - // by default. - if !*stressFlag { - t.Skip("skipping without -stress") - } - - var key [32]byte - var input [25]byte - var output [16]byte - - for i := range key { - key[i] = 1 - } - for i := range input { - input[i] = 2 - } - - for i := uint64(0); i < 1e10; i++ { - Sum(&output, input[:], &key) - copy(key[0:], output[:]) - copy(key[16:], output[:]) - copy(input[:], output[:]) - copy(input[16:], output[:]) - } - - const expected = "5e3b866aea0b636d240c83c428f84bfa" - if got := hex.EncodeToString(output[:]); got != expected { - t.Errorf("expected %s, got %s", expected, got) - } -} - -func TestSum(t *testing.T) { testSum(t, false, Sum) } -func TestSumUnaligned(t *testing.T) { testSum(t, true, Sum) } -func TestSumGeneric(t *testing.T) { testSum(t, false, sumGeneric) } -func TestSumGenericUnaligned(t *testing.T) { testSum(t, true, sumGeneric) } - -func benchmark(b *testing.B, size int, unaligned bool) { - var out [16]byte - var key [32]byte - in := make([]byte, size) - if unaligned { - in = unalignBytes(in) - } - b.SetBytes(int64(len(in))) - b.ResetTimer() - for i := 0; i < b.N; i++ { - Sum(&out, in, &key) - } -} - -func Benchmark64(b *testing.B) { benchmark(b, 64, false) } -func Benchmark1K(b *testing.B) { benchmark(b, 1024, false) } -func Benchmark64Unaligned(b *testing.B) { benchmark(b, 64, true) } -func Benchmark1KUnaligned(b *testing.B) { benchmark(b, 1024, true) } -func Benchmark2M(b *testing.B) { benchmark(b, 2097152, true) } - -func unalignBytes(in []byte) []byte { - out := make([]byte, len(in)+1) - if uintptr(unsafe.Pointer(&out[0]))&(unsafe.Alignof(uint32(0))-1) == 0 { - out = out[1:] - } else { - out = out[:len(in)] - } - copy(out, in) - return out -} diff --git a/ssl/test/runner/poly1305/sum_amd64.go b/ssl/test/runner/poly1305/sum_amd64.go deleted file mode 100644 index 4dd72fe799..0000000000 --- a/ssl/test/runner/poly1305/sum_amd64.go +++ /dev/null @@ -1,22 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build amd64,!gccgo,!appengine - -package poly1305 - -// This function is implemented in sum_amd64.s -//go:noescape -func poly1305(out *[16]byte, m *byte, mlen uint64, key *[32]byte) - -// Sum generates an authenticator for m using a one-time key and puts the -// 16-byte result into out. Authenticating two different messages with the same -// key allows an attacker to forge messages at will. -func Sum(out *[16]byte, m []byte, key *[32]byte) { - var mPtr *byte - if len(m) > 0 { - mPtr = &m[0] - } - poly1305(out, mPtr, uint64(len(m)), key) -} diff --git a/ssl/test/runner/poly1305/sum_amd64.s b/ssl/test/runner/poly1305/sum_amd64.s deleted file mode 100644 index 2edae63828..0000000000 --- a/ssl/test/runner/poly1305/sum_amd64.s +++ /dev/null @@ -1,125 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build amd64,!gccgo,!appengine - -#include "textflag.h" - -#define POLY1305_ADD(msg, h0, h1, h2) \ - ADDQ 0(msg), h0; \ - ADCQ 8(msg), h1; \ - ADCQ $1, h2; \ - LEAQ 16(msg), msg - -#define POLY1305_MUL(h0, h1, h2, r0, r1, t0, t1, t2, t3) \ - MOVQ r0, AX; \ - MULQ h0; \ - MOVQ AX, t0; \ - MOVQ DX, t1; \ - MOVQ r0, AX; \ - MULQ h1; \ - ADDQ AX, t1; \ - ADCQ $0, DX; \ - MOVQ r0, t2; \ - IMULQ h2, t2; \ - ADDQ DX, t2; \ - \ - MOVQ r1, AX; \ - MULQ h0; \ - ADDQ AX, t1; \ - ADCQ $0, DX; \ - MOVQ DX, h0; \ - MOVQ r1, t3; \ - IMULQ h2, t3; \ - MOVQ r1, AX; \ - MULQ h1; \ - ADDQ AX, t2; \ - ADCQ DX, t3; \ - ADDQ h0, t2; \ - ADCQ $0, t3; \ - \ - MOVQ t0, h0; \ - MOVQ t1, h1; \ - MOVQ t2, h2; \ - ANDQ $3, h2; \ - MOVQ t2, t0; \ - ANDQ $0xFFFFFFFFFFFFFFFC, t0; \ - ADDQ t0, h0; \ - ADCQ t3, h1; \ - ADCQ $0, h2; \ - SHRQ $2, t3, t2; \ - SHRQ $2, t3; \ - ADDQ t2, h0; \ - ADCQ t3, h1; \ - ADCQ $0, h2 - -DATA ·poly1305Mask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF -DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC -GLOBL ·poly1305Mask<>(SB), RODATA, $16 - -// func poly1305(out *[16]byte, m *byte, mlen uint64, key *[32]key) -TEXT ·poly1305(SB), $0-32 - MOVQ out+0(FP), DI - MOVQ m+8(FP), SI - MOVQ mlen+16(FP), R15 - MOVQ key+24(FP), AX - - MOVQ 0(AX), R11 - MOVQ 8(AX), R12 - ANDQ ·poly1305Mask<>(SB), R11 // r0 - ANDQ ·poly1305Mask<>+8(SB), R12 // r1 - XORQ R8, R8 // h0 - XORQ R9, R9 // h1 - XORQ R10, R10 // h2 - - CMPQ R15, $16 - JB bytes_between_0_and_15 - -loop: - POLY1305_ADD(SI, R8, R9, R10) - -multiply: - POLY1305_MUL(R8, R9, R10, R11, R12, BX, CX, R13, R14) - SUBQ $16, R15 - CMPQ R15, $16 - JAE loop - -bytes_between_0_and_15: - TESTQ R15, R15 - JZ done - MOVQ $1, BX - XORQ CX, CX - XORQ R13, R13 - ADDQ R15, SI - -flush_buffer: - SHLQ $8, BX, CX - SHLQ $8, BX - MOVB -1(SI), R13 - XORQ R13, BX - DECQ SI - DECQ R15 - JNZ flush_buffer - - ADDQ BX, R8 - ADCQ CX, R9 - ADCQ $0, R10 - MOVQ $16, R15 - JMP multiply - -done: - MOVQ R8, AX - MOVQ R9, BX - SUBQ $0xFFFFFFFFFFFFFFFB, AX - SBBQ $0xFFFFFFFFFFFFFFFF, BX - SBBQ $3, R10 - CMOVQCS R8, AX - CMOVQCS R9, BX - MOVQ key+24(FP), R8 - ADDQ 16(R8), AX - ADCQ 24(R8), BX - - MOVQ AX, 0(DI) - MOVQ BX, 8(DI) - RET diff --git a/ssl/test/runner/poly1305/sum_arm.go b/ssl/test/runner/poly1305/sum_arm.go deleted file mode 100644 index 5dc321c2f3..0000000000 --- a/ssl/test/runner/poly1305/sum_arm.go +++ /dev/null @@ -1,22 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build arm,!gccgo,!appengine,!nacl - -package poly1305 - -// This function is implemented in sum_arm.s -//go:noescape -func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]byte) - -// Sum generates an authenticator for m using a one-time key and puts the -// 16-byte result into out. Authenticating two different messages with the same -// key allows an attacker to forge messages at will. -func Sum(out *[16]byte, m []byte, key *[32]byte) { - var mPtr *byte - if len(m) > 0 { - mPtr = &m[0] - } - poly1305_auth_armv6(out, mPtr, uint32(len(m)), key) -} diff --git a/ssl/test/runner/poly1305/sum_arm.s b/ssl/test/runner/poly1305/sum_arm.s deleted file mode 100644 index f70b4ac484..0000000000 --- a/ssl/test/runner/poly1305/sum_arm.s +++ /dev/null @@ -1,427 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build arm,!gccgo,!appengine,!nacl - -#include "textflag.h" - -// This code was translated into a form compatible with 5a from the public -// domain source by Andrew Moon: github.com/floodyberry/poly1305-opt/blob/master/app/extensions/poly1305. - -DATA ·poly1305_init_constants_armv6<>+0x00(SB)/4, $0x3ffffff -DATA ·poly1305_init_constants_armv6<>+0x04(SB)/4, $0x3ffff03 -DATA ·poly1305_init_constants_armv6<>+0x08(SB)/4, $0x3ffc0ff -DATA ·poly1305_init_constants_armv6<>+0x0c(SB)/4, $0x3f03fff -DATA ·poly1305_init_constants_armv6<>+0x10(SB)/4, $0x00fffff -GLOBL ·poly1305_init_constants_armv6<>(SB), 8, $20 - -// Warning: the linker may use R11 to synthesize certain instructions. Please -// take care and verify that no synthetic instructions use it. - -TEXT poly1305_init_ext_armv6<>(SB), NOSPLIT, $0 - // Needs 16 bytes of stack and 64 bytes of space pointed to by R0. (It - // might look like it's only 60 bytes of space but the final four bytes - // will be written by another function.) We need to skip over four - // bytes of stack because that's saving the value of 'g'. - ADD $4, R13, R8 - MOVM.IB [R4-R7], (R8) - MOVM.IA.W (R1), [R2-R5] - MOVW $·poly1305_init_constants_armv6<>(SB), R7 - MOVW R2, R8 - MOVW R2>>26, R9 - MOVW R3>>20, g - MOVW R4>>14, R11 - MOVW R5>>8, R12 - ORR R3<<6, R9, R9 - ORR R4<<12, g, g - ORR R5<<18, R11, R11 - MOVM.IA (R7), [R2-R6] - AND R8, R2, R2 - AND R9, R3, R3 - AND g, R4, R4 - AND R11, R5, R5 - AND R12, R6, R6 - MOVM.IA.W [R2-R6], (R0) - EOR R2, R2, R2 - EOR R3, R3, R3 - EOR R4, R4, R4 - EOR R5, R5, R5 - EOR R6, R6, R6 - MOVM.IA.W [R2-R6], (R0) - MOVM.IA.W (R1), [R2-R5] - MOVM.IA [R2-R6], (R0) - ADD $20, R13, R0 - MOVM.DA (R0), [R4-R7] - RET - -#define MOVW_UNALIGNED(Rsrc, Rdst, Rtmp, offset) \ - MOVBU (offset+0)(Rsrc), Rtmp; \ - MOVBU Rtmp, (offset+0)(Rdst); \ - MOVBU (offset+1)(Rsrc), Rtmp; \ - MOVBU Rtmp, (offset+1)(Rdst); \ - MOVBU (offset+2)(Rsrc), Rtmp; \ - MOVBU Rtmp, (offset+2)(Rdst); \ - MOVBU (offset+3)(Rsrc), Rtmp; \ - MOVBU Rtmp, (offset+3)(Rdst) - -TEXT poly1305_blocks_armv6<>(SB), NOSPLIT, $0 - // Needs 24 bytes of stack for saved registers and then 88 bytes of - // scratch space after that. We assume that 24 bytes at (R13) have - // already been used: four bytes for the link register saved in the - // prelude of poly1305_auth_armv6, four bytes for saving the value of g - // in that function and 16 bytes of scratch space used around - // poly1305_finish_ext_armv6_skip1. - ADD $24, R13, R12 - MOVM.IB [R4-R8, R14], (R12) - MOVW R0, 88(R13) - MOVW R1, 92(R13) - MOVW R2, 96(R13) - MOVW R1, R14 - MOVW R2, R12 - MOVW 56(R0), R8 - WORD $0xe1180008 // TST R8, R8 not working see issue 5921 - EOR R6, R6, R6 - MOVW.EQ $(1<<24), R6 - MOVW R6, 84(R13) - ADD $116, R13, g - MOVM.IA (R0), [R0-R9] - MOVM.IA [R0-R4], (g) - CMP $16, R12 - BLO poly1305_blocks_armv6_done - -poly1305_blocks_armv6_mainloop: - WORD $0xe31e0003 // TST R14, #3 not working see issue 5921 - BEQ poly1305_blocks_armv6_mainloop_aligned - ADD $100, R13, g - MOVW_UNALIGNED(R14, g, R0, 0) - MOVW_UNALIGNED(R14, g, R0, 4) - MOVW_UNALIGNED(R14, g, R0, 8) - MOVW_UNALIGNED(R14, g, R0, 12) - MOVM.IA (g), [R0-R3] - ADD $16, R14 - B poly1305_blocks_armv6_mainloop_loaded - -poly1305_blocks_armv6_mainloop_aligned: - MOVM.IA.W (R14), [R0-R3] - -poly1305_blocks_armv6_mainloop_loaded: - MOVW R0>>26, g - MOVW R1>>20, R11 - MOVW R2>>14, R12 - MOVW R14, 92(R13) - MOVW R3>>8, R4 - ORR R1<<6, g, g - ORR R2<<12, R11, R11 - ORR R3<<18, R12, R12 - BIC $0xfc000000, R0, R0 - BIC $0xfc000000, g, g - MOVW 84(R13), R3 - BIC $0xfc000000, R11, R11 - BIC $0xfc000000, R12, R12 - ADD R0, R5, R5 - ADD g, R6, R6 - ORR R3, R4, R4 - ADD R11, R7, R7 - ADD $116, R13, R14 - ADD R12, R8, R8 - ADD R4, R9, R9 - MOVM.IA (R14), [R0-R4] - MULLU R4, R5, (R11, g) - MULLU R3, R5, (R14, R12) - MULALU R3, R6, (R11, g) - MULALU R2, R6, (R14, R12) - MULALU R2, R7, (R11, g) - MULALU R1, R7, (R14, R12) - ADD R4<<2, R4, R4 - ADD R3<<2, R3, R3 - MULALU R1, R8, (R11, g) - MULALU R0, R8, (R14, R12) - MULALU R0, R9, (R11, g) - MULALU R4, R9, (R14, R12) - MOVW g, 76(R13) - MOVW R11, 80(R13) - MOVW R12, 68(R13) - MOVW R14, 72(R13) - MULLU R2, R5, (R11, g) - MULLU R1, R5, (R14, R12) - MULALU R1, R6, (R11, g) - MULALU R0, R6, (R14, R12) - MULALU R0, R7, (R11, g) - MULALU R4, R7, (R14, R12) - ADD R2<<2, R2, R2 - ADD R1<<2, R1, R1 - MULALU R4, R8, (R11, g) - MULALU R3, R8, (R14, R12) - MULALU R3, R9, (R11, g) - MULALU R2, R9, (R14, R12) - MOVW g, 60(R13) - MOVW R11, 64(R13) - MOVW R12, 52(R13) - MOVW R14, 56(R13) - MULLU R0, R5, (R11, g) - MULALU R4, R6, (R11, g) - MULALU R3, R7, (R11, g) - MULALU R2, R8, (R11, g) - MULALU R1, R9, (R11, g) - ADD $52, R13, R0 - MOVM.IA (R0), [R0-R7] - MOVW g>>26, R12 - MOVW R4>>26, R14 - ORR R11<<6, R12, R12 - ORR R5<<6, R14, R14 - BIC $0xfc000000, g, g - BIC $0xfc000000, R4, R4 - ADD.S R12, R0, R0 - ADC $0, R1, R1 - ADD.S R14, R6, R6 - ADC $0, R7, R7 - MOVW R0>>26, R12 - MOVW R6>>26, R14 - ORR R1<<6, R12, R12 - ORR R7<<6, R14, R14 - BIC $0xfc000000, R0, R0 - BIC $0xfc000000, R6, R6 - ADD R14<<2, R14, R14 - ADD.S R12, R2, R2 - ADC $0, R3, R3 - ADD R14, g, g - MOVW R2>>26, R12 - MOVW g>>26, R14 - ORR R3<<6, R12, R12 - BIC $0xfc000000, g, R5 - BIC $0xfc000000, R2, R7 - ADD R12, R4, R4 - ADD R14, R0, R0 - MOVW R4>>26, R12 - BIC $0xfc000000, R4, R8 - ADD R12, R6, R9 - MOVW 96(R13), R12 - MOVW 92(R13), R14 - MOVW R0, R6 - CMP $32, R12 - SUB $16, R12, R12 - MOVW R12, 96(R13) - BHS poly1305_blocks_armv6_mainloop - -poly1305_blocks_armv6_done: - MOVW 88(R13), R12 - MOVW R5, 20(R12) - MOVW R6, 24(R12) - MOVW R7, 28(R12) - MOVW R8, 32(R12) - MOVW R9, 36(R12) - ADD $48, R13, R0 - MOVM.DA (R0), [R4-R8, R14] - RET - -#define MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp) \ - MOVBU.P 1(Rsrc), Rtmp; \ - MOVBU.P Rtmp, 1(Rdst); \ - MOVBU.P 1(Rsrc), Rtmp; \ - MOVBU.P Rtmp, 1(Rdst) - -#define MOVWP_UNALIGNED(Rsrc, Rdst, Rtmp) \ - MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp); \ - MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp) - -// func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]key) -TEXT ·poly1305_auth_armv6(SB), $196-16 - // The value 196, just above, is the sum of 64 (the size of the context - // structure) and 132 (the amount of stack needed). - // - // At this point, the stack pointer (R13) has been moved down. It - // points to the saved link register and there's 196 bytes of free - // space above it. - // - // The stack for this function looks like: - // - // +--------------------- - // | - // | 64 bytes of context structure - // | - // +--------------------- - // | - // | 112 bytes for poly1305_blocks_armv6 - // | - // +--------------------- - // | 16 bytes of final block, constructed at - // | poly1305_finish_ext_armv6_skip8 - // +--------------------- - // | four bytes of saved 'g' - // +--------------------- - // | lr, saved by prelude <- R13 points here - // +--------------------- - MOVW g, 4(R13) - - MOVW out+0(FP), R4 - MOVW m+4(FP), R5 - MOVW mlen+8(FP), R6 - MOVW key+12(FP), R7 - - ADD $136, R13, R0 // 136 = 4 + 4 + 16 + 112 - MOVW R7, R1 - - // poly1305_init_ext_armv6 will write to the stack from R13+4, but - // that's ok because none of the other values have been written yet. - BL poly1305_init_ext_armv6<>(SB) - BIC.S $15, R6, R2 - BEQ poly1305_auth_armv6_noblocks - ADD $136, R13, R0 - MOVW R5, R1 - ADD R2, R5, R5 - SUB R2, R6, R6 - BL poly1305_blocks_armv6<>(SB) - -poly1305_auth_armv6_noblocks: - ADD $136, R13, R0 - MOVW R5, R1 - MOVW R6, R2 - MOVW R4, R3 - - MOVW R0, R5 - MOVW R1, R6 - MOVW R2, R7 - MOVW R3, R8 - AND.S R2, R2, R2 - BEQ poly1305_finish_ext_armv6_noremaining - EOR R0, R0 - ADD $8, R13, R9 // 8 = offset to 16 byte scratch space - MOVW R0, (R9) - MOVW R0, 4(R9) - MOVW R0, 8(R9) - MOVW R0, 12(R9) - WORD $0xe3110003 // TST R1, #3 not working see issue 5921 - BEQ poly1305_finish_ext_armv6_aligned - WORD $0xe3120008 // TST R2, #8 not working see issue 5921 - BEQ poly1305_finish_ext_armv6_skip8 - MOVWP_UNALIGNED(R1, R9, g) - MOVWP_UNALIGNED(R1, R9, g) - -poly1305_finish_ext_armv6_skip8: - WORD $0xe3120004 // TST $4, R2 not working see issue 5921 - BEQ poly1305_finish_ext_armv6_skip4 - MOVWP_UNALIGNED(R1, R9, g) - -poly1305_finish_ext_armv6_skip4: - WORD $0xe3120002 // TST $2, R2 not working see issue 5921 - BEQ poly1305_finish_ext_armv6_skip2 - MOVHUP_UNALIGNED(R1, R9, g) - B poly1305_finish_ext_armv6_skip2 - -poly1305_finish_ext_armv6_aligned: - WORD $0xe3120008 // TST R2, #8 not working see issue 5921 - BEQ poly1305_finish_ext_armv6_skip8_aligned - MOVM.IA.W (R1), [g-R11] - MOVM.IA.W [g-R11], (R9) - -poly1305_finish_ext_armv6_skip8_aligned: - WORD $0xe3120004 // TST $4, R2 not working see issue 5921 - BEQ poly1305_finish_ext_armv6_skip4_aligned - MOVW.P 4(R1), g - MOVW.P g, 4(R9) - -poly1305_finish_ext_armv6_skip4_aligned: - WORD $0xe3120002 // TST $2, R2 not working see issue 5921 - BEQ poly1305_finish_ext_armv6_skip2 - MOVHU.P 2(R1), g - MOVH.P g, 2(R9) - -poly1305_finish_ext_armv6_skip2: - WORD $0xe3120001 // TST $1, R2 not working see issue 5921 - BEQ poly1305_finish_ext_armv6_skip1 - MOVBU.P 1(R1), g - MOVBU.P g, 1(R9) - -poly1305_finish_ext_armv6_skip1: - MOVW $1, R11 - MOVBU R11, 0(R9) - MOVW R11, 56(R5) - MOVW R5, R0 - ADD $8, R13, R1 - MOVW $16, R2 - BL poly1305_blocks_armv6<>(SB) - -poly1305_finish_ext_armv6_noremaining: - MOVW 20(R5), R0 - MOVW 24(R5), R1 - MOVW 28(R5), R2 - MOVW 32(R5), R3 - MOVW 36(R5), R4 - MOVW R4>>26, R12 - BIC $0xfc000000, R4, R4 - ADD R12<<2, R12, R12 - ADD R12, R0, R0 - MOVW R0>>26, R12 - BIC $0xfc000000, R0, R0 - ADD R12, R1, R1 - MOVW R1>>26, R12 - BIC $0xfc000000, R1, R1 - ADD R12, R2, R2 - MOVW R2>>26, R12 - BIC $0xfc000000, R2, R2 - ADD R12, R3, R3 - MOVW R3>>26, R12 - BIC $0xfc000000, R3, R3 - ADD R12, R4, R4 - ADD $5, R0, R6 - MOVW R6>>26, R12 - BIC $0xfc000000, R6, R6 - ADD R12, R1, R7 - MOVW R7>>26, R12 - BIC $0xfc000000, R7, R7 - ADD R12, R2, g - MOVW g>>26, R12 - BIC $0xfc000000, g, g - ADD R12, R3, R11 - MOVW $-(1<<26), R12 - ADD R11>>26, R12, R12 - BIC $0xfc000000, R11, R11 - ADD R12, R4, R9 - MOVW R9>>31, R12 - SUB $1, R12 - AND R12, R6, R6 - AND R12, R7, R7 - AND R12, g, g - AND R12, R11, R11 - AND R12, R9, R9 - MVN R12, R12 - AND R12, R0, R0 - AND R12, R1, R1 - AND R12, R2, R2 - AND R12, R3, R3 - AND R12, R4, R4 - ORR R6, R0, R0 - ORR R7, R1, R1 - ORR g, R2, R2 - ORR R11, R3, R3 - ORR R9, R4, R4 - ORR R1<<26, R0, R0 - MOVW R1>>6, R1 - ORR R2<<20, R1, R1 - MOVW R2>>12, R2 - ORR R3<<14, R2, R2 - MOVW R3>>18, R3 - ORR R4<<8, R3, R3 - MOVW 40(R5), R6 - MOVW 44(R5), R7 - MOVW 48(R5), g - MOVW 52(R5), R11 - ADD.S R6, R0, R0 - ADC.S R7, R1, R1 - ADC.S g, R2, R2 - ADC.S R11, R3, R3 - MOVM.IA [R0-R3], (R8) - MOVW R5, R12 - EOR R0, R0, R0 - EOR R1, R1, R1 - EOR R2, R2, R2 - EOR R3, R3, R3 - EOR R4, R4, R4 - EOR R5, R5, R5 - EOR R6, R6, R6 - EOR R7, R7, R7 - MOVM.IA.W [R0-R7], (R12) - MOVM.IA [R0-R7], (R12) - MOVW 4(R13), g - RET diff --git a/ssl/test/runner/poly1305/sum_noasm.go b/ssl/test/runner/poly1305/sum_noasm.go deleted file mode 100644 index 751eec5274..0000000000 --- a/ssl/test/runner/poly1305/sum_noasm.go +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build s390x,!go1.11 !arm,!amd64,!s390x gccgo appengine nacl - -package poly1305 - -// Sum generates an authenticator for msg using a one-time key and puts the -// 16-byte result into out. Authenticating two different messages with the same -// key allows an attacker to forge messages at will. -func Sum(out *[TagSize]byte, msg []byte, key *[32]byte) { - sumGeneric(out, msg, key) -} diff --git a/ssl/test/runner/poly1305/sum_ref.go b/ssl/test/runner/poly1305/sum_ref.go deleted file mode 100644 index c4d59bd098..0000000000 --- a/ssl/test/runner/poly1305/sum_ref.go +++ /dev/null @@ -1,139 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package poly1305 - -import "encoding/binary" - -// sumGeneric generates an authenticator for msg using a one-time key and -// puts the 16-byte result into out. This is the generic implementation of -// Sum and should be called if no assembly implementation is available. -func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) { - var ( - h0, h1, h2, h3, h4 uint32 // the hash accumulators - r0, r1, r2, r3, r4 uint64 // the r part of the key - ) - - r0 = uint64(binary.LittleEndian.Uint32(key[0:]) & 0x3ffffff) - r1 = uint64((binary.LittleEndian.Uint32(key[3:]) >> 2) & 0x3ffff03) - r2 = uint64((binary.LittleEndian.Uint32(key[6:]) >> 4) & 0x3ffc0ff) - r3 = uint64((binary.LittleEndian.Uint32(key[9:]) >> 6) & 0x3f03fff) - r4 = uint64((binary.LittleEndian.Uint32(key[12:]) >> 8) & 0x00fffff) - - R1, R2, R3, R4 := r1*5, r2*5, r3*5, r4*5 - - for len(msg) >= TagSize { - // h += msg - h0 += binary.LittleEndian.Uint32(msg[0:]) & 0x3ffffff - h1 += (binary.LittleEndian.Uint32(msg[3:]) >> 2) & 0x3ffffff - h2 += (binary.LittleEndian.Uint32(msg[6:]) >> 4) & 0x3ffffff - h3 += (binary.LittleEndian.Uint32(msg[9:]) >> 6) & 0x3ffffff - h4 += (binary.LittleEndian.Uint32(msg[12:]) >> 8) | (1 << 24) - - // h *= r - d0 := (uint64(h0) * r0) + (uint64(h1) * R4) + (uint64(h2) * R3) + (uint64(h3) * R2) + (uint64(h4) * R1) - d1 := (d0 >> 26) + (uint64(h0) * r1) + (uint64(h1) * r0) + (uint64(h2) * R4) + (uint64(h3) * R3) + (uint64(h4) * R2) - d2 := (d1 >> 26) + (uint64(h0) * r2) + (uint64(h1) * r1) + (uint64(h2) * r0) + (uint64(h3) * R4) + (uint64(h4) * R3) - d3 := (d2 >> 26) + (uint64(h0) * r3) + (uint64(h1) * r2) + (uint64(h2) * r1) + (uint64(h3) * r0) + (uint64(h4) * R4) - d4 := (d3 >> 26) + (uint64(h0) * r4) + (uint64(h1) * r3) + (uint64(h2) * r2) + (uint64(h3) * r1) + (uint64(h4) * r0) - - // h %= p - h0 = uint32(d0) & 0x3ffffff - h1 = uint32(d1) & 0x3ffffff - h2 = uint32(d2) & 0x3ffffff - h3 = uint32(d3) & 0x3ffffff - h4 = uint32(d4) & 0x3ffffff - - h0 += uint32(d4>>26) * 5 - h1 += h0 >> 26 - h0 = h0 & 0x3ffffff - - msg = msg[TagSize:] - } - - if len(msg) > 0 { - var block [TagSize]byte - off := copy(block[:], msg) - block[off] = 0x01 - - // h += msg - h0 += binary.LittleEndian.Uint32(block[0:]) & 0x3ffffff - h1 += (binary.LittleEndian.Uint32(block[3:]) >> 2) & 0x3ffffff - h2 += (binary.LittleEndian.Uint32(block[6:]) >> 4) & 0x3ffffff - h3 += (binary.LittleEndian.Uint32(block[9:]) >> 6) & 0x3ffffff - h4 += (binary.LittleEndian.Uint32(block[12:]) >> 8) - - // h *= r - d0 := (uint64(h0) * r0) + (uint64(h1) * R4) + (uint64(h2) * R3) + (uint64(h3) * R2) + (uint64(h4) * R1) - d1 := (d0 >> 26) + (uint64(h0) * r1) + (uint64(h1) * r0) + (uint64(h2) * R4) + (uint64(h3) * R3) + (uint64(h4) * R2) - d2 := (d1 >> 26) + (uint64(h0) * r2) + (uint64(h1) * r1) + (uint64(h2) * r0) + (uint64(h3) * R4) + (uint64(h4) * R3) - d3 := (d2 >> 26) + (uint64(h0) * r3) + (uint64(h1) * r2) + (uint64(h2) * r1) + (uint64(h3) * r0) + (uint64(h4) * R4) - d4 := (d3 >> 26) + (uint64(h0) * r4) + (uint64(h1) * r3) + (uint64(h2) * r2) + (uint64(h3) * r1) + (uint64(h4) * r0) - - // h %= p - h0 = uint32(d0) & 0x3ffffff - h1 = uint32(d1) & 0x3ffffff - h2 = uint32(d2) & 0x3ffffff - h3 = uint32(d3) & 0x3ffffff - h4 = uint32(d4) & 0x3ffffff - - h0 += uint32(d4>>26) * 5 - h1 += h0 >> 26 - h0 = h0 & 0x3ffffff - } - - // h %= p reduction - h2 += h1 >> 26 - h1 &= 0x3ffffff - h3 += h2 >> 26 - h2 &= 0x3ffffff - h4 += h3 >> 26 - h3 &= 0x3ffffff - h0 += 5 * (h4 >> 26) - h4 &= 0x3ffffff - h1 += h0 >> 26 - h0 &= 0x3ffffff - - // h - p - t0 := h0 + 5 - t1 := h1 + (t0 >> 26) - t2 := h2 + (t1 >> 26) - t3 := h3 + (t2 >> 26) - t4 := h4 + (t3 >> 26) - (1 << 26) - t0 &= 0x3ffffff - t1 &= 0x3ffffff - t2 &= 0x3ffffff - t3 &= 0x3ffffff - - // select h if h < p else h - p - t_mask := (t4 >> 31) - 1 - h_mask := ^t_mask - h0 = (h0 & h_mask) | (t0 & t_mask) - h1 = (h1 & h_mask) | (t1 & t_mask) - h2 = (h2 & h_mask) | (t2 & t_mask) - h3 = (h3 & h_mask) | (t3 & t_mask) - h4 = (h4 & h_mask) | (t4 & t_mask) - - // h %= 2^128 - h0 |= h1 << 26 - h1 = ((h1 >> 6) | (h2 << 20)) - h2 = ((h2 >> 12) | (h3 << 14)) - h3 = ((h3 >> 18) | (h4 << 8)) - - // s: the s part of the key - // tag = (h + s) % (2^128) - t := uint64(h0) + uint64(binary.LittleEndian.Uint32(key[16:])) - h0 = uint32(t) - t = uint64(h1) + uint64(binary.LittleEndian.Uint32(key[20:])) + (t >> 32) - h1 = uint32(t) - t = uint64(h2) + uint64(binary.LittleEndian.Uint32(key[24:])) + (t >> 32) - h2 = uint32(t) - t = uint64(h3) + uint64(binary.LittleEndian.Uint32(key[28:])) + (t >> 32) - h3 = uint32(t) - - binary.LittleEndian.PutUint32(out[0:], h0) - binary.LittleEndian.PutUint32(out[4:], h1) - binary.LittleEndian.PutUint32(out[8:], h2) - binary.LittleEndian.PutUint32(out[12:], h3) -} diff --git a/ssl/test/runner/poly1305/sum_s390x.go b/ssl/test/runner/poly1305/sum_s390x.go deleted file mode 100644 index 7a266cece4..0000000000 --- a/ssl/test/runner/poly1305/sum_s390x.go +++ /dev/null @@ -1,49 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build s390x,go1.11,!gccgo,!appengine - -package poly1305 - -// hasVectorFacility reports whether the machine supports -// the vector facility (vx). -func hasVectorFacility() bool - -// hasVMSLFacility reports whether the machine supports -// Vector Multiply Sum Logical (VMSL). -func hasVMSLFacility() bool - -var hasVX = hasVectorFacility() -var hasVMSL = hasVMSLFacility() - -// poly1305vx is an assembly implementation of Poly1305 that uses vector -// instructions. It must only be called if the vector facility (vx) is -// available. -//go:noescape -func poly1305vx(out *[16]byte, m *byte, mlen uint64, key *[32]byte) - -// poly1305vmsl is an assembly implementation of Poly1305 that uses vector -// instructions, including VMSL. It must only be called if the vector facility (vx) is -// available and if VMSL is supported. -//go:noescape -func poly1305vmsl(out *[16]byte, m *byte, mlen uint64, key *[32]byte) - -// Sum generates an authenticator for m using a one-time key and puts the -// 16-byte result into out. Authenticating two different messages with the same -// key allows an attacker to forge messages at will. -func Sum(out *[16]byte, m []byte, key *[32]byte) { - if hasVX { - var mPtr *byte - if len(m) > 0 { - mPtr = &m[0] - } - if hasVMSL && len(m) > 256 { - poly1305vmsl(out, mPtr, uint64(len(m)), key) - } else { - poly1305vx(out, mPtr, uint64(len(m)), key) - } - } else { - sumGeneric(out, m, key) - } -} diff --git a/ssl/test/runner/poly1305/sum_s390x.s b/ssl/test/runner/poly1305/sum_s390x.s deleted file mode 100644 index 356c07a6c2..0000000000 --- a/ssl/test/runner/poly1305/sum_s390x.s +++ /dev/null @@ -1,400 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build s390x,go1.11,!gccgo,!appengine - -#include "textflag.h" - -// Implementation of Poly1305 using the vector facility (vx). - -// constants -#define MOD26 V0 -#define EX0 V1 -#define EX1 V2 -#define EX2 V3 - -// temporaries -#define T_0 V4 -#define T_1 V5 -#define T_2 V6 -#define T_3 V7 -#define T_4 V8 - -// key (r) -#define R_0 V9 -#define R_1 V10 -#define R_2 V11 -#define R_3 V12 -#define R_4 V13 -#define R5_1 V14 -#define R5_2 V15 -#define R5_3 V16 -#define R5_4 V17 -#define RSAVE_0 R5 -#define RSAVE_1 R6 -#define RSAVE_2 R7 -#define RSAVE_3 R8 -#define RSAVE_4 R9 -#define R5SAVE_1 V28 -#define R5SAVE_2 V29 -#define R5SAVE_3 V30 -#define R5SAVE_4 V31 - -// message block -#define F_0 V18 -#define F_1 V19 -#define F_2 V20 -#define F_3 V21 -#define F_4 V22 - -// accumulator -#define H_0 V23 -#define H_1 V24 -#define H_2 V25 -#define H_3 V26 -#define H_4 V27 - -GLOBL ·keyMask<>(SB), RODATA, $16 -DATA ·keyMask<>+0(SB)/8, $0xffffff0ffcffff0f -DATA ·keyMask<>+8(SB)/8, $0xfcffff0ffcffff0f - -GLOBL ·bswapMask<>(SB), RODATA, $16 -DATA ·bswapMask<>+0(SB)/8, $0x0f0e0d0c0b0a0908 -DATA ·bswapMask<>+8(SB)/8, $0x0706050403020100 - -GLOBL ·constants<>(SB), RODATA, $64 -// MOD26 -DATA ·constants<>+0(SB)/8, $0x3ffffff -DATA ·constants<>+8(SB)/8, $0x3ffffff -// EX0 -DATA ·constants<>+16(SB)/8, $0x0006050403020100 -DATA ·constants<>+24(SB)/8, $0x1016151413121110 -// EX1 -DATA ·constants<>+32(SB)/8, $0x060c0b0a09080706 -DATA ·constants<>+40(SB)/8, $0x161c1b1a19181716 -// EX2 -DATA ·constants<>+48(SB)/8, $0x0d0d0d0d0d0f0e0d -DATA ·constants<>+56(SB)/8, $0x1d1d1d1d1d1f1e1d - -// h = (f*g) % (2**130-5) [partial reduction] -#define MULTIPLY(f0, f1, f2, f3, f4, g0, g1, g2, g3, g4, g51, g52, g53, g54, h0, h1, h2, h3, h4) \ - VMLOF f0, g0, h0 \ - VMLOF f0, g1, h1 \ - VMLOF f0, g2, h2 \ - VMLOF f0, g3, h3 \ - VMLOF f0, g4, h4 \ - VMLOF f1, g54, T_0 \ - VMLOF f1, g0, T_1 \ - VMLOF f1, g1, T_2 \ - VMLOF f1, g2, T_3 \ - VMLOF f1, g3, T_4 \ - VMALOF f2, g53, h0, h0 \ - VMALOF f2, g54, h1, h1 \ - VMALOF f2, g0, h2, h2 \ - VMALOF f2, g1, h3, h3 \ - VMALOF f2, g2, h4, h4 \ - VMALOF f3, g52, T_0, T_0 \ - VMALOF f3, g53, T_1, T_1 \ - VMALOF f3, g54, T_2, T_2 \ - VMALOF f3, g0, T_3, T_3 \ - VMALOF f3, g1, T_4, T_4 \ - VMALOF f4, g51, h0, h0 \ - VMALOF f4, g52, h1, h1 \ - VMALOF f4, g53, h2, h2 \ - VMALOF f4, g54, h3, h3 \ - VMALOF f4, g0, h4, h4 \ - VAG T_0, h0, h0 \ - VAG T_1, h1, h1 \ - VAG T_2, h2, h2 \ - VAG T_3, h3, h3 \ - VAG T_4, h4, h4 - -// carry h0->h1 h3->h4, h1->h2 h4->h0, h0->h1 h2->h3, h3->h4 -#define REDUCE(h0, h1, h2, h3, h4) \ - VESRLG $26, h0, T_0 \ - VESRLG $26, h3, T_1 \ - VN MOD26, h0, h0 \ - VN MOD26, h3, h3 \ - VAG T_0, h1, h1 \ - VAG T_1, h4, h4 \ - VESRLG $26, h1, T_2 \ - VESRLG $26, h4, T_3 \ - VN MOD26, h1, h1 \ - VN MOD26, h4, h4 \ - VESLG $2, T_3, T_4 \ - VAG T_3, T_4, T_4 \ - VAG T_2, h2, h2 \ - VAG T_4, h0, h0 \ - VESRLG $26, h2, T_0 \ - VESRLG $26, h0, T_1 \ - VN MOD26, h2, h2 \ - VN MOD26, h0, h0 \ - VAG T_0, h3, h3 \ - VAG T_1, h1, h1 \ - VESRLG $26, h3, T_2 \ - VN MOD26, h3, h3 \ - VAG T_2, h4, h4 - -// expand in0 into d[0] and in1 into d[1] -#define EXPAND(in0, in1, d0, d1, d2, d3, d4) \ - VGBM $0x0707, d1 \ // d1=tmp - VPERM in0, in1, EX2, d4 \ - VPERM in0, in1, EX0, d0 \ - VPERM in0, in1, EX1, d2 \ - VN d1, d4, d4 \ - VESRLG $26, d0, d1 \ - VESRLG $30, d2, d3 \ - VESRLG $4, d2, d2 \ - VN MOD26, d0, d0 \ - VN MOD26, d1, d1 \ - VN MOD26, d2, d2 \ - VN MOD26, d3, d3 - -// pack h4:h0 into h1:h0 (no carry) -#define PACK(h0, h1, h2, h3, h4) \ - VESLG $26, h1, h1 \ - VESLG $26, h3, h3 \ - VO h0, h1, h0 \ - VO h2, h3, h2 \ - VESLG $4, h2, h2 \ - VLEIB $7, $48, h1 \ - VSLB h1, h2, h2 \ - VO h0, h2, h0 \ - VLEIB $7, $104, h1 \ - VSLB h1, h4, h3 \ - VO h3, h0, h0 \ - VLEIB $7, $24, h1 \ - VSRLB h1, h4, h1 - -// if h > 2**130-5 then h -= 2**130-5 -#define MOD(h0, h1, t0, t1, t2) \ - VZERO t0 \ - VLEIG $1, $5, t0 \ - VACCQ h0, t0, t1 \ - VAQ h0, t0, t0 \ - VONE t2 \ - VLEIG $1, $-4, t2 \ - VAQ t2, t1, t1 \ - VACCQ h1, t1, t1 \ - VONE t2 \ - VAQ t2, t1, t1 \ - VN h0, t1, t2 \ - VNC t0, t1, t1 \ - VO t1, t2, h0 - -// func poly1305vx(out *[16]byte, m *byte, mlen uint64, key *[32]key) -TEXT ·poly1305vx(SB), $0-32 - // This code processes up to 2 blocks (32 bytes) per iteration - // using the algorithm described in: - // NEON crypto, Daniel J. Bernstein & Peter Schwabe - // https://cryptojedi.org/papers/neoncrypto-20120320.pdf - LMG out+0(FP), R1, R4 // R1=out, R2=m, R3=mlen, R4=key - - // load MOD26, EX0, EX1 and EX2 - MOVD $·constants<>(SB), R5 - VLM (R5), MOD26, EX2 - - // setup r - VL (R4), T_0 - MOVD $·keyMask<>(SB), R6 - VL (R6), T_1 - VN T_0, T_1, T_0 - EXPAND(T_0, T_0, R_0, R_1, R_2, R_3, R_4) - - // setup r*5 - VLEIG $0, $5, T_0 - VLEIG $1, $5, T_0 - - // store r (for final block) - VMLOF T_0, R_1, R5SAVE_1 - VMLOF T_0, R_2, R5SAVE_2 - VMLOF T_0, R_3, R5SAVE_3 - VMLOF T_0, R_4, R5SAVE_4 - VLGVG $0, R_0, RSAVE_0 - VLGVG $0, R_1, RSAVE_1 - VLGVG $0, R_2, RSAVE_2 - VLGVG $0, R_3, RSAVE_3 - VLGVG $0, R_4, RSAVE_4 - - // skip r**2 calculation - CMPBLE R3, $16, skip - - // calculate r**2 - MULTIPLY(R_0, R_1, R_2, R_3, R_4, R_0, R_1, R_2, R_3, R_4, R5SAVE_1, R5SAVE_2, R5SAVE_3, R5SAVE_4, H_0, H_1, H_2, H_3, H_4) - REDUCE(H_0, H_1, H_2, H_3, H_4) - VLEIG $0, $5, T_0 - VLEIG $1, $5, T_0 - VMLOF T_0, H_1, R5_1 - VMLOF T_0, H_2, R5_2 - VMLOF T_0, H_3, R5_3 - VMLOF T_0, H_4, R5_4 - VLR H_0, R_0 - VLR H_1, R_1 - VLR H_2, R_2 - VLR H_3, R_3 - VLR H_4, R_4 - - // initialize h - VZERO H_0 - VZERO H_1 - VZERO H_2 - VZERO H_3 - VZERO H_4 - -loop: - CMPBLE R3, $32, b2 - VLM (R2), T_0, T_1 - SUB $32, R3 - MOVD $32(R2), R2 - EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4) - VLEIB $4, $1, F_4 - VLEIB $12, $1, F_4 - -multiply: - VAG H_0, F_0, F_0 - VAG H_1, F_1, F_1 - VAG H_2, F_2, F_2 - VAG H_3, F_3, F_3 - VAG H_4, F_4, F_4 - MULTIPLY(F_0, F_1, F_2, F_3, F_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, H_0, H_1, H_2, H_3, H_4) - REDUCE(H_0, H_1, H_2, H_3, H_4) - CMPBNE R3, $0, loop - -finish: - // sum vectors - VZERO T_0 - VSUMQG H_0, T_0, H_0 - VSUMQG H_1, T_0, H_1 - VSUMQG H_2, T_0, H_2 - VSUMQG H_3, T_0, H_3 - VSUMQG H_4, T_0, H_4 - - // h may be >= 2*(2**130-5) so we need to reduce it again - REDUCE(H_0, H_1, H_2, H_3, H_4) - - // carry h1->h4 - VESRLG $26, H_1, T_1 - VN MOD26, H_1, H_1 - VAQ T_1, H_2, H_2 - VESRLG $26, H_2, T_2 - VN MOD26, H_2, H_2 - VAQ T_2, H_3, H_3 - VESRLG $26, H_3, T_3 - VN MOD26, H_3, H_3 - VAQ T_3, H_4, H_4 - - // h is now < 2*(2**130-5) - // pack h into h1 (hi) and h0 (lo) - PACK(H_0, H_1, H_2, H_3, H_4) - - // if h > 2**130-5 then h -= 2**130-5 - MOD(H_0, H_1, T_0, T_1, T_2) - - // h += s - MOVD $·bswapMask<>(SB), R5 - VL (R5), T_1 - VL 16(R4), T_0 - VPERM T_0, T_0, T_1, T_0 // reverse bytes (to big) - VAQ T_0, H_0, H_0 - VPERM H_0, H_0, T_1, H_0 // reverse bytes (to little) - VST H_0, (R1) - - RET - -b2: - CMPBLE R3, $16, b1 - - // 2 blocks remaining - SUB $17, R3 - VL (R2), T_0 - VLL R3, 16(R2), T_1 - ADD $1, R3 - MOVBZ $1, R0 - CMPBEQ R3, $16, 2(PC) - VLVGB R3, R0, T_1 - EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4) - CMPBNE R3, $16, 2(PC) - VLEIB $12, $1, F_4 - VLEIB $4, $1, F_4 - - // setup [r²,r] - VLVGG $1, RSAVE_0, R_0 - VLVGG $1, RSAVE_1, R_1 - VLVGG $1, RSAVE_2, R_2 - VLVGG $1, RSAVE_3, R_3 - VLVGG $1, RSAVE_4, R_4 - VPDI $0, R5_1, R5SAVE_1, R5_1 - VPDI $0, R5_2, R5SAVE_2, R5_2 - VPDI $0, R5_3, R5SAVE_3, R5_3 - VPDI $0, R5_4, R5SAVE_4, R5_4 - - MOVD $0, R3 - BR multiply - -skip: - VZERO H_0 - VZERO H_1 - VZERO H_2 - VZERO H_3 - VZERO H_4 - - CMPBEQ R3, $0, finish - -b1: - // 1 block remaining - SUB $1, R3 - VLL R3, (R2), T_0 - ADD $1, R3 - MOVBZ $1, R0 - CMPBEQ R3, $16, 2(PC) - VLVGB R3, R0, T_0 - VZERO T_1 - EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4) - CMPBNE R3, $16, 2(PC) - VLEIB $4, $1, F_4 - VLEIG $1, $1, R_0 - VZERO R_1 - VZERO R_2 - VZERO R_3 - VZERO R_4 - VZERO R5_1 - VZERO R5_2 - VZERO R5_3 - VZERO R5_4 - - // setup [r, 1] - VLVGG $0, RSAVE_0, R_0 - VLVGG $0, RSAVE_1, R_1 - VLVGG $0, RSAVE_2, R_2 - VLVGG $0, RSAVE_3, R_3 - VLVGG $0, RSAVE_4, R_4 - VPDI $0, R5SAVE_1, R5_1, R5_1 - VPDI $0, R5SAVE_2, R5_2, R5_2 - VPDI $0, R5SAVE_3, R5_3, R5_3 - VPDI $0, R5SAVE_4, R5_4, R5_4 - - MOVD $0, R3 - BR multiply - -TEXT ·hasVectorFacility(SB), NOSPLIT, $24-1 - MOVD $x-24(SP), R1 - XC $24, 0(R1), 0(R1) // clear the storage - MOVD $2, R0 // R0 is the number of double words stored -1 - WORD $0xB2B01000 // STFLE 0(R1) - XOR R0, R0 // reset the value of R0 - MOVBZ z-8(SP), R1 - AND $0x40, R1 - BEQ novector - -vectorinstalled: - // check if the vector instruction has been enabled - VLEIB $0, $0xF, V16 - VLGVB $0, V16, R1 - CMPBNE R1, $0xF, novector - MOVB $1, ret+0(FP) // have vx - RET - -novector: - MOVB $0, ret+0(FP) // no vx - RET diff --git a/ssl/test/runner/poly1305/sum_vmsl_s390x.s b/ssl/test/runner/poly1305/sum_vmsl_s390x.s deleted file mode 100644 index e548020b14..0000000000 --- a/ssl/test/runner/poly1305/sum_vmsl_s390x.s +++ /dev/null @@ -1,931 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build s390x,go1.11,!gccgo,!appengine - -#include "textflag.h" - -// Implementation of Poly1305 using the vector facility (vx) and the VMSL instruction. - -// constants -#define EX0 V1 -#define EX1 V2 -#define EX2 V3 - -// temporaries -#define T_0 V4 -#define T_1 V5 -#define T_2 V6 -#define T_3 V7 -#define T_4 V8 -#define T_5 V9 -#define T_6 V10 -#define T_7 V11 -#define T_8 V12 -#define T_9 V13 -#define T_10 V14 - -// r**2 & r**4 -#define R_0 V15 -#define R_1 V16 -#define R_2 V17 -#define R5_1 V18 -#define R5_2 V19 -// key (r) -#define RSAVE_0 R7 -#define RSAVE_1 R8 -#define RSAVE_2 R9 -#define R5SAVE_1 R10 -#define R5SAVE_2 R11 - -// message block -#define M0 V20 -#define M1 V21 -#define M2 V22 -#define M3 V23 -#define M4 V24 -#define M5 V25 - -// accumulator -#define H0_0 V26 -#define H1_0 V27 -#define H2_0 V28 -#define H0_1 V29 -#define H1_1 V30 -#define H2_1 V31 - -GLOBL ·keyMask<>(SB), RODATA, $16 -DATA ·keyMask<>+0(SB)/8, $0xffffff0ffcffff0f -DATA ·keyMask<>+8(SB)/8, $0xfcffff0ffcffff0f - -GLOBL ·bswapMask<>(SB), RODATA, $16 -DATA ·bswapMask<>+0(SB)/8, $0x0f0e0d0c0b0a0908 -DATA ·bswapMask<>+8(SB)/8, $0x0706050403020100 - -GLOBL ·constants<>(SB), RODATA, $48 -// EX0 -DATA ·constants<>+0(SB)/8, $0x18191a1b1c1d1e1f -DATA ·constants<>+8(SB)/8, $0x0000050403020100 -// EX1 -DATA ·constants<>+16(SB)/8, $0x18191a1b1c1d1e1f -DATA ·constants<>+24(SB)/8, $0x00000a0908070605 -// EX2 -DATA ·constants<>+32(SB)/8, $0x18191a1b1c1d1e1f -DATA ·constants<>+40(SB)/8, $0x0000000f0e0d0c0b - -GLOBL ·c<>(SB), RODATA, $48 -// EX0 -DATA ·c<>+0(SB)/8, $0x0000050403020100 -DATA ·c<>+8(SB)/8, $0x0000151413121110 -// EX1 -DATA ·c<>+16(SB)/8, $0x00000a0908070605 -DATA ·c<>+24(SB)/8, $0x00001a1918171615 -// EX2 -DATA ·c<>+32(SB)/8, $0x0000000f0e0d0c0b -DATA ·c<>+40(SB)/8, $0x0000001f1e1d1c1b - -GLOBL ·reduce<>(SB), RODATA, $32 -// 44 bit -DATA ·reduce<>+0(SB)/8, $0x0 -DATA ·reduce<>+8(SB)/8, $0xfffffffffff -// 42 bit -DATA ·reduce<>+16(SB)/8, $0x0 -DATA ·reduce<>+24(SB)/8, $0x3ffffffffff - -// h = (f*g) % (2**130-5) [partial reduction] -// uses T_0...T_9 temporary registers -// input: m02_0, m02_1, m02_2, m13_0, m13_1, m13_2, r_0, r_1, r_2, r5_1, r5_2, m4_0, m4_1, m4_2, m5_0, m5_1, m5_2 -// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8, t9 -// output: m02_0, m02_1, m02_2, m13_0, m13_1, m13_2 -#define MULTIPLY(m02_0, m02_1, m02_2, m13_0, m13_1, m13_2, r_0, r_1, r_2, r5_1, r5_2, m4_0, m4_1, m4_2, m5_0, m5_1, m5_2, t0, t1, t2, t3, t4, t5, t6, t7, t8, t9) \ - \ // Eliminate the dependency for the last 2 VMSLs - VMSLG m02_0, r_2, m4_2, m4_2 \ - VMSLG m13_0, r_2, m5_2, m5_2 \ // 8 VMSLs pipelined - VMSLG m02_0, r_0, m4_0, m4_0 \ - VMSLG m02_1, r5_2, V0, T_0 \ - VMSLG m02_0, r_1, m4_1, m4_1 \ - VMSLG m02_1, r_0, V0, T_1 \ - VMSLG m02_1, r_1, V0, T_2 \ - VMSLG m02_2, r5_1, V0, T_3 \ - VMSLG m02_2, r5_2, V0, T_4 \ - VMSLG m13_0, r_0, m5_0, m5_0 \ - VMSLG m13_1, r5_2, V0, T_5 \ - VMSLG m13_0, r_1, m5_1, m5_1 \ - VMSLG m13_1, r_0, V0, T_6 \ - VMSLG m13_1, r_1, V0, T_7 \ - VMSLG m13_2, r5_1, V0, T_8 \ - VMSLG m13_2, r5_2, V0, T_9 \ - VMSLG m02_2, r_0, m4_2, m4_2 \ - VMSLG m13_2, r_0, m5_2, m5_2 \ - VAQ m4_0, T_0, m02_0 \ - VAQ m4_1, T_1, m02_1 \ - VAQ m5_0, T_5, m13_0 \ - VAQ m5_1, T_6, m13_1 \ - VAQ m02_0, T_3, m02_0 \ - VAQ m02_1, T_4, m02_1 \ - VAQ m13_0, T_8, m13_0 \ - VAQ m13_1, T_9, m13_1 \ - VAQ m4_2, T_2, m02_2 \ - VAQ m5_2, T_7, m13_2 \ - -// SQUARE uses three limbs of r and r_2*5 to output square of r -// uses T_1, T_5 and T_7 temporary registers -// input: r_0, r_1, r_2, r5_2 -// temp: TEMP0, TEMP1, TEMP2 -// output: p0, p1, p2 -#define SQUARE(r_0, r_1, r_2, r5_2, p0, p1, p2, TEMP0, TEMP1, TEMP2) \ - VMSLG r_0, r_0, p0, p0 \ - VMSLG r_1, r5_2, V0, TEMP0 \ - VMSLG r_2, r5_2, p1, p1 \ - VMSLG r_0, r_1, V0, TEMP1 \ - VMSLG r_1, r_1, p2, p2 \ - VMSLG r_0, r_2, V0, TEMP2 \ - VAQ TEMP0, p0, p0 \ - VAQ TEMP1, p1, p1 \ - VAQ TEMP2, p2, p2 \ - VAQ TEMP0, p0, p0 \ - VAQ TEMP1, p1, p1 \ - VAQ TEMP2, p2, p2 \ - -// carry h0->h1->h2->h0 || h3->h4->h5->h3 -// uses T_2, T_4, T_5, T_7, T_8, T_9 -// t6, t7, t8, t9, t10, t11 -// input: h0, h1, h2, h3, h4, h5 -// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11 -// output: h0, h1, h2, h3, h4, h5 -#define REDUCE(h0, h1, h2, h3, h4, h5, t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11) \ - VLM (R12), t6, t7 \ // 44 and 42 bit clear mask - VLEIB $7, $0x28, t10 \ // 5 byte shift mask - VREPIB $4, t8 \ // 4 bit shift mask - VREPIB $2, t11 \ // 2 bit shift mask - VSRLB t10, h0, t0 \ // h0 byte shift - VSRLB t10, h1, t1 \ // h1 byte shift - VSRLB t10, h2, t2 \ // h2 byte shift - VSRLB t10, h3, t3 \ // h3 byte shift - VSRLB t10, h4, t4 \ // h4 byte shift - VSRLB t10, h5, t5 \ // h5 byte shift - VSRL t8, t0, t0 \ // h0 bit shift - VSRL t8, t1, t1 \ // h2 bit shift - VSRL t11, t2, t2 \ // h2 bit shift - VSRL t8, t3, t3 \ // h3 bit shift - VSRL t8, t4, t4 \ // h4 bit shift - VESLG $2, t2, t9 \ // h2 carry x5 - VSRL t11, t5, t5 \ // h5 bit shift - VN t6, h0, h0 \ // h0 clear carry - VAQ t2, t9, t2 \ // h2 carry x5 - VESLG $2, t5, t9 \ // h5 carry x5 - VN t6, h1, h1 \ // h1 clear carry - VN t7, h2, h2 \ // h2 clear carry - VAQ t5, t9, t5 \ // h5 carry x5 - VN t6, h3, h3 \ // h3 clear carry - VN t6, h4, h4 \ // h4 clear carry - VN t7, h5, h5 \ // h5 clear carry - VAQ t0, h1, h1 \ // h0->h1 - VAQ t3, h4, h4 \ // h3->h4 - VAQ t1, h2, h2 \ // h1->h2 - VAQ t4, h5, h5 \ // h4->h5 - VAQ t2, h0, h0 \ // h2->h0 - VAQ t5, h3, h3 \ // h5->h3 - VREPG $1, t6, t6 \ // 44 and 42 bit masks across both halves - VREPG $1, t7, t7 \ - VSLDB $8, h0, h0, h0 \ // set up [h0/1/2, h3/4/5] - VSLDB $8, h1, h1, h1 \ - VSLDB $8, h2, h2, h2 \ - VO h0, h3, h3 \ - VO h1, h4, h4 \ - VO h2, h5, h5 \ - VESRLG $44, h3, t0 \ // 44 bit shift right - VESRLG $44, h4, t1 \ - VESRLG $42, h5, t2 \ - VN t6, h3, h3 \ // clear carry bits - VN t6, h4, h4 \ - VN t7, h5, h5 \ - VESLG $2, t2, t9 \ // multiply carry by 5 - VAQ t9, t2, t2 \ - VAQ t0, h4, h4 \ - VAQ t1, h5, h5 \ - VAQ t2, h3, h3 \ - -// carry h0->h1->h2->h0 -// input: h0, h1, h2 -// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8 -// output: h0, h1, h2 -#define REDUCE2(h0, h1, h2, t0, t1, t2, t3, t4, t5, t6, t7, t8) \ - VLEIB $7, $0x28, t3 \ // 5 byte shift mask - VREPIB $4, t4 \ // 4 bit shift mask - VREPIB $2, t7 \ // 2 bit shift mask - VGBM $0x003F, t5 \ // mask to clear carry bits - VSRLB t3, h0, t0 \ - VSRLB t3, h1, t1 \ - VSRLB t3, h2, t2 \ - VESRLG $4, t5, t5 \ // 44 bit clear mask - VSRL t4, t0, t0 \ - VSRL t4, t1, t1 \ - VSRL t7, t2, t2 \ - VESRLG $2, t5, t6 \ // 42 bit clear mask - VESLG $2, t2, t8 \ - VAQ t8, t2, t2 \ - VN t5, h0, h0 \ - VN t5, h1, h1 \ - VN t6, h2, h2 \ - VAQ t0, h1, h1 \ - VAQ t1, h2, h2 \ - VAQ t2, h0, h0 \ - VSRLB t3, h0, t0 \ - VSRLB t3, h1, t1 \ - VSRLB t3, h2, t2 \ - VSRL t4, t0, t0 \ - VSRL t4, t1, t1 \ - VSRL t7, t2, t2 \ - VN t5, h0, h0 \ - VN t5, h1, h1 \ - VESLG $2, t2, t8 \ - VN t6, h2, h2 \ - VAQ t0, h1, h1 \ - VAQ t8, t2, t2 \ - VAQ t1, h2, h2 \ - VAQ t2, h0, h0 \ - -// expands two message blocks into the lower halfs of the d registers -// moves the contents of the d registers into upper halfs -// input: in1, in2, d0, d1, d2, d3, d4, d5 -// temp: TEMP0, TEMP1, TEMP2, TEMP3 -// output: d0, d1, d2, d3, d4, d5 -#define EXPACC(in1, in2, d0, d1, d2, d3, d4, d5, TEMP0, TEMP1, TEMP2, TEMP3) \ - VGBM $0xff3f, TEMP0 \ - VGBM $0xff1f, TEMP1 \ - VESLG $4, d1, TEMP2 \ - VESLG $4, d4, TEMP3 \ - VESRLG $4, TEMP0, TEMP0 \ - VPERM in1, d0, EX0, d0 \ - VPERM in2, d3, EX0, d3 \ - VPERM in1, d2, EX2, d2 \ - VPERM in2, d5, EX2, d5 \ - VPERM in1, TEMP2, EX1, d1 \ - VPERM in2, TEMP3, EX1, d4 \ - VN TEMP0, d0, d0 \ - VN TEMP0, d3, d3 \ - VESRLG $4, d1, d1 \ - VESRLG $4, d4, d4 \ - VN TEMP1, d2, d2 \ - VN TEMP1, d5, d5 \ - VN TEMP0, d1, d1 \ - VN TEMP0, d4, d4 \ - -// expands one message block into the lower halfs of the d registers -// moves the contents of the d registers into upper halfs -// input: in, d0, d1, d2 -// temp: TEMP0, TEMP1, TEMP2 -// output: d0, d1, d2 -#define EXPACC2(in, d0, d1, d2, TEMP0, TEMP1, TEMP2) \ - VGBM $0xff3f, TEMP0 \ - VESLG $4, d1, TEMP2 \ - VGBM $0xff1f, TEMP1 \ - VPERM in, d0, EX0, d0 \ - VESRLG $4, TEMP0, TEMP0 \ - VPERM in, d2, EX2, d2 \ - VPERM in, TEMP2, EX1, d1 \ - VN TEMP0, d0, d0 \ - VN TEMP1, d2, d2 \ - VESRLG $4, d1, d1 \ - VN TEMP0, d1, d1 \ - -// pack h2:h0 into h1:h0 (no carry) -// input: h0, h1, h2 -// output: h0, h1, h2 -#define PACK(h0, h1, h2) \ - VMRLG h1, h2, h2 \ // copy h1 to upper half h2 - VESLG $44, h1, h1 \ // shift limb 1 44 bits, leaving 20 - VO h0, h1, h0 \ // combine h0 with 20 bits from limb 1 - VESRLG $20, h2, h1 \ // put top 24 bits of limb 1 into h1 - VLEIG $1, $0, h1 \ // clear h2 stuff from lower half of h1 - VO h0, h1, h0 \ // h0 now has 88 bits (limb 0 and 1) - VLEIG $0, $0, h2 \ // clear upper half of h2 - VESRLG $40, h2, h1 \ // h1 now has upper two bits of result - VLEIB $7, $88, h1 \ // for byte shift (11 bytes) - VSLB h1, h2, h2 \ // shift h2 11 bytes to the left - VO h0, h2, h0 \ // combine h0 with 20 bits from limb 1 - VLEIG $0, $0, h1 \ // clear upper half of h1 - -// if h > 2**130-5 then h -= 2**130-5 -// input: h0, h1 -// temp: t0, t1, t2 -// output: h0 -#define MOD(h0, h1, t0, t1, t2) \ - VZERO t0 \ - VLEIG $1, $5, t0 \ - VACCQ h0, t0, t1 \ - VAQ h0, t0, t0 \ - VONE t2 \ - VLEIG $1, $-4, t2 \ - VAQ t2, t1, t1 \ - VACCQ h1, t1, t1 \ - VONE t2 \ - VAQ t2, t1, t1 \ - VN h0, t1, t2 \ - VNC t0, t1, t1 \ - VO t1, t2, h0 \ - -// func poly1305vmsl(out *[16]byte, m *byte, mlen uint64, key *[32]key) -TEXT ·poly1305vmsl(SB), $0-32 - // This code processes 6 + up to 4 blocks (32 bytes) per iteration - // using the algorithm described in: - // NEON crypto, Daniel J. Bernstein & Peter Schwabe - // https://cryptojedi.org/papers/neoncrypto-20120320.pdf - // And as moddified for VMSL as described in - // Accelerating Poly1305 Cryptographic Message Authentication on the z14 - // O'Farrell et al, CASCON 2017, p48-55 - // https://ibm.ent.box.com/s/jf9gedj0e9d2vjctfyh186shaztavnht - - LMG out+0(FP), R1, R4 // R1=out, R2=m, R3=mlen, R4=key - VZERO V0 // c - - // load EX0, EX1 and EX2 - MOVD $·constants<>(SB), R5 - VLM (R5), EX0, EX2 // c - - // setup r - VL (R4), T_0 - MOVD $·keyMask<>(SB), R6 - VL (R6), T_1 - VN T_0, T_1, T_0 - VZERO T_2 // limbs for r - VZERO T_3 - VZERO T_4 - EXPACC2(T_0, T_2, T_3, T_4, T_1, T_5, T_7) - - // T_2, T_3, T_4: [0, r] - - // setup r*20 - VLEIG $0, $0, T_0 - VLEIG $1, $20, T_0 // T_0: [0, 20] - VZERO T_5 - VZERO T_6 - VMSLG T_0, T_3, T_5, T_5 - VMSLG T_0, T_4, T_6, T_6 - - // store r for final block in GR - VLGVG $1, T_2, RSAVE_0 // c - VLGVG $1, T_3, RSAVE_1 // c - VLGVG $1, T_4, RSAVE_2 // c - VLGVG $1, T_5, R5SAVE_1 // c - VLGVG $1, T_6, R5SAVE_2 // c - - // initialize h - VZERO H0_0 - VZERO H1_0 - VZERO H2_0 - VZERO H0_1 - VZERO H1_1 - VZERO H2_1 - - // initialize pointer for reduce constants - MOVD $·reduce<>(SB), R12 - - // calculate r**2 and 20*(r**2) - VZERO R_0 - VZERO R_1 - VZERO R_2 - SQUARE(T_2, T_3, T_4, T_6, R_0, R_1, R_2, T_1, T_5, T_7) - REDUCE2(R_0, R_1, R_2, M0, M1, M2, M3, M4, R5_1, R5_2, M5, T_1) - VZERO R5_1 - VZERO R5_2 - VMSLG T_0, R_1, R5_1, R5_1 - VMSLG T_0, R_2, R5_2, R5_2 - - // skip r**4 calculation if 3 blocks or less - CMPBLE R3, $48, b4 - - // calculate r**4 and 20*(r**4) - VZERO T_8 - VZERO T_9 - VZERO T_10 - SQUARE(R_0, R_1, R_2, R5_2, T_8, T_9, T_10, T_1, T_5, T_7) - REDUCE2(T_8, T_9, T_10, M0, M1, M2, M3, M4, T_2, T_3, M5, T_1) - VZERO T_2 - VZERO T_3 - VMSLG T_0, T_9, T_2, T_2 - VMSLG T_0, T_10, T_3, T_3 - - // put r**2 to the right and r**4 to the left of R_0, R_1, R_2 - VSLDB $8, T_8, T_8, T_8 - VSLDB $8, T_9, T_9, T_9 - VSLDB $8, T_10, T_10, T_10 - VSLDB $8, T_2, T_2, T_2 - VSLDB $8, T_3, T_3, T_3 - - VO T_8, R_0, R_0 - VO T_9, R_1, R_1 - VO T_10, R_2, R_2 - VO T_2, R5_1, R5_1 - VO T_3, R5_2, R5_2 - - CMPBLE R3, $80, load // less than or equal to 5 blocks in message - - // 6(or 5+1) blocks - SUB $81, R3 - VLM (R2), M0, M4 - VLL R3, 80(R2), M5 - ADD $1, R3 - MOVBZ $1, R0 - CMPBGE R3, $16, 2(PC) - VLVGB R3, R0, M5 - MOVD $96(R2), R2 - EXPACC(M0, M1, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3) - EXPACC(M2, M3, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3) - VLEIB $2, $1, H2_0 - VLEIB $2, $1, H2_1 - VLEIB $10, $1, H2_0 - VLEIB $10, $1, H2_1 - - VZERO M0 - VZERO M1 - VZERO M2 - VZERO M3 - VZERO T_4 - VZERO T_10 - EXPACC(M4, M5, M0, M1, M2, M3, T_4, T_10, T_0, T_1, T_2, T_3) - VLR T_4, M4 - VLEIB $10, $1, M2 - CMPBLT R3, $16, 2(PC) - VLEIB $10, $1, T_10 - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M2, M3, M4, T_4, T_5, T_2, T_7, T_8, T_9) - VMRHG V0, H0_1, H0_0 - VMRHG V0, H1_1, H1_0 - VMRHG V0, H2_1, H2_0 - VMRLG V0, H0_1, H0_1 - VMRLG V0, H1_1, H1_1 - VMRLG V0, H2_1, H2_1 - - SUB $16, R3 - CMPBLE R3, $0, square - -load: - // load EX0, EX1 and EX2 - MOVD $·c<>(SB), R5 - VLM (R5), EX0, EX2 - -loop: - CMPBLE R3, $64, add // b4 // last 4 or less blocks left - - // next 4 full blocks - VLM (R2), M2, M5 - SUB $64, R3 - MOVD $64(R2), R2 - REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, T_0, T_1, T_3, T_4, T_5, T_2, T_7, T_8, T_9) - - // expacc in-lined to create [m2, m3] limbs - VGBM $0x3f3f, T_0 // 44 bit clear mask - VGBM $0x1f1f, T_1 // 40 bit clear mask - VPERM M2, M3, EX0, T_3 - VESRLG $4, T_0, T_0 // 44 bit clear mask ready - VPERM M2, M3, EX1, T_4 - VPERM M2, M3, EX2, T_5 - VN T_0, T_3, T_3 - VESRLG $4, T_4, T_4 - VN T_1, T_5, T_5 - VN T_0, T_4, T_4 - VMRHG H0_1, T_3, H0_0 - VMRHG H1_1, T_4, H1_0 - VMRHG H2_1, T_5, H2_0 - VMRLG H0_1, T_3, H0_1 - VMRLG H1_1, T_4, H1_1 - VMRLG H2_1, T_5, H2_1 - VLEIB $10, $1, H2_0 - VLEIB $10, $1, H2_1 - VPERM M4, M5, EX0, T_3 - VPERM M4, M5, EX1, T_4 - VPERM M4, M5, EX2, T_5 - VN T_0, T_3, T_3 - VESRLG $4, T_4, T_4 - VN T_1, T_5, T_5 - VN T_0, T_4, T_4 - VMRHG V0, T_3, M0 - VMRHG V0, T_4, M1 - VMRHG V0, T_5, M2 - VMRLG V0, T_3, M3 - VMRLG V0, T_4, M4 - VMRLG V0, T_5, M5 - VLEIB $10, $1, M2 - VLEIB $10, $1, M5 - - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - CMPBNE R3, $0, loop - REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9) - VMRHG V0, H0_1, H0_0 - VMRHG V0, H1_1, H1_0 - VMRHG V0, H2_1, H2_0 - VMRLG V0, H0_1, H0_1 - VMRLG V0, H1_1, H1_1 - VMRLG V0, H2_1, H2_1 - - // load EX0, EX1, EX2 - MOVD $·constants<>(SB), R5 - VLM (R5), EX0, EX2 - - // sum vectors - VAQ H0_0, H0_1, H0_0 - VAQ H1_0, H1_1, H1_0 - VAQ H2_0, H2_1, H2_0 - - // h may be >= 2*(2**130-5) so we need to reduce it again - // M0...M4 are used as temps here - REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5) - -next: // carry h1->h2 - VLEIB $7, $0x28, T_1 - VREPIB $4, T_2 - VGBM $0x003F, T_3 - VESRLG $4, T_3 - - // byte shift - VSRLB T_1, H1_0, T_4 - - // bit shift - VSRL T_2, T_4, T_4 - - // clear h1 carry bits - VN T_3, H1_0, H1_0 - - // add carry - VAQ T_4, H2_0, H2_0 - - // h is now < 2*(2**130-5) - // pack h into h1 (hi) and h0 (lo) - PACK(H0_0, H1_0, H2_0) - - // if h > 2**130-5 then h -= 2**130-5 - MOD(H0_0, H1_0, T_0, T_1, T_2) - - // h += s - MOVD $·bswapMask<>(SB), R5 - VL (R5), T_1 - VL 16(R4), T_0 - VPERM T_0, T_0, T_1, T_0 // reverse bytes (to big) - VAQ T_0, H0_0, H0_0 - VPERM H0_0, H0_0, T_1, H0_0 // reverse bytes (to little) - VST H0_0, (R1) - RET - -add: - // load EX0, EX1, EX2 - MOVD $·constants<>(SB), R5 - VLM (R5), EX0, EX2 - - REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9) - VMRHG V0, H0_1, H0_0 - VMRHG V0, H1_1, H1_0 - VMRHG V0, H2_1, H2_0 - VMRLG V0, H0_1, H0_1 - VMRLG V0, H1_1, H1_1 - VMRLG V0, H2_1, H2_1 - CMPBLE R3, $64, b4 - -b4: - CMPBLE R3, $48, b3 // 3 blocks or less - - // 4(3+1) blocks remaining - SUB $49, R3 - VLM (R2), M0, M2 - VLL R3, 48(R2), M3 - ADD $1, R3 - MOVBZ $1, R0 - CMPBEQ R3, $16, 2(PC) - VLVGB R3, R0, M3 - MOVD $64(R2), R2 - EXPACC(M0, M1, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3) - VLEIB $10, $1, H2_0 - VLEIB $10, $1, H2_1 - VZERO M0 - VZERO M1 - VZERO M4 - VZERO M5 - VZERO T_4 - VZERO T_10 - EXPACC(M2, M3, M0, M1, M4, M5, T_4, T_10, T_0, T_1, T_2, T_3) - VLR T_4, M2 - VLEIB $10, $1, M4 - CMPBNE R3, $16, 2(PC) - VLEIB $10, $1, T_10 - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M4, M5, M2, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9) - VMRHG V0, H0_1, H0_0 - VMRHG V0, H1_1, H1_0 - VMRHG V0, H2_1, H2_0 - VMRLG V0, H0_1, H0_1 - VMRLG V0, H1_1, H1_1 - VMRLG V0, H2_1, H2_1 - SUB $16, R3 - CMPBLE R3, $0, square // this condition must always hold true! - -b3: - CMPBLE R3, $32, b2 - - // 3 blocks remaining - - // setup [r²,r] - VSLDB $8, R_0, R_0, R_0 - VSLDB $8, R_1, R_1, R_1 - VSLDB $8, R_2, R_2, R_2 - VSLDB $8, R5_1, R5_1, R5_1 - VSLDB $8, R5_2, R5_2, R5_2 - - VLVGG $1, RSAVE_0, R_0 - VLVGG $1, RSAVE_1, R_1 - VLVGG $1, RSAVE_2, R_2 - VLVGG $1, R5SAVE_1, R5_1 - VLVGG $1, R5SAVE_2, R5_2 - - // setup [h0, h1] - VSLDB $8, H0_0, H0_0, H0_0 - VSLDB $8, H1_0, H1_0, H1_0 - VSLDB $8, H2_0, H2_0, H2_0 - VO H0_1, H0_0, H0_0 - VO H1_1, H1_0, H1_0 - VO H2_1, H2_0, H2_0 - VZERO H0_1 - VZERO H1_1 - VZERO H2_1 - - VZERO M0 - VZERO M1 - VZERO M2 - VZERO M3 - VZERO M4 - VZERO M5 - - // H*[r**2, r] - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, H0_1, H1_1, T_10, M5) - - SUB $33, R3 - VLM (R2), M0, M1 - VLL R3, 32(R2), M2 - ADD $1, R3 - MOVBZ $1, R0 - CMPBEQ R3, $16, 2(PC) - VLVGB R3, R0, M2 - - // H += m0 - VZERO T_1 - VZERO T_2 - VZERO T_3 - EXPACC2(M0, T_1, T_2, T_3, T_4, T_5, T_6) - VLEIB $10, $1, T_3 - VAG H0_0, T_1, H0_0 - VAG H1_0, T_2, H1_0 - VAG H2_0, T_3, H2_0 - - VZERO M0 - VZERO M3 - VZERO M4 - VZERO M5 - VZERO T_10 - - // (H+m0)*r - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M3, M4, M5, V0, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE2(H0_0, H1_0, H2_0, M0, M3, M4, M5, T_10, H0_1, H1_1, H2_1, T_9) - - // H += m1 - VZERO V0 - VZERO T_1 - VZERO T_2 - VZERO T_3 - EXPACC2(M1, T_1, T_2, T_3, T_4, T_5, T_6) - VLEIB $10, $1, T_3 - VAQ H0_0, T_1, H0_0 - VAQ H1_0, T_2, H1_0 - VAQ H2_0, T_3, H2_0 - REDUCE2(H0_0, H1_0, H2_0, M0, M3, M4, M5, T_9, H0_1, H1_1, H2_1, T_10) - - // [H, m2] * [r**2, r] - EXPACC2(M2, H0_0, H1_0, H2_0, T_1, T_2, T_3) - CMPBNE R3, $16, 2(PC) - VLEIB $10, $1, H2_0 - VZERO M0 - VZERO M1 - VZERO M2 - VZERO M3 - VZERO M4 - VZERO M5 - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, H0_1, H1_1, M5, T_10) - SUB $16, R3 - CMPBLE R3, $0, next // this condition must always hold true! - -b2: - CMPBLE R3, $16, b1 - - // 2 blocks remaining - - // setup [r²,r] - VSLDB $8, R_0, R_0, R_0 - VSLDB $8, R_1, R_1, R_1 - VSLDB $8, R_2, R_2, R_2 - VSLDB $8, R5_1, R5_1, R5_1 - VSLDB $8, R5_2, R5_2, R5_2 - - VLVGG $1, RSAVE_0, R_0 - VLVGG $1, RSAVE_1, R_1 - VLVGG $1, RSAVE_2, R_2 - VLVGG $1, R5SAVE_1, R5_1 - VLVGG $1, R5SAVE_2, R5_2 - - // setup [h0, h1] - VSLDB $8, H0_0, H0_0, H0_0 - VSLDB $8, H1_0, H1_0, H1_0 - VSLDB $8, H2_0, H2_0, H2_0 - VO H0_1, H0_0, H0_0 - VO H1_1, H1_0, H1_0 - VO H2_1, H2_0, H2_0 - VZERO H0_1 - VZERO H1_1 - VZERO H2_1 - - VZERO M0 - VZERO M1 - VZERO M2 - VZERO M3 - VZERO M4 - VZERO M5 - - // H*[r**2, r] - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M2, M3, M4, T_4, T_5, T_2, T_7, T_8, T_9) - VMRHG V0, H0_1, H0_0 - VMRHG V0, H1_1, H1_0 - VMRHG V0, H2_1, H2_0 - VMRLG V0, H0_1, H0_1 - VMRLG V0, H1_1, H1_1 - VMRLG V0, H2_1, H2_1 - - // move h to the left and 0s at the right - VSLDB $8, H0_0, H0_0, H0_0 - VSLDB $8, H1_0, H1_0, H1_0 - VSLDB $8, H2_0, H2_0, H2_0 - - // get message blocks and append 1 to start - SUB $17, R3 - VL (R2), M0 - VLL R3, 16(R2), M1 - ADD $1, R3 - MOVBZ $1, R0 - CMPBEQ R3, $16, 2(PC) - VLVGB R3, R0, M1 - VZERO T_6 - VZERO T_7 - VZERO T_8 - EXPACC2(M0, T_6, T_7, T_8, T_1, T_2, T_3) - EXPACC2(M1, T_6, T_7, T_8, T_1, T_2, T_3) - VLEIB $2, $1, T_8 - CMPBNE R3, $16, 2(PC) - VLEIB $10, $1, T_8 - - // add [m0, m1] to h - VAG H0_0, T_6, H0_0 - VAG H1_0, T_7, H1_0 - VAG H2_0, T_8, H2_0 - - VZERO M2 - VZERO M3 - VZERO M4 - VZERO M5 - VZERO T_10 - VZERO M0 - - // at this point R_0 .. R5_2 look like [r**2, r] - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M2, M3, M4, M5, T_10, M0, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE2(H0_0, H1_0, H2_0, M2, M3, M4, M5, T_9, H0_1, H1_1, H2_1, T_10) - SUB $16, R3, R3 - CMPBLE R3, $0, next - -b1: - CMPBLE R3, $0, next - - // 1 block remaining - - // setup [r²,r] - VSLDB $8, R_0, R_0, R_0 - VSLDB $8, R_1, R_1, R_1 - VSLDB $8, R_2, R_2, R_2 - VSLDB $8, R5_1, R5_1, R5_1 - VSLDB $8, R5_2, R5_2, R5_2 - - VLVGG $1, RSAVE_0, R_0 - VLVGG $1, RSAVE_1, R_1 - VLVGG $1, RSAVE_2, R_2 - VLVGG $1, R5SAVE_1, R5_1 - VLVGG $1, R5SAVE_2, R5_2 - - // setup [h0, h1] - VSLDB $8, H0_0, H0_0, H0_0 - VSLDB $8, H1_0, H1_0, H1_0 - VSLDB $8, H2_0, H2_0, H2_0 - VO H0_1, H0_0, H0_0 - VO H1_1, H1_0, H1_0 - VO H2_1, H2_0, H2_0 - VZERO H0_1 - VZERO H1_1 - VZERO H2_1 - - VZERO M0 - VZERO M1 - VZERO M2 - VZERO M3 - VZERO M4 - VZERO M5 - - // H*[r**2, r] - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5) - - // set up [0, m0] limbs - SUB $1, R3 - VLL R3, (R2), M0 - ADD $1, R3 - MOVBZ $1, R0 - CMPBEQ R3, $16, 2(PC) - VLVGB R3, R0, M0 - VZERO T_1 - VZERO T_2 - VZERO T_3 - EXPACC2(M0, T_1, T_2, T_3, T_4, T_5, T_6)// limbs: [0, m] - CMPBNE R3, $16, 2(PC) - VLEIB $10, $1, T_3 - - // h+m0 - VAQ H0_0, T_1, H0_0 - VAQ H1_0, T_2, H1_0 - VAQ H2_0, T_3, H2_0 - - VZERO M0 - VZERO M1 - VZERO M2 - VZERO M3 - VZERO M4 - VZERO M5 - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5) - - BR next - -square: - // setup [r²,r] - VSLDB $8, R_0, R_0, R_0 - VSLDB $8, R_1, R_1, R_1 - VSLDB $8, R_2, R_2, R_2 - VSLDB $8, R5_1, R5_1, R5_1 - VSLDB $8, R5_2, R5_2, R5_2 - - VLVGG $1, RSAVE_0, R_0 - VLVGG $1, RSAVE_1, R_1 - VLVGG $1, RSAVE_2, R_2 - VLVGG $1, R5SAVE_1, R5_1 - VLVGG $1, R5SAVE_2, R5_2 - - // setup [h0, h1] - VSLDB $8, H0_0, H0_0, H0_0 - VSLDB $8, H1_0, H1_0, H1_0 - VSLDB $8, H2_0, H2_0, H2_0 - VO H0_1, H0_0, H0_0 - VO H1_1, H1_0, H1_0 - VO H2_1, H2_0, H2_0 - VZERO H0_1 - VZERO H1_1 - VZERO H2_1 - - VZERO M0 - VZERO M1 - VZERO M2 - VZERO M3 - VZERO M4 - VZERO M5 - - // (h0*r**2) + (h1*r) - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5) - BR next - -TEXT ·hasVMSLFacility(SB), NOSPLIT, $24-1 - MOVD $x-24(SP), R1 - XC $24, 0(R1), 0(R1) // clear the storage - MOVD $2, R0 // R0 is the number of double words stored -1 - WORD $0xB2B01000 // STFLE 0(R1) - XOR R0, R0 // reset the value of R0 - MOVBZ z-8(SP), R1 - AND $0x01, R1 - BEQ novmsl - -vectorinstalled: - // check if the vector instruction has been enabled - VLEIB $0, $0xF, V16 - VLGVB $0, V16, R1 - CMPBNE R1, $0xF, novmsl - MOVB $1, ret+0(FP) // have vx - RET - -novmsl: - MOVB $0, ret+0(FP) // no vx - RET diff --git a/ssl/test/runner/poly1305/vectors_test.go b/ssl/test/runner/poly1305/vectors_test.go deleted file mode 100644 index 18d7ff8e85..0000000000 --- a/ssl/test/runner/poly1305/vectors_test.go +++ /dev/null @@ -1,2943 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package poly1305 - -var testData = [...]test{ - // edge cases - { - // see https://go-review.googlesource.com/#/c/30101/ - key: "3b3a29e93b213a5c5c3b3b053a3a8c0d00000000000000000000000000000000", - tag: "6dc18b8c344cd79927118bbe84b7f314", - in: "81d8b2e46a25213b58fee4213a2a28e921c12a9632516d3b73272727becf2129", - }, - { - key: "0100000000000000000000000000000000000000000000000000000000000000", - tag: "04000000000000000000000000000000", // (2¹³⁰-1) % (2¹³⁰-5) - in: "ffffffffffffffffffffffffffffffff" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000", - }, - { - key: "0100000000000000000000000000000000000000000000000000000000000000", - tag: "faffffffffffffffffffffffffffffff", // (2¹³⁰-6) % (2¹³⁰-5) - in: "faffffffffffffffffffffffffffffff" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000", - }, - { - key: "0100000000000000000000000000000000000000000000000000000000000000", - tag: "00000000000000000000000000000000", // (2¹³⁰-5) % (2¹³⁰-5) - in: "fbffffffffffffffffffffffffffffff" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000", - }, - { - key: "0100000000000000000000000000000000000000000000000000000000000000", - tag: "f9ffffffffffffffffffffffffffffff", // (2*(2¹³⁰-6)) % (2¹³⁰-5) - in: "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000", - }, - { - key: "0100000000000000000000000000000000000000000000000000000000000000", - tag: "00000000000000000000000000000000", // (2*(2¹³⁰-5)) % (2¹³⁰-5) - in: "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000", - }, - { - key: "0100000000000000000000000000000000000000000000000000000000000000", - tag: "f8ffffffffffffffffffffffffffffff", // (3*(2¹³⁰-6)) % (2¹³⁰-5) - in: "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000", - }, - { - key: "0100000000000000000000000000000000000000000000000000000000000000", - tag: "00000000000000000000000000000000", // (3*(2¹³⁰-5)) % (2¹³⁰-5) - in: "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000", - }, - { - key: "0100000000000000000000000000000000000000000000000000000000000000", - tag: "f7ffffffffffffffffffffffffffffff", // (4*(2¹³⁰-6)) % (2¹³⁰-5) - in: "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000", - }, - { - key: "0100000000000000000000000000000000000000000000000000000000000000", - tag: "00000000000000000000000000000000", // (4*(2¹³⁰-5)) % (2¹³⁰-5) - in: "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000", - }, - { - key: "0100000000000000000000000000000000000000000000000000000000000000", - tag: "f3ffffffffffffffffffffffffffffff", // (8*(2¹³⁰-6)) % (2¹³⁰-5) - in: "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000", - }, - { - key: "0100000000000000000000000000000000000000000000000000000000000000", - tag: "00000000000000000000000000000000", // (8*(2¹³⁰-5)) % (2¹³⁰-5) - in: "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000", - }, - { - key: "0100000000000000000000000000000000000000000000000000000000000000", - tag: "ebffffffffffffffffffffffffffffff", // (16*(2¹³⁰-6)) % (2¹³⁰-5) - in: "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "faffffffffffffffffffffffffffffff" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000", - }, - { - key: "0100000000000000000000000000000000000000000000000000000000000000", - tag: "00000000000000000000000000000000", // (16*(2¹³⁰-5)) % (2¹³⁰-5) - in: "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "fbffffffffffffffffffffffffffffff" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000" + - "00000000000000000000000000000000", - }, - // original smoke tests - { - key: "746869732069732033322d62797465206b657920666f7220506f6c7931333035", - tag: "a6f745008f81c916a20dcc74eef2b2f0", - in: "48656c6c6f20776f726c6421", - }, - { - key: "746869732069732033322d62797465206b657920666f7220506f6c7931333035", - tag: "49ec78090e481ec6c26b33b91ccc0307", - in: "0000000000000000000000000000000000000000000000000000000000000000", - }, - { - key: "746869732069732033322d62797465206b657920666f7220506f6c7931333035", - tag: "da84bcab02676c38cdb015604274c2aa", - in: "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000", - }, - { - key: "0000000000000000000000000000000000000000000000000000000000000000", - tag: "00000000000000000000000000000000", - in: "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000000000" + - "000000000000000000000000000000000000000000000000000000", - }, - // randomly generated - { - key: "52fdfc072182654f163f5f0f9a621d729566c74d10037c4d7bbb0407d1e2c649", - tag: "9566c74d10037c4d7bbb0407d1e2c649", - in: "", - }, - { - key: "81855ad8681d0d86d1e91e00167939cb6694d2c422acd208a0072939487f6999", - tag: "eaa270caaa12faa39b797374a4b8a420", - in: "eb", - }, - { - key: "9d18a44784045d87f3c67cf22746e995af5a25367951baa2ff6cd471c483f15f", - tag: "dbea66e1da48a8f822887c6162c2acf1", - in: "b90b", - }, - { - key: "adb37c5821b6d95526a41a9504680b4e7c8b763a1b1d49d4955c848621632525", - tag: "6ac09aaa88c32ee95a7198376f16abdb", - in: "3fec73", - }, - { - key: "8dd7a9e28bf921119c160f0702448615bbda08313f6a8eb668d20bf505987592", - tag: "b1443487f97fe340b04a74719ed4de68", - in: "1e668a5b", - }, - { - key: "df2c7fc4844592d2572bcd0668d2d6c52f5054e2d0836bf84c7174cb7476364c", - tag: "7463be0f9d99a5348039e4afcbf4019c", - in: "c3dbd968b0", - }, - { - key: "f7172ed85794bb358b0c3b525da1786f9fff094279db1944ebd7a19d0f7bbacb", - tag: "2edaee3bcf303fd05609e131716f8157", - in: "e0255aa5b7d4", - }, - { - key: "4bec40f84c892b9bffd43629b0223beea5f4f74391f445d15afd4294040374f6", - tag: "965f18767420c1d94a4ef657e8d15e1e", - in: "924b98cbf8713f", - }, - { - key: "8d962d7c8d019192c24224e2cafccae3a61fb586b14323a6bc8f9e7df1d92933", - tag: "2bf4a33287dd6d87e1ed4282f7342b6a", - in: "3ff993933bea6f5b", - }, - { - key: "3af6de0374366c4719e43a1b067d89bc7f01f1f573981659a44ff17a4c7215a3", - tag: "c5e987b60373a48893c5af30acf2471f", - in: "b539eb1e5849c6077d", - }, - { - key: "bb5722f5717a289a266f97647981998ebea89c0b4b373970115e82ed6f4125c8", - tag: "19f0f640b309d168ea1b480e6a4faee5", - in: "fa7311e4d7defa922daa", - }, - { - key: "e7786667f7e936cd4f24abf7df866baa56038367ad6145de1ee8f4a8b0993ebd", - tag: "de75e5565d97834b9fa84ad568d31359", - in: "f8883a0ad8be9c3978b048", - }, - { - key: "83e56a156a8de563afa467d49dec6a40e9a1d007f033c2823061bdd0eaa59f8e", - tag: "de184a5a9b826aa203c5c017986d6690", - in: "4da6430105220d0b29688b73", - }, - { - key: "4b8ea0f3ca9936e8461f10d77c96ea80a7a665f606f6a63b7f3dfd2567c18979", - tag: "7478f18d9684905aa5d1a34ee67e4c84", - in: "e4d60f26686d9bf2fb26c901ff", - }, - { - key: "354cde1607ee294b39f32b7c7822ba64f84ab43ca0c6e6b91c1fd3be89904341", - tag: "3b2008a9c52b5308f5538b789ab5506f", - in: "79d3af4491a369012db92d184fc3", - }, - { - key: "9d1734ff5716428953bb6865fcf92b0c3a17c9028be9914eb7649c6c93478009", - tag: "71c8e76a67a505b7370b562ba15ba032", - in: "79d1830356f2a54c3deab2a4b4475d", - }, - { - key: "63afbe8fb56987c77f5818526f1814be823350eab13935f31d84484517e924ae", - tag: "1dc895f74f866bdb3edf6c4430829c1c", - in: "f78ae151c00755925836b7075885650c", - }, - { - key: "30ec29a3703934bf50a28da102975deda77e758579ea3dfe4136abf752b3b827", - tag: "afca2b3ba7b0e1a928001966883e9b16", - in: "1d03e944b3c9db366b75045f8efd69d22ae5411947cb553d7694267aef4e" + - "bcea406b32d6108bd68584f57e37caac6e33feaa3263a399437024ba9c9b" + - "14678a274f01a910ae295f6efbfe5f5abf44ccde263b5606633e2bf0006f" + - "28295d7d39069f01a239c4365854c3af7f6b41d631f92b9a8d12f4125732" + - "5fff332f7576b0620556304a3e3eae14c28d0cea39d2901a52720da85ca1" + - "e4b38eaf3f", - }, - { - key: "44c6c6ef8362f2f54fc00e09d6fc25640854c15dfcacaa8a2cecce5a3aba53ab", - tag: "6f2a09aa76c9b76774e31ec02dcf7991", - in: "705b18db94b4d338a5143e63408d8724b0cf3fae17a3f79be1072fb63c35" + - "d6042c4160f38ee9e2a9f3fb4ffb0019b454d522b5ffa17604193fb89667" + - "10a7960732ca52cf53c3f520c889b79bf504cfb57c7601232d589baccea9" + - "d6e263e25c27741d3f6c62cbbb15d9afbcbf7f7da41ab0408e3969c2e2cd" + - "cf233438bf1774ace7709a4f091e9a83fdeae0ec55eb233a9b5394cb3c78" + - "56b546d313c8a3b4c1c0e05447f4ba370eb36dbcfdec90b302dcdc3b9ef5" + - "22e2a6f1ed0afec1f8e20faabedf6b162e717d3a748a58677a0c56348f89" + - "21a266b11d0f334c62fe52ba53af19779cb2948b6570ffa0b773963c130a" + - "d797ddea", - }, - { - key: "fe4e3ad29b5125210f0ef1c314090f07c79a6f571c246f3e9ac0b7413ef110bd", - tag: "27381e3fc2a356103fb796f107d826e7", - in: "58b00ce73bff706f7ff4b6f44090a32711f3208e4e4b89cb5165ce64002c" + - "bd9c2887aa113df2468928d5a23b9ca740f80c9382d9c6034ad2960c7965" + - "03e1ce221725f50caf1fbfe831b10b7bf5b15c47a53dbf8e7dcafc9e1386" + - "47a4b44ed4bce964ed47f74aa594468ced323cb76f0d3fac476c9fb03fc9" + - "228fbae88fd580663a0454b68312207f0a3b584c62316492b49753b5d502" + - "7ce15a4f0a58250d8fb50e77f2bf4f0152e5d49435807f9d4b97be6fb779" + - "70466a5626fe33408cf9e88e2c797408a32d29416baf206a329cfffd4a75" + - "e498320982c85aad70384859c05a4b13a1d5b2f5bfef5a6ed92da482caa9" + - "568e5b6fe9d8a9ddd9eb09277b92cef9046efa18500944cbe800a0b1527e" + - "a6", - }, - { - key: "4729a861d2f6497a3235c37f4192779ec1d96b3b1c5424fce0b727b03072e641", - tag: "0173965669fb9de88d38a827a0271271", - in: "5a761f03abaa40abc9448fddeb2191d945c04767af847afd0edb5d8857b7" + - "99acb18e4affabe3037ffe7fa68aa8af5e39cc416e734d373c5ebebc9cdc" + - "c595bcce3c7bd3d8df93fab7e125ddebafe65a31bd5d41e2d2ce9c2b1789" + - "2f0fea1931a290220777a93143dfdcbfa68406e877073ff08834e197a403" + - "4aa48afa3f85b8a62708caebbac880b5b89b93da53810164402104e648b6" + - "226a1b78021851f5d9ac0f313a89ddfc454c5f8f72ac89b38b19f53784c1" + - "9e9beac03c875a27db029de37ae37a42318813487685929359ca8c5eb94e" + - "152dc1af42ea3d1676c1bdd19ab8e2925c6daee4de5ef9f9dcf08dfcbd02" + - "b80809398585928a0f7de50be1a6dc1d5768e8537988fddce562e9b948c9" + - "18bba3e933e5c400cde5e60c5ead6fc7ae77ba1d259b188a4b21c86fbc23" + - "d728b45347eada650af24c56d0800a8691332088a805bd55c446e25eb075" + - "90bafcccbec6177536401d9a2b7f512b54bfc9d00532adf5aaa7c3a96bc5" + - "9b489f77d9042c5bce26b163defde5ee6a0fbb3e9346cef81f0ae9515ef3" + - "0fa47a364e75aea9e111d596e685a591121966e031650d510354aa845580" + - "ff560760fd36514ca197c875f1d02d9216eba7627e2398322eb5cf43d72b" + - "d2e5b887d4630fb8d4747ead6eb82acd1c5b078143ee26a586ad23139d50" + - "41723470bf24a865837c", - }, - { - key: "9123461c41f5ff99aa99ce24eb4d788576e3336e65491622558fdf297b9fa007", - tag: "1eb0cdad9237905250d30a24fe172a34", - in: "864bafd7cd4ca1b2fb5766ab431a032b72b9a7e937ed648d0801f29055d3" + - "090d2463718254f9442483c7b98b938045da519843854b0ed3f7ba951a49" + - "3f321f0966603022c1dfc579b99ed9d20d573ad53171c8fef7f1f4e4613b" + - "b365b2ebb44f0ffb6907136385cdc838f0bdd4c812f042577410aca008c2" + - "afbc4c79c62572e20f8ed94ee62b4de7aa1cc84c887e1f7c31e927dfe52a" + - "5f8f46627eb5d3a4fe16fafce23623e196c9dfff7fbaff4ffe94f4589733" + - "e563e19d3045aad3e226488ac02cca4291aed169dce5039d6ab00e40f67a" + - "ab29332de1448b35507c7c8a09c4db07105dc31003620405da3b2169f5a9" + - "10c9d0096e5e3ef1b570680746acd0cc7760331b663138d6d342b051b5df" + - "410637cf7aee9b0c8c10a8f9980630f34ce001c0ab7ac65e502d39b216cb" + - "c50e73a32eaf936401e2506bd8b82c30d346bc4b2fa319f245a8657ec122" + - "eaf4ad5425c249ee160e17b95541c2aee5df820ac85de3f8e784870fd87a" + - "36cc0d163833df636613a9cc947437b6592835b9f6f4f8c0e70dbeebae7b" + - "14cdb9bc41033aa5baf40d45e24d72eac4a28e3ca030c9937ab8409a7cbf" + - "05ae21f97425254543d94d115900b90ae703b97d9856d2441d14ba49a677" + - "de8b18cb454b99ddd9daa7ccbb7500dae4e2e5df8cf3859ebddada6745fb" + - "a6a04c5c37c7ca35036f11732ce8bc27b48868611fc73c82a491bfabd7a1" + - "9df50fdc78a55dbbc2fd37f9296566557fab885b039f30e706f0cd5961e1" + - "9b642221db44a69497b8ad99408fe1e037c68bf7c5e5de1d2c68192348ec" + - "1189fb2e36973cef09ff14be23922801f6eaee41409158b45f2dec82d17c" + - "aaba160cd6", - }, - { - key: "40ff73495fe4a05ce1202ca7287ed3235b95e69f571fa5e656aaa51fae1ebdd7", - tag: "2e619d8ea81b77484e4fddeb29844e4b", - in: "aa6269c2ec7f4057b33593bc84888c970fd528d4a99a1eab9d2420134537" + - "cd6d02282e0981e140232a4a87383a21d1845c408ad757043813032a0bd5" + - "a30dcca6e3aa2df04715d879279a96879a4f3690ac2025a60c7db15e0501" + - "ebc34b734355fe4a059bd3899d920e95f1c46d432f9b08e64d7f9b38965d" + - "5a77a7ac183c3833e1a3425ead69d4f975012fd1a49ed832f69e6e9c63b4" + - "53ec049c9e7a5cf944232d10353f64434abae060f6506ad3fdb1f4415b0a" + - "f9ce8c208bc20ee526741539fa3203c77ecba410fd6718f227e0b430f9bc" + - "b049a3d38540dc222969120ce80f2007cd42a708a721aa29987b45d4e428" + - "811984ecad349cc35dd93515cefe0b002cee5e71c47935e281ebfc4b8b65" + - "2b69ccb092e55a20f1b9f97d046296124621928739a86671cc180152b953" + - "e3bf9d19f825c3dd54ae1688e49efb5efe65dcdad34bc860010e7c8c997c" + - "d5f9e320ca7d39d4ba801a175b1c76f057832f3f36d7d893e216e4c7bbdb" + - "548d0ba48449330027368b34f9c69776b4591532da1c5be68ef4eebe8cb8" + - "fa7dc5483fb70c2c896334cb1f9cb5dfe044fa086197ff5dfd02f2ba3884" + - "c53dd718c8560da743a8e9d4aeae20ccef002d82ca352592b8d8f2a8df3b" + - "0c35f15b9b370dca80d4ca8e9a133eb52094f2dd5c08731f52315d828846" + - "e37df68fd10658b480f2ac84233633957e688e924ffe3713b52c76fd8a56" + - "da8bb07daa8eb4eb8f7334f99256e2766a4109150eed424f0f743543cdea" + - "66e5baaa03edc918e8305bb19fc0c6b4ddb4aa3886cb5090940fc6d4cabe" + - "2153809e4ed60a0e2af07f1b2a6bb5a6017a578a27cbdc20a1759f76b088" + - "9a83ce25ce3ca91a4eb5c2f8580819da04d02c41770c01746de44f3db6e3" + - "402e7873db7635516e87b33e4b412ba3df68544920f5ea27ec097710954f" + - "42158bdba66d4814c064b4112538676095467c89ba98e6a543758d7093a4" + - "94df", - }, - { - key: "5cc36d09c7a6472a41f29c380a987b1ecdcf84765f4e5d3ceefc1c02181f570f", - tag: "0d57b8cbea8090df0541354673dcb4e0", - in: "44fcd629f08dc1ef53c9ae0d8869fe67fdc7a2c67b425f13c5be8d9f630c" + - "1d063c02fd75cf64c1aec9d2e2ef6e6431d5f5ad0489078dc61f46494dcc" + - "f403dad7f094170d2c3e29c198b0f341e284c4be8fa60c1a478d6bd55dd2" + - "c04dad86d2053d5d25b014e3d8b64322cdcb5004faa46cfa2d6ad2ff933b" + - "c3bd9a5a74660af3d048a9a43634c0250427d9a6219197a3f3633f841753" + - "ba7c27f3619f387b6b1a6cb9c1dc227674aa020724d137da2cb87b1615d5" + - "12974fa4747dd1e17d02c9462a44fec150ca3a8f99cc1e4953365e429956" + - "5e108535b1f62e1d4ba18e17a52164418bfd1a933f7fb3a126c860830a87" + - "293d9271da736e4398c1e37fb75c4bf02786e1faf4b610cd1377fbb9ae18" + - "0655a0abefbad700c09473469f1eca5a66d53fa3dc7cd3e7c3b0411d7e14" + - "5f96eb9654ab94913dda503a50f9e773842f4d2a5faa60869bf365830511" + - "f2ededd03e0a73000edb60c9a29a5f5e194cf3b5667a694690384599d116" + - "f8d2fd93b2aed55b7d44b5b054f3f38e788e4fdf36e591568c41d1052cad" + - "0fcb68ca4c4bf5090d57df9db6f0d91dd8b11b804f331adb7efb087a5604" + - "e9e22b4d54db40bcbc6e272ff5eaddfc1471459e59f0554c58251342134a" + - "8daaef1498069ba581ef1da2510be92843487a4eb8111c79a6f0195fc38a" + - "d6aee93c1df2b5897eaa38ad8f47ab2fe0e3aa3e6accbfd4c16d46843318" + - "5fc61c861b96ca65e34d31f24d6f56ee85092314a4d7656205c15322f1c9" + - "7613c079eae292ba966e10d1e700164e518b243f424c46f9ea63db1c2c34" + - "b512c403c128ee19030a6226517b805a072512a5e4cd274b7fd1fa23f830" + - "058208ff1a063b41039c74036b5b3da8b1a0b93135a710352da0f6c31203" + - "a09d1f2329651bb3ab3984ab591f2247e71cd44835e7a1a1b66d8595f7ae" + - "f9bf39d1417d2d31ea3599d405ff4b5999a86f52f3259b452909b57937d8" + - "5364d6c23deb4f14e0d9fcee9184df5994fdc11f045c025c8d561adb0e7d" + - "fd4748fd4b20f84e53322471a410cdb3fd88e48b2e7eb7ae5dae994cb5ea" + - "e3eaf21cf9005db560d6d22e4d9b97d7e9e488751afcd72aa176c0fcde93" + - "16f676fd527d9c42105b851639f09ea70533d26fc60cbeb4b76ed554fc99" + - "177620b28ca6f56a716f8cb384", - }, - { - key: "811c3e356e7c793acf114c624dc86ace38e67bff2a60e5b2a6c20723c1b9f003", - tag: "c6e59044cefc43ee681c3eed872d02b3", - in: "e115b304c023792448794546a2474f04294d7a616215e5dd6c40a65bb6ed" + - "b508c3680b14c176c327fdfb1ee21962c0006b7deb4e5de87db21989d13c" + - "3ab0462d5d2a52ef4ca0d366ae06a314f50e3a21d9247f814037798cc5e1" + - "0a63de027477decdeb8a8e0c279299272490106ddf8683126f60d35772c6" + - "dfc744b0adbfd5dcf118c4f2b06cfaf077881d733a5e643b7c46976647d1" + - "c1d3f8f6237c6218fa86fb47080b1f7966137667bd6661660c43b75b6339" + - "0b514bbe491aa46b524bde1c5b7456255fb214c3f74907b7ce1cba94210b" + - "78b5e68f049fcb002b96a5d38d59df6e977d587abb42d0972d5f3ffc898b" + - "3cbec26f104255761aee1b8a232d703585dd276ee1f43c8cd7e92a993eb1" + - "5107d02f59ba75f8dd1442ee37786ddb902deb88dd0ebdbf229fb25a9dca" + - "86d0ce46a278a45f5517bff2c049cc959a227dcdd3aca677e96ce84390e9" + - "b9a28e0988777331847a59f1225b027a66c1421422683dd6081af95e16f2" + - "48ab03da494112449ce7bdace6c988292f95699bb5e4d9c8d250aa28a6df" + - "44c0c265156deb27e9476a0a4af44f34bdf631b4af1146afe34ea988fc95" + - "3e71fc21ce60b3962313000fe46d757109281f6e55bc950200d0834ceb5c" + - "41553afd12576f3fbb9a8e05883ccc51c9a1269b6d8e9d27123dce5d0bd6" + - "db649c6fea06b4e4e9dea8d2d17709dc50ae8aa38231fd409e9580e255fe" + - "2bf59e6e1b6e310610ea4881206262be76120d6c97db969e003947f08bad" + - "8fa731f149397c47d2c964e84f090e77e19046277e18cd8917c48a776c9d" + - "e627b6656203b522c60e97cc61914621c564243913ae643f1c9c9e0ad00a" + - "14f66eaa45844229ecc35abb2637317ae5d5e338c68691bea8fa1fd469b7" + - "b54d0fccd730c1284ec7e6fccdec800b8fa67e6e55ac574f1e53a65ab976" + - "4c218a404184793cc9892308e296b334c85f7097edc16927c2451c4cd7e5" + - "3f239aa4f4c83241bde178f692898b1ece2dbcb19a97e64c4710326528f2" + - "4b099d0b674bd614fad307d9b9440adab32117f0f15b1450277b00eb366e" + - "0260fca84c1d27e50a1116d2ce16c8f5eb212c77c1a84425744ea3195edb" + - "b54c970b77e090b644942d43fe8c4546a158bad7620217a40e34b9bb84d1" + - "89eff32b20ef3f015714dbb1f150015d6eeb84cbccbd3fffa63bde89", - }, - { - key: "f33691f5db2dea41e1e608af3ff39f3a6988dba204ce1b09214475ae0ea864b8", - tag: "6e50e70411201378c8d67857d7b631d2", - in: "439bc9ea10db4d2b08c7fcf2e8bd89fa9844f8061d462e28f174489e7514" + - "0f84e842040141cc59ce38f9551850cfbdfac2d75337d155090d70d0d930" + - "04340bdfe60062f17c53f3c9005b9995a0feb49f6bef8eaff80f4feb7ef3" + - "f2181733a4b43b6ac43a5130a73a9b3c2cbc93bd296cd5f48c9df022b6c8" + - "2bb752bc21e3d8379be31328aa32edc11efc8a4b4b3f370ee8c870cd281d" + - "614e6bc2c0a5ca303bc48696a3bd574ee34738de4c4c29910f8feb7557bf" + - "ffcfe7428b4703144bd6d7fe5b3f5de748918553df5453b3c6001696f3de" + - "0137e454aadf30cedfb6be36b0b908a38409f1a2dc202fc285610765e4c8" + - "6414692bf4bde20ed899e97727b7ea1d95d7c621717c560f1d260ab3624e" + - "d6168d77c483dd5ce0d234049017795f2e5a7569d7ad323c50a5b1170337" + - "4174a9977026c20cd52c10b72f14e0569a684a3dcf2ccbc148fd3db506e2" + - "8d24f6c55544cb3980a36e86747adc89ebad78d1630618d113fa445f8625" + - "b583cd7be33913c30c419d047cf3baf40fd05219a1fcec717b87a65fa022" + - "1a3aa8143062d77588168019454240ae3d37640996f2967810459bc658df" + - "e556de4d07263dc3d9158ec242008226d1c6aea7f0846e12ce2d316e80da" + - "522343264ec9451ec23aaaa367d640faad4af3d44d6d86544ade34c93518" + - "2843f6b4d1c934996778affa9ee962e7dfef5e70d933d4309f0f343e9606" + - "1b91b11ac380a9675e17a96099fe411bedc28a298cd78d5496e28fbbd4f5" + - "b0a27735d1144348e22be5b75724d8f125e99c4cb4e9c3a1f0b4e9da5146" + - "e6afaa33d02fda74bf58a8badee2b634b989c01755afa6ab20ee494c6ae4" + - "c2c6f17af6b53b61d2947d83a18eb3b8a1612aad5d3ea7e8e35f325c9168" + - "ac490f22cb713ddb61fbd96011c5849ac8e2fcd42db820349bdf9157dcc0" + - "0d9f9ed9c099b10c7194d48b623b0df43759734b2a2e5f8a35e7192bf9a0" + - "03dcb9d16a54bd84d922f85b6021b28aacc5264fe9e83deb48f18f864cbd" + - "367eb163d39c45b0eb907311a2a4b09fb26109088df782ce031b02f3caff" + - "d2dbe25b1cbde9f35ba7c47292a4fd49e7def7a28824f3dfda259a86c3de" + - "59257c255c712686ee47d128a55c7b9e8c546035eab7e2da420f32ed5c94" + - "bc12a34dc68eb99257a7ea03b69d6c760b0681fa24e4ca97b7c377182ab5" + - "fee30a278b08c44c988a8f925af2997883111c750d176b432735868208f4" + - "0de7137331b544f2d28040a3581d195e82811c945c3f9fde68fc21b36a44" + - "e1cfa2d8eb625f3102461539b3f13c660936a5ddb29a0ae791fbf52c2f69" + - "7bd334653f3605b362d91cd78569b41dbd09b2a5892440b5097fa08d0b4b" + - "291fc5b934585dd8d5adc80d573fdd194b2eae26dfc49f5e51c1f1607d7e" + - "87740702f244bf39ca1d52423e0ae84891dfdf4f43ef984c7a5f293a2007" + - "a1e00e39c757f064518953f55621f955986f63", - }, - { - key: "d115b6ac998a65b48b3dae5977abaf985258d3d1cfe1616cec3d6a77f7a75785", - tag: "b431c9318ec2769fc8ee8f5fc3c079c3", - in: "7e7eb43839a6d7616b8a7b1fb7144817904342a9bd34167051162941a6b1" + - "b85db5e587f76e4a53211755d5ab29c11822d7711a97b3f1ff5b21f2485d" + - "9c86241fb56cdd6796245d3112df11ad9a7344db44d09934c4efb280ed65" + - "80cfcafb5c97a32993cbbf4917183e0b7bb38f2ce2479c28e1d39f673962" + - "17a7010448dfd39a4e7f406c8bd2d804f993bb410fffa4eb57518a531ecf" + - "259a8af068230acb826d9ffc20ee0fc43885221a321e3928971bb28615f0" + - "d9f099f5b68a80503a910fdba0bc643c60b64837900be38770b6b30c362c" + - "4580722b5dbb1b9c8cd02a18fd7b5661d2c4d28aa941c50af6655c826690" + - "37312fbf9f1cf4adb0b9400532755011b40e8252bd0e3c7a22efb0ef9122" + - "1e04b4aa8316d4a4ffeaa11909d38cc264650e7ca416835ded0953f39e29" + - "b01d3a33bba454760fb0a96d9fe50b3e42c95271e57840380d1fd39a375b" + - "3e5513a31a4b80a2dad8731d4fd1ced5ff61e1fbe8ff3ff90a277e6b5631" + - "f99f046c4c3c66158554f61af2ede73aede97e94b1d1f129aaadf9b53548" + - "553cc2304103e245b77701f134d94d2a3658f2b41108c5a519c2c8f450db" + - "027824f1c0ab94010589a4139ff521938b4f0c7bf0986585f535b6e292e5" + - "b3ded23bf81cec17c8420fe67a449e508864e4cbb7eaf335975668f013e9" + - "da70b33bd52a72094a8f03762ea7440ce9fcd10e251837cfc9ccc1a8cc47" + - "0c67379f6a32f16cf70ea8c19d1a67779a9b2d2b379665e0e908a88b26e7" + - "8c9f94f17acefa6d5feb70a7095e0297c53e091cf98df132a23a5ce5aa72" + - "59f1154b92e079f0b6f95d2a38aa5d62a2fd97c12ee7b085e57cc4652863" + - "8defacc1e70c3aceab82a9fa04e6aa70f5fbfd19de075bee4e3aac4a87d0" + - "ad0226a463a554816f1ebac08f30f4c3a93fa85d79b92f0da06348b4f008" + - "880fac2df0f768d8f9d082f5a747afb0f62eb29c89d926de9fc491921474" + - "1d8647c67d57ac55f94751389ee466bbd44dbe186f2f38abbc61a0425613" + - "e9b6a64e6bcb45a2e2bb783b9103483643d5610a7e2dcdb10b5d78423285" + - "506b42a99b00a4fb7b619b4526bb4ec78299dd01ad894fde2f053e18c55b" + - "6047f86333f2690c2cb8e87d9834ab8a5e339aa346e4d9952ed62dc083e3" + - "b11a823a67f23fec099a033f127ebe8626a89fa1a5a6b3520aa0d215a8e7" + - "dea3af37907686c16521739a95d6c532cc259c497bf397fceaea49cd46b9" + - "ad5c1b39a36fdd2f0d2225fef1b6ca2bb73fe604646c10ba4c572ab13a26" + - "559ededc98f5a34c874cc25621e65ba4852529b5a4e9c1b2bf8e1a8f8ff0" + - "5a31095b84696c6381eb9ad37ac0db184fe5fccf3554e514946a33cabe6f" + - "4d617b549d28ad1cc4642dac96e0215ee1596481600d3619e8f45e2c9ae1" + - "da834d44aca216bba0efef6254503ca90339f2d7ca508b2722d50c08def8" + - "a736590fa44855cd9eb9979c743783aa26e633696739f2ae25ff7b72ceb2" + - "4dff4455b85bbd675c8cb71ad18386dc58c371bdf37b4b3875b98a9423ff" + - "3becfc0d0ba2aacab3ee7683cb3b345095fefcaca5751ca793da63c89428", - }, - { - key: "f3717306b9729be998cdb2c9d856306c5ae3d89da2cdcef12f86f6110c98d873", - tag: "907dba0f4849c7cf4570b5128b5f31d5", - in: "079572187d4559f24d8e48dc366441acf226a4db79e214ec3ee288acc349" + - "887e2e377419bcafa377d0151497b52e4d9cf2a02b0fc91ad9516482bdf6" + - "eccd1497954b53241bfb0bc5c04cc45045c6251f23a510060fee32721872" + - "bbc95cd8d400dff00bcac2ecce6229c7d73d8f85ed5a87afdccf6dedd299" + - "2d5c7b5b8090c47c737ded036ff0e9aedf02a2242fd9820be618b9601e73" + - "d3ba5d8f1ae9805cfd2306251704bc74e3546997f109f1dfae20c03ff31f" + - "17564769aa49f01233c9c4b79f90fa3d1433d18cdc497914046ad77d2792" + - "2588a7d0e61d4258d7d80cdab8503e3111ddca22cf7f39c1f80f1e16a68d" + - "9e21db8b53dd316dfa4233cb453a39a90101c60efc08514a3057db007e96" + - "507745bd4a0764ed8717a250bffb5fd1ea58474bdfb5b869681939693926" + - "40d832a3387ed4ac9cdab0d2af8fcb51b86e4d927097f1e79b5af96574ec" + - "d59d0dd150a0208978c41de28ad6cadf72a49279cffd6dc281c640f2e294" + - "4cde49a13ed390da1dd92e3011ce0f4a0863375a9db3f67fca1e3b8288a0" + - "78611161d7cb668ecdb932e1ff3733982c8c460eeeff2bca46c96e8a02cf" + - "b55d770940de556373a4dd676e3a0dd66f1280c8cb77a85136b3f003fab4" + - "887dad548de7bfe6488ae55e7a71da4097db03900d4b94e776a939530328" + - "83492da900b2a6c3e73d7a6f12ee30c9dd06cc34e5a3893976eb1de5864d" + - "32e792ac02e68d052d9d0cfc7cfb40b77728422f6c26cf68987c6b40fcfe" + - "9d660abc657360eb129de11bd70af5eb8fe350af2c27a6ece2cdf81b94c8" + - "0e68e8c51106497cfa5171236efe2d71d76b5dff3352af9b407dc5aab60f" + - "46b5683646f5b28732b7c750d351a08a507243d8e437cc4bef13a3edaa20" + - "5fc4e9968b4e563fa0dc965ba20b8e48bc188a321b16d3213bed69647512" + - "7a20afc1a3680ef261df6d37b017dee05cfc3a42e4130216e5540cf715c4" + - "e638d7d615c50bef576eeb19b3b15b2c2b454dfcef2b18161a143ddf52fc" + - "8e88fa71cbe34c92cd4b5a0adc81e5c33e11d2721bc1b95a9e693ac3cabc" + - "490889a8a42bf7e22375b679e8598c8faef22a006ed2da8ab1c08aaed2f5" + - "6d6f26649036335c0881bfec1e3a5346335c3b3707ee92173f1a7a3305c2" + - "933f78e995da8f1df64daf12b81ce23c8813c27fd4551103dc33561c2e80" + - "45b6b6770fa03498fd359a104884699d628020173edbcc4398b977e456e4" + - "885964840466176a490e7c513ba5d66090277c1ab1632a995a54f555a452" + - "1170a000507865b6650730aa6d6050a55959102836fff3d37e4773340e59" + - "2e56951ff9652519de4421d9c5b63edbeb30a3852a1ea110a9a29721aee3" + - "23d5a306de1624cecc87badc47aa87f489635d2fb60bff62ba67f5257999" + - "6af0a1f1a6fbcd8704e119196fcc289a6db6a4170a2cae31a1d30744b702" + - "2536d1526d41659c2dcc8b39c26aecfc0f8a707136d81b2827a158fd7386" + - "a537514471c213a8c859016748e0264cf3fbde10f40c620840ec4df99432" + - "e2b9e1e368e33f126ec40c572e841c2618d49d4eb098b9533b1f4ae00b46" + - "8d15de8c8ab6d0b650e599576f2bd90a124c9c6a0f911fd1bd8253bac272" + - "942cbdf8864f3747ff7f09d8a5a9d8599be7ee1744e5f1faf3e526cd2a06" + - "b157527272af9d38565957c9ce663c295766c0e0e464971c6282b70d4c0c" + - "1fb3b69856b34c089ad2b2c745f5a033cee1429c5b855581ee285278893c" + - "43a5968d9c28384b7abe8d072ba69089c938685cb1eab461f05314ad6d06" + - "eaa58512f8738bde35b7b15ef359dd2e8753cb1ed6", - }, - { - key: "9772c1a4b74cbf53586e5df04369b35f1fdca390565872251bc6844bc81bda88", - tag: "68eb7fc459ecc3be819485001ab438dc", - in: "e115cc2f33e367cb85c01a914b3a512404ad6a98b5b0c3a211d4bffd5802" + - "ee43b3fb07451c74524ec8b4eddbb41ca33dd6e49791875d716a44bec97b" + - "7c2d4546616939ffa3b1ab9b8ba1d1a637e7c985cc922606caa0453085e3" + - "5f2fe0bd2de129d1d1856ade975a3281a62965927d8bb695e54514e69558" + - "89361a2a00a1b24e62bda78d0b71a0d40147016fcdaf1a702331dda8e678" + - "d8f476dcc91698da1688c610ec0cb1d9b8fbcd45dfde6d1503ba60a01337" + - "ae5b2f5c854a82c3087779babd2e522dd92f4718cd9f8c649ac226745ca2" + - "fa1696442764758f67cd926369578ae87612790dc56ed9cda935281a490e" + - "5c984950ec7a4e930520d273a69da4ed3a330e532508e26f942961fed0e3" + - "efeed52a7b96250d723155aa39a8ae85131c255c32bf406b647de1a37fba" + - "dc61e302bb5b70adec4505ee66b3a1d1b7bfe9c58b11e53ad556d56e5807" + - "017bb30b71be94e8f86aaf1496e8b8d6db75ec0afbe1cd336c23963c745d" + - "7b4ba1787ceb30728f1762b46f6eaad5064c8029d29b86266b87f93142a2" + - "74f519f3281d8c1cb43c23eb184ae41f3f625cf624b05a48d73cd7783fdf" + - "14954a03ec1a930e9a954424eff030e3f15357de4c19983f484619a0e9e2" + - "b67221cf965e9aa8d8926595c793adfe0181050df8b845ce648a66df532f" + - "78b10c83ecc86374a4f8abf8edcc303654bafd3dcc7de9c77a0a9d1d98fb" + - "121534b47d16f75b55fdc2a5e2e6799f8a2f8000d4292282e56863ae422a" + - "5779900ad6881b78946e750d7777f33f2f013a75c19615632c0e40b98338" + - "1e9b8d35a26abe30242c45662eebb157e6d7a8a5519de60268ac289b8295" + - "5d4feb47b9eef6da65031c6f52c2c4f5baa36fce3618b6a331f1e8bdd621" + - "48954fcf0846afeeb0a6cadb495c909a7fe671b021d5b0b4669961052187" + - "d01b67d44218471bfb04c1a3d82bf7b776208013fc8adabaefb11719f7a7" + - "e6cb0b92d4cc39b403ceb56bd806cbdcc9ee75362ab4aaeb760e170fdc6a" + - "23c038d45f465d8ec8519af8b0aad2eb5fae2972c603ed35ff8e46644803" + - "fc042ff8044540280766e35d8aaddcaa81e7c0c7eba28674f710492924c6" + - "1743da4d241e12b0c519910d4e31de332c2672ea77c9a3d5c60cd78a35d7" + - "924fda105b6f0a7cc11523157982418405be0bacf554b6398aeb9a1a3b12" + - "fe411c09e9bfb66416a47dd51cbd29abf8fbbd264dd57ba21a388c7e19e8" + - "12e66768b2584ad8471bef36245881fc04a22d9900a246668592ca35cfc3" + - "a8faf77da494df65f7d5c3daa129b7c98cef57e0826dee394eb927b3d6b3" + - "a3c42fa2576dcc6efd1259b6819da9544c82728276b324a36121a519aee5" + - "ae850738a44349cdec1220a6a933808aee44ba48ce46ec8fb7d897bd9e6b" + - "c4c325a27d1b457eb6be5c1806cd301c5d874d2e863fb0a01cbd3e1f5b0f" + - "8e0c771fca0c0b14042a7b0f3ae6264294a82212119b73821dcfbbfd85bb" + - "625b6f75e4dc0ee0292ab4f17daf1d507e6c97364260480d406bd43b7d8e" + - "8c2f26672a916321b482d5fa7166e282bfeed9b3598c8f8c19d2f8c8b98d" + - "f24c2500c8ad41cd6ed3f2835737916d846f1a6406cda1125ed7740fe301" + - "d1144559b7c95fa407599ae40a795226513153f86c9b8abe7d8aa6963c99" + - "5646ec586cbf20a03a698cc0681b7bd333402d00fa8e15cb32300b5a24ea" + - "316c5e1df67de78891846cb9183a4b112c3bcc17bcaa5fecd6c1dbbf6ef8" + - "272d9269e7f0ba9f17050a6aa5f11cb28874360396ab647941f2c9a85cb0" + - "6a969919b16997b0827af8f909c614545f1ad638ebb23109f6bab6b49b22" + - "b2285cabbb998b3e1bf42771b4d4e52330b224e5a1d63169ec85fe1c7dd2" + - "46dbafa6138448420f463d547a41c2b26026d4621b854bc7786ab3a0a93a" + - "e5390dd840f2454028b7c3bb87680f04f084089bbc8786ee42cf06904d01" + - "7e405144d2fae141599e2babe71abfbe7644fb25ec8a8a44a8928ff77a59" + - "a3e235de6bd7c7b803cf3cf60435e473e3315f02d7292b1c3f5a19c93646" + - "3cc4ccd6b24961083756f86ffa107322c5c7dd8d2e4ca0466f6725e8a35b" + - "574f0439f34ca52a393b2f017d2503ba2018fb4a0991fddc1949832d370a" + - "27c42e", - }, - { - key: "d18a328b63a1d0f34e987682fe6ca3d48b4834b4312a17e99b3d88827b8d2238", - tag: "938b43b80cb3935e39b21dd8ba133cf8", - in: "bc2b0baf92580ee6c5efe640f2a029a791a3c77bec459be74cbc30931508" + - "d9f312c3a0944212831cbe4fc92e8f107f2f750c91bcc09f7624fa9a09b4" + - "9b7712cf5d619ea9da100fc23068ae2f4e353047e3956b215884bdb12235" + - "3f06b8ee98f36c3212493d61ae9ce151cd0453f3075b18a12d7d73da3de7" + - "dc2d98376cfb420069ca8148c511ca6bbae57572394a3c615a6fefb30c5f" + - "d727f964b4065ac9ee252bdd2bcae3e70162fe0e8069974e073f0a093d45" + - "be52d7de16a8f5f65c548aa6525822ffb00dc642530fedf355f7188ef017" + - "56384760c80afb61ad903d10119a7d615ec4fbdc79c490160bdeaf200915" + - "e405f2a921a2380c0ab9d2ac1e4fdc8ec4b907368c004458598efac13dc7" + - "2751e7faded538e3dc8b16590cac9b7ec294da0ad53e22cb9c05d8ef494f" + - "a04f6ab7c843c867fbe3cf1b4eb146d65339b0b03392259f12627a8e98e8" + - "0f4896c30b8ecd210acb2365539a872541921dcd8e1e54caf4936dfc7e1f" + - "68f3bbce61d325b447a8cce7f0fcad28494f2e47dae46b136594b5dfca7a" + - "bdafd6856f91496c05b21079aa55aa8c41628220a2cf0cdd755893375b7b" + - "b13d914c9a1d1db4a18f8fa36c55e52d0342352052032fb62d32fcd51cb1" + - "ac46f44b06e682db5d96d583cda03b966c650c03ae53542e8da1066b6884" + - "4a7e2280c664415e413f270b1fdcfbb40b9daa6131d071ee7eb1553dc5b1" + - "a50677971223dc316d2d326d57cbd529c88698facdca425e2d5c6b10d7ae" + - "cae28b8890aa44ede9b9193dbe8d1d8aa1fa580ca384b57eadcbefc96dd8" + - "bfccbe3b855a96f1fd4913035f817b75954ef1827c7718aab24d353e41cb" + - "a73748e14e0c2750d5b6a9752125708cc7ee7a498c7fbadf4186e7f8fa93" + - "bfdf281a49400f877621651b8ba87edda5231e80b758564e75139b61b1a9" + - "9fb9ec694f928ab1f47c6c4287bd4182d1b2be053380616e98da06f3ef57" + - "b570ade17c51da1d602b6ebc5a638ebde30d99bf4f91d0e01557c7dcd8f7" + - "9e5120143c935fc699eb5616ccd3cac56b5f8a53ed9e6c47ba896bfefe71" + - "2004ad908c12cf6d954b83bec8fb0e641cc261ff8f542b86e62d90e227f2" + - "a5bd59c9d390c0dd857f6da2b7624787a0bb31908bae84896890b283da61" + - "d8ec4f56eea38b22b438d6374b42243f9c1d94288874e53ab90c554cc1f1" + - "d736acde67aff55007fd4b3becc4d0f3ddd96f10dc75255cb0327aa47076" + - "2b3a3a656e33c87b02a682658b6cd2a75d9c0462803c9bbffa51441501a0" + - "3a2fbb2344aa13d27ffb9e98704ea6720b6a9992e53449688cd74d0648fa" + - "e8e776b0ea6bf048b2ec05341e5948cab0af015328b284ae7bd89a5f763c" + - "eaf5ca3e647a9f5bff7197e4d357e4359fa5fe30709545453149be510e3b" + - "ff86beeba5110c79c0215fbe9ac9339a8ac7d41f7488588ab14ac657aaf7" + - "d5c03a353932bbb2b261f0e83f3526c5e8e0c2348a10ab4eed6ecdcf9014" + - "7550abcb0a722f257e01d38bad47cdd5a64eef43ef4e741bf50da275720a" + - "0aee47adfc5cd2534b911dc269197c3c396820b303f6941e3fd85b5ed21d" + - "6d8136745c3eeb9f36b1f226434e334dc94be8a5606079cb7643136aacd2" + - "da9c38b2eb7e2b898bd8632003767bf0c87d00a3c2fcee48bbbcdd949af3" + - "3455128216709df25879b0ce894ac4f121dfca6b8c7865002b828696641d" + - "14ffc59924fbda50866fded0afaea545c8008c564a3a0b023f519a9980ea" + - "d541d91d1c07a739fd02286ea5660e473f80494236a68e84ea31aad71348" + - "e45055ded69c39941e31d51df257a4d0b0d8f025dbedee093f2b91795bc1" + - "533dc472020769a157a187abd6d8d52e1693e2ef56b2212759d0c0120e54" + - "c425d0084fdb3925e296dd6cdd8e677043a90674904057d88ebdea5998aa" + - "03562a790adecc4399352df43e5179cf8c584d95ef8e4b37295946b1d37f" + - "faf4b3b7b98869184e42ea8b304fe1059f180ff83d14a0861ca7c0682c34" + - "b48a70df8653bd8d9a26f9489e1271fa44e41b392e648d0e619ecdad2c53" + - "952094802eeb70ade4ffe096e3049867de93a824217e31364b18204e9681" + - "dd8e84ae2678aad155b238f59dd9bf9ce07e97183a690b2a46a8f3624843" + - "5b2f713e7d8dcda4dea1e3c4cf9692dda082322c51f7bb1f63d92aa987ec" + - "cf1355a043e21a7b8d60a2b97f18487f6fff4c77df92dbfdc9837540c518" + - "9fd9585731bc6e726a34ca21154b0499522c9d1016953dd0fa2eb6a92b6d" + - "14d6e3da5c12fabe92bd639e253983fc91041091791643", - }, - { - key: "46e8eb27acfdc8f4be622d8741c7bc414464c149e21da97ab4afbf3e07b98b0e", - tag: "56b5f49be824c7a19b19faabf0787a87", - in: "ced52b76c057872a60107194b432cf04b7be05e65209045d2952ea0284d8" + - "3e2ed5a15cfdc58071204573c18ab03765b4d5e63a601419e039c42075b2" + - "7ebb2827de9c6233d6632e6d3db9140bdb4a9291d53f33734c2dc8e24df9" + - "0764dc10e0d321d20fdf659bfa2a81bc9e04fd0f83448143276647c08bfa" + - "dcfe3bc23898eda655c9353693ed7b022f43eefa23c21db7660c5029ca64" + - "a6085d93029ea6c43197356f56b7624d4819f5008d053357d981ffbe7f40" + - "96d6c55d8417002d36189b04bbb2c637339d90f4910a400833a8d422d88d" + - "c816c1636e8d9f7f926c244a28d9e0a956cec11e81d0fd81d4b2b5d4904a" + - "d1a5f55b5ec078dcb5c2bc1112bbfd5efc8c2577fe6d9872a985ee129e5b" + - "953e9cebf28cf23c6f9c6a5e09cb09ab586c6a50e4389cd3110777591d7f" + - "0608a3fd95b99f6ba03984fb0e13c6bbbde3668c59f2f2b69d7caadffa94" + - "6f67e725d56280e59e66dca025a18d4616e81abd9801835bd94485bb2025" + - "dee81fba440005b181ee81dc1d7796cbec92e4ec1c9016c8e8073cf281ce" + - "f749993f09a618a4671d58b476feffa454600f82955c591882715148a826" + - "586f68bb50059914dce1c1c85e5e3951647c9964ec9316005209a58baeb5" + - "2c6d01e6b4c275c0050a7e2bdc52133e433b050a700b556d4314e5c041d1" + - "93ee47f47adc971aed1b63259dd5cd4f95854a71a947eae3d3d12d0d7b52" + - "c6cd2fef2d2e892607a9681d73ac3236fad21ee30a4f857010bc95c00d5f" + - "6f0c6b3fe50cd6452be6eec4f5f01542dc2cb5e2db1f52224f11348fe2a0" + - "5d1e5885f1317f2d06ce2813dc4c723008e836a2ee95d0aac66855fe4c3b" + - "1b2e02ba0700be759b1ef1c2a3123ee4ccf9200d8d4de5e0d503f04c2053" + - "66393d1e91b648392ca28389d976aa618b4796acbfe8aa356ecdce1f7786" + - "bf09af226bb9402317b6fa319bbb9248d8ce00b1f49f066c69d4df93266b" + - "938342cd7fd4b07c320c2409ef72d8a57c21d0c6d6d493f7ca94d01b9852" + - "e4fca6a9291e9060154bc38af6c86932645f53914709fc90e11db56ec471" + - "6d600ee6452041248ea8244f79534f793bfc1f2020855d817cb4ca3c48ea" + - "7f6441ce9af9bda61936c226d810086c04a35e8654fdc30d4b35701adccc" + - "016d5895b2121ba4066e44d694f6371d97911786edb73dc3020ba186a01f" + - "ee3dd6036c0e205a8d05979bad228fd12c0fd2fded6c7f1e4c11354d266e" + - "d9c2f706269c43cd90504997d93a17b39b10dab0ff083ab3bd06540ce612" + - "d08f46ce75a16ef330525737410a0d98fb3d484968f9c12edcaf50103fdc" + - "c14128ea4ad6c30b56247eab28197fe617e5f88afa5cbe003c63d423647a" + - "d3042626fafd2084a0582ff1b1efdb5baa162662048019546234e2f6b6a1" + - "d8bb971114aae41df7795b4f3598f2af9e8921a9aadc7fab6c780aaa32a3" + - "84865a4ccb02351dbc55ec92a3152d1e66ec9d478be5dca17b4a131b4a0d" + - "3d4420fc6123fef80fd56ca266407d58a7880d6b7e5ce2b6bdc9a3721071" + - "7feec573d83c83a2e3f7d4023f2f68e785cde728fdbf5054060e4c89faa6" + - "1c9dd10524a08811d15c627b3b4ada549a3fa1d8dd77c005daaf2addeb10" + - "0abf694da8dd692f113965cd6366a5a7b0c17e1f2a320243e2c90b01418e" + - "22426d0401a2c8fd02cb3129a14fdfa6cbcaa1f1c2f17706e9ac374a3458" + - "777761e986ee4c358d26f8e420d33230d198fd86704e77298dd4c40c5205" + - "7566ac0cd92993b21937c3a3b4a8b89110a97cf38c781ad758bdc28f3565" + - "60cf3acbedfa8e05b396d226ef619746e8e4fa84c8e00a7f0e6d652808c8" + - "9c9b123d9bd802624cfa949eb68af85ca459b9aa85b81dbc0b630856cb9d" + - "7e18cdc96b3c069a006dd5b716e218a5ed1f580be3e3ccf0083017607902" + - "a7967a02d0a439e7c54b3b7ca4cc9d94a7754efba0bb5e192e8d1a6e7c79" + - "4aa59e410869b21009d9443204213f7bceb880ccf1f61edb6a67c395a361" + - "ff14144262b4d90c0e715dbefce92339ff704cc4065d56118624a7e429e4" + - "cadf0b9d2e7ffc4eb31c6078474a5265beba0774209c79bf81a930b302bd" + - "0f142534a6ae402da6d355a010d8c82dc379ea16d49b9d859a7de4db6e62" + - "40f6976ae0f47bc583b327df7ec88f5bd68f713b5d53796e72e28c29e843" + - "6c64cd411d335623ff4f5d167f3c7b8cba411e82f03714662425c8e1bc1e" + - "fbf435d28df541a914a55317de0ded8c744a1c3a6e047590244b207bcdcb" + - "f4bd1f9f81210deddd629192c58e6fd73e83812f084ef52f21c67bea98ee" + - "17554437d9642e2e", - }, - { - key: "b41210e5ef845bd5a8128455c4e67b533e3e2b19dffc1fb754caa528c234d6a0", - tag: "72c9534aec8c1d883eef899f04e1c65e", - in: "7eeca180bb20d99635e36b9208221b2b8ef073fbf5a57f5190e19cb86c49" + - "89b0e8150d22ec3aaf56f6ed9cb6720284d13a4b0a34cd3d7f7fc7089326" + - "6d1893fa4185269fb806677ff490aec8f889896fca50d6c80d295875b1d5" + - "4a779b6d49305360b31011b48537157d0f323ff4e865d46fba6bd23a06c1" + - "46878cf9404360d325432312ff08ce495edca63a3c93c44d79c050e3f1de" + - "4b6ca5fedbbd43dbdef9ceb26d440a59c7e0be3a8e461c4f15b6b1e1dc36" + - "a71fc723ad593fb903e83d0804ce497fc49bfc6b6a602b9dc6e9891010b1" + - "4ca066cb1c68044c1ad837c638076dd3708078509cba49fdc54922cdf5d7" + - "715fb43e9b5a5942cb8950eade143577bc9dcedde58d51deddc70075e452" + - "bbceab1e95b5d003eb96bea69687faa6d50d9c605769cb4287b5d9924dd6" + - "8881c699abaa6f93e41dac7639cdbbbd0259099a3ed096f482a1fa322b15" + - "ffc379812c74e09e95f1bd3706347eac421fe56895e738a47fcd3e118773" + - "c3a7e7e264cc7ff5a53a80e436df058265dab9756fdf6913786a47e98bbc" + - "411052d58ffec9ee948e28cbaadaae471c5d828eaf3b3c87d3bfd495477b" + - "403da54f1418a15ace0d4d0df68f6a8f2b0457b127d5eae1f45ae055afa1" + - "8f058d5dd7eea559de3ae9378ca53f7d6dc9a9465ea1f945295f16ee0404" + - "7fc9dd3deda8ee32631d7af70c20edc1e12c5f8abd2e78f43dbd4cd6407f" + - "038efab144a24ea8a090a7ba3e6499345a60106220c2959a388e1a73d070" + - "1d854bfaaa86165a5aee934b615ac7f45da7c43a1e8f74613917ed10dcd2" + - "27e4b070414412e77851db5bc053e5f502bb4e2b2645bca074c18643e814" + - "4caeccb58be49ea9a552913c0616382c899635eea79a166988c206b9aaa0" + - "977c7ced89c4c7aaeaa8fb89b38030c44530a97187fda592b088198b63a5" + - "2dfad59a0a4c1aadf812bdf1881924e8b51b8fd4dbca8e73b2986b3ab484" + - "171e9d0cbb08be40ae60de8818bd7f400191b42c7b3200c27643f06720a7" + - "e0a17441f34131629388ac43955b78c31ea6602a70dd665f872e7669e865" + - "f6f40e634e8772d747608cd3a570e1726eb1ddca64f08582b022bb026eda" + - "6a913dc83f174ce3c18b9fc0503d3ac74e2fe45691d6dfb4af8c86d752a1" + - "6d6664fab4de08afe8858392fcc35cb9ea82fc42c42d48c0c0556267ea0d" + - "cc19b10f05e0318c4488ffe704b5036908f5cb938eebd3163503acaa874f" + - "592d945448fbeb93a877a26a72306a36e181745ba300afdc30cb7986919f" + - "3dbdc5c47ef1fa052a9e4aeeda3955f61ce2f30a0593a81dbaffebac5a49" + - "e5a8d1308352701d1ca9e620a67a89abdf5f0f8b1a0acfde5819981d4b77" + - "58799c0fe41030b86754837712af821c315301aa8dd50d1387b9fb92ee63" + - "10777e08229edd54e5e86b086ac281bd321082ef46ce298a6211aaa3aa4f" + - "6e55b5a4641220ec94cca73087760da1b1ac3e0da3f438214e691aa184b0" + - "535950b715a64d11485940dcaa3f72e0aa521002b1443f5e7880e2a85b83" + - "40d32db0fc4c4702e10f0fa24a35da9307850e945f608ad34d6cfdf6f2b9" + - "ff4f6b8e9eb5a883546578e2ff3cc5787322e4384640f42dc5bd05f432d9" + - "610dcf7c06cdf34762dd2a5e805e24aee8cebb3b4db9e4d1471da995bba9" + - "a72cf59ea8a040671b1d8ce24a3dce4fc86d2df85c8ab5e1eb2b0567c186" + - "4fb464f48c3ca72c7df2749542ed4d4be51b63769012ce3d06356856b2a4" + - "24995a2429a156ad93bc79c705e7b163149ce53a42c34a19680dfe4fd0f7" + - "fce38c30dffe9da9bc941d131f435c1398f8284a230e9d6e3992710074c3" + - "881d03aa309a9edd0fde7a39c33f6455dfcc5ae3fa20ea0e0d6549a43536" + - "b4cd8a2991a135b7d7a4265fb840318813091274414108f13fe191db7774" + - "6a5f4270f6d51a29ff523954f84cb76131d4abee79161dcbd97dc1ef24cf" + - "db1fade057dddee00a1e0de0db1afaeed1b535f7bb402afa3b297551fd14" + - "8c8f3e05f1351d3a8ee2948daaf14e7fc448c4670c906ae076eac5a7c656" + - "fd5f9cd937b91e26c9e5adb43c138f8d65e447b0022a524e059f879c6e27" + - "4ff7e671f75717233aae70853d5bd7bbb41b43c47bb08d6dc2f54f9ec606" + - "9487d1267add72403d01552a3d138abab9ca8a0d2dc32439759aa5695f70" + - "1a17d28dfb85850fdb55fddadcdde4d220e4b05821e5736d346e7dc9c945" + - "72743366488b1de8975184771361894b6520e3407c5c2e38473430969e35" + - "b106024da8618665d58c9d084824a28991a33658d6ec702139e01b65b7d0" + - "cc537a644caeee880657803d95f5f67816948d5ab362922f8ffbd531473e" + - "b0ff8fde2afc37a4abfa28dbed0be1b3d4ed48a1d02358e8403905d33b12" + - "3066e7a9fe2491ee9eb24fc9de7dbd322c8ddbc5ebcd0d92cd102ebac96b" + - "90e2fd784fd6d4b699304df23b17d963080a013794322690456be525c071" + - "b78fcd2d1148026e44ff14c4d0f942cd44d2b3263f4a93b79ec7a618b4b0" + - "d77ae7a1f6e6c7c7e2f498b825bf1954df348bae45ae1d7c87b6787f1212" + - "60c9a724429a4a2491ef989f65acfdc72fa717486dcf1984905218e11cc3" + - "970a09d71061e6df751f100abfbf", - }, - { - key: "d9b0dc303188756312c12d08488c29f43a72e78714560fe476703c1d9d3e20c1", - tag: "6b9782f2a09b59653aa448348a49291b", - in: "dbde1820035997dc8a8ff3015b4e0674e7ce7bf0c2d994b7977f2d91b49b" + - "f200995040daeb1218a0f4307b6b8211913992b070d321bdb947b4ba5017" + - "a0885e7e5502710a75cbbcb56d49e1bdc2bc2afa5a0e83851162dec41340" + - "bafc41c5e11fcbf4ea2ac45bc57def4742281bbf734777f83c9ae1ea3d5e" + - "d42380230570f59c40d5dd9a2d89b75fa3c92664f12a274d965ed8de79a8" + - "b37f3763939ad21d1703ad794f617c8b32b20cc4dd7c1b7f969a65e1bafa" + - "f6c43f30c9eba256f10201910e2cc31a9b13a46ad29257024ef8f2ee29b2" + - "ee63cc5b6230ab9f87cd5cb534f4b0bb08a790466e0d57b849fffa1ed21b" + - "fb0b27804e3ff9df7bebf14e100cf91691a493e53870abfad6321f6711c5" + - "0fbcf1f0b2c1e5231d6c0a08e710525176355f6f82bedc1f787f0d3cb41f" + - "a11e91ebf9f4cbae46035a371232d63ef0d8bda0355af8cd0a2f7d1327d8" + - "0ab769ea0f1da0f76ec99cc737b5ce84675fa8a9ac0c98342bb82b5848bf" + - "656d35327ea01a1b09d84ab974c307511af68a30cd6978b529a8f58c68a5" + - "9d476062ace8897ec0d1a90d5d167e29ebaa6f46d93d697760c8771417ce" + - "94c0f3698985a98702833d1b68641b811840ca3d935386dbd4600fbc81c8" + - "728c4fd0e4588be739a048f03bd4ac651ceecd7e2fb120fe7190011f957f" + - "cbbfdc025f1ca0b356208db8cad87fcd53c5d3a30a7c2a48140ccd4cdb49" + - "f3961cef742caedd1e848bf3cacafb0da030416bf3177877aa0bc5f9d1cc" + - "41fafcb829d5e3ace9394028683d712552579e024084a6b855830ad9f567" + - "ff58f05d3ec263eddd6f56adec378f167e8dabbeaf7d0a9e65c71660314d" + - "6c8d54beeca2711113fbc32a2ff8c0daa8373278d10085d2a0660ad53f4e" + - "1ade74a483be180180acf9e9ad3ea5bdd9162ccd69599163a451c6837d5e" + - "a5e115bd9a560f395128ea002ee739009a44fa46078b18959933fb6e866f" + - "eb4612a56ce93b1affcb95fccaa18d71a148582ba1412a5daa07404fcb39" + - "c3cb4a2519cc506c1172c6c326016ae2e5410f6a438569f35a50d45cbf3c" + - "c46188651aa22c257858f60649cee8c05c75953ce49358dfe5980445fce9" + - "614ccd16d333ad236e29d204691ca0bf46f29da954bcaae52e41016556d2" + - "f4cae1d37565bcbe84de1b49f344d0200478a38187da29c155cc98184d9d" + - "33dca088d70054e0fce321f7a90c48a14963d0ace2b4e7a24b21c14a5e67" + - "1994fe1f7d22d1135d4df9268dd18d323fde3603288735626a5449582d35" + - "30e2c2225414e05a8c7b987c873a82e272a5d83e59b90f3d7264631d6ad0" + - "4a0cf3b5e96596a66ed5bfbc24ab6e4870aeec0acbad2cc5affaee06de32" + - "dca06f175bf763cf8e7fdf95941a177e934f0078be7dbaa4c9b6f5c16b4a" + - "5607bab5d56144a6ba3c7d9a084b8d1f4b24b6f9754ed207b230d3a2cc26" + - "259ccc725e1f8a44c4df8143e13edb5ebf073e2c9d2da5f1562df4feece2" + - "f6480987f093f642eb7afa3aa92dce2a8b60bb925cd2d11cf6c2ae7d2153" + - "1a9c8f068d71d0e682023932fe64e956a49347aed22b21084c4a84480491" + - "244ac6b337b6d12d5551ad5684766c68bacca62bdcafab6603c81bdbd8e6" + - "80d9d8b3825eaea4df023142e840f98ee251466a0422d810a54726a9f03a" + - "7e0afeb0043e60e2ba4908f951d2e87fcbc372096f2a9f4f2a95ad5faede" + - "3796b11ecf4401c3ee3d268bd8c46476c61e0ffc5c43c0f3c58c79e20f75" + - "520c102aa3c260972a870fc50f8841fa0553a9e30bf37ad282fb51b34adc" + - "7a933ca1691a8a706605ce0b906fdccbe954f8e5f2f63c42599a483c4be7" + - "3a041ef90ad930fe60e7e6d44bab29eebde5abb111e433447825c8a46ef7" + - "070d1f65862b30418efd93bfea9c2b601a994354a2ff1fc11c383e7bc555" + - "9e7546b8bf8d44358b1ce8cb63978dd194260e00a88a8fd17df06373aa80" + - "04a89172a6051bd5b8cea41bdaf3f23fc0612197f5573f3f72bce39c9f89" + - "faf3fb48d8ca918586d4feaea7e0f2a0d7a6afca096a081af462ea5318cc" + - "898a9cc09e8258a837559570cbd5eb901e8c0e04ee88ba31c81a76b000b8" + - "0e544feba576b3eb5272b53e46e96a0b35b9c759caadcec61444f8ec47c3" + - "45a1d2304e2708eeddfbfa75a98eab3493889047d690e84431d445407fdd" + - "99560c0bdd287e0944116f8ac62ab992ed3f1e2b415aea784b03c6904795" + - "f4326ff60bc839615f2894570dc9c27cf928ef192047528a1a19ec990978" + - "3b0d1a13dd4baf4a19e49bf798975abe2ad167dd574b32b3d0c22aa4d9b5" + - "2761e8f56cf2100fe5a39fceae3d865f3724d4f299d07ff899fed6baf7fc" + - "eb7189357bf56cf94a6493e61301b43e3ed158cb9c7a0e615fd9888c2db0" + - "7f7689762f62ef6b3ad4125e06b07a422f5040c3aa8b8f205d68356c9225" + - "56fc4c976165fed9599daeb297498ecf744bf6c7dc5e30604c461ad99402" + - "2eea0fb6fe33f82a97b5c272fd24162a94b761ec7e52173e7bb42e88b343" + - "64f5fa2c141ed04a86b8d00fd9c25bf77a8dc3e63f5543331405be6bf421" + - "6a891089b316aa4f887cb4aff0dfb4e80c2ccd65ddd9daa74b17b4411c0f" + - "c849dc748d9b138279dcd9ebfc6e6759a53f5c28a41bb82107d71cc161fa" + - "81291a8290", - }, - { - key: "fb70ae7ec12264ff9f51124da188e5b11dbf53cae2671363f6054b575b1ddcc1", - tag: "d9ab81fab28b3be96fa3331714e78c9a", - in: "c62edf20b1d53962b42386eb570b10378f9764421ecbd7c4802853332747" + - "19ff4c89c06005050fa9ba6579a844060eb7ece6c43bab520e683e0f36ba" + - "49cba259edc6ae35d41e0d7812a7d5edbe4d90cd5e0504d16f4c3f70d01f" + - "5a0313de55934b661ce1ec317968c2c4de60f45c66cded8c10565a1ca6d2" + - "3a84bf182df2fcb05956ed4d46b49fc0fe3bd23961d9466fde070341ce41" + - "bc6e148449360a31634fe10e91082d82def90d9da2c250ea72c58add2058" + - "d046b4392b78bc3af5b3936ed568733e8ad5672dabbfa3130a6a535ec73b" + - "da8e7223535f49f96cd35d56ed4792c5cb7076720d5461d96a2692b2ada5" + - "2be08fb7bad15d15a0108143790024f0f15f5adc275e783aa56b70844061" + - "e30952a040e4cb9650f2a010417812790105d8f58bd25d99b0db3cb16229" + - "3f6322e86cd5b0bb1505a7b998fb0f81d1e1915faca3c2c8ddea39115507" + - "80339430a7955521839deff5b301f3fad54edd5ebd2ac4ec9b1795cb4dc0" + - "e2eb62ebca8e886c3f1e507d10a0228c3027b472a7104b815f5ec8dae55e" + - "0783ff7ae9a3e6b99e381ad788206b135520cb870ba0cdbe876feea843b8" + - "5a82adc95a6d71c555f798da92b82daf0abfcdbc82ec30b1f12d78490b06" + - "7315735017a94ac150b44dfaace151896f873923310ffcd41e91bac04de6" + - "d70ea71565948c907ab21c4a23703fbbd2a8de6d3095f3d8f901538968e3" + - "60e7bfddb9d22036b1c23f4f5f1b2ee22623426a2d5de68c1e1a38e38e08" + - "e2b5670aac1edff69e9c73c2ca56cb69c709009ef1d541aff1fdb2b40c92" + - "9b87f162f394b76cdbba1f5605993e4dd9c312321d59b0aa5c6e33be1b10" + - "bfd00b92d4c02db064d0e4a98f2913c89051b0f0ead163deb5087b6466d9" + - "84f57553b0fa53850eaa142e072fd91802eb9f0d2eb7318dd620555e6ce1" + - "86706b866d41cf6ba81f100342faa14d801dc6f3d522db38fab17a879fcb" + - "b6acfe922163505bd23a6842f6ef6397ae5fb6e6016421998bd43b0142b0" + - "3ca3b16d6ccb7a47891c75c687d791a930b26aaa2e3412e7aa16e2cf1501" + - "7bf6df6d2e1c289af0d7ce03954a60c1dfcee5e4b3da51eb43ddd14faf59" + - "082005d0c8b104561f66c002ff426be60be769282fc5685cfd1968df1941" + - "73667e48e9ad681d35757f1199f1d93377bbad093c8cc3efa2bcb6ecb703" + - "694422772d15aaa58cab9e9ab277ed510f684114cc4a44ccadb3eb1c9a76" + - "d8619a9b7743106df6fb6f927ac49b22ae5bb9a9a4d231e340a2cd0e3282" + - "53f6d75df694826f60e4b3e758398793eaf73ef5d4b56cd1471e16400f40" + - "4a947e9737f4f874fe09a29ad799f4525156e3abbf0585c3c3c0a3744c86" + - "5d56db3d2ecba6bcbb1adcc8bf5f3b2a2d46d3eba18cda55201598a8112f" + - "d8f14e205f0e615f081b8ff6c5aa6669da776bfc7c34d5af4d0b26d0d819" + - "f6aacc53cf3c6653138b9a962acee9d6ea01d280c35bb1f05d1509238ccf" + - "004c5013167f804d1780d9f4ef9d45742fccac346b0472bde24ff5db9ae0" + - "16455a3c02256358fcd8e6a9aae94f8a37a1a3da58a889bbe3d295e16544" + - "2e580f59bdd31c92ffcab40c49c1cdbb4db1dd4882b66edc10fcb1704203" + - "c518c1d8d4c268588ce13fc38e0210aeb47d11d2603d4b3de5c6ff5e969b" + - "9d5904abb282b699bd04a6e9f1cb323679e30400d725aab128a032745dc0" + - "be05a46b02b34b93bff02523cd8498c021fc35a488f164a70ef1ceb873d9" + - "14a681d3a3a34cc76bfd5a547e2630d7741a284511bae5897d9f7a197fc2" + - "456af5c6cd7e1a93d3388c7a990b5feacd7749cf39fdecdc20adfdd540c6" + - "9d330195db7cc0d4555ea5f5356a3647e2265399f153c34ed1e217c5dafd" + - "c2c5dd3d566c332c7ddacb0d76ecd3a0ad505a4165443aa81b0f43cabfb4" + - "62942fe74a77c22b8f68a8b1a6d712d1e9b86e6a750005a3796ba1545396" + - "13170906d228dabf572ab969c762f8b296054f23d5d4a37bff64bf9cc46f" + - "43b491b41101256018376d487fe8097f1653a7a9e99e1ef2492600598fb0" + - "bbb7df8270be8b9106126d6f491f8b342a96ab95df6133e883d3db4c6a99" + - "402aeb58d371263a32dcf76d33c8904395b9cf0016fdfc15608eb43e20b0" + - "99cbe7455f7a76f69bba058ef96f83ae752587485657f89c7f26fde7fbeb" + - "a82ede581ee92821dc13b8202930aa58bd4f1c86f68926baca0d06fee642" + - "ea8c652d226af91a9638a0244f1a03c7ce56969b87cd5c1f86110d192e0b" + - "98dd979d74acca6c1956b1127d9a1f456053d17974081ed8ced0faa4293a" + - "319e5b25ba285c1151214f52c283e39c35af51c4572c8e395b7856697bfe" + - "dfc4145ab4ed0bdbe43ba509c06a196ae6bf30d7582550cb546c63b51833" + - "cb0dfff7196d83f6a1c6d6d712cce2ec1989fd9ff5a0a22ac5022b49d566" + - "58f196703e4809e7624fe7cfa6c13b378f5aac7e66e657ed7eaa942d1a00" + - "544a947199f24d736b8976ec2cfb563433c49ba131bd08b63636854219d4" + - "c45100c98e3092773ef492dd9210bfd8f54cfe2cddafcf5c05468d90e620" + - "0c2ef99d17fa6992cc45eff3072b7cfd51cabb07ea3019582c245b3ff758" + - "0302e88edc2c13fc43646ba34de37338568baa66ecff3accfebad88d143a" + - "fd1c3b09ae39c501e3f116af33b0b720d6c2baf5acd7f31220788b2f9017" + - "3ed7a51f400054e174d3b692273fcab263eb87bc38b1f486e707d399fe8d" + - "5a3f0a7ed4f5e443d477d1ab30bc0b312b7d85754cb886e9", - }, - { - key: "f7e7affceb80a0127d9ce2f27693f447be80efc695d2e3ee9ca37c3f1b4120f4", - tag: "41c32ced08a16bb35ac8c23868f58ac9", - in: "5a3607fb98eaea52e4d642e98aa35719bfce5b7d7902950995f4a87c3dc6" + - "ad6238aadc71b7884318c2b93cd24139eed13d68773f901307a90189e272" + - "6471e4bf9e786b2e4cf144764f33c3ac3e66521f845f6f0688f09eaa227f" + - "e71033b0f74295f6ddb91fe741323f2b54f420cb9b774d4291b06219f1fb" + - "4410b55900425c5e6fcabec76a5c2424d637a1641db6f0f6cad564a36a91" + - "0f49894bfd598e91f38ceea65e8253c1284f210cf7b50a96e664e562f3cc" + - "01c4fc490fa6d4679fd63fbb3ed8995a8a05166b573e92d22ef4370c6aac" + - "74ae94c94177e5f71143c6f340efceefda679ae76f6ed7f26eaa4848a8de" + - "8c40894316efbb06400f9695b18ba279e8947c032a84a40ca647d9ace457" + - "6dd0082494d6bd7be4e7928e749c78110af8774a5d43e9c9479964e2fddc" + - "ee51146460eac734311225d08c60706e40f298a7cb97f369ef599be097ac" + - "3bf1c275497bbd68968a235fdf8a61bc7cfeef0fe451bb04e662ca39f34e" + - "a8e3acdd0befe9762f9eeb275c0cdd43c80fc91131d1e0e790020975ab65" + - "afbea81f303ebd86760821efb4cad7cc01fd6d6fd194ac5ffe7703d890d0" + - "169e21b444cdbaf691fc741a5d99bd47357c37785755fa72582ca4754a03" + - "b4def86ded39aa6d9eb3f38801077e6d17e3cee3fb57ae83f30c79c3cf29" + - "0e2739c6b7323612cec3a561ebeadb4faa642f150323aaa9d270658c907c" + - "4c1610a5e1834730c08be3379cf1abc50c30e2bf01ce903927c27d85e135" + - "3db9e216dda8860c45925e2bb791abe5c8281ee6d16607bdca87f60662dc" + - "bd6e20224e7f009a86db66fadd8e37e0a59559328385090c6953cd20bb61" + - "f28a734fb056714f5159977f18e5c5f11de75f7a00ba807e47a29e4da32d" + - "5c67ec76ce4d7b669b5e6ee17e1df7c673dd8a7c87fce665cda8adb9547d" + - "1dccbdbe7be44846b4b121b0bfa65e4ed530789510d79bc4477e50178060" + - "f2668ac8956f39ef422ecb0e4cf90b8ce508552eedeeefa6c7d1bccc077e" + - "8088bd7e0e6aaf0bda9f11c412c270ee2ad6912f9808f9344a4bb137bdac" + - "b5b9372b00b0de026a8f5d1fb13972e1290b5005689f7636c43aee2fd443" + - "93d390371ae573f0e064b2d7df552b9adf04bf173d71c621795b9fb503dc" + - "5e918536c6ad25ce4a76f70e6b752b6d44be321187269a19bcf33ec899ca" + - "40e88b4eb23217095a85057bf95d8a54812cae4a7d32e0c2966a21376110" + - "74c6c8c3dd45a553c43c675d23308709f91be0b235d0222aa5e1e1ce08f9" + - "c6b45ceb5b47bcd7d7b2d4380bcdbd6eced452d93e6d8cbe18123277889c" + - "7f86b15fb991364a501fbf5d8244f2e3332ea0ab49e833c6f765017a4006" + - "cc7cd1a0365945a8d8873cb21832b210c83e451c01ac949de2fb0f7a420e" + - "405bf64eb251c6f022181595d68174b91e503187d3b3f49b60c23e44ea40" + - "ca20311305b413047bb22e89672758b74d6bd1a06decf09e9556421087a4" + - "0c1d2c44c5fb13d4d9625581ac4ccef1a1b5eeb5689aac5c0291aebda276" + - "50daf9d4396a64d02c6d58bcbd609d9a0017880ae0cbaf02ad0f1fc8d1b3" + - "ec987ffe13102d77352690c9b761bf13ea0b3a8ebad4a0823817fcaab4d0" + - "9b0bf03486620761dc77a6ba007ba07153b17425c4026597473e78863cbf" + - "430c0e5e9b04a83ad11506b61b8d9be3aeb06b5114e0d53d4724863eba12" + - "4f3b974bdb0d02743520409910621cd730c97ca984fe2921c38055f83ee8" + - "c4611db92e52d8ea51d89203e89df7586c574df15f3a96ed5a10bf04cb27" + - "f9656b5b11cf35fd21360b029ab26e9a741c6b3e6357aa1a41de2cac6e85" + - "f9a49e3441e60a60e74f434e1b8cd4454b11962e5507ebf904e9d6c52a7d" + - "9722300517c434758fbd6191f4550108b143eb16c0b60094fdc29327492c" + - "18a3f36737e506fda2ae48cd48691533f525acfffb619d356bf8347a8bbb" + - "4babdc2ac866e497f192e65a694d620687cfb4f631fbd6ae5d20ac2e3a12" + - "4d85f9391a240b616d829ac2adceedf8f3451ee77e4835639b13c622ef8c" + - "48a181fc7598eacb419fa438d4046aa971942c86b36eb8e16eab67105783" + - "d27fc56f5b66f35451b2a407d4648a87ae70807e45bccf14983b3abcb198" + - "d661d562dfcb00ffc569ca967171746e4e36f839946bc7d2ea9a0eda85b5" + - "a5594f6a9c1b179f7230eaa7797a6aaf8628d67fd538050cf47aa654778c" + - "11dbdc149458c1ec2233c7ca5cb172356424eb79479b6a3eed1deb9f3278" + - "5282a1034ba165032b0d30733912e7cd775cdb7e0f2616b05d521dc407a2" + - "ae7dfcf46fbae30547b56f14dbb0ead11b3666666c45d345cd5dbfa200ae" + - "24d5d0b747cdc29dfe7d9029a3e8c94d205c0b78b56d5e18613b3169bd44" + - "1b3c31513528fe102f9bac588c400f29c515d59bbcb0725a62c2e5bfb32b" + - "5cf291d737e67f923080f52d8a79f2324e45a3bd051bd51bac2816c501af" + - "873b27f253ef9b92ba4d7a422e2fb26a35c1e99eca605acc10d2a60369d0" + - "1f52bca5850299a522b3aa126f470675fa2ec84793a31e9ac0d11beab08e" + - "2c66d989a1e1b89db8d11439ad0d0e79617eafe0160e88384f936c15eb15" + - "ece4ff00e1ba80b0f9fb7a7d6138bdf0bf48d5d2ad494deae0ccf448c4bd" + - "60f0788d3f2b76de8ad1456f7572bd0ffd27bc2836d704d95e9c0df34571" + - "9dab267dd805577fafda03b834dd225ad9714d2bd182b4103faa5975180f" + - "90d5d6cac1825a19b9d4c87cc825512ae9dbeb33d2759c990905050f960c" + - "db3eb364c15b593524c882902b2a1d7fe40ea3f54fb0202fd8821463c7e3" + - "4b02a1209ba0048a9805f0468a13e03d18009318ecd92042959be263a51a" + - "407f1e660632c4247419659a4e073a8e9cd4a226763a7daea464d5427270" + - "7efd053cb4efc0504602c4f63e7d247b55db2ce1c07138f585d16cec97a3" + - "0731d5aec2166cb4de41695feb76280cbae1af8a2e67c2d5a3ac5487ffe8" + - "640f308ace6137e83576b79d586b663122221c20aba7a6bf60f73958f436" + - "59f087f850ba6e2d7fd862249c5fa6b20e3e43d4f2aa10d4c9cebfcbdf02" + - "6b8d103e4f89b93dd8af172f421001c8b162bd6d0b847a58ac108b6d6cc4" + - "9c7a9ba069deee", - }, - { - key: "e3d21f9674f72ae65661aebe726a8a6496dd3cc4b3319f797e75ccbc98125caa", - tag: "3c95668130de728d24f7bca0c91588bc", - in: "baaea2b4b4cbe9dbc4fa193c376271f40a9e216836dc35ac8012476e9abd" + - "43dac6b9ce67dc6815904e6c84a5730cea0f9b4c6900a04ae2f7344fd846" + - "58a99513ffb268c6899dfe98d605c11e7dc77de77b0d30986f3051754503" + - "7c26be7b719aa9ca1140cfdf4c586b7fe726a8bc403249396a11cfee0a6a" + - "f6c5e72259785cfd13c2897384fe527100170001ea19106aed38f7d5d9a7" + - "ad43f0b41451e19989192a46b4f9734a774b6304cb74feb7d83822044a24" + - "2e51d55c0b8318e0439493bd1a57cc13f6079166cabc46877d003dcd39b2" + - "c0b90f6b32fc77acf04a6c125e11b35d91e2b18401cd53df4aff804e3c67" + - "a8bb3894b27c6e9b0070b53a85aafab0c0a253f9cfd4d3cd3be52428385b" + - "24a3f9f71660ca2c38474d14a0309e2f400e2c21af6e379099283ff241d7" + - "51da5a96a8dcbfdc43b913b29cc8cf8020eebb4a67f5bed31f2e383f8656" + - "8c815ff172382b425e95902e80f5fc219eccb51b656d37b56660f749e5b1" + - "4976a23648680a472d02ba71476e0afb29a0e084984f4eac3befbf8dd802" + - "2b7dca4dadd18bbe58e49c49ce48a06a71557a9a620c51e2623f818e4d62" + - "c2564c7ba04595cc109685869b183faeff2ac7a65049fc57cb10fb01951e" + - "a525332782d691f9759ec2ecd68bebb9c7aece5d522a08ce7830be520db4" + - "c9d60a2e490eaa0c91e37b256a97f84b39fe3c77953748c3b86fd84e9547" + - "a298c049cb28b8c85d59548b8dce635d59487c9de615802d16a8adc4c0e7" + - "80f35b9f10588a431b39b499dca929ab9d225f26e5721820627fe62427fe" + - "06d5773a50878b6effe840dc55bd3ea0c35168f6b6a972d57e8f88c5993d" + - "1ae33e0b7e9459c123753b518c184de7aaf429df078c9a18a29af77c727b" + - "796f5c1a501fa8105ee873c4e78c907142eb19690638a182fddb413adb06" + - "d66db19c7f6f46dac582bd72a6347b4427a576eb769d233febaf7be8f768" + - "337273c12253924f15653f9f3602b783703a81454a1dd7a8772a9ab1eeb8" + - "51be33e0c6c0708f3cc2012cabe8e2f0c38e35372abe27bc148fc4e1054d" + - "9d151f80aec0232a3a92dd77928a3678ebd7d09ba7b4e1d83227257292c0" + - "b8bc4a76de36bff6c9deb383029afaf4f37d5b935dc080a18665545e4acc" + - "195da0b9545d8902408886204b64f8548b32d012e0cdc520c17d9fb3be97" + - "800c2e2b945cb09a75a0a49e5d4d81c4194d91e839333b2b9b9e34d588e4" + - "e20cc1e911ca0a1429fa70ff063f0090fd842f89dfc5cc44affcce4e1e1b" + - "8b11c612f66b074c03ac2a055fd8f51ac9ed4f2e624589ff5730721d077a" + - "fb4c19e43abf8cf3ffa698362be8be51e92c2c91a4a56be64d9ac6d3fbaf" + - "5536a24c7fd0adaf74ca84c508e5e8c8bf7d4254e0c44158bd26acdf3f64" + - "e78438b3aaff89ac9986cef1e3a88d5bf2016340367a1cacd01ec167ec6d" + - "185d93a2a220d718b43ce1d429d2cb598605660b030e51e8d75fdbdd5b8f" + - "8677675e196a40a88285b18b24c5d2d594bab3d457e6f9e503e38cd470a6" + - "9ff8037c9a0a0f110a434335d954fa856a3721e0edcfb14287c3dd9639ba" + - "4db32b7da0670dd0a872e468e3819741d0d4ecf0a4f7a011bbae1493c01e" + - "642757491189f8664be3ec6437c4f3c76abfb0276e44a4d28871d3487c2c" + - "ce2f230452cb06184bb8620919659a7ba0a3d5c12ec25678b03403715ee4" + - "acb6a53d281036d8f3a085143cf5ecc3a0c6c92129caa7ac1f645c7bb95e" + - "4f63da38dc319e2ccff4a9006f9b9b1a38c4c39f6dc686bb82d43fb9fce4" + - "0c767d3ff22f52c5f9900130c65bb6a9cc7408a777d49b70946665f4a733" + - "5099376b276a43dc9a6382bb2d40425f6481b1846148434c672b84dd7a20" + - "33deb5140d43ba39e04ffe83659b6deb48629e1abf51e68748deffb756a3" + - "ed9e0807506b248a024cd509f539f4161366547c62c72933584e851599b6" + - "82ec16f1d79e9c6a01cff6f51ba7f46b67cdca09f3ab8496322b990a6116" + - "8d7574854a1cb1cb8f30a303dbd13a095df56dbb940dd16ce79879cd2d73" + - "80a419842fa1b34da668286de4c1ff5917b7aaa64713c349dc8f855d04ae" + - "de9a3a4d0739dfc36510b1e7bb1695418164285c44631b4b1a7c5798ecb2" + - "d976c1a3679a827bf0e8c662567e402bcc1354222036ad5959a6f0b8508c" + - "6a8c7d4a63e7dde154d778fc80a011592771d55801c7e1297b00b77f80d6" + - "314ebd1f5b3057398d1943599897cfabb65e7568d8fbdfcbecfd4b8a83ca" + - "0a7bed08ab9a656424831e0d7718c15727af7c83b2ef5eb5684aa044eca2" + - "ba896811246766248b20a325094a4b4159f9cde1ee349be6dc3c9a190453" + - "0349212a9537f65ae333c288753cd2bef6c5beb2f4164168d965a2c0fb9c" + - "c8c73d9e776e23d53ddcfb83bb7dfe2a1b8c781280f449d6f310faf8b53e" + - "89e6a611d6d3f42f2aaed5259730d149b3e7dabdc9f865bc1555374738c8" + - "456abe112e9628fb31efc2ecdc972da05987aafce728ccaed246cfcdf518" + - "3fe5dae528bbfb99d33194167e0f84d462d3d0da83e92227cf57922c7956" + - "4fe44648d87c69ad708e797972c44c4a5183fd5d1150a1182e3d39c3cd16" + - "3920f1d7ed83992bc4116d9351ae1c6c4827d1374242e374310409f32d5f" + - "0f38c78b6489c568b791c70394d29ea2516dcb10e51bdad862ce3339d5e6" + - "14fe14f150961809c36e0a2c8eb872e9f7a1c0956fbc9194cb63ff9993e5" + - "d0dcf62c0f49e81dbe99f3656c4dea57b766ae9a11254f9970618f1b33c8" + - "f339f440de240170f7a21f03ff2da42102b323ce2b9b7d0de5aae324d1ba" + - "c87b1e4c5279a566bf659778f8b03882aded57377a0f1b063af2897060e4" + - "23be7cefd4aa9a28479c16773944d254fc21d3e1acdf508b7972372b5991" + - "3b8b088e93471a7d54c6ae4c52ba465ef07f19f269677fc2f64d3fb3d7f1" + - "9069d6c7001d4b002ed6683c59bd5651a450503b68a4a00820b8c17e3263" + - "18f32c21dfbcb2a02a104edaeff67ec09533aaf3d1a7fb41aa5d506ccdbb" + - "e6e35fa0a263c0aad3acc91182addf8c5bdfbd0626702694b8d652a63c65" + - "8d6b2b7c75d015630de508195e1fca9573b61bc549ca017c4bd888194d44" + - "3e031f36170215a301f922736a819f3ffda69117170d1933300366c5f2ae" + - "1052446ef7c3b82c5868be158a881597132f51c91c80c24ebf621393dc45" + - "05fe057364a76ae67494a8a5f67acb551cfe89f447df272ed9c1509fc330" + - "2c3e16541452d4d68438f26858724012ad3b72c094b9f166c6bedb8336a3" + - "41e032988f39cf53535789b320b5424d07b6bf5f8792e3aceb0e868765b8" + - "611d7905089949e0c273e2410c72a146cd63981f420405bd883e5390e985" + - "8214a8db714e8400a21d0636d7e5d9671a3582ab9ff032170b8dd6b9d5a2" + - "144d065228fa54aea9a22654df67f3f62c5fc59d68914d8b219829b536cd" + - "2ae937ecccdb6031d94cb3", - }, - { - key: "84373472e362a356bd5c9b50f55c588d067b939009944f02564f136c62dac36b", - tag: "12dd5297cfcec53deae1dd5f9325d894", - in: "860d9b2954c3daf18fd67eb8bd9e6e3de2e4988ad9b04b1987219204dee2" + - "388db1c59a935de27bce29e7cd3ebdf038785efb35eabd4c3785a62b1d9c" + - "3ffa25e2273cfe5eb10b4ec6152cd8f21dea415421b452efc7cc4ea6bf1a" + - "b85fa6614e7f6d650125424865386ff8ab53247a63ff023b2d0753a9e5bd" + - "458d6ab0156fd3cf2d5002f902f927a847e8c4a8426b0a5191f5e237d590" + - "2659ce9be9024750d1d618a6b8dd57efb6c2bbac2930858f1132639391aa" + - "9e8a620a2a7d64bb7e943c77753401b5b619d95ef857df25a52b4eb97372" + - "a05416706b2644e2687bf1d42c0cf06e5eef8a1fc7e178440bfebb85c44a" + - "4837f69e43a1789728a999c5e04291576e757510f22bca11583a4e93688b" + - "442f2b2dab8d5ea9441ff09b8287862ca538ad979297cc75510a3d9ef36a" + - "662b4b7c373f184202befa5bf3f315642e6210763d033b7e2c59731cb356" + - "045e9470bf2f83cd62f11b3e904b0c0b1be99bcb805150ba7ef12b8df3ca" + - "bfc5055640687d710ab88e0fa8034b26112ebfd044a4b290b1c6f6d18c31" + - "ba9880b1cf2d81b5d02f00d6d351da5dbf47b6a5cb7b53eaf6de52c8a68d" + - "053602ccffa37ccb44a7683ab4f8a58c4bbc9e140e4e6f3cc10a5c07ebd6" + - "070818db983f9f415168606011efab6b8d7b4e61e8eadd8bfd8d028b89bf" + - "b0a16996252d7b4ee4f9ab50fc9d6e482ecf99beeabc38d70efbb9a0d4b7" + - "9a1c5d2835adf8e25111352eabd24d562644efc97637f695e4792f2049c6" + - "00f4d889ceb951cfe289adf159865d013046985d7fe2598014bf2dbbc528" + - "b4166fc2180e724ded8e7ea1c8d66338ec50d955d5594a0a7b4655338b70" + - "e8978485a722df814fdc6fd2436dbc060121fcb575672b2a5e454c1209bc" + - "2bb21a99d39dcb3c697306dbc2104d60fd8051c43ea2fce268987d0ec249" + - "a5c02f91d3b0dfee181b3cf8ef1ba9665daf7ea1f1d3b216e378943b78b6" + - "bb41e5dba095748bc776f8df6383033a1f5504955da3f42153b1c7ea83e2" + - "f90b990ea0c5bd3906b5c4060b19f447ec7762916b8766e5a23bc4d39cdf" + - "8e27752df8129b60ccee1731e47383b589d4fcad865eed4041a186df206e" + - "9fb69ab6ea092e36f186a6fea8d77bd7f3ab0fa0e29404d617317c75c832" + - "854427848237cfc18486c95f7213b9d53f324da036e8d298133b5003984a" + - "b9d71836f9f1b059db90005a9067c261bd85aaeed4d623df2220eb52b73d" + - "d683abcdee5cebd411996f853752f638bd28df6d78bec2ed3e00d7beea06" + - "2b81c19682ffb2f6abe3a3623a2e0570650c1384f1818d76fbefe3a7ef3f" + - "46138160ef897f9934e00e066e215230e719c23905dc60d7fa4d666fa52f" + - "e7737db15126d3262c3a4c385cdb23ff3b56c131e43b241f4a6062a1a248" + - "de9f13eb82c11f7b6a22c28904a1eb6513cdb11179067b13c7b5f83a58c1" + - "4f2753f19fdb356f124f52923249d6e4a2c8dadc8bb0fc91e360155a14c5" + - "c194334b9f0a566d51fad98592b59c1cc4b40eeddb34e64f337f83874884" + - "0583f853398c343dabc29b9444be1e316309fb8d81304d654b3d4bc4cff3" + - "55fc31278fe22e649324ef10acd247c0b72397edf96a1c16bbbef0640296" + - "4d219575fd23c36efc1fb8f8a34b510ba9bdfb3b478e236777ef7c6c47f5" + - "5a2bd0383d8eed3759456ffcffb15e61985b08c022658a5ffc875821bdf8" + - "83f69f096dcc72a96888c3af76db57a54be701759670bf05cc9015f5bf1a" + - "745cf755a25b1403a870875701427f820c4b29eccc260f30113629ba03e2" + - "785014bdcbf34d0c67aa6aca20d2dece811788686d5a45820d2980bf7d69" + - "d5c820a09bad7bd95166f63dcfbe8652565c285e60e2704955d69b3037d8" + - "7f5e6567d95b8891276d5cf7c59047d10a02ae4a28794405e2524ec2d595" + - "1b36ad1b9d5265fa098a033b88aa66cd9eaf01eea49c7dc4cc51c486f624" + - "507a2be23f152f43709b2cfecee44945ca506950e90e70164b77e12e1c13" + - "0b4d1021c2afa20038f190096276cd22e89b6e7dd10fd58fa033c9d42536" + - "98de3f4908203be8dbf259112f840c76726d982b4a837cae7139e27182b6" + - "1b4dfbcc50e42d5ab8532edfbd30f668879824e9ebc34b63ff1526cda81a" + - "e38352a774d79f73219500e57f0159a32326195d8895d965071834876a45" + - "c1a3c0bc4b1638535f7d40011cd5b23343fc27fa318c1aa3f9d8c43351c6" + - "6148dc2175e0e620813266da3000954dfa22048f305244629d512e852376" + - "6248a897a3ec3e2983aaa8a0f025f18feea57a5153a59b02604ebfcc7a9f" + - "b03e62443df88ead9dee955e23bcf6528c278a353f254c9484a67a7b263d" + - "a301923a4efb6866aeaaafd428e6da48781365bc49e90cd16b2388220d08" + - "bb9f79d14012b5a8299a651917b6a829488753b6ca449a14e8dd8c5fd5ef" + - "657d627b8e7773475b802655dc033694f24376e3b01e519d1aa8365d0e55" + - "92d0a4adbf555639b6d75d7ee59a7d12c6c11317b7927f11bbe75ed90508" + - "b0698420e231206704d22dd1f1740edbdcaf19a47d66ace4eecbcefb77b0" + - "85cfcfaced4d2d6048ce76434eb79990f0898adb4af2c377b581ebab3f3a" + - "150f40dcae002d4caa60050591c0de4ba83bfd59a08670beaa4641aa9829" + - "bdbb720d6eb8b2f3e864a98676a67271a82cffdca2b3590a0b5f97efa5d4" + - "ba062b4798707159782bedc75e5363d5f5d55ec2bef70db22955adf401fa" + - "c3b7af937816eb25d54d9f2a92e5a2a04bd8b8d7568204fd289f5ed2e033" + - "a76209d288e11e8a4dbb06b9029e90cb186446746853f02d738e06bba538" + - "894e03e2658ab3d7f9ac861d2cffdf12396004d1cd15f18812d3803ab9e0" + - "6f41c9b374d6a0678bb82ce06d9e3b9dbc8d2e90b8f64d0d040f3fa8a3fa" + - "8be71d2b3183cceae1bcbfa2353689d842f7d7052e5699dcc70ab2b58761" + - "7041e5aa1e2f41911d525505f061d3ca45152f5a7a1fab50c674e4597a52" + - "b46aafb4ba57413879cad1308321843abb7c39696fc2f2e225878bb1191e" + - "e151cc76f1a1b8d491c1672fecbf710db82dcd32554361967fc839c8e5d4" + - "e488856e1b9382eb3fc3bdc3b6886a3cd79761b02bafa080a745ef6afa26" + - "822f1d10d5e8eefb842837d82c9986e78fc3390caa142b7643de8f613e5a" + - "890a57f5883409549537f8139534f4ca1b60f33e42be25433f1d82add530" + - "6a4cfce258c0d4f1f3c9148ffb5c4b626d51f78ac20bff0393b7fdb4b9cd" + - "70fee7f69892c8a9ee089c6c5c7bee0a1b825e5b9517f2c82d6c149735fe" + - "45a8839812c2deb2a355b6230697053092eca450b7b0d3242b2689efe364" + - "09e820d91fa4932034d96495d9dd3baa4b385da815a7cb69438ff648b326" + - "e7efe8d688e88570ba59df7c439faf72c95317a10c984c5ec0043407e9fc" + - "9b46487810eac19d2bb40e0a654935f76e7d8861480c5f48419eb33084d4" + - "0e1070e5ad542c94f58b49e67dd05b6637a2c67d41451b7e00ba30eff221" + - "755d6d427ec634a2b95980d274a89579feccf1c7df3787a9435e588f2496" + - "06a93b7ac41c8aaa84b91c95cad9463d4881de7353d95b13bbde4c9da90b" + - "f1fe96257309a416407c64368b5564f022c4a493f2a39df1696f45801e42" + - "a5", - }, - { - key: "2d0035a30d19b9cbc7a27561f3ab474c01115c4499b4adec660ea06ebaa1a14c", - tag: "a2c77b55cb0c076d8ea83cfe0e64f293", - in: "4e667580ba4f38f64e5cb5566bffb486dcae10cd17acb3754251e837767f" + - "16429bba2b832f29ba538f97f3556548d163be25e69f88fff0743150623b" + - "e0a1d82af9384ca335927a0e9cacc3dadbdf1e24fa5c81f2602d109e1400" + - "33929e409b9a0fa4f2653944edcb8b3ef963ba7f8806196c73bff0ded670" + - "c6def5d240c5f3daa121f8d5bec9b2a0b0f1d62d54b013dc742d6bd46325" + - "460f692b76d4991f0796820ddebf150c7d33829795784dd2759b334d2706" + - "70a7264941be5d99d460d078a9eedc3660cb3176ad302f9365f0bd698e46" + - "9f3e63511abc81109995dba17be1abe8bcd28407c7fc8d02c14794bb033e" + - "178a94f6dc73719d5bc235f980a16eccb4121ca83b13c4e165931ae4f192" + - "4292f8cfdf1c3ed40feb71e13d919b48fa296dddb4d23114a3d86ec10f16" + - "f314de4cef813ed24b49f4c7bc44cb8424df1f70e8d77366161c7cdd709e" + - "97610aca3a24fb2202ffe15eaaa25d711cb5179212a2c6497a13e5d7c365" + - "7bc502b3d2ebde2e57b714dd9bc21e73795f3d35d620613918c4c9aa0e89" + - "031481c97a5a4c15ec6abe42d40498c33d71c823bf1d5bb5fee457e2fff0" + - "bf777c80c6e3336ab3ce793440e74b336a8f7034f6ea2e4ff5ea4ea7c350" + - "65cf2ccd2da1d6df29bde10f4cc0202b5e4cf7ed097da49b970a6db41e5e" + - "98f3845b42f46663b1d1ff01da71389a8737ba8f51eac1ef357ba5ac9a80" + - "dd2c7f9476111dcd651fc33f4c86dc8658656f3f02a8878bc38ff0d0a1af" + - "2e31fb92eaef08c50195490818661feaf90e8b6f5daa1ebedb2cdbc8d5dc" + - "16db3505f9611ac46bc37931e02c1fd6aad6e4b7e187d5e6f990fddc9563" + - "2b33f55bf68b0db3890b11113ecc839a4fa4de25160e574289aabe4d8fb7" + - "9cecf9d2fa75ac8d0195beefbdfe0815f8d7d9751c1280a29b547149ec7c" + - "2295f5afa53cfb516158086bf203357eec2a5db71143f996c81555a47f92" + - "209719a71570a5553f1ff9b4b41827dd74657b463f36623565f0c9f4d2ee" + - "8735d6af56ceb3b3d0ec516b22f0ddafbc24647481f61ab169e2616c91c0" + - "e1f6a35436598ed801670e1dba76226cbd0544959ebe70f836c8a7df575c" + - "b907d780ed5aa0d6e4e8e0d2f457efe89a777374aa49d4961db96dbb787f" + - "021d99231001360d532a70ee1fb94bd6f26524dd4b7556c6d40e08723d7f" + - "9905aca66c4743f2bf8b34493bdabcfca617809a867bfe0a4f94c756a6a3" + - "dcd04ffc0a3ac671a0afefe0d5d447efcec48c6368998760db6a572676d4" + - "29b6d3d6e0c815650447748c4b27541c5447acfb8f7261b6378f3fc0fdd7" + - "375eb9d458648c7fe9cd96344f11aca912cc5098e9ee39e0b6794cc1dc2d" + - "f1b10f927102705efa20e667b63a91f935c17764650b287f5289d5790766" + - "555f31985c5aad94c652ba41fa9c0195d15405f1fcce9e23054a42c8a252" + - "da83bf6268782ba44edec5d8f94a20b1830cd1c5894cc6b9b52ad0b12a5e" + - "cf3195a32a0b02483ae3b954ac6f3af1e0f334221279d03a72138f3a2cb2" + - "1e706427c4d604674dab88d429f28a67be7a996126e077a1dcf8989d90d0" + - "8b08f4abb9a546b3c64ecaa287bf3468c59add86365b885f52afe13ed8d2" + - "69ea61832a7ecbb96ff3336f58a1eeaa6dde3611f3ff7c2cc8c9b745b0e8" + - "b5919914245a49ac192cd77d10deb9a249623f696065a532c20eef9e9b0f" + - "e706579566a9eeb14d4e8251a7750e29eaa60f034c1a7a1d51aa03a45fff" + - "89acf41080deec5506128b06f003fa46bc4021a82fad6a8052a49744ed69" + - "45bd9331b5ae80d873cd042bff079b2b9d8af8065a22c449c32a56dbbe7a" + - "80d0f3e30b9167532506915883dce0aa9cb749e4368c595c5bd33b57e36d" + - "98cc9bf91cbfa47331d69b5cbe9c92bc66c0fc9ca8717bfc108e1f710333" + - "14dba02a28b9aa05890cb01ae9175806c3c4215bd446f6cc96ec5d08982b" + - "4f83cd1646160e1d306b3cdec02d251f0901b03e8c3c35464eaa5082586b" + - "b55482db97599d513ed8d7a82e32fae302684b7ede058474c1fac7893444" + - "16fec93fb982accd162dd956ba2f31a894e9366eca00e6e997fbbf9a2980" + - "8b83a139f6432147a717381bb8baa2205715f735c1e0db273cdda6897c9f" + - "39bf0d7eb7caf93f657ef4d3fecea28baf69cf36d3cf347081df3114455e" + - "b4fe3e49ad3c3f14435e0b39b6c0d16db0fbcfd7ba8da8760d5952c03667" + - "251e7a4c3008cfb0904225e55c23b884bb09d26631650460c4240bd5a165" + - "b531ee76ba5749b3bc60adad35de519321c1672b47bc35fb59f7792a3495" + - "11b2bb3504ba4a28717823a27a1f99ce6970290b26efcf1e7a0399b10eb1" + - "0c1299c09b80f4520d00e7908d004d5b6a72a411759cfa9523f6b2912234" + - "481b1d8fe4c2365961c0528bd593d42bebb398b5836ae6ca013fe440adbb" + - "0090e8ea274f4d8bcae483e3663051a328f7c12870b40e4973a9797a2336" + - "3d3c53e1b0d1a9159bfb26158f44734b3c34b571be641bba2db937d4ae1e" + - "edc807b95b1c2a7d44804885536316ad38aedf0d83b1519661f2bb5283cb" + - "9c50dd61c3753433e988189f26962d1f4befd444257d0b6d5b819d5fd572" + - "22c9fdff032e07a4d8686d451e71de4748965309c0a2d7c422ab7cf3d96a" + - "8c0a1b0afb229debd1c9421cb828b9f2be96bb9d6b5be7ef8134bd9ccf81" + - "51620937d720d83dbdddbfaba8ecd2eab6f1974090efde0ca963e9fdd691" + - "ed0cc5e074c5780779222552fa46ddcd951763a32aa3a044ff4a73cbab41" + - "dabb3c2c03fcda68303477f0dc26f35bdb5c9bde721fba1a2db732a89629" + - "a8de3cfebc3918df1a9d5053d09da5b7316e3285bf62156ca28cb64d343e" + - "72445fd66757bf4ab374fe7932a65f3d7fb6e42cb12e5b67ddf8530383a4" + - "6c1ee7ec8883e454a467df1aa7e468a6e7035515f473901efca5d46ff358" + - "70e0cc2575bbd7f8866c8e73cb157903a1694ff3051424f28de826984dcd" + - "065dc3658df144ae3a6d37b88c367e3cf7c58169dfdedda4a2821ce22188" + - "40472ff72f0dd1a6b0100555ff188b80f835259a634405e3dad61fc299f9" + - "307e27503b2cb7714bf3b636cc64b61d2e374119c8ef8adb21f1516c7fe2" + - "38c807818065bf312003c12e02525d69d9629a99e4ac66ad2e792f302cd2" + - "a6f5f702dd28040738a084a7052f2c3ed0924c33b7a5d357b7c9a29cebd8" + - "621a4bfb7bb34676ff210d59f7f9d4eafb7c5c490c9ea48402af5bb072c4" + - "731bdebcbed4e8e08a67931b6d7342d4ef7bc4a75ca1dfbd32ed6027d8fc" + - "b71e3f55565c02e06daa8c579b69774889181291c470576a99e11f2c5acf" + - "77e091ef65ed243d4287176f7f6ac7aba6908c9ff1fa43b894a499b642ad" + - "c01b2fa1c4b58801411941bb448f1f7a04794d2cfe5db1be61f7b86d6eca" + - "c547ee51d4c9050f9e9f318dae958c150acc21c878f0c7df6065294eb1d9" + - "a278c920838a0db752b080a32e67ac312fa76b589a385f31847196076ed8" + - "1021fcc375bfcc8e1361878e2693860eb21ff0595e4eaaf7897f2b79367f" + - "7c4f711279bf0c93a97dcb1cd8d87e444ad5f4cb5c1de44e37868c6743f1" + - "cd72cec376726f26c8bd4836f9a9f9c68042f95ca6f9d7cde493e531c553" + - "8bf7ace6dd768db69ac7b41ce93e8ca27ff20a83ff2148ec5b89e05d8b8f" + - "5d78d0fe16b96f6eb8d3b20126a186085c6825df81aa16b3dbf57eabc360" + - "71299ccdda60e250c652408d9cd1da94d73c728440ae08fddb901aec0fac" + - "1050a778b10f94f84883bee158bc53b1c001807c43a3151fbf581b18dda2" + - "527430872834e5c380575c54b7aa50f817cf3249fb943d46933cad32092e" + - "bfc575bd31cc744b7405580a5f2eabe27a02eec31e0d7306750adbbb9f08" + - "c78cb2d4c738b2274c7310cbf8dd0e59138b6a91b8253ae9512fe3d7367e" + - "a965ac44d54a7ed664e5e5c3c6c2d942eac388cd32beffb38f", - }, - { - key: "2f29d71d73f7af98f96b34e939e1a21e2789ec6271b878bbebd14d7942d30080", - tag: "ec02f4953a9a63ab6f2bfc3501e4fab8", - in: "0e0950987f3508239063e26a13727fefcdfd2cea6a903615c64bf12d9ed3" + - "887f9b2cf7ccaa196ccc7756b09471475b9daefd4261e69abd23b9faf9c5" + - "1fd5d5788bb39d3c068fa6807d30f6201d3f6dfd31715d08b1733440cde1" + - "049608d23c4e45c5ed61f863350232f85827e7c292dc5f1eced1cbc912e3" + - "f5c420bd945911d3881ede5153d3b2cc85371fff98d2caf97cad6ef59001" + - "4017f9690cab08989851c2647e77e81401714a93ed9f938b79f8f54e3133" + - "fc2cdef259df2ba0d48f37bf9e43792e3a777214cf4aab6dde6deeb543a8" + - "813b71b5974136c1220d6218a252881f0f5677ff5b6aba127f19a5f3c5aa" + - "c988543d7839a90a3f947c4e4d5c6ae1ab48dbd40456d1aa65339a4c15eb" + - "520e8ff9f965ac4c37735937cf09942e7958f8a6cddee41707423f715903" + - "ffe0d15af8c3140d3a736d23be7485fceb9f07c6509f2c506eda4ec9d30c" + - "cc133708f48d8828e332808c84a745d337296d871b9794de1c5d06534aaf" + - "65587526a84e2521f8b332645e0e72564bb308ecf99b7bc69608474389d1" + - "686ffab8c49b7f04dadc28d2ecdd0f508dad2135843304e378b3bc7a4f25" + - "7fa4316be956e0a021edb8045f39fa9f002087f067199bd6001acaadd261" + - "4bf6aefd3f098f92a959685f24bb2206c347359d9c6adc6847117bb434ac" + - "6c40ec618f6ae8b75a5e2e4d44c332b7b06c8b4d521493b9b0bde8894209" + - "717a24b320214297b62dec741cea018ea681c9b56702068528b3726953e8" + - "c5e4ccd5029e4183e772d9834a56a88d45bf87603dfda40e03f7e894766a" + - "7623ab4dcc0dfc3086d17566945069173935916f772e2a5f8e1547348f28" + - "782400fc069ac0e2b94242e9e0f1ba2d0e76898f9b986540e61ea64d7f69" + - "1006b86ce61565da75eb16a8b4c5865ca4eebdde2190e354734bda94fe7e" + - "12ff47dcb5d5e6ad93cfadcc491cb350b09ffe391a157e14b65e3a211b5d" + - "4e447c3ff95571dbab33a83126d68dfddf9383b4359d4103ca64af1e6963" + - "d09e17eb944aa71e76711dca33168586bfc44ebe9fdc55497d83f238c66d" + - "bcb16063bc85635f0f1a6280563bca49ef971db96a41b6ac5e0642643262" + - "61eb4662f3d6ad4cac826db895de22c9b8aa35e6464a7f44e1ae7238e355" + - "068d68754ffcca76c50b7ce7ef9bfebac9eeab32c87d059cc7ef2adb5d57" + - "c7419adb394eef48441952253e8391e555730e29789d6293c3696f441449" + - "0aebe2bbe541e191a6652ffbec1192f0f9395b7ea370aefc1f1cc8438035" + - "d7681f12f1e11d6e334da188b10c302fc0f4bcf1de448090510a8f1d5683" + - "0c943a3c388b33a038c26741a4cf3487313f755fe7a28e25e44b5383c5f4" + - "cd6ef34d7dd73462226281899dc3f2e69809a0150f694673f31addc89888" + - "072a7d4ecd63d6b90540f9522ec05829a7f17d48728345ad808fb0203883" + - "3cbd018d612992a88df944b8e34a70920b3f26cda2e8bb16c3aa38b12b33" + - "b395c9ba5e809f60ff05f087112151af1b5987403cff8bb2dce79093f431" + - "2c744f911a6f3091e4f9ef9375c4dce4c241d2f6024a1797321851ca316c" + - "4e460fc060e7839deaff8ab5e8bf682c0f21ab6952eb793cffe690db911f" + - "50b11f56ea352942c43bfff51d4360882754faeb7cf28b6b32bf7fc9ca71" + - "fbfe1d72be05b8bac9ba513d731e2c9d13d6f2f10eb926edaaf0e3996656" + - "da8718a8e103c59326529e91ebac6ed52657c9690ccbf81028cd9fb189ec" + - "4de94fc0771e53302c8d9082835a68780cccd772660a110a1b40c57bef3a" + - "c1d69428aea549ed17663a96895a66a3bb5ff6ff61dc64908df49b760caf" + - "a5aff05e2766a418dbaa1e7d189a9edd55a04fee8c9d6e506d299abc36a9" + - "d67be035fea5d220f41d081af67615fe627c4dd04bd8659c7fa4f57f35d0" + - "db40d9684aa178d7483ed5d86f04eaea412e0ea05a4698377dbff4fc3a39" + - "1f6ce0cb833d3118d6c69319b511cce65fdc74928e270da0c537f8201eff" + - "77416155d4a39c7ad38c22cdbf7d2b7ff7d85383c178a835ec604c3f9ee3" + - "7399f7dd826e34f1a35ab75da44ba56f86097ddc0f3658ef5bd65a24f4de" + - "4255d0b03411a9d7f0ddc29e33cb865da23393471aa94e6c9e72e789206d" + - "3ba118aecd39727068f528f01b25fae2280d70033e4ee46b41b864bb922e" + - "001d8bf46d6fbaa5a594e926f45eb3a4d2f074506d7834b606f43c89699a" + - "6db00b374658d9333700894d440a712a1f25f5538f9e7c8ee57ae7e612df" + - "13292c8ba9dbede4fb77cc6c8944aaef59ea6ad3b36db398f4bb0f82d40b" + - "44879835f224d6e05992b1b8a68dd58c3dbda2fd73786492ee48c7a25f87" + - "264b766930fe9427487504fad17f8d230934f044e49ba219f26ead728856" + - "cb30eecc33a3946d3b1b781061f2458c7c46f6d96f3e06f369f97be91835" + - "f23b38347d1e381ad5be4419275772c2abd549522a0203c1ee9c96faefe1" + - "df413c4b7b2624417890e0716854b7092b3b3b368cb674035d3e6bab2357" + - "e7c262b606f7141b6dad2f6145ebc1deb7597814719784f3c17848a90ffb" + - "cb0289e2f3cc7da12442b837c4e47f468bca3eb4e944a31c48562c2f144e" + - "9e920ab5e4cf90a14ccadbae29af13db38cda911e3c8f6f525e6722809b5" + - "31a4de1926ab12f643d25af87eb8610df59eded6ec278242247dc69a4213" + - "13f7c2b26ae7a917c1bdaf66c56876e9104d40b59e6ca1431ddb77fc89f3" + - "14b46a154cf127688564a4f9e120d7b5816cd24a6e095dc8ab8b43bc3639" + - "329719f0e0f723e2f5136d82638e2249e648ebca67cf0306741e9e8d45cb" + - "903bca85485c4007397c88a1ce07266f4f611b96b7e0ace3074247a7dfb1" + - "cdbbdd66e25e172fd2bda74abde7f3b4cb5cc7ee7859f053b2f04f9de03b" + - "a8e96264117f502087c3ddbee8d850bf3618b4de90f7b3e562dfa57e4426" + - "5357236e35e71d1669226d63bca50b1b944ac07a1f794e73e80985689b25" + - "f18fc709367d63b8639d71865cee667536040be827145c08cf3e57a66678" + - "4c81115706a146eccadc7aa1a9f074b47e95bcba7db8108a13279077bef2" + - "64699fb87e5abf5b05ff3879d7c7c5169c7cae817c13f0859d4e9c05db0f" + - "74c045ecc30a51e515feea627da387ff780719395b5b9ad93179b16fad10" + - "5856049169dcebd43a7f39c549762405f807378e854b1654a1179d895ef0" + - "85aafc72c7fe1e0e1cd3abf8e20935e331145bbcece4f17ad24ebb6c64ea" + - "73bd98a7494c134859206c9422f7c4a057db0ae0770c4bcb08c1a6b9ca4b" + - "7dd8c1cdb3e4977c7ce6c1e79b9d6ad98e27d2759b53cee73ec037a8b686" + - "f1ff78eb8421f41c74ce9c62a90d38b75159ec925f232e0db71362f31e29" + - "4336f5580a34b26c5a01ee3454cba227c7f400f6889a319d7121dcea27b9" + - "584f33ac796d48a9a24cc5b6799ee12f10725fbc10d7cf83e4b87d9c444b" + - "f43e2f5ee49d8f3b531ebb58fed4234cb8bcab1b8b18bf50956506baae8b" + - "c1b7492250f3adf64294310387f1d4bcac12652895d4f2dce26f380733ce" + - "0b5820e9fcd8512a1585a49940a32fc8875ac3c9542a4270602e5e97e720" + - "90ed71b51badb775340429fdbe45b887fb9ee61cf9e091c06092cf0a2129" + - "b26572574c46910cb458bca7c63eddd29d89753d57e568323e380065794d" + - "3fa1ffb874543f5b0ddc702b087e91e22604d9600d37fa0dd90d7acb2458" + - "4cd408a4e66bb781dde5f39efda6a8fc26be0d08ffdf851e422ab1500c28" + - "bf6b4c85bdfa94e8aef5cda22870c39ad49c3c6acdbb3b0d58cd05424c65" + - "20740b5c2bce4336545eda12716317df58e6fb764fcb3004f5248c5ccd84" + - "f63abdc0dd2a64e447c0de4da4a1082a729d8ebe14810d396933085cde18" + - "318278481fdb9a748b637cacb491f5234bfe16b53a35da6677336baeedb7" + - "4a28c19a412e7812dace251446d40ec07afd63854c3dffbd5c0f6a9a3cac" + - "ee3bab07fba94800fd1fa0fe44f5f2ecb2b4a188cd02b8a2df0728347c50" + - "7d0cc58fcd5d54dffdbda11dd1bcc59758396ed8db77498fbe13238d3d8a" + - "0040194dfe66811542ddaa658094a9580d4e4b4e29", - }, - { - key: "1285f117bd90b70ef078ae62f37d2218419e894b7d334759ddb2d88833b287b5", - tag: "429b2b39195a10357043c9601590a277", - in: "00ef065a1adb4ce7108b497813ccc748933fa8442689a7cb8dc7c1ffdbf6" + - "c09adfe05ca2cc5ec3acb7493f3497ee8f9cd9bb8a4b332c18e33f78114a" + - "c8f9a72ddb9f13494e934ad711818909831013ba195b53f5e9e5b4689399" + - "6d0b669f3860958a32b85a21009d47fddbc8697b7c9b92dc75d5060eb4fb" + - "40aed7a1dbe69dbbeb6296f5467ea2426cd17d323671fa408855bc53e5c2" + - "d111203ae38cecac7719c0bd7f21f6bd6a1588187b3b513983627b80ac0b" + - "300b7fa038af1cc8512403ac2cea6e406595202ec3e74014d94cf8780ed0" + - "33c570e887ca7fb35ee4768202aa52427d02c24e63f7f2cede95ca9909e9" + - "dfa86246a27db757750667c198c9aff4ce348f7ac51864b36ef5695df713" + - "d17b8f561a972d0136bd9ee9aa16079c2ab5d29ac9ab472255ade05dc49c" + - "b966e0c1c04258ef9ec59ded01f402d9fdcd9a2020a2038a8c78892ca218" + - "30136069485527069132959dab2b81c73ca590fde2a7ecff761d95a54d63" + - "a2664aa5a6deec163e46b5225bc98976a4f363063b0f42e29f792d138af8" + - "eae68d3854b5c1985d5cd1c9f49f529b0b4d2c936887b5b92cdebacef992" + - "c35e0b7bbd52114aff8c6b261852e28e451b02099814f809b0289cba0586" + - "04a363e3f969aad3d982f645ec4c549f943fb360fb8fa0d5a597bf89842f" + - "8ced6014a5b2590ef71524a7ad50fe0ef0e2f81b6e26b99f9ebbc8036549" + - "f7eacbf6ab884710c6406ff59788e03ede35c30d4781ad5af171e0623e8f" + - "cf5344d71165f0475e256e9159040f702b359a2963116ed135dd6c1d111d" + - "2a1e33e15c178ca4f02c5fb15593c50cf9a8a492f01e04778dbb81d26c99" + - "0c58cf50a9bcf4fe38fbfc0fc0685d8bd422a773c7bce649f7a86c59118e" + - "f5f857b2c72508cd1ef05e1a0c0b7ab4687fdd57437092eb49bf41a9ae8b" + - "bd98272ea2f8ee2515ff267fa6ae892c266a7effe61ed54984924aefc461" + - "6cf483dec024ad666bc797beaa429a742d1b8806f67d451b6d3a85b4d474" + - "003cfe9e9dd906df47da5559c41f15afabecc3e6af279cca0f2a200eb2e8" + - "31437e034d457fc880f60f5ae635690bce82bf6d1ad6b4f5344ec042bf25" + - "7d010273c861e3ac516e9ee2bab3a255f570baa32298467bf704bf6d9076" + - "a4c0b08a528a05cd1fcbdf51f3885fbaba7891a144fc058919903b269b4a" + - "29f43926eda32c38853b814a7d528156c223748d674d8f7f5448350f011b" + - "bfab1511001b8014e20fee37ccd4a0456f638c197c86dc116b34f955c0b7" + - "dee10bac5ea0c2fec8a780ac05098b51b902ca6afff4db3c6fb4f761df79" + - "b2039dc5f16d9402442a6fcf6c4297769e6c36824d908beba8e584ea0b3a" + - "91b9017baeefac651d0307bd89f517789236c0693c65a5a20f244d39684c" + - "eb810cd2ffd3c78fe9285d2eb9f55d133b86113efb8dffcbc6d258e84c38" + - "2dd8f4d7d63b65672516d9bfcc3310a79ce244b60d380128d529487f99b7" + - "d532d5f5c28fad8b9a071fd2fab8fd98f6d7ed9dadbd2fc4396476eba6e2" + - "1a1b1cc594a31fbd3418d98e4aa736cab285a2786fbbd4650e49f9b080ed" + - "3fda34941c28d25545395e1408fc3e60730d0696061f821a4d24123cadf2" + - "3af3d37ba7ce1ba3cde1368d468f136df82c02f9be9210022192aa02117a" + - "ef5ff70bcfeffd47bc37b920826a4d3db001f956939abc0df520f3ec1613" + - "ba1c4b3385cad97e42bfd15a3150711fe86ba4562f17780cee1cdf198615" + - "ca06270db84986f33e1d53d552b0da82397c496a23c7a78ca7641a908e71" + - "89249cc657c0431f1e09ae0213f28a27e6267e9d17b5bba0ea4f3c21f266" + - "fe538e215ec62f85517ae6bd87799ac5ce68453f09cbbc50d6e2a168f0cf" + - "7166ad50cb65b6c76406c326573c00e04a3186251c6181933828c58f4198" + - "f8208c4484805639b0d428fd05b57e4356239638f458a84000c7a7a8de62" + - "ec25b54d1e39d2579ec9c512fec475f243576f35efc02a1cd6b0478e2dc8" + - "be5f17aa4e3849cd42e76fbffe6e7d6f912d6edf80f718f94a7e48e1fc10" + - "6cac29627d9d4b82f05a30cd7c739f7f3ef7ea368d22612f189da450e274" + - "de7b61c6361521e684d639be5af4cb11fefa5fce6f8a5065c90873e504c1" + - "2c940571ea7bd7e9221129b83039d2edb069e8b5bb68567d8fcae34c6ee0" + - "cb94474d8b056cc3c7403873f2fe6db3b567a44e702e4f4813b2a264231b" + - "0a998207b41916715ef94e5eec281589d0a711f8e74be32bc60f43d693de" + - "77f21d5f7eef892abe87725f3d2b01d9ddb6dee15f40735a8fb67766dbcd" + - "020a93b8eef4361dc3a891d521551f65dbe6e3f68c60819b0a540b0991c6" + - "4449d207cf5b1c198c17ad6caf3adc628d09fa0baae7a696d84e1879577c" + - "ffe9b3f62669d4ea5ebab6364f08c66d170ee4a94d61fb77d60b33dd6b60" + - "650f034c5c9879243d5c16f853dd7a89885a9047a341b076912d47872b3b" + - "3de49edf7451b435698ac4e182d16c339be83e18531a34aebad36c5c7c93" + - "aaf121cf99ff92d3844d40740fe001eeca9ee71300d826bc3cfc87a29d39" + - "ea108a3cf259657ec4b967fbb534e7513ef3a96bffb35abc5ce0e890696e" + - "54fab515af3d2c0be6e003747504e486c0ec6e30fa4ca79d6596ae0425f3" + - "396e40fd37432e52c74f812250dad603b3502f97ada48a26e39fd4d44584" + - "6591bfa5ffb3770d95d3dbd49e9c3a38c6305796b8f7d79bd0845170925d" + - "575774445299bdf9d3f8ad3dc2dc5cfd3ef0293b84d6e11370851af05ebf" + - "b3510a22edd930797dcb76b759a9b5a77ed8dd5130e79ff5ac44b01901bb" + - "79603cecf674202bc5d84076ff41b3c806454ce80cb9e5fa9db77294d20e" + - "6d3008ae3017aba712862ecd4b32daafef1b8cc8b19ee8f8bc3835e2372b" + - "5cec66222ad5ea9df753c033508ec43c8b5995e88c36c13ea3465c8bc462" + - "ae0a659d9767db34499e9d01fb1588410257d6f588b3fdb766a66bce28b5" + - "e0880f8cf988a2e5eb5bf80cd7d83192b7392fbb2e3a07d51aea2b6bfac0" + - "d74d304f56d5af3598a0712cb09c04c5dc14194eca8e1b9b29f88344c0ea" + - "55638c0f8ebb70b6242b797fe2525fa1bde76293dbc0a66ab4715e6f9b11" + - "f7ecd8f35a20ee4ff3552caf01bb307e257ec0576023d624d6094d43d25a" + - "aadfce939a6808f8baacb2109c3de50a1cfada9e384cdba3e97d2c9025a3" + - "2377bb195fce68c5569d2d1267e1bc68fcd925ddb4acf567fb29ea80517a" + - "7e4056fb014cdee597333ac2408157ff60cfa1afdc363a11fd4883308cab" + - "d9a8fe56c2b41c95eaef854f20bf5941ed23156d86de3bd413465a3bc74d" + - "5acffcd15722879849c261c1bbe987f89a1f00b3069453841b7da667d566" + - "e41fd894d94de44c23fed08d9bdffb723aa8449bf236261240d865efd7b1" + - "74a4460e5004ff77f4196d1d421227dff7c78f1726df7b5eebddb4bb5f57" + - "5ade25296dda2e71ab87ea2b44ef2ce8742a7ad5c1e7a40e097eb336561e" + - "865515f7ee0efbe01d5a928f208f7c9f2f58974d1c11af0e737c673dc446" + - "1795da9757010cefc6e7f2784658717938735ed8cbcbd7981a1bb8f31cab" + - "b901c87a3218dd1195c59f64d0bc3ce8b72580fe38e6dbf1181e0090e5c6" + - "d162df9f31cc52fa6a8ac61897e9b4b3cb0ca2bfb38a38d9b78e46d775d5" + - "7645d2d6da16bda8edd8675e2ba121f7f85400cf7cacb9ffcdfae583fb93" + - "753d07985a00afc3a4e26c9939a5116d9b61196502f5d774ab4c7fb6cfa6" + - "01bcfddcfabfcd28055e858d7d3c19feb6bd7c02565add3a3af61bfba8b6" + - "f4b52c072a8613e878368318383143059a98a85ba521f781a8983c2486ba" + - "b83f5b91fce02acee0be8d0dda7489975f0506c8f363b5adc48ba971adeb" + - "4e1c830b5f264ed42da36d2b5ce2fdab1e63333b1061ec5a44ec1b6e99da" + - "0f25e7f7250e788fe3f1b8e64467d3d709aeb7360720f854afe38e190cc0" + - "925c6cbd77fbfccc07d8beeb0ce68e47442fadaf13b53c30a03ce317cf79" + - "dc9155ddf96814583695f15c970fd0b6cea0b04b1825eb26e65ea9351bf2" + - "f7a841ddaa8c9f8e885b7c30b9985bac23d3ce777b", - }, - { - key: "491ebd0dddefc9f0117176772f9bab61b92a1f1de13796176091c56d1e53dfbe", - tag: "fbd3f884a3dc2a8be06ce03883282e1e", - in: "953b9a40789b206fb507ec2c5e9c88ca1baf25ad24c11a62f664db1da8bf" + - "dbe9b54f8e93b0bfb4adb12f8873096b8960fd91eb92a8ddb53232ac9141" + - "57caced33424cff943a8db129049af7e7b733afbec6637d8ee4f39d063e2" + - "be241cca6a339e48d72372efabceac57220692c40856532d95529adfae87" + - "a71c72f30244126d01a875375ad8836ef8db929bc81027935042a05c346f" + - "bc94dcc057db015e55c56064d2b11154596b813ee64b73bcac05d2688bf6" + - "f1fbb0cf3f8307b3df44c3e2dd1d226a4d0e9dc5f7482bada9611970f887" + - "f656dcb19ce1f8c5c86f4cbd1e4f49b18f170ecfd184028e769e79d7424f" + - "d01cb315897c21111f53f4d41c3b71402eea695272cb5b4e5f33abb9df50" + - "cbdaa55ed629d3ed7d93b43e550295502db1f2ed884afc320518e88be4c6" + - "b62a13f8d3636ba091d07dbc6c20c7e7fda016c05b2fadcfc9ea32f4ee2c" + - "4893de78ad8a1771aacf6efdbd8fb1f6ee9b0572ced3edc6313185b5d398" + - "88ce77950aa4c5201a256e3ae3e74f05b70faada14124b35b105a70e7769" + - "7184576b69708eaabd36e0ba885fc6bafd5738a67307a1181792333cddfd" + - "a4ef19c88497c82fccff05a8f9f732fc7505f0467a14e135288ee018aef3" + - "d0412f6b0760573d8ee4ab455d2789b4d22a42eebdf60616fe403627cfca" + - "fea672bd0a49e8e7b80e7b7b8feebce3381f2fc16819a8996a99ea230c3a" + - "84b510cf2e0d914610d646a2f45a14268ec1d6fca03d0aea5c9ae1c8d519" + - "b0e8b0f6fb8ad176b5d6aa620b253cc492b5e5645353fbd9b6c02bea48f0" + - "286e2c669782b5ffefa4d8f3f1037151026d9cca78e7808dfbe61df29e82" + - "951d7154f3c97606cd1e99300012578ea6a776dcef0811338b56606b51a6" + - "9893fe68f762af6c9c26066b1d503e64877d8cd988b443af66a36af8bdfa" + - "41b4dfb3721d1d81895884755b9c52527030afdfaecd66d4638fab1d1786" + - "3d5517ef7ee7d081b5555d24991810f1edde30930fd392f817cfe632b4ca" + - "6fb0460c36bde4a5620b9c369bf51c7d870c43998b8171a553d2f643fe8a" + - "58aabfce8cf7363ea978ff4d53f58284db822ca95b80306ec02a64d26a29" + - "c98520f1924c70d161682c54d08a2c48f54bb72980a8cf5babd0aaf0fd72" + - "7d5b1b9d9b731dc49bad228fe83f7347750e277a4fbd526983c206e075d6" + - "a03d68957b3e925a71bc1ea7304c77660d112a5d19fd21a785d4a8d7f2eb" + - "dc4183376d8125341eb28b2df5be0b4e04bbf95c47d2fe2aed939619cb97" + - "79548b752f57b723cf8295dfce69c9b7486b75a4e900f91926636f3fc78f" + - "7b7720a5151abdf5868fecf1e1a1d830cd6a4c5e3cd739da4432cf1fe2af" + - "a1090d6a1eeb32e7236ecfddb9d07b97220ab8e23edcc93d91abc11b0c30" + - "460d2027869d1c2487070cf60b85ad0b8bc5df566f6fdb0e58fd044da530" + - "6d277e564ca6cbfa820ca73fb6201b240a5a94c4ecd11d466cdc44046a66" + - "32478221bfa69b3a2cebd16baa302a573c90895d7f4cab453b11e3a4d8bb" + - "b5a9bf264781ce5b9796e3c47d0fa57f46b923889af4d073270a360dae8d" + - "51d85ea916f14787c6500d2d906ccaaa92d20d93edd09139f79bfeb5fcd9" + - "8c1cdbcbe9f2587e9c9094e3c4a32ab9ba56f400b929e80c0551f953896b" + - "e8eda6ecf22e6d4a541957dec21d6a9cf388ff0ba58169ab934902892a58" + - "86e1126b16118e965a271495ffa339c49466209ed3875b568a4290b7b949" + - "69d0465744a3c2a75c599c3a04ab1a3fd09125fe8f45724b2f48c7822b9f" + - "ef95af4b758ae66a8b6646df7a0a1aabe2a24c052fd6d30561cae0389263" + - "e3388c4c1effe431a04356c334aac64f36593544885c4b7295b57dc39638" + - "b665b22dcbf7dd6da867615de38c6a575cc66391135d47f8e1f0c73c6129" + - "17ada4099723933a758d83311b384364263cad5fe14bdd7c825d9601c400" + - "3537a5aca7f9da4710c132ce8b0f1464cee625633ef57f507739a0ab1cd2" + - "21ae634d4d0b3ff07e9ecb1baaef0a82a97279d46543a0464855cd62c07d" + - "5e890265612906a9eac88bec07b1dea5f67054c31ae40f8c673296cc5df7" + - "f0dd8cc9e643b44fd90dc2d1e870ad8acdbe165237642fd04c00965837cf" + - "bd2344ae830887a5719a3c16dc8ec08bd9131d055bfb959b64ff4cb638a1" + - "002a4fe02e369871cc4e3ffda17dd85343e679fab43e11970e60198b424b" + - "676ab17fb0dee10cc9c2e92b32b68d5b05b7a559176f822850c0557ed98b" + - "7454916e32af549a0027db95f02b88cfc5e7e05f28f53757dd97cc0f0594" + - "212f8801e58043cb17b040413c226dfce2104a172d218caa4353890de17d" + - "be1f53af6ceda24b8781801516cc51de9ca459e469b3c322be13d8c9541f" + - "755c518ca41a0ed42e44b9f87faa2a968b0292216e9f3d3e8987282103e5" + - "016fe9f7681496e1e8d663eb2d8bc30b41d735465527f19e336a98d2dc54" + - "d7c020bfab30fe6c62cbae7d09f84af69bc2c51a1839ffba15015d381ba0" + - "a44a3758771c4f18d13827f518f30bb74f4bff29a87d4b9e949f1063f63f" + - "662721cfd64ffe1dab3761852387f78fa83fb48ae2c75fc567475b673da6" + - "fa8f53770b6e5a3c9fad951ec099c6bc1e72d1c489e1ae620e7f12ddc29f" + - "ed65f29c65cef75014b999d739e2e6e015f928a30f2fee3f2e59bf65b54d" + - "89948bf2bfde98b076e5460643952befd02fc1b0f472a8b75195c53ea296" + - "6403b9028db529cd04b97231bac3068855fa211f4d976a88bc27a0088f04" + - "576e2487ac0467992066ef7667ca8429faee92db38003728e5c219c751f6" + - "6f011b5d679fdd957f4575a0cfb6b54693a9624f2c7e66c578f5f0367005" + - "c66addd1e3ab7ea1ac404e357cbdab9438b9b4f80b3a6761b864b006f1df" + - "689ae4c0434b06b686d5353d3e421b57381ea24fdcf6199195ccdb3d5cf4" + - "623a6bb1f9eba9b22fa15395f65f8093b5f90455061c1cbf8128b44a31e3" + - "910862a59e187aa7f4d22e0317ae6c177cef24eebc44171f70c25efac73b" + - "38ada0cba0b74f72d1c171277a734819c1111ebe46d5db20a6ff20e2c1a9" + - "a57edae95a3c1f80ddf2b12c86d3df0078a7bf68695b16ccf92053c727a4" + - "80586b8d87d0d1772e456fde0c20a7927f351a641bff5f22f9ee2217b6a2" + - "d0983c8102d7d5356dea60a19e105ce366b9d000987c8c33396569f97c56" + - "2d0fc0bc5859779aa10efd1f8df0909c307a9110083cc6d9748456c9bddf" + - "16dccee52b7974867cec718bb0b76b3353379a621257094277a30148ac38" + - "e5cf67ed7cc9c1bae12dbdeb99d7d880ce98e17f0dc93c5330d1824a3c9e" + - "ffd86f89e15b59a4bee5a48d4f674766896e187abaa39917b83f8d2f3265" + - "bbe7aac44c9f8d92f775fe6493e85ab44e6e28f79f28eff156c21e1abdae" + - "d10a291b88c4020b1ae8be001080870847a852d073e82bfc751028ac62d5" + - "6aeac1b18f2cff1c0c7d336bf08f8cd5099d9d3b28f9e16077e9caabab49" + - "f2d234616a7522a6bde1a3b3c608df4cc74a6c633d4c8068138abda8d26b" + - "4ca70f95d152888fb32bdee5dfad8ff4a5b002a0a327c873656db8d6fdd8" + - "ed882e47ce8e47c729e1292db9122ce2e9fa275f9bb986eb7e0a1dccb7cf" + - "abd0449c92fd35e2aedc4aa89caf53bcd28170cae85e93f93988e723a896" + - "10cefb4edb6fa545835fba3107e21dceb272c5a32da26fa77df070f41d7c" + - "ad1d68b836199ff0f1221e36b9b976b5e69bed54b5bfec67fe9cbb383484" + - "696265204797634594bc335150daea92dbc1004f613b4c27bf5c699debf9" + - "4365041b5a894701da68a93bcb61f4e546c553fe61f14ab0322b45915da6" + - "ecacaa093b0071f2516ca8c3fef2f1e3c403993d734403c47bfe5f4379e9" + - "cb5b613fde3c0d880cecef4101aad8b8b1c60a92ac5185f6c243fdf1711b" + - "0b56f0fd8e5ed6cc0f99da888e4f156455a0f0eb365b8964347eedd15d80" + - "2f297977af667ed1376dfcc610f5152421b97afaaf16f9db57a435328595" + - "b9aa00b5ed9ff106c66970fafef379f4d2f98f2c5984ea05aad64651fbf7" + - "7968c8cbc4e959859b85302a88a3c2faed37765f3f6ced59d8feb6c72e71" + - "f9d4497d98bccf95fcb650f29131e1df1bf06a5443f8af844aa1a7b5a68e" + - "bb250c7de3a65ae9b1086cf83f832050e55030d0f67c6a54ea2a1dbe18e2" + - "8a96c9e0dea2966997bfc5c5afd4244e3c8477c4f5e8bee8fc8ca9a5cde4" + - "d9c5a2c7f3d2e811b1de7ce4279229319e432674c609b4c8b70dc6172e9e" + - "653fe1969bbc2cb3685e64fd81d96d33", - }, - { - key: "b41db44465a0f0d70093f0303bbd7776017bca8461c92116595ae89f1da1e95f", - tag: "d8a111a09db22b841fa28367ce35438b", - in: "b074b0984fb83749586881e8ec2c5ce9e086cfb2aad17b42b2429d4cf43a" + - "0400fd15352d182e6c51e9338da892f886f460d40bd178d81c52e9ab9c1c" + - "bdd812594e6fe7a9bb7fb729c11328d3288604097600a0c151fa3d9e4268" + - "de75866558e9f47d8dd331994bf69f826fd4a6cb475ae5e18365f59a477a" + - "dde7fbcf7e40b4e3dee020a115830b86f0faae561751e9b596c07491c42d" + - "e02fc979e69071113953729d7b99f1867116d058a90f1b8c0f9ba12c6322" + - "4ebd1b563a87734f5d6e2d4e6715d5f0213e33316500cc4b23784f78a9bf" + - "13fdf99bfe149cf47aeaaeb9df1cee140c3c1264fe89bcde8acda6bde16c" + - "e3d770ba51950b67ad2c5232ae0cff048ddfda8540cf18e673582dc96987" + - "4b127f655e7d4e08859f2c6b95403cd5b4e2c21f72bb872e49e592306286" + - "48ba1b16fc9637709636b198f9a297aec364d4c3bc869dcad32b1830e434" + - "b556b429136f0012a0a0b6fb3797bc8668014b010ea51674ef8865348dcc" + - "197672047fcf72e6b6910a0e32a4f110d85e28db0e338d9cfdec715a8800" + - "b4f007a7951d09e41620815848c89f8768344c50bd522c46f64ac6c98e53" + - "92176651961c7a70b62f3d1819bfda674e2ecd3167415edc4b97419e8ae4" + - "9974b56cd8d52e1d05b82610b59606a750b34844ca33bfc9b21fb970738d" + - "b66f48928df79cf67730a30b0b612f8c15c22892120548ab460a6b9bb3ac" + - "e30554c86c9681c797821a1b1ce91d0e87fe90ad4097c974cfbdfd5c4c24" + - "a5f808f388e1b1473e858f48a387614501c8c39d6973ded69b1764663cd5" + - "166be02b596a49e392d637e3d8afc91323f7450318b79d5488c040e346cf" + - "0cee512044514b570aa66bb98d639a9ee23a7cebe28474592623d082873b" + - "73efb3eaa4721fc4761e15a390497cb13cce181107e8b1a0186b9e47a5a4" + - "b67a5be3cd88a43d341ef63f10af6970aaf56035db938655020809033a92" + - "8d4fe6d2f5424fbde2fe82adfd991d388edf293cb4e3eb68d876f225a5f1" + - "58208bcb1aaefcbc28d6763d267406aa8d6ecb413d18cff7a318ba031ba6" + - "0ac4560748c248de64eec56dd4540124b38581604f502d94a2004f9eb1d6" + - "edb009e16af6c6d3ccbea79b10743da98aee7ace407a90c6cfdde694f36b" + - "e0271e722618a457be68619b980754795f4ac95ebf4f1820b85ca8e3fbff" + - "a2430f8e01ab422d7140751f7741f2c921400dac404b04e049736738a87b" + - "6f49bd54b1b447b922c473831a65f224ab84fc96e4551a0333bc6187e15c" + - "c0f0ad628068bcd7c043bd1e3036ec01e7fdc3d157476149917baafaced0" + - "15d09fafb92181a0ec65b00c9c13631e65de184377416e04d3d93b847e0e" + - "286c1d88245d4d550d30d4fbfcb416ff26a39a94275631c2deafc7cb6780" + - "f149e4d0e9c4515b708fcd62be5252485407a6ceeb9247de34e0266ef384" + - "976f6d31284c97468b3b03e951d87a5a00836ea303a266147a79ff3431b4" + - "b382e86c74d92661e0f65e266b7d569c03994b667a8137f3080eda2ff542" + - "0f0b52b427558dc26932a22a615c9e6b1834a251c6b68fdfc0bbe0e8781e" + - "36adf669f2d78bd23509ef7e086634e526258e8d11a1e0be0a678ac09c7b" + - "b4e3c5758504011e701dc85997fe2a3e40c7af83f032bdbe7adc10ef1e4a" + - "666946c2bf31dd8e3a383211c9684d5302f89dafcf77976d5a02c14e2462" + - "09d2d99918e82402cb0eacaa12032ad8316315af1b3d3bd5058f7c935d35" + - "ef0d4e71373958fd5e4140a9a586d89c53e4144c00148a4706a524896eb0" + - "5b1479a0de5d3f57be46b3f5fa4e49bffe027c81a33e37abc01a4cafe08b" + - "8e21fa86b42be52d75d6407e6cdf399de7aedb9b61a6917b2677b211c979" + - "33536664c637a57ce2234e3319fe8b4a77d7285ae6347464dfd0aab3e6f1" + - "178e0029686770d3b0dd541490b097f001e95f27efe8eb16e4747937d643" + - "cdefd49e586ecad541270cedc3064bdb7c79f086bf1fa8c666304d977a15" + - "54ae268881e17d8bc3fe51fa9969f7e560e3d3e050424febec0998b35f2a" + - "7378b2c3e384cbfc80c4987734d76c78224cb81cc5376f88f0ceda28aa50" + - "44e956537c3ee209071d84a66173384e0aa466d989759fb1f2f17fe627a0" + - "ffeaae7c5a3884b237f5151278a07117c2e833f1815c7e0e0b1611f25058" + - "ca338d21deb1a571faf1d0486667cb7c58e2814c3722d24fb77ce1b7e018" + - "2ae5746442b5ad00208b17c0a68bab4df8a8f36edead4fbe79b4c9220dd6" + - "acea6d23c7caaf6ce7cabeeca677a1c764d610ea6c7e994d6a9c88f57fda" + - "ef160b251e7595578ea2cc1441d480c14b8b6945e76a001891b1f214979b" + - "c52ec15e9480d706a40cb6e3b259ee99a9e84e63a738f1b52cf71c8ecb04" + - "fc833c2c680bfed587aa1541e5ffe8bbd7b21302bbf745011e559f94f952" + - "8b7fad8a37f6d855306a5be22725859cc950bcc334179d49564af3b9c78c" + - "e1de59a9cb45086a33856ba7195c17cef573950155bea73ed16645768bf0" + - "a5cefce78ba3ff98a54a8e8afc5dfcb0d422bd811ba9b7770a663b081dbb" + - "40aefffbeabca955a9638830f0c5d70663cbf5b26067cd061c4a3f5cf8fa" + - "4b6678d82d9a2aa33f8538b7499a3466f6b0ae2a1daf280ab91a6c220684" + - "12705245f353b4b83db50bedd3bf99d42bde6363fd6212cb745467acb007" + - "b678128f6580629a06171f7f3af272f8900b801af3bf47439167871e7b0c" + - "33f198333992a6c52c32be46071738cfbf245937d48f816ebb88ff0e726a" + - "dc41de4c771ff0bd320a4c0b1fcccd9fd6c42ec9c5185943c70e9a4b7c26" + - "a980afe104bb1f99576671a254704c7d4233eaf9915e1d56c103ba9f6e8a" + - "46aff466933bf58c9842796ae9cd21f7ac6aa96ef42ca54e390203bac354" + - "b7c1de7d1887c48255201335f819020e2782a2ee8af92ceb206b651ae92b" + - "3f4fdefed05e08974aee0a353d104b1be9a5e75c7f958f1981271b0a6928" + - "05a7a2f28a0448d86102b4fadf9ab4ec2f98e31e64fcfdf2b524780b3342" + - "7a2a3100c2032fc93199f3ea7a9e8063fe73282dcb1fafaa9496c7da868f" + - "dcf33bbb761df0bfc6fef30fadd2b6efef4fd3216a8aee48a2ef28102491" + - "cf7278b567c272d1064a277eb193b3f6f01df641ddb729f72454943cbd3b" + - "671ec077f9e3548f5f57d063c653ebee4f228a78f8a128d26f7f4b44160a" + - "07e942bab87b2d043c77ecdf10c1a419e0a1c4162a99c21d4abae0558b8f" + - "4dc0b7f1ca3892a6babf71f2f70aaca26bb813ac884ee5d71abd273ff1c4" + - "add230a771b678afbb12a1ca7fbcb2c0f5589c9ce67fe8f78a8db87825b3" + - "09ca34f48ac35aa7ac69c2fb2423807650fcf47ee5529e9d79dd2628718e" + - "230ffe5b83f9d5bdfd9c5d211282e71cbcacf972995bf1b13d21419f7fa2" + - "8829ed1dcc459da35883b9269a474f7fceff01d44ab78caf1ef7d8117f50" + - "cc83eb624062b149a6ed06ddd1cd1feafccdee7122353e7b3eb82978ca69" + - "247fde52d2d6cfe7324f04af5259e1b5c2460889da4541b431ba342a1c25" + - "3a1b1b65fce7120829e5466e7ad2fe4e0f773c7c13954a9c92d906c91aa1" + - "de211f40916596bfa8245344e257e5907a2c49ebcc864cfbe28663e700d8" + - "472c50355313d5cf088e9e8a19cdd85bcfc483520498c6386050e53a3ff8" + - "1e2b77b55b116a853d71f60d621265166cd7e95ff5cb4466226d7cef68ff" + - "d0a35b61e76a43cdcfa8da7fff9558e2f89b981ec6be632b126303ca1fe8" + - "53d5c628d967d39317b60ac904d6a882beb0746f6925a86693aff4deaac2" + - "e5b64b611de86767d55a6e11221605508b1c5cc828251539b1b6f65c2c04" + - "8e65be5422c1b11194eb687d906c559068c0a810713b23b30d8b17f10df7" + - "0962c5e7e782aff7bb95adfe4cba9d90b0ebc975fa56822025100b5cb8b3" + - "8bdc8928c1a2a8034dd66e2a763696d7ce6cef4dd586b83f7d01749d37fc" + - "4fe8d7abd324d4ff1efdbdbfeb0a2fbb8b266fc2bce8e5e5b95d0089e7c5" + - "d7de4db837d1822ac8db8198889d6bfe778d0b19e842f12b5afd740aaecd" + - "e36e2cefc2cf0b082aa0c4f75684d024b8d828d8f2911fe1aae270251f62" + - "4f49584e40bb193577c9d8e04eb16c094653cdf9a15fe9210f724c7a7c73" + - "74cfd1a74abb5ceae88ea54f7e7569f8eb674529cbec965ed05bb62f1968" + - "8fdaa97297268bfeefd06eb21f700cc56f9bf7f6cecbbbe7278ada8399fb" + - "960371a2d5cdb852b11c9fa17650e614c5297bf46cb7889d52bcf49d2560" + - "720852822b75bb16524d88273cb366b84b88282da91875562e5a1fe73973" + - "afe90e5cdd3f5381612d3ba7bfa058d023a9326e403ec474d8938313fb32" + - "bdb5bf899b900c3818c43c8a0af6a061bd26e847ed75983402ee8a9cf4ef" + - "85bba5545a0d329ba81495157eda0286f1917de512fe448251697dea406d" + - "a510adcb05", - }, - { - key: "b78d5b3019688e6ef5980c17d28d7f543ca5b8f9f360f805ee459717ca0d85a1", - tag: "f01babc4901e957d0c2032a7279321e1", - in: "ba7d35b2ef8af1118bce1e78018c9314b0c8c320591e103d23f715acb05e" + - "dc98fbc618de06627661df5842dbba9f604c2d20d664e5db06e949b11d49" + - "665088dbafdb0d39d20beaca7d723f8dcdc57e9c5583d303b6cdfdbecf95" + - "7d8daf2f1c72b2a6fa27e3d18841f4841abafd334c110cd2b74efb6191db" + - "ab9b8fc8427ee17664082f31db98d30bf15dda967e20730a9ef525abe9f3" + - "f620e559ed22bf74d347c9869f0311f33da7f1a3dc858b3a8aa73a35989d" + - "b055a4a2c269c95e352259c57de8b94d8de48984ecde426d3ef60ec1c7b4" + - "41cc950f7764f55bd0cf52d069b9ad446d1f765f35d02ec104ffcc00bf1e" + - "dc1b951ef953acd19984ff1b41041bea0e9f5326a7c9ed97e6aab42174ee" + - "971ea1dbe2fd1c1f67f977ab215962b0195417170f6b7748fd57262424d6" + - "cf7c235b34425f4047191232722932213b3eb73904cadd6a2e9c7571d7c6" + - "6c2f705b5039ff75e5e71c5aa738bf4177653e6eb0b49303a4bc0e641e91" + - "2691f217296a3325431d578d615afddf47784e4618a2ca40ccecb05d621d" + - "a52f272b8cf84f7fd8177c83af1580d25a764cc06436d67171cb5d1e3b39" + - "367b46d9a59d849d87ab6bfcf3fb9bac2b1ebfcd1cef4459e74b0e1b7080" + - "dabd2dea79f75581a55de63c4b23ff67d986ad060102933fc6cce8d614c9" + - "c86dc84068828dd9e21ffc5665c809d83b09432fd315dfce5d7a4ebd8143" + - "181953e3f8716e47b0b30cc1f753e31a7d509f2dbd4177b6da310cf3cd02" + - "5db270adf98e96259a5ae1b81f5be4d5c76f502a612ca73c76b91e0ca695" + - "aa921f9489948619482c2956205ae71fffc3aba4476ff754e4878e36c763" + - "2c935c076857c5b90cd63ea4764efbcee53e2ddc9bdce54b1cbbcf0e7544" + - "d023e7c2b79419ad92221a1f76abe31a8236e370d38e2493cc9ca2aaa811" + - "30fc713d11f500fd071d6eba6861e8b0859b372e62fe60b627a96c377f66" + - "236aedf307e1d148a61bdad072b93d7d2a73367c595b1e048f7023e72729" + - "1ec508326f5424a5bbf4e010d0240b71fa9137e6642ab40c5e4fff79877d" + - "b3253c663a221b49b3e77ea307c7b9f3f72a0f3a54d0112c45c64a0c0034" + - "baf2b55ae36ea6f811bbb480cee663136474dacac174c73b1e8be817916c" + - "fd4eb1876582bb3a36cfbabad91776aa676305ddf568a86e3a5eb687fa81" + - "67771fca7b5ca00e974b3cc3e322b4bd9bcee2a87d0ae7976da5e04fa18c" + - "219fa988d4f6fce62f194b05c26ed3ae1b066cd9751a2d916d53426a454d" + - "58f9c3b2fb49374e5791b412fdee1b6029144f1ca787f56fece4f64f4fac" + - "bfe4cfd8ba7c807a83cf44008fe5126a283ab2631a87acd8e2a3bd10979c" + - "4b07a84a49b0687a45a4798ded0b5e9b2acce30e714d78395bfa8f33ca91" + - "e68b2138bd67d8a694cd87c88dcefcd101a3b408d7a9095cc6a4b38898ec" + - "c8b375f5a67deaaf73eb7e99b10314ca6bba824658bee85dd731d9a1475f" + - "976b7c0aed4b67b088f0db5ca5091273217f724969dff6cf184181377c45" + - "5722beb23fd9d097a82ea2d8d527ba6284acc20cb30f2e52af28800c61fd" + - "1faf9f4f619550e0162a1a63758e202533889b27420fe7d0eac9a47a6e11" + - "1d80054412340e0426cdddbb3c7b9b823b8db3ef58230fad7a3ac21a7805" + - "d30878d4ea78dda95c951b7a5dc552e9434c35e03e1dd88652d3714f8fbe" + - "a39936cc0717c2e0335371f2a751204f5d9386baaec853f019325edfd1b0" + - "719d1fdac3fbd774a64bf957fc54039501f66df94b5b9b82c2076c597065" + - "dfcfe58b2e215a3734066aeb685ef97759c704b5f32dd672ba59b74806cf" + - "ad5daeeb98d16f7332ff0ca713d541c84e4aef0750bab7477ea707e2e497" + - "e12882dbc0765106070ec6a722d08fe5c84a677817b28fa3a41a6117f2f5" + - "465c2a2f0eb2b8be4f36e676b4115008bade3573c86cfb1370c03b6b0dc4" + - "bbbb0ada4dedac10a593655068a26febc2bf10d869cac84e046c9c846ce7" + - "927431f606f07b92abdfd81260199ae05ed01dfa07088c56a6a8de9c6d51" + - "d61d6a6d3f9904c216ea8329467a006a3d2495a768a39ef99a21827d2def" + - "909bb743fed7209f7fe59ff1c1e710095b05f166c6173deef5c6ec4105c5" + - "fc3b87c8269c786bebd999af4acbf12d20453b125f338aee87e9509ee405" + - "9c9e568e336304d7be9ffe81d1700555b0800242d9b7450d7256f2b17f6e" + - "d46a39f67bb2980572ce73169e352070dbafd4c7fa5a6be78cf9b72981c0" + - "a01f1e1e30ee3736c59828b791d2373799854497a28a44bbe0e074925723" + - "4986696fbb06ef9ea83fbd49c45a583ce12ff10258ba06127c67b0f66dd1" + - "09f1366d8036853973d8884f93de54fb2a12949eefc020717eff47898cef" + - "306b5de068411f1e113ffdfe2556e0faedc3e27d95a45b8afc15ba0eeeff" + - "eb86da7b4324e20af80c62bf0ceb4aee1515f5912f71c6bf2febf20123e3" + - "dd3a82dc1e58a108f1039942dcdacdeb1f0ad0b2ef34488d98d6a52311ae" + - "acbd03c12f6e775e375d5979c7c295bb049f2cfd3580e3da3841ddd8e6af" + - "4de5e6512ca79cebcab9280554524881da37984d340e8f0163fe10a02ed0" + - "88682560bc6d3c4dbcf1a542ffb3dcc2ed16a2eb96896e8269697ffeb50b" + - "73f2cc354092e782a0072fc12e1eaff117c2cc8a5a1ad8b47802ac9e23fb" + - "91a0cef9e4027595e0885464e61563093ee2b1dc5f22dfd04af7de6a70d5" + - "977d3751a4b3cc0c71a71c59c0534cb1f8c0eeddcf1c0e1b3e5ad0d083b6" + - "6e8b998ddf9ae9d3b365c851d42e995b9afdf8d66b2ac40bf514ce32e456" + - "0880afd38c42c08926067eb243c4b1184e667ba756c14ace5f525eb48df7" + - "ebb429d0a23d159664f8021d27dc7167081de331c7114c9c6456e1ffdb42" + - "2172a81c06d8deca995e158c48df27261a83f83e0127f5e056a139be9b76" + - "e25dadf534d3d1ed6ebc0b5d77d51e5b90ff86f30d4023066115bc11b33c" + - "c827b1103098826d0bf8777176b2da6f1e5b580e407ccf7e614fdf4f5b53" + - "3ef6d30b20c1bee61eab90e983b1a97173a62720ffd27abb8976a948d532" + - "d06596c23b0ef31c79831bead8f8e99ad209af3658cac0cb3c3f9c88379b" + - "9bc871d8e84171d53400902da1243f664afeaff60bd96ba2639a7644676c" + - "a79f43130af12ba2c877d67f7ec030a4217a72f5368af7c9f24e643db6ac" + - "97a04adaf57dbc53762d8dfa1afd49667c4041adcb5ec303e191b786273b" + - "bb065cd9f16a3a4a399c6a7aab9c1a6604998264e8b3dbd13d8f2228b13b" + - "2c2b9fec5055d8e9f2df1d9a25e4bfe2029776389877bbef7e2c7621f06b" + - "c0b7fc0786e2b2d042483ccd4a59d2872a6c5ac73e217123e5c8401580a8" + - "d967e0895aaa28f4d25ce68c90b4394d8113bc423e9fae46ac47bc2ac191" + - "fb97b80b5a85feb2bb54f84c493235c1408662fe253c6786fcf6fdb8be87" + - "dc66a72cc847f94dfb5214af5905b7039a7363a1b23a07853daa26862783" + - "ba08a80846fbb93ce98700a4f9961115128dd67bd7d19e0c588fdf6196c1" + - "1cb0154002ae862f11421f5dc3a57b6c0870b452272be556a1d14eab1af0" + - "a91ff5b89de6bbeed6e03bc64f5efddf9e54da71c594bc5ef78e0192cfde" + - "da36e4ad1a6b0b51110c1b24d20dea1f19e18cb1184d80189f842d4f07ac" + - "834744dd009aa3771b1e5502fe4b65a403a4bb319e1880ff6ba852e90a8f" + - "4fcb52cf374c88408428cdb1255291b04ed58c992310955198d61fa1fd9d" + - "762d48f2f65a287773efc67d549981c291b427889d3e3dfc0cc6cd68415c" + - "dbed81b516786dacf431472a7dfc99688d15bb6c1b85b1a2015a106e5de8" + - "cb9eec4c80b17d00fdcf4a9c64de4643a95dade8fa9f1bc5c839037d86c1" + - "3800a244188e3b18561a74912ed72f99f2365f0126732d037dd54a3ab77f" + - "9a9f6a1c1469ea92eb707482066bd4990dec4d7614ccb4ea6dd4deb8bee2" + - "2c4dc0b9b4d4cc70a500d2c8a5ac3ef88a38439b7dc254a6d920cfd317a8" + - "4d7747148c65b6730709e43369d4c995b03c58b9df444f77f216944e70f6" + - "6446554d8d513b8f7f28ef0a2d7ad5ca2f6110304196953247a7ac184f68" + - "61fba896c2d5a59007ec2b2c8e263957e54cdc1f3b4a145228823fdf0960" + - "c33a28f59b03ee4be21001d2f56fd49ed14db33b2c4eec2c3f41b250a624" + - "99a9b6602c1e838526a54cdcd058af1c252d56009d4c7769deace53bdb66" + - "543f5a081cdde775e61efa70956fe2a7a6019a164c6e413ded314bc928b4" + - "aebccb946ffdf3eb33e187bf421febe26112b3262a526de65678cd1fa03b" + - "83513705108fe0bb87aa99aceb28af3641c46a2c4427cc1063de01aedaea" + - "fba68155d4de494a27ff6b7fcc8f5c5c3f7d3a115c397a1a295bc55aec8f" + - "7f150cbce2a8aa4706d54ec863877bb966ad441c57e612a1b5d438b98d9e" + - "fcdfe6d4f66e885f96407e038015cf974ae5a3540692b054d2ddfde59b28" + - "ede7e2f581eeb56c5b88e2779aea60c1d8ca6107b0cdda1ac93e6c7520da" + - "edc66afeed12f980e20e1e1c327d15ade4bb90de30b011a9cb33855ca3ca" + - "e2", - }, - { - key: "2b0b0fd3347e73c2fa3a9234e2787e690a11aec97a1c6d555ff7b4047b36f372", - tag: "81b1a6633f849ab0aa7baafa58a5d9b8", - in: "427f3a7a5f1142ffa68e83df5f917e07b2bc454f3adce068a8ae9e0908e1" + - "3e0099aaa9074697593c6d8c2528fedddeca05e3888be1a0a201c389a72d" + - "20cb661017544d95a431e70e7c6580d8fb46ea4495bc59db6ae2cd69510a" + - "02426c50de1b6110120f759960605aca718d4d0a497e003e1ea2b8ae9a53" + - "df3c1eb4f704eb32f8f05eb08cecba0fd4a94f0daa3b0984c30a38f94b7a" + - "10cde723182d30588bc40f1f9d38a3bab4800fdd5148e34e396144763696" + - "c9b3e9b8adfdb337123d54237c7413f98bb2056152b256e37a27bb947c67" + - "240fa3ce8da62ab367db540bcdd9eb873d6c71c75a08fe99b5c11ec8e6af" + - "f926d2adfcf073479de394d4aac5fdc6241824d944b8773db604c59afc01" + - "495ee755905e5616f256c8a64321d743a1c9368d46418826d99b762e2f6b" + - "f998d37a995969cdc1de85f0ce3987c6550459f5e5bfd9173bfcb9e0112a" + - "d91f092de446beba14fb3b8ce3fb2f9c941815b2cb5a3b406e2d887b7912" + - "bba07c8dc7caab9836827da93ca71fa5ada810da1e5e9b09738524564d8c" + - "923746d19c78dc9107b9f20f653e05d7f2eb6bd90cf5eb30fdd7b587eb46" + - "74a1064c70ef0af2e75373044d32b78d96eb1db3112342d38dca0e47b96e" + - "9307fcdd711b1c66355186369a28481cb47ef6bf6651c2ff7ee4665247cb" + - "12b573933d3b626d1c6264c88bd77873c2e73e73ee649216bf0b6d6615ab" + - "245c43569d0b8096596f25ceca8667661de1cd60dd575697370ebd63f7e9" + - "5333e8a2cdb829b75ea83d72cd246d50358f7c094c8a515805fda03165d5" + - "21391617c9f9a2ea562b419632df611a67912d2b369e5e505dbd5c719253" + - "16d66cd608cc4a9583a8eaa4661b7279870345fac3031631c1a220551527" + - "5be7d8d89b71960e687aace3a0e8f206e475053d6fbf97717b154c75406f" + - "2caa97d1ab66048f1c99281c188a2f37b8bfc736c25840a9130ef2031c05" + - "6acd9dc10592eddf94f5bac85319b10ae46cc136a0738aa803837287ed7e" + - "dafe08d1fcf31d5e63763e39a5e1f4d7d0edab368d44e63fdb33c28905ff" + - "d6be406a024c017081b4f2d70860776e9d2556cd008fa5017b58733da13c" + - "634938407a118827a80baa28d4e605db59430f65862b90cd8356baa287b8" + - "4e6d9199fd80abb9fa697e2c2c4c760128e4ec0438388cf407e2a2fe0f57" + - "908187ed8efd4c5cb83cc91dbe6a11444eede85099149ca82921bc28bdd6" + - "b9999594a41d97307f8854b1bf77b697e8cdd4daead2aa49fbc571aa44c0" + - "bc84a57cb5fd85f06847ad897ceaf449eec45bddd4e4eb1e1e119d15d5e7" + - "90957e686acbdda1bbe47ea935ebc4b8c2e3cf9b7157cc6dc03bcb19508d" + - "a9e19cb76d166da55559ec7e0995d9b50c6c45932d5b46eee400c56d9dee" + - "618977dcf6f76e3e86bc5207493afbc2aae9f569ec9277f33d9f61c03d59" + - "dd6d8250ee8cb3e54e5e941afb74f0735c41d52ef967610c9f55b2b52868" + - "4b549a99ae3392a7237bb52ff5f8d97327e2837268e767bed0bea51f76bf" + - "88bf0286bf22b881f93f1d54fab5cd4e3c148c96c39e7aeef375de249df0" + - "4d89d1bd97a7afb2be0cbfd3380cb861d31e4ad1ea8627721e4518b9db3c" + - "cda20273ec23549c4adc3c027e3ac9558de2010a0263c1225a77dac8be60" + - "d498b913f91391d8b2656ffddb06e748cb454dc2b7226745f11030a6b9ae" + - "09ac8ac428d9c6500801fb540650c94610ab70465b1210c6db2064dc84dd" + - "7f52573f8f40c281470e85176c85ec6de3c718663d30ad6b3dfc1a3a9606" + - "1936744357ca62fb8bb066aa1fcac6d7a2adf0a635cd546bef39fbd3ee0a" + - "8802ab0466ec9b049b5892a9befa4377cd199a887c34569b6f90852139a7" + - "86babc0049ee2b527aa96b988237a52eae8b4b49d2ee15ee5294118cee62" + - "3c3e11cecb836b21af88555f10be2eff8379beb615b7b3d6c01d545cacf6" + - "61be8ebbf7a3c58ac5e0e7b17997659a2bf15f2b2e3d680d142fd29d23a7" + - "aea9890f3ff7c337fce49ecedaf38573edfae07810ba9806723e576d687e" + - "a11700b8ccb96a6559259c367cef4e3999a05a373ab00a5672ce8b3d1dec" + - "a414187f383e449d10021b73c1f7e39ce01516b7af96193f9993036049fc" + - "72ac059ef36b2bcfbe13acf140d41592880fb8294ebffb98eb428ce9e65e" + - "1094521bcf8ecd71b84c7064539a7a1aac1ad2a8a22558fb3febe8a44b87" + - "72fc00c735773d4ce2868a0b478ee574b4f2e2ceb189221d36780b66212c" + - "dd8fd3627cf2faaa23a3d0b3cd7779b4d2b7f5b01eb8f1d78f5b6549c32a" + - "cc27945b5209f2dc82979324aebb5a80ab8a3b02129d358a7a98003e701c" + - "788a64de89726da470010eda8fdcf3da58b020fadc8970fafb08a29bef20" + - "2bd0707e994015258b08958fc2af4c86c3a570443fe6e1d786d7617b0c66" + - "29a6d9a97740c487622b5b8186c529d7f8af04d9f0a9f883043f08103ca4" + - "d70057ee76639f3b1046d86928d54cd79fb5bb7b46defdf15d2f8578568f" + - "1d7b73e475e798ec6812586700e038ed4791b23ac9439d679a1a4bc04cea" + - "e328330c24b065c9cdcdcedfbaf58e5299779e6f48783d29ec3b1643bc8f" + - "1095c724dea75770583b15797fc666f787510d91e65a8e2090cc1ed2013f" + - "e63ab17bc7640ee817487f4eac8326e9c4698cb4df05d01bae8c0d00fc00" + - "08919484d5e386c8f60b8ac097c93c025d74faa56e8cb688d1f0c554fc95" + - "aae30873e09aae39b2b53b1fd330b8546e82d9e09bbb80132d794c46263f" + - "4fd7b45fda61f86576dec52c49f2373e4dca31f276d033e155bbcdda82af" + - "8f823948498f4949bf23a08f4c8ca5fcc8598b89c7691a13e5aba3299ee0" + - "0b479b031463a11b97a9d0ed3189d60a6b6c2390fa5c27ce27e28384e4fb" + - "04291b476f01689292ace4db14abcb22a1a37556675c3497ac08098dfd94" + - "d682401cabec239377dff592c91aca7eb86634e9d5a2848161dc9f8c0c3a" + - "f7b6a728371fac9be057107b32634478476a34cbc8b95f83e5b7c08d28f6" + - "fb793e557513ca4c5342b124ad7808c7de9ecd2ac22d35d6d3c9ce2f8418" + - "7f16103879ed1f4827d1537f7a92b5bbd7cd12d1ecc13b91b2257ad073b7" + - "a9b1ea8f56b781bea1bddf19b3d7b5973f1065fb72105bb4aeecca5b7513" + - "ffd44d62bf41751e58490f171eb9e9eb6d57ffebedd4f77dd32f4016b769" + - "fed08dd96929e8efb39774d3c694b0d30c58610541dcfab3c1cd34970195" + - "7bf50204acd498da7e83947815e40f42338204392563a7b9039c8583a4dc" + - "faba5eaf2d0c27ada3b357b4fccd1595b9de09c607ebf20c537eb5b214b8" + - "e358cd97992fa5487bc1572c8459c583116a71e87c45c0ba2ca801931a47" + - "a18ef0785ebbe420790a30278d2d0d42a0225d211900618438d1a0b2d5be" + - "d14f8b4be850dc8cb08d775a011683a69ee1970bb114d8d5017de492f672" + - "09062d9ba3616e256d24078536f30489e4dacd6429ed37aab9b73c53fdd8" + - "a8a7aff1b914b9d82d75a46d0ccf85f48d3ce9a8d3f959b596ae9994ac3e" + - "3b4af137d0c8e07ece1b21fd8aa05522ba98f85a7ab24ed8c1e265fadf4e" + - "9a18c5ab5684d8ba8d3382ad53b415c73ebfaba35abeebaf973b6f18e0d8" + - "7f019420eb34e09bbb12afc5b149f1e9e9b6ae36ebde429d437ada1a2d52" + - "b998f7c75ef731132aafc3bb106a2ad3ae11223a355804d4869ebaa47166" + - "2df261d95d48ac6eb17c1781e81c0027ccf8f05c39e1eda7793cb16622be" + - "ce7a1ad5d2f72f8bf4bdb2f4f4dcadac3db3bf727f0d447adddad4500360" + - "09ee011bf4155e5e46c74b00d72e8e6a88de9a81a5a4685651b90e874dfe" + - "eba41698c98370fd9e99619ce59ebb8342417d03fc724f9c910ae36ac5e5" + - "b46c424141073199aaac34232a8e17ebbfdd80eb75e82290de92968f3893" + - "0ab53dc83ac433833576e86fbabfb9d7cd792c7e062811f4cb017710f841" + - "1e0fb65ea4b3cd68b0af132cb08330aa13579196ec632091476f268b44ba" + - "8f2e64b482427dfc535d40d3f58b4dee99053b35a3fed1cb245c711fa16f" + - "c141974c8db04f4c525205dad6ca23ccaebde585cd3bc91f5874452ed473" + - "08de95cb6164102744f90b3007e511e091653c97d364fe0cbd7f4cd3249c" + - "1f5c452becd722ccc8c6b4e371e2631337dff78efd903a8fc195a90ca5a2" + - "aa4513bc63cd43794ff06c5337329055c43d4fb547e63d6e4d14fbe37b52" + - "1411caf2f1b0df51a68f677db59aa227c725cf494ccb7f8cacc5a06ac5bd" + - "f135a2603175a5fd5e5af615fd2e7cea61934e6d938b9e672290aaccd99a" + - "7e26dc55efe928e56ae6354168264e61668a61f842a581cd0c4b39e0e429" + - "04631c01320857b4d7e260a39c7fbed0593875b495a76aa782b51fee4f88" + - "84ca8ddb8dda560b695323cdde78f82dd85757cadea12ef7cf205138c7ba" + - "db6a7361a8d7868c7aefa7aaf15f212f5f5ab090fd40113e5e3ad1ab04f9" + - "b7f68a12ad0c6db642d4efb3d9f54070cc80d05842272991bcdae54cd484" + - "9a017d2879fd2f6d6ebce27469dda28ad5c345c7f3c9738038667cc9a5bf" + - "97f8f3bc", - }, - { - key: "aa3a83a6843cec16ab9a02db3725654cb177e55ec9c0c4abd03ada0fbafca99a", - tag: "719dbe5a028d634398ce98e6702a164b", - in: "643883153c215352a4ff2bb2d6c857bafa6444f910653cacd2bbdb50ffdb" + - "cae23cc297a66e3afefbd85ab885e8ccf8d8f4930e403662fb4db5121aca" + - "82dfcc3069bd5f90be4f5bfd3c10f8038272021f155e5de0a381d1716abe" + - "0b64b6d0f73c30baf6ddfe0e6a700483cad0fa14f637afb2f72361e84915" + - "78ba117e1c03f01fd61aa8f31da6464f3d0c529524d12dc53b68f4d4b326" + - "db7fc45c63f75244002b8f9a185556f8aab85948647818f1486d32c73614" + - "b8c4763e2645bdb457721ff3901327588da01622a37ccbbd0374fec6fd1b" + - "cce62157e64c4cde22c3a5f14c54cd6db63db0bd77e14579989f1dd46461" + - "4c8691ef26406984b3f794bb7b612e8b160374be11586ec91e3dbb3d2ccc" + - "dbfd9c4b52f0069df27f04853e7cc8b2e382323345b82ce19473c30296cc" + - "453f479af9a09ec759597337221e37e395b5ef958d91767eeb2df37069a4" + - "f3a530399961b6bf01a88ce9dfcc21c573e899b7951723d76d3993666b7e" + - "24dc2570afe738cbe215272ccedb9d752e1a2da00d76adb4bc0bd05b52c3" + - "fa08445671c7c99981a1b535582e9b3228ce61662a1d90a9c79afbdcfcd4" + - "74def2b7880cac6533ba0a73fa0ba595e81fd9a72ec26965acc0f4159ba5" + - "08cd42553c23540bc582e6e9ac996a95a63309f3fa012eac14128818a377" + - "4d39936338827bbaafad7316e500a89ed0df7af81be99e2f6aae6bb62568" + - "1dfa7e100ebca5c8d70f67be3c1e534f25446738d990ee821c195c98d19c" + - "fd901e7722b4e388da90b95ac0b5b5dc5d052ad6b54f6ea34a824bcf0cd8" + - "7f1fc9a07e8f5b8aa0793e3c9c1022109a7c7ae97ee2a2867fd0cf0f8971" + - "34b3d150d3b24fcf8323de929b73cca01244df02510393f0b3905caa0268" + - "7fe35f64391e7d4b30be1cc98319716528ca4f35bb75d7e55cf7749968c5" + - "37136eddb149a9f91c456fde51937c0f35e7e524647311077e6fbe7f3c12" + - "37b9584fcf3b0f78744c7b2d3b452823aca06d144e4463eb5b01014201cc" + - "bfed1adf3414427072135d48e705b1b36ab602cae69428e7c19d39cbb4e0" + - "ca26a871d607ed4daa158b5c58a0a9f4aa935c18a66bdeff42f3dc44166b" + - "a299d71a2141877f23213b11c52d068b5afadc1fad76387cf1e76571e334" + - "0b066ade8da02fe3b0bdc575b1d9ec5d5f5a5f78599f14b62db0bef7ccc6" + - "1711482dfa4787957d42a58fdc2f99525c32962b06492229399980601bd2" + - "ee252306b1464914424de9aa414a0a6e5dadf8ffbf789e6d18a761035d3e" + - "f2ff0753becbd2dd19fc1c28f9acebec86f934f20b608a9ef735ac91f6b7" + - "83d9327cce7f4870d39bbbfb0100838dee83e6baf2b40cfc98415dd174ed" + - "72e393ad0459e8035dce7eb18eb3af2f39d2712846b9e1852cd61d06dfc3" + - "5e34fb761b67e2a711ceb4a82557371ed32ca8db2e4cd7fea0b6bd026177" + - "4057b9abc45dae6869cab1097459473a389a80a4523e5de696554f8b0bec" + - "0ca605e6acfaa00386fb5a48e0f5893860a29f35e680be979cf3bf81ee7e" + - "ed88262dc80af042b8cfe6359cf8b475560bb704728034e2bd67e590bd76" + - "1632e516e3292b564c7265d7a6dc15c75ba6f6a447b1c98c25315ac7de59" + - "9edc4993e4dc7d1dbfcea7e50ebd0b226e096500216c42de3abe352e5b09" + - "a3c9754aa35d00883906599c90a80284d172a90abbeaf7e156fe2166ada1" + - "794420fe55b1a166d752d0eb7f04e822d021c615e84777101e7c9f9dd12e" + - "565b7d093fe978f85e6142c1ca26798b45f4b8d23ecff6be836e810e314f" + - "ebd2ea66f2ac95bad84b39b7a6bac41448f237b45e9ec579235ba2bf5fa1" + - "f00286379ec107c743f06ae0d11b57a2f5b32e3bc5f1697aae812d7ca303" + - "b196a8a43259257f7697bae67adc7f121be561b2d0725982532ffc06cb22" + - "839d9066dce0e4d683d9348899089f6732de62751ca77f1c439e43054468" + - "2c531b9c61977bc221b66030f7571dfb3ddfb91d9838529dbc99612f650a" + - "d72bb78de061192068941a81d6ac341101aeb745b61bd7a87a35a2714d50" + - "c3eb2c3ea148fb9ebed948307f8b491aec277ac01903ba36e6ad54f89fe4" + - "280a17f8e7ae639e75aec16d56576f03c2a1efe4af995eb825ccaa6efe0f" + - "d6d878299a351591d791c286cac5cb049834580d47a9bb7720d0603e3141" + - "ad7c1ec2dd23d3002e15d73c1828a7f08062848b1b6fcf816bd954743547" + - "6f0d6f882125bd03095eb1b1a846d535730e258fc279f7095de7c2d3fcca" + - "a4640a2e2d5ce0974c1e073c60bb78171c1c88ae62c7213a95d36ea9ab17" + - "59093813b85d17ff106e69100bd739ede9656388bf47cc52730766a8a186" + - "9dcc623e09e43cfba1f83ae1d9f16789064ec73504c29686760ea02c6634" + - "a929ca10c6d334b1751494c6d143671ce8e1e7dcc9bcda25af895a193032" + - "ce27c1016ccc4d85507fd2265ebf280d3419f54f66ba2a161c068491578f" + - "be056f02f97be745db443e25ed2647c5348f278f4ad8bf5b2a2c2d56e795" + - "532e25585984a3a94f435ef2742a0413abed7230ff2e9724187c91f73a7a" + - "726ebf36bc8d0d959418dd586452664990889358c56720c1001c004ff768" + - "54b9850890ce1b31735fd9f4a3640622ef0b25c659e8a937daa0df7a21f1" + - "77be13dfdb8f729da1f48e39a05f592d8c98da416b022fd8edab8e6132eb" + - "a80c00501f5cc1e0243b6b096c8dbe7f8c6ffa2f8bcc7f309fb80b489b92" + - "c4878fabad42d91876e10ee64ccd415124461cdc7d86c7bb6bcd9133f3c0" + - "dfa8f629ddb43ab914c0ac5ecddf4398052229876fd838b9ae72523946cb" + - "bba0906a6b3ef26672c78cb24cbf691a5ec869d9fc912009d840772b7da0" + - "c7f47856037c7608705cd533918c207a744f75fdfac618a6981778e09332" + - "5c7d22170da85bdc61044b4c397919d601a30746cefefa798c58f02cb827" + - "0d130c813cbeb67b77fe67da37a1b04bf3f1e9ee95b104939220fb8a0394" + - "86ab8954b2a1468016f546406d1946d531966eadce8af3e02a1f59043ff6" + - "e1efc237dbf4dfd482c876531d131c9b120af8b8fd9662cef1a47a32da40" + - "da96c57dc4efad707a4e86d0b84262d850b451bda48e630c482ef7ede5bd" + - "c55147f69e2ff8d49262d9fe66368d1e38ecdb5c1d4e4042effff0670e69" + - "04e47d7d3047a971d65372126ff5d0426d82b12b253bb4b55005e7a22de5" + - "6fa54f1dfcce30b1e4b4f12b1e3c0de27cea30ce79b08c8c1aceb1ffa285" + - "c317d203a9f2e01d542874fc8035b7670f3648eec79561d6ff2fc20d114f" + - "ba4fbed462f1cd975ee78763c41663849b44cb2827ee875e500b445193e1" + - "4556bcccfaba833bb4ea331d24a6a3bd8ec09906c7b75598b44ce1820a49" + - "fca4a0c1501e6c67515d4fa7f88f6aa3cd7fbc6802131a7b14b219e154db" + - "9ed241133e10ace40e4d963f904dd9f3bdaaade99f19de1ddfe8af2b3cc4" + - "0a48374dd8eb559782bea5410f8f9a1cd128523c0157b6baad9ea331c273" + - "311492fa65c032d0d3b513d23b13b86201840d51759021e4133f873f2781" + - "8f54f34ba73b4f33107d49c8de1533856ec37bb440f3c67d42148765610c" + - "3296bce932c839fd866bec3762a38406ac2b39d0d93730d0c88cb8f765dc" + - "d8ee71263fc96068b538da06fc49e25dbeaa10a5111a9af8e8f8d78e6ed1" + - "3752ad021d9f2c6b5ff18a859fee9651d23a7237bd5a5c29029db3882c47" + - "0470de59fd19fb3bfbd25d116f2f13ef5c534bf3a84284ae03e3cf9cf01d" + - "9e984af9a2e63de54e030857b1a071267cc33d22843b28b64b66e4e02803" + - "c6ab5635291aefa69cfeb3958c09d0b37176842b902da26caae3f0d305e7" + - "c6ab550414e862e1d13d9bb9dc6122cb90ddb1a7bc6d31c55f146659baa9" + - "6cca4ea283e5e1639967889543ecb6849e355b6c0227572097221dd46c1d" + - "f8600b230e9644ba611ba45cd83fa4ac7df647b3be57387b6db12682018a" + - "de9be50a8ea7d5f7c743bf0c6382964bb385b3c207c0cdd63279c16130b3" + - "73ba974125291673344b35c8ef9a33be5a8a394e28dc1448f54d46af675a" + - "edc88ce85a11ad7e50058df4f3f2364abd243683d58a2b13fcb0dc0eed21" + - "380b666eb87f4be75e7f2842bae916c15af3e9658c55408537b2301faa6e" + - "42af4d94e3eda6a41d6d302be281e2a9299e9d0fb1f20cf4ca978e66bdd7" + - "4c8bea0f15c84d6513cdea787dacbd4bb529ed03528284cb12f6ecd841d3" + - "c58c3a57c6bc19b65d6d10692f4e1ad63b091137c8acacc6bc1496953f81" + - "2972bf6362cf883bb75a2d10614029596bf9f35e92addbb50315b30161b7" + - "de8867a1393d9583887a292cadceb54078c9c846ec30882e6ff987494060" + - "721d3c761940b91a126e8d1e0118617bdae01a7f9c1aa96bdd6c78ca06f2" + - "6c8d85664a8705334f4997c724ef98fe265985593d5a9c30798714e6de1e" + - "bd04b648be47a6b5d986a3103e738a5cd114b19b7ba99d2e2eec6181bf3d" + - "ff0fec8c54ae6118be8702c3e775d493a6fafb509712a43ee66c3f4b75b0" + - "194c88937cffa5fa17b284d2556f2b0eebf876e05f92c065515198bd5e83" + - "00d0db432cb256a4a0f9963a05694ffce3ecbd182209e0b7bb50120f6be4" + - "eeb9d268b17790ee14a2c887dc5753e0086630b3123734053aa37595aa8f" + - "31968ddae4991af4ab970c1e3cfa1146a2efd9dc42abd6af14777b8a0455" + - "3865691cbac4b4417b3fa13c154d581b498f3b8cb77adf0e42dc2f2fb521" + - "732447de97271e542c6cf8cad3ba0148cc3ba1f2983ead836a25a2c022d0" + - "43ba18fcd009d518d07b53344a5bc4d626b3b38405a114471f75dc70e015" + - "d11e8f6f57d087fa72909785573008b1", - }, - { - key: "1793bfda9c8666f0839b4b983776735a927bdaa3da99b13c9f3d1cc57d4d6b03", - tag: "bc89cfec34ab2f4f2d5308b8c1a5e70a", - in: "a09f661aa125471417d88912f0a4a14115df9a3a19c1de184878291acb0e" + - "89ee1f9d8213f62df442f8969a9a5a7c402fea09bdbe236fb832544e1f93" + - "9cdd4873802b2bb8fc35ba06b7ff96da6dc7efddfeeda84116bc525a7fc5" + - "2d84d2e63cbac00b122dc64f2d15b36595259d81a1d2a09f204c54072751" + - "dd812259df1104bb2d2ee58baee917c5d0aa2649c8a1503114501e6ed6fe" + - "239847d3d88dccd63d5f842426b600079c6bf06e80a2813b2208181163b8" + - "61dca07fa4d88254e84dac1c78c38397a016b5ad55a6b58878f99036db56" + - "89871ab3c321f6ed5895f218f8fd976c348b3f1269fcdf4d38c9492b4721" + - "6c45f499f5705830b33114d721f9731acf6c69fca681b74c2d82c92e145b" + - "7bab77110821d3a12cc818d7595a5c60c4b5e5219376c38a4dd52d435d41" + - "562802ff65ba2bba5c331c333d5adf194d29b2cd9ebb55927bb4ec17681a" + - "3f5574ad34fb4e964f2c756f6dbbb7a6876a21579a515263444de7a30a33" + - "15005458bc137ccfdff18a3892fc9f58f1de10d4de20bbcf860f5f036d8e" + - "8a188f18e5cf7ea3cd260710e7491befcb131d49a28dfb1ef688fd021a1e" + - "e4420d32fbfb03b47f5e85c37d91e49a1b0db85d966eb5434c4197433eb4" + - "9d56f2ff999c9a72230447032dc949202468261b48b6ac212e3f651d6c63" + - "03a06c90bb2d3a755ed91ba73bcdc28e1c5b0936e51e0a9f69c3ebabd3db" + - "add7abab6d8f6a44daeb3126429a01815f57444fb7022a4a510f8b564ae2" + - "dd9779b3a273fef15859a33e233724846c30d89fb78a595b6ff6c834812c" + - "00a991e405806aafd0c26a788895ad00a5e43c5426197aa8247207077548" + - "ee67db4cd6f878431a2e36e952d84b5fb89d681f553198e2c066310ea6ac" + - "3a31f5b1792620616f6c41d486fb844eeacc7fd36971abf416e8d6d50985" + - "c83cc92ea46ac37da8f0026aba30c945d8bb15080d2d95e4081bad626199" + - "3f95f57ed3252822a7caa035ae22a36c35e280cbbc82d729346cacdb1794" + - "ae9a9bb2793fd1d5c47121b135c2836063367339c5151b4e35278e97f62a" + - "fdd2f231d4b47812d083a829ebb9c374ff2ae8479cc4b76d55f9cef3ec6c" + - "4894f53e8caaeb0d8cd072960cedaf758e48e3640590d4f728626e0a08ee" + - "ebf719c96bf8ed4d0c283be09c0ae67b609e22d3b9aa6b03642854909de0" + - "5ed52b39673867bf586a632ab8072de15c637cc212cba8387515c9c9c433" + - "abd7ba6b02abd09da06a34694ad34f88515b65c0c9c247fdf9819fb05a1a" + - "ea4728c1182f8a08a64b7581cd0fb2131265edcb3d4874b009aede0e87ed" + - "463a2e4392aefd55e008eb7ba931788262f56e53193122a3555d4c08133b" + - "66020154b15643fa7f4f5e9f17621d350ede3dc70be02c59e40fea74dbbd" + - "7919d1a8d4e22ef07c916fa65e7d4b89fb11a7c24ddc4ca5f43344c753b6" + - "1331c3fa4558738ba7832b5b2a275bc9b7989b6e6888865793329806cd3b" + - "f0ba57c941d4428623e062f4ac05e7cd79ad5446f8838f2b247b66bddadf" + - "540845a1bb304a04b7edbbff579c8d37e2f6718f8690abd5231822c7e565" + - "69365ce532449a41ae963ec23a2a75e88307dc6b59cbb3fab913e43ed74d" + - "841ca9f6e4ef96dfd9f04e29e89361aece439c0b2e1943b30410a63d495c" + - "522ac3ec1b04ec4cb345f7f86969957ad750e5bd7dbf1d6a22eed02f70b8" + - "1cb5b2b020c0694d7f63044f9de0c3de1ede52009c858992d01ebb92ff19" + - "a9e0fbea18942fbafb77746c8e9e687dd58ccc569e767528bde43b62c7c1" + - "270a5721f1212de2b29a7aae2d6ba6cd173d7fbc78aec4356ce2e8ba9164" + - "d97dec061dd0c3a0e3c520a7611ac99739049dd5825537c70b7ef660046c" + - "1785546cd99aa400da848eb7c3c91247415c8e245d0f14c30d482c5849ae" + - "aaeab2568288229b08267818dae8f76fc674c684c99eb5faf88a0783813d" + - "f7298e0b50cb233f78471e5ca9cc3b04927c26a3871cf253798cc49aa717" + - "d8f18a1ddcbdc26497d188f15f86ec494dcf8f942c3e07e572385c6fa0ef" + - "40c0b625f1737543074a747a369482a0b342a08b3eccac9f9209be31aefe" + - "5a7794974f71ac0bc9a58026397ea3dd4f5e40511d58d2a3b45925c194ef" + - "13987037d736dd48b509d003a86471d5f161e0e5dd168b4f1ce32f703b89" + - "15004d8dfc708a5bb02b2e6fb67424b2cbcb31ddaa0114c4016b0917382d" + - "aad11815ff5b6e37d5af48daa5ef67cee3439283712bc51b5adf2356cb2a" + - "5181b8941fd78945c7c9d61497683e44fee456ad345e12b4258f15945d45" + - "b6ca4369ee792d849112d583fdb39cd4d333ee057355f0abc8d1eea4640c" + - "128cc1617982db0394233dbd416102eec1874081247d2982bbf9fed1b1b3" + - "8f4da923d68c8975c698f189a4d7840fd7aca9dceb7d91c076f85e1c546f" + - "4d5de4f60c91348455aaea30cac134c844dad93d583c139dd52b3be6346c" + - "4d2e6864125c5a2d0aed8f67930e1ebf8700ca88aacc914ea76ff17148f0" + - "777738cc126e75a2c81110faf02fefc47c91edbab7814599000ce55fe20e" + - "f313566e9b62457acf2f22e1141e220bd9d4747417d03e703d4e39282803" + - "386327fc65dd597f723ee28185c78d9195fc70a75706c36287ab9c6e00e8" + - "5cecbbd6043c6af8d30df6cdd8777be0686853b7c8a55a5b1e03e4431d39" + - "1725ff99875a85cae6926998723b36d13ad458220712209bfc5e8d2ca5d4" + - "4ea044d5ba846b4035e7ac7e9885f55d3f85c0c1b3d09fe929a74450f5d2" + - "9c9672e42d3f59be4ca9d864a4322cc454c2578493bd498a51bbe960e657" + - "3e5dd02c4a3a386d4f29e4578a39e9184024cd28d0e86ecac893b8e271bf" + - "ce3f944d130817378c74d471bd20a4086f2429ed66c5c99969fd8da358ff" + - "5c3be72bf356ae49a385aa0a631b588ddb63628fd162673e915cfc4de56e" + - "ae6ff7101df3b33125c9bab95928f6e61c60039b6cc07a66f9c733251447" + - "ef9c1ffefa2158a8ddf89dc08686a4cf9b86ea09914e79842d72a3236afc" + - "98a3afa0a1cac5590ab6a923e35a2ab8db6410a9d33cb84d1c48a054377e" + - "549774b25f50fbb343ecd5db095155cce9fb0c77d09752f62d4bbf16a770" + - "30452a75f6bdf73f7807d8f3a6bae16ad06b22175fee60549c22548de9c1" + - "3df35ef4e7bf7b66491a62b93c2c3fb0c5edc51f60f5704b56af30f1079d" + - "7c385b99f958ef8209e030e381d1ee8d67d3cb84f32e030e8ea2c1d0c77f" + - "d6b242a9f48707557c8682a08e1127f51221a55c733ab1edd00a9c2912cb" + - "36dde85f73b524e1a4f4da6414c5e4c18d9537722b2becc8a91bcc63f2b0" + - "9f32409c53c2beee0de6726dabcd6bf33118a5c23fb9c5c1810476efe658" + - "4bb6109c516b45e16b2f79f96755680374d82b91f2c519639a1815fd485b" + - "a3c00b46fbefeafcf25554ec5a6a5ae2da07c85b8a0f9fcde50263d9ed85" + - "038b2f7aadb9de765655bd201235218bfc74bcad6a9ddf4506167a649afa" + - "df400b85752d68a92b7a97f26b334dd77fce824862046b286a7c8e0adc36" + - "f713a252a673d4d995b268badf4bec8b8eefe85c25b823b6728582d35c4a" + - "60041114dab72b0623b99e2758f6a1e97365279bfba0eb1fc8952ca4f2c6" + - "fbffd9f5fd7dcad1125b18a796981b5ead0b6431141315898ace96f0d38f" + - "865698df8822ca7b65644b6b1f0a0f0d2e5850d4c93ec48ca3eba1b919e2" + - "4413a46d595ffa427715e499db3b7b9ab53c64abec7302bc737a5bd124bc" + - "da756abbca132f7f67e6989e09bfb23b497da31bf156bb9c69ae54588df1" + - "7420e8fe989f0472c8893b2bfe57cdae265a8cc7aeb39624167a567a6fbe" + - "bb1aa30c3dcfd14f2808a070994085e6e1fa79021e77c399f90ab1f995a7" + - "baff672cb693bd39b798b4c890b7d0a57978d6b9bcdc5bf3f4d205f8f24b" + - "2b43d3ae300a96971c9182be297618b9adceebedba1ab0f324b01d23d7e6" + - "35f009db3dbbc643c2d787567594bc639bfd78c4f3e6d948caf06f013423" + - "eb3c764666b58f886d5d28137c053c2a28535efcea400147e92ac6753574" + - "3b47f9cb48852abed1d057647d5b1c6f334eab1a813401fccd3dae332738" + - "776bb223e359f3c459b5c573ba64fa945bdd66c5ac0fcbd53b67032a7b80" + - "25f551e8d1fd2a4291bdb7941cbabe3a09765dc263e2bbb6db7077cc8fe6" + - "790d4bed5e36bd976d1e37dfdba36aafcdaa10c5f3ed51ba973379bcb8fd" + - "203d8b7282abbd271ecf947e54486e8653b7712c9df996a8ad035f41f29c" + - "ab81509f922c67dacb03f25f8f120cb1365ab3c1c286849c2722448ba9bc" + - "ff42a6b8a7a52f2c79b2bfcbdd22ef8a5651c18879a9575dac35f57d8107" + - "d6bece37b15d7dfff480c01f4461ef11f22228792accda4f7936d29d4c56" + - "cbba103b6d3e6db86e39e5f1bb9e9fd955df65b8a6e44a148620f02b5b90" + - "b2be9e5bb526d0ec75b1e723e94da933a356d7ca42d0ce8349699f730b8e" + - "59bac24a6b633759c88041d29399ce60a2ca2261c7eec1acb9a56e0e65bd" + - "e37653ce2cf7eb83a4d019c755bdc5d685b6394ecddb9006823182dd8138" + - "a1bf79a32d07a8e5e8ab221995c714e571b40bb255b79e328ab883542c16" + - "4899fffa16eb3296f310e302512352a864fd809beaab4169113027c6ccca" + - "99a92c6ce35c30f9449a3add70f10db1ed08078e8e6cbaafef630aab7e9f" + - "c8adb09c18e33fe1af3620d1e4d069ac11325e23cc18e5519a1ed249caf8" + - "ddba871c701f1287cc160019766988f63e089bd9bf1af7e6f5b9002e3b6c" + - "264d69a8bac16914ab55c418d3a8e974677cdcbea36c912e90386a839a37" + - "77b878e680c07c7cc99f42a7dd71924babf7fb0627d1f2cc60d9d390d1e1" + - "50d47386be6eefec9ddbb83b28fa7e2fd28cc3867cbe42d13b00545af8a0" + - "48cc07016ec79808b180e0b258c564739185da754f2e", - }, - { - key: "0d41cb4ac25217feb20e86fc2490e8d2ea2e8225c051252a9395cc4f56e1ae5a", - tag: "42df9f9a59d6dc05c98fd9e9577f7176", - in: "01caba7a19cdb09dc0ec6c522c61c628eacf17ef15485aa5710fed723875" + - "2e4e8e93dd4bbc414e4c5620bab596876dfbea33987e568ddabf7814b318" + - "8210a5f8d70041351e4d8410840642a29cc8d901c25fa67cc8f9664ea5e1" + - "9e433eaff7c722d0258ae112b7aca47120aa8af4420d4412a10732551db2" + - "cd3e0af6e5855d5eea61035af15a4d0d898d04033809e995706eba750a7c" + - "ac07aaa0dc71477d3020f778d0347f1a8e37c18540deb9ae967e734c0264" + - "df0e1f52b0b5334805579ea744c8784c3ae0c3ff8217cd3f53cb747f6996" + - "f3d2147699799e649061b205f97f7992e147fb20f21ff862c6c512e95534" + - "f03075e8e52f162e0d70d7a259e3618474427f400f44f75198edebae6e40" + - "a2173257d114e1bb5a13cf419c821eb124d90e89a938d91f4d2e70dfd1ab" + - "60446f1b602614930a329e98a0c30f107d342281db25b8f8259933e14d20" + - "8bbd991e42969e8b0600272f9bd408483cddfc4cb8dfe7bc19be1989c7fa" + - "129d38e1078d094b82e0a845040ddd69f220dc4aa2b236c44101d7da7779" + - "9827a7b037561b51e50fa033a045571c7267af93b96192df3bf6180c9a30" + - "7e8c8f2b1d6b9391767369625015da02730ad6070df4595eb8099bd8e484" + - "59214310cb62c3a91a4fa8ac3b3d7b2017d4254fb465f0a248e1bf45819b" + - "4f0360f37c9a79d405e2bb72e5c25a1b4df192cfd524d61e1e8b274f2fe0" + - "634c73f0653c7c9e9062c9d081f22a8b0327897eed7c6e870f2815bbac8f" + - "585c1bd868759a98dcb5c3db2f6c53244b9cc494a56f28a9ba673167cea8" + - "b799f37049ee7b0772972b3a6603f0b80eddb58ef03f916106814d72f000" + - "250b3573c97c5c105910d79b2f85ad9d56002a76a1f43d9d1c244ef56d3e" + - "032a9bab95fe3bd5dd830ad7d7e341f28b58c0440658f7fc2ca98f157708" + - "1c647e91432cb0739d9acdbf973ceb9b0047634d695279e8837b04dc5357" + - "f013fde3c55c9c53bf1d817ec59a1b18ed0ac0081ed9bbb3bcd1a5d3634f" + - "50f7506f79dc6a4ebfa640bf65682fe9aeca68088e276937669250064de1" + - "c19ad6d5c697f862114d0f81d2cc52be831ed20d3aab1e41fe6f476b5392" + - "af4799392464c51394c2d1a8325ee2e84f1635d295ee663490e538eb338c" + - "7126a8e731ad5c0becf144c7a9cae5c6493350b589385de29e1a0ad6716c" + - "346ec4f0a31ca5ea35c59ab6b099f65d7f0b3d00925a1da1b5777c029aea" + - "9679e895d7100645dc83f81d82a6174beab2357f7888ea640900cf3ee67a" + - "e0724a123919d78e70e05288f67e5e69ffa6f345be8a96e58bbe260184b5" + - "ec5c0c1354cfd516ebdb8d420029137d41b029641959cc07fa7b4e16b39d" + - "17f36b2367057410a42e0550e9ec1dcd2df4604d52d4f9dd1140d57af08d" + - "50e1527dad793b6d649324de799754f755818bf10e6d1ab614958dbb24ac" + - "8e2c01270a90ec3df4379c3f509b5ef721b0fd4f91a1bdb8127ae4dc74d0" + - "75f6cd8bb28319d6f8e8d8ff64fb4a42d646e9365156c6bc72cc46e9cd1c" + - "f9e735549e3df9a8e6b5fe541948b126190117db71fd1d61ad84be0f725f" + - "20b99eb141b240326d399976c4f2ce5823d94649a9580e1e8820bf49184d" + - "fc34378a60bea89b12aca69cb996c17847b7fb517cf2d51f16d78e3875ce" + - "aa33be15f6a154004f0e1134c6652c815c705efc34bcf35bd7743d28f0a2" + - "77d82dea4709dab41fbfb4e0cbc118c17aa00808872f0edc6437c357cd31" + - "74a02aee61890464e03e9458853189431bf5df6a0ad5d69951e24be7f266" + - "5bb3c904aa03f799fe7edc7bc6779d621cab7e520b5994f81505d0f01e55" + - "96e14b4c1efdf3e8aadee866c5337c1e50066b3acc039c84567b29b7d957" + - "683cadfb04fb35402acaba631e46ca83dbdd8adf28e377ec147e4d555a21" + - "e6d779d7c5a3078ab72702234d36ca65f68bd01221c9411f68f32e16ef04" + - "99a20c2d945fa31b79d9965853d38ada9d48eead9084d868c6bad974b0f4" + - "0956aa0fcbce6dac905858e46c4b62c0ee576b8db7d484a524e951f4c179" + - "decfc7d6f619e86dee808f246dd71c7e0b51d28bc958110d122fa2717148" + - "77823242711632f6e1c7c15248655ced8e451a107707cec8c84929beece4" + - "efe5503d3c1763d0ab7f139f043e26027d5e52a00d5414dd98a324a8fc2a" + - "06a1345cbde747f41099c3377b86bbdc5a17c8f6e5b773a761f78573832e" + - "4359b143810361dedc79142fffc49ddc0b32f225d50d360ceec3920fb0ba" + - "0693b644ee07fbd1ce829e223a02794b197614061c4bfa46112d105c2b7b" + - "4efea448501d146dece44f6640d674d5749db498b32969de6e165e705a18" + - "2aa1f3d8e16892b0120337640d52c9bee35e5b4b17f03eaeb31205c8ecbe" + - "1ae1b110023016e40ee87370a65c5c20bfb00f100d3c6c1de6e4a1c90162" + - "f25bddbf300ed637330206788a4ff96903f971c9618493ad074412af625c" + - "ff9e0f8f183bbd5e96c1f28307e6cae8b50cc0eb1a3a8154e44e9de947af" + - "002e4d1098d6b0ee3f2e71a10d03eb444729c42461283f37be8af2ce81ba" + - "bac246a05c2c94efacc43f0cf9ff3df38ab6fc1648c796ae7026ea95752e" + - "b70873a6da59da10d8b5316126431c4a17289466e95dc739c061d7a4b13a" + - "450809479eef421bddcdade77a6df133410328c754af8999a09b1a5c056b" + - "ecbb6fc2c339586ab92100f46d2fa1fa689994b36aa70703d76bf7738adc" + - "f0589fdfa6bd215339ad69ed983f62efce0add5a63fe7dfe4bfa006ff16e" + - "0cc06d39199ad60adcae12b75ca98d764502a783373da3a41281e03c2037" + - "e1b3ca7f7eb60e2b67427e97ec72d36670db7662c6daa505701fd279f116" + - "ac0ef569471f204e1531c25a4ac3ce19b6f68a8994b6f89b5abf034a6507" + - "32c7fad4206eb4eaa7cd9a710d866bf3c3f13c16faa268ae0cf4f69be909" + - "bb9b79aab80dd25101d4cc813a48d3f38d870f10ac0b6768005aa0e69e87" + - "dfc0424deef06414c9ba6f498c93c41c692a7a6221fb5595b390a32c70e0" + - "2cd64471c797ee8a143725849c1e054ee2043dcfc0b4cb1c00be21a14be9" + - "2d9a07f1b4e975d4c86b8a5c1387e6c42bf393e078fe86d24612d497e14b" + - "874485a3cc922b5b6d91295d7b79ab8bfa1c7f64b51e761d19bb9da82a5a" + - "a34aa469699036b6b2c55e2b84f84942f10585027ab07e2e0e562e0fc3dd" + - "36047850ded84be4416e22aa41c7a2f7d4a4d8e3dd420d746a1d8d56d87e" + - "5133a1b4380bd9a89500fd6d7e68a1ec02eb9e79e4a13edfdde1273466e4" + - "6b0e6a75f59ff6175716629da52463ad21de27f40fa2e25a566eec4b2696" + - "4af3a717dfb0170a73144c0bd9b00bed67ad8c0a146eb5a055812d071209" + - "c9d530cd4f50a41488c2238898dea8bb36b0f1496d3ea8c4ff8e263b367f" + - "64977679e697d88e5295bd97ac16a0420850d1ead9621e25a3f58925c266" + - "ef5246488b1c15a8fe0d8ec4291864faa5a67b2388b7786f47b6d27e8fe8" + - "46f85f85163e54155ef95cea4901e712a44404a4d3f27f28dd961ce36b84" + - "f3856770f07f20a2ebd34d77405beab04ddfc09770167d7d6340f494dc6b" + - "7e4c3df896bd974730193b1e862b58d4a5938e6e4ae8897dba8812924379" + - "e54f51a71364d39f76e24fdf2c6c704479ce85b456558ca6947b8fd76f03" + - "78273f0a7bcd1d860ef1defe4eea8fdb81c73eda028d82fdcb2248582ac4" + - "59eb7698a811e6c5823be886410f6b8577ff2e8252343b6ea890016ae846" + - "01c5894cfb988121059fd9c8fbc1596da470a149404fc67baa15383d38cb" + - "d17ac107b4ff3c1ca4c76b7930de02b240e7547d39f4978e0cc1fa37f8c1" + - "012b677f07bb4df4486196e9b0beb823a3827585475b878e3f6f0a2d3836" + - "2c7d34f9f3c91ed46c39cec95c2a0b6f0279a03a00ed5035b0725c393849" + - "cdb1ed3c0ecbcf3c2ce108017f468e1c3d469c03e8231d4195344ced70cf" + - "daa667252cc1554dce8d0c54eb4cf4da62367d77d7dcc02f81e788ce9f8d" + - "d306ba1b48192359cfe92bdbea9980f87ea0677d7d2082205a436cf514e6" + - "fde5eadd21b13dc836ce33b5dfb6118bcac79ae00fbb16d61f00a923b145" + - "f9caa9f3a2c7f0104f8b052e390987e57c8dc80cd5f0358afb0111af1fc4" + - "e31f92bd832ad35fd2e0bdf768272de52ce0b152f74d43a8973ad516b3ea" + - "f5937ec8a236ebc86adeba610de0cf7168453111f3c983b64df07678cae0" + - "a75466ae15adfb127328e716448cdbd2c1b73424cc29d93df11a765441e0" + - "0eeed72228e1099bd20569d9d0e9e5a0b3c11d0002e2896631186483db61" + - "c1a0cb407951f9b1ea6d3ebc79b37afb5a7037e957985e4955979b91fb85" + - "61ca7d5e8b9cdd5b7ce0130a880d9241027b011fea7696b0c695d4949ca2" + - "d0cf22d44b9fee073ecaef66d4981e172e03ea71a6edc7144393bfea5071" + - "2afac137f091bae2f5700bfb073a6d57fddcba674a899d7349044a10aadb" + - "2e7f547887dd2f765f394de5dc9ef5dbf1eab4d869be8cb68aad8e2614ac" + - "37bbf21ccd5a832ee09fdd07ce50a580a2af36256b1046e646fe3dff6d20" + - "0c5110f1ad1311bc39b8114cd11ecdb87f94df43d4f6468932fc0ed892d0" + - "3d8f3db3f8323ebb29776ab7d260493a36700bcda668abd62126a8189e91" + - "df2d2970ef688d4e8172fc942e69ba63941a36b79ac546fff38f5f7d1176" + - "57612a662ea38134e1090c3e903c9adacdeefd3ac2a0467e9f5125058c19" + - "7b2260d2afad2b0e627a9ae52cd579ee27168065658089e1b83a2d8cdb47" + - "e08966e4ec0018e78c4d267f9575b8fea2a42de5c2d25356fe4b8c9cb1ac" + - "daf0d1af4bf58b9704cd4bc08471e3b9a0e45a5693433ede2eb1374bce44" + - "1f1811cdc7612d7bb61f4f34aea0a44757bbcc12a55c1ba41a7901eb004e" + - "689587a38e5b4df4574ddcc7b2eda97f6e480d7d39f45247ea3b03c90a93" + - "0dd168b65d52a59ce9c2cb4e860cc6aaa0ee02a58d0c8ba990194bce80fe" + - "8c34ba5693fb0943ec2cbfc919e534cc47c04f502b6c217c2f860d1d482a" + - "a016aa02adfc2bea3171fc4e27e2a262fd37b824099aa227fccca508f778" + - "b8c6ec7aaff1d15f6497753f439daa9e52060fd6e9e056e6843d770fb057" + - "6d9e2e782db4843c0c2c7f408a17376719a3c5cf9fa08f04f8a779885a16" + - "5cf93ce404be", - }, - { - key: "ddbd5d6c5ebd61fa72b453dd849dc302c98a0f3e300f4768bf1dc698a3827dd2", - tag: "af608b71a353e63c64911558baa122f3", - in: "c67e2524b0de16483158a0232078fadcf611e4fbdb9e642e397b21222423" + - "cc2ed42ed34ffcb178448919ee337eff9d7d691f622e70fd3317cfd271df" + - "fe6a9d9b7e07db0d20813e2331164a654386db2ab06ae2983bf2460eaaa6" + - "3aa0171fb87afb82e85b40d95c8993b2039d32e9d38473dd13f41fb1ff1e" + - "261752ab004b221a4472b9b1a0e139f0c999f826a26a7e7df362b0611aac" + - "fa83c55cca2f7c0138d2c30313c2f6eb357278328ea6ebd6a5077947e18a" + - "a97c34b9dde3b6f2de4b83778ffcebc8c9cb58756691d5e2a3d15a759a2e" + - "5050b6da937a6f5551aec069a08027d60dd870d175d2a5b5f0b4f3143904" + - "7445c368a5c866370e9426abbc1a1c5a272b96731c4128aedeee93e8e00b" + - "b450601a6d31ea279b9450e738b4a47c0dc22d2d8ed5d44257f6318e0c59" + - "b951fb6b57746062ab95cd73c23ef0a5c000a7d14c18bfff172e59b6f6de" + - "aa61b81009e803eb05e24fb0b706870e18889a9180ac16a042d12dfff9d9" + - "1b88130f045d2342fd5ddc5f443681c31090459f262d1a65654c55251fc7" + - "d5a67bd2e62940ccd606f3e50700e4d1e992a3fdf0388b9ce3df9de6dda1" + - "5c1cd6b70622ac062dcb7ed7058872c00ff3df94032853927126cf6fa4cd" + - "c468d91c9b52dcbc272fd7ba920dcd3ea1e048af9c3286dba74d988ce9ce" + - "77174e25a87935352721dc23b60a9549322fadbe6a00dd1197dfa25b33fd" + - "9e5713afcfd0fae6dbcf27147fa58d995580d7e0a903c895752fe9819f5b" + - "b002ed752719552d0f3575312f2e618173a8ae7c147ca64a709053e5d2e1" + - "2f4d1ea337afa9ac4f9ba62760046ec1e48f4ed8f6df66786c9fd9f5bc7f" + - "9ca2526e1327b042f4657c405757690e190c91f260dee2dd3d2e6616b721" + - "e489c7c3cb828478a3d953b88f09904e7927cdf6dbd6a5419eeeb83c0be2" + - "51934a80dfe61e09442f0761aa2d013e10aeec3a32df204571ce8984a430" + - "9bbe30ccc91977790bf0305d2651ee450b749c3e7761534e45970e70a0a8" + - "473cadbc88f096970c275f188c9d2644e237fd50c2e24c1eabbf7578e80e" + - "6500762ac513fcd68cf6f8bb7a9d9eedadca059d9ecec07fe6fe7792b468" + - "9311861728dd482f087c28374cf9c5ea20b2c8630029e8485fa6fe518c74" + - "ef77d44eb7526ca764e50b5f34ed0f253a91fb2af6e59338e2af6e041e01" + - "084e1efade1aebb7d1b698ccdb8b4248ac89cd40d9517d840960c08f5e86" + - "88d8ba2b54889c1870d315498b70e0e9720f2c8c53a3377a8c0bd2d6a1c6" + - "f17c6ff847eb14def6855dc3886b99039e528b421ccbf6064e39263f8f3d" + - "340d5d20b1b14c264ac2310b5f3a0c6f0c1006d0d4f1a69af68d28ab447f" + - "cd17387e1fc98f164982a6d05dd32d6b4f0f1b04e40c6c6e0fb4467dd6b1" + - "0c5a9c92cc8c2bc97ef669b6d55cdd0aa8a15c46af954359165949012713" + - "4ea9f74181d54a300d3172c9f01db73288ef6a709c763a4891666d0baf88" + - "8531dcc77f0911412d096aef9033fa36b5c1ed283b8b5c109e45b5cde911" + - "6f3da2533fa0ab81929bd5783271d5501a9e4fce2aff9eb5a70a4215b253" + - "46885d7e4225fe34bb55b309a114a312693d60ccc61267359a8c2dd28141" + - "226e7cfd99f0f12c69df57d75dd790dbabfe3145f7fd1a24fa58e03bc2e2" + - "6ea19288af4929e5acc517d8f52a074745ff4644d94179eae6ba7d267292" + - "bbd2053167a0da9be5e4b6cd0a4200fcac5182d9957dffbefa857e662b82" + - "fc3a7cc32506e78030ed5c5d448d7f1b4fd854a735a0c50016bb85e6e716" + - "0f87527bca0de235f4b7dacb75be84919c15a5b8cf6bec035795cb67061b" + - "7855c2134c1b1bfa6affe04b7db239f73af6ea9c02bc9f7972b7f6400b6b" + - "838f4653aefc42179c21765e3ca7a5e96b4402ff544d4bc2332756a23500" + - "11241dc42ec6848afe127c00b9c333e69bb5a54ea5c7193e59ea22bd6d32" + - "af4f56b1bd2d5982ef7d9c1b02d7668525e4e81b68a400f7afc2653f0f41" + - "a03e11c7a02bd094830093481afbab96397245b9f37a568ea1c4ae248cdf" + - "afc87f88b1fb5dc300d8e9039af4e6e701b458ed3f32d693f2e869b76bb5" + - "1358cbbe5b5089013bf452734388a176cccfc1ae9b7cff603631ca48e129" + - "b5c9573d4e379547272cce8aeeeb407d3fc57f782a0eb5fcbd41e6fb13be" + - "7e4f1067cd407b42a6121b2969c384916ba2b32563e659f52aae09c8ce2e" + - "3c500fbb7e58be74cc1592dcfacd9f0d4cea1a90a18658147c81cccf6fb3" + - "078ed27f369e7646f551386a74e1b07074d93e0c1f298c761af46cdaae9f" + - "f4be86808b66d0e228016d27a3a77c843365cb847fddccb0bbcfb3b9008a" + - "1bacac59ffb0aa759a0568c72c556caf0ac1091431b574687c5fc7bd486e" + - "963e0fc3bdc828d988734a21070747c955cf8dba2df1c3a0ba8146cd58b5" + - "91b6d54712db67a9851b1607c8445bc97406eeb7488f5f85e547850d619c" + - "407f97632ca1801f52c09c2b314b4ab0f8e7fb5851fd60852f4666913ca6" + - "bc840c1ec8f8f06caefdbfbf02ce00f20b87b14ba9e651c80f40a31d0306" + - "403f541776075fbf23733a6b19e3b44d04b455b29ef8effa70cce0c59331" + - "7119abc07aa8c8d0246a760b0b36a3d87b244e83bae8a745b8277a531298" + - "f5d0283498a509c89898ddf0f7a7455be1f8a6889c46d323f1dd18c3babe" + - "1751a05f871f0639f50967afa46c19cb93d9c2a79c81e2436a7a62f225bc" + - "37c90698640f5b43673e1dc276de05ff1e29acdb4ace5121659db5f23c49" + - "57aae22f53e6f2cc935824fbd07c2ac87672eeeab895c3f06e09e178560e" + - "2fcfa7097f10201dfb8b1ebac08ca806c1b3ba3aff9284846a1a3beada53" + - "e9f7ade12eb89b5591f462b2543bb4090e081fee9fb53bbf821dc92d6b16" + - "fe820ab2ee4b1f6c0b6a6f19edb0bf6479e257fc73bcd60dc2261d0a4752" + - "e23a0be18abf355f3065177d8c3c14e21edc178d0abd1b39f703e6335131" + - "ec90cba3d9846cee7354a06c320a3f61b8a269abc7138831614f57ca6c19" + - "a4a621142889cd924bf4ffb82b57f871b854f3157e8874c22d43a5726900" + - "bafbb8f2260a1eba3a462e23d4def2ccf68ebaae8e52739a1ce67c039eaf" + - "9a6c3232fbb5a91d1e59a8dcd3798ba71345fbf83d09b83b41cc49d5ff5f" + - "2e809d2b1d5fbc1e7001ea76b9b2d8f896eb6609e2e1c5c562d2a6e74960" + - "2d67a0f6b43a201d5087509b8dc7b0440144e308c18ff8b96b607de2f20c" + - "6ee99bb05367a8b25947011889f724965a2b5c52c9db1e0622df9343c548" + - "d054699badeb15fc41055af0d79a2bfc1a5b4574634fa0dd9dd10a6213ed" + - "b6991187dc560facdc27440456a0a209fd7f5ee4fb350ae71f869723e5eb" + - "5338e3d1448bc993afca6957f4cc7b047a2c7c9593b7234725e66cc0eb23" + - "3824eb4cb905701cc522ec210950b871397c6c0bb3d0b839f2eb1a120f70" + - "36107246df4dfb2c24891bef0bd1dc131f2c9d7c295ee967e3184d963037" + - "fcc9e0b8c7011c8e04b4e70038150d34caab4f8c0230418cd2d8a91146e4" + - "4e11cf6707452ddc03d9b4e6380658135dfb48f62c0690ebad75167f4dd1" + - "c0df3ed555b5081a7b82616d9e501757c83c2193d0f640236d59f9c97a4a" + - "5c8bf532aea2cf5964ed2dbd8a70c01ca5c7677224cf2a37f3b24d8fe4ba" + - "91cd3b5033715de227de51deed15afb8eda9d2b9615d197b8f98322d7096" + - "79c5131eed48050fbe0145a9284e236605c25a4876e2adba42f4e35a8949" + - "3d59bbf44b3338d9d2e65a7d7ec6c863cd47cae9e23181b07298078a5e9b" + - "06a5c7e1059f474eb1a4247e8f02cdd4efdca67d22035b12abecf9b15982" + - "de4932a28e797bc4de38442cff2cba263eeddba0ab14fc706dbca04eaca1" + - "b4cc13000a10e35b32461424809b299798e4d8e66c92aa3181c5df16ab65" + - "9611cb625e895a8021af8c60960227d6f2ebeacb17b13536a5ff139734ef" + - "37cb67018ef9a410b856e6f6eddbe3f59b088d538c50a8f3f0912d06e47b" + - "88d773069aa759cc614e1f53cf6e572c127123d1ab56b79ee753a921cb22" + - "a60e4e6cae768c9966de4e2625484f2e990154da7fca84b6e6c0b59201e7" + - "fb8a729cb20b4c774381e84f1bd6e304543d952dc76ef741b72f3a4ca7a6" + - "ea7958b8b6337994ed82dcf988eb70f509610b9a279ab4d0f28cc2b2dd99" + - "3b8637a6be0cb4b5f67c79654c6b15e1b61120374ba9b974a628c547f11e" + - "52d72d39f8f9c5dbfc23a89f22d38984dd8d5c3ca72cd54e6adfe2b3d163" + - "86afdb50967846a4c311351a51e5fd322757bdb061d44c8796a61fa4db36" + - "793bc11984eac83bbcefb40d0bc7bab0ca81e7df3a7f58c6fe800396716d" + - "832acaddff6d72c8e19dc9ea838294ead800deadb6bc18d3e399fa76c46c" + - "5d88ee72a86a87399423b0578eb6e27d78156ea2abf6f08b5cbf747f2f74" + - "5301b694bfba84bfe3c5527acd50660eea5105a2644c1aa92f954a604fb6" + - "a1b3b2d0331497deafc3aaadc7040b9188a36cf607ee85a0655ae963fd32" + - "91dd58f8bb50b4e46dcf7c2957639bffa6b12d895660dc0323b7a092f999" + - "813380b820e1873c60d3e3038129c66d507862100a5d5842150869e7873d" + - "6bb6ad022350ffa3813aca26c80ccae72692bed9c77c9d4da23178c57153" + - "90b5f4505240a796ec9d10a7f280bd60a570b1b693453807707651fc0464" + - "03e4768965a6f42f112152942134f0a38c84137c7a6e086ef1ab9ad20d24" + - "3b93356b305c0996ab7d02c02c44cbaf8f7e60b8c0b8c9fece3f189b099d" + - "dbd126b7357c1c4ea1c8bc1ad93db91ea9bf043a4320acb60b502bec37b8" + - "6b2a5004b8225e549e613c6f83b97b7e4aeda1b013e0a442d7ce2f14e78e" + - "a94bab700c9ac0abba945e28f39fdadff223c4498cb204f01ddfcb450a41" + - "f32ae47f99a49114c6646a5cb103e9cd75f9d81dba417e48c4053e3b0295" + - "2267cd30589b0f5d993a5485a6ead1ffab9f2f4294c5853ba76383a326a6" + - "a42fb8b78948aa49f0f1f614bd0a3fbd2a58a3197daf2094605bd838285a" + - "1260f1265dca74aadd95652632335fd17cafcb73b202c3f0e5da836c2dcf" + - "2934f005935dca80154af43fa34c8ba440d1581b74ff17dfaca369dc9aa6" + - "734c03916d78e1b952691cef918fe033d33f7f4323cf724ffb8cd6c219bd" + - "046e9f268eb0601098e93daa59dde370e46269dd7c54891f71bee2829a53" + - "df86a2c7fb1046cd7c98fa21cd83597be554997a70acebe0b6e60f1f7098" + - "6f65adcae24385cb7102bdd3e01300ffd15d00f9764b3a5c51e35e5c9cdd" + - "da84f4b656fe514ec4ff8dcd774373f8a9103cf36abefe875f7084b9bbd9" + - "42e0c997ec2d860a4b622ff1a39a628582fd81f237d3d8f6843d26ac77cf" + - "bd48003e8e8c591ff813a9a897e3149ff0297ff476299d717e54d885cdd4" + - "4c3ba6ebf54bc7a1", - }, - { - key: "b15578da1020f662ada0ad4f33a180d9f8ad4991b3720bc42a22b52625c7414a", - tag: "b0e4ad4a010afd6dd41ed82868cda555", - in: "6d2afb7a9154064341bdbb533f11990d4987e7c90fbfc0167c1e58d6efff" + - "6010f7ed569dac62ad37183b0d384519ebed0bf9c6e05a070b4858e6b846" + - "547ab5e45619c866f83cce83dcdab6a8a6c36b115ac832de1c6d433b94fa" + - "35803fa1a36f1ee114f8632402a027a74ac110394f32ec4006beb0057f09" + - "a94dada8bd0d1ca9a14b1f2efb8f526d79d6438bbbaac0ca1a43935627e5" + - "d129d52c06bf6413af07513bc579447eccc3a9406645c94dae59dab98d6a" + - "f92fa90fd4efaaa4bec466806ed401d2083cda587139ad7e9ee2adbb1dfe" + - "a88b59dd788b954a0f52c3854a3fffecb4bea83debbb2f5f8883e6415d3b" + - "ac1b872df1afe185468adc59364c173082f1dd6da9d348f5f5ba2d216243" + - "23de1f623eeec875bf31d12acec40dc0c1b9562826f3105cdad4c43cf45d" + - "829aa8b14012c47847aef7a2a6e3935fd972235f5d3a7ce4ad3582785393" + - "602e2e27329914021eff38ed2926c88acec1551f17a1b818fc1c3ed4b3b6" + - "6825d55bea269d710123b52e12ca9520a069d9c6a21df3a0253b3a4a6a8c" + - "dc226d667541548834da6bdbbdc165f39e40047d4b647c507d981be17b3a" + - "836063436241a8bb46b11a2867b621413c42d838e4578b72cc1982e34bde" + - "c303b5575ef4b8dd9fea8ed5bf69539413909d03461d3853b5fbf714a61c" + - "769569f42b38fac4b849104e2f2ac1dad0e388646278789f83e0b0511571" + - "019d3bfc5b03ca4cb5564e4e75e103ea1b6000be6588e27105d7cdc2d2f1" + - "f680ad34ef823ac4bd4068146e9997834665aec7dcc7a82ff28d85d52dd6" + - "9c18dd35f326bcf709f74df5981bb90ca8e765fef9f0698a19e12220b287" + - "24a6d9e4f4c7ce93f8ca9a126689ad1df820072557ce3db246cdf41599dd" + - "44ca841bece6c7869358005536e1189aa86b764e890ef90970d6e3831def" + - "fa890bf8692381123924e7d9df804fd770a0a30ee97d5dcdca302833efe8" + - "1d4b2505b17382f0b3429b38c41269ac95e36e9f5a1dbc6e6c8963741917" + - "02a23198decb4efe6809fcbeb5d0c9098a4c300155dc841610e55c8a6e27" + - "2a38a39de3d8ebf38a750af25836ffb1bb7822bb98886280f0cab6838c01" + - "cec57961bdc2e1bf158248309ff9294adcb962252b1c24646d132a3be2c9" + - "1ff82e8e101facbdb807826cc9d1840a90874ba08692e808c336c9d280ee" + - "f36a43a75c746fb864f85711e802546ab5cc3f8f117904ba1a85d6e4b729" + - "85122c5041891e16d55b93d6fc1b7fcfdc80ed3d72d55d64b8895bbf2f8e" + - "d188684e7e89afdc1e6a7ab9bd1d3da95d68698df2cdcbb2e1a4ae70e2fd" + - "dd4760f9e5cf4255eeb1e9e8009ab507395bacb8b2177e7c5757ad02baa9" + - "a96db967d20a150d2dd7f3081d90675fe0c82f94aa3cfdf6ac5585583901" + - "7a8e122170cc817f327a3c8ef44acd6e4fa81b73bcd0bcb5792eed470481" + - "152e87f7a20c3f7c69d5a8199bf9bb7c7269b450dc37a9b22102acaa8438" + - "134d6d733d231cee9522f7d02fbb37b5818ad3ca72df4752230ee11392ef" + - "8f8219be55202bc3d476f5a9078b32fb63d42bed4cda5ef90cc62467bf5e" + - "418ecd9d5d0cf1a33eb9a930e652ce96057fef40b65588aac67621d651a0" + - "9003dbc3925912e385296cd3b2b386a44113308ddf2af52ca390487eb20c" + - "716b76d78ad45129e7c285d918de7107ea8c3b0cfd9e73933b87c0b2b505" + - "cb4c95794f2ee6d6d43e2e76026923a0bbfbc3bb22df9ad729452283ce62" + - "dc9b26684fd45e07650581afd73713a708869a069c58b599ab478974f206" + - "dbd3e4e563e346ff1881723c5fd440bdf9f70f761c6f746113397d7c04b6" + - "b341d7e44de7de0aae79badaaef5ed372ef629dffd52926110683ab2d4da" + - "a4be83eb86c8700703a660edd5a5029f66f1581da96fe1feefc970ab4086" + - "a83ae02e959821967bd27b3b629652f5bc3db2b7f1af674f9f3fb3a788f7" + - "88e6dc1722382971831a7ed72502f85b25888c1534d81c0a4f7351ecc40f" + - "4e0412e05718403fae5746d313a78c80ac297f1391ad389070410e1330a1" + - "b07d683d1c795bda74bde947f2cf0dc9638b5d0851cda27df030403816dd" + - "3b70f042888c9c192656cc4b9fea10b81b5347900d9199c8f0f47d42f2ee" + - "482b68acfa5ff47d9950c950a926a497d94c6a796e0b715416520bd6c59f" + - "30217718d5f1d7bf7c24039f6467214ac8783cf011b25c37c67dfddde426" + - "40afe97f94879f4586954737b86701b32d560f08caec3fc45184bc719c7c" + - "5bf699074fde814acae32c189158c737665a8f94637068322f0c23ff8860" + - "f1b1c1bd766440afee290aa6f7150c7adefa6d72a738cd2268da7c94788e" + - "bb39002e9a328a51f3a92dc5c7cd9e4faed5702d3592ad16217c4978f84e" + - "af0fd2c9e4c6f4dcdd9112c781eb41a9aacb0f7935bb5c92d41e67cfff6b" + - "991ccefbd667ffeded1de325da50c33e28e2eef2f636c9726dc5bfe753ee" + - "c7bb6e1f080c89451f81bc8c29dc9067ce83deed02769714fa9bb477aca5" + - "c09089934674a0cc8e4b2c3136b2e4af8040cc601b90a4dec898dc922ca4" + - "976ab5ae4ac5af93fa5b1854a76ac3bcc2090bdeaa49ec4f319cf7c7b674" + - "6d8e617abb3361b28b27983dd1b139ec4f5af7e116439d7ecb16534817bf" + - "264dbd8f59e80b443be12c17fa013c7f4d029504c9bb62b296c2326f4f49" + - "cc3201b70ac3f62abb683c630179594a6d4cf30fd55b163bf8d01986bb6b" + - "cb7050fd527f095c45661920268e56f760fee80a29c9d37b7fc23f608710" + - "1e723038e64ee1b91c4849d69bd95fc9bc24fc4a234f4855f2a203e3f699" + - "c32698585c83781677739f2c48697c93b3388dcc64aa61f01118495ded33" + - "21ef9a1c949481f96005f8d5b277a7d6a0d906ec304cf4292df172e72d20" + - "29ecdeb65f06267a605f376804bf7bc5b82d5c8facfe7e41dc10806d27e0" + - "bcc5a341d80b3c1532407f75088716d732632cd88b0037f0d829bf385fec" + - "b52a202956489f61f16b0f4781bf59068b33d7330571d0b4a6ed91830258" + - "e1220b308784fa155be9bc821f5c0009a33802fa66dd66d1dde997dddd97" + - "873ddf65927dc1be979af2b5f110eee627dc1e210326ac20544a757ac168" + - "1823f3dd04b1ddc4bf96677a0a87633994e7af2ec99b7d5dfe44c6192be6" + - "a6e69d17b074256da3947808fbf68c7506a7e2c99e6b64d1ffadbd6285d8" + - "e7e032e24d42dde0594bf03fd550be05e5d66c91a660cd1ab7cb1f43fa9d" + - "69885203a7aee35a28f117427d7ac02b742f53d13b818f8631081b1730d1" + - "5b4e1e283cc8e5c4fc3b4652fce05fd8db821f99fcf93e6842816a549791" + - "7f6c49cc53d733788b2fe3c687de58bfe6153c70d99380df1fd566a7c758" + - "8052c62e73340d6a9eccd2ed26b763d518f3a0c4d6362212fbecebb4ffb7" + - "dc94d29944fcc4ab37725b105aa7571f364146782356d8ef056a0be93a55" + - "0c890df8fecc178776fe40703ad1bd2443d92c420be4306d99686592c030" + - "fd3e2230c0b48d8db79002e8a832ef27edb53a45532955f1171203d38414" + - "b4692e901e9f40f918528fc494430f86cf967452f456b01846ac6a383fc0" + - "de2243c7d804e8643aabcb78e2653b145f400a999670217c8da43bbb9c11" + - "e074176424be0c116c304a420120138e901eca4b12ce68fec460b23bc0c7" + - "765a74fc66cbda0e503e7b1baf5883744e468c97c5f1c4b0acc4b87de9f1" + - "4b537405dfb28195439d1ff848d9cd28a8d375038ebb540a9075b7b5074b" + - "ebc18418a370f1d3ac5d68f5d239513002ad11bfc2b7ff53e2e41ccffc4b" + - "0503acc4967c93ae8590a43439b5e7987d10cb8d1957bd9ef717ee3d12df" + - "5d6736c1d8bd8da102337a94b7d14f830f6c403cbaf7925a8a2a7af1311c" + - "57224967a38f6ca374013a9819c55fd2e2a5fac4f2490be5b059f4cd9c60" + - "2d62f80789eb8d9ab893c7f44a4945e41886af218179dfa754bbb59aab68" + - "13b71d2202eb8fc8a425625d21176a28a620e21bb0dad820c0b7051ce8d1" + - "3a33f3af0958bb6cd89f9d6414ab00ddd1d2f9fdece9183d0c05fcdfd117" + - "10d250e4b2029e6992a88293d0457e73e5b1b6a1aae182c69b9cb664992f" + - "073595ef68117026ad7ea579a4043cda318931eee7b2946a34cdc7c9755f" + - "80cc79a2bfe3ed9c79dc52faa5126b824868c965eeb37e9e4e6a49600f3a" + - "cce93c0853b546edb310dcd16a5755f15b1098b2f59dbd2d90e2ea8360ba" + - "f12108236e854465456598ae2f7bc380f008f2e3cd7c98c87643cafd7c36" + - "d40e2597236428d46aa5b260f84b4212d5e26804086adcf00363ce4becb4" + - "9b57eb2847b2f18ec82c99714ad4ddfe4ff3bcac1d0fcaa32660a1dccc68" + - "5bed83254c8e2ea0ae3632a70cfbcbeadef922d78a006d43ac7ab1f8a609" + - "c6e0ebc3ca6bb8430f1a562f41010db74b9febf931ca794fa08d1bc17780" + - "532ae76f25c4ee679d788835dfa4e70ca154c9e2865c3750ffe7b837eed1" + - "972be058fdf2bdb3eb301867bb132306c7aa237f6771d60bbc56cf31cb30" + - "32a87204d454542de747418470025ab84935d3eaaca01dbbdae9ef6b5d3a" + - "ca62ce9f871a3e1272b2b671582c096a349c00f32d742ddb17993994d8ae" + - "fc178cbcf9abc03114ff2bf7db8f757c63d6898faccd822f5c2e9a7570fb" + - "9cfff148570888be24ae42644c1a5bebb6f6287147a4bcc01c7675be9e4a" + - "897519dd3132a7cc2e778f8c90d23dc8073f6fa108d7ef82d561794bd9d5" + - "f1faa306334f338ac3ba99c853f79c24f7048fa906fde87d1ed28a7b11c0" + - "66a3bb98f8d21055aaafdf7e069b77b60b3d5cbe7c5e4379c7651af955cd" + - "82a19a09caf36becb6cd3fe9e12f40379941542709991066df21b7b12dfb" + - "2416d83fcdc33bb583e3b42f24f53edf8dc7c579ad3be831c99f72bf9fb7" + - "a35b6562e824e039e6bf1adc8f5ca53846de7bae11c4317e696d887df33c" + - "525f0a9c01fc29f2c26c90b85fe82ed8bd50954cd4e9ac7c85c7f3efec75" + - "da1da4ed173cb695cee295190527edb3cb06c5dbdabe0228cc60b6455153" + - "76244f27aa56da2db10f2659090137ffb82c57233c833e0bbf22d6f647fb" + - "97b3652d2888b3ab08010b8e8a6967d560b747757806736dc98b78226634" + - "f1eecaa4a2e23ba36591acb5737d735c5bc7a2e36f1a46946927e061fdf7" + - "7a3b68ef582c26b01f5aa9a438ecc26c6941221d1590c838072f9e471fe7" + - "fd59dacb0d092d40d76ea2f7c6e954a132a015bd4cb31147f3ebe4518322" + - "916438a62836ac85a4cf4492190a85bcc8edb37e38b99ea552d749c30f74" + - "ca20c298165e8ed02d4671e0b41cac3a32a345b9349ad22c2a4bb2c16a4c" + - "e0613ca0f0518759f7d2b33cfad2fae764f410d4d9ff8a76ae02a8107e7e" + - "01d9cd0552676b85ba002f19c01ad5f416d1d08bb84fec7c3555b098dbce" + - "48e1a5d847895e54db9c5b80cc22d5b87cd41a1a94be102bdd45a3cda5d1" + - "181e10446d213d6b3fdc350d486d2011d705c5f16ccf7519065c47bad7d6" + - "89c71e5fdf9d04bfb91eb1f07fa0f001009c1d4b1f6a116a570823a8580b", - }, - { - key: "392468efccff36dade31fc1c62eb38bb61394fe448def9d9d9beec2413ddb418", - tag: "e1122e7c8e6965b90addbd46d8a548d6", - in: "6a13d37f0ec933194c227351f4a19b507d93465b1f3e88dcb5f1ed1262fa" + - "58ea99ff31e6fc85c39c04129fa69195b71b2060122fe618dd9430a63f97" + - "54b52a80b3cd099f248f91a468bae211a27bdb47ba005d29881ea5143a82" + - "967c4c30c9a4f0dba1a4975e6407fe296d40023a00efa06be763f2d73d46" + - "a2901ae28b3d8ce18009a462e223b71476d7b954c138e177d15a390847de" + - "96a7f7fd0598748e86b0f08e64d915e67c7e3cf936f3dcd60edebd36e2a1" + - "d65b6ac29530c48ab3bd52d45b4f938a19b9b31e2911105a8561600d5377" + - "905a67112ec28025aa680350ff85b808c5b4c98b7b9567d03f5ed3911ec9" + - "365a8de4b15ca62adaa69e5ba710eb1756a346016c67a297d8624f9f1ab5" + - "b3fbce98b141049f0ce26c85d2f8a9cc6ca8ab6c6e148be968931430dcc6" + - "2bf58ea9698ef52a5d271cf48e6748ac9e04bc7ae7da205a1a7535478322" + - "d820eca146cedf4b2f9aa9fcfd77ab56a7276977401dcc1f96baa1b607e0" + - "256bd04ec324ec67a4313e2d5a53d3a3fb5332927929b20c63bde805f637" + - "eb1050fee2a152a0405634f55c48a59fe370d54b2ab1671dae2c7fd92243" + - "10627808e553127c74f724362b4a6ee49b697daae7df3ddc5d2ed9d6befd" + - "77fb9f68fe3041f6ef13f46f34ab682ab8563e8996344f82b2ef006a8d54" + - "3dd9c1db4979d7da97bda45e722065f8a238f0873217b783a9a629a12b3a" + - "4de437445039997bd243efbf5e3b6059b9459d395290efb9081c632fb694" + - "81000dc74c395cb507422df181aba20f776ce3fd8765ac485021992c98b1" + - "67c68805662cb4356a0ee7ba6bdae51ac10cd06bb5b2f3a72841c714c8ed" + - "bc56998fe2fefb9bf69e172fdf54b2ab138ae59372c52a67e93882a3000f" + - "d966992aa2250c6ff93e9cac89645d70625d79332ade5dab7eb1adbe7dce" + - "5a013fb65ad32fe22ed16fb9bb35eca1f37a0433c320e8752f8fc4b7618c" + - "5e4df2efece832e259ad98b895c474e47d0e3fc488bea8f717a17de0dcf7" + - "597fb8fe12e62246296f9a887dcc3a700820c190a55a4931a7d44bd3bb2e" + - "ab6c8a8126f1be93790cebabc1d69e01796e6cc80e7c16bbc82fb333fb21" + - "c774ab7db843242838e82d8e1cb8ccab385e67a4271fe7031d74b6e8edcc" + - "8ed585d1c05a365c7665899c1dbc561151d3b44bceace77c4f53c0e0f6f7" + - "74d42f9ad3e56f1c2a8d53879d695f895690afb4698472a3d52d67159313" + - "133c87823fe0500eb68fe286f8b9a2f59f12785d026dc97bdbf793c7d1eb" + - "155f1f136aae66c256583e987f718afbe733e0a5ce30d021493fb84e2242" + - "5b18754d126235ef80335004fa84f88361a584753df409360cd8bd45bace" + - "8f48156bec66577bf2c685089f5ac7e7ec76c0df068fbaa47661f8517f92" + - "e14723b3b278f151816537a7212c96bd340a00c15c9c9bc9a2a5d163655d" + - "84b38073e2be9217cad97d362d89d4baf3ce0a8d8562f19a8c97a9aaf5e7" + - "77d60456360ffb77b30f177d2809052020d141697ecf9cb65f42b9190caf" + - "6540b2c82f6e5a8482934a6a1a5711a8c24546cd8ba432068404eae5a827" + - "2e09efc3c6037af4feaac0a46329229b010ecac6b9f077a9b076bb6d9ce1" + - "38401eb38d124baa11507a994185295020bf9b754fcf78430db9253f5929" + - "87c46c0f8589c4e463b15a3840b1cea795e24cf6b20f29a630136e0589b3" + - "8dd7fbe5ea21da72c88bd8e56473586822aa3765660a45a988df9b8eb8e8" + - "141939d3e4cc637c5d788064d40a9f7c734e43fdf8d7189a5d76700d9743" + - "fe0122944663afdb88c5201318ca782f6848b742ddebe7463fd4a32280ac" + - "1cf8311e9137d319de05ce9cd85abab24c5364041c14d3b4ce650400498e" + - "122166eccc12784b7ac3b262ac0b198ffc26eeed9a5da5374f7a2a53c87a" + - "78c217ea1fbf8d38f62511657b73109f31691aef14d82ce6e1010eae9e6f" + - "a419e5c1c16c0cc70651eb3374c03549a1bc7d3ed42d60f886102c798dbc" + - "ba56f0a2b3b9b412530c35f5f7ed06311ee14571f9c26ed9c81ef38ff000" + - "2f5ef3aab7351e32049a6ef8f48a43da1d84402d229df513dfaf1b2e4043" + - "6ce68c70ebeddd7477c9164f0dce45a6fc5de050f52ec269659d5854bcae" + - "f7762ed7400713c27a4d523eaf8c136c4a1ca00b9e9e55902daf6cdf8528" + - "c22ca1f2fa7ce87902d75a6850e1a5a4592497be1bb401878f18b189b0e2" + - "c59d10705bfabde3cd2da01eb452006b294108d5d42e88e9e15424d8cd0b" + - "8ab43a6c546b3dbf52e47b59cde6a3e417b0395220b6d63736d429da3458" + - "9a2524f1629320206fa7f1d8a041e17222c4a5814561937e1030e6375c77" + - "9dc988bb928bbdbe2c2eb20111639725d82b5d7192cd3e4acc27581f0ba7" + - "286cff41f97aa5a52ea0083de5057fd2ba985aa738e4d03fcf11ebab1d97" + - "e2ac77d1c2beb8799150a421a07b3777d0b850f24194b8309135b13da6c7" + - "e38653a711e407a1811290fbb7bc15d8b12efc6916e97ead41e042a44721" + - "e9cde3388073d921595bcddcac758dc675173f38242e65e4a284aaa7e8fa" + - "6adddaf00bc46428ab2d8601205b8895bcedfc80ca0aa4619ed6bb082ddf" + - "33ec04fa5d417f33fcdd238c6b11320c5a08f800e0f350b75d81e3bcbd15" + - "58a1eab87a3c8c2ffd7ba1d7e754e607cf98ba22a3fc766c45bd6f2569b4" + - "84639e6611714119d188a24a5e963089a16ed34e20b9f154cad8ac6031dd" + - "7a3a885afc2ae5e003ae8d4e4aabdb3e51dfc423b8cf4ed9ae2010072cbb" + - "b1108c7da1ff075e54ed827a0963ac5523ecdf3fc5eee7b4d1a6773764ec" + - "5c30f41690523fd70d895edb7ca6a1806d54240c4c7b43410da73503a323" + - "90d9070ed30da3a2fb5eccd40d083be7cf8bf40b4279f819cf795b6f075b" + - "5a67a10a06a6076d0d83c72efea05f244901c4b5fd9eb380432519311baf" + - "8c81f6325df4d37ff4d30d318f904ebb837ec76b341dd00a8f247cf0bbe9" + - "6f3784dc8f5feb344958fdf1a9ececb105f8770826db1f17a5281e997951" + - "d3c60cc28fc3e66ffeb5dbac315f98f6d240208043f28dee963d843e68ab" + - "57d847f76ae2f96ce6e37f377ef5dfef2176ecd7440ce4dadcec2231b606" + - "e4a80420fb3ed135640e1f05d6bd58b8dce062dd7d36b885d424f6318e5e" + - "a0753efbb33bbc7360d2b5dfab3ae0d5e000b8d31f2ba0f5fd8b34f96b55" + - "28fff35e769461d0f03cf3bfdf0b801dcbbf2838180cb9b108e06c353e3f" + - "0b9ef61678cfed1ea37ae76bccb5ef5957ac2c8e8f4794c8145a15f1cc88" + - "bfb0881080326c481b373c3bc9b07a9b60a0c8bd5fa4f6f90145590a5227" + - "6fcc0ccc2375d0ccb571d414d1b0c38b4e02c39db4d701c5e25e90785ef4" + - "d26f35edd8c4b96455bdca7245cfefd9cfbd2f319615e5fdf07bb9564fa0" + - "44bb35a58391d02e3927780b4076bc0893dfcb4b63a32cd7a541a4a8c253" + - "0349c6e96e378dbeb66dedf87d813d0b744452c1c4088507dca722193827" + - "9e2dfa24e4a409de494acf654f44262db9206a7717fa434ac4fdc6a6eb5b" + - "1fd5a193b6043bc4327c8c09fd6822eaa9df37bbcac1077754a295621601" + - "267b68733b62dadc2563f1700af180141f29899e2689dbbe9745ba8477f4" + - "352921900b403a01c9dd042a8c1b0e0489959fb0b0a8431c97b41e202204" + - "212ebfa00c593399dbd14d7aec07b8292d2e40b48f05fcd54a15da4a24d7" + - "2759e409f4c7b5b98fce4abac6c30e4872d92efa1f96479ec30f21699825" + - "50fa60584f5a09051a00f8e7dbb3853e66ca3f05fbfe43bef9b120a25a01" + - "eb436ba8ecda715201eda72e517d628f883386c1503aa8b8e75610f7155e" + - "9f916335ab6d6f0f9589b6220cd2b81c2c937dc065d3d14a7df8cc916cd0" + - "0ce1bb53fd9c8974298d3bd316f3658aa8cc6904f073a1472149e4b08c64" + - "5e11abe0428ccb6174df2103edd735965d6454b543d3f01410f77053f65e" + - "c1d1aee56fdd3af23bcd4e1a7fcc4e600c4831007c33fe5f0c8300f686eb" + - "9b4d1e4f08fe4ddc8a90be14dc3a5a88ff96716509341d5db24c0d016863" + - "998b1859c5021df815a6f1ca9845f1a8e99dbad132b406227c5897a1bdf3" + - "e698962f799133ff4429decbef6ce036296facf38e4812fec102b76c6d30" + - "beba1b70722254fafbc471096153478c971db7d96263660209265cb10f13" + - "b34b5fd55c4abe818a5f9715d8a85094e2946b7a001b47f629e26c636d86" + - "4968ad2ab616dfe28840bd60b4b9855c8dbe1cb873fcbc4577b5fefeb8bb" + - "4832039867dc35db9c036c83bc204396e3474ddfe806c77c65c936f488b6" + - "7c1028739562d7bb055d21441af29ae2921290e548dccf8a56021385422b" + - "15da6b232b24151309a75a00296d11aa1952a1513110b0faa93d1d8cd9ae" + - "fa9f1c59377ec9165b2c9e07cbde40db7b81bca6d58fc28bae8f473cd0e9" + - "a2420e0b943a83d284108626c24ac570b1d6c1ab971e71f43fbd6c00e171" + - "238141a6dc987a60385c3a04dd147a2f8e80dfe727b104c0fdd80b326f59" + - "0b9f86fd7b2fd1122a390979889eabd803ab57159c8509a1443eb6789382" + - "090a770ae4eba03306f96e50e19a7d44c584ccc230d104548946efca4520" + - "d61de5f473e2f4eada6c8ce9c7ee975eb4f63c0483cb775ed7d3cf690a61" + - "7d6656d683a8512707d81ca5ba176a42bcffcfa692129f292607d2a47536" + - "ccaeb464c9272d6f3816074b712af602470088b253deba18771e5f67734b" + - "587707cdd06f35264b2262fd253c25b5d38ee7db287610e5398062b7a34e" + - "6e4cf7447d00873b930ad148fd96f0ab18771bc468b874bb109924101c84" + - "c4e239ecc7687d875e4d94a1a973620ca61e35a872c2e2e61a502169f1bb" + - "4e5ff5fa2bff657be6195b3e2c7151a52fc0096d98e7f08f5a98f570aee1" + - "7b4275f1356e87e080ce0e1b9bbabe7dea48b5903bc390ce23472ad64a89" + - "41c3247bfd23ea90b2dee09085571bad85568040105e098f993bb37e43c3" + - "e6d511171c77cfc450570dfb9fc6a3930ef43c03f8213f6203d545d791c7" + - "d3fa42d5dde1655038d35c5dfacc12e9dee24fe833977549eda68ae8b508" + - "be277e743921b584f9dfa0eefbd8bf3c23f51efdef7f7487001d29e8097b" + - "ba63289cfca743023d1668555a46fe6d5b7421377414df1e9ef135480622" + - "22e2e9a7baa618d88f407517f6317b6a0ba3384ace16d68631d59ea169d5" + - "092d20afc1a481b82be5e734bb092953a0a94702bae1a0f48d2a22b9a05f" + - "f64493b7b2e984f27582b1eb937fddf8512c49830435d146dcc291a4118d" + - "5dc638b99cdcbcc5860de7a92c5b13cbd1e01e051f01af40afe124346320" + - "d3626bf9d8f7850744e032a993c276fd388718237740c6caf260fca60b8d" + - "d846102e3262b6e05ceca00c6affe938fac1847350865fc858d3ddd1d130" + - "71d1221ce7c5d575587fcba580e544b74d877ed5ca92763ef0ca0d7bfa08" + - "d57a0216b2a01a2b9ec74b8430051e0074862b7be25b6766ab520f2eb75d" + - "eeb979c28f03795f6f1e4b8410beab19a20febc91985b8a7c298534a6598" + - "f2c5b0dc5de9f5e55a97791507bc6373db26", - }, -} diff --git a/ssl/test/runner/prf.go b/ssl/test/runner/prf.go index 96e7f24794..73251c6e0c 100644 --- a/ssl/test/runner/prf.go +++ b/ssl/test/runner/prf.go @@ -11,6 +11,8 @@ import ( "crypto/sha1" "crypto/sha256" "hash" + + "golang.org/x/crypto/hkdf" ) // Split a premaster secret in two as specified in RFC 4346, section 5. @@ -391,7 +393,7 @@ func (h *finishedHash) zeroSecret() []byte { // addEntropy incorporates ikm into the running TLS 1.3 secret with HKDF-Expand. func (h *finishedHash) addEntropy(ikm []byte) { - h.secret = hkdfExtract(h.hash.New, h.secret, ikm) + h.secret = hkdf.Extract(h.hash.New, ikm, h.secret) } func (h *finishedHash) nextSecret() { @@ -418,7 +420,11 @@ func hkdfExpandLabel(hash crypto.Hash, secret, label, hashValue []byte, length i x = x[len(label):] x[0] = byte(len(hashValue)) copy(x[1:], hashValue) - return hkdfExpand(hash.New, secret, hkdfLabel, length) + ret := make([]byte, length) + if n, err := hkdf.Expand(hash.New, secret, hkdfLabel).Read(ret); err != nil || n != length { + panic("hkdfExpandLabel: hkdf.Expand unexpectedly failed") + } + return ret } // appendContextHashes returns the concatenation of the handshake hash and the From 7d3a24d9dbbf117b2466871190c43bbbe162e391 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 29 Jul 2020 16:43:25 -0400 Subject: [PATCH 065/399] Fix the naming of alert error codes. Reason codes 1000+N correspond to receiving an alert N from the peer, rather than observing the corresponding error condition locally. This has generally been a source of confusion for folks. They were originally named like SSL_R_TLSV1_ALERT_DECRYPTION_FAILED, but OpenSSL introduced a few without the "ALERT" token in 739a543ea863682f157e9aa0ee382367eb3d187c. We then inadvertently carried the mistake over in SSL_R_TLSV1_UNKNOWN_PSK_IDENTITY and SSL_R_TLSV1_CERTIFICATE_REQUIRED. Fix all these to include the "ALERT" for consistency and make it slightly less confusing. (Although perhaps it should have been RECEIVED_ALERT or so.) Add compatibility #defines for the original OpenSSL ones and SSL_R_TLSV1_CERTIFICATE_REQUIRED. The latter can be removed when downstream code is fixed. The OpenSSL ones we'll probably just leave around. Update-Note: The renamed alerts will log slightly different strings, but the constants used by external code are still there. Bug: 366 Change-Id: I30c299c4ad4b2bed695bd71d0831fbe6755975a7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42384 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/err/ssl.errordata | 14 +++++++------- include/openssl/ssl.h | 31 ++++++++++++++++++++++++------- 2 files changed, 31 insertions(+), 14 deletions(-) diff --git a/crypto/err/ssl.errordata b/crypto/err/ssl.errordata index 46fae66b49..44f2ef29af 100644 --- a/crypto/err/ssl.errordata +++ b/crypto/err/ssl.errordata @@ -174,6 +174,10 @@ SSL,290,SSL_SESSION_ID_TOO_LONG SSL,276,TICKET_ENCRYPTION_FAILED SSL,297,TLS13_DOWNGRADE SSL,1049,TLSV1_ALERT_ACCESS_DENIED +SSL,1114,TLSV1_ALERT_BAD_CERTIFICATE_HASH_VALUE +SSL,1113,TLSV1_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE +SSL,1116,TLSV1_ALERT_CERTIFICATE_REQUIRED +SSL,1111,TLSV1_ALERT_CERTIFICATE_UNOBTAINABLE SSL,1050,TLSV1_ALERT_DECODE_ERROR SSL,1021,TLSV1_ALERT_DECRYPTION_FAILED SSL,1051,TLSV1_ALERT_DECRYPT_ERROR @@ -185,14 +189,10 @@ SSL,1100,TLSV1_ALERT_NO_RENEGOTIATION SSL,1070,TLSV1_ALERT_PROTOCOL_VERSION SSL,1022,TLSV1_ALERT_RECORD_OVERFLOW SSL,1048,TLSV1_ALERT_UNKNOWN_CA +SSL,1115,TLSV1_ALERT_UNKNOWN_PSK_IDENTITY +SSL,1112,TLSV1_ALERT_UNRECOGNIZED_NAME +SSL,1110,TLSV1_ALERT_UNSUPPORTED_EXTENSION SSL,1090,TLSV1_ALERT_USER_CANCELLED -SSL,1114,TLSV1_BAD_CERTIFICATE_HASH_VALUE -SSL,1113,TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE -SSL,1116,TLSV1_CERTIFICATE_REQUIRED -SSL,1111,TLSV1_CERTIFICATE_UNOBTAINABLE -SSL,1115,TLSV1_UNKNOWN_PSK_IDENTITY -SSL,1112,TLSV1_UNRECOGNIZED_NAME -SSL,1110,TLSV1_UNSUPPORTED_EXTENSION SSL,217,TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST SSL,218,TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG SSL,219,TOO_MANY_EMPTY_FRAGMENTS diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 46ed1122c5..f15c006abc 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -4688,6 +4688,23 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, // |SSL_CTX_set_tlsext_status_cb|'s callback and returns one. OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); +// The following symbols are compatibility aliases for reason codes used when +// receiving an alert from the peer. Use the other names instead, which fit the +// naming convention. +// +// TODO(davidben): Fix references to |SSL_R_TLSV1_CERTIFICATE_REQUIRED| and +// remove the compatibility value. The others come from OpenSSL. +#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION \ + SSL_R_TLSV1_ALERT_UNSUPPORTED_EXTENSION +#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE \ + SSL_R_TLSV1_ALERT_CERTIFICATE_UNOBTAINABLE +#define SSL_R_TLSV1_UNRECOGNIZED_NAME SSL_R_TLSV1_ALERT_UNRECOGNIZED_NAME +#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE \ + SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE +#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE \ + SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_HASH_VALUE +#define SSL_R_TLSV1_CERTIFICATE_REQUIRED SSL_R_TLSV1_ALERT_CERTIFICATE_REQUIRED + // Nodejs compatibility section (hidden). // @@ -5205,12 +5222,12 @@ BSSL_NAMESPACE_END #define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 -#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 -#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 -#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 -#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 -#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 -#define SSL_R_TLSV1_UNKNOWN_PSK_IDENTITY 1115 -#define SSL_R_TLSV1_CERTIFICATE_REQUIRED 1116 +#define SSL_R_TLSV1_ALERT_UNSUPPORTED_EXTENSION 1110 +#define SSL_R_TLSV1_ALERT_CERTIFICATE_UNOBTAINABLE 1111 +#define SSL_R_TLSV1_ALERT_UNRECOGNIZED_NAME 1112 +#define SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +#define SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_HASH_VALUE 1114 +#define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115 +#define SSL_R_TLSV1_ALERT_CERTIFICATE_REQUIRED 1116 #endif // OPENSSL_HEADER_SSL_H From 74161f485b5d54fe963cbd3d081b718ec84d2e00 Mon Sep 17 00:00:00 2001 From: Nick Harper Date: Fri, 24 Jul 2020 15:35:27 -0700 Subject: [PATCH 066/399] Enforce presence of ALPN when QUIC is in use. Update-Note: If an SSL_QUIC_METHOD is set, connections will now fail if ALPN is not negotiated. This new behavior can be detected by checking if the value of BORINGSSL_API_VERSION is greater than 10. Bug: 294 Change-Id: I42fb80aa09268e77cec4a51e49cdad79bd72fa58 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42304 Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- crypto/err/ssl.errordata | 2 + include/openssl/base.h | 2 +- include/openssl/ssl.h | 2 + ssl/ssl_test.cc | 16 ++++++++ ssl/t1_lib.cc | 23 ++++++++++++ ssl/test/runner/alert.go | 2 + ssl/test/runner/runner.go | 79 +++++++++++++++++++++++++++++++++++++++ 7 files changed, 125 insertions(+), 1 deletion(-) diff --git a/crypto/err/ssl.errordata b/crypto/err/ssl.errordata index 44f2ef29af..3759c69f7f 100644 --- a/crypto/err/ssl.errordata +++ b/crypto/err/ssl.errordata @@ -86,6 +86,7 @@ SSL,160,INVALID_SSL_SESSION SSL,161,INVALID_TICKET_KEYS_LENGTH SSL,302,KEY_USAGE_BIT_INCORRECT SSL,162,LENGTH_MISMATCH +SSL,307,MISSING_ALPN SSL,164,MISSING_EXTENSION SSL,258,MISSING_KEY_SHARE SSL,165,MISSING_RSA_CERTIFICATE @@ -185,6 +186,7 @@ SSL,1060,TLSV1_ALERT_EXPORT_RESTRICTION SSL,1086,TLSV1_ALERT_INAPPROPRIATE_FALLBACK SSL,1071,TLSV1_ALERT_INSUFFICIENT_SECURITY SSL,1080,TLSV1_ALERT_INTERNAL_ERROR +SSL,1120,TLSV1_ALERT_NO_APPLICATION_PROTOCOL SSL,1100,TLSV1_ALERT_NO_RENEGOTIATION SSL,1070,TLSV1_ALERT_PROTOCOL_VERSION SSL,1022,TLSV1_ALERT_RECORD_OVERFLOW diff --git a/include/openssl/base.h b/include/openssl/base.h index 9235ed7b21..69f51e86ef 100644 --- a/include/openssl/base.h +++ b/include/openssl/base.h @@ -184,7 +184,7 @@ extern "C" { // A consumer may use this symbol in the preprocessor to temporarily build // against multiple revisions of BoringSSL at the same time. It is not // recommended to do so for longer than is necessary. -#define BORINGSSL_API_VERSION 10 +#define BORINGSSL_API_VERSION 11 #if defined(BORINGSSL_SHARED_LIBRARY) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index f15c006abc..07a39d28c0 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -5197,6 +5197,7 @@ BSSL_NAMESPACE_END #define SSL_R_CIPHER_MISMATCH_ON_EARLY_DATA 304 #define SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED 305 #define SSL_R_UNEXPECTED_COMPATIBILITY_MODE 306 +#define SSL_R_MISSING_ALPN 307 #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 @@ -5229,5 +5230,6 @@ BSSL_NAMESPACE_END #define SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_HASH_VALUE 1114 #define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115 #define SSL_R_TLSV1_ALERT_CERTIFICATE_REQUIRED 1116 +#define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120 #endif // OPENSSL_HEADER_SSL_H diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 3c2d852a6e..eb4570060f 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -5070,6 +5070,22 @@ class QUICMethodTest : public testing::Test { SSL_CTX_set_max_proto_version(server_ctx_.get(), TLS1_3_VERSION); SSL_CTX_set_min_proto_version(client_ctx_.get(), TLS1_3_VERSION); SSL_CTX_set_max_proto_version(client_ctx_.get(), TLS1_3_VERSION); + + static const uint8_t kALPNProtos[] = {0x03, 'f', 'o', 'o'}; + ASSERT_EQ(SSL_CTX_set_alpn_protos(client_ctx_.get(), kALPNProtos, + sizeof(kALPNProtos)), + 0); + SSL_CTX_set_alpn_select_cb( + server_ctx_.get(), + [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in, + unsigned in_len, void *arg) -> int { + return SSL_select_next_proto( + const_cast(out), out_len, in, in_len, + kALPNProtos, sizeof(kALPNProtos)) == OPENSSL_NPN_NEGOTIATED + ? SSL_TLSEXT_ERR_OK + : SSL_TLSEXT_ERR_NOACK; + }, + nullptr); } static MockQUICTransport *TransportFromSSL(const SSL *ssl) { diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc index 5032af5f0b..f274b11dbd 100644 --- a/ssl/t1_lib.cc +++ b/ssl/t1_lib.cc @@ -1245,6 +1245,12 @@ static bool ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { static bool ext_alpn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { SSL *const ssl = hs->ssl; + if (hs->config->alpn_client_proto_list.empty() && ssl->quic_method) { + // ALPN MUST be used with QUIC. + OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_ALPN); + return false; + } + if (hs->config->alpn_client_proto_list.empty() || ssl->s3->initial_handshake_complete) { return true; @@ -1267,6 +1273,12 @@ static bool ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { SSL *const ssl = hs->ssl; if (contents == NULL) { + if (ssl->quic_method) { + // ALPN is required when QUIC is used. + OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_ALPN); + *out_alert = SSL_AD_NO_APPLICATION_PROTOCOL; + return false; + } return true; } @@ -1342,6 +1354,12 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert, !ssl_client_hello_get_extension( client_hello, &contents, TLSEXT_TYPE_application_layer_protocol_negotiation)) { + if (ssl->quic_method) { + // ALPN is required when QUIC is used. + OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_ALPN); + *out_alert = SSL_AD_NO_APPLICATION_PROTOCOL; + return false; + } // Ignore ALPN if not configured or no extension was supplied. return true; } @@ -1388,6 +1406,11 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert, *out_alert = SSL_AD_INTERNAL_ERROR; return false; } + } else if (ssl->quic_method) { + // ALPN is required when QUIC is used. + OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_ALPN); + *out_alert = SSL_AD_NO_APPLICATION_PROTOCOL; + return false; } return true; diff --git a/ssl/test/runner/alert.go b/ssl/test/runner/alert.go index c1f7f27d3f..a6f61e98bb 100644 --- a/ssl/test/runner/alert.go +++ b/ssl/test/runner/alert.go @@ -45,6 +45,7 @@ const ( alertBadCertificateStatusResponse alert = 113 alertUnknownPSKIdentity alert = 115 alertCertificateRequired alert = 116 + alertNoApplicationProtocol alert = 120 ) var alertText = map[alert]string{ @@ -78,6 +79,7 @@ var alertText = map[alert]string{ alertUnrecognizedName: "unrecognized name", alertUnknownPSKIdentity: "unknown PSK identity", alertCertificateRequired: "certificate required", + alertNoApplicationProtocol: "no application protocol", } func (e alert) String() string { diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index a340e1eb96..5527f96e5c 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -656,6 +656,9 @@ type testCase struct { // skipTransportParamsConfig, if true, will skip automatic configuration of // sending QUIC transport parameters when protocol == quic. skipTransportParamsConfig bool + // skipQUICALPNConfig, if true, will skip automatic configuration of + // sending a fake ALPN when protocol == quic. + skipQUICALPNConfig bool } var testCases []testCase @@ -1280,6 +1283,20 @@ func runTest(statusChan chan statusMsg, test *testCase, shimPath string, mallocN base64.StdEncoding.EncodeToString([]byte{1, 2}), }...) } + if !test.skipQUICALPNConfig { + flags = append(flags, + []string{ + "-advertise-alpn", "\x03foo", + "-select-alpn", "foo", + "-expect-alpn", "foo", + }...) + test.config.NextProtos = []string{"foo"} + if test.resumeConfig != nil { + test.resumeConfig.NextProtos = []string{"foo"} + } + test.expectedNextProto = "foo" + test.expectedNextProtoType = alpn + } } var resumeCount int @@ -6816,6 +6833,68 @@ func addExtensionTests() { }) } + // Test missing ALPN in QUIC + if ver.version >= VersionTLS13 { + testCases = append(testCases, testCase{ + testType: clientTest, + protocol: quic, + name: "QUIC-Client-ALPNMissingFromConfig-" + ver.name, + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + }, + skipQUICALPNConfig: true, + shouldFail: true, + expectedError: ":MISSING_ALPN:", + }) + testCases = append(testCases, testCase{ + testType: clientTest, + protocol: quic, + name: "QUIC-Client-ALPNMissing-" + ver.name, + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + }, + flags: []string{ + "-advertise-alpn", "\x03foo", + }, + skipQUICALPNConfig: true, + shouldFail: true, + expectedError: ":MISSING_ALPN:", + expectedLocalError: "remote error: no application protocol", + }) + testCases = append(testCases, testCase{ + testType: serverTest, + protocol: quic, + name: "QUIC-Server-ALPNMissing-" + ver.name, + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + }, + skipQUICALPNConfig: true, + shouldFail: true, + expectedError: ":MISSING_ALPN:", + expectedLocalError: "remote error: no application protocol", + }) + testCases = append(testCases, testCase{ + testType: serverTest, + protocol: quic, + name: "QUIC-Server-ALPNMismatch-" + ver.name, + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + NextProtos: []string{"foo"}, + }, + flags: []string{ + "-decline-alpn", + }, + skipQUICALPNConfig: true, + shouldFail: true, + expectedError: ":MISSING_ALPN:", + expectedLocalError: "remote error: no application protocol", + }) + } + // Test Token Binding. const maxTokenBindingVersion = 16 From 0cd846f24fc705daadb51e2cba3f28b975ddadf6 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 14 Jul 2020 17:00:48 -0700 Subject: [PATCH 067/399] delocation: large memory model support. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Large memory models on x86-64 allow the code/data of a shared object / executable to be larger than 2GiB. This is typically impossible because x86-64 code frequently uses int32 offsets from RIP. Consider the following program: int getpid(); int main() { return getpid(); } This is turned into the following assembly under a large memory model: .L0$pb: leaq .L0$pb(%rip), %rax movabsq $_GLOBAL_OFFSET_TABLE_-.L0$pb, %rcx addq %rax, %rcx movabsq $getpid@GOT, %rdx xorl %eax, %eax jmpq *(%rcx,%rdx) # TAILCALL And, with relocations: 0: 48 8d 05 f9 ff ff ff lea -0x7(%rip),%rax # 0
7: 48 b9 00 00 00 00 00 movabs $0x0,%rcx e: 00 00 00 9: R_X86_64_GOTPC64 _GLOBAL_OFFSET_TABLE_+0x9 11: 48 01 c1 add %rax,%rcx 14: 48 ba 00 00 00 00 00 movabs $0x0,%rdx 1b: 00 00 00 16: R_X86_64_GOT64 getpid 1e: 31 c0 xor %eax,%eax 20: ff 24 11 jmpq *(%rcx,%rdx,1) We can see that, in the large memory model, function calls involve loading the address of _GLOBAL_OFFSET_TABLE_ (using `movabs`, which takes a 64-bit immediate) and then indexing into it. Both cause relocations. If we link the binary and disassemble we get: 0000000000001120
: 1120: 48 8d 05 f9 ff ff ff lea -0x7(%rip),%rax # 1120
1127: 48 b9 e0 2e 00 00 00 movabs $0x2ee0,%rcx 112e: 00 00 00 1131: 48 01 c1 add %rax,%rcx 1134: 48 ba d8 ff ff ff ff movabs $0xffffffffffffffd8,%rdx 113b: ff ff ff 113e: 31 c0 xor %eax,%eax 1140: ff 24 11 jmpq *(%rcx,%rdx,1) Thus the _GLOBAL_OFFSET_TABLE_ symbol is at 0x1120+0x2ee0 = 0x4000. That's the address of the .got.plt section. But the offset “into” the table is -0x40, putting it at 0x3fd8, in .got: Idx Name Size VMA LMA File off Algn 18 .got 00000030 0000000000003fd0 0000000000003fd0 00002fd0 2**3 19 .got.plt 00000018 0000000000004000 0000000000004000 00003000 2**3 And, indeed, there's a dynamic relocation to setup that address: OFFSET TYPE VALUE 0000000000003fd8 R_X86_64_GLOB_DAT getpid@GLIBC_2.2.5 Accessing data or BSS works the same: the address of the variable is stored relative to _GLOBAL_OFFSET_TABLE_. This is a bit of a pain because we want to delocate the module into a single .text segment so that it moves through linking unaltered. If we took the obvious path and built our own offset table then it would need to contain absolute addresses, but they are only available at runtime and .text segments aren't supposed to be run-time patched. (That's why .rela.dyn is a separate segment.) If we use a different segment then we have the same problem as with the original offset table: the offset to the segment is unknown when compiling the module. Trying to pattern match this two-step lookup to do extensive rewriting seems fragile: I'm sure the compilers will move things around and interleave other work in time, if they don't already. So, in order to handle movabs trying to load _GLOBAL_OFFSET_TABLE_ we define a symbol in the same segment, but outside of the hashed region of the module, that contains the offset from that position to _GLOBAL_OFFSET_TABLE_: .boringssl_got_delta: .quad _GLOBAL_OFFSET_TABLE_-.boringssl_got_delta Then a movabs of $_GLOBAL_OFFSET_TABLE_-.Lfoo turns into: movq .boringssl_got_delta(%rip), %destreg addq $.boringssl_got_delta-.Lfoo, %destreg This works because it's calculating _GLOBAL_OFFSET_TABLE_ - got_delta + (got_delta - .Lfoo) When that value is added to .Lfoo, as the original code will do, the correct address results. Also it doesn't need an extra register because we know that 32-bit offsets are sufficient for offsets within the module. As for the offsets within the offset table, we have to load them from locations outside of the hashed part of the module to get the relocations out of the way. Again, no extra registers are needed. Change-Id: I87b19a2f8886bd9f7ac538fd55754e526bcf3097 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42324 Reviewed-by: Adam Langley Commit-Queue: Adam Langley --- util/fipstools/delocate/delocate.go | 94 +- util/fipstools/delocate/delocate.peg | 6 +- util/fipstools/delocate/delocate.peg.go | 1753 +++++++++-------- util/fipstools/delocate/delocate_test.go | 1 + .../delocate/testdata/x86_64-LargeMemory/in.s | 28 + .../testdata/x86_64-LargeMemory/out.s | 127 ++ 6 files changed, 1228 insertions(+), 781 deletions(-) create mode 100644 util/fipstools/delocate/testdata/x86_64-LargeMemory/in.s create mode 100644 util/fipstools/delocate/testdata/x86_64-LargeMemory/out.s diff --git a/util/fipstools/delocate/delocate.go b/util/fipstools/delocate/delocate.go index 92b4c31d8b..05d591193a 100644 --- a/util/fipstools/delocate/delocate.go +++ b/util/fipstools/delocate/delocate.go @@ -80,6 +80,13 @@ type delocation struct { // “delta” symbols: symbols that contain the offset from their location // to the memory in question. gotExternalsNeeded map[string]struct{} + // gotDeltaNeeded is true if the code needs to load the value of + // _GLOBAL_OFFSET_TABLE_. + gotDeltaNeeded bool + // gotOffsetsNeeded contains the symbols whose @GOT offsets are needed. + gotOffsetsNeeded map[string]struct{} + // gotOffOffsetsNeeded contains the symbols whose @GOTOFF offsets are needed. + gotOffOffsetsNeeded map[string]struct{} currentInput inputFile } @@ -1217,6 +1224,61 @@ Args: args = append(args, argStr) + case ruleGOTLocation: + if instructionName != "movabsq" { + return nil, fmt.Errorf("_GLOBAL_OFFSET_TABLE_ lookup didn't use movabsq") + } + if i != 0 || len(argNodes) != 2 { + return nil, fmt.Errorf("movabs of _GLOBAL_OFFSET_TABLE_ didn't expected form") + } + + d.gotDeltaNeeded = true + changed = true + instructionName = "movq" + assertNodeType(arg.up, ruleLocalSymbol) + baseSymbol := d.mapLocalSymbol(d.contents(arg.up)) + targetReg := d.contents(argNodes[1]) + args = append(args, ".Lboringssl_got_delta(%rip)") + wrappers = append(wrappers, func(k func()) { + k() + d.output.WriteString(fmt.Sprintf("\taddq $.Lboringssl_got_delta-%s, %s\n", baseSymbol, targetReg)) + }) + + case ruleGOTSymbolOffset: + if instructionName != "movabsq" { + return nil, fmt.Errorf("_GLOBAL_OFFSET_TABLE_ offset didn't use movabsq") + } + if i != 0 || len(argNodes) != 2 { + return nil, fmt.Errorf("movabs of _GLOBAL_OFFSET_TABLE_ offset didn't have expected form") + } + + assertNodeType(arg.up, ruleSymbolName) + symbol := d.contents(arg.up) + if strings.HasPrefix(symbol, ".L") { + symbol = d.mapLocalSymbol(symbol) + } + targetReg := d.contents(argNodes[1]) + + var prefix string + isGOTOFF := strings.HasSuffix(d.contents(arg), "@GOTOFF") + if isGOTOFF { + prefix = "gotoff" + d.gotOffOffsetsNeeded[symbol] = struct{}{} + } else { + prefix = "got" + d.gotOffsetsNeeded[symbol] = struct{}{} + } + changed = true + + wrappers = append(wrappers, func(k func()) { + // While the compiler output supports 64-bit offsets in the GOT, + // https://refspecs.linuxbase.org/elf/x86_64-abi-0.98.pdf page 70, footnote + // 3 says that the GOT is limited to 32 bits. It's not clear about + // signed/unsigned but a GOT with more than 2^31 entries seems implausible + // so we save the extra space. + d.output.WriteString(fmt.Sprintf("\tmovsl .Lboringssl_%s_%s(%%rip), %s\n", prefix, symbol, targetReg)) + }) + default: panic(fmt.Sprintf("unknown instruction argument type %q", rul3s[arg.pegRule])) } @@ -1372,14 +1434,16 @@ func transform(w stringWriter, inputs []inputFile) error { } d := &delocation{ - symbols: symbols, - localEntrySymbols: localEntrySymbols, - processor: processor, - output: w, - redirectors: make(map[string]string), - bssAccessorsNeeded: make(map[string]string), - tocLoaders: make(map[string]struct{}), - gotExternalsNeeded: make(map[string]struct{}), + symbols: symbols, + localEntrySymbols: localEntrySymbols, + processor: processor, + output: w, + redirectors: make(map[string]string), + bssAccessorsNeeded: make(map[string]string), + tocLoaders: make(map[string]struct{}), + gotExternalsNeeded: make(map[string]struct{}), + gotOffsetsNeeded: make(map[string]struct{}), + gotOffOffsetsNeeded: make(map[string]struct{}), } w.WriteString(".text\n") @@ -1501,6 +1565,20 @@ func transform(w stringWriter, inputs []inputFile) error { w.WriteString(".size OPENSSL_ia32cap_addr_delta, 8\n") w.WriteString("OPENSSL_ia32cap_addr_delta:\n") w.WriteString(".quad OPENSSL_ia32cap_P-OPENSSL_ia32cap_addr_delta\n") + + if d.gotDeltaNeeded { + w.WriteString(".Lboringssl_got_delta:\n") + w.WriteString("\t.quad _GLOBAL_OFFSET_TABLE_-.Lboringssl_got_delta\n") + } + + for _, name := range sortedSet(d.gotOffsetsNeeded) { + w.WriteString(".Lboringssl_got_" + name + ":\n") + w.WriteString("\t.long " + name + "@GOT\n") + } + for _, name := range sortedSet(d.gotOffOffsetsNeeded) { + w.WriteString(".Lboringssl_gotoff_" + name + ":\n") + w.WriteString("\t.long " + name + "@GOTOFF\n") + } } w.WriteString(".type BORINGSSL_bcm_text_hash, @object\n") diff --git a/util/fipstools/delocate/delocate.peg b/util/fipstools/delocate/delocate.peg index b24a47a3d4..34dd3f6609 100644 --- a/util/fipstools/delocate/delocate.peg +++ b/util/fipstools/delocate/delocate.peg @@ -52,12 +52,14 @@ WS <- [ \t]+ Comment <- '#' [^\n]* Label <- (LocalSymbol / LocalLabel / SymbolName) ':' SymbolName <- [[A-Z._]][[A-Z.0-9$_]]* -LocalSymbol <- '.L' [[A-Z.0-9$_]]+ +LocalSymbol <- '.L' [[A-Za-z.0-9$_]]+ LocalLabel <- [0-9][0-9$]* LocalLabelRef <- [0-9][0-9$]*[bf] Instruction <- InstructionName (WS InstructionArg ((WS? ',' WS?) InstructionArg)*)? InstructionName <- [[A-Z]][[A-Z0-9]]* [.+\-]? -InstructionArg <- IndirectionIndicator? (RegisterOrConstant / LocalLabelRef / TOCRefHigh / TOCRefLow / MemoryRef) AVX512Token* +InstructionArg <- IndirectionIndicator? (RegisterOrConstant / LocalLabelRef / TOCRefHigh / TOCRefLow / GOTLocation / GOTSymbolOffset / MemoryRef) AVX512Token* +GOTLocation <- '$_GLOBAL_OFFSET_TABLE_-' LocalSymbol +GOTSymbolOffset <- '$' SymbolName '@GOT' 'OFF'? AVX512Token <- WS? '{' '%'? [0-9a-z]* '}' TOCRefHigh <- '.TOC.-' ('0b' / ('.L' [a-zA-Z_0-9]+)) "@ha" TOCRefLow <- '.TOC.-' ('0b' / ('.L' [a-zA-Z_0-9]+)) "@l" diff --git a/util/fipstools/delocate/delocate.peg.go b/util/fipstools/delocate/delocate.peg.go index 298f55c888..3007352765 100644 --- a/util/fipstools/delocate/delocate.peg.go +++ b/util/fipstools/delocate/delocate.peg.go @@ -1,7 +1,5 @@ package main -//go:generate peg delocate.peg - import ( "fmt" "math" @@ -44,6 +42,8 @@ const ( ruleInstruction ruleInstructionName ruleInstructionArg + ruleGOTLocation + ruleGOTSymbolOffset ruleAVX512Token ruleTOCRefHigh ruleTOCRefLow @@ -88,6 +88,8 @@ var rul3s = [...]string{ "Instruction", "InstructionName", "InstructionArg", + "GOTLocation", + "GOTSymbolOffset", "AVX512Token", "TOCRefHigh", "TOCRefLow", @@ -214,7 +216,7 @@ func (t *tokens32) Tokens() []token32 { type Asm struct { Buffer string buffer []rune - rules [41]func() bool + rules [43]func() bool parse func(rule ...int) error reset func() Pretty bool @@ -2640,7 +2642,7 @@ func (p *Asm) Init() { position, tokenIndex = position299, tokenIndex299 return false }, - /* 22 LocalSymbol <- <('.' 'L' ([a-z] / [A-Z] / '.' / ([0-9] / [0-9]) / '$' / '_')+)> */ + /* 22 LocalSymbol <- <('.' 'L' ([a-z] / [A-Z] / ([a-z] / [A-Z]) / '.' / ([0-9] / [0-9]) / '$' / '_')+)> */ func() bool { position315, tokenIndex315 := position, tokenIndex { @@ -2668,38 +2670,56 @@ func (p *Asm) Init() { position++ goto l319 l321: + position, tokenIndex = position319, tokenIndex319 + { + position323, tokenIndex323 := position, tokenIndex + if c := buffer[position]; c < rune('a') || c > rune('z') { + goto l324 + } + position++ + goto l323 + l324: + position, tokenIndex = position323, tokenIndex323 + if c := buffer[position]; c < rune('A') || c > rune('Z') { + goto l322 + } + position++ + } + l323: + goto l319 + l322: position, tokenIndex = position319, tokenIndex319 if buffer[position] != rune('.') { - goto l322 + goto l325 } position++ goto l319 - l322: + l325: position, tokenIndex = position319, tokenIndex319 { - position324, tokenIndex324 := position, tokenIndex + position327, tokenIndex327 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l325 + goto l328 } position++ - goto l324 - l325: - position, tokenIndex = position324, tokenIndex324 + goto l327 + l328: + position, tokenIndex = position327, tokenIndex327 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l323 + goto l326 } position++ } - l324: + l327: goto l319 - l323: + l326: position, tokenIndex = position319, tokenIndex319 if buffer[position] != rune('$') { - goto l326 + goto l329 } position++ goto l319 - l326: + l329: position, tokenIndex = position319, tokenIndex319 if buffer[position] != rune('_') { goto l315 @@ -2711,59 +2731,77 @@ func (p *Asm) Init() { { position318, tokenIndex318 := position, tokenIndex { - position327, tokenIndex327 := position, tokenIndex + position330, tokenIndex330 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l328 + goto l331 } position++ - goto l327 - l328: - position, tokenIndex = position327, tokenIndex327 + goto l330 + l331: + position, tokenIndex = position330, tokenIndex330 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l329 + goto l332 } position++ - goto l327 - l329: - position, tokenIndex = position327, tokenIndex327 + goto l330 + l332: + position, tokenIndex = position330, tokenIndex330 + { + position334, tokenIndex334 := position, tokenIndex + if c := buffer[position]; c < rune('a') || c > rune('z') { + goto l335 + } + position++ + goto l334 + l335: + position, tokenIndex = position334, tokenIndex334 + if c := buffer[position]; c < rune('A') || c > rune('Z') { + goto l333 + } + position++ + } + l334: + goto l330 + l333: + position, tokenIndex = position330, tokenIndex330 if buffer[position] != rune('.') { - goto l330 + goto l336 } position++ - goto l327 - l330: - position, tokenIndex = position327, tokenIndex327 + goto l330 + l336: + position, tokenIndex = position330, tokenIndex330 { - position332, tokenIndex332 := position, tokenIndex + position338, tokenIndex338 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l333 + goto l339 } position++ - goto l332 - l333: - position, tokenIndex = position332, tokenIndex332 + goto l338 + l339: + position, tokenIndex = position338, tokenIndex338 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l331 + goto l337 } position++ } - l332: - goto l327 - l331: - position, tokenIndex = position327, tokenIndex327 + l338: + goto l330 + l337: + position, tokenIndex = position330, tokenIndex330 if buffer[position] != rune('$') { - goto l334 + goto l340 } position++ - goto l327 - l334: - position, tokenIndex = position327, tokenIndex327 + goto l330 + l340: + position, tokenIndex = position330, tokenIndex330 if buffer[position] != rune('_') { goto l318 } position++ } - l327: + l330: goto l317 l318: position, tokenIndex = position318, tokenIndex318 @@ -2777,1444 +2815,1617 @@ func (p *Asm) Init() { }, /* 23 LocalLabel <- <([0-9] ([0-9] / '$')*)> */ func() bool { - position335, tokenIndex335 := position, tokenIndex + position341, tokenIndex341 := position, tokenIndex { - position336 := position + position342 := position if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l335 + goto l341 } position++ - l337: + l343: { - position338, tokenIndex338 := position, tokenIndex + position344, tokenIndex344 := position, tokenIndex { - position339, tokenIndex339 := position, tokenIndex + position345, tokenIndex345 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l340 + goto l346 } position++ - goto l339 - l340: - position, tokenIndex = position339, tokenIndex339 + goto l345 + l346: + position, tokenIndex = position345, tokenIndex345 if buffer[position] != rune('$') { - goto l338 + goto l344 } position++ } - l339: - goto l337 - l338: - position, tokenIndex = position338, tokenIndex338 + l345: + goto l343 + l344: + position, tokenIndex = position344, tokenIndex344 } - add(ruleLocalLabel, position336) + add(ruleLocalLabel, position342) } return true - l335: - position, tokenIndex = position335, tokenIndex335 + l341: + position, tokenIndex = position341, tokenIndex341 return false }, /* 24 LocalLabelRef <- <([0-9] ([0-9] / '$')* ('b' / 'f'))> */ func() bool { - position341, tokenIndex341 := position, tokenIndex + position347, tokenIndex347 := position, tokenIndex { - position342 := position + position348 := position if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l341 + goto l347 } position++ - l343: + l349: { - position344, tokenIndex344 := position, tokenIndex + position350, tokenIndex350 := position, tokenIndex { - position345, tokenIndex345 := position, tokenIndex + position351, tokenIndex351 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l346 + goto l352 } position++ - goto l345 - l346: - position, tokenIndex = position345, tokenIndex345 + goto l351 + l352: + position, tokenIndex = position351, tokenIndex351 if buffer[position] != rune('$') { - goto l344 + goto l350 } position++ } - l345: - goto l343 - l344: - position, tokenIndex = position344, tokenIndex344 + l351: + goto l349 + l350: + position, tokenIndex = position350, tokenIndex350 } { - position347, tokenIndex347 := position, tokenIndex + position353, tokenIndex353 := position, tokenIndex if buffer[position] != rune('b') { - goto l348 + goto l354 } position++ - goto l347 - l348: - position, tokenIndex = position347, tokenIndex347 + goto l353 + l354: + position, tokenIndex = position353, tokenIndex353 if buffer[position] != rune('f') { - goto l341 + goto l347 } position++ } - l347: - add(ruleLocalLabelRef, position342) + l353: + add(ruleLocalLabelRef, position348) } return true - l341: - position, tokenIndex = position341, tokenIndex341 + l347: + position, tokenIndex = position347, tokenIndex347 return false }, /* 25 Instruction <- <(InstructionName (WS InstructionArg (WS? ',' WS? InstructionArg)*)?)> */ func() bool { - position349, tokenIndex349 := position, tokenIndex + position355, tokenIndex355 := position, tokenIndex { - position350 := position + position356 := position if !_rules[ruleInstructionName]() { - goto l349 + goto l355 } { - position351, tokenIndex351 := position, tokenIndex + position357, tokenIndex357 := position, tokenIndex if !_rules[ruleWS]() { - goto l351 + goto l357 } if !_rules[ruleInstructionArg]() { - goto l351 + goto l357 } - l353: + l359: { - position354, tokenIndex354 := position, tokenIndex + position360, tokenIndex360 := position, tokenIndex { - position355, tokenIndex355 := position, tokenIndex + position361, tokenIndex361 := position, tokenIndex if !_rules[ruleWS]() { - goto l355 + goto l361 } - goto l356 - l355: - position, tokenIndex = position355, tokenIndex355 + goto l362 + l361: + position, tokenIndex = position361, tokenIndex361 } - l356: + l362: if buffer[position] != rune(',') { - goto l354 + goto l360 } position++ { - position357, tokenIndex357 := position, tokenIndex + position363, tokenIndex363 := position, tokenIndex if !_rules[ruleWS]() { - goto l357 + goto l363 } - goto l358 - l357: - position, tokenIndex = position357, tokenIndex357 + goto l364 + l363: + position, tokenIndex = position363, tokenIndex363 } - l358: + l364: if !_rules[ruleInstructionArg]() { - goto l354 + goto l360 } - goto l353 - l354: - position, tokenIndex = position354, tokenIndex354 + goto l359 + l360: + position, tokenIndex = position360, tokenIndex360 } - goto l352 - l351: - position, tokenIndex = position351, tokenIndex351 + goto l358 + l357: + position, tokenIndex = position357, tokenIndex357 } - l352: - add(ruleInstruction, position350) + l358: + add(ruleInstruction, position356) } return true - l349: - position, tokenIndex = position349, tokenIndex349 + l355: + position, tokenIndex = position355, tokenIndex355 return false }, /* 26 InstructionName <- <(([a-z] / [A-Z]) ([a-z] / [A-Z] / ([0-9] / [0-9]))* ('.' / '+' / '-')?)> */ func() bool { - position359, tokenIndex359 := position, tokenIndex + position365, tokenIndex365 := position, tokenIndex { - position360 := position + position366 := position { - position361, tokenIndex361 := position, tokenIndex + position367, tokenIndex367 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l362 + goto l368 } position++ - goto l361 - l362: - position, tokenIndex = position361, tokenIndex361 + goto l367 + l368: + position, tokenIndex = position367, tokenIndex367 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l359 + goto l365 } position++ } - l361: - l363: + l367: + l369: { - position364, tokenIndex364 := position, tokenIndex + position370, tokenIndex370 := position, tokenIndex { - position365, tokenIndex365 := position, tokenIndex + position371, tokenIndex371 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l366 + goto l372 } position++ - goto l365 - l366: - position, tokenIndex = position365, tokenIndex365 + goto l371 + l372: + position, tokenIndex = position371, tokenIndex371 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l367 + goto l373 } position++ - goto l365 - l367: - position, tokenIndex = position365, tokenIndex365 + goto l371 + l373: + position, tokenIndex = position371, tokenIndex371 { - position368, tokenIndex368 := position, tokenIndex + position374, tokenIndex374 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l369 + goto l375 } position++ - goto l368 - l369: - position, tokenIndex = position368, tokenIndex368 + goto l374 + l375: + position, tokenIndex = position374, tokenIndex374 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l364 + goto l370 } position++ } - l368: + l374: } - l365: - goto l363 - l364: - position, tokenIndex = position364, tokenIndex364 + l371: + goto l369 + l370: + position, tokenIndex = position370, tokenIndex370 } { - position370, tokenIndex370 := position, tokenIndex + position376, tokenIndex376 := position, tokenIndex { - position372, tokenIndex372 := position, tokenIndex + position378, tokenIndex378 := position, tokenIndex if buffer[position] != rune('.') { - goto l373 + goto l379 } position++ - goto l372 - l373: - position, tokenIndex = position372, tokenIndex372 + goto l378 + l379: + position, tokenIndex = position378, tokenIndex378 if buffer[position] != rune('+') { - goto l374 + goto l380 } position++ - goto l372 - l374: - position, tokenIndex = position372, tokenIndex372 + goto l378 + l380: + position, tokenIndex = position378, tokenIndex378 if buffer[position] != rune('-') { - goto l370 + goto l376 } position++ } - l372: - goto l371 - l370: - position, tokenIndex = position370, tokenIndex370 + l378: + goto l377 + l376: + position, tokenIndex = position376, tokenIndex376 } - l371: - add(ruleInstructionName, position360) + l377: + add(ruleInstructionName, position366) } return true - l359: - position, tokenIndex = position359, tokenIndex359 + l365: + position, tokenIndex = position365, tokenIndex365 return false }, - /* 27 InstructionArg <- <(IndirectionIndicator? (RegisterOrConstant / LocalLabelRef / TOCRefHigh / TOCRefLow / MemoryRef) AVX512Token*)> */ + /* 27 InstructionArg <- <(IndirectionIndicator? (RegisterOrConstant / LocalLabelRef / TOCRefHigh / TOCRefLow / GOTLocation / GOTSymbolOffset / MemoryRef) AVX512Token*)> */ func() bool { - position375, tokenIndex375 := position, tokenIndex + position381, tokenIndex381 := position, tokenIndex { - position376 := position + position382 := position { - position377, tokenIndex377 := position, tokenIndex + position383, tokenIndex383 := position, tokenIndex if !_rules[ruleIndirectionIndicator]() { - goto l377 + goto l383 } - goto l378 - l377: - position, tokenIndex = position377, tokenIndex377 + goto l384 + l383: + position, tokenIndex = position383, tokenIndex383 } - l378: + l384: { - position379, tokenIndex379 := position, tokenIndex + position385, tokenIndex385 := position, tokenIndex if !_rules[ruleRegisterOrConstant]() { - goto l380 + goto l386 } - goto l379 - l380: - position, tokenIndex = position379, tokenIndex379 + goto l385 + l386: + position, tokenIndex = position385, tokenIndex385 if !_rules[ruleLocalLabelRef]() { - goto l381 + goto l387 } - goto l379 - l381: - position, tokenIndex = position379, tokenIndex379 + goto l385 + l387: + position, tokenIndex = position385, tokenIndex385 if !_rules[ruleTOCRefHigh]() { - goto l382 + goto l388 } - goto l379 - l382: - position, tokenIndex = position379, tokenIndex379 + goto l385 + l388: + position, tokenIndex = position385, tokenIndex385 if !_rules[ruleTOCRefLow]() { - goto l383 + goto l389 } - goto l379 - l383: - position, tokenIndex = position379, tokenIndex379 + goto l385 + l389: + position, tokenIndex = position385, tokenIndex385 + if !_rules[ruleGOTLocation]() { + goto l390 + } + goto l385 + l390: + position, tokenIndex = position385, tokenIndex385 + if !_rules[ruleGOTSymbolOffset]() { + goto l391 + } + goto l385 + l391: + position, tokenIndex = position385, tokenIndex385 if !_rules[ruleMemoryRef]() { - goto l375 + goto l381 } } - l379: - l384: + l385: + l392: { - position385, tokenIndex385 := position, tokenIndex + position393, tokenIndex393 := position, tokenIndex if !_rules[ruleAVX512Token]() { - goto l385 + goto l393 } - goto l384 - l385: - position, tokenIndex = position385, tokenIndex385 + goto l392 + l393: + position, tokenIndex = position393, tokenIndex393 + } + add(ruleInstructionArg, position382) + } + return true + l381: + position, tokenIndex = position381, tokenIndex381 + return false + }, + /* 28 GOTLocation <- <('$' '_' 'G' 'L' 'O' 'B' 'A' 'L' '_' 'O' 'F' 'F' 'S' 'E' 'T' '_' 'T' 'A' 'B' 'L' 'E' '_' '-' LocalSymbol)> */ + func() bool { + position394, tokenIndex394 := position, tokenIndex + { + position395 := position + if buffer[position] != rune('$') { + goto l394 + } + position++ + if buffer[position] != rune('_') { + goto l394 + } + position++ + if buffer[position] != rune('G') { + goto l394 + } + position++ + if buffer[position] != rune('L') { + goto l394 + } + position++ + if buffer[position] != rune('O') { + goto l394 + } + position++ + if buffer[position] != rune('B') { + goto l394 + } + position++ + if buffer[position] != rune('A') { + goto l394 + } + position++ + if buffer[position] != rune('L') { + goto l394 + } + position++ + if buffer[position] != rune('_') { + goto l394 + } + position++ + if buffer[position] != rune('O') { + goto l394 + } + position++ + if buffer[position] != rune('F') { + goto l394 + } + position++ + if buffer[position] != rune('F') { + goto l394 + } + position++ + if buffer[position] != rune('S') { + goto l394 + } + position++ + if buffer[position] != rune('E') { + goto l394 + } + position++ + if buffer[position] != rune('T') { + goto l394 + } + position++ + if buffer[position] != rune('_') { + goto l394 + } + position++ + if buffer[position] != rune('T') { + goto l394 + } + position++ + if buffer[position] != rune('A') { + goto l394 + } + position++ + if buffer[position] != rune('B') { + goto l394 + } + position++ + if buffer[position] != rune('L') { + goto l394 + } + position++ + if buffer[position] != rune('E') { + goto l394 + } + position++ + if buffer[position] != rune('_') { + goto l394 + } + position++ + if buffer[position] != rune('-') { + goto l394 + } + position++ + if !_rules[ruleLocalSymbol]() { + goto l394 + } + add(ruleGOTLocation, position395) + } + return true + l394: + position, tokenIndex = position394, tokenIndex394 + return false + }, + /* 29 GOTSymbolOffset <- <('$' SymbolName ('@' 'G' 'O' 'T') ('O' 'F' 'F')?)> */ + func() bool { + position396, tokenIndex396 := position, tokenIndex + { + position397 := position + if buffer[position] != rune('$') { + goto l396 + } + position++ + if !_rules[ruleSymbolName]() { + goto l396 + } + if buffer[position] != rune('@') { + goto l396 + } + position++ + if buffer[position] != rune('G') { + goto l396 + } + position++ + if buffer[position] != rune('O') { + goto l396 + } + position++ + if buffer[position] != rune('T') { + goto l396 + } + position++ + { + position398, tokenIndex398 := position, tokenIndex + if buffer[position] != rune('O') { + goto l398 + } + position++ + if buffer[position] != rune('F') { + goto l398 + } + position++ + if buffer[position] != rune('F') { + goto l398 + } + position++ + goto l399 + l398: + position, tokenIndex = position398, tokenIndex398 } - add(ruleInstructionArg, position376) + l399: + add(ruleGOTSymbolOffset, position397) } return true - l375: - position, tokenIndex = position375, tokenIndex375 + l396: + position, tokenIndex = position396, tokenIndex396 return false }, - /* 28 AVX512Token <- <(WS? '{' '%'? ([0-9] / [a-z])* '}')> */ + /* 30 AVX512Token <- <(WS? '{' '%'? ([0-9] / [a-z])* '}')> */ func() bool { - position386, tokenIndex386 := position, tokenIndex + position400, tokenIndex400 := position, tokenIndex { - position387 := position + position401 := position { - position388, tokenIndex388 := position, tokenIndex + position402, tokenIndex402 := position, tokenIndex if !_rules[ruleWS]() { - goto l388 + goto l402 } - goto l389 - l388: - position, tokenIndex = position388, tokenIndex388 + goto l403 + l402: + position, tokenIndex = position402, tokenIndex402 } - l389: + l403: if buffer[position] != rune('{') { - goto l386 + goto l400 } position++ { - position390, tokenIndex390 := position, tokenIndex + position404, tokenIndex404 := position, tokenIndex if buffer[position] != rune('%') { - goto l390 + goto l404 } position++ - goto l391 - l390: - position, tokenIndex = position390, tokenIndex390 + goto l405 + l404: + position, tokenIndex = position404, tokenIndex404 } - l391: - l392: + l405: + l406: { - position393, tokenIndex393 := position, tokenIndex + position407, tokenIndex407 := position, tokenIndex { - position394, tokenIndex394 := position, tokenIndex + position408, tokenIndex408 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l395 + goto l409 } position++ - goto l394 - l395: - position, tokenIndex = position394, tokenIndex394 + goto l408 + l409: + position, tokenIndex = position408, tokenIndex408 if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l393 + goto l407 } position++ } - l394: - goto l392 - l393: - position, tokenIndex = position393, tokenIndex393 + l408: + goto l406 + l407: + position, tokenIndex = position407, tokenIndex407 } if buffer[position] != rune('}') { - goto l386 + goto l400 } position++ - add(ruleAVX512Token, position387) + add(ruleAVX512Token, position401) } return true - l386: - position, tokenIndex = position386, tokenIndex386 + l400: + position, tokenIndex = position400, tokenIndex400 return false }, - /* 29 TOCRefHigh <- <('.' 'T' 'O' 'C' '.' '-' (('0' 'b') / ('.' 'L' ([a-z] / [A-Z] / '_' / [0-9])+)) ('@' ('h' / 'H') ('a' / 'A')))> */ + /* 31 TOCRefHigh <- <('.' 'T' 'O' 'C' '.' '-' (('0' 'b') / ('.' 'L' ([a-z] / [A-Z] / '_' / [0-9])+)) ('@' ('h' / 'H') ('a' / 'A')))> */ func() bool { - position396, tokenIndex396 := position, tokenIndex + position410, tokenIndex410 := position, tokenIndex { - position397 := position + position411 := position if buffer[position] != rune('.') { - goto l396 + goto l410 } position++ if buffer[position] != rune('T') { - goto l396 + goto l410 } position++ if buffer[position] != rune('O') { - goto l396 + goto l410 } position++ if buffer[position] != rune('C') { - goto l396 + goto l410 } position++ if buffer[position] != rune('.') { - goto l396 + goto l410 } position++ if buffer[position] != rune('-') { - goto l396 + goto l410 } position++ { - position398, tokenIndex398 := position, tokenIndex + position412, tokenIndex412 := position, tokenIndex if buffer[position] != rune('0') { - goto l399 + goto l413 } position++ if buffer[position] != rune('b') { - goto l399 + goto l413 } position++ - goto l398 - l399: - position, tokenIndex = position398, tokenIndex398 + goto l412 + l413: + position, tokenIndex = position412, tokenIndex412 if buffer[position] != rune('.') { - goto l396 + goto l410 } position++ if buffer[position] != rune('L') { - goto l396 + goto l410 } position++ { - position402, tokenIndex402 := position, tokenIndex + position416, tokenIndex416 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l403 + goto l417 } position++ - goto l402 - l403: - position, tokenIndex = position402, tokenIndex402 + goto l416 + l417: + position, tokenIndex = position416, tokenIndex416 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l404 + goto l418 } position++ - goto l402 - l404: - position, tokenIndex = position402, tokenIndex402 + goto l416 + l418: + position, tokenIndex = position416, tokenIndex416 if buffer[position] != rune('_') { - goto l405 + goto l419 } position++ - goto l402 - l405: - position, tokenIndex = position402, tokenIndex402 + goto l416 + l419: + position, tokenIndex = position416, tokenIndex416 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l396 + goto l410 } position++ } - l402: - l400: + l416: + l414: { - position401, tokenIndex401 := position, tokenIndex + position415, tokenIndex415 := position, tokenIndex { - position406, tokenIndex406 := position, tokenIndex + position420, tokenIndex420 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l407 + goto l421 } position++ - goto l406 - l407: - position, tokenIndex = position406, tokenIndex406 + goto l420 + l421: + position, tokenIndex = position420, tokenIndex420 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l408 + goto l422 } position++ - goto l406 - l408: - position, tokenIndex = position406, tokenIndex406 + goto l420 + l422: + position, tokenIndex = position420, tokenIndex420 if buffer[position] != rune('_') { - goto l409 + goto l423 } position++ - goto l406 - l409: - position, tokenIndex = position406, tokenIndex406 + goto l420 + l423: + position, tokenIndex = position420, tokenIndex420 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l401 + goto l415 } position++ } - l406: - goto l400 - l401: - position, tokenIndex = position401, tokenIndex401 + l420: + goto l414 + l415: + position, tokenIndex = position415, tokenIndex415 } } - l398: + l412: if buffer[position] != rune('@') { - goto l396 + goto l410 } position++ { - position410, tokenIndex410 := position, tokenIndex + position424, tokenIndex424 := position, tokenIndex if buffer[position] != rune('h') { - goto l411 + goto l425 } position++ - goto l410 - l411: - position, tokenIndex = position410, tokenIndex410 + goto l424 + l425: + position, tokenIndex = position424, tokenIndex424 if buffer[position] != rune('H') { - goto l396 + goto l410 } position++ } - l410: + l424: { - position412, tokenIndex412 := position, tokenIndex + position426, tokenIndex426 := position, tokenIndex if buffer[position] != rune('a') { - goto l413 + goto l427 } position++ - goto l412 - l413: - position, tokenIndex = position412, tokenIndex412 + goto l426 + l427: + position, tokenIndex = position426, tokenIndex426 if buffer[position] != rune('A') { - goto l396 + goto l410 } position++ } - l412: - add(ruleTOCRefHigh, position397) + l426: + add(ruleTOCRefHigh, position411) } return true - l396: - position, tokenIndex = position396, tokenIndex396 + l410: + position, tokenIndex = position410, tokenIndex410 return false }, - /* 30 TOCRefLow <- <('.' 'T' 'O' 'C' '.' '-' (('0' 'b') / ('.' 'L' ([a-z] / [A-Z] / '_' / [0-9])+)) ('@' ('l' / 'L')))> */ + /* 32 TOCRefLow <- <('.' 'T' 'O' 'C' '.' '-' (('0' 'b') / ('.' 'L' ([a-z] / [A-Z] / '_' / [0-9])+)) ('@' ('l' / 'L')))> */ func() bool { - position414, tokenIndex414 := position, tokenIndex + position428, tokenIndex428 := position, tokenIndex { - position415 := position + position429 := position if buffer[position] != rune('.') { - goto l414 + goto l428 } position++ if buffer[position] != rune('T') { - goto l414 + goto l428 } position++ if buffer[position] != rune('O') { - goto l414 + goto l428 } position++ if buffer[position] != rune('C') { - goto l414 + goto l428 } position++ if buffer[position] != rune('.') { - goto l414 + goto l428 } position++ if buffer[position] != rune('-') { - goto l414 + goto l428 } position++ { - position416, tokenIndex416 := position, tokenIndex + position430, tokenIndex430 := position, tokenIndex if buffer[position] != rune('0') { - goto l417 + goto l431 } position++ if buffer[position] != rune('b') { - goto l417 + goto l431 } position++ - goto l416 - l417: - position, tokenIndex = position416, tokenIndex416 + goto l430 + l431: + position, tokenIndex = position430, tokenIndex430 if buffer[position] != rune('.') { - goto l414 + goto l428 } position++ if buffer[position] != rune('L') { - goto l414 + goto l428 } position++ { - position420, tokenIndex420 := position, tokenIndex + position434, tokenIndex434 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l421 + goto l435 } position++ - goto l420 - l421: - position, tokenIndex = position420, tokenIndex420 + goto l434 + l435: + position, tokenIndex = position434, tokenIndex434 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l422 + goto l436 } position++ - goto l420 - l422: - position, tokenIndex = position420, tokenIndex420 + goto l434 + l436: + position, tokenIndex = position434, tokenIndex434 if buffer[position] != rune('_') { - goto l423 + goto l437 } position++ - goto l420 - l423: - position, tokenIndex = position420, tokenIndex420 + goto l434 + l437: + position, tokenIndex = position434, tokenIndex434 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l414 + goto l428 } position++ } - l420: - l418: + l434: + l432: { - position419, tokenIndex419 := position, tokenIndex + position433, tokenIndex433 := position, tokenIndex { - position424, tokenIndex424 := position, tokenIndex + position438, tokenIndex438 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l425 + goto l439 } position++ - goto l424 - l425: - position, tokenIndex = position424, tokenIndex424 + goto l438 + l439: + position, tokenIndex = position438, tokenIndex438 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l426 + goto l440 } position++ - goto l424 - l426: - position, tokenIndex = position424, tokenIndex424 + goto l438 + l440: + position, tokenIndex = position438, tokenIndex438 if buffer[position] != rune('_') { - goto l427 + goto l441 } position++ - goto l424 - l427: - position, tokenIndex = position424, tokenIndex424 + goto l438 + l441: + position, tokenIndex = position438, tokenIndex438 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l419 + goto l433 } position++ } - l424: - goto l418 - l419: - position, tokenIndex = position419, tokenIndex419 + l438: + goto l432 + l433: + position, tokenIndex = position433, tokenIndex433 } } - l416: + l430: if buffer[position] != rune('@') { - goto l414 + goto l428 } position++ { - position428, tokenIndex428 := position, tokenIndex + position442, tokenIndex442 := position, tokenIndex if buffer[position] != rune('l') { - goto l429 + goto l443 } position++ - goto l428 - l429: - position, tokenIndex = position428, tokenIndex428 + goto l442 + l443: + position, tokenIndex = position442, tokenIndex442 if buffer[position] != rune('L') { - goto l414 + goto l428 } position++ } - l428: - add(ruleTOCRefLow, position415) + l442: + add(ruleTOCRefLow, position429) } return true - l414: - position, tokenIndex = position414, tokenIndex414 + l428: + position, tokenIndex = position428, tokenIndex428 return false }, - /* 31 IndirectionIndicator <- <'*'> */ + /* 33 IndirectionIndicator <- <'*'> */ func() bool { - position430, tokenIndex430 := position, tokenIndex + position444, tokenIndex444 := position, tokenIndex { - position431 := position + position445 := position if buffer[position] != rune('*') { - goto l430 + goto l444 } position++ - add(ruleIndirectionIndicator, position431) + add(ruleIndirectionIndicator, position445) } return true - l430: - position, tokenIndex = position430, tokenIndex430 + l444: + position, tokenIndex = position444, tokenIndex444 return false }, - /* 32 RegisterOrConstant <- <((('%' ([a-z] / [A-Z]) ([a-z] / [A-Z] / ([0-9] / [0-9]))*) / ('$'? ((Offset Offset) / Offset))) !('f' / 'b' / ':' / '(' / '+' / '-'))> */ + /* 34 RegisterOrConstant <- <((('%' ([a-z] / [A-Z]) ([a-z] / [A-Z] / ([0-9] / [0-9]))*) / ('$'? ((Offset Offset) / Offset))) !('f' / 'b' / ':' / '(' / '+' / '-'))> */ func() bool { - position432, tokenIndex432 := position, tokenIndex + position446, tokenIndex446 := position, tokenIndex { - position433 := position + position447 := position { - position434, tokenIndex434 := position, tokenIndex + position448, tokenIndex448 := position, tokenIndex if buffer[position] != rune('%') { - goto l435 + goto l449 } position++ { - position436, tokenIndex436 := position, tokenIndex + position450, tokenIndex450 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l437 + goto l451 } position++ - goto l436 - l437: - position, tokenIndex = position436, tokenIndex436 + goto l450 + l451: + position, tokenIndex = position450, tokenIndex450 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l435 + goto l449 } position++ } - l436: - l438: + l450: + l452: { - position439, tokenIndex439 := position, tokenIndex + position453, tokenIndex453 := position, tokenIndex { - position440, tokenIndex440 := position, tokenIndex + position454, tokenIndex454 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l441 + goto l455 } position++ - goto l440 - l441: - position, tokenIndex = position440, tokenIndex440 + goto l454 + l455: + position, tokenIndex = position454, tokenIndex454 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l442 + goto l456 } position++ - goto l440 - l442: - position, tokenIndex = position440, tokenIndex440 + goto l454 + l456: + position, tokenIndex = position454, tokenIndex454 { - position443, tokenIndex443 := position, tokenIndex + position457, tokenIndex457 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l444 + goto l458 } position++ - goto l443 - l444: - position, tokenIndex = position443, tokenIndex443 + goto l457 + l458: + position, tokenIndex = position457, tokenIndex457 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l439 + goto l453 } position++ } - l443: + l457: } - l440: - goto l438 - l439: - position, tokenIndex = position439, tokenIndex439 + l454: + goto l452 + l453: + position, tokenIndex = position453, tokenIndex453 } - goto l434 - l435: - position, tokenIndex = position434, tokenIndex434 + goto l448 + l449: + position, tokenIndex = position448, tokenIndex448 { - position445, tokenIndex445 := position, tokenIndex + position459, tokenIndex459 := position, tokenIndex if buffer[position] != rune('$') { - goto l445 + goto l459 } position++ - goto l446 - l445: - position, tokenIndex = position445, tokenIndex445 + goto l460 + l459: + position, tokenIndex = position459, tokenIndex459 } - l446: + l460: { - position447, tokenIndex447 := position, tokenIndex + position461, tokenIndex461 := position, tokenIndex if !_rules[ruleOffset]() { - goto l448 + goto l462 } if !_rules[ruleOffset]() { - goto l448 + goto l462 } - goto l447 - l448: - position, tokenIndex = position447, tokenIndex447 + goto l461 + l462: + position, tokenIndex = position461, tokenIndex461 if !_rules[ruleOffset]() { - goto l432 + goto l446 } } - l447: + l461: } - l434: + l448: { - position449, tokenIndex449 := position, tokenIndex + position463, tokenIndex463 := position, tokenIndex { - position450, tokenIndex450 := position, tokenIndex + position464, tokenIndex464 := position, tokenIndex if buffer[position] != rune('f') { - goto l451 + goto l465 } position++ - goto l450 - l451: - position, tokenIndex = position450, tokenIndex450 + goto l464 + l465: + position, tokenIndex = position464, tokenIndex464 if buffer[position] != rune('b') { - goto l452 + goto l466 } position++ - goto l450 - l452: - position, tokenIndex = position450, tokenIndex450 + goto l464 + l466: + position, tokenIndex = position464, tokenIndex464 if buffer[position] != rune(':') { - goto l453 + goto l467 } position++ - goto l450 - l453: - position, tokenIndex = position450, tokenIndex450 + goto l464 + l467: + position, tokenIndex = position464, tokenIndex464 if buffer[position] != rune('(') { - goto l454 + goto l468 } position++ - goto l450 - l454: - position, tokenIndex = position450, tokenIndex450 + goto l464 + l468: + position, tokenIndex = position464, tokenIndex464 if buffer[position] != rune('+') { - goto l455 + goto l469 } position++ - goto l450 - l455: - position, tokenIndex = position450, tokenIndex450 + goto l464 + l469: + position, tokenIndex = position464, tokenIndex464 if buffer[position] != rune('-') { - goto l449 + goto l463 } position++ } - l450: - goto l432 - l449: - position, tokenIndex = position449, tokenIndex449 + l464: + goto l446 + l463: + position, tokenIndex = position463, tokenIndex463 } - add(ruleRegisterOrConstant, position433) + add(ruleRegisterOrConstant, position447) } return true - l432: - position, tokenIndex = position432, tokenIndex432 + l446: + position, tokenIndex = position446, tokenIndex446 return false }, - /* 33 MemoryRef <- <((SymbolRef BaseIndexScale) / SymbolRef / (Offset* BaseIndexScale) / (SegmentRegister Offset BaseIndexScale) / (SegmentRegister BaseIndexScale) / (SegmentRegister Offset) / BaseIndexScale)> */ + /* 35 MemoryRef <- <((SymbolRef BaseIndexScale) / SymbolRef / (Offset* BaseIndexScale) / (SegmentRegister Offset BaseIndexScale) / (SegmentRegister BaseIndexScale) / (SegmentRegister Offset) / BaseIndexScale)> */ func() bool { - position456, tokenIndex456 := position, tokenIndex + position470, tokenIndex470 := position, tokenIndex { - position457 := position + position471 := position { - position458, tokenIndex458 := position, tokenIndex + position472, tokenIndex472 := position, tokenIndex if !_rules[ruleSymbolRef]() { - goto l459 + goto l473 } if !_rules[ruleBaseIndexScale]() { - goto l459 + goto l473 } - goto l458 - l459: - position, tokenIndex = position458, tokenIndex458 + goto l472 + l473: + position, tokenIndex = position472, tokenIndex472 if !_rules[ruleSymbolRef]() { - goto l460 + goto l474 } - goto l458 - l460: - position, tokenIndex = position458, tokenIndex458 - l462: + goto l472 + l474: + position, tokenIndex = position472, tokenIndex472 + l476: { - position463, tokenIndex463 := position, tokenIndex + position477, tokenIndex477 := position, tokenIndex if !_rules[ruleOffset]() { - goto l463 + goto l477 } - goto l462 - l463: - position, tokenIndex = position463, tokenIndex463 + goto l476 + l477: + position, tokenIndex = position477, tokenIndex477 } if !_rules[ruleBaseIndexScale]() { - goto l461 + goto l475 } - goto l458 - l461: - position, tokenIndex = position458, tokenIndex458 + goto l472 + l475: + position, tokenIndex = position472, tokenIndex472 if !_rules[ruleSegmentRegister]() { - goto l464 + goto l478 } if !_rules[ruleOffset]() { - goto l464 + goto l478 } if !_rules[ruleBaseIndexScale]() { - goto l464 + goto l478 } - goto l458 - l464: - position, tokenIndex = position458, tokenIndex458 + goto l472 + l478: + position, tokenIndex = position472, tokenIndex472 if !_rules[ruleSegmentRegister]() { - goto l465 + goto l479 } if !_rules[ruleBaseIndexScale]() { - goto l465 + goto l479 } - goto l458 - l465: - position, tokenIndex = position458, tokenIndex458 + goto l472 + l479: + position, tokenIndex = position472, tokenIndex472 if !_rules[ruleSegmentRegister]() { - goto l466 + goto l480 } if !_rules[ruleOffset]() { - goto l466 + goto l480 } - goto l458 - l466: - position, tokenIndex = position458, tokenIndex458 + goto l472 + l480: + position, tokenIndex = position472, tokenIndex472 if !_rules[ruleBaseIndexScale]() { - goto l456 + goto l470 } } - l458: - add(ruleMemoryRef, position457) + l472: + add(ruleMemoryRef, position471) } return true - l456: - position, tokenIndex = position456, tokenIndex456 + l470: + position, tokenIndex = position470, tokenIndex470 return false }, - /* 34 SymbolRef <- <((Offset* '+')? (LocalSymbol / SymbolName) Offset* ('@' Section Offset*)?)> */ + /* 36 SymbolRef <- <((Offset* '+')? (LocalSymbol / SymbolName) Offset* ('@' Section Offset*)?)> */ func() bool { - position467, tokenIndex467 := position, tokenIndex + position481, tokenIndex481 := position, tokenIndex { - position468 := position + position482 := position { - position469, tokenIndex469 := position, tokenIndex - l471: + position483, tokenIndex483 := position, tokenIndex + l485: { - position472, tokenIndex472 := position, tokenIndex + position486, tokenIndex486 := position, tokenIndex if !_rules[ruleOffset]() { - goto l472 + goto l486 } - goto l471 - l472: - position, tokenIndex = position472, tokenIndex472 + goto l485 + l486: + position, tokenIndex = position486, tokenIndex486 } if buffer[position] != rune('+') { - goto l469 + goto l483 } position++ - goto l470 - l469: - position, tokenIndex = position469, tokenIndex469 + goto l484 + l483: + position, tokenIndex = position483, tokenIndex483 } - l470: + l484: { - position473, tokenIndex473 := position, tokenIndex + position487, tokenIndex487 := position, tokenIndex if !_rules[ruleLocalSymbol]() { - goto l474 + goto l488 } - goto l473 - l474: - position, tokenIndex = position473, tokenIndex473 + goto l487 + l488: + position, tokenIndex = position487, tokenIndex487 if !_rules[ruleSymbolName]() { - goto l467 + goto l481 } } - l473: - l475: + l487: + l489: { - position476, tokenIndex476 := position, tokenIndex + position490, tokenIndex490 := position, tokenIndex if !_rules[ruleOffset]() { - goto l476 + goto l490 } - goto l475 - l476: - position, tokenIndex = position476, tokenIndex476 + goto l489 + l490: + position, tokenIndex = position490, tokenIndex490 } { - position477, tokenIndex477 := position, tokenIndex + position491, tokenIndex491 := position, tokenIndex if buffer[position] != rune('@') { - goto l477 + goto l491 } position++ if !_rules[ruleSection]() { - goto l477 + goto l491 } - l479: + l493: { - position480, tokenIndex480 := position, tokenIndex + position494, tokenIndex494 := position, tokenIndex if !_rules[ruleOffset]() { - goto l480 + goto l494 } - goto l479 - l480: - position, tokenIndex = position480, tokenIndex480 + goto l493 + l494: + position, tokenIndex = position494, tokenIndex494 } - goto l478 - l477: - position, tokenIndex = position477, tokenIndex477 + goto l492 + l491: + position, tokenIndex = position491, tokenIndex491 } - l478: - add(ruleSymbolRef, position468) + l492: + add(ruleSymbolRef, position482) } return true - l467: - position, tokenIndex = position467, tokenIndex467 + l481: + position, tokenIndex = position481, tokenIndex481 return false }, - /* 35 BaseIndexScale <- <('(' RegisterOrConstant? WS? (',' WS? RegisterOrConstant WS? (',' [0-9]+)?)? ')')> */ + /* 37 BaseIndexScale <- <('(' RegisterOrConstant? WS? (',' WS? RegisterOrConstant WS? (',' [0-9]+)?)? ')')> */ func() bool { - position481, tokenIndex481 := position, tokenIndex + position495, tokenIndex495 := position, tokenIndex { - position482 := position + position496 := position if buffer[position] != rune('(') { - goto l481 + goto l495 } position++ { - position483, tokenIndex483 := position, tokenIndex + position497, tokenIndex497 := position, tokenIndex if !_rules[ruleRegisterOrConstant]() { - goto l483 + goto l497 } - goto l484 - l483: - position, tokenIndex = position483, tokenIndex483 + goto l498 + l497: + position, tokenIndex = position497, tokenIndex497 } - l484: + l498: { - position485, tokenIndex485 := position, tokenIndex + position499, tokenIndex499 := position, tokenIndex if !_rules[ruleWS]() { - goto l485 + goto l499 } - goto l486 - l485: - position, tokenIndex = position485, tokenIndex485 + goto l500 + l499: + position, tokenIndex = position499, tokenIndex499 } - l486: + l500: { - position487, tokenIndex487 := position, tokenIndex + position501, tokenIndex501 := position, tokenIndex if buffer[position] != rune(',') { - goto l487 + goto l501 } position++ { - position489, tokenIndex489 := position, tokenIndex + position503, tokenIndex503 := position, tokenIndex if !_rules[ruleWS]() { - goto l489 + goto l503 } - goto l490 - l489: - position, tokenIndex = position489, tokenIndex489 + goto l504 + l503: + position, tokenIndex = position503, tokenIndex503 } - l490: + l504: if !_rules[ruleRegisterOrConstant]() { - goto l487 + goto l501 } { - position491, tokenIndex491 := position, tokenIndex + position505, tokenIndex505 := position, tokenIndex if !_rules[ruleWS]() { - goto l491 + goto l505 } - goto l492 - l491: - position, tokenIndex = position491, tokenIndex491 + goto l506 + l505: + position, tokenIndex = position505, tokenIndex505 } - l492: + l506: { - position493, tokenIndex493 := position, tokenIndex + position507, tokenIndex507 := position, tokenIndex if buffer[position] != rune(',') { - goto l493 + goto l507 } position++ if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l493 + goto l507 } position++ - l495: + l509: { - position496, tokenIndex496 := position, tokenIndex + position510, tokenIndex510 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l496 + goto l510 } position++ - goto l495 - l496: - position, tokenIndex = position496, tokenIndex496 + goto l509 + l510: + position, tokenIndex = position510, tokenIndex510 } - goto l494 - l493: - position, tokenIndex = position493, tokenIndex493 + goto l508 + l507: + position, tokenIndex = position507, tokenIndex507 } - l494: - goto l488 - l487: - position, tokenIndex = position487, tokenIndex487 + l508: + goto l502 + l501: + position, tokenIndex = position501, tokenIndex501 } - l488: + l502: if buffer[position] != rune(')') { - goto l481 + goto l495 } position++ - add(ruleBaseIndexScale, position482) + add(ruleBaseIndexScale, position496) } return true - l481: - position, tokenIndex = position481, tokenIndex481 + l495: + position, tokenIndex = position495, tokenIndex495 return false }, - /* 36 Operator <- <('+' / '-')> */ + /* 38 Operator <- <('+' / '-')> */ func() bool { - position497, tokenIndex497 := position, tokenIndex + position511, tokenIndex511 := position, tokenIndex { - position498 := position + position512 := position { - position499, tokenIndex499 := position, tokenIndex + position513, tokenIndex513 := position, tokenIndex if buffer[position] != rune('+') { - goto l500 + goto l514 } position++ - goto l499 - l500: - position, tokenIndex = position499, tokenIndex499 + goto l513 + l514: + position, tokenIndex = position513, tokenIndex513 if buffer[position] != rune('-') { - goto l497 + goto l511 } position++ } - l499: - add(ruleOperator, position498) + l513: + add(ruleOperator, position512) } return true - l497: - position, tokenIndex = position497, tokenIndex497 + l511: + position, tokenIndex = position511, tokenIndex511 return false }, - /* 37 Offset <- <('+'? '-'? (('0' ('b' / 'B') ('0' / '1')+) / ('0' ('x' / 'X') ([0-9] / [0-9] / ([a-f] / [A-F]))+) / [0-9]+))> */ + /* 39 Offset <- <('+'? '-'? (('0' ('b' / 'B') ('0' / '1')+) / ('0' ('x' / 'X') ([0-9] / [0-9] / ([a-f] / [A-F]))+) / [0-9]+))> */ func() bool { - position501, tokenIndex501 := position, tokenIndex + position515, tokenIndex515 := position, tokenIndex { - position502 := position + position516 := position { - position503, tokenIndex503 := position, tokenIndex + position517, tokenIndex517 := position, tokenIndex if buffer[position] != rune('+') { - goto l503 + goto l517 } position++ - goto l504 - l503: - position, tokenIndex = position503, tokenIndex503 + goto l518 + l517: + position, tokenIndex = position517, tokenIndex517 } - l504: + l518: { - position505, tokenIndex505 := position, tokenIndex + position519, tokenIndex519 := position, tokenIndex if buffer[position] != rune('-') { - goto l505 + goto l519 } position++ - goto l506 - l505: - position, tokenIndex = position505, tokenIndex505 + goto l520 + l519: + position, tokenIndex = position519, tokenIndex519 } - l506: + l520: { - position507, tokenIndex507 := position, tokenIndex + position521, tokenIndex521 := position, tokenIndex if buffer[position] != rune('0') { - goto l508 + goto l522 } position++ { - position509, tokenIndex509 := position, tokenIndex + position523, tokenIndex523 := position, tokenIndex if buffer[position] != rune('b') { - goto l510 + goto l524 } position++ - goto l509 - l510: - position, tokenIndex = position509, tokenIndex509 + goto l523 + l524: + position, tokenIndex = position523, tokenIndex523 if buffer[position] != rune('B') { - goto l508 + goto l522 } position++ } - l509: + l523: { - position513, tokenIndex513 := position, tokenIndex + position527, tokenIndex527 := position, tokenIndex if buffer[position] != rune('0') { - goto l514 + goto l528 } position++ - goto l513 - l514: - position, tokenIndex = position513, tokenIndex513 + goto l527 + l528: + position, tokenIndex = position527, tokenIndex527 if buffer[position] != rune('1') { - goto l508 + goto l522 } position++ } - l513: - l511: + l527: + l525: { - position512, tokenIndex512 := position, tokenIndex + position526, tokenIndex526 := position, tokenIndex { - position515, tokenIndex515 := position, tokenIndex + position529, tokenIndex529 := position, tokenIndex if buffer[position] != rune('0') { - goto l516 + goto l530 } position++ - goto l515 - l516: - position, tokenIndex = position515, tokenIndex515 + goto l529 + l530: + position, tokenIndex = position529, tokenIndex529 if buffer[position] != rune('1') { - goto l512 + goto l526 } position++ } - l515: - goto l511 - l512: - position, tokenIndex = position512, tokenIndex512 + l529: + goto l525 + l526: + position, tokenIndex = position526, tokenIndex526 } - goto l507 - l508: - position, tokenIndex = position507, tokenIndex507 + goto l521 + l522: + position, tokenIndex = position521, tokenIndex521 if buffer[position] != rune('0') { - goto l517 + goto l531 } position++ { - position518, tokenIndex518 := position, tokenIndex + position532, tokenIndex532 := position, tokenIndex if buffer[position] != rune('x') { - goto l519 + goto l533 } position++ - goto l518 - l519: - position, tokenIndex = position518, tokenIndex518 + goto l532 + l533: + position, tokenIndex = position532, tokenIndex532 if buffer[position] != rune('X') { - goto l517 + goto l531 } position++ } - l518: + l532: { - position522, tokenIndex522 := position, tokenIndex + position536, tokenIndex536 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l523 + goto l537 } position++ - goto l522 - l523: - position, tokenIndex = position522, tokenIndex522 + goto l536 + l537: + position, tokenIndex = position536, tokenIndex536 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l524 + goto l538 } position++ - goto l522 - l524: - position, tokenIndex = position522, tokenIndex522 + goto l536 + l538: + position, tokenIndex = position536, tokenIndex536 { - position525, tokenIndex525 := position, tokenIndex + position539, tokenIndex539 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('f') { - goto l526 + goto l540 } position++ - goto l525 - l526: - position, tokenIndex = position525, tokenIndex525 + goto l539 + l540: + position, tokenIndex = position539, tokenIndex539 if c := buffer[position]; c < rune('A') || c > rune('F') { - goto l517 + goto l531 } position++ } - l525: + l539: } - l522: - l520: + l536: + l534: { - position521, tokenIndex521 := position, tokenIndex + position535, tokenIndex535 := position, tokenIndex { - position527, tokenIndex527 := position, tokenIndex + position541, tokenIndex541 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l528 + goto l542 } position++ - goto l527 - l528: - position, tokenIndex = position527, tokenIndex527 + goto l541 + l542: + position, tokenIndex = position541, tokenIndex541 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l529 + goto l543 } position++ - goto l527 - l529: - position, tokenIndex = position527, tokenIndex527 + goto l541 + l543: + position, tokenIndex = position541, tokenIndex541 { - position530, tokenIndex530 := position, tokenIndex + position544, tokenIndex544 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('f') { - goto l531 + goto l545 } position++ - goto l530 - l531: - position, tokenIndex = position530, tokenIndex530 + goto l544 + l545: + position, tokenIndex = position544, tokenIndex544 if c := buffer[position]; c < rune('A') || c > rune('F') { - goto l521 + goto l535 } position++ } - l530: + l544: } - l527: - goto l520 - l521: - position, tokenIndex = position521, tokenIndex521 + l541: + goto l534 + l535: + position, tokenIndex = position535, tokenIndex535 } - goto l507 - l517: - position, tokenIndex = position507, tokenIndex507 + goto l521 + l531: + position, tokenIndex = position521, tokenIndex521 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l501 + goto l515 } position++ - l532: + l546: { - position533, tokenIndex533 := position, tokenIndex + position547, tokenIndex547 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l533 + goto l547 } position++ - goto l532 - l533: - position, tokenIndex = position533, tokenIndex533 + goto l546 + l547: + position, tokenIndex = position547, tokenIndex547 } } - l507: - add(ruleOffset, position502) + l521: + add(ruleOffset, position516) } return true - l501: - position, tokenIndex = position501, tokenIndex501 + l515: + position, tokenIndex = position515, tokenIndex515 return false }, - /* 38 Section <- <([a-z] / [A-Z] / '@')+> */ + /* 40 Section <- <([a-z] / [A-Z] / '@')+> */ func() bool { - position534, tokenIndex534 := position, tokenIndex + position548, tokenIndex548 := position, tokenIndex { - position535 := position + position549 := position { - position538, tokenIndex538 := position, tokenIndex + position552, tokenIndex552 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l539 + goto l553 } position++ - goto l538 - l539: - position, tokenIndex = position538, tokenIndex538 + goto l552 + l553: + position, tokenIndex = position552, tokenIndex552 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l540 + goto l554 } position++ - goto l538 - l540: - position, tokenIndex = position538, tokenIndex538 + goto l552 + l554: + position, tokenIndex = position552, tokenIndex552 if buffer[position] != rune('@') { - goto l534 + goto l548 } position++ } - l538: - l536: + l552: + l550: { - position537, tokenIndex537 := position, tokenIndex + position551, tokenIndex551 := position, tokenIndex { - position541, tokenIndex541 := position, tokenIndex + position555, tokenIndex555 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l542 + goto l556 } position++ - goto l541 - l542: - position, tokenIndex = position541, tokenIndex541 + goto l555 + l556: + position, tokenIndex = position555, tokenIndex555 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l543 + goto l557 } position++ - goto l541 - l543: - position, tokenIndex = position541, tokenIndex541 + goto l555 + l557: + position, tokenIndex = position555, tokenIndex555 if buffer[position] != rune('@') { - goto l537 + goto l551 } position++ } - l541: - goto l536 - l537: - position, tokenIndex = position537, tokenIndex537 + l555: + goto l550 + l551: + position, tokenIndex = position551, tokenIndex551 } - add(ruleSection, position535) + add(ruleSection, position549) } return true - l534: - position, tokenIndex = position534, tokenIndex534 + l548: + position, tokenIndex = position548, tokenIndex548 return false }, - /* 39 SegmentRegister <- <('%' ([c-g] / 's') ('s' ':'))> */ + /* 41 SegmentRegister <- <('%' ([c-g] / 's') ('s' ':'))> */ func() bool { - position544, tokenIndex544 := position, tokenIndex + position558, tokenIndex558 := position, tokenIndex { - position545 := position + position559 := position if buffer[position] != rune('%') { - goto l544 + goto l558 } position++ { - position546, tokenIndex546 := position, tokenIndex + position560, tokenIndex560 := position, tokenIndex if c := buffer[position]; c < rune('c') || c > rune('g') { - goto l547 + goto l561 } position++ - goto l546 - l547: - position, tokenIndex = position546, tokenIndex546 + goto l560 + l561: + position, tokenIndex = position560, tokenIndex560 if buffer[position] != rune('s') { - goto l544 + goto l558 } position++ } - l546: + l560: if buffer[position] != rune('s') { - goto l544 + goto l558 } position++ if buffer[position] != rune(':') { - goto l544 + goto l558 } position++ - add(ruleSegmentRegister, position545) + add(ruleSegmentRegister, position559) } return true - l544: - position, tokenIndex = position544, tokenIndex544 + l558: + position, tokenIndex = position558, tokenIndex558 return false }, } diff --git a/util/fipstools/delocate/delocate_test.go b/util/fipstools/delocate/delocate_test.go index 1778fa732b..ed504a0841 100644 --- a/util/fipstools/delocate/delocate_test.go +++ b/util/fipstools/delocate/delocate_test.go @@ -47,6 +47,7 @@ var delocateTests = []delocateTest{ {"x86_64-Basic", []string{"in.s"}, "out.s"}, {"x86_64-BSS", []string{"in.s"}, "out.s"}, {"x86_64-GOTRewrite", []string{"in.s"}, "out.s"}, + {"x86_64-LargeMemory", []string{"in.s"}, "out.s"}, {"x86_64-LabelRewrite", []string{"in1.s", "in2.s"}, "out.s"}, {"x86_64-Sections", []string{"in.s"}, "out.s"}, {"x86_64-ThreeArg", []string{"in.s"}, "out.s"}, diff --git a/util/fipstools/delocate/testdata/x86_64-LargeMemory/in.s b/util/fipstools/delocate/testdata/x86_64-LargeMemory/in.s new file mode 100644 index 0000000000..57ad053edf --- /dev/null +++ b/util/fipstools/delocate/testdata/x86_64-LargeMemory/in.s @@ -0,0 +1,28 @@ + .text + + # PIC function call +.L0: + leaq .L0(%rip), %rax + movabsq $_GLOBAL_OFFSET_TABLE_-.L0, %rcx + addq %rax, %rcx + movabsq $_Z1gv@GOTOFF, %rax + addq %rcx, %rax + jmpq *%rax + + + # PIC global variable load. +.L0$pb: + leaq .L0$pb(%rip), %rax + movabsq $_GLOBAL_OFFSET_TABLE_-.L0$pb, %rcx + addq %rax, %rcx + movabsq $h@GOT, %rax + movq (%rcx,%rax), %rax + movl (%rax), %eax + retq + + # Non-PIC function call. Not yet handled. Doesn't appear to be used in + # configurations that we care about. + # + # movabsq $_Z1gv, %rax + # jmpq *%rax + diff --git a/util/fipstools/delocate/testdata/x86_64-LargeMemory/out.s b/util/fipstools/delocate/testdata/x86_64-LargeMemory/out.s new file mode 100644 index 0000000000..9000b010a2 --- /dev/null +++ b/util/fipstools/delocate/testdata/x86_64-LargeMemory/out.s @@ -0,0 +1,127 @@ +.text +.file 1 "inserted_by_delocate.c" +.loc 1 1 0 +BORINGSSL_bcm_text_start: + .text + + # PIC function call +.L0: + + leaq .L0(%rip), %rax +# WAS movabsq $_GLOBAL_OFFSET_TABLE_-.L0, %rcx + movq .Lboringssl_got_delta(%rip), %rcx + addq $.Lboringssl_got_delta-.L0, %rcx + addq %rax, %rcx +# WAS movabsq $_Z1gv@GOTOFF, %rax + movsl .Lboringssl_gotoff__Z1gv(%rip), %rax + addq %rcx, %rax + jmpq *%rax + + + # PIC global variable load. +.L0$pb: + + leaq .L0$pb(%rip), %rax +# WAS movabsq $_GLOBAL_OFFSET_TABLE_-.L0$pb, %rcx + movq .Lboringssl_got_delta(%rip), %rcx + addq $.Lboringssl_got_delta-.L0$pb, %rcx + addq %rax, %rcx +# WAS movabsq $h@GOT, %rax + movsl .Lboringssl_got_h(%rip), %rax + movq (%rcx,%rax), %rax + movl (%rax), %eax + retq + + # Non-PIC function call. Not yet handled. Doesn't appear to be used in + # configurations that we care about. + # + # movabsq $_Z1gv, %rax + # jmpq *%rax + +.text +.loc 1 2 0 +BORINGSSL_bcm_text_end: +.type OPENSSL_ia32cap_get, @function +.globl OPENSSL_ia32cap_get +.LOPENSSL_ia32cap_get_local_target: +OPENSSL_ia32cap_get: + leaq OPENSSL_ia32cap_P(%rip), %rax + ret +.extern OPENSSL_ia32cap_P +.type OPENSSL_ia32cap_addr_delta, @object +.size OPENSSL_ia32cap_addr_delta, 8 +OPENSSL_ia32cap_addr_delta: +.quad OPENSSL_ia32cap_P-OPENSSL_ia32cap_addr_delta +.Lboringssl_got_delta: + .quad _GLOBAL_OFFSET_TABLE_-.Lboringssl_got_delta +.Lboringssl_got_h: + .long h@GOT +.Lboringssl_gotoff__Z1gv: + .long _Z1gv@GOTOFF +.type BORINGSSL_bcm_text_hash, @object +.size BORINGSSL_bcm_text_hash, 64 +BORINGSSL_bcm_text_hash: +.byte 0xae +.byte 0x2c +.byte 0xea +.byte 0x2a +.byte 0xbd +.byte 0xa6 +.byte 0xf3 +.byte 0xec +.byte 0x97 +.byte 0x7f +.byte 0x9b +.byte 0xf6 +.byte 0x94 +.byte 0x9a +.byte 0xfc +.byte 0x83 +.byte 0x68 +.byte 0x27 +.byte 0xcb +.byte 0xa0 +.byte 0xa0 +.byte 0x9f +.byte 0x6b +.byte 0x6f +.byte 0xde +.byte 0x52 +.byte 0xcd +.byte 0xe2 +.byte 0xcd +.byte 0xff +.byte 0x31 +.byte 0x80 +.byte 0xa2 +.byte 0xd4 +.byte 0xc3 +.byte 0x66 +.byte 0xf +.byte 0xc2 +.byte 0x6a +.byte 0x7b +.byte 0xf4 +.byte 0xbe +.byte 0x39 +.byte 0xa2 +.byte 0xd7 +.byte 0x25 +.byte 0xdb +.byte 0x21 +.byte 0x98 +.byte 0xe9 +.byte 0xd5 +.byte 0x53 +.byte 0xbf +.byte 0x5c +.byte 0x32 +.byte 0x6 +.byte 0x83 +.byte 0x34 +.byte 0xc +.byte 0x65 +.byte 0x89 +.byte 0x52 +.byte 0xbd +.byte 0x1f From dcd6e447eba4f32f49c22c6196ed0e714cc522c1 Mon Sep 17 00:00:00 2001 From: Watson Ladd Date: Mon, 10 Aug 2020 15:12:45 -0400 Subject: [PATCH 068/399] Support delegated credentials verison 06 This version adds signature algorithms to the extension Change-Id: I91dc78d33ee81cb7a6221c7bdeefc8ea460a2d6c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42424 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- include/openssl/ssl.h | 12 ++++++++++++ include/openssl/tls1.h | 5 ++--- ssl/internal.h | 4 ++++ ssl/ssl_cert.cc | 9 +++------ ssl/ssl_lib.cc | 10 ++++++++++ ssl/t1_lib.cc | 18 ++++++++++-------- ssl/test/runner/common.go | 2 +- ssl/test/runner/handshake_messages.go | 6 +++++- ssl/test/runner/runner.go | 3 ++- 9 files changed, 49 insertions(+), 20 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 07a39d28c0..96ba53b61e 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -953,6 +953,18 @@ OPENSSL_EXPORT size_t SSL_get0_certificate_types(const SSL *ssl, OPENSSL_EXPORT size_t SSL_get0_peer_verify_algorithms(const SSL *ssl, const uint16_t **out_sigalgs); +// SSL_get0_peer_delegation_algorithms sets |*out_sigalgs| to an array +// containing the signature algorithms the peer is willing to use with delegated +// credentials. It returns the length of the array. If not sent, the empty +// array is returned. +// +// The behavior of this function is undefined except during the callbacks set by +// by |SSL_CTX_set_cert_cb| and |SSL_CTX_set_client_cert_cb| or when the +// handshake is paused because of them. +OPENSSL_EXPORT size_t +SSL_get0_peer_delegation_algorithms(const SSL *ssl, + const uint16_t **out_sigalgs); + // SSL_certs_clear resets the private key, leaf certificate, and certificate // chain of |ssl|. OPENSSL_EXPORT void SSL_certs_clear(SSL *ssl); diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 64ed762214..13545dd254 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -232,9 +232,8 @@ extern "C" { // ExtensionType value from RFC5746 #define TLSEXT_TYPE_renegotiate 0xff01 -// ExtensionType value from draft-ietf-tls-subcerts. This is not an IANA defined -// extension number. -#define TLSEXT_TYPE_delegated_credential 0xff02 +// ExtensionType value from draft-ietf-tls-subcerts. +#define TLSEXT_TYPE_delegated_credential 0x22 // ExtensionType value from RFC6962 #define TLSEXT_TYPE_certificate_timestamp 18 diff --git a/ssl/internal.h b/ssl/internal.h index 2000409bfd..e08505fc79 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -1650,6 +1650,10 @@ struct SSL_HANDSHAKE { // advertise this extension to the client. Array peer_supported_group_list; + // peer_delegated_credential_sigalgs are the signature algorithms the peer + // supports with delegated credentials. + Array peer_delegated_credential_sigalgs; + // peer_key is the peer's ECDH key for a TLS 1.2 client. Array peer_key; diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc index 6bac3a970d..c64303ab9d 100644 --- a/ssl/ssl_cert.cc +++ b/ssl/ssl_cert.cc @@ -821,16 +821,13 @@ static bool ssl_can_serve_dc(const SSL_HANDSHAKE *hs) { } // Check that the DC signature algorithm is supported by the peer. - Span peer_sigalgs = tls1_get_peer_verify_algorithms(hs); - bool sigalg_found = false; + Span peer_sigalgs = hs->peer_delegated_credential_sigalgs; for (uint16_t peer_sigalg : peer_sigalgs) { if (dc->expected_cert_verify_algorithm == peer_sigalg) { - sigalg_found = true; - break; + return true; } } - - return sigalg_found; + return false; } bool ssl_signing_with_dc(const SSL_HANDSHAKE *hs) { diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc index 90c265e71b..10a97ea94b 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc @@ -2360,6 +2360,16 @@ size_t SSL_get0_peer_verify_algorithms(const SSL *ssl, return sigalgs.size(); } +size_t SSL_get0_peer_delegation_algorithms(const SSL *ssl, + const uint16_t **out_sigalgs){ + Span sigalgs; + if (ssl->s3->hs != nullptr) { + sigalgs = ssl->s3->hs->peer_delegated_credential_sigalgs; + } + *out_sigalgs = sigalgs.data(); + return sigalgs.size(); +} + EVP_PKEY *SSL_get_privatekey(const SSL *ssl) { if (!ssl->config) { assert(ssl->config); diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc index f274b11dbd..4a2bbcf868 100644 --- a/ssl/t1_lib.cc +++ b/ssl/t1_lib.cc @@ -2673,20 +2673,22 @@ static bool ext_delegated_credential_add_clienthello(SSL_HANDSHAKE *hs, static bool ext_delegated_credential_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { - assert(TLSEXT_TYPE_delegated_credential == 0xff02); - // TODO: Check that the extension is empty. - // - // As of draft-03, the client sends an empty extension in order indicate - // support for delegated credentials. This could change, however, since the - // spec is not yet finalized. This assertion is here to remind us to enforce - // this check once the extension ID is assigned. - if (contents == nullptr || ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) { // Don't use delegated credentials unless we're negotiating TLS 1.3 or // higher. return true; } + // The contents of the extension are the signature algorithms the client will + // accept for a delegated credential. + CBS sigalg_list; + if (!CBS_get_u16_length_prefixed(contents, &sigalg_list) || + CBS_len(&sigalg_list) == 0 || + CBS_len(contents) != 0 || + !parse_u16_array(&sigalg_list, &hs->peer_delegated_credential_sigalgs)) { + return false; + } + hs->delegated_credential_requested = true; return true; } diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go index 3a104d97fb..6a744db85d 100644 --- a/ssl/test/runner/common.go +++ b/ssl/test/runner/common.go @@ -124,7 +124,7 @@ const ( extensionRenegotiationInfo uint16 = 0xff01 extensionQUICTransportParams uint16 = 0xffa5 // draft-ietf-quic-tls-13 extensionChannelID uint16 = 30032 // not IANA assigned - extensionDelegatedCredentials uint16 = 0xff02 // not IANA assigned + extensionDelegatedCredentials uint16 = 0x22 // draft-ietf-tls-subcerts-06 ) // TLS signaling cipher suite values diff --git a/ssl/test/runner/handshake_messages.go b/ssl/test/runner/handshake_messages.go index a1ce421759..9d3b6bcbd6 100644 --- a/ssl/test/runner/handshake_messages.go +++ b/ssl/test/runner/handshake_messages.go @@ -596,7 +596,11 @@ func (m *clientHelloMsg) marshal() []byte { } if m.delegatedCredentials { extensions.addU16(extensionDelegatedCredentials) - extensions.addU16(0) // Length is always 0 + body := extensions.addU16LengthPrefixed() + signatureSchemeList := body.addU16LengthPrefixed() + for _, sigAlg := range m.signatureAlgorithms { + signatureSchemeList.addU16(uint16(sigAlg)) + } } // The PSK extension must be last. See https://tools.ietf.org/html/rfc8446#section-4.2.11 diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 5527f96e5c..aac4567d74 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -9499,7 +9499,8 @@ func addSignatureAlgorithmTests() { signatureRSAPKCS1WithSHA1, }, Bugs: ProtocolBugs{ - NoSignatureAlgorithms: true, + NoSignatureAlgorithms: true, + DisableDelegatedCredentials: true, }, }, shouldFail: true, From a0b49d63fdc33e54eac93674c86891d15d181d87 Mon Sep 17 00:00:00 2001 From: Tamas Petz Date: Mon, 15 Jun 2020 11:46:59 +0200 Subject: [PATCH 069/399] aarch64: support BTI and pointer authentication in assembly This change adds optional support for - Armv8.3-A Pointer Authentication (PAuth) and - Armv8.5-A Branch Target Identification (BTI) features to the perl scripts. Both features can be enabled with additional compiler flags. Unless any of these are enabled explicitly there is no code change at all. The extensions are briefly described below. Please read the appropriate chapters of the Arm Architecture Reference Manual for the complete specification. Scope ----- This change only affects generated assembly code. Armv8.3-A Pointer Authentication -------------------------------- Pointer Authentication extension supports the authentication of the contents of registers before they are used for indirect branching or load. PAuth provides a probabilistic method to detect corruption of register values. PAuth signing instructions generate a Pointer Authentication Code (PAC) based on the value of a register, a seed and a key. The generated PAC is inserted into the original value in the register. A PAuth authentication instruction recomputes the PAC, and if it matches the PAC in the register, restores its original value. In case of a mismatch, an architecturally unmapped address is generated instead. With PAuth, mitigation against ROP (Return-oriented Programming) attacks can be implemented. This is achieved by signing the contents of the link-register (LR) before it is pushed to stack. Once LR is popped, it is authenticated. This way a stack corruption which overwrites the LR on the stack is detectable. The PAuth extension adds several new instructions, some of which are not recognized by older hardware. To support a single codebase for both pre Armv8.3-A targets and newer ones, only NOP-space instructions are added by this patch. These instructions are treated as NOPs on hardware which does not support Armv8.3-A. Furthermore, this patch only considers cases where LR is saved to the stack and then restored before branching to its content. There are cases in the code where LR is pushed to stack but it is not used later. We do not address these cases as they are not affected by PAuth. There are two keys available to sign an instruction address: A and B. PACIASP and PACIBSP only differ in the used keys: A and B, respectively. The keys are typically managed by the operating system. To enable generating code for PAuth compile with -mbranch-protection=: - standard or pac-ret: add PACIASP and AUTIASP, also enables BTI (read below) - pac-ret+b-key: add PACIBSP and AUTIBSP Armv8.5-A Branch Target Identification -------------------------------------- Branch Target Identification features some new instructions which protect the execution of instructions on guarded pages which are not intended branch targets. If Armv8.5-A is supported by the hardware, execution of an instruction changes the value of PSTATE.BTYPE field. If an indirect branch lands on a guarded page the target instruction must be one of the BTI flavors, or in case of a direct call or jump it can be any other instruction. If the target instruction is not compatible with the value of PSTATE.BTYPE a Branch Target Exception is generated. In short, indirect jumps are compatible with BTI and while indirect calls are compatible with BTI and . Please refer to the specification for the details. Armv8.3-A PACIASP and PACIBSP are implicit branch target identification instructions which are equivalent with BTI c or BTI jc depending on system register configuration. BTI is used to mitigate JOP (Jump-oriented Programming) attacks by limiting the set of instructions which can be jumped to. BTI requires active linker support to mark the pages with BTI-enabled code as guarded. For ELF64 files BTI compatibility is recorded in the .note.gnu.property section. For a shared object or static binary it is required that all linked units support BTI. This means that even a single assembly file without the required note section turns-off BTI for the whole binary or shared object. The new BTI instructions are treated as NOPs on hardware which does not support Armv8.5-A or on pages which are not guarded. To insert this new and optional instruction compile with -mbranch-protection=standard (also enables PAuth) or +bti. When targeting a guarded page from a non-guarded page, weaker compatibility restrictions apply to maintain compatibility between legacy and new code. For detailed rules please refer to the Arm ARM. Compiler support ---------------- Compiler support requires understanding '-mbranch-protection=' and emitting the appropriate feature macros (__ARM_FEATURE_BTI_DEFAULT and __ARM_FEATURE_PAC_DEFAULT). The current state is the following: ------------------------------------------------------- | Compiler | -mbranch-protection | Feature macros | +----------+---------------------+--------------------+ | clang | 9.0.0 | 11.0.0 | +----------+---------------------+--------------------+ | gcc | 9 | expected in 10.1+ | ------------------------------------------------------- Available Platforms ------------------ Arm Fast Model and QEMU support both extensions. https://developer.arm.com/tools-and-software/simulation-models/fast-models https://www.qemu.org/ Implementation Notes -------------------- This change adds BTI landing pads even to assembly functions which are likely to be directly called only. In these cases, landing pads might be superfluous depending on what code the linker generates. Code size and performance impact for these cases would be negligble. Interaction with C code ----------------------- Pointer Authentication is a per-frame protection while Branch Target Identification can be turned on and off only for all code pages of a whole shared object or static binary. Because of these properties if C/C++ code is compiled without any of the above features but assembly files support any of them unconditionally there is no incompatibility between the two. Useful Links ------------ To fully understand the details of both PAuth and BTI it is advised to read the related chapters of the Arm Architecture Reference Manual (Arm ARM): https://developer.arm.com/documentation/ddi0487/latest/ Additional materials: "Providing protection for complex software" https://developer.arm.com/architectures/learn-the-architecture/providing-protection-for-complex-software Arm Compiler Reference Guide Version 6.14: -mbranch-protection https://developer.arm.com/documentation/101754/0614/armclang-Reference/armclang-Command-line-Options/-mbranch-protection?lang=en Arm C Language Extensions (ACLE) https://developer.arm.com/docs/101028/latest Change-Id: I4335f92e2ccc8e209c7d68a0a79f1acdf3aeb791 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42084 Reviewed-by: Adam Langley Commit-Queue: Adam Langley --- crypto/chacha/asm/chacha-armv8.pl | 9 ++++ crypto/fipsmodule/aes/asm/aesv8-armx.pl | 13 +++++ crypto/fipsmodule/aes/asm/vpaes-armv8.pl | 23 ++++++++ crypto/fipsmodule/bn/asm/armv8-mont.pl | 13 +++++ .../fipsmodule/modes/asm/ghash-neon-armv8.pl | 5 ++ crypto/fipsmodule/modes/asm/ghashv8-armx.pl | 13 +++++ crypto/fipsmodule/sha/asm/sha1-armv8.pl | 4 ++ crypto/fipsmodule/sha/asm/sha512-armv8.pl | 4 ++ crypto/test/asm/trampoline-armv8.pl | 8 +++ include/openssl/arm_arch.h | 52 +++++++++++++++++++ 10 files changed, 144 insertions(+) diff --git a/crypto/chacha/asm/chacha-armv8.pl b/crypto/chacha/asm/chacha-armv8.pl index 9cae28c0dd..05958c8323 100755 --- a/crypto/chacha/asm/chacha-armv8.pl +++ b/crypto/chacha/asm/chacha-armv8.pl @@ -139,6 +139,7 @@ sub ROUND { .type ChaCha20_ctr32,%function .align 5 ChaCha20_ctr32: + AARCH64_VALID_CALL_TARGET cbz $len,.Labort #if __has_feature(hwaddress_sanitizer) && __clang_major__ >= 10 adrp @x[0],:pg_hi21_nc:OPENSSL_armcap_P @@ -152,6 +153,7 @@ sub ROUND { b.ne ChaCha20_neon .Lshort: + AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-96]! add x29,sp,#0 @@ -272,6 +274,7 @@ sub ROUND { ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#96 + AARCH64_VALIDATE_LINK_REGISTER .Labort: ret @@ -328,6 +331,7 @@ sub ROUND { ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#96 + AARCH64_VALIDATE_LINK_REGISTER ret .size ChaCha20_ctr32,.-ChaCha20_ctr32 ___ @@ -373,6 +377,7 @@ sub NEONROUND { .type ChaCha20_neon,%function .align 5 ChaCha20_neon: + AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-96]! add x29,sp,#0 @@ -572,6 +577,7 @@ sub NEONROUND { ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#96 + AARCH64_VALIDATE_LINK_REGISTER ret .Ltail_neon: @@ -681,6 +687,7 @@ sub NEONROUND { ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#96 + AARCH64_VALIDATE_LINK_REGISTER ret .size ChaCha20_neon,.-ChaCha20_neon ___ @@ -693,6 +700,7 @@ sub NEONROUND { .type ChaCha20_512_neon,%function .align 5 ChaCha20_512_neon: + AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-96]! add x29,sp,#0 @@ -1112,6 +1120,7 @@ sub NEONROUND { ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#96 + AARCH64_VALIDATE_LINK_REGISTER ret .size ChaCha20_512_neon,.-ChaCha20_512_neon ___ diff --git a/crypto/fipsmodule/aes/asm/aesv8-armx.pl b/crypto/fipsmodule/aes/asm/aesv8-armx.pl index 187c2219c8..5fd9864245 100644 --- a/crypto/fipsmodule/aes/asm/aesv8-armx.pl +++ b/crypto/fipsmodule/aes/asm/aesv8-armx.pl @@ -96,6 +96,8 @@ .Lenc_key: ___ $code.=<<___ if ($flavour =~ /64/); + // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later. + AARCH64_VALID_CALL_TARGET stp x29,x30,[sp,#-16]! add x29,sp,#0 ___ @@ -274,6 +276,7 @@ ${prefix}_set_decrypt_key: ___ $code.=<<___ if ($flavour =~ /64/); + AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 ___ @@ -317,6 +320,7 @@ ___ $code.=<<___ if ($flavour =~ /64/); ldp x29,x30,[sp],#16 + AARCH64_VALIDATE_LINK_REGISTER ret ___ $code.=<<___; @@ -336,6 +340,11 @@ () .type ${prefix}_${dir}crypt,%function .align 5 ${prefix}_${dir}crypt: +___ +$code.=<<___ if ($flavour =~ /64/); + AARCH64_VALID_CALL_TARGET +___ +$code.=<<___; ldr $rounds,[$key,#240] vld1.32 {$rndkey0},[$key],#16 vld1.8 {$inout},[$inp] @@ -383,6 +392,8 @@ () ${prefix}_cbc_encrypt: ___ $code.=<<___ if ($flavour =~ /64/); + // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later. + AARCH64_VALID_CALL_TARGET stp x29,x30,[sp,#-16]! add x29,sp,#0 ___ @@ -712,6 +723,8 @@ () ${prefix}_ctr32_encrypt_blocks: ___ $code.=<<___ if ($flavour =~ /64/); + // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later. + AARCH64_VALID_CALL_TARGET stp x29,x30,[sp,#-16]! add x29,sp,#0 ___ diff --git a/crypto/fipsmodule/aes/asm/vpaes-armv8.pl b/crypto/fipsmodule/aes/asm/vpaes-armv8.pl index bae5e7e9f2..e4b9cebd11 100755 --- a/crypto/fipsmodule/aes/asm/vpaes-armv8.pl +++ b/crypto/fipsmodule/aes/asm/vpaes-armv8.pl @@ -49,6 +49,8 @@ *STDOUT=*OUT; $code.=<<___; +#include + .section .rodata .type _vpaes_consts,%object @@ -259,6 +261,7 @@ .type vpaes_encrypt,%function .align 4 vpaes_encrypt: + AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -268,6 +271,7 @@ st1 {v0.16b}, [$out] ldp x29,x30,[sp],#16 + AARCH64_VALIDATE_LINK_REGISTER ret .size vpaes_encrypt,.-vpaes_encrypt @@ -495,6 +499,7 @@ .type vpaes_decrypt,%function .align 4 vpaes_decrypt: + AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -504,6 +509,7 @@ st1 {v0.16b}, [$out] ldp x29,x30,[sp],#16 + AARCH64_VALIDATE_LINK_REGISTER ret .size vpaes_decrypt,.-vpaes_decrypt @@ -680,6 +686,7 @@ .type _vpaes_schedule_core,%function .align 4 _vpaes_schedule_core: + AARCH64_SIGN_LINK_REGISTER stp x29, x30, [sp,#-16]! add x29,sp,#0 @@ -849,6 +856,7 @@ eor v6.16b, v6.16b, v6.16b // vpxor %xmm6, %xmm6, %xmm6 eor v7.16b, v7.16b, v7.16b // vpxor %xmm7, %xmm7, %xmm7 ldp x29, x30, [sp],#16 + AARCH64_VALIDATE_LINK_REGISTER ret .size _vpaes_schedule_core,.-_vpaes_schedule_core @@ -1061,6 +1069,7 @@ .type vpaes_set_encrypt_key,%function .align 4 vpaes_set_encrypt_key: + AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 stp d8,d9,[sp,#-16]! // ABI spec says so @@ -1076,6 +1085,7 @@ ldp d8,d9,[sp],#16 ldp x29,x30,[sp],#16 + AARCH64_VALIDATE_LINK_REGISTER ret .size vpaes_set_encrypt_key,.-vpaes_set_encrypt_key @@ -1083,6 +1093,7 @@ .type vpaes_set_decrypt_key,%function .align 4 vpaes_set_decrypt_key: + AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 stp d8,d9,[sp,#-16]! // ABI spec says so @@ -1102,6 +1113,7 @@ ldp d8,d9,[sp],#16 ldp x29,x30,[sp],#16 + AARCH64_VALIDATE_LINK_REGISTER ret .size vpaes_set_decrypt_key,.-vpaes_set_decrypt_key ___ @@ -1114,6 +1126,7 @@ .type vpaes_cbc_encrypt,%function .align 4 vpaes_cbc_encrypt: + AARCH64_SIGN_LINK_REGISTER cbz $len, .Lcbc_abort cmp w5, #0 // check direction b.eq vpaes_cbc_decrypt @@ -1140,6 +1153,7 @@ st1 {v0.16b}, [$ivec] // write ivec ldp x29,x30,[sp],#16 + AARCH64_VALIDATE_LINK_REGISTER .Lcbc_abort: ret .size vpaes_cbc_encrypt,.-vpaes_cbc_encrypt @@ -1147,6 +1161,8 @@ .type vpaes_cbc_decrypt,%function .align 4 vpaes_cbc_decrypt: + // Not adding AARCH64_SIGN_LINK_REGISTER here because vpaes_cbc_decrypt is jumped to + // only from vpaes_cbc_encrypt which has already signed the return address. stp x29,x30,[sp,#-16]! add x29,sp,#0 stp d8,d9,[sp,#-16]! // ABI spec says so @@ -1188,6 +1204,7 @@ ldp d10,d11,[sp],#16 ldp d8,d9,[sp],#16 ldp x29,x30,[sp],#16 + AARCH64_VALIDATE_LINK_REGISTER ret .size vpaes_cbc_decrypt,.-vpaes_cbc_decrypt ___ @@ -1198,6 +1215,7 @@ .type vpaes_ecb_encrypt,%function .align 4 vpaes_ecb_encrypt: + AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 stp d8,d9,[sp,#-16]! // ABI spec says so @@ -1231,6 +1249,7 @@ ldp d10,d11,[sp],#16 ldp d8,d9,[sp],#16 ldp x29,x30,[sp],#16 + AARCH64_VALIDATE_LINK_REGISTER ret .size vpaes_ecb_encrypt,.-vpaes_ecb_encrypt @@ -1238,6 +1257,7 @@ .type vpaes_ecb_decrypt,%function .align 4 vpaes_ecb_decrypt: + AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 stp d8,d9,[sp,#-16]! // ABI spec says so @@ -1271,6 +1291,7 @@ ldp d10,d11,[sp],#16 ldp d8,d9,[sp],#16 ldp x29,x30,[sp],#16 + AARCH64_VALIDATE_LINK_REGISTER ret .size vpaes_ecb_decrypt,.-vpaes_ecb_decrypt ___ @@ -1285,6 +1306,7 @@ .type vpaes_ctr32_encrypt_blocks,%function .align 4 vpaes_ctr32_encrypt_blocks: + AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 stp d8,d9,[sp,#-16]! // ABI spec says so @@ -1352,6 +1374,7 @@ ldp d10,d11,[sp],#16 ldp d8,d9,[sp],#16 ldp x29,x30,[sp],#16 + AARCH64_VALIDATE_LINK_REGISTER ret .size vpaes_ctr32_encrypt_blocks,.-vpaes_ctr32_encrypt_blocks ___ diff --git a/crypto/fipsmodule/bn/asm/armv8-mont.pl b/crypto/fipsmodule/bn/asm/armv8-mont.pl index db2ba491e5..788a0ce39e 100644 --- a/crypto/fipsmodule/bn/asm/armv8-mont.pl +++ b/crypto/fipsmodule/bn/asm/armv8-mont.pl @@ -64,12 +64,15 @@ $num="x5"; # size_t num); $code.=<<___; +#include + .text .globl bn_mul_mont .type bn_mul_mont,%function .align 5 bn_mul_mont: + AARCH64_SIGN_LINK_REGISTER tst $num,#7 b.eq __bn_sqr8x_mont tst $num,#3 @@ -267,6 +270,7 @@ mov x0,#1 ldp x23,x24,[x29,#48] ldr x29,[sp],#64 + AARCH64_VALIDATE_LINK_REGISTER ret .size bn_mul_mont,.-bn_mul_mont ___ @@ -284,6 +288,8 @@ .type __bn_sqr8x_mont,%function .align 5 __bn_sqr8x_mont: + // Not adding AARCH64_SIGN_LINK_REGISTER here because __bn_sqr8x_mont is jumped to + // only from bn_mul_mont which has already signed the return address. cmp $ap,$bp b.ne __bn_mul4x_mont .Lsqr8x_mont: @@ -1040,6 +1046,8 @@ ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldr x29,[sp],#128 + // x30 is popped earlier + AARCH64_VALIDATE_LINK_REGISTER ret .size __bn_sqr8x_mont,.-__bn_sqr8x_mont ___ @@ -1063,6 +1071,9 @@ .type __bn_mul4x_mont,%function .align 5 __bn_mul4x_mont: + // Not adding AARCH64_SIGN_LINK_REGISTER here because __bn_mul4x_mont is jumped to + // only from bn_mul_mont or __bn_mul8x_mont which have already signed the + // return address. stp x29,x30,[sp,#-128]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -1496,6 +1507,8 @@ ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldr x29,[sp],#128 + // x30 is popped earlier + AARCH64_VALIDATE_LINK_REGISTER ret .size __bn_mul4x_mont,.-__bn_mul4x_mont ___ diff --git a/crypto/fipsmodule/modes/asm/ghash-neon-armv8.pl b/crypto/fipsmodule/modes/asm/ghash-neon-armv8.pl index e72d0dce49..94f95c264e 100644 --- a/crypto/fipsmodule/modes/asm/ghash-neon-armv8.pl +++ b/crypto/fipsmodule/modes/asm/ghash-neon-armv8.pl @@ -157,12 +157,15 @@ sub clmul64x64 { } $code .= <<___; +#include + .text .global gcm_init_neon .type gcm_init_neon,%function .align 4 gcm_init_neon: + AARCH64_VALID_CALL_TARGET // This function is adapted from gcm_init_v8. xC2 is t3. ld1 {$t1.2d}, [x1] // load H movi $t3.16b, #0xe1 @@ -187,6 +190,7 @@ sub clmul64x64 { .type gcm_gmult_neon,%function .align 4 gcm_gmult_neon: + AARCH64_VALID_CALL_TARGET ld1 {$INlo.16b}, [$Xi] // load Xi ld1 {$Hlo.1d}, [$Htbl], #8 // load twisted H ld1 {$Hhi.1d}, [$Htbl] @@ -205,6 +209,7 @@ sub clmul64x64 { .type gcm_ghash_neon,%function .align 4 gcm_ghash_neon: + AARCH64_VALID_CALL_TARGET ld1 {$Xl.16b}, [$Xi] // load Xi ld1 {$Hlo.1d}, [$Htbl], #8 // load twisted H ld1 {$Hhi.1d}, [$Htbl] diff --git a/crypto/fipsmodule/modes/asm/ghashv8-armx.pl b/crypto/fipsmodule/modes/asm/ghashv8-armx.pl index 99124a2b35..82f76372c5 100644 --- a/crypto/fipsmodule/modes/asm/ghashv8-armx.pl +++ b/crypto/fipsmodule/modes/asm/ghashv8-armx.pl @@ -86,6 +86,11 @@ .type gcm_init_v8,%function .align 4 gcm_init_v8: +___ +$code.=<<___ if ($flavour =~ /64/); + AARCH64_VALID_CALL_TARGET +___ +$code.=<<___; vld1.64 {$t1},[x1] @ load input H vmov.i8 $xC2,#0xe1 vshl.i64 $xC2,$xC2,#57 @ 0xc2.0 @@ -145,6 +150,11 @@ .type gcm_gmult_v8,%function .align 4 gcm_gmult_v8: +___ +$code.=<<___ if ($flavour =~ /64/); + AARCH64_VALID_CALL_TARGET +___ +$code.=<<___; vld1.64 {$t1},[$Xi] @ load Xi vmov.i8 $xC2,#0xe1 vld1.64 {$H-$Hhl},[$Htbl] @ load twisted H, ... @@ -198,6 +208,9 @@ .align 4 gcm_ghash_v8: ___ +$code.=<<___ if ($flavour =~ /64/); + AARCH64_VALID_CALL_TARGET +___ $code.=<<___ if ($flavour !~ /64/); vstmdb sp!,{d8-d15} @ 32-bit ABI says so ___ diff --git a/crypto/fipsmodule/sha/asm/sha1-armv8.pl b/crypto/fipsmodule/sha/asm/sha1-armv8.pl index 59d55b3c0c..dfde8c9adc 100644 --- a/crypto/fipsmodule/sha/asm/sha1-armv8.pl +++ b/crypto/fipsmodule/sha/asm/sha1-armv8.pl @@ -180,6 +180,8 @@ sub BODY_20_39 { .type sha1_block_data_order,%function .align 6 sha1_block_data_order: + // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later. + AARCH64_VALID_CALL_TARGET #if __has_feature(hwaddress_sanitizer) && __clang_major__ >= 10 adrp x16,:pg_hi21_nc:OPENSSL_armcap_P #else @@ -249,6 +251,8 @@ sub BODY_20_39 { .type sha1_block_armv8,%function .align 6 sha1_block_armv8: + // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later. + AARCH64_VALID_CALL_TARGET .Lv8_entry: stp x29,x30,[sp,#-16]! add x29,sp,#0 diff --git a/crypto/fipsmodule/sha/asm/sha512-armv8.pl b/crypto/fipsmodule/sha/asm/sha512-armv8.pl index 1afaf58e0a..aff41cee62 100644 --- a/crypto/fipsmodule/sha/asm/sha512-armv8.pl +++ b/crypto/fipsmodule/sha/asm/sha512-armv8.pl @@ -185,6 +185,7 @@ sub BODY_00_xx { $func: ___ $code.=<<___ if ($SZ==4); + AARCH64_VALID_CALL_TARGET #ifndef __KERNEL__ #if __has_feature(hwaddress_sanitizer) && __clang_major__ >= 10 adrp x16,:pg_hi21_nc:OPENSSL_armcap_P @@ -197,6 +198,7 @@ sub BODY_00_xx { #endif ___ $code.=<<___; + AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-128]! add x29,sp,#0 @@ -259,6 +261,7 @@ sub BODY_00_xx { ldp x25,x26,[x29,#64] ldp x27,x28,[x29,#80] ldp x29,x30,[sp],#128 + AARCH64_VALIDATE_LINK_REGISTER ret .size $func,.-$func @@ -350,6 +353,7 @@ sub BODY_00_xx { .align 6 sha256_block_armv8: .Lv8_entry: + // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later. stp x29,x30,[sp,#-16]! add x29,sp,#0 diff --git a/crypto/test/asm/trampoline-armv8.pl b/crypto/test/asm/trampoline-armv8.pl index aefe5f7605..426360ee73 100755 --- a/crypto/test/asm/trampoline-armv8.pl +++ b/crypto/test/asm/trampoline-armv8.pl @@ -45,6 +45,8 @@ my ($func, $state, $argv, $argc) = ("x0", "x1", "x2", "x3"); my $code = <<____; +#include + .text // abi_test_trampoline loads callee-saved registers from |state|, calls |func| @@ -57,6 +59,8 @@ .globl abi_test_trampoline .align 4 abi_test_trampoline: +.Labi_test_trampoline_begin: + AARCH64_SIGN_LINK_REGISTER // Stack layout (low to high addresses) // x29,x30 (16 bytes) // d8-d15 (64 bytes) @@ -159,6 +163,7 @@ ldp x27, x28, [sp, #144] ldp x29, x30, [sp], #176 + AARCH64_VALIDATE_LINK_REGISTER ret .size abi_test_trampoline,.-abi_test_trampoline ____ @@ -173,6 +178,7 @@ .globl abi_test_clobber_x$_ .align 4 abi_test_clobber_x$_: + AARCH64_VALID_CALL_TARGET mov x$_, xzr ret .size abi_test_clobber_x$_,.-abi_test_clobber_x$_ @@ -184,6 +190,7 @@ .globl abi_test_clobber_d$_ .align 4 abi_test_clobber_d$_: + AARCH64_VALID_CALL_TARGET fmov d$_, xzr ret .size abi_test_clobber_d$_,.-abi_test_clobber_d$_ @@ -198,6 +205,7 @@ .globl abi_test_clobber_v${_}_upper .align 4 abi_test_clobber_v${_}_upper: + AARCH64_VALID_CALL_TARGET fmov v${_}.d[1], xzr ret .size abi_test_clobber_v${_}_upper,.-abi_test_clobber_v${_}_upper diff --git a/include/openssl/arm_arch.h b/include/openssl/arm_arch.h index faa2655e52..1f16799afd 100644 --- a/include/openssl/arm_arch.h +++ b/include/openssl/arm_arch.h @@ -117,5 +117,57 @@ // ARMV8_PMULL indicates support for carryless multiplication. #define ARMV8_PMULL (1 << 5) +#if defined(__ASSEMBLER__) + +// Support macros for +// - Armv8.3-A Pointer Authentication and +// - Armv8.5-A Branch Target Identification +// features which require emitting a .note.gnu.property section with the +// appropriate architecture-dependent feature bits set. +// Read more: "ELF for the Arm® 64-bit Architecture" + +#if (__ARM_FEATURE_BTI_DEFAULT == 1) +#define GNU_PROPERTY_AARCH64_BTI (1 << 0) // Has Branch Target Identification +#define AARCH64_VALID_CALL_TARGET hint #34 // BTI 'c' +#else +#define GNU_PROPERTY_AARCH64_BTI 0 // No Branch Target Identification +#define AARCH64_VALID_CALL_TARGET +#endif + +#if ((__ARM_FEATURE_PAC_DEFAULT & 1) == 1) // Signed with A-key +#define GNU_PROPERTY_AARCH64_POINTER_AUTH \ + (1 << 1) // Has Pointer Authentication +#define AARCH64_SIGN_LINK_REGISTER hint #25 // PACIASP +#define AARCH64_VALIDATE_LINK_REGISTER hint #29 // AUTIASP +#elif ((__ARM_FEATURE_PAC_DEFAULT & 2) == 2) // Signed with B-key +#define GNU_PROPERTY_AARCH64_POINTER_AUTH \ + (1 << 1) // Has Pointer Authentication +#define AARCH64_SIGN_LINK_REGISTER hint #27 // PACIBSP +#define AARCH64_VALIDATE_LINK_REGISTER hint #31 // AUTIBSP +#else +#define GNU_PROPERTY_AARCH64_POINTER_AUTH 0 // No Pointer Authentication +#if defined(__ARM_FEATURE_BTI_DEFAULT) +#define AARCH64_SIGN_LINK_REGISTER AARCH64_VALID_CALL_TARGET +#else +#define AARCH64_SIGN_LINK_REGISTER +#endif +#define AARCH64_VALIDATE_LINK_REGISTER +#endif + +#if (GNU_PROPERTY_AARCH64_POINTER_AUTH != 0) || (GNU_PROPERTY_AARCH64_BTI != 0) +.pushsection note.gnu.property, "a"; +.balign 8; +.long 4; +.long 0x10; +.long 0x5; +.asciz "GNU"; +.long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */ +.long 4; +.long (GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI); +.long 0 +.popsection +#endif + +#endif /* defined __ASSEMBLER__ */ #endif // OPENSSL_HEADER_ARM_ARCH_H From d3a5b87aed103460a12dc2ca29ce4ae94733b304 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 11 Aug 2020 16:20:14 -0700 Subject: [PATCH 070/399] Handle NULL arguments in some i2d_* functions. Prior to 5d7c2f8b1d, these i2d functions would fail, rather than crash, if passed a NULL argument. While we don't generally have much truck with the idea that functions should be expected to handle NULL arguments where not documented, it seems that a fair amount of code is depending on this. Change-Id: I928b35533aa2a7beed57d7f58ba44681a8eb05c6 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42464 Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- crypto/evp/evp_asn1.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/crypto/evp/evp_asn1.c b/crypto/evp/evp_asn1.c index 4d13d59fd4..2f3e115ec7 100644 --- a/crypto/evp/evp_asn1.c +++ b/crypto/evp/evp_asn1.c @@ -407,6 +407,10 @@ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **out, const uint8_t **inp, long len) { } int i2d_PUBKEY(const EVP_PKEY *pkey, uint8_t **outp) { + if (pkey == NULL) { + return 0; + } + CBB cbb; if (!CBB_init(&cbb, 128) || !EVP_marshal_public_key(&cbb, pkey)) { @@ -440,6 +444,10 @@ RSA *d2i_RSA_PUBKEY(RSA **out, const uint8_t **inp, long len) { } int i2d_RSA_PUBKEY(const RSA *rsa, uint8_t **outp) { + if (rsa == NULL) { + return 0; + } + int ret = -1; EVP_PKEY *pkey = EVP_PKEY_new(); if (pkey == NULL || @@ -478,6 +486,10 @@ DSA *d2i_DSA_PUBKEY(DSA **out, const uint8_t **inp, long len) { } int i2d_DSA_PUBKEY(const DSA *dsa, uint8_t **outp) { + if (dsa == NULL) { + return 0; + } + int ret = -1; EVP_PKEY *pkey = EVP_PKEY_new(); if (pkey == NULL || @@ -516,6 +528,10 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **out, const uint8_t **inp, long len) { } int i2d_EC_PUBKEY(const EC_KEY *ec_key, uint8_t **outp) { + if (ec_key == NULL) { + return 0; + } + int ret = -1; EVP_PKEY *pkey = EVP_PKEY_new(); if (pkey == NULL || From 430ccd616381e7f008648a4b42167a8d02fc5762 Mon Sep 17 00:00:00 2001 From: Daniel McArdle Date: Tue, 11 Aug 2020 14:21:19 -0400 Subject: [PATCH 071/399] Update HPKE implementation and test vectors to draft-irtf-cfrg-hpke-05. Bug: 275 Change-Id: I8af401f84b235e6249fb13161d26dc489f3415bd Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42444 Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- crypto/hpke/hpke.c | 63 +++---- crypto/hpke/hpke_test.cc | 4 +- crypto/hpke/hpke_test_vectors.txt | 252 +++++++++++++------------- crypto/hpke/test-vectors.json | 2 +- crypto/hpke/translate_test_vectors.py | 4 +- 5 files changed, 161 insertions(+), 164 deletions(-) diff --git a/crypto/hpke/hpke.c b/crypto/hpke/hpke.c index 0c3f9d77cf..cacc19e05a 100644 --- a/crypto/hpke/hpke.c +++ b/crypto/hpke/hpke.c @@ -27,12 +27,7 @@ #include "internal.h" -// As of writing, the editor's draft of HPKE has a number of changes on top of -// the latest IETF draft (draft-irtf-cfrg-hpke-04). This file implements the -// editor's draft as of July 15, 2020. -// -// TODO(dmcardle): Remove this comment when draft-irtf-cfrg-hpke-05 is -// published. +// This file implements draft-irtf-cfrg-hpke-05. #define KEM_CONTEXT_LEN (2 * X25519_PUBLIC_VALUE_LEN) @@ -44,7 +39,7 @@ #define HPKE_MODE_BASE 0 -static const char kHpkeRfcId[] = "RFCXXXX "; +static const char kHpkeRfcId[] = "HPKE-05 "; static int add_label_string(CBB *cbb, const char *label) { return CBB_add_bytes(cbb, (const uint8_t *)label, strlen(label)); @@ -120,7 +115,7 @@ static int hpke_extract_and_expand(const EVP_MD *hkdf_md, uint8_t *out_key, X25519_PUBLIC_VALUE_LEN)) { return 0; } - const char kPRKExpandLabel[] = "zz"; + const char kPRKExpandLabel[] = "shared_secret"; if (!hpke_labeled_expand(hkdf_md, out_key, out_len, prk, prk_len, kX25519SuiteID, sizeof(kX25519SuiteID), kPRKExpandLabel, kem_context, KEM_CONTEXT_LEN)) { @@ -155,8 +150,8 @@ static const EVP_MD *hpke_get_kdf(uint16_t kdf_id) { return NULL; } -static int hpke_key_schedule(EVP_HPKE_CTX *hpke, const uint8_t *zz, - size_t zz_len, const uint8_t *info, +static int hpke_key_schedule(EVP_HPKE_CTX *hpke, const uint8_t *shared_secret, + size_t shared_secret_len, const uint8_t *info, size_t info_len) { // Attempt to get an EVP_AEAD*. const EVP_AEAD *aead = hpke_get_aead(hpke->aead_id); @@ -169,8 +164,8 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, const uint8_t *zz, return 0; } - // pskID_hash = LabeledExtract(zero(0), "pskID_hash", pskID) - static const char kPskIdHashLabel[] = "pskID_hash"; + // psk_id_hash = LabeledExtract("", "psk_id_hash", psk_id) + static const char kPskIdHashLabel[] = "psk_id_hash"; uint8_t psk_id_hash[EVP_MAX_MD_SIZE]; size_t psk_id_hash_len; if (!hpke_labeled_extract(hpke->hkdf_md, psk_id_hash, &psk_id_hash_len, NULL, @@ -179,7 +174,7 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, const uint8_t *zz, return 0; } - // info_hash = LabeledExtract(zero(0), "info_hash", info) + // info_hash = LabeledExtract("", "info_hash", info) static const char kInfoHashLabel[] = "info_hash"; uint8_t info_hash[EVP_MAX_MD_SIZE]; size_t info_hash_len; @@ -189,7 +184,7 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, const uint8_t *zz, return 0; } - // key_schedule_context = concat(mode, pskID_hash, info_hash) + // key_schedule_context = concat(mode, psk_id_hash, info_hash) uint8_t context[sizeof(uint8_t) + 2 * EVP_MAX_MD_SIZE]; size_t context_len; CBB context_cbb; @@ -201,9 +196,7 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, const uint8_t *zz, return 0; } - // psk_hash = LabeledExtract(zero(0), "psk_hash", psk) - // - // For our purposes, the draft's psk parameter is just the default empty PSK. + // psk_hash = LabeledExtract("", "psk_hash", psk) static const char kPskHashLabel[] = "psk_hash"; uint8_t psk_hash[EVP_MAX_MD_SIZE]; size_t psk_hash_len; @@ -213,13 +206,14 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, const uint8_t *zz, return 0; } - // secret = LabeledExtract(psk_hash, "secret", zz) + // secret = LabeledExtract(psk_hash, "secret", shared_secret) static const char kSecretExtractLabel[] = "secret"; uint8_t secret[EVP_MAX_MD_SIZE]; size_t secret_len; if (!hpke_labeled_extract(hpke->hkdf_md, secret, &secret_len, psk_hash, psk_hash_len, suite_id, sizeof(suite_id), - kSecretExtractLabel, zz, zz_len)) { + kSecretExtractLabel, shared_secret, + shared_secret_len)) { return 0; } @@ -259,9 +253,10 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, const uint8_t *zz, return 1; } -// The number of bytes written to |out_zz| is the size of the KEM's KDF -// (currently we only support SHA256). -static int hpke_encap(EVP_HPKE_CTX *hpke, uint8_t out_zz[SHA256_DIGEST_LENGTH], +// The number of bytes written to |out_shared_secret| is the size of the KEM's +// KDF (currently we only support SHA256). +static int hpke_encap(EVP_HPKE_CTX *hpke, + uint8_t out_shared_secret[SHA256_DIGEST_LENGTH], const uint8_t public_key_r[X25519_PUBLIC_VALUE_LEN], const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN], const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]) { @@ -275,15 +270,15 @@ static int hpke_encap(EVP_HPKE_CTX *hpke, uint8_t out_zz[SHA256_DIGEST_LENGTH], OPENSSL_memcpy(kem_context, ephemeral_public, X25519_PUBLIC_VALUE_LEN); OPENSSL_memcpy(kem_context + X25519_PUBLIC_VALUE_LEN, public_key_r, X25519_PUBLIC_VALUE_LEN); - if (!hpke_extract_and_expand(EVP_sha256(), out_zz, SHA256_DIGEST_LENGTH, dh, - kem_context)) { + if (!hpke_extract_and_expand(EVP_sha256(), out_shared_secret, + SHA256_DIGEST_LENGTH, dh, kem_context)) { return 0; } return 1; } static int hpke_decap(const EVP_HPKE_CTX *hpke, - uint8_t out_zz[SHA256_DIGEST_LENGTH], + uint8_t out_shared_secret[SHA256_DIGEST_LENGTH], const uint8_t enc[X25519_PUBLIC_VALUE_LEN], const uint8_t public_key_r[X25519_PUBLIC_VALUE_LEN], const uint8_t secret_key_r[X25519_PRIVATE_KEY_LEN]) { @@ -296,8 +291,8 @@ static int hpke_decap(const EVP_HPKE_CTX *hpke, OPENSSL_memcpy(kem_context, enc, X25519_PUBLIC_VALUE_LEN); OPENSSL_memcpy(kem_context + X25519_PUBLIC_VALUE_LEN, public_key_r, X25519_PUBLIC_VALUE_LEN); - if (!hpke_extract_and_expand(EVP_sha256(), out_zz, SHA256_DIGEST_LENGTH, dh, - kem_context)) { + if (!hpke_extract_and_expand(EVP_sha256(), out_shared_secret, + SHA256_DIGEST_LENGTH, dh, kem_context)) { return 0; } return 1; @@ -340,10 +335,11 @@ int EVP_HPKE_CTX_setup_base_s_x25519_for_test( if (hpke->hkdf_md == NULL) { return 0; } - uint8_t zz[SHA256_DIGEST_LENGTH]; - if (!hpke_encap(hpke, zz, peer_public_value, ephemeral_private, + uint8_t shared_secret[SHA256_DIGEST_LENGTH]; + if (!hpke_encap(hpke, shared_secret, peer_public_value, ephemeral_private, ephemeral_public) || - !hpke_key_schedule(hpke, zz, sizeof(zz), info, info_len)) { + !hpke_key_schedule(hpke, shared_secret, sizeof(shared_secret), info, + info_len)) { return 0; } return 1; @@ -362,9 +358,10 @@ int EVP_HPKE_CTX_setup_base_r_x25519( if (hpke->hkdf_md == NULL) { return 0; } - uint8_t zz[SHA256_DIGEST_LENGTH]; - if (!hpke_decap(hpke, zz, enc, public_key, private_key) || - !hpke_key_schedule(hpke, zz, sizeof(zz), info, info_len)) { + uint8_t shared_secret[SHA256_DIGEST_LENGTH]; + if (!hpke_decap(hpke, shared_secret, enc, public_key, private_key) || + !hpke_key_schedule(hpke, shared_secret, sizeof(shared_secret), info, + info_len)) { return 0; } return 1; diff --git a/crypto/hpke/hpke_test.cc b/crypto/hpke/hpke_test.cc index 61db58cca0..6f942d22f5 100644 --- a/crypto/hpke/hpke_test.cc +++ b/crypto/hpke/hpke_test.cc @@ -157,8 +157,8 @@ bool FileTestReadInt(FileTest *file_test, T *out, const std::string &key) { bool HpkeTestVector::ReadFromFileTest(FileTest *t) { - if (!FileTestReadInt(t, &kdf_id_, "kdfID") || - !FileTestReadInt(t, &aead_id_, "aeadID") || + if (!FileTestReadInt(t, &kdf_id_, "kdf_id") || + !FileTestReadInt(t, &aead_id_, "aead_id") || !t->GetBytes(&info_, "info") || !t->GetBytes(&secret_key_r_, "skRm") || !t->GetBytes(&public_key_r_, "pkRm") || diff --git a/crypto/hpke/hpke_test_vectors.txt b/crypto/hpke/hpke_test_vectors.txt index 7ec99de564..10669d4f45 100644 --- a/crypto/hpke/hpke_test_vectors.txt +++ b/crypto/hpke/hpke_test_vectors.txt @@ -1,407 +1,407 @@ -kdfID = 1 -aeadID = 1 +kdf_id = 1 +aead_id = 1 info = 4f6465206f6e2061204772656369616e2055726e -skRm = b3e438a60baef3800d7efd1c4c83c67e003c7c2b36b671b3e51d570f5c224cc6 -skEm = 46baf826b58e5ad2e6277de734fe5c0bc88d49a3d26d937f2f8b0ef0e361adcc -pkRm = 1b033b44a9f9fa57fddd7b583a310f3f8e550099d3af284709ca9eab4fa34673 -pkEm = 7d832f404f70071d69f285292f0758291f966274fdc5fa494bf6f1bbf81c2252 +skRm = 5a8aa0d2476b28521588e0c704b14db82cdd4970d340d293a9576deaee9ec1c7 +skEm = 8c490e5b0c7dbe0c6d2192484d2b7a0423b3b4544f2481095a99dbf238fb350f +pkRm = 8756e2580c07c1d2ffcb662f5fadc6d6ff13da85abd7adfecf984aaa102c1269 +pkEm = 8a07563949fac6232936ed6f36c4fa735930ecdeaef6734e314aeac35a56fd0a # encryptions[0] aad = 436f756e742d30 -ciphertext = 437ee37ee8210fcda87a7aae7c5e97b0caf37b93e70b916444cd9762fa3aa2fc877bae2fe16dee3924968063bf +ciphertext = 971ba65db526758ea30ae748cd769bc8d90579b62a037816057f24ce427416bd47c05ed1c2446ac8e19ec9ae79 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[1] aad = 436f756e742d31 -ciphertext = 448fdab5b1331bc2daf1c3e4de42da186c1180235cccf69af0062cb22d646e48cdcd8babe828c3367ba1056c2c +ciphertext = f18f1ec397667ca069b9a6ee0bebf0890cd5caa34bb9875b3600ca0142cba774dd35f2aafd79a02a08ca5f2806 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[2] aad = 436f756e742d32 -ciphertext = 78af7509a1b84eae6f59b1bdccef888421b020a97f1a6be270363e5c45005389418e73235a942f9fd46b37a352 +ciphertext = 51a8dea350fe6e753f743ec17c956de4cbdfa35f3018fc6a12752c51d1372c5093959f18c7253da9c953c6cfbe plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[3] aad = 436f756e742d33 -ciphertext = 5152f55bf389fba1eeb972a88b7a7391f1102b2105f78b1a03baad2543b0ac008f7a59ea64ec044d43d7aeebf8 +ciphertext = ee2c9cb45a5088256b061a28b528fcd252d2a014d73523bf3ffb0c8687d9996ec6fb69c487a0b62fbc45b04ccb plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[4] aad = 436f756e742d34 -ciphertext = d4939ff18065a54b1e988c72649aa81b1bbdcf9496d150efbe2c03c084f6477653bc03fd58a58a03d4ab78e47b +ciphertext = 2e5fa3a358e3ab64e5e981c4b89b5ae4cc5b800aaf726dc64ff857536a3db0e6d816199e711aac60c4670c2a31 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[5] aad = 436f756e742d35 -ciphertext = 771277b0c50eab4b1aa802b019391f52d2e08459ffea6ca84de9ad691414d15ed9f6f091b3a2190d01e364394c +ciphertext = d2d0d40c685b3646527da571ff9bb23eee8d0f124a2ab937ad9aacb314209ba150b12bce3be844a414b2b81e15 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[6] aad = 436f756e742d36 -ciphertext = 914144c371d68501260ce1281e9d4b86710a4184f734e0d00dca765c8e2ffbde118ca63019b749717afc99cc6a +ciphertext = 107b5d77e79b423ddc8feb4f1d42094244d9363b1157e2a46de9b192d1ebaf6053164878a8e9f3ab6c87260355 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[7] aad = 436f756e742d37 -ciphertext = 91c6f9894280f4185b9a1f66d11afd94a81884306c73159b9bad702cf568bbcb5424ecb32388fdf1b0523b99ba +ciphertext = 64b5285667328e0fa12c51e282eb4d446c69404944134958dcbee1b947ce413eaff910146f2ae47586055c05ec plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[8] aad = 436f756e742d38 -ciphertext = 8901bd3602f5fc51b85367695a4f003e0094e86f01a8564434b12ca2ad290d13476772ae87fbbb091b1a755981 +ciphertext = 89dd974790c8491cd5539f51537708bd2cbf4d6e0322637fb4dbe6008e6f59b75e3c527587cfefdb37ca68e6cd plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[9] aad = 436f756e742d39 -ciphertext = e996c46f77eadd23098140d3223c4b890d1a9ed5b8e02941ab5c93fc370ddbf9477edc26b48b3ec6b8067e32d2 +ciphertext = e84394b6142059384e270407a6360760827eba0e90c0d2dfd8d6170eed7667cf933fb9854ab766cede7306bda3 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # exports[0] exportContext = 436f6e746578742d30 exportLength = 32 -exportValue = 9bc841c822d823b56312319e28775373eb5ba1259b6c721393f9bf9868f0ba8e +exportValue = 0df04ac640d34a56561419bab20a68e6b7331070208004f89c7b973f4c472e92 # exports[1] exportContext = 436f6e746578742d31 exportLength = 32 -exportValue = dd76d8a3fbfd50a6468c0a332ebd50ac518ca1747ce5014b4d6fb584968246eb +exportValue = 723c2c8f80e6b827e72bd8e80973a801a05514afe3d4bc46e82e505dceb953aa # exports[2] exportContext = 436f6e746578742d32 exportLength = 32 -exportValue = 3a70fe6e8409f204bcfada3d8795c59a676de533d2451b4d5e7506ec48529277 +exportValue = 38010c7d5d81093a11b55e2403a258e9a195bcf066817b332dd996b0a9bcbc9a # exports[3] exportContext = 436f6e746578742d33 exportLength = 32 -exportValue = 1a5df4a86790fbbe9164463d927ba7b7c7f3daea8d1f39576076b00f03b7372e +exportValue = ebf6ab4c3186131de9b2c3c0bc3e2ad21dfcbc4efaf050cd0473f5b1535a8b6d # exports[4] exportContext = 436f6e746578742d34 exportLength = 32 -exportValue = 03d04b52901947dea1d034489cbc07d8cb94aa3365842c5bb1b6ca52969b86ba +exportValue = c4823eeb3efd2d5216b2d3b16e542bf57470dc9b9ea9af6bce85b151a3589d90 -kdfID = 1 -aeadID = 2 +kdf_id = 1 +aead_id = 2 info = 4f6465206f6e2061204772656369616e2055726e -skRm = da634eee68734edcd50b2b14c73262fa3ed2726cc85d3c328ccdaabbbec9d53d -skEm = e28ec716ac495417440ef674ccf438722932da41b5481b8826f4f7947c4d9069 -pkRm = 1ea4497701b05912be470df9d06ee114b825b9f9feec09f6aa9b2ca6b7be1360 -pkEm = 1a468c14ca9d0615f9a14b565c0625058f9b56485006dcab10d762e5260d3041 +skRm = d7f9945b55b697a7452105630095894758508599694f401aaaed77a88364b8a1 +skEm = dfe953241ce3e4bd96b6f7421124136a3203aaa239fda95352eab223e821677d +pkRm = f14d42cde2eaac0eb8e36c4658b927791941d6e2aefb8435d722b5fac3d3a842 +pkEm = 97f8c9d24e6fc9f26de91a180fc2368b43aa7464185e3618d43bb341fb83b75b # encryptions[0] aad = 436f756e742d30 -ciphertext = bb9270559e7f209f764aca4e186040a561e6f2a4f34d6edc59163786ccc41231166f40bf6699f45bc11e25163f +ciphertext = 922b657481e80bf18b8814a435d31c776759859e8ca40884157247c0cbed07bcbd3c22ed029a50da93d08fa065 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[1] aad = 436f756e742d31 -ciphertext = d6743a322f18e3fff2d06e3912b3d484c315772bee09929dba1a27e8e93f11fbced8efbf45d422210bb09f52e5 +ciphertext = 5b6efad025ff8edee5cee6b32f161cb33f2ba397469e9b35a48f9bad8a7a9dd2522748f68a1d64521d79097901 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[2] aad = 436f756e742d32 -ciphertext = 89964cbd1aedd4398a9e0fcca0ac245d04e6823666ea639be02bb9ad1bb297e9a974ea1c489414a8e5032a3609 +ciphertext = a2039f9c4b3cf3a71ecf972c55541ae1bef3931a73d98c5178d8f2bbe0c0f56e058077719fc4e63a882f104f64 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[3] aad = 436f756e742d33 -ciphertext = bc8f37b1f7b179b6e97ae97dd08674a7124e9af73b6131b3bff3a071027c27a3e8210522130ad7c2ad20afbbec +ciphertext = ac3967baf9b52e321eecc638ef42c53a7502b60890ac84200a1580bd825d4f89e83c2710c136e56644784f1a71 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[4] aad = 436f756e742d34 -ciphertext = e2477e3230130508f8ff9a076b3ff0b4d162defd595962f10dceb9caf72ddddfd8739b184c92a7546e1ad93d49 +ciphertext = cfe4cca91ae9bf4e3c6cfd5d3ab777cda301041ab8c695388f94bb883763b3f0dd85dfaf483c117549176107e8 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[5] aad = 436f756e742d35 -ciphertext = ee5d485f2e6670b65d7a31fb134823016d3f9059b12bfbda706c4e592f862aca43631f94619f7ad2126bbdf771 +ciphertext = 721543123239a19a8242c8aab8aa997c04d758fc7819930dda8633dbdc5af5e33c5a451f3d8cd1691e3eb28310 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[6] aad = 436f756e742d36 -ciphertext = a7ebc5793d72288bd382222aae883355a5eab73ba5c7271d66328e1825f3b9f0418e1b204933374e4dd55d8316 +ciphertext = ef970051362035083bdf24d2262d5a597f4361922eace58811df54c3dc12fc6622f853e4dec8b483178f61567e plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[7] aad = 436f756e742d37 -ciphertext = 2a5bb8b837de5b0bfea4070918c27c9aadea777bc043189a12dd78aacc197aef16ec3f4d90e7889f8962181bfe +ciphertext = c5653e7a823bdf8d083e3fbdd7c9b9c2838c80cbfcd6d1adfd18d237f43a02d5a83c3808c1d4b4451dbbed5f98 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[8] aad = 436f756e742d38 -ciphertext = 5fbab7888d1df36f9a7f7607dfc67eb2878e87cb4972fb5e0f2dd6570153c5f64a21bd042fa1a07135482e9767 +ciphertext = 04278bdacd59166890abb0f67a19c577acb0b108801db93fba1e271522f98d43c2c2fcac66378d174463c146ee plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[9] aad = 436f756e742d39 -ciphertext = ac94f708e42b900361fabe181d638d03faf663530bdb635944d5fc48425ee2598b311ba6c7b2495ab9cec34338 +ciphertext = c0a4e4e239d9c59d61fa2809fc47476941b53b262d95aa14bf29ea24b6de10783148e2762d8900640d2798f255 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # exports[0] exportContext = 436f6e746578742d30 exportLength = 32 -exportValue = 57c5a85e2538d066a529c321a740e0dba3ab413b5d7a74fd5e9c535dc92a9c93 +exportValue = de705a4b13a12250f4d5487de67705190737e6d1ba8b57f70d87ba585ea1cf85 # exports[1] exportContext = 436f6e746578742d31 exportLength = 32 -exportValue = adae370a00458fe0815fb39e0c6708a1e32d8a41d299ec6ec3ff0b3aafa5e9ef +exportValue = f4e86ab469491b2a7ad91d17ddb8964884a114549f63d0985355d9b844dacd4c # exports[2] exportContext = 436f6e746578742d32 exportLength = 32 -exportValue = 68ddde9847cf50fc0c31eb94a5071c119a4f018bbcff323614b4664808e9567b +exportValue = 47c20438e2a2fbca12b2ac55c2cccb1ff5ef0907c80ead4bd36ab1a10d57fb2e # exports[3] exportContext = 436f6e746578742d33 exportLength = 32 -exportValue = 6d0684b38f5f05aceefeaaa17bf71b39d5379940761bd38cb0499161565394cf +exportValue = ae7cd43f0d52ee38ac4655d5f2d191fd8ec573ab1d47702684dfea85b52b5a38 # exports[4] exportContext = 436f6e746578742d34 exportLength = 32 -exportValue = c694953e7e6df9c1d74550b5d54b62a316227c5b08c8f1ff51f124d29b3ae2f8 +exportValue = 807d14a692749503f44e54660e8ebe4e93311715b9ba7d540973b2bb3c606825 -kdfID = 1 -aeadID = 3 +kdf_id = 1 +aead_id = 3 info = 4f6465206f6e2061204772656369616e2055726e -skRm = 677b64ff70915fb0404a1905139013a33fcdbc39f3d1914a007984e2413eca48 -skEm = 22e0948a3fd086e7ec1cb96155499962bc470680db725dd008d39d25f6191bf6 -pkRm = 02bd698c34ef1c3ec60d5b209135310d52e125038a0ce0bf1e0ee2c8dfc20e55 -pkEm = de17360c5c7f244cd06ebc73f2808195329ea69ff829410a6450040d50af363f +skRm = 62139576dcbf9878ccd56262d1b28dbea897821c03370d81971513cc74aea3ff +skEm = 5006a9a0f0138b9b5d577ed4a67c4f795aee8fc146ac63d7a4167765be3ad7dc +pkRm = 1ae26f65041b36ad69eb392c198bfd33df1c6ff17a910cb3e49db7506b6a4e7f +pkEm = 716281787b035b2fee90455d951fa70b3db6cc92f13bedfd758c3487994b7020 # encryptions[0] aad = 436f756e742d30 -ciphertext = b706a7523384a553fb1c44d5d3186bb78484947cd17e72f15f1c83152510e49680cac8f057f175187e94f18083 +ciphertext = fa4632a400962c98143e58450e75d879365359afca81a5f5b5997c6555647ec302045a80c57d3e2c2abe7e1ced plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[1] aad = 436f756e742d31 -ciphertext = cdc1a9425ceea83e9f1d0a2be77525460cbe259d1a9314eba520c5f5f879376a9ad7f8672ec943de425c6655c8 +ciphertext = 8313fcbf760714f5a93b6864820e48dcec3ddd476ad4408ff1c1a1f7bfb8cb8699fada4a9e59bf8086eb1c0635 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[2] aad = 436f756e742d32 -ciphertext = 5bb2028896d91f156cd6e171d1470361bc07aa804a3ed64163ea67da67bce84e3d2f73b8d75f9a4dcb452b97e6 +ciphertext = 020f2856d95b85e1def9549bf327c484d327616f1e213045f117be4c287571ab983958f74766cbc6f8197c8d8d plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[3] aad = 436f756e742d33 -ciphertext = 220790f4242aa714ad2c44967810cc8c9483e1833d7f9dadd08999abd892aeb3fb1ca54a29c4ea22d1395d85d3 +ciphertext = 14d88332e147f24efd749dc5b37de8d9367fea2dca34f8117bd8d2093e08489fae56595eed6503e2a5997f66a2 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[4] aad = 436f756e742d34 -ciphertext = 73973035d480c8299d1773522b738af626a5c834fc6af5ef5f8778fa6a767da89660f4aea7b4241b1f8b5cdebd +ciphertext = 5e688918b05e96631628eef3e74781caf41c4f25ee1ef52ca1d746ca31561392c8833a7232036bf8e839a4c8e0 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[5] aad = 436f756e742d35 -ciphertext = 2e35688b0bed657bc213ce0c960e478e2d708700b3b3ff7048bc62130f23a0752ad867167f1d1b709a48ea89c8 +ciphertext = 3ad1659d8d0060428598bd13b790b0893d81ad11155ed618de7ac950c65a2d4a883a78b954946d58b2395a53db plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[6] aad = 436f756e742d36 -ciphertext = 14dd79e4ee9e416dfb954e4f0d73c44757ad375018a802cd0c4a7ba3fe378e5c8cc4cf21e648e6a8645a085cad +ciphertext = 08eb46778b70677b32ead9ebe04f31a6dcc06eb19d41a79d9efc5af6e94a54a97558ce7a783b4037112a870a93 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[7] aad = 436f756e742d37 -ciphertext = a996ed2f2680a15351eeb87643b99b558a59d8c1114a214acc8bf3dbe6b40c4d41e06ce8b1e11e795e37c75143 +ciphertext = 0e3b0d39dfb10f63905b30b12bcbc87735dfbac2e66c3724a6803da266ea58e464df3638cb7605f801e8d8f1f5 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[8] aad = 436f756e742d38 -ciphertext = 8123ec5ffb77c7395bdf2baf9c73cd2b1bbfa0ec79870a1d6260189b559af29a9478c2675c82bd1e19d2e422bb +ciphertext = c3f4cdbba72516de891a4b1b6d6ae1cc071a9adb2a17383182c6c5e9d34e38217d59711700f3b3503233225b1d plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[9] aad = 436f756e742d39 -ciphertext = 55c9731edc92dee7683bbabc425fafa4dd199aaf74569bec1bbf79e082eab9006392ea1b3a2d07622b62bf0bbf +ciphertext = 7dddf70f5cd25cb840b70fe4355b5c9c77aaaf12fe158114df2718dc2ce9e148eac89966b1b68660135c8eca4b plaintext = 4265617574792069732074727574682c20747275746820626561757479 # exports[0] exportContext = 436f6e746578742d30 exportLength = 32 -exportValue = bed211016a1fcc4328de46fd11d8be1f00a7e2c17979450e760c152fb77bc825 +exportValue = 22bbe971392c685b55e13544cdaf976f36b89dc1dbe1296c2884971a5aa9e331 # exports[1] exportContext = 436f6e746578742d31 exportLength = 32 -exportValue = f1c29485807379d0deec17a65606307c2723a1653ecb1bb601ed5f703623fec9 +exportValue = 5c0fa72053a2622d8999b726446db9ef743e725e2cb040afac2d83eae0d41981 # exports[2] exportContext = 436f6e746578742d32 exportLength = 32 -exportValue = 477680ef89421fd862866dfe00b70ac8906785c2346db09c8a868b0c23c28e98 +exportValue = 72b0f9999fd37ac2b948a07dadd01132587501a5a9460d596c1f7383299a2442 # exports[3] exportContext = 436f6e746578742d33 exportLength = 32 -exportValue = d0d5e1460ed084ae579eb5408d03d99482d74b5293e7aa19df06acbf16af8fab +exportValue = 73d2308ed5bdd63aacd236effa0db2d3a30742b6293a924d95a372e76d90486b # exports[4] exportContext = 436f6e746578742d34 exportLength = 32 -exportValue = f5fec947f00eccf828dcd4f1b405a115001cce97f3bc0d6f8c831f1cbebce36f +exportValue = d4f8878dbc471935e86cdee08746e53837bbb4b6013003bebb0bc1cc3e074085 -kdfID = 3 -aeadID = 1 +kdf_id = 3 +aead_id = 1 info = 4f6465206f6e2061204772656369616e2055726e -skRm = 2ad8f8d251b97bdb392dcf671af13d6d26041e411faad5c984f68efaaa3b88b6 -skEm = b841f4832197fc363c965592a97fa762b04683114a9126f56dfff82c49a6f207 -pkRm = 6421cec0bf7fdead5b4d3f70acbf6f08577fe73961708e31d6df522d4ad6b20e -pkEm = 04ecf81b3a34094121586e4d237fcb9df92df22bb7ae2c0c7c187d839c29b953 +skRm = f1d9c20bd7a7b88aea23c2d6f457b9d14c83a02f4bd52ed34760e3a70b4d1f5e +skEm = 7854915a6fbec01530902324cee60646536d189633d980f04dc03711b49defb2 +pkRm = cdb3ddcca2377569ab2888bc2c529ea8c16e55bb68f6925888a9212aad89fc19 +pkEm = d1976db4826912a68d1e1d562ba37b2a04faef62e71193c142d78b874bb24f78 # encryptions[0] aad = 436f756e742d30 -ciphertext = 9c4a9834cf1d2bfd16c7fe0a19f9f66afaecb805e06c212f08c245f772de9123e1bf41678f2e910a20158a0273 +ciphertext = fbba8d4f66c1a5cf77a89eaf5201a538a7e6fc8a37b6bd96a29fc3cc7a51496ec92f46e6392dcec9eba772109f plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[1] aad = 436f756e742d31 -ciphertext = 1bb872e187c72ac6f89db81309d0fe2c57787efc3d076aab394e0218e33955039650da12e3f0241fd52cef41a5 +ciphertext = 05326c3d17447ac21d1f17e720c93c7a9fc3f57c1bb682cafbd026e27def58b950aeab78cc17a070e992552436 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[2] aad = 436f756e742d32 -ciphertext = c5a95f473b853e190b5eab703080c9ddf313d7e6751b2af382ad7f8e910c897757d7256801ef83e408795453c9 +ciphertext = 55958c515d297358af6ea2c952ec05513499ef9923c282dafa8b235e7bad03c130cc838c765a9e604c7aaa1c9f plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[3] aad = 436f756e742d33 -ciphertext = 1b5a3d36a34781f93f5508dabc74bd3c82a47bd05af7b2729ef254f42d5a068fa86a918c9cbe1db552d2d8d4d9 +ciphertext = 60dbbaecf091daabb228b43111979f1212dfef251017606443671a160419655f170f8ee2f23ad1754a56de4107 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[4] aad = 436f756e742d34 -ciphertext = 46d9196849ad448e03a7603bb0eb2775586463051f2497f39cdd9211d1fd8ff71c97428639b0764f0ffba29f32 +ciphertext = d316d2a28311d228c341a36fdee46028bb44b0a474a1059113440e970a3064cf9a72a56b24577c0f84341a125d plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[5] aad = 436f756e742d35 -ciphertext = 346a0ecb07e20f32174095a32ef87fde07cefa99fbc70d2cda903fdb8128c204037e7c659b40047e66fc416e19 +ciphertext = 48dc6be6fd66205fba951df5aa2b33d8e25641075f3cb2f4d165b909be1318bbc5f3450549f2e746f078478f7c plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[6] aad = 436f756e742d36 -ciphertext = 41331c5365a8354fe9f221f0ebc6344bd86dfffe253da5cfa06d08089a6e0312e9c18ef57509c9faa2d0995650 +ciphertext = ea1e4f1154364ef394d9493e2d5e9e33e98f7e64f2a51d0f394851d3329e7aecf7a8dc6c24ca1b12420dd210df plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[7] aad = 436f756e742d37 -ciphertext = b2ff99114ab4b8267f005bb6554b766d6f6c8274c2c669a325354cfb27034afaf0f6f7eb56901292ff804e7553 +ciphertext = c0bd46a29e1ac5f34755f87928e4fc1b8d1894d0e731fac3c706a33a7f2a15fed65566c345f0bfcdb708adcb1f plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[8] aad = 436f756e742d38 -ciphertext = ae653f1d8dc035745b7e3fc2f81e4e6636f0597a9b6f6f1c7d5b0a23c50d76e1dc0a7cf4fa3b3126e12011302c +ciphertext = 8a24e35391caf3359190ad6b25a4536bdca240273e65ffba76c978d8f2047c7a291e4caf8aac2af4b04ef8365d plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[9] aad = 436f756e742d39 -ciphertext = 0266729d852d16e9af909841bbe2444bccfab0575cd1c84ff6ddbf3259627fd5b73d24f402bb60bfbee1715951 +ciphertext = 5b9b653e1fc92401823f8f0914763056d012b0a9830809d1ad68363ddf278ad9bf58f9e727a2ee9e4524d2f28a plaintext = 4265617574792069732074727574682c20747275746820626561757479 # exports[0] exportContext = 436f6e746578742d30 exportLength = 32 -exportValue = 3dba6be0ff119e093d6260766375f0f80c461c6592735ff58a1cf8989805192d +exportValue = 760cec56bab6780fb7ee51563e7b9e6145d38ffda10faa1053f65b1f74fc2733 # exports[1] exportContext = 436f6e746578742d31 exportLength = 32 -exportValue = e43ef15f82fd672484625d6d3d8b1b157a98a20a6f55c4c084d2fd76b63d3be7 +exportValue = 25e50184173be00e1e07a8e6a8bbda8bf628909f7088e01b9b1c720ece0526fd # exports[2] exportContext = 436f6e746578742d32 exportLength = 32 -exportValue = 237c2e9a25524ca44ff5683b62e2fb366c583fbb72644b7208e7594e9d3221a5 +exportValue = fa4207bb0bff9af2183978736f84a703d23568b82675a964681383c3f11047eb # exports[3] exportContext = 436f6e746578742d33 exportLength = 32 -exportValue = b421f68b38b2bb916e0925a21c80d1a8227ec6ad9a1e1539229142486f88c8af +exportValue = fdbebeb2901e996284387bf0a7d4d26ee8eca9f7f5858bf98015d7595813bad3 # exports[4] exportContext = 436f6e746578742d34 exportLength = 32 -exportValue = 7736ddde377f0bf3da742d7baac698812a267441c3bcf86b72fed0503bfbac0c +exportValue = 1538807322f02dbded405d10de3aafc4f6d365d9aefbef081d114dcedbe1cae2 -kdfID = 3 -aeadID = 2 +kdf_id = 3 +aead_id = 2 info = 4f6465206f6e2061204772656369616e2055726e -skRm = 7dddb757b5c12c7c28b4f7a7e3f4d10f5d077e5d410a66997cb4e73b69e824d7 -skEm = 089af845076a811768c8eaed47322755f47f4907d2610a1629893d6e1143acca -pkRm = ffe3129f906112823ec1c619e0025f5a44cd5a93e0807c61c91336aa22222f6e -pkEm = 9bf7495a8ed10966c9f285170ce99ee8aa686095cb1f44500324fae45aba7953 +skRm = 6c84707a1b8a46e356795ce20e2f556da0f518eb29477ceb2b5dcfdd68989212 +skEm = 64ed0bb5e6b71e91eaf9fbf5196f422f8430f0d79b91844b892b59c25086c628 +pkRm = bc66fc66209686476b3c9b2e7489a3bdb9835df1a888eb5022c417d0ca1fdf7f +pkEm = ba09ff75d7e2a7a2fa9d698a0706a4e1bad0d5615c55c69628aa88b3fc270a6d # encryptions[0] aad = 436f756e742d30 -ciphertext = b2263e5b1651fae482259475f2d71d5a95e430ea360c88cfe656ef8cef6a97fec94d0bfb996bd794a183269368 +ciphertext = 65e2512b6bea0738746d1c9b5a3bc2149c5c7fd43ade420b4c55f884264a2c606dee89aeafa6a66e55213a0dec plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[1] aad = 436f756e742d31 -ciphertext = b502c5fb389b8c128f58065f6767063132c53a401300679df875a1688f0d05a0b2e3859add4fe82891356690c8 +ciphertext = 32fa3a5253b53a802a493f9a2c4857775b641a16989c643ce2b2f4c01e49e39b72e961c9a3ed4b648fcde75a11 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[2] aad = 436f756e742d32 -ciphertext = a0afe304ea046340a3c8c8806f227a2ad6d8a48b583bc6a766af0cd0b0231dc3806d597651b5805cd9062e1f87 +ciphertext = 0e537e6ccff81b53299c440e9045e1374944f9b60c175903037ad7d551e61ee9915b78035c297df7c6134c3ec6 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[3] aad = 436f756e742d33 -ciphertext = 75b462e185cd1af728b4853152379f59af8a29af409a206c9d63b02042089d28662eac4d2af800138bcc52cd34 +ciphertext = b8c65d5c4bd920821f82c2499da8286f74998bcd4ae102e66987bfc7580094612fa0c560ad37784bda9298fc1e plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[4] aad = 436f756e742d34 -ciphertext = 2d6a758ac9da40a3a1b965152941bf58602f56e12db95636ad5d9c465a1872884e795ec232bd591ea804829458 +ciphertext = c8f1681adebac7f109b5cf5b0c7e85fbaa190d3d4a9d16ada8e08763feed8ef2fcb2bb85081c1f652fd45d2a29 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[5] aad = 436f756e742d35 -ciphertext = dd2e30e1c9b30a0130e88e96239ade666961a8de16d79b75d638ede224d662509a17404e7479097c1658921047 +ciphertext = 8240b9bce84dc4b202d61e1687b37d746e49b233820d3493ac2a5c97cb3a2f70839fb6f7c4b6eaa80e21e80d76 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[6] aad = 436f756e742d36 -ciphertext = bc20bc221ea15f84e41774bc11b684f074d414be09659b147f186891325f7d52b7d19ae57d9fff88cc4ba825a2 +ciphertext = 42541a69b5953fd02ea5a2f5129447425572c99339a3228016f49153def718e1315292ce7d2c8b3a7f74567bdf plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[7] aad = 436f756e742d37 -ciphertext = 6ef4d0678cf026651f56c53719a678b178105e1a791051076f2567364a536e8aac76bac03178b2276337e12320 +ciphertext = d2316427e8c48f92f70acc180818e642aba734dd481dd889d47a08fa9a9cb67aa39ed90faad8bda2151a745391 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[8] aad = 436f756e742d38 -ciphertext = 5da431e3723f549ccada9d122ccd127b031c9a221c7bb360e742e7c0f68fc81d012df7aa1c6181980ce793644c +ciphertext = dbdbb33329d44fb93c437343af27791b2817c1ec392f6771ea598e60e73d06b2714978034f2b5270e80f0945fb plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[9] aad = 436f756e742d39 -ciphertext = 9ba2c8e0477d370d71b486c3f52a9f9ef99d7e8991eb50b2692d777e552801f0a7f7deb8d0567ca8575b4c2331 +ciphertext = f8c7f2a437bbcc472cba3aa7928414e4b4cf9867e0b12be1b4de0f8a9177a19d4c2f4fcb7f1f27cad391d7f3a2 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # exports[0] exportContext = 436f6e746578742d30 exportLength = 32 -exportValue = 9fda6d97dafe3768680d87a5e10fe251aa46693329ebdf56f49b3c467b76e9c0 +exportValue = 87c135b0f1670f076865bd364a21612ef0afa0cb70daceea3ba9a01b0007a521 # exports[1] exportContext = 436f6e746578742d31 exportLength = 32 -exportValue = 4c9e496f3265a28a73ce85b3143a5ffba3b55ce8025d735e9ed39aebaab80efe +exportValue = f25e4fd51a25cc972a405638273d2a7b7ee84807633121b2611da1bdf15a2f46 # exports[2] exportContext = 436f6e746578742d32 exportLength = 32 -exportValue = 2425dfcdf16879e51f6c6f3c0d0d0f814d132ad575ce416b7485facd34bb42b9 +exportValue = 83e790e3c6dc91401e5fd3070f31b3a8886ad26d177b0dd2c4e38e1530154bbd # exports[3] exportContext = 436f6e746578742d33 exportLength = 32 -exportValue = 51f1bdf3bf8bce5b10b76c957034ce3630fe7fc1be7c00bcec7e837ceed2f3cd +exportValue = 3d4f5cb496ace65fdd21b82568ae0e528526df3f10760c55784a2c9a1f46bc37 # exports[4] exportContext = 436f6e746578742d34 exportLength = 32 -exportValue = 80ad324b3e7763a7309ce0615fe8bb5723065be5aa7f68a7ca9e3d3a76c0a0f3 +exportValue = 5c49cd3ebcb956aeb7e41c9a0f2d4b4c9501f66cc544d8d7fa62ce96d2938857 -kdfID = 3 -aeadID = 3 +kdf_id = 3 +aead_id = 3 info = 4f6465206f6e2061204772656369616e2055726e -skRm = 124759e117f6aa5677c747d09a2d82607db2a388a6473647aeb605b66822819c -skEm = 70fe54f14893759e23b4c975cfcb8cbc1ae9b8a4d78a48789a5f47324bda5b84 -pkRm = 0b9c41a605aba4ffa30f336a976cf4f30a1dd5e8fdf0d4da0f745a147e491828 -pkEm = 147b25161de4080624c11d1cde83d5a571ba17201385ca22302b9509d1101e46 +skRm = 80a54bfb48d9a6680a355127ad3e9ea3b8725b47f7f5f2022b79a43feb231f84 +skEm = 06a1b9d7915cd1fe501de50d1d2ec1712662f4179b18a672f1622ae807ff2543 +pkRm = cbba177f103979838f8d46577662c399dabe9732cc79f9081e9d481dc533807c +pkEm = 7c1f8d203bcea456ea16ba3e72f1f1d8018cca78751c5b49742df6ae1462640d # encryptions[0] aad = 436f756e742d30 -ciphertext = 77f434a667845f41c5bf5e6e6113484d45fbf7fd61cc36a141b920e4bb5b6ad3a61c67033a15dc495e8595ef45 +ciphertext = 9e59f241a345e708d96e786986c789b6da9a134cd4e38dde9a8acce177b97052ae6fcc3bf378e3535f9739c678 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[1] aad = 436f756e742d31 -ciphertext = e5f64ec06a92fb2f81ad6203629d981c265aee092b3e20ddc161e163c0a29d1b9fcc7ddb5dede6d34571406f50 +ciphertext = 2f9b8e92eae0a795fcb9bf1c180e02625f15f76fa95894e5cd21f3b275f330eca957998f0385c30c34e99fb377 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[2] aad = 436f756e742d32 -ciphertext = 9252583ed8c5258877afa5dac29acb338cf57c702b03d20130b86234b231e3866b1732369cf6c7fdaace68c246 +ciphertext = 791394c37b2c7910186f885ceb4badba54a3f44054a13475e31e343f476fc214dced7b7dcf349ca3fd2bc49729 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[3] aad = 436f756e742d33 -ciphertext = d5c2e0a633d6786a7d919f40c26ee8a1491a4101a441460d51720ff769b86a71ff74fc9601bd8f4c597d95c057 +ciphertext = 14ea622ea1fab744a5a5c3b875727151741854fb0d948d14d685a8df603cd090bb3264f9a474b6c19647771211 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[4] aad = 436f756e742d34 -ciphertext = 807165bdd35f448b9b649ce3ec8a9835836ef88dab28c5a77d0f46bac1dd6f543ebd64bbd7840c860c5a2d1ee5 +ciphertext = 59b3299e76fcb0c9ed1180c995f34b3a0161fcf9cb055b53e8d548f0bcc001dc79f30619c892e738aeef6c778d plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[5] aad = 436f756e742d35 -ciphertext = 208e3adb17a694d567a84428ecf76a562d38fbee827e245eb0e96426429c3a32805f9f675b99a28325c11a9d51 +ciphertext = 550f977d3f9ca10a1cc30a73b2e858cdf7a13798d85a1c4c904c908f4612acc6d2cbbaf073a127e41b9816dcc7 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[6] aad = 436f756e742d36 -ciphertext = f34e3f00d1b731786b5b7ab0e4bf23fd8f3889d6ee75ca9de755d22f8e099ef0d92a6ab4d6e635c788faaac588 +ciphertext = 7cb1d8890ad19aa43f84ad86e1d09cc2d14a102e838c19dd55977a1f3d07791ca5f7797671eb66db5099f53917 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[7] aad = 436f756e742d37 -ciphertext = fd45de4d582f57bd5228688c0e08553c3e3d6a875bcd1c67e196b94fc6238ddbf69a17186416669b0ee124bddb +ciphertext = d5d9d138cd42161eab8800e71a2e06bb895c1ef7538bb0337b638438e51d824a5e8bd1515607c0b985058ec19b plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[8] aad = 436f756e742d38 -ciphertext = 6416f410aa1aecb24c8c17cd9b6eabda1bfee2bd13aa52c5dfc80c482236b99568de15b3543522486dc594dc13 +ciphertext = 5f1b9078dabaf0c16821256a0591f1287c42cc22d002d38fbaeb64d77a0943c2f092615185e716eb28681a3a0d plaintext = 4265617574792069732074727574682c20747275746820626561757479 # encryptions[9] aad = 436f756e742d39 -ciphertext = 2bc1f3380dc05ce46a004a679dca47cdc46d25b02662274442562e1f03db3860d1abf28027718cb73a6c2c05f8 +ciphertext = 575e3da798641f1e965d6e18384cac54d9190e5c663959de71b071b1e244763bafa959ed512a0e266c6b1afcc1 plaintext = 4265617574792069732074727574682c20747275746820626561757479 # exports[0] exportContext = 436f6e746578742d30 exportLength = 32 -exportValue = 73ceb7e41223a42a3e6661f15530ae494ecfd2c6a9e809c67243a0910ee75794 +exportValue = 5f0a458aca1ea6118fa1d0883a99b5bb626aa71b55de2e73436f53e93b8073a7 # exports[1] exportContext = 436f6e746578742d31 exportLength = 32 -exportValue = 9af39f0e6462be9a3efb1fe2eedc6e2d2942c0c9ecae1ee4e8831d675cce6fc4 +exportValue = c5aff969431e6d731c9b26fb8e4377b4e859430345af77d4374dd71461e772da # exports[2] exportContext = 436f6e746578742d32 exportLength = 32 -exportValue = 0ea567aa2da373a71ff88cc6b91abc8b1dd48baaf032f878a5e6d9335f813003 +exportValue = 0c40105c9bc2e407d9d4a64dfb1392e46d393e78747701c5daaaa530878e001c # exports[3] exportContext = 436f6e746578742d33 exportLength = 32 -exportValue = ee6ca654a57a66cd0315716d709d4c52f5f41a69249776c13077967c4c418af2 +exportValue = d440fbf13b9e3956c7d6772166e07305a8f5a396e2bd361b5b9fbae9b0b04909 # exports[4] exportContext = 436f6e746578742d34 exportLength = 32 -exportValue = 50dfd00952f71e8c1bd51ed6acde15bd558c97581f7dc17fe6e637d61e12df02 +exportValue = 1474f8e9dac70e76041b4bb365f1fc4e1e2509f43c188b5d15b8d89113c197f7 diff --git a/crypto/hpke/test-vectors.json b/crypto/hpke/test-vectors.json index 166e579913..046d86108f 100644 --- a/crypto/hpke/test-vectors.json +++ b/crypto/hpke/test-vectors.json @@ -1 +1 @@ -[{"mode":0,"kemID":32,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"887d7568a924f21f2736760a98ffdee7961bae159e5718c277cc86c34d9e6a1a","seedE":"a4386430cc425a34cb4dc59b6770504b87dfb40ea49314b2e2896d2abb4c6168","skRm":"b3e438a60baef3800d7efd1c4c83c67e003c7c2b36b671b3e51d570f5c224cc6","skEm":"46baf826b58e5ad2e6277de734fe5c0bc88d49a3d26d937f2f8b0ef0e361adcc","pkRm":"1b033b44a9f9fa57fddd7b583a310f3f8e550099d3af284709ca9eab4fa34673","pkEm":"7d832f404f70071d69f285292f0758291f966274fdc5fa494bf6f1bbf81c2252","enc":"7d832f404f70071d69f285292f0758291f966274fdc5fa494bf6f1bbf81c2252","zz":"a7815531e7ceb236ddf324d38be707652f807da5fc2a92c4ef930cf1b4ed2b83","keyScheduleContext":"005f59a87af52c687cb9e55e42cd7be07d4f1714b7c32c1586037310f1042ce238e2315be921bff8bea06dd5e9a1813a3f909b9eb7a8dbd90ac60b906e50ab910d","secret":"92618dbeba8b439353c831055e702a38d04bc194ec9f3980f349eeda6fe4a833","key":"7aa0d855767daea21e59a0bd8cd5559a","nonce":"3fe5faf065fd9c005755dd66","exporterSecret":"bc98ab04d503d3876233fdfdc2c78e253997f5861d4c72c70682e8fe965b795c","encryptions":[{"aad":"436f756e742d30","ciphertext":"437ee37ee8210fcda87a7aae7c5e97b0caf37b93e70b916444cd9762fa3aa2fc877bae2fe16dee3924968063bf","nonce":"3fe5faf065fd9c005755dd66","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"448fdab5b1331bc2daf1c3e4de42da186c1180235cccf69af0062cb22d646e48cdcd8babe828c3367ba1056c2c","nonce":"3fe5faf065fd9c005755dd67","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"78af7509a1b84eae6f59b1bdccef888421b020a97f1a6be270363e5c45005389418e73235a942f9fd46b37a352","nonce":"3fe5faf065fd9c005755dd64","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"5152f55bf389fba1eeb972a88b7a7391f1102b2105f78b1a03baad2543b0ac008f7a59ea64ec044d43d7aeebf8","nonce":"3fe5faf065fd9c005755dd65","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d4939ff18065a54b1e988c72649aa81b1bbdcf9496d150efbe2c03c084f6477653bc03fd58a58a03d4ab78e47b","nonce":"3fe5faf065fd9c005755dd62","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"771277b0c50eab4b1aa802b019391f52d2e08459ffea6ca84de9ad691414d15ed9f6f091b3a2190d01e364394c","nonce":"3fe5faf065fd9c005755dd63","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"914144c371d68501260ce1281e9d4b86710a4184f734e0d00dca765c8e2ffbde118ca63019b749717afc99cc6a","nonce":"3fe5faf065fd9c005755dd60","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"91c6f9894280f4185b9a1f66d11afd94a81884306c73159b9bad702cf568bbcb5424ecb32388fdf1b0523b99ba","nonce":"3fe5faf065fd9c005755dd61","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8901bd3602f5fc51b85367695a4f003e0094e86f01a8564434b12ca2ad290d13476772ae87fbbb091b1a755981","nonce":"3fe5faf065fd9c005755dd6e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e996c46f77eadd23098140d3223c4b890d1a9ed5b8e02941ab5c93fc370ddbf9477edc26b48b3ec6b8067e32d2","nonce":"3fe5faf065fd9c005755dd6f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"9bc841c822d823b56312319e28775373eb5ba1259b6c721393f9bf9868f0ba8e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"dd76d8a3fbfd50a6468c0a332ebd50ac518ca1747ce5014b4d6fb584968246eb"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"3a70fe6e8409f204bcfada3d8795c59a676de533d2451b4d5e7506ec48529277"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"1a5df4a86790fbbe9164463d927ba7b7c7f3daea8d1f39576076b00f03b7372e"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"03d04b52901947dea1d034489cbc07d8cb94aa3365842c5bb1b6ca52969b86ba"}]},{"mode":1,"kemID":32,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"aecde81a39413cb368a34fe373ae4d0b04627d8c4c9d314be383a613190489cf","seedE":"76c93930b53d48e43a1388d499c537b4d18f282223fc0377a38b3ec678ac17a1","skRm":"108da77586f47bbdedca2bc43a1a1f99a48a31a2db8d46113761878d067c0255","skEm":"fff57ea7bc794ceb283e4fa1d1b2dbe748f1dbc6274bee25aaad03a2951144a1","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"10b3301db3a78d0fa94cb5ff6858d7b8bb1f2bba8cbc8fe94866ae6b7d868443","pkEm":"0c0e9fb920a836c5ef42fd393589ac9d01af39f52c08caa7d80df9fec966d74b","enc":"0c0e9fb920a836c5ef42fd393589ac9d01af39f52c08caa7d80df9fec966d74b","zz":"5d9866637d1d10db5d9e80e672d5a249f083eba7c02d928ef81446158dfd151f","keyScheduleContext":"01dd2330a5ef651db37cebe3393a6bf27b38c3f8c4e954a5fe3c61df61ca3d8cb5e2315be921bff8bea06dd5e9a1813a3f909b9eb7a8dbd90ac60b906e50ab910d","secret":"39359ef40e95feeb2cc8274af171cc9144733a0d06a007bb570a7718a0e87abb","key":"9fcd938926bff5649971a302cb6ad4e9","nonce":"52aaae05295ab893fc603a3d","exporterSecret":"097204ac8b3f5bc894e6c2daeea4555acae24c069e9c9b3f60e57eba46322efd","encryptions":[{"aad":"436f756e742d30","ciphertext":"ea822a474afa4c7f3068e6094b6921972040091bc8f623aaab7a7c4f346607b7a8736d78fc24a0ad9d6948997a","nonce":"52aaae05295ab893fc603a3d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"bbe0e814ee486d1089d87d3887d83445094dd527deebb2de29e4cc98adc0ec3ff2eb89b8a876c9c60cadc45d65","nonce":"52aaae05295ab893fc603a3c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"9aff8102a2e733203edc9515c23140a3ab4b441efc31fdf589b6d30035a45e442a7a8001f286f2df183dad6d8b","nonce":"52aaae05295ab893fc603a3f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"624e1debe443fed48ae69aa7c9ebe48e3d20d20a20bc591d006c47401ef42fedf57b9788cc4b659519aaa02bf2","nonce":"52aaae05295ab893fc603a3e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d713dd26d7cf97cbf71066fdd3f050f0b0b01f966ad776682903fe438adf626fa754459e124e8a296e1d94170b","nonce":"52aaae05295ab893fc603a39","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1b56e1864079bd69d9b159741f370cb596dd0559d2d8ca46a9b4ba33aa310084462fce4b5b3ab509841206f57f","nonce":"52aaae05295ab893fc603a38","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"47570e893307b59980461e68b68c3da216ab5aa9259b43f7fd9e7a92def10d930cc28ffafb6f2119bba07ec368","nonce":"52aaae05295ab893fc603a3b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"abdf103b8560e0dc72c8bb9e3b1e17af36a534ac2ea2924f6fc51d57fe406e44050c7820da43184118950c9e82","nonce":"52aaae05295ab893fc603a3a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d2eae567b21dab03951d7acf1140f01e1e2013cb6216d0ed8cad0da1260b2386d46b8b829c94546a9fe6cf73fc","nonce":"52aaae05295ab893fc603a35","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"dabb5448157bfb60f0a77b19e4f95ae3ff0222e2dd68bc11b5ea9bf670605e783512b90eb610889e079fa65b91","nonce":"52aaae05295ab893fc603a34","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"6be00fcf37b00ced4d47b42fc9aee66026044879b56c7646b1a67aec253aac33"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"d020d8431dd820e6569d40339b7751169d0121050825c7dcb838a960e67258ab"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b005a4c2647f47e3af7033b9c19f99a8925133e57fb0586bdd200358693a3394"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"fee4e332350f2549cd64270501756659265b694347a2370d0cab8dc3d9699977"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"b865d4e12ca086df91837a264564beb2fdb6517bec481ea7ec7b2e9f173fe0b6"}]},{"mode":2,"kemID":32,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"87a91eb9ef6e96e901df4103d1671314aec5ee6474d667c0c2b4168c0e22b1c5","seedS":"eac00dbd269e725e8859e3862be47bfd17cf2d47e5be094ae77ff0ed836e7e95","seedE":"9f06a1c6641f4636066457ed4a502a8e23573f579ff2982eef6045b4d863d2ce","skRm":"6c0a018ecd71b0752532e33444cc9bb960f963553613f54afc08c0064dca99f1","skSm":"272f25db7679f8a1712418bbe6f7be123de4d507952adba2042145e27e18d567","skEm":"066c70df66ea1468d34355b30185663c8f45ea15451210f027a3593fb6a21688","pkRm":"91e14b11ce51fde83982907cfd2e077fb47203614d0dd36fbb4c5152921aca7b","pkSm":"8bdeda8a180e2ecaae23ad7f5a2e1aa2643068b80bf526e2cdb5f82160d18163","pkEm":"3f593e5fd05782bd7bda37171ae5d794ec6be72d60495a673a0764afdb7f9a53","enc":"3f593e5fd05782bd7bda37171ae5d794ec6be72d60495a673a0764afdb7f9a53","zz":"857c81b1681ede76b437a6075d6f93f348d5ae9b51da78e95d200b0196fc1e37","keyScheduleContext":"025f59a87af52c687cb9e55e42cd7be07d4f1714b7c32c1586037310f1042ce238e2315be921bff8bea06dd5e9a1813a3f909b9eb7a8dbd90ac60b906e50ab910d","secret":"15944a2b4517e879342fe24e6ed0340b32d4a44a2b2c6c2e83bb626e5e14cd12","key":"4f6826cc55ce4d0d344bfbe590855daa","nonce":"2465c7d4270d235531c3d695","exporterSecret":"f862a23f69dc83f0de76fe2546764c9c1d23dddedf8c7a0cc50b3e0872fb138d","encryptions":[{"aad":"436f756e742d30","ciphertext":"c37551008a6b7848ebc9d062c461f02d91323f4e5bde9720d4a53613bd6339112b287ff7b66c79cff05890eff5","nonce":"2465c7d4270d235531c3d695","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"4a5c4a6d0d20f6e1672a32fc757946a80bfedf17bfc6f761a6cb42b3bc9275800b6af087efc903b00a96ce276d","nonce":"2465c7d4270d235531c3d694","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"e7c100bbfeb8c7264587fb08efd9da552903175f752f70ee0feddfd5ca3732ceee38f9e2df8a55d91d28428c7f","nonce":"2465c7d4270d235531c3d697","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b42f263b69df0d3a76d9b24dd3c8ab15e442a3452c4c70a23adcc9ea0e6237737d0f52528ebfce6620267b027d","nonce":"2465c7d4270d235531c3d696","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"febc849423b1fa5d750f1f9c599c2cc7d45ddd5d3667132abaf7de0f3fec985599b7f977edb91ab93d33af657d","nonce":"2465c7d4270d235531c3d691","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"775b2d233531302f47061c661dc2eb571bf4bf6e3433fe55868e917405f6a1a1961c5db61701ec7d12cce0f90b","nonce":"2465c7d4270d235531c3d690","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"73923a25850805c19e4745c3e4823f32136a381cc4d3f6aa8310e7eb97db32961c3d4ff2242497a453e274eb54","nonce":"2465c7d4270d235531c3d693","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"0be8462602fdd1c5b3b7347b5a162fb2f010526c0ec50e8c589b1a8d50e443852a5a2c6928db5dbab58372faa1","nonce":"2465c7d4270d235531c3d692","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"39939638e09f0af50245a0aad254f2140a135cea88e430d4bb75a13fe67d81b44e070649da15c7fb1941c5820c","nonce":"2465c7d4270d235531c3d69d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"3107cd1ab34a06c906a9cb06fcdf38aaa4a9ca0a452089ff0c2117dd0b3ca50fbfdeceb5b7edfdf8bf88ae6f9e","nonce":"2465c7d4270d235531c3d69c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e83aa8be97d063147e4eb5836a3600cb7dff6691c1f545177dd10f1ca0328737"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9e8b1e99dd357ae12ba6004390897931c7d7b3000b9c1bc51337905951c9e6a4"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"c3573a4368ac2ad398b1447ef7b986fde7768c7021e6644b1088ec75a763c11c"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"7392071b78693b3cbb391394f006b7151f23685be3a46f1a480cdcf01ed258f5"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e09755f25fc90245341439cc05421bdb942889f25a1e4017c82909f1b8d4b7dd"}]},{"mode":3,"kemID":32,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"faf28a99df2695912139d1b61b8e7a94a79f88e12d8a577fff9e3b49ff5e6ec7","seedS":"a2e1018c6a854ade9cb5d69bc582b107f1c20e3763bfff7b7d23fb9b38fbfbcf","seedE":"3f56378b5ec0239842e4be3aeac8ab5e0adc8190f8cc356fddb722df3911d778","skRm":"2737e162d9f9e264ab6c8e0730985de78c651b7333a247849023cf76cc896499","skSm":"0940eefb87baf5a4cf0f591a4695e64bcdc8792d0d67f0cf38c2b228c9147325","skEm":"141d242baa3764b3dea77d0125f4d41b98627b6d21e243110cc885ed9d3c63cb","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"81f8aea86eb716a6190f8151c3e4858d3aabf0781579feef7853d9bb4be19d55","pkSm":"157bf2ac29e4eed6a6b1060173e6167f5ea816df6d1c6bb0572bca17462c1d56","pkEm":"a45fd7250d40aa64a17f8e14e4987513086c01e7a753a43bcd03176a0f8c4606","enc":"a45fd7250d40aa64a17f8e14e4987513086c01e7a753a43bcd03176a0f8c4606","zz":"db00fa0e38cca7e958979d8ae5f8e55f5a13bfbf1be1aadf8de1ddd13dbb7ed2","keyScheduleContext":"03dd2330a5ef651db37cebe3393a6bf27b38c3f8c4e954a5fe3c61df61ca3d8cb5e2315be921bff8bea06dd5e9a1813a3f909b9eb7a8dbd90ac60b906e50ab910d","secret":"58e0302d66abf9bb268435cfe1e0802b4c3ac1f1e16f03f9795db038c88a2887","key":"4c79170f71e74212557131685a7354fc","nonce":"c7f42ab714a4606e414c05b6","exporterSecret":"d65c46f0189bfc224e894b11f128fd528941178f028360f4bc2379862ad60e40","encryptions":[{"aad":"436f756e742d30","ciphertext":"56c24debbd281afa727712725c72a40834fff4920c8d9aeef3b08c684c2997a2d0d2b0fa2768c4823c7e5212f3","nonce":"c7f42ab714a4606e414c05b6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ffde5f5cfbcaac29450846b02499831f6db54775fa7c68e3e6a6f28cea6a70bd57ce03c57cb339bfca09c048fc","nonce":"c7f42ab714a4606e414c05b7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b8e91378fefa33ef428173db4d64cb3e15c1cbce7e9d1f129884af766798bed723bec7ef871696dd4ed72e9cb4","nonce":"c7f42ab714a4606e414c05b4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"6379d82685e7572cba439d7c88430f7d35ab17029729d618eff4a10e286eab61676a5b523ebd96d7823eee718a","nonce":"c7f42ab714a4606e414c05b5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"ebbc30676d69daa70a91c654b9cb1ab8ae8af629bd6c909a053f3cea242107fa1170916a4daa273038b52d1b8e","nonce":"c7f42ab714a4606e414c05b2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"488e71bde2c3effde0f6ed186a31600a751e88415320d39517eb513f34431fee5924b0c7e16e2c57577d2e1414","nonce":"c7f42ab714a4606e414c05b3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"0fd4adeb521ec824c52f5650c6ec445e099eed6b2e55953760f79a3cc30ea6adee2e96d52e7851b3ab4003fd99","nonce":"c7f42ab714a4606e414c05b0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"45b4dd4f8f69392c06826fd71d4f8f71dd6971da419944e7274895b7a65cd9640dfbedaf5ae1e9917dac758556","nonce":"c7f42ab714a4606e414c05b1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"44be3e1f8d498e1202fddde22e33956f393c536ccc48608dfdab7665b6c841144f8af12e43e7d08d69f905c9e7","nonce":"c7f42ab714a4606e414c05be","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"2b93e40a41d6876c499dd4754d364ffcf5f7adf1f88aaed1c571592bf1c7a247d8c05462adba9bfdceaa0235f7","nonce":"c7f42ab714a4606e414c05bf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c7c47ec29d6759c2da9cbae54adec57e786f474398f9034541cc757942762a19"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"2426016b2b0bbd67f26e240be632ad0b9c6f3a88d07342377e62665170256cf2"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"cf379771838ba34a0739ec97782c3d8ddbb6783cc454c54886b588f70afe08f3"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b17029e142154399de434ff4e3abcbd41cf339558fb6d2196aeaca38028a1a93"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"50609537bec289e80dd99bb1b86b334d6eb6ba2395ddf4283599bb09c022c02a"}]},{"mode":0,"kemID":32,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0a16b20b51d5ea005fc98700fa0ba9e2f3b22fed7df93637cf31baa5907bf204","seedE":"deb191324ca39e9728eeb648018cf53de42329c8952e0c298c3bd5154afb0633","skRm":"da634eee68734edcd50b2b14c73262fa3ed2726cc85d3c328ccdaabbbec9d53d","skEm":"e28ec716ac495417440ef674ccf438722932da41b5481b8826f4f7947c4d9069","pkRm":"1ea4497701b05912be470df9d06ee114b825b9f9feec09f6aa9b2ca6b7be1360","pkEm":"1a468c14ca9d0615f9a14b565c0625058f9b56485006dcab10d762e5260d3041","enc":"1a468c14ca9d0615f9a14b565c0625058f9b56485006dcab10d762e5260d3041","zz":"c31565932c0e5ae4582c7053e33b5e77e371b0dfe1ac5301272e28bdfcf26c77","keyScheduleContext":"001c6907359a7daf67953ca146bcee91341462b6f068c235c0e42eb6c0a39b2f5aea4ccc5c4d1ab53cb3cf7430d10e4517e439bd45970f921cde7bd35842365cb3","secret":"3b064fdfdd0d10cbf422c8da9a303d9ccdcd6e1b1824d637165fe4180d2fd144","key":"2053d49ca8be215fe6802fef61c8da2b3e231df0f15a642b50e91a0ef1e9951d","nonce":"c88874b9b2cf47037984bd5d","exporterSecret":"c39930e5828e5ccff62c40d05a75605eec31aeac8a1657032142a9e67f9a855c","encryptions":[{"aad":"436f756e742d30","ciphertext":"bb9270559e7f209f764aca4e186040a561e6f2a4f34d6edc59163786ccc41231166f40bf6699f45bc11e25163f","nonce":"c88874b9b2cf47037984bd5d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d6743a322f18e3fff2d06e3912b3d484c315772bee09929dba1a27e8e93f11fbced8efbf45d422210bb09f52e5","nonce":"c88874b9b2cf47037984bd5c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"89964cbd1aedd4398a9e0fcca0ac245d04e6823666ea639be02bb9ad1bb297e9a974ea1c489414a8e5032a3609","nonce":"c88874b9b2cf47037984bd5f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"bc8f37b1f7b179b6e97ae97dd08674a7124e9af73b6131b3bff3a071027c27a3e8210522130ad7c2ad20afbbec","nonce":"c88874b9b2cf47037984bd5e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"e2477e3230130508f8ff9a076b3ff0b4d162defd595962f10dceb9caf72ddddfd8739b184c92a7546e1ad93d49","nonce":"c88874b9b2cf47037984bd59","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"ee5d485f2e6670b65d7a31fb134823016d3f9059b12bfbda706c4e592f862aca43631f94619f7ad2126bbdf771","nonce":"c88874b9b2cf47037984bd58","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"a7ebc5793d72288bd382222aae883355a5eab73ba5c7271d66328e1825f3b9f0418e1b204933374e4dd55d8316","nonce":"c88874b9b2cf47037984bd5b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"2a5bb8b837de5b0bfea4070918c27c9aadea777bc043189a12dd78aacc197aef16ec3f4d90e7889f8962181bfe","nonce":"c88874b9b2cf47037984bd5a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5fbab7888d1df36f9a7f7607dfc67eb2878e87cb4972fb5e0f2dd6570153c5f64a21bd042fa1a07135482e9767","nonce":"c88874b9b2cf47037984bd55","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ac94f708e42b900361fabe181d638d03faf663530bdb635944d5fc48425ee2598b311ba6c7b2495ab9cec34338","nonce":"c88874b9b2cf47037984bd54","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"57c5a85e2538d066a529c321a740e0dba3ab413b5d7a74fd5e9c535dc92a9c93"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"adae370a00458fe0815fb39e0c6708a1e32d8a41d299ec6ec3ff0b3aafa5e9ef"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"68ddde9847cf50fc0c31eb94a5071c119a4f018bbcff323614b4664808e9567b"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"6d0684b38f5f05aceefeaaa17bf71b39d5379940761bd38cb0499161565394cf"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c694953e7e6df9c1d74550b5d54b62a316227c5b08c8f1ff51f124d29b3ae2f8"}]},{"mode":1,"kemID":32,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"1775ecb21a043f63f0d320d817bbf9591c913e8e01de27c4c9312493f6801c97","seedE":"7373cae944073cc787f70261bab090d33e0f15402685e7f8ad0fdd668985c8c3","skRm":"be8bd96ddb41da0902d736084fafaa3fa3be2871dd27f073d2b9aae55230dea4","skEm":"db448556c26950d7f1ed95661744670eca3fbc680e287ce22a147c9a91f0609c","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"9827b681cf3c77faa1953f4ef6e8c049d8051f5ae867c9ebe17dc142e4f46632","pkEm":"f101495bdb9d304ff4b5e5c61a775e15bc5a9a0302f260a2953ec66fbf894a62","enc":"f101495bdb9d304ff4b5e5c61a775e15bc5a9a0302f260a2953ec66fbf894a62","zz":"ba4401d5d3579931047148de93e1bd36dd8a2c14f0faeee79210ca4dec592a40","keyScheduleContext":"01809b00e0a8c66ab0062f825e52b36209266d6836f95f0404c3dca851ee0af863ea4ccc5c4d1ab53cb3cf7430d10e4517e439bd45970f921cde7bd35842365cb3","secret":"2591911467a941a90577f5d9d20fda215c5dc092095749ee41586247dfaa42cf","key":"015d5b695dc8917141852848f0ada695de11404c5a84f5c58917ca28f4fc5e1f","nonce":"e12157c5686a7c5b7947f5ac","exporterSecret":"f9d9f7e40ab05a3108d9e51c8391ab0b95a97610386728618b34c3572da9b2a7","encryptions":[{"aad":"436f756e742d30","ciphertext":"b661abcbb621a01ec812ac82dfe19c53154feae79a844be639e851302430dc4dae24468510c6ee6d155b1c64c3","nonce":"e12157c5686a7c5b7947f5ac","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d4b772a280902304dd1479e9739eb420ef6101ddf1dd1ab90338dbacb474b5e51527cfd3bdd3b5f7168cda6aba","nonce":"e12157c5686a7c5b7947f5ad","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b95c0b799af60d5ee28a42e330aaec1a2002b249c2f62de9ad2a37d6a26271e14544f7423412f4d9ff708805dc","nonce":"e12157c5686a7c5b7947f5ae","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"05ed898ce754accada006ce4e6ef5cf549c4b3f6c9b2f2fa157f159891f614be35b9e5f57a0d29a6447af0ca3d","nonce":"e12157c5686a7c5b7947f5af","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"010ad151a2bb23dba811964c5861c6b25b85d3019325867df7f44a23471b812f86449e4a8ddf8b72bec2f3fbdd","nonce":"e12157c5686a7c5b7947f5a8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"123c5950ca64e49597f261a6cfffba2cc90402c58d0371095b8b6ae22d5703c64d5ee9a2ecb57b4d720978d818","nonce":"e12157c5686a7c5b7947f5a9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"d486ad77fa2a70bd0868b6c207c436379c85240416c805b5d4ee1a6e4e83309805515547e18283bef075bb9052","nonce":"e12157c5686a7c5b7947f5aa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"64d6339f547a73c71e19e45d21b8fc251a5c14cd9cb99579cc363105d09c25cc5f6554d22d269a2bbbfedf3f94","nonce":"e12157c5686a7c5b7947f5ab","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"0b7f3c3d3114f5a0664a4d9c1fdd98fb04339248af2b6a1b82f4adf1ea28899f21c880bdbb0a02b9f08d763638","nonce":"e12157c5686a7c5b7947f5a4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"b373a3e7c20d52826789739e67f1183629db916b819f0b0c8c720f423ed29bada1a68b93bfcbc6014168682e68","nonce":"e12157c5686a7c5b7947f5a5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"08733eaecbfa1b61ba3e86661b666f5cad74aedad20fdab743622183d0e5861e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9f91ddfadd00a6de4150e67e9375d02a2eaceaf14a03cf3e040b53b961be9944"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"86ee76034b35a1b613a760f697c59379db3a9e9f5e75a90bae30f689c84e7bc6"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"f73903ff3e3188a5b0ab9b439f7f6eb3ff59904820eb97ae3aa223296b4862cd"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"46dff8607d2097273ac864eb01a48c00ac2d3535f489fb685ba1cb494c071ecd"}]},{"mode":2,"kemID":32,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b1df4eed21bc535f51a359ea62b4b91f799c0b54ba61d1b850988e5b0276ae52","seedS":"e3e3df041389115650783738165bee473422bd401af7963f692f785e3dbfc125","seedE":"8c85e2575f9eeb377c906a0433e452861f32d5405841944a651f37299ea07923","skRm":"2d893a042ca33a25ca852a97ca868f49477ec074026d0e9af691d399990e6dfa","skSm":"1c4755105e91318c22bab7d2f0955f3076cca9c2a1b670b862785ea18b3680c8","skEm":"a70a0477a2dbb244f81d832fae6a48ec4c362e59cab7dbaffa820cfe77d732db","pkRm":"fc78aba8e710e03b8a4cfe685c9681fb632057c0ec6bf270185f66a73385ae2d","pkSm":"2b0752b99b30eeb8e2e90c293d71110dbd0aeddfa8e2c8124fbe01c4eb599e20","pkEm":"c2d68f417250ecc3a7ac77e08bb47fb07480f65411f3e17089903ad0a257d904","enc":"c2d68f417250ecc3a7ac77e08bb47fb07480f65411f3e17089903ad0a257d904","zz":"b559c29033fc9d8582cfb52566ff77e6017d1d38e2a5bdf75589e8f1bee14b99","keyScheduleContext":"021c6907359a7daf67953ca146bcee91341462b6f068c235c0e42eb6c0a39b2f5aea4ccc5c4d1ab53cb3cf7430d10e4517e439bd45970f921cde7bd35842365cb3","secret":"1e7d06949a7d21e18dd2964e96f4e7cda230ad7315505aa4439328154ba81faa","key":"611f9a88c8ec4fcf29dc3020f1a7049bc399336ea20efc9f50c3aaf75c5eee22","nonce":"2f7cbaa49e6c61f1cfd79b4b","exporterSecret":"01494d2770a7c4a8a6d5cd8882606057c88bdb354888ac0b2f5e0edd081ca9af","encryptions":[{"aad":"436f756e742d30","ciphertext":"eed68a6e60cf55bfd3fb2c62fbd5c8a2c917f72593d3547b99d9d2dc04d761c56dff01d1ba5b484f379d1adcf0","nonce":"2f7cbaa49e6c61f1cfd79b4b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"21ff1d042196518645d0e23b0a7f303fb7527f1615a631377f31f38de36bc499c1650125df9c8d70583fbb76ac","nonce":"2f7cbaa49e6c61f1cfd79b4a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"85312357b0994328d1b9e180d8c15760dc3f044a2c128aec76d7a94c5af6c7d8cdaa39868f368693afbda9942d","nonce":"2f7cbaa49e6c61f1cfd79b49","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"8aa03974e17286fccb0a2796e30d11a38eb9b9b4c7e4d7c6cca6ded9882ef60b01f3ef35282220e636b721e065","nonce":"2f7cbaa49e6c61f1cfd79b48","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"87d4e723f20b1bfbba7e9ee501abf7c4ae29ab6ae639e3bf048401e21af5dc5c875be18d4d80283a3abff6fb49","nonce":"2f7cbaa49e6c61f1cfd79b4f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"e8e60ca3bff8a7e34c976cef3ca003b7209264ae63fb3309a3795f80390986779efda6275560a233c41f1d8de7","nonce":"2f7cbaa49e6c61f1cfd79b4e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"0b733a3930403ae2cdfd9ecd5f71825545b3245b937c8782a4dac5052ff1f538c2bc9a4b89c5b8aa5219046184","nonce":"2f7cbaa49e6c61f1cfd79b4d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"dcc903ef0d3715d269968398af67cc9557c4da4a84cbda50261862d6bad31047a1b1a911cfbd775b9c9210846c","nonce":"2f7cbaa49e6c61f1cfd79b4c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"2053caccfeef092a39c9b346c563494d29a05ae2a12bdb9014c8ec5067cac1df9718cb432786240dd5aac4df60","nonce":"2f7cbaa49e6c61f1cfd79b43","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c1aa877d388868b420164a3b6c84f56ad44cb45512a58375aad059cb20ebf800e7fee1669a2e039453eac990ca","nonce":"2f7cbaa49e6c61f1cfd79b42","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"8c201eb4d4e5c66018ed3515acfd1a574c91cfd9a805c6746a3bd5317bffbfab"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"464971ec701dc7806f4829c7142ea114832937222c8feae6ef74c09d01383ac1"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b3edc6f27c03b2db1311fb672653e96fab4e4ff25d5d87b6307f1a06f2ed220d"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"8206dc954e3c3064bd89e24bdf39b360d91deeda19bb559dad610810ddfbc3f8"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"6dd2d06434511d0199cf92b5840ed90d1add59095a401eec8e8b2bc8c3f3aed5"}]},{"mode":3,"kemID":32,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"eafc0894ff171bdc21c16c7c0c651d586a381422eece40061bc51d0beeb1f0d3","seedS":"ff9f42e80e6f52510de8d9b4d924370af5b2082292c99704ceeae682d8d52074","seedE":"913a3a34612a7b1c98a7f1ccba72a8ddd2c6f746d185b25205a50638eef8b469","skRm":"581e34b21ba3a3022a9e4df3f30fdeef4ca1c1a7d099f6da53dff2c05dabe8d1","skSm":"1afdb55df58dc47322e855c104ff067cded782251a71d16ffe26200a5ac0765d","skEm":"4f60052b73e8ba20bfafaf3b8ccdf305c467fe01ea3059f824f3c7367110c716","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"85843fd9ac77d46e175b30d9b24ccc1eb1a31db16d714aa879934445c5e2f32e","pkSm":"5123532c38eca9b83f7fdafad1fac7b41db6df9d104c50b02e6f20fdfa661a03","pkEm":"74c9453a52e290cb336acb310a78f3ff1d798e2fea97b40264471e33a7247866","enc":"74c9453a52e290cb336acb310a78f3ff1d798e2fea97b40264471e33a7247866","zz":"0b0d58b62e0d589db4a483489b4647db66702a8378ea3a4c4741761dbf000776","keyScheduleContext":"03809b00e0a8c66ab0062f825e52b36209266d6836f95f0404c3dca851ee0af863ea4ccc5c4d1ab53cb3cf7430d10e4517e439bd45970f921cde7bd35842365cb3","secret":"497efac284f5a49d8e6b8132a96c81d9ab6be7111fcebc96477a5aa3e47fa157","key":"f53e8125cf04b878742c869c4f4eb9363f4f4a11d437d34badb904ee38d0814f","nonce":"ada247df987fceb8d4e93191","exporterSecret":"d2029b9e5140c609b45b14af4058538818904f335a1abb6f66bea28508a55baa","encryptions":[{"aad":"436f756e742d30","ciphertext":"549c726a9ed8e3137af6beeccdfce2ab4c4958140327dbe50831c25cf4eb587ea0e6ec67ae1f9888c72d5060f5","nonce":"ada247df987fceb8d4e93191","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"810431c67452c001e8c1b75e4f88f9f44bfc497d0bc2a8ba3b7ee6a9aa6b6c3bc30477e905da9a66a1b10bef31","nonce":"ada247df987fceb8d4e93190","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"5f710762f75150b8e8838cd909700e3972646aa7ab0efe0b68bcc6902354b65d91636b33865b05df3feaa72c69","nonce":"ada247df987fceb8d4e93193","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"341e06fcdfa07af7a83e69c04a87f10ff38db14c76c2c7d479fbec4cc5952a96f03422775d1ceb8514ade326e3","nonce":"ada247df987fceb8d4e93192","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"db726c504eddb11b6d599b7f8198d0c789ea07e4635e5857882d5448f420617837747edabe9189050acde314a9","nonce":"ada247df987fceb8d4e93195","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"3f4e6911b3e329ecf8f5275d397df81696d8c153b79f898a7b41f5dc9f84d9d8eda651cfa37c3ed952ed972a27","nonce":"ada247df987fceb8d4e93194","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"4359d31a9c5e54771320fab1c94280845ea9d32b7ed8da63cc8ed0daf25094fbdd25aca5d23b47ffc97d1551e2","nonce":"ada247df987fceb8d4e93197","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"4ed6be7a0d93829563ce6c160ec75b1177303fe869b03f0548d4b04f36dbfbb1bfe8d7d7b321ff066092b0fba9","nonce":"ada247df987fceb8d4e93196","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"b84331ebcdba2e296f43f9a29f265b6ca080b02212a55377cca69108bf8195102942aafc444608ce537e3574d1","nonce":"ada247df987fceb8d4e93199","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a67fe82f3ce1aafbd3861073508d107503096ca9cf9c7b72f5115ffc11d899039732ec27ff2a534e96e0e45898","nonce":"ada247df987fceb8d4e93198","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"0a19d17b7a935437de8b6055355f25ad448d5a5553c5446720db7aafbd7060e9"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"bdf3a83e49720d2851ee58010aa2e4f5f04729c58e57dd1ae3b8005b654c0e86"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"553bff03ae560593379a2f89998492683419b0ef8a7d628440c1f360d2d8713d"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"0936226ceb9e19082aa1356ae502552b4f31c3b7dc1401a829e0d5ec9ccaaedb"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"50b3f4d023f32aed2016364f2196d934f415d31285f54d773ad7077e5f1ce326"}]},{"mode":0,"kemID":32,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"2f74ee420165e497b22d2d5148eb66dc06e167e6b6a25297eb4d96747b86cdf4","seedE":"8b76b8dd43faf7faecf684ed9cc5b4cb937604d34b4f8efb830063ca047c763d","skRm":"677b64ff70915fb0404a1905139013a33fcdbc39f3d1914a007984e2413eca48","skEm":"22e0948a3fd086e7ec1cb96155499962bc470680db725dd008d39d25f6191bf6","pkRm":"02bd698c34ef1c3ec60d5b209135310d52e125038a0ce0bf1e0ee2c8dfc20e55","pkEm":"de17360c5c7f244cd06ebc73f2808195329ea69ff829410a6450040d50af363f","enc":"de17360c5c7f244cd06ebc73f2808195329ea69ff829410a6450040d50af363f","zz":"3d63a46a8d9ad4e3830175f7998bebb213bd3a8401b50cb6e2c42670356e9953","keyScheduleContext":"002ed6ef5e5a1e10b8ce95d98a132e9042fdb39eb661fa2fff0353f29b397c31aceec26b8f681b7d42f5ce9979f35b851fd772d56055040326cc392f2a2bcc5d3b","secret":"fefa11bd4b906e90bae2c34db054d68c32428acd590d832c7090879027cc6d87","key":"f85c77a1e881337552d20297e3200801741de39212c5f18cdb57062f99864f99","nonce":"2084a09dc1e85528844144d0","exporterSecret":"ca58ae00ecc470614f8839c668203a3bb0905a6441559b4f1328f3b20d15b3b4","encryptions":[{"aad":"436f756e742d30","ciphertext":"b706a7523384a553fb1c44d5d3186bb78484947cd17e72f15f1c83152510e49680cac8f057f175187e94f18083","nonce":"2084a09dc1e85528844144d0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"cdc1a9425ceea83e9f1d0a2be77525460cbe259d1a9314eba520c5f5f879376a9ad7f8672ec943de425c6655c8","nonce":"2084a09dc1e85528844144d1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"5bb2028896d91f156cd6e171d1470361bc07aa804a3ed64163ea67da67bce84e3d2f73b8d75f9a4dcb452b97e6","nonce":"2084a09dc1e85528844144d2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"220790f4242aa714ad2c44967810cc8c9483e1833d7f9dadd08999abd892aeb3fb1ca54a29c4ea22d1395d85d3","nonce":"2084a09dc1e85528844144d3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"73973035d480c8299d1773522b738af626a5c834fc6af5ef5f8778fa6a767da89660f4aea7b4241b1f8b5cdebd","nonce":"2084a09dc1e85528844144d4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"2e35688b0bed657bc213ce0c960e478e2d708700b3b3ff7048bc62130f23a0752ad867167f1d1b709a48ea89c8","nonce":"2084a09dc1e85528844144d5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"14dd79e4ee9e416dfb954e4f0d73c44757ad375018a802cd0c4a7ba3fe378e5c8cc4cf21e648e6a8645a085cad","nonce":"2084a09dc1e85528844144d6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"a996ed2f2680a15351eeb87643b99b558a59d8c1114a214acc8bf3dbe6b40c4d41e06ce8b1e11e795e37c75143","nonce":"2084a09dc1e85528844144d7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8123ec5ffb77c7395bdf2baf9c73cd2b1bbfa0ec79870a1d6260189b559af29a9478c2675c82bd1e19d2e422bb","nonce":"2084a09dc1e85528844144d8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"55c9731edc92dee7683bbabc425fafa4dd199aaf74569bec1bbf79e082eab9006392ea1b3a2d07622b62bf0bbf","nonce":"2084a09dc1e85528844144d9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"bed211016a1fcc4328de46fd11d8be1f00a7e2c17979450e760c152fb77bc825"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f1c29485807379d0deec17a65606307c2723a1653ecb1bb601ed5f703623fec9"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"477680ef89421fd862866dfe00b70ac8906785c2346db09c8a868b0c23c28e98"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"d0d5e1460ed084ae579eb5408d03d99482d74b5293e7aa19df06acbf16af8fab"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"f5fec947f00eccf828dcd4f1b405a115001cce97f3bc0d6f8c831f1cbebce36f"}]},{"mode":1,"kemID":32,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"6dbaa03c19b18e089416805b98b97e9be59b5b43348313f6c894aa749bd863ea","seedE":"d2a61539bff0e4c64e88af0a3815b0269b78032f45d84fb82b6b5c0309f5cdd0","skRm":"a009f3a71c03eff914098e1fa804047b803e41b2b7fd412a48d765e788d844b5","skEm":"1c671b5cdeda763fe49fc4ebbc9bc39257eb64cb7c80f85489d6099d94c34277","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"d1034e51de83cd6ae397ac7bf5826c3488956301a43a6ba0a9966b5be0d38066","pkEm":"c4b91e87a49f07ae2b70020bc2dbaeba491de362b918db4589d1b64dabf3624b","enc":"c4b91e87a49f07ae2b70020bc2dbaeba491de362b918db4589d1b64dabf3624b","zz":"32db4a665545350d97e322d68efee9dceeb8a2deff566762b89314b6d5519be3","keyScheduleContext":"01d2265ec86e8178427811787de22a5a66596c3a7c65806869a25166bce01ce008eec26b8f681b7d42f5ce9979f35b851fd772d56055040326cc392f2a2bcc5d3b","secret":"ba68621396bce80210a653cb6b7c6c53e3412587f2a3d359b5433717fe10ec1d","key":"0801b8427755e38ec575ca82c1a023976d1c6a05c962bebd5b711fb1e38790c5","nonce":"642d83347562610ba01a5986","exporterSecret":"5d97c23cbf481d5e7c9f5fe2ea1c4968d0e7512d01b81a2b897b80d5614c3d68","encryptions":[{"aad":"436f756e742d30","ciphertext":"be00a3d72559ea2091cf65a02a8dff3b79176a880caa47b214e75debbc4228c8028a0eaa31a9207fdd595d4443","nonce":"642d83347562610ba01a5986","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e62e5472c78f6c88f40fbbcb9f41e89daf78c5be7ae963cc75ac9221ec1fffa7f112717074a635ee1a415e2a16","nonce":"642d83347562610ba01a5987","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"91d12fa708d5926578a7e9fa56a4342e0fa71e824908781d4c937a00163d581fdd23af55d60bdb310289fdbc49","nonce":"642d83347562610ba01a5984","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"11886e4b2aa6c8ecb1ef527a3df7e859d9c8834131d45ebf12152a53cf03685cd2298a7fc3641982c2f50faf7d","nonce":"642d83347562610ba01a5985","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c5ab4ff7fab32e3c6809b16bedfa2d4c72fc5f9b9061daa39fa3a7624d39a797173c8e99649ef69b2362223981","nonce":"642d83347562610ba01a5982","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"be65dd3783bb46c973448d1f11ca607e03cc435572f1552135f5c69fc0af9b70b91c2cc62100c2fef4b730272f","nonce":"642d83347562610ba01a5983","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"740f2fe43dcdbe5333e18fad90dc3da3ec38afce3ecf915468acc697011876754d0bc577541291c18d531e6e4c","nonce":"642d83347562610ba01a5980","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"513f1838920594476b17e682b832ef9f0b264c629b9c02843cb8b10971c7d4f1a8b4e78afbd37a889a123af1fd","nonce":"642d83347562610ba01a5981","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"078c919a344f7e86fc980c93bc891c10aa17ef3c3d76fe1649ccfae7ed4b79dd3d32e710a2a955b0b70afb8396","nonce":"642d83347562610ba01a598e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"4f4f92df2e9ae8b9567acce2afca2031cae8129e046c4487773bc4add1cc804f8187441b63606e084b557b1448","nonce":"642d83347562610ba01a598f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"a8eadf8c898fa14a87510c9b699ecca1ee46234929ad8f1187f8b9cf7f77ecf2"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"453b5a78d35fb8f62bfccf20d9cbab68521e73afa15ff83f09aec847d7d8bab0"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"95ae6cabcc0ed5ef610a90d3b67954897c7a67b0f61e1851ca2f6e92431a848f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c2fa1c0a7e10158e4f3c87502bac83f77451377d1c47d87800d3f6868399aff9"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"64ec1009174fa7468a4239288ceb7bdffded598bf040b62cb3db6cced114cb71"}]},{"mode":2,"kemID":32,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"9f6e9796f20a88e8c5887e50f152e064136969764e6e32389e8eea78ebf0f95f","seedS":"ce0ba3357818e370eab3832a829dd5288638e201c8a00b6719d99bed3ec1f672","seedE":"d6ee4cfacf3ba765b5a8b6eeccb582eb5dff114865c8cc5dabf6f7c8ae173d0d","skRm":"8a9bc9357435fec0d3f5c7835db552dd0e94c22a8564facbea3b07979d51f868","skSm":"53e0f32f9505cb8573b9c317feebc4db9cc68f43783e8925c5fa034414ad2548","skEm":"ac85033e48bf3a535d7837639d9c67cb291386858d314316ae1471256181adc5","pkRm":"792245f1da20e58edf96456c0105df0f8175185e5822ad187c503fe8b9e1d570","pkSm":"08f48962079a2d52bed897979ab332b5b2c3db8891b90a99a1a591cd6311b668","pkEm":"3df68fc4ccaaee084af119b988cd50d18f72992a7184a3bcd0e2b0589b90304d","enc":"3df68fc4ccaaee084af119b988cd50d18f72992a7184a3bcd0e2b0589b90304d","zz":"2ca27bef5ce8b14e9480f9682bf7ecee181d3518c518e2a968d2ad65a186e3ea","keyScheduleContext":"022ed6ef5e5a1e10b8ce95d98a132e9042fdb39eb661fa2fff0353f29b397c31aceec26b8f681b7d42f5ce9979f35b851fd772d56055040326cc392f2a2bcc5d3b","secret":"0940b3fc4471901fd46e150287f576fdf679cb35ce9355bf0caefd00e4aba24e","key":"43c8db462fd0e25605aacc57639114f5c7db1333a6539fa0b9b068bce4458e22","nonce":"419e8f333efe8f64810bea51","exporterSecret":"2f5a9b5f204f64437505841208e952e65583951e773c4ba51a27adba6f96118f","encryptions":[{"aad":"436f756e742d30","ciphertext":"5cb775f56c42202bed1d67ac0ead881db3295d7ed2f34abcf41d2dcf3c6b40bcee2bcd191aae8826219f0eeb54","nonce":"419e8f333efe8f64810bea51","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"17b380e3fdcc5c446a4033215da6baa26ccf86ca2812710ac5d0246af489b35eef16107ab39507761b26494884","nonce":"419e8f333efe8f64810bea50","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"2c093b8997256aec1139498cf6ea920a7e38a80392a6a2860e502d7a44f02b8d9c648b1112d622d23f2b4a61e7","nonce":"419e8f333efe8f64810bea53","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"0e230d977e8b8d9127112b2ac41fa573b49662f1873c9389a4db80cc332983adcc2bd632ca69472d024609833e","nonce":"419e8f333efe8f64810bea52","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"ff803471129292e117ec4fb05e93db8104f46b0faf8137a663a121c12503dd8a5b0802c2b2f8883a9d93615d1b","nonce":"419e8f333efe8f64810bea55","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"711c9394dfb65d232823a2ebb55f5d820d10d0476948b193fbeb5f4793f28ac7ae91a44a4a78e263365b251238","nonce":"419e8f333efe8f64810bea54","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"75aec9c91e92e1e387b0c0928aa9040119b5a6e1a96bd474e451a0aa245055ea95e2e5944f5059e65acdca3434","nonce":"419e8f333efe8f64810bea57","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e1745821e50c7246c579a3e334173eb3b5b42f5355ae0b44f21ef7225ab91702d2624fa830039428437b9b76e0","nonce":"419e8f333efe8f64810bea56","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"daef46eaf2a980b525268b5c2587432b691d28276900516db9be81be7aab96c8a76dd7ebe9f83881855275c257","nonce":"419e8f333efe8f64810bea59","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"66ae7661e60aacddd75320cd7d54393b1cd29aba4af66d03cddf94a8d3711b4f50f8c198b106e172b6fe8db195","nonce":"419e8f333efe8f64810bea58","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"502ecf31381c7affd8cee9b8912a2ae6e8d9735fff6b429a2b5828d65c293210"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"2f26a83b576bf9631888c1aa4ae666c1a4c7929eb9f9d2fc4da162afdb3db2cd"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0563405ac6382a837016591032a5244200d601ff09b1dfcd1803703fdec5d146"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"788bf6b79f6dd155aa7936aca4c74ae985a335214a23b3244db625020c181212"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"812ee13a54908003649cfc5c86ab352aecb83d997a4b99ac4da5f0b80d45199f"}]},{"mode":3,"kemID":32,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"4276d8976e15fd43ee257205337352f11b3454cc73f7a66963a84381ec977ce5","seedS":"54acfce7960bed685529f6e135ce9eae67d8c5e125ca296269d84eb1b65eb158","seedE":"ebb6e3d16e1d36a2ab0573176c222afe150e50ea126473eec6b0c5e9fd718bc2","skRm":"ffebee94be45a55865290a001db23d05238d68c6beae3e6b05b5998061be8435","skSm":"223dfcc32d61b1ff5f3a0cc8c4e64d3c705754f5caddaf55415a9c14df6cd329","skEm":"f713b661a87e423b8cf67fa0d454d42ec78e6bbe72b19d1b4f7099127203254b","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"2c1f07ac3a2681a6f9e379ec56d8da9ef4c086bb8e4d864ba624b1301415593a","pkSm":"72e38f304d598e18673b00e3e46daf1174f4df13c32815e089ad18f6b406021a","pkEm":"a1803ccf6b2a44513e02b2fddcb9aa49030ced3610f4d5eb6715bd8b9ad51333","enc":"a1803ccf6b2a44513e02b2fddcb9aa49030ced3610f4d5eb6715bd8b9ad51333","zz":"1b0154acd11f266da0e70e48953c3e9f4732aa0c6a10a44171a309ff52a8cac4","keyScheduleContext":"03d2265ec86e8178427811787de22a5a66596c3a7c65806869a25166bce01ce008eec26b8f681b7d42f5ce9979f35b851fd772d56055040326cc392f2a2bcc5d3b","secret":"a0bf6443710d30369eced70bfbf7cdb9fe374478ad85f95d75f3e504815b9a10","key":"eeb2d470a0c034af57e70511e0ced37dc354c4683ade1e093bb022a89fab5d5d","nonce":"8d67733e25a72e043b920f92","exporterSecret":"9e1fdb2b0ef7d0c26dff4ba52390f6e81d3748370b598bc93e8d0ef6d19df1c3","encryptions":[{"aad":"436f756e742d30","ciphertext":"87f3ba9450a7e2390a34297659d297b262bddedadc9d17fa0a746c8ccd11f5c93e58d4e9aa8b0af96cc7b84ba6","nonce":"8d67733e25a72e043b920f92","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"b22c6c2554ad966ad3054de7a568de0f146b69a7efac7c60decf4fd541d3e062efefbfb7d6dbfc57be689284b8","nonce":"8d67733e25a72e043b920f93","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7c7c587a58ec45edf596b4df3fd72aa3b5d313b85596225c96038f36599c42b34e8bd2ade51da9496b4fe0285b","nonce":"8d67733e25a72e043b920f90","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"cf0f8ca1d2b97f9ee339f090e65781f66de62c8e2ec1a2b2442f8644c3c365419a2c5dffc74c5fb5317e3377f8","nonce":"8d67733e25a72e043b920f91","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"1ad7b70f3dcf0c3b16c01b916afc18a53e0c7f16a93fe89336ee0e7fa55add7e4aa61bcea06cabb5d9414c8c6e","nonce":"8d67733e25a72e043b920f96","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"0a306038e4a7d35d300eb703a1d1f27e59a97d2e6921ac6d3ef143a47088ceb4c9b3b244148231ff4e2a51fd66","nonce":"8d67733e25a72e043b920f97","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"921e1e50784bc475924a3f928512ac6ccee6b77a1d5ea6830f2de22cac7f1c47c967c30b1df9b3aa21feefd19c","nonce":"8d67733e25a72e043b920f94","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"06dc8f9139fe0c25b6dc2aaee83649ef04805c95d68324f5426bd046e96cfbe7bdd5769d4436be2975766cd53f","nonce":"8d67733e25a72e043b920f95","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"4536effebaf8ce1c1fe30e738bdd7b8bb631b0db48d278d990427f4ab7252c5aa06dfa0177e71c0ceea65a952d","nonce":"8d67733e25a72e043b920f9a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0ec5384b0879ee351e44ed146748bf3e8083aef1160d098e0703ab10e6a299013ba3c24e128ab96ccde1209b9b","nonce":"8d67733e25a72e043b920f9b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f86fcfa1037837bc789bd3cc502b4fe88af94d60f3d1bf5406735425b90065f9"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"291d221b01ba200cb0c650780e6ca0f8509af4ecbbc2a7217b3b4ba9fb997683"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"3d2e081f1f02e06db9c0f0cc7ed7d1446e8a0c24463599c965f74d9dbfd6deec"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"7a3d1a12416614734edf94e095ece8e6e0081435a2b52e0476d9a6bf8673c434"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"80b50a2dc36988cddeec25954fbbc24986a3b7aba1012507fb0f92cbc933829f"}]},{"mode":0,"kemID":32,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"ffa86fe0b789b8f018fc61687973b0e9111e8778fa77a4a9e9ff8666e68a9876","seedE":"019c9573aef4f64bcf499cc17ca307d41c58c96ddb50e39de0eedc257ee90764","skRm":"2ad8f8d251b97bdb392dcf671af13d6d26041e411faad5c984f68efaaa3b88b6","skEm":"b841f4832197fc363c965592a97fa762b04683114a9126f56dfff82c49a6f207","pkRm":"6421cec0bf7fdead5b4d3f70acbf6f08577fe73961708e31d6df522d4ad6b20e","pkEm":"04ecf81b3a34094121586e4d237fcb9df92df22bb7ae2c0c7c187d839c29b953","enc":"04ecf81b3a34094121586e4d237fcb9df92df22bb7ae2c0c7c187d839c29b953","zz":"47f911d0314c3cd311b2aa9b8095379eff46ca4e749fef38a38c0cdb25c15b11","keyScheduleContext":"0047373f05d58573ca241f94c6c6cf7457d4b8edf9238f310cf1ff672d9f1e6cf1249f2d1d0799e0a1e6fe5c516e05e769250040cdb2b78354a488cdcc2c1f17d44c0a2784a97b2ea34e6f2672ffced994ee825d2dff0ad1485955852e62f4783a38ea6bc0353a313cf8f12683b97d0e1040d203bb2807982dbaefe5b5ce3001bf","secret":"e59d60f7b5c8b4d97901a806e9512360a925b0d62ce6d1a162ada718dde5645103d55098659ec7523fdc0a7809d6fc58d30345bde62edf905cbb34605b1927d4","key":"5eb1d87d6b23df2641aa5151da19eabb","nonce":"df9ca3b2547334d55845b772","exporterSecret":"53e1bbde98c062c87c777c0e36037a2a0101e84b4fff0b2a98270ca7d1902373acc8195f62a1501c4470d80e746fd3d12a6fde2b761a0484b7c79e83556b708e","encryptions":[{"aad":"436f756e742d30","ciphertext":"9c4a9834cf1d2bfd16c7fe0a19f9f66afaecb805e06c212f08c245f772de9123e1bf41678f2e910a20158a0273","nonce":"df9ca3b2547334d55845b772","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"1bb872e187c72ac6f89db81309d0fe2c57787efc3d076aab394e0218e33955039650da12e3f0241fd52cef41a5","nonce":"df9ca3b2547334d55845b773","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"c5a95f473b853e190b5eab703080c9ddf313d7e6751b2af382ad7f8e910c897757d7256801ef83e408795453c9","nonce":"df9ca3b2547334d55845b770","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1b5a3d36a34781f93f5508dabc74bd3c82a47bd05af7b2729ef254f42d5a068fa86a918c9cbe1db552d2d8d4d9","nonce":"df9ca3b2547334d55845b771","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"46d9196849ad448e03a7603bb0eb2775586463051f2497f39cdd9211d1fd8ff71c97428639b0764f0ffba29f32","nonce":"df9ca3b2547334d55845b776","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"346a0ecb07e20f32174095a32ef87fde07cefa99fbc70d2cda903fdb8128c204037e7c659b40047e66fc416e19","nonce":"df9ca3b2547334d55845b777","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"41331c5365a8354fe9f221f0ebc6344bd86dfffe253da5cfa06d08089a6e0312e9c18ef57509c9faa2d0995650","nonce":"df9ca3b2547334d55845b774","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"b2ff99114ab4b8267f005bb6554b766d6f6c8274c2c669a325354cfb27034afaf0f6f7eb56901292ff804e7553","nonce":"df9ca3b2547334d55845b775","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"ae653f1d8dc035745b7e3fc2f81e4e6636f0597a9b6f6f1c7d5b0a23c50d76e1dc0a7cf4fa3b3126e12011302c","nonce":"df9ca3b2547334d55845b77a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0266729d852d16e9af909841bbe2444bccfab0575cd1c84ff6ddbf3259627fd5b73d24f402bb60bfbee1715951","nonce":"df9ca3b2547334d55845b77b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"3dba6be0ff119e093d6260766375f0f80c461c6592735ff58a1cf8989805192d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e43ef15f82fd672484625d6d3d8b1b157a98a20a6f55c4c084d2fd76b63d3be7"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"237c2e9a25524ca44ff5683b62e2fb366c583fbb72644b7208e7594e9d3221a5"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b421f68b38b2bb916e0925a21c80d1a8227ec6ad9a1e1539229142486f88c8af"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"7736ddde377f0bf3da742d7baac698812a267441c3bcf86b72fed0503bfbac0c"}]},{"mode":1,"kemID":32,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"9446c975d18b1baba9f3436700e2d607719ab8dc6e8ee892d918286036d01404","seedE":"0342db938b432a2e8134ff65c15b5b221e03ffe7cc6bf7899cd7ce70a9b66268","skRm":"e6b757a7ab174fd5e0fc9e52ac17a09355c4edec2c19758a05b3cd0e1e234bfe","skEm":"02cb2e63be9c1ced5e59b7e55e1de954175eb7e58ef3f2a741657df8fcae4338","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"8c5054f74ef994e5dee90a8b3f5c75581de4d765c36eb1ca048495d2c36d2005","pkEm":"f19da62e3969c31f8b6021b88d1bb01ce7dcb53eed90f277cdbcf3144577a672","enc":"f19da62e3969c31f8b6021b88d1bb01ce7dcb53eed90f277cdbcf3144577a672","zz":"4742cdcaee9dbddb5571a5e1cb9f884b16d9730f529efe66fd10f10ade7faaf1","keyScheduleContext":"014641f79c7b30a1db8d6b3e8336a1bf2266f1f59c9f220f2af51aa82ea91fbbb8921cf5443fc333347188ebdb08e44099cc35d0a057b0d9d37b974933a1f213e84c0a2784a97b2ea34e6f2672ffced994ee825d2dff0ad1485955852e62f4783a38ea6bc0353a313cf8f12683b97d0e1040d203bb2807982dbaefe5b5ce3001bf","secret":"500ab220f1b4e3f35abf50690ba7d4383dc5d3392717e21fffbf68601ddeee93f5e9a262329986251f03560d3cbc23c33dcb723ad0e827ef750bd0937f4bb2c6","key":"63fb7225924da67d6b6c0568315f2a2f","nonce":"0d373de295bf9a566712f758","exporterSecret":"94583411870adc666dcacb7fd62fcd7e4d7ab7bb325266843bbaebf94b861c56c44312b729cce29a41718244b56dcc9e8aea8bfe31ff4559a87d89087c11a17c","encryptions":[{"aad":"436f756e742d30","ciphertext":"96a490d59ddd3c47cd1b157d1bd00a725bfac64548ea92b632301ba782588dbcd52482a7603f20530d6841efd2","nonce":"0d373de295bf9a566712f758","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"60cd13c450142e32cb51163c754494e09e9da855e216ca7636d50dbc56e4502fce97da9ab2ab7309fda4086a6b","nonce":"0d373de295bf9a566712f759","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"e51e7c41cd7e13d457cc08f1b2f8157146b6707983175a69cc06e2379cd1662b20520274ddc6dcc7d30720862c","nonce":"0d373de295bf9a566712f75a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"5200046fc8a298f0814158f707f4545f5cb79cad164ddbeb322162660ffd75ec4625f4cba216ea06bfee06ec0b","nonce":"0d373de295bf9a566712f75b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c9e2696f8c34a46173eb0be7e95fa2e72f31b315e9e009e713ed0cdc068987c77cfef466b118a5ed9fae653ebd","nonce":"0d373de295bf9a566712f75c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"999fec81ec8d284ed8a3979ffbe65a52d0945a9441d997dd3561147d126aea4784982f4ceb273a1590484c32c5","nonce":"0d373de295bf9a566712f75d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"dadb3cd20b0dd29928abb01d14a41cf5f1fc229f7115b71b6510b729e1450a7da6f1e28128ba622b497bd00fdd","nonce":"0d373de295bf9a566712f75e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"1a44924b95da2652eeee1cdb98bc221ee54cd996789e3cd8fc1329aa1fdeb27441d67b3d23be37daf1cfac13b4","nonce":"0d373de295bf9a566712f75f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"7680cf6da89372ec80d6b02937045944c09e2567d1522556920d45feb53b4998a849974c0d0782513236a1c63e","nonce":"0d373de295bf9a566712f750","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"b4c324757226579116b5e0476e7f1aa14ec873e0ce465ba59c175cb7a3fab1adae12abc1acff8b796bc2c2b242","nonce":"0d373de295bf9a566712f751","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"41f7701971b0f9a89d0caf576d341916d65a11642a3da8308b94b00afde59a53"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"972298bef03317db96271447ba87248ca6a7d9270cb1208d01bd7b89d00da436"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"d1e62ca9414a1bff14eae1260a0d7ac0d2fa21b1e0eb19eb54408c1fc0266797"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"3bd9bd2d1509a765c349e722ffd09be5f5e7a8de6cddf806270506be934fbde2"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"157d2696a7e5013184a64704349fca3916326a9f0ad20216d8fca58b558a201c"}]},{"mode":2,"kemID":32,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"5951aea8c8e7dd572e64fa5777fc9b98990767bdea3003ab03c54ea97d47d8c6","seedS":"f580737d45dc0af2b312e1e7e07a27cdc5e1420cedde37f63684c92a4896a733","seedE":"cd30841dc219f996eeb46873cae7a744b406c4d41902db3e47ca2b218b1c6a8f","skRm":"4496dcf5bde2d376f8bee1b0c2bdedeb544d817d3f13af9a0df927f72b939168","skSm":"6e162667b61ac1eb927ea2fad369d048906f3e89ef99503546140e31e721c815","skEm":"4a9ad7b20ed7e9a920c9b2129367bc1bd0c18064c0b629c144a5ad63b9993fec","pkRm":"3b70707dcf565a639ac6fefcf87ae7216d585121fd1a044c42c0be83c533ef7b","pkSm":"7f3e4cd5f73dd4a9abbb1a8131b47135a272904f805f9f6d2c9de7d0157acc71","pkEm":"354bf7021970c1867c2794b6ca5b5429fbb021c8167f771120027e55cd98ea33","enc":"354bf7021970c1867c2794b6ca5b5429fbb021c8167f771120027e55cd98ea33","zz":"04bd840f269c645f70ca2e46cead24317934bddb161d33d410ada1b59c233f10","keyScheduleContext":"0247373f05d58573ca241f94c6c6cf7457d4b8edf9238f310cf1ff672d9f1e6cf1249f2d1d0799e0a1e6fe5c516e05e769250040cdb2b78354a488cdcc2c1f17d44c0a2784a97b2ea34e6f2672ffced994ee825d2dff0ad1485955852e62f4783a38ea6bc0353a313cf8f12683b97d0e1040d203bb2807982dbaefe5b5ce3001bf","secret":"155a2812d942c64e3f2f6f23c41b88d0db779c214f875b33b595002b0ea98e606397a098994559d5462db0ffcda68b69204968be1a2d1c08a90887a4883d04d3","key":"f2eedd8b91d4176ba43109e371a08489","nonce":"d99075d0baf29bd83daace85","exporterSecret":"287b7bdb571c981ce6f252dae8c6288a2ee8d75e70b8f6f988542e12e36b603cdb7e67c6c6edfdce8297b7a3b57a2586ddcd07ee05330ab7842099dd09b79476","encryptions":[{"aad":"436f756e742d30","ciphertext":"7bbecbe1236ea2c457eca642bb2627841966714f1bf94d50921d0f8cd2385919af6971eeb6727cbecd1ceec1db","nonce":"d99075d0baf29bd83daace85","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"664f7435017f058f78c80f0ca503ef72456f3b623be29e4c59704905d18363d15cfcf8b521051cfea33a31a3e9","nonce":"d99075d0baf29bd83daace84","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7849ed013aec42e039f5c3b3689454214728690306967334a95a8fdea452b2ea5c83226ba69705352fb020c1c1","nonce":"d99075d0baf29bd83daace87","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b76657a0e9bb04d3559c8d80b860ef88efaec9832997c2fb4fe938ee297bb8e3c66d1d77cb8766c8a3947d461e","nonce":"d99075d0baf29bd83daace86","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"4c69d2c004127ccd7557879e5dc8bc466caee7c245f6af0067f9c36a72e7bc98ff2c49790104be8d5ef95ed3ed","nonce":"d99075d0baf29bd83daace81","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"c4f3212eb0ea2a1f5449a0a18b3800dae5367710be27cf1d8033fdfa0e53693bc2ab43359fb3850cfca9712abb","nonce":"d99075d0baf29bd83daace80","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"223491b4d177ef7554837609e363e6971a1cd385595e07d91f07a1e1cbb2d764eb5506af4353ee9e08d0aee3e1","nonce":"d99075d0baf29bd83daace83","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"699ba396da00bb95788876d178725b740ad844e901f62d616d8a9804da9d4df9266077a022e295c7cf344758cd","nonce":"d99075d0baf29bd83daace82","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d96ccff3d0e6b3401124b1673a8090cdf9bb0ef32d0c5094fe8ed0b853f8f14f07f5c782b0139128654d17b43d","nonce":"d99075d0baf29bd83daace8d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"dba5e1624c7531ee02e453479f6ad574fca45bee0c64cacc582bc20609c6469bb3f1a7a80db2e35f28b774f664","nonce":"d99075d0baf29bd83daace8c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"b0533fb03a3887e6ebdbd77f92d978dabdf74a9d51bd4b1b30ccb5c0dd62ffa1"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"53937a3e9dab6afcb32d298da617b71077987bfabada015d21f2af1768b20b2a"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"91480c0bc1437645db171cb10af33fd01b747bc59d0549aeb72b54a4ab139453"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"f48e028b7a42ad220318af5cf66c29f76b8945a570618777bb7f027f729cb977"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"4a1f65ac21b2ec9b72528be575d1c7fc8cce055dfecedb546643296bb46a8969"}]},{"mode":3,"kemID":32,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"4ec2af02876dc61838cfb84767e34bfc97bbe4e10da8b5ff6e7fc0897f25279e","seedS":"5b445ea3cf854e011da46c1d99a04a79362aac3f4dcdbcda47debad9ebd9dd8c","seedE":"771527f082d024fa1d38fe4f5b7514df02f00cab4c08881b892a7b8dab86aaf2","skRm":"2dd8a9dacaf7a1311133b8a74120a79da1dbc04d4d5d890bad8e1c8614e7a290","skSm":"2c70cb5b12134300237a0a894941ef36034724c0bb7d05ad880287b268032e70","skEm":"f93b2a38f54a81167b7aea6064e1ee19658778b94ef38577f006ccffaafd7d7b","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"2e279426e6aafb838478bd6d43a839b87274b00b26c5e883be2c3ac3ae45d51b","pkSm":"d37ef27b3756ec8b332f3d9fb6f84de277d89719e642bfe38676f65a05393915","pkEm":"5a371253518c412cdec154923c927c15c3fa7e245cc6e312625e8dfa4e3f874b","enc":"5a371253518c412cdec154923c927c15c3fa7e245cc6e312625e8dfa4e3f874b","zz":"7ecbac1b4813d8645cf5bebe1438f3bb3dccf66e9873c3aef6a0e10e40aadb2e","keyScheduleContext":"034641f79c7b30a1db8d6b3e8336a1bf2266f1f59c9f220f2af51aa82ea91fbbb8921cf5443fc333347188ebdb08e44099cc35d0a057b0d9d37b974933a1f213e84c0a2784a97b2ea34e6f2672ffced994ee825d2dff0ad1485955852e62f4783a38ea6bc0353a313cf8f12683b97d0e1040d203bb2807982dbaefe5b5ce3001bf","secret":"68627f6c4525bf14c8a46d210b52892f662d06ef86151b7698dc1bca6e657a42d4e77e1ca52d0907d29a4d5ea004f937096b6832cacb99ddb8269efca27ae5c5","key":"d10f60405606f3b7bbd5bcc235caacf7","nonce":"02bb70245959fd669da1e195","exporterSecret":"47441cada4f5959b253df4e604af89af696da700b5e4025931870bee5315a87d5e073ec5696a8e4935ff69e6d99dd5eee1a4ac6dd3dcd74318f7e8fb19c613b7","encryptions":[{"aad":"436f756e742d30","ciphertext":"f29e2721d5c0a868c1023ee0081f46ae202bcb32c51941cb1e7513f96df8785ede67af4a4ce3e4852c9953b8c5","nonce":"02bb70245959fd669da1e195","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"47d08f648b07d8e2611e34c9ea08f3c3b10eacd885998045909d0d0bf4fcfdb0c7d750bda0f8777f1d50d1aacf","nonce":"02bb70245959fd669da1e194","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"06c5b6666cdc9eb6878d1de1c5278f6846608ac5a3dc24f4c9da674f1ea2434c8367e0251456af35dc589abd6a","nonce":"02bb70245959fd669da1e197","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"a0a3ea4e630081dc01662cd5e661bae55e0ea3278653d1e6c64399e189e96aca789e16daf4b78a2cb219c19507","nonce":"02bb70245959fd669da1e196","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"3b7093808a3e0b076d4511452156ddb281c11805f12866271ca2799247bcebede52d3df8ced963fd940bd6fa7c","nonce":"02bb70245959fd669da1e191","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"031bd6c95859e0a90b42c8eaf7934984de8b5d2a9ceaa9163f65cb27dca5e38753c823bfd42a8c7c4b2c8d7415","nonce":"02bb70245959fd669da1e190","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"4db8309a9f56032beffe2739e2b15b2b2709ae2a4d76bede4f1b2cfceb0dcb8169e3b6d0055191bd00d0a0ed23","nonce":"02bb70245959fd669da1e193","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f1a83bc13b60a14e47481a6620afc91429be537dc01ad94742fa11b931f2123f6e085f7e99d8c878129c8b6e46","nonce":"02bb70245959fd669da1e192","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"7b421ddb3f66bb2a8127e103c37e9258c2b99c6004b724fdbd6e27eb306f3dee04c7d54def3139116f84b0db3e","nonce":"02bb70245959fd669da1e19d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"7bf15df203fdf8e088b888ca42c1b13180a06f34322dc3cfafcbd8a7fc3a313c879b870527aa6add32c7008f6f","nonce":"02bb70245959fd669da1e19c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"3dbf85ef0d93ec5dd8134ed96ea54da09caf4a00841f852491c6c025c7928474"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"ec96a5286bbd38f70118c371aaebbca8f2d5bb4e10b44537e935eb79ff4c7ee9"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"a93118f7c5597efcdb3a60fd92f25ab52d44cbb8eb9535146d114ab1ca2a213b"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"a996342d8183f1dbce4fa4257998c4f4d301609ba33499b6ac528a14ca307f32"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"2d5f6e41eeeb9ef698e55fc2d742139b065426a9b25001d90ada1ca342f8c16f"}]},{"mode":3,"kemID":32,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b6c5b1dddaaf1efcd1738ebb0132b90a5a5d12c2c4cf9c3ef990ab1172bac605","seedS":"b74563479cf37ffff6f5586b5611e5d580f56c9bce82ff1af73cd8431f496ce0","seedE":"607d7f32cbccf9b52d6bea8be53c8930f7803658cc3cac6f0e0fa5339457003d","skRm":"fe575b7bd1bc492426d0698585ebba65d00798197dec5fb5878d098dd5c7f92a","skSm":"e1c6e76d0cc790c1ee47c465048812d616bb37563708066d33f14b16df138900","skEm":"252cbe6ae4ed17b993af7e7b3e9ddf025fdedb99033ac0ef3d4ee129180394e9","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"2805f90fb91b94086dcb4cbb5fcbae268937d5f67a2822447449698950d6f00a","pkSm":"3a76162f29a4aad1a4c20384a2ef6e781fffd8b82a4127e7708529bad744165e","pkEm":"db6b8364c3083fe8290ec0c51917f803e53047207fe0957c541c653c4ac9dc4b","enc":"db6b8364c3083fe8290ec0c51917f803e53047207fe0957c541c653c4ac9dc4b","zz":"595796741df8fefbd6c670c10699d8ea8b44b1674284f0dfffb3780ac5012e36","keyScheduleContext":"03a269fe1daef9ec729965db5bb2ade11b73184bae52acb8bf4ef8f5a9afdd27e2455eda372f6c3726ced11901bdbe05392daabdb03c2c375ff04873a577cf1c4bca1c1140d8998b560025aa13564984843b6aad081ac096963d5d8241af0cf321aa3f187b7f4e4c3e5bfe31eaed257a6d6359200d59eade217f9179499b190b0e","secret":"1258c35a30a51710deee9a741f9f1259130bb61c0aa45789d1233bf2de004daca0d4d8dc68efae236c6c51ba69491f8ad528855704364b3b4adf19f0a25facba","key":"2ea37ff556629b93f2667e1802385279b475ac1c7246a570b32d073562ef2452","nonce":"1ee4d7c663fcb61efc81e4bd","exporterSecret":"80d75fbedcdf7e966393aa0dd9ddf733f4b8efe2dd2c56c8a02990cddecb6c7969612a65bfde9ea30bc7acd8b573a4c01a3f6473ff9676ec9cf61b0f7ffa7d09","encryptions":[{"aad":"436f756e742d30","ciphertext":"7248425fa67da8bd7a9deb328738826a3802eec3fcd5d4e5f9ba112f1dede62399b1ae55ab1ef63ebccd75e394","nonce":"1ee4d7c663fcb61efc81e4bd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"7b2fc0579b9dc20d2a5fc787f3f4295a3d722ef77e162822d80846a43f3859b856bca782367163f20c4eb41128","nonce":"1ee4d7c663fcb61efc81e4bc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"903d53835a29d1e8ded7bff32d877440d742853d8e71d1974f6055fe4db003eb7b79863f675ed2150b0e098ccc","nonce":"1ee4d7c663fcb61efc81e4bf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"869726eef0d15457ce7463d73ec1ea3eb3204e3e69c010eea86143f4fe36374c167cb002a3ee88bc4ee94317d0","nonce":"1ee4d7c663fcb61efc81e4be","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c29e7b9d0626b38703aa9d4d96c44be6c628d9d69c89193d8fed0bb6d1254ea1a48de43f2e9c567e87a2b46be9","nonce":"1ee4d7c663fcb61efc81e4b9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"862752d5b0c803faf7e1b6415741237ad2e96cd3458611a1989a13fc68fcdf0fd63b495b71501c05f0888f58a7","nonce":"1ee4d7c663fcb61efc81e4b8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"b893e68844882f266eef71dbfbc4fd1566f48826af30f8ebb7e5241ea4c78e68a48a078f3dd5ff71a6beee2639","nonce":"1ee4d7c663fcb61efc81e4bb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"21c3b3840fa255f3011175c70f74e0ce18d5fc0918957ab07151193ac6f360ec3fdc9afe0fb25e6cd2402f1e06","nonce":"1ee4d7c663fcb61efc81e4ba","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"26e1bdcba22e42f81040fad835a820a28f74a6597c51b62c2807e5bc9f31b78f1001a32282106a07ee079f2def","nonce":"1ee4d7c663fcb61efc81e4b5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c2a79f8c35b4d71d6f68a6cb0c9cb4469a7f292cd44783b2411ae39b6b516d53ad122bf4074be17c4a2a451d23","nonce":"1ee4d7c663fcb61efc81e4b4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"00d0633db16a0b52c3d586ea6e3b8a161437ea61b0653f39e71509cfdd0aa865"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"94e0d842d9169185e80a741a4fb069f2b98742d122fae94986ed112aac017159"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"62943f169c344e17db4fd1879a8dfaa844bf951fccffb196609d4124c501fbdf"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"a2e759df596434105a942628915dc4186434e97a517575f160ab3b334ddd472a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c9e6c59365208a485b2019e67cf2e29a801c1375ecb155bf8ff3c0029fb2c08a"}]},{"mode":0,"kemID":32,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3b3e28ef6e891e6ade7e35ea5d27b4745028a5c8580aa33b9bca78b36b45cbe2","seedE":"ddd46e2926c3cef422515b139aff5e6d45dbf4cfa630a355da967d0ced009197","skRm":"7dddb757b5c12c7c28b4f7a7e3f4d10f5d077e5d410a66997cb4e73b69e824d7","skEm":"089af845076a811768c8eaed47322755f47f4907d2610a1629893d6e1143acca","pkRm":"ffe3129f906112823ec1c619e0025f5a44cd5a93e0807c61c91336aa22222f6e","pkEm":"9bf7495a8ed10966c9f285170ce99ee8aa686095cb1f44500324fae45aba7953","enc":"9bf7495a8ed10966c9f285170ce99ee8aa686095cb1f44500324fae45aba7953","zz":"2f278c4984f76ff85ba7b971fcc4ddb450c7ba3f1b583437ca27794b3b586223","keyScheduleContext":"00ad749ac8921777cd850df5ded8b93dbcfc0bc07d3b20053b47cb9706bd7791bad48cb637cb7b83dba58556623b472c5963e6f273351e934ebccfcea136f4a80aca1c1140d8998b560025aa13564984843b6aad081ac096963d5d8241af0cf321aa3f187b7f4e4c3e5bfe31eaed257a6d6359200d59eade217f9179499b190b0e","secret":"5778e69431793a7fa9a878c5aeb15ced5a351da2ac5cdda349bbcfed81807b8890e8bf7bb1b372a9b5de66ecca95327ead06a3a86bfabc85919144ae669d6f0b","key":"6a6da10e065acbbe145f814db5013da0add3ebe87ea4eee425c1e2c83a5b0a28","nonce":"a3050767f62c69692ba031dc","exporterSecret":"b48eddb2737950e6011769964fc5e6479a72f4428150ef872812a3d4b24c6ed2cb0491e9d6c600556db5fd25d1410c9ef3659289413de12572b4e6f958633c5b","encryptions":[{"aad":"436f756e742d30","ciphertext":"b2263e5b1651fae482259475f2d71d5a95e430ea360c88cfe656ef8cef6a97fec94d0bfb996bd794a183269368","nonce":"a3050767f62c69692ba031dc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"b502c5fb389b8c128f58065f6767063132c53a401300679df875a1688f0d05a0b2e3859add4fe82891356690c8","nonce":"a3050767f62c69692ba031dd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"a0afe304ea046340a3c8c8806f227a2ad6d8a48b583bc6a766af0cd0b0231dc3806d597651b5805cd9062e1f87","nonce":"a3050767f62c69692ba031de","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"75b462e185cd1af728b4853152379f59af8a29af409a206c9d63b02042089d28662eac4d2af800138bcc52cd34","nonce":"a3050767f62c69692ba031df","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2d6a758ac9da40a3a1b965152941bf58602f56e12db95636ad5d9c465a1872884e795ec232bd591ea804829458","nonce":"a3050767f62c69692ba031d8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"dd2e30e1c9b30a0130e88e96239ade666961a8de16d79b75d638ede224d662509a17404e7479097c1658921047","nonce":"a3050767f62c69692ba031d9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"bc20bc221ea15f84e41774bc11b684f074d414be09659b147f186891325f7d52b7d19ae57d9fff88cc4ba825a2","nonce":"a3050767f62c69692ba031da","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"6ef4d0678cf026651f56c53719a678b178105e1a791051076f2567364a536e8aac76bac03178b2276337e12320","nonce":"a3050767f62c69692ba031db","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5da431e3723f549ccada9d122ccd127b031c9a221c7bb360e742e7c0f68fc81d012df7aa1c6181980ce793644c","nonce":"a3050767f62c69692ba031d4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9ba2c8e0477d370d71b486c3f52a9f9ef99d7e8991eb50b2692d777e552801f0a7f7deb8d0567ca8575b4c2331","nonce":"a3050767f62c69692ba031d5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"9fda6d97dafe3768680d87a5e10fe251aa46693329ebdf56f49b3c467b76e9c0"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4c9e496f3265a28a73ce85b3143a5ffba3b55ce8025d735e9ed39aebaab80efe"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"2425dfcdf16879e51f6c6f3c0d0d0f814d132ad575ce416b7485facd34bb42b9"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"51f1bdf3bf8bce5b10b76c957034ce3630fe7fc1be7c00bcec7e837ceed2f3cd"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"80ad324b3e7763a7309ce0615fe8bb5723065be5aa7f68a7ca9e3d3a76c0a0f3"}]},{"mode":1,"kemID":32,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"66a0d794ddef06eae4557043b7e1d2f297ad37eaf66e13bd6852eda7513c6fb6","seedE":"813a815b1cf84d05db389a6eb97414eb156724c614a2755e7308e6eb08e05217","skRm":"8923c9cf4177fba8f606674949ed5141bccdbd2a8c888a98521aa644a81f4527","skEm":"cc0b8b104b0ccf21c9ec15f341d3b120935f8b320303c8535132813673f17c76","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"729e391bb90d127bbb00d67b1fe3bda8294e56d252523970d8520f36567b8265","pkEm":"8e8155f4537a5d2d08d7f7b6b2cbc307b9f641df3c4345b161d780d3a12fa417","enc":"8e8155f4537a5d2d08d7f7b6b2cbc307b9f641df3c4345b161d780d3a12fa417","zz":"9f32a407f88c910bc7fe625ec7f20fcef5660e7b72ae6fff99e8e04db344d2ba","keyScheduleContext":"01a269fe1daef9ec729965db5bb2ade11b73184bae52acb8bf4ef8f5a9afdd27e2455eda372f6c3726ced11901bdbe05392daabdb03c2c375ff04873a577cf1c4bca1c1140d8998b560025aa13564984843b6aad081ac096963d5d8241af0cf321aa3f187b7f4e4c3e5bfe31eaed257a6d6359200d59eade217f9179499b190b0e","secret":"60dcae9c0541dfe7ab3487debd23f76976157eac6d9ce85c8eaf789b89f92977d3fc91d04902d672e78d1ca873b9b35a5fedfd961a3da253f824c4db80ece379","key":"6c12a6b3ccdf5bc4bc9205514e2fab54b0133a9060cab83ccd4db2de610b350e","nonce":"1968ea8a81118bbee6788079","exporterSecret":"b123193f5b8a49bb4744c6e93a74085ad865136481f3d633a79e3f4e1efd8407c1f95440fc0ceee04207c6c767fde1b7af89bc6862618d82bb8738d24c71d973","encryptions":[{"aad":"436f756e742d30","ciphertext":"cf58e1f69a41cac1dfa94705a2769c0fe9d0cd2766ce60a1efc423f13277e862798ae80db3e2e4035b850146d9","nonce":"1968ea8a81118bbee6788079","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d97ce971fa76ba344a51eec5ed62178ecf1fbe036d521b48e5c5df31426891bedce0f7c5001a421382b100b17d","nonce":"1968ea8a81118bbee6788078","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"247cfb7413223e216fec4cf544496070480460ed25ea9643d622feb31ed6df09cdef3ff70f3d943d297e46d2d5","nonce":"1968ea8a81118bbee678807b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"3d79106fbea5cc72241ed2a76699d93991cedb35184dcbb9f1dad7adef0cfe7f6039230c5e7603cc1eabe4e578","nonce":"1968ea8a81118bbee678807a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"7f97b4a758bd14fa84bbc740068cefb626aa1b55e988631067e8c3d5bb6ea98fec836791ae60069996497390ae","nonce":"1968ea8a81118bbee678807d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"179817a120e687f131b69098a992f92b280150165a50c374424242dd773c2a4d56923180a32e101b87d6fab76c","nonce":"1968ea8a81118bbee678807c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"5d65d87f20cf3e9f9397df1362d6207b45a5bf75369ed2748e3c37205925349ad5c0b867cb3ceff90c21c0c031","nonce":"1968ea8a81118bbee678807f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"3fa9e1090cbb846acfe671ee4a922262f921e19a1a8c093cebc3f30eb228437e15087555f3b58996c28e1c4079","nonce":"1968ea8a81118bbee678807e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"2a9c776d264ad0f9b2bc56bea49d1a27ae66b0a1acaebea1153c06e515759027f9451ee7d01f33aa61f39f8e46","nonce":"1968ea8a81118bbee6788071","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"6b993f0df1a7ed6e8327b0fcddb85e4174d52f762894f9ed14a9d0587235da3fb2ddca177ca4cac5d094a85228","nonce":"1968ea8a81118bbee6788070","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"87459c1f9f95c243202d5b1f8a31adf397399b9bde8b6f606a2c0b7858cfb663"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"5d3b1261d86fa732345ec120163744eb99087ce6391a55f8b0ef92d0f94a564e"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"6b7062fde379475221269e0ec32f9b235fffe1bd125a50dbcef2807f333ece95"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"157aa526879bf35c1d3db5c8731cc9d54ad6ff4ee14a5f3226ac85d2c3722e14"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"8cd6617c9b33c65dbbb9a9bfe600d9529d929067eb336caab406e7dafd58fb67"}]},{"mode":2,"kemID":32,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"afed55d37f911c7fc7d60d4c340231b70ad0e1edf1897743aedb7dd0ae199b62","seedS":"10013d94bf885cd60d24b0633432028761c60319057f0a12d0946dfd1895ca58","seedE":"f4f03b8fc9ceefcb08b36252054b78d663a11dee0e5f7b0611536871ca84fdca","skRm":"2dd47d8d622835d04bfe35049adb1fa4e16ba7808543ebacd0eab9f8aedbeb48","skSm":"384f3b1f6a321a7ea4ba04a5227d36162784e6ead48d8285c3379bdd35c406e4","skEm":"e137be22ffda4d165a519bbd5c40c36f0fd5b0a2118f8f45ffc84df5dba441f4","pkRm":"741c43d090d4cd11cdb56cc3375eb6358073112ae4688a427a200e0ec2e34f6e","pkSm":"5bbcaf364924996b4581f266b9ba562d9800a551259498b6a27a28e14f313662","pkEm":"80739d2eec999b59071ac79da5a8e8ce7b773c1766cff15e3e512c859525de4f","enc":"80739d2eec999b59071ac79da5a8e8ce7b773c1766cff15e3e512c859525de4f","zz":"a3e14740d15f398177707f4817c3511e04adee4ddbaf3bd349cf511fa64ba462","keyScheduleContext":"02ad749ac8921777cd850df5ded8b93dbcfc0bc07d3b20053b47cb9706bd7791bad48cb637cb7b83dba58556623b472c5963e6f273351e934ebccfcea136f4a80aca1c1140d8998b560025aa13564984843b6aad081ac096963d5d8241af0cf321aa3f187b7f4e4c3e5bfe31eaed257a6d6359200d59eade217f9179499b190b0e","secret":"7377039c58d2566bfa0b50583120258a9337b84351c4c42ef7dbc3b65f48f6fee024cd503aaa4603ec717e9a3283991f3b44fdf95450c285e02181258a98ca64","key":"c118161e94a45344b5c0b9b03605002ed40d33da0f706fc5966b96c3df1a51e1","nonce":"d53d1e214d7b3a92a717acf9","exporterSecret":"a5d6555cf8c9b190d1c5933b59a1b4c3c77846ffd625e361fc87cdd9acd36b9a017ff39be3bbab9f229405c4120fb6d1dac71c6180dd6396010b46384743fe75","encryptions":[{"aad":"436f756e742d30","ciphertext":"94b5fc21f394594575cf0fc979e2cf5a23ac7e74c1ca4164e04699b7da9b00288165ee547c6700e52fb8274ada","nonce":"d53d1e214d7b3a92a717acf9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e8a282a637b8913cb1e5e8de5ce1b56c883c75a7a6195b7a4c8b3eebbafd8912a379b9de9b4f226cf15a7d6c5d","nonce":"d53d1e214d7b3a92a717acf8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"228df2de913bf74872ff0c7d1ed79049ef4e1b93398a84779ba77c66407f883d953fd1e4fea28fa223b1816a61","nonce":"d53d1e214d7b3a92a717acfb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"82c60ef7b77b801e088293acbfb526b5eea3fda3e6514500308f9a0590cf6e3744ac6b821c6f1cd9c7a5d2877f","nonce":"d53d1e214d7b3a92a717acfa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"908006e11b9f976c6915ec306bb31da0fbf4d187b166821c2dd24091588900240f0229e1e21dc4d79af0869d64","nonce":"d53d1e214d7b3a92a717acfd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"814f4b187db698eddc9e17c9a620cae0340f5f30423bb51b5dc1b3dcc4cac454bdb64804d36f9718fa00c44097","nonce":"d53d1e214d7b3a92a717acfc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"d518dd8764b0b8fd41a1ed175bea66a07b825f4b7f8c81f0bd319030d22cc509f7b07150f6951eeea8f7658ec2","nonce":"d53d1e214d7b3a92a717acff","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"44162068342ac202e2684464da2acd80e5ec8e358af9b2e6d403741ad08c0b5c0ea22f729936d0bebb9daa3e5d","nonce":"d53d1e214d7b3a92a717acfe","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"abc1748c92d12298e77a6ef0f4a0901b694bcd8dc291e6958f089d2916d9cf0ca72ba230c4c042f757292510cd","nonce":"d53d1e214d7b3a92a717acf1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"b1463adbf4f763b00a93802e121ed44ddf3cb02a4dedfd1b6d5678ace54baad88db1a7cf2d37530a03aac4e0a3","nonce":"d53d1e214d7b3a92a717acf0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"436e07ad1044210b96c494d0ce803a83cef752a13ed6a2433eef3b1a8282d865"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e53b178fa95d18a313ca7fbd623e443428b25f7f44b66b45131c02828c8a84c7"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"6f201bd4fe194d95b3b784dafee7b723ee4d2eccc06359ec49a256f4f6429b94"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"7af9608c172334f22607326a686ca31cc1a84d45d462f494957c792766de80ed"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"3a264ca692d28b501e3c249df188c0abbae7420e2d881740ab4f81e5fa14ae57"}]},{"mode":1,"kemID":32,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"8f2b5fc392dca9158310611805b0114f1779de773178d98e6baf04d2a20f7c99","seedE":"edc699c6ed92cae379d7f3981a974070e8ca25a479ccd5b0e1e03477acdd91ed","skRm":"e665547b8ca44cbeac68a646a7238f03201b6aa638545ca5653272fe5b761002","skEm":"14d22271b302cca6909e81fdf12181968486f3be9b2a4e9e05e1c38d4a513aaf","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"f6fa86fd9b2ad6052f42d054b626f45d8a38ea73cd0428db99072af9aa862e29","pkEm":"67d495825d626087ae3151831af00754ba24a46c528fa4da5fd4742c0d046933","enc":"67d495825d626087ae3151831af00754ba24a46c528fa4da5fd4742c0d046933","zz":"253b062d81155957ebac4f3c9e4103fb6d68db03e942d9def790c4ba8ed1029e","keyScheduleContext":"015524525a35476a768bfa4c6148bc0a1c6f4d2236e85323808dfc1b8b11e4f2668558db7e9b7535318bbdc44394b85e79c3e064689ee02a6bcf9dc5b51449e06714f5a8d3337d71b5cac2996e7994b4f15bc6804c6c85b5ba753411b4a37c3324047f2f20465ca57bf005f3ec6c8371b8b7b290edcd975264402b7175ba2a5b38","secret":"e2fedf63b7986cd9e3e104c103a80635db331f62426fb62a6266c1fa58595e8cb860028fb65d1c49620d564f15aabd8d26a3f840c0238343e41b955df47d6587","key":"5dd4629e9aca99acdc26646af706e27190e50dced12b031e199f4f809a1ff754","nonce":"7fdebd4f940a34369f0d84a6","exporterSecret":"13a910fa210aaa0aae141a832dd5c324da18ead54e464334504facf2f92fadd2678e5d1e7e801d46d49f77401247a7615aff68157ae9f8fcf9518b189bb6f667","encryptions":[{"aad":"436f756e742d30","ciphertext":"2f8f8fb9d8c805e79e31a5cc3d4c99345eab7629c262dc328a5dee51ad8dbe82664dd95463593cd2df12b24e70","nonce":"7fdebd4f940a34369f0d84a6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"8d886778c4fa50badc821ca669bfce7da8b1f2a2683be2d2d3636bdf7e11638655d3da815c855e83d6226386d1","nonce":"7fdebd4f940a34369f0d84a7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"e6cafb0adcf68868a8d57cc9bd5c9dd8e2e15d51f135db10bdc043c2e89363b3f25f7c94bfbe09415cffc00a4d","nonce":"7fdebd4f940a34369f0d84a4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"17ac4cce8fa4c0b36bf104b5faf278dd32716f08d8fadfe2fd2b334d4f56076259af1b27a605b4d6c657101ddc","nonce":"7fdebd4f940a34369f0d84a5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"deb2186e3540947e689d09064c1b02564a311e54033b51bd3406a7ce6368e9f512fa7b4e1e1d683ba44d01276f","nonce":"7fdebd4f940a34369f0d84a2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"9bb0c2c4f1185710195c3cab991e8651bfe2356fe324018d88ef0eb9048b7b46cde2d297bb21a9527f1126601e","nonce":"7fdebd4f940a34369f0d84a3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"05f9eab15ee6fedaf8a19108b0945edc5906cc2e352125d225e321d2e94434b65526a2575ae7c6a643892a5346","nonce":"7fdebd4f940a34369f0d84a0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"ed6ea76e3b526a0fad3b76805690812348a9d284470ca4475edbb4082170a090f24a7e4526c5b4c15f591cd256","nonce":"7fdebd4f940a34369f0d84a1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"2741bc1e210fb692f107a00cd5191230ff6177bea2565e50ac4b33ec8ac01bfb029206787d2aaee3ded10103d2","nonce":"7fdebd4f940a34369f0d84ae","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c4f8b5e5d611ad5ed48054f85581a657ffd581cee7f779715bb16a466b35b7040b59e62b2a131b13907d990ca2","nonce":"7fdebd4f940a34369f0d84af","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"ec23384de0d5711a0819c22fba3b58a8d205177832ff205ff132d80674d1d724"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e03236ad5997fee0fc66f74f437dee7b1f8759ff37bc9476ee3151ed5c3c7c38"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1428335a465feeab4cad0e5edbb9399117ddffa2f00090c466f78600f4ec799d"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"bd4c6b587e0e0c1ec5b08706a1a85504acd0c24ddce0e64bd6275f29e73920cf"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5dc3abfb7820a892ee44d22f849489aa6b87af5d48c61e2e630d6a5a3d7155e2"}]},{"mode":2,"kemID":32,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"29017ae37566fb79aa2a67dae036989196068fccdd45f1bf2953724fbbc9c58e","seedS":"e9d9f16d3df1081da28a4a6cd8a2adcc60f49e92e1da3d4aadc1d08852b55db3","seedE":"476c60855c5965f3c0b10032957d1f6ad94c403af227b3613d8f4c787e1cf62c","skRm":"46386e9a27bf29d21b0ca32b1d17e6a3738ba8468894f2c7fd91311daa90edd1","skSm":"0c4ea17a0ad31887704bbb3753e75ef963757c3ab7d7406cef9438653ae76a30","skEm":"d0bf7f10252535b18f421176957cc8939c2a4609fd545a8d52a36078553857b4","pkRm":"ab6eca02efa79b64554d8c8ed4a595146396e211ee8064b1c4969b51a7b78c7c","pkSm":"753250e77dea078e6ac848ae241443d77b2746d664f6eccbfa1e0619653bbf38","pkEm":"fc3dd2977f2fa74772114c4ef33b9471eb6398d06604c10e968febd75349ed53","enc":"fc3dd2977f2fa74772114c4ef33b9471eb6398d06604c10e968febd75349ed53","zz":"1fdb8ad1ebe887e7da1c07928639ba8c371d8ef868cca958349ded14c6bebdcd","keyScheduleContext":"0204d657eeb1afc6c88ba18abd84b299d9e3d946298a6419684ef589063085bcfab58e1b9810edc78099ab8b5ce0afd032dd1b7bce92bd8efb321612ae00a4ef2e14f5a8d3337d71b5cac2996e7994b4f15bc6804c6c85b5ba753411b4a37c3324047f2f20465ca57bf005f3ec6c8371b8b7b290edcd975264402b7175ba2a5b38","secret":"5b2a9cf84c9db114329deaccdbd127f967de5a88f3c4156519c27c7b82bb106d00ac36e88550071d9ca28b6eebdcceeae9784583d110af536113c49ea174e5c5","key":"dfd33b2f35e225addad4e1dd346749670e599f5acc7f153e985726ff09e49ee8","nonce":"938d0cbd4b175a5649f8a331","exporterSecret":"6294524ffb3cd9edd80a3eaf945667f3bbe9abbb7e8d3a5ddc125a18bd095c81f2d828abad0e0e8f856d50b48a5ac100b2052e35e08fdb1fb693304e5d024261","encryptions":[{"aad":"436f756e742d30","ciphertext":"ca19350649157e779fc082db376db407136dbf1fb7fdecb970662f61e200824d680a82f4d51a61c40f1a631f23","nonce":"938d0cbd4b175a5649f8a331","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"1d703b6fc01f3b18ed1960b0be6f7f94fbff1dc7146eef840c8afe1743dfbca72ce23256b4ec63dd2606cba75b","nonce":"938d0cbd4b175a5649f8a330","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"f6687a90e286ee8700d1577ec3ccdca6d6f0bc4cb5dfa11cf0fbbc5c11535af3a37d11d0c384d437d1b19d5d9f","nonce":"938d0cbd4b175a5649f8a333","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"f4802da5eefaf8fc5cfc7e0892ebf1cd3cb8e4b9f8bf5d8e0592b697de0f8a92cf9f8a28b55cfb02ab2bc26ccb","nonce":"938d0cbd4b175a5649f8a332","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"fcfb9f07424c83ac5f9a069e952e914990a7e937dfb36f33d30fe18b3c952da73050001dec293104c66016427a","nonce":"938d0cbd4b175a5649f8a335","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"fd5229fc91dbcf56a7b98428298fac0ba3b6c2c75dd15cc8a608dec091996a563637bd10d0c7d241952f49abbc","nonce":"938d0cbd4b175a5649f8a334","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"5bec238075a3a7b5c5b6d78fae0d1ff28d31245ccaf0fb21d98274cc977e7bcdab6fb25b9a1e084790b128aa46","nonce":"938d0cbd4b175a5649f8a337","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"8f23d8749ebdf199c40bbd54e158040a8d36c3948c425163a6afb708145bb2f94dea570b69d167fe49074ce430","nonce":"938d0cbd4b175a5649f8a336","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"3ed94bd853ac34951a196886df613224f659ae6d87ae8741ffa9ce1bdeeae18c80ff93a81c2c4dfeb3866a7563","nonce":"938d0cbd4b175a5649f8a339","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"be5191e6459707f8d36722731557ae2244d7771361ca5b3a4c8a189be38972b3a5a5ced55c7a39d597e04d0093","nonce":"938d0cbd4b175a5649f8a338","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"812100ba6a09e878bfe6cf9930d6ff316816cde714b97329b393c50f291cc96b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"2df90e298a4eedfbcd12fa693b68a4a45fb418fed1b572c1a66f34e30b8345c8"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9e34e4dc8e73572420d64ba592eebf2d0ed8aa17879f3dfe04246d3ceec8cde0"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"138fcee734cf8b975d5c687b460c6d74b7999f13787d9a087f3916e175cd2b5a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ba192b730041afaad06163c6984f0329c159d13cf3a8a1885749f290f323fbf4"}]},{"mode":3,"kemID":32,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b7c833f0fea82c5800805aae8bcb8534e28cff89d3e1e9fd6e4cd4afe3ec1712","seedS":"f5be3df47090bae362a1c9279cf5bb4ac7828adbc8e16b4fabc6c17ae340a7fc","seedE":"a7c19c1f4d24b2c0ff88ef50c88c9ad47272d1b581881d601c7edd8de967b3e9","skRm":"08d2de3bbf0e77524de2870e225386f8dd31d0861769684fe0bdb59fe448142d","skSm":"eb1424100df6b4cd18b4e4f41818d2827b24b36c060c4195fd23fb54eac0c8c7","skEm":"e26aae8bfa87002b30bf95e1801ea5152cac8e083d1fb324223a6fc62412b522","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"e6763d4fdf8f6bbf6000bbcb758b028bbda668c5396141f030c414084f0ed133","pkSm":"2b7a32b69c98dff200999149dd51efc469e10803101e4d8fad27daea97ba0d7b","pkEm":"f573e8f32a03940ab28a129723a393d19dce6700ae26b058c7a2cf657c27ce66","enc":"f573e8f32a03940ab28a129723a393d19dce6700ae26b058c7a2cf657c27ce66","zz":"5080efe9e624173eb70809450e1b3d1f343a291a4a90fd886422f473f389d3fb","keyScheduleContext":"035524525a35476a768bfa4c6148bc0a1c6f4d2236e85323808dfc1b8b11e4f2668558db7e9b7535318bbdc44394b85e79c3e064689ee02a6bcf9dc5b51449e06714f5a8d3337d71b5cac2996e7994b4f15bc6804c6c85b5ba753411b4a37c3324047f2f20465ca57bf005f3ec6c8371b8b7b290edcd975264402b7175ba2a5b38","secret":"7edc6a0be50eb9dfe851f9c276ae380899785d673ce986642a14a45ab32fcff9c9a5ae33583fa7b7194955d49335c08ee5767a66232d88b0550542a1e079b4c4","key":"439f321af9e43f8e04021f7f9ab014d02ed832b67e7c1dc648875b1044be767b","nonce":"201e118daa17fa06d3a21d3d","exporterSecret":"0eb5cdd0f337174b07a71e035a76e1403922f541d9578e26ce370be8d359f9e3fef6da91a8c9d59d37398c9dab74b2bcdbbb20010e1cdf8eee4cf689b838e3f3","encryptions":[{"aad":"436f756e742d30","ciphertext":"46e20b0d89144c2850677d81d4a3cf877d28094b909558b9af4931b51dce8288f41532ce49b2d97710467d84b3","nonce":"201e118daa17fa06d3a21d3d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"067ea1ba8ef5c4809d088c8e41e0595bf02f35b7c483c431204d86dad8421ca85cc389075bf1420a4fe48353e6","nonce":"201e118daa17fa06d3a21d3c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"75489efffe7ad2dca0207a71d0c5b1649d6c383f29e416ba1d033a967462178e4b50a6927d92e6c4fc161a1975","nonce":"201e118daa17fa06d3a21d3f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ad8adbb244758920cc77cf7faabbf254b7002f58588e4dc640099ff2fb12b0ee5a81166cfe6d68753b85ea9d07","nonce":"201e118daa17fa06d3a21d3e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"395066860ffaac684feadf752486cae0431606bd1efbfb7ade65efe5504941b28526e01f99ca68b35cd80812e7","nonce":"201e118daa17fa06d3a21d39","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"8c1cc29f4cc108077072bf195c7a9085bb4b49d4d8b407d34ad9ba20510f395d00143cde3d97910637b03dfeda","nonce":"201e118daa17fa06d3a21d38","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ce4526edcf03014a63f89f72eb03595a4de00718f202bfcbcde9ef02cadace67258d0d6075ba4d4e9d1cb4f0ce","nonce":"201e118daa17fa06d3a21d3b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"8076d1a0ab485a1f32eda6c2771ecd3ef2eb5a3af838bd993c1fbc7e23cb415d3bbb68921179d4f5f0b02d4ea3","nonce":"201e118daa17fa06d3a21d3a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a6b5a90f5e4e618557fa7a255d13c24b5930cb8debe2d488ee0faf818c1c9f16fe15529ff3b0b322cdf36040eb","nonce":"201e118daa17fa06d3a21d35","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"38612a2735f86d911980a6868f79c41f0babdc1ba90eadff1f78b18ebe5362cf05d58198f0befba75c553285b6","nonce":"201e118daa17fa06d3a21d34","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"13f4956760ac7f63d336e82e2249c17d9c5fc84a5785de9aa8032465f5c7ff1b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"41578cd0c36cf5a1aea4b34abf965e24c7d394a6e1fe316bdea91d27bfac5ba5"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"7bd2266106ecba1850649a66359ab87c7c472292d9cba3665cab382fe0be5356"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"5f5ec2f9a45116a5fb738b77faaf521ab528bd2f4618dcfe9ed0a88f3a1fdb08"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"aad132f467b40c90d68f8e6872e39d24d8e906a72f0576da529711f6f565a7ba"}]},{"mode":0,"kemID":32,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"22d24f20f0830d87fc47729c5ae41ab7cac29304e6f46d007a955adad9d36b5b","seedE":"e5097668e431be6e2d9fdab0e64921248c760e68fd565e1360142388803ad230","skRm":"124759e117f6aa5677c747d09a2d82607db2a388a6473647aeb605b66822819c","skEm":"70fe54f14893759e23b4c975cfcb8cbc1ae9b8a4d78a48789a5f47324bda5b84","pkRm":"0b9c41a605aba4ffa30f336a976cf4f30a1dd5e8fdf0d4da0f745a147e491828","pkEm":"147b25161de4080624c11d1cde83d5a571ba17201385ca22302b9509d1101e46","enc":"147b25161de4080624c11d1cde83d5a571ba17201385ca22302b9509d1101e46","zz":"feac9d7b88bf6bde1f0a9d28488ddface8eaf691cfec08a3120140a345b6d7db","keyScheduleContext":"0004d657eeb1afc6c88ba18abd84b299d9e3d946298a6419684ef589063085bcfab58e1b9810edc78099ab8b5ce0afd032dd1b7bce92bd8efb321612ae00a4ef2e14f5a8d3337d71b5cac2996e7994b4f15bc6804c6c85b5ba753411b4a37c3324047f2f20465ca57bf005f3ec6c8371b8b7b290edcd975264402b7175ba2a5b38","secret":"bb217a9ad613299919fbf64b37c1aa54d1f63561bcdaceebefb4f5659bebf10a7cdebc103ce94eef4310bb718b9447042a0c65b23738de4038b06dd4a5218dad","key":"98963d0664e7c6360b83760586ff3292a6d99cc6a8d7f9ef152994b163df1451","nonce":"d120fa833befd667ff8afa47","exporterSecret":"8edce1824416c1c30e98e7b351c5eefd117b4933ff03fd834df8e1dea538946525cc104d4c348700e5b7f3e558d66af09f554ea9c7ce3e2b142d899930fb5c68","encryptions":[{"aad":"436f756e742d30","ciphertext":"77f434a667845f41c5bf5e6e6113484d45fbf7fd61cc36a141b920e4bb5b6ad3a61c67033a15dc495e8595ef45","nonce":"d120fa833befd667ff8afa47","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e5f64ec06a92fb2f81ad6203629d981c265aee092b3e20ddc161e163c0a29d1b9fcc7ddb5dede6d34571406f50","nonce":"d120fa833befd667ff8afa46","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"9252583ed8c5258877afa5dac29acb338cf57c702b03d20130b86234b231e3866b1732369cf6c7fdaace68c246","nonce":"d120fa833befd667ff8afa45","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d5c2e0a633d6786a7d919f40c26ee8a1491a4101a441460d51720ff769b86a71ff74fc9601bd8f4c597d95c057","nonce":"d120fa833befd667ff8afa44","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"807165bdd35f448b9b649ce3ec8a9835836ef88dab28c5a77d0f46bac1dd6f543ebd64bbd7840c860c5a2d1ee5","nonce":"d120fa833befd667ff8afa43","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"208e3adb17a694d567a84428ecf76a562d38fbee827e245eb0e96426429c3a32805f9f675b99a28325c11a9d51","nonce":"d120fa833befd667ff8afa42","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"f34e3f00d1b731786b5b7ab0e4bf23fd8f3889d6ee75ca9de755d22f8e099ef0d92a6ab4d6e635c788faaac588","nonce":"d120fa833befd667ff8afa41","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"fd45de4d582f57bd5228688c0e08553c3e3d6a875bcd1c67e196b94fc6238ddbf69a17186416669b0ee124bddb","nonce":"d120fa833befd667ff8afa40","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"6416f410aa1aecb24c8c17cd9b6eabda1bfee2bd13aa52c5dfc80c482236b99568de15b3543522486dc594dc13","nonce":"d120fa833befd667ff8afa4f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"2bc1f3380dc05ce46a004a679dca47cdc46d25b02662274442562e1f03db3860d1abf28027718cb73a6c2c05f8","nonce":"d120fa833befd667ff8afa4e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"73ceb7e41223a42a3e6661f15530ae494ecfd2c6a9e809c67243a0910ee75794"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9af39f0e6462be9a3efb1fe2eedc6e2d2942c0c9ecae1ee4e8831d675cce6fc4"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0ea567aa2da373a71ff88cc6b91abc8b1dd48baaf032f878a5e6d9335f813003"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ee6ca654a57a66cd0315716d709d4c52f5f41a69249776c13077967c4c418af2"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"50dfd00952f71e8c1bd51ed6acde15bd558c97581f7dc17fe6e637d61e12df02"}]},{"mode":2,"kemID":33,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b3ab7bd5c9105c375142ee48fdca0fc20fa40a0eb785b22611a0cf205aab091f752c392b4853324084b1964fe4ac9787ede201a3fdf9bd36","seedS":"172a879f102a34446325172051cb121e290dacc3bd3897b9ab6b3786d0420fe8930656880833c138741a832a77d189691f99e552abece51a","seedE":"9621d7215e126919cc411c4c86f01c4d908c84ae4070837ec11bce3c23c461fd8d7b384b594b9f5411e2cd74c3a9d0be861712aca56a8ef6","skRm":"eb502cc60ebd6d89fc0126c567d56c33f61a39ca0f2a0d99d886a96c0484cc1ff1b92ae9e6f67675cf1bd3fc7496881fd95872d6d0227d67","skSm":"3e9d07b931a12615cfd8b8a222480bc162b859f59680a999a2ab7f36d3b36b5404e351f32249099009c4f60c73561fba3d918aad25ca30e6","skEm":"92865ef161138538a32e3b6676c3ce4906b2f9bf00428c111f46c444356304191ba0e680331c457bef57fbeeeb41df5a5646ba48f4858c84","pkRm":"fdcc36d264b3c68ebd31a53870d0b2c2753725956c8331eccde724e4e512f4e82a92571e8d9eee13ec2d1b1c67f9371500f7a4bb71f80044","pkSm":"a7a593874786a526cf708de60e03a3e90d154d46c38f04c2175472de7e1a3eaebfb4d75a256cbd7c7792add79abdfe75c56c2b00b1a6b979","pkEm":"94def812e8c05921542c0f4fe1bf5960b5dff92abd54620e8cc4eebe9286c448da6487d04aaf2b964d313abbb4985512084bf4f2a3fa6db0","enc":"94def812e8c05921542c0f4fe1bf5960b5dff92abd54620e8cc4eebe9286c448da6487d04aaf2b964d313abbb4985512084bf4f2a3fa6db0","zz":"1a6781034b60c3177587647a0548e44e9c124b7e1b02ebded8e88b38babb7bba5426fe2ee745acf9178f218a16c4f950dd342813eeb3d51e315396c50d85119c","keyScheduleContext":"027e0e27c7aee65742769bf5c88d4b95fd21824f42f56de09e58353e72bc1fa178f539b8e83a13cbcf27ce9d52f7006c6c9ba283cccda6c13363264465f55edcd0","secret":"5a9170ff5bcc4f1dce2ae2c436e6254c3f01ad2d6ab2a786f80c9278d9e34e9a","key":"2dc9846c02871cd70f268f98aa091b08","nonce":"7cb471b604d72c9c8c718680","exporterSecret":"b7ffd885b6962970bcdcc60a83dca3e4ec41fac8c712d8bac28fd820eef204bf","encryptions":[{"aad":"436f756e742d30","ciphertext":"a9f117c16874ea96cf492524092574d88f3081925286cbe459a81186b9b2f9507066fa9d84468b956df376fb87","nonce":"7cb471b604d72c9c8c718680","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d040072ffd3b06764deecc2cc99240d5b7fb4c2878587c879d10f10e6da1ddf57b27efccc50720eac0ac5cd680","nonce":"7cb471b604d72c9c8c718681","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"98b949e840b371138aa0b35f734692179510bdd903f31c057dc9792d06238c9710c86e8fe903aee48f1387e989","nonce":"7cb471b604d72c9c8c718682","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9e318c3314ba58e90414547927e6430efa240e817e7fd0f11e36f6bb79bf60f180cb29004abc869256dc004ae5","nonce":"7cb471b604d72c9c8c718683","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"45aa09fede5f6b68574ae6939263a84f1c23a70a24ac2280a539d4c38e292307e1648e2075cfd8bf689a213af6","nonce":"7cb471b604d72c9c8c718684","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"edbbb3a3c36714cd19f21d954880fdcbe109856a1b6c6042e95ab5602e156bfe8cb92902b6041216983ffc47fc","nonce":"7cb471b604d72c9c8c718685","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"d8f5266d8198056d3167dfd2e4d3dea7be6cfc7fd6ca52e9231343ecab9adfd4c6875e82c84161147d3c68da24","nonce":"7cb471b604d72c9c8c718686","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"efda1b9de28c429fb458527bc470edcb2463ff537ad2bf1702aa5294cf796bcbd0679e3ef8fe0c330530d7faa0","nonce":"7cb471b604d72c9c8c718687","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"60afadffa39c3f19972b47ba3b24b5c4b08456b7e2f6fd56601a5d12c4c209406e0e5ef7e824a3421c655fd166","nonce":"7cb471b604d72c9c8c718688","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"bd57b3027e81c5bd26d776ce3caa55018c1b8c7415481b9a05c0f588f68e5a6918c2695b6d0fde4453d07741f6","nonce":"7cb471b604d72c9c8c718689","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f7a47d8d6ed95d073a4ce1ad6a9b5b012c7ba723df26081df235f4b4fcb6ec92"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"eb0fa8bbf095ead0b4c77c10238f01c63b4115d1f8fdee9899a9d67ffccf6cac"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9e9b91eb85d21533349f87dc76c7924ca27db54a95db80f1b61348ccca8162fe"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"8244da406b1053fbe4564479030f290062b01301c00a1dbc2ef0f1e9b425f2b8"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e4b64a1ea189c07d8233dc0ded2c7c202c16a955567e67db8388f3d8ee3984fa"}]},{"mode":3,"kemID":33,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"cf1661d2775ba93695f16b65742a78b0109748ff6cdb45f25930e32925a67121bd90b13d3e6a24cae8b80f0a1542a78673109db287828f1c","seedS":"1ba123ee5181aa1cc2e3bd44810a3f6c3c6c84a93e6f1b987abb64ce5d45595725281ed4c9d17d22baf3e24e4845b3a9826b4fb3536ef645","seedE":"3a356e9c74b0d4be25c20ea42b0509a94f0dec3b4c63142353bc8e7d95f1d367d2f1534fc1273df70164ddf7454550a1414df924ec0446c8","skRm":"45e8e4467d16d6521db4a938a3c7f4d9180935da0223e6f5b42434162f0a2cf8bc6c4db4c0a97f0217377870ff1b4d7e96ab6e150939beac","skSm":"b270d3ff5cf33d1bdafa0c9f9ac75e4a198bbf33beff67e66cdcb081cd038e99c5746202bced3e3be9a820f0fe3132d5cd340d80e3d2d3bd","skEm":"d84d2cebf7514702364d6fc492e59bf09058ddb8613c764ccb899f1e955b45c4b16d41aad260c6aa0d2a130e91600cf891875b99a0ea0d1e","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"22adce195d3aa7202df9a7a41ef1b1a999ef02aa5de27d945a4c0848860b8d1df804a56dc9f824308ac4da81e9236551980c11415723227c","pkSm":"b2be308b373cd0c317142cbe31d249c53dfa1374d88fb7b195f5978d46c7fa4fba8b02ea3edf02fdeb0a3b85e934f0ec2fef415de5e8c377","pkEm":"7e9d954b5b74bf02bd383274a4583c52da1abde51660c2360c2df18fd38c59058f0a3872ff2444d6df49a4edcc5c6205ccd92dde1e827fbb","enc":"7e9d954b5b74bf02bd383274a4583c52da1abde51660c2360c2df18fd38c59058f0a3872ff2444d6df49a4edcc5c6205ccd92dde1e827fbb","zz":"66650a6316bdbec65af97b50b483f873f63c328a003e68fc1d8568946597e0552bd1423db8deec744b5548dcae5148f8cc65bb406cd49f68572a69e8e5bacdf0","keyScheduleContext":"0357e59caafa16d233eaeac1b30c7b02527c88ed306aa4a9d02e190172f1b7d4fef539b8e83a13cbcf27ce9d52f7006c6c9ba283cccda6c13363264465f55edcd0","secret":"d5295270c61a380b7f764c4e3584993b7b872d4e1a072ffaecee3cfe86fb7300","key":"3fc8c08303c5b3f192a545a5916713f0","nonce":"47c5250cfef16da851783fcb","exporterSecret":"daf3832ca34314c13f40fe7d831f4cd2343f0d29e2f34ba1ff44a1a43aeeca96","encryptions":[{"aad":"436f756e742d30","ciphertext":"97d8f34d7f2a5a8470233d2ef1ea8a4951425922972043b7ab72ffc61f17f3451e8ff16e6d6c8870495e6b53fa","nonce":"47c5250cfef16da851783fcb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"1062f535cdd373f44b365d8f2fcc1c4c17eb73ad5b1047702dfcfb168bf1d564a5aa2bf7545e2f5357f42d0f8c","nonce":"47c5250cfef16da851783fca","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"967219f01c8713f0d9573538ff46fbc81467e2e442fef2eb0fffbe201de10e41041acbb7b44b051c9982866087","nonce":"47c5250cfef16da851783fc9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"576b38ffc7aa2b870d89e226da0f7f6267ef6c82c19b81182d497f4e2e7ecf1a8ec762980169bb12b8b8c538c4","nonce":"47c5250cfef16da851783fc8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"748b36c90ade8aa60e17cda2fbc4f219913bdae33863023339dcdcb6f0f749deb3bdad30d9c1150deb4033e552","nonce":"47c5250cfef16da851783fcf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"9e52ffa2f236afaafc4150b89ca0ae6eb2a2f738837a9c632cda89495f470380f59d19a6b866a67b3250ccaeee","nonce":"47c5250cfef16da851783fce","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"f86b2acf3345bcb33de6d9617a3859171539e375b7126f7ff795675a806b458ef2cd8857f031a2d3c886f36455","nonce":"47c5250cfef16da851783fcd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"9fbb13ed0619300520681b562bcd655c97b5bedb4d01a9bd077d938ebfcbe3f307c82d71e6d7298fdb75dbf88e","nonce":"47c5250cfef16da851783fcc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d4afe074236f753e762e11c444f447c30bda01f3018f295875d60479c32e8c274c90c5c6438000e27cc7250120","nonce":"47c5250cfef16da851783fc3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0cca5d42b16a880d8ba88a96f2d1fd3608f2ca50bfaad5de5969010753586a259947c3f7cf4b07c97e3c4a514b","nonce":"47c5250cfef16da851783fc2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5fc9abbb87e2213c4404c1c689539dbfe1d914b262e39ac9c52e20d881ab2e98"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"819633d7477ed2c92655ed0434e8ab36bfb8aceadff30d020d910a93e9d32574"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"c57293b41469352cf6356f646dc2c7e7ecba6843b20ba0cdbc2d510a2e1f6f5d"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c31276a53f731e17a16ec1bad1c2455547aaa892241b4e46fffa6dd23e6c40a4"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"1ad9cec5b1bfb5cd91fab2cd9e5f7fd577f09c6685afd8dfe4ea94b761369cc1"}]},{"mode":0,"kemID":33,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"8edcd666400d6b5e9269cb29cce03b5fbf64fde5f4eff8d08ec94ea2fa58164c650a29e6b4dfc2a30b52b1a85246d9942252bd4147649868","seedE":"7cb2ee2c70e19dfcc0c356aff100893b5663411ea3987660255f3560892eca91b78e82737da6ab0dafb7807d7eef19f1d78e4a9d611fcb91","skRm":"ae955f68150f127c27279ec812e56269a6bc0793700b29e18b11ede48f0c9b697a60f1bfef35b7c992a9add47d44c13faa301725d3f12697","skEm":"3c51d512fc58af4f357dc7c4cd18fadd66d7875bf1fcf3649385f2812eebd55bbe72658fb1f4baa1b4c2c7b1635a74f8d5a866c4424ea1ac","pkRm":"6be19f510a66b27e46f75df5272aa519cd25a1b5fac36460c64f5479a46a73782b8c5899ca0126ec695b763fa172f1b3cb4b81e1fdfa0e30","pkEm":"7be9b718ed33ab6c5af42174a6ed656235203cb4e4dc3fcec1915504c17d013d64a6fcaabc212f2f03ee88af684fb7f34704c5d486578ebb","enc":"7be9b718ed33ab6c5af42174a6ed656235203cb4e4dc3fcec1915504c17d013d64a6fcaabc212f2f03ee88af684fb7f34704c5d486578ebb","zz":"327cb25a3ab6eb409ccaeaf838dc63f8d5233acdf37409f60026772baf954b89f6c84028d08c4fb7c43d01893ecad1969abb9efdb938cea23dd4c0dde688d5a1","keyScheduleContext":"007e0e27c7aee65742769bf5c88d4b95fd21824f42f56de09e58353e72bc1fa178f539b8e83a13cbcf27ce9d52f7006c6c9ba283cccda6c13363264465f55edcd0","secret":"f5fdfc9b01412eb6913c2deffe708a5c1b8ab4d09f7f5d8869c98fb2d9ec9daf","key":"d8324ad0a439db4cf1061f5c0d7f203c","nonce":"2735f4643131145ffb9cbc5c","exporterSecret":"867843377cc0be9f876ba133ded25446c95d7548dd5880599b4c7fe6710f2ac4","encryptions":[{"aad":"436f756e742d30","ciphertext":"816561bed785826076ccf84a2ec7380e75d0025b35dd6f419a03e98d33c7ac333266083ce36aa6c7ed80c96efd","nonce":"2735f4643131145ffb9cbc5c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"065c64368a7a43392f662de73af9ba07fce6c624d263f9ef1729543f93f0e2a346cefb15b196a1abd3d8ea0087","nonce":"2735f4643131145ffb9cbc5d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"eb8ce98f859c630b77882232649c1a71dc8fdd7c18caf696c3182ea82f149ee217ba27c3329fb93ed2d606d50b","nonce":"2735f4643131145ffb9cbc5e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"bdbeca234fbe1158f5d8b6006d644cbf39d70dc15ce9e6aab88a9d1a7676508c0152fd456d6f903c34fe09639e","nonce":"2735f4643131145ffb9cbc5f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"9be810fd601eed5ec5713762a92633ed5121ebd2d9d94f006f783e91e8d9c18db457a9b99f4e82223e1ef2908c","nonce":"2735f4643131145ffb9cbc58","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"ea2a6fbcaf73cbb60352ca7f87b4440e949f0a4626e33dc2de74a46fcea07dfc54de21ee59cc120f6a46c766c9","nonce":"2735f4643131145ffb9cbc59","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"05a1a0db14d5e59f96ce5ee271474eb6dfc1ce55e5d9ba62601e11be39ccb96896af4236c71361e6d8c757eb2a","nonce":"2735f4643131145ffb9cbc5a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"cf91f6f3ca81d9920511464bd1ba6ed8615f41ef2050bee40c0a2f7aadf97c791d97ae388d81e3ec364af52890","nonce":"2735f4643131145ffb9cbc5b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"57994faa5df99f6a2871fd9599b00b1ce64aeeff10b058b395521cb6efb6ac4cebbfe7d78ef2ac2bc993d6d8ea","nonce":"2735f4643131145ffb9cbc54","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"809730a5fee3f7846bf45f0b8a318c3faee45b4da1e37a9622dfdc2a3361a0e5c9381c4dfa7e71fee4fe7dc18c","nonce":"2735f4643131145ffb9cbc55","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5650bd5ad95b7b210538840f952afe844d7944851b0eabfe29759d32c829bf17"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"136b4f4f24448d25f88c673e542f723710c15fde5f09f3b55a248adfa8433c3d"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"6d2d89908482a09f6d7cd9afc004e86715de8595ef7662491c39578fb5e1f903"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b6f3844b5285276d3091ee17473d68d4a781330b9324ad6cd58ae7ddd16e1f50"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"2f9051954ee50703f31d9d2af3fe404fe0cbf7df081c2028b41181f1a2af0b81"}]},{"mode":1,"kemID":33,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"69641395e93e4e6dfa9fcc0fcc8db66b16bf0bf247a987fa628d4c792b0853281b54203fba7afce7c1edce169cbf25c35c82c3acd1678dfc","seedE":"a3e0f1cd7562fed669e5803287039f864fe6bae0017ebfd29bdca555057a32a941b74d7d9cb521c4fb2cda508301cc225b8b192219a67b37","skRm":"54a255b1b3c70680200a63e6ded2559b12e521bc4c39d7fd47d62c9f3233501c4e7699613c4ae0a0ee95a73d037468df5eb61a649e989f40","skEm":"2b24a3c25e559a3814c8100a5170a2a5c3a1f251a64fa6ad3b2ab18da8f3199c9ef1d44d227c3ec50aa470897634407084751fe7205e3763","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"c393216afc3686ff9856048e308f208c1f52e6acd870d2b13678fd48e3637eed5e1aa5a1c67c25293c673ce8b18a9d29c968719110030152","pkEm":"383e49ff0561d1774a23ce0780acec63b8153e483c91bb57f91fa9a9c94876078d2386e76a630307cd21897488a13194b85e70daee8e9937","enc":"383e49ff0561d1774a23ce0780acec63b8153e483c91bb57f91fa9a9c94876078d2386e76a630307cd21897488a13194b85e70daee8e9937","zz":"47b0496dd0871de3bab8f67df0483de0a9899254d74106a24608f60c2822e87b5d8a78b17e1d9ec6b6ab41fa3d9939551c01b87044b3a69c8a7bf894cd8ff7c7","keyScheduleContext":"0157e59caafa16d233eaeac1b30c7b02527c88ed306aa4a9d02e190172f1b7d4fef539b8e83a13cbcf27ce9d52f7006c6c9ba283cccda6c13363264465f55edcd0","secret":"1fce183ff63d63eeaa97a2a9df312abace4942b8a54838361108f300f2fc1f48","key":"9607006d7c898d63101f3d7643b2efa6","nonce":"d8b02b95e65ab82cd71a63ce","exporterSecret":"ff4aa0cee06918cea3e98dbf62e9156ad55462a887342ac3c625c4c5bde4b71b","encryptions":[{"aad":"436f756e742d30","ciphertext":"a17a4de88a9689ba8ecaf78624c4aa23c0764c704719e5d1f49e884ce880927a91ddd21970e9761da8348db3bb","nonce":"d8b02b95e65ab82cd71a63ce","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"64bfba53a8df09932001d8fcd08fb37dc75be7632f5dd59e3a3ef65c0b9852d583df5df715427c19f29514c3d9","nonce":"d8b02b95e65ab82cd71a63cf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"76194aa831f06a18c5df8e7fc3a0bb4ecb169254d858ea73bea4d81a387f7d40ead2ed34a104e02354a93d7115","nonce":"d8b02b95e65ab82cd71a63cc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"e6a87b0a5dbc765f7cdd3dcb94d3300994ce1aa17ffa39f084c4589a637e2850192f266c839dae778f6c065c3e","nonce":"d8b02b95e65ab82cd71a63cd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"8609cddcac178a8f7eb5f1d3a3411cb140731894b8c3cb7f3c8220d6e58fb92a3a446a67169d156f8912ae2e07","nonce":"d8b02b95e65ab82cd71a63ca","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"5cdba97e539768e8c9974a8893abea49fc53084265f88d7e97c5b052a166ce5200678a7ca286931ef0b8914dac","nonce":"d8b02b95e65ab82cd71a63cb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"c3e17a7ebd5cf04381528c1e717547196e2e7051dd9a097db6b7b35f9988ab6c42c8bab8f6158f6aaafaff2d1d","nonce":"d8b02b95e65ab82cd71a63c8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"a95ed161d49bd3a02f79b97dc30dcbc60665e3d9466f896b9b3e50db7d30b904414054ac8e70b59e133404e0d5","nonce":"d8b02b95e65ab82cd71a63c9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"432decd9cbacf9f79106c6e833e7e9b8fb258022a285b937bb2fb83a0049b86b3e003cb12cb5abbd74e823f219","nonce":"d8b02b95e65ab82cd71a63c6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a8ed6c79ba32d02ab3326cc4321910761da4388bb2ca5b5a9fe995bcc831a0e7617e8547821be19f52caae533b","nonce":"d8b02b95e65ab82cd71a63c7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5c89df3b86c1a3cf617201fe57c6e79f13f677e040629de6a6cc92a118ed49e5"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"5e54c8dc88123fc61e2f08a95696e8b2e0f605b47a5682f74caaa39aad99ea1e"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"13821ce03f668205549db46ee19c4186cb036657f2f1019fd7cb4581a5b08e82"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"a4740a09894acf1031698b774b48869adc4c05d03553be2bfa3ab8de025051a4"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ace58796ae5d42a4b444fdf2ebc863a0d80ce33e7d183b709ac785745c9f1cb0"}]},{"mode":0,"kemID":33,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"f9ca9b32d4d4db615f08836b2b528841f05a59641a3025fa45d69d049a378c123cc79d722d4af61c188ad83a01b7f4bc5f1891bae54d0e89","seedE":"fcca6625edc4ebe92161540cc9374a37da066d042f522dabf503748429e8d63a8c669b8d40829f7690746cb8532aee098ced5e4ee32c42c8","skRm":"cc158467389a8a8fcebd534eefa301116d0f00039187a4ddb88eec53016d998d630fb6b50668008068cad08d7d142a5f48a52b0937740062","skEm":"57afa525666898d2db99a54ad6a0921b05da896e97fd20b5739af4936533cdac60998e7f82834868f8927ce2be86462e1a2c2fecb5003bad","pkRm":"bb5a4642a129b35dc0fd6fe4a2a0052c2cc93c44b9a4e85493623925330847d7934d5a845fec10c978b6ae4823df1f6fca000db799439349","pkEm":"9833622ebbb5e9ab68e8dd90c5636957bac46a74e00d562ce170ee115ab56171912dd32b43ac810b13cc6f2e297604a1dce8ef0b8856baca","enc":"9833622ebbb5e9ab68e8dd90c5636957bac46a74e00d562ce170ee115ab56171912dd32b43ac810b13cc6f2e297604a1dce8ef0b8856baca","zz":"8d85a667a4eb8e37c51ac9ea3054e948180482b4375e7ea119b8580a579875fca652cb4a7f154e2299f4eeac37b14b7823a5064885557cb8a7b912d83d2668b5","keyScheduleContext":"00b38e206cfe3cafaea8dfeb1220e61937e3507ef4155116425c4a14369caec2b5fc81b834fdc6d841cc3b65d8b12cb4caca26b99e5f144b1a7f39b7fe8b4538c9","secret":"07ce57e238c95d80244f9f070e6f171f2278a93b4794b11daca79534327c689e","key":"ebf4ca9ed9c85893b0f062a4bcf97f3653d8969710a097ab469c429e7c1fe262","nonce":"f9a6117a0f6a165b9d934cf1","exporterSecret":"db9d6de5fb2077baf1916bc8a4e0ba1299bd79acbfe445b99776c2394b1cc1d1","encryptions":[{"aad":"436f756e742d30","ciphertext":"c51a2b634d30029e9b64942a6d7c32f3c7de57c2f0bdbd066dac0f861b2d8049fe3658c79894a821b07326f6a1","nonce":"f9a6117a0f6a165b9d934cf1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"752aacc1927fb5280e3c7cff965ca2af627261335c32e805c3814ca9868341731810271d045e8c311801294506","nonce":"f9a6117a0f6a165b9d934cf0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"5820ee983d01737af97cd33a09bcddd2b6963a07dbcf601a85dae418d14e86c69d526eff309418ae9eab2cee23","nonce":"f9a6117a0f6a165b9d934cf3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ae09510913b1111e0b4ecd51ce1bf5738f70da5fa758feb865653f5315a46c1990a1dcba6e4acad8b8cc0f0bf9","nonce":"f9a6117a0f6a165b9d934cf2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"142df106eec5ac8ccf0c57049117dfad3df20339b479d4adf2fde7522936e8fdbb6d8f79e6b5e59c2a71d45bea","nonce":"f9a6117a0f6a165b9d934cf5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"4d68d32a15eb3eb4435ff027d61ac11e4321082752f3de4972092242be8ce8e2370b19e84564971b5c7934a6ee","nonce":"f9a6117a0f6a165b9d934cf4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"14cffed087fd8de09fd8d2b7f9062662baba0f62ec10b974d98a54046198e3f7feee00c133e4e9c333fbb550ea","nonce":"f9a6117a0f6a165b9d934cf7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"3316b1e5235aa25c31b429b8dd8d8799a533c2a8dc3a49f5ef95b44e4259394e316f35c3d56ac81862e80700f3","nonce":"f9a6117a0f6a165b9d934cf6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"eba3afd8ced691f532026099ac78ad118c38433efbc0b95e122d7d15766aef433e983b063d5c645d956eabd6ef","nonce":"f9a6117a0f6a165b9d934cf9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e1a9ff68e523db3e5a36f14b5e5e6be519dd5a699267ca74ff73ce76aa4c6045b5565aa1da4ae12e140b9656c0","nonce":"f9a6117a0f6a165b9d934cf8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"b29f55453584032fbd8939dd157bd74acdcb84b079f1dca338a0f4243c55d633"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"cf2e1f285ffb2f586288da491fbfe97581020704e13b17ca0e49a2c51dded126"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"ec08e527cbe5774df47108b454cd73c39a2074eda89cee7d78d5377aab7f6682"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"3fcb8083051fcec610a4f7711dc8392b9bab8f8c7b28633455a08ad686d3c751"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5565ddb58ed0ee9e31c3fee42ab038c48aa95e87a50786852ca8055fbd3e3b24"}]},{"mode":1,"kemID":33,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"e72364f9f50ff5166fecba5a2579499e64c71e5482090b1af568e59681184302b237f7c13fd24086d61a638801ed71ce2677ce23f7682edd","seedE":"3a3cab77c67b2ad868cb884f94c26c555f7adc8e9909abcc50605b412796172ccb3b8d822b244501be9e8a50ee4bbdffc3b7146a57b8742a","skRm":"8fd8485d33ee886ff2f4f58030b49f8d4de55ef17ac543dcc217a2b07d52aef75bcc2eae1fdb07623b288e81cae4020e6664e33f5a58e1c5","skEm":"132b4bb87cdc878586dda138d93349bb92bad8eaa064975f5fb2bff136b175e171d9fe9b4d47be58512f928619879f907c6b354064f16bd5","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"9722cdd22bcda32643199a1f3d9c1ec91106e1dcc0fc3189aa09054b9b3f7a36ecbf852cd5a6888d424311ecc5190b50bbf81b10a35ca1a4","pkEm":"b0ce852601625fe07c9d8aa251977bec59d646e38db54667afd7cc94c4920ffea0929c4ac3933087d9783166fb3f081813c9823a465579d7","enc":"b0ce852601625fe07c9d8aa251977bec59d646e38db54667afd7cc94c4920ffea0929c4ac3933087d9783166fb3f081813c9823a465579d7","zz":"9846630546acf820dbff68bcbdbddfc841007a4dd80f59a3fd5422773f1a9a2543164bd908ec6deb21f7c7c3db9f888338c287afe2bf4f4aab0794709393a879","keyScheduleContext":"0110921bed02defbdaf22418db3c0caa69dcf1788c1bf432939fa47f0ac7951aa6fc81b834fdc6d841cc3b65d8b12cb4caca26b99e5f144b1a7f39b7fe8b4538c9","secret":"f38f4f68d5fb83787fa9b79b96c746857fe97ed3f03dcf2d48a5343d851518f9","key":"c5bcf142efcae0e9c0023d9695c8c3cc562f708c9be3269f86fcdf572aef49c5","nonce":"5d6ae9dbd546e0bd13e23cf5","exporterSecret":"c1725b848cd3b098e6938316fe789645d1c7bd7f6f4394be1cc3f24f5c116d64","encryptions":[{"aad":"436f756e742d30","ciphertext":"b9eb1ce2d8ec15062eb30cdcc04de58726cdc972cddac6b862a6089c09cced1e999984cd99cc0f4a98ae5ec483","nonce":"5d6ae9dbd546e0bd13e23cf5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"4438d65d8b00838e568737dd20337fe7aed17f8cdd69f745781b864710da61350e7ad6142d52ab4bca14e18ad9","nonce":"5d6ae9dbd546e0bd13e23cf4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"953ee96156080270a73ee9bbfa1444d491594524d8b70a078d6c7b4edcdbee07b55a22f853c36dd1aeb200835e","nonce":"5d6ae9dbd546e0bd13e23cf7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"f55a63ede99957b50d87f04405df1142034c5e0be7fd78df0fd7c34850a7473e3cd470d5199dd0caf19e4dc971","nonce":"5d6ae9dbd546e0bd13e23cf6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"f5b5833fa526743e6bf9c6ebe70c8d116c4ff36845c5161a32ce20ce3b43c113ed83333819290f1db17cacc876","nonce":"5d6ae9dbd546e0bd13e23cf1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"a964720835f90a8edb6eb3d572af308ef3394e808d8331bd143c0dd3f0b262e8a5b4fb3f2eb8637971c1587b02","nonce":"5d6ae9dbd546e0bd13e23cf0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"674171084e5bdb9999bfade9287aae24e394b619de4dee7c0ccb16356c24c53070c64417a8c147f2aa3f86439e","nonce":"5d6ae9dbd546e0bd13e23cf3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"10008e5b71813275d66fba831c53e26807950bfd2137f5c62aaae90344be35e73eee6822869da6518fd55bdb2c","nonce":"5d6ae9dbd546e0bd13e23cf2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a569798e5417ac60dbbbd1aba5f5a81ac5e20921afdc245ba5a0e3c3c63904d009acba4244851fca120917964a","nonce":"5d6ae9dbd546e0bd13e23cfd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e7778d3617ff61ee49bc9de09f9370f47a81acab5c22ffd233629467befede7e549d7a23b6cba8054caaf2a78e","nonce":"5d6ae9dbd546e0bd13e23cfc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5b0a2d6095700c6084fdd3d06ff3537bda19d9ca52340b5d4269b8b59342b27f"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"b6b3685a3453d2a0ff2f9102011666d167f72edc945df8a724f403c88148f117"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9440dbb41c86e5d5172814e91a782502cbd3ae51ab4ea5fd914d9e919f6419a1"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"de1e99f297db6d52b009c8b16a0a407146b585162f7659bac5783b6de8c378ea"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"3da601952bd6986b03e2a25ea7ffd2d307d7036aadbebf0ca89b5cc4e19661f1"}]},{"mode":2,"kemID":33,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"18c09622e6548eb90b7fe99789ed09b45dc572fe38a966eac41ced50160d6b8e4b57050c67366ffb014a43cf012e05e8af1b3e719d7c0c05","seedS":"948456acdd8a786281bd002cdb6c82f2db8d832a19906923faec7abbfc8ae20f0f672676eea62623cd5ee51d0d3d5bdee8cde0bd9fda63e3","seedE":"8150d19bc28035c3b36ee33044efbd11cd96bf558b474e7157657dcc12415371c05ae0478fd4d4532e1691cddd1d25baec7386eab24a2511","skRm":"60a4eca26015269ad83aa0539554e6976b05cce6745c08da3808e070b90532af5f9966cd631bde1c133a24182925ae134b3194aaf3f52ca5","skSm":"1c290b350421d173866047521d123506d57a600c5917e5abd919b0fefe6b38c590321563039d71fc3daabb74ff76aadc257423c3770f32f9","skEm":"efb367b5ce8f0c03bd07b3246a4592ec3020c4718181f3dabb3b4aa6a366f86d3e2a6ff6266100652bdd9469d38591f628f6131d08dd3f80","pkRm":"a4278e311128e67dcd0bdfbc4b420f2aef87999e189d96343703d91f478524d995f0562b5dc22c8e71bf56960dfd6bec1215086d732afc10","pkSm":"178c698534c71ad9b30d74a8310595c10c916812f22f324766e660ea66320b82790c542123a9511c24d756b37c3f1a241e88d5b76a0641a7","pkEm":"06c018aa6d66fe5e8554babab09db9a328a2caea4ecdebb5ccac99c9847b0058705a337b2d8764aa7149b55c135cbcc21c85fc0f9f36c782","enc":"06c018aa6d66fe5e8554babab09db9a328a2caea4ecdebb5ccac99c9847b0058705a337b2d8764aa7149b55c135cbcc21c85fc0f9f36c782","zz":"77d0c1d1eff9e31747773bcf27eeafcd9d1c98728fcf3d3a1f6e773f1e6a3c1637f7e587a766090d0dbeb6850b53aa9e2f0c13d100c1d09f692e8d4d54d46fdb","keyScheduleContext":"02b38e206cfe3cafaea8dfeb1220e61937e3507ef4155116425c4a14369caec2b5fc81b834fdc6d841cc3b65d8b12cb4caca26b99e5f144b1a7f39b7fe8b4538c9","secret":"c2ac8abeaeb9827f559bae8b31eda0df2cc68ab8fa1e6c87c451a7b42e493341","key":"9a9d9a30fb24d4b247384369335645f8a13bfcea603ca766a8ab52678e175f23","nonce":"05ce87b7ec111f95918f4204","exporterSecret":"768e0008029ec0ea0ad4fd38b11b42f5d10e595e49ceff014f189352757d5294","encryptions":[{"aad":"436f756e742d30","ciphertext":"2217590136ad642947a6f8bbd57d9ffa2aa6ce01b4deb4799ee6ee07ad717a615706e7af4e3d42a4ced6a66ef2","nonce":"05ce87b7ec111f95918f4204","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"bdb26127917209d8a0952a6482186ce8316f36040079b337b25fa3061b99bf4a97b4cd547317d922a40d7fb98b","nonce":"05ce87b7ec111f95918f4205","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"42660383cc3605586362884991acd7a4bf533454ee1d267909cbb2676cf3de9097ad414ecd90c7627451c5a020","nonce":"05ce87b7ec111f95918f4206","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c9bb5088479d4f70ae5aab25bbb579cfba0935247a14ac6ffd6a3da1a0d3583e6cd6c7e900c1badd0f5509e07e","nonce":"05ce87b7ec111f95918f4207","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"7b50cb8a6de12499025e91518e76898af0d2717bc629d14420d4f3bfa60e644ed076859b29269d7ec9b092fd43","nonce":"05ce87b7ec111f95918f4200","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"6c810ccb09880427021701ec636cead370dca29676a0c613bf9c944ca18d6891bc6f0a52038838034de1d43f18","nonce":"05ce87b7ec111f95918f4201","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ceb770c04722c7b67d50e09c169e77a62283288b3d3c55a1cc10ba1425b93ae1468bd9f1755d9480510a1b3cdd","nonce":"05ce87b7ec111f95918f4202","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"07ce33b7e74dc3282e54b83053890a6e038986cf31913366930766a324c2126bbe2acec8821f6365b76b9236f9","nonce":"05ce87b7ec111f95918f4203","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"fa6e932153939b97cd3d7ab7aee7f1f57a628a3db83bbae4e01629be72f0cab7a0907d62e784cd317774ef0017","nonce":"05ce87b7ec111f95918f420c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"b2e7de448cdf6f1d48f3a9cfd3c7a418dd8153baaa8d4efe4eef91e55ce4610481265670fd5df29e8769a906bd","nonce":"05ce87b7ec111f95918f420d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"d761f2981e17f03beac3b03b135b1dca4e6756c9865a9360c916d74e4ae9fc5e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"410b498367d8e34ea96356bc5e60f3d25f38ad0e8847e01eec3c0e7aec3f23ab"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"f72a5a36aa804d282f4bedd7c0da1c7d437ebc1fc7317150e43af62e1117d389"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"6b601a9d2cf035a9f106a6a1137eb0fe1e49f437abd1d60e8aaa0caf2d5548c1"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"137b8a29cb1b8bab38fded49d08a0d4251c0da8a5e4303be169e704588a12518"}]},{"mode":3,"kemID":33,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"71063a5cef2e697e3c99bf86c483220f74b6f1b12ccc29aa511b09824d929751e6fd016427fd2ce89b9ce16df675e0ece68a96144d524ca5","seedS":"d5004164ecef8546acd392bf7ec8c721151861f1dff517612c7f86f54f63f7faac6b75977994601d9f2a870cd1f861cb3530103c415cdfcc","seedE":"f4902129a7b9595e72fc8d80cae254c4ef43d633282f55241694c76d4a99d48c403379d232706a9500301f05b59d01788898c35f1b1d562c","skRm":"84b3d877a7e4b8e12c4b1b429d8067fbfa89b7964ea5f68a05090a4413d889f0b1037b430a8390a84c49005a00984dec1bebc5fef1d88ac2","skSm":"4a4acb8e8cccbd7cca49efe5f99bf2bb99a7e8219cdaef4d5d37d80aabc7ac93c505d6aba218b24531b704774c61e5e95d9e6c6c8314db7b","skEm":"6fc37551bff6f4096b63ed7d62f81b448579104a83700b680e83b5eeb3f7ebe2dc26615024109a497490369b6e8a704b7550431d580b937e","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"165e1c20fe05f1d17dc1ca90a78c46b6e1db4dc85a0534917241ddb73e6f33209cb0e7f655df53c03a8faa2e133a8f6805d2bb5b9d27e740","pkSm":"0cca5699dacd2aac547f732608e7715d848b9ea165d0b6696f03d37a6a495cb5974b01f3c4e3415bfbe4e13ed40dfdfa183b7d0e322a17af","pkEm":"f4f65f4d58230ae0b8fca259721c5e0bf2159a5f9c03b1f0e3414ac7ef0090036332b5fba9503aa0939fa27af4d3649eb5a1f3f0294bc970","enc":"f4f65f4d58230ae0b8fca259721c5e0bf2159a5f9c03b1f0e3414ac7ef0090036332b5fba9503aa0939fa27af4d3649eb5a1f3f0294bc970","zz":"b5880e1388594737a5faa2c7161a34346823252b8db0fc618e7bdb6cd18b508da048829ac1b9d88b56da5276fc9ffebc29441589916156c6bca59944d03090c3","keyScheduleContext":"0310921bed02defbdaf22418db3c0caa69dcf1788c1bf432939fa47f0ac7951aa6fc81b834fdc6d841cc3b65d8b12cb4caca26b99e5f144b1a7f39b7fe8b4538c9","secret":"016984fad46248e0e6b5cea1228dcaa2796cb7b0ef703eb92268ce2b1f68718c","key":"92d404c1c6775a66193239cc86ceb8de4182b313df7b0d86cc96d1a85dcd665a","nonce":"67d4fb74a596c5298011e4df","exporterSecret":"f39448e4675003eccfc1b160ab6d86b41a4489ed342e69d762fb3a709a2ebed2","encryptions":[{"aad":"436f756e742d30","ciphertext":"2df0eca9b1fdafae30a5e95bb0755381590b100d9adcc3a3b2aab91497bf27f5f617475d7b702a9f02990aa3a3","nonce":"67d4fb74a596c5298011e4df","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"333772de241400004f959bc2c3787c6da654139381b00e085c414de590659ef44233a72e94548a6d6bcb9982ca","nonce":"67d4fb74a596c5298011e4de","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"08f1c522ebc52b4ff736ee3e71493eca4d8c9c8c3d12be2a3453da4ea726e018ab4182f48c103da650d5d04431","nonce":"67d4fb74a596c5298011e4dd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"73d17003e2125d96d5ba86ed88506857f999a8aa45c4523dc58d36b955b2e72e13529984635a61a06761c3bd26","nonce":"67d4fb74a596c5298011e4dc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"59753bc65e714d6c1543e7955433d1cf09dd8cd6882bd4c6a18a4bacbc838445b9ffe13e12c529496d374f61ab","nonce":"67d4fb74a596c5298011e4db","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"00131b12fa905a940193898ac83142dfd6ed5f9feada61316206a96d9f91e109a166f5773e667fd3d58bf4be9d","nonce":"67d4fb74a596c5298011e4da","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"74b8f714cfac3fdfa5fcf1412be6edf90cb28261f78cd659fdf98ab6bac18a90bd8f0ae5c209c68f5fd7bf23b5","nonce":"67d4fb74a596c5298011e4d9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"aa5642787d2ef073d0a7c8c9997d7252439030e886264bec1ba4f25f7e15c7a93d9bf4b9c48aac1de57cbb6586","nonce":"67d4fb74a596c5298011e4d8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a122ff06b1f8c4592f2ddb4e347a93671646ced8e9f13e1c1a6494ea27088a25cee43a6a917f2616d975b96bbf","nonce":"67d4fb74a596c5298011e4d7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"04a301871e16155d2748c099c4c436d54f9e9e720cd6afe0046e1bddaa2181090034cf369947935553bb22a17c","nonce":"67d4fb74a596c5298011e4d6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"ac4002641c60c47c8b6759aa385327f3e468fa434b46614427cc35f6558dad7e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"23c23e5d7ff6e3430514da6d984a898097dbb6329c1788f79a946a72c58b7bd0"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"888d30a10a65a5ebc62f269354146572de2fdf2bbf5ef04c00a53bfc01147b7f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"85454464eb4cf18f33e6ee2c1499808fdc9174eec436a3232d93b0c86125bca7"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d0b08ea6dd1f552206cf770bfe35911cab26ad75ab44a6d425fcdbc914084840"}]},{"mode":3,"kemID":33,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0228146efd4eadd1da0a12d3f66f2bbbb687f3d00d16cc2c1bc26cfe692e7254e2acab338ba891f8f5039d4f17ca1f170444a7c98285d963","seedS":"079735162b50ea7b7d626cb12acffdffd9ae3cc680ba987c0d8d196efcf4cd06689229d7db1c6603a054a1041921104cef8496eaf40789fe","seedE":"8ab4a7c237eec957bca4b79888a4f40456abb4cbbe4ec84a426c04773b5225aedb19d420a247dd83a22647e3e392f33f59ea73fd0a9126c5","skRm":"7669b46626c6b599a7fab5e630596f84c58fd9dc20a02fc8d9b72d1f3c317f1387d40070d49e8df8fa157ed0c6d415ea20cb63c1c49b9e60","skSm":"2e47a09b00fd844705af6b8378b2a17ab6a368d80798c2414a41952e3bd2bc9e673447d18fb0331e9771d7defd3b67d99e83b631867db09a","skEm":"391f7c57ed6b9f343e72279f394ce80d09a928231a9013a7fdd96f54f5361a2e59edb3c2ed54e3acf4f1bb851417aa3e6daba07894902a13","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"87e18c8ec7e63590b46e8de7ee79b359f30c9fe1d1ec074b7c4f1318bbcf77beb48808b718981630e675d74b87cdd4acf47169ea0af86ada","pkSm":"7d380c56b10af331aa2d64c206093521801407ecfb4c3c3ac3dd33a9fc511f0a4d5eca3fa6edfe8d324746c7c91befbba164ee5510248b0b","pkEm":"e1e35b13bae4430e8b41f9594877661d7a5dab4105997d804a4bbb06a6d877a7b5e6275e21d35179f84bbf7513b346be4ca60e6bc96346b9","enc":"e1e35b13bae4430e8b41f9594877661d7a5dab4105997d804a4bbb06a6d877a7b5e6275e21d35179f84bbf7513b346be4ca60e6bc96346b9","zz":"5489a3d45ea14a9591c1f047b911313af66a53796d725bcd889c6e7296a4cc34d8cd1b2ebdbc2f61c5a6a2c9bd0fe2e89fb3286f9964bd24b0e15f6b06d89ba5","keyScheduleContext":"036366463e2d52fe91d8e3cb904dc281e2654afb6d098759bb57a303710ccbcb4636c327586dfcb1023a92cfdce8dd7f6cb02f033197001ad3a1193a60376b3bfb","secret":"a58f2d928480043ed7af69411fd8ac5521d48a6552d9136a801bed712dd44710","key":"fdfa97dc53349b26ed6a0ee96954f8abbe4e56168fbd377f459d211a5f38299f","nonce":"70861ea599f0676a8943bfa4","exporterSecret":"5fe5e167c83b6a692524bf9709e2761fbcbf1168cd9f2835d4c06622254eeb40","encryptions":[{"aad":"436f756e742d30","ciphertext":"a74a7d67281a6471a74fefd7d7d34960566ee3d6f74ae79b9511948c5617d9cf11652dc0fa3370c91c7b9df995","nonce":"70861ea599f0676a8943bfa4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"0ef4cf39ecb5171ece07f171285132ba63c2fb383e5e562c5fd85d0b2b8945b4efec64ef4fe667df7b5e80fc6a","nonce":"70861ea599f0676a8943bfa5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"69545070980258cb89572f4c67f36d12953f52a6ee78155c572315f57a55c1b0f0064bdf56c9b6c2234193b658","nonce":"70861ea599f0676a8943bfa6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"4d529010cd527c085d59bb6711603889888a79127c04d0d40acb9a073c4c2d7dffcdf624bf3c95320678d32d26","nonce":"70861ea599f0676a8943bfa7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"574ad1e4e0b508cbebee14243ab3fa3dc98be157c63c94b94c320fe17d78cb20bfd01439c23971986e8efca48f","nonce":"70861ea599f0676a8943bfa0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"c6fc7e646d24956477061788777e380210a3959f0fde59e73acdffe477cb939391499b8cbb03c1da0e1fe0093a","nonce":"70861ea599f0676a8943bfa1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"10c32371c255a53ee34bcefe38e31f3b51b26bd511164a38289a83b49bbc8b6095fd787205aeaee837b85c745c","nonce":"70861ea599f0676a8943bfa2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"4e93bf37136cba6b847dc916f58f36567dc3789860b32fd4a884f40a63102cdb71603d309a2579b5b3f561885c","nonce":"70861ea599f0676a8943bfa3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"12698cd41375798400d4a4a543abc9012a9aee7527f860a74f95142036c7babcf7424510b53a1c92b08a87c15b","nonce":"70861ea599f0676a8943bfac","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ac24e3e6737f197dccd7ef04ab2e825f40c0c82100e2b9fac4f45503f95ffb4a211bc28b5c8eac2ab139b286e9","nonce":"70861ea599f0676a8943bfad","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"ddade89c3abd8f18a2484a34bd805efe7b144526da4c29648b06cfbc4d765d73"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"7eaab113c4306afd28f92f4fd2f9ddb559a77c2257612d0f68fab1fd056a3a39"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"8053737fbc3b0aab61dce1949126a0c5c110c687d25c2a38dd1dbad86740d4c7"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c54da397781644621c3f6cf33170b9cb7e201de8d060b686777a635eb4941ef9"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"069bf495aca08d6b7ed79e8d83e35098f682b660d42b5fe6d8c50ce323356807"}]},{"mode":0,"kemID":33,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"da6dfd826f5c0ce5ed0f63d43bab36dfe17eb16d5d91a58730f9d7419605ccaa0acfd8259f35bd7bd61d82eaad112bd2e77813afc538af77","seedE":"897690023f70cdd5d0ff6801e9532252ad3bcce7532c41c00eda401d72f07db46774c3c70c3fe791462f81343caa295c5e6113d5b62c847a","skRm":"cf7a99aac31a0884f051c083bdda1c3bdd2a061f5697c577d2ce287e54c179987dddb4dd7416ffd91f2c54eba79f18f0a82c2ff4e069b1dc","skEm":"f3b5ba337c5bc441cca2c472eac6e48ccaaeba192be706e80cf26d7d596a31d37346afde4eb3d898f80611fd6756643782efef4181659538","pkRm":"daa07000a59cbc48d6aa57b8254b5d861463e0dad22b69b55388421fdd5dd0370b7ec462dc0a45de7e4cde11e343e0d9ca07e75702dac852","pkEm":"212e98b2713ec94c78666c859d5a208fed622f459709621e99f949871631fe772dc79f1b81455488e100b1d31bd64c677cf145f3c0b568c3","enc":"212e98b2713ec94c78666c859d5a208fed622f459709621e99f949871631fe772dc79f1b81455488e100b1d31bd64c677cf145f3c0b568c3","zz":"4ed23bb6bf91ed217762688c0af3553297e7677ccddb95942d391e144969a98fc7856ca8e06fcc5b0085faf916870446e1090c6198bf82ddff352277d7e77963","keyScheduleContext":"00ed5b51ff9937e3c7e1f94b49824da3ac70afea7e7f89e2e212f3419880f1334f36c327586dfcb1023a92cfdce8dd7f6cb02f033197001ad3a1193a60376b3bfb","secret":"8d90962fc01d88dfbf7415d3750e4c4d732eed78b1a681b83da90bad6d9f303a","key":"35effe5844a4ee632e6e96a18da43fcdd94967faebaff7e2d12d99537dc0413b","nonce":"07679ef0620bf576f46a9059","exporterSecret":"59e9a9fd021bc373c4954ca952a58f7af881ecf4bd95d5d64394317dd2717d11","encryptions":[{"aad":"436f756e742d30","ciphertext":"03898194e6970527fcf331515b1ab8570f305f51a59d216b602704e3ee7e447f332d01c8c02397a05c69fc8958","nonce":"07679ef0620bf576f46a9059","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"96cd226c3962829a49c589a073e49b5966d645d8e564383c3492ae5b98bf6514285c0b3fd16283a98641dcd057","nonce":"07679ef0620bf576f46a9058","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"295caa70209f34a82dd02c020cadc891c3dfee86208b4859beeb6f96627f61f316019a966be33e26a9f9081c2c","nonce":"07679ef0620bf576f46a905b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"997d08022f30f339883a2c5a5d1ec0b49c7ac60169e63a1e3005f861bf5c581e664b291d1a8dee9dde0e157d20","nonce":"07679ef0620bf576f46a905a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"4baf0e4d085043b22ecdbbaea92de2822c628d1c803b4a48d058c8af0c4852d7921c83f9325e930a1b5cd378af","nonce":"07679ef0620bf576f46a905d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1fe321ada84862b956ed806a01758624a354299c5a19a80515c59a18efc16586eca08deb13d08f117aef4970a9","nonce":"07679ef0620bf576f46a905c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"57b32d78e600a40135243e25a83b90a370b42d4e55d64f47b894562a03eb03a5279c6657130f065cd975b5dd74","nonce":"07679ef0620bf576f46a905f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"9bf0a8c405946c44a97de689a372b57ed96d93250bf2887a5588848a9a583748ef7a41efacf0196ef4f1bbe1b0","nonce":"07679ef0620bf576f46a905e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8bee3f0840ef5547681bf033d578a8b2a3424655d42cb9653fefcdcabd044d3e13c1800d8bced8772cd2bc4ea8","nonce":"07679ef0620bf576f46a9051","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"da2abb17df5dcd6ad4bc574225a4ad2bef4b2af69582dba95022375641166242e0549fc8f003f72a2093515065","nonce":"07679ef0620bf576f46a9050","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"03f94a57604081d6091109e48b28fe429a1d49bd7aeae238875e5bcb87f8c159"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"dea19b635e736e517939bd58a30397ae603a9abaa2e1c492f54dfd279b1b7c89"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"d34fadabad541d865e5a7d513c094ef20f0936d8d50505134c56377ace3f1ced"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"449170a692380dbb52e4e79d54eea1a68baeca66ff9a12494c863a01a486745e"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"4e2f6a02e62b1d2e62ad758f1e0e69b8c1d217886f3c882c7b560fe1d727c64e"}]},{"mode":1,"kemID":33,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"c9a5427245463ac6be91b3f755050f1c7da1626bf23edfe04ae105e92df1e91c0e998f65a5350fa4a68971bec6176338b987453c09c67ccc","seedE":"f3989ddec15b028184f039bea5d9976a43d37fda198458d4e128a135dd074335c83c9895a75958a74d6224b30bd75ecb28479bb8fcef572b","skRm":"b3f583efc1da0e373b35b856fe455ac61418b2fafa5cf16aa93c17aa0a969bdab6b92223712644cb8661daf76bfc588323679fa7df8a1d29","skEm":"de0da484451bd6a971b6832411dc16fb0a101e52693f896f68238e2325bd320a9293c5fdfbda9428e26c1c57ded2f227d4eafc3b1b10324f","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"65ee23a8d56e23316b0f2e7f6e9eb35322f24d1cc6336d6391e3403bdcc8afb53bfd4267e3e398f147f23722fc48b63d5b2598622947d4c8","pkEm":"122239cc97ac5cfe4180f933b9660304c63ac0446e5b407c8f19104e74062e6c594b2166d7db790ee65ce5fffb7e320505391da28ea10451","enc":"122239cc97ac5cfe4180f933b9660304c63ac0446e5b407c8f19104e74062e6c594b2166d7db790ee65ce5fffb7e320505391da28ea10451","zz":"71698567c1cdefb74fdb631f10f246fe5195d7167a5ccbd328b41cae2f541f065b0ac23775ea050513c90cca0f35fa1a11cb92277d8064d7549417b9b7481ecf","keyScheduleContext":"016366463e2d52fe91d8e3cb904dc281e2654afb6d098759bb57a303710ccbcb4636c327586dfcb1023a92cfdce8dd7f6cb02f033197001ad3a1193a60376b3bfb","secret":"45702f0f06be9b99206141aad562e943d264af78062239e344ca4fdaf51fe58c","key":"bb115b4e00a25d5d8d4d1b907db993004ee4a723809fdec178a1c9cc33ab86b0","nonce":"d376afde51c7503de435970c","exporterSecret":"38fdcd4d97fa43b638461cc0c1cd8e5020393fe607aa39ec28066ab0cc517d48","encryptions":[{"aad":"436f756e742d30","ciphertext":"d8bedd9c6d78f6e7387b71353089f525a4912ed6a93ba5f943b71c67ed7183b93a463215025548b2345d703c6d","nonce":"d376afde51c7503de435970c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"5a6ae1f01cbca3e33701e10d502ab2756a4f221cce85186120db40db3a21723c081e8964e39a65bb8a515f4df8","nonce":"d376afde51c7503de435970d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"71311dd54f3a43d84ddf6af408c2939917389ac0a3b9ac55fc270746fcbef656457f9230671fb6945e8e57b2f9","nonce":"d376afde51c7503de435970e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"571456ec8e57c5a46830b1be892b6aa65a4cbcb2c52309cb22f40a1fea43d923f5a3bbdbe2981607dc2f7cc71f","nonce":"d376afde51c7503de435970f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"1ae75f8ca109dbc1d8262867da6c13401552c69bcf817fe8e3399e6b3b81a1c3bdceb41a641f2f3df34b21372e","nonce":"d376afde51c7503de4359708","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"fcb9f18f5d9c02052c94f550babf95a0e63606f157d0cb33d145ee7c2ede07e0ef862396e243e6e1060f6bcbac","nonce":"d376afde51c7503de4359709","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"2c73440a1b0b675325d94507ac5039d2443bedc1eec54e03a7a930fcfbfdb1b5bf18267f940c8767f65fc5b5dc","nonce":"d376afde51c7503de435970a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"07673204d9f12f600fadbba1d53404da15f907638dc31a5e1b618032b7aae2e25cca5534f31c81b7740b79ea5f","nonce":"d376afde51c7503de435970b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e3b51f70dc2ac5305008a05ce41a426c83c7de7d52c47383799adad0d52e1a7ac7a3898613174459d4cb579892","nonce":"d376afde51c7503de4359704","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9c71506fa35d7dd7ce2674ed67188ad3c1276cae1dc1e69c397f4a6b8a7b1f2ba79908eb2ecd47a7927235298b","nonce":"d376afde51c7503de4359705","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"83d92ceab0801bd6c8df2dbdc56c569ca7871547bdfed0e6e1b5f50c96678d56"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"77273b871f886b8097203dd2140b48148bf7113d17d5bbbf60bd10d96e4e856d"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"87a9ea0d49e01e146a4675d9517c844927dea372917428804dea904917987521"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c13a05ec99a8f8a25cd7c1701a8b147379ac7bd0f37b3828aac53ffcf9d235ed"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"9622dfd80b4bc2351537fe2b9be79ad0d8dbccf596e0bdbc640859a6a2c92725"}]},{"mode":2,"kemID":33,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"392313de2af8e90cdd7425d4697156193a193404771a4bbebd06c343f38d0e70f603f817a35473f7d8895dbdfee10b011f38f1f351140450","seedS":"e85141b3b6dd80a9deaaba957eaf0c51f87f231fc9086223b0f4f1b48c2b9e99385616133e7f0946c2de71def382a3433eb340bf6a294b73","seedE":"8ad8a6b5816e49bbbb1756832933377049ca46ace95f29cc4c620ac1dd6ea3edacc2d8c61b0c3a0c454c29168e35df5d308298226138abf2","skRm":"2aaec074e70fa0e1141d3e8b9749b76bdf23368bd2c9cea62da70544311005f097f8953716b64f4c4ee2a580fec672490838df96c6dfc179","skSm":"36cfa4929e60d2b0675ecad646e1b8b8ce02c9751bc9f97171ef59af12595141d0a3868c6249a67974857f0c3817321aa656b3611ec27446","skEm":"d8ef5a64e43264ca610d31d619bfb109f51b72f2d1778bf3673b001c762cf3f22b6c008f51719641454207675219f5829327e1cb05946e61","pkRm":"36392c7f9db1d4d36559f0ddb0f43e475df19a721323d4c2305070ca660e8e970b3bd358767749e249de2aa933ee87c2926f0b9f52bd89ec","pkSm":"f2e6d7e21235838e1a5a39d6dbeea837ab68ba3c72200e5b01e5db10a093888585cef01b3c8a667345fe69fd5033d303111163df85f5b571","pkEm":"9aa1866f86229ab58627465fdfbe0271096a5bc5b0809adcf9fa7c3da69ec23b63939db05ba7d563b64ac20f6661b42ec2096225739d2ea2","enc":"9aa1866f86229ab58627465fdfbe0271096a5bc5b0809adcf9fa7c3da69ec23b63939db05ba7d563b64ac20f6661b42ec2096225739d2ea2","zz":"4664415d5f01b20a9ae0181b8e0f713180ba4ece76bd94ea989b5bcdf775ed85364540ae44b4247ba837af2c6d19d1de903a3b207be17742eb3c06f6373f1312","keyScheduleContext":"02ed5b51ff9937e3c7e1f94b49824da3ac70afea7e7f89e2e212f3419880f1334f36c327586dfcb1023a92cfdce8dd7f6cb02f033197001ad3a1193a60376b3bfb","secret":"9b7d7d601e4cbbc5011ce0ed06f449d4e0d202535b5969c645112a9557525875","key":"ce910d3654ab5173d4f41321f172796e108fe1decdf96fcdd2ab153a78704c42","nonce":"c8f3bf355cc0f31bdb29d983","exporterSecret":"bf1610f50af2bfc4329c556476fc13d941d0a351bb457266891b38d24382a755","encryptions":[{"aad":"436f756e742d30","ciphertext":"c3ba5400da927685708875addedc83b7dc53019249fd8cd9a7bd86f3a9423bf14bbd188b8d372e21052b157d5f","nonce":"c8f3bf355cc0f31bdb29d983","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"331e997403fbb80829c4a9e8a8779a07e54b44014bd4329cd1c0ee70c8dfcd51f68cdbd3f0afb9634966e68644","nonce":"c8f3bf355cc0f31bdb29d982","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7558c7062094fd958f83724e9af057c7354166a65d11e7cc02d3bdcad5bc1e6835e50ddca6909587febe4ae272","nonce":"c8f3bf355cc0f31bdb29d981","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c03c4e684a085079f6900e72c941372f72891b46c5f3f2bde2f30871fe14d2839c0f9f4ed7c4cdfa615588b624","nonce":"c8f3bf355cc0f31bdb29d980","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5bcc2aa78e13da11782faac532c6ffe06584c57dec84a30e7505f84bf4062b106e25d913b4ad68df699c4b0bf8","nonce":"c8f3bf355cc0f31bdb29d987","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d3f4416b6819b91b16946c07c53770e9b57da77e9fe88b70a7a89fe5895175990e7bf38b9acef851cb71c1ecd8","nonce":"c8f3bf355cc0f31bdb29d986","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"c02d97beac4c4f6a603b98fdcc7f514b1224179eb85e8617b76b0d64f02ffcb1fb98bd7ddfde337d02dd181eb5","nonce":"c8f3bf355cc0f31bdb29d985","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"39ccacadd3fa386e6cbff7ec41a54050c8ae241272e32b72a876a3c3a99b224be5d9ef88db5aa46aa7c6517130","nonce":"c8f3bf355cc0f31bdb29d984","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"6fe9c0b5b6f0326ccd807cf3a7c83bd4fad6233deeb5fba28e69b84f756b51c11620dea349c3a9d824042f232a","nonce":"c8f3bf355cc0f31bdb29d98b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"b94f529631cf9702268e2c28a6d60a340fd62633fd1779c5884b43e8a695eab9f6c8ead5a4d95f9693bdb5e7eb","nonce":"c8f3bf355cc0f31bdb29d98a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"6026049f558243553290399d15b9296d9f76aa9b7bdc4d48de81da6c5bf2ac00"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4fad1d7eef160a2339b56371c9b08814c6989de77e39817061c6297889de92cf"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"a98e21de64276ab90d9cd399d6c36317b8255665aebb6ce7d3ebf64129d322b3"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"36054e3a417ba4b518a24ea76e31ff21176d024a6aa6b2001d35220bcbb22228"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"da1315eded520e58239d4e136990c612214bb1bf4de4e4e0ce47844ec51008b8"}]},{"mode":1,"kemID":33,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b4fa639abd3dc43911459dad07ca35e41dc2c55a392b5caced6b004804ee10bdb12aa8f7239ae0812e57d5e2e4dc143ba598c49e4f069119","seedE":"40e1b58c8396c45a5ce44a3ad4f6db734730e58c0c3555b2875e072e370663804ae620850914fefe46d233c3e2dc2ad201f82c5805a2896a","skRm":"ec57630d5eec85cc24ab3f0c2f4fdae40c3beed83c74519d34eb057ea8cfa7c84f3069cc8d2b86167c3298ac8cce03cd5fd7670d54f08f23","skEm":"3e52b02ed71ba2df418a19f8339372bc216fa2ca11ef8fc9ccfe0f38ae10fc53c31f89c086d3cb122ceeaa39ce77ca50c7ccb06d12c4a698","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"d2219c493b829920a71ba6a70e498a68570ca42f1f64568f7dc6f358fa95a98a5882a90a51a358315eac671fcef38477a77fc9b1674c7050","pkEm":"a3b836ff999aad66e1ea93ebed985abb4c4ab6d03df1573b9958bb4f35686d2d056603f94f55f6fdf6e7c85ccd5fa2dce65c947ff43753d5","enc":"a3b836ff999aad66e1ea93ebed985abb4c4ab6d03df1573b9958bb4f35686d2d056603f94f55f6fdf6e7c85ccd5fa2dce65c947ff43753d5","zz":"2cbc7464800343658633291f4a525de31462724b8cdeb8974beb73c16d41bc4735d5298a173ce51d59be99d84064cdb3f4791d1afe0aa298a7e3a55357186594","keyScheduleContext":"01c54e5b1dd672205c2c8b9e2c176d458c9057b588ca7b8d16190445052db25e282894d65c96a54e59b45e097cb00f88270b71d500da4d8cf082c66d965145e4f3401e19bb8a9ae3c6a96a7c6410401c6187a0ab4f5ce8de519a688cc9d84e92c6fac4c7c06107437c2516b317906710ec75d92e79d39d07b3354b3e7893d35111","secret":"1462df9b59de4e7a1fe976bd09af094d52834c3163ac5e1ee9524cb1e956d5b297f77bbecae5af1b4017240124b2d497b8cb3aa023ac97953a5f5c43424e2938","key":"690bf10d27764c915a9231496d617447","nonce":"f28deadd657c6b10fe31e996","exporterSecret":"21376dcc6c2f6d45ac3a749b36b0815ef28564af6d7ea2d92610a963ea3a5811b1af3207e70bfacea07e86033a89399cc326d4c406afe0b620cac00be3f2e053","encryptions":[{"aad":"436f756e742d30","ciphertext":"2998057577ddb9908f3b36dbabea721996157535dc9008ec607dcfa4ddb00df92bfd3a9c4a6e941f901b08b770","nonce":"f28deadd657c6b10fe31e996","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d5b76b6388af7aaa80a4d900448cf2ac11f577b5247e5fe822a06391735e79e15ea11639b73b65ff9062c641d2","nonce":"f28deadd657c6b10fe31e997","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"5ec8bb230de0677558717fee7d13a449210d91b6f682d3faa1c061ce562a86ca09ff6902bd8a3395c532a0b48b","nonce":"f28deadd657c6b10fe31e994","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b88b24013b85791bf362ee5bfbb2a1176e1ba5a31ed91cccbb64ec61d1fbfe8c76339cdad2e9eb668038e8fc51","nonce":"f28deadd657c6b10fe31e995","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"979e438f2afd5562ba5bffa452c40d7ccc1143e3f3dacf5fcdcbe939753d5796144e06b5b6d10564f920aa544a","nonce":"f28deadd657c6b10fe31e992","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"e374c6cef4f8df1556aca60f998b50f789cee3c5bf72a7cc1e975854e7c165a223631086a9894066727bbb505b","nonce":"f28deadd657c6b10fe31e993","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"2b17858cfe138fb5fd3982e81400b2d4d0dc5d0058790637c7fdb69df6c23ca93e71e3104913c5755e68f6929c","nonce":"f28deadd657c6b10fe31e990","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"65a956153f13c5d443dc16344570bda9f5500f5852a4fc622c754b61543a0a6aa6660180f5d393c7d81797c314","nonce":"f28deadd657c6b10fe31e991","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e0812893101c737502134df6aa37443fdeca89bc36c4c17b48c67e282f7183ec1991da3541a3e87d2fac1ece8c","nonce":"f28deadd657c6b10fe31e99e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c094820f8e8d0c432da2a89e72961e55732f978e780863963f9c33a0395cd1d4ffe5d3ad701e0341ad4b2a20a1","nonce":"f28deadd657c6b10fe31e99f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"7aa5eb7354d23dc767e260624e5d6756f72bfae247f533d036fabaed00f98452"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"742ad8801443cdaf6ae91d52d21fd9f534a44639ce030d6a0a06268749128ab6"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"61cc38d3ab53f4bc43b05592b59c22851f3a5e755c31323e10637a8b0c32a873"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"2aa48952c65f5c190a402bc88ce074148778a0f52229a7f2e9b9833301d741a5"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"15427b7da3db0eb36ab34a0982e62186f592f61b7cee6b01677c96147cb1b0bf"}]},{"mode":2,"kemID":33,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0f2efffe0cf61ddc539d97c9fbc312e9a2e883122522a2b199d8cb5d59833d5dcfd2564826f5dd2b4b8af75a3b041fb817b7892edd5dc836","seedS":"4dea3598ca5e33dd2f5ec0d807a29a22660f7a5353d9bdc89298c7de75a770cb1d37347f3b47c82507341fe787bdcd9249b6883bf174629f","seedE":"b4dd070ed4c4b152e7bcf3dfdcc3dff7c09d3f02348849e32b677e6eb550decdffc6c4bc722f9b6bd328303d146d1dc8ea1e80a09c25155a","skRm":"f83742d9f873d7258c785bf2d1a800be9a7e720cf4454263c89c18d2d17cfaeedc8c8caee104e2678103609c991b66a912f99a0f7f20414a","skSm":"4397c7c6e9ed65ff1211032894d68fbf01d59ed1d68a8f2d1f1891ee332217eac297fc46df6b0668b6cb21bece34cb64f0236fe6f6e68f44","skEm":"caf4c99876556882262e98825edbd19b59d8dbefb92097490ef71b81997ece13a84ee1aaefe11f6ddad98ec9c2b803c9f68473a03d24a690","pkRm":"48be30465f11741983423e1d39e2838e7dad3c1773b3a2ed22baa7527225a317f08630036dd5012913ccfad7e2f1d02301965a05d5a00c01","pkSm":"48552eae0546f2da65f5f1953196ece38e268b7a2831d23dfac00ff3c795f7fe53237ce00a01360fe833fbf3a2901b656eccd78a960c3996","pkEm":"e539a91b56c1e82efee0a371bf0c2137eaa9fec8770629e334e6ea4a631cfa218bdbb7f234e0931245deb30575844d48008f3baea8b4d00d","enc":"e539a91b56c1e82efee0a371bf0c2137eaa9fec8770629e334e6ea4a631cfa218bdbb7f234e0931245deb30575844d48008f3baea8b4d00d","zz":"90adb1147730fe9412e2a3c4ce7e266a537d29bfd23c08473c567ba0ce6287675afccee853ec908880b9f58f29dbc3de1fc8fd7f19195ab8cdc934e3d3b06e2d","keyScheduleContext":"02cbf449bb5b8b89e34866dae2fc40170dce18dd2b9ec6b3085ed757ba854e325dcd24af316de46f9442ba687191f7295b4651cac73610605bedfd46ae6a7be7ca401e19bb8a9ae3c6a96a7c6410401c6187a0ab4f5ce8de519a688cc9d84e92c6fac4c7c06107437c2516b317906710ec75d92e79d39d07b3354b3e7893d35111","secret":"6e73d486661ce3328be729bae557fe7e4f60ef20561549731fd84ad4a30de7c324e7a14e93f41bb2c3bec876877c597bf94ba3bad298dbfd84fd5d3f7c05f90e","key":"66deeb0c304155da68c9f29ec23fe64d","nonce":"62475f2aa26deebecf2b22ef","exporterSecret":"def0faf40a613cf810a48f57edbd4ed88f95a9f7c7c439917e12ba9eb7e20fddfbdf6a4d86c3005cbae80bed13cd80a1fe730ad15d40d06699a85f81cadec93a","encryptions":[{"aad":"436f756e742d30","ciphertext":"b27e7f3a5aeaf82a32d0c6beb12f379df3e8b60ab3e7af09711593db8dc06e1947a59c9cc4bf1300e97271e6e0","nonce":"62475f2aa26deebecf2b22ef","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"07823e1d097e586d90ca7862e5afec59b49569d32e924b449f51c0cc79cc8970f72ad85c9fe57e72d64baf15d8","nonce":"62475f2aa26deebecf2b22ee","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"05fbdb168a7a9d37f1a100d6e6a4da11a587dc42fe25da7e01326a9da6e142070c961a41824f4af60e3ec68052","nonce":"62475f2aa26deebecf2b22ed","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"720b7062d80bddaa466c5c4b78dc66e2ffea72308478b44d6bdf915448decdb262ac0615e2900a99a4bd62ed89","nonce":"62475f2aa26deebecf2b22ec","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"855f8fc6758e41bd1b263f9842841a87dbc48c775e8c8bc8a523a25b414bfc74e67db41467d3cbf5df3f437aed","nonce":"62475f2aa26deebecf2b22eb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"cc331837852078fe439cad64c9c77ea1d79137a25078a39712c4f61c820031896f95c9774293b39a1b6149acde","nonce":"62475f2aa26deebecf2b22ea","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"31db89a1cb73c7eeb54b03599b46afd4a738cebfd3119fd17ded16cde7d20eb7c2b3f8d5f29a9ea5c765e3b8dc","nonce":"62475f2aa26deebecf2b22e9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e1006ac5eb72025399b53ed0e817ad67838b4c6976b74844b778ab93998b559661ea6dddfcf40ce76cc7ca831c","nonce":"62475f2aa26deebecf2b22e8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"141122dddc105a40d810cc7b8c13c0c330c2f8a9efdb79724c510afcedd5aa10ef2b96cb8f5336777e078b6bfa","nonce":"62475f2aa26deebecf2b22e7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"cac5ba9069478b3b459caf061eaa9177757d05c0d1d705dd5d1bd159e447fd4f5bff18458399de2b433a3cef91","nonce":"62475f2aa26deebecf2b22e6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1115066c59427416b27220b6e3076bf35c09dab5346c3f1d2e3bd5e1c50b925f"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"18ff211735b31d1bd4cfbffd000cf75d334abc4ec23e7a48458250788b7d2090"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1ae50344c78eb109d1ad2d7b73ab13f1fca12564102baebf61f4e174a62ad64f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"3cb65832adccd8951ca1cd5e5916566d30920fb848c44e643fc4c2a13ad27435"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"a49c7a465b38db82b2d71480bbc899b9449f5fac3a4bfa7e821739a125caf973"}]},{"mode":3,"kemID":33,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"2616113b776081d66d1966180512f3f8fc1ead4a9b05bbc94b706cdb293ce0300c0a05e1f3b9952e42669340b879f699476b357a07c4e507","seedS":"1899b9ba7ccf199ee7c0602e483fbfd4615b944649c213b55fe4fb2f9ec03f09ac6e6d9cf104a9edee3c4ebdd995d3b3053631add5bfc2c7","seedE":"1a051257f823cb26c8677e7d029dbbc4faca884d108722a9d0e07da68a7102eae28886eee62abe55f14e7476aeef16f4de627f16d1bd9738","skRm":"54e4d22999390d768e850a287347fdb33925476553f05d6bb3cf7ef303e92514c30e83eb1d899214c35d768d2fd71bde1a2d15b8b56c96ca","skSm":"5cf3f3945b87ff9cc6f35dcfdb9cdb00a28a8a08a75188aecb7d738b2863459c0fc2333b21dcac45ef8668faeaa56b1488d6384f6b4ba8bf","skEm":"2282093374213baaf4c7365e2abfe0b7d1987facf5f6137d070eb66a0c7438afb2855b9685174f2831e41d120432ee6678f2302c11ada74c","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"b3da558c9b23160cb57aab9dc2fe8b10c70146f8da968baf1bd56ed5c9e426822c75a20f5b399bf45f37c56ae5c280bc4d380a3408c25bb8","pkSm":"8b04b4df9d5988fa78119852553347e950192a48754fa54057aa22323082088a090dc8de8d34fe3584b1e051c15978c558ab990c5a11f9f4","pkEm":"4bb6669ee06e74f010654caebd20c39f7681dd774c18dceed6cd572507362efdc8e22907501e284207f0942b2d053101346a6241382cff58","enc":"4bb6669ee06e74f010654caebd20c39f7681dd774c18dceed6cd572507362efdc8e22907501e284207f0942b2d053101346a6241382cff58","zz":"cffef2a95ee48fe378df736f3325dededbd804cb60c69e75e8c1c9974674c19dbc8065206f4b1d41cd81f5496e41a30b5a4c55b8b634a4bc2c6188d1ebc3c687","keyScheduleContext":"03c54e5b1dd672205c2c8b9e2c176d458c9057b588ca7b8d16190445052db25e282894d65c96a54e59b45e097cb00f88270b71d500da4d8cf082c66d965145e4f3401e19bb8a9ae3c6a96a7c6410401c6187a0ab4f5ce8de519a688cc9d84e92c6fac4c7c06107437c2516b317906710ec75d92e79d39d07b3354b3e7893d35111","secret":"b583adb2894077dd0f187e0c5743920d6f9353d2ad9dadadf68034f1d264ff7c46142dd449536066a88f5a69ff2420efcd19c3b2717d3f91429c41932a9309e9","key":"acbbf10cd03098a3255a02a9305ac029","nonce":"c60acbc41e265fa6d5792596","exporterSecret":"884f46f96fb0fa7f2c8e37a801148c550a89b411dffa089e9c6f98ff70fc99119fcbd343842dd4eb25e767be408e7b8abeb58886a2fa4dad36e5b67fcf1ab7ea","encryptions":[{"aad":"436f756e742d30","ciphertext":"c77b6ff369fe83bffc6578e200277dbc46566ff3b3e9c62182e8ae420de49ce83e0536fe4296acb6f645f51c4f","nonce":"c60acbc41e265fa6d5792596","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"5886cd4462b02fddb9f48474467cfab6161dc53d4861381ff6c3870fa8345cbbe1b9b1a78246a9e507203362b1","nonce":"c60acbc41e265fa6d5792597","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"af1dfe52027b49bd6d456f676e5c6a26df0208d4b314978b7aa162c2506b2547ecec028c1aeaee7e326f400bff","nonce":"c60acbc41e265fa6d5792594","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"8e390eeae7c987908e7deb1b8d6f93b9c7b3c4fe2fc020f255ee244143011b5989ad3c253ac39f9384c972f058","nonce":"c60acbc41e265fa6d5792595","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"fafdc67a3e86fa3a79ccd995a3643f83cb6071f01e4ff4ddb76e04cfa5b0b7cd2bf5c7ae52c9b5f2482d4998d1","nonce":"c60acbc41e265fa6d5792592","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"3fd0a0f861b1f99da10afd3f7280e0c0d1d0cd3412b11de1e0e1d8ab14da3e529dbd9f98d2b955363542f736cd","nonce":"c60acbc41e265fa6d5792593","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"19ba61b277ea0f1ae49700a10a489e18c788b9f9680d8eaacb10aa2df002257b2bd1c9badc001def83b52dc54d","nonce":"c60acbc41e265fa6d5792590","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"70b888175818545e073a20bb54a43e153a7515821779b262816ed6c344ef15bb0464f036d220302d32ab2bb696","nonce":"c60acbc41e265fa6d5792591","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a71198975d4ffad2d5d16c8e150b4e1c72407bf8c29723dc838ccad16409a5f6b9f270fe179587d0605722dbe4","nonce":"c60acbc41e265fa6d579259e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"1e45b5f4f30077ba28f7672144f659a9f1f5a31ca6c9ee4d348f8a528988f7ad527f43f93a9109a1f0b1806ddc","nonce":"c60acbc41e265fa6d579259f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"705bdfa7a1887887e7b4db61437dc93592aecf05c3ad95f38dd1c57700f20a2f"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"157ca57049d4baa33b92d5ec56512a759d9a8d299a1f6c7b48bbd68aa3cbe043"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"e06d228f0eb174413cc21917f08f7bd205b53f963abfd8d7a2da617e22232109"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"96c121284223f84989e7727a89125f03c770d4fcf050f8cd7e39f70937fc5626"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"114e6862d13aea34598fbc36bdefcaa9b305bc498ca2ae6fa729605d9a483249"}]},{"mode":0,"kemID":33,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"13b5e165c2cc004ba56cc0886c03f84612fbdbcd5f02de1ae03367ed24bae531900c3c67acc7b7adb58856f979ff87d90000000000000000","seedE":"d1b75bc7b211e52ec447117faafe26beef62cb5a49fe8609442bebc8a101b9802e0c3afeba1687c75792e493ad683ba5725833d845c2a094","skRm":"55b8b80a7ade8696a08b07786f71b4cb0dbd0285461a1a234e4f21880a8db9c3952d6a8c3b1be8b04f1e8dd07e5b642d87b6eadd238abd5a","skEm":"2bfb3bdfd964964452ef2f695d456cdf193ba05c0e50c8732b18e4536704d4ed67fe634da96c815a4449a4cf977baaf4c8ee41b38bdfbd5a","pkRm":"69e8bf62aa32c191976abe0095fdda952a60ca2699e661adfd025d4d5772e82f02a0db4a735fd3ab7c3765097c92ace8e0f4256cf32a4556","pkEm":"0d3275aed90f4b43c0fd8f056159469e4e6a571e18c3c074998008810b0aad4cac7ebb4821d21bfe61a9d414ea632987019423047b1f4ed1","enc":"0d3275aed90f4b43c0fd8f056159469e4e6a571e18c3c074998008810b0aad4cac7ebb4821d21bfe61a9d414ea632987019423047b1f4ed1","zz":"b5dd4b88bc6823eace7da65fd198d55fda273b3568728436a6b512ce2e72f96d3b7cfdea071c40c6f93c85de1fd339e84c8294afa7b93abfdcb5bcf4b8586ec3","keyScheduleContext":"00cbf449bb5b8b89e34866dae2fc40170dce18dd2b9ec6b3085ed757ba854e325dcd24af316de46f9442ba687191f7295b4651cac73610605bedfd46ae6a7be7ca401e19bb8a9ae3c6a96a7c6410401c6187a0ab4f5ce8de519a688cc9d84e92c6fac4c7c06107437c2516b317906710ec75d92e79d39d07b3354b3e7893d35111","secret":"46b54ddfda30adabe5387f3d46d33cb809f6b51d4717a7ffb0d3d53e1202e6e3ed93abd5eb7a88444d6eb28bb6c1eb3cbc5a07731fb3236651ceb260234c26a4","key":"41bb09bc8715fb8d0218d49b54c43ea3","nonce":"7353ab158ba6501782bf922e","exporterSecret":"3a08dd2c9e46e0466fe4f958aac94dde4f8a691a8532f5919046e7b9664602ff211d83697e9971f2a19fa9bc8827210414a550f6bbeb0ef23644c7a2b21873ea","encryptions":[{"aad":"436f756e742d30","ciphertext":"1b6647a4e8bd49c35e63586a39be09f32dee5ad955f08c451b8e77eebaae371f94dcdf8a51be868003d79db5de","nonce":"7353ab158ba6501782bf922e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"2d0ae1fa8361b31798cc1a4c50e38488e62e787dd6bfbf4f9a759fc3622920521bf9f0805ace7a67c1391f7b5e","nonce":"7353ab158ba6501782bf922f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"144e9df004fe47934fe0d07dcdbee7497eaa571fbc44c682088c6cf9c7065a966c2dcc805d5eed761da33c823a","nonce":"7353ab158ba6501782bf922c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b1bf7bf4e8cac417222252dc888bbc205ddfd775dea22b85720b02a74c28d9058ae0d44de0e0fb751cb7493023","nonce":"7353ab158ba6501782bf922d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"ccc8deb689cbcaba698a9679042566022ea9107f8ae113bf6d31ad70a11fd5a37d50323a509e2f3ec2c75c0b55","nonce":"7353ab158ba6501782bf922a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"8110c4c243144d3e1d8d16008233fc8235cb91b3027a8af06008e64abbdc301be0fd413361881f30cc78abb777","nonce":"7353ab158ba6501782bf922b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"607e46f873ed62d9c7ca5403b60aa336bc4a41d9a234085aee7c3270c8379e1d894d0bd7d8375cc496659e12c5","nonce":"7353ab158ba6501782bf9228","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"cad634ea4b5d34f57ae143c6ec8b680d618c72bf2033db7d69c1e87330baee59979d0c401579455e19561747b9","nonce":"7353ab158ba6501782bf9229","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"39ad93fb255308ca5d6f6fa5c406e7edd59e018c541b6c859fe7f1276590e7ebaf77152dc9f4b84513fbedc928","nonce":"7353ab158ba6501782bf9226","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"21c1779d7f5bc92e6ce9f2b23ffcf4426edcd7637dfa1664604753bfcb9df7444e99b5b2767fd08ae26f533bed","nonce":"7353ab158ba6501782bf9227","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"500df4edfd43f5b8a0849b0a48d99ae01ceb0def4fbc144ac7870d25e85667a9"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"c2d4d3064fb9f39d8aa61a3c414736e839c175537eb2d10bcdaf3f78e882a30c"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"5ed653b1d6b72989bcb85294fadd579937dc671a43e3bda43b38fa8ac51a8534"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"dfd8fd2090bf77ced7b6a24b1507f5cfd6dc5fdeb22c1a605a1781a4a7bdb085"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"b2afccb35320e2b351b96967835321bf5a40e65c667b7af1f48611bb935054dd"}]},{"mode":0,"kemID":33,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"bf6be8c63df0c3a38f10a87acf71b31adfdc97cae2a832dd01957d91b4e79bebc3fd043e33df25cdf647a993ce1cffcdac5b89153ed83f57","seedE":"ec3ea0b4aab80ad4c3b6f3e53837eaa2d8c0364f477d9199868111ebd2375ebfaf12badde02e7b88382f0fe6404616bd65a73d4277bb65f5","skRm":"9b21a4bb39a9782549d38823c6854f0010ab446586671323bd4351446818bae63cd6fb8cb31d1ac75550ecf639c90a02853e61c712897973","skEm":"3cd911413fcdf42059eab343e5571fcbab5f9092851ef2ab347ed8d2d9c1e55036691f6c92a4c9a60994c435237444a24c9dbebce960dd53","pkRm":"ca422b8d077d66c8bb9ee86da1b484ec4694c288e0748175a8793c2bfd318ecd97cdb9064f6f65f97b2cd1492e1da47d06beb63a8bd4f552","pkEm":"64100e0cf7d3558b2a58780c9eaf09bfe7a43c2603c866eb19dd4fb58b02b91be49283d0208e7de901daff769936e4aa2f76ed7767e0e476","enc":"64100e0cf7d3558b2a58780c9eaf09bfe7a43c2603c866eb19dd4fb58b02b91be49283d0208e7de901daff769936e4aa2f76ed7767e0e476","zz":"5137fe627d5d57c7afc658c255298923194e10dd3a22bfa6c6cd90907ff078803479ed152231ee399d0ed6d9811a00f37a084a510a7cf8c04507276ebcfcf218","keyScheduleContext":"0006ab4a22571ba508e45da859d30828e573ad2d87c11295c9b79e2813f0328025286b2dcb8563e17a25d1309780e345b59d53edefa74fcbf7b619b12f7c80f7955e277f8262efcc58882e48c4f84e98cb4281a84db820f970a2e60c64bc49fd947db6869ce4bfe8d6d04fc71851bec65d9871259ba54259acb13f32d26179b1cc","secret":"a749d433f6ed0b6b5f4bec69bf5c96c565d5c7377ee550306988dc37a2f3e134e7b0ed45652d5b329f36161ca1ab39fd7152fae73f21e884f0cbe99118040c18","key":"cd0d6f813b1945e616ae8149f4e18ffbcc1ddc1c9f5c68488d655b34fdadff62","nonce":"5b380ca7dbde8e6605775025","exporterSecret":"53a11f11678978277efc6df13c91c8abf016e11f2082e1a3b95bd236e67dbad08b7f00844e563a5ace922ebad39fe4e9bddcf179889d0e30bd8212081dd0df68","encryptions":[{"aad":"436f756e742d30","ciphertext":"4e153715199c5bbd9a75222b8d000a7a13643f2d5e33d12165407bc80a4823d320a13bcea22fbae61908f530b9","nonce":"5b380ca7dbde8e6605775025","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"43248c4138210c3b3015dce9805e24a21cadbe851f03fad272787c9fc7bd370dee6fd539a78b492671696995c4","nonce":"5b380ca7dbde8e6605775024","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b41a976ffcb752a73897dd593c8bc83799d71ccfbc75bbb0e93c41e006d92b185e057b61c68df64f3ac06a2323","nonce":"5b380ca7dbde8e6605775027","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1b7b5efd1cec1b15f1b1782928d0dc5db8d9fb10984cd15c07ee88c947576cd68063f9c4defce1697a1fe05f90","nonce":"5b380ca7dbde8e6605775026","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5da34ba04242cd6f9ed8e400869a465960a1433787a317b46e0c55355ccffb022174bc8ff34aac859fb2894544","nonce":"5b380ca7dbde8e6605775021","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"400d06912772bf6ca7f6c024ebf9429c7f103249f0a2a393a30e57c718198406343f8b9ef232d4a13a3527820f","nonce":"5b380ca7dbde8e6605775020","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"51b9629777d25a5922910416761bd1502cceb9c91e517fdcdd1cf89894d3db7e2f26e05c3c429060420488cb2e","nonce":"5b380ca7dbde8e6605775023","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"8f10b3631ab7eebf1a6e2fead119d3cc44af39b7f756c6abb72dd4b6db6a637005e15ce34b1fff96c315b55f8d","nonce":"5b380ca7dbde8e6605775022","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e36043954b350145e015f4d6ae0d77eba38c7594e3a1fe24432fe1e75541b3a9efd7bcaa3eaf99ede2e09465f5","nonce":"5b380ca7dbde8e660577502d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"18f2c407269707a5c59e158c73df74155c75a50c1d5b6d678bb5c6764bcd9233598b9edcb1cb3ff0b1c4b1809f","nonce":"5b380ca7dbde8e660577502c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"b3ccb68fd84a600d69e8c26543dfbafffa505b40009b1c533fd1e025fa16dc0d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a2b4a1cb1065b8340b9ad5ec0fd5e4e2de344b436804a67892cf110a89f4084e"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b5c20139a395a3bbce8026ca8251be839cdaf9a7d1bd2e41ec80a84ccca6f6aa"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e9200568363d2dda6491608f0f8752f0efe8d04c4eaf7e11fcb518d8fa89f7fe"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"2c926a516adbf408d33c7b8027ef34db9597fd723549bcbe931c24b914a8875e"}]},{"mode":1,"kemID":33,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"a88da11a0370cdd701a55b6036606b7bc7a99f9db064cb3f13d09dbb26b5cfb280e521515144bc56042ce261299cc78ed633be4a828af614","seedE":"faaafc6a45d511a616e966a167864dffa25825d95c9404ae96fd4744c2ee1d19ba9653a8f7bc1d93d636a890b380d669e2aab0eaaaa72d07","skRm":"b503032cb8688cc242453f5a7aa93b1a6fe55161394ca36e2a2fd53a1851a6307eab498c0c4458c1eae583ad63744fb9ad77947844e31edc","skEm":"6d3ac10306445bc29e45fb93626eaf9c7dca184c3ecef2e9c2e2062e21a1d3ff95e9e437e4de0e822c5338f6dea53244711f52f9fb7ad062","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"fe993191aac8935e2ea61bd89d22cee833d4bf863635b1b0c95cbd4a512a03ba7f82ddc059e61ea9ef4977926d9c1f208221c4263405e565","pkEm":"917d2662991f96efc1078f6a96fde7b617cd5568f704866bae1e03e26b64ddbbbcf67c43d4249a38e501e65b4e1dbc3c65d7237d8b8c6fef","enc":"917d2662991f96efc1078f6a96fde7b617cd5568f704866bae1e03e26b64ddbbbcf67c43d4249a38e501e65b4e1dbc3c65d7237d8b8c6fef","zz":"55a397a783deb98da1ef2f965a4c4122ceae623534a3f0db460c4bca8631daa578f24251d84da171c95fdc7389ff5e11befc7462bfac00aab356f6e5d8707808","keyScheduleContext":"013d6477855cd1c2ce864e843e54d33999c2f98fa4acae309ff228877ef764a613827cd87d6da8fcc9e4dbadf2e2e9c260c87165f865c47040a0ebe4015e3b6e005e277f8262efcc58882e48c4f84e98cb4281a84db820f970a2e60c64bc49fd947db6869ce4bfe8d6d04fc71851bec65d9871259ba54259acb13f32d26179b1cc","secret":"7415cfcb55c63f4426aa212f07296e252806e137d3c5a7a8fea96a4661d4331ed34ffc3687c5c92b1b5704a9850c6ceabc7b0dff46aa1b9482d3c5b7e0b3609f","key":"aa5337ee1a04564690cfcf6013b745a8a2345872dd0787d0e582a0539c269244","nonce":"b8bbc2630708911a2014da83","exporterSecret":"68e782c51446c5fb7df6b0f78674457e8dcb322e93c1b8409f744eb80f9230c704df80e871e8f0b902308dede78e532baae77f695cd7fc4adc08ed05a3ae9170","encryptions":[{"aad":"436f756e742d30","ciphertext":"40fdc2d176c807e89c38e2affe9fe82a4ffa991490eb94c5752ee31ba15d812b295cd996ef93f65fc7ff67d104","nonce":"b8bbc2630708911a2014da83","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"1bc91117493d03c47cb234fe91653b278cb519429c276adcf950511f477335e9a568ddcfa8ae5fbd0b41e6f695","nonce":"b8bbc2630708911a2014da82","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"3454fde9d4f2b8b5b549dbafb8a0dad7dd09405ab3a8d25e14b2d414260d70fda0646ffef37357798059499374","nonce":"b8bbc2630708911a2014da81","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ce9a079bf5271faa6264067c2ee79f12b2cec83342e056b615389a82174d9cb0c877c626c4f1eed7cd1b9e659a","nonce":"b8bbc2630708911a2014da80","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"f6b7ac6fc0c6dc8551a13c9e8fc8b1b5b37088c8f943f130f6e008482f65e916fdf9592fdb73e8756aafa82586","nonce":"b8bbc2630708911a2014da87","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"95de9cfa4810fb5b205c10ccf580b61c1686a23d399ab492b23c5a4b86007754ff0315491f9256d8a27931652e","nonce":"b8bbc2630708911a2014da86","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1d690ee4fa69a8859e12acf7cf71e02bf73742816714183c8385c2784352542e47330e5007532c641c86327c1e","nonce":"b8bbc2630708911a2014da85","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f2b4c49d7e2391954c1b853d0545c21626ae48de2de9ae518295e961519bf1260b3a0b2191c1808974db7ad66c","nonce":"b8bbc2630708911a2014da84","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"b724d92fcd4ede88d019b69fd817df1b4824d73ea9db439f653410b0c0fe869e7fa416f2ecb0111ebbabe13fc6","nonce":"b8bbc2630708911a2014da8b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9ab4e77794a477d4d855e26475877bb5e2c23424c0c427f61f8b4e1e4ea32dcbc869d64fd1bf0eb3c2c426a062","nonce":"b8bbc2630708911a2014da8a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"0442ee215dcd6b9e45edd1da7a666aaf9f0b1509902cc7d0d10b73ecf4ea43b4"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f9fbc4c08d79553aa96e8e5b3eb15d25dcab3e9980535506b0a2d2dcc83d853b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"cb73f3534eb39e5326f285e84631022d345031fb7cef19bd36f267a1ab876e66"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"7b02a7de0442a57662e2c9e31c827949b2bdd2888260f2f9dfce0539b1af8bb0"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ea1f68cae208eed22b03643372d822f85c28c478138ded7e7ba98696c92ce1cd"}]},{"mode":2,"kemID":33,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"796501489894a8af58d8f63b8041ccf52298ef7f7839ffeb9ba61f5f55fcfb6f4488037f6fc8d62f23798d392e3405ebd00993dac23dd109","seedS":"2359556191f9968a6f029462a786fd9945870ce5ec654e8b11cb7261fd44622080556b995fc2ecb20cc3b51860429e0eb427968b887564af","seedE":"687558b2e67cc9aa65dab1ca6c99a64f967d75c0de1d03dd43aaa4557c8c95393f51484bc41509cde0e6fd7247bb1ad997843b23adf46f02","skRm":"135929fbf54dad6f7ac11058183996873a2ae962acd3d3efe698bd33ba3b229d67b992be7f6c10332b20e22fade527181ff950ea87d80ad2","skSm":"cd8d3e48789f46a49487c52763630c47fdaee227899fdee67b947167ad4e9a921221516748c340c589f3386464186f9fee29990d3b5ee70e","skEm":"22b3fff6886ec97cdcf907bd2d3fb713b85c99dca408523986fa56f872b6d2f93a84fd2c5c5cd820148db17bddd3bf95fceb693803c25d7d","pkRm":"868bc50d0171f727a77dbe6c56bc8c1803c189012878667b823999124e081f9ce19649cc3cc24c7670769ea234d57590da64a1f919ccae8b","pkSm":"a0089d8d0f6a34a5bf5ed03b08283d45ae862548c84620b02443cb8cf1c354b3a14de59efb58af0a0f0e81ea674f9b55ce29e57bf6ff85d4","pkEm":"8f70050b0acf98dc06da59d922a2ad1aeea19c17685bb80744dfc97bcb79b243c6e63eccc51c3d15461796cb0b1d4694977b706075f71755","enc":"8f70050b0acf98dc06da59d922a2ad1aeea19c17685bb80744dfc97bcb79b243c6e63eccc51c3d15461796cb0b1d4694977b706075f71755","zz":"335a97dc9200a12a48ef523e9b3356319e3624e06796b124069460f153472e5c6ffa304d032208d1a0c099d84d976a50958ae623151335ea791d513c70886e2c","keyScheduleContext":"0206ab4a22571ba508e45da859d30828e573ad2d87c11295c9b79e2813f0328025286b2dcb8563e17a25d1309780e345b59d53edefa74fcbf7b619b12f7c80f7955e277f8262efcc58882e48c4f84e98cb4281a84db820f970a2e60c64bc49fd947db6869ce4bfe8d6d04fc71851bec65d9871259ba54259acb13f32d26179b1cc","secret":"f21502199eb9304e7403827e20a0053d1a9039a4d405526b78c9cfbd44269ec925d47c1104a35a534ad15aea850ce2f576a4b46d7a11e27fdbb9820dfa184f96","key":"6ae430ac4ddd73d6a49cf5fe904c4e2ff0cd3d1534e82cc91bf8e191329962c1","nonce":"92b06510f1bcb510990c04f2","exporterSecret":"7bc5adb9b6a1a183384411b0dcc256edfc498a5f76471befd5c897fda86d56ba3c0438636dfad3095432f179adf07eb1a328486ca6de924f2d9db2e763f67b04","encryptions":[{"aad":"436f756e742d30","ciphertext":"f5b656f3505be81f436e64e0a6eca934276e154225d3e38209d97c05350cb7bcf8bdaf70d5e559b3075540378b","nonce":"92b06510f1bcb510990c04f2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"7dca8e3d85dc4a69cfdd33d9a0da48a53652b122f6caa245542b2b915a6869ead2d64dc05c722a0b0c30b982d2","nonce":"92b06510f1bcb510990c04f3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b55cd670b7b8260ee96aeb5ddd8f2db56f77d3a3b947b359c8a6b8de1ba37c248bdc357c2776098b938e3c4ed2","nonce":"92b06510f1bcb510990c04f0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"0e5245eebc14ab49cec56c4bf154d9a33235e1a457462f755ac741fb6cda51ee0a4d7690ef328e9bf55f6ac0b2","nonce":"92b06510f1bcb510990c04f1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"e57de9998bdd3aa7a3cf59201070ef030560447e63dd34b92157e34159cc9eb081bfaba25eceaee4dbf0c7c583","nonce":"92b06510f1bcb510990c04f6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"5e78ff4e9fd9f770f9ef6ee9e777c4bf7736ddae26ce3b4d445a36a44d0436a217b3582014e2591543eea6e6f9","nonce":"92b06510f1bcb510990c04f7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"9186523e23595476b7956dad0e6653c1b0878008b7c44573ca1f53c532628215adc4655b70ad373dda8b4a28ca","nonce":"92b06510f1bcb510990c04f4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"b47fd5b1fbb158f18f7c3643af0200bc7d7041c6cb7910910072ccb3f4fb01bdab8f36117a2f746c43ac600177","nonce":"92b06510f1bcb510990c04f5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d919ae305a880267cb9eff9c77510af85eb27d1de1252b24e672a53112d403fbf1b2e4556954ea325b1cb4986c","nonce":"92b06510f1bcb510990c04fa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"04a9f58972db46e065c4ea710729216b3367ec222123f98b99713c26f79ec20effab0f1b198107ec04d5c542da","nonce":"92b06510f1bcb510990c04fb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e398c47b8d959dffe69c43ba785c81c1ece461254204b5b4550f6fe3d9c54200"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"818535184a009d9d539220810f3d6ee62b23cb5213edfee1c8cb6be452287251"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"bc3b69698fd58fbd4111878059d4b1016cde272cf0ce3e69caae06547303c57b"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b46f16351c61149897324f46f6a3c9245b40d99d4e72dcfdbdeb224fbf4e79c3"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"23ccd667a544ab2ff240137c1ecfa9e13652f7756a92313f7e44089211d93c1a"}]},{"mode":3,"kemID":33,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3ea9b4708e829b6ea50ef0e03cd612348a3e4d7517ba2a0e2700f8926425d705b2ee5131c828fbb51d1f035a32650bf1a27e32ff7bf084b4","seedS":"241953813316582e3bb89e67077cfaddd294542b349b5371e0ecd771218fc3e04bd367b832aa9ee0cdb2531f64d516437b90f44f7a3e3532","seedE":"a1ca4bcfba4df86aa130636a52798fbb8703b7fd60ab0a827212dfd00db2bf39fdaec9743d590ced3c158b7db7fa99d403df642366860a83","skRm":"29fce5d1694761adf8d927c18ca8cd4e02fec21cbf732ddc7e1fd718f6d294375cf6b7fef357724d76b3b3f882ee00b52110885e33006f37","skSm":"384d8f1567d905f7449e570224f380b932a37c4979e05f023754af4669bc289d32e9bbf0642a316f06fd2a577256caee826fcf63fafb75cf","skEm":"db5ac7c263b31814f086ac43f49d1da8230cc720fd819e160ab34c87fa719b7317ab61f414b58eeb7ddfa915562dc5f1136a8ad7faec9abc","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"57d863257c99e194d4fac85653489425be68f13efa692bdde2325df4e7ae756dce5a4ce163219c89d5bbce2947ed6e83ef73108ac8db85b9","pkSm":"dec9b84d58ce36aa15289b9ff946ffd5d44dd71570272b1bd0e72d7ed81cfa9d2961ceea153a2500ead79344c591210abd822daf39cc19f9","pkEm":"2ccc47b233ad00110f62dc40c649ee139f715a50c03f0d78a1e4367404bc1c5ff35ed6c8c55383aef6d16d0843debd1fcb92a90b7a698dfa","enc":"2ccc47b233ad00110f62dc40c649ee139f715a50c03f0d78a1e4367404bc1c5ff35ed6c8c55383aef6d16d0843debd1fcb92a90b7a698dfa","zz":"10d1d472c0dbfa9c0b09a099f90df1fec7e79e41fe3c4b42537d45116d9ea4ad53504ea70c5b30553e3a821907fbeb89b6cbf2b2751152896f1530d0928af316","keyScheduleContext":"033d6477855cd1c2ce864e843e54d33999c2f98fa4acae309ff228877ef764a613827cd87d6da8fcc9e4dbadf2e2e9c260c87165f865c47040a0ebe4015e3b6e005e277f8262efcc58882e48c4f84e98cb4281a84db820f970a2e60c64bc49fd947db6869ce4bfe8d6d04fc71851bec65d9871259ba54259acb13f32d26179b1cc","secret":"e25ff74fc323161c9813115c0d283002fdf5d38c0e30675a6347b922fc1e1df5d93113b6d5714bbb2387501cd242934d7f7bd3fbb46d81ab40521314892a3f9f","key":"fd4e1ac15784888c03143796d875ca1a07f1ee08d601ee7d9dbb453e1f8af823","nonce":"a7134e61ce77726db24d1733","exporterSecret":"46d5edb580035f75ce7ca4744beecb86a7e285f2eb7bd7ccb3da70099f91e72b25cfcd8ae153e96cd21a9930ec8db9ba6b71eabc7f17977a4d77d3c1bf35ffb8","encryptions":[{"aad":"436f756e742d30","ciphertext":"98db8ffac1fcbf965a2517b7c8579c8b125009ef8a14edfe774f4b41a47b71a613f77cbfe186047f699206dad4","nonce":"a7134e61ce77726db24d1733","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"f61bd7b01fe7f388df6877c9993e97421c07a8c9a9f7077531c61e43765277e8ac0dca2363936ffc58b38ac0fe","nonce":"a7134e61ce77726db24d1732","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0ce800d8fc1b32d631ef1607ead5b72d77ce2ff0c151f150c8fe6911009cf1e761971035baf22c3ddea093df35","nonce":"a7134e61ce77726db24d1731","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d61e9571e1bd426db7f25cc778192008f8cd21ac30b93437ab781eee216ab089791a638a556f01f3e65aef7a35","nonce":"a7134e61ce77726db24d1730","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"bd55ede55de38923c43c20e647f4b378a1e69a8dab1add5e9b5ee7fbad4b34a93e2bb00469d118f675fa11a768","nonce":"a7134e61ce77726db24d1737","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"772be4f832d9eed70d308e33fb9c7d61f42aba2679d2543eeebd2b14db912e650789d465c76027d2965165b79d","nonce":"a7134e61ce77726db24d1736","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"95f7368cc5565a801bd1e3ce09e8673443ac55b3bf129e2212f9e4815f6b37e1a2775ed58de98338d44e4053e7","nonce":"a7134e61ce77726db24d1735","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e2d45b4d185a316764235fc4c16816b23b6fbae892e7c0661215167c0aa34e5748b5d84b5fa7074ec2e3c6050b","nonce":"a7134e61ce77726db24d1734","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"9444a8a5ddb0e11d4e5cb8b8eef9db827772c225ef45e8e7861f8e591156dc69b4f08088eb26fd575186df581c","nonce":"a7134e61ce77726db24d173b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0fc0bce60e682b8a97a2ae41cfaaeca59ab3a016c82db05e3b18e069107160e41c30d5bde8ca298d42d592e2ff","nonce":"a7134e61ce77726db24d173a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"562f48f60d852dcbcb755d7577ae173dda07caec1bf746dfa1c3b9fd35baa51f"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"ebab0bf00beb5fa4e51af36c63609c8bd4ee76f4f6435c16008541b8f1d50a08"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1af2c584de3a651c091b3e0b8ebf5af3c8bc760ef8904d281bca0e088ba044d8"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"9c30dc56cda00c2496025dd41dd0f0c4d1dc4d1f9f5fa379f5570fafbe739c1d"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"04a3812f499967dd4d0b76eea8e766705aea3d3da71252b15b23937492880215"}]},{"mode":0,"kemID":33,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"773311987cca021e0ad043c2cd3f0ea784cd2388ad8288a597feea57efcbf850074c5863fa28201aad62fb0d9c054dde4de10537e971e05b","seedE":"60bf43f151c3e6f5fa00281c884b7a3e02386c2325c99e4f86c93c3d35adb28a8db3b6e26809f64330e4265b3601ca273c05bf1f74c630dd","skRm":"3e95f4e7dbf4af1c7f64570e42040cfb0b91fa46d0f7842d049b45f79140a5f7deab8ecadc372d8a2c9c1bdba87727759ffbb14ea6aa4be3","skEm":"7a619c58a2cf01db63605b8836de04d3ca1c9c33eb2e02b36ee5289c5a62540eb334778d5d66b43cc3c27c9faf2c47372d85c276e6268367","pkRm":"7d3a8b900cd817c6cfe77713434f0e371127ca67bcbbb6ae12b5016b3027d023ada2f7117848f68a6268d5025432569f2e6057da68f20f39","pkEm":"dc3d9a32b503137ec6c7f5eaf8ba389924def16897f55c2a9d475a96ef48b6a71fd42cb6a7ccebff91171fd07ded442714fe2b992ee26214","enc":"dc3d9a32b503137ec6c7f5eaf8ba389924def16897f55c2a9d475a96ef48b6a71fd42cb6a7ccebff91171fd07ded442714fe2b992ee26214","zz":"fbea86a8f6ddc27b45ff5ef0100a040813b8040c0d998b3c0a0d7c5e6b458176c848773ecc8e2ab894e591cc7f3a3a49d0a88c0d3a836294dbc0b359adda2124","keyScheduleContext":"0094b5dde6f9bf6cd272b090b3dea8e5463c0fdf05e935efa2358cf1888ab42977d7d22e587223cb6f59ae6ff0a4cc6ff03bb8dcb2a7e197ea536e405da071bce128413e21d6e3764d56a0e28b006e21ccd0275652290ba369a202ad1cc07365cda843a52863800c322f9883beab13f885be1ac28654d4d4eaca08757d01a34666","secret":"6cf4cdd25d028c7ff42773c15bd1f69c5d56ebe3e015a1a2ef6a798de7287dc33d6d4985890f355f65092b2ab8d2f14066398ee4e89f9ba50f0b69146fe6bd8a","key":"a9008406f83777b50c8b66db7dd971350f5af79effe1df2e4ffccb8974d9bed6","nonce":"d9abf3a1f83b9b439b7cbc4e","exporterSecret":"bf9e059a76550a74f0cb3968777f3f11f1601ee8d9706dfd9b509698b8b2cdf1415435cf5a32509e6c2299f8df7f91bea42c128268e4e60cc16694bd3699e8a9","encryptions":[{"aad":"436f756e742d30","ciphertext":"8a153b6d3952b167adb3acd39e6aa8998ad004297b15b93e955c88001d672fcaf49e778685754dd9d0e17a8819","nonce":"d9abf3a1f83b9b439b7cbc4e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"a4d7948e5658560e3f22a00368c23ebd9bd65ef67396a41f64d660d406c53c74ec291c7600feead4ac3c88661f","nonce":"d9abf3a1f83b9b439b7cbc4f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"53a70f73c885c579c2693e0dfb7e67985cb54fb2c8f13aac1db4789cb76b264f721fc7113f21651ddaaf6b224b","nonce":"d9abf3a1f83b9b439b7cbc4c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"72ab8ffa400b9005c069847457e2b8411520b6c9a83417471a75044db39f47a0c9ce8a9dc26547eef5835084d1","nonce":"d9abf3a1f83b9b439b7cbc4d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"89833b52d42bd3e432bf3bb40e97e545ae863ffd206e8ae65dd1377fd1a340c481c56056946500c2dc0f89f517","nonce":"d9abf3a1f83b9b439b7cbc4a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"9cecd3c12abcacd88a63705ccf80d3793cfaf86e2db2399866ae1355ef52926ae290408b71c98889e2bdeccdfb","nonce":"d9abf3a1f83b9b439b7cbc4b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"114269ee5ccceb422e62edc54371457c04085026ec9d99556ee5cde83af465e71c9795eaa9bc91e63a79e35ce7","nonce":"d9abf3a1f83b9b439b7cbc48","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e29d5364d8bdcbfb821a1e71849d3d6d50d7c1025f38cb46c50e27cdab3995f6905ed057d71e5684fbf97f7f4d","nonce":"d9abf3a1f83b9b439b7cbc49","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"dae47c007a262722c550b9589287dea65092ec15d0204fa14f9cf9b4d995e87f47256589ca967a78388e66c2ec","nonce":"d9abf3a1f83b9b439b7cbc46","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"34a0dc7a45b99560eb2b9f15beabd4271764de1a64b330a86ad322bbdfdd03d3c5ff29ec889cd891f2852dffd6","nonce":"d9abf3a1f83b9b439b7cbc47","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"6bd36dd38825b84261ecf446907315d1c59a496cdfd277ea9cc03a98bf5fd5a7"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"ef7817e6b38171cfaa4a6b56192454258ba5ed4bec26ccc5014cf9b757e9d977"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"37678ba87d76690e196fd5f90b5fff904623551dcb9e7d1122309fd183ab3fe4"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"cffaaf9dc4a6dfd0678dd39125ff532b7c8411db2501d44728083cfbcf435456"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ff38d646f2148882fff9761676113341fe04cfde29caf625ef945c82aac140a2"}]},{"mode":1,"kemID":33,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3c5e1aab6c48f2cdc7fecfd15e077b4894a317b59fc4f80898ccbc033fd68e1b4bbc3631e569bc7b9fc58e756e3d7cf7d460d46083b4232f","seedE":"a8e95f47fae1cc6334be2ad52164c839648dfbeb3532766b399a5c8154d818a1cecaf650d48f1b760a33b1c3004389b672fd98234476afe7","skRm":"781dcfae9784de3aa4fa0a89ee15a8bd223d034eabc99971850cd87d73be9fdca6ca61dfa0644eaca9f883866d9f7df5b974ae36e909d740","skEm":"c7a09cf993cd4f1f9fbe9e7bf611868fab11dee77cc5e4978dac1e3c20f07c6f8348eca3fe329cfdd34e726b19010bf6fac0fdf87b10692a","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"cc1c830b88584fc98d52fcb6da355866d8539d334218b1ce9a951b487434c48fb164e3c3bda8340ab84fad1076b20b232a1f0280ef53b935","pkEm":"8acb0d93d78677711eee89d8eecd20f2bcc5de6172d18535248b51b35f0b0eba15704b14a370f6260cd0471e3598017a68ac5aa3874fd58a","enc":"8acb0d93d78677711eee89d8eecd20f2bcc5de6172d18535248b51b35f0b0eba15704b14a370f6260cd0471e3598017a68ac5aa3874fd58a","zz":"171a83668087150e488ed56956f28a9196cbd987168acc7cafb3e793f050414739eeab46384d8e0a91ae66674188ab3a867b0e1fbf8bcf9aa391b166f83275f4","keyScheduleContext":"0168c13fef8839eacef076df6c8bdabff6a9c17437109dbaa873555895998cef1ea2d3ac1f0e1fc83b91061edd6d044c46234a66788fa6681137c5b300871b313b28413e21d6e3764d56a0e28b006e21ccd0275652290ba369a202ad1cc07365cda843a52863800c322f9883beab13f885be1ac28654d4d4eaca08757d01a34666","secret":"bc4d47ce5101dcebccf75bdd558f57e6a854e1d7de98c3cd359e38fb50f6692f18d716f075282422ff86f2712795f045dc2b486ef7dd3967b5d8a52d4baeddbe","key":"641b9c908d22ecc5a80d4d9743ca5e490794a1c30e66b98b0bcc1855acfb7d31","nonce":"9460e6130c9a84c9269d5de4","exporterSecret":"7a6707d7f074966f9f0726631878223c9beb78ef367b6e6f4578b87c61171fe73628af3512ef0a76c4448db93273d402567c2b63bb04effdffa6cc1a1e5927f7","encryptions":[{"aad":"436f756e742d30","ciphertext":"e87df6906df70463376669dfed835e11b2110f7c8ff3dbece8cb599ef0b0cc7bcc3329fd572f2abfa953ec44da","nonce":"9460e6130c9a84c9269d5de4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"9f34f7a46f557872ae122ab66b7d29dd52a2715070f10488535cc2fe447b9432c223b7de952a04f612a07d8bd8","nonce":"9460e6130c9a84c9269d5de5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"521d81f3eee81cdf900569f33fdf2e7b41f0a91854faf6ad3f1042885f88ab9a22b2c8337018a4560937a9030c","nonce":"9460e6130c9a84c9269d5de6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"32f2483c7b3c6c3e51cdc1e6e0bf691c60cf62ccefcc71f2e9fbfb2040a90f45d5837834a66bfdbea95f676054","nonce":"9460e6130c9a84c9269d5de7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2d99821a05b3f2c49548ae4bb9a4078a035b63c0788d2c5271d9c9fbf7642a3ea5bb4cd5d6c6e2efa04ecc5c6a","nonce":"9460e6130c9a84c9269d5de0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"0396245e8cc322010d7f8d32f21500017038120d13a1f001439e1cc4f1caf4773cad4dd7318e3d886de1036ef4","nonce":"9460e6130c9a84c9269d5de1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"a5e7d85c96fc68d9d20b4c3b53bb406b89983f7f69fbe87fe7078bfa414e2528fb2aec7abc7856a35383c7ee29","nonce":"9460e6130c9a84c9269d5de2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"94a828ed0213ed473d71f25dbd7b4a4aa40f2500222f0e0ad4dc3cd5545418b83688c55baf06b95b783a520742","nonce":"9460e6130c9a84c9269d5de3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5151a44972ab74466f1bb152471ea22409e27c81659d748ce5eb2d3de61b4d2a7a3d5c68cdf8f69b6db48edc64","nonce":"9460e6130c9a84c9269d5dec","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"87a8aa5470b90b476c2b13306b5adae29e6e71580e75bead1e1fd17345fdbadfccf4292b74e1817f7a9c09cc12","nonce":"9460e6130c9a84c9269d5ded","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"98e9df1aafc0cadb3117e3afe73402d0fd2f28c2fb3ffd4ffa97f32a61b3a1b4"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"fefdec317fe936c4bcc7201bca910064fa90a7b76d77ec8735f2b28c68c73759"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"367e0971516a4f4b4f2cb1c394f02232df55f463d3406c68d491dc12182e2c50"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"1922b57fcedcb9c3100d054322c1e8597b9d3e668bd4b9b06ed4d7bc9718308e"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ce5a742ea299401a8523a0371fa0f3d54d0aa0b97150a3bbd20fb5c82473258a"}]},{"mode":2,"kemID":33,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"fb32abf0997aefbac48ded556120eaca7c9ff7bf0250bb2a7b22a1fc3a418b471b2814ee7a12970b7a8402f861a430c471f76f39bcf3b518","seedS":"8b28358d1817857f27442ac83f0526710e9ddab3f2c59c21416ee2dce04580b987cc399af980b196abe3ee7b22285b8b18e49885f77d270b","seedE":"528fcffa43b1df019bb98b4db3260df0c5271ebf85f96d3e00930f31223c950e8792ae358cb77652af917f9a0d65e14e1716f605c14e23f0","skRm":"8a58674b3dc4061955e084ee444d4e38e3b37a5dfda1aa48be64291ad37b2aee95d6c8f994e041b8458dc3b9a11c5b513240171fb20e8c7c","skSm":"60babe81261f616498b3660783e3c096bf212871d1308122badd95aea9288eb1a2fc0f88de39cac9ffb7a3eb0deec62e252df67e4c0d102c","skEm":"0f8d115aa0f39f8a4c803d3447c389eaf92a7b93bbeb14961214399ff1e7dbd16ffe1a18f827dfa5979fed259ca9b8297d34d1e82cdd6f84","pkRm":"db996e2c0be4c35f939a97bd5735a562425004c675745c762f46d11c94e0b8f3982a33e073f843a27f277af9928dbcfe4936f589580c0557","pkSm":"7f61255b053b135b3def525c477fcec454e636e3b390c630761b503e32fca90d125ad1e6bb45b65960501ca3305c7a0eff0573aaf6bf61c7","pkEm":"013164ce86971d039290ce166e5b7d7d2cf2eeb4834d2ab3f624fde238a0e78fbed3264b86b286535c4468a92e591cb5acf7be013604176b","enc":"013164ce86971d039290ce166e5b7d7d2cf2eeb4834d2ab3f624fde238a0e78fbed3264b86b286535c4468a92e591cb5acf7be013604176b","zz":"17bed8bc80711a9e6202815733d138c7d87daa626e0f7a628b4e822f7db2f1df3fedc42034029aa274f7b28db8aae688ee756d08f3761e06917293897e125514","keyScheduleContext":"0294b5dde6f9bf6cd272b090b3dea8e5463c0fdf05e935efa2358cf1888ab42977d7d22e587223cb6f59ae6ff0a4cc6ff03bb8dcb2a7e197ea536e405da071bce128413e21d6e3764d56a0e28b006e21ccd0275652290ba369a202ad1cc07365cda843a52863800c322f9883beab13f885be1ac28654d4d4eaca08757d01a34666","secret":"416c4d4bf279a1e7e27ebea9bfad288942a1299cd7318a586a42510f6fcbf6f4f04f9cb9687fc284a8a3854b37d21f68d6cbd7ea12500eeec3db742a93b261f3","key":"47e2561363fc96fe8e0d39b99406b48ff91f3837ae760dd6fc6604d0334aec50","nonce":"cea54c84246157c286d95747","exporterSecret":"6ce7fd2e0de4849c3f43f1aeb11f6496c5716f6e1e8bd19f8407858346379fe617c12af6279bf5b8ead293aeb4ee06779111c857b62115dcf17c2daa9cb81ae4","encryptions":[{"aad":"436f756e742d30","ciphertext":"5f34c16266862c9c94c8063d704790a2e60363253564ab89c9e51bd5eda0e2e9019df974f3e0149f498d4c1f06","nonce":"cea54c84246157c286d95747","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"b164ccaf73aa17b4298bc6c9c2dfd910f3727e607c46b046ae3b850e9f7c461fa1352f8ea2bcafa4fa0e095605","nonce":"cea54c84246157c286d95746","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"80979c550e239c97a752054c11f218f0cb96985f569aef721bf1981c928b6342109d9648753a7a9f647157312d","nonce":"cea54c84246157c286d95745","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"fec420d2c5b616e8fb1a19f2d7d16f30ef068c1621fa396859826613c3fab631b44747db9c3429a850c7bc7562","nonce":"cea54c84246157c286d95744","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"7ff7e8c25779c03dd772a35ff408adc42c29fcca593bba132d76d8bb9571de66efca99c77d9507f50218fa5cca","nonce":"cea54c84246157c286d95743","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"ca641e4771a5e7932a1f0058afc356f1b02edf6c97256939066ff2b7fc287ab2caff59861e151c399da9fb3bef","nonce":"cea54c84246157c286d95742","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"e9ce9168ca83296f7ef3e2706d015fa6c81612b9a9089e059da38b950787614a2108bd7be867d1c3ca65969f47","nonce":"cea54c84246157c286d95741","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"c9dd89a66246139e8754df77391fbcc29f0b46983177d64bc823eba707b222f66eb3a31e4afc5da5c7bf4e91f7","nonce":"cea54c84246157c286d95740","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"7def88ac064479bc8624fd9a865142b6c7aa05e8b5846d6c354e5a7bbd6f9e20ed6af6efa5839316178a20c8a1","nonce":"cea54c84246157c286d9574f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"d7e2985d07b8ce101882cd413588cecf23ffe8ee1925dc732874bfb608dbac5101b41dd380b9e33245cacad221","nonce":"cea54c84246157c286d9574e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"ee124b612708862d679a995a427c07e7b3a1dc409b3bd83853a5b1231dd49394"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"c4d3aec86a615dc5daaa8b6418f187290954875f0f16b54cb862845c0eb2eb2d"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"30a4f5023105f67491c6ec098343c38abae9e19ffef8e50ea299408380e36e5a"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"018af27895c8faaaae0bbf5b0fea3ca3f3a11ad7c69e2ebd1efb98d1690ede71"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"07f1c0f373eb58d907540cd6fa29932d0ccf6c208063ebac49298deab4854be1"}]},{"mode":3,"kemID":33,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"9579db0b650bca44e3f6c48cdceb54d318e45a5b02ac7d40f9835c6f20685d89c0d8103907805e591f91393f4632a6f951d8c92a869b9c86","seedS":"2c14be8e64a408f168725cbf679198182e7483bf1aa0f7ed35ec28c9385413cdcdbfc0cc75a9d03060cae37651f141a835b1fee6c776c3ab","seedE":"93585409f39f7dc5744bfc135c8f3e15e4c9403ac2c0e7089b6a7ed8f9bd3d160af5f5ed0f0ad8a6a3332021e624304d631da745fcfc85ed","skRm":"91a46765b97ba0015e868513af7ae742627f3e7f4b7cdebdbcf01d90b2b8b1f0bd6aa08b0139d2ed9e11e2754fc3593e2cdf113d2ad80ab7","skSm":"1ef1422a71787cc86c2f6a5e9401e7b7f3ced4ca1e1c9f28871d89a29a05a7ff87c5a435a3d9348f3bb6188b19b310ec8d44b7b704dee438","skEm":"26436e6151a4b6e8e872519be8ccea627ffe2ef848488ec1a39c83554be831fd47c20a3c81af2a5ab24cf1054a462ece2accd878c4dc03ea","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"497c989bf13d912359efdfed8a6140c1f03627598627044c72e92bde13a106d30cfa87e2b5addc70164293435e25aa093fe8da95f0c451c9","pkSm":"dccf8d9af68cf21c0fa596f9f16e634dabd606c8f4f28faf0da5a6f57d5b893464e7ab97f62bfbd6e797578a6f18a73d12016740a0a146c4","pkEm":"d74c97c9883308a70218c8e8668149a622884a2e4e10c5b7b985d11e719e7ebb7b191f51c26b9f9273874556ac55841bf658fbc38052f69e","enc":"d74c97c9883308a70218c8e8668149a622884a2e4e10c5b7b985d11e719e7ebb7b191f51c26b9f9273874556ac55841bf658fbc38052f69e","zz":"b785ff21fdb4d1c6c0cf7e38d9c444a17a78d0c2e27603db05f4467ed11e6773e09bc0dc304d13034bf5213b609f9635734227c810d353bb6d3922aa7c8c591c","keyScheduleContext":"0368c13fef8839eacef076df6c8bdabff6a9c17437109dbaa873555895998cef1ea2d3ac1f0e1fc83b91061edd6d044c46234a66788fa6681137c5b300871b313b28413e21d6e3764d56a0e28b006e21ccd0275652290ba369a202ad1cc07365cda843a52863800c322f9883beab13f885be1ac28654d4d4eaca08757d01a34666","secret":"4ca81aaec4ac7e5408d0a4d62f199406c33b5ec613572c5a1f7d89fb71d29cfcf7e91e3800f3f2df3bb31cb35ae47a6512d17956ee83865d789ed7407638db4f","key":"4513872831a0fb06e251cda948793db6417e9edc1357295c9905c13fbcc7e6c3","nonce":"7e54dbb57c10e2a9097696b0","exporterSecret":"575bc5397be880976d11845be35cbc0eddda686b03a2d14736e1e5db25e843372b6eb3c29bf399b3408a381908f8b2851e5ab0ffed8c64d4a36979bd3faa30b6","encryptions":[{"aad":"436f756e742d30","ciphertext":"43db1bb30bf6f3fb70bf30a9f650055dee5334283e3223da2859116269f46bff9f7e714aa9b4d7c3053bcb314b","nonce":"7e54dbb57c10e2a9097696b0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"f95054bef7ba837b3eebea90b52144c549e7ce2ee7422ac9ef86d8c89f1e1639d358b225d600b146fbd49c8553","nonce":"7e54dbb57c10e2a9097696b1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"afc9b2ed791377efb654377f789d6b5a4d946888f33b8da24e51799bcbe049b195055f29bb7f602460c6d353c3","nonce":"7e54dbb57c10e2a9097696b2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"a3fc0e6bbbadaed922ef5e354035a7db16d2fc4ae1a79a2661e7837c38d10fc3c01f0e303ca865b44b3497f9d3","nonce":"7e54dbb57c10e2a9097696b3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"fa2b1cc190592561a70bf9211a28c94e59823520efa18b161028bce5de0a01f5a6634e2ef7c33aef96eda9c344","nonce":"7e54dbb57c10e2a9097696b4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"efb6388c6e0a9f46a7494ca76dc2cbab24930831030154304234153f7fc833e71ae60b4cf37f7f30ca9e743471","nonce":"7e54dbb57c10e2a9097696b5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"e3b68f9d87a62a0a5b1fd466bb93fe0f774244797a62250405c08afa421eeb4a385e521086454c54681452b4eb","nonce":"7e54dbb57c10e2a9097696b6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"33688c3913ff93a0a66c0b91b3990c876cfd33a7c09cefbc7c331e0570b3f23f065d2a6c39bc3f23d5448e525c","nonce":"7e54dbb57c10e2a9097696b7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"0b7c55327ddfa5308c02b8e85adf5bf9e2ce7ae0b06e80c31eb608092391290b009839d474f3695c24e75acb76","nonce":"7e54dbb57c10e2a9097696b8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"935b348951748413e45681cc3aaaf94e93430b02988dd282ee0f0c8906813af67bf26454696a3cc297150a186e","nonce":"7e54dbb57c10e2a9097696b9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"86ae52c4f9cc32dd5b801e550d4c9cd07380a80be4c6855754fc766e736d8824"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"0f79a6825a32111de308a8628f54f930fd9668c4f1d6ebdaf9fa48745996a1d5"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1a2d821ccff61b31be6dc91792e91ecd4fc9d434e7a3f98a848452d68dad6692"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"d85ec4cad4d6cb62641d737d1279d0c02becd2ddc4792d426aec87e4f897bb75"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"cae26b8a5250daba2fa8312ab6eafc570500889fd6d0f972e867b762f3075dbe"}]},{"mode":0,"kemID":16,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"fd8472c1450b15ae078be91f12b951149a851f4da782a0c0e9db19612990e9f9","seedE":"2df5e86c1df01da4ad46e8ed41c74f099eb3c8d93f00896f70f49571305eed9c","skRm":"4748b3f9f3dd03b5cb3a1619cc5cddc2ed5b70605de52d136ebc0001287ed034","skEm":"5867eb7b812dcdb2c6b6a2b80e5953723ba86d8e9f31ec23716f8482ed9fb177","pkRm":"04afeaa92aa71fa8aa40b0ff2a7413ee5f4d861cebac0ce0d383fbeb58ce0f1dc932e4ed5b6c0481c7e1a04019bfc90e11add8c6509c1125b9c02612f90a1ad3df","pkEm":"04bbf2f400b2e54c85df0a5e342f13ca6d5879a8d4579edbccb6cebe5c6f43f4649c2a9a54f181113f8c3c2349c8ffbd2e1fb967bfb95efe218f51db0cc346de93","enc":"04bbf2f400b2e54c85df0a5e342f13ca6d5879a8d4579edbccb6cebe5c6f43f4649c2a9a54f181113f8c3c2349c8ffbd2e1fb967bfb95efe218f51db0cc346de93","zz":"b404bfbf8f6acb91d51f6cf50dbf1d37acfe0f9a88628694f5572e4c6421bf21","keyScheduleContext":"00e0dcf00f27a233e6bc08a1289e07973ea4c6c2f9bd940420c2a5d088f5ab42c6a6681b21466f477ed6d484a65f575c97c76db906c1d59a3c077b833a271c5f1f","secret":"86c8c6aab49eefd2813f0ecde8e81c1c8b7f17e75f19e35442c90ef4815c49a5","key":"48b9243d7a8f8937aa3eae2efa633501","nonce":"89f8032e5db8b3a9b3a910a3","exporterSecret":"841a22e061ea43fc64a35485230c88dff04df25b7f41098bd0c531590338a1bd","encryptions":[{"aad":"436f756e742d30","ciphertext":"a339992013bfb46ef084f698e4912c3039af55a491dde5e72219be0a35f2cf38714dee46a2c95f6c981ad2bc81","nonce":"89f8032e5db8b3a9b3a910a3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"9bd5a58920a4acdf6416eb9bf44b184a7f7a46ef91e731661fc9720e990091e3ba6feaaf2c3ef56802d9e0ec9f","nonce":"89f8032e5db8b3a9b3a910a2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b156d40cc31fc8ba33c31a5265475ac9301eddf908ba725e45de13df88e24af2bafde5da1b90fbafc1d648134c","nonce":"89f8032e5db8b3a9b3a910a1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"374814a5f6affb493b930d41012a5634a0da7c528c1da07209516e121cfe04d590864d46f41fbefa87e58ba9b5","nonce":"89f8032e5db8b3a9b3a910a0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"4a9c3f75cbf5790d11a26767b5f64902bfbc6509b210193761db4ba4171f00e69dccd489164d0e6f2fd9a990f6","nonce":"89f8032e5db8b3a9b3a910a7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"87ca5862e0a315327a5b324cfd09c8870381206d06a724813249cc069ad66b0224c17d6721720ffe8fcf7c4a58","nonce":"89f8032e5db8b3a9b3a910a6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"5225cece95d927c657ab7785982c666cb884925e22993681232332140c21154a64dcc0d9bf7e4dc0e8791f1bb2","nonce":"89f8032e5db8b3a9b3a910a5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"17cac24a5eb16a3ea42cb94803a4696e9f7ec257b2998e75fb2ef69bec2c1fb5737d13a5ec739a8e79b0d9d6c5","nonce":"89f8032e5db8b3a9b3a910a4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5980b620f34e5154fbd854fb4e3a660b055b269c2e9274400973f9249b56840289aeac9ea6b2524d072b8240a3","nonce":"89f8032e5db8b3a9b3a910ab","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"294ba66b3c9880aa21fcde43981b1514a16b73ccc36b9e1e438084c9c58d7f61711b1a36e60eaeb35b5570114d","nonce":"89f8032e5db8b3a9b3a910aa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"56a43434cd73638b2a7fc277dbd07ac5583a16240c1b341f19f4cd17267a56b6"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"b04a76396ad11efaacc0dc723fdc059859f11e77ed8811d4b22a651141847857"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"055135672272d296d7d88bc6980319957c0982ce474d20890d682137c418694f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c6a7048eed59589db75883e50badda62193b2ce73c058d1dcef17893a02ff17e"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"a58f657cee6ba3a5a8c11b5add5f23638387b5542a0038ae264eaecc2810e165"}]},{"mode":1,"kemID":16,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"9bdc0ed2d5e213a03787e1fb2fcdf0c566ae3d6ea0f3d9ac58c6139f17e38e63","seedE":"a14de6a6af07d0c99a16885bd373ee1e52b558a01696e2f1dc95518c27547734","skRm":"782e4776fe8f1218382cead3d8fcbb49ec587ec3239aa12efae61f98c5da6082","skEm":"629e48d98bc22deab1d8f00f0407de557eb6f942029296e5d18b3c08b81e6734","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04cc0d62185ac3374554f54481760d19a5c27be89f093b552bc37340bdec8658eda9696a8625800b6bc1ef14d9335eb533d98df049534abf00ce5856cad34e974c","pkEm":"04b133250fe67fc7515f3bc896c805263748e3419a1bc27026c44f718254cdd0b059f1b183ec274f911f252f1b923487600b48fbbfd8121ec5c33f38719d85a17a","enc":"04b133250fe67fc7515f3bc896c805263748e3419a1bc27026c44f718254cdd0b059f1b183ec274f911f252f1b923487600b48fbbfd8121ec5c33f38719d85a17a","zz":"ec872a7720c29868743a4ac497642b99d2f2949570128c716b8652971b41e8c0","keyScheduleContext":"0181ae34db4efb62b462aa17cb9d7a0b1986b1a404c76cf4bafe3dec690d5d97fea6681b21466f477ed6d484a65f575c97c76db906c1d59a3c077b833a271c5f1f","secret":"c5357fb9d30430847830fc1161af5e8b6ac877e5e26c7dcc7454687d192d0541","key":"2fc357b77491d0de800bbda785e865b3","nonce":"b53f0b112c17bf32a0f95f23","exporterSecret":"776f756912c4d9fb82abb6c8cac99e3013f1f56d87fa9819ad979d773b28b7f1","encryptions":[{"aad":"436f756e742d30","ciphertext":"33d0ad0aec9d6a329efa8eff3d8dcb8c136549631212afcbbbee04b55a9aff35e112378c1078dce240685b189f","nonce":"b53f0b112c17bf32a0f95f23","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"3d28f40846ba302878bac52985f4ef08951c446abe1ab33ec38f7b6e84268a1fb857c01e513eadec3759f02fe8","nonce":"b53f0b112c17bf32a0f95f22","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"126e24d8a636680b3e9580d9418083f4845f4d97bc85177f5a57098b5139dd0387d71b46b9a52a6c879fed9987","nonce":"b53f0b112c17bf32a0f95f21","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"2ed3aa8fa7de329d26487bdd9dd5354a6aaa6d4cedf3144e5e5a79cd300f1fe854c503adf16a0ba419b8254fa9","nonce":"b53f0b112c17bf32a0f95f20","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"a234b6c1c4efe8d69df543584ae9e6a876f001a0ec2ae411abdc5bbad71c2016dae4d98e6c85c396abb512f5d3","nonce":"b53f0b112c17bf32a0f95f27","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d730e4af0691a87b91f129546b4f31773d4b1ac79eaf624f406de77f17b85d107202cab2acfd8ce0808cb573d0","nonce":"b53f0b112c17bf32a0f95f26","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"5373038c85a46bf3908e0bf1044804f2e35ce92f3835dc07fc5b0adf8f3e3d49fae512dcb913020fb0c842ac08","nonce":"b53f0b112c17bf32a0f95f25","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"7ca8f63d8ac16164308481eaf6727bd50483948e9d35f4327ec12fba18b5536ec3b9baf83005e3fb90faa5c7cc","nonce":"b53f0b112c17bf32a0f95f24","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"11a6fac99ca4682bc0fa6396e9531bda2f94091912d1c44aa3b3c78c29391edbf3d5e5160d9fe138510775ff47","nonce":"b53f0b112c17bf32a0f95f2b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"deee7820732b63a77a0a257c4dd64158f5fe24efa796ded6c509e5be213a8d96cd7f5cc90b94ed3e6a1cd59485","nonce":"b53f0b112c17bf32a0f95f2a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"8e5cbcd57de6b86d172575e0f1bea7d798fc73780092df5411f8fe93b549566b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"05ac67732d83b0b7b83ce46dbc351d3901aa545f33ab4b14938d5ba9e39f045b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"bc64a06c2d9b0540b19f7f3d6ce630dd15e886599177a0677d5c5a2662d4e596"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"5247c842d95dc8470aefc53ddf4ada63ebd40fe4305fa23031bf3ebad4ee78a6"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"7e66f4baf1d18ad6cfee5467ab380de726fae2049cb94f754e9e9a8783b0a5b9"}]},{"mode":2,"kemID":16,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"08fc3ed5e5e019a07abf59ccb5d887700cb39597315c68cea21e3872566fa0b3","seedS":"4938c3ad9e91da4812b9785cc621745d3942c59dfb5c69eff7074cbc1bae80b4","seedE":"f0e67ee793eb17e2d83c6c6013a2ea5abf8ce39df2ee20817253a453422cf292","skRm":"ba0a33b0e40081573692b0901e74330cdb88424587a9ea1863c097eb693cf5d0","skSm":"88314c83500eff1272c32fc1baa2530b6198907ed4cd369e474070e081840a8a","skEm":"d41b166370170b183e4872c13f2fc8af9c4624c52ed1ce0591c648de74f6f40e","pkRm":"04272c3a3ac43ef5d0a02fec7d768b5d02dcd61d3b8a74c807a7bf40fe36419b791934de29ed6d118ce56c31b806c475f78545ab8fbc96df89eb5fc5a6ea6c49e3","pkSm":"0456961db0f747197b31e724d612d02fce25285a822f27e33d3a80a05818e79f0279faf8e18e07406aa9af226e78fd5edf0416acdd24c016cde7a0f48b27124b78","pkEm":"04b1b108178f1a8452ad27e700b6abbd64275cca5874622ccb21fe3983b5200eed6dae796da4307ec4bbed5cb93a3fa911f8a7969fcf6c94b547f81ff91ee9dc68","enc":"04b1b108178f1a8452ad27e700b6abbd64275cca5874622ccb21fe3983b5200eed6dae796da4307ec4bbed5cb93a3fa911f8a7969fcf6c94b547f81ff91ee9dc68","zz":"d76be19dbf9d85271f749f2d48d106345816b6a3075753431041c1ae419500d2","keyScheduleContext":"02e0dcf00f27a233e6bc08a1289e07973ea4c6c2f9bd940420c2a5d088f5ab42c6a6681b21466f477ed6d484a65f575c97c76db906c1d59a3c077b833a271c5f1f","secret":"53f3bd7a851ee64688e82f4dc610c590b0dfc6c74b8f9ca111686f754104eb92","key":"77d7dbc6f09f8d2383b1f79cb42179de","nonce":"43b5709b9d143bbf988f465e","exporterSecret":"0b82772d4c0526df905e21d48f838cfe2fe7fa0d3cc2f28e422b63a794dcdc21","encryptions":[{"aad":"436f756e742d30","ciphertext":"3e6363671802325a9a84d6917e6a0960353dd2dbf41e295db6b534409a444037745c3b065a791684fc30ce93ef","nonce":"43b5709b9d143bbf988f465e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"a367b19b0c417b953f7784ec762990ce2b4b0f47493f2af9faaef67d84be5c78b81fad29494404441079227d71","nonce":"43b5709b9d143bbf988f465f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"d4d5255a94c76bc41f3e5702f85802f53d296ee6ae68a4d496618f4cfac3fe917f0f722a26f6131134e331e00e","nonce":"43b5709b9d143bbf988f465c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"a13f0848a77a491d11b715b3ae678fb409a3417bcf0028e79ed30af1b3695287a0227a55ae3925da0fb6a552f5","nonce":"43b5709b9d143bbf988f465d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c0ae22f898bc7f56e94c31cda758a650b82275925880d434b1aa4dd3d661b45e245378966e11b50da1b4c6c6ab","nonce":"43b5709b9d143bbf988f465a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"faa3390aa19a55008c00a3dba2e902690a969ed1e35bd1a3a0dc0c0f97866c6c87a3e37fdc4228ab4896c89761","nonce":"43b5709b9d143bbf988f465b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"bfcefa53173db0c3d802a21fec9d5436d4d57ec99afb1b15e4ec75f16a8f390493afd19857067a18f4ef438257","nonce":"43b5709b9d143bbf988f4658","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"280d24c054f5a4f5de1b69ec06924dfab3884a9ddb776be44f2931abfc64d90f3a9d3ae9a4ea8f0e943a72c208","nonce":"43b5709b9d143bbf988f4659","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"fdb1f01d801e8112b4a043ccdc699b1881b9828fe40aeeec285ded3fb989e5021bf8db33fd921f08290528d210","nonce":"43b5709b9d143bbf988f4656","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9f7ceaec91c836866ac6532867bd4d732e0b596590f50249382843b76457e8512907873de8866c829bf1a0f32e","nonce":"43b5709b9d143bbf988f4657","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1910799746fe2df85ae1ff10477c624cd151fbb5b60ff0ddb470799f5681672c"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a253b94a1227e33595468589dc197fd23f09a9eba1443f4b2a850fa78e8f9abf"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"27139e0ccdbe73ea3bbb88b5cb4b2c5f3025c85c50a19562241601aa2b9386a0"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e88ead328ad25edf6b61c54980efcab17d67c29e8b04cb7f07249f55cc52c867"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"04515c9cc92a7bbbc9a21d9b5c5d705671c007567ca643d1923e7777c538fa54"}]},{"mode":3,"kemID":16,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"a01ceec0728863d3c573ce7e465b5e34f2ac6257629fff6a045b6f31b8f2ff1b","seedS":"863ce961c760889834b34784cfe7cac608beeca3ec22f35e7253cb5cd873bc01","seedE":"a638ed4a0e82c55c98689a83bc4b0ed03b9aee31ddd3b13e025aa97cbf0517ba","skRm":"9d420b01b39aa5e364d07e8444d628d7ed0d706beec9dd6210193992d052a065","skSm":"5287d3a4a42615f9cbdd3d31c7d3f84edea866c00381c0432640912d21d36f53","skEm":"ea801b21f4e95f6328e112826a0315816fa8877329b1b563e648029522d1ed6e","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"043e807d018096ae973381ec56b2ca167bf6a5240e4c2ad356059963ef36466f1031b6abffbf32c8a77563f6ae97c4fcad997e7fdb6a6ada163a6ae67a5db1bb5d","pkSm":"0468aa3d41058942b955fe1d9c443793b32d78a883b1b12e261f2578edd40f224a6c384b787f12d62d6dce9db1d08a6c0d096fd60340afab4deda961cf498ee5df","pkEm":"0474f07529324c40599a765fbeea3f7f65c09da831463d11ce154fc41ff5317dae32266c7addec86c150f4679b799eb547e6edff592926322d01d2de0874fce293","enc":"0474f07529324c40599a765fbeea3f7f65c09da831463d11ce154fc41ff5317dae32266c7addec86c150f4679b799eb547e6edff592926322d01d2de0874fce293","zz":"c2d1d27c6833a7e02d206a74260e49bd9b09211eea39b1a3f6ffecbc8f29342a","keyScheduleContext":"0381ae34db4efb62b462aa17cb9d7a0b1986b1a404c76cf4bafe3dec690d5d97fea6681b21466f477ed6d484a65f575c97c76db906c1d59a3c077b833a271c5f1f","secret":"61e5daf3e0e4c4db3162a4cc5d990dd21cede0190174e2827b5d826e89505f59","key":"9ca74e9341d4d380fd8b57f03e2d5bd5","nonce":"ba8393b301c837f56441f54e","exporterSecret":"25b2a4eb11c9efe0b974d0bd69bac1690550769cbe152c576b82b391168b43f7","encryptions":[{"aad":"436f756e742d30","ciphertext":"26cecc37bb3b8628b5e3ae55aa252c4eac737c2248fc8645636f9f3c63f3303414accc963885d26a444146c96d","nonce":"ba8393b301c837f56441f54e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"0d7025d24c159ab7d63865085e5d8325d027481a862ec9ba46e0e46e081d060109bcfa0fe905f046d1eef59049","nonce":"ba8393b301c837f56441f54f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"ec2f30e4236ea44075ead7af40d443ae72d87df2434b4f8133de843c28dea90d06c1e0a7077c84ab3a98aadf4c","nonce":"ba8393b301c837f56441f54c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ae7f70435d869b4caaba852df3eefedb08fb57c03edf7f37c580f6d34d41be805bb207130c059d16df0a581b39","nonce":"ba8393b301c837f56441f54d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d405b7c8b38f94fd0a5b25b35dd530ed47340c2316dde471f60651f8dd5407701e90046e367ff31dab104ae77a","nonce":"ba8393b301c837f56441f54a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b48127cb5c6a8060c1053d610e257c9e3f82dbbc97a3b34c10a37f08c5ad20ad1f1ec9176ba31d9eecac911fe1","nonce":"ba8393b301c837f56441f54b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"62d38211ade1537f438210401aad80a34eacc421743a9dde1b94be4a35a71f2cb0aed028496c5eeee87ad1d0ac","nonce":"ba8393b301c837f56441f548","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"2a7572e31d318b90b436509355448e09e7cb2869d3d8e6d170c89e2220c4d39858d66eeff339a4b16563536a23","nonce":"ba8393b301c837f56441f549","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"0021abdd529ad0dad7d0f7108b41fc949fc3a0667a137770b752c907eff4e5494cc05b42bfea8536265c1dcc24","nonce":"ba8393b301c837f56441f546","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"21d5d6346ab48c2399a84aea7ea243adb1337ff1c227465d0358f46389ba91a13cbced83346bdd3eed9ab14287","nonce":"ba8393b301c837f56441f547","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"d7968834c95edf93ee47795c8ab872608ed118b239954e24d51cdf6484256647"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"09ce44ae8c0082b7ae6b34d79ef409f20b50e5a671c53e0bb8ac69ba12e446ae"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"ee15f5313aff2ecee83d0b50810ebd19c5d300b86b966da3e3450f05baf09013"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"8031c14197d2a958b61ab0eadb2ec01ce90b18f61927e72a6674a2eb056bdbbd"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"43231f6359cc9e89e4422a70d43a64dfbed03a836b5effb2e59265d50a5545ff"}]},{"mode":0,"kemID":16,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3fc28835c6358c14af667a64e8fdde21b65c429fab6bb4cdac1726c920a6705a","seedE":"15bfbbf2e5db9ff37143c5422055c0a9f06172b7e9ab96bfb97a158c31eed18f","skRm":"bf9cce5b6e47c87bcccf015cd86a44b506470640c3c5dd0445707d4f6fbfb776","skEm":"0d7c40d81e3f755208a43c612f284848c9b60f7978c061947fc1a2435d8a0ed7","pkRm":"0400fc204eb8aab36dcbc428f38cf4f25dd1e81561b9553cc9d8c0dce8692079e39a499578852aab32cdf9cdfcfbdef2b122d2dd84ea094d4a87a6f13512710f3e","pkEm":"04d7a264d4d2a0bb5cc65ecc04282974b21c3d314ef1abb8404a26e829cad5289c8b0c8858ff8988a6e2e6ac36d20e81e29ca3e50a76e7527eb36c37376172fb2a","enc":"04d7a264d4d2a0bb5cc65ecc04282974b21c3d314ef1abb8404a26e829cad5289c8b0c8858ff8988a6e2e6ac36d20e81e29ca3e50a76e7527eb36c37376172fb2a","zz":"b993ba6d26866b0b984c3f1c8f1c4c1cfb6a5157be9a0a8c29fb360529e658b8","keyScheduleContext":"0022292de1e395ea9d74dd6b69563421b959b173cf02c5181a02f826ed43bbd894d76245ed95140f8bb9496c973e21f10f7854b95e63373ee019a666ba2c75318c","secret":"522634fa4b7f451ba49f212e6b55ebc3e5af7f7c4afa37c127b4dd6ea54d513e","key":"294ee07f82a288bcbe4ca0fc250ff8cc9de3d2ef26458ed97ae13fa967cb57b8","nonce":"5aba591306aee5aa06b7e5df","exporterSecret":"f2da0cdc8c77c7bd4efd227b87be8f613fdc889b609c73aa609228385e798fb6","encryptions":[{"aad":"436f756e742d30","ciphertext":"60e7df16c489abe33fee3e42d7524481dd01268643833bdc05e68c15b9e8eb7ad1b8330d6f92372b2744e8553c","nonce":"5aba591306aee5aa06b7e5df","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"9d0f6f1677166423a81d8d793de06215ad8d30588172b055add149bb02a3b1ed20a83ad1dfcfdad573789adcdb","nonce":"5aba591306aee5aa06b7e5de","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7b1213c97e5b1ab93732fc0ad01f9f567e97a5c0e146a1b8d743e5df49b8fa055522c014d8051b492c2bd451fc","nonce":"5aba591306aee5aa06b7e5dd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b4e836ec145281c69d91b5ec5180e7660ff86028e87496b83ef3b6a80d4168b8517f1ae4662210aa1b9b2a1917","nonce":"5aba591306aee5aa06b7e5dc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c9fbe7f1c010f8edbf82905be2c5578b731fd1e9088f01d88a359822076ccb699113bf544853c4627bad0d50aa","nonce":"5aba591306aee5aa06b7e5db","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1962bd6ecbf65e4df72d1ad0a5ed6a86ac7d4037fe956119450ed6326ef3b4a04d63b7e849f4bd78fd81b7008d","nonce":"5aba591306aee5aa06b7e5da","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ac6c963bbacc6b6d0de19f5ec5712386e39fb200e758c6a9f6dd45619189898bc035d20c99315abfabd0f43f25","nonce":"5aba591306aee5aa06b7e5d9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"acea7b4856ccd86ad7265132de503ed1504fe9bee5e60274967709a73309d7e4028b6893809cafef31b3b70e62","nonce":"5aba591306aee5aa06b7e5d8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"eafd032be17f7687b157d06bca697f6921dced112bdbfb96384447fdca843bf5b5dcf201f77ed53b20829422f3","nonce":"5aba591306aee5aa06b7e5d7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"52fcb168bf3ed001bf2e115bf93f64dec797e29c20cc35668484bda7a601ae2f3240217a83f867e7b5c9907244","nonce":"5aba591306aee5aa06b7e5d6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"21b93f02414b072863d503e99688525582f7ab00e532c13f4a8d413b6c50d495"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9c8dbafe3880c4e6f6b7dc839ab1290318cac69692edc5f4daf9cc60a58f0faf"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"f22163270e550df868a9f0501a2e62240005a4afde3011bc2ace207eafc0e117"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"874490570376b644109b6e17351ec53655bacfcd1887a5380b18ad633dbf6d9d"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"43b95135170ced7ad7e362a3d9c4455da1107ca3f4e5feba82b4fd9ad801843b"}]},{"mode":1,"kemID":16,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"6fc07047e29dc091ac121de3a65d3676b995197aad7df458f73caa4f15fdd9c4","seedE":"1bb8bd0c8a9b554f56b2379665a8623954e154e685af7e257a87ba669697aefa","skRm":"2de89adccc16277604a2daaaa2b5789d9920dd20a55a6a07e4d5e791a22f8777","skEm":"31ff8fb96da5f044c8e572eac9b50e974803c48ed10c798642358bcde5a02942","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04d1145a32822109206efe59f460e074eb0a1e1c64f6e0047fbd742e8982a3af219d664525aefd1ae883f6b20ac9638af6e3755297fe482f8c75c539c5df46b7dd","pkEm":"0441ab4c2194bf5e54156097135630eb894c018a54f810444322ee74c6045ccca6a7715744fedb1670c8f49742666f29c66dd970d76531976e2b21ff7f10b2790a","enc":"0441ab4c2194bf5e54156097135630eb894c018a54f810444322ee74c6045ccca6a7715744fedb1670c8f49742666f29c66dd970d76531976e2b21ff7f10b2790a","zz":"37ad6f6e3e4c9901d69a2ece4e48f2ae14f08461f545dd8cfabe7f3476ff08ee","keyScheduleContext":"0149a639e59885c0c2ac77f931d86d30d5573eea1b44ff27606ccb9e8b49bedb2ad76245ed95140f8bb9496c973e21f10f7854b95e63373ee019a666ba2c75318c","secret":"4caa9417a93507d6e9ed97876ec0f86e98524a92f7cf197fe4d171d6f79f41af","key":"96a117518c9a525c501c5912de8940123a5eb75a193543ca43d5fdca6b3d1f1e","nonce":"303e565f9633de4922f4965b","exporterSecret":"2173035bbc2aafc7840152112aa7c0d2389d1829b22eada924bb6e6633df8260","encryptions":[{"aad":"436f756e742d30","ciphertext":"db2f333978763ed2576da1e2c32fde86ba9ad77379186ed3c8ccd031ae05521c0866639331f9752e48a72b509a","nonce":"303e565f9633de4922f4965b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ab922920a8b2e8fd578b24bd5b487127a579a1cb2c33b78d9d1303465053b0419591002fd8deef5cc8802be158","nonce":"303e565f9633de4922f4965a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"43cf6aa3e0b7ec2610ed42f9e6d83c2fac726d139d822c2db527754c92eca56d9ba17f7952175f627c9a59861d","nonce":"303e565f9633de4922f49659","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9a3f83399fe109ccb7ebb5a932f50957f3a20a0b562b5a942b4a83a51a6eae54f8e2b6f23f95c7f2a34fbf28e5","nonce":"303e565f9633de4922f49658","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"0a0ad83aad6a22fce071d8541f1e57f9b1b490a4e5b0e879a2ac7853c92cade128b6d31a522b552fdc0cde855e","nonce":"303e565f9633de4922f4965f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"a535fa1f286845564f03b910379ebc782f3a63e02513bfda309630d74df783aaa1f32ff55b706f6ef3ef084791","nonce":"303e565f9633de4922f4965e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"a39a3fec0409068f7f4076653a3e743fb423e29bd708e27d071378261dccb78a14768166da5e1a1b58c1e3a4e8","nonce":"303e565f9633de4922f4965d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"c4952d7ed8e62e0ac11888acd6e0e2be138cd63fdfbab9b0af8e993d203c70cd90cd8f59ea3da6d439f53dae86","nonce":"303e565f9633de4922f4965c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8d814aeb150d465eb131948b99fdb70c8e3e9c9659ed56902964dd72130989b3c2323177429b2ec9cc1ba592a6","nonce":"303e565f9633de4922f49653","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"d5b7869a3ab596003105309487c830f1639d4e659615cf4fa8d0aee2b69882a0ed3942e77111c1b340c9f0270d","nonce":"303e565f9633de4922f49652","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"a6fa562c091349840f6d1b5960561ca8e2b8610150fa56a9592eb414281ca6b0"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9695513f39110cab02822bc8bff5c0cc4794f5501c0ce84e922ec535c889cb48"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"f298f9ee56f04f935d4022eca5f35365736a5fc626c6dadd5a14417169d462b2"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"7ba835169c4d7793af2c1dc094d6f2ac8a97dee6bc1045c807cf3b8429581804"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e3206ed3229cfffeb91f72f89deab5cc248da2e56ce5617ed31d637b02276db5"}]},{"mode":2,"kemID":16,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"21fcaeb996ae33f149cec55f8cc3cbe6ca6ddb5adc42bc0270bb1a411fe4c980","seedS":"7010eab10870e73e93a9d44c85a872b6ed7596d951e04022669ec23dd6aeb51c","seedE":"126a57a60653ccecac44dc9c5ac90e4e221b46d8ec3cd774d4988507324a6e39","skRm":"06659b9f357e0b93c7ab137b048263dd54afb0d00820d941e55cef5f1a435e55","skSm":"921b2d6ac50ef16e1ecc48ac71ec5517ae42076f33bcc33abdf1fb00d8e232d8","skEm":"a98f66e051e72ea5840a01b053449cf3112e85106f2281b57573451160dbbeeb","pkRm":"04156d7a13c33d6e4bff2befdf53cba69dc16b504a30bb40facbff9207fb9edf19baa6ffd7837b94b370234c597c70a8ca260649cab6f52b48ea127ae09f5b113b","pkSm":"044fb674b5f79bef7ed061babfd59523e599498106db25aec226030bcac77dc869faa4e4c492f1055c5f85d3873adc3be6bd9c25b1621568295f1572aa08655902","pkEm":"0433d24b1104f8942765c1176386c708e50349f7cce532b76b300f754eb6e6fa6516d7e870df5f3d2fc339ef3acbdfd6e440b0bea106c087f26e12a6728270d3e0","enc":"0433d24b1104f8942765c1176386c708e50349f7cce532b76b300f754eb6e6fa6516d7e870df5f3d2fc339ef3acbdfd6e440b0bea106c087f26e12a6728270d3e0","zz":"c6492e73ad6ec18d05f17bd62be8bcbf48fed700b8442909a4f05ee7694b7894","keyScheduleContext":"0222292de1e395ea9d74dd6b69563421b959b173cf02c5181a02f826ed43bbd894d76245ed95140f8bb9496c973e21f10f7854b95e63373ee019a666ba2c75318c","secret":"aa14c3f13aca763f745abc1e1935e8702423c63b34fcbb7a89e3737b75bc9f15","key":"96e00ecdc637c02e9933bfe81250e423059fb498542fecb6cbcd3ef317a32d48","nonce":"44d213ec799f975d7b76337e","exporterSecret":"8e7ac10053d71a204961988381b83ba6cecaf5b38613a447e5b3fdc1713d9a43","encryptions":[{"aad":"436f756e742d30","ciphertext":"7053b878f6c6581b8edaedc86d035f7b9dbf9c7fd47fe1bf327f84d35c9368782769cc536995aa6cca32dbc945","nonce":"44d213ec799f975d7b76337e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"32b7cd0ed4403b7ca95eafa992e10d78446300fcffe47637d87b8b25cba6ff5e23860f5478438c35591072a0cb","nonce":"44d213ec799f975d7b76337f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"aa2b44052305dce229072c7039e99811e34766cc373eef834553622f83f770e11bbc5b12d5b4e86f8c9f2f8dac","nonce":"44d213ec799f975d7b76337c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"26024c9333a5016d9ab65122ce77dbfeca2edf06520a6084700ec2e34c9c5938a053792d1b47b606ae46437b51","nonce":"44d213ec799f975d7b76337d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"f85440864596f271cbb62d9a42e0233a30399cbc5b0b70541554ebc126becf1a460857194eba80d43c3cf830d1","nonce":"44d213ec799f975d7b76337a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d97348373faca415861f944ef259f58149f8e460a8f22d030a318e53dacee8538a7e6720b27edc1c553374d314","nonce":"44d213ec799f975d7b76337b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"6da06eef053a8bf3cf216787d52c37459a34d476a0b73e2379bf3975314556ccf71a244f5457ef40aacdf75cad","nonce":"44d213ec799f975d7b763378","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e7bfbdc0e5fc0c08504d78ddcb048f09b3cb931e0bfd4ab56740de24c566d22bfa93381a1d467ae21591573576","nonce":"44d213ec799f975d7b763379","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"b72c8b385eb20b348f992cc23c95eac8f6959fc14daf87c49390c00f2e91699d271b982d2c9163502486ccf176","nonce":"44d213ec799f975d7b763376","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"83e1f42d8b75a48acfb876aab6ea0e7a2f87ac3e3bb0eaba88f55e7e55a73834fa358a7d240a00a0af8f3b4bc8","nonce":"44d213ec799f975d7b763377","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"168f2889bc25f4dfd523fdf48a060efab391398c285ecacf0c5056f88e035678"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9e87b0aa3d138bca254282c5c774176a8f4080f880cccbd91c01cf259f58d525"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"f7f3ddc87665ce38ea033f8b10c75e8c2d55f45f629ac163d84b6b204b0c0124"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"0d2e531f47085ccbb974f371a237f352412058bbd089b8585da38516809f5d06"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"9732dd08fcca082be845ba6811da75253dbb349598d1674d81c14232b29dcc27"}]},{"mode":3,"kemID":16,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"19bc4b51f7cf31052f53060a96162ffb35a16ee4ecb4ae27a8c530a1121a0e06","seedS":"82e708b3291401c8265a3e32fa8b0605dec7ff464ee1ac9fa97e2e3db4b143bd","seedE":"d4d5d3913b488e7404679591e29502eccdb26b2e6af869ded2a6548f0ea1af8c","skRm":"db78b3c28a82d60bfb5f9793464876b25c82645a01cc5230e69bf3a9563bf89b","skSm":"5e41187022de8d2b917ebcbab4733eea52ef3935cf93cde0f2443fcea0d62ad5","skEm":"4879fee5971065221f34e8355742637cc56123ff1d8f059506e15b7395debb0a","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"048c4cb880a9465fe73e577a051bcddf718d0edf1c0af870aa025db7c49ef9068350ba3ac9fd6dcbe42b76fa7fd9dbdcbf1a52573aeaad0bcf48aefb930e3c962e","pkSm":"04507448f0f9f8e7a5e6ef5e36c561b8ffff2d29029ca68a550d4d35004e4a8e6f66f44b23418b7570f1c2066f4a281f6640b55809cb983d7aaa14e3950ae6d38c","pkEm":"04b9409eb2c562a74cb94850eeab590fd637b56f19f980b4c920b54ff2e1081a82a57427158112934cdb9be4b4519a2fbeae22262cf0040b0f52e0c3e3cdc90b83","enc":"04b9409eb2c562a74cb94850eeab590fd637b56f19f980b4c920b54ff2e1081a82a57427158112934cdb9be4b4519a2fbeae22262cf0040b0f52e0c3e3cdc90b83","zz":"4444bb09021ccab9b8d9634c4d93229c12951d56aae2a1c94bfa03b65dc6b8f9","keyScheduleContext":"0349a639e59885c0c2ac77f931d86d30d5573eea1b44ff27606ccb9e8b49bedb2ad76245ed95140f8bb9496c973e21f10f7854b95e63373ee019a666ba2c75318c","secret":"4090af92bc19378cb64b9e852fe4c3e766480990af56ebdb74e5d6467f8c2a30","key":"118468c4876f60f36612ae56cba9c12773f6a42b0d4613531ba1adb9e3285048","nonce":"425e16fef6a16bd00bfa9aba","exporterSecret":"4c4b9340063797e8f2b929ff4c6f6a766fe1ab0c3dfe17ac4f0cc5211aff1dcc","encryptions":[{"aad":"436f756e742d30","ciphertext":"6f3e2fe4e51260ff11842d064d617345dd57cdcebab951212f501808edaa8862244cffd108b217bd6238cd9c4d","nonce":"425e16fef6a16bd00bfa9aba","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"8d3ca4f6dd93d4097fef4c3ca4bc3c4352c913ad028bffea6b1460be188d79c0db3c9fa9e7b1f8e7eb268e8954","nonce":"425e16fef6a16bd00bfa9abb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"c483a832b466a1397036421d7797e3e39627126e26565d1d007d49742b1d5fb07afd4cefeb997168f14c76c37a","nonce":"425e16fef6a16bd00bfa9ab8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"3fafb7155e9ae1064641a9e4cadf85176006423a5e64fba7f4797e0c9a973db2610e0c57f4049bebac2c7e3f9e","nonce":"425e16fef6a16bd00bfa9ab9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"a6f1bd5f881398180c04b3405b5e57819d9bf48cefa4c76321f2ad8d3020a8750b8751d3b1166845c09ffb7d52","nonce":"425e16fef6a16bd00bfa9abe","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"9721ef3e49c221a6b1d40708e4dcae6bb7cf8e100a83b62bac1c4da36d76228274b4106837f11fc912e4fcc860","nonce":"425e16fef6a16bd00bfa9abf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"760d7d3ecfc1b76c804964d09bd4bb214b05553263eb07b197d6614753f84cbf45168893a3a11037683c14a2fa","nonce":"425e16fef6a16bd00bfa9abc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"61e43f34a306228866b686749f6cc5da3a0fcb9f99937889fed4070d13cd8eb669fc46f6304392c18f01c6170a","nonce":"425e16fef6a16bd00bfa9abd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"b490797dbe8e58ebcf2529132c1a6e6162f6038f89ede56e947b40e8b7c173988f62ad0620106fc90312b34e2c","nonce":"425e16fef6a16bd00bfa9ab2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9a1180c82dde07495c1a8018478d8a2903b06e6c3a31a3a4f3d4d1f1d98945eb1a6ca556e4b247ae567eab0c0a","nonce":"425e16fef6a16bd00bfa9ab3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e7cd40be63f705cf0deffa42a21027aa594f86ba2a545da1475862f34967f7cc"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"00f6b02ea03b2c5d73e6f354bd1cd511f3fdecd5fbd304f22c154c46a50010b4"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0fb432a56ab7c2b1599b3d58824f81ba6e76a90f5156ef84f7a036f7fe14ed87"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e492dc2e6ee1e839b8dadbb0f559f3ad90c720f759ddf9c4bcb18cc5bb7b98ea"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"4658b7c8e95a717840d55d0b36f960f0afee3ee6fe0f3ceddeffc3702522fbf9"}]},{"mode":0,"kemID":16,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b8cf55fff54a44eb4cf6f951e580405c03f72aade8474e8b6e86a7118d3f1342","seedE":"859c4d4661cfccf02e8c4b75abde884bb08dbcc318b2e56acc4f595b81704753","skRm":"e1ddeb890f47d37df5ab42e09d10e3dbe8a07a7a65e21843e6d46997e1cd6c1b","skEm":"d0afb2bc6fe1537feaa0e699e53cd3803de978a88adaee434b7c49294c6fcd32","pkRm":"0403182ee491b92dd763585075bbe14ebca251fb8e7c466e53c0d99e03acb7550ade27f7a11dd99d456bfad8c30e94a9da7121accaaca356cc637aa64cc2d0d9c1","pkEm":"04cfe80978baabb7b767255d3a196feffc4a77e7b09b45c19ee49d947c5036e33a254124d6f89d3d9368c42a38f3d0baa6bbdbb84b22406f5b1395e34d08602d33","enc":"04cfe80978baabb7b767255d3a196feffc4a77e7b09b45c19ee49d947c5036e33a254124d6f89d3d9368c42a38f3d0baa6bbdbb84b22406f5b1395e34d08602d33","zz":"8c59704a49eaf34699eb27b5016fc888b4be693890dbbad2b56545a968828b70","keyScheduleContext":"00e8c0e7b7e1350f45ba50f2fd8fb2e9bea10d5bd28e9cb917c3adae0b6f8b19eee61cf47a1398afb2012077e2fafa0cf228d64ab9f22b63b07fb3896a495ce272","secret":"6229f2fd32e867b396a36f9ff548086f4915ddaa7628cb1af6fade352d7cf6ca","key":"38b214d8ebea4305d2ead33e169596228eb067147dc261816f952b33062f12c3","nonce":"bf35a7db7279cd71b8664309","exporterSecret":"889d607ea5a873eadb3468063c554ad2ab5afe9ae6ae65559b51fbf2dbdc7c1f","encryptions":[{"aad":"436f756e742d30","ciphertext":"658d3427e21bc7fba87cc10fd26a235e526eec111b805c16ba985359b91029f8c8acc022ddd16265d981e8b452","nonce":"bf35a7db7279cd71b8664309","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"5fc0be104d84a79c0b853c5dfd1273b24741165446617e99356179c968aabb0094ab5d5bdda3d9fe8e5cf763a3","nonce":"bf35a7db7279cd71b8664308","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0125ccecd83a0f97fe18fcbef9ff3dd229b199f2e9aa15d649299f4719494910c6213f3ca12b4a684c36955866","nonce":"bf35a7db7279cd71b866430b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d0f14e0eb2d0cacd9bdfe71265e3de53c5bc8c45d9503545f7e4d7aaee685bf3efc2b642e2a9da877b3e1ab60e","nonce":"bf35a7db7279cd71b866430a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5cc5dce6cb7858be2bd6f35443a006ffd527a03d13b39fe43242f6ec72e675b929efdf2c39caa989adeda00ed3","nonce":"bf35a7db7279cd71b866430d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d3f681017cde45618d70376f49afad398af85083fb4a1d9c95eb2eaf1b2feb7cadd4ad7e2aefccb5071b992539","nonce":"bf35a7db7279cd71b866430c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"8c7829f126c3f3bfe9a4f74de21ecf71d407802443c52deb1158e75d165f13b261b1681baf07d1012d4a80bd8c","nonce":"bf35a7db7279cd71b866430f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"9be6a8931e0beb7910f8b6a4c16dd173240802cd3e7ae07c5f69f66f90ed00ce139f9b01835254c62a167dc010","nonce":"bf35a7db7279cd71b866430e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"4f1b353f157d04f59bdeef7eec5dbbf7277f7a9551f42b3af81a3cb45227d870cdc4cb6923730253710299f70b","nonce":"bf35a7db7279cd71b8664301","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"cb624a8f7559fabf4ef2837c8ea464b1f07e64092429e657346b5415fa7c41a6dc35fecf2d93b8946c2ff31af3","nonce":"bf35a7db7279cd71b8664300","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e3dce03ccf722ea3ed13a494ea0e873a68c8985dd1eca23f79171a48834fb2d6"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"3728292af7600e4f81d966580ea205cdac027a9338b0805cc0eebc7afda85676"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"747b96352e13336f55ddb1802b62cf02584f6c35e37773bfcb75c25dc848ca05"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"262c1dc11a12635cadb1d23b30ed08d5d8bcbd15292cdb0bfe86daf4ef7835ea"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"48da19f891452dde87ef9c7c60a1d39d3be76725a543880ab90428896b8abe42"}]},{"mode":1,"kemID":16,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"e247b41b5f35fcc6b8eee0c045903e3501c4435e61b9495121c4d806a5535af8","seedE":"4d20e125e23418fdd9fed2377a109823d62696a7ac538097d6ff9cde7333b8ca","skRm":"f2c42be5b9d94619d1986aefa857b0576baabd041678602598d98746d9c2bbf9","skEm":"0cb07eff0577caa07edbe6418cd32cfafa015666f6062501f0bb023d8b80ac3f","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04dcfc4d475199822b979f529886d44b14cbaec4ecb39ec1976456e3d405d54c36630d46f4ff2590d4c6d2394294371707a9355e81bcaf01318366a402e8eb3caa","pkEm":"0486c02a28ac70f3ac99cc9476bd097839bf46068a63707972eb5e0a08a461f5841e3051021735d371ab16674af4ada3eb4931d3b160b9e01068588c3d932c06c7","enc":"0486c02a28ac70f3ac99cc9476bd097839bf46068a63707972eb5e0a08a461f5841e3051021735d371ab16674af4ada3eb4931d3b160b9e01068588c3d932c06c7","zz":"532f0da9ee52441d9541d69fe3733b5e9bbf4614702ccfb37f2481cbf5d12fd1","keyScheduleContext":"018713a4542d222c26d332326846e339b2247a082724788524ff6a4eb9dbc23a79e61cf47a1398afb2012077e2fafa0cf228d64ab9f22b63b07fb3896a495ce272","secret":"5c38cceddbff3fbed605e22c8ae2b55eda874384f224f8321f0e0d4dfadc61fa","key":"17d653b3702094cb983571257564514eca6de37bc6d7dc94bfabc885461c54f9","nonce":"7af011ab27644b86060082ed","exporterSecret":"8a13a35e5f65fe72b9e44b1ab313acbb8ce33d140fd6d67f5783f96b2a06cea8","encryptions":[{"aad":"436f756e742d30","ciphertext":"5f3a98cf297dea317c9c46a5ca99d449ce1b37b949f20859b776b652b012ec2306c11377a3a7e9b638693504d9","nonce":"7af011ab27644b86060082ed","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d7f76140fc09e177d2e69e79ae3b8cb8fbebb9aea64afe03f0e540c74e3f056e8d8883fe3b4571570650fcee12","nonce":"7af011ab27644b86060082ec","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"635028bfd49d41f6bbb32305b9e4b04ba9586d2a8f9f1a7f69635dffc82af7d3bf243cee2995b992b8fde9ffd4","nonce":"7af011ab27644b86060082ef","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b07d5f404abde6f0c5813794c4c15975ae69196d559e0b756933521bfcbe177a007d8213e0385b27114061f524","nonce":"7af011ab27644b86060082ee","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2b16063b4995efb0fb4e594bbccee4c056db445a5b8a781a6b15cef76790e0bcfe907aaafe8aedb047dff8fbc9","nonce":"7af011ab27644b86060082e9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"0e09800706237d940beb13f8783f7a70bccb182bb1ab0359b2fb644a779b66069b19febe99f8d5461c4f99293c","nonce":"7af011ab27644b86060082e8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"3603985f08e6250a4b7e3cdb9c1a8a9687ff67daf7e7bde2340a9df52896e729e12e4d517a78a7427ce48d42ff","nonce":"7af011ab27644b86060082eb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"b02b692f80e91a5961f6a13e0d00201d2aefe467c31dd4abd4671f835100cebbcaa5366c7d460075ef04cd8476","nonce":"7af011ab27644b86060082ea","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"de2678d8c95ceb2225cc91dd334533806131e00df8bb01c555126014adcdfb915c0678d19ff6934bf75f6721cb","nonce":"7af011ab27644b86060082e5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"77fe32facf3c440721dde73d59da95eee20b401b721ef6357c37f9722a59ddae92803c61a916fc916fdf257402","nonce":"7af011ab27644b86060082e4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"8fa3a96428a242a2faa65f40272de3731952041cbb9485a731192073095e184d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"894ec2b8a321cbe17c5032592f1f0a23ab6af673689a49d47c90e3f3e8df1f98"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"926d91f3481137757267004f39af8f5662cdcfbe123123a375f4a9b89ed639fc"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"de096242de50659d386f440f9765caca606c02e75b8ad99ab86bdb10cf8e0755"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"35d9d008df26904758ae167a2beab8fe78fe3bfb99ab8bec34a924c0d75244b1"}]},{"mode":2,"kemID":16,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"effd0c0e02a3b9149a07708efadd52e6239f3d15867e3dbec69963fff77f48fe","seedS":"e8af7d29c6da474f3815e9061851fa2651b00898870000ff27ec373d4117d8a7","seedE":"60c8ac4057df119fd55487fde761fa1582f98e4293c0a2834bc818d270570ef0","skRm":"0371977c0427af606d987728d34fec4b2732cdb12e4880344ae41f1dafcbb1ed","skSm":"a12e9c979843ac49cef8b53435c1c00f14ce0592d07e4500a4ddbd85ad622d85","skEm":"501211b680e72820e051d81bd54ce993431b6b88b4da25d25f3b8fa613444fbc","pkRm":"04920e56712f2fcf2ac209f4bf842d29d44f1bdd5d153a7803d107da72f7922b2b1312a43d8e9a3caa38c121abc5340a3012b9c514cf7f2ce22df86b68e4f7b2b7","pkSm":"04d50685d1b3e5e2df964fad40cdecb7338a0bbda59c6eaea258a79cec57f46a436bf3cb1c6b57d1324e705a92c49e38f181663e5aa87cef5c6ace0aa9cf8677d4","pkEm":"0423653686046168ece7a52b8ae90b4759e98ae2d562b9b4f5bd9d67c037a4954124d84fa4074bd1823a4bd1967b90fcaa64a301edfce48c46b7850e64a4104a3c","enc":"0423653686046168ece7a52b8ae90b4759e98ae2d562b9b4f5bd9d67c037a4954124d84fa4074bd1823a4bd1967b90fcaa64a301edfce48c46b7850e64a4104a3c","zz":"2b22a14ffb954acb4a2d366c318918026de11141d5ee55f1c3bbab843f156268","keyScheduleContext":"02e8c0e7b7e1350f45ba50f2fd8fb2e9bea10d5bd28e9cb917c3adae0b6f8b19eee61cf47a1398afb2012077e2fafa0cf228d64ab9f22b63b07fb3896a495ce272","secret":"a8d835b8b556ff5fa0e096868307b358d6b9e53f646d8fe2070b6fb8f606b420","key":"a09e54a17cf1db07f2ab0788f8440f6d978796d087ea008cefe9a9ed22ee9a2d","nonce":"fb4a23c48fa7e685a7d6e76a","exporterSecret":"106b5404cb13e19335c0c875ac2f080d4ddf83e87fab0e69742591d2c771171c","encryptions":[{"aad":"436f756e742d30","ciphertext":"e01296706f40181f5538c977cb61c83fc3cabffc02aa855b5e4f26a1f151c0f28c6f7531bd9df252adf77c6a7a","nonce":"fb4a23c48fa7e685a7d6e76a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"01b86de4080d828e02e3e05273cd06d9e27dc506f313fba1def09d2b3a3b3591ac1260f6fb100c32d875445c45","nonce":"fb4a23c48fa7e685a7d6e76b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"96ad1ea7d9baade04e9e10afc70c23e11c246be80e3a6b83403ff0e6ca6090054f6c0e7740d6ced45560b94eb8","nonce":"fb4a23c48fa7e685a7d6e768","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d07cc4e696c518eb2e8202eee79d6c19d56bb8fa473b93c5ec5a869649a2a45e10532ad2f2ac57ef711968695d","nonce":"fb4a23c48fa7e685a7d6e769","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"02f60d81bed2d51acd6b28d903e17ba7c6b7267953137b119dd4ecaa6f827f5ddb65fc16a6940aabb8e7a42313","nonce":"fb4a23c48fa7e685a7d6e76e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d1745ecfa642c7be457777b86f74b6fc18766e144e83dc02d87112b69e117c88b1620943e0e6606dfbf317b36d","nonce":"fb4a23c48fa7e685a7d6e76f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"305803b6aa77d835335f661169cb5523bd17d6c7ad0035723b980344d238af8ff9328aadc2ebef233761f2c673","nonce":"fb4a23c48fa7e685a7d6e76c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"6c83970f2d9fcd81927a1f0f629357235ad7007c8324b12cc40bfdcd1593b8e59adc58c5245f2df5787b844923","nonce":"fb4a23c48fa7e685a7d6e76d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8fafad07e9128d393b9d41f1d4c646a0c147f8008361c284aaa305205e500448369c4bdac02703cb4751231319","nonce":"fb4a23c48fa7e685a7d6e762","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"7366941ffab930c766c981430859619e6084d288bb597a1aa28551bcdbfbe06325652095d651d43e9126cb03e5","nonce":"fb4a23c48fa7e685a7d6e763","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e856031b050ccdbdba8acab9fc1607ecdcbe1fb4d847d6f9e066346545315968"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f900b8b8ff49cf6bffbb75932830311b80461759ba9b281c21766c850ef5b595"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0ec686402cd4e6661f2e2498f544bc6a284305e46f3ef520ec89a235258562d1"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ab2d8dc5dad3e3ce5c1a95fc6cb6b771d2321c398ea16c6320c5416867eea5d5"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ac23052c271ae28aba8b015190f6722a21577379a42b45f51f8bb2428c099d92"}]},{"mode":3,"kemID":16,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b8ee6bf7de2ba6fa4b1e17c3b4c7d1c4473efd04dedb57b51fc16da70e8bc694","seedS":"07906968002ca42b7e020ed5688888d6d39adf28bfce6e1676040867a44e30d2","seedE":"988b9b7057d1231fbde4335f3bbcdcdac6eec0aa47809bf44e21bc7eada1e9cd","skRm":"79824807ea8ec488adf71cebfc942499656daf84b1b813958d3dcedd14ae9e76","skSm":"e298a327cb011cfe01a18aec7144ecf017ef558de65e2f37f0519f5ce55cd8bb","skEm":"3b1b91da8f715f7f2930dda670cf4c0249460146175f226eae4757ec78e27b98","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"049f73853a74526498c76eb581272bee811face7aad80fae58a38d8003daeff0c118bcdbf43914f58ad4925be713c7c714e549fc36c7eea9ef5c399d1566fb32a1","pkSm":"048d180fb853deb154e567e6b29f9c7e9ed61c43f1e955343c01eff2efd299529f4e1b937088ad52af3fe238371b86785c6404b60b2b1b6f2836afd228ebd0e8b7","pkEm":"04e07278d6acc2d11873fe0810c6fb2f428e10271b57b9fdfbd0d1f33add904fb16753627b77df60b730bf50577d8c1d6402fbd4abc5c46a84dd8f27cc328c1e7c","enc":"04e07278d6acc2d11873fe0810c6fb2f428e10271b57b9fdfbd0d1f33add904fb16753627b77df60b730bf50577d8c1d6402fbd4abc5c46a84dd8f27cc328c1e7c","zz":"80fe17e2d0a6fd7de53fae4ce3c7fd8f98f31909e0467dd8818b0e2fe8fb86f2","keyScheduleContext":"038713a4542d222c26d332326846e339b2247a082724788524ff6a4eb9dbc23a79e61cf47a1398afb2012077e2fafa0cf228d64ab9f22b63b07fb3896a495ce272","secret":"b9ffe6a3945361e1f03be9d00f3126a95cd34b6fd7c2ef5d382cad859010c6ff","key":"c6f8a68c636353a02efd5163e4d643d3e8860a15096166c9e4a9794805dafa3f","nonce":"0825f842847edabba2b83b54","exporterSecret":"5e70f200d85c466fc8088c6362273190b7c30cdd545bed8f4905ada80982d704","encryptions":[{"aad":"436f756e742d30","ciphertext":"6f1b2bd7b94fc1eb19ceca585094e19de6b0c78d4a7e5ad6f338119cfdcfba48adef480e3768032e4daf56f1a7","nonce":"0825f842847edabba2b83b54","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"6d0b86549862cb8d400425e924cc30b2121f5cfcc02c8fc9eca04b15e53412edf811e2d15b2ed6601e73769a3e","nonce":"0825f842847edabba2b83b55","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b3b2ee91f84de1be1db778227b49ebcd5226b9eab55b9b4eab73cb3214d02ee798e90b86d47d1becb30586130e","nonce":"0825f842847edabba2b83b56","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"435df053b8edc227570e324b96c88cc3c4a13cd948a160716fd964c04b2ef7baa9e4e9290108e956c96baa5142","nonce":"0825f842847edabba2b83b57","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"0eeffe74e03f6c1d4fdcbc84bdacb1ccea00ee2b139c5bd2f27b8870524e39d9e428fa45a56eb87c4b7dd6f76b","nonce":"0825f842847edabba2b83b50","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"841e478241e10f48decefaa62b6c7c29264dec59b3e5436f9bf7458369455c867bbc231fd12a3ed2e32c597797","nonce":"0825f842847edabba2b83b51","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"0a9bcf04f706ba32ace825f40f37771322ea33969afeca4d1041d4a012abfc7e6f78d012d5d771142bbf72ff0c","nonce":"0825f842847edabba2b83b52","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"14b4144c71a2e4323bfcd56c01c209f72156ed20311fca72a3a63c6ab8a083080dcea5143bdde94939781a5c09","nonce":"0825f842847edabba2b83b53","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5475c4bdb18073b8f489785d73f0f2d4d25672d0ab4017c53ad933f0bc26de595c5d8bb43b21c676c9c8f77159","nonce":"0825f842847edabba2b83b5c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e5e0f576701b8193147cb5488d97ce7a125f1a0bd4dd9632dfcd0212a563ab7241475e189540518e4d286589d8","nonce":"0825f842847edabba2b83b5d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f575239cdc76dcc010f7af0ceee4fb29632d69650995a2958d89d28a77684f4d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4d63713eef29fe9341aaa762b926536b7ce0940dcff89bf3bf66444dec2edba1"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"64e5848db27a605448c67360b9dd4282360d43501f9447d613460a7aa9f6de0a"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"d7f504e7e9c25557733cf1fccfd6469ac8c4e886a23cedeab2dfd76ef1964607"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"4194b2f0bfb4e278016251bcc95487475bb678404bbaacdeb46438c917de068b"}]},{"mode":0,"kemID":16,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3e6989036e77d0558fa75a6576627dc007d8edd2cccd5c740add86f6e99c20cd","seedE":"d939e84813ae98d59266f1c7081993a6c8cdaeb54c316b8dc589fe1bc6136a4e","skRm":"370b1529bec509ab610781c4fb68f3cfe593fc4ef911d65052dd37ae33cd89c4","skEm":"9328773b640b71507b822f7e62b6f91ad556a23eea3e5c0303ce474439517a9e","pkRm":"040757d70703181908fe2bf1dc7a348510e3fe5fe9c6b6f6d4324a16d6699fd94742ad00760be59bb1251683aeb6b7319c18739b6fc18365e84c49370e04a76809","pkEm":"04ae189ee3ce43ddef10dfc3624d3737982c823050ad9b6fa46b5b4d3cb1098801fea7f8e3602d63eff6fe52df6f306dc63081da8534c55e4789ed0a6a0bcbbb41","enc":"04ae189ee3ce43ddef10dfc3624d3737982c823050ad9b6fa46b5b4d3cb1098801fea7f8e3602d63eff6fe52df6f306dc63081da8534c55e4789ed0a6a0bcbbb41","zz":"8fc302fea08b164d6dfd910b80df7438f303f4de09583cfad7d8abe106004617","keyScheduleContext":"00abd88abcae4d2699e5a3ca4de95539e53837460d423028afdd5348e6bfdc6d6085a04fc074868e0e70c9e3ca4d2ec11c1c22fa8b8057328fa8c857cd1ea5c52860d548824e2c7f8ca19ca3ac1ecb906bafeada3fb5081476ae7c4c13c8a230ea91ebb2ca7bc2c58f5ce466d049f20dd1cfd09043cdcd3ba0aeebd5693adb68f2","secret":"6040d5829424d75816e221252d3434c3790ccd301f4c7ee95fb7d9eaa3c6d1cea1cc0d3f43d27a1b6e1c22a8ab66595758ef4083972ff31c483870cce7a3485f","key":"30d29b09f1a05b2ff6db6ba05cda6e59","nonce":"7d23240ba70f43d4cf5eb7fa","exporterSecret":"d780b1d8921704c69fa40cf460acd5aa0f127a6e9fe9b8b385a8992f5d0d381a860f7b198fda18b57da4afe71d155ace5d0832474870e8f7aa5c22903bc319e3","encryptions":[{"aad":"436f756e742d30","ciphertext":"eb38ab32939bac76c001ca624fd85429212d8f4ad171cb7d81baab739d49932f4863020705f30e2f4f8815cbcf","nonce":"7d23240ba70f43d4cf5eb7fa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d4a65024e1e3ed4a5b731275083ed16a9329f38629767f2f7b549df771515d7bed754fe9086df3999ce61df4ba","nonce":"7d23240ba70f43d4cf5eb7fb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"86519eb5a8fc9e19e5851d31895764aebf78b75c703251507fe3cda301c4ec2c6be2a6879510ff13074a4ff0b6","nonce":"7d23240ba70f43d4cf5eb7f8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"7bfe4da4b72056186b15986c829f9a3c9f6e4decb3cf3d4d68a2d21d035e04b3e974f839d0be7885615d276669","nonce":"7d23240ba70f43d4cf5eb7f9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b0254170e087ac3c47a66bb183218153ccdccaa45f00c4979486fb240eb3a9ba57655fba9f7696c5521ab69c7b","nonce":"7d23240ba70f43d4cf5eb7fe","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"162d5bf68f244c540ca3379b04f838c5492f2fc46f637a7063e99d962a8d116cd41cea8ae282b4b0b61d53e1f3","nonce":"7d23240ba70f43d4cf5eb7ff","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"f5a778510667ec14621c4234d4e0b4a156057fb2abc3e63c286d499a2d69b4776cfc569d0d0d0f0f31fa546a13","nonce":"7d23240ba70f43d4cf5eb7fc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"88ee8789dd770a5f44189f64657babd187392fd7d7216f55ffe1ccc01d0650e7fa2ba8e9ef247a7d6eee55edd8","nonce":"7d23240ba70f43d4cf5eb7fd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"194080e42e26c88d382deca35f12969a324f70c7f898e6936d9f5f5a3ecf5c5a46cc746c6703d7a429b6f5b4c4","nonce":"7d23240ba70f43d4cf5eb7f2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e22cf796f9f13ab2b5e065e6a9b502823345560a67f0a8401b53db9a4974266f75c6f31f92ca38aaafd4400ead","nonce":"7d23240ba70f43d4cf5eb7f3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"7f2570513de0149a89b10e18fc59c481e435fe413f1cab273c76e95f2d4ead90"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"64a6deb1e75de1ef25da1dcc2312546a2d38c638545241a79c5d8946d7b16166"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1dd73d57c34a188a1f2c6e08442b8aa708f83b15676f38fbf39a03b9830f5288"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e99b3e820671ad48b0497540cc9eafa07c97ab4e29d391a7454b9fef91bb006f"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"2375ba517898ae83458136eb1a08e4c6702a4f1086518889a619e6fd2f5fc843"}]},{"mode":1,"kemID":16,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"5291a1cc6288175975fb5b515c622a7902fd1015b689f300faae4a14f19d0f1c","seedE":"1dec8fcfc067644ab259502398c5040e799cc5ddf6f8531f85964c09b3ff8e5c","skRm":"b74cd5d11fdfe86389b6d53ff4cf94de3e1463543e088f8e85a3bc35303a34d6","skEm":"26926f110669d4b22789fbe474ac1c78c1d6a96402652edefa0a5dd9f257d9f5","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"041da0b6f466294dbe9a94e8fc83241528c2f44efeede245d155b291fcfcb55262b8af9f23600128d5b75a48591f8b5b2f6e7324a512614b420b28d8d0370a36e3","pkEm":"04c58697f83fa52c26ca1677b1d6834759250b2df244c0ddc0405aec823f40ab88bb3bdec551a5dff75ffc4e68afea289c5f86e143da2a9f7287a541e487176f70","enc":"04c58697f83fa52c26ca1677b1d6834759250b2df244c0ddc0405aec823f40ab88bb3bdec551a5dff75ffc4e68afea289c5f86e143da2a9f7287a541e487176f70","zz":"112c7836ca5b77c6ea9f4e32193f4ce57bc466002d1eaceff887a39ba4e4023b","keyScheduleContext":"01e8343773236a54e26b7ff0893a27417760ece2a634789921c319887f06a1a0b285deb7c839be8ee619962df67af85550255e2388934c22561bafeafb36905c6e60d548824e2c7f8ca19ca3ac1ecb906bafeada3fb5081476ae7c4c13c8a230ea91ebb2ca7bc2c58f5ce466d049f20dd1cfd09043cdcd3ba0aeebd5693adb68f2","secret":"222ad5af3dd2e5d4e7851603196ceafbde5dc40b8adf1036e96888f8daccd15924d7857d01414a4b06060d6bb08110f6ef8716e23a19d5b7fe24e21297923b83","key":"8e4c7bf0e13bad8e4b7c415fd128f882","nonce":"75e5f194be082b09efe70b7b","exporterSecret":"e53d0870d184f0eb45327f0bfb6911487dff0c70058b6d13c4d7c864837126fb86a5c43ee2a7ce6b72dab78549e7fbb9fd0c796882806a89152582a27413fc3f","encryptions":[{"aad":"436f756e742d30","ciphertext":"14b03e6b03c43f78032f9507dd5e9ef86dcb2ff1e223d007001ec45e7251f63657954242f04e4b4f4452ff5c0e","nonce":"75e5f194be082b09efe70b7b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"136d307d1c9c8536e3c1f9d9f2cf86d51518bc714e15ba268fb5cc80ee63b3e82bb4f3f5172b21c896bf4a38b6","nonce":"75e5f194be082b09efe70b7a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7fc395829e9bc0faca6ede42c024e7b5c00a40504be155f6a4a8d5e3580447d9a95328fb7d61f18dcc7c43a8ff","nonce":"75e5f194be082b09efe70b79","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"945b7299aa1c8c91504ad77b5ee64833c795c1440d50b1f05f6ea39474d8a152c6f41adb1d7c7aecc85c293755","nonce":"75e5f194be082b09efe70b78","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d12481e81e53c40b9fae2ab18738de0326f36b2e3f0134e53e9fafc6152812f630cbb0436764b68d5fedb7bb85","nonce":"75e5f194be082b09efe70b7f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"a439178a43fb7f68e467f849ddad63e0114a50667521c76eae31ad7f845c75155bfa0583a21f958d0f9d0e5472","nonce":"75e5f194be082b09efe70b7e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"abb49c11b666c1426bfa0ca3281f5e3a0e19f1042ae2be7112c11a513618d3914e2051fcb73fa99c7c97979839","nonce":"75e5f194be082b09efe70b7d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e275d4fecb635cd6d1ba9e5793713c05e4f2516869a32ac5f864a58e3cf1f6adc322efcd7a5de08d0ce317b292","nonce":"75e5f194be082b09efe70b7c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"41d789dd424f2665910a0dc0bdb6c7b0978eef45c5670a37811bcaea58a66f95c8c4bc1baba1697749cbbbd208","nonce":"75e5f194be082b09efe70b73","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c15e394de915fc8a4faff2d35006ea4c67ca6239ad08a2369a287c0124c220e9bf238c555635d149735dd301ad","nonce":"75e5f194be082b09efe70b72","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"79de0dca7638c6f48cd638555e84420700281c0e47ee4d7698be8be78a6c5fe6"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"1cb1bcffc8bf94fa3d036fb40c9ab9272ca757d5c114bc34347e89755a42d12b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"af6781553972d60c8eca90487cf2d37aa4b3315c97dc7db75ba93b4871cd8efa"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"9404cca8392312105f8d7c649ac153ba19b7276371c9fe645525211086b4407f"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"f1745f2b0818a0b0072a4b523cbf692ef0f4c59b99eac693a1596a484583dc93"}]},{"mode":2,"kemID":16,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"c68e13264f187106f2a45e7c5f216ba660dc9a42c5d1f2465d6221336d17df05","seedS":"24cbd40f047e304504e90a0a735d3eb6324ae2f62118fec2590c4989973bb40f","seedE":"cdc0a079835613b678b9eb196a2f2f3387d908e9dedec325d757418134f43ad0","skRm":"79b60ff40206f29921a0af4c77b099bb06f9ed5959a394c34d85c11b027cb003","skSm":"ff5ab362e3aeab0c7ecbb98f85ee13d24e4bd95cc632df968e2e897c0c44ab75","skEm":"c39473011bd27e6fd39c7620a2ce78772a769273677e4ce093c977f321341a49","pkRm":"0413db6f7b08f4d0bc1d582ef7f9bb1204b04f83a8dd26791b0dbf1cf356fe8bab1317f8ebc93b7ce09fb9cda8ddab5923f6445897f3866c5e8f5e4136c6f01b78","pkSm":"04f86107123a4f0ed9d33e5fd390eb043c0bd8d41e8dff96fcbab98b9b7a96c683a86e9327b97328b240fba4b11aeeceabadabf1f3b50fc7c61364d6c946a4cbd4","pkEm":"044e9122402741b34dd9ae2c38e03c233fa3ebc11b85d88314a73378bd90066d3a9731ff495b440b5e263d524550640c81f34eb28b3f431aca0553aabede055951","enc":"044e9122402741b34dd9ae2c38e03c233fa3ebc11b85d88314a73378bd90066d3a9731ff495b440b5e263d524550640c81f34eb28b3f431aca0553aabede055951","zz":"740b0b696bb89b7e2d795d29c8c60a980c6bf385552c91b8786db5165ad3d073","keyScheduleContext":"02abd88abcae4d2699e5a3ca4de95539e53837460d423028afdd5348e6bfdc6d6085a04fc074868e0e70c9e3ca4d2ec11c1c22fa8b8057328fa8c857cd1ea5c52860d548824e2c7f8ca19ca3ac1ecb906bafeada3fb5081476ae7c4c13c8a230ea91ebb2ca7bc2c58f5ce466d049f20dd1cfd09043cdcd3ba0aeebd5693adb68f2","secret":"02385ab6a55006c63293739dfb9faca60c8d4e5f73ae38f6efa7d2e1856533673c30b2fde5cc8d6a194af810bb2c447a8c21da1dc78948a33bb02085c2afed8d","key":"d40a33d3eb1333a46ec39470e9df9b09","nonce":"d22cb027f855722a5a33e0da","exporterSecret":"470889adfc6368edff8933eb68b4397c6d56bc34963c7ec75966acd0f6ddebc99c64c4dd208c49e98cafab9184854614b4d9451d0b0f260593688530111031fd","encryptions":[{"aad":"436f756e742d30","ciphertext":"188cb9d4b33c852962c83e8f2c0f8bb04fdac7d994629899470df6e807b51cee87c4a1e0a56565250eb741c251","nonce":"d22cb027f855722a5a33e0da","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"5570cee6c3c25b9af180ec2344dedc0aa93ce3af94abb6901fbca70ce9b01da4b73d66c740d19622153002a07a","nonce":"d22cb027f855722a5a33e0db","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"27d383d2526f8857b9007b07def5002d61a92af06b4c6581a0c8f03ea394376a548308005d97d4294a759d0ac0","nonce":"d22cb027f855722a5a33e0d8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"a0e4253b27519b0c59289af4b7aafbb137e455af97730f7ae1ff1b4dabe9483ba41e1b03a391c53543fc88ce18","nonce":"d22cb027f855722a5a33e0d9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"decb4c425d413c1e29080cebd8fbf8b455c3b8611978f57ac4bde93185674e9e368d7c923b4774abe0845f426b","nonce":"d22cb027f855722a5a33e0de","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"4fbb758161b72bec42be499a21b024812e7d3e1ddf5cc42b5020e511d133adaa525873c684a336e469f3adec34","nonce":"d22cb027f855722a5a33e0df","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"c8ea4f4367e5ea820f87073b75d8af0f29a8d945e4cbb5e0f9465bd65b08e78149a82618d1f1b2a3b0d2da668e","nonce":"d22cb027f855722a5a33e0dc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"de20fe71b53ce20e452bb9e76eba52fea997ebb37e5fe8b9e513e5f1b2d5fa254472923c4ae189101229b4c253","nonce":"d22cb027f855722a5a33e0dd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e0dde2dbc80f8045df88ac2e8a483db668ce9999712bf10cbfb7f1513c34c307915f708ce3f27ee4eb8e755d7b","nonce":"d22cb027f855722a5a33e0d2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e8f9af58e5656b4066dca1670f6db58eea71d30d573823a7639d6e67b0505d487f93ca20148c99ceb80ed2beeb","nonce":"d22cb027f855722a5a33e0d3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e973ae39dbe1c742b510f30123f1e3d7b80e76998e5af6268833d1bcfb5030de"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"557df3b21e52df3c57d14826272b4aa001dadc38899786052611923e031615ad"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b0cf4e0623d1100bba08b49356c1d45adcee8fd81a94e879ec4d0bfd49ae521f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"f13274064583a938a06988fffa02b8dd8c7a730d2541c20b920d9011968ce953"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"baa447376985984ea3445287a83cdc61ec4b4620d4a45f729b2855285910a5b4"}]},{"mode":3,"kemID":16,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0d9f2c5cd2f95f8f79bd2078465fccad6471739b64ca7ecc809bb120370d7b1c","seedS":"c546199996c2799c558770964f8ecc2f8740ea7738868a2a75f1a648a4884ed1","seedE":"274652973211968bbc52a22e7d6e9627422e32fcf3827693109973b0d38b8067","skRm":"9f4143ef2963150e07bcb000b3484238cb780facba9ba1bd860df122adc72ec4","skSm":"4f050252e30c04d0a90a6e36bb5643fc61da42720384f609e0fa190d12f5bc83","skEm":"acf64dfd0e91c3d7840af790f3b77b3d88bf1b5a5b8b9dead0b93c7470ce6d46","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04f5051ace1f2e32c41243b7c8def6eef473ed5c8b8ace61a5f6f01ad66bc9293027fd6bbad30d0a9186608aea99fb62276419dc728f9e1a63df11620b3363380b","pkSm":"046e7aac4ca12c951eaea9a11746f2006ef0cb9fb1d51c2c35e85cfa0cf767e13f8fc4d41e831a42ab8d21c44aac52073037525e9d037bbaf280e566014fae3b50","pkEm":"04aa8c698136e67faf0008719a7508e117887d675ee0502eef2d64247cdfc2c81fcfeffb054aa32478f014a1837adfa25da37727e8a31381434c6225ce678d85bd","enc":"04aa8c698136e67faf0008719a7508e117887d675ee0502eef2d64247cdfc2c81fcfeffb054aa32478f014a1837adfa25da37727e8a31381434c6225ce678d85bd","zz":"e755f3ed764a75070f3f4b205a5376db29fce90f206c5f76d782ab3a5c6b6f48","keyScheduleContext":"03e8343773236a54e26b7ff0893a27417760ece2a634789921c319887f06a1a0b285deb7c839be8ee619962df67af85550255e2388934c22561bafeafb36905c6e60d548824e2c7f8ca19ca3ac1ecb906bafeada3fb5081476ae7c4c13c8a230ea91ebb2ca7bc2c58f5ce466d049f20dd1cfd09043cdcd3ba0aeebd5693adb68f2","secret":"4b7b40a7d4e2bff9c87fe8b7aa032549d80b725613c7152a1070c3bfd42e0d9cdc13e287ffae530b5684da29b5a70fca846c1fcaec005ffb9c04da10f74cbbab","key":"b622eb59242daf8f75deb2314016a5ce","nonce":"74b870a2f1861ecce1a7da7e","exporterSecret":"52d34722269754492aeaeebe70703b1ace387244af511b7d20c4e91dcbe107ec1e8174c049fd7b30feb3adb103383f7112a6f3d0302209c2c9f899a7f42daf84","encryptions":[{"aad":"436f756e742d30","ciphertext":"98b5c97bb3bb44b82f48a494b61edb26f132251165da7ba9401627b82e1a5d272491a6b5a1f5aeb7bc250900f8","nonce":"74b870a2f1861ecce1a7da7e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ab72bcf84d4045e350f2d49b83033ab9872d9b0508a90a5852c2f41ea5130608f70c5af09f5938d0b2fe03802e","nonce":"74b870a2f1861ecce1a7da7f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"8738cd5fb99b6ac42016875286155494a44210e11294844622348ee435335357fd6ea6c1c69f5abd553017317d","nonce":"74b870a2f1861ecce1a7da7c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"3e732fd974c1b390c419ab5aa63578934c26cc6d90592bb8ea66f5d591c5b017da3108a7daa675515d1e4a4785","nonce":"74b870a2f1861ecce1a7da7d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"848f8801acc16e794b7e31965c257c389659ddd6a97a007681581e1906be9e73af7b460500933e57a1d658b334","nonce":"74b870a2f1861ecce1a7da7a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"dd91340a58de838b6d7e87511c116e0e2027815dee7d49fc133c5a4c574377cc2248602c983ba2b850ec61b70d","nonce":"74b870a2f1861ecce1a7da7b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"46d2946eed905ec82fd59a072ac0e35623e0af291d660fe3aa6bc2d0fda232220a45abf42d64bf0e11bd6f8170","nonce":"74b870a2f1861ecce1a7da78","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"686b6747e3b6bb0c88a33dbc97e80af3c2c68cddedbfe78c989bd80f80d013b68887afba3d89ccfd27e6466119","nonce":"74b870a2f1861ecce1a7da79","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d7d18a064b8b4e011ab278db1134623e9c6abfbc6b8bbed4b7376ffdae12e239b63589663f41a2a34ab7315a49","nonce":"74b870a2f1861ecce1a7da76","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"7a58769afc6070c8cbded1e28d9d7f03548c6ee271298b2b1815541a727bddfd0802968dc6e5a1e5534fc66743","nonce":"74b870a2f1861ecce1a7da77","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c0d423c9e652d5fad0be9b0cf0f693a11bbf8294bd65c580ead91092d1ccd115"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4f855b625ac96746e27b84c0a2f94aa6085d1dcb60ddff63d048886816462f47"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"57cbbff7706cf547ffe113fe53a8d3ded124a7f180fdea22652c55e81d687ed4"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e283faacea6c310980c7ec6cf155d15ebe6be84c5ba27c066361da25fc74930b"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e9e65066cceb46f39742335f7b2a0d7e50fb33616782cbf81afb028961c432b7"}]},{"mode":0,"kemID":16,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"8073ebebb59e89c89bfb5b019b6b24e13f0f6057c70ff904904d9c13a81bbf33","seedE":"ccf56fe0c1c615874707636466311e635417b2e67892038054342daa90bacae8","skRm":"3b7d9685ce5559f8e69a4cdff573ec333a87508d9890bde4826622d699c42468","skEm":"c02fff0c42058c2cc1c0632b2826efc53fecbc5a20e4e52cf10b3f1cfd198746","pkRm":"047a436bac667fc60d35a7e24c1e5c57805541a84a9a4e66bb4afdf043259a8217e0c7312cdb5b880ef957a8f39633f95bb776f5425923bc6c735426fc9358bae3","pkEm":"04c42055358f2b54b6845c6c51e2e67b26e634f2b2ba65a3216468d40b11c742ba975a38b46cfa0372fc5bc25ff8b1ca1f700f59675e234060273792d5528ff351","enc":"04c42055358f2b54b6845c6c51e2e67b26e634f2b2ba65a3216468d40b11c742ba975a38b46cfa0372fc5bc25ff8b1ca1f700f59675e234060273792d5528ff351","zz":"c377e4e0f436fd11ea0de8ef4a83b2deb8572df67c9c6f2e177384797562cf66","keyScheduleContext":"006bd8ba5c5510a73bfd5eacf62d45fcdde0621c8a06edf107d3318a094f162d7fce0d1af573c2327d3badbae39f4e2f95e8692f6d4eb3cde043460e24c75cdbc19a23bdeca096e9a88172c66e0945e8c5624bf797349c390eb6c7a312feb766865c104385339b729c5e747fd9ce4e94c31c156c0398e2453794095c98f21bbb05","secret":"e5d8845aa05337db5755daf135240b8d7c1576f8790f8b15ce43e10040954ad4d83df2d8cb86660c8aa7487aee16881f1202efb9179dd7662d01b915f12fed46","key":"1f380fc99b14a9ac01d204b3f883de76e3a5726a78893f58be0b0788b1cbae7d","nonce":"39c74af64bdaee83ed9d6a17","exporterSecret":"7c91e7d2b586ee81bea3c30d783058b94ca5efcc5a78769b7ed48ab93fb06db5b0e69136baf4b62f501ea29d3e9a18eaddc8a6344dac75b8aeaafb142a162829","encryptions":[{"aad":"436f756e742d30","ciphertext":"9a3a142996e4ac6e4539d7d9500a61f8862dc5db5bf21b1ef608491a8d8bf75f483da2545dea51b27d284b7c17","nonce":"39c74af64bdaee83ed9d6a17","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"4fbf7cbf7ec0040fe76c66876b82cff55b0e52bfa47828229568361af6acfda56b8ae163498790d1615499a53c","nonce":"39c74af64bdaee83ed9d6a16","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"ef7b949143058ad3cca97378799649a89828eaca1109f7f08536b4d8e83c2782fa130f0555842207d532c9bd8f","nonce":"39c74af64bdaee83ed9d6a15","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"73293b5cceca0798705d94a6dabfc81bf3359f69d2416eeb8b93ec8cdc8a51e2f2dc21cd60b4ccf86e8c237e4f","nonce":"39c74af64bdaee83ed9d6a14","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5503ada5783a3d23687ad590c827f245a98b58ca06571356aa068ef5d2170236a460a7faa6ef9932d715607193","nonce":"39c74af64bdaee83ed9d6a13","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1e99c10eb386608ae50543a42020159089a635fd1de41f8a42a5229a2ffee87413bb1c44b99f4cb868849906d4","nonce":"39c74af64bdaee83ed9d6a12","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"db8e95a2ef79f1fa8c5850e6c7d9d67078dc1360a6a5fa6f627f3c8110f438bd86593c8101cdef472b3cac1408","nonce":"39c74af64bdaee83ed9d6a11","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"deaffca4893da114e5e45084392d0e7d2c1a8e9e8800965bb6470690d25ed52b5094d6ac0cd970719d1ec49ed6","nonce":"39c74af64bdaee83ed9d6a10","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"67b8be591a8ae06dea396a43e5a85440dc05b69d6ac2ac50b6524bb79e3203ff4712fee497a4a1fb728696f56b","nonce":"39c74af64bdaee83ed9d6a1f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"f9c4d2b03b0e3dabd192c6c067195ab51d66305b88199154385c9757e81ad10596f7441d12aa0c6634301567ed","nonce":"39c74af64bdaee83ed9d6a1e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"77321385b3be51742fcf96593cf61c71e61967f1ee0db08a6082385960549e5b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"80fe3a2521ae0702ae2d3343ac502c23eb9c531b2aa7cd8cc0a3c8b5c1c5eb81"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"fb827cf8913d05d27fbc43050cb49582bda6540126ef8c9ef2cf78d7f0dea4ee"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"a61976531b505acc29a98c614adcbb21ccc9635349a6f18189153cdc3c72f84b"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"03536dfd85350fb0ef48452f34f4d7157a4dca147ac6f0dcb8fa1a089b1808ae"}]},{"mode":1,"kemID":16,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"c24a233fa83f0521880878061915448aaa5db29952e30292f29aa5cfed4d9b6a","seedE":"1781d5e3f68095d979493425e742d74b49c05d9d540311744e0b83868fc41065","skRm":"552f196638917e691d95bd84d97303a42e07f1f7ab6a748fba5124b5311520fd","skEm":"1e39f03947bc6d9dcad47788990c22589bfe981b29f72068e2ae349ee2668c41","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04588c4346265f6e7556c176d55ba1ee0dbb4bad0887485f2bd23a0fb13aa6ed3f5c53347c13304f637876fec9f2210ec45106c7935228d1012d0409a0b31e9104","pkEm":"0490f0bdaacf9d5d2739a15533c23c638dcfcd1d5c047ab1a240d656f73d2689e870460acff7b01bd80a9bb7792243de4aeafabd7667d92f77b4bff30a90d5e4fd","enc":"0490f0bdaacf9d5d2739a15533c23c638dcfcd1d5c047ab1a240d656f73d2689e870460acff7b01bd80a9bb7792243de4aeafabd7667d92f77b4bff30a90d5e4fd","zz":"46503a7c9a209f9429417e97d442fc0081eea1b8e9698d8ff5e01a6eebe888be","keyScheduleContext":"019b38fd49b7cec069330bed53f07eb48c5b5a4bd870f738f6fa35ceecb7a9c6bc5e13ea271ffb24982862ea92c63a196330e3b5161a11e373ec25ecd1e0111c409a23bdeca096e9a88172c66e0945e8c5624bf797349c390eb6c7a312feb766865c104385339b729c5e747fd9ce4e94c31c156c0398e2453794095c98f21bbb05","secret":"116c9a79cd7f1881ea91deb902dca36e4e2652a8753b4b2d4e414220d79033c186a4015fff353828e17c1eb200a3d07e6237e2129023cff6233861b8d5c16833","key":"6c08fbfa8a34f5fb8ed6c1c938dd9e7e37af4a234d989f020db7cb670cdec0ae","nonce":"07cdd2f7eb97f42e956ded4d","exporterSecret":"6330867dd1a906424ddf70c186b5023b6f2dc25d8f6554e3ce0dd9c9a6923c4ace9c9eb8e3702cc703807db1fb0b5bf12c190d60b825479c3cbe12450b15de54","encryptions":[{"aad":"436f756e742d30","ciphertext":"9444f596bc324e8635b1a8d9c11bb86de6bf800e9076cdec80fec36ba224eb998bae5e3254f2f7e66953ffa48e","nonce":"07cdd2f7eb97f42e956ded4d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d9810f2d742a0847ff8ff2ab4bb2ad9ff73f7a15f1a01111d61e744676a9a351866efde0bf4962e1821ea617ce","nonce":"07cdd2f7eb97f42e956ded4c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"f4498cc4057863c940bcf43e30c1ae2bda6fd2114533788b763b5ddab29d19c6ace03af43f73c95a66720de5bb","nonce":"07cdd2f7eb97f42e956ded4f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ef18b7c142bd4f33966a57cd8f7d4b226db7629a735d469c44eb01fdf3f8f8b9099ab85ac5b76c402e132ab9c8","nonce":"07cdd2f7eb97f42e956ded4e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"9e6b5477d7343767107f0d452e24aa9a8df8bedfde50d926b4f21ebf5a351c7d4ea65f17a8aab08ec97f4e4734","nonce":"07cdd2f7eb97f42e956ded49","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"73f4ad139187c847630dcffef266e332312038a735580721d6db71a2369c2e1b852d7be6b481f642cc66921f34","nonce":"07cdd2f7eb97f42e956ded48","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"761d879bd1cf38432e1b7adf86397db9b85ce8731c1796197767451d10b45ac5e7b2646cdc22fd4c8654600189","nonce":"07cdd2f7eb97f42e956ded4b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"2a8f6daee451ef805bc167fcdb7ae3f77890a7e99f9ab41b2ea5adc2aef40d48981883a08ff0d31a730fd799bc","nonce":"07cdd2f7eb97f42e956ded4a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d8e6b2bf8c66d019a510efc03382791111ad8c89e69d05af9ee7398586d3ebce950753287b4fd73c4a6919ef85","nonce":"07cdd2f7eb97f42e956ded45","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"88599aed9d5bbc6f56aebbd8f52ddabdfe85e682698cb0f965be126a8f2e1c03cb3e4dac1cded82fe77b20e3ce","nonce":"07cdd2f7eb97f42e956ded44","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"b8e23c63cf4d55e100e2f0b896b5d34c86214c3ac146f62fbf20be975470035e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4ea22c323ee3655a61490ad71da81f4ef4f5f36c40756a3facb2faff7169d031"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9214e7d9dff836b4c85b6a83b3445c0a77cc545a2efb6b6cdb7be855a686fe25"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"226e23ebb3565ed698509f8bc231ce395e8d49587d4edfe65ca17c48ba0d778c"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"b68e1a86f528b2b853d35215c58fef3804f9418121824ad13e23ac0b5f12d6af"}]},{"mode":2,"kemID":16,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"ad4ebfe63f9514fa832f104379b2d00f095f85cf84c0c615f89429f85840116d","seedS":"c30d1d91939bb03ab4af876889b01fb0f865ad94a628b2b7a71e1fedb9fca622","seedE":"3e946bfbd6092eb8bbc987a12bfdecb14be4357f9ebe09c18e83ffbfd8c9902a","skRm":"b9af524800539f98e2778c921f114f79f8172b7c3318a2d8146b146c9094fb63","skSm":"840d20013297650207c4734f3262380f4dbbc2761c9dbc7d952f6dfd7b0347db","skEm":"3d95122e887d3ac906f91ac8a5d493d2848c18d21f32a8e48df86457ac2596a7","pkRm":"04f0f6b2fba410acb562d6bc4c93e86431301d3d2bb69aeeb1fcb61f4c35bab8a9e028d2ee504f6b6855ce9a60cfa0fc40305439f0d1dddec7b3ffb06f764852d4","pkSm":"0406b1657b7256084159ff495199cda50061aac5b9aab0d366e5fc88ffba15d76fb29156615631a213353a8224d2d18b335818a357e33df789bbfd3116c24c0b1d","pkEm":"04b8e3d6bb66943717b78b01da3479dcb64b362d13a3d3443896f5505c3cda3b14ef482a374b83e1c6e45d858e28e198b7fc57a5d0b49aafb167f0a9e1dbb0e452","enc":"04b8e3d6bb66943717b78b01da3479dcb64b362d13a3d3443896f5505c3cda3b14ef482a374b83e1c6e45d858e28e198b7fc57a5d0b49aafb167f0a9e1dbb0e452","zz":"39473ca42a84fd911c03d46796433af9e88e39df6865790735947417c3308f60","keyScheduleContext":"026bd8ba5c5510a73bfd5eacf62d45fcdde0621c8a06edf107d3318a094f162d7fce0d1af573c2327d3badbae39f4e2f95e8692f6d4eb3cde043460e24c75cdbc19a23bdeca096e9a88172c66e0945e8c5624bf797349c390eb6c7a312feb766865c104385339b729c5e747fd9ce4e94c31c156c0398e2453794095c98f21bbb05","secret":"844df825619b882822777be5bdb6aedb97c1840c70b7400d93394ed2d14b66af776ee7fba6fa60ff97bc68d8743d693db75ec53775edeb3d8e73babd3df37a66","key":"b1bda7e7747ab71bbb96c3633e6019bbb51838b03db91ce8bcd4b7dc43c1fbbc","nonce":"5bef97224d9909e2a29ac76a","exporterSecret":"aa03a27217f419a2beb2cc548d7b35207d4fdb1035055fe4b818ff5658ee5a284028d16cc9344ff733b59c43d5deac63d429245b9e3beb6bbfbbc1263a8b2df6","encryptions":[{"aad":"436f756e742d30","ciphertext":"f6520f508ee6bbd7be614cfb9647c2b8be6cc6a57b28bbbc36f63e3d3c1475c71c9f3328bc359d2117af81be99","nonce":"5bef97224d9909e2a29ac76a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"3d3cb422d63f47051eeed7d4b03e48d31447953bd90bdb101d3fea1c9fda2ced80c0f3407434de18488dd8895f","nonce":"5bef97224d9909e2a29ac76b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"fe505e0566d487759453c872955da02f9615a29e8b10a15c750234888bcdb4599857205f2b4ca1f48bdd788c5a","nonce":"5bef97224d9909e2a29ac768","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c819c8cc523b2cfc30efcb4cbbdefe4308fc99e7e767ebb540834267f4ffd8a74655f67aeba453d8c0616f40a4","nonce":"5bef97224d9909e2a29ac769","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b8b7b1879f67dd97cfe7f2c30db94bad145e896a5d0e88b83e7290434e4503c0f277f180cbddcd9987357112cd","nonce":"5bef97224d9909e2a29ac76e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"5ca142ce1cd1d1634f5b76a9ecfc17b24dc5eb1153f474d291bda96ca2164247e124e438f66d9aa3d405e0f66b","nonce":"5bef97224d9909e2a29ac76f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1220bfc55d61e97885f6b7e079ecbf407d2a4adee2b780ac31834b4b22ac9fc6d5dd20a1b663a995348a342adb","nonce":"5bef97224d9909e2a29ac76c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"51bbdb975018b5476ae936b5050c2d2f7407945f33f34c028a30067434e26130263704a4398b1d067a9ff2cfa0","nonce":"5bef97224d9909e2a29ac76d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"1d0266dddc20270f4d9f68c5979501cb1b10786c30d4d41c1401c2158ede72c6f43580ebd9396cb7e381f2f96d","nonce":"5bef97224d9909e2a29ac762","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"969c247b995de0be388ea9ca3872ab67c55c1f8af5baf8e41bd114045aab74690a426dea46e30991f38092c245","nonce":"5bef97224d9909e2a29ac763","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e77d88319e9d862e67f345f6c17451d4ab1c09262e5652cb0dcd1ac1d319a214"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"0df0f5d565797f3fd0a3a986c55e944dc0150cd9eb6a3226bac719ade03683b4"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"4de4f2cf26e0b6fd81b4c7fe217ac91ba8432a25eb9c9ae11bce8feb07c31663"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"001eeabaae24c368d99e9c2799986290a0e3c09bbdfb568439882de201b6fb32"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c56fcc3710ddc7ae520d42245ed7d708726886c4e964fd6228eccf4f6fabc084"}]},{"mode":3,"kemID":16,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"63a60e9f73f3f707dc9daf4ed11be3944368024fd2392c0d4875a7ec6011fe36","seedS":"31a0dc4adbf3cf10c1332a1895d59a53469199d029cd39d74890bc0181e07e37","seedE":"4f969828bc2d517c68e5a90b81e33dc2aeb223d749af0197a196bceb100e4c32","skRm":"7ac5ddf8ae903dc26288f56bd4a84eb652e38c956b0f74fd1ea234895cd94149","skSm":"6d48021bb5fbe5adb334ce1a0d7c1cc79ffd9b2ec517ed53597e72323af2a321","skEm":"0aa19d0ad732820068a2e9ce6e3e73a6e4d3ac4e8d9909810a6ba08785d61808","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04434c150d6f0d206e173ffd15f2015f775c985fed5425c66741ccf62c7f4059a171291ef2079e573e009de84a47c972da356b845641982ee27324f910d1eb7e9d","pkSm":"0412717dc0d8f78c420122b3aeaafac47db7a0359ccddbc258cf3e77b1f8ea64f4fe698e84897e6775377daa0cc768b63723ef7340ad3876dfc83d071fe0297776","pkEm":"04d73558deea38ad9adda563b34e0ccd04735d36b3d8c0c6f71a171db99707d2caaa8b410a9bd681a7981ac589adb76072b6a902dc9712a8338e2d3cba4b72f482","enc":"04d73558deea38ad9adda563b34e0ccd04735d36b3d8c0c6f71a171db99707d2caaa8b410a9bd681a7981ac589adb76072b6a902dc9712a8338e2d3cba4b72f482","zz":"4f999eba389a096706f7eb190c50ea333736ca8dfe23dce403d074c40ab14a3d","keyScheduleContext":"039b38fd49b7cec069330bed53f07eb48c5b5a4bd870f738f6fa35ceecb7a9c6bc5e13ea271ffb24982862ea92c63a196330e3b5161a11e373ec25ecd1e0111c409a23bdeca096e9a88172c66e0945e8c5624bf797349c390eb6c7a312feb766865c104385339b729c5e747fd9ce4e94c31c156c0398e2453794095c98f21bbb05","secret":"87a1ba8b83ffd9a2fb687b27ced3b6d1b15c63321d6e60a325139495e77ccbd4421adc572b2f20615e0d2ac660c0067fbc71385aea19fb73f66f5f3d6bc1d82b","key":"35b0c99eec403eac70d48adddabd13efbfbc1eb97848ab152f63aaee9ed5edd1","nonce":"40a11b650ae44dc420a6bc36","exporterSecret":"cb138e869a515226b52d9c50946860564756865f6de28857b79a47fff367ca27d2dab6ea675ebb6c01912eb79f241eb4372351f98e1d23705833ca4523beccb5","encryptions":[{"aad":"436f756e742d30","ciphertext":"135ecdbf211f8881f02062b769c6aa75482ac838000c50685bbc4d3a8e6720a851fb9e86d293bce7669c719f93","nonce":"40a11b650ae44dc420a6bc36","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"8ad08c4b32ed8361a9f0eb7c6eed7c8bba4ae695be9dbe106bed968834808a4a65264ae673118b63eee6006162","nonce":"40a11b650ae44dc420a6bc37","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"45246a707c3ae26facd7cf8a262d28aa1f400ff005949b37ec4d1926dd1cf53e95efeba126989f8432c49f8fac","nonce":"40a11b650ae44dc420a6bc34","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1f32e1dda4e09e48cad72fec1613857382dfe381335fc415f6670abb9815594d23858003b665328d186ce9a7bc","nonce":"40a11b650ae44dc420a6bc35","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"131cd270263c2cd9c7e6501d7cd4bf12f5668dea0076fe8656d32c44b90f29d0d2fd5955c2474b7e7dd4354497","nonce":"40a11b650ae44dc420a6bc32","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"ea67e01765f08be6fc8a0729ef90ccff6643d06caf44607aaa7a4e75c500e01a572ad8f12b3ca87c6a4e2109c5","nonce":"40a11b650ae44dc420a6bc33","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"18a94bd72b0837fd1785c0123e7b0bfa9fc49d2ad77886ba1315ad9c5f6c7788566e027b69f46a1b4dac0436b9","nonce":"40a11b650ae44dc420a6bc30","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"2d822f4a45439e83ad6b3046d124172f267f4d7641a05e52f3409191ec8bc3b6e8cfff9556e988dfac00eafdbf","nonce":"40a11b650ae44dc420a6bc31","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"52a75c6f23b83bc8beccb6da2586467ed2cbd75e3b292cae62e97b8cb2c2f427f7fc1e45387c328aeed37fb997","nonce":"40a11b650ae44dc420a6bc3e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"142b81eadf44f83d2aa530107c0e8a2e8a2458a97deb9e0f6887be262c08c7304b1f3f951084c63b33d425d181","nonce":"40a11b650ae44dc420a6bc3f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c30e3c96639eba891066ef53b2645da88c88c77e3ee7cc63b4778ebe1eafa8e0"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"fc7e75215718307fc714e89e8d65c60cbc678be62a6e20208ed76cbffb9b56a5"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1875ce80f8a244c1004c56ae484dc95c3ba3f513190563aa0be522b6fb90ac89"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"1888e63662dfc997a91b8822c9b99ebb43c292def06504d3a970a9fec9863e55"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"6f0f998b8ab0a777761f8e82d17ef53eb3adf8f8289c44b3031885be7191be40"}]},{"mode":0,"kemID":16,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"fde8afb06c71917220f1d262838b5d4a2cd17a232c930ee68b2c8ad699d67181","seedE":"7e802cda13a945a4dcc2c75c20105edfa95230828cbdd5845ab6c63799d193a2","skRm":"d8c99aad6c57ba6187705a0f2aa5f642015618209b3b949bf40890002156a801","skEm":"ff1df87ae3b5977e2ce38713355a9e9457b57d5b4fad5d3a5d2bd4e1890c0a63","pkRm":"04314bddad8b7028d5f9821a7074241fbc0f12354899a58b1321883beb794da1e2dece4707f6b9041c2787c14cbd50ab268c8748e03bbc029d06c5af61dd778b92","pkEm":"0444b094ff8c75d8bc825eb3b7d1d29ca58d83982a25c4a5eb9233214b64c1b4e70b84a9132fa4ab6955e39afa4ad7b4d4a4c7907b15ea9ba6d057c3cbe3d63869","enc":"0444b094ff8c75d8bc825eb3b7d1d29ca58d83982a25c4a5eb9233214b64c1b4e70b84a9132fa4ab6955e39afa4ad7b4d4a4c7907b15ea9ba6d057c3cbe3d63869","zz":"09e3d0b0f1602145d0867ee241914ad2e4a4d97c3ce9b59cf809e6b98b1b7368","keyScheduleContext":"007b7e5d7ad89f81f6a86d7af8782a03754b91b6b958fa5dce795b3ba56a4e93f3f6eb4fcb72cc52b7753fdd9a31065d0c6eeb438ffcb90db9e69db37c512e6539a4b4c90fde6e6b7305b0ef33289c0b623ddd707546e67c24bf2c57d2cf0835f1fe35768824537113465a6e7cc658470fc487c12e7fce583a5542ba7e3e11690a","secret":"7747f6408e30fa23ccd2731ec7bc2ef45946d5cc6f0f35ed1e43dfae3f66bc570699727ac86312e1f7f570d2be7688a875a9244280e0042eaf9cf7d503b5097f","key":"29e324f20b70df6e5a1fa53319128eaf8b9b39a712f8807804ee6b1d67eaf8fb","nonce":"a9cacdf7a8372927384a0cfa","exporterSecret":"a92714fc26c79748ddbc104fa59d720ed9c344d58bfb560b89f258d8a47dbb065a595eb7a0bca8b7ce6a46509ef4793c128adb843a35952106b7f92de67d6e4f","encryptions":[{"aad":"436f756e742d30","ciphertext":"91c568ddaf6be3ec20f0250f11e691681da4218efaefd40ea6e88396b08998a191ab2b41b262df9a142dd56f1c","nonce":"a9cacdf7a8372927384a0cfa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"8cd8ffebe179811d495f796a07f4143b820064850344670d99561039378b7ba4d313afe7a1b71ad78df63caf21","nonce":"a9cacdf7a8372927384a0cfb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"2199065f34033559e3f3395b81de4f69e4401fe1864f386122bc5e60f1c3f23de0e01525b25ba941afa96fb083","nonce":"a9cacdf7a8372927384a0cf8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"69cbe69ab9e66de8c789fe4d33fc7f2c1e602703bfedabe4d9b4cf37a9c053386efda992109ddf91ff850a8151","nonce":"a9cacdf7a8372927384a0cf9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2a502c7a6ec293fda60b1dce44e0fd55345f5517aeb85400037f11d83dc5d644a9d870df14930497ceead538a9","nonce":"a9cacdf7a8372927384a0cfe","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"dfbfa4e6e929e5fe43f137a58a53e668f958a8d47b22741ad4a8f599771395f9218584538e91a04d72fa6dcd31","nonce":"a9cacdf7a8372927384a0cff","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"fcafb1fbaa7bacfdfd8590666245030b237dcf11682ba1f6778c1e4d1d8224ac31f68b386695924363b6c8959b","nonce":"a9cacdf7a8372927384a0cfc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"a5f1f24fd47e85fb46f8bcf2d74c9abf126bfc68ed93a04d0e3685203bf29e4de7dc48089f0cc17e210c89ae8f","nonce":"a9cacdf7a8372927384a0cfd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"131181df190848f80a94bdfcf52e5f4509e3f9d620ce68f5c19510a8b52d79f8b99b7914311be7ac36d80ffb2a","nonce":"a9cacdf7a8372927384a0cf2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ed6149a3906485a0c60917cf8e2932cc18f0480ac4d00c88350becc106b6a232a35d50b936c164bb915b16c90a","nonce":"a9cacdf7a8372927384a0cf3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"960b76beb45d30d4c087d8b5ca6f82d71603cfd507d6cb9355f1fd4fe9d66913"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"3c81bdd47101adda7c19dce3ff9253fbcbf5af2e91dd52ed178c753b136f1e69"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"29acad2066d8b33bbff1f672f549aac2ec3487ab6bcc629eef142655fc3415eb"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"7f665f4c3f1a755c70f28949b25883aabd57e18a8d3256f9d0db6b4c4e1a48cf"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"0d67f1f7b1cc87d2d93d41ee9bcd5dd7cf1bedc8e8f6886f6913fdccd688583b"}]},{"mode":1,"kemID":16,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"f12cd64c006927719a5e659e13397713a6a66d174b69ffe59bc9c742c583c086","seedE":"8915ce31f37e5cccc86ed65da9448d0a60095d00b7f31737e282d43d3722869a","skRm":"05c7aaf4842e975d9276a018afb6ba3cf69c6f88cf537ff66cee805e9cc29caa","skEm":"5efb212aad564aa27fdfcc762a561014c2dc99e3f7d2bfa86e9b715b5abcc28d","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04fede682d31bef2037a1754d27a56092d381be576fa42366d7729c9e2aabad569bc754dd6bb5fd20010e382079ce90ed6db5b225334fbdb3574796d4f064f191c","pkEm":"04eb5fa6bd089a1c52095954d5b19969fa6c5b474f54780d1bdf88131741a2ad67bbd8a30a5bf1183531ef7b3fb9783f7665e84358e90880f1323555caa0c368a8","enc":"04eb5fa6bd089a1c52095954d5b19969fa6c5b474f54780d1bdf88131741a2ad67bbd8a30a5bf1183531ef7b3fb9783f7665e84358e90880f1323555caa0c368a8","zz":"187cbd951d36ff3de9ad95720e75a72ab2bb376c8f3680d6923173bdbd658cd3","keyScheduleContext":"0133f807a9c2cd7993ce299f721c0f42536ce307c0172a364850464a7f7d46a834ba6da878797a24757b8037a17384cddafaf76fc6eb12dc58da48558a2fd32d8ca4b4c90fde6e6b7305b0ef33289c0b623ddd707546e67c24bf2c57d2cf0835f1fe35768824537113465a6e7cc658470fc487c12e7fce583a5542ba7e3e11690a","secret":"bb4da6b41ae9a8245750c7a3bd030b84777d3d29b6a7350b0f6bcd3c9dd0e126224e0bdac16806a78f7086078a9f76b07d5d7b2bdeaa53cd9637d4093933f143","key":"1eaacd2fe1b69f65e9e03f1c6457dd7c4fbb5e28bb022a0840970556d8d2b557","nonce":"7f70afeec5a141ebe90e4824","exporterSecret":"b6a7a5d944002a3bc2616f92cbe8ab088d3bf289b00077204ecbc0b2a9c284d8cfc90c0baa73b7694cd684fd9e93682e9aa1b602facf04cf517ad7feaa943b90","encryptions":[{"aad":"436f756e742d30","ciphertext":"798cc63b66ad3eae0ef7a2eaee0a5866f8d90d4210bb9b98e283506b4e8e9a21d34f89a296f4022524885c21b0","nonce":"7f70afeec5a141ebe90e4824","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"920e88a6b895b26ca5bdedf9d49383e456052a870838d52a2fb1d1f440387ebbce0897aeda31bdea63c0ca6bf4","nonce":"7f70afeec5a141ebe90e4825","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"dd7ef972f45a60ba8cb966e5533df98dbc5dea99645f7e91bdf0264c73fcd74e1458454d11fd4137e26793e2ca","nonce":"7f70afeec5a141ebe90e4826","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b8300fb7565d94a323e474871f2ac4d6fe839bd2e8db4a7cc60dcd191a31364ee12bf046bb5f1cc01d1eb670e5","nonce":"7f70afeec5a141ebe90e4827","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2a176de9604776ad9db11eac9c4a37028528736277acdcacf022747256530cb11ebd27dc1b02d8c29ffbf74488","nonce":"7f70afeec5a141ebe90e4820","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"4e21c4e2c2aa57da2e8785ec401fa60dd6cde48c246a5d63aa51a246e83e84e41b7f93ab6dc14a6cda18142df4","nonce":"7f70afeec5a141ebe90e4821","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"7ea88c369abd93b7f7fdd13b4125d942e275c5ddc151256481d3782dd49fcad5fc6cf2da348f8a277846c2005c","nonce":"7f70afeec5a141ebe90e4822","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"2e09e973036e0df65f9f048c0780911c6ab5359a17fc60e5cf3e3b019c13987d78435cbfea851a20c78a31243a","nonce":"7f70afeec5a141ebe90e4823","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"7e16d10494a0da272b3377c702f4445a9fbd92cdbfc182ea10bf5c674db7095f1cada1a35f1e676365d79aa914","nonce":"7f70afeec5a141ebe90e482c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0e4c82848df4e1b920f73b6272a9df8935dca359557e87bad69844ae3ed9ed406418b27456577589333e3dc58a","nonce":"7f70afeec5a141ebe90e482d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e3177552b0cdb135c5d1c276d46745ac3c8e1bf08b8ccafaeb1504aa202a0611"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"bc9ac8a8a966245215368c157cec237178dd1e5ae62ad2440ecdb1d91eea0994"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"eeced1099a9a8bc46bb63724601af98ad541a8d55dfbc30e9ae2a81200daae51"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"a9e4413f10d9b49e019de89c038c3218971e900d62c0139b951f3b93915dd209"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"dca6d959f36476d6e282d2d8df7f92fbc73f12922373db90c8549b95ad4ed41e"}]},{"mode":2,"kemID":16,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"c05d89351b29837e7038ce12e6f82a0dcde8c927ef8bb4c06fe5d9190e9baa69","seedS":"e338b56a26c566b7aabcf7601c316b40d9756959e4e55bc63f796b7c94ecaa71","seedE":"81366e2abb297360e0e707295a201005225cbaead8398e1759888f98d394aef7","skRm":"fba0d0531f15ab19cceb4851af266253b32d8f19a0bd38ca71c67c88f9edd4d1","skSm":"2ccc35d436b0009b3512fe66aff6727ab8c297da86c9e9e6283696897fc4b810","skEm":"3dc14bc28d77993b718d98617a1c8b52c432852e8abb81d29fa1945332860c69","pkRm":"04ce1547b480d8c1660afbafd13ab395fba38ce3bfc077bfa39ff057b0d294bc34ded4f40ec95d5b4d12c1e56842f7923e5c46792f22c53068325d5dcf511e6c7f","pkSm":"0407fcf2edc3330e65ed915f897906295b300d59e7373ea87b78adc2013bb5e5fefbf7ceaceb0980a5b1985150f4245718a32f83a394362195915b554ca35a5a81","pkEm":"04386104d32ea78d696947809190405e98da6cfd5b46e7c25818475bb90f6fa54c994385da991c15e53c6d79427f172fb23835d118139307fa98d0865291820abc","enc":"04386104d32ea78d696947809190405e98da6cfd5b46e7c25818475bb90f6fa54c994385da991c15e53c6d79427f172fb23835d118139307fa98d0865291820abc","zz":"63a032bc3d14584e3e25dd45cfbd33a9d57ae3c81848e91990713893e9e86533","keyScheduleContext":"027b7e5d7ad89f81f6a86d7af8782a03754b91b6b958fa5dce795b3ba56a4e93f3f6eb4fcb72cc52b7753fdd9a31065d0c6eeb438ffcb90db9e69db37c512e6539a4b4c90fde6e6b7305b0ef33289c0b623ddd707546e67c24bf2c57d2cf0835f1fe35768824537113465a6e7cc658470fc487c12e7fce583a5542ba7e3e11690a","secret":"be07e7c510d5ba3ef80d6b919c014c7011687ee2e58798e372ce2305ef7a2e7b8a8a00c1f915eb11e25669c2f2efd76a51b3b2bf7232e7c0ae21f0c46d1f5a0b","key":"96377e4b68580be070b79d4006f103183685a00599ce59a2117dbdd3deb19345","nonce":"38d40fd3abd46128916cfdcc","exporterSecret":"4993f68de4a3d54f63cf432576d4c7e1ff1afd1edc6d4f19f06ebe787e608ae7d4efcc5db3f10e5994910509e29e1ba95eb15beb3a7c82a44f9005db5084bdc3","encryptions":[{"aad":"436f756e742d30","ciphertext":"8d71988d614cf7d6a599efda5c96e4e78eeeabcd3eb2757d31540423994c0c70e040e769bd6ffa1a2a444c2e76","nonce":"38d40fd3abd46128916cfdcc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ab9ce056a854ef12d8d96c1cc0b8784f56f709ae3d884372485838b80aa83237fb635dfc662f9d3c748b7d606f","nonce":"38d40fd3abd46128916cfdcd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0a293fe3eeed9a13881c6715bd3659614f9f2e1b633a2b1d90deda00b97cbb70bc89102b249ba013eb4c925f34","nonce":"38d40fd3abd46128916cfdce","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"eae519c0f2a5c4a623d0f004392faa7f2ffbb4799fc9212d30dd8e0c99bcc43048c5baf63f2d9c4bb9e2f01bce","nonce":"38d40fd3abd46128916cfdcf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"6a2a031fd75835df40e7cdb0fbdb205d40ae183f8855835fdc5025419d2ce81b8cbd35b308a3859f5e1d1409bb","nonce":"38d40fd3abd46128916cfdc8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"148f4198d9c2d345e960b3b298f99f7e2fe708406d148b156890996b5492035a2e956e991647c895dd8995e6be","nonce":"38d40fd3abd46128916cfdc9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"dafc442ae72728d32933650208fbe069ef5f06aed78466473ad3f71cc7f654fa8cfdc7f561b7d4cccff0391fd0","nonce":"38d40fd3abd46128916cfdca","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"c19511ffc2206eecb79990195daae1777ff29d12757d4251c0ca0f1d1f6ee2b723dacbbf7a689afc73d0bf5102","nonce":"38d40fd3abd46128916cfdcb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"9478f126b80affc318a1ec5b6dc40f571d03947110839a239255eccfa14125090cda2a73eb632b27cdfcc0c545","nonce":"38d40fd3abd46128916cfdc4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"282dec09ac626e81930b3540837672443960c6639903ae1a42662fa75301b6ea30529cd40b034ab7ca271f7f52","nonce":"38d40fd3abd46128916cfdc5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1c98a92ff988e3c3013e9a119696ae3a1fa6502a56da1fc8874b9336f7f67539"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"af175caffdb3616677afb7ee3de12c7c039b8e434284b766632261a30409c8f1"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"50615abc4fba1ef39f62bca6c68050be8f07b8379b8dbb6d10fc37631e7c15cc"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c095d6e850bb723e5ae31e3effe12a44d128c88f6dc3dc7c0c0ca69333b25bb9"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"3813b2cbb5691d51c2daa77a36f20ad01a13afa3c84608b17d0b3b75882b5d1f"}]},{"mode":3,"kemID":16,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"702fed8f2c313b36af4458c8b7396a2438a477d0f17d7d9e709fde1f24a059c5","seedS":"3b2be32fd05c850b9e5ae9772cd0fd8444a1c64bd30924ee05a5a3d1a3d01046","seedE":"0300c5c8614488b5e05751cb9e796ec655a706e3f11cddff6354ebddf6a573f1","skRm":"ace9114c346687b1fd4252d5e2ce25b0f347e4482ca49baa7a778b785b3272ae","skSm":"d45208a6830005a2e00b49b0459e730f9e64c4f39268b3d7348d8b97234289bc","skEm":"0ba40ab030dc2304c68421f601ee653ba2fe14d332ec32f4ac219d57120507b9","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"042fc85b81704d26bb3172df4c714657faef18ac0b0052e73f38cbb3e571be4b70d82aab94ca64b330d2b66d3d5d8267f295469f3e310356846cbf2c0c73ca91ee","pkSm":"046ed94f6df3b90c6f344d0035ced6af3a6a014a852ae3dce047e94ca43634a3e293d877bdc8c470ef39124210cb20e2c97b1cc44b1da8ef80697a2671900c60f7","pkEm":"047debae5c1c4475251d242b03d840c8f2a7761ed76e7acba4fd139f48bfa379115f14569dbb7747c65a06170f6bcf77d3daf8d8529773536125914ac04b058160","enc":"047debae5c1c4475251d242b03d840c8f2a7761ed76e7acba4fd139f48bfa379115f14569dbb7747c65a06170f6bcf77d3daf8d8529773536125914ac04b058160","zz":"7253739095309dca0a16d4726ddfdd08887ba7b6b867c8277bfbd02c68801738","keyScheduleContext":"0333f807a9c2cd7993ce299f721c0f42536ce307c0172a364850464a7f7d46a834ba6da878797a24757b8037a17384cddafaf76fc6eb12dc58da48558a2fd32d8ca4b4c90fde6e6b7305b0ef33289c0b623ddd707546e67c24bf2c57d2cf0835f1fe35768824537113465a6e7cc658470fc487c12e7fce583a5542ba7e3e11690a","secret":"5860f09c174191d77de4d677849d510a98ff51b55f0670812e2e489183f45c468c4e073f7bb1c3105fad32d056c53ef6ef9baeb58a616324ce0ef9bb7712f82d","key":"2984f0f54b84e938e27c9c93b2ba494fd3af2dcac03aeb13d56fbbd78ec51d28","nonce":"21bda668f7adf98d48b807c6","exporterSecret":"995a229fdf04117945f748cc31f450f0112b859bd460f1610735e224f5f0d3e8cfd1433c65ea6e183002b2da72e391c76a6cb9adf5559b25f66c18baf74aeb7b","encryptions":[{"aad":"436f756e742d30","ciphertext":"986713411bac42c07d5d2289f32ac6347d2b9e4615c46edfa4e96645d8aa0a3ff7e07bd5093ad6e03478a8b1bf","nonce":"21bda668f7adf98d48b807c6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"fee84160f49303ab235641a64ccfbf0452ae79f7941e662ec7472f7ea9e6a404dd724427600b6866a3ca4b41c4","nonce":"21bda668f7adf98d48b807c7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"fd6e894ac469589ba69746a25c8b55f0b59e627a8047113757aa59e725669824ec6c19918f8147ac69e97d0f5b","nonce":"21bda668f7adf98d48b807c4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9f30718224d87e368f456a765ae9aab25a146bd4f54a765ac42b00b694a08189042d37ba2ccc74394c69e89598","nonce":"21bda668f7adf98d48b807c5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"515bfe7bfa171fad7de52ed6c3b025bd082a65423cd5723f2edd6a64c5b9e839360cc2912f50b52ff9c1842a39","nonce":"21bda668f7adf98d48b807c2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"c2ab5aa5b32eb02058123e9438a5bc1902a92e0a206deb45228d8855515725c65f6f4da71ab4a268d2681de2a1","nonce":"21bda668f7adf98d48b807c3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"b0b1007ba457129df225b54d25d2a1dee75175efbaa74e43f09aab47cdc4a92cb6182477819d37bc3ab12e696c","nonce":"21bda668f7adf98d48b807c0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f79867a4321b7c0b8fad39f35f95f4209f690914dafdfe48a23e0305b051dbf8747f8f683ee7ce672e9a359a85","nonce":"21bda668f7adf98d48b807c1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e7a5d4fbccbb5347c7087b3edd01206e9ef77df1ab51c5b03c2ded7c849307aa458ac805e545c16e9dd7e2c0a7","nonce":"21bda668f7adf98d48b807ce","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a48d137dcdd936e8323d0dc07e88cb97c47889bb4f3da6a6b925a77efb2f64502f0d30fa1d11b385a7d784cdfb","nonce":"21bda668f7adf98d48b807cf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"d91d17d246f39229a82eabfe17b73d9d48fe86a9239454452f6423949cccb942"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"ecd48f612b1151bd0673fe58c8c0fce85de6ff28a1c494043f66e367b623c360"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"ae5a5b5823fb20ef2bb77ba3d76fc7b2793edb7fa9a0210d10c6ce5a5c7624a1"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"16034a7bfa5d9cfe2a3ea91fc0b620a3121f7121d80e9c8971906a19428b9aff"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d61fc02611244be9d122a89d3a114981ee853ee1c597de9a46cab1fc5dbd5b9a"}]},{"mode":0,"kemID":18,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"cdbf469c01f4034652e2081f400971bc35d00c2ae3f1a60f2ede7aa5855ca6cc9596b1731b843485552a2aad8f80ae7092c362ea367305b317ecb6c783e16555293f","seedE":"32345ce797e66c758465e2613fb6cea74ebee9b45836cebb09ee196eef5e3a4b7dddc0df6c4f33dab0e8a7a5a4a2f6fe71a09d5f0662150a0b01b8a9d3de7aa92d90","skRm":"0052ed68f533f4079e5275e2d1edadc42d09690761b21c73dcd59082df410b1faf66d53aaec5297a8dce98bfcec778782427c1babb0941313a56aeefb75614b76c9d","skEm":"0170ea0ae7a69d7fee896afed61f3ef9b0087a5a6802538dae7ae51f601cc2b53b48fe1f7cbd0921aae8a6ffc7c550347f14b604f9a2453ac82fa3e01945d2bfe7f9","pkRm":"0400c7142489f719efec0661889eed548b2e4c55eeb14c725f65bdfb4077a70ad0c2693a5325f7bee2b5e4bd326af61074344fc62f9cbf88ab7ded694233227087301b005361fad54416691d78bc67df961c1f1d11aeec5f9ed020b5cf9f423f0934d081a2ef886b90fdce170b301db84ec9b5d14ad9ecd6b365eb99e5500d0e9c09efc55b","pkEm":"0401746a001b7bc677c7a86a36fb9a1987558a414fea40cc2e284e98d19f3f3b1f510f99bfbc54c36dca07db31636b81208a5be0d4469e91f5dfe9b9ba10fb5a657f970158cb3bd236386703ba2b885a073742c291ea13809a1781c480982ba3da27b8c6f71ad33ea2e2822a87986b0b7c5873e7be8c8848f04aef1bff425255e44f0515c5","enc":"0401746a001b7bc677c7a86a36fb9a1987558a414fea40cc2e284e98d19f3f3b1f510f99bfbc54c36dca07db31636b81208a5be0d4469e91f5dfe9b9ba10fb5a657f970158cb3bd236386703ba2b885a073742c291ea13809a1781c480982ba3da27b8c6f71ad33ea2e2822a87986b0b7c5873e7be8c8848f04aef1bff425255e44f0515c5","zz":"a8147b0b607f749a4dfaf2bace7ac2497cc12988fb0a7c8b9423a3d42260343ecad52e407768b06e89f8202adea43a0b1a3a51e344e53c377716edcb8ea5fa0c","keyScheduleContext":"00ad608a7fc70dbe6b42fb754224828dd1b01d8f3f37403962d897076ad3414b25e7c212e9238d15d034591a719f1355a18e7d77daf2b44bcd721b21cbcaf95108","secret":"d9e75f6176ceb896ec6273fb4c34b104f9501beedf9b6deefd7810b304119075","key":"225ab01c955c1b09ca4f0a83f82e2706","nonce":"da6327ca2904524e490be9e1","exporterSecret":"2fa6007e6e2cb35f3339d72c10d973bf9a3bb060b44d73983502af432f12911f","encryptions":[{"aad":"436f756e742d30","ciphertext":"ed2b7d0fd1dd75e99dd33a49f361d2ee191f4549fd75502d4aafd2df318b27cfe35324a61036363aad3baae9f7","nonce":"da6327ca2904524e490be9e1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"acf7ce3a2facd234ea4c58c8ce45217efc178ec8aa09fe4c6f0494b7e7d792937bd25c6c7fc7bada396a771086","nonce":"da6327ca2904524e490be9e0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"ac52a9d4d6d008fd937ffb58ca585284e02fa554e7e4a30442e04b28309c56f3cd90ef401b22fac4da7f3db6b8","nonce":"da6327ca2904524e490be9e3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c15c56c7dae4cd40c826e49f886333af1a45ed7a4bdbfd015ab4cab76ed3e1da44e0bead5cfa46f99eec48efc0","nonce":"da6327ca2904524e490be9e2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"7b8455c8aa55f20c40a720f85d73e364ae28422759142c74e8872a440f9e2767ad8aa03ca5847b27e649565a35","nonce":"da6327ca2904524e490be9e5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1f551ceba9c8ec50f4b2eb66e0293f4155f8ee3dc499a20c2cb63ef89add66ab869a619c55332dea57185c60ef","nonce":"da6327ca2904524e490be9e4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1cb02ae9c38cfad8e06c2413000fc12e9fb30df015ea939acb929120da9475a423795cde69864d5b9fb7b189fc","nonce":"da6327ca2904524e490be9e7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"8927c400d4180c3d6b6b1ae9534b930435dd6af9b8c31e158d145f42ac2a1055b667bd4b83ea74909c8993254a","nonce":"da6327ca2904524e490be9e6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"46342bbe05983c61483cf88a34376bbfba860871beda657d66fdd7adb5ffdc79658b176dd6f1c89358a8c7481d","nonce":"da6327ca2904524e490be9e9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"cc5447834effc596deafa67e65b172938462ffe450974ef784db364dc5e29ff9f76e150f79f3fb2144d2ed3664","nonce":"da6327ca2904524e490be9e8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e407fbc1b0c8347979fe85732332214a4247da04582b9442b66c14a6a659b1e5"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a1624ccf93c6a26ef9b0451c3a7164e11925002eff33c61873221271f75d30bd"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"bf243a7105b98abb24eb63b8f2645692d604035a952161ea419acfd0e4b0d275"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ffb09bbeca45f4b7f6652c06ddfa5320550db552c3adced0ea41443f70ebb63a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"b466a237daab450de064fb696c883ac2ca4d540afac9b16783fbc37ba3c8c893"}]},{"mode":1,"kemID":18,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"4971142bb2920de2637857558bfbdeebf9e735d9844ec453f3e1cc9b52b9c1dbd0906b41c45e4a0143783b2767770966a57a271b36c9fbf48ada07513d9a8e556b4e","seedE":"0dd281cfa561adfdefbc9d9d6af41bd22c61ef53780a1ba2a564903c160e656a1873d7a63f3f620a06d9e69c271addb85f151bc5846b149e6870dfa27e20c71ed2d5","skRm":"01528f347456a59e762e5bc5aaa0b17890692d6d7b51491fcd04822accd8ef9ed0a1a0130cee4fe7cd5a370dfabf5ecc4ad805ef4cac7e4913a916731393c463e169","skEm":"00bb6180f0eb28f03ff5c6a8e50c400ddcef50fea324a690039ab09450405e2b96573f082d21773c9664e5e6e9261bbb4d47149d34939a90f447acc42c7163213445","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040144e2702e04e0c76c1f50ee630a13334d2c582d7a749d17b0b92de949cbb68ad2ea31eada7dc4f905de0134161165ee2899523c2fdb52924e6e0c73006c98a9ffbb0150394e1160975c1fc72675a9342ba5377f24a62a7f89887a189b4e84221b77d23fb28bb4c4e52d41d64950bc2c5f66511afc0b3e26a1794ea56f331c2459afc7b1","pkEm":"040173c4073e5c86203a014a997fcde5ebcbb97b3321e5e865bab238fbd6dbdc92748e594a9e6cad63ccd407b49d41c5671bb4f55cab671a8caa4cfa14aa2c3e4624eb005ac25baf1d3a3448e65f12d5797443cf4ec3404a86f486a2f535b60b075a246b5b3f4e809463b9363d49eb84cb334ea3ab2b4e53854f06b70c4a1067618b33b651","enc":"040173c4073e5c86203a014a997fcde5ebcbb97b3321e5e865bab238fbd6dbdc92748e594a9e6cad63ccd407b49d41c5671bb4f55cab671a8caa4cfa14aa2c3e4624eb005ac25baf1d3a3448e65f12d5797443cf4ec3404a86f486a2f535b60b075a246b5b3f4e809463b9363d49eb84cb334ea3ab2b4e53854f06b70c4a1067618b33b651","zz":"639c3b231118e89280849454a738878cf2307616f4f2f05226c707596aa9763051c7f9d755f06c8bcda655ca1d6fe95022559dcae78947a820102308f196559d","keyScheduleContext":"01d1ec3dc8b12dc2405fc29bf282b782bfdac2ff3ba302e515efc61813fc5270c9e7c212e9238d15d034591a719f1355a18e7d77daf2b44bcd721b21cbcaf95108","secret":"cac45132b29a7119cb949eccc3a029105bd0323b0b02fad4db801b5841f70be6","key":"7a7ac93767eee99b4eb0ae578b5f0d3c","nonce":"30ba0dff7a6ae0fe9aae6dd1","exporterSecret":"f775c60848853aa424883aa150ed399d3bb18e470aed9dd83d3f86305024658d","encryptions":[{"aad":"436f756e742d30","ciphertext":"a9b1431ff90b2504b7321e18519f08a7a2f48685a23a6a6e45f9ff982af07d4f14e6bd578944f71fce9f9e0827","nonce":"30ba0dff7a6ae0fe9aae6dd1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ccbe4a03c91230b5dc4495801892c3584979000f57fab2d6d5798021fca0695594dbce27769f80fc16c91be9b4","nonce":"30ba0dff7a6ae0fe9aae6dd0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"ba71710ace4a0d73db1f501fdd44f9d3a6943627b6f7964baa3847bfd010b11bd8a2c1f4dd8e032d7d51221ef1","nonce":"30ba0dff7a6ae0fe9aae6dd3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"651be4d15b42b242d5213888ba211f011a7f9372b1472b5670d943763511e88a0a1868880aa81658f49c131795","nonce":"30ba0dff7a6ae0fe9aae6dd2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"45f0c612424f046de69fc7f6aeac395fc9ef46ec396e312efcc3d805264b26200ee27e7f96d6bf576fecc38bd6","nonce":"30ba0dff7a6ae0fe9aae6dd5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"c4f82869ec2cb42a475b7a6c032fd6c8f977e044e4dab1de073f1a053639c3a6bfaac1c08039872f4519f774e5","nonce":"30ba0dff7a6ae0fe9aae6dd4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"38d6db2626b408189f6f01818e6f54c3adba2b4668a577814156b2f004a6a3c8ed63e20b4749c67a01f4ad406a","nonce":"30ba0dff7a6ae0fe9aae6dd7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"b8c702fa1c51b5b2f37ebda4c6c8be30b0e956f7d0889ba399768f7c3774f8550e60f14f328c81a1b5b3c1a170","nonce":"30ba0dff7a6ae0fe9aae6dd6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"fbbb9bf14c76a475fa3e75a4d563b8e60fb0350112167e1916307c8df65c5b9a5abeecd530715584bf7904f787","nonce":"30ba0dff7a6ae0fe9aae6dd9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"46e6ce0014439e1b5ecca0efc4967f88052a46fd8b0c60a623223d18aa60332768eb5ae54f7e38a410ae259676","nonce":"30ba0dff7a6ae0fe9aae6dd8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e24fd627897b89279dfc18935ccf5df44c558d1d022b6ef4d34dee1daba98566"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"73e6e8119d8677835d5b02d2b797090313d3c53490a3f9593891835c355bbec8"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"461710b9d75a6d5fd69eceac79dc5ef2871e92e13ae1b180111471645786764a"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c8f0cacc4a917acd4fe3ad22bb710518077e88098efb8b4cf9e19f9f5d2d993b"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"941c674548682166b978e9c21a28c86c5710651eeb5939d08c1a26d6d836d905"}]},{"mode":2,"kemID":18,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3ae881c55c2ac80f7cc3327e13f99b8e514de993bbf6f32784b5f499a9414f742dec97247f8c569eed5da52a7539d83fa54efb299a391fe67e4387a7a86fc5d3e7a8","seedS":"bb4db0fe34489ffe43cdd50d22f880c2e7ba2104e86cd0e3f41b625015c00ca7701b2d1abeccfa88be204659637450d3bdf423cd42969fb37b4f4958f842d9aea930","seedE":"42500565d83de4e56a369b021f0c01c3634e37c85231dcc73f44d629995802f514226b365e49e1b44d9ed5f20f3c3d086eabf62649ed56694e3fbe88f0e4c66f63be","skRm":"011ebb944ec25bb47fb4f4acdeee47c0d85a1783be6e14b6c071a7857d03bba047f9fb9742e414dca8d667edc599888a48f3edaa74418c89434ba9dca376e7bc8ef5","skSm":"0108f7bec9e20710ed878f1d862c8b5e9eb2bf7fabe05f985f113d6c24296724d116222e84288054b433426519f82d604702430868551e661eb4601417ae3e81d7f4","skEm":"0062987eff0d407d3d89425a62870d2a3fb437c8b51ebc35c67a917af46afccbe93fcbcbd7ea09425e209ec21830fe13ee78778843776a0fe6791e5171312d9e8158","pkRm":"0401c2808f5f8384a7a4ee4d09f9b080ef102d7516c5a0ea0f6216d9d772339a0c04bbdef530c74c043c735e5376a7fe5be08e7d6a9127a7d62e7dcd621a58b3aaa89b0105384a3be9ac1c8e697aacd82703bf1e92ffbd41466202b7edfcceb14b1156c964d1cb6e6cca0a143d47a39766b719fefbf00f2249f60a429440ea435443a2a62a","pkSm":"0400ad35406813e4ec6b27978916c349e8cb5ed4514f9fa9ff01777d9088ce5dae703ebb6bc520ab16b8d1ce04fae456be11fcf67aa8dd337591c822a5ebea919e12a60125cd0272092f49012d896b1e9d9839aae21b806e98e566d38470e4d51114d2d7a7c2c6c7c2449ce24c3fe5826f8c258b1e5f0f3f14ee67a269f688c7fdb11cafc4","pkEm":"0401bd21c9c35a8f7e5c371e439044096e6b5e42e8db211b024834896738808bb91f7582675032e2090f3b3b2d8c6630ad06de002859fc90e6708b1106b205268b50ec00a2311d2295969f16c33ffb1d1e3081d32a91e6cc354fdcb2fb8ac574737ef1ccc3b7b62be07db46eae8aea98f87f3158ca7341eb851cfc96588d8d3ef21c63fd27","enc":"0401bd21c9c35a8f7e5c371e439044096e6b5e42e8db211b024834896738808bb91f7582675032e2090f3b3b2d8c6630ad06de002859fc90e6708b1106b205268b50ec00a2311d2295969f16c33ffb1d1e3081d32a91e6cc354fdcb2fb8ac574737ef1ccc3b7b62be07db46eae8aea98f87f3158ca7341eb851cfc96588d8d3ef21c63fd27","zz":"7940adabdb773de2f454f349cb23f42ce3e4c8cc9596ecd265a4c6034e66132ec972a88b1b5ff31e9d8f00794a73f7401063a26ceea52e24c3a98bb74c33e75b","keyScheduleContext":"02ad608a7fc70dbe6b42fb754224828dd1b01d8f3f37403962d897076ad3414b25e7c212e9238d15d034591a719f1355a18e7d77daf2b44bcd721b21cbcaf95108","secret":"08e71baa706e96694da1aa7e1bfd8bba13b65e53df7b5e6cb4a812aabf75fb55","key":"1ffdfc00d83c26f82402e26eded03c34","nonce":"cef36f35fb88c5c98ce375b0","exporterSecret":"38cc47496de3b92325d7530f8b6dfe48faf7da8f7685d1e61cfb1d3f685f37bd","encryptions":[{"aad":"436f756e742d30","ciphertext":"6031112c2a109782bdca1ddbf1330786bfda0b11f893c14858bf523ab1d813756ba2792891cf681024640121e6","nonce":"cef36f35fb88c5c98ce375b0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"a38d6f5dc868d2cc68c81d147e77fea859384ec366c49456e29a0c742acdfd77e32443483e541372bcfe7d6657","nonce":"cef36f35fb88c5c98ce375b1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"24aa012306431770798d95b62f7d4783358d329846ae3dbece64f0d1bb5831af5c3514f5728a878e46718adb1b","nonce":"cef36f35fb88c5c98ce375b2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"6c4690ed4e5feb923cd09441f5b7318d6d4ab4e83a89f5348ed3dd3f625bc801a5ff477a9d70e1b32a9ef6d8fb","nonce":"cef36f35fb88c5c98ce375b3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"6aa6f7dac3d5471051ece10eacab2b5cc4c05ed77e9bb401914963ad81c8e48a94022c62ef02fe2ae286982290","nonce":"cef36f35fb88c5c98ce375b4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"5a878b4c8d17a0dd7daeb123d1fe366fa9a191715352c4f5167c49ed65195511e302ecc01ef85439f3d1dffd79","nonce":"cef36f35fb88c5c98ce375b5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ae98d27e7d67bb82101469ec008c5da670422b352d0d235fbc0502eb44e47757af911646f892b54834e74f60aa","nonce":"cef36f35fb88c5c98ce375b6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"10c90f13cecc29bcce1373b3eb2077139eebe7d32d0b07623e3cfcbf3620c0e7995bb00a855fbd221578520ef2","nonce":"cef36f35fb88c5c98ce375b7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"2965c4a08cf1bc9c3c939d22235d46caf4bd8558214beb2ad0ed9d86195e43c63625e39f3929090ec0f650f65c","nonce":"cef36f35fb88c5c98ce375b8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"79dc629056707a5866785cd03b96ce0c62e76be3e728676d581880521bb08670f2d75179a0c4156d50ee8e4fa7","nonce":"cef36f35fb88c5c98ce375b9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"3878a91cad7ddd19eaa1b1982c6d4c007a0bd36774f62f970960f2c18df07bf7"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f84cfa009a4ec62b181217f5de4f8211a591a2a4ef67493892e7e1c8bebcba9f"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"d78eedb38f0674d74627e7b21f0840ee8db2055b462442b08563672c013a1b26"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"d4c29caff01c3fe4fa0a6333fb4f47e841383437b0f48245bf0ba3029e3194de"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"787787fe41a99e48339136b4d6211a256eef265dbea062922585259ae4d9b031"}]},{"mode":3,"kemID":18,"kdfID":1,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"f0e3458433c7747f42078f6c610675855f91d15d8e994f9ab9af383b286a3649cca071c971d3b22afb0cac5f56d9d80887e6fc4534ce11c467e0c73ecc260bb60db8","seedS":"1f1aca41685d325e1bfe774bee713ee3659808fdaa0c327eb5f3f7d18305f7556489ebbdab3e1099e6256cf0ed75acca4f0f4907a8ae0d7f64113c5661c2384cd8a2","seedE":"c8f6e113a1eac7f40ee8fc9ef4a7f90ac0576cadde56020359f47c2cc2d38829bcd2659f7cd0d87206c33d04d16d18e0b064f0322d2f79acc24a74ca6ea874268e7b","skRm":"0179719033020c90eb633beec1ec5ae59feea2bf33f1781a709874dbd3e05da19ec49cd0babc36ac25a62eb43bba77a7b35c84c4bb202d9f2239b6d5fc7683678fd4","skSm":"006b95e0b8933b44a27891e27ddbabb576857a25766917dfefdd321f6d61bd9e800129171a23abf2523f5f6f9953352ac379c4a09229c68304e6cf0168a7000bc1af","skEm":"017bffa100703e55c3a7ec4e9e0d83fccf5760e5401ad36810761333943ab43f938c9b4f8caf619b72baeb8465550ef3eb382520839233c8ca196ff613c9fc105b9a","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04010a98eb3869be0439d837a5268cb84f1898d2d5b4a813a47c3c54f83be6f4d435ae2c7c9909b8ccde503d37342794a711f6eb1831d70ff7a9ac2a6bd12d940bbd57019419caeb6158559651d3d4c8d79adbb0968d4d695ea8c8e65fdbaea6a1715a54c20e78643dc91e579d9fc4a6fa73d31ff5376b211b4baee013caba1ce6308bb94f","pkSm":"0400cf9a9b3e51e571892b3ea4d17e57a6d2f0299f228a149a7de401cfcf8416ffbd355b550049b6e8310c1fae30b0fa8994fbe3495f59c42089baa222074c0d0825130119de526497ca2beae899cb06ec039feff9e32382deefd16e91d10a0890431a781d459edeb6942d8efecc422c2281572da196059c6a0888aabe14408cb6187ee51d","pkEm":"04001364a368ae99e1f911bc74541b9c8abc7aec9e3b2a137d7b32899290c5f3d44abe4393ac4868199a77cff47fd6310ba9788a24e31c6f7ec7ea1e0fa4f5cb8bef8a00e0ad4353aa31b1b06b4224d11697361c5e6999223a7de01581ffb82a421a1837320bf0a565dfd1bf68d6aaa2b3dc78d4fdba39221f2fb5f84345fddf91e98e66e7","enc":"04001364a368ae99e1f911bc74541b9c8abc7aec9e3b2a137d7b32899290c5f3d44abe4393ac4868199a77cff47fd6310ba9788a24e31c6f7ec7ea1e0fa4f5cb8bef8a00e0ad4353aa31b1b06b4224d11697361c5e6999223a7de01581ffb82a421a1837320bf0a565dfd1bf68d6aaa2b3dc78d4fdba39221f2fb5f84345fddf91e98e66e7","zz":"13a8be10247f4aeec47016752a2945c55d4e474ce4fb5bada6e6adfe14529432b613bae99874a95d057f27e8864a5e8a650b35eb0b3f34264ea3e51e0b1997b1","keyScheduleContext":"03d1ec3dc8b12dc2405fc29bf282b782bfdac2ff3ba302e515efc61813fc5270c9e7c212e9238d15d034591a719f1355a18e7d77daf2b44bcd721b21cbcaf95108","secret":"41948592035524299fc774646662445f5c2271d11d7ebc37e3a8772f9ff92d57","key":"a9f20bd806d8cf2d54f2ec18cd2bd10a","nonce":"678c967f941c0627553a4c37","exporterSecret":"29123c2db0da4cae013424cdedb5267f1efa97f6d0bb1c3eba6f649b1b8a6385","encryptions":[{"aad":"436f756e742d30","ciphertext":"7bb97ae8bc975c142e671ee9e1b4f085d7ec6f81db26fe44bb4ce32fb451d72daad890cedf3cef3ef6f7993465","nonce":"678c967f941c0627553a4c37","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"f4536c460d6cc2b14be63abe70b759aa9921df5089779cab1c49cd1c09b01a315f405d0460ba1457f0ce3d3df5","nonce":"678c967f941c0627553a4c36","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"c02dccf8e0874f78189e9829bdb0f3ac32c6e1b29024fdb4a4043c0e12c0838795b32f8731923441224fe1c277","nonce":"678c967f941c0627553a4c35","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"766c27c3a817fa2244dba88e48a432aec432414992d266c9b4013944bd226b0f5e9210f2bec755a290ba0093de","nonce":"678c967f941c0627553a4c34","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2f84ec94e0af2bae889ac0486de50b63433d68ef4a8f6c745993e7250bea145cc0dd17c3ed49b10b339df422b5","nonce":"678c967f941c0627553a4c33","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"4ee8043bb646bf63ee108adafecaebe4765a5d64dd2694c172bc171e0c2a6219bb6b7771c076bd829cd90bc45c","nonce":"678c967f941c0627553a4c32","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"a3dba5fdaf204e9dd5120a270ec4d30f49903391b9dc9988804f76c6e585daeab2225a56939d868e3b73340dca","nonce":"678c967f941c0627553a4c31","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"316777b028b4bfd43962c9c506e10990ec38f0d10d0239850710bd9bdce37a2c87c776c790bea73072b7e51f9d","nonce":"678c967f941c0627553a4c30","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5e6cc110d76035fb9d160812901f5efab94f33980ad114a9d6e63106b9f9647637c250ac6bed8e763407a5463d","nonce":"678c967f941c0627553a4c3f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e590265c46b268f5d6599c887f7ea3edb5d1a75885224d368bbd46adad77e93e119d96c2faa43876cb6b9dd916","nonce":"678c967f941c0627553a4c3e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"859f73ae2a94ab7d1ad4aa39dc8e67f493e5aa4bea4492ab96156afe66bafeb3"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"d366ad607f2cf4c2395e4488728ae80439aa1a789e1aee65cbd5306519874b5f"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"ed47801e36db47ce6aa3f31f202fe3be9cf0a5245ddab120d8fed9e3b2b6fc2f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c66074978a4104867d7c04eac97e90d1d0a40be29843d51136c0330346f3ac3f"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"030f85e1cc1bfebc6ec8fc42500838bd416d67ade2e0bad7613c81e5fc4744e8"}]},{"mode":0,"kemID":18,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"dd3aa7c6912567f98f51a95c152e75cb56f1dbbe289952a490018bb24d02dabdb3e8c7dbac88b5c609ab5ed5c7f115036d0c28afbd725e8a99fd27d8e12c79ac7e3c","seedE":"a02aa20a8e5fc1d49c002bc2ea8bf1062926fb231899c09c22a4fa3e35287bf88cb809495effab2ce21e5267c860299f826af7838f5601b641b52a3d7dafcfcee405","skRm":"011773418cf0fda1001e07637acdc491fab289d1010bbc51415d7ea169fa1929326583f15757b010dba4809b63ce0cb5a04700dea4aa8cb0ac179869e5bf9c864466","skEm":"014b1d59a32e0d2dd1764faededd3f83a30e3523a778d31b8361b6c2086c739f12af0fe26685dcb2bd5d0a59bec89e0a2c8ffe5b055ce61bd37748cace0d527b056b","pkRm":"0401f82654632ef4be04d46f54f0280358ea948ee32f630a968edd91a4759c682af0cbdb89c800b6a1486bfede7c40d0816dd843122f87e0a7dda282c526ceada0adf90055232f6f7954c7f137c36810cc0ab6b220eb39a6e1fb6754e0ce5cc688545dfefadafa956dac9e8f4eed5ad51870dfa98c3719218955185b5c00daa5480ff756d0","pkEm":"04000cb9d703589b11fdd9d18c677956179a64cdb423b0c4b0c04f604c357548962b8ee6d07ecef5fac1434da040374eeae6125602d875c1cb7242dd4cd7196851a4e900f2452a9d4aec78be5ced20e836fef925ea33ee2f359590103600fa4e4fb63cc8d2f1303835f348747cb14ed508cd0b2320109bd8ff48a206995d315b1ae4f6d204","enc":"04000cb9d703589b11fdd9d18c677956179a64cdb423b0c4b0c04f604c357548962b8ee6d07ecef5fac1434da040374eeae6125602d875c1cb7242dd4cd7196851a4e900f2452a9d4aec78be5ced20e836fef925ea33ee2f359590103600fa4e4fb63cc8d2f1303835f348747cb14ed508cd0b2320109bd8ff48a206995d315b1ae4f6d204","zz":"c2404970853e9970ee14141dafacd5c2dbf12808db7c3ae00a19066a65cd907d39591cc1981090845a8a80d4d9fcaf9e881ee5abba8e64a74866cd7c8fabfc27","keyScheduleContext":"0096d3962148a57989476a8b2657768e74de4869fcd4501a77483fb58efc5a7379c88d1ed4d11358a5b2764607c8f85d37432ef517fb1d38f34aeba887f47102c8","secret":"40c7add55910d0159b213a16c20d62e34ce4b64e5b33fae5d85066c665b00ccf","key":"29a4e9b357075f16aec10699d2550dc1a5ce5e4d17d39660155cb284a1e9f570","nonce":"4ab90260a609e148d7aa93c2","exporterSecret":"72a0f5f600f6a00124dec056be2c409c3cc2efa0c95ea627222a7980cb199e68","encryptions":[{"aad":"436f756e742d30","ciphertext":"1830b0f64596943fbc44eee24b161bd3e93873ef67929d838c1bfe97efc04f34b2b0706942799d24786d958e71","nonce":"4ab90260a609e148d7aa93c2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"2393fc16eddc3cd114819841e140f855199e26de24e5878d1af98c0495e89c827d03b4865a0523897387417a7e","nonce":"4ab90260a609e148d7aa93c3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"f23a25d51de035fcbd1895f72bc629d0ac01d71266a72504a115ef1b3060908d911a295a3818385857a8ca07dc","nonce":"4ab90260a609e148d7aa93c0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9c239d1b616204509a1eafde2ced9ec76e4c30263c141843282449a945f14ed0e6902d543c52036377b4419116","nonce":"4ab90260a609e148d7aa93c1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b5532644e88b9c0ab5e4ad53234ab95a0e81196c736cca951ecb931be245f7e729e2e038f8ac0fe7f4a6cc636e","nonce":"4ab90260a609e148d7aa93c6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"7c61b1b93847094626d5617abe2244c08d4283165cda22b9d8818a5ef3ba44f1221ef27d93c6a868993c31fa75","nonce":"4ab90260a609e148d7aa93c7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"433d207e4cfc9c9a3ca30a010bf1abd39ed1606993cfb2b9a4b0654b6ab5eae89ed7494015bb220e7109d24d92","nonce":"4ab90260a609e148d7aa93c4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"2a5e7b803884a85fbc6db6023a698a369fea23e9bc7ad379dedc0016ba7f1a4bc2a14cd6982f70b730d2690ed7","nonce":"4ab90260a609e148d7aa93c5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5355c72d4035595230f2e76cf4065b007cb51f942db3094ddc86abbf4ba5027463036a905f2b347169e02cb240","nonce":"4ab90260a609e148d7aa93ca","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"74505735ae0ac3d186b1992a6b818346361e617d9493614a2de69449480bd9c7b29bb640cddcaa17f42a8c5bb2","nonce":"4ab90260a609e148d7aa93cb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"9559197d1c0c3888d348d25b1bb0925dc150aa862da92812286f725903d02a8b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"bf1a3960bd6fc81b80ffb7a9ecafa8f19f97dcb2dba0776a520fab7ca2ef06f6"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"da19fb76708cfa8b4e68a238cd412f9a7e7329d7d85d439cc49acd33eb50bb77"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"713087fcc0187cf746ebc0ae83425da1b2dba42b3dd2fed086f9a58b25ae3a6f"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e1794ebf77e7460d5c564fc2d18b5a07e54ef421a0686cb4eaa70c24dcfaa5a8"}]},{"mode":1,"kemID":18,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0aaba1fcf48190f71b6b2d7ed4d9ba7e0a75c42fad3d888065be1f308e85bcf9fc55bbe0ae279451cbd0d9cea638533facc3f372eb968e06a46fd269f3b0334d039b","seedE":"bffb76d61de67734c39ff2d55824a4ea34ef596c59575783b1aecd37c7a6168b129dbb0c80a065003d9deb87a4ae8d41b97f5175e03a67008fedbaad66c22272d3af","skRm":"00a71738518de7c210b78af73b8eb3f9f2795cd30c1aabb64a856919b997fbd74367baf0b806788c2ccfd40efc0ddf08dd661d0054d5b313fadebc891c3eb6cf311a","skEm":"008f614b1a49b8255b41836952a7fe07137a78e1e4dfde64598fd137f11e4701c9c651fc2dd0864009678a4b68f92b04db2c509cb6d0790d6c887afe80660b313422","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040016a021afcd41e2cc30002ab0dda8fb6ff5dc4d3c012af19245b931aad6c2e1870120c1429a46d99b0b6eb98a940ea6c69c2e0d4bf8812832c8213b82b654030c2e01103585a04c80fa2d52bb30cc8da741032b4e176ed7dafb8c685fdfec011e78007aed81914a21ebe9dee9cba4915e9a764cc2243bc8f0dd812a3cc4e832b6163e8c","pkEm":"0401f640356073bc103feb9ba387a9306d6942a2149689999556750040ca63b79fa35ab911aee23ad3239d96bfc6bb46ae590a1a4044198efafdd73c0a794faa442b4f01264d9559fd81abe24e0f2f6274e341c0f0f0ce11ac2087b2c54065075a35ac14322fe0ede809dbc37b01a60215e2315e300717e988541930c6119a6ad54e96abbd","enc":"0401f640356073bc103feb9ba387a9306d6942a2149689999556750040ca63b79fa35ab911aee23ad3239d96bfc6bb46ae590a1a4044198efafdd73c0a794faa442b4f01264d9559fd81abe24e0f2f6274e341c0f0f0ce11ac2087b2c54065075a35ac14322fe0ede809dbc37b01a60215e2315e300717e988541930c6119a6ad54e96abbd","zz":"33a0f33e2947aa566dae0f31834ff8a5001fcf92a04afcf1953da098e8feedd287d373303efd38b80a3a688310201888b9edf68f0f89a1e107ec400cf952ea95","keyScheduleContext":"010b01cffaa255be429bcc24dd98960a4cbc8d2f42df3afdd57a4deb82ed9542c7c88d1ed4d11358a5b2764607c8f85d37432ef517fb1d38f34aeba887f47102c8","secret":"e3fc4db9144149753d610ef43ba2b7eb5771c105d8f0d05e823c3010382c68d8","key":"8eeef22f6f3bae069f04d978cdc2a6bd280eec6c7d7b37f1a6910c5548901a5c","nonce":"1de94e171c2aaaef50480b0b","exporterSecret":"feb9b7e312c75afcf77eccf865cbc1a25323305511ca35f7c5238351eb83cfc3","encryptions":[{"aad":"436f756e742d30","ciphertext":"8a6de72e1ac2b6dd5b541874894c2d176cb9756396e992017b3235a5d33aba275540d236e9292c4f74941f18cb","nonce":"1de94e171c2aaaef50480b0b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"b0eb73ea5927558b478724b589eb9b586d3653b46610ced76752db8b516868ecf2345548e8fc50e05b1a5ff32b","nonce":"1de94e171c2aaaef50480b0a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"2d311d6308cfd8473ae02ee4ca9ddb04104fc7f85b6bbc5ead518de4e304e66b8594d4c605df859857e2eb2e01","nonce":"1de94e171c2aaaef50480b09","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"61410eb948412f5af57b9a1f68dce46377c7fffd1f100c5081a38f3613efd64f51b608693da188a9b0d6e8f818","nonce":"1de94e171c2aaaef50480b08","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"1268328f0bbb3f2b91bb3ded1c5e65bba44573680be471c78b90cdfe2b4dfd84d8aeaf0f01767a1f4498ee1054","nonce":"1de94e171c2aaaef50480b0f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b1f0bdef9b960b77fdb04b0a1dd30a8a5bed04ffdead5d3f38ad3e7125fe0c72042a73690ba572a85c971481f8","nonce":"1de94e171c2aaaef50480b0e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"696f33cf81d4ad4288ea27148818cddecd39d1b6cfdff1d454ab1e7228b9634fc597c2dfd8a371174965a434fa","nonce":"1de94e171c2aaaef50480b0d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"7dc0550877c63068fac9ba27910c808e8cdda9764ba60994e2bd3304d98fbc3a391db3971ee96f5e711ea260bb","nonce":"1de94e171c2aaaef50480b0c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"4053a4cd97c9a517ff325897e5df8b30f89ae0ec367003d4ad2ec90df37681ffbb14366c33004cf44cda27d735","nonce":"1de94e171c2aaaef50480b03","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"98c78ee357df3ce8ba575184bde168bdaf14656ce58157dff85e779b86929c8b323af27ca65ef9946d695b6db1","nonce":"1de94e171c2aaaef50480b02","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"a40f70d6c7f9928aee44ae2238fe15fdbaa328aa4b989ffcccc7e767c977dead"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9535743721f0c5b6f3cdb22d723d44a2c3187bcdfa38d980f2586b1696e5545d"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"3e6873c46537398feb9ca8e37d2258cbc2d4c33d4e5e0ebaaca41d7a794e7dd7"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"33e65be27a6f33a6d8d6618e887672aee16967dc17dc9ac784769f39c767f46f"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c3f912184689b9f72e5baad5356c147ffa8294c189d69862315e1112cbd8bf73"}]},{"mode":2,"kemID":18,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"2a87a37b0637ddb6c23408b6c401b2c834b5cccecc831ad8ffa50aaedd63510bf2a800a4eb18844851c8c7c1d6c03e8549c94d005d9e7ca47e290245f341cbbef2d2","seedS":"ece4d9000fcd786ddd979467cf98b47824f1e74b0f52de39f52569a5f8d0eb2c1dda18da2e43ca05ed2822fda406b48e2cf19940e3f3208eacd9c79bd4eceb30d7f9","seedE":"49e54a13000c300e73da0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","skRm":"00bf5f76e30df84a758d84ed8432a9847c61eb988c31853635b2c91db1187aa0a9e9c1802c89d9dd0c2d09c1c5efaa5cd63cc606255f2cc643836a598e3aa37930d5","skSm":"018dd757905d02b7d6c3d3873ef75f121a114c6cfc5abf382998b4524762d5b25d4d6165594c4e66e81c3c3a01f8e7d3ddc327afdbe9085492235cc3c03a49e2fbbe","skEm":"01223eb1383bb2336820b2fb9642d4a2ca03fe5884550f3cadb28d789ed1adc9212d7829bc36639f6ac46fa2732e0242da5b30659cb741edd8b99ec901240fc64bf3","pkRm":"0400e22c46183fefee875a9d695e152722086163ee91f4e278d11578ef05061304dbf91ed66bf0709ce501a3d47566a3128a65f1d32d20244b175b54c1b977a8fab3c901b859c99ba79c22f2e21135b4b3498c3488f2d84a9d31f6c3725f6f0904c5200186d4ea473a49ef1264ef7e6d1e6490ef497b6fec3023cea092bf8bbdcec7eedd38","pkSm":"040194d98f2c116c1009c75ad1fc6b9b13d6726b5b9f31528cbaa079c6906b559a9fcf9bfa1e16398926b812cd3139da3d3599d7418cb1a89d9e14ea5635cb80ee67f7005396167c64cab0af70134649576c849e002a8acb2b3d0f6a1d09859d3f4824fbbbb49302371fdcda1b71d85ad01d04e7a32d6f575528ecc3a7d6534c095681160b","pkEm":"04000b2248254512e043c07d6ae553e2a4b3649cd4afcf431fadcc06e8ab39d7a08baabb27a134571ab13ce341772d07b91cd7a5aeeb11b9feac156ee5817f9cbe774d01640d67d4aaf843721fb895ccbe35923fb66d83b042eb6702a50a7661fe0d5b0efe771cffa10d1a2842ffc3cb669629b15fb488386fcdb560b31be468307080a360","enc":"04000b2248254512e043c07d6ae553e2a4b3649cd4afcf431fadcc06e8ab39d7a08baabb27a134571ab13ce341772d07b91cd7a5aeeb11b9feac156ee5817f9cbe774d01640d67d4aaf843721fb895ccbe35923fb66d83b042eb6702a50a7661fe0d5b0efe771cffa10d1a2842ffc3cb669629b15fb488386fcdb560b31be468307080a360","zz":"82a3b103e8716edde7ac419b5306b7f3c16244e2472d0a3051fa449fdab2aa51d43651041d9ac57c3ca0a455ae9d1b4455bd5616d0e1d6e317815baecdd2e76e","keyScheduleContext":"0296d3962148a57989476a8b2657768e74de4869fcd4501a77483fb58efc5a7379c88d1ed4d11358a5b2764607c8f85d37432ef517fb1d38f34aeba887f47102c8","secret":"d83a34911b2c78c670a43e0b4ed28c2938d63aaf6e02fba50df56461ec175812","key":"84bcdfacefbcae0cee336390ea436fcddba57542b6c8b5f215ba48c3bed22a49","nonce":"728db3c397a38a092ca0d552","exporterSecret":"74ae82b8b7c82d18ed71445d684cecce70e57df53cf1f792689a67070d0bd8f5","encryptions":[{"aad":"436f756e742d30","ciphertext":"eb7c8e5e7986a69d22b0d7877db739e71fec1a826394a1ce3fea85511fb550bce6ec75c53cf36d8900c38cd27d","nonce":"728db3c397a38a092ca0d552","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"5d46673df9d066446b370a727f27cc786e1165d569f7a9d40b3bdbe22a25b438e5a3fe6719646862224ee13f5a","nonce":"728db3c397a38a092ca0d553","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"f43ce3ada2f970d336d7a2d31680e1f4632eca4aa7cc4788d2b2687a26bce46971ab7a7141bd8337854f679e9b","nonce":"728db3c397a38a092ca0d550","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c9952e7f4b7655a8e85b4485c7fe9169dd8c8cf10caa0bd00a57a7db01e5d1a03198b3fabc68dbdab800942fea","nonce":"728db3c397a38a092ca0d551","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"eb523efddd9404da9abd9b0a73d677b4dcb5544a17c69b049edb6ddb7f3d230421c9a96a1eaf363d21424bb978","nonce":"728db3c397a38a092ca0d556","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"8730fae9fbc3dfd2b33854ed67a483e67a27513f5ba45ed715c9487cdd55335863c26a12e4cbf2ebac29dfd7e9","nonce":"728db3c397a38a092ca0d557","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"9fc95fafdab74ac0a8a2282df79e6aed786c32dfedd227589447798a948ec19e762827298dfdf890977d15e608","nonce":"728db3c397a38a092ca0d554","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"9c24af003cbd713f2b94bf9519b20508d15883ede07ed69eeeda629e7b3e617901db909241aa51cdfdf1ee7466","nonce":"728db3c397a38a092ca0d555","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"84274327aadf7fda6c4fae3a2e0a7cc2db0d9dfe6f10d8911fd6644e428e2ba832bf5ad618dd609ab8a376757d","nonce":"728db3c397a38a092ca0d55a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"6ab19f7fe4046f0b2ed6026a273b21eef40c1adb45d5d1a6f372415e62120b6e44e5b6d6a2e3519082e5cf178c","nonce":"728db3c397a38a092ca0d55b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c50ce864d24342aec4a43d3361c76712579e38a009bd3846e28d19d4e03f425e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"80b54c009a99cc26fb06a6b23289fa93a48dfec1a9f0560eb92b19491a2c2889"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"5df257c14d3b45befeae568defdd182e78bc14d19f19f626e3bb70e65eca36eb"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ff3b1dc4b826b8ce1a51cd3f8d74e4faf3ff327e46a242cb707a444b4a445032"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"f33a1b879e31590932fb18dc5f35122c26cc81c283115f27741db505148a4ebf"}]},{"mode":3,"kemID":18,"kdfID":1,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"c4cea914575540fc2d5521cf134c46453a5301128cf0755655ba01fef2983b3b9981476f6d49d7d24207cc1d3bd5022245510e35e6dbc0e5f894efe0d6b1dc2b2f66","seedS":"fd3a8b3e6f935f83da0507547913ec27de3da134cbd6a675dfef8bce9fbe1eedac19c1a185eecf6f9133d3c4ab5fdfe6674648172db8ed810b70b5aac9363e79e38b","seedE":"0bc62bf4f60c93ac622a2c3efdfe3992778eba97432b68681c7e67e5f3f9833ca90ca5688c6f06de29e608d831fb367b6f48d7680dd02ea391f77ace54902d11bb5e","skRm":"005a6520b179f79e1954579f7e280b0b0b7dbd62011405cd87c4e333f12a4aa264956610b45d9d9075ef076f76abff7df1fa761a2b9e291f68683e225f54e77d966c","skSm":"00fb3c43917d053c169d218151b2dabf45410b187a7ec17864559abbb6e2d2ea36b4e5413fa1d5e09cb7157637200b805a187f31318f7fc4ea2c397319c5ce82ae2c","skEm":"00cdb2b0ffa5509f5aa484274b135c1a749fb2e3a03d5259fefefbfa2d825bc6cb0cb678a7307b685a5621966ed952233bbb6306c731257ec9c4e4aa3cd878eb3cfa","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040007922f22d398cfc2cc465e050043aa66699c3754afefd14f7cff62c3e993521329598a3e7e66384ef897c1840a045268063f243e6e5a519a73bb940964a65bcb7f0124c92e838629240460f9e09708c54e373ce7bb42f04b5e921ef9e622b81b27e12c9d00f57202985fa78dd86242dd5896ea1ae97430814a6af132be6bd770e5cbcb","pkSm":"040157f8bf032b8beacea61e44fb57c513be273f0643d393303820419e733c7a46de92ae7f71196b5358a89e2862673fa291d40c41638ea787f3f784894a5b4b9f7913005d216b1ae7498399d04c30af883ec348814c63eaed1f5d6832d7f2a8ea4a33c7fcf8074f0277d2138ba778c97eaf63eb75632c45b6996b1b48b79070012ea0a1d8","pkEm":"0401b9c10dd9bcb9c617f06f951be150b6c0c942e2d6f0afe3513fe8cc3a26bd166c7bfa09f862a4c1d65c5ee759d0d5ef9696315361e668f76d5d33d83f842d0402ae01fb705df5b26b12bca752587d691cf6ca5926bd84e2d8709e0f999ab56159840c00d0099f23dd083fa787f991b768bd29e2ae1943841c5a2780f8ade732456f8a1c","enc":"0401b9c10dd9bcb9c617f06f951be150b6c0c942e2d6f0afe3513fe8cc3a26bd166c7bfa09f862a4c1d65c5ee759d0d5ef9696315361e668f76d5d33d83f842d0402ae01fb705df5b26b12bca752587d691cf6ca5926bd84e2d8709e0f999ab56159840c00d0099f23dd083fa787f991b768bd29e2ae1943841c5a2780f8ade732456f8a1c","zz":"9ffadac21823c74a0422fc03f4d5df5503a33629abac8efd2c206a43b8511720e3eb34bf9ba1c4cd3a9c3f6490e64af032ff2b3d417473ef140716da0270fb16","keyScheduleContext":"030b01cffaa255be429bcc24dd98960a4cbc8d2f42df3afdd57a4deb82ed9542c7c88d1ed4d11358a5b2764607c8f85d37432ef517fb1d38f34aeba887f47102c8","secret":"e8c1c6ce6675cee12ad34e0b23d4913817e464dda36290c703fb548664825628","key":"e7c0f8400e6516c5b4a10185bf419934a963efc12ef006661a9ea1658d313e5f","nonce":"97466b24ce97e70efcfcc2f8","exporterSecret":"a93090dc32266c924543056c54e6e8073969a6865648c02ad1b886dd7a462028","encryptions":[{"aad":"436f756e742d30","ciphertext":"c133cb4d4fab273f73901535a1e7b441fbfcb0363c6de69581c0ef40a7926abe4e1a486265f83d70133c2f317d","nonce":"97466b24ce97e70efcfcc2f8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"dab5e3bc86a44d80c6cde6622e46786588ae4e9eac00e4a3dbe43f8780f4aed908c7ada1d7e63b5b3cc70aefc4","nonce":"97466b24ce97e70efcfcc2f9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"2d7f24ed35cfed91ea1c13f81546ebc1693c1ae4205fcd631bf371f7e021f8e4265c7ec96c41b8d309ec782762","nonce":"97466b24ce97e70efcfcc2fa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"39eb8b1949b6730ed76c60eb0389352730b55b3b2eaf227e77a8c81fe46a81742e633812f4da85454359473148","nonce":"97466b24ce97e70efcfcc2fb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d18ae5f500b9a29859f34c7a296d4abd6fc27ca0ae661b0d8297b61f1daf6795d693971f613b1903b239bf81db","nonce":"97466b24ce97e70efcfcc2fc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"751aa7bbe024932f6f08dae06eac107a3da1c4d4a6242193ba1ae4fca4393e7490b7d8b3d2d4c9228022b5d14c","nonce":"97466b24ce97e70efcfcc2fd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"821464a4e1a69924350a3e7ccb0203a123e4c0053a8d63a6dd2e8df8008a017bd2059894172d0cf891312be0f5","nonce":"97466b24ce97e70efcfcc2fe","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"dae842bc33b48be96b78898a236bb8274a502e69106565fe452031e8bd55d810333f2093749c60ff7f3b61d225","nonce":"97466b24ce97e70efcfcc2ff","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"efe230fc2fbae0371dacccd6f458185d4f0cbe58ef8c44bebc19a35eeb1ec2baa0ee9593afc0c067b2c49114eb","nonce":"97466b24ce97e70efcfcc2f0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"bdab7db495b0b937ef125180ce0ef3c034cfc6b72dced2d248b2c603dcadee0291cae415603ac9361bbb0e940a","nonce":"97466b24ce97e70efcfcc2f1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"97c036bc19ca286478e6140f34780bf43fd54759ef82a241d0a54624fc46a4bb"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"d35fbb8bcef528dbc7361ecbdfcb887cc8ead1ca08cd80f19a3afb35f2e543aa"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"273bd48ad64edadf91524ca73d04c16d1cf840134acb706dbaf3f860e8eebec4"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"252360d4b28eb25fae31cc58f1f8e00c6d86c9aee6ed9b91b01781517c4ed1ed"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ef479106761c502bff7ad1ad11f7f4df0d5882c81d1cbeba832cd1f0db7b1dab"}]},{"mode":0,"kemID":18,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"cfe0be829a77ac0cc564a1d38b00d1764e4aead1581e59f91a0dc9714a4e4a310f8da7efab625c4bbb65aababaeacf5bf7b1490fd9b92ae1cc13e56ef9aa4ae42a17","seedE":"b13f095b3e64f5e43531a70efb3b995243b5c721f9a1b69c5de083cb487d5859d4f6b03b19b63f9a8d89d8c898fb13546090ef992790594ef34a311b939e7dd84fd3","skRm":"01b10e57a36ef1b0d8f839af8f5309b8a2710f6f79febba2e3bd92bff8440cac8bf360842f5e417a038a95499b11c4c5c0d1338edc1f40e2ca26215d591157256222","skEm":"018d97914ca72f09c14da87a70b306ff2fef5087cf6fce54955f341aeb2bf62584fe22f47f92b58037f8759e543910fa3a4009ee17fffb99d92342dadec22277fb72","pkRm":"04015fe68915756a588628e83c8fcff870d82b598f77a63c26b4d56ba6eaf89353e9a5f4cd769c71fcb9fe258583455047df95fae31ae9e41ddb63cf8cf4ad2c9a50ed00d5181e32b78e1bdfc501c3a8be2fece9680fe0e0cf22ef2f4d799e2faa09a66f73e91e38d8255d5f5bbdcd6a957753ea54c17f06bd1c97738b7146f177c73b179a","pkEm":"040186767cd7eefeb889e565210a7b5996785a48641a3663673b2c4d7aefbc33e8967bcbff4df4811299a3ee6645d9e3ace89186231137002faf4c7f5b526d95ccd30e01150ca289d857390dd1eb843eba923f1eb8af7da5835bd7ed46b13b8bbc74cbce3fa66cb063e7c7434f7a9a8c5c953faf606acf7410bad0f9508ee2da71256f5dd8","enc":"040186767cd7eefeb889e565210a7b5996785a48641a3663673b2c4d7aefbc33e8967bcbff4df4811299a3ee6645d9e3ace89186231137002faf4c7f5b526d95ccd30e01150ca289d857390dd1eb843eba923f1eb8af7da5835bd7ed46b13b8bbc74cbce3fa66cb063e7c7434f7a9a8c5c953faf606acf7410bad0f9508ee2da71256f5dd8","zz":"b4110eeacc0a95e422554f2c5ef367c628e72aaf6b5f77e713c35d54c6ab1a33b6bbb8f86aaae3cbb452d4117a0e85fc4ae7d95df91a984e2783ca945cf1d71c","keyScheduleContext":"00e28ce5a24e358b8490bf8282ea21c65e142ac95b55f6441b23604ebff82f8b1b5927b9caeca93d6d45f1abcbf4790a909d8fdbc0e9371348fd8ab6ac9c0af530","secret":"2b15c6556b3355e71cd765636452e1f678d052ccd224860d59e04f30473e1e36","key":"38247a17c563d50919e5b93bef7604bbc9691b46b1f412a0fb507f2cfbbd3d46","nonce":"2d407a0f962fc6ef3736ab67","exporterSecret":"067f17849f43a62ac5c91ad7d958cf09f60b69706b86f856830ea6d1d6c4faf3","encryptions":[{"aad":"436f756e742d30","ciphertext":"ef1fe01f98d128cda0770ccd121f200714c4949acabb2c445e327972e36f332b964bb058e7206bc9e87430b7cd","nonce":"2d407a0f962fc6ef3736ab67","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"0f247ab844f03976d984a57ffa978c82fe7bfd69210a4e26419379621096a93ddfd26da856520f45f67dd09b7d","nonce":"2d407a0f962fc6ef3736ab66","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"13f36d828fab3d77c813beacb2c5bfd6927efa8caf420711d30aa7d198f5034165ba1d4cc8440ec34555b783b1","nonce":"2d407a0f962fc6ef3736ab65","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"48b5f2f10f095b7523fb678ad8145c92faeb4d10307c69954e803b7fa41f3401244e8bd6df854847cad66a5a0a","nonce":"2d407a0f962fc6ef3736ab64","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"99aa42f76051f7db2b531292638426d38e4b82b7cd45d00a2249c96d02711870035c77f53fae8fd991c62e157b","nonce":"2d407a0f962fc6ef3736ab63","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"233e58fbffeefc033ce97f10c5f7e850c9e3a8ff0e79399db3667980835279c58f1503e9c3c69a548c3beea039","nonce":"2d407a0f962fc6ef3736ab62","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"dff051a98d156a979215475bf41c48a1fb00d4c211a5a78330525f01109a53a2775d9914530f02bd87ec1b91ef","nonce":"2d407a0f962fc6ef3736ab61","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"28c6c08c6b4ac9d77b725c3e23b3aeeddac7ddb5d863aee54d18d1712c7e60385e3fea92bc700d4e2cc3870513","nonce":"2d407a0f962fc6ef3736ab60","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"ceafb19ea46889c4795d3d03a48ce0c17ebc9d9ad9c0b2c6d0ef93301afd6c556ca517ab64f9c10c2c4db9516a","nonce":"2d407a0f962fc6ef3736ab6f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"2867bb62d7f42887483b9180d706a75a638c650fb5b76d8bb171f759ded90e83c80806d689a6309c4cda86d0e5","nonce":"2d407a0f962fc6ef3736ab6e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"42e75565a2170ff08e95329ace2342af076d26ea0a90db026472fc665607249d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"c5ec16e021b40edba3028716d7a83648fee6bc58e4047496921e6a9d5cc8dda0"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"288f2f09069a315ad62d1a89e44e5f46bb8af71516dda77ca30fb8f062ccefa9"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"02f70806d470fc2a86e4a41cf5c65f20dc3e04e9ce06a7eb09d44b39327623cf"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"3065ce72cb82b649d5d647c5a77ea758c91f281c9192ef1195c6cd037ff34c2e"}]},{"mode":1,"kemID":18,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b9c72e9f447a68c57341d3f7e499d4492451ce6373ca1387747d95cfb98a4069321ecd769b8450409344d7fc6de1553d4a7f9cd10d5f6cde2398289e94d1e925b104","seedE":"d6de3fd3b8c260c438352a017352a322116669b3c13da99628b1eb34a0665129960ac20551868be10b803fe5043cd7fb04cd575b1b5ae4e09b947458cbcfd54a3b29","skRm":"016bd1ddc8ce8394cdb8ed07160b73577dee8cc66bfbe93d939e4a727f96cd6fdd773bc2d671cffdd6f200d3aef4258c64bf5fe27ffa33d4db4ae9d17bad233acb8f","skEm":"0091994d4053f53e48f398933f7d84412e1fee8f2d45c197363e12f6a6b461901d8f5d8526b801b113c2d6286f8617616ac820d5ccb9a8ddcbe8e71c136881e7ce5c","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04017c2cb25f3326ff555e4fd0bce05615ee953b83daccf42d655c89efb84c7a7720cbc5e4e33dd802940d2a0a3687c8346646240d97630d6d89e62d22992bb31e6936003fd4f21b68b0e015c0fdfef17b5b097bd2ef46240da1f1a08f0958e3af42c179bdba25550e4a7abe07bd3643e32e88871dc0c3d5a3ca49a350a473ae09682329cb","pkEm":"04006d7002ff1ad41b97c4c8f95dbecbff5f71ed71aed3292ba195b1a8feb692705df175f4e48eb6d5f865b31cd853e1a8b81727f063eff57916f241cf12e66e2098ba01c425e95b2820cbbdc95e33962bfab6ad42b14e80e3b7e3135c642ad8066ecc63cdd77c890d4ff476c95ab89eeeb284375ba21440e81703e60ffe6f6cc18ef4c53e","enc":"04006d7002ff1ad41b97c4c8f95dbecbff5f71ed71aed3292ba195b1a8feb692705df175f4e48eb6d5f865b31cd853e1a8b81727f063eff57916f241cf12e66e2098ba01c425e95b2820cbbdc95e33962bfab6ad42b14e80e3b7e3135c642ad8066ecc63cdd77c890d4ff476c95ab89eeeb284375ba21440e81703e60ffe6f6cc18ef4c53e","zz":"f5303cb57bf4c65a324a9d89c569e4825b924b00d8cc4db67de01c06b9d32a01a79cd4d2ddc71cb64927c706c650991b6b9069219aeb89e1676d06d55a4d8109","keyScheduleContext":"01b157924e50ac7edbb81958411ce102f616391dd10d3276246e86cb25a9ee01735927b9caeca93d6d45f1abcbf4790a909d8fdbc0e9371348fd8ab6ac9c0af530","secret":"7c2767df6794689d5c18c9b46658c23ec0ec931725fabd403c88dbc5dfc01db1","key":"5848cbae4105cfdab29196c67f84146fa3a2047900b06025f73e6c1313d14ad7","nonce":"5ca185a78908f9c4629c52f3","exporterSecret":"46b6a397b9967c70f26b0761e099e63f48085d433eeae7aa72d65ea3d0d0f928","encryptions":[{"aad":"436f756e742d30","ciphertext":"b803e69518ff68488c2ea7612111afef6195b61419bb8b49e973605718627ef2febde529446b92a693cd11cf25","nonce":"5ca185a78908f9c4629c52f3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"25e4a5b10935300e00dcbe54cb75501adaf331f389f8476782397cd8a6e78719eb45669bcae248ff3bcdf353b1","nonce":"5ca185a78908f9c4629c52f2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"dfa33f605c25b89a40c4ad8cd400250a1271e6e94d250c9250eb412c8d28bd9a2fd44e6602ac21f9c537acc758","nonce":"5ca185a78908f9c4629c52f1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1cf9f30fd3c116681359c9856cb86b947119c4427aa1b2be7838d5fb237f2cb36d0292619577063f8db111da78","nonce":"5ca185a78908f9c4629c52f0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5827750a5507da4fbff432edc14ce46039182a796f1d17fbfe2425858fc27ed5eebd3f53cc5913b72c34f23305","nonce":"5ca185a78908f9c4629c52f7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"075d1fdcdf7c6a65842d6c9742b681af618928b14928a270b9eeaf15009ee868aa8d9299a162ab3a0bbb18329d","nonce":"5ca185a78908f9c4629c52f6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"2da9166013bfb5d5f6a77af1f38446d3e60e34d69deda926e2b4af82ae5572221d35b38488f98e5fe8b852ff56","nonce":"5ca185a78908f9c4629c52f5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"c2a06f79c2263a822fa72104650f1c98e42f34e58dc83c982c3ddcf6bda19372854e77212207509e58e1675803","nonce":"5ca185a78908f9c4629c52f4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"6ce87ff0796aacb976ae610ab0018fe24e556053184df852d85f82d2a57e3a4ff5cb0221e5fc0b3f64d16f85b9","nonce":"5ca185a78908f9c4629c52fb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"cde81b896a215e2d45ec7b5dc15934e93885a5059b83038532495b48b76bfef4339e9ac9c23f31dd7a278ce396","nonce":"5ca185a78908f9c4629c52fa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"221f18855f57e753b9530fa9acc4d7b627168f1b5b927043e8deaa2a2cde9dbe"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f52caf3c9291e4058cc388a0f858a453bd2203f86819df377310aff3ec95abbf"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b4e3daae32f79ac7b5153dbe01098afc9834b9c1bd63dec088a6f57e57e0075a"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e38efa499cedad6aa98e466991c2dc1f082d936beb4985fffe1c3f2f71dd96b4"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"352ad1a21720ff5eeef7cb9d579bda31a0841b6e8bef409f36ecc1046420731c"}]},{"mode":2,"kemID":18,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"056078d916bd3376284d2da46e1ea1b874c5cc27a08e42a60a96ac805c64cc3d2487e52bd5a3cbb0dacaeb798f83fd7d060b0fe1f13d4f11d9bc60207bf778d29187","seedS":"6c65a40cec1c9f1355a21af2639e109da1735d9176710346ecffeed636f5595e949e0de9a6481cd80842470c81887e6113bb7ab3795889ba031f7deff8668ad5287b","seedE":"7c4fcf016dc51dc871aa5b04d42f8a56e7ba4faaa0e951047b5fc8134a325b5b5e63d821aba250d775ec4618d2a6046a27b4897012373ff18f3591491ec66c00e39a","skRm":"00aab83f1acb92fffe7275b42b17e4da2bd6d5844890704947ff01df5821bd328f7c1588eb78a990e727e3d1df0be28c67f1c20edfee90f1d99ea035004fcaf9e1b4","skSm":"010c46cb683784602e56221ed87011b6e50d1811d58ff2c9784e851973760ec7262771247323a3b70f223aea8519145601589030f2d019b78d8f1d6f10447b976596","skEm":"012227f9b670a1d927c698506499530e2191c83b661f5104cc2382a7f6477c29686c2b1ecd2b63698c14a90d1f05a54d276ef37b7e4ed8c9eb033d1bc509c9790908","pkRm":"040135a5be0066da74a1eecc62ab4c9ee926dbaa6d4ae093ca6a8698f0f86c8baeeb97fa8dd367074444584f089d8df70341b11bf921380e9ce42cf838109ca7292892009a0da1bbf3d19b7ab121d627078e2c17af094f35038e972b27cb9e880494c12a4514c24719c795d19cc3abddc729e74482a5431a76530c9da08b0a905ee58dbe99","pkSm":"0401336cceffbdf4cdd3f7624da9c326f4e12d9f81e42e8b8f41fdd88e2098db329987551a63d14bc3f603c850e83c4555cfcc624c34427a5beaa4bc444c3c0cd4d01c01c985e384478d24eb730112a4edca93ee64af1ff81f445be2c6d234ccdf23b89a69fb13d9101b519f2c6fe2fa62011e0ceffd47d6aad12e6c8b0d91150a2e2cf0b2","pkEm":"0400c6a837fa79f4104e82355c56b9d4375ade295d03588d00275c432aff27dc4381ac479111a1246af9f309aec2c398b1d0206b224a1aaf2cefcc0cf49fc10c71478800dc0b8c991b19e8f9f942ed484112e0cb1d9d39b5fcf45de74dd388d3239f14d7bebd9532a78a800cc9835ce5c1bece641012785d779ec77be44dc95a710a9e81fd","enc":"0400c6a837fa79f4104e82355c56b9d4375ade295d03588d00275c432aff27dc4381ac479111a1246af9f309aec2c398b1d0206b224a1aaf2cefcc0cf49fc10c71478800dc0b8c991b19e8f9f942ed484112e0cb1d9d39b5fcf45de74dd388d3239f14d7bebd9532a78a800cc9835ce5c1bece641012785d779ec77be44dc95a710a9e81fd","zz":"de1e97c2c462086b1df534c300a5a9ea08353ba1395128a5e2129f4e4d2a3e5b593e4068c9e9c73aecd4fc3f4487f517e158eab609303042fd9995c751917c26","keyScheduleContext":"02e28ce5a24e358b8490bf8282ea21c65e142ac95b55f6441b23604ebff82f8b1b5927b9caeca93d6d45f1abcbf4790a909d8fdbc0e9371348fd8ab6ac9c0af530","secret":"67323a87c2e2f6fd131a53e111976765b53b7ff86814f60f56ab33d55171e253","key":"c5ba9df366aa2c1a721c33ca060ef5e34160b5d78118d832b3710649a59ab527","nonce":"0918c7feaa5d88f6aad4ce03","exporterSecret":"b5577b34d04505a909ee33c28f68d527aabc91c4aa8615ba87b469d52e8c34c9","encryptions":[{"aad":"436f756e742d30","ciphertext":"04c6f63dec8ea7a4fba1706c7e16856a0b4b39619b7a239a6c3b80a95907522f21f9c39bc6c5c5a766eeda8859","nonce":"0918c7feaa5d88f6aad4ce03","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"4e87fa8da5bc1e7abbdfcb3425bcb1313c5fd6e975a58cfd334da0c5f406b6ecfed81dcc6999a1807a01f98f8f","nonce":"0918c7feaa5d88f6aad4ce02","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"8d120874788b7d6a0fc0c86c5fc8a284484030f02d3256fb8660fd909a81e29817a1ee8a383c08af791292cdac","nonce":"0918c7feaa5d88f6aad4ce01","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d8d5bb592af1b826f8a2916b4ca200fb85c37666db4b39f7bf9a764db11491ec18701985f7f3f8d39316491732","nonce":"0918c7feaa5d88f6aad4ce00","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"ff035a50904393ddd275a29f16c9e73e5b2bdc8934c3189efbe5e9ddb958615f19da4cd3c56c1916279b705299","nonce":"0918c7feaa5d88f6aad4ce07","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"26b87f83884d363928208a0dc75873a79730e90b8f376891d18aebcef296ca132dee80c2b4e155a00fef2edaef","nonce":"0918c7feaa5d88f6aad4ce06","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"f2a589f04d36d513444789e635fee33825ab5fc7a42c31887785c71e3c92c4c180b3035df7a63dcf544b07ccdc","nonce":"0918c7feaa5d88f6aad4ce05","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"60f00ad9ef6f19837fe3cda849592ab88c54b4f589bd164d4c7a66627d22ed833fde5d936ad19fdc87e17b6648","nonce":"0918c7feaa5d88f6aad4ce04","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d3e5cd5ef08d341c97f355882a1acc959f2da4855cf591a4489126ec7f7e2d1e6201f43c1dc9865ecadd9e370d","nonce":"0918c7feaa5d88f6aad4ce0b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"d8060ea09a1077922e540502b0da01a0a1f0689ee464fbd8759ab7692785c3210705d5de400aff25a1354c6939","nonce":"0918c7feaa5d88f6aad4ce0a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"ce2a8ad86893b663def6f02f524cfe3e70c70c4db42031a8dc5813144ab6a807"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"c5591bcfac06d7719494cb0b977d4d162f745286a22605b804177ddc8815bb29"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b3edb9665471c9fa52516626e4a4a70cb132e2068dc2bf4671917ea162a60828"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ce21bce49a76a166b33619670246194c3d947b3099e7e582581b247010da8a43"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"2df4b4b752454850bf7c679c6037d761fb039f29874e670cbd4883d1940ca571"}]},{"mode":3,"kemID":18,"kdfID":1,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"8e6e144bc07a8d551ba9adc199c3c8e943df1f715c3a9e42c7358acb10f921f3f2677e410366e64f85f8fc93cd3b98bfff8a1b4ac5953439d35522ad32c30f7ba744","seedS":"6dba3a07cbf143f42f8b9650b0c56a47610d0b6e37df269733991827af62b3055f2c907859217ee04ee019bb2714ddd2f99a8cb9847da942c0080346684b80996960","seedE":"4fea2db782e20175dc934a78cad5af25224a9f1d70383d5dc85223719a782ec84bb91bb5732b69046f6d7d0c52bb050c50e820affff91e217dff8557930b19c3aa12","skRm":"01b1c0a534aec14876993627f8d1b9dc7bd9d47475d407d18daba103db3d8b6f2b9e795c8a3aba87d0b06ffe845f69861fa94cccdfdac634fd75c626bfbd5f576af9","skSm":"013f25a4b10d7cccc464ff7372791034e579c52febc8a118ca8c492c3fbcc3564cee87f735dbc7effa0c386abb03b6e23c2101a4d06a83a17dc373aadfb0eb7f3003","skEm":"017ead0178f34652e45070e6dd01283a4b1ad764a6612e25c46416d653883bbec0d90451ce9a3c77212a79b6535c0a9dc25cea0f7c4a061512037765d7f902c726a7","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0400b30e3f6bf641d572439b031107c8c64b2cd8da8266ae2d10339fc23310c2950b31c0d4d2869fa8053179036ea04e3e60bad3fbb472585e19c1e8e82d15fc766f0201efc0a51b43a3185141f0dee7f4f9f2138934c5c973c71bd5576e0bfb365edb419f29dbe75c92d64839a5aac9430e9421a47355780309f30a08078b9325c71d1292","pkSm":"04010e1905fdded12680449ba3bd6e207cb609c230f8a41cc0b35a6686b07aa576429e82db620c9ab87cbcf4eee4b4e16fcace1bcedd53db80adf0a1e29c53cee73ee900b697a64dfcf834345d07972c28b877fbb4d23c6f76f26b07f2c7f2c2e564f172cb4def765b272b0247383ba51ef67102783c1e13e13b8fa321b24f50e13ec1e167","pkEm":"04018e56a8ce010613e2737d1e80af5c1dc1fd7c362552c22193f2a1c82ccbe23bbe5894171fb541d69e1657d93d22fb28c96f961b6c108f5f5bdee4606fb162f3be850017c053de2f70a364f5802a6a28bf359341dba3858845b06feab56b76f92a6fa0a9428116b659191e587d632be731f1c3b793d7c828f414b5a2e9fce2901f0704e4","enc":"04018e56a8ce010613e2737d1e80af5c1dc1fd7c362552c22193f2a1c82ccbe23bbe5894171fb541d69e1657d93d22fb28c96f961b6c108f5f5bdee4606fb162f3be850017c053de2f70a364f5802a6a28bf359341dba3858845b06feab56b76f92a6fa0a9428116b659191e587d632be731f1c3b793d7c828f414b5a2e9fce2901f0704e4","zz":"5843dbee249347c066b2646cb9040d57ad4b21624dc986b73b026ad32d36b6bfb6a6742d8d7db41e2022ab7f2cbf9824fb51b2a8e199f7d9a1bfac14e56e8000","keyScheduleContext":"03b157924e50ac7edbb81958411ce102f616391dd10d3276246e86cb25a9ee01735927b9caeca93d6d45f1abcbf4790a909d8fdbc0e9371348fd8ab6ac9c0af530","secret":"a1453fd45773cedbb4825ce3c24ce22d14082dd11e5767530fa1093905d1c2ce","key":"bf69e0cc15048fe9df803c77f33f630df72c535e7dee02870a3eec959c3ffcad","nonce":"4ad987ad566748602532a18b","exporterSecret":"6dc46b2bf6014726ad72b5ea2b7bef3cfe36bda9de0cdc2a40ec18e691ad09dc","encryptions":[{"aad":"436f756e742d30","ciphertext":"cc8046d1d570d549da90415648f1921d970e99491b11a38bd90ab52c6519fbe817bb2ff1d545bfda63ef3527c0","nonce":"4ad987ad566748602532a18b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"0791f1065e9fcb1f580d2c03470326fb8036e22eba8482b62c4c176b45cb60cc2974e78552278838b376f9d421","nonce":"4ad987ad566748602532a18a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"6b46e45d742451457d40b643029d74880023864365b2318c2c589897320891ee85a0a6e84f5a75e7cc2715a3d2","nonce":"4ad987ad566748602532a189","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"38cff738de56c9489e3779d331d59e2a8d39e555bf70a9be5744661577a7879e96e9aee1a3550b92cfc6eb35a9","nonce":"4ad987ad566748602532a188","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d46fb7b4571b155dd9f79ff131d52ee6ee12b175738278d2f595447bfa6084bc091ae98609a1e07c2753834814","nonce":"4ad987ad566748602532a18f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"779373e5831c03a417966bffcde8af217dad08847f4af82aa9890dff25bfb2f4503483a5936eea91d8c1b8a6da","nonce":"4ad987ad566748602532a18e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"061f0e9e3f1755972bef887e4bfcbe618d01c6696db5a7ad012c57b6b6786742ebe9586e582734fe7ad52019c7","nonce":"4ad987ad566748602532a18d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"1a3c7cd1d6e17762e249020c5233b86593fadec29b14688b3e7c4386f057a8e5b25c65195babbb4736bcc2cbf4","nonce":"4ad987ad566748602532a18c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"c5729e045b0e5cbb8e8e9c1f1b2ebca6f40b9a0ad7512e6cc0c9ce28200b3835fc7978ae8e149b629637b43128","nonce":"4ad987ad566748602532a183","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e73c8b444edc08d4c5368cfc54e74caab34f35440e5fa9a4872b929d113a152308dd7b94c532ebbb8151cca208","nonce":"4ad987ad566748602532a182","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"9e4a204c553896d9b49447de6ca7390a42927cf8756f4752a9734467f3c6f4d4"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4098de7fe298ac8888aa7cc30bc2cc225b79737a3b75ac74601ca161631e1d91"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"db1e33fa8ed59838c7b7de0bf023b5f7c4223483c617f77102949f38c6b90c61"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b85d7c94e53bef40be06aa55b07da5500f154ebefa0f9049924dbc90f91b2189"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"211c836eff0561fc247cc1ae221c329fa48d18303dbe0ab67430d68c0aad5298"}]},{"mode":0,"kemID":18,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"a35629fddc01a5b82c39841ec2f376eaf06094c3706a06b8679ee89c94db23bf669d5fbf4cc47ad88bb27095c3b246c532bf4c1c76ae1d11b02e446a4e1adbd753b9","seedE":"de23bd043bda909bd4431f3f277058fcfa7a35413f283e1b2b8c4c257769e6e78cd6a7f3462eda6efbad4c97aa9de36b0c3f9c9e96301ae1ed2854947dbf0be16d39","skRm":"019bcf89b7c3d27c9c6a2ae5389db4801824cc3679bab4bf89f1d03c144f804e4d82c75e614ea0ba05a1d12561a1ef029c7c2a96bdf84bc6415d0cdea88429fbca41","skEm":"005c5b48bd6bc695620fffcf3a85717e1d37f08e366b8e50b3c478304fa082d21f6f9b1e78fc6992713559fe61e040b71ec0e4151c330d5b8a3b7f63c4dce1f4be65","pkRm":"0401d47c41047463323e590f195da50682b672cbc0a007facf53b2a671f384f6c01a231960ab3a7b167a14f733c6446364848306892d2139048976231570d41ac78f5400cd7206dd1b2e660e0568b8ac3d2f374630e13e2cb03d234ecb99eb8330c3fedc97f25881316a2e83dcb7a0a61e26ddf88dec541056760655666dfabb839b12970d","pkEm":"04004d9a9c3780acf562b559f70a8e569390140af25a67a36480f2bde6fda9a889055ef982c8458e76d57ed179534e0a05584ad1f3b771065584281fcb873554a2948601d55d2d4a700430c9757262a088fb4679fc8574db6834dac28e12c380a4251798ef8ea683fe50234287190d8a94292d06c99e1e2420d257d750976e693f062b2a47","enc":"04004d9a9c3780acf562b559f70a8e569390140af25a67a36480f2bde6fda9a889055ef982c8458e76d57ed179534e0a05584ad1f3b771065584281fcb873554a2948601d55d2d4a700430c9757262a088fb4679fc8574db6834dac28e12c380a4251798ef8ea683fe50234287190d8a94292d06c99e1e2420d257d750976e693f062b2a47","zz":"4bd0556a9f1dc68cd3c370ac7e740ebb4dd8e9830fe77e5f603dbdb0ab0a26111f389ad1ea10fed85e3300aaf3deaada87aaa01fa1c179b342bda07b6b798615","keyScheduleContext":"00e918a4b8da538db2cdb83a1a8b42911265d63ab8ad390dbcc73b7b99fd40c477cc3060c86cd8cfd5a996e5d1b0a8563469a7ea70e1431955a664b7b48b233856909777ff7b767aa75ac2ac753206778004708d750421111aaa6b1617274426dda5f0f60fc2caf6d71d0b39fe311b780fb01b8bf76a9ec305e2e1fe47f94f3ba0","secret":"1b0f02ab49dc8dbc75d82b63770af70611405a8a5e5980c7ca8d91937e7d7f06d13e4446755a92bb800bd1554b0a4e9725c6be412f28b575239a2ff7320c61f1","key":"829640ce95637714d73d19f1a9c2fc00","nonce":"5a8409bb47c824eaa66daad6","exporterSecret":"e2fdafd240c43e026bb99928b802c9dc7d5b0b337b615bd7cc82ffc6182f053cd8b827d3fdafd84decfdeb1f7a36cbfb23a9bfec767fdba6153dd89e81e739e8","encryptions":[{"aad":"436f756e742d30","ciphertext":"17143b0ec7e97c8413768724f5e5a8ef9f1f7226b7b9da5d8382224dc846544cbfc3d55404abd8174ff5112462","nonce":"5a8409bb47c824eaa66daad6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"fdc5022fbe03cac85bb4e0352f066e6994766df1a14854fa8218e87676016fd1ee7a7335a3c63d6b07951ab119","nonce":"5a8409bb47c824eaa66daad7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"fe7d57811674bb5487589c583ed3ad01407bc055421dd6e30614f2e130c9bf6b4045bad7ccd733961af7e92b5d","nonce":"5a8409bb47c824eaa66daad4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"50ac2f833307a275c6dbbc48f1b520fa73d39dc99066d11826e786d9e19552edd47976c46396f12fb695a9d17f","nonce":"5a8409bb47c824eaa66daad5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"a53ef6954dc85730be28bfe421ff58fef6487015c82ae064100b5879d9b3b81fe68e0998168d8c74b752aa7306","nonce":"5a8409bb47c824eaa66daad2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"940061cf67517a16fe2ea1da80243a3c59d5e750ca00248342357108dc445194e888db7cc828a98b90d4aad276","nonce":"5a8409bb47c824eaa66daad3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"58d98d83a9ada247175a7114e38e438a821c7405747ed65465bcf159006afcc85ee1101127634fe88963e00658","nonce":"5a8409bb47c824eaa66daad0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"4176abc92ed18062da92fea42ad1371cfbd8f0e47e5d2f2768911e1ddf980de016ae935f9fc3623cd1f677c76b","nonce":"5a8409bb47c824eaa66daad1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"b384fefa7b9664f30de9703ba2d8f1a1576f08a949aa784f589694c34d7b70593d7c5a603ce3bb5bf6317b51c7","nonce":"5a8409bb47c824eaa66daade","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"df316a9f24887d37a33cbb53d2558ecace8788b4aff5dbfb777a8892fc07e0dc55088dd09c853c5add7e4afbde","nonce":"5a8409bb47c824eaa66daadf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"554b27dbd75582441ec41ea6e9355509a5541e978c10cd3266064e52abace1eb"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a46a9c358c7cacc1e32d957c3fce0ff8cfae979dec9716c2933fc549b1f7af8e"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"f21e44dd2c3a047a31d73b5d897f4d01c1cae7099abbc642ae07489af2be0a65"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"7b336919c0956707a39000c975fa316c2eb0a708368b84ca957a98f4d503a91c"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"2c22b7c54d75384af990c7c2e8ca25a74d382257af3b3b82daa22538c2423132"}]},{"mode":1,"kemID":18,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"cb96118d63ebe968731baece101462125af75a0798c9b5b36744c123be2a262643cff8302a7b2ae9d8cff4f2dc1b398ecd1b637dff08c8c08167d2dd78f257cb22b5","seedE":"a1bee532c21bd63cbbd728ab7104e7e8ba27b46fac59172e2c01626ad412bbe395e1bb9669adc18d4af0740075f36e6586c1458386002101cc5c4c295fd62a86396a","skRm":"00a6a922c51dcf04c79bac367cb79cde32b6265c0d79b13aec1a2b0833fc75d58078814877ff53d8111c2d8c560dd920f3522d06e81276170d2dd446e6b4e897cc58","skEm":"008d891b07a56f710aa7bbc8cb966d423a9e0e3cc44d63ca766df4d579ed9e78e91dd0b250326056e9e6ccf83d0a825381dae453595f99ccf53d81179db87a10a4ce","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0400f951103fed0ad3ccd0bfe4bac75ed38daf76516a0fe71dfd5d072d00abde65b1e1863328759b53e4729431f130d8629b9f1d0b7680986f44591f4ccf38d6e3726c00aeed3c69a715f641e94ae1c697ab4b98805f8e0ac5c12e47318ed1f01a967a1981d63f35cbb303a44635c3493f09603f754247fca8c9ebd160c172cbee2b26ce73","pkEm":"040082734ee249dc72fb198af116d50658eba33b5d1e8de04736dead47d3a751fd464fe2b7c287b475a59cd7f7c58d5382872434c107d482c82e620079519c886416820074a074f91daa1441cb4742e2d5bda0a7cdbe653a812d27b274a9f2b874fb691949d842342934a3dff8071782dd65923c09ca72140bf5e1ca39beb895d05aa70211","enc":"040082734ee249dc72fb198af116d50658eba33b5d1e8de04736dead47d3a751fd464fe2b7c287b475a59cd7f7c58d5382872434c107d482c82e620079519c886416820074a074f91daa1441cb4742e2d5bda0a7cdbe653a812d27b274a9f2b874fb691949d842342934a3dff8071782dd65923c09ca72140bf5e1ca39beb895d05aa70211","zz":"30a6e76b28c79b2bd149d01ae8470c10933e52c3ee5869a4727812c5002614c4f548f12162cfcb74732eae625c0bd8bdc4816250d79d22b447768acbf7b326e4","keyScheduleContext":"01432ee399d8d03ae3e131e64a5702b3c1565281bb72c4d84fffc01029fb86db38e0c2c5aa6a5d4f6df6f13a68e4ff3e2dbd1e04d9f96f9a5b0682cce3086e3a37909777ff7b767aa75ac2ac753206778004708d750421111aaa6b1617274426dda5f0f60fc2caf6d71d0b39fe311b780fb01b8bf76a9ec305e2e1fe47f94f3ba0","secret":"12204109dd0d2dedbc93700a4b8a8da9a956b7b4f10c895d1eff9fb3a82fbde8a60bf6983d2d2637381186bf40555047fcbfa19e2ec9cb5e826f160bbba1b04f","key":"3fce28049ff39344ff8dab6aca03d9d1","nonce":"0b296d51e904fe1f42078a8d","exporterSecret":"ea9e4905b5fdccf4783de2a0b05a010b5be60206927ed1d667a837433b36807d2cbd284daf4db9eb6dd30645a114add13137c6bbad66a3c42075f0085ac4bd88","encryptions":[{"aad":"436f756e742d30","ciphertext":"a0f55510ff94f8b1b175bc31815342c63ad7d54a705821773af2e1c722ce413c9cc8d5b96ec951552f43b941ec","nonce":"0b296d51e904fe1f42078a8d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"fbcc9a610834cfbdebcd40d20ad521c646696814af4ead9b3a9668b5d18a46a76c95751db2c234a9260ec25cd3","nonce":"0b296d51e904fe1f42078a8c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"6df013a2b6239d3aff4928aa06a23e61b380512f5cd2cbec57db05001228fe1d03c706bfb5d924d214f0f590b5","nonce":"0b296d51e904fe1f42078a8f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"0492be82cbd1d07bafba3b8231b9cdd3efaf9d53fd03aa0fface32a48f61d4f57b828897a3640e5b412c845536","nonce":"0b296d51e904fe1f42078a8e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"1879095212bcfea28f639c9aad4c34eb2d32ccb91dcf856b4defa4a1386cc01e9f328eef72ae2efe3d78596e03","nonce":"0b296d51e904fe1f42078a89","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"de1e5248947a887180e46d6a1c3de6757e73012b0959d9cb3096acd1934049b71500aa67703d6cd8636e4d47e6","nonce":"0b296d51e904fe1f42078a88","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"e15f8a9715bd41ddae6640260934baf866a96932a84f51dc91f9b9951450a0549314a3fec373032b4796429750","nonce":"0b296d51e904fe1f42078a8b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"0105f1fe076a16f50249df9eb760c69412daa5abdba8c20bdb409e1c8159a45ec5dbc0c4a67d9a62b99f0d1cfa","nonce":"0b296d51e904fe1f42078a8a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"4dca4a110be866a010e35edaf906732bdd7644cd2d3c7bfb42f34374b7c90a2643f6df6915c35dda0faaebda8a","nonce":"0b296d51e904fe1f42078a85","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c9b0a8e1773cf6ad76a05a81ad4c67a19d188ef673e45db1b645c7ab4fdf6b9e6d3205860ce3436e50dfbfbd46","nonce":"0b296d51e904fe1f42078a84","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e81d913988f6df8a2009d4d3bf9370be4a7832882973cf3988aa77f20c43f44b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"ca505e216f624af139c083e889b244326ae8cb741ae6ee847b577211cbaab2b6"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"23c0817cac18d0bde897b56fb4cc5367ed3ad837d4bb972c59724929c369dcfc"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"0a51ed7e061c3a96cbd2c578937346fdc3f819dde9fabc56b5383ac28188a7d4"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"772f4e9e4383b442e9eb28ca6c266dd86d8a21195007074e160dfb1689ac61c3"}]},{"mode":2,"kemID":18,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"5a4794754e56d4448bf8baa1a28a2fcf4bc73d34108d3203af958e11355c12f34a13802e91bba09a15a609f8aceb59305d684bb5df38a798f28684d97a4afe333510","seedS":"080acd54e25ba2ee8770a16889f5a5692ce7b7e93ed42fe5f658091b327f8fddce52c86a26813c38da0d9bc696fb83e84f9d5c69813c4079c37320cec40ade2a0a3e","seedE":"c42759879b01753b73ff71365974f77137f1c1801673435464d8f79e6d8a7a2150e6a2a73a2b1f1aa06480292222f98afc48b66648f5052ffe6af5bc3ea5703c5847","skRm":"0168c6d5cb94559331e480520b6ad7e742017c4a1a45eca900eb1e767911f2b7bf7370e51529bbb10d0844ce5d9a4706ce1af2b8d6c4c79ed023b7144a9420a4f3b9","skSm":"002a8c2c720b2824d3a5e841647b46f971f7fa7dca404ab6c5f47019f350f009ac929de7a04a4a678102f940b831fcae5051064280efd960c74b3c97491ad7f2c278","skEm":"0090c886346c35e171199ccda9520821f01970cfd8a924a64ce4fa58d1d717e86a57bc68823ccd500493ee9b18518db697ad45324dd15860f923b74bade2dd1019d4","pkRm":"04011b1164abb0fd04f3938ab24357c54bdfb08229aa698aff634a9c73c910505ce4eaa92676b19aa4b81c4f9364d28681966a93b30c1eb4ed5c9fdbe5ddae3fcf671301a1f47c3b8d3b926f2e272534af0c701b803d2207b686aa0e8e69c301f7dccc0ee98a7b1a946aaffc41727fd1bd38f0bfe4a843f2bc8ef5fb4a1488c8b15cd6baae","pkSm":"04003c70013e96e1157e39dad1bcb46cfdfdf481faf49c7830a7bcb3cbd51d2843c4317859481361de98809e726821a659a5d74cf08373d88cb2ec94588e64eb22070801e798c8d69ec1bdb35a4e4c5cd64e793b35a2748783c3bb6922f74fbdf82fe7753027fa14272ace7e2dde013da8343f1da47a102814a6354815c480e65969d4d855","pkEm":"04009ec72d62729c9dd562a729155c2389607dbb843037e820b9239bae159a2e2f6185d48ac961c5c65cd247b65d8d1e788aa1dee5e22ce92cc57fe1af9da9ac4b1b7a0163d42d82f79bbb16f7c5c968b5478d28a28b87d80b50c8443f0ad80293f2a76a1ecd1de2d416bf297085db6f726bcaa290d9203a57e2b2e7a2473d3f0a65063130","enc":"04009ec72d62729c9dd562a729155c2389607dbb843037e820b9239bae159a2e2f6185d48ac961c5c65cd247b65d8d1e788aa1dee5e22ce92cc57fe1af9da9ac4b1b7a0163d42d82f79bbb16f7c5c968b5478d28a28b87d80b50c8443f0ad80293f2a76a1ecd1de2d416bf297085db6f726bcaa290d9203a57e2b2e7a2473d3f0a65063130","zz":"d4cbe5764b9152305a0b64a1f72cb63f3f72ae3960f5af70e812142fb4188175182ff05a732fd6986ea487c68a157699c2203427b94d96d10fea6e3e880c2a38","keyScheduleContext":"02e918a4b8da538db2cdb83a1a8b42911265d63ab8ad390dbcc73b7b99fd40c477cc3060c86cd8cfd5a996e5d1b0a8563469a7ea70e1431955a664b7b48b233856909777ff7b767aa75ac2ac753206778004708d750421111aaa6b1617274426dda5f0f60fc2caf6d71d0b39fe311b780fb01b8bf76a9ec305e2e1fe47f94f3ba0","secret":"e1fa28f559db66db7953073fc5641f8cb6fbe79426d879bae7283c5d40708590ac7ce2e719445af7d2959a6e78bdee299be4ca2c086509750993b288d83531ae","key":"bd80e89b24cc8949d637257d05403905","nonce":"6682d7d2296edc251325f3b5","exporterSecret":"4d449f2683f13ae7ab479b3a19f7ea1ecf9855a9550d7e9c0c1db4abb25aba502efe2478e77e0da738075849b007f6df796b45b3cd91e8ed2cb9410f66ba9a79","encryptions":[{"aad":"436f756e742d30","ciphertext":"2e78302d3ee611490a3e7b057b54bff3c2f8e29f7d93df2f2f16506ed5c4cbc181db47827611f35a02c218ac1d","nonce":"6682d7d2296edc251325f3b5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"7ec371636ad3efe001f1f974b2b2015f9b3dc9886895b502f359264032028c5417a49daae63aa439ea23b6a3cb","nonce":"6682d7d2296edc251325f3b4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"5cdc617bc0ef6fa0ef020ea8dfb99c2522fe21363b961c0421ea923b2aea5b1856b0418180fa26aaa8d5f97460","nonce":"6682d7d2296edc251325f3b7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ad1c0be1fb1bf7d34e00ab625b6314fe61042873b22b318e323cc6ae2dbec1f0db40546f1e3904a237a8d80e6a","nonce":"6682d7d2296edc251325f3b6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"55698c2cb09f8243c637e2ed7b0817459a39cde9629eaa4382deb24bab39737c8e01e005a4b33beece67f4e172","nonce":"6682d7d2296edc251325f3b1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1cb50dbbc367dee81b7db51199a68ad09b12c4a5e5dc0cd9af55349062f97272b13b60da1d747281b0f8e48e3a","nonce":"6682d7d2296edc251325f3b0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"93e07b2e1bc9b3ce6320b6e58644fda3d4d1153584ce49a9caa20640346f1e24a25517a0bcb8404616bda58ea6","nonce":"6682d7d2296edc251325f3b3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f5b2f7c420711829b0e3d6079feaf5082e9967d678da3de18bf57231f6995cbd98531bce1f86b9182307b906e3","nonce":"6682d7d2296edc251325f3b2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"6abc6641c7d6cb0424888bdf87ce7b176febf482df8290c30316fa9b193f8d8d237bb757835a2d382cbe951c14","nonce":"6682d7d2296edc251325f3bd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a502d53f52f5d93c1e98576a5c49748882242a6b42b9cf24586ed4cf4fc791d5f70529a3fea4d6c97929ea5f85","nonce":"6682d7d2296edc251325f3bc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1a6ce8fbcac2710c1f41af825c7235e83b1983bcb9147b0c154f0207d56d97eb"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"85786454ad7fbe0ee9c9cbe492eb6dfb2835204cd8116b4f07e6a3d6abb7e8c2"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"fb94d9650b8fc33d7d898e4f4a7977ef1aca292c32dc30b780997a9503f770b4"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"dda82da487c05b4e842bfb8caef8693723ded83fcebae33ddfb2eb1a82161ec2"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"13b05be4e846822aac4d836615d73e91b48ccc05a3f59801151d570fe54cef0a"}]},{"mode":3,"kemID":18,"kdfID":3,"aeadID":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"1c15ce71a8fc33cff9e14e28506e69fe21e6e2bd4021eaa2ac800b64c5d62f76890b43d4f4578bb4cbf5edea1c3e07ca36435dcad1295b2af07610bac33b74363cb8","seedS":"3632766a5ab7d1630cac09403e82fad6e409e0148ba5d08fd65b8bc53c046a835a6ff8183960ffad393eea910808ce03c7552d1e58789364620bfcb3af01faca0c3e","seedE":"2dfdc249646a04d07ac7510d65bb9ab51f36ccd37325a5ec2b776bd30ae2d9638a998ff63f30b7c8a806a77dd71d2bc475554f3ed2793e4ef40993af34ccf827d504","skRm":"00b57d47633e54f6e8315d6a5f04ca53a651cb7fbeffa81e70e99a1a8b3f447635ef196adc029d06794f871f9b11804f00b40b75e4867f3065846a1071759b27f788","skSm":"0140ef445dc0612c08be2911fa32aad1b42c10553fc2d8de7051d0ca50e920c6e31d87aa89fb4995baf9c84c2b5efaf51a86e8937023cf9fbbb060edae1131cb4ad9","skEm":"00af7a1a73330f7617341acf3564a467b0484788e93ee908b6be2250123f40c053f0d99b76f155b594d8b846a562dd94e29a7c880a3c857853a9e0d4285ef9056f50","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0400ecd9f21d9292113b647d1e74e4c18144c274535e3a9206dc38b3df284691517727d109ae8e223b72ace2389fdaea846f52ac2922ddbee68625b986b1fbd227e74100f53e181b178beec66b1b43f692a5a9cdcb495e07db4042a1a316f649632141eab3f269f9bd9c90bf6e560a13ac723afc737adb498d1d04100f2222471172237168","pkSm":"04012b9244f160daa6f812c6d197bbd4c405e4267822c0a7ae5f587cd47cb5762d9fe70d6de90210be9762e8be13ef5d394c4f89ee3e50e4bf91125c189e162bfb591d01aa11f4a49f594f1ee40206debe41c5f5d3272303597f62a4ef3d9bf0fe68a2a751e29f0b40c92d1fbd2b423a9e803c165899c39bb08bd7600035ea201853929199","pkEm":"040016ca5f88fa6e201e22dc352e7ce07a8f833a778e4479d1be154e42ebcfa601de479cffac596e2689fbbec99f8adccc28802a4f9d486b9823efb7f429106dc7b61601a48c1bfd44f26e23db8af4fb9f73aa61262cc39a2678a4b142581e01eb633c09e575d7aff320b5048550361efe235b2bd02116928dedd844cecfb34c556794fedb","enc":"040016ca5f88fa6e201e22dc352e7ce07a8f833a778e4479d1be154e42ebcfa601de479cffac596e2689fbbec99f8adccc28802a4f9d486b9823efb7f429106dc7b61601a48c1bfd44f26e23db8af4fb9f73aa61262cc39a2678a4b142581e01eb633c09e575d7aff320b5048550361efe235b2bd02116928dedd844cecfb34c556794fedb","zz":"6dcd352741997117abdc75bab884f6c53f34746125289446b5ac472774f7ed4bbb2cb954d3f21b5abc8f103394b324f2263fc77024f7beea21df722c669d813b","keyScheduleContext":"03432ee399d8d03ae3e131e64a5702b3c1565281bb72c4d84fffc01029fb86db38e0c2c5aa6a5d4f6df6f13a68e4ff3e2dbd1e04d9f96f9a5b0682cce3086e3a37909777ff7b767aa75ac2ac753206778004708d750421111aaa6b1617274426dda5f0f60fc2caf6d71d0b39fe311b780fb01b8bf76a9ec305e2e1fe47f94f3ba0","secret":"7de4dd83d2f4d7b5e5a8d319f0cbec7dd746b98b1c644ba1b2c493bfb8940f973e06592aa3585fa989f518ee1f21c5d425bb70f63ef9a3202dac94e2004ce1dd","key":"d0bb92a04efe0b907a2469dfdbff6cc0","nonce":"e8d34068a510fbc7d86e1480","exporterSecret":"74743638e3e166babfa4aab213382cc474e9bc60e5cc72f3f7d6865f366611abab4ae08e6a32b9403ba4f612d4de980f9767bf1bcd183b80e3d571bd9a69fd0b","encryptions":[{"aad":"436f756e742d30","ciphertext":"3b9cd4c1dd521c85cbfc20c9a70d454790fb422aedb1de522ed6d082dab57c5ea5b1fe48d0f1950a397fde63a6","nonce":"e8d34068a510fbc7d86e1480","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ebc0997378fb0893c47fb9b1eafe721e84eac89358eff1a1d8915513104b2813fc292cce3e2ef64c1f6642f6b6","nonce":"e8d34068a510fbc7d86e1481","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0d8bddfb05539deb9d7aa3f1cb8972fbab307cc61ea734c951e383a037d3363172681a537b74e3ae4d770a722e","nonce":"e8d34068a510fbc7d86e1482","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"0a15d8d8ce28c28f3f4619e28fcc5abba550de16af0149dd6bab5ae1b057241d7a11db33d65ece476382d94ebb","nonce":"e8d34068a510fbc7d86e1483","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"55647228e0c249668c6b6d9bebf208bd8327b20819b23502ea0793ecd1b511b48c0615e377899e749f2a60db95","nonce":"e8d34068a510fbc7d86e1484","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"664fa897d401f8f1d53c13abeeb6d5e7d25886ecad08d8d0cf59fc0b3eb4ca2ff16d400dc3644337d7b5fc8829","nonce":"e8d34068a510fbc7d86e1485","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"48cd9c93b381bdafd607533fe276533425e6ba926a42325f58c8d5e31879dc483b083ecae004a5c1e4db693d0e","nonce":"e8d34068a510fbc7d86e1486","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"ae1661ccf122566730e300ceb9456c454757a4688d168234bb313daef47772ca33154ef1d1176ac1c793492cc6","nonce":"e8d34068a510fbc7d86e1487","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"c0e36a4c99addb72701273c87d8a6aef96556bd34abd76209d148cb8b70507bc6aa60c688aada766ea17f64ff2","nonce":"e8d34068a510fbc7d86e1488","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c8d8ed2a81f02e4641d99e75ed353e18e9057d47148d856c3731b06c74f596bce26099d0e5f65938868bcbcca9","nonce":"e8d34068a510fbc7d86e1489","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"786e21a0411b13bbe1b383266a98f1f8deeb5b527404724109685634e027bd70"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4e8e4d0c44cce56428b7a805cbb6682d91ef449f22c5ead897a407c2395177e7"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9740c41bb19ea5e4d13257b02f2fe1ec37a2236d20319ab16f1330061e2fe841"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"a7b7795759ec9a48ac6b1a9bc665e364113ff356939d6e779baef369d2246de0"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"a8a104be5a3aa1dfaf1019ec90ff6f04f929ba6c5357e3606284b2ffcfc68abc"}]},{"mode":0,"kemID":18,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"fc3b1856d60632c6e9799c1f8a4b8add20ed637e24d0a0fec53e6ee58b55b318ea403be8ecdbd080361963ab8a228803acfce7710121ac6dd59720444185c7775b81","seedE":"dd6e705e673002e5c94e5b659feaf099c551f1728d7620967026c8443d48001da8ce074df809d97fe06c927eb073824faf63f311d668c8e4491c1cc81d63e12acc69","skRm":"01be888eea2c3abd87858bea7d6f32a5e9c917da11ca9d92f53a5f8fceda6a5966eb4ae3f5ea04707edd19eca0074af7b1c27c90fe8a79888cd0399896ee8a95b0df","skEm":"00300a2fa0f33ae54cd14608c19d9cf3862051971958377af05dddf804ca9653f3e6d8a998a87d1526a901737bf481e176afa4ba3285e9a05dfaffcebe67e701b50a","pkRm":"0400e38a93314645eddd1fd5fe4b498a8bbd7f9a2fecfec8d32863938cdd701904a08b814da5dd02b5a05f3d37d99d5d0eaf3cb49c7f8bd495970ca47a9af191b9022400567f173622d13d7c50f3b8d478980f6fb6d7f7f85a88fe9192a10eb17e841530c7bf9c726e298b493e84fc64f88dfcc2f4ae09fe6e2e9d948fb8ae6a4890b74ea5","pkEm":"04001073f3527876a5857e7a011acbb3b9d0b38f4783030cf233f1c558855c3de25363c8cb58ec4d445d30ca28625ac3f8add94744df72343b41e663a98ead861cf9f500a85d9b8cbebaa45b0baf5f0f7e996d6832fa309c2098e6d45363e4b60913fd1853597d9e8e79c5ec2d2474964aa6e497b42be4b056ece8115d3ac307a290a06a02","enc":"04001073f3527876a5857e7a011acbb3b9d0b38f4783030cf233f1c558855c3de25363c8cb58ec4d445d30ca28625ac3f8add94744df72343b41e663a98ead861cf9f500a85d9b8cbebaa45b0baf5f0f7e996d6832fa309c2098e6d45363e4b60913fd1853597d9e8e79c5ec2d2474964aa6e497b42be4b056ece8115d3ac307a290a06a02","zz":"f46024e7680e702f4fc513de6d3b106027e65403e798c9830b744faa50454258564102f3c74db431505f10a8764ac8bac64f34fc4dc8f8f2834d711421c161f1","keyScheduleContext":"0031b1707e578c589d960c9e211aa23e80ed7fe6e9361b65be091962f9c84213e0d93df4d0e9f252cc30daba089600ce93e4c80425e21db501113eaf11f300739a2227566e0c425a324c9ec8639c51a8cbcd760aaf0176b6b7f8a06d80dad6e785313a099e0c1571efa8e7a038620d2daacee82943f29d6eea8361da9aa7f771d6","secret":"5ee8c136f812639497351658521f982bb6bdeb4d54cfe89c4b4ade2519cc1b36033f26eec32f022275abb9b0e7a25c6fb88c72abb744be13cc9af1804f4b499e","key":"0f6b2e6e9d696571d9889ed8401d3f88e93df2f535b5906182fa5e7b84cbc19a","nonce":"a391721e4955098083bb1ae7","exporterSecret":"4391300196396818b4e88976bd00bff473b652cf68eea0f7a24fb752417d476ec92c7d1ccb84b8096ce45dde590f530298d16ee86ac98d38722c49e3bb508f1e","encryptions":[{"aad":"436f756e742d30","ciphertext":"578e325476a1c9b47c5f035491ae8994c222203ad5240a655e72a822e29c093c94cb5efab049a86c43ac36ea05","nonce":"a391721e4955098083bb1ae7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"fb7d85b6485014ddb9c321f63fc474ab51bea80cb055bf2fb5b0a4ec464d23ecca8e1dcb2376a4222f51a0fbd1","nonce":"a391721e4955098083bb1ae6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"979936bf5e76f02031f47c1700f0a3ce05c624341c85ada26b952a24a1f2c6aee62255e5111503baafe2d00668","nonce":"a391721e4955098083bb1ae5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c5a5a34c17743ce14f79e31f0194f58a6c0058219e8fa7f828ff4fefd0b2d0553ecf00b38e6f40aaf7c80f7e7a","nonce":"a391721e4955098083bb1ae4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2a1590599a5cfdee61ce850865e7279407572696fcc9b92938e35da4cf3f462e9579b3946886265427d4e7bdd8","nonce":"a391721e4955098083bb1ae3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"77183c778f5c38e45e0b5e7f06dd6d70554d67e83b44ad5a9ed77acbb1467fb21e98a6f1bb69598ef4c8dc0831","nonce":"a391721e4955098083bb1ae2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"85b8eadcf650b0b3ddc3675eac5eec1bf39e8a7f0cd6538408f01e2e655379779cca0be30164dfd8d7da920c5f","nonce":"a391721e4955098083bb1ae1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"01ae4678bf627586922e15966fd11f0f9ebcbfab7e844235d436c628ba82f74068a45f61a32908df4e0d108bfd","nonce":"a391721e4955098083bb1ae0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"491e964524b506b65190c101b848d897c8155350eec313975e456c29523718667fd09053b20103219ef3871eea","nonce":"a391721e4955098083bb1aef","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"414d49fec96619c24e5d264747d4e6146cc0d64721cc8a2094e6dc2a2e7549b01dd3e339a9ef3aba154fc6c82b","nonce":"a391721e4955098083bb1aee","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"03fbd9ab072b3731c1c65050faa1508cd3a6517188f49aa0b714eff45bbdfb44"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"8e21ed1995364a98bbcb39a7b4a2dcd1db2d76b6428c0dc614f1b0c3290856f6"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"002a6db168a5933b30ff0564a507c693aad335fd18b07782c329e9a18e8c75d6"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"9ab7e47317533ede3d7b43ddc9318f74aa16723fd650ddbf2a6a699441e05248"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"b4feb203b836e06b1a081660daa1e47171c636b2eadcd085acf0a31ebc4a26aa"}]},{"mode":1,"kemID":18,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"bb3691655168b474a874554b92b434f124ad6b1c67612287be279362ba4113d32e8d8fd018072ec05d028c987506876945d16764b2c9d9291faa19dca77ed5bacc2a","seedE":"d31e42fd27084475953b3e1ced1f6db8395467b5ac15d440c0485f1bd6822da2087a6c4cdf6d251a47f85b4175f7c7fc920ec78dcbbb1c1a0633025095b23104f11c","skRm":"01a4a620e2798effa1594d4781738883e559dfd1927abf3f940b33f012b1e9228b52c8ceee8155e24dc07bcac2655ab04aa7c6adeefa36778f2fdd37a3c3da5cf2aa","skEm":"004aada4a96d146de759ee46f0b2b67cdf2925c5ca97d80b9dbc856c76e1f371e0ed8a90f1537a05c10aaaf82bcd5ead3114eb3179d9ed156eab3b2f2619bf5e8a4c","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040150c7aaca76578e947d5034dab41d099198afeda0bc8e867a60570e2eed87d12fb6e67b8d2f60b77208e4ef18bf5cb40e0e696d3d10f419ac92bc960f982b1c4a23014c43382c156624a69452f7f1f32b56b8f7b0b3663a1b8d2d20f2bf3f2c1aeff61f70838bd1a6095dbf3581c84bd599e870d9249bd9f5942412658a8dc8ca460df7","pkEm":"0400069a9efaa43ddf59f2ea683b8ca95d50f180875cdeba520660a10b946ace183c2bf2a74f1b5fe6ec29513b565fdccc45d56e736b1d56207ad37a1b874bc72d9f180111854b81703909791e27dc829a85d24e8a971ddc4ce75369baaeec8f9591796e544ceace77f8da1e61ec906e4ff3be1437ff03d0147b30706730990b25361a75e0","enc":"0400069a9efaa43ddf59f2ea683b8ca95d50f180875cdeba520660a10b946ace183c2bf2a74f1b5fe6ec29513b565fdccc45d56e736b1d56207ad37a1b874bc72d9f180111854b81703909791e27dc829a85d24e8a971ddc4ce75369baaeec8f9591796e544ceace77f8da1e61ec906e4ff3be1437ff03d0147b30706730990b25361a75e0","zz":"766f6350e71360de43585dabb1f09a87181763a047e40587e0c9e39f26595c51dc66e824b6717297db62f73ceabf1ec71a5fc4456adb6dd141135507f2169c9a","keyScheduleContext":"01dc74dedbec9f7a36503b6c263059c9a11a79e4670a12bd245269d81c85a0feaffcf1b23b0748db53bb52b72eec5935e174a97db18d00f324ecdcb45295660a092227566e0c425a324c9ec8639c51a8cbcd760aaf0176b6b7f8a06d80dad6e785313a099e0c1571efa8e7a038620d2daacee82943f29d6eea8361da9aa7f771d6","secret":"ccb20e86ae05a432c2f22963c89a403a01b33f4a1d4a02f0da2fee0e813cd3d6372fadf3fb90307221c50d46042196f537510ba37338cf7681e33b7e5eacce88","key":"d2303f1fdc620e3577e85dac2ac76b5e5e66a9be2b07b353552587f1bf17dfcd","nonce":"601c3f5c01b69eee6c273aa7","exporterSecret":"ed44e02da7e1aaaf00b678cc2982823f974ff2c6d0ecb1ac6e17692834ab8826e1e94ff0f54d07703e490bfb5aca572e6fb0d8c938e126efa36bfcac1d97a8cf","encryptions":[{"aad":"436f756e742d30","ciphertext":"93814c57b802da5404225d38c9b78b64fcd29b0f332501dca6765e74a85e7ac6bddcd55c82e741d172251bbd6d","nonce":"601c3f5c01b69eee6c273aa7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e2144f2b780e3b9cfb9f1a50cfc6dfabc71c5030184668ede14be3259b02d0a6b96c8ec99408ccb57ccd5ba05f","nonce":"601c3f5c01b69eee6c273aa6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"585e1a1855856c32d2c1dc9ac2a71db03e0f5ceb72e15443195c226456db4f1374dde2913ba961acfaf154f9cb","nonce":"601c3f5c01b69eee6c273aa5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"67d5a698c12dc8bceb69b0555f320cf739eee40d23dde3762148f8901d93055def8c9df5d5b50c0d8e751b210f","nonce":"601c3f5c01b69eee6c273aa4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"edaf9feb5d6081ba123b3fe891ba3d8e10d2161cca205b04ea7405357e500354b0984cf9f6740023bee0e71b53","nonce":"601c3f5c01b69eee6c273aa3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d0cdbd7658c5ce2f934614d73767f524fa8aaaae22866b2a807fc87466c0c589eb5408ea3bc05ba4fd300bc0dd","nonce":"601c3f5c01b69eee6c273aa2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"141f824eaacbd687b737aca18c3e8442033ca4ad9d7781723d65fb99ef8dc0a1f67defe8764c5bf39312612829","nonce":"601c3f5c01b69eee6c273aa1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"069df00231db1c5a20ecc42c28dce5737ceef484d4906dc90cbb3562b73d6bdecea6472d42ff70670d0c283e5c","nonce":"601c3f5c01b69eee6c273aa0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"31bf7eae75f78c1b9d2bdb29c63a844ed3b9d0798faa915cba162f6332993238dc8b4e241fffc70fc8d39594ba","nonce":"601c3f5c01b69eee6c273aaf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"6951857d02851ee082289aa17010187072408c617d930c5c192ea396ba110a095a6e815944dbbf87accf2e45d7","nonce":"601c3f5c01b69eee6c273aae","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1e60de5db3c7d4e85cb23118859f88de2f6f352deb4642abb3c6769f899f0f3d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"b63fd7bb908673f171871d3a20d70b3dfc1ed79ee38c7a17dc876d13b340662f"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"3c3930f044157634ece44d9247187a96d22edb15442df401e82ca4f1fede3b13"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"af4cd8ce366ca3f833ec2abad937d825770e1f604a0b709c7e3c8e19d0d5d76c"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c98ffc5da279f36ee59da8e7f5fddb6e1ba52d04629521f570bd19f40513eac5"}]},{"mode":2,"kemID":18,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"1463b22bcd9c86918827ccb4997c26b9d53f6dcc81183989b81bb86f0c494eae2888d2d27dd350332471799fbd63e47af14ea4e3aa4b751f91da32e14b8668e5d54e","seedS":"5434fa30107088f247e33fe1b8f1453ec5b80222bf39dd500d3fe3b21692490c7d5f76ebec5664299ff029c447517c3769c0d93abfcfb02758f4576400ff9b4adb46","seedE":"9f59abeaa47658a5803e02dec0920660e31b08b987d3e9ebb0976a4dafa6fda5b8f05610ac2c22632c2a5205ea504b12f896074d8b575d1af7dc1b056c4606302199","skRm":"01695707ebdd894bfde36db66d34f921f0801d0616bf20f04f7d43d0cffcf7b1099af96f717674599cea0be059b4da672d38798b07841ef953ef2bd20084f7496c12","skSm":"004895db15ac5e49d8cbc4f19f7e6bb5d281729183102ad8f3fa9487bc92af26056baabd4b2f9d73cc4b9f76dcedeceb65f47c1e4269d71824c77382ebd058aa4a53","skEm":"01088c9b422245bd8533c137131c7ce8409e86786ccbcf71ae1991e0db396368c960b6ccc14e2a88b65da41ad1d8676ada577210d3d55ed07ff3ee7b2d0371134697","pkRm":"04006da3b3541beec076fe34f1e769ec4e1871660e14646ef8f9e76adc7086c51423a00b654bbf3c83abe50036f69571be588fbed874f46e8b166622c353f9aee4229001cf8b502cb8c01b1d582eb77e3d4e8eca439e44d7fbd54fabe5a7f55e79f6e4dcf1bc6b4ff91e59b2f203497a4d102d9504cdc8f3f7d2565e1395ca54449c845682","pkSm":"040109cdaa94b0029c181b4dddb6802176b874b8ec2930edf1123e3793b9cb4398c18b124a065ef796e8e4a54a51cc191af0e3ef74622e1d548fb3bb372e7fb84c352c01edc445874f902dbd2be7ab90d32c3a7b4889d035ffe36b27d1ca4b779fe7850299d31c6619e56d65920c56fa558387e2729d23ed00669b2dbeb6d668aa47e80ede","pkEm":"04014c24eb4dd68f75e665ae3464807088c96cd968aae391177049f9e70718595557da6e315c91ccb0bf8d1683e7454acf292d94705c5ff8993e6179e2fac3903753c40058562f4a0b857135a5678d718c4f341c46b8d2d61c4a9e6b9d7391b1a4d4e37db73a907874d03b8a4906a8978426e716d7f054ea78c6c5f6238e057814aa00d7ba","enc":"04014c24eb4dd68f75e665ae3464807088c96cd968aae391177049f9e70718595557da6e315c91ccb0bf8d1683e7454acf292d94705c5ff8993e6179e2fac3903753c40058562f4a0b857135a5678d718c4f341c46b8d2d61c4a9e6b9d7391b1a4d4e37db73a907874d03b8a4906a8978426e716d7f054ea78c6c5f6238e057814aa00d7ba","zz":"42a47e9144cd6e466b6e384d92f75eb57597f47a33c87ad4daadfc10f345e49897a947adcdf804ee8dcbfe878197e802181eee1367ab7b349d1a8b5ff4444f98","keyScheduleContext":"0231b1707e578c589d960c9e211aa23e80ed7fe6e9361b65be091962f9c84213e0d93df4d0e9f252cc30daba089600ce93e4c80425e21db501113eaf11f300739a2227566e0c425a324c9ec8639c51a8cbcd760aaf0176b6b7f8a06d80dad6e785313a099e0c1571efa8e7a038620d2daacee82943f29d6eea8361da9aa7f771d6","secret":"b72b53c4d6f9c32137afdcc2622c491475eb36713acad5b6f4dd3093798289e9a6aaaeb1e174d3398d25bd678e0ddcadd2a97ae47e44065034570ce34876ed9e","key":"de6efd0bd35add5381ebcd61e054d47a4ed8a8c781adba21f529c6eeb367375e","nonce":"4d46b458eb11975de36b5d28","exporterSecret":"7f10cc2f8ac59a785023ec945f861eeebc119ab8f78e946db4d09f0380141526170cb640e13679e141c242a0fce887fea6cb182854a30cfb0a8f899ba030bef8","encryptions":[{"aad":"436f756e742d30","ciphertext":"f8b756d66cf04835114ed82d0624d3a6a591108d0685cad9d31f9afce3e2b437be3acab04cd40351f319944ee8","nonce":"4d46b458eb11975de36b5d28","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"30dd97ad75e13ed76c9ac2fe66f1f7333070532744e291d4730efcbb486f58702b108ead631843e8216982541a","nonce":"4d46b458eb11975de36b5d29","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"54d1146fd0aaf20916b3d4c6db54076fe6ddd91eb29b895c27e58075fbefda2d6b0cc8ffbd9be766c1167719c8","nonce":"4d46b458eb11975de36b5d2a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c1427aa9418493cef1f15818c10a6ff54481dbd3ea68cef7f57667589241cc1ab1858bf62b29b531eda5f3c491","nonce":"4d46b458eb11975de36b5d2b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"4c065e11b3862704afbc026001653798ba49d455dd33fbad81195c67896d32ef9fc859f8c519a4185e849126d0","nonce":"4d46b458eb11975de36b5d2c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"fa66ff823424a066c35c9b493b5f93fd9606a3b9411ff5c18b5a5247aa10aa0709be7b15cb81fac1e9b86dcd81","nonce":"4d46b458eb11975de36b5d2d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"bd6f76cb2a2cf0fab563f897060b1d228075416c34afd7886027b14bc70c5205544a1b0aadd4cc1392429154c6","nonce":"4d46b458eb11975de36b5d2e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"1d7a78c429704f86b1f917a16efbdeb14cb73e1e6f60368869972486f2dbd6fc37bebf280278b44d7a217e80b8","nonce":"4d46b458eb11975de36b5d2f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"2ff20e41fa35c07ea5fdd9f9860d5ecded8a2c1672c60c3a793b113637dcc58bdbc35c6fda2fbf562ca9d4e8c0","nonce":"4d46b458eb11975de36b5d20","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"b9c5957025d0574a30be542a726e20e15b6d66ea6ee7cbd21609c33f6df2e253db9e521ac12579f92998fb70c5","nonce":"4d46b458eb11975de36b5d21","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"7756c9323a1ac46902f1ed4531075d5bcc7384e25dd32bf689912fe3cb85716e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"c7dfe756ec5629248462126edd150e18284abd25ffd4dce792af48ce8b33e0d0"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0e651869553c71810fef32f4061fc304327ea2bb3866f93d50964c417142af36"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"69fe31a07145fc6199644f721061531a1a5bd7f3f954fd8861ea8eab645e43d6"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"3ea3cf57c4902e1f130de0c95ce3f8c2940f29f551fd5a906818b0798cb90436"}]},{"mode":3,"kemID":18,"kdfID":3,"aeadID":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"61d7bec5cd139d101df42e03fabe6f7810b89e6c73495dd85adcccf0f87ab00744cbbd233a421352a48f4a078a42c882d98aa5f9dc7fe16d4f0633aa7eed7fad6d6c","seedS":"87037aa1958c47f24062d8cb32edf298f7a45abe81a930891977fc59ce15c766d784bffc400651ddeb49e7cf3c682b1f3bbeb6a6e5417c8ea78e426ba7874ead67db","seedE":"73ba1253ccbbd30ae850c55e0e3faab5d8ad03be092b9fc29b1958bcc10ce8293b9071368103e28a2b41eacc7b8d826b8f7edc193c121ff5410b60a31d68aea74f55","skRm":"00c057cb3804a79897991bd87b211210e5e841635ae3f2665d78c5b713d73a23b73d83df8b1665dc13edba93714d1d829548c7548fe2c5aafa743a0188fbb5ea9913","skSm":"00ebe0d913cf95ed67f322962431cf38eea2e769c1ba84d4eae4f6a55dfed3594e408657e942e09c245e2e6dcbc2c917a0bd477bb643a52a1fc6f834cd1b49082967","skEm":"01599c268bd648cc2c7e4fba7472d8dcbf046ae95de38337fa7511e6e5f87718ea1509ee4bf44ae1a232b873aff06d5f361fa2130902a43fa03d77338c5e04503d74","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0400c37cd4ae6fabd9151f6220edbd70de53d551008125c78e3302c655f9bccb3fb185ec8b5caf84b50071ea03210e82260386b416ec81e2307d3f4c136fc0bbc2d86801b9ae763617dd921637bc8ae24f4998608ee1aca4580ddbf30e99ff75ec5d80ac7fe5c5b4acbb265310544ffc0ec982b3458d88ae399ff6bbfa286a4c230dff5b69","pkSm":"0400cf8d733e2dc5a3fe535e06f8c2fc23fc82ffaf0ea2f88f6ed1da080df70bd81a6a6092cfd403cc1a6845ae5b03801f403bd3fea3aceaeeb98c6f958c7fdece272601a001deca7d2d0ee7de6db3cdad0372b9768a3dc1e10765b963721f887346c9d2e8545c1f5f2919c14df7222856730f00f96fb118713f5b03146d4a10c79776ddd3","pkEm":"0400bfe56b4c738593724849154dc503675c4bd54fedf881dd5ddebd16ef026a86a4970bbfaa243dd9397b4dc364875c5766d9fd8b69b400ca1d528e6c09f57e3d854900d978fb363e0bdababf52c9e11a16aefb04a8ffa6ea4b67913784ac01ca72fb32ea9c2c54571a02e071ae35ca3a63c3b33e8a8c18f303250f30fd6ec28e20d9c88f","enc":"0400bfe56b4c738593724849154dc503675c4bd54fedf881dd5ddebd16ef026a86a4970bbfaa243dd9397b4dc364875c5766d9fd8b69b400ca1d528e6c09f57e3d854900d978fb363e0bdababf52c9e11a16aefb04a8ffa6ea4b67913784ac01ca72fb32ea9c2c54571a02e071ae35ca3a63c3b33e8a8c18f303250f30fd6ec28e20d9c88f","zz":"509afba7e787893312cefcf3ec155b0863707ae22127e62807e6022e79d306fa4db171e822d504cc552c3c6e5caeb28f391fa9ef4087f713e2433cc684de32b4","keyScheduleContext":"03dc74dedbec9f7a36503b6c263059c9a11a79e4670a12bd245269d81c85a0feaffcf1b23b0748db53bb52b72eec5935e174a97db18d00f324ecdcb45295660a092227566e0c425a324c9ec8639c51a8cbcd760aaf0176b6b7f8a06d80dad6e785313a099e0c1571efa8e7a038620d2daacee82943f29d6eea8361da9aa7f771d6","secret":"85de2399b07f57a0017fe3a302ba65be4fda12e7aa27888d9404f6f133d398f5b48d3ab276b0a59043476da4fd0048d5955cfc8d589d0c5484aa62f2f43d843f","key":"42ea571ac39e5469bbd03578265089e3ff00222a337db8b5e37b7267624d32e4","nonce":"04f4e49ae4a880bc7bfddddd","exporterSecret":"c4df767f335de8bbe59252e312e4d3cb66789050c51c7dce4ef55232311cf9ad7c02750c05eaf78491e01bc6ea08256d42bc4f9167d284484951819836244aba","encryptions":[{"aad":"436f756e742d30","ciphertext":"3404301ce6c21a7c48e354fc45f962dfd6ec99f7fd42ac235fbc4c542854f9849d60829290d76b785691c33c25","nonce":"04f4e49ae4a880bc7bfddddd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"5c92917722cef9831726b376e4d869e7e4eeb0d759fc1386cb668ee4928500c1738e847862519258a094c44cdb","nonce":"04f4e49ae4a880bc7bfddddc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"8a018a7d01e378ef2f27baff5ab50ad75e2c67264aa84f33d8161d429e2a068edc7b91b628bf28f3d3fefe3928","nonce":"04f4e49ae4a880bc7bfddddf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d49eb157dcb4306d008925ca26733787f503ca9ca5a2f54d1a83fbd0b5b20778a8daa198fd08942818e0cd4bae","nonce":"04f4e49ae4a880bc7bfdddde","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"e2a140f6f88f7cd2416af37e9573042e916e7e2778540e97b74de8a9f00d9e16b35e3107f6dcef3c6b7a70f357","nonce":"04f4e49ae4a880bc7bfdddd9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"16ca5b70e0396d09458b2e8bd16a55aff7d9dba914c70b1261e91a822f3733b6889989aeede196c06728069480","nonce":"04f4e49ae4a880bc7bfdddd8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"aedf2b7f6ac3b8e45e441357f7024c36b1825f846cc41a88f09a8ffab02a900c1858ef4bf02748c91595dc0124","nonce":"04f4e49ae4a880bc7bfddddb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"63449c05d57669b742037e2076f634960038bf302e9d1e7fafec03cfc44331c0f96ee4f9d7efcc78eb9f815f1d","nonce":"04f4e49ae4a880bc7bfdddda","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a3078e8bef3eb00036c49ce352decfe65f06c86b286ae752aed589dc3665621de2fb58389e54bf2b0a402c25e2","nonce":"04f4e49ae4a880bc7bfdddd5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"29d08c189c18aefa492a51976ab6afe332b4601aecb519a275306482c4823a7d9387e21b0059fe38eb3259adf2","nonce":"04f4e49ae4a880bc7bfdddd4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"caa384c3c641c23d343ad24d21a0d2d8574e559b30a3226bce93346bfc441f2e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"5d935178c23ef5f91570f70d6b11eca98837a381180dbf0a4374971cdbdeabd8"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"4874acc1eda1f042066ab9c50437016bf9f3471b984d3cad44c18cc6d1325b7c"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c3e6e2696e10225d0b02c15d3c9bcb391be2416331f711b4e468a95d91a8d014"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"0383b19b875c844ac219a730f69ca52d782eec3942b2082140558998a72e45aa"}]},{"mode":0,"kemID":18,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"2ca8db4fd908f8c1756815cff21c1767bb1ddfcced1a6456461eb66c43a41bcbb47ed64a3ce333d725509096d585293b9b3dc73deaf5c29ec95b8ed26f02f0e15b7d","seedE":"9fc9495e9a86ece6c3b52b777c8ea3c0817b9775c8b19e1530347c37df274bc03c4230f24b18ea81d30a3f36677a89faf9c8be41e11bebec022ed2407b9689b5ae6f","skRm":"01d86cde74d6d2f6daadfe06eeb5c17ade692c8f85335c5badd91d4cb1b9b9366bc45e2cbab80f42d8f59f6f41914fd6c300a7bf991f3eb893568cf573a9ddcbcb79","skEm":"01f289fc234ba0e35d577747ce6c3261cfd74e2f42fb00b49e6a8ae28d904feb2aa809875a4875c3f6ca6a122e968b12d35026d6939f51a5dea7f1844f40036be957","pkRm":"0401811e5963d30f5c34bb6027c4d0854505fba252444ff07941ac9d55f49ec738c2008d7ec95b9172e9230ebcdc694316c7651aad08d96862de414fe4538f5040d7ba00f90c04ff08592fcc14c663faacc532bc836d9ea81f2a9600167f9eaad14f6a5a1ac973a1344ec17fa3049707458027e50027dd58bc38305c2b819860f1af55e5ef","pkEm":"04000b779a15e3916b0e2a2ef912fd8b3395ccd5db709c8b06f0622f19cf4ef9bb447ca872198cc9c0820dffc9c5c284de69c1a8359ce00afdec7d0f984e29155f1535006186084749fa6d89ea42a26e2bafdcdd46ea48cc43757dc34b081347907e5a209750d2eb70c4a1790abb75100e9ee709a92989b1fcbe12473a5203053b9376125a","enc":"04000b779a15e3916b0e2a2ef912fd8b3395ccd5db709c8b06f0622f19cf4ef9bb447ca872198cc9c0820dffc9c5c284de69c1a8359ce00afdec7d0f984e29155f1535006186084749fa6d89ea42a26e2bafdcdd46ea48cc43757dc34b081347907e5a209750d2eb70c4a1790abb75100e9ee709a92989b1fcbe12473a5203053b9376125a","zz":"252cb6b9bc62bb0ffed8853d66cab9f3cea79650330d8a3e246f02b798b27c41c673cbf6e35a49a38aaf8b1adb04554ef2776d3a5ffc4a4a3acf1cbc7cf0155e","keyScheduleContext":"00e4f4dfd3794cf4a43072eb8db0e77d57ee9044d7d4eed600cf7323ab9bec79731ba2ad802571f9781e8919769a5a2a2cf6260ec277c0d2fa765e59c24eaed80d6a046af684c77cae358817a75250505c4805d54db8f367d9e1b4d993b6ab1f8e647804c55f0d421e4086b1382c49e4ada08fd351dbd75d0926e0a423e0a4e927","secret":"d0140e6e57335925956a26340089d6ea547df36b56da7277d3dbe86708b17ccbdaf143391eba90c98f38ffe7b3920390ff0247447d20b8bace9842883e0a170c","key":"fcb3086fe1f08b31b8ff1e441de464198b43e9b1c247db30fba517f3ced6ea96","nonce":"6350321902a74e668c59dd08","exporterSecret":"19412b34af760c554242482d300b29e7169b2f47ccc93807a92a66ae50bbab8fd1d6c78bccb20f27b91221663b7382a5fb4d7d0c88bbfaba13e8fc7368a7e357","encryptions":[{"aad":"436f756e742d30","ciphertext":"ed4b979ae8e222740470310ae84b1a16ee6815d3951f30e48107fca00e1f29617ff532f57396966c15ebea77e9","nonce":"6350321902a74e668c59dd08","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d8820457aa24e24429dc38e9b46cd7506bd90d86d1d737a38a4d6adbfe912e0f7957eb9b2acf6996e7c61fe061","nonce":"6350321902a74e668c59dd09","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"289569cf3ac5805b674a84e44bb737c441be4b669162d40c406dbdde24fde83ee621696cb35fbaf1a384a5faf2","nonce":"6350321902a74e668c59dd0a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"699db48d52b6e3c6c7987eda0449a2c732f97652b6d3125d81b85408233192dae0385fbb53f7695f11806adc2f","nonce":"6350321902a74e668c59dd0b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"22301497731db1d6bd9b19825fd1063d34570429cb9aec958f541f256fca7dcc1fe5deb47966dda78384fd19f2","nonce":"6350321902a74e668c59dd0c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"061185729f2011951323dd5e941c8d627177ec49a8fb97d499071fa896144b818592d74e048af45b22539104df","nonce":"6350321902a74e668c59dd0d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"7a8e13c2aee2ec1e1d022c1ce6d28fd6ba4d55804ae61585da2bcc341f3663bba16613afc954dea88825fcab85","nonce":"6350321902a74e668c59dd0e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e6d71c68a4c9567568bb1af17ad8f76c704e3dbbf3ba2b7ae664b27182f351b2c01fea1c7f7080891b8c87d7c5","nonce":"6350321902a74e668c59dd0f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"33f48370b121eca882c61cf5e7f177b4371d841c8161b13428e9491cfb354b33e1aabab2b68964b3b983af1feb","nonce":"6350321902a74e668c59dd00","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"63e7420b8b096525dfa7125b1382b9fc9f55b5aa8568b1b2aeae7118350929c8276c100e0805dfacc0cc3e0cc0","nonce":"6350321902a74e668c59dd01","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"295857eedeb9c19b9ae880865b667eb5b42b6530d9bf53492d66a7029b2e9a16"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e66a82aed5993cae03d9a057aa8e4283ddc457a8f736a755757247aa19d76e0f"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"2db828d16734c177ceb7ed62fb66ba3f3e2960748d6e1db3feafbc4c1c0e4eb2"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"826094612b465fbc2866085d4bc1cad1bb048a4d142b44b51027d5992ddeba95"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"3db38f511dbc696186f156875ee93f3e6c154b23650b756cc83b61dc3630750e"}]},{"mode":1,"kemID":18,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0d34e47a1472995541132808352149952fcc1603533c89033c8a082afa1157998fba43e4b3144d537c0236d63579f1dd64b616ac6b86ae4c19d05f1a1aaa00b67110","seedE":"4d26fc04688f04031c0cb6acdf047886db985da037a3d39d3166fae096440e3e031170d5d6cb63edb3997b00b811afb50912c16acebd3d8714693c35624eb9c6a727","skRm":"00593e6bed7a199e14d560454de23aaee42b629400fdd6427b008e228f40141fe0d39817f3d2a180d7c6ec3c08cd675a8b035cdd57fce2ccb9a5aec49e6233edac72","skEm":"0093cf624906a171946fdb451ea3b67660396d622571fe2d91fbc70c7eb00e286ca08263c35bebe1afe68792f8db8b7daa0878b945aafd7b3128df95617b37263a8a","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0400672dc56610eaf7a7509ff2a8f91521adadb7ad68d7f70a499aa8dc98a477067896a2959ac26890d16a72a0e4ec7baeabc26eff0182c253b2e2a7fd4484b34e242f0007129b996df6637f1f0c15fbbee170ec3956ad0ba79773e763d11cf50b344a7ec0a819c37286413da44f64b7d3717786a3efcc507d23b03beea2649c0c730fe9d5","pkEm":"040023d28812ec1795aa23d8ddd6d63b45f02c0f18c50822a29993b928da1d7477e046ea5497903d924893b41e078d8475ca57164a2e78fb0c59d7c0043e4447a3e44700cafca65d78665ef4bbcadebe649f603d897ff22e5c3744b44775b206312b6271244d073fc97fa2baaba683e3cc7099252972963683c96beca586b9b0bf322f6743","enc":"040023d28812ec1795aa23d8ddd6d63b45f02c0f18c50822a29993b928da1d7477e046ea5497903d924893b41e078d8475ca57164a2e78fb0c59d7c0043e4447a3e44700cafca65d78665ef4bbcadebe649f603d897ff22e5c3744b44775b206312b6271244d073fc97fa2baaba683e3cc7099252972963683c96beca586b9b0bf322f6743","zz":"0dd7d07e3f19571fb29dab14aadf18892b2074c011bc21920d073a65193d303b35ca820ba322f13d1a7a9a47f23d8181561f0e5a8fa3167311b9e4ad86e36951","keyScheduleContext":"01a22e3de26f73596110b2b1a2ea1f26f666169885e0e147bb3995bfda4f515993c7d9dd6d0b7b869303a9ba5342d8faeb81d829ff7e63621d1b4c98e206abb7dc6a046af684c77cae358817a75250505c4805d54db8f367d9e1b4d993b6ab1f8e647804c55f0d421e4086b1382c49e4ada08fd351dbd75d0926e0a423e0a4e927","secret":"e8d4066fabcd50cab172206c8289a8734d685c1926fa1a50603bec69ab3e6deb47c49a4ebf8f45d241f9c0cf3cf66403fa7f5bc162734f13014a76c9d3309576","key":"9871d05b321a6df4f1055982b8bbc6191d756326549a2a6c2e3b9d73a2d75048","nonce":"846b21786e6cc90fed8b7bf1","exporterSecret":"f1aedcb6cfb48a1034cc002302c5c5467a1f746cce5345ed2141fe904f19cd5f456c99c37ec63d135d8e5b3644f044ef0a9f76699423a63caa96381d4a5ec9a3","encryptions":[{"aad":"436f756e742d30","ciphertext":"4a0466c5ec89f05e9acaedf5f9813c420d4e639ad91ed23f6b6dc72248d258661f6fe158b45d790ec30de2c3e4","nonce":"846b21786e6cc90fed8b7bf1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"f9398b286212608713823406280f487dcc7205bc913d373ac381856dc3d2db16b08781f669331be1d274e20d0e","nonce":"846b21786e6cc90fed8b7bf0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"60aa01e94dc3d5c345d59721d4fcf4019ca37ed974ab373850bd634fce7f2536c7f92c77f67747bb8e05334cdb","nonce":"846b21786e6cc90fed8b7bf3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"6b780e2fb91e8743429c1b5577da2b64266939e77f86fdde4f21cff4b82d83d9dfedb7b456736173fbba29d4a3","nonce":"846b21786e6cc90fed8b7bf2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"f5fc349a568b90715e1272fbbd1bbacd502725489cc69682f5e2a078ed0f0331627a8ef569765ed8c575b456ba","nonce":"846b21786e6cc90fed8b7bf5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"c799fae44f1f7fff5f758e9335919fdc90da6bfcd9b58bb7d2717526749ff8b173f5b4d98d164b5ffc0e2f2b0d","nonce":"846b21786e6cc90fed8b7bf4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"28cf140c3569c94abb5f5155f4e98be3881260eb7f83104b38dce1fd41cbdecd023ee9e9e8e742265ecddb21b5","nonce":"846b21786e6cc90fed8b7bf7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"55c0b60e9f2e135ce3a6c1037dc4c7f2b6ee5e8c8df997261022f2e212bba1b2935c77e416de8ba3aed02d7341","nonce":"846b21786e6cc90fed8b7bf6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"4f777f080c12ecc7e9db68f375f0368f26caef580559febd9054d6e3d0f14e92a107a600ed3209e3061f83616f","nonce":"846b21786e6cc90fed8b7bf9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"69fac45ea4a6558dbe119736203613a4c796bf2c94c11ea4760e8b8787f212cc3f29f5b553849cea215154e930","nonce":"846b21786e6cc90fed8b7bf8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"a8cfa900cd85614d272b06e457cd66aacd27cda4a4b19292578945695f74746b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e3e686910be467c366d3b95fe31d0cbe08d2b990dd597815b83132f99785eba9"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"be046bbd2d1524b2eee588f84b177e5c806f9f1165f0527d3d58d615b24a8f67"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"625df7f5b4c062d7efa767a7c09430bdb568d3e37221c756b5cda0c116a104eb"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5666ed8a8a340eca5c578fb3c61b9e194fbb3863948555d74927c122f4685fee"}]},{"mode":2,"kemID":18,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3b91cb8f4f2200476e28ec89688c639b7f5c8ff58b96700c26dd4813b5da598620cd89805f26f5431e0535b3218400fec2b4bb20662be1b445d7e8eef92f92ce190f","seedS":"202ef3f6aa29277f55f69688ad360892e53eeaf2453ed36aad3f702883d59b190ec45efc9bdfa01e619d76f6274216fdba24fa494ce33b5936c1e54ea1f96a5d5563","seedE":"3b23e5c425b83480adbfd8a34d106466b2fe2c676a0289a006ee04cb0ca7b22f856fb47ed478677c99d5d8780c4b8686395d4ff329c9e882e75ce279bc5174d4b895","skRm":"009412590fffbbfd2edfb9ee69966c6f4067bacf5747b9bd3cf835cee7d6c8de0195732627449a5e1a63e8534b1ab2c3fab0639cee02155b0a1022b899dbb354864d","skSm":"01df9c29e3e7b043925f13cdc217ea81f5695af5f1bffda23424fdeb2c6b23ef5006d33defae48f95cf8cfe43fcc3538cd70bb66cda506b61f718257819c159c7774","skEm":"0128af36e0e3c4415393deaee4d876d943e7ec418ddbfecd1ca8da9828078611e18c37be6e08b1f15f0e16c511e6cfdac43d236098155fe91e7c72be84127dbcfcf4","pkRm":"040056e6e200d6c687ad21eda2521d78bf95065fb80ece580f0f151295b71f159a04c56282db30989ed04b2f2832329062bde5cf231fade3323cd9d7f971e6bd1ae61d00b2e5de150bafecdddfc93f8ae446661c5f0739aa0a00caca2162ba6b6c8cf66f4a3165760a0edb37c382c55437633a14ce654dde821aa53a0fc4628c4881d7f4ed","pkSm":"0401cbab994d737fd11e5e160982f1e9d06cbd24565aab85f154a1624a4c4f9826944434ce7b5b9b54102ad975622fc786c851f03e374d84ab0999c920fc9642173c990110da5f66805869554aeb17e4e619946a338ad25380f4fa20fb122c43c09d98c4393b86744ea95ce1a66e15d4d8a0bbaebee10a61bee1a3eee35095f386a3aa91fb","pkEm":"04000b87720e13ee133a02b2dc4238d321c7e7b09cf9d19241e316d9d09e57e08d2dcacceffd2e971b890acc064741681790763af4f69e31c06bd1eab1e54bd2903b3e01a080ce96ff2b8660f52b537efefdcab6ff1817064a96a1366b08f497a57f227dee9a9c4fc5cb401fd9eb3bb9bb7d65159580bbd61019cb03d1bee358a883718e72","enc":"04000b87720e13ee133a02b2dc4238d321c7e7b09cf9d19241e316d9d09e57e08d2dcacceffd2e971b890acc064741681790763af4f69e31c06bd1eab1e54bd2903b3e01a080ce96ff2b8660f52b537efefdcab6ff1817064a96a1366b08f497a57f227dee9a9c4fc5cb401fd9eb3bb9bb7d65159580bbd61019cb03d1bee358a883718e72","zz":"1f4b4721cb5d74d98110ca566b7dd7755d10b2a0fae4b4bcb0dda7bbf87d01a9f224bf0f611dbd46e894b2e9361fa520cd91142c96f25e5dc9b5cb09e3373e8a","keyScheduleContext":"02e4f4dfd3794cf4a43072eb8db0e77d57ee9044d7d4eed600cf7323ab9bec79731ba2ad802571f9781e8919769a5a2a2cf6260ec277c0d2fa765e59c24eaed80d6a046af684c77cae358817a75250505c4805d54db8f367d9e1b4d993b6ab1f8e647804c55f0d421e4086b1382c49e4ada08fd351dbd75d0926e0a423e0a4e927","secret":"347275a1044d8f29dfd11ccf2b09063800d9fea3de519f87458fa7640fbecd0459366d491f15694593336aab93dfa9dd814db05a1d7696a0447e903b682516f4","key":"4605a8a14b4a65d5d13b66e38d1623a76bd3eb40bba215632592818d976071e6","nonce":"564fde9f478cd36031346907","exporterSecret":"07fdffeb6dbe023261e51f140ce393be16ce7bd0973fe16a12143a951f770b7720e226d18a26a5c937544c934d29ce915c8ac5f26de39cc8e8c6e852976e5ec2","encryptions":[{"aad":"436f756e742d30","ciphertext":"6de726ac216d0cc579035bc2650a9c36384cf20959ae9b2c66255eb6b1a85c6d0b3fbcb0fbcaf6059e3558df12","nonce":"564fde9f478cd36031346907","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"b755f2ceaedc367be587c8c945e4fa287ce291e2f6e0d9d5bb09177a0ce00cd2c108f752ceb3800f2c9bb996f2","nonce":"564fde9f478cd36031346906","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"3922e15b9d8102e67cfa9dae2a2fedfc899a78b4f66eeafcb4df30aef787887cfb33c69d67f1f196f51dea3573","nonce":"564fde9f478cd36031346905","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"994f3b6ceaa6f37f128f73bc4f84c96f26b7407a39b83678d16f43edd0f3576fd36ae300cc3c9222ac6f162e1a","nonce":"564fde9f478cd36031346904","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"7131065f9c60e4131785f9a6dbf4b005062315cc6247afc1a5883ea9f047abbaca96ce6c44c6ca8d6333616ffa","nonce":"564fde9f478cd36031346903","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"6307ea95b89ca30b24e1cb3fb44560031a82a03ad14aae5107f9c0aa7311697c9a70dfcdf5e2867db6e4e7db70","nonce":"564fde9f478cd36031346902","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"af4f03dec299b953a3cdc504154a0bb69000dda9535e8d8600237a3fa264dc3e558836a5b758b88ed88e2ac946","nonce":"564fde9f478cd36031346901","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"3f8de4bd26f2db25e7eb60a0c617dbfa546aff39537f797c20456175df5b33ef0f4f4bd6540bc5a90f3ace3a95","nonce":"564fde9f478cd36031346900","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"c043b2ea983bf510e54592899f720f7c135834af905386bc433d99195c2df391d411442622bf8804877858741a","nonce":"564fde9f478cd3603134690f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"4080561160e86f5206858d5e8673e0c5ed554d23cd825a6443c714d55c92b206c144019d07c80eef0496ee770e","nonce":"564fde9f478cd3603134690e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"2410541134c7b475f9475c663d0a70bd87791875d8be849fc1426e01c9ad3199"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"5b857a254e1a40f5f4307f815518582baef0d53ac0deabf455e2f8a26a12cb29"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9eb7839a3c8f88ec2e2cd1ecb1623bf24a1639aaf3416c52430fd4837d577b94"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"2bfc06807066d8491eff073cf1a7a5b9a1546170b14a4fd057b7135f0d5b11e3"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e25d0266e78bec3b4a45ba3bd4d01aeb832d119de9e3f967e6ffeee4ece783eb"}]},{"mode":3,"kemID":18,"kdfID":3,"aeadID":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"ed5de2119c25250d734d16c05516e22d43a327dc45e3f95cd7857dc13423ee4fa575561d5d6e22d2d3dc1f8cb308035a317b95bd88370c654cfbf9c0b32fb06e11f9","seedS":"52e45cd901269701f293f7fd34490c376c8a6c1189f458d5e6c63096406655fa51c07ede00ce5ae9b1d9f289210e2ff8a1c165a397ba30654ed3dbbf7f207e976773","seedE":"cb9fcf6266105edebc7a2de807785747ed6325ed44dd0c9aed220f6133277b56310f2a4cbac3843d4013a4c8c600b5959d8575b4e34c6dd79e0b2b39c5d696ce7deb","skRm":"00599742c057aa55eca20368077bc055cbaecf2e9398d7b58f4e36429ee788b40d21d5f627c8c22a7dea12f0ad246261b4d375d9fc3f00066c6906f1313208a70b5f","skSm":"0112d76807290e7b4cbf1970aba723060298519e3231be92cbd463c449826c2fa648f39d48ffc4a42303df9c34531750b13978b734c94bb2d126ad5795aff3004cc1","skEm":"01197646e60c9d23f91ab455c9f8aaf9e52541b6836ede2c49ef23ba2077d6d2fc81860216a132911b8777b9a94339a67ee36f07d3144af262ef37cf0279d81a11ac","psk":"5db3b80a81cb63ca59470c83414ef70a","pskID":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04014e36144fb99f0f5a33554b81df9aafe2f4dc8a2f6c26d7f6ebf950e8a3759b9f40e0c957fa3519184ca6ea5e0892c3699bf8003235ef3947c904978218a6a5447100cbecd8c1c3b01d0ffcf5770346fac77d4f16323d01bb5efbed9b30c54d5079ef9a56e1e206edd4b0bd677314b032eb939cd8d0b8ddafe65df8da4ad19a34616e68","pkSm":"040017df2c0dca8bd445be0f803445624181d895560c82f10dba6271583c2d39fa116dc2809f727b03c947a20d66ba5a5bff8e4594f3c289affd2d90989e770a0f91ad00bf0357a451d75e375a9cd8b186a1c0b0f31e90f37e46d7cbfe248069cc5a5e462a919fc91ec1d38f7c8697d5768413a5a76b264988638e0ff999fb1f36e23336cd","pkEm":"0400b42126ff855228bca301cceaafb46baeb689f0bf7595877b56b5cf85259c3994aad94145f6445e26424530cdf526ffaa44f413de90e824ac33f33eac5ff48073f000595c0aad526f39e2c8fe41fca355d7b3bc428903b10c947c927dc9f7f38e3462bff43ef6e06ac50404f80c06686cc24010b2fb362f856461cc89c1c24dfb5c9e39","enc":"0400b42126ff855228bca301cceaafb46baeb689f0bf7595877b56b5cf85259c3994aad94145f6445e26424530cdf526ffaa44f413de90e824ac33f33eac5ff48073f000595c0aad526f39e2c8fe41fca355d7b3bc428903b10c947c927dc9f7f38e3462bff43ef6e06ac50404f80c06686cc24010b2fb362f856461cc89c1c24dfb5c9e39","zz":"d14b3745d7ae625324a6c567822f0ee1d7d398d090379c5f8d1a048b88c08080297bf1e432734ef4116cdf3bd311bf5cc72ffb3f66c940ee61329e1147fbffb4","keyScheduleContext":"03a22e3de26f73596110b2b1a2ea1f26f666169885e0e147bb3995bfda4f515993c7d9dd6d0b7b869303a9ba5342d8faeb81d829ff7e63621d1b4c98e206abb7dc6a046af684c77cae358817a75250505c4805d54db8f367d9e1b4d993b6ab1f8e647804c55f0d421e4086b1382c49e4ada08fd351dbd75d0926e0a423e0a4e927","secret":"d523d62ef469c28ad42281184be836c67e83ca72e854c7ea7ae1210384aef7ee5fc4f9bbbcf7da9dd4fe1c872965c31c50cf16d3c4ee27817c1a235d045fecbb","key":"8e051245c22c63eda4e922a1186b7864966b97f546b68fa1ac09825203e0420e","nonce":"e16068173a8343274c3a4ada","exporterSecret":"c1b6e6abaf691eebf40ff383195d604b6f492e68776efd4d718dccc1206ff3da603535fb74c77fd10ab399fee342b7210055191099d554d78e5211091d5a74b3","encryptions":[{"aad":"436f756e742d30","ciphertext":"e52b55750804ce827a7309631ee87342373303ec39de203f66c4cc73e9e11883f1198a78bea94670cee08d5a67","nonce":"e16068173a8343274c3a4ada","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e34c7d8999e941543f17df43d36b76449819277efdbc1be0e0e2152e743091d4e7ac6186b0733e1c7939cc5b57","nonce":"e16068173a8343274c3a4adb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0ba33db4b74af3fd62064a6c4c9960961e31a83cddf0a6e4d6b54e6c51c3940afa97543caa4dac22bab31d2b7a","nonce":"e16068173a8343274c3a4ad8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b93f69c02a9367544a1e83d2c8f0d4aa3054851f5feb4bb6acc98bbe19ea1fbeb013e4fd8396e22a30f630afc5","nonce":"e16068173a8343274c3a4ad9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"49235c130045a7d168ae811be5847cd9a01a554b81ab05999732c1599cce7d67054e849f8fcc8af7819edb567f","nonce":"e16068173a8343274c3a4ade","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b4cab15b719343b18112625bee3264dbcd94aea48377a0f1d1f8c90e57a615252d704abec3c13fe85e811f5a02","nonce":"e16068173a8343274c3a4adf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ef49383de5c872ccc74b8df1ae50cd81cfc452c2c22a6063d12e2fb4e4450764358ea54154735335829000063b","nonce":"e16068173a8343274c3a4adc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"aefd40961e07326b59a9cad25619b75734e5cec44029a040f76bbcc35128b7eae512e0d1767356f7df427f0d97","nonce":"e16068173a8343274c3a4add","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"61bffac9f45222a68e4612f2248bc1b865f1a5723c342711695eaaf60033e24086c1eb39eb4d5da6688f7b1092","nonce":"e16068173a8343274c3a4ad2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a80964c0ef2c759301bd0b70c99fd4e0def94080f4f0bd12ed81299c7a4e596bbbda50664a0843aaf964c3bc9b","nonce":"e16068173a8343274c3a4ad3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"381a47986c43596bd8e2009e2e1747a64fde9f7ef589b1b0832678fc07a8aef1"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f8b6acc14cbe4581f8e944b3344a48fcd3f4b54e19e18b8a2c643ff9d31a2e08"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"91e6a765ee9636b1198b18dc2039f1599a7a7872e1d5694b1301e8fd049b971c"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e77928b9dca67af2bba39bac2acf9aa2b3c43525b2f62e5964133ea0a9cc4b95"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"527971e61c00944313665d642c90ed9482b8385907a6bd5d695c4228f0e9aef4"}]}] \ No newline at end of file +[{"mode":0,"kem_id":32,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"1289f0db1d8f68d0c531b5e53a40911a2a2347059355d7c267717033fef2b08c","seedE":"a77ae3e14cc2ec9e603a9049423d48e66a5e3139e896e95cf19919430657adc7","skRm":"5a8aa0d2476b28521588e0c704b14db82cdd4970d340d293a9576deaee9ec1c7","skEm":"8c490e5b0c7dbe0c6d2192484d2b7a0423b3b4544f2481095a99dbf238fb350f","pkRm":"8756e2580c07c1d2ffcb662f5fadc6d6ff13da85abd7adfecf984aaa102c1269","pkEm":"8a07563949fac6232936ed6f36c4fa735930ecdeaef6734e314aeac35a56fd0a","enc":"8a07563949fac6232936ed6f36c4fa735930ecdeaef6734e314aeac35a56fd0a","shared_secret":"f3822302c852b924c5f984f192d39705ddd287ea93bb73e3c5f95ba6da7e01f5","key_schedule_context":"000c085d4e6d2e6a568b5dcf334f7badd56222cd79f2ac98b6f99059f311c3f16a44c484c33962433c90728ac6c2893f828d58cebf58ba4fdae59b0a8f7ab84ff8","secret":"98a35c8191d511d39a35afcb6cd4072d5038afb2bcc1ecb468626466b2870447","key":"550ee0b7ec1ea2532f2e2bac87040a4c","nonce":"2b855847756795a57229559a","exporter_secret":"1aabf0ea393517daa48a9eaf44a886f5e059d455988a65ae8d66b3c017fc3722","encryptions":[{"aad":"436f756e742d30","ciphertext":"971ba65db526758ea30ae748cd769bc8d90579b62a037816057f24ce427416bd47c05ed1c2446ac8e19ec9ae79","nonce":"2b855847756795a57229559a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"f18f1ec397667ca069b9a6ee0bebf0890cd5caa34bb9875b3600ca0142cba774dd35f2aafd79a02a08ca5f2806","nonce":"2b855847756795a57229559b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"51a8dea350fe6e753f743ec17c956de4cbdfa35f3018fc6a12752c51d1372c5093959f18c7253da9c953c6cfbe","nonce":"2b855847756795a572295598","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ee2c9cb45a5088256b061a28b528fcd252d2a014d73523bf3ffb0c8687d9996ec6fb69c487a0b62fbc45b04ccb","nonce":"2b855847756795a572295599","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2e5fa3a358e3ab64e5e981c4b89b5ae4cc5b800aaf726dc64ff857536a3db0e6d816199e711aac60c4670c2a31","nonce":"2b855847756795a57229559e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d2d0d40c685b3646527da571ff9bb23eee8d0f124a2ab937ad9aacb314209ba150b12bce3be844a414b2b81e15","nonce":"2b855847756795a57229559f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"107b5d77e79b423ddc8feb4f1d42094244d9363b1157e2a46de9b192d1ebaf6053164878a8e9f3ab6c87260355","nonce":"2b855847756795a57229559c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"64b5285667328e0fa12c51e282eb4d446c69404944134958dcbee1b947ce413eaff910146f2ae47586055c05ec","nonce":"2b855847756795a57229559d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"89dd974790c8491cd5539f51537708bd2cbf4d6e0322637fb4dbe6008e6f59b75e3c527587cfefdb37ca68e6cd","nonce":"2b855847756795a572295592","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e84394b6142059384e270407a6360760827eba0e90c0d2dfd8d6170eed7667cf933fb9854ab766cede7306bda3","nonce":"2b855847756795a572295593","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"0df04ac640d34a56561419bab20a68e6b7331070208004f89c7b973f4c472e92"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"723c2c8f80e6b827e72bd8e80973a801a05514afe3d4bc46e82e505dceb953aa"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"38010c7d5d81093a11b55e2403a258e9a195bcf066817b332dd996b0a9bcbc9a"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ebf6ab4c3186131de9b2c3c0bc3e2ad21dfcbc4efaf050cd0473f5b1535a8b6d"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c4823eeb3efd2d5216b2d3b16e542bf57470dc9b9ea9af6bce85b151a3589d90"}]},{"mode":1,"kem_id":32,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"326ee379f778718e6cb343f55668fbb9d0098ba0503cd4414a8f1ce252605c39","seedE":"0fa1407ccee05de0cceb2f2d2381d2df0602dbd43be90eefd288ce4ad0b3ba32","skRm":"4b41ef269169090551fcea177ecdf622bca86d82298e21cd93119b804ccc5eab","skEm":"e7d2b539792a48a24451303ccd0cfe77176b6cb06823c439edfd217458a1398a","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"a5c85773bed3a831e7096f7df4ff5d1d8bac48fc97bfac366141efab91892a3a","pkEm":"08d39d3e7f9b586341b6004dafba9679d2bd9340066edb247e3e919013efcd0f","enc":"08d39d3e7f9b586341b6004dafba9679d2bd9340066edb247e3e919013efcd0f","shared_secret":"9d4fe1809006b38854f056830b8900086f562207dce6010eadf23d2d5303cdf8","key_schedule_context":"01512564fc13bf3387a7d73eb72eb6b62766480582bfe146c4e5afb8788652269644c484c33962433c90728ac6c2893f828d58cebf58ba4fdae59b0a8f7ab84ff8","secret":"84d1c77bdf45e43e2e84f607573f0db0758c56f322500a673be8e2062d343b1f","key":"811e9b2d7a10f4f9d58786bf8a534ca6","nonce":"b79b0c5a8c3808e238b10411","exporter_secret":"7e9ef6d537503f815d0eaf70550a1f8e9af12c1cccb76919aafe93535547c150","encryptions":[{"aad":"436f756e742d30","ciphertext":"fb68f911b4e4033d1547f646ea30c9cee987fb4b4a8c30918e5de6e96de32fc63466f2fc05e09aeff552489741","nonce":"b79b0c5a8c3808e238b10411","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"85e7472fbb7e2341af35fb2a0795df9a85caa99a8f584056b11d452bc160470672e297f9892ce2c5020e794ae1","nonce":"b79b0c5a8c3808e238b10410","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"74229b7491102bcf94cf7633888bc48baa4e5a73cc544bfad4ff61585506facb44b359ade03c0b2b35c6430e4c","nonce":"b79b0c5a8c3808e238b10413","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"013476197af9440a8be89a0cf7d3802eae519d5f5b39cb600e8b285e16ad90c3d903f6108946616723e9a93b73","nonce":"b79b0c5a8c3808e238b10412","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5aeb09a3798d21dc2ca01f5c255624c9c8c20d75d79d19269eca7b280be0cb7851fae82b646bd5673d10368276","nonce":"b79b0c5a8c3808e238b10415","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"e9cac48b89f3f8898a85562007854b9f61bdf2d2c3e32e9b6162e9fa2f83924d138194528946d96cf7988685a0","nonce":"b79b0c5a8c3808e238b10414","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"2aa76414e0cb28ba7ba0f24d800bc4fec24d51cd1f75e839233ee10610bda97f3daf46fadb53ca01762bbe8a04","nonce":"b79b0c5a8c3808e238b10417","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"96148b343eb53df8d528af57214e65de028461ac69f2d9e371cb0aa4d732201d693766a17fd49ec6025bc98705","nonce":"b79b0c5a8c3808e238b10416","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"39b7e966e0ada05d8cd8a9beb5765941baad38473f18f705443f882a207ff96bfe1c71ae386e97e2fa91960bbe","nonce":"b79b0c5a8c3808e238b10419","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"25bd0d0614a38b19a05dff783a1bbd003c25cade55ba0e24e234b803991cae60ba7d105d35e47519a8cf598580","nonce":"b79b0c5a8c3808e238b10418","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"bd292b132fae00243851451c3f3a87e9e11c3293c14d61b114b7e12e07245ffd"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"695de26bc9336caee01cb04826f6e224f4d2108066ab17fc18f0c993dce05f24"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"c53f26ef1bf4f5fd5469d807c418a0e103d035c76ccdbc6afb5bc42b24968f6c"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"8cea4a595dfe3de84644ca8ea7ea9401a345f0db29bb4beebc2c471afc602ec4"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e6313f12f6c2054c69018f273211c54fcf2439d90173392eaa34b4caac929068"}]},{"mode":2,"kem_id":32,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"518df90f0f5044ce653180c700e4902d37a7ba1cd23482a76e18b300fecaac4e","seedS":"262a05ad0c08030cdbbaafc03d64f33b95bf8089f216c62ac39b72064a4b4dcb","seedE":"02900cb4856b5f222293a9bd7bda2f1f81c562dc3002336ad1c39f6572402b7d","skRm":"c4148fc8253ccf99b0738b94d376ff58e7eb3845494b5dc945c2f2dbda65da85","skSm":"6836d31499e13bdcc51b8318060e6a752849c9424d02e7f404bb03a0341b0878","skEm":"ca30ef092d6b9bfdf0dc96bc96c5153c8f61cffd01603936ca09fc6146ec523c","pkRm":"07828ba8fb4171c0393edf8cf975268e263245fea4726e16393f536ccca7c46e","pkSm":"76ce23e7f9144663772e283a16fc25950ad4a53b1200a8576442b159d14e5c3f","pkEm":"56a21e8b5416d187c3d865765794e7f361d631049ebbb6a64ed28fd071068121","enc":"56a21e8b5416d187c3d865765794e7f361d631049ebbb6a64ed28fd071068121","shared_secret":"dec9ae331e9017669151e07c06d1cd7f3dd318c180c9cad5223e1c2b019d2243","key_schedule_context":"020c085d4e6d2e6a568b5dcf334f7badd56222cd79f2ac98b6f99059f311c3f16a44c484c33962433c90728ac6c2893f828d58cebf58ba4fdae59b0a8f7ab84ff8","secret":"a78ac3f106be621d7ce48d7f02e9c69f23c042912697a985787c34e5340ca8e7","key":"82a24b8790521d6b2d260664d9bfaefc","nonce":"bb0cb3a72dff841c796fce56","exporter_secret":"933d7ef819b2fabc810db31f7fcbe5b16c4efa0f4b715e888466829d9b22062d","encryptions":[{"aad":"436f756e742d30","ciphertext":"86dea722bc4f4cb0983b70dbdb539cf79e393546805d90d3f832af5f907c86f37ac579976db191a479c9450f37","nonce":"bb0cb3a72dff841c796fce56","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"4f6b757fc0e807cf8f4726ed1bd05c6b87714b2332372795f7e8579fe21e104ff8180fea797855a62f71a37aea","nonce":"bb0cb3a72dff841c796fce57","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"999285da95ed93dfb48bbe99d46ebba43c98e35f6ccd4fed92edf9d618e98174b63a0a2c12ab91521669fdad2c","nonce":"bb0cb3a72dff841c796fce54","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1a28de36d92f579a485b4ef4c598c7173bee06be8d9cab4aec6a81a0ec545855f72b82fbc078bd2f8cda61acb3","nonce":"bb0cb3a72dff841c796fce55","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"1ac6af74dfe65c63b046eb99fb9036ce759ddf5bfb3a396796892c78ce3f35beeedb7b3d1b515a9dff7d9af365","nonce":"bb0cb3a72dff841c796fce52","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d7bf489f2452682d7794df762ef0156887dc69e664ecaceeda81825838196cc77ded5ffcea7650cf1739ff7df5","nonce":"bb0cb3a72dff841c796fce53","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"7815584cffb6f9571a2cd317aa84b437dbca0e85bc6f67c075059ad8325007709515b3dfc87246fc7b9d4da2a4","nonce":"bb0cb3a72dff841c796fce50","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"02b863056cd2d58e1214a73cbb81d59ea1397d407da2709b32d65ccf38d86e91872332a51ce64c818788d6c0d0","nonce":"bb0cb3a72dff841c796fce51","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"ef4debbf21e4ed4a1f8eb408907b6c7191196db3cfe301dc57d489fee24e7daf2a30753961d326a393f6d27121","nonce":"bb0cb3a72dff841c796fce5e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ea8b29a8489eba2c66d01aeb3d937d76374e5fdd86cbae3902cd6c0f4edbd64749453449ac50b86348ad839826","nonce":"bb0cb3a72dff841c796fce5f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"569accd852ca9f1bbb1cc2ac01126f5be0f40cff54c2192f6c7d2e9b4208aae8"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"21e678d4feb8d3e63cad48c0bc0d7cd4d9898f3582306921d6f594c7548748eb"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9b6d0e4fc457c91692ffed826a7656e33f6deec5b502ac2b8eb895a6bb6e3a65"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"d129c80ae79865868c859543aef97588ee135a7d2d42d026f8055313adb90535"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"082427af691bcea347bda235464d8389a104ec70b3ff1a24c63709a4ad3a9b7a"}]},{"mode":3,"kem_id":32,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"02a965d8f53bbdcc11cc618d4f31f69277500b75959ca97fd533058315511d1b","seedS":"e9c09a3e50073935e75d3846007a26088a93ebf58ad0bb30ad6c42a9d4d2419e","seedE":"c1d1028243a951dbf6469025f3a1304407b08fb932104e61c7aab42ab4f1995c","skRm":"a13722050e593c33f367a4d048dd6a6e0c25b1d8288d8f9ac7a3b00228cad946","skSm":"e19b525b64f4799822d229b5c6769ab4244773aa2d48720d3bbc36aa5b9d5aac","skEm":"d9ddce685897eeccc4390d07f30aceea8151d6c0d3468bc7f2a16702b2ac13e3","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"cbc7508f3232db133971f3c7dfd97f00c01de68ac8103f61fa60ac5ae2800153","pkSm":"48cddb9d276b4d14895e14973bfbd72db587c0036f9a75409b45334844360a7a","pkEm":"0f496b65ac352457865d9f6cb30e0ceaffee742accb016c2c1a7cec68a33244c","enc":"0f496b65ac352457865d9f6cb30e0ceaffee742accb016c2c1a7cec68a33244c","shared_secret":"83272c7b992c197f882d992ef6737bb7f4b17ddf103368e1d7e90b07c946b2e3","key_schedule_context":"03512564fc13bf3387a7d73eb72eb6b62766480582bfe146c4e5afb8788652269644c484c33962433c90728ac6c2893f828d58cebf58ba4fdae59b0a8f7ab84ff8","secret":"619e4c000edf5cb8c2b795fbf2dce842d0ff5cba4e12312f5fc67510eb059560","key":"b305d06827e854504246d9bbae3b1f80","nonce":"4940e55b734bbe1d46e24bd6","exporter_secret":"bd6ec34885e97fe0c07bda3454d47ece7b6e9a1a05f729223485e4335c40cbdf","encryptions":[{"aad":"436f756e742d30","ciphertext":"c7200a5246b4aa9e6878e22830d19466ca31394651ae84383f183991d3a8662415d60e1e073209e6dadd480ff2","nonce":"4940e55b734bbe1d46e24bd6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"8071f54a0a43f77a30de1fd96133d91184b5f863525d7810eb9350aa25558bc470781e62c27fe9a566f15efdc8","nonce":"4940e55b734bbe1d46e24bd7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"fc9747b21f74c098899e408d86c11d28617a1a3eb2d985fe4af7ccea202343df096920759614bfa2586f0f1c5a","nonce":"4940e55b734bbe1d46e24bd4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"feb4cb8de805d855c0df8e75293a2a50cce58c9f4db7ead85e91eb10c498de2878961da5dab9d59237d524f4f6","nonce":"4940e55b734bbe1d46e24bd5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d85c2d06220ae34064210c4129f8c95dd43c45fb87ab25885467dc2c6a663deb84043eedde254968c55ef693e6","nonce":"4940e55b734bbe1d46e24bd2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"f9f00677d11dfbc321f5bc94c34df253e4f413d01f3e3fcf916ac9a767d0830f17f6bfe772e28642eed51e865c","nonce":"4940e55b734bbe1d46e24bd3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"061c0a2f036735c87afe3e1b091f634ca3dc1b33a393cdf7ddd054c68ea1d26e9c39322d332b2923017700d5a3","nonce":"4940e55b734bbe1d46e24bd0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"9aba719d419a3b91e51c84b905d4bfbbe8ad9b1e47ec15c207b930d4a4cbdd585410390d41cf38107c08872a8f","nonce":"4940e55b734bbe1d46e24bd1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"54fecbce208e6416f62f1e0e12af14937b5b292cb36d6a7df527d38a7f30de63e7846b18662507e46fa389b5af","nonce":"4940e55b734bbe1d46e24bde","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"1d39d1782ab76f9293b709d0958b0faa7b6e8ae299017e42d6595064aaed942f254cdb48db49b5fad6a7842f53","nonce":"4940e55b734bbe1d46e24bdf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f8e91bf713455564a66e27755294012dda09d1b4bb7d5d8b893678173093aa3f"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"d98a71a97c5cc4c87f74b3bc8073aa41f393942c2a4f41b273676da28f99f139"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"39168f2f0360a48eebcc72bd19504e294b1b456a391014e15b97d0c318f2ae3a"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"1b41f68bd5f990aab48869931b433256f88899111ac158516e2a4326c83eb892"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"9432ffb5d534c88e7e7e5ed8434206be52855547e130b2b75cc1000ced6fef0e"}]},{"mode":0,"kem_id":32,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"83ee68e36ddc609bf738125f72d9f1f27bce7c6934070a69b6c2a78ca921918b","seedE":"adda7fa5deb77a957f598da6f20c056993862b3286845e23e1cc08696ed2f1f2","skRm":"d7f9945b55b697a7452105630095894758508599694f401aaaed77a88364b8a1","skEm":"dfe953241ce3e4bd96b6f7421124136a3203aaa239fda95352eab223e821677d","pkRm":"f14d42cde2eaac0eb8e36c4658b927791941d6e2aefb8435d722b5fac3d3a842","pkEm":"97f8c9d24e6fc9f26de91a180fc2368b43aa7464185e3618d43bb341fb83b75b","enc":"97f8c9d24e6fc9f26de91a180fc2368b43aa7464185e3618d43bb341fb83b75b","shared_secret":"f00937b7094c31669fb1d349f12be9400267872ffd2292d50c5816bd52716a7a","key_schedule_context":"0052abd58a159195ab1612c2748d4ceeea5070496ba8c288bbe08601d1b2d14a4d873ee9cafb5415c4177a8661bc0f493c76414cd81fe7d6e8b390a6e3e6c93abe","secret":"98f6a3a62bb3b8c2cdb9b0f0264616e8863eff6d0f7282b4c153a8e766e5a9c5","key":"2a893cfc4e62539953aa8ff2cc1431562f661ab3b33744f1d4f1708e841435ec","nonce":"5d1b1f352ad6bfcfe9c4da65","exporter_secret":"6786153d8812c7889346b007ec0ca4ec9d9fe1d07e1b1c4e437bc4c69df04be5","encryptions":[{"aad":"436f756e742d30","ciphertext":"922b657481e80bf18b8814a435d31c776759859e8ca40884157247c0cbed07bcbd3c22ed029a50da93d08fa065","nonce":"5d1b1f352ad6bfcfe9c4da65","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"5b6efad025ff8edee5cee6b32f161cb33f2ba397469e9b35a48f9bad8a7a9dd2522748f68a1d64521d79097901","nonce":"5d1b1f352ad6bfcfe9c4da64","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"a2039f9c4b3cf3a71ecf972c55541ae1bef3931a73d98c5178d8f2bbe0c0f56e058077719fc4e63a882f104f64","nonce":"5d1b1f352ad6bfcfe9c4da67","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ac3967baf9b52e321eecc638ef42c53a7502b60890ac84200a1580bd825d4f89e83c2710c136e56644784f1a71","nonce":"5d1b1f352ad6bfcfe9c4da66","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"cfe4cca91ae9bf4e3c6cfd5d3ab777cda301041ab8c695388f94bb883763b3f0dd85dfaf483c117549176107e8","nonce":"5d1b1f352ad6bfcfe9c4da61","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"721543123239a19a8242c8aab8aa997c04d758fc7819930dda8633dbdc5af5e33c5a451f3d8cd1691e3eb28310","nonce":"5d1b1f352ad6bfcfe9c4da60","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ef970051362035083bdf24d2262d5a597f4361922eace58811df54c3dc12fc6622f853e4dec8b483178f61567e","nonce":"5d1b1f352ad6bfcfe9c4da63","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"c5653e7a823bdf8d083e3fbdd7c9b9c2838c80cbfcd6d1adfd18d237f43a02d5a83c3808c1d4b4451dbbed5f98","nonce":"5d1b1f352ad6bfcfe9c4da62","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"04278bdacd59166890abb0f67a19c577acb0b108801db93fba1e271522f98d43c2c2fcac66378d174463c146ee","nonce":"5d1b1f352ad6bfcfe9c4da6d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c0a4e4e239d9c59d61fa2809fc47476941b53b262d95aa14bf29ea24b6de10783148e2762d8900640d2798f255","nonce":"5d1b1f352ad6bfcfe9c4da6c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"de705a4b13a12250f4d5487de67705190737e6d1ba8b57f70d87ba585ea1cf85"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f4e86ab469491b2a7ad91d17ddb8964884a114549f63d0985355d9b844dacd4c"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"47c20438e2a2fbca12b2ac55c2cccb1ff5ef0907c80ead4bd36ab1a10d57fb2e"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ae7cd43f0d52ee38ac4655d5f2d191fd8ec573ab1d47702684dfea85b52b5a38"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"807d14a692749503f44e54660e8ebe4e93311715b9ba7d540973b2bb3c606825"}]},{"mode":1,"kem_id":32,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"9d0d68a6649cc66c65782569d4a79da1e2f73a34b84191d759569428479a510c","seedE":"8c51282bb46acb5132fbcf26f1e2cdab29408c19f0f66960d7264d7ce676a023","skRm":"cb798ffb68e7b3db33913c365bf45a811fca8382522ac8815b12b26d3377a049","skEm":"bf3981d4d9b43ea83365747e25d8ba71e14d21cca47e35e70b5311e1d48f8a0d","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"4a9269e9db60008f5c7f3c7d39bb8c4923bc2f244b3ed9085191ef54cd10cf0c","pkEm":"8f65c9f75b4b774d36052dfac0bdd37a03f309b92c9a9ca47e903683be34d04d","enc":"8f65c9f75b4b774d36052dfac0bdd37a03f309b92c9a9ca47e903683be34d04d","shared_secret":"f228aa9be7ff1ebd78f52b8b00b7f15688935ce105e24df508ad27c68eea703a","key_schedule_context":"01e623aa22a604f74ba1383391cf0c046f3461b30b65733a0a9e9043172f9317da873ee9cafb5415c4177a8661bc0f493c76414cd81fe7d6e8b390a6e3e6c93abe","secret":"f7878c2d949a446b44b95b2587dc3cc5155a83a837013582eeefea774b32f526","key":"743493cb30aac02389f8db1be74b6a2f2e09f7b6fe337095b207bb3b750b1ace","nonce":"3b83c923d13310f21c71baba","exporter_secret":"555a2c91cf21b146f7cdd2fce83dc165133b1896613c0e21d31583641b972967","encryptions":[{"aad":"436f756e742d30","ciphertext":"ad2a3e08e10413e7bdf9e89f2db169338fc68bcf8dc7bb073ca779024996de5922d338cf8407d34109cd2fdccf","nonce":"3b83c923d13310f21c71baba","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d7c94516707aef83e37dc5cbe3e9668260de5954899d54e8ecab3f1cfba8556557f1ff2238f817e0eb75d3cbb7","nonce":"3b83c923d13310f21c71babb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"371412a9a86704990e8d7170282134096fc623c74411d5ff95380692a74c438deb0e38f41bfba0562042e987a0","nonce":"3b83c923d13310f21c71bab8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"4e3486ffca6d42f064c885d169210f6fcce2b3d4981d185d4b1a5c1e82733c14f14fcb8b1f16dd1e7b707907ab","nonce":"3b83c923d13310f21c71bab9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"45f532caeed9f6c35a990812773cfd688f686288dfcb500ae04f8fac4d3704204bb051e704c422edcc3107737b","nonce":"3b83c923d13310f21c71babe","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1c0aee5fa393a0c4e2dbd70f7ce475542c71fd402b6fb8431855ac8fbafc6801c777996f8243c53a7d96d131c8","nonce":"3b83c923d13310f21c71babf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"66cd0eeb97fc59c1863898f9b7f1f67c82c5aede5794c17937f5e0909641af770c4973aec2a21967c0f17a64ba","nonce":"3b83c923d13310f21c71babc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"c96bb3363b31b582476239e1eb0792d2ac632ddaa7a1dc9ac7f9d588b62970016040a278e448256f5bbbf09ed7","nonce":"3b83c923d13310f21c71babd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"71b3055db5efe1165e685d25c4a749b6fdf8cb7a59f7e3e76cfbf63c109db9387fc751cc9c36cf886dd0f79411","nonce":"3b83c923d13310f21c71bab2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"14372e32a6dee0536a11b66343eb436c099d7adf658900fa624a45d6f1a8e84297c56ec6e05b2745605dfcd99e","nonce":"3b83c923d13310f21c71bab3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c52ecbb65af1c6764ce7d2fd1131d5f050ee2f943a4fe56e9c855b44385b00cf"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"42c5cf4f81152d05bacc9323e805eab8e429850dd029937c2c42f17ce7fea09b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"89d7f97327d51d61a4ac04b2507e51a977c8706bd932941f5acf1f542cfd034b"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"581e3a66a1ad5309c3295825bc03407c7d9e34673e61aed2c543b47764577783"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"599f10537288a9ec87d53c16aaa5881715061e6152a5b51b1e0433a396b38d10"}]},{"mode":2,"kem_id":32,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"c1a41b7efd403c8f04e2998c09ad725768ab626cba81880cc676bcdb5dbca74b","seedS":"6cc54ffec5f01c01c5b756c26498c910f2d024713baef267cf225dd2d3c5f409","seedE":"b8975c2b6df6a87ca61f910353f540c1b79aab73015d8f8cf59fd404c9c8a638","skRm":"c771870b6aa79a169d4bd426f34dac32174e78840973a8adbefe0108e3747cc9","skSm":"3735f9ba5702a15fa76c56f8c907b5611dbeafa6390dceccccc3c7f12a17460c","skEm":"ae178b9103efd5eb4f8bde61fb3cd83a52e0c1cce7a4fe859c949331f956d511","pkRm":"081bcda65a1808a9579f7e20ddaa3d03298d1eeba4befcd3d5975972167fbf57","pkSm":"37b491977d9bb9f271a3632064bed9f302d150357d0839ccdbadbcd6173a4419","pkEm":"9d49cfea83e2ccb0cfb7eabdbd1ef6c55fb8ffc739d03e180bf115791ff87c02","enc":"9d49cfea83e2ccb0cfb7eabdbd1ef6c55fb8ffc739d03e180bf115791ff87c02","shared_secret":"c019ff113e0f309e487dc5960adc4fcd6911350a9e85fc4383792122daa73837","key_schedule_context":"0252abd58a159195ab1612c2748d4ceeea5070496ba8c288bbe08601d1b2d14a4d873ee9cafb5415c4177a8661bc0f493c76414cd81fe7d6e8b390a6e3e6c93abe","secret":"b1ceca5c1b3376f8b37f71344c6fe1521090c6ee010692f083e6a5e6e45b6863","key":"83599f5f934755e886914e61a29de1d52ff52ab9517bc5d1c7fb28263a6ceebf","nonce":"447624b35e2c38133a2defd9","exporter_secret":"9f900e30337b61db9d212648d70885f6e40bac84c279b51f9a6fc22da8978e3e","encryptions":[{"aad":"436f756e742d30","ciphertext":"0ba66fa26360c526051791e6f377e6e35d0d7254c9269eaf01ab5b272ff8da13ac7f4339cb325568134e3365f6","nonce":"447624b35e2c38133a2defd9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"689222e02e128c36de72cf5169779a2769ac3a6f39ace69607a44970f9afabc7b236b3c600900d9f7ce9da6e17","nonce":"447624b35e2c38133a2defd8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"75aae78f896b62c95b423c12a087152b0f3f45057c36925cc2ee6e3f9bda3eaf447628e90fd4ca77300b3c45ba","nonce":"447624b35e2c38133a2defdb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"cc3b4f802b2278b4a3107fbbbb7f9e78667fee91957004aa6143cbbc1cef354d311e95010c19152eba1a731f71","nonce":"447624b35e2c38133a2defda","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"7d6dd0646b7ea2ad191d4a6a069e464642ed0c53392a4612238e06700b4ab20e0a9c025fc5b25b1feaae541346","nonce":"447624b35e2c38133a2defdd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1cf00297bcdb18f8f2295416afdf7cb589982cf50ce6277df8cb3dbd70c270d8b0805111e7f165bd3ea1c24316","nonce":"447624b35e2c38133a2defdc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"cec9a809a4a06ba86c89930ed21a2db95fb8942f70fbf2619be69e0e02169ea18f8390b905bc86435987c424bb","nonce":"447624b35e2c38133a2defdf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"5df50bbe002481f084c0194661e02f670e19898acdde8f78859db4915b951916ce7fc7b717472de39415e095ee","nonce":"447624b35e2c38133a2defde","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d2f8e9034f9f32cd85e0f69fc9cb4e93c55419bd9b1b7d748528e10d69e7a0654cf424bfcb7d8eef5deb1f3312","nonce":"447624b35e2c38133a2defd1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"3c3661439f0a31e2319b56648f6d4c30efb5922fa222c6be7a389a4d6441a7fb0de07057b455734ba506c2c5a6","nonce":"447624b35e2c38133a2defd0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"bfbc0230819d3e6dba6ae32f39e0840b8ddb14b927800a021bc9376d62462c90"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"207607306e5d68cbd2f32d73f472a9b3cf36598dd316da93d463ea025270935f"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"e498d7a98e6bc111ffb07ec8539d54e0b685061cace510fc5226c56ff1ca9134"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"24555bdc2881b2fa8814bca0803f49d768c7fc05f5f27c10cb8c2df2c4c4d584"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"23cee20b371e7b062ade45eea3e290749cc95e337d80b4d7ee36e4043724b35d"}]},{"mode":3,"kem_id":32,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"127a413bb98fa67dcfa9ae1391d9f2ceb637429ccf7634fbfaaa9b7c2d95394a","seedS":"26715ac5390fc7f72a55a95fc4ea7ea4def939213a1ee511c571edfdadab420e","seedE":"cc1cc98b3286bb960d74a304d96233b1f1d7b7298ebb6b79157c88b83dfbf4ef","skRm":"8368aa6054c102a4c4ca085ba83bd2a6ae241aa2a5f0247af76b0b7756042d46","skSm":"e2eafeb1389d6496565c01b6a4a5ff3f2d69475f8f43118f64768d7ccd0909d8","skEm":"c7a95b0534b3596cdb772bde4c80146bbe33c211d85d3f117b92f7f80796ce46","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"1dc131613febf7dc74dbd3326949bc73c5982335e52282b169807bdc62926148","pkSm":"70f2270817fd42b0ed69b0680fdb2912560f4f0440b9be05d93d7c431e7d8d7c","pkEm":"8b7d2426569473b14243aaffbe2ec64ab0bb58945144335f8fa58261355f3503","enc":"8b7d2426569473b14243aaffbe2ec64ab0bb58945144335f8fa58261355f3503","shared_secret":"0e4a803a76f093f4fb7a82e840cac442b06a0b30cabb20ba59b5982a773f78b3","key_schedule_context":"03e623aa22a604f74ba1383391cf0c046f3461b30b65733a0a9e9043172f9317da873ee9cafb5415c4177a8661bc0f493c76414cd81fe7d6e8b390a6e3e6c93abe","secret":"b7535e2df30b527576f29063894af1e3611957014aaaabe969fd31e47ad8984e","key":"d02364c8e94e08e015e6061ea31eda2c8c0fd5b4973d26dca610af14510b0821","nonce":"a3cd47557401fdf1a349b243","exporter_secret":"0b0f201f5c76048f2fd58d0817583e89807e9d899271bf862b795389be021885","encryptions":[{"aad":"436f756e742d30","ciphertext":"ec5d9354593006285b097295886b22854742ee7f44f0d1dd4235b99bbceec5a95c626fc9983ecb1b2be8f10f6c","nonce":"a3cd47557401fdf1a349b243","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"91b640c5045448c8c6c5657aceeda12c82eb2749611895eacc5bc7c4c8122588e37636823382c7ccb879784817","nonce":"a3cd47557401fdf1a349b242","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"037ed304c37b14836ff38a92fb7ab5a0d797db37f379ee84b6f533b703bf48985c6ae374202d715920325c7cc5","nonce":"a3cd47557401fdf1a349b241","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9d2c7f7e20007d014aa38308de433e60abb4cfd8dead753ba33c14a6c96c873e5e6ba56a219cd655bb017dbc5c","nonce":"a3cd47557401fdf1a349b240","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"8d970fcc5794969c4a35353adf89d6ea7ab4c62d8546ef1d1d6369ae6bb4a1c1620329e66f93066c7e377ae4ea","nonce":"a3cd47557401fdf1a349b247","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d67832b32dfb350c6a5272af809ff548bd1998b87662144112b7891966f3476b0600dc774a4d8de682cf84dd66","nonce":"a3cd47557401fdf1a349b246","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"b23098fa0591b56e6a885326d69081eac13723d0d58067b4a66f47bb161f6d18b5b5d708b45dae3ff8ad20ad65","nonce":"a3cd47557401fdf1a349b245","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"091e27dcfa24dc5b26d8a29e1c206a6969354545ba8f793ab8a4a689a3822483184bccf68126541b09c3d68fff","nonce":"a3cd47557401fdf1a349b244","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"f1b42d5b3a4a3e0808d694d101b8b1f8e543511ba4e303fc71d4cf1e5a932817dc26412cbcc6e30947003c6c92","nonce":"a3cd47557401fdf1a349b24b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"d48648b2c75eb86ffb00341417826ca6a9565a5bfd8578dc5e9d663507eed7ff4aca583607c22e8b57f14a0624","nonce":"a3cd47557401fdf1a349b24a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5e2de257432a21533c1d28cbbc3fa41b6bc7d649ec26ca4b132e7652eb2f7fb8"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"0f233d0ca18809f3c9be821053e24a4d345f5b5a930238341db6fee81aaf0cb4"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"af7de682aa69736a773b872dfa8bb8293943a60686b8a55685ec1c303ebe4bd3"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ae8b3011f3959dac604fa7256e3e4b99d26f2617d04b160f18b6e0db4d3b2194"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"9e866bddb361fb288d4c4f10d1086ad23c3f8e16694457e93cc7a70c103d4a25"}]},{"mode":3,"kem_id":32,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"9a063358dc95c04f2bdf2a9a2911145c0632f49012829d92b2b5d9f398a9cbe3","seedS":"bc7c6a9ce74ba9e7fff0644da70899148f4775eaa1857478f0275af76cabb764","seedE":"ca35fe19e214033e34465a3bb125dfea8b483e55fb8163774413d95a4d9b1f0e","skRm":"50553ecb05c3ad2feab069f7e767ce7fccf8f99b5f555499b0bec4c88b8541de","skSm":"910500b78fee3ab807b1e08f664d2822be453e7a795e1d613487cf15266ef933","skEm":"753d98048ba28e8bdd6a22c3530dcc208cecb7386aeebca9b49cab1b91f46b6e","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"b8a27c312fd14d866ceed49df7d847879d609d3ba074534f657dae1fb2ef7d3d","pkSm":"1b38fe7dc7c255ba5caf7116eb9fcaf3d63d60a1667042b6e19e769596ee3754","pkEm":"a6125996b3bb128bfa05392ffb39afd1e5b0031625e26c8c484e4aea0721ec39","enc":"a6125996b3bb128bfa05392ffb39afd1e5b0031625e26c8c484e4aea0721ec39","shared_secret":"0c9ac657691ef63b088f9777e84a9a8ccda766f0c9834ad318c0e49cc34fa43f","key_schedule_context":"03f5f7e2ba59c3ff0cff51f71c4204fcfc76c95f778b37ccdc6a83b3df36c33e7b6da3f8f29fa93987a2c185c1c17e719f7ae8eb4d564b80119e012c9c959b0ca1","secret":"502a94d9ee9cf5367beb65a97e7bfeae19a7cfbff25c6a4d2a9d1ece4d744b41","key":"968ebe599b1443cbfbd1914daa5bf667a52cf7a3339ecb209e8684f1f9c97d86","nonce":"a0bcc93f25f5b9e707f453e3","exporter_secret":"12fa76c18f0c16769262574bc6d49e9b22cac1d963e3e6b91031f61ef4277350","encryptions":[{"aad":"436f756e742d30","ciphertext":"1b049559f757b7c16d77bec8a8cf9c1cecc6becaa08aa513c791822b829345cf4477936df226e34804acb93b33","nonce":"a0bcc93f25f5b9e707f453e3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"21311cd102acdb30e18669620623c54dc66eb0c5cc7fad1ac1a327062d89fc1fb6cd1228f8de48418d089a709d","nonce":"a0bcc93f25f5b9e707f453e2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"3e84e9e5c3d004a6d8cea022c8ae5a10bac7d75829a189b137db55e6a5c11974792e8a6b92cc208d615f424d45","nonce":"a0bcc93f25f5b9e707f453e1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"a377781085d6292c5a91fce21c269dd5eb220be5bf2035de16530a98cc0e96ceff4c79b7cb50ede50c2f70bb20","nonce":"a0bcc93f25f5b9e707f453e0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"595f2004a961c4762e418d33821f5c73335a681e75512134c5a5e3912d24bd089b074e018f042e6164bc72c5f5","nonce":"a0bcc93f25f5b9e707f453e7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"4099f8c58c8fabd9af32abd2b9abec08d62b2fd88332f28ed804c64a9aa19a6f87a0950b7e4c5611b18110dff2","nonce":"a0bcc93f25f5b9e707f453e6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"e140cb63407363267cc24b31404281fca03280e3649c2da0f7e1fd4c900777bc5546bea0a3b2f1cf0040b4f2b3","nonce":"a0bcc93f25f5b9e707f453e5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"d7c3341b0ec12be40a56c83817f4d1f513c99851b4b26db3a4b848c0f1bb073124d3c4ce0a50b75eeefacc3fe4","nonce":"a0bcc93f25f5b9e707f453e4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d06d49a68ebf2e9081c526d64648cab19707935222dcfab9eec9cea9a02175debaa8d4a06ad92eb999b437edb7","nonce":"a0bcc93f25f5b9e707f453eb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"462fb838e0be597ad4b4db41c01ec74f5b5a5e981a1ca071c1042d3bd871bc50cc0dc848377fcad65628acb6c1","nonce":"a0bcc93f25f5b9e707f453ea","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"6c1ec2b099cd01a2f9b4f27df92bf6366fb964f6187b95126c00c9756521bfc2"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"7ba60f793b074bf90f9c3a5d910ef5aff0b87b44973047e5e10d98624f0f1238"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"df036ec1ceafd079400aad707110f98b69e461151b55a6506a21eb12e1b8a2f0"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"83657e205ebe05e085beb9d22441df8eb4b3dfac384f65be7165bc31ac670dd2"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"92cd0de496d63d465b9e2e544b3de7b62fae045d12a207d88ef61060053fa475"}]},{"mode":0,"kem_id":32,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"da0002ddf1803c7d54c1fb10fd68eb76afa2aa4577352b9ce26462cf63a97f6f","seedE":"8c5a8a722a10c144a7577a73bbbbddb0284ea3436f9901a12c54eafd6eb5cb81","skRm":"62139576dcbf9878ccd56262d1b28dbea897821c03370d81971513cc74aea3ff","skEm":"5006a9a0f0138b9b5d577ed4a67c4f795aee8fc146ac63d7a4167765be3ad7dc","pkRm":"1ae26f65041b36ad69eb392c198bfd33df1c6ff17a910cb3e49db7506b6a4e7f","pkEm":"716281787b035b2fee90455d951fa70b3db6cc92f13bedfd758c3487994b7020","enc":"716281787b035b2fee90455d951fa70b3db6cc92f13bedfd758c3487994b7020","shared_secret":"f995f043efe63c77ac333fbe6007240fd01006bac1b075d2807845afae89a19f","key_schedule_context":"00cbe688614d6e54c26594f3c118e6cb1a01f6c6572a9112dc2687bd3e8b1e6ba06da3f8f29fa93987a2c185c1c17e719f7ae8eb4d564b80119e012c9c959b0ca1","secret":"b061e1b7e604df2fe8a4d32e25d33aeb5a0849e7b15dd212231adbf656259f8b","key":"1d5e71e2885ddadbcc479798cc65ea74d308f2a9e99c0cc7fe480adce66b5722","nonce":"8354a7fcfef97d4bbef6d24e","exporter_secret":"3ef38fcad3a0bc7fca8ba8ccea4a556db32320bca35140cb9ee6ec6dd801b602","encryptions":[{"aad":"436f756e742d30","ciphertext":"fa4632a400962c98143e58450e75d879365359afca81a5f5b5997c6555647ec302045a80c57d3e2c2abe7e1ced","nonce":"8354a7fcfef97d4bbef6d24e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"8313fcbf760714f5a93b6864820e48dcec3ddd476ad4408ff1c1a1f7bfb8cb8699fada4a9e59bf8086eb1c0635","nonce":"8354a7fcfef97d4bbef6d24f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"020f2856d95b85e1def9549bf327c484d327616f1e213045f117be4c287571ab983958f74766cbc6f8197c8d8d","nonce":"8354a7fcfef97d4bbef6d24c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"14d88332e147f24efd749dc5b37de8d9367fea2dca34f8117bd8d2093e08489fae56595eed6503e2a5997f66a2","nonce":"8354a7fcfef97d4bbef6d24d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5e688918b05e96631628eef3e74781caf41c4f25ee1ef52ca1d746ca31561392c8833a7232036bf8e839a4c8e0","nonce":"8354a7fcfef97d4bbef6d24a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"3ad1659d8d0060428598bd13b790b0893d81ad11155ed618de7ac950c65a2d4a883a78b954946d58b2395a53db","nonce":"8354a7fcfef97d4bbef6d24b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"08eb46778b70677b32ead9ebe04f31a6dcc06eb19d41a79d9efc5af6e94a54a97558ce7a783b4037112a870a93","nonce":"8354a7fcfef97d4bbef6d248","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"0e3b0d39dfb10f63905b30b12bcbc87735dfbac2e66c3724a6803da266ea58e464df3638cb7605f801e8d8f1f5","nonce":"8354a7fcfef97d4bbef6d249","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"c3f4cdbba72516de891a4b1b6d6ae1cc071a9adb2a17383182c6c5e9d34e38217d59711700f3b3503233225b1d","nonce":"8354a7fcfef97d4bbef6d246","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"7dddf70f5cd25cb840b70fe4355b5c9c77aaaf12fe158114df2718dc2ce9e148eac89966b1b68660135c8eca4b","nonce":"8354a7fcfef97d4bbef6d247","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"22bbe971392c685b55e13544cdaf976f36b89dc1dbe1296c2884971a5aa9e331"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"5c0fa72053a2622d8999b726446db9ef743e725e2cb040afac2d83eae0d41981"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"72b0f9999fd37ac2b948a07dadd01132587501a5a9460d596c1f7383299a2442"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"73d2308ed5bdd63aacd236effa0db2d3a30742b6293a924d95a372e76d90486b"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d4f8878dbc471935e86cdee08746e53837bbb4b6013003bebb0bc1cc3e074085"}]},{"mode":1,"kem_id":32,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"2dc8b23353f632c2797ba4644fafb7363d958c1fce79162a215863951bd9a06c","seedE":"31c63611a67f55281f76477958758873f7a65113f3e1666ba5fce96e96852684","skRm":"a6ab4e1bb782d580d837843089d65ebe271a0ee9b5a951777cecf1293c58c150","skEm":"4bfdb62b95ae2a1f29f20ea49e24aa2673e0d240c6e967f668f55ed5dee996dc","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"c49b46ed73ecb7d3a6a3e44f54b8f00f9ab872b57dd79ded66d7231a14c64144","pkEm":"f4639297e3305b03d34dd5d86522ddc6ba11a608a0003670a30734823cdd3763","enc":"f4639297e3305b03d34dd5d86522ddc6ba11a608a0003670a30734823cdd3763","shared_secret":"95978c18311fc9e360209dd2cd10b2fcacf019ed25f7703cb2b4e4538558c13f","key_schedule_context":"01f5f7e2ba59c3ff0cff51f71c4204fcfc76c95f778b37ccdc6a83b3df36c33e7b6da3f8f29fa93987a2c185c1c17e719f7ae8eb4d564b80119e012c9c959b0ca1","secret":"2c25a1d6e3b889cc8ea031a96aa3357f16973f83ab1d444114e7bb4f56e4a639","key":"396c06a52b39d0930594aa2c6944561cc1741f638557a12bef1c1cad349157c9","nonce":"baa4ecf96b5d6d536d0d7210","exporter_secret":"96c88d4b561a2fc98cbafc9cb7d98895c8962ba5d9693da550cf7ed115d9753f","encryptions":[{"aad":"436f756e742d30","ciphertext":"f97ca72675b8199e8ffec65b4c200d901110b177b246f241b6f9716fb60b35b32a6d452675534b591e8141468a","nonce":"baa4ecf96b5d6d536d0d7210","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"57796e2b9dd0ddf807f1a7cb5884dfc50e61468c4fd69fa03963731e51674ca88fee94eeac3290734e1627ded6","nonce":"baa4ecf96b5d6d536d0d7211","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b514150af1057151687d0036a9b4a3ad50fb186253f839d8433622baa85719ed5d2532017a0ce7b9ca0007f276","nonce":"baa4ecf96b5d6d536d0d7212","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"50a645f0f9bddac7b1029dba61921d2cdc10258e6d67e4918000eab0d617fb04a655caeeab308eb159585ae07a","nonce":"baa4ecf96b5d6d536d0d7213","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"6232e4a184dbff7361f9e4d6bfaaf97631225ee317e63cb09e8f74fc93efeedb6385d4f4cb2e30ffb82aea0e1f","nonce":"baa4ecf96b5d6d536d0d7214","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"ab801465f2080c1b9a06b582a919b51fc289e1b5b14bbad0b09cd92a82d27a1de1b934fd809cde8f19ef988373","nonce":"baa4ecf96b5d6d536d0d7215","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"83248649e62ac67c3b9d5525b886c04960b00b02df2d34c91284e8ed537feba132b03d12b868822af1e583118d","nonce":"baa4ecf96b5d6d536d0d7216","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"5ad03248b8e5270a654b090df5eb8955120d5cdc00f5dfb004942125cec1fbcbaef7d9fdef284bddc134018b74","nonce":"baa4ecf96b5d6d536d0d7217","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"56333a4ee1e5512cf2ffa1fd135fa54ba666f4388cf654fda9d7696ccfca1c51facda5a9bf80c9ac789026955a","nonce":"baa4ecf96b5d6d536d0d7218","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e352a356575dcee382c8d2489bc45dc3a757979638e952dbac969eb092e9c616d8654e9dec8d1c0777e39478c3","nonce":"baa4ecf96b5d6d536d0d7219","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"735400cd9b9193daffe840f412074728ade6b1978e9ae27957aacd588dbd7c9e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"cf4e351e1943d171ff2d88726f18160086ecbec52a8151dba8cf5ba0737a6097"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"8e23b44d4f23dd906d1c100580a670d171132c9786212c4ca2876a1541a84fae"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"56252a940ece53d4013eb619b444ee1d019a08eec427ded2b6dbf24be624a4a0"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"fc6cdca9ce8ab062401478ffd16ee1c07e2b15d7c781d4227f07c6043d937fad"}]},{"mode":2,"kem_id":32,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"71237558db2b55c1a09f6695187d2af6e7d1dd97256cbb927bfc8a794476d07f","seedS":"4255c61730d15a7ed2018a023ad45274c1ab38ce621d4b597636e08e97619ef1","seedE":"c9c2d6f5a6f88e4c2bf5600817aa140fcb46dc682942bfca357c30fe2db17d6b","skRm":"05f54678e1c66bccf4c485cd297d080b4bfaf7cb049f876d80d9102f8ad06fb6","skSm":"18bbae7f265b459930a1e2773c6e3d447ba1bbdc8a59d91bbae159e87f131e8b","skEm":"91f86be15caa8696aea8e14c27c05a5139a87d049a3cfb97606989c7cd996335","pkRm":"c7667fb6e14617b12aa7bbc25cb916b360b324b0e08d10570533d258b8a87962","pkSm":"2c8f2577674c52ed6c8e6d3485afb7746a1edd02985b85f139fa51c617ea0070","pkEm":"f82cc290dd57c0c63f041ad62605d1ae0c5436243e18758b2b63658904ee6a09","enc":"f82cc290dd57c0c63f041ad62605d1ae0c5436243e18758b2b63658904ee6a09","shared_secret":"92d03a5e87f58fda583129e62f1cb55769df02a2453863b0a09f55e4bd5ff7be","key_schedule_context":"02cbe688614d6e54c26594f3c118e6cb1a01f6c6572a9112dc2687bd3e8b1e6ba06da3f8f29fa93987a2c185c1c17e719f7ae8eb4d564b80119e012c9c959b0ca1","secret":"4760feb6cc5ac6891ef2114490723c6ca2ad3352b2c52a60b390616d731f7767","key":"7638c7ade5856344fbc3a92600fa278dfff1c22b5857fe2c391e5bd248ac32ac","nonce":"1d14b2320b54376e6c43e791","exporter_secret":"0ea20eb846e3c26f1ee8b2ecf55c9abdfecc910387945528c73a5ff91bc4ef38","encryptions":[{"aad":"436f756e742d30","ciphertext":"30b013196168dcaf7a07047eda596f8c4f425abe6cfa269a7602b2a2b0bea958e2ded3c68c8c9e341ca4bf2e31","nonce":"1d14b2320b54376e6c43e791","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"a259ce67a35c44ff9616f83cceadb2f0f542b208e9410686ece7e3eb92f08ca2e3fc95ccde64e849c96367952a","nonce":"1d14b2320b54376e6c43e790","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"4691caf957cf159e39a3f66cee9cd76e06ae3e7f97c577898423babfdc9800669d69356531dab839e0a491d502","nonce":"1d14b2320b54376e6c43e793","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"11acad0d8b2d5f2e82bdb87201f5b09df5f71c4341eb33a8a0c6f253bd122945b5706d40a11614ee128cae6131","nonce":"1d14b2320b54376e6c43e792","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"471ccbb6a81a3bfcc4c11dbeed62e95a7279fdab214f3b0cf22e998a89a2fd054fdf6326ea6a340b20cfafae20","nonce":"1d14b2320b54376e6c43e795","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"9a51e37bc5c41261c6fcb9f8036611faffc4e39a2190b3c313c2ef62d8904a14a6ad81cd56d56e1ab99d5b3889","nonce":"1d14b2320b54376e6c43e794","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"822661572ff4fb84619b4b12c38640fc1b1ebad69fb97dd425ce0efa4fe08aa9090bc2297aad658ede2cc20a96","nonce":"1d14b2320b54376e6c43e797","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"5ca6f9ced86a2f0fda6e1c2f0ac2a9ec3c9ce66c467fdb306a94cba91d9bf50e435f75416633bad5c97bedc730","nonce":"1d14b2320b54376e6c43e796","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"1128b6ad625f2617d471f1608aa45b21122b43dd212223a62445e301e3c4ef4ca199bb7bfcb7b20d509a08b14e","nonce":"1d14b2320b54376e6c43e799","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"3658f02680a2beea1e1e3502f4714521cbbb4578a13812d3aea17147e79b4ae062bd1f8790bf4f20607cfd4dfc","nonce":"1d14b2320b54376e6c43e798","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"b8902ea677882e79e60f0e65253918c21b346a97fc2767ad3f47e51d387b6400"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"aa92552439bd2ad01821df3dc0d554ec2ddfaa744df9e338db8a523fb24b4170"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"64c8473dd1d246edf1cca89cf90c37c38aaf0a80745f2d085a143179f77e444b"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"bfa826352fddf2fa033349f0a9fdc679f4df87af7d94723657119531ff4e81e3"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ec90bb6309c5d1a206f8ed9789f08abf76469c0507edbfaa4586d4aee0d68c1b"}]},{"mode":3,"kem_id":32,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"5e9430f75100e243779110bcd9166d0581dfd2f99db6e0080457e147295bf34d","seedS":"5d1d360a576b3ed866b57bf67e7bcc2280b28c050abb1b4c000f851ed2a48547","seedE":"5915b3eb940bdab74b2fb99d50d1fe978ee9d52063a68595db47f4cfb08d310e","skRm":"f7f65fbb3dccb4296f8e184f08e8cab0cc713367d7fe482ab0bc82f70426fc9a","skSm":"37185c6564c333864a81671f36f49dde8e0ede8ab44c0f9ef2a18d378d3ef737","skEm":"589a5406ccac263fc8d7b442a71835e14e90eb4fdc9e43e92070fc6b7cdfe404","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"e05a289a384add8f188bbc2c875b7e361e0475d099eb6d27cc49e88664fadf6d","pkSm":"1f47c8be014cabf904cea3a57ffb41c5faf20ed7aad5b538979a61e7f4f56b09","pkEm":"cb6469d6708a6e4a0d4f36b875a90849e230689cdd17be2bc724b4d12bc9cb29","enc":"cb6469d6708a6e4a0d4f36b875a90849e230689cdd17be2bc724b4d12bc9cb29","shared_secret":"facb471314510a2aae54c0a110018c89ab2f80ccf1a8298f7cf0269e13db94d4","key_schedule_context":"03cc094b22955765a9aa3dc3ff58b26c8c84758bed960d693e13d606cca12454c2dcc3cbad2443923c74ac8b066de4f99a57ceceb24859069eb6c7d69ae315def8762135448ab48be035e789e67e0affbee59d601f0251c30987f11cfc5ac445462e5ce28b7932d547576975e27519875cc5504c30c151aa97ee3dc1398788d52a","secret":"9a2b49cda253a428a2e9c41f6143eaf748539bc10f2e2c959155f9062b3caef9eeff54811abee4c48c04cad4bbbf3cf87949add9901ef20a7941a0850f43ae2a","key":"7b24b1064c176c7a7b63cc2bf5488765","nonce":"c20982814d1fec4d10678e67","exporter_secret":"04337c3fa35c7e4ff83a14cd5e78741f6f31db85bd80529ceab30e5c850b955510d8feee8c255334547ac14fb16bc7fc2270f4fe99548e4ed7abebc5253acc33","encryptions":[{"aad":"436f756e742d30","ciphertext":"5417bcde0bcf1e2aa3b3d497fb05096a76925a678db4afbc34861a895bf25fe3731b09b9fbb57907784cad077c","nonce":"c20982814d1fec4d10678e67","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"c046ce0b0edd3c3868a740626f9263641046e0364cbe0448b8abd3e7f2cd744670d6fadf112b3fad35e29740c3","nonce":"c20982814d1fec4d10678e66","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7235ba9a22292c6f49d982fcf97790d403b68746db53150a7b1dd25b5a7187ef4103763ff61d5faae82222cf1e","nonce":"c20982814d1fec4d10678e65","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"06f54ba39744b06d3947a03333427f807578415d4a4bcaf8b011b691f758a145ed137b843d50e7ad4eae44bc0c","nonce":"c20982814d1fec4d10678e64","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b7c642834a9d609fe87fc7443659ab5fbdc8a4be018ae6d4166001095c9cb362bd713448a3e8b625ddd545e650","nonce":"c20982814d1fec4d10678e63","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"098e528b7b818ea150eeea942ad6457ecdad711ba6a8f8ef4a1685f77c0de09ceeee2cad0ae341fba8c4342890","nonce":"c20982814d1fec4d10678e62","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"dd3df7c7678904c08faf2cc95996834dcebc8832c039325f94e915e34a6249e46714de28cc22ce9d9a7c7b83b5","nonce":"c20982814d1fec4d10678e61","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"498724f30c4e624f9dae0883e5ce979839d3b1aa5094dccbbcdcef13d687747e79d1808462c619bf635e7c77fa","nonce":"c20982814d1fec4d10678e60","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"20af71cd8eedd815958bc62cdfab2bb612dd9fb8fe32bda58dc357939b73108180d4140278fcbe6633617d5c19","nonce":"c20982814d1fec4d10678e6f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"4e07810b686425fe70974a481317d09d89b1d49dd0e164a12c44c7f15d92445b3dd30eb3ea3c166ecc49345b38","nonce":"c20982814d1fec4d10678e6e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"14877f91ade5df257d363a72709b108a728c225a4a3efa9c29d961dc931f2a0e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"447583e788e3e0d6336d2b373775023ab55a2bf448a6df7fd6da8276c24da466"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"5815b192c95cd1614f4b0de668c63a50b409ad73d95b6eec674484f7044e4f36"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e33e1e5c7556debeda5da3c8de0dc486b3d712a82e7f3c2161f1f01fc037332f"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"f5f9e2657aab8c09a2f7566a51b199c84761ad683f80bb371a2e4553475bd1cb"}]},{"mode":0,"kem_id":32,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"a786126e19a5e0e3c4e54b7882fb80fcbf19941cd4183c67d467c91af0927239","seedE":"4bdf1773e0b1f9baf8ae5b49682f5b419ac2f2dc399e2f81381d869416e30246","skRm":"f1d9c20bd7a7b88aea23c2d6f457b9d14c83a02f4bd52ed34760e3a70b4d1f5e","skEm":"7854915a6fbec01530902324cee60646536d189633d980f04dc03711b49defb2","pkRm":"cdb3ddcca2377569ab2888bc2c529ea8c16e55bb68f6925888a9212aad89fc19","pkEm":"d1976db4826912a68d1e1d562ba37b2a04faef62e71193c142d78b874bb24f78","enc":"d1976db4826912a68d1e1d562ba37b2a04faef62e71193c142d78b874bb24f78","shared_secret":"0b41304c37562993d694c0f8ca11800c028f56a993d0812bca623fbbfac185df","key_schedule_context":"006203383e1ae65f6b455b5858e95955a07ebf7b673d1ef93ae2bd3bd4cfd952978a62a7d140c519e4a4d9167aed8819b2034c29fce41574f10a87e0dac20767a4762135448ab48be035e789e67e0affbee59d601f0251c30987f11cfc5ac445462e5ce28b7932d547576975e27519875cc5504c30c151aa97ee3dc1398788d52a","secret":"333b5f32babf57b5d712101d00b41d6b46b19ba5ea365be46c7edac2f27d68eceefededd7e1d1e2cbf59dbc95e7f6a4fa7f8fc2d56cad77daf293a8281f6197b","key":"db2ed7a433455b2e89c7c8cea7693cf1","nonce":"9ad24c7c53bfb35a41210b0e","exporter_secret":"1cb1229f21d3599f4b8317e1a419fa3360a6ea9923245e29e934c30502d3ace6bedb9ebfb99909d1f6afcda7039d0517d52e3c6dbb303673714c089179df710f","encryptions":[{"aad":"436f756e742d30","ciphertext":"fbba8d4f66c1a5cf77a89eaf5201a538a7e6fc8a37b6bd96a29fc3cc7a51496ec92f46e6392dcec9eba772109f","nonce":"9ad24c7c53bfb35a41210b0e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"05326c3d17447ac21d1f17e720c93c7a9fc3f57c1bb682cafbd026e27def58b950aeab78cc17a070e992552436","nonce":"9ad24c7c53bfb35a41210b0f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"55958c515d297358af6ea2c952ec05513499ef9923c282dafa8b235e7bad03c130cc838c765a9e604c7aaa1c9f","nonce":"9ad24c7c53bfb35a41210b0c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"60dbbaecf091daabb228b43111979f1212dfef251017606443671a160419655f170f8ee2f23ad1754a56de4107","nonce":"9ad24c7c53bfb35a41210b0d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d316d2a28311d228c341a36fdee46028bb44b0a474a1059113440e970a3064cf9a72a56b24577c0f84341a125d","nonce":"9ad24c7c53bfb35a41210b0a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"48dc6be6fd66205fba951df5aa2b33d8e25641075f3cb2f4d165b909be1318bbc5f3450549f2e746f078478f7c","nonce":"9ad24c7c53bfb35a41210b0b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ea1e4f1154364ef394d9493e2d5e9e33e98f7e64f2a51d0f394851d3329e7aecf7a8dc6c24ca1b12420dd210df","nonce":"9ad24c7c53bfb35a41210b08","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"c0bd46a29e1ac5f34755f87928e4fc1b8d1894d0e731fac3c706a33a7f2a15fed65566c345f0bfcdb708adcb1f","nonce":"9ad24c7c53bfb35a41210b09","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8a24e35391caf3359190ad6b25a4536bdca240273e65ffba76c978d8f2047c7a291e4caf8aac2af4b04ef8365d","nonce":"9ad24c7c53bfb35a41210b06","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"5b9b653e1fc92401823f8f0914763056d012b0a9830809d1ad68363ddf278ad9bf58f9e727a2ee9e4524d2f28a","nonce":"9ad24c7c53bfb35a41210b07","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"760cec56bab6780fb7ee51563e7b9e6145d38ffda10faa1053f65b1f74fc2733"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"25e50184173be00e1e07a8e6a8bbda8bf628909f7088e01b9b1c720ece0526fd"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"fa4207bb0bff9af2183978736f84a703d23568b82675a964681383c3f11047eb"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"fdbebeb2901e996284387bf0a7d4d26ee8eca9f7f5858bf98015d7595813bad3"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"1538807322f02dbded405d10de3aafc4f6d365d9aefbef081d114dcedbe1cae2"}]},{"mode":1,"kem_id":32,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"43ecb1a6e630e12cb24332e2a08951ff7d94937d46f591381cba6f7a463d200b","seedE":"0cf1f0a982cf339261868e6548345d5e610054d55daf35fd41a166ffef95b8ad","skRm":"ac1f54ecf81f53a71c5be7f734346fffe084ba6f5966d2b3173df819145bd722","skEm":"20c9020273ac6193f27fb69af406cdab8154090c28aa2c7b870b92513d8805f4","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"7e8561e6b753c6992df8d89cc1e447bebd4e21fcd4d1dc868f6b2ea663ce7e18","pkEm":"7c35810fdc4009af7cb98dca0838ad32495c71c3003be650ed1ea0f6cd1ecc3c","enc":"7c35810fdc4009af7cb98dca0838ad32495c71c3003be650ed1ea0f6cd1ecc3c","shared_secret":"29755d2e5faab6748d601ec4c68c752ab23f04d6438c21ab14acdfab860cd4cd","key_schedule_context":"01cc094b22955765a9aa3dc3ff58b26c8c84758bed960d693e13d606cca12454c2dcc3cbad2443923c74ac8b066de4f99a57ceceb24859069eb6c7d69ae315def8762135448ab48be035e789e67e0affbee59d601f0251c30987f11cfc5ac445462e5ce28b7932d547576975e27519875cc5504c30c151aa97ee3dc1398788d52a","secret":"c809f7b5f7421deb5812b39a787aed6b52591115c427d3d53b578f419d0dbc3ded44f89a822f1caf9c2438d020caf2e78858c1f1825ff929d96acfdf317d17c1","key":"b11d0f2382a047a9b0ffec876c42b57b","nonce":"3414ed70345e48e38abc1414","exporter_secret":"2985eb1aa88c3425898e1ebca382890438b961d0f79edb76ab6a41fbb0e9516c4f41dea0b592e32aa9fdd8aecd69a7751e028b0b043d0fb642411847b44d5a07","encryptions":[{"aad":"436f756e742d30","ciphertext":"13d119d97709546435a5fbc99a39d9ac3f2ef459c9841305582282c435aab714af1df2f52bd07f196bfe9294f5","nonce":"3414ed70345e48e38abc1414","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e8f9743ee3eeb41cebade4ba2f0d758b679c560a53a720aeb88017bbd778537b02b3eca27bca61fa13898847ec","nonce":"3414ed70345e48e38abc1415","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7f0218fe141ffccc6229d096516a27cce109e1300f59a3500288cc1bb57c765b91b4a240075493d94abb9e4cf9","nonce":"3414ed70345e48e38abc1416","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b893adce352a2b1c780f67475062a9eb827ba2fb2e7ec4ae21e27d6663e1a988d81390b50d99b4de2b451afce1","nonce":"3414ed70345e48e38abc1417","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"8e733ddc1dd2b80ad6decf1b0ce08a28e9f5e644a7439621cd028ac9599c7657dac34173f7d5489e34be099462","nonce":"3414ed70345e48e38abc1410","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"4551173fc2233def235d52c738dc5095bc7abb6e3c3c7f8e58ae983bf68cb5b6fdfdf334b9bef4e1c5b11c2884","nonce":"3414ed70345e48e38abc1411","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"3384441833b623b36930d89a3e795fcc31e703d460ec48dc43be345794a2d73af9f4283494f23b904ba609197d","nonce":"3414ed70345e48e38abc1412","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"ad5a5977bd3486ec319850a52fb8e7cba74d0e2c2ee261ec9a6b2bfb579f7a55f8bac5ab774c2bc28d86623ff7","nonce":"3414ed70345e48e38abc1413","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8d4466e0d99086ee1c0171a111a2c1ea5736ba9324eb20aa0d071dcd8c4581ea1dda96e25dd3f341c84c9c3529","nonce":"3414ed70345e48e38abc141c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"adf8ca449b303657e9d81bf9566d7562d9b28d9c63758bfa93586f5ba69a2fe2dca1dafd022831de39b6453c28","nonce":"3414ed70345e48e38abc141d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"899f63d5646d1116e63029c0c03a3a8b63b815af58a0e197c440e8075daa220d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a2da1ff2773723418e07c63d39455d70be0865d6d0fb29e355eda599a62441da"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1c361d5b9b14c6f75660c8c960b908394c0281895fbba9288730822511a24171"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b5258b7e39ea3a68177b50a5a492b6cb8083707a1756e5a7d5d4370556c856de"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"81ddfe54c7894f987e2945333a5ec809068890587759b6407feb1d6f1ca26e6e"}]},{"mode":2,"kem_id":32,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"820bf46d4ab7bebf7a02c40192ccd12787e7f9ed3dc7b8ae82d1c91d5d15ddb9","seedS":"52ad475488a9dc5a8f9d135b64e1d254db3d29b77774834df12cdd0942a24ebb","seedE":"5b2125ff49e1a1c36f8759c6558ce9c12dfeb1b5e241341fd3fdbe7330522640","skRm":"cb83517c3c0cc1dbfa0498b8f279789e193b17401e884cf06173d656f98820aa","skSm":"ad94176aac3504ee1d0f30ae7f38c21d6f3e5227a19cf24d1ebf7d69dc17dc1c","skEm":"0374f17011a923033eae1847e561e82c259889d35168261eae560c3764ba7f3d","pkRm":"fec1d8bfa85daa89319ddd2d46684f42fce1c0a25c4bfa07b54eb4e3dbdeba03","pkSm":"80417415eb586d2bd47412519393c1165b073f57086ba95e72c177766854710e","pkEm":"1f17c1c0b29d9c312fe8f71c0e29f5441998fdbd0b029a1d52a751d8b01b6b58","enc":"1f17c1c0b29d9c312fe8f71c0e29f5441998fdbd0b029a1d52a751d8b01b6b58","shared_secret":"fc4fedbcd0985bc84eaee1aa6b174e6273ac9f16c6048fdfb02faa9560199a0b","key_schedule_context":"026203383e1ae65f6b455b5858e95955a07ebf7b673d1ef93ae2bd3bd4cfd952978a62a7d140c519e4a4d9167aed8819b2034c29fce41574f10a87e0dac20767a4762135448ab48be035e789e67e0affbee59d601f0251c30987f11cfc5ac445462e5ce28b7932d547576975e27519875cc5504c30c151aa97ee3dc1398788d52a","secret":"b182e6f939f95a4e97cd8a239da503e39e614c911a1142c6b79275085e22d80cc4c9113b3bf9379f8930805aaff187652b2cda69d98de2340ded32a90b244efe","key":"26321329cf054a5576d37b0a0c9fde45","nonce":"003ec10fde32244c5dce2b8d","exporter_secret":"9c5125374a4d074afa1fb2f8d875ebae2b2bb4436cee8dc57be6fe64c493492c46c6c04ca58c1b94f1126859c7459ac8fd08c8945219987fd02fa8fd14027bf6","encryptions":[{"aad":"436f756e742d30","ciphertext":"837827a4dc33b7a23ab23ddb5f0ed898c5f744609ec9bde56f6b07bf0373b6585c9b04df17203595a4a683bb47","nonce":"003ec10fde32244c5dce2b8d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"20a40e718f89db3fccbe3fef32b7ceee4419e1aa6be0844dd81914f44658d9b39efe412debaff411a186a45824","nonce":"003ec10fde32244c5dce2b8c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"1bd2f1d9195420adfa58e7d06aa900354006388e51bf1d065e2f891cb7175b00a297d4eba78a584589916e806b","nonce":"003ec10fde32244c5dce2b8f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"2e56cabafa81dcd7c5e58e2060c98fa8e3543e1c76065abd390a72c6d3a39745b49d23a3090e360783d3600e37","nonce":"003ec10fde32244c5dce2b8e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"fe3390926d7896140c946723f50dd12980dc5097990f67e050b5a99d10b6947449f6953871234db7a2afcafe23","nonce":"003ec10fde32244c5dce2b89","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"f9d9374b9287be63f8daa4404bb150f162ccf97afd74c7016bf03085f9f4b9511cc2e1cc48618553474c7c7767","nonce":"003ec10fde32244c5dce2b88","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ff60b8b544531a5cdf5dbd0a79a76a50f3369f327b05d5c2145bf24567a475bcaf2e167495685c55454d56b98c","nonce":"003ec10fde32244c5dce2b8b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"8df1f8d039429ef3b6e1e27b9bd59d609c3d0e7515a88c3ca8446ef3350c2f32a8cb0e78ee0b42388ad957537f","nonce":"003ec10fde32244c5dce2b8a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"0a506355098c5f15c8f46212eb8b3df09525207b5d32e180848f9f77022bf7d58bbae86830fc45e658d6c6f527","nonce":"003ec10fde32244c5dce2b85","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a3f4cec2871eae9c16d3093442d065e3314fc78e603e7730cdcbff81e92b8dc0789a5a1290dc9cfc5c881ec894","nonce":"003ec10fde32244c5dce2b84","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"0ec37494f7b2544c1f448226710ee12be3b12c54cae4168e4617fed253b08095"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"77c29b8ed6700ca670a6db3af32bfe1a9c779c695b36e7359df169aefc68ec64"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"a91be9089d657c587a7ad01cb7809760d8f8b7dc91d6d36e56f65ddffa6d62e6"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"a840afe2012451a8115f49894473d23124de4341fbd4212a6127fa1db05278db"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"0af4ca04a20107f7398a6aa40e2674e3fce58618837b89914fa6e1b8980390b8"}]},{"mode":0,"kem_id":32,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"e783b7ad03555657c49ba93b11e2b5ea13fc69b9548b59fe2389f9d879531efa","seedE":"d1497d0f8d8ec8db2b4774e8367f54be80f4c0dc0e9beef474c35e8e3fe8d762","skRm":"6c84707a1b8a46e356795ce20e2f556da0f518eb29477ceb2b5dcfdd68989212","skEm":"64ed0bb5e6b71e91eaf9fbf5196f422f8430f0d79b91844b892b59c25086c628","pkRm":"bc66fc66209686476b3c9b2e7489a3bdb9835df1a888eb5022c417d0ca1fdf7f","pkEm":"ba09ff75d7e2a7a2fa9d698a0706a4e1bad0d5615c55c69628aa88b3fc270a6d","enc":"ba09ff75d7e2a7a2fa9d698a0706a4e1bad0d5615c55c69628aa88b3fc270a6d","shared_secret":"9defe9cf50fffc4242ba343f05d6a071fe3ace1c9d9093eb76265f51609f2151","key_schedule_context":"0073f945acda7f7a9a792b4a2ea025189ef12f6b88a87b421600137423872748fd73ecbafd48f4c15c1959360588c12918ef3b7804b01b088b9c7329c283be06d822b8255fb5743844a872c00dab0350f4b3c350db3842f9b3f8951a62ee666551a290ffb1a799100f0b56291f800042cad3fd852fcb2a723ebe437daa77ed156b","secret":"561142644e4ba9117267514b04f1ba228da1ee10b20b12cf8ab44fddef9431e1ad055103f2559f32fbe8a2cc61d570648e3c697b7a67c26ed20b5e1f010b224d","key":"886c8089975343cb4bd736c5f31ee45d3289133034723e9aaa0eea6d0054b775","nonce":"f70c49b42ede03de377b48e1","exporter_secret":"1b06858fe246cc0260d9fc0275c6b741946a87d3ffafdbe8d0ce6776fb0387bcf92fb07bb305df7a7ce872b6d6728f9eff6cafc9ae0a330887f17e098cb1cb8f","encryptions":[{"aad":"436f756e742d30","ciphertext":"65e2512b6bea0738746d1c9b5a3bc2149c5c7fd43ade420b4c55f884264a2c606dee89aeafa6a66e55213a0dec","nonce":"f70c49b42ede03de377b48e1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"32fa3a5253b53a802a493f9a2c4857775b641a16989c643ce2b2f4c01e49e39b72e961c9a3ed4b648fcde75a11","nonce":"f70c49b42ede03de377b48e0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0e537e6ccff81b53299c440e9045e1374944f9b60c175903037ad7d551e61ee9915b78035c297df7c6134c3ec6","nonce":"f70c49b42ede03de377b48e3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b8c65d5c4bd920821f82c2499da8286f74998bcd4ae102e66987bfc7580094612fa0c560ad37784bda9298fc1e","nonce":"f70c49b42ede03de377b48e2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c8f1681adebac7f109b5cf5b0c7e85fbaa190d3d4a9d16ada8e08763feed8ef2fcb2bb85081c1f652fd45d2a29","nonce":"f70c49b42ede03de377b48e5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"8240b9bce84dc4b202d61e1687b37d746e49b233820d3493ac2a5c97cb3a2f70839fb6f7c4b6eaa80e21e80d76","nonce":"f70c49b42ede03de377b48e4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"42541a69b5953fd02ea5a2f5129447425572c99339a3228016f49153def718e1315292ce7d2c8b3a7f74567bdf","nonce":"f70c49b42ede03de377b48e7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"d2316427e8c48f92f70acc180818e642aba734dd481dd889d47a08fa9a9cb67aa39ed90faad8bda2151a745391","nonce":"f70c49b42ede03de377b48e6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"dbdbb33329d44fb93c437343af27791b2817c1ec392f6771ea598e60e73d06b2714978034f2b5270e80f0945fb","nonce":"f70c49b42ede03de377b48e9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"f8c7f2a437bbcc472cba3aa7928414e4b4cf9867e0b12be1b4de0f8a9177a19d4c2f4fcb7f1f27cad391d7f3a2","nonce":"f70c49b42ede03de377b48e8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"87c135b0f1670f076865bd364a21612ef0afa0cb70daceea3ba9a01b0007a521"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f25e4fd51a25cc972a405638273d2a7b7ee84807633121b2611da1bdf15a2f46"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"83e790e3c6dc91401e5fd3070f31b3a8886ad26d177b0dd2c4e38e1530154bbd"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"3d4f5cb496ace65fdd21b82568ae0e528526df3f10760c55784a2c9a1f46bc37"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5c49cd3ebcb956aeb7e41c9a0f2d4b4c9501f66cc544d8d7fa62ce96d2938857"}]},{"mode":1,"kem_id":32,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0d03b1625cd52b651ce738cbb7053a39ccce696a2783a03e3e9db11cb0a68265","seedE":"10a5f0275769776ea7f121bb9fd7b12f062b8bc14bfaa502bfbcc937cbbd163f","skRm":"939a0b48510924ccf6449c0eaaa1069bb41ab9cf54d090e6c6eb9aaab6051d69","skEm":"d3668380f7053086047e1f8a66e0e32c45c1086002b6a67dc9a942058a655073","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"4af18720a608d13ce17268aa1721876e96ec4173a40788ddfd60c886b4c08605","pkEm":"2ed53926385da5d41c76e75a636cd795fea5200d0e7ef6affd4b741a1196be37","enc":"2ed53926385da5d41c76e75a636cd795fea5200d0e7ef6affd4b741a1196be37","shared_secret":"24f1483ed8d4abe6c92a5c5e5e61e28e9314a71dacf646c6bbb9cff1bcaf0918","key_schedule_context":"01dd48bfdb63d00c44a4845d06c258b5c5b4ccdf948bc3d346a3dde3bcf3b46db6064faa4d81649134adeab3c4027df3962ff1c6fea27fc18fbc63e9d4bf262b3c22b8255fb5743844a872c00dab0350f4b3c350db3842f9b3f8951a62ee666551a290ffb1a799100f0b56291f800042cad3fd852fcb2a723ebe437daa77ed156b","secret":"b99a46823fbdd9b6c3da2adb68d2030cfbf85d3ab7453d91b485dc40799ac1e4eb17a06519f46597b87d211f70008ad9584e69a1e89704be0e20a4f2dcfbef17","key":"36cfcebe83218f402cd1ac2961c6e27d0201affee517fc13360d79bf4d82b3ad","nonce":"590c8c1ac13132d2068c994d","exporter_secret":"b43d818759306b815ceb2d8258414cceb0add065b455d0e95c5c40635d78e9e3ba5ef66f23c237a4f1ee08a709365291577e83d9f620f41a0e94754b6c61fadc","encryptions":[{"aad":"436f756e742d30","ciphertext":"b5039652103f36bdcf1380b947ed8b6dc3413b98cff2c6451aff5fabee7234ace274918eb665f6d08850a70093","nonce":"590c8c1ac13132d2068c994d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"f1a1beb03a0c2d3f756d992cba6712247e24561e8407aef299285cefc337beaf249b8b92325a6718feffb1cfad","nonce":"590c8c1ac13132d2068c994c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0f5f58f918a19f55efc146bf3ecd5c72bb0c00893c02ca56cf291904e1e1f8f6d0768f1cfed9d64d3f7f35d912","nonce":"590c8c1ac13132d2068c994f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"14177f71f6716d128baaff214e360bb9b8dc0ddb34ba7bcb8d0dcb01c548d42d3c43875ec8ff083acba591ca24","nonce":"590c8c1ac13132d2068c994e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"f8ee21f3af210dacb7aea148b444a98e643f161040db1350429c366a667bbc4b0cb6dbf047c2ba9f86a8ecf425","nonce":"590c8c1ac13132d2068c9949","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"9f5ffc686ca660de6101a9dbf412c61de6fc574954f72f7d2c652c0ab61e8597170ec713b5314e41f0601fbf49","nonce":"590c8c1ac13132d2068c9948","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"3f415ff7bc48fbdb69babce3045049ae2bc2a6983ddaf08cc9b3368362f7918bb73a4872c37fed3e3d808a9c1e","nonce":"590c8c1ac13132d2068c994b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"bd2199064b596d3ef9a77fa8a5db93f1510bf996e320da92635e435c4b59120702c344825fc012393dcbddc05e","nonce":"590c8c1ac13132d2068c994a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"789faf060328cb1d359a7a30a3ce9d303612ef9c9da56c78fee82334953d425bb1613e757b2d7ab1aafd5be927","nonce":"590c8c1ac13132d2068c9945","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ac41c4a676448ef3f39a471f588d8576bb30817055ce8ac4404b61a4fdbb71adbababd15117cec7371aac83b0e","nonce":"590c8c1ac13132d2068c9944","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e98921e4c437992d7ac035d74dfae232ef41227e2f27e4e4d801b4bd8934a5b6"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"1269029586ff64d8bde114359411f61c22211e8725a2b86ea145b8b9151c3915"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b8f393d7cea5934e16f4de8ef9a8912104b741ecd464d4c84886f7eef28cc301"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"eb5c8739d172a30b48235316e13a12fa8abd05d72cc5c330fd3ab3de3371ddc4"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"0b15c1a0dccac801a3078a8a01145c940ade7d9993111bf614ac69d073913a6f"}]},{"mode":2,"kem_id":32,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"2a7b45d6305a056fcce0d67b79dafbb432d71393d9b88e922e653beaf8f3e946","seedS":"182775b06c6f01c1982b399bd82a091f13f78d38b5d77bd89d3137435012b7da","seedE":"017d68ccefbcab067d91e07bf5d1e350259a1f66d6ee2283cf0a1bd2a35a461d","skRm":"4d2b363c2a0687c9d47891ab5b6bec2099225a8925bceab2c3b5fc72ed309f5d","skSm":"0400f73d1caea31392020ecdcfeb20ac62ae6307f01483c31d27684e222cbe50","skEm":"e33e3e7527db822323f2c775b9870703fdb7bc5f656ca5bfe8b98b153816df3c","pkRm":"c257e08a244254f8f5ee3ceed0bb3c6910e46f148be79819c98b886311084042","pkSm":"48dc53e8fdb2e3906672aafef929187cad8f2a4c5da18c97a67f9fd9c7aa7b69","pkEm":"9956046c4dc3e938a4064b0f86ec3b8f326aed97c82e0f92a42328388f51727c","enc":"9956046c4dc3e938a4064b0f86ec3b8f326aed97c82e0f92a42328388f51727c","shared_secret":"a020bc7ea7c31373cd178e88d1576865d405c8f8bc7f7a242b02306af17affee","key_schedule_context":"0273f945acda7f7a9a792b4a2ea025189ef12f6b88a87b421600137423872748fd73ecbafd48f4c15c1959360588c12918ef3b7804b01b088b9c7329c283be06d822b8255fb5743844a872c00dab0350f4b3c350db3842f9b3f8951a62ee666551a290ffb1a799100f0b56291f800042cad3fd852fcb2a723ebe437daa77ed156b","secret":"e8bce0628aad315927acfe34c304c74ee9ae48b0c751b1e65036345b85ba4c7200fe241f373d4522d256709b88f806c54c30da02c65b9498e64a9f47d182d9db","key":"12962c25138767a8a57a0bdaa1a2e7bfdf381df782c4c8c38756f69ea706a914","nonce":"9b65f79afdd17fece149388d","exporter_secret":"077cc63b553e1537d689f589867076dd7d601889e5960e40ba7ea2751374a46b7fa01cf24a042340c8386160464921c136559c176f7853da6da4c9adf7d90afc","encryptions":[{"aad":"436f756e742d30","ciphertext":"69c49d792bd7a208614a02efbd94744aaefe027fb53020008d8de9ad7645f5e5b6c9b7afd168e897aa5deacb2d","nonce":"9b65f79afdd17fece149388d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"57959be8cd78ed36953237dae72071217b049b53f0f028b5f59afeb99b034b71d463d8cad18ffb6b94b9e2f8ba","nonce":"9b65f79afdd17fece149388c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"6ccf7df54580a9d4927ea991441b9f0d01bb799de66de783ab74fa156b538184f0ffb5969c678f1cf393cba716","nonce":"9b65f79afdd17fece149388f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"2e8c246a49e206c32efe36f10b3cffb5b12e6f42d62607a874ffabe4cbd91d5a7a5c0fd535646a3085d200d935","nonce":"9b65f79afdd17fece149388e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"8220b6d725cbc86c14fec128fb1a9b06ca183b0f8f5b65dd375bf56f30b705ac56b2203c6fea7d7e3a0323492e","nonce":"9b65f79afdd17fece1493889","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"35499f5d6769dee34e370fe5334668b8dfe0cba924b447643bfef607525cc8d55f1c2b1f80f93eb5fb5dd7f093","nonce":"9b65f79afdd17fece1493888","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"b497af4782f9af1992f5b8e1720514aaa68339893e901fde50e173f6316aff5ce58185a4065603196aabfdde58","nonce":"9b65f79afdd17fece149388b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"180ab688b58578cbffa5db7c7288efbf193a5fcd65050a7bded835a52a9189cbad22a16f33c91a51c972db4eaf","nonce":"9b65f79afdd17fece149388a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"43f7c06777d41a76b00900c65502ef596a89f670852bfe555da1cf93f156a27f1a7b84721388968a5673aff2e2","nonce":"9b65f79afdd17fece1493885","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c697efac7a5c92c9aedcf7f8a951a2e82aab4dcb93c5eca879fc23ef11b9528b90307eaf5ccff6fd6dc98b0574","nonce":"9b65f79afdd17fece1493884","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"2676176972f00ac0dd9c8f81a64afa7f9677a19b978826c7778940c4570fe0fd"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"b5b3c0422bdcb07c9da4e6a18f2d19deabd48a7ff662bdf6b636e1bab916fe28"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"27fc2f21aea82ebb1e237243524586cb6031aa1ab8d1f803f127f5ca92dff8a0"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"8c7896b50d4c015b37a7b843331d1c44410849e0cc49d99833d4f10113beead0"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"4b29cd3e75e6bf4a1bed920791fad6bc5fad920bfe30f6154759f21cbffeeddc"}]},{"mode":3,"kem_id":32,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"8b024d42dd06e8d20eb7949813edbe7399dadfda6c081f97f0eb0e99cf290161","seedS":"4dc5131e785d369fec29b6b6612a1054c7536aff240bd2a99df2bda6bf75193a","seedE":"c03da7722e4622a50def5894f714e1cb9b7823704f0ef7f234713376c45b6131","skRm":"82b9abb9a4ea102ab1664768a98f3eed874eea4f764f64489690ee4ac6102bc9","skSm":"a91d0b1ace8465586869a38cd285f10c3a50e535e2ab675ef491a551e8490898","skEm":"472dc1deebdc2af356ffdea748eac44c4db8855cbef574301752b590484278b6","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"4e5ec5dda6ae02ee6f908f80c7da5bc39c01edfe7152af0da8d175eafcc8ed60","pkSm":"8ed496ebac8da6abe752bb166b4c4388f8e1b15d06379e5d496ab5b14ce3b225","pkEm":"3d47d52b21a5c8878bfc123e62aa76ce5df05b1e0cd74762ae9ccd98414a7325","enc":"3d47d52b21a5c8878bfc123e62aa76ce5df05b1e0cd74762ae9ccd98414a7325","shared_secret":"588898e474468b1e63cb7943ec41835ad8cf89d529c9a914498472065f2ecd82","key_schedule_context":"03dd48bfdb63d00c44a4845d06c258b5c5b4ccdf948bc3d346a3dde3bcf3b46db6064faa4d81649134adeab3c4027df3962ff1c6fea27fc18fbc63e9d4bf262b3c22b8255fb5743844a872c00dab0350f4b3c350db3842f9b3f8951a62ee666551a290ffb1a799100f0b56291f800042cad3fd852fcb2a723ebe437daa77ed156b","secret":"9afad4013cfdf6f4454e7fee7d49f3e7b9b9ad1ba69cd610f9f88cf38e44a61c7482505efd0970c8e561a56bfa7cbf63f720b642991cd626d3c3fe91a9416b72","key":"347612500663d0be23c6cf1473be28df3169b2e83b8783971320bc5d117e399d","nonce":"fe9c8f48b28b6b6045fdfda6","exporter_secret":"88b41d7b53c11329730fe9e80ca27bd1ffafc59c79ff3d10a477cb2be3b5953a6176412f7f9099d50098169fd7ac9ba183a0d533d5857e2fd9c88d891b6ec42a","encryptions":[{"aad":"436f756e742d30","ciphertext":"c485075b232e7e872df61a07561d5931262e0fe00cea7393bb7a75280f703a1e02b8123a4faadb3fe919798ff3","nonce":"fe9c8f48b28b6b6045fdfda6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"c4be24a9ecdbb9a5fa56b519c74f8b5572d367dd4015ab127073c0afadce2db2ea47f9150f52e39fdb2007a722","nonce":"fe9c8f48b28b6b6045fdfda7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"863005c2127cea10ae1c821d04f96cf1e723ab5b37c9f03631d9a45cb6afbe88849706d9b63a93fae1d45eee76","nonce":"fe9c8f48b28b6b6045fdfda4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1ede5bfc3ecaac5ce4e64166ec288dcf45172679f32f581d9fb6ecb312ae2598ff42d1e6f908196f621eaf02c7","nonce":"fe9c8f48b28b6b6045fdfda5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2dd3bfbaec2f89735b051eb9be71884daa531fb5ab7a130eabe54b73eba56f05c68f1d626ed529e8c8f07d5ceb","nonce":"fe9c8f48b28b6b6045fdfda2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"c7b9530761d08c3efc9a3948bca1f638cec20e03dfc0813eb09b9885f83481aee39294dfe5eb58cc8e4bee3f72","nonce":"fe9c8f48b28b6b6045fdfda3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"20422f75ab22af1e845643beb764c1d5e69d534cd933d284a31f893f7a08eb8f6eee96746290520596aeff5f0f","nonce":"fe9c8f48b28b6b6045fdfda0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"7a9fc21915f99f90b16351f6ed394241421a3c439f1c66e41a21eea5709146a33c12b9ed58b34369dfcc5767ee","nonce":"fe9c8f48b28b6b6045fdfda1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"ddd70f33980774ff79113fa443634bdcbb70751d10d14c884a8fc9dfed97db86eb4262dfef14097dfde261fda9","nonce":"fe9c8f48b28b6b6045fdfdae","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"1700189f793f3db0ee7951a5320efee797b38c1d08efa4dcad35969f34156a5b29e219270c784abdbad825bd1c","nonce":"fe9c8f48b28b6b6045fdfdaf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5d741b5b622b3466e89505ceb55e17b66d49866de3e7417d5e6dab1b9c76fb59"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"238d2201bd7466e80d9b6cb2717ec54514c71561da26a87d27deba5779a8ca81"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"2ff78266464d700f81c3eb8be5bc70abfefddbd6d365f82358d2e4e9854dba54"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"71a3a5250fb38dd3a2c6d136740945336827eb0b1b2945025285da6817e04a40"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e2809534e90e79b5ca8874bd57ef01b2c27d13cc6572414015812174be909560"}]},{"mode":0,"kem_id":32,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"bd17a99be261cea263f97d5ed248596078f0f2c5b31f78745c595707592f238f","seedE":"c465e324a0355b2e4b3a5f2abdfaca60817f087bf7ed8205708b4f88a9e3355c","skRm":"80a54bfb48d9a6680a355127ad3e9ea3b8725b47f7f5f2022b79a43feb231f84","skEm":"06a1b9d7915cd1fe501de50d1d2ec1712662f4179b18a672f1622ae807ff2543","pkRm":"cbba177f103979838f8d46577662c399dabe9732cc79f9081e9d481dc533807c","pkEm":"7c1f8d203bcea456ea16ba3e72f1f1d8018cca78751c5b49742df6ae1462640d","enc":"7c1f8d203bcea456ea16ba3e72f1f1d8018cca78751c5b49742df6ae1462640d","shared_secret":"b8d4cde6e1d7fe1f25e09462eafa2dcaf252f4f7c5e0a1f1b0e5dfc3c96b50e0","key_schedule_context":"0087c58ee510f46e12e7e873ae6d81d7ebfdda8bbba76771357f98760168bdfd345464e9f7a12aebfacbc09b2acf5a3496e805c0642bd323b8547bae228b71ddc9314503cc3d6722f18adbe020a4f637c49464a70ef95aa699f2b9c279b02f101f48c3ecc1b64d47ef8aebfde7c6e208bb7a155a65e3c0781df6cf0c19479deb1e","secret":"32a4bd541c869d8cc8b7cdd97e9c09931a76a495026bfc0fd344223e071b323245c60489e5452b08bae1b5dada06ff5e7d3e0e35d32aa5f992259caa8f38fe6c","key":"2053a36e42b28ffe2c12abbf8fead182647cfa0f975054efea3d3d5f16699d47","nonce":"d6af23bee6e537d5b2ebe361","exporter_secret":"65e9541a809e8d17bfe8ca3158111a6912e39b6965b118663cd542e5f2a84c226618196967da0209c3622785f9c22b645a984475d04e57b6ba03766abff2dab2","encryptions":[{"aad":"436f756e742d30","ciphertext":"9e59f241a345e708d96e786986c789b6da9a134cd4e38dde9a8acce177b97052ae6fcc3bf378e3535f9739c678","nonce":"d6af23bee6e537d5b2ebe361","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"2f9b8e92eae0a795fcb9bf1c180e02625f15f76fa95894e5cd21f3b275f330eca957998f0385c30c34e99fb377","nonce":"d6af23bee6e537d5b2ebe360","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"791394c37b2c7910186f885ceb4badba54a3f44054a13475e31e343f476fc214dced7b7dcf349ca3fd2bc49729","nonce":"d6af23bee6e537d5b2ebe363","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"14ea622ea1fab744a5a5c3b875727151741854fb0d948d14d685a8df603cd090bb3264f9a474b6c19647771211","nonce":"d6af23bee6e537d5b2ebe362","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"59b3299e76fcb0c9ed1180c995f34b3a0161fcf9cb055b53e8d548f0bcc001dc79f30619c892e738aeef6c778d","nonce":"d6af23bee6e537d5b2ebe365","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"550f977d3f9ca10a1cc30a73b2e858cdf7a13798d85a1c4c904c908f4612acc6d2cbbaf073a127e41b9816dcc7","nonce":"d6af23bee6e537d5b2ebe364","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"7cb1d8890ad19aa43f84ad86e1d09cc2d14a102e838c19dd55977a1f3d07791ca5f7797671eb66db5099f53917","nonce":"d6af23bee6e537d5b2ebe367","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"d5d9d138cd42161eab8800e71a2e06bb895c1ef7538bb0337b638438e51d824a5e8bd1515607c0b985058ec19b","nonce":"d6af23bee6e537d5b2ebe366","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5f1b9078dabaf0c16821256a0591f1287c42cc22d002d38fbaeb64d77a0943c2f092615185e716eb28681a3a0d","nonce":"d6af23bee6e537d5b2ebe369","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"575e3da798641f1e965d6e18384cac54d9190e5c663959de71b071b1e244763bafa959ed512a0e266c6b1afcc1","nonce":"d6af23bee6e537d5b2ebe368","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5f0a458aca1ea6118fa1d0883a99b5bb626aa71b55de2e73436f53e93b8073a7"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"c5aff969431e6d731c9b26fb8e4377b4e859430345af77d4374dd71461e772da"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0c40105c9bc2e407d9d4a64dfb1392e46d393e78747701c5daaaa530878e001c"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"d440fbf13b9e3956c7d6772166e07305a8f5a396e2bd361b5b9fbae9b0b04909"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"1474f8e9dac70e76041b4bb365f1fc4e1e2509f43c188b5d15b8d89113c197f7"}]},{"mode":1,"kem_id":32,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"c30e9658c3d803a6422b892ce6df64978144cf7d6a992da307a326bde6694c34","seedE":"e1e85070d88e22ddb3e6058a803c5e18f3db025589d30610a196fd1a67e527f7","skRm":"c9221f98c17117ab4216e062481934ad21a12c8ba833a0611ca1910fac031563","skEm":"9e38eaa97787575e564949bd84845965e910ae90a17bf841f68a4c791385afd3","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"4ca2dcf3f5fa2b8b782536f695b3279f03569857a88e90075d5e4a67e4c4a44d","pkEm":"886c15a9d1c3609a3f3f6be3b5d1b60817f6a557e2b7344456dbc8ae49f5e93c","enc":"886c15a9d1c3609a3f3f6be3b5d1b60817f6a557e2b7344456dbc8ae49f5e93c","shared_secret":"222e3ad153c4fbc5d5044711ad16e5929aab1f072cfce7ecfac23b31b90167b1","key_schedule_context":"0143c397935cce815be04393774bc6bb839a62e7ccfe08c622716b273836d78abbac643b1a9ed26e5dd5ca7c1474c98fbfc32c0cf2c784561ce67d4bbed5cd2c98314503cc3d6722f18adbe020a4f637c49464a70ef95aa699f2b9c279b02f101f48c3ecc1b64d47ef8aebfde7c6e208bb7a155a65e3c0781df6cf0c19479deb1e","secret":"0ebc65a14a17dc5e3397c3207b4b6943174e36718e1a63bb7c391c989ceb5c781fbc24641c209bdef2550be5d6c26bd5c8cce772ad65947d62549695b194bece","key":"e9d8a65ebf6384c2e98619a700a3ed4c80b1f4a5d0fe36ac32d19afac15a749e","nonce":"b11eb847d5050f3299c83832","exporter_secret":"c949d252eddb9d52ca395e8f4f6cb1d10a00c36cae2477de74bf46285edfc3144176d3258234e26f3ee1a93fb389b9ccd7036be33ad32acf0259d327e73e18a0","encryptions":[{"aad":"436f756e742d30","ciphertext":"2f3eba789b7706b85fd2fcadf189f640a726160a7a0ef22b6483aaf69210c02d4c22113740235783dbd70ca1b7","nonce":"b11eb847d5050f3299c83832","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ea76c297d6440fcc6e753980678adf65389171c591cd2ce0cc6de56c4560e6642ca5df5d910b3006b653372657","nonce":"b11eb847d5050f3299c83833","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7bed7b81628f1892518ced3b292cdf8e17dd0fa270600177a5c122204bfc381bc01f9bd5de77c4a568055ad19c","nonce":"b11eb847d5050f3299c83830","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"38ad518591bbb6bbbe114e08e76a90b0040ef5571dbeb9a4ca778b72eba6e729c75efaf476e1dc69d2a95ba304","nonce":"b11eb847d5050f3299c83831","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"a38f5cf41d1ad3802ec4043067e4ff1aff3c557d1961cb76f6fbecea500f45ce780c27cc2894057093298d782e","nonce":"b11eb847d5050f3299c83836","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"0844adf506c653ff4cb9eaa595b4a6382055d53bfe4490a323d3ed0369b33a206f6fbed3a2c2409a646edcce70","nonce":"b11eb847d5050f3299c83837","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"747700aa0de178a38e2ac8ee358e0d79d2b6026a8e86e215312d359933da08bcbb443e9e2280932e2e37ca0c7d","nonce":"b11eb847d5050f3299c83834","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"31b7a490d05bd9e31b6ddc82b2eef9d6500675273e5c215c2f3fd4a28f04b73c752a7b7f89c2220cc5d26d3ef4","nonce":"b11eb847d5050f3299c83835","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"b57d6cb945a21064c1dd0a293ae28d315e7160764e20d48f50ba9be6d3d530cd064a851f7f9fd16f61fd8afef0","nonce":"b11eb847d5050f3299c8383a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"1bb75c2eb81165d8c95d893c9dc1425d2de1628696c488d6ff0213674a6bdba09a3ad6ef506ca339d64f02e46e","nonce":"b11eb847d5050f3299c8383b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"bf8d87036ace4835ee917a504016601ce7b5add0b8d72aa64ea493ea241786f4"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9583f302506aabded442f4a3c4cb976682fed99c4bcbdf5ad41c2f00d3fbc27a"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"fa169c1e9ca8582381a72b5067da174995500198484520d60d22bf9bb4c34ead"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"56fbba55aef923240daf63ebd30508e891cdffbe0bfe03306727320d6dfa29e6"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"eb30f91427038c6e3716310c0ffc431ca9ea2b10c2f264f7aee82f86f817b8e2"}]},{"mode":2,"kem_id":32,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"363f0085e3c914edd27a323f84789c2e206c6234811d7c7f5b5c12c0d3e67b59","seedS":"5ca8955411a106bb9ea8329bcf0b31a374bf9f01ebe394f53733c843f8917673","seedE":"764d97c13832b46cf04eb7ceb50c926c83ae5536f035f29901cefb97c21018c1","skRm":"d141e5a404d693aec79c189a41687f3a31c5ca98d22b0a0d816ef7f1841ffc95","skSm":"b6b32f5d1d926e84f0a7b0f681a3003cfc6a35ac9ce2756c723912850f9fd0c3","skEm":"e7909be5308616242af7b86d8c1de4821181c6daa8dafac2b15d3be550fa284d","pkRm":"b8856097782470ab2c82d747250fac3d8fad9c50f932c271ec8474171f842425","pkSm":"3f695084ae37582436720b354913adcf670a84a0fcf5402a3e04d0b6966ae90e","pkEm":"3be0463d6f9cdf743b0913115d8546788b23125b1108473e4cc064e9c0b7315a","enc":"3be0463d6f9cdf743b0913115d8546788b23125b1108473e4cc064e9c0b7315a","shared_secret":"ce822a6c6990bb223d231a465a816fb33df4308b9e510f2b015ee2dbbfe21c40","key_schedule_context":"0287c58ee510f46e12e7e873ae6d81d7ebfdda8bbba76771357f98760168bdfd345464e9f7a12aebfacbc09b2acf5a3496e805c0642bd323b8547bae228b71ddc9314503cc3d6722f18adbe020a4f637c49464a70ef95aa699f2b9c279b02f101f48c3ecc1b64d47ef8aebfde7c6e208bb7a155a65e3c0781df6cf0c19479deb1e","secret":"b050a99f3ff262e6b2b0f44ae4f8aad77e4e7448b01bba7259b30aa5b98cafc5b7aa04fa5dbe1bfb60be9321d081f7a072e1f7c00277ff8468c1a9c34db6bc21","key":"cc3567050a01273280d84800736fe9b6d4dea9a3fdcf79bb304aee9d73b0f68e","nonce":"17d7c834b3345e54be529050","exporter_secret":"e11fa30ecc7d77f0afbcafa34c724ab1e1401d84fb973f21d75878f0e0af171a2ce1ebcc777c0173d57a9983c6da96e89509f25d4d953c1ae24d26140fc41029","encryptions":[{"aad":"436f756e742d30","ciphertext":"b3a1fac48dc6545072af738f976361d3cb95098bc670c0fbb3d0d99173b4682b2b40336b71420cd48c6bf7917a","nonce":"17d7c834b3345e54be529050","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"75e134e0ab362827c90b13e04fad8a02075aea3d965890fc3dd7be1dde8406f16c7b4a751c887e5bb48062b2cc","nonce":"17d7c834b3345e54be529051","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"fdd8479be3b40ecc28499796e89e6a744295709069c59fca2e6c32c92b4a954ae9e597cbd244c51827c8af852f","nonce":"17d7c834b3345e54be529052","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"bd3612cb0b5880344d6d0520e3ab0d840716d1c1935ddb49b8dcf560b27642b2768d9ec6dacabe71e0ab4b56c0","nonce":"17d7c834b3345e54be529053","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c5d4fd561b3ec01b2ed97e3677e5fd3b6a80378974245d0364ead9160ef8990d4df68141cc08c08875ac16cfa8","nonce":"17d7c834b3345e54be529054","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b0a6df60a2032daa7146f6bc44328f8e71401b790019d6859a00748ff9776f131e1cd653ed600ef8df6b4dda07","nonce":"17d7c834b3345e54be529055","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"edea5a2976a6919ca3f303fc32b6148daf57a5ebc1715cc7979975bf34dd189965fe07a23416a99f54877ff604","nonce":"17d7c834b3345e54be529056","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"1f349017fbfbf3f5e62b91a884177eec09102ea320783dd30d6c9b96a5c8ae296a3052a4f0e41e3fd8562edc04","nonce":"17d7c834b3345e54be529057","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a5f1ccfa3e64a7ea4bd6bf3955fc5fb8e6ce187474e90c762732b9440faf49fa40695c5545c9a6ef17b675ed54","nonce":"17d7c834b3345e54be529058","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"4ece108c75a3ccdc2e430a969fd89a3e3339b7168560d8ccb932d373c63d0c55b37b139a67f2744f4d67342b86","nonce":"17d7c834b3345e54be529059","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"42181bb90eb2e1a419f10b0a63e752c5301a9c1bb2eddf85d153d10d40c1b8a7"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"1d3e745c429d3efb9fc7cd4ed1807551ecad38b99db0a08e683710745499e798"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b715a7cd3adac15a1f85a96201eeeecb78e057ff89e448fe527068f462c93846"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b1d367dde1dd771fac5433e8522cf6fbd290ff589b491430c24b89e2c75092f9"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"eeefc65db8df1b1bb3d4513a918b1485696f1e928a7155ac47138a4a333a893a"}]},{"mode":3,"kem_id":32,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"233a58d91e52244505bec4000ad9d835d05e88517776d28fb90c32efce830f7a","seedS":"ce18d4b2548facf57aaed72142db5eb562396c07e445d5c8bc9efcb5488efcc4","seedE":"22826ded7a08458cfbe1ec517cefd9ab8631344ec9364a86bf3635fcbf16b6d4","skRm":"7d6405d7177b2dac780da972e747e2f5e6bf8a0ecd8a39c135513ae4db24ea7d","skSm":"64cd714c1fdbcc80708e8a5d590311e5758353b2787102638623d68e0e636d14","skEm":"cf40b44720860cedcbed79de0fbcaedefa6706fbc9963748111482c78b1b0b66","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"08347bae5c99bb13fca893f6cbc70638dd7a2ff9058a9750ace959f125484926","pkSm":"44f97e6b0f9f3f7dc2c731f1a1f42d96c6e4a8a3ef2d730c041801c8780b1448","pkEm":"5d8fe3bd678deb9ba21b3ed36fca7cb51382504f33b1c60a0d71be0643843151","enc":"5d8fe3bd678deb9ba21b3ed36fca7cb51382504f33b1c60a0d71be0643843151","shared_secret":"b2d3fe7eb181503689a32e08240b492442a1d3340e9fa8820c8e9af056e34b7e","key_schedule_context":"0343c397935cce815be04393774bc6bb839a62e7ccfe08c622716b273836d78abbac643b1a9ed26e5dd5ca7c1474c98fbfc32c0cf2c784561ce67d4bbed5cd2c98314503cc3d6722f18adbe020a4f637c49464a70ef95aa699f2b9c279b02f101f48c3ecc1b64d47ef8aebfde7c6e208bb7a155a65e3c0781df6cf0c19479deb1e","secret":"f20f4f3ccab5c16814ad12a1ce0463e11075b2560ac25e7984a45c4f7784bf3192e7fdc423210ad3652957fcd1e5fe6c8a653605a4a2fb4eaa1de67b3e8e70a0","key":"1b15b275b603558db955eb490cd8717514e287647e07a28e82b7a20c5f2870c6","nonce":"d81f1a89588dc2c61da33085","exporter_secret":"126e127812f6e44fa04690dc8af2701ec8d348d647e7fedfc8d1fedb9b394e6efe0c4f3af883e625c744abc8929c165f17db60bb8558e7cb78f1c29c695dc942","encryptions":[{"aad":"436f756e742d30","ciphertext":"639f1871790993148f8c975000124fd323ed1353fa653875a5779adc7f3342a96ff835f70c41a6d9b36b29cb1a","nonce":"d81f1a89588dc2c61da33085","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"2d47c64b2fdecd7a58f50729d9c1310bb322ac321d68dede9a84dfec8897f71b1122aecc830eb6a43805552aee","nonce":"d81f1a89588dc2c61da33084","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"d6cf3482557de23c52dc62a6f2e7425e6606484ffac099dfb47f9119d096ce6112b6de8981d7e884093ff3e80a","nonce":"d81f1a89588dc2c61da33087","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"295f254ccc64f04889a3b7c7102cd398bf3d2f7d364764aed1ddce25bb5f36e3217a5d50444696cfbb5e64b8cb","nonce":"d81f1a89588dc2c61da33086","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"cce3b64b62d742c9bc50c43111afe39472a4c4b030a4f66b5ac696d392c7816845e143ea7d076229c4b112ecb7","nonce":"d81f1a89588dc2c61da33081","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"a0ad35f0f057038d628fa577b8b71d577eb747a510eff008c13c80f76c4f31e038b7303134d89fd3a336e15ccd","nonce":"d81f1a89588dc2c61da33080","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"a803a8e795ba403b00825f2614fd482ff4ff1e875c4a514fcd2c04aa981a19976595846b66fcc295400276de9b","nonce":"d81f1a89588dc2c61da33083","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"90ea0b5252d5c765ee0a1215c7478a548cbf86788a204bf0722c304f68f3a6688316e588a10675903a9f3f8253","nonce":"d81f1a89588dc2c61da33082","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"213bcde6d5c846e1781c50efc9ec5f4ca86cc3c1888da0db59bd1aa9c3b834741a2aaf85ad1af63e3dc596f8d4","nonce":"d81f1a89588dc2c61da3308d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a0f16420ca607806dc1d058805297911a6cc9b7a4ad0b26690bdfde986784bce41c5d24b09c72f3390605d2d3d","nonce":"d81f1a89588dc2c61da3308c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"955fa57827a8f9306db8617a7d3d436ed9a02668ceb7293fc69c01008858f4f7"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"3f5cdb9ad427a300e4083dc10e72ab1681b833865d6488748733a00a10361b19"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"c307218e9d9ae3d6ecea9c7a1de30464d22e054e0302b47d461820c0ec94ca57"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"536c514d7bf8d9b38b8048468b2ccee56d12eaed756b4e6e6da91be09cbbbdf0"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"76025659e4a7a00e6b7c3c85b92d722c6b034b90cdfb95b72e75eea80937ed90"}]},{"mode":3,"kem_id":33,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"11ea3791ccf3c31d8ca4a02f3b17ff10ce4e9ea58725ae8fb161e87df4ca32b537ec94862245ede88eab4a163130542b520a92785b9af864","seedS":"8eadb637621667d3e414c6205adb9e9a82222b2d05a3bdae240f3c3677cec67349ab424fb2b97c7da16d3f4d9ccd2fbff1f6bdf61b230088","seedE":"199880d66afbfc12f3e53c187e7823361aae6b0062e96d038b3e35ffb8557c6fa14a916dbc3764a5ff0ca74f1c866b16d437dae323693942","skRm":"35b8703880baa256b1514b1dbe9e35fa5736dea679d36fd30b2f648a60f659f3dea3d0442610fee0d7bfb471da12b39ac1193b8a40c8d9e8","skSm":"eea8dfc2fd049a16f72c925d79295706653e87c45a51709f95592ee38535bac92c78c3d2eba119e29a60aa8ab48c72c5b4e64fa6139781e9","skEm":"ceffb64f0cf79a10ed0efd136fd1907ddf04d190fe6bd545a576a9bbe156c61c1a62ccb42a1da214e81e7b4c6a4526d1a760af1470cac70e","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"d547ae02df61beeec89acbebe8ddf18b3d0f5ea4bef46febbd6c1da54a6752730e108323f42680ef66de42567244bcc3b76ba4536380ea45","pkSm":"ba37766ccead9080896568e64f31b29d1a9537884c900c9ab9ea5e0717bd991821051884f35ab27fe07ccd764ca5906cb2c1e5db68515676","pkEm":"1a8221557a9f356c3b58666d694fe4c63222d273d727a62e7c96161ebc2c32fefd057ae9625b87ae894dadf733827897b1060cb6564ba7f9","enc":"1a8221557a9f356c3b58666d694fe4c63222d273d727a62e7c96161ebc2c32fefd057ae9625b87ae894dadf733827897b1060cb6564ba7f9","shared_secret":"68763a46f6566802d4e5211dfd0cda20574cdedf198789cfedbedd93673952e84b91240ca1df8af2e150d917a607b1272000b5b33f066267abb5fe2c87be84c2","key_schedule_context":"0378a529697c7004818b8af5a225548b44be8d0766690b5a2ca50a9cba77481c23ec45fc1e118e7e28e97cde7959a48beef4959c6176131f818392aaad29caf78e","secret":"a16f2cfcae1ee298ed69f285390ce99ac5db538d54e943975d5b9a39ab44e7f3","key":"87146c90840cc3e18b72613d2ebfe8ac","nonce":"310ce50aa641bbde455b8e76","exporter_secret":"252aa958259709dabcd9f165b987c7da356f6e006e77f23e9a7e11c1305b0d18","encryptions":[{"aad":"436f756e742d30","ciphertext":"3d275b7735f8cd485f543c291ea80701f3a3a88e9c89a63c69e512738ab3e5b507e8306f96efc9b7fb53cfc1ee","nonce":"310ce50aa641bbde455b8e76","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"be3ea270a97e5a5f0f80649a7a5e835b2c5fb505f13647e449bbd6b132837d11bfc3e0212038318c23a7b7ec95","nonce":"310ce50aa641bbde455b8e77","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"94151334b02244fe0fc86856339d40f43a7ea77f4a9ea3ff8e71df97c756f31dfd884d5ee90708ec8f906229a0","nonce":"310ce50aa641bbde455b8e74","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"05a3d260e4f835a1a34cea954843c2b0b7e72693d6e076a402bceefeeb696979ee961d461b9b5d913c6230a709","nonce":"310ce50aa641bbde455b8e75","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"4c66a3a3c8f4826b911290f703bb80ea619bccbda4fd23ef8393b4649d2a8a2f039bcb2e1c4b939d4b1931aff6","nonce":"310ce50aa641bbde455b8e72","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"50279c22488cab35baeea5d859dec0d86d39f426a545583077f9961faf0de7c6b60409e56088c43427a683ed2b","nonce":"310ce50aa641bbde455b8e73","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"2840fa9d3435084701797c8c6bd8fb0543e1d0b9a242ab38b4283ebfc99bbe8861ec39f56ac9e1226871e732b6","nonce":"310ce50aa641bbde455b8e70","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"84a8db32e486663fa9cfdc55fc4e3f0825062c8b04c10ae5877ff1f97130586385d691775630beae3c0a65f4fb","nonce":"310ce50aa641bbde455b8e71","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"602a233ce5aae8face241c18279a1716abd97ea0ab59c4824fcd72b277459e0d0239b3ac7b54be2c6a0e8bbd49","nonce":"310ce50aa641bbde455b8e7e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0d6dabb93cea5f584c34aee6cb20a8b796004c23270f67db78493995b52dadf95e1074527a7c04a7f8a62fa1fb","nonce":"310ce50aa641bbde455b8e7f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"d1f616aea0d1836d387aa5bf4d062dae6fc9092eae034c6db70914b3f16acf03"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"148c2be20001da340a4b71840fff6bd5be36d8d54d250c176d4c3245a70ccfac"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"5762892367434465262351db6a342e95bc6d62821ac9a7ffd28b8359bb75adc1"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e56358ec3a531328a19a4976360c3b20a59de2a8ecae73dd63977d25abc82735"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ab40d827b55a42c28ce9308befeb526feb72ba73a6adfccdcb8798b5a1c239ff"}]},{"mode":0,"kem_id":33,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"edd38a46ec129da70b75ce398e57365d1ab3600cd8984da1d96df68d75b3c7cbd871a8ff0be7dbf0b3fa44f66689d63f237cfab36bc70070","seedE":"c7eeb0549f577095706400cef8bb0689580de6152b89bef46818769a18d4f5480cad49531d9329668b2f64161f62036a56e9db128f756fc5","skRm":"ee9d0a8f539ee58e5c813c4f4c4a36a89d70492a4e888b878522f902f86cfcd77eca4f21ad4c9728e1cef9697c94905a950ffc7757d3dbdc","skEm":"5eb24f3f4f474f4ac8f0027048b8ea230372c52d89e04f31d6cab3e1e5b46a22c61d6424b19408bf35f03888b734c8d3baa75342a1f9e14b","pkRm":"335cb28eb12a5677f3e3f4678df86d674141e258bf1709a2140a1873c6e8543b68c26f577a457bb26702cb47d79d07dd971de493f75d6965","pkEm":"4bb52b1773b7d3b6bcebf5b429e40e83b8b52b987829c24b417e5c6d5097ff6c55de1bb3501c1f50466b2ef17cc76b168066303506be93e4","enc":"4bb52b1773b7d3b6bcebf5b429e40e83b8b52b987829c24b417e5c6d5097ff6c55de1bb3501c1f50466b2ef17cc76b168066303506be93e4","shared_secret":"d2c00054bf68a3d564dac55dbab0a6f74c3061b8f9b8950b7d6bf80827e203b78dbf00951b577addddb0d3d78af29ae88f9c0cdaf9ba5523d1b0e2f3b59190df","key_schedule_context":"007637e763b51bb8f614a2ab36af7b189cbe66dacd3714f6721c6e066e7b3515acec45fc1e118e7e28e97cde7959a48beef4959c6176131f818392aaad29caf78e","secret":"ee471671bac354cb8c7ce0eb08985143ab37d69bd7d55a973e385fb07881c296","key":"8e400b071a712f8422ad65ceb76f9506","nonce":"27fea2c4dfea3f19f2dc6c37","exporter_secret":"56e731d650293604be9173e9d78a683b703859c2443480b5b2401f802886e079","encryptions":[{"aad":"436f756e742d30","ciphertext":"66eac177fa8f12d727205e67903b49155c1e3924cb83a23ec4dbd4df7896a7794931d4023dc02fb34d02cb1801","nonce":"27fea2c4dfea3f19f2dc6c37","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ce3ee44de9951aa2bbc3c31ef4412d74f7e263e0f70dc9cf56f7f6bddaa30aa660bd79a17372e6d18009c303d0","nonce":"27fea2c4dfea3f19f2dc6c36","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"ec6a5731db1cb2fea00cb7715545f9658ee95fdd122fe83dec34a34987dc34c44b28400e19d36152d0e67e08d5","nonce":"27fea2c4dfea3f19f2dc6c35","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"fbfc9583d7511e109bbe5b09b2e0bffca8a99b424cfb5b346654a485b6e372e617d781b3dc050c1b0b10ae8b3d","nonce":"27fea2c4dfea3f19f2dc6c34","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d8814497888486f325c45b734caf262abfa52dc6ce0f4af60ece22e7d5f767a459e6fbda7386ddb9f6aa2462dd","nonce":"27fea2c4dfea3f19f2dc6c33","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"0f0bc72403d629e51e8e99d4f3ba83475f0218c9d1f26221aabac5883655f1477139baf808cdfaa52e06526b14","nonce":"27fea2c4dfea3f19f2dc6c32","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"cd707965ecdb2f6e3f0bae668bd475642882f2b1232dad6ad6aefd9aaea21e0f01966f726c8c14eb75407c9d42","nonce":"27fea2c4dfea3f19f2dc6c31","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"d5f85e23cf15fb39f4c12f666655e22bcb07644d190d5466c7704c34a31e6796a42190caceaf2f5bdc7c4e3020","nonce":"27fea2c4dfea3f19f2dc6c30","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"6df05d157cae48d7e4e3ebc309d47e9c936452c6bbb558506dbfca4e1155af39001f04594e327e48b14cd00b61","nonce":"27fea2c4dfea3f19f2dc6c3f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c267b3ffb34a30789b1351bc9ae79d6bdba44c18dfa1e1edccf53882c78011270d44ad9d9c76ecf69a02470c96","nonce":"27fea2c4dfea3f19f2dc6c3e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"9c160bdcfa734da33a9d11bfa1ff1556acaa3c59d12707b563909dadeb739657"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"3f1cd49a2cb62a712b6631bf0871e4a9dd201ea60115751838616336c9acfbc3"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"bfb779e1f648f3c6c0a0bf913e70ace00ec17e93022b9f312e031989296ce63f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e1acf2868c209c568193e020afa9c4ed7525695cdf1daaf53d5c02b599e1005f"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d4ee15708e6e5770d522d626780c89e9964d8c2a2a9d76a2851e02dc50579e9b"}]},{"mode":1,"kem_id":33,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"187c91efdf36a6881e056705e2fda3bbff11309834c93be10ed9b9cadffe55e883fa2685e1b9d180308f49d2d273a24a651b9a07434c2d6c","seedE":"38c5b1535dc834d8c99bb90cfc62b8687af4de7105b1f41dd44a0a66d90545f4edd577ee6312d3af08c23cd040772aa2ced12b5df36002c9","skRm":"210cf894a93c2de421e3536a20d5fad929d41d496d0c9151633809e036b5d02a67898b85cda8a8370530fbfa983b6470352186277c48cddd","skEm":"c3724fa946940c0b8e486be840140c10c7da3a8aca782867ea301bce43e2e23ee9fe7c4b71f40feb3c9d27aabf8781787ded1cf01390efd8","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"4af54303289af16d303d8790054793f50b65a18d8d062da29c1cfae100afbd975e06573a35a9c1a2a5a152e84d13084c2c5836c12cc2ed6a","pkEm":"191b7f447d5043df3981b3a4b257864561723972aad8a89403be2ca6fbd7e9108f6d9a6eeba1ad3bc943df84be110fd1456ccedec3b665f9","enc":"191b7f447d5043df3981b3a4b257864561723972aad8a89403be2ca6fbd7e9108f6d9a6eeba1ad3bc943df84be110fd1456ccedec3b665f9","shared_secret":"0f609813e0f5c6b4b39df0dff711e9f897241f7a624952dda9205ba2dcdaa30018c259ed8e64369d24708ca8a220eb2ec7b453c3a0c8d899efaf69e58ca8c781","key_schedule_context":"0178a529697c7004818b8af5a225548b44be8d0766690b5a2ca50a9cba77481c23ec45fc1e118e7e28e97cde7959a48beef4959c6176131f818392aaad29caf78e","secret":"aa693e8819e909475870dd6aafacd3bb7620a1c59932317d746f3704ae02695a","key":"7c50dcabd485d519a88d94f02cfd0d86","nonce":"864426e0ef9dcc418e3ef9b8","exporter_secret":"5a9c352865fe7fe15a190a0ae3f35719c019585868fca86708878073e8326fc8","encryptions":[{"aad":"436f756e742d30","ciphertext":"63fa252f8bbd9f1dd1566d018de7b3718b822b2ddd90a451220f6f845620b0ba6b63a90c1c2f3c82ffa5853acc","nonce":"864426e0ef9dcc418e3ef9b8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e990656d4d876a3496a6a5514f9177a712bdd8a3aa12923a09ff4c228548c8a8b46bec3bcbb4e6571f3a8a7331","nonce":"864426e0ef9dcc418e3ef9b9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"2c6f35ee1c6ec4703ad29b9ee01bdf177fbcacd49cd5f04bc17b1b251397637021dd5a79c105ddd79d89d3e341","nonce":"864426e0ef9dcc418e3ef9ba","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"030eb9875a0edee2b8447af20369ea721040a89559214a46002ab43a563c970bc73064fce73334fbc71cfd7636","nonce":"864426e0ef9dcc418e3ef9bb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d94b837b9860700a90fea288894c6a9a5511804e63c1bd4fe0cf5e20efaaa9129be4da204a8086184372a1aa03","nonce":"864426e0ef9dcc418e3ef9bc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"90420a577ee23b66cd374f936ea5fea85a647aa57c96b67322e36f2c4278e36f9c7e7621d4b56cddd87cff5e29","nonce":"864426e0ef9dcc418e3ef9bd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"32ff9b476a56d18b1ccd70caafdd06bfbab782a19a874d1d4ee2a016c4369ebdb485f80425406febc77bc70352","nonce":"864426e0ef9dcc418e3ef9be","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"8726a6384f5c10e897a68e9ebe69535a707e26628e1fa945f14b912c09912ebfd1faf60f4f0532c674fa499664","nonce":"864426e0ef9dcc418e3ef9bf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5bed8cabcfa513bed8f35b43f3ecac3f0e667b59c0284791b2078eb0a6b57ad612a950da0e3a5dbac4ad85c5e0","nonce":"864426e0ef9dcc418e3ef9b0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ce504a031cdb8d0a7970b4d4cb2e9f314ddb5d93779a08b4f65b2108e90d2d2da5bf1f61fd42556b938bda09a2","nonce":"864426e0ef9dcc418e3ef9b1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f8e2b59efab661703ac7f65335c4fe1a2d6844e0ee77a196ab9d57015cbd6202"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"8395130e27a11d1b3ec80a72f8788c765c6a4968a786e1208e366caee58efb09"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"f97c3ce62fc4f68835a843e9ded3add36d58ecabf0923f544f98a41d2d851247"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e6a936202ec20beefc991f170c1a5389bfd93c0d8bfd8049356f0e2ccfad6498"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"017a0f3d6641c13257ecfafa3554029f8426254b5a29a4e37cbd6d86554fa8f9"}]},{"mode":2,"kem_id":33,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"f8a2a7ecb21eb886b8ec56ab4aa02514ed1ded3c19abbc6d58bc8f7b596239aed469bc34cac73fc8bfe135a0508dc43c3747e7feb245caa6","seedS":"746b24de561783b87bba3616ea7c631675038cc0c5bc2ca8fc50cb793e580594bc7757b9f554a20be294df87778508d82955efc9a954551b","seedE":"dd35cfb173339595853ad88013c1a4fb8c55d985cd3d226ae1d3fac16ed19e8b73dfdf8c6f434e88daafa37373f22b13553beec50f34f81a","skRm":"4c14a13eacf01df0db63dc7822e3ea90eca77ae8851d54fd0f4f148787a5168893bc06aa8be1908cb9e5e545820f9bcb3c467d6b0e65defc","skSm":"243770a3f8ae7624ad981a24a8e047cb0a7c7eb014fba1657a86c92b6c9cb3b960e5cf329a97af728525d8e151cf3a89feafc7dab4a8048c","skEm":"b2a1c90ca079b0eeedbf84434defaa6d6a6e3810bff1e939497e2410fefeb7a5c5b046389652077e36dc006d8479d1f43c5e7c79d304df09","pkRm":"d6fb3e761720de6797f7838550775b814df440c76cdad8e1e3071ce92925a5d898f075161ccfb8495b0297471635fb1c8f77ffc59abd2dde","pkSm":"0f24fc27e5eddb3e68338bf7712d4d42788e5ef32ad1748fd684b084c8bf2af8e82ba23a6a189554e53bc9ac22835b1ae9d3ae49dad1a0eb","pkEm":"0de148c3ff3655e2444fd1d75eaa5902eacc445471184f83ec4da9db6cfca54071ae6d3c5d2efdc1152e80910cdf5f0fc265760857434490","enc":"0de148c3ff3655e2444fd1d75eaa5902eacc445471184f83ec4da9db6cfca54071ae6d3c5d2efdc1152e80910cdf5f0fc265760857434490","shared_secret":"476026ca9903b0a6f30ab99c390a6d89ce0e43c4acdb08461f409a2e8bf342eb5ba4500ed2281257b2fed23bb1bda9ec815cb31355a8f694edcd63acf159a982","key_schedule_context":"027637e763b51bb8f614a2ab36af7b189cbe66dacd3714f6721c6e066e7b3515acec45fc1e118e7e28e97cde7959a48beef4959c6176131f818392aaad29caf78e","secret":"40b76560320db8ad9a5fbf31f7b28c68dc7af634a9a58b2984b95433a6010d03","key":"e8faaa9faf6ddacdc5e8d82de34e62cd","nonce":"fa479777b460af5d94cab5d5","exporter_secret":"93e6ea450d4dad0ed95423cf9ce4ade6150a9aacc6b9f61f3a3ab1ecb7ced63b","encryptions":[{"aad":"436f756e742d30","ciphertext":"8c0d8a1d769c9d05c7ed6b82d3f9039b773bc6ad1f8bfda2d5f776a08c5f9f1282eebff0fa51affcc260bda776","nonce":"fa479777b460af5d94cab5d5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"b75214a4d494b9067afba98ec855d7f7231afc48d48eb8b4ecb0bfcd452e1eb8620df63b2b5e3087d3040ecf63","nonce":"fa479777b460af5d94cab5d4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b24f59a49800253dd6d4b96a366d29133feb4a711854957ac1dd089f77a94266274a1d1421b53dc677cd417aa0","nonce":"fa479777b460af5d94cab5d7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9ced9a7a63732cab78bf083f4bf2718164d42366502f15eb64104e39edbcf484f62a5e9f9704765f27cf04debe","nonce":"fa479777b460af5d94cab5d6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c773d78e116e80bc8d367b1eea69b0c25f80286cef049befc13a3fcecd3170049c6c1f2cfd1dea99c03b85887f","nonce":"fa479777b460af5d94cab5d1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b4c981b6f5a1534cbbda8106217a221cc9a155e6078f470fca174b19a464af8f4878f5a141802e984c69ac03e1","nonce":"fa479777b460af5d94cab5d0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"43004b3d9b642654da6782a080bac6f1678f6b0ab99428dcfbbccaef39b0bf178bdd8ea3b2114346ed93bb7b2b","nonce":"fa479777b460af5d94cab5d3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e8404d6aadeccc39026cb8e26facef1383664662d673d94057e719eaa7fd4b8c1bce863639c0f17aa40c1e6ecc","nonce":"fa479777b460af5d94cab5d2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a278bad4d99b5a9c3d84844af85af63df4ca96feb35f085e86c6d2a041ecea21f5301d6941024faf7e3b68ce1a","nonce":"fa479777b460af5d94cab5dd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"433fb80b33c14f6a62dcd85883150f5128add3549334be227c877bc58dedcd73aeb61e6abc4338393ef06de834","nonce":"fa479777b460af5d94cab5dc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"89b57b9f22443d8ba2893d594bcfc31612168c6aa338a610476d05bd3934f8e3"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"32078dc3a22f99b3c84363aa958afd7531dc9b9dab59e148d9fb2a4f1cb7dcea"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0eabe263bc1614a06b28cf334ad5a39651e5b2aa89f9e537b9ded0b39b3166f8"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"0deebcada7d72d4c211493d2f8a0522690ee6c526e098f8758c67b57b74208ec"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d12502f84e8ba530184fb14fa3aad4d4b85b5365bce22f9e9fc818d487654471"}]},{"mode":1,"kem_id":33,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"fde902f38e08bf251b43a479755f883f1110159c663b6a57e300a75ed5fdd65753501c76dc59f17900b75f90a7f05a4663a8a06abf0533d4","seedE":"d6758984451862254c489381c841bbf554485ff45ef4f69f21531139e2821493d297665bb99e7ff77c194528dd3520cafdbb0384410f1a75","skRm":"b1d73fc566eb793a3c249043b8773496970b2f43a96629f710960b1dc5226f4203248bf976a6c6416ad29b9f40eac39543add592f9e8935d","skEm":"99ae1146dc27216e42d1696507b3995b32aefcc46363981d3784707beecbaa4b97394e604c9aaaccce28a44fa4c76d8449cb161cf7a69ea5","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"8a27c8ba8b8e8189c7a6e0523d869e1cefc69f40487f7c8bd6189c00b5becb1013b40f1f5518aa1e4671651c8a136d3135832daba940b17b","pkEm":"ed8f82c7d6ec6df3cf21c9f7c594699fd3d8487b0ff52f9e37d539ea537e61833d65cc2c4444e20886b9c0dcfc3427d92ea65fa089d346f3","enc":"ed8f82c7d6ec6df3cf21c9f7c594699fd3d8487b0ff52f9e37d539ea537e61833d65cc2c4444e20886b9c0dcfc3427d92ea65fa089d346f3","shared_secret":"c2b6f12ece73c9a19ec00b90b80a2f119807652ae3253193ffa9eb070890956e07dfb173599a48d99a1a7256fc53f9814e47c18894fe89a90e7ec0ce84d5916f","key_schedule_context":"01de6d9192189182309c4c5b2ed1340a7d3b7a658019b10e2727f442357352d8387489993fc53c01e467acb9e813e93cf59dbddb92fe273c67cca0582a2e482be4","secret":"c7e9e7604bc6e4ff55973c9e0d179f1dd340dc0e2dc408e0c8d1afff88899fd7","key":"eacad4765ba36fb528de011999d0e49bdd57bf10ea73277be79d6916a47a0d5e","nonce":"8e9644405d44e969cfdcfa69","exporter_secret":"408bcc314c04cd9451e88cf5037ec1a9adeaec119be300be4e478bafdd19728c","encryptions":[{"aad":"436f756e742d30","ciphertext":"70deba173d7e1d7ba408c51efdab89b4b7aba995a1bdeb7de4b0eb232354c2356e2390626f9a5b62a2a604dff7","nonce":"8e9644405d44e969cfdcfa69","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"55b1c0b0a78da95232962b1528e6da4ed43aa7a24c6050596baa17b6d6727b70df4722aad006ffa35044a3b88e","nonce":"8e9644405d44e969cfdcfa68","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"76fc4afb0847d364601ddd5ba555301d2ed12de29b66b1ad97ab4a67dc8fbab27000541688b1b0af296ccc3e76","nonce":"8e9644405d44e969cfdcfa6b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"da76d243451605f5d55f2160854e13aa468366ded40cf46f9b2160e974b5dd3e9e15292cc7afec92e56edfe7f9","nonce":"8e9644405d44e969cfdcfa6a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5a193f5b3dfda9abb2a92980ecf2cd6ca462e33ea5641d5bd02ff74b85cb68678734cdd8b435292dd30824861a","nonce":"8e9644405d44e969cfdcfa6d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"063e47c63415ac80f223391899e5270d409a630da7a0527f0bc818486087a2d219264a342a95c31823af278674","nonce":"8e9644405d44e969cfdcfa6c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"f16e5e478851c1387d30cdc77400647de8a29cd9d6106ccdf0f6050bafaadf6330aefdd763668cdce63a54c29c","nonce":"8e9644405d44e969cfdcfa6f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"885a5707d8866c4d3068b890c4de29f6953dfb90c848d37b2c63ae91f9522d0bb2898ce389a0ff5f69c6b0f4ed","nonce":"8e9644405d44e969cfdcfa6e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"c0f9f75f9ded9ec70bd758df30d2e5ff145d413938838861148937c6c8ae5ab3a8537bb1455cf15aa3e7b71615","nonce":"8e9644405d44e969cfdcfa61","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"cbeae9cbe74470c73f7166bfdad9d5e51319f4f30551ee7cd236e0a1e87039a768ec2f9873b1e49e5844e052a0","nonce":"8e9644405d44e969cfdcfa60","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"0d5026d91397975544febab5d9f789be7a100653d73a4119685b3a726535bfe9"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"94d3d9dc9bdc20bc79387a3aa9b0a049fa469d371e5fe942f9c9b8ae0db0a4ba"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"53df7ddb7a75f7f0a91ed27d25f74191685e59e673106b4e3f5deecd248c24aa"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"3ee04fb7060b8d0072aecae63c5ba2e04a9536a70cc1602b4ae781ef13f2512c"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"f4fee6ec4ca105b4eb33044ec7199c8ad6e2c3d519a864c91dd9f55ce085d3e5"}]},{"mode":2,"kem_id":33,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"85867fa68d095842dda73da0c0ba207065a6529b12859a6c2b3dd71feef88d323529248a355e2b035ed04c93b793524415ea376cae96d11c","seedS":"c6a514be4901d3202ad91e7be13471f5047419e2eee8fe359799811fda603fd3f60b4f8596c136e450814db99fdff4f1f656d5e4c942d988","seedE":"f8b8e6ed3aa3f6e01aa1e1b2e80fea41f5d4867c97973701c48dc88d0cfe1dc37338acef0d75201b3c38f96cabef6999e54b9424d6ea2735","skRm":"7d7a3179665b4411fede6a44e289870f6a60982bdab74cd3a79bc5b565bb38a6faf837a123040ff2645bb416dcc84ce024e29dee802040fc","skSm":"a244d996df474d480c5b36d6517299128945f6bdc8491c043230183b20f0fb739da4a9b42ba5f090882980dcf40aba52bd8e70a41f987850","skEm":"ab04eef8a43308ef161a5340020e54e0cc19d685ed49846f2a70e0209abd13693183af17d0aac1d8c5051aea1b2fe919863fbb55db6ee02e","pkRm":"bf074d0583d1aefeca2cb0810e978929438720cb704864f4f37ba99184edbc1f6c95c4ab5de9c13e180eab9ff33543ea1bdb7748760f57de","pkSm":"51918020f48e4b96994ecb7b097768e3d18929fc982ad4580723c3efac419b070e5117792db0286eb514a13b42b6eec13720bde540c01f8a","pkEm":"8f68860803ab12bda74358b3d6a6edc2eb959032cbb1b9ced78e663b0155ebadc6b038d87ce902b8cf94be47408dc63caefc06b68a78ab66","enc":"8f68860803ab12bda74358b3d6a6edc2eb959032cbb1b9ced78e663b0155ebadc6b038d87ce902b8cf94be47408dc63caefc06b68a78ab66","shared_secret":"660be9e07b7d0724ab30b1620a35492b52ebde7509abcaf6531a70007373c5c66590037b760b7ced97fc227d94f16363148b28c625b590a24637aadd12d2edc8","key_schedule_context":"025057c11b73576e77b95c5eeef1246d13b0ccf6f8b222a3d300a09bec8a7fc6a07489993fc53c01e467acb9e813e93cf59dbddb92fe273c67cca0582a2e482be4","secret":"738ff205d95a1f2be091ed63649ee8446b44a53278618ce453434f972decf0c9","key":"8f3a7791ae3031e83c36c84b091f9583e59ab6b23c1370975d06222b10f01b9b","nonce":"46c3254c7ef0d118abe35284","exporter_secret":"bec7e30d04f9b97dafde477e754d3315c0cc58f6322b168830a7b553c99207d2","encryptions":[{"aad":"436f756e742d30","ciphertext":"3ec5e123988189f15b2ff1338e34efeee77dafc8873f490df8fed694b53fe98e1d3e5172865afe3177b18f507e","nonce":"46c3254c7ef0d118abe35284","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"3ec36d955b6e7d345e7a662164dbbdcdda8e649918079d5b872b549cd7f4d43edde8ba682c273253236d374355","nonce":"46c3254c7ef0d118abe35285","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"195322be6cd116db2d34f6cb6f2be679a4cb5d78fbb9cfa0fd2410b1e038f7a671368bb600228463b0c2b78a9a","nonce":"46c3254c7ef0d118abe35286","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"83c3c837af0351d0e31ec7aa6c465b8db495b8c83f24da746199cd607f459ca2988bb71f4e3f74743bc3b6b3f9","nonce":"46c3254c7ef0d118abe35287","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"55953efb4d5e546b61c4b0fa8c105befdb67c3114ac085a4fb01e4d34d4679d286b5ea354d81877638bea210ed","nonce":"46c3254c7ef0d118abe35280","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"34636c8715d05b74e3da31bb0d6b7f6e6fc0ed7c4d3ba9e35b7280e75f81677b24162c60e07f30c8214baca818","nonce":"46c3254c7ef0d118abe35281","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"34c6a063493fb0ed7f45d3139b2a839d811b769994431ebf6e18da572bedddc9d2638e76325af7ba94515b956e","nonce":"46c3254c7ef0d118abe35282","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"32fb5ac9875e527e890a8d0706ad50feac3baecd4f812d29897231c022642b210ba019ee3edc55cb4baaa0c652","nonce":"46c3254c7ef0d118abe35283","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a65da4c7dac822712e33976878aa1084408f5979ddbb6fb8fcdf1944d6b2b5f02c250754c8711f67ca3b391570","nonce":"46c3254c7ef0d118abe3528c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0fdf4d91e3583dcee16e6333b8afdab5815c97464da5b6da6529c4174f06bf35458c22a0ea4acf996c1bd69726","nonce":"46c3254c7ef0d118abe3528d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"07b3774dc0e60dfd0b08c850dfd3849a2ea13dec1c4cdfc44fa622082f20b43a"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"702a581be0ab35e718d64a7723de5e797b4f1a64c99898077321f6c215a62887"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"66a7047d8a949af6e188972638aad81288188b202d726351d4d6eff58cf65de3"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"be542f49bd3f85fb50106625aa1e8052149ec0f22ad8343b5e5e0c316a793649"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"37a2ab65647f022ed2313aac60c55f67579a29aa55beca39a3501e75239fa999"}]},{"mode":3,"kem_id":33,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"99199b17de274a7cace772f708c4cda6315aac5c255f4f3fb126b450f30c5c555d318ec8f87b516345618d815fb08d6ae06d1e2482f2386c","seedS":"f85efb5df259cda577cfd3fa0d5313746587c685374d78c268a8b1c2b28446d19541bfae05beb38efec66d11ab7c7fafa87cb4fc00a7dfb4","seedE":"7717c66909f31f8d82e345a4cbc456df66c5a1b3629f0fa66f7c1c45ab01b513820eeaed9ada7f281aa8368a1a23108406e76d708890f709","skRm":"4a4b3a58bb2de05ea148a40d190142d4dba31a2e2102e605b5d9318b860d7f9646479ab57e2d3c679d0e9bc23ea36fbe71f044b945b3b52e","skSm":"650be62a9774ef251a4a140bd1ac453368b0aa29481612841f6ab10222d2fb784c9738eab6722dcc10a88ad97395904ef7f14c5559699616","skEm":"f351a67d841df44dda36315913327190c2487d924697f317c9074d86ed32994f7f0f71f7b64ef24b8e8b3468c52ed90023ba07b592dab56b","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"47fde1e052cbde93064898e42b24007703991e93aec5493af1ce8a1df9b07fe5977ed9bfce68ede5186b923a12390cd1305f67de29e6de1d","pkSm":"7dcc702d3b465062ecad762149f515593cafb59ffbad9ab06bbd3cf58be235ab19ab6a4918f145ddf4c81fd3429271b4efed2629798f396f","pkEm":"0632d00791732fc626c857b30c0d3e3e1dd79e6bb46745d04d61e11ae982b03fd6e2e4aaf53740ffe72076a713633dcb07b344e487fe2603","enc":"0632d00791732fc626c857b30c0d3e3e1dd79e6bb46745d04d61e11ae982b03fd6e2e4aaf53740ffe72076a713633dcb07b344e487fe2603","shared_secret":"da6f64f2ddec81302a2ffc25c3e455dd38aa5bd95be1ba4e2f8bd6ab75ecec5d8ffcb27de67e1ada16182de3245e7e87ddf7a6279663a64e93de24f32d224516","key_schedule_context":"03de6d9192189182309c4c5b2ed1340a7d3b7a658019b10e2727f442357352d8387489993fc53c01e467acb9e813e93cf59dbddb92fe273c67cca0582a2e482be4","secret":"da09e1bd2615121ce87523b9329ff51a53cff93aa2f37f6479694d880f1afcf7","key":"15459c6b6c00119b4526e08e3849fb4dbe1d71a7953440b924bff51726c5942e","nonce":"0cba9e7f9bda353097c19d29","exporter_secret":"d0d69fc66c28694d3ed781cae32ea92dfdc96ceb3eb72fa034fa266d2dae664b","encryptions":[{"aad":"436f756e742d30","ciphertext":"cbf82cebf59dc7e600b2714119a83c8abcfed40d1e60efe43543eb5993001b5f5cd9fac6a9e9410109b80b9518","nonce":"0cba9e7f9bda353097c19d29","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"bec2a27b7a05a34493be2525c91eb002379be7339eb90f433ab5adab525276e65084055515dcac9857aeda0f12","nonce":"0cba9e7f9bda353097c19d28","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"4295efc71dc5292dcfdb74df8c1ebcc4bfc00106632655e240be8364995fbb4edbac81da8ba16485074086fb87","nonce":"0cba9e7f9bda353097c19d2b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d2e9d05cf330b13d8851c29dbde0171bb379c52c547df6a093bbeb623ed561c712848221cd2a9fbb106d349038","nonce":"0cba9e7f9bda353097c19d2a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"3dd2cf14d2dc26e2d6bae391fa8672b686d81ce38265e81029ef508d60d4d846b56e21faae35393ceb37381e98","nonce":"0cba9e7f9bda353097c19d2d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"09ce68ce9a78486c3e594697f55c2b877838dc0307c74b45baf506cac656db8f4e371d7fd6f480b2fddeb24e85","nonce":"0cba9e7f9bda353097c19d2c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1ee31c80355f902b1362d627484ae488e304804930411fd1b780beb57ab72e336cf4428f65e45c51ef075d5538","nonce":"0cba9e7f9bda353097c19d2f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"10f324755e7a932b90aed1a4fe17a6c97b7128c9d04cff484a7efb265c1c14196a86d02296a1daf98a4fdd036f","nonce":"0cba9e7f9bda353097c19d2e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"13a1c2e55a8151bf9113bbc64a584a1eb8bc2bf1f3e7d071247fbb999c6be1fd9c842452d8fe854411eecd5569","nonce":"0cba9e7f9bda353097c19d21","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"3df2f384f8f68c3b6adc64fdc8afc4c934b05e1363e0cd1ac63979ecd5b75e4cf8624f397f8e48058ad9c0aad0","nonce":"0cba9e7f9bda353097c19d20","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"88127b708662b1fa0dbafe14825c69874499fbbc0c3fb40f3d4d3ce0e236faa2"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"1c21e9e09b3a12388c173f73ef2df922d4da0bcef7db508321997e4e20969991"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"a85bc0c79f4052c77de9053b6a8918430c92c8a41ac6c8ed3f234d20c20539e0"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e0f733a0573befb1049c0b8c3d64c82d32b1ab87bf977e958e4835b4b1c01b23"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c27f2744f7df8bd2d544663434513259570171ff1eb30410311dd5671568351c"}]},{"mode":0,"kem_id":33,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0b8c4c4ec52e8f0f632aad9d34e4778fb02a620b8853f3f46df02818e67bb09cb7b323e4b8ba860890fe286ea63f0bb9a47514e3bfd41f87","seedE":"8ab1885c7aa71077748a2729730bbf45eafa48e43496d640b8355ebcac0c16b72d27c0a3ac6a81e5c4ec7157452a067c91ee265177ea046c","skRm":"e41de2e424f44bdb6b766b67cf9e563d019d529c68d2b9bf049c203caeabfd21e46e07fa41b1f7905faef1648e4705f14810127230ec8b88","skEm":"9642d5e7f47a5cdb2bb9c341e94d97eaf87abbbf146728a6b19d987888c8d13123d2b0c18b503e294034de8083921f683505bbfac3191aeb","pkRm":"e04c798c2e677d4e0ba7a1884fcc6824b7e0b90bf75894b91470c37abd9d01890ff20515396bec2106d8a6cdd2a35a39a6c8cbbaba8c73ff","pkEm":"0be9fd12e57a5cd996c7aacfc0b4bd94e6d29c292fc6db89a24dbe935d3efa6848cc9bafad9297324a99f6cd6616d9c0c0c238af312a4f6b","enc":"0be9fd12e57a5cd996c7aacfc0b4bd94e6d29c292fc6db89a24dbe935d3efa6848cc9bafad9297324a99f6cd6616d9c0c0c238af312a4f6b","shared_secret":"58be019b0287449206574676eac0600dec6bf1e618c7e33043e253cf94e2c573b0b83032771deaff9e8f7ded3977ce9cc0a892cbe208c074bec26b3bd0c8f211","key_schedule_context":"005057c11b73576e77b95c5eeef1246d13b0ccf6f8b222a3d300a09bec8a7fc6a07489993fc53c01e467acb9e813e93cf59dbddb92fe273c67cca0582a2e482be4","secret":"fe9d68689d05bc6f8c837dd938fa3fb613d84796c08ab2e462c33daa8182ca9e","key":"3bf0a2c961a1f146a5147d35cd89a3db06b5b8c60e62df060188b5bf7abe750e","nonce":"6a7584fbf93c9e31d3f66a0c","exporter_secret":"d2f1ac2e5f0af6a940be18847e8b3b6a481c1d6f4787cfdcf2e0d059b17b4414","encryptions":[{"aad":"436f756e742d30","ciphertext":"0fe91e0dc5954f1a05df8e21fafd3e2749e0ac6b0cc733f125f60ccb1c3f29c445f5bcbb37790e261584c48ef9","nonce":"6a7584fbf93c9e31d3f66a0c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"45c1ddee15ad6b2048fb73d8c6deb429ab87c09cdefcbb1502a20a9ce666f5e2add0ab64bfa3d1e1213a3754b2","nonce":"6a7584fbf93c9e31d3f66a0d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"44aa8fdb5e1c3c6359e96ec9f6292d38764c3adc840bf96a839352482114594fb640e6c0706e1a8adfbeac8625","nonce":"6a7584fbf93c9e31d3f66a0e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"cf7fbfe58e047dead7d6d8de3a71d1d26be2e7d6ea5d606773351299d46f8768d49a1e2c5dbdd528d48c5307dc","nonce":"6a7584fbf93c9e31d3f66a0f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"94aeca06538057cb916c5ad5e27d69aedf2f27507d1d28fde011c2c394f3bb0875fb77d37217628425a13da7d0","nonce":"6a7584fbf93c9e31d3f66a08","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"aaee5d7066018b840d9cb780d699fe97b17df72feeb7026376698ebc0ec5b01f21f8307bcc3bfc8fcbea923fe5","nonce":"6a7584fbf93c9e31d3f66a09","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"06fd8e117183eb4e94e749ca61b26d72481a68186b8d78b840922b91f28fea47467b7f2ec4d0b0cbec6ba8672f","nonce":"6a7584fbf93c9e31d3f66a0a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"941820ee50b84f69ee6f39a2eda20acb3be5220eeba1bfc594acb4ee4944903e39572ebcd346c8d6d6f1526904","nonce":"6a7584fbf93c9e31d3f66a0b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"c7fc6424744092d60a7316e999178d1eef3c25adda58049667873fa57a2fdc66179f06da98aa9cf694670ba7a6","nonce":"6a7584fbf93c9e31d3f66a04","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"efc54408a42c66a387c9ce55114f0af9d3b8b4de3ced6918d327088421d41748e0a43dde59f001c4cf2bd3a4ea","nonce":"6a7584fbf93c9e31d3f66a05","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"aab38c2b0e86a2f8151da17abc40eb20625a1f0c26b03009a6fd7d540370c6f4"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"98ad5e6ed780775fe9664b13a4071d29391c5284b6080be6030e58976e288138"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"570db86edba10ecc6ce2714bef20edcbdcc8e12b80d64593b1b2ad40c1b9449f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"d20ccce491be64cb4e19b6edb3bfb7f47f181946fe50df348ba9b6e0feac722a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"9ad8b770dd7b35e24f9729dbd857d204e1122df44600308cd8dd3d29967f2c7e"}]},{"mode":0,"kem_id":33,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"152eef656d9c65f0f8ea3ca383392de3223b38e233f89a8c6a34b65583159cd5bccdbeb22e770819baaf5358ea589904db6669710600c202","seedE":"6e8a3ca45d8a7e5e65e553c1d012ba92ec82c93b337800cbc2ab2d6a444d63722c163930fcd4e1830019e6fd58dee38f6523bc6e50e327b1","skRm":"5b25cae27597e1e508b48ff3604a2b4f995faa4473d05597a06733a9c58e48defda48e2e036fbbc2213c9dd369b9aed000d032afdf8d7134","skEm":"f15a64279359020b052f5f58f1a8a0682968c1fc33805bb30a484706aebd7c07376447293f43949c1a835459fdd834b9b97730e6aa0448cc","pkRm":"59fab7e185bb71f3c33c092a70a052151213b0052333c0cff61e8d6f67505216b994efc3b5621a72187b80b0ec0a8e0b03254061689d39ea","pkEm":"1322fef7cffce45496a8cd37deba37b171ceccf615033872491858da9333b6a5a23a9d7f11c50f8e5478ec2a60d43e85c0ea879522cb12e5","enc":"1322fef7cffce45496a8cd37deba37b171ceccf615033872491858da9333b6a5a23a9d7f11c50f8e5478ec2a60d43e85c0ea879522cb12e5","shared_secret":"345013e8a9d4ec33d0c78d3c0f632d1c28cac291806a33fd007e268d54d290cd3c6c4a9552f64fc53b20c54489bf64f2bffb5c3fdaa6d38bc77049d7f56122b4","key_schedule_context":"002b8f02bd1528e10a5db81bdfd552f8ade1fcbaee98c6171d8742d4b7eacc6e5dc0145fd4bbe76b938b1db8a0015dded39e0f54ec5bc80dca911db0c14bb1cba5","secret":"631763a3bda5d9659cb80582a510cc700fc6778a87f53b0f0d44b915be216c60","key":"470eeb80c458ac986ed88b7bf3732d7d77e09402d766b58b5b58926a25a20902","nonce":"26012de04740ed1fdae0b335","exporter_secret":"7016fbd2c332b3adfe0c0189019724a3222994706ba85aecd87401fe156b54d2","encryptions":[{"aad":"436f756e742d30","ciphertext":"263642d6c87269e7b81b005131ca08aad7cfb9cf82a5dcafc7b5e64a79bb0becb8e6db4ebcc5ac8ede95002851","nonce":"26012de04740ed1fdae0b335","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"0e88e9c0ab64245ed4d5947851e9b1569c7b6060e056a4d08ffbfd78514390842f566daa71ab95268223b93a8f","nonce":"26012de04740ed1fdae0b334","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"c59c5bf707b8e9b1265014bfaa869dfb9170cee4ad77234b018c585e19e261aea75ca7c471dc7b62c1a3486903","nonce":"26012de04740ed1fdae0b337","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"afc4626114ad4c7a85271245655a28d183c06cc9e4dd87a0f1e059b9958409e6f7ec73bf426f985d7c6ef9bb5d","nonce":"26012de04740ed1fdae0b336","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"0270b9cf34548e25a8645c3a1aaba18c585bd1d1b465a9908bdc14f0e5ff8ed5d8622cab2621460630de29912a","nonce":"26012de04740ed1fdae0b331","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"a83d4b8954539fe3594854bc687d55f4810763a756149b8fe868f07f3725f7c31a604cd8b7fbd73d4256759f6b","nonce":"26012de04740ed1fdae0b330","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"f92b53f97af7d4d9ec315aa10ea16934930be4e0128d0f3cd51b7cd0dd0df19bed23768a50fb32f87fec627834","nonce":"26012de04740ed1fdae0b333","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"d1435a299e04e4a00f2e878d4efc81917ee37868cfffe01a402211fe0e91a5f1aa678e9712d539f87c2ee42c9f","nonce":"26012de04740ed1fdae0b332","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d9e273b0bc3ecef3f278965d51a362dcec6aed400f029c70bc43eeb345e2f71a71bef3ceb8d7810a4bf3af7921","nonce":"26012de04740ed1fdae0b33d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"cf355db0753cf6c6b29a79cc8a88c14e0c332c934404362b878363557f05bab097e1506ce03fa496b31a6ad23f","nonce":"26012de04740ed1fdae0b33c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"b8479d310d5b93310447b6ccdd5f5f90f20d2a991ad91d459731e732df675565"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"ab03e32dff5709274ebfb2d8b030d3c9b2255b50875170ba8915ff7d0f1b80a2"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0bee7658a03ca765b80c827b45d885f8cd3b7b80aedddca264fc604cfb8c44e4"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e6f48db0e5287d8105b5d9f18e914e0c10f988abb26deade9eea4fbafd392437"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5c4a9f02dfffd39c3b6f69ac6156a7b25098f04d82ef99aa6ec62ec32f05a6cd"}]},{"mode":1,"kem_id":33,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3f31c1a6b129d952c00429c53313d8b05fb1d87ab7b1c223e02c7e502cbfea24cb772f2e09ebfbbf1eea53d183ed0957d71135f6abe613dd","seedE":"cbe7cb1abc04bde868eede5224b61761247a339ad66753865b44bf88db472d28d62ae9715147669486133688214e10974bbffb0fd3181140","skRm":"8ac84a55aad6804115ee853ec8a118379b9e6b25f38a466b7d20ee4623640213908c98da599b44d1f193bed52af5bf87fa34df5a4b7097aa","skEm":"b13ebcbfe9c89a3b55d5937c3c9c2a1c8731715cfd8173d692803b9bf1531e724da45600d8c5c7b8c6b052ebe6bb9a26c6ec6bef8a6d792e","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"d4c749a7351bb41a8ceb3dfef5f5c795ef8c83361049d86c1c8fc839d6558fd1812c93f6327cae4c773ed151054e212d8ccc7c4cd4344c54","pkEm":"5b69ea3b9e318523ddbf3278eda6ebf86016ddd7629239cfdfa4402714b40554d97d778e9b58053d2b444939c323a85bbab467258d3af2b9","enc":"5b69ea3b9e318523ddbf3278eda6ebf86016ddd7629239cfdfa4402714b40554d97d778e9b58053d2b444939c323a85bbab467258d3af2b9","shared_secret":"861893f7cc4f900c25b8bb55d3b5f2acb604abee65895266661747aadc30faca5aacf415eca88dba80fca790889d281e1ce22d07b54f26a21c5da74d0ca0f626","key_schedule_context":"0160b33b678eb261e664f7ebeb4c9f0e2ade08c83dd68a7b83cf15b17d3191379fc0145fd4bbe76b938b1db8a0015dded39e0f54ec5bc80dca911db0c14bb1cba5","secret":"b8d767f8febad22ca72180503ba0dd26d40d345072b1d1f3da08123911301f72","key":"5e96521ea27acec733b0f10c6355b4fd66f3c2dd3f810902ec0533c2acf2762e","nonce":"97099d0ff5ee002c4b136aac","exporter_secret":"f1d2f974cb54ab869901a0a01c158c4d063579fc7ea118c0852d8ffd17e97e4f","encryptions":[{"aad":"436f756e742d30","ciphertext":"3f0d91321c0eebce712d29d0d8f6ba07e0e582febc70b0ae07e031a659993ed2ed78e07c25961db4cfddee0eac","nonce":"97099d0ff5ee002c4b136aac","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"3ed6b2ad5fd06d5f355aa697e5a74f40c09c84d0f630c6f61215eeb0c27beaeee983dfe2a6d61bc7aa4c8e728b","nonce":"97099d0ff5ee002c4b136aad","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"f8118affd70ebd55a5a0ddb27ba923200ab0987bc16c653de3da5a59b38560c2b874ebac6bde5121da59253052","nonce":"97099d0ff5ee002c4b136aae","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"81838b8a5c389295ebdde07201a189cbaa77643633c080850ec1124209f927bd4c4b9a29448ba69df0cb05940f","nonce":"97099d0ff5ee002c4b136aaf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2015d7c06c792fd5bc9ec2fb9fc2a4a29efcba9a35123c38ab0f16475e0c23a50bd5b54660896e468cd46dc77f","nonce":"97099d0ff5ee002c4b136aa8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"fa0b0b8f74b605174ed007eb56d8bc36f5a6cd62bd3d4efe06dbdf6e58bfd9595cb61b9dcb5f16d5738c999f02","nonce":"97099d0ff5ee002c4b136aa9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"35285a47ab789afd3e2b370eb03eaaaca9f51b8f2e98d4e62959a76a9d8fdda192292c70b49b47b84e4cc9bed9","nonce":"97099d0ff5ee002c4b136aaa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"39ff6d4702566d3e96c8f29d5b9063928c740de80c50ebf33a56a614ea5c0068ae71dc56200675cd25fd76559e","nonce":"97099d0ff5ee002c4b136aab","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"0f3d82a85023c63a9bc3a33c35d55b0f3089dfbd1e10875bcbeba66006646d1684aacbf4d15348c89830707292","nonce":"97099d0ff5ee002c4b136aa4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"1cd3ea58da0622cfe3014e9ac84ed4659f408f137793bd8a9f128fdaf98a5bb50bf038e85e40f2b7600ef8a4af","nonce":"97099d0ff5ee002c4b136aa5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"556887468e18082fa78688d3f0485e26ef9bdaa983adc09aaffdc28693844d60"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"57c3719dc9196def5d2f7e159fdb107b9c724a178d724aa89f84aa453dc82795"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"02d7d395a9b890223fa29265fbeccfd2c9d4e1ce4f2d337e6b465aae10ad1ef0"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"cce4071e42b5c1c0befdc4139bffd91075fbb45273053bbe64eb7c06c1296f4a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"73bdb6adeffba85f45895e1c664fd30988f889f64d46ff980e4ba3160441e9bc"}]},{"mode":2,"kem_id":33,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"25287cfa577abaf5b9887033e1ce7625541104149bc6f860a4a21c014f9c0571549bd2ce3f790a85f9d59cf66777ce2f502d491a5cac3dea","seedS":"3e3e1edf4bf7b595cbbc7899b2b480e6f7b7b0584ec55e4ffad309d68f4fbe9f20c94179f9cf8b854701c2b2c7060d9a08089c3be546d333","seedE":"2ed5e9727dee68d17536d127b54c75fb5d35fae432b41b8ca0e47c679c2c9d68e168054d7536686469cd04fe6fa4c86356fb0bfe80af2f65","skRm":"4ee4da4638a72a53bf36d19085b438da5666f685fc771036b6d1e5d42ed5b929b6894cbdcd7c622bfa89e472d43fda0609962d896d859548","skSm":"701c906748ddd6fa71391f8e2af54f6cdc9012133accb2a57955c294454c01e62cd4fcadbb6250a046d4d8d956ed8fdbd8d076daaf9da872","skEm":"dac7e07aa9dab5731d47ca19a466bb02221dd94132d00f4c2323e62c5d67affd414079955cfa2b787d5bf10f781ae64e5e6937f04bae1760","pkRm":"264c22ac7762c8d31fe623ab796792f919f8873bb7bc2e9ae2b65fd277af42f300ae93b44aea1c9d0ba470f497c82fd8ef2c6dafdb785acf","pkSm":"c8eca8f703c77f9f1b0f035d7451a1d5ea30c396ebb32a761ec59e99f77077efa9b92d78150b78f9b580efc8f62a078f1c06ebca082d961a","pkEm":"02e3dfe93f39fbd0de9db6876a5939d147df2df81cce43dd8500bcff541a1e94c7db88d6e23b67c36f77e12fee7c06190ee6b45dc411eb5f","enc":"02e3dfe93f39fbd0de9db6876a5939d147df2df81cce43dd8500bcff541a1e94c7db88d6e23b67c36f77e12fee7c06190ee6b45dc411eb5f","shared_secret":"5c88ed198157e18205072fbda016c059dabf4720d883b8f54163183a065cbaedef1effb169ceb4fd5eaa3143ab1de35d5b7ce8d1a82d8e8e81b050df7d3417a0","key_schedule_context":"022b8f02bd1528e10a5db81bdfd552f8ade1fcbaee98c6171d8742d4b7eacc6e5dc0145fd4bbe76b938b1db8a0015dded39e0f54ec5bc80dca911db0c14bb1cba5","secret":"b9f018fab9bb8863a1955aab88da7130ff343a43450212a8d0034d4ab92030b1","key":"5803804b27e31a4c226d8a519235fcfee864b0b227daaca9c53afdd88224c84e","nonce":"cd059158c6e638ade09bbc61","exporter_secret":"9769274d1ab2a934242bad5d21afe445edcaa4678790026c573a90580f8ae453","encryptions":[{"aad":"436f756e742d30","ciphertext":"f8ce7a7c2fe43f37bb5cc35e4db8fa232149b45f2d95ce3f88e79b54bfbfd5ce77f23ba7472d5ca8247b3d9332","nonce":"cd059158c6e638ade09bbc61","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"17fdc08a7893af23c5a4ebf889bcc28e3d9b3085ee678ca9213ff3345e590276a9c4acad0b81e7e74180986d9e","nonce":"cd059158c6e638ade09bbc60","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"1a955bf88b30f183377d8494d1a676b1a27b0d2be68fdc781d4aebca24741f64e476ffd139f7cc6c334e22e2a3","nonce":"cd059158c6e638ade09bbc63","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"5ebb4d7d7919f295df2e4fdddea703b2da7edaa7389dc6b4ba6bbed4bec60e22df43b104cca13f0f12f9406ae0","nonce":"cd059158c6e638ade09bbc62","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b98f8bbb65eb82d4a9918f770648f4f40920f5676c534ff4ac6fb53a24d8800bc39600a3c82a7b311de31b9aa7","nonce":"cd059158c6e638ade09bbc65","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"08e580f6033214f25bc032fdc14a3bb661557139f1ca976473bea371482705756d1d2659900789f6c27cbf9eda","nonce":"cd059158c6e638ade09bbc64","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"923080e329bdc7ed64cf8ee4e5bb8c3af1a8002b2cf96b792214234351f2db13f2b4cd2d43a2e6dbd5f508ca0c","nonce":"cd059158c6e638ade09bbc67","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"871455d005ecbd0e19a5a4214acc71308752bd3b6fb163462ffac3bde9125e1894b194f306b127c8d850e27ae9","nonce":"cd059158c6e638ade09bbc66","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8fbc6f2e6dea47eaf5663611e87d4474381f07b638a3c12f6c6c71f3d57fc1398f59b780d59860fe728048045e","nonce":"cd059158c6e638ade09bbc69","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"67c8041dde518f2a13f13dc4a3b35ad351f3d46a55ee836e1f311bd9aa0bb1a459b87b90cbc98c06545109ffe3","nonce":"cd059158c6e638ade09bbc68","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"8948052d92df634cf37ec6ae4fa29695bdc8a6c6d7713bc89008761f54b9e698"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"7a1347fbadbe6931da5b6b68c1d686fb4c802015ff0928c7dda275baac10284e"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"82eb6e06e729439445b9ef494c87fe6ecfb1e8eb3407ac5efa82b2625da1bfa6"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"f80f5f3ed1b4d1c3dcffd6392bed02c97299f18135ec136a0eec90cec6750c57"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"54b203a3d58378bcf839eb5b998d509b80cc53897d24163ddb721587465deae9"}]},{"mode":3,"kem_id":33,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b40b5ff469deed2ad6363d2554f1600ca4206bc6874381ab9fcca2153d2f6c6ca02339558ae32ccd1ff640030e321f63fe1056f7716122e2","seedS":"c10703a86b8e7274ec4ca8f5ee3a1696960ba9db764d517ebfa37567141d7af0fbeef6196fbfdcd76cec65d228f23d883dbc34f91eb01bd6","seedE":"71eac45a2e9971054caff3b70c0355ced179eeb0b041a63c48d8cdab38bd961ee9a0a46a2d190311b3c0ac645bf00f02d9a68defcc0a0d2e","skRm":"8c3a62dbb72bb89cd35a3bdc422bd27f49dc714d1435b6157f42174bd8d109c55d1885da65e6212cc766c70592cf8d9d1010e91d8f8256b3","skSm":"4e1d51ea700684c53beb805fe01b6bf8f0cb6256f04d9bbff39fb2b49b965aa7d1dca955846a68bd65c97be151895cf3255d85a4d6f4f94a","skEm":"3b77dcaea6bfc14cf89ec89a3370e9b36d0383f93644ad10d4c310e3a7d3818606f2cdea3495d64dede5d23e7fad0ae358f3c439a2b13b4b","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"a0bb840213bf5800d13016fe35700872d3b403bcac14192de7a3cb3b5055ba2c8926ec28a7f57a2cdb615e8657b2ca38edb78c7edb0588bf","pkSm":"87caeeac827587fb8b6edff096b8c7a94d32eca43367ef84f7ab4bac8b2af2eae7cd17cfa394b48be757affaf9fe50fc8f0d38ab9d55d7bb","pkEm":"4270618c60c2e9a48fbb2b6b81b0f7b3148383393e6f8facd5a4c67960c909fdcbb73150326afc0e0cedc3bc0377cdf1f4da489ddf367e54","enc":"4270618c60c2e9a48fbb2b6b81b0f7b3148383393e6f8facd5a4c67960c909fdcbb73150326afc0e0cedc3bc0377cdf1f4da489ddf367e54","shared_secret":"1e683726676fd1c6421e6f3cd46121d62000005b923756a95dda5f84cdaddaa3884d28dcf92042805338f68cf6c0b6369a7b91c44b78949374fbea44c0031828","key_schedule_context":"0360b33b678eb261e664f7ebeb4c9f0e2ade08c83dd68a7b83cf15b17d3191379fc0145fd4bbe76b938b1db8a0015dded39e0f54ec5bc80dca911db0c14bb1cba5","secret":"4c85e58fa17bef7d0646af59cf06614339e0538bc6be79bc980cb1a1205b7b25","key":"6c5b4bb172966c369798511372f6b3466fc0dd8770135c128aadc41c89df5492","nonce":"72216807db1ad3cb8bf336e2","exporter_secret":"f8ebf43478a0773cf7dad5e176fa2cdd6fcf75798a43f5ff90adbcf6066d2729","encryptions":[{"aad":"436f756e742d30","ciphertext":"4da7ec65d462ecfa94de2e20b8e86891d2852da25ea7031285e66e022230359d6a9fb3ae7b68626df9f271f544","nonce":"72216807db1ad3cb8bf336e2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"bd9d78d9e0b6f152cf4c10192b22deee3df3d452bc29a8277beea09d3f9397dd54c7597bc2536ff691a73f2866","nonce":"72216807db1ad3cb8bf336e3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"92b71616c19dcba3daa30d3f96dc6406955da08309e2ab6d90b7baddd61d941cdf12803fc3333d1033eb9fc22e","nonce":"72216807db1ad3cb8bf336e0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"94d0a5018d110d3c881c3130c752b9db725df51e1a8c163aaed7ea24a8777e9f885eaa7b3a5de1899870d70986","nonce":"72216807db1ad3cb8bf336e1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"7c90aadeae406d1b0cc00ae9e28924c12a81af3354ed0f9e53bcad1f4a45634a5f84b5b2de53652df151290134","nonce":"72216807db1ad3cb8bf336e6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"01d4431079858e7f56bce4de406d072d945fd3c38341064cabef84aa1b67a1fac1ba69354f39309f247704fcca","nonce":"72216807db1ad3cb8bf336e7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1f59fffc76b067cd2716bcfa6a71d7382a953713ab1a0538fc9369ab772b5a6eb4d96cd8b161184ee170889940","nonce":"72216807db1ad3cb8bf336e4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"079f62fe721ff48ef01d4491d3aff6837f23c63e0219238efa42d916a18f323a9d8c2c129ec68141a5e32bf601","nonce":"72216807db1ad3cb8bf336e5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"23001a980c108791b7d153ff9f81594c5167124735c7feecda7da93cfc857a4e8bae9d9a6c1909afc4a32d489e","nonce":"72216807db1ad3cb8bf336ea","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ab310e1e2613af557ac63e2c752a0c4ac487a387decafb3199b140e9307054a74d5ca3d5a8be5341b26a926949","nonce":"72216807db1ad3cb8bf336eb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"825d5f3f3000d98a056025dafc2ab80d905b0bc4d1e317704a13d3fe3f599199"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"73b63aad01e20c74173aec2bb530d39f22393524939fa1e3529f91a16c61be6b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"ef3b95c9778bc495a23de52dedc5f7a84b93e6e31e689392e01960b0b06b4783"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"a7757e51476a9e200d22bc4aff2eae57a0eb69160ad4db8806c6d440be6472fe"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"964ce7bca098643be539b9d555802f6dd1dc8030123dce4a979e6088eccbc874"}]},{"mode":2,"kem_id":33,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"27fcfcf1a55ed562445ef999353a1894eb7671af8ce6f03151fb5d5f93235f44da1c32781168a448499c8fd2b8a4828b0088e3d7ef9abec8","seedS":"22a6972235a42ad557944c5d36f4f38e3659794aa399a78c5beb5b037c5e2404d57e418f9080edefc4c525fe47c1c89d45ce072d515b45bd","seedE":"af66c36135c57286feba0ef23ccd4fbfc6f12922556150c109b362db1673af446b8923f3d2013511aac1e154d28360be1b2c5309c2d3ecdd","skRm":"61cf934d4a15734121195eb4bdb925e754920be595746cbad44b3cd020c90c37f01b5c982897cbbef07b1cd55194295ee4d9cd92878bcb2e","skSm":"0e00205f71f1f0c5818eae997188b41cfb7a6622fba5cc7577173ad5240df15f9a285650269b8e881ac4cc2b34abe72ed6b1fd266fbb7cc2","skEm":"41d7dab149bf26e26d93f867cbdac4b10c6203e4fb0e665e59bf54059bfb1082ec3809a78b3599537b0614a8a7df698771ab60f30ccc5812","pkRm":"25c4f6870d74f51dd7dcd0b1dab37edab70114c163840f729f04dfa6b1d2ca2624d68842c7d81c4250b32afc6cf85317a487fd63a8c5b81b","pkSm":"b16c9e5d76483478c8beca90fcbaf8b17a25d4ab32608d57ce1c1861e6bd92bb2d38450ac2b1d8cf34e1d9e85e9e39d2587beda8a309f3fb","pkEm":"82aa10cb64ff3be99241d81233445f530b5cd8f867cec70790de1363de94d33cd5261cad9d2ddf4d8718d0bd94f5a0cc0ff34320a6815c42","enc":"82aa10cb64ff3be99241d81233445f530b5cd8f867cec70790de1363de94d33cd5261cad9d2ddf4d8718d0bd94f5a0cc0ff34320a6815c42","shared_secret":"8ddafde754208d8430cbd9c1cedcfad641d7f173584f83ba4a366add2bb22ef0f10458fe9c6fac1ff9cacd6835cce38c2ee57d2875a2f0f0fa924d1741643822","key_schedule_context":"025d51d75e5b6f166cd8b3f200bb9646620b4b45c205483628fd330118ab8b530410a42988985d900acb2d52b068b37da9a4fc1c1bdb2952941a95db6be723e5c362adcc0c79cd0b968b815a83011ebe5c6f02404c89dcb6dd6b980095a163c99f19eb76bdd4e21cee08a19a1c50b98380ce01640ee02953f6789aaaa0ad2c45af","secret":"00d19b2f3025c9f8872edd49a054e6f6a5eed8d4124f30ffc07b4c75e6c7569d763e485cbed7787e4fcc87633caa8f73ecee4fd6244006e15260614f42f48c28","key":"f7b9fc5bd000071914939828181889a3","nonce":"816601c863fdfce9a4a3a15d","exporter_secret":"0c9e3f5f82b5669bd027dbeef29f0c1213a893c8e9f498e70d3caca6dda0a81df4530ef95ca3c99f949173f6ce02984c2a1e8e8760f8521001cdabc0387d4d19","encryptions":[{"aad":"436f756e742d30","ciphertext":"ad72bc52aa8073a1f90556bcce259b2d565be9a3c114df8c0c1e3eafd2f4228fa971b8ca43717a5fc5e5804c03","nonce":"816601c863fdfce9a4a3a15d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"f00127e0c443931958f701883007b6e1a50a6b10c1461990a36c62b7c1fad053bf7328504d0a22ff114a649493","nonce":"816601c863fdfce9a4a3a15c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"c140c5d64f323a4e55dbdc9d4ace434e81010ea268bc66ef79d2f98a343e49dfeb47d8f4d03209c19bad9406a4","nonce":"816601c863fdfce9a4a3a15f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"71bfb9ad1af731b7192d75ba5acbd7c9404718511b5f3e4ad439fd709eb2802e38f1fc50757f28d65bbf7dc855","nonce":"816601c863fdfce9a4a3a15e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c9ec025105ade2d803c7b406e5e4d10ed00897253cc7f577389749d55012c334de0da94bb2517168e28a796d2f","nonce":"816601c863fdfce9a4a3a159","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"2d90c3472fe774f62dbbf8795b0df0a8069e2e60a7872b9c9ce3b750c5368da65532170911f1608bcbf4d45e23","nonce":"816601c863fdfce9a4a3a158","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"99ba751a7a4140ee3233b8a16a0f5066640b8399ea718cfb767f7ec86812c67f791ba8f9b4a6e3243b3c1979ad","nonce":"816601c863fdfce9a4a3a15b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f76142aad62ed75f3e4f70269688d7d6861f0b1b0afdabedfda6d32850314f7297ed47510912ceb8d2e1e49de5","nonce":"816601c863fdfce9a4a3a15a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"056de5d273f7e561e64d9b90bc33751cee6955ded05a3dd959f0aa52e7b18e72c0c6b055e769525025ce7da1cb","nonce":"816601c863fdfce9a4a3a155","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ccb02cf3c17a635a4d2770583073d745d8d6baa8187efe5c5767ac7db5fd6288051aa802110bc0d869294e2514","nonce":"816601c863fdfce9a4a3a154","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"9d783a7adcee76f512f21ae44c63c735bdb230c653ae87c3a6cedbca5e29f080"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"5d8e2f1845a7e4a99036b09e364243a99d02e86a98b62b932f19f1a979aa0bb0"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"87bbea40f8d47428218666f2db76ed4c7064c002b2f0da00193dcdc0104181b8"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"4e5c4b7de90713fb3083f9628ade164312f54ecaa83a21ac8e25f7e6f9c50d09"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"f7a1fdaa32a4974bafe0cf96c36bc73b210fe99f2719c595077ea0c0d1f0cd88"}]},{"mode":3,"kem_id":33,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"492a05907c9333451345b9e3e9e6e773c3abc580669d95cc420f4d0b41b96b7dcfa73218c35971095c5dff55e3c5c050a8befa23eae54c63","seedS":"de7e57886f023a5f139fecbee0028c575e69c381ed766e708554bd1caa3867fcf6c799d3daa575299352107822de4623e026a2050bd9b229","seedE":"0ab4328bdc77d0c7de08f752bf5e7b93aff5f5f01b151297b2f489721e0e9ff62cc0fbb2af32c1f94615751c0dcfa3c5d4feca8fbee5e5f4","skRm":"e8e9dc198f259e6c902eaac03efabeca7c3b1ec48aca1730f59c1ab79f1ded8edd530911fd5514b3bc68c049d6010b15bdc684f4ea9214a5","skSm":"d8b46cd2ea92de565e620093843b4da23f77b6989d99995caf0b1d8940af7c59a8ffc0670b3e48dfd45bdca0fc718485304b6237d1c53935","skEm":"3db80feb1d68cac9ec2b4d51aef14bbc60cb6ab35fb5098ef27f82bb77a4893636a0d835477ca9c1c50789f7711ce5860f7c4f9c0bc850ed","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"02e85703d4aa1bd51fe239c1d199e902ff0f2cef5a07a9457e352fdcaf2c8fa326d01950a3bfe465c3d5a96a735898d6a2223a1108399255","pkSm":"988dcd43a6a9e97bd642fcc604f9d7a13f1e579eced688b7cdc46b4dba3b436a097279c925cf48c0d5f3a360eebef655542576e661163a3e","pkEm":"49f736fa1851d53335a14666898adbfe37f69a9a82673271d5212c6d1186d4ea2d025936319223626a72169279456a847b2ca31ed7985ad4","enc":"49f736fa1851d53335a14666898adbfe37f69a9a82673271d5212c6d1186d4ea2d025936319223626a72169279456a847b2ca31ed7985ad4","shared_secret":"514222683da8588d53b89b526c1ed5b05bf35f8f8d073499b951c67fab37d2ffb93d2b3b0443fdc96c96b419f78d9254c02b899e16dcf7cf79e3e5e7f068d21e","key_schedule_context":"03cc21a52de94b0a329e224dd508f16ef2a0ea4d49a6dad47e45c9657e7309d5f5e8673b72bf8a440dc517e88f4bb22b990cb594b65cc33814be7ba4f6167492d262adcc0c79cd0b968b815a83011ebe5c6f02404c89dcb6dd6b980095a163c99f19eb76bdd4e21cee08a19a1c50b98380ce01640ee02953f6789aaaa0ad2c45af","secret":"484a8424d063dbf353979bab4bd642b5e4488b4aa2fc7482463ce32f75f1e7b827d3865850faa66572ce8fc43e75c806c5d491f8f5f785f1b438a551a6ecafac","key":"573a464751df979ff0075f357139672f","nonce":"89861896be87d3c09120026a","exporter_secret":"34a4e7b423f79694000c18d93780c4bd5060a3c2997fc27c71c4709ff9802269c58a8790cad5a5d140cb8ae4c6b10fecdea82fdae147811d4e9411a44b0b8423","encryptions":[{"aad":"436f756e742d30","ciphertext":"cd9e3aa1d093b4e0d21ebf098d8db95f32a414a870479b50d2c906a07ba1863182493a651cfa95eda655245d2c","nonce":"89861896be87d3c09120026a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"23cea2fec3adc34073546237cb16ba573de1600355f86f56a7a94365cec14716961e4e2e2085427db145bc5e17","nonce":"89861896be87d3c09120026b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"4ff3846cea6e14410f7497af988734f403c2abe3996df2b4360ec66051bc3ad4c9f198f7a0b145569f91f312ef","nonce":"89861896be87d3c091200268","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1fab75193fcf2bc77ed03bd0fa3a0ac8db9a54a12fd26c7d87e2cf218c505429d60efb6c9f5de4bf291c3639f5","nonce":"89861896be87d3c091200269","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"6858b4624dc6f7cfebbbfdb91898a269a5a173cc2a849024ab9a81e598f28adc958b0867df6d54605b3cc29544","nonce":"89861896be87d3c09120026e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"50220690603568358a58ad6102b1a4f13b1b62ba53622b1293aef183d2ed6ded13a826216a28a4c21718decd81","nonce":"89861896be87d3c09120026f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"0e22702fcea9c7fc450811be23f90e0f884bc49c60bc04eb3953ec8ac59ab80d777126581b48ce870a304e0344","nonce":"89861896be87d3c09120026c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"5dea91cf3c6d5ba0e4ebd4c6ae5b89085fdb33c6fc30e1016f7adb00eab466996a21c294a194ea32e5c04b23d4","nonce":"89861896be87d3c09120026d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"1fbf1cffa7abacd1dbdb081ea942a5d47773910b8f30fac45638597ba72ebf9087099c95776fdea429ea9835c5","nonce":"89861896be87d3c091200262","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"12ae8e5e3a4b09fb78b22449fe457d186216456e2c32bf546bbdfd6dd82cfb1204207320542903b56510219ca0","nonce":"89861896be87d3c091200263","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"20796a9fb6d464a8ebfe5a64ef97c3e57935585fb8628095c5665af9a22246d0"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"10df6aed035d8adb65e65f8d534e853ade16d762b2ecf972cb70d6a5f550f83a"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"ffc793d331e22990ede4a0a024f4ef0132c6537328c5c376f8f77cd2bd9ac27f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"7ed3fa7a37c5466f72e6ede994d21c6316d8f5db977854b9d22efcd742895746"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"bf215205266401791f172c334694f007fac348585824dc6527d2c9aa3e8d3e89"}]},{"mode":0,"kem_id":33,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0f19220f2681231e23a309f507b041ec8540b3918e5dfad94fe9ed0109435e65973ad68a8ab8d58c6d42526999620c8d2aff76ffb376aa91","seedE":"6050076722962753ef9a009821c53276d2f4a18017b8bb92785e026d8168f37e9fe0b18942928fb7eb117a08469ce121490e0e6fc833388d","skRm":"3107a207cc726b228abd268d828aa306af1e92f009792df8107d98009ae6613aea3561ddbce8666ada8f74e278389202949df00540cb8fb1","skEm":"f3830255dd9798b8605691e0829bb4d81590cada8549e78f1a3324a88acd731733a1c5f242b3c7226533207c8fdea9e585d0d5640140452e","pkRm":"33f79f1e42558f1fd0864cbe376fb245bdca880fb3d97421855c4292b4bb745271e4cd3825bd050ce0797785f0f72cd40a479a5123ecc11c","pkEm":"98c2c211cde375f23bef4106b3ae9cd68d2c05041951c65160e7cad40ce653573620a4b555595f552ad28a9acf41863696bf8c690390d670","enc":"98c2c211cde375f23bef4106b3ae9cd68d2c05041951c65160e7cad40ce653573620a4b555595f552ad28a9acf41863696bf8c690390d670","shared_secret":"b041b9db313b0f6a884a0e8bcbc7122035f97c96c896f4030a4ed64bb78479ed6ff44074f311e78c548b65cf3c49402a14d5f5e5bc65bc962c6af82561d01ca3","key_schedule_context":"005d51d75e5b6f166cd8b3f200bb9646620b4b45c205483628fd330118ab8b530410a42988985d900acb2d52b068b37da9a4fc1c1bdb2952941a95db6be723e5c362adcc0c79cd0b968b815a83011ebe5c6f02404c89dcb6dd6b980095a163c99f19eb76bdd4e21cee08a19a1c50b98380ce01640ee02953f6789aaaa0ad2c45af","secret":"ac15e386cb4c1603f8baa59eeaac90d9a6478f47140c686d0e6b1d33b8adb8ce53552fb98827021fadc0c119a63c451cf1c159c0b094444a291f20c9a911d95f","key":"73742d76103f4c9cff35fca35e7b5add","nonce":"5d052acda60c2d966bb034a1","exporter_secret":"cba72cf36c19b940db9bd01454eae911afb566b5c474ff8b58450e0270bcad10f945feb420b527561fedf7f6de6ec99d8ba7aeeb068db011ac738c53f56f0f77","encryptions":[{"aad":"436f756e742d30","ciphertext":"cd601f53e81152295b84c531f919fc79096b8f5c62d15cec196e856078f70c24057db0007172a593d0b199b012","nonce":"5d052acda60c2d966bb034a1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"51aff83472028d64a11ab0339dd92e134b28d0e8d16e3c9771630e95b8acc55dc1fbbf4b9a6c4fb288d665207c","nonce":"5d052acda60c2d966bb034a0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"6c3e9651739351ccd6d1adacd2643c522d8d1157ad8b5b36069259f544572a120f4f3e912c7e88af540e9c3104","nonce":"5d052acda60c2d966bb034a3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"081174e7f23850c0973d0d9054b3c9a6fca9cabecb37c3b54950d187a2cbdf77b97dd786764edb648f74a26b20","nonce":"5d052acda60c2d966bb034a2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"15866799bdacd4184143e06c6d7a7991f4a45b7166371e6ae7d8ce447a1d937b2d11cc60e1b5efadeb03a0b317","nonce":"5d052acda60c2d966bb034a5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b9ef89bb296d82ef65f46ac3c3d0370309867e9bf6723d09da784fdf9120c24fd030d0bf0f6f32436fcb8fa29a","nonce":"5d052acda60c2d966bb034a4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"9dc10c4ca633265356564144953ad81af098d11bf68ec9ca0918248e2708a2f609b6e79a4451a4d074d4188e9c","nonce":"5d052acda60c2d966bb034a7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e97a7258a5cc6f9f3d8edd226b9908a6c20e6542347e08c88bc7e098d57a6787b88831d52ac0da51932d3c2ad4","nonce":"5d052acda60c2d966bb034a6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"6051d9ad419653b97c9d1d9c9bfc7c4e07a230605af5e9919888e3b62e314a6a262aebc42f55e594902594d952","nonce":"5d052acda60c2d966bb034a9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"bfc202ad0d94bb762326233443c491b19b67042abb1d2631b249e14953c5e4d780fd83cb9e0aaef8f73cb0aeb2","nonce":"5d052acda60c2d966bb034a8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"59ea4af8da44808957f8f87ddee9277bd336a9540e6640176f45ba4019c96ce5"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"5169ce1517ab3638ebf4e546c9f085f291ae1502e1df58915956b7bfcc896e53"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"ff223c7c1731f0ee8800f767f5ad827fe8fa6e70d196dfe034821982e9265073"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"19f7b26824686d8bebb1c58a671f4b6ceed9bcb8289b056547ca52689045b65f"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"653953c2761895008cc617c346ea40ada7c1d46bd58d00a4e768d0400998e9d6"}]},{"mode":1,"kem_id":33,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"4a8ca6773ce624674cf4712be6532be268c1aa9e5a0d1d7674351cb0031353968cbf00d2af942593d25c45aa07aa64ae0000000000000000","seedE":"1015a5c84bf856f48f91dff4e02b203a4945a36d983868f4c6aa873c77be282e3171b1c7b5524436907ab4271d856cb435415cd0725ddc75","skRm":"df6dc8364055e453dabb1a410ca8184df78a909be951613b1935f42b01e79ce5fb58b29dd307a2673b463e8e3c60380c33c3f657cf36a7d7","skEm":"0f2bba5c2c9af90403847a72b107c33a156214d1321ea23057bddb2e98cf117df878db8c475d08e286cf647121b746782c4b9f2e56ddfc18","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"eb2de413057cfa13d57cbba12f20b3261b7e12c564c1e116d570ee8f7476fa1f00b327ad3194e9f6c19532a188f77bffbe6528f596d7cb8f","pkEm":"32f0064fbf6bfbe5e7be112f3dc38e61c7e6193bda7e727b229b96e2cb5f76552c0545b1f689fbdbfb35d031ceb44178ebcd403c1f2ed20a","enc":"32f0064fbf6bfbe5e7be112f3dc38e61c7e6193bda7e727b229b96e2cb5f76552c0545b1f689fbdbfb35d031ceb44178ebcd403c1f2ed20a","shared_secret":"bb5a259338a230fdda5714a910b1081ca6d6bb883091e824c6d54100efafba4da41b8721f8e89cbbeb66b2fa6eab904f4459a1b2040314fa9846a7c98d8eacf9","key_schedule_context":"01cc21a52de94b0a329e224dd508f16ef2a0ea4d49a6dad47e45c9657e7309d5f5e8673b72bf8a440dc517e88f4bb22b990cb594b65cc33814be7ba4f6167492d262adcc0c79cd0b968b815a83011ebe5c6f02404c89dcb6dd6b980095a163c99f19eb76bdd4e21cee08a19a1c50b98380ce01640ee02953f6789aaaa0ad2c45af","secret":"fda0bddae602495d0ec51802f4aa6217c1fe9b8ebd7a1b32e59b3b35881781791132838c9fa2df6f1fe2526507a34fc2605b0154b9f6caad3d3bb3f5dc7a6bf7","key":"bf57cd65eb3cca8c974e880355d6b5ed","nonce":"0efc3be01b60e273719ff2b1","exporter_secret":"01636a5329db27f65be6fd0f59d97f847df3695f443d2cb8e38487ca2990b2353cde2cf29d871c510406130c8f3e2460482499c7361d5ef030cc8ab7e6631b3b","encryptions":[{"aad":"436f756e742d30","ciphertext":"855ee4684cb2b7dffccf3f739fe7497148a480aa28e8202dc12dedd0a4f7514a1541674a3416698a7000417c8f","nonce":"0efc3be01b60e273719ff2b1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"941ad4b75b2abe687e7680bc595146d9f7bb8f72e465ce4a1dad2eb6236cf9ba3ed3f4fa4981f72235db459058","nonce":"0efc3be01b60e273719ff2b0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"3067a38a01188974b337b11c35908ddea240614d922e493f9a8b6690a36ceae4cbc6022575795ce5f6386da423","nonce":"0efc3be01b60e273719ff2b3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"62fa57456b95553a8902872930242368267df2325286b47f9f5046c6ca7068d421171a8446e13463f0f0a1ec9e","nonce":"0efc3be01b60e273719ff2b2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"de5a69c74c2a238addc0aa9c734c03d734ab89f8591262f5ca8134ca56966b44e4fec3d93661c7b2a0890acc0c","nonce":"0efc3be01b60e273719ff2b5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"0abbeffd9af3ba18a3615cbf9ccc321cc39f0d11b5633bbce45f9ffc32df5c90b6f68fb5764e3bd032c08b867f","nonce":"0efc3be01b60e273719ff2b4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"22aafa65c0b72c55987c5b812dfab96e7cc8cf4fb2b9f39a97128e97325fe5f6fff0f64391f7afe99e6ee54f8c","nonce":"0efc3be01b60e273719ff2b7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"128f0715b460dd2787898d9b33bc232fbc30b3be16605b20d4d09743c54126accc1a174bf2f0023bed6685efbf","nonce":"0efc3be01b60e273719ff2b6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"4e488d6061b249462696d49f7826a5fec9cafc49513c64e475e7c9efb4db09a20957406459b3522a4dfddbffff","nonce":"0efc3be01b60e273719ff2b9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"77c49ec9f77241259d71fa267f7663ff17d0484f735ebfa80ef105f477a439a559e7e9ef32a92ec85acb0007d1","nonce":"0efc3be01b60e273719ff2b8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"b205534f9bd4059548486b148dfbe4257dadacec5cf2342e131140ad6286cb19"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"bd3b8c3e47a88b1feb0053e79bb4b52b47f43d012699b827e67b18f359c6ca78"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"707114c83b15324de470377831a43982209abfe093bbfc30fa86b39903e45145"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"f27707e284da281348b2b0cfb2fdc5b67655241d9742252bb3c27f604d2bd49a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"82abcd8bd86392fa791c39b75f9da1ff8aa91f2b8c1bc8bcfbb01db30c92c456"}]},{"mode":0,"kem_id":33,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"12684735fb94654b1a127bc48ab4eabdf12eeab245af66a9f5e3cb79f30ce17dc477ade44170ad0f80c7b02a01473cb0ec928594d55b0295","seedE":"468563e1ebe7d0b8aa04a3c863a842428607ef45dd7a2b95425ec918dcd5c1012c9614523317e4f311ff0963fba4dac4ecf353e38291934f","skRm":"f8089f023bf6b0202cfd015d1ddb699bb5da08391f2fc5f349c0a32751650b173650e948d46464a1fd2e7be3716a2d64b815a67a250a5b4f","skEm":"ea774d71891fec036f2190ba255ab20224b0a88f8c129a1bb7c1d5097aaa6d8044b1b6ad89bf988fc5b8e089ab0688c12a14297f5ca4f3c1","pkRm":"5f8c4c3f3c94a51d098968a1eb9ed8b54419dc5e8143e3cd49e6f2101fb71f48b563d312d4356366a9d5bb0e80555da3aa31fb30e5c503b9","pkEm":"f64be0dbe9f5bcc5a3e9bdc34eaf7873f4163f98db5d00ce913af789013e82242b22854f66854ffb625f2c8ed02ddd46a04c7d3b48613f93","enc":"f64be0dbe9f5bcc5a3e9bdc34eaf7873f4163f98db5d00ce913af789013e82242b22854f66854ffb625f2c8ed02ddd46a04c7d3b48613f93","shared_secret":"6273e5d79d9c2d8db9e5dea73878a19991e7dadfffc37e4197a2bb985e58c76527e70e143cfefd57711599da2108c438a13ccfbed45c7cfb3c6ee6286d1a9708","key_schedule_context":"00a4a6828e50394582b8d4f101de1c624fecf9153b9e803944a8c22d8bf985a46840a56d0a67554a9ab9b5979a752796ba11b915ca3af1e418798f7eaa752d03eb4b04213a6327751ae97ddc9638f81e97f5aff8055b24257c74a7f446115b2be1496a2850f949347aeeda33a7c46057fa7a4733274acec5d1d58936a13838b421","secret":"9194dcb174a36a359eb17dde349a5e3e41a5595649decd9244e9b91064c8de29368636cddfedd51001e66c7ee7dc342f755757efca041e4336177b9b3b27c437","key":"c314fd0f6be845d33338d0c3df6a71a1163558082e44176ca0469a055cbfb15b","nonce":"e3c2ba06dec7c1f8a046c2c6","exporter_secret":"293c7402516c261de2a32d0d81facd1410a042999a9b3ef14134e130fffb59e6f539674fdde330d5f24e9c24d14fd5b8944040f04886c222e9e0f5c604f2a8a3","encryptions":[{"aad":"436f756e742d30","ciphertext":"e40cb667cd288fcd5aae7e691e35202d2f2d7a4e5a048c9e237cf1dbd5970893559e8e0fb08523f00d1720d908","nonce":"e3c2ba06dec7c1f8a046c2c6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"30defbd6bc8ec2ab827a2e7d05148cf0a5941cbbe4a925b92323d7df0a811e37296c780107d5ab003ac36df5cb","nonce":"e3c2ba06dec7c1f8a046c2c7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"d14121acabce4245081cc291e35d5f2fbd19736bbef7a4141434a3e18b0ff83b8968005571e0462a64045b22b3","nonce":"e3c2ba06dec7c1f8a046c2c4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"79da6a00596d80153ebc1fac08a15a5874b361573ed0c2a281b72b5f93f41b31ddb5824e7efa9948b21a399d70","nonce":"e3c2ba06dec7c1f8a046c2c5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"1ecad5b3d780ef9f6be90de9cc8681b1a4ae24506e170f91d729cfa052776e2a2a82bb13873b45109e90226a2d","nonce":"e3c2ba06dec7c1f8a046c2c2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"ee4fffc5e0ca32f39e7202963e3a88e1db57f909bf95dffe2436304651cfb3eca51cc7ff99cbe47662a5b9ae65","nonce":"e3c2ba06dec7c1f8a046c2c3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"54aaf7bf3dab9b4b328ad01b9aec483ce0c9337b1bd139c1e552ddbe470e12eb4514d7f087f16d0effd0cb30f1","nonce":"e3c2ba06dec7c1f8a046c2c0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"7cceb10b88655bf5b81d6d61e958a3c509df7ed80686e9ee33f83a13cc671d69ad443479881d0c6e88fefbc94e","nonce":"e3c2ba06dec7c1f8a046c2c1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"85b828bf7c58840a8a09e4f955ff100b5da4e65b1dcdc0a42bc34e4bec0886675822242cd8aaa99a06024f6e61","nonce":"e3c2ba06dec7c1f8a046c2ce","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"52242e3cb91abe500ff7a4c67d1e01b3cb066bcf9d77304d68f9b29de8c0d11d842d48d07046ed67dbcc07fe14","nonce":"e3c2ba06dec7c1f8a046c2cf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"d08f6cf70fd5d380d21ca0f8ccfafbdf20a6b1a45e4f145673e2e50f16c53c7b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"35a21a53733a0f7211d032cc9cf0763612898ef2acbc63694bfd5fe61e5e564b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"76317113f198add5398b74b5ceeb44ef955954d8d6021a6f61c1fba30bc49f70"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"110899af64167e3f643e0911884f1841e0c52d3607ce9248c6c161f85c6bcb7b"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5477ab51f582b7fe4574a3eb0e84c7c5f18ccc083720ec2db4b434601fdda5bf"}]},{"mode":1,"kem_id":33,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"e6423d7eac45b0ff9d5b642fc6d375f2960615175b4003d5335a242220da8ac58c1aec1d7e035fbea45c4f4b62b75de829b933c3039c7f50","seedE":"5b68c114f92f0d348b460c51f09e9e3e2983ac98e9194e2c6f15e44a6499cbf6a7600a73207c2629e5c8c376ec24b20bf82b4ade27c8e7ff","skRm":"6a47dcea0154d00c0c7a98a97e2dc614443d9436ae30e2c040e40a33b4d0e32c9d3fcc5c0e9484f5601c2d40ef51764b0d833f1232f69e8d","skEm":"58e42a04bbc17488211a7a089e14e89902852854285aec11000ec7ad805914afd695ebd9f3c567fda44e708f5a8f03a97b0147866338411e","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"c79d510841e470963352fe59e1130c59f9e6e3f2b8f65e3a82c1de892de33e61aa4d166086b8537f8daf742d562ca4d7423eef337310e0d4","pkEm":"9a35a39551c90549a40a3a652e642c62d51a96f65984cf7b036ceb791ac5c72076f4c997b7ff743a1b808cd55e02d5cafedd7a9328f8d740","enc":"9a35a39551c90549a40a3a652e642c62d51a96f65984cf7b036ceb791ac5c72076f4c997b7ff743a1b808cd55e02d5cafedd7a9328f8d740","shared_secret":"f879bf0832d7bc61a6d57c65b5684d2a754bc08852b48418e08fbcccd7b8d17028ee36fd8345b37c6fda187ed99fd9e1d10b627f7ac821d542170353ae139875","key_schedule_context":"01270eb32f1aa6bd1804e98fae038c96f1258a5efb64dd856e466a1b25bbc4f54c49e8fa12042bc8895415e773fb0f8e81714a217deaa194f326b96175fe8834ed4b04213a6327751ae97ddc9638f81e97f5aff8055b24257c74a7f446115b2be1496a2850f949347aeeda33a7c46057fa7a4733274acec5d1d58936a13838b421","secret":"e14d1170aa4c1af756abe9504c4f121457eddcca0f1f79b0173a686f5a22c95b8da9001efd88b7abcbde5057cbcc79c277befc112bc8c25aa77ef82e8aa06035","key":"01835374fe4557e0ec736c9da908ea06fef00c47f091a6c633fff452b3c95962","nonce":"e602e0148b819201540968e8","exporter_secret":"d4b6822ed504736cac26bab8d01887ad4b59c19cecdd7bdf7c0812062d4fb9427e9685c15bf9ad4bc051b1f8dd93ded54b731750c5aacf27dc7473dc9d15f9a8","encryptions":[{"aad":"436f756e742d30","ciphertext":"dca3e94e1d99849d88898109fddba983103106760f3ca3636ec44bfd0d175bede4b746f300602bf62561e27097","nonce":"e602e0148b819201540968e8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"798e33f6c48ac7736fe36fad6643d3356b6a4cb589de0e891ffe4461a32816ce6b2a68c4fa8a9c0c9655249d15","nonce":"e602e0148b819201540968e9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0c81b5a98f18645954d8cc3f1faa898185c9b7a64f177273ee0b425433d368109b2dcfb1dac2640a40d2fa548b","nonce":"e602e0148b819201540968ea","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1186422dbe4feebe1d445cfc819dc0d5495e541b754de94d79ee67a0d8754f5947ef251f3e97a3dcd76d28fa15","nonce":"e602e0148b819201540968eb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"e4664d96e7cb00030751b0f81a86f2f718f0f6d344148c589cd817d629ebd98d2b03d0880b70a2f2ba8de2fa36","nonce":"e602e0148b819201540968ec","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"607009cd53eb8e9645f8561d83e37825ec20429c06774aa195442b61fba3dc5c6b8c196337f4678f138726a507","nonce":"e602e0148b819201540968ed","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"c1fe6a5a5baf20a0268feb0fae4b92386811527b1a1ed7f9e08e6abee27c4502ffdcd188cdd310aa7c5b14db35","nonce":"e602e0148b819201540968ee","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"04601c093ee9ab4ab1e14bb053e13bd02eba7a47cfee60b8ea4de340dca576e642a6f8378e2cb812af4709cdc8","nonce":"e602e0148b819201540968ef","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"0782ae574a218da34ef2f73b1f4c8b0016177fbd037428948b2a299f0b1f8e6170cae28992c9fb6a0ff9f8d8ea","nonce":"e602e0148b819201540968e0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"6e0a4153994bf4ce2ffb2ded505983863177574c17c1f3c7753c17fdd37cc2fc5d2db35af0a741ec6537085db4","nonce":"e602e0148b819201540968e1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"dd1a7a522c85da3784758f1fefed178f831e057d8c71586f227324718a72a2b7"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"09d63098fefd60d4604ca7b12887154f3bc2d558c95067cdc324cd333f147632"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"29cc8fc16975032aa13449a4ac5fba39f3ec55c7fd1c9243e21896447671818a"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"fc50e4bfc4ad2d78082ff8f2e85fae782f990619076d1abbcfdf45c542c2a078"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"77e8d0dbc5cd8193a85b5efb9ff8c926addc0adf2e4f94032deeb0cc0132134c"}]},{"mode":2,"kem_id":33,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3d6e5522102615c277d119e8f277fcdbc9eda0c65927024607efc190b9d378408a456b65854717c86f0588407ecc5e1ce57db4dfa2480c79","seedS":"1c07a040301aabd3100ca6e094d14093c8d4bfd774d35aa201c84187418f64d4e48196bdcf8aca8f56f7cbbac75b3ccb5e6f53c230a70617","seedE":"ba747512572a5e1d5845b9342fc017663b0073d915bb2f4a3d532534229fcb8d61b79648f177456b2bb86483457b7a61c924cb5891f23bb7","skRm":"de386be1f5cbe675fe0aae18e640d49a6e33202c8ffcc3a04fcb221f9bb177c50c3fb4dbbe6555e6c472802b524bfc23e658089ec4e6e0e6","skSm":"8bf6c596f2eefd49c0cb357ab1d6665db85024a2ed150d8eba2bf3325c40bde35eb60cf70e417e74713c8f625cf1cf3910c837f39ee7996c","skEm":"52e4929709ab17982ab2a6a3e19ca2973c2f6c477e6361fa5aee85e8adf89bf4b7bad702566c4dfa9a988d3280a0d5469a8b6e5c475b13bb","pkRm":"5e719bd817d0e738b2b39b2e9a00cbb7b4e5b7befacfc286094d98a51944e9ff725006ec53fafbedf51a1158574912aff07a6c1013191ba6","pkSm":"db571cc1df7df6ef0534d6d607aabf32b3e68854aa6c6b246e7157b47719c314c0526d201aa9d6310f9519d0384e9fb6c46760100e5b2401","pkEm":"8817c337f6efd5aa756ea38f4b8c139812b0e719c6ac38157604fc04cb5d7552a57b760d1ff9760da6353cd4924c83306160fc39fca48ad5","enc":"8817c337f6efd5aa756ea38f4b8c139812b0e719c6ac38157604fc04cb5d7552a57b760d1ff9760da6353cd4924c83306160fc39fca48ad5","shared_secret":"121daf7d9e070adf4a5c5e64280585de0c6549f63e4a5f69fc8807e155ca8efa068b9d2e9a5eac517316487953a45077b6d5b74a223ca11f1730c73d2ee608c7","key_schedule_context":"02a4a6828e50394582b8d4f101de1c624fecf9153b9e803944a8c22d8bf985a46840a56d0a67554a9ab9b5979a752796ba11b915ca3af1e418798f7eaa752d03eb4b04213a6327751ae97ddc9638f81e97f5aff8055b24257c74a7f446115b2be1496a2850f949347aeeda33a7c46057fa7a4733274acec5d1d58936a13838b421","secret":"78abdd3a983347d4e16f7f17ae2d1e003c5068d6dde35074f325f28fb59d40066222e56e01b78970bfdcbf40afe7e970551bb52e496b5126ab43e32467d77f2a","key":"b4935f834fcd9de1e5c6710aabbf51340666d3d6247245a01f18214f24c0faf5","nonce":"054faf900de9fab0ae1ed01d","exporter_secret":"a0c5c7f46788f14d2871c35b4df7aa06aeec855a4fc610c8b165dbd6eb070da21cd4202f6ff37996f14bf3212df9007ec8f1b11c0698d9efc2e2e40d811a7b6e","encryptions":[{"aad":"436f756e742d30","ciphertext":"a488bb71bc42e68bbb9030fc2719f4e7e3148d126e3bb8471125e6562e775db5ea8517167e4b22f5998ce13a3f","nonce":"054faf900de9fab0ae1ed01d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"fc861667fff4be393123eb8f69fca1fa7002b0dc69ead7a7ca364553febea34ae2382ae48541570de8b98d1b86","nonce":"054faf900de9fab0ae1ed01c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"34a91e7eb386aa9fdc4ba14e8db2345ae38d6a3dcf4a673242adcb244abe368e8a95639945b913835a0baa82b5","nonce":"054faf900de9fab0ae1ed01f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"2a46ba4636614007a305049f34ddd53987ea15e3ed09258d0dbc63fba4a701d33b1488b7b96c581015a7de3e33","nonce":"054faf900de9fab0ae1ed01e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"7bb313f3995ba7dc3d7f70cbf351d67827b3f7fdeee745f79507c05364ad12e743f69d5c51a8cb8796d515f95b","nonce":"054faf900de9fab0ae1ed019","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"715064eef3e4629a8ed104b5521db7aa202d1b307f67bf825258d30a25e318ff5b0062a19da0182f662fda5c2e","nonce":"054faf900de9fab0ae1ed018","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"b0719c97014b1a904762a5ffacf0683e4bbba0b974364c0e170849b4860ec2357a8b2fdc928fd6c86538cd6c4b","nonce":"054faf900de9fab0ae1ed01b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"b0a9926e6fbff811ee2bf10c35a8f18b94662f04db78b503ea2c9927c998cc697a9c90667032d177eaa117e05b","nonce":"054faf900de9fab0ae1ed01a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"b124d983b1aa4cac12c6274f3b064f4870e07d4093e32eb359d764cd7117fa8a831435ad424f23c4bf4f05ba9f","nonce":"054faf900de9fab0ae1ed015","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"381f9c08fbb3c9bacd73eb87da10b3661a796d32e1d4ea0bc864c8c55768e504a01e42f90367cc0b2c695bfed4","nonce":"054faf900de9fab0ae1ed014","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1c44aebcd90ad6e2d7a36b08799c9d17fde40f3bc66bd8fa82ed2fc2069ed194"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"1089cf50f4536b1a9d1171c94708d27750c5a5200a760fefc9c38fe0945c04c3"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9c2ca49214fc81c108eba6fc10dff3e02c4be39198b8166b80aef4382ca2a92a"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"09bafdbb2b6cf1b939be3c0bef720fadaec2b32ca4b89eabf1fa50ae7f53f519"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d6f527d5bfe0c909cd1ad035f0d570d04681e509d4ee8c17f4e87fc5b4821bde"}]},{"mode":3,"kem_id":33,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"13521f68c6286bf84a882b8790b8e7ecd6fa0c743ff56e2e4ca3c8a9d3f41c921cf171073e03298aa29a5638658623564e783d639d332a92","seedS":"572aad7eb2ca9a1e1dcf6d84660882039087ffe89afd7db3504046b5ced7aedfcb6af7a6d3e6fe06147d75de82e518206745769436e1d31d","seedE":"12d0d37bb6c7a6edb44ca68fd62d9e44c00ab8c93c864fd7b2e8dac02a92f4ad17676d7ccd8ce42e1533916a63553b49d379c6b02d846578","skRm":"c10ba658ebf82cdc09c5f136cefe90f36eba7d96aa27f921f27dd36c1ed069263a70bb5e376702ba0842058842524267ced12a824fd3bbb1","skSm":"287d7fd3638cb7b0437e9981275d8fda6b51c2a46494997c44d466765e214c43d7eebe4c4c7bb318728ebacebd8afdc5c8d3147ab3389de7","skEm":"0954948e3ae5eaa8f18f888a4266b491c92db0ba4316e6d0c4436f6454440334402e45e1f8d61fef2292e18c49e80c88cf30316858b36cd9","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"35e190fb6f4cfcc75aa14fde61fa9b7896e83cc12efa86b90b8887f6138c72ee65a33b40918128324f103d5415980f440bba03f43c80431c","pkSm":"6d5903f60c73f0e840aa9c9e22bca71d179808297026e79057f15b297a7585cb395ab143a8942b69c2146c5c5c7c2963537cc82a604c1330","pkEm":"d8e656d733e728843310d95d4bff073d6ce4f15b208ecb21efaa8dc240a82043917ed010f1a8ed67d9c9d5fa66f08e0a80fd2b010b51d820","enc":"d8e656d733e728843310d95d4bff073d6ce4f15b208ecb21efaa8dc240a82043917ed010f1a8ed67d9c9d5fa66f08e0a80fd2b010b51d820","shared_secret":"728bbee83b6b180ce8d69a929060f725933d813fb2e6f132fe3f2215fbf522f72515f4a0226b91bcae7247070888368ec618a8d2674073c85744cd6ef5111dd0","key_schedule_context":"03270eb32f1aa6bd1804e98fae038c96f1258a5efb64dd856e466a1b25bbc4f54c49e8fa12042bc8895415e773fb0f8e81714a217deaa194f326b96175fe8834ed4b04213a6327751ae97ddc9638f81e97f5aff8055b24257c74a7f446115b2be1496a2850f949347aeeda33a7c46057fa7a4733274acec5d1d58936a13838b421","secret":"3a375117f246b53e052f84b35e843d32d415e5f8d3dbf3e5852ee75b323a33039ab7a983d8616cce9faa2496e557b2283f355533028f4d1d598d89299505fd97","key":"97e6608603090e1f010431046c5c590a5399c3bd94c5828c5685ff209b1b60d5","nonce":"564ae5511cee1c8bcce5d9f3","exporter_secret":"0d48d3bac9f44ee42652ed61c1529e2f74b2d020c9c5614df7d679a66c55115b34f9c2342ef7f6949b98650d05d2d4e0396242847f743dd856a1ab06ba772c83","encryptions":[{"aad":"436f756e742d30","ciphertext":"80f748d2853581eee2315e1eead8d58066a320508a793b280ded362320de3ce84d9e1b317a34a47dacfde861aa","nonce":"564ae5511cee1c8bcce5d9f3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"2a07e06f7b0a3261e43bb0733519efc33fc933d83cd2d6b2734a5dbf87b940c6dd6c9bbbf1d28b67627f690ba3","nonce":"564ae5511cee1c8bcce5d9f2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"108fafb8fbc11257c2ab8edfae59a1f4ebaf9f5ac6e5abf62da3f595aee74cd3005f6885912aaf2f0938b4126b","nonce":"564ae5511cee1c8bcce5d9f1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c8d08fda05476ff33db9877ff28d801543f27d4659112bbc18d3427faf5755415c686a9e58e9e9a97227b13f4e","nonce":"564ae5511cee1c8bcce5d9f0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"086fbcadc8c2976af4aa658049531700ea4db41ffeec2ce46ff6d7bebcf17c2d85f938ffb2130c1a0e5c1b0675","nonce":"564ae5511cee1c8bcce5d9f7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"30026c91c563736fee502d2af52721ca5e60deb4c7998ecb7b9e395e1b0da39bb43fa4c15b066c69bbd5b606f2","nonce":"564ae5511cee1c8bcce5d9f6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"cecc563b2b4a759843a4a3dbf64e4b542ba42e69a1865af19aeb58c18854092149806ebc0d3060c89ff901e0e2","nonce":"564ae5511cee1c8bcce5d9f5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"3fc8f433f307c3a141387700a48d9c775d491797ef9ed875340fc2b4a07b9c3c7973c6ef3cdd3a06254a59878a","nonce":"564ae5511cee1c8bcce5d9f4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a26dcf88f35d3af1b87e4b136776e356ec1a760b78adb5d475c322e615247fe6e9c29f27bb4f0e35a7c58598ed","nonce":"564ae5511cee1c8bcce5d9fb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"f82f662c006635b2112b69207e940a97960231c0fbed3a63c7fabac8785940f215cf8e4239491be4b146e3bf0c","nonce":"564ae5511cee1c8bcce5d9fa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"d1988a3f35413f8601aaa8d47a11d8212d9de4c5012686f6b9fe07babcd8b2c9"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"d6a3752296fc2780725258877b92830b9565662507429484bb6732bcfe51f527"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"5f61437060f9f4d682622b1cd29084982109f1a3fe01261c281b4f0950acfbf3"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e2d855fd656828026e74cb858f29b07f8d4517a58a1e577a20cd8224080c6bfa"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5bc6449b879f245814cf4e986cd6ddc70000c088e22dfdff1190567456361bde"}]},{"mode":1,"kem_id":33,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"203771c4e993533769a70d4b7f96140b423511fed0b9271d8f5c383fe0599c6c336181e51013dc72c5f2b7f7cb1c08167ddce6d739bb0f13","seedE":"a5d567fed542bae28f570c11f3fb20136d01a9ee4342ae081333696802968d13d5d5b2aaddea3b9a94ce91db7e1e80cb339b66eb9f632c96","skRm":"6302eedad39332878954936954a0967a6c8bdd96d90f1500aa29412e931f25499c6296c57ee1170c1dca6a06c064f0ef1b1e6ad42048db42","skEm":"ded888ef2b32a9ecf5b45d9d930eda1329e2de4e030f8cccff65337633b7a35885c37a7800ba5612507c06dac99d4a6a6dc0c99f9a5a0920","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"f2ec6213a3afb83c484a9cac28f4672b8e4e3aec99cb6b6653440445d47fb69252a0d18cf2ec8227ab20e2f96dc204de9203a83686bde831","pkEm":"11eed6e0d37b76a827a8a97f5d6e41b4c8cb00afecb0fa642b3e1c18502077deb72791b2bcd987b5fe28d1f7d8cedd0b9501fe72b5fe530e","enc":"11eed6e0d37b76a827a8a97f5d6e41b4c8cb00afecb0fa642b3e1c18502077deb72791b2bcd987b5fe28d1f7d8cedd0b9501fe72b5fe530e","shared_secret":"c2c9dac7864047d1cc0a0e61291af549b087701d4d17151db00ae59bfcef09623ead8cf4ca8a134c40e0c026014b55b13fb530d68628b36f9312f0ea41ed6e10","key_schedule_context":"01a582fa2066caee8eeec8b15e18264048512c071dcc6713d863afe894092c6c8bad26e2f209333569be9ed3562f8ce234815ad8b5491a602fb85fe52189154952328a725dd18e4ad29eae9417de74d3bfc492a53eacf6a587ea8959c3acf9c00167497cee7032b254ee92ec9bb58db92724f35310364ad193e684390be2bdc1b6","secret":"3c3b9b38496a06a8a5cad5ac29a74fae92bc6615de246812813d1525ea6ddce082068044c3c92d77648cb0b2551629d46db74194555cde3ace75180831aa81bc","key":"ac794528ef3eb085de5461ae0a8026b4856c1d8ce5ba008810a80e8f66d2f4cb","nonce":"1ff7899f246f0f9af99e889e","exporter_secret":"b8015dc47656c4aef70c76abdf8b97970908fd7457293db4e74cd346b408b547863cdf9deedd41fea403bd8cec519ee6a81260c7a534c6a4a75307e06932dcf1","encryptions":[{"aad":"436f756e742d30","ciphertext":"cb511f9085f04c83d1e75887f2844afbdd5e3c5cf2acd41e42743d443d980000d492b876c75187b5dc54301707","nonce":"1ff7899f246f0f9af99e889e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e28b4b7dc96131bfc7d039d969808d6a3412ca55313808fd7c64321e3ca058b788be97f56583b53b9bc9b6f8bb","nonce":"1ff7899f246f0f9af99e889f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"9e6f44703515e462464f8e4395a267431025c3e957a4a07850e1c0eddbe0fcb32c9e56d8ccf5ed25e4f69e7131","nonce":"1ff7899f246f0f9af99e889c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"2753aa6dc408db0a3e8479be15fc8a6958d87486288a6196ec5e1f387e6fb26553c48e311591a11215204b66b6","nonce":"1ff7899f246f0f9af99e889d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"610b9d391c4d0b70ce62e19764915ed7ffcd6f268b39d2742ebe92fd72e5bc230306aba3b1f53331ac1e06a296","nonce":"1ff7899f246f0f9af99e889a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"97107b5188b8e5e442fbdcd2aeafef978908bd62df010fa856ea2e68e35db87927a4556f7e6438179d2f717f71","nonce":"1ff7899f246f0f9af99e889b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"e9538213f043c636e2da48de7ae19ff0a43fc21dac392f0ebeb911c78a12d51e4b5aa0dbd6004179c5bb28d89d","nonce":"1ff7899f246f0f9af99e8898","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f32041f71470d1afca87718d0c80960a36675bcb9473946c940b24ee4ccf7f07b9595fee06724802bbbd6e39ba","nonce":"1ff7899f246f0f9af99e8899","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a66303b8c6b3352b0bea9c491deb8552e173e23799e01deba9269f35ab796781fb8f51e97dba9ee737f12f87ea","nonce":"1ff7899f246f0f9af99e8896","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"2477477a7a0994623f69d3e4c4a859e8cbb30b9eee775097a270f8a2cdaa0c49761c770dd2f7f783db7fd4c756","nonce":"1ff7899f246f0f9af99e8897","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"46249b43354819e5cb1a115a1a9f9b1c9130d14ad3a628e2eac71a5e14f2f062"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"0b2dda2ab0a7c37f725f1e6bc54c4a1d9c86e3b5f7a347b9748f17a43aeda76b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"30cdfd9b8495615090f2e8a40e330e38049698dd263efd6faa894d8ab1a306be"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"051fddfcca20bb7784400301ebdb0a299233000d3f9355f96251d844391fdb1d"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"dbeeb7e9a57691330008bbeb831a53a877f68825dd75288e18c618a9267d6089"}]},{"mode":2,"kem_id":33,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"107a25cf96d1648294ecaddc47b3d9a5877ec1ec9dafbb41ad8ba8644ccb7d777ca99262371d15fd7eaa9c345a1d91fb206dbd66df99ff7f","seedS":"99d1993004b16f164626b4c1f3f25383fd77c2a8304cc7eff86ea6af7885cf7bb49dca399890a87114a45e97620a1e946b4e7daec2743628","seedE":"b46feaf969180be4de42db779c3956ce5e8ac797cb5915ca3a07d7eec5ea45d62b4a38aa8659dda2d9f0eeb550368c8255d7c54bc187eaeb","skRm":"b200be2dd13e2084d53c0c3465f166a85d55b287fccc907229856b90df704232a420af978778f033c9501796e33e68311d9b24d4d042bbb5","skSm":"f82859859fa5d6fab67af06b9a6c24d9f8efd11b8364ceaaa9164038e0154c633813352276036db4f5bf222cb364f9a9c75ea1447ca04e15","skEm":"332491c052cba1a6ad7f54e8105ecdcd325d9f7bafeb380efe022321e7620078622e1caee2de1763d52d083b14cd5697326d87d3cb5c0741","pkRm":"13d56d8381bf424b361bec7f7f5b634cfd7aa79f5b6483bd89b7575e4e06679503e9e115ad3a7b9de365735023286433f6a6177079320266","pkSm":"9633ee1ffbb0104c746e3856f78d87c8a21c5b99c6fdb9137800a7bc4d5ff9916ee4b6bb9eeae59e78a3f88a33c2157869c77d40b4968915","pkEm":"21aa84c3126d4c27ce1a8465ad4b2535501ca44fd79cfe42d9a4673693fe9e5ae3a2d2d894a48fb944a042a2811daba49fd996ff50796cef","enc":"21aa84c3126d4c27ce1a8465ad4b2535501ca44fd79cfe42d9a4673693fe9e5ae3a2d2d894a48fb944a042a2811daba49fd996ff50796cef","shared_secret":"fdc7c9456ea7d9d6ba7021aebeb5fb1225e69779915e878b3079491274cead3a77e7649fa102a729b16f3aa23ababe9bd8ed07ec8752bc538d5fba69c2ff04ad","key_schedule_context":"02949d30f15a3c476eb5e6947de88e3cb3e8b5a45874d4abd686177b5afd9702da927cba7e52411e08576e4788f91c25697bbbc25c333eebb1511e6436d856cd8f328a725dd18e4ad29eae9417de74d3bfc492a53eacf6a587ea8959c3acf9c00167497cee7032b254ee92ec9bb58db92724f35310364ad193e684390be2bdc1b6","secret":"75f63552523fce4479f1dfecf63210b0b1bdc9f9bdabdcea576846130a86394402f87c0744a438149b1ec28a55a05538a2d34582342d1b28d7fa44074d2d3e10","key":"f90372666daa1121c012e830a66cf484e29d8dad58fd130d47e034821960a27f","nonce":"b79a0fd5c77efad080414303","exporter_secret":"60e5a5c31aa42ffd932eeece958296aa9ae144be70d64d1bfc90ead1014fcab4b3cc4b0765cc941ae70331657930581baee277233647c971699abaaa021470eb","encryptions":[{"aad":"436f756e742d30","ciphertext":"c01995470d656ad9a4b4a01ff698e8567c843672b5fa5e47629d47c284129947c0dd6b2090c41b492a40809194","nonce":"b79a0fd5c77efad080414303","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"60e070f64e66aa99b5f5f9dd78422ed9cef1366532097f20e364ba946e39110308986c36067effea399594758b","nonce":"b79a0fd5c77efad080414302","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b6fdfd206b442f117260e745482f35320512650ccc18a99f5132279900f03c88af9d1d70e54fd7a3d8b948f685","nonce":"b79a0fd5c77efad080414301","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"5fe3e78000c8e168163f1dee902e57c9aac7352137f2f2f9dc3c8ae394a1701df5148acf722d724176dd35607c","nonce":"b79a0fd5c77efad080414300","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"de0a82c62d31be9f068d50d45e30dd0fcef0129b9b25975ddc1b237ba7e9c491491c2e1c1ea95204313fd02a49","nonce":"b79a0fd5c77efad080414307","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"0a15d694b6c0044b97d9e388ef08438362a1db41d54f6b18b4068542e564718937769538c923e6f1260db692fc","nonce":"b79a0fd5c77efad080414306","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"6dc4924aa25126900f22924ab12f1ee0d70a02cc0af8dbe059223ebc23cddc5152073c5412fc4c0434de82aab9","nonce":"b79a0fd5c77efad080414305","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"fed47335231e6ec95660a6da9d613bba81635f88ea15179a6744519efadc55f81faed9e61280120c563b57235b","nonce":"b79a0fd5c77efad080414304","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"19e1b35e3ec9a91604a831e04c431aa37908de5510f061ffa1170addc47682dc28c9abab263ada85aa3fec64f6","nonce":"b79a0fd5c77efad08041430b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a168ad13e7dd3b6b298b01826d8049676f25fd2a4e8c74856d6494e122c5fb3aa62f7d98296df5b40b9fce8035","nonce":"b79a0fd5c77efad08041430a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"a3850a2dfe8335912be6f5a89591c68f8420211ec1d682a3e9173ad19984809d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"8dfe369c3da8b6ba2d1073a6bb7e55c7fb3478e6e653240ee39f4b3f388a065c"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"18a5ec9eb90a4d12ab25915b7ab624e492eb19d201062cd10bb5668bf03ca234"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"31f7f1e653a44beae7d14e37fe627d533808077c526eaee32ca3bdfd27007802"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"7b8e97b6cc8657fab07be70a2830ae2c28124a0b9c07c2a654cf0c021e40294e"}]},{"mode":3,"kem_id":33,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"f9efc7a4b82b54a3ddf6ece1d4f185d957d01f7c630e5cfc9d71d7d5912dac50b72d61df40b1d087391c452f029ea54c6c71a04325667b65","seedS":"6751ce992f7dba1ad48eeadd81a4d93c4c860212ce363f36c304f463b04fc966a69983f4ff137ce461a34c3a9d867c2b88aafc7b7bcf89a4","seedE":"7d9687706099aeb9fdcb611f5bc6d8f5875697bb435cbf24d97a603c1b4219e6a95c9be2632f1f460c9a71339b69805210cabe4250a6dde0","skRm":"dc410d2556a7a6db1e2c150f66110b8be961ad2337beeb553d5ed22034495183b6266f2eb8b26a2b60f3c75105593bf6094e16e640a0ac1e","skSm":"555402ca385d27e88558f4ec2b2d8bc5ca5728ebe4c298da6462eebe6b5180dc785b47cd205fb45934ea245f66397874acf653deb36baa97","skEm":"7af0acea9cd8085959788be327845ef74accd96e11f663045428ff3deed9b752cfdfa68296f8d32dddfb0e2358899335f1880dd51e0221cb","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"e4921613240e46b5c43eb20e09ebf8f80ef675e592765ef59eb3be1919867bc6ff658cdfe1b6c05447d48d984046fd0047a493a291e21bc7","pkSm":"ee59a3e466d468757ec8841a12be67933afadb8162b647100ab88decb10fc3febb6a4b15f5135edb4d19c0724936a9151493aae2a348679e","pkEm":"2bd17a955e5df3b11ab4e64eef9d2372d22b0055149c9ddeaed39f2fd5f81a4dcaa048e1674722d7ac36752da16bc5d737db0a671016759b","enc":"2bd17a955e5df3b11ab4e64eef9d2372d22b0055149c9ddeaed39f2fd5f81a4dcaa048e1674722d7ac36752da16bc5d737db0a671016759b","shared_secret":"0c0349678cf035512d68a4a81e13fd4cdfcb2d2932028ddbb9f901a6c39d96e221b72738be51b0278f715c7b6b5d6e5934687e033b33f08ed970a9f76bc68f76","key_schedule_context":"03a582fa2066caee8eeec8b15e18264048512c071dcc6713d863afe894092c6c8bad26e2f209333569be9ed3562f8ce234815ad8b5491a602fb85fe52189154952328a725dd18e4ad29eae9417de74d3bfc492a53eacf6a587ea8959c3acf9c00167497cee7032b254ee92ec9bb58db92724f35310364ad193e684390be2bdc1b6","secret":"e79a48c324c48585df6204a95d0d78e552b0a67ee82983371e1b43352005f34d4b0af8911fd4c7d5942bd2edf074d145028c31e2458932311359a920590b165d","key":"e43856f2d944c2039598af74c576aa4984ec466fa943245ef1704e6b74a78286","nonce":"983bccea0ce43cda86db0c72","exporter_secret":"cf7c7aa54ca8ce02e9435467bb044c6c4122242c5244a4a962582f734b49c389af17b5a170ab5a2452fb5059210e3dcdc0564dc21c6b25441ce5e1d20df17009","encryptions":[{"aad":"436f756e742d30","ciphertext":"40bbb464b661a4cba57fef131af2098abb53411990af9d652e80bd3fe83df47b986fce6456548a4569ba971268","nonce":"983bccea0ce43cda86db0c72","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"252cf353fba0f373241d4311fdbe6f2937ec330fbd1f28bed63e08d2c22acdc459399491dd449e8518eb91ea90","nonce":"983bccea0ce43cda86db0c73","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"81b3ec62aaab4df7bb45f507c3bd74bc4b35d804329310c8935c1ea9bcfa7954da72acd58769892f581d4f089a","nonce":"983bccea0ce43cda86db0c70","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"147a3921b060c8e3a854b4a118463aafe35e093a331eb42609a15d94eaf30c836595efcfb8cb7d19f8fa2698a2","nonce":"983bccea0ce43cda86db0c71","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d8e05d3d97cdf18214c4f28775d63e0d60d431ff53d172561ca5482648c92ef66bb2701ac973e86fd3aacea97e","nonce":"983bccea0ce43cda86db0c76","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"8edeed464c1af56e7b8f9921ffc1014945d5316e78d55d4159055daabe09a0ecd4265d700c76341814b180f99a","nonce":"983bccea0ce43cda86db0c77","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"394cecaf44ce2e2945458a9451252aac77d0261fc4b7d9c001001ea5edc1a2cdfa366603e2cf5215909537f327","nonce":"983bccea0ce43cda86db0c74","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"ecd094958bb028e50807ac880e9a89aaad3ec6239826cfcb41116c3f7001f6ba0340c446d6057a71b92379f08f","nonce":"983bccea0ce43cda86db0c75","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"359eb4f1404078b80644c8f5902883780bc99efd47210603f080c059c185d385a680b6719e8692a163e4c6ad51","nonce":"983bccea0ce43cda86db0c7a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"2a37371fba755453f4ab2bb34bc606ec53aeab3a2a48e0871f32a1c792c73b22c5ed203bfae73f22aad38d7086","nonce":"983bccea0ce43cda86db0c7b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"244d5a5a214d36595b3441761299b6bf69f7271402e57a5ff82ed517eecdd1e3"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"1b9cfd9b17e946e834579084ef304fe6bb2a41007ca80d0788b9d19e755be326"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"53e0a335b6e3565b7a9d274982874bb00b4fd6697b419832e481d39f74ea253e"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b717ff3452f194a17f8de5a14ec294070c7eb361accca60ae0a8a79771064dc1"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ef32585bad422663f1338a70cca5226362d1f814d7f99b6fb09b7082f1fc174c"}]},{"mode":0,"kem_id":33,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"e591b5c9c7f834294f02f4cb956db64b4bdf176ab2ac3de731f63e8a4bd7a5fc087841141925404aacc7fe26967c1382a43ac05779b75128","seedE":"80db21de690815eed8258d592e23f2b21d3efb9a79465c42ba7a29dc736c0f70b288f5629ca1d82222b3e686c12ac58e8db238b1462276f3","skRm":"66eebbbf3e982e501e612328be2ab056ea1b8c38a2270c9f93383e50606507593bb7e5d888ea0d748d502b77eed41c4349c200a96a6f428d","skEm":"6d6c372300b4eb582c9ff5366e722b2fdf680665446d4a6edea48438a13932a8224ce174746703d77a46802a837e42f1cb5e828dcc94c731","pkRm":"90a7773c8673273ef3e6581a337675aea8ec42600bf31f0b4b55e741df2b0e402a962283b0336744d96486e96a24992b4f4a4435a5222a9a","pkEm":"5e5d06141e78f7a94b6275dff0ecf6af15947cc4e99cbe408a9d20a712a939833acf526b30ee01cf9ec86fdf13791ddba7d7a70bdfe1ad05","enc":"5e5d06141e78f7a94b6275dff0ecf6af15947cc4e99cbe408a9d20a712a939833acf526b30ee01cf9ec86fdf13791ddba7d7a70bdfe1ad05","shared_secret":"43c250123c2dacc763874cf4030810517fd84009a8250301ade70fa30bdb81eb3f198f8f30d8868fc3e1326f34be4d9b5aa29aeb09bae4a0cbaf84889fa8bcc5","key_schedule_context":"00949d30f15a3c476eb5e6947de88e3cb3e8b5a45874d4abd686177b5afd9702da927cba7e52411e08576e4788f91c25697bbbc25c333eebb1511e6436d856cd8f328a725dd18e4ad29eae9417de74d3bfc492a53eacf6a587ea8959c3acf9c00167497cee7032b254ee92ec9bb58db92724f35310364ad193e684390be2bdc1b6","secret":"3956648a1aa6b44c7f559b6acd1a6aac48dd3272cb9d934d627539901b49807abd8211d490406d1f046987274bc239b72de06459301ae11f2cffedc7be326d36","key":"083d3fa7958a3d5ebc4f3cae94447060707f7b7a4da98a825a2e579d5ed93e8b","nonce":"12ce3d9d40c187b8377e0ddf","exporter_secret":"65a7401afb2876e12420969ca1bad97fce7e245723eadf3281b66450a05d2378076189e5660f6bb5631c439db805a9ccafd34edb0317d2fa902117e6b6ec1cbf","encryptions":[{"aad":"436f756e742d30","ciphertext":"6f01de655a40dee69a07370b51d0f1183b4603881f30388dc598364d0b860411146ba44b769487388ed1841a6d","nonce":"12ce3d9d40c187b8377e0ddf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"dffb2604362e07a5a22992483b68d94c879257f3a92e3158017264de2dab8b332270b1143f01f62a57adb0bcab","nonce":"12ce3d9d40c187b8377e0dde","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"489924221b016f04fb2c5c3fb356a1343011b901e0cf7bb9fd036251f3cf99b7f20926c00d74b6f882fe513698","nonce":"12ce3d9d40c187b8377e0ddd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c3b3e6d57c9233769b2e58a952ac1b80449deeea83b84fbe2656882ca8e942d74342f6732a57f410ac846f129e","nonce":"12ce3d9d40c187b8377e0ddc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"0fe25dd70dc35f71e0e297843c5eae558e3b3d2db4ad335c58362381b0e3eae008c38c13502569dd8a06c30b3b","nonce":"12ce3d9d40c187b8377e0ddb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"5d78285b136cf2fb07d5dfd0233e8c7cbdbd251951d3f6b9e1bd575b30e3274ba5845ae17cdb060763d0ff790f","nonce":"12ce3d9d40c187b8377e0dda","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"20a9adf213dde86c2074783a95affc055971ae0ac87f61be5708f1eabf8e6f00762f2c19beb61f0944689d1a90","nonce":"12ce3d9d40c187b8377e0dd9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"a5acbada7a5d5742c44962162d76d85e6b1534f478ebb0e125ce9302783ec3f5787993cc4ee844bea8b7743bc3","nonce":"12ce3d9d40c187b8377e0dd8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"9f92ff892bc47db0e3ccaa0eec402782fd7dad2b4cd050f90331dbadc102589d683e3f2eafe30eefc0549e0c06","nonce":"12ce3d9d40c187b8377e0dd7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"19e688f8514230b582d2066026719221c60d5f0b88d7370b81d002b8ec7e98bdc17e8b00df50a2914a41c24ffd","nonce":"12ce3d9d40c187b8377e0dd6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"62f8798bc12e1e26b665900a143346a7c2a2e06873917294d7e58330ab827aa8"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"8a217709de572f1ce94f03033dcd71100a2dca801f8595ba75ae05cbbdbb2f69"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"95146fca21cf8e83a25c7c4b937c3bcea09ef110b0cb36c4c01c3a54d59557cf"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ae30213755c43930e16d7fe7c4a36ea651106ce4c267411f36ed8c87f4033272"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"563c82e453d51898bc0495fc5aaa04926a5b518bfc5c1b5907ab8ebc92219d0e"}]},{"mode":0,"kem_id":16,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"67bc0b8ba01fd8a1526d13c803d4d9ffe1a9914ac27e7a6c925b1580893a8485","seedE":"616ed5a6277fd3324e0cc0f4349cd345b0adbb1ceb98de44c03aab083fbaa6e6","skRm":"3846bf6b40f92e3645c5a8c725ad44354c59187b59140c35497b339a10d0beba","skEm":"d37c52c07a637e858ceeb0fa8b972307e07b17218d99581cf46a88f9a3b2af73","pkRm":"04f79409119f58d542a8e4f8ad6fad6394f83c39d34496d990357e30dc0b38a8d8add95f8f4ca7feaa7c29520632845d36fdf94e73cb038a59be020f82b93fe141","pkEm":"048a0c9b27c844f5f1c6a1d9d570e34909c6359997b6acbd8132f1536d1f7685ff0d203f205dfe4a789e4af3f599172b613d060c80d0e1341f066a87c0f83d827c","enc":"048a0c9b27c844f5f1c6a1d9d570e34909c6359997b6acbd8132f1536d1f7685ff0d203f205dfe4a789e4af3f599172b613d060c80d0e1341f066a87c0f83d827c","shared_secret":"5f175bec391524f0153b05559212adbc2f5d6981b95a5d53fa7ed58fe5e156be","key_schedule_context":"00c14ae6a0da7c6764c62eba270ec0cc28b5b568b4849a9b59425c08860800fad8a633c96fae27707d2cfedac544e900a8b52a016cf86e4bf25a7d350fbe847f8d","secret":"f753e6728460efed42ca308bef93e8b6646cec0252a0154d8310984445bb0629","key":"d0696b5461fee5620d54f33b04a00f79","nonce":"99f33bd3ad9ad334b17de055","exporter_secret":"f79e9a0e83b5c678cc0c9240b68fc3a84096ce374f37673ad4ea345ef0a3510c","encryptions":[{"aad":"436f756e742d30","ciphertext":"0d77ad2340cc7af125fcd7f4ea63bca7e857d774d08365eff8c7f63091a5e5aebca4721c854579b11149649209","nonce":"99f33bd3ad9ad334b17de055","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"90260e86b560860d0bf7bd1273bf7b6f4bf43aa94d475c93015c5d5b536aae7631227968ab1aecc337cd080988","nonce":"99f33bd3ad9ad334b17de054","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"fba616306cbe53eb8faef059a8d39947102a037c2e5bfb6b770bf7241576b74e197ae6972c39177b8393e4bece","nonce":"99f33bd3ad9ad334b17de057","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"2f4681e2af177e92b34f7e2160507a629119c6fb70c928f64a0e65e07aca151cc32dd3fdfa3f7932bc46626706","nonce":"99f33bd3ad9ad334b17de056","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"ca7c1e359bb916ec8aed3a10bd2a703d044af6a1a1b5a8f8bbba63141f35ca7c292516bda6c97c4bfe85333f6f","nonce":"99f33bd3ad9ad334b17de051","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"7d878cfad5124f066fdc229349bf8ab1c82015a748a35e00fbec324602726871759838c64d132aee8e9e0a772a","nonce":"99f33bd3ad9ad334b17de050","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"b5d9fb5376c667950032051e67a5c981dac6a3fbf416fe28e98d87d075ab71151eca8a3ebde0d9532c82d6120f","nonce":"99f33bd3ad9ad334b17de053","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"7bfedf8a3d0e909bb8b7d894d0b602f50900cc4ee7e10e94480201b0a41405f65bdbe549c76d82fbe36df309c4","nonce":"99f33bd3ad9ad334b17de052","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"dc922098754661b41651d1e254cec89890ac0e76867bf9be2702a2dd1bacfc393abb5706b8743362ce949e2a36","nonce":"99f33bd3ad9ad334b17de05d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c6613ca71e6951ccbd3a3c2d52b815c7d4c284fcbcad506b89d21a49d0f812079b515aefa52d48cd2d8164810b","nonce":"99f33bd3ad9ad334b17de05c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"23fe2c722df89643d0987e657da15f39c7548e273cd17b469721665b212c44ce"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"c29c28d8f6550d8f8ed4a36fe1e3ed98a1dd1f075d97b5ce0eed8298bea8c035"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"a3d75d106a706e2c6f5515e0d423aa8f6596b903f3996ece7762f43e9bee28c7"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"fd588757856a2fb1d63a80c5151d389c41254120a1cbd2397c9a31c1cac3249e"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d44987f0cc98d2366ebc0ae856e2abd15f7112fd6b40e6cc0d8f009fd0e5759f"}]},{"mode":1,"kem_id":16,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"236ddc165201cb79b2d8c7399c7f6e6e8cc4542b2fd1b75d107875db2b89cced","seedE":"8131f719cf2d1f5263da51e133876a99eaaf5d5fb118bda64ef12ca6fa40f987","skRm":"725658a8e129bddeb7b6769634fa7d64ead6277488cb57e88e68dd77f5cda19b","skEm":"e9338b646027098a903c0c5f66bd58fd895eca90e171e55766e31951cfe6cc39","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04c5a0bfad2ebb4c7a7d1ee2f56cb2503bcf73c17b7239bba0d23b6910292f162ea2466e2d0ec5ee4aa52d81f18870dd2723f288bd87bb98ad314b3b1a55e1a3de","pkEm":"04df79d22d7cba95ff448cf84ffa01cdd87a68c9ef70dd926fe164a76d2cd243036f3a34e9bac0725406fcb46d7c723248e42c3b329bed5bf8fcaa47d87d9d3e00","enc":"04df79d22d7cba95ff448cf84ffa01cdd87a68c9ef70dd926fe164a76d2cd243036f3a34e9bac0725406fcb46d7c723248e42c3b329bed5bf8fcaa47d87d9d3e00","shared_secret":"1f245a22765eaf94b3a76463b9a248941078d138c3216acfcbd1d25f8772afda","key_schedule_context":"018c27d3410cb79f908302ae06a67ad4c6f971cc37f64c23807cb4de4adeaa7d76a633c96fae27707d2cfedac544e900a8b52a016cf86e4bf25a7d350fbe847f8d","secret":"fc6a6aca6b179515d69086844efec0acda07bd55efd50873cb46fb811faea941","key":"89fb75a38ba6bab89b1a8b0fc7db366e","nonce":"00b1c2de64b6a56a51921d56","exporter_secret":"cbd0d3b0ce32cc4ad834a0e81cecd21ecba042a0f4f25ae839a1fe95e56b89ff","encryptions":[{"aad":"436f756e742d30","ciphertext":"75e82c5e991af745c380557b2f03f793dde5f4a78b3bf31429735aebbbd881580917e8a489fb0da3b081444319","nonce":"00b1c2de64b6a56a51921d56","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"bc7e436c6435634a69147dc20e3abae51f2c02f96ec2b198138b5e10e28420cb45a7ee149b1d936154ca320e08","nonce":"00b1c2de64b6a56a51921d57","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"bd020f02b8eaae481e512bfe4969b2b285c636f756c72d70022f31af52bf00692c57264bb214a412ac8fb1b965","nonce":"00b1c2de64b6a56a51921d54","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"a9f3741535b1f99ff328a857d2e0231ca11078afd787cf8d267fbcf224820a89f33a30b672bfbf7170bf958a21","nonce":"00b1c2de64b6a56a51921d55","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b1ff4e7b8ec452aff36b06c5c1bcf7e4e1cdd3211f1516ce752366f1b81d5cc813e4d5e2142239afcbd1a75f4e","nonce":"00b1c2de64b6a56a51921d52","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"fe66cbc16ed4829324352f5183b6c456477f2ee6af0a31bf2def8bd9b0a2c242403e4bdd6144f965a1299fa6c4","nonce":"00b1c2de64b6a56a51921d53","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"97c1e8908fabaec4bc83efef957048c2baf70aee75f2d46386f446739c6b8dd5778e01dfda7f11ca58e660255b","nonce":"00b1c2de64b6a56a51921d50","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f134462139d6cd110a14bda61aa16eb359d2b585f2fb45abc9b23ec8871b6a1eb9acc44159cfb93cd7f40a05a2","nonce":"00b1c2de64b6a56a51921d51","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"c989f5d31f2609fcb643c706113104c2f3b48f7ded406b42f02cf394cd9ea077a7e9ec7a158f25a3aabaf001ff","nonce":"00b1c2de64b6a56a51921d5e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"411f0e5327416e9f01916346a2c0a242e946dba349f05bd10baa5787675ffe6dccc5b05400bab94c9ea22c0973","nonce":"00b1c2de64b6a56a51921d5f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5442920c851a483c22402c95e872d21a6145286ecf8f1406711d691d15874a44"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"8ffe3f22d326b2164530a35ab50420dd36cab7d2941ffdb9819858257c18a9fc"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"26d98b7e5e4ee486411687551d6be41ea07316ee975e552726aa80c8bb23f734"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"31eb98cc4dd527c04c89784f17bc0d1e9c9717b25ea9a8559690a8faa8dd34b3"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"f4e7d010e2b9df1329ff819d24209c4c3d66b7c80f99aa61bf2a6ea08869717b"}]},{"mode":2,"kem_id":16,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"740a67dba29760f8d95e953a1ae75fda6d5eede2a41c15f4860b5557d4763fbf","seedS":"174deda86fb885b78e5ef8ad158be3c38349c5322120f03ee9ddb6336788d8ca","seedE":"f9b977313fa3cd4dd8637307fc93e48093ab6bcd45781ad9f7a79f5f0e379bb6","skRm":"c66e74f49ade18cd81aa612cf8e5363ebf0da7cfd06f07ec266f46c29e9919cc","skSm":"7e8de5af9ea0240a8638421db70967ea6a1d610d5dcb6faec575dab5d6079a8f","skEm":"d1e640b7630e0ba4423a4ea17fb1fc7976580e31048523c5dfdf7c78ed775aaa","pkRm":"043902c8e06ba874cb4eff0db4bed84ecfe3afb85e837308c4e87ba0f41bea35d56c17ea6a72ab671aa513ecae24df1d03bf976f670ad13e6bfbb3ade658d14dc4","pkSm":"04a5db098f6637ebc548feabdb9564d52e52db469590d6d55b6572474df0e8007471493bca84c4d152c2682166cc7e9825849a7e1a9f162aec8e6a773760682911","pkEm":"04686fc26c925890636fdaabae3434af53172035f7a191bc21fbc7ad9161ee1673c0e6b61d0c4b2db3140d622c46c8e42fd4e10fb48b4fd522ff59f795659a5b13","enc":"04686fc26c925890636fdaabae3434af53172035f7a191bc21fbc7ad9161ee1673c0e6b61d0c4b2db3140d622c46c8e42fd4e10fb48b4fd522ff59f795659a5b13","shared_secret":"8e1409be7adea332a36fbf29bf8668ae13d66cfecf5d02e8d2cb2c16950af36e","key_schedule_context":"02c14ae6a0da7c6764c62eba270ec0cc28b5b568b4849a9b59425c08860800fad8a633c96fae27707d2cfedac544e900a8b52a016cf86e4bf25a7d350fbe847f8d","secret":"35cafa2133584ef110a63010be05bcbc32fe5b5985f5b62ae94c07cd3a844ae1","key":"40eef365aa0dcee18cb7d16b0d24e35d","nonce":"a5f0d2f22f3e404976ca7b1b","exporter_secret":"162a8e2af6ba4e66e110b8dca44a076f49d4fba4614540341f4013159eab5e69","encryptions":[{"aad":"436f756e742d30","ciphertext":"1e9233f2b21834f72bc2b23173b107770d97092d1fc57960aaf0d011b1bb8f1767d6ff8cb3b5bdb857168260ee","nonce":"a5f0d2f22f3e404976ca7b1b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e870727eec0872dfc176e3d48e894a6fd23c560b2f7c097febd70cf819710e8a0c30adfe0a1d740b5e42d09325","nonce":"a5f0d2f22f3e404976ca7b1a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"1b28bcf1c88146063ca68a999bee8b6d339bf9ec9ce1b22aad255abf96b7951f0d14db39d2a7042402d2ff3b41","nonce":"a5f0d2f22f3e404976ca7b19","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"df6d0b7d3e15eeda33e63942f9d5e60e64ceedcea2e19b0fe41c7a7df0c4c7a4ee4e83bb49462722fc0780aa23","nonce":"a5f0d2f22f3e404976ca7b18","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"10ec221a706669d206e4fdaffe72adadf4c98286728aa58b91ffea2035179ecf97677723a814464d6c0e3220f5","nonce":"a5f0d2f22f3e404976ca7b1f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"98f6093648abbedf6e20b09b67b7d85ccb3d5fc37a604ad55343576cbaa639d4dfb4819591749d0a727b5da868","nonce":"a5f0d2f22f3e404976ca7b1e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"0201aba31cc93a603a390962519da378d3cc7db6bdaebd9e9690e0bdc26833d112099503f27b002f9adf377c9c","nonce":"a5f0d2f22f3e404976ca7b1d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"b4f9e059f243342d3de4aa73eeae2e191c55377f58bd6f2487d1ccfce5739ac084167dca2c4fbe4b04728e47ff","nonce":"a5f0d2f22f3e404976ca7b1c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"1482376408b564b4d856c52843b325da4f1d8a0a10e6f455be96c1c3a13401877ece5e387657d87ec135405bff","nonce":"a5f0d2f22f3e404976ca7b13","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9df3134f355f41dc559b2ba228fb721a249bb81311f67a0b74d6c22cf92cccd28633d756079c84bc9728b3ea44","nonce":"a5f0d2f22f3e404976ca7b12","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"bef66b4290f5ffc092c61b8f92e7bf504329e5edf28b850d80e0b4f9385a077b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"52480991a6dad93f4a82ad346de990cbc66e31e2e9e0963bed53027ce4c7a769"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"f12626be2223e055ce3c151faf68731e0dd895f34daf7cbc7e44cf87ba313f5f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ad2ff40ccb7744209ecc48b5e0bde903b79497a3bf0ee4f9ac92a525907f2e71"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"80ef89f0569f4bf789fbba227f8e631c23b6766ce6d5a3e2462570746b5cd0ee"}]},{"mode":3,"kem_id":16,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"85c7ca573ca20cffc0db7748f2b93a1faaa951aaedace61a6cc0b15755cf7cdb","seedS":"adfa10a0be028fec577fc0d8da73b3af3f6c8d96976ac3664b1a191c8ef0506c","seedE":"ac7928bd504449496e56517f59ad30ba62575c3c328864340247d73217823bb3","skRm":"bd739bdaba378bb0592f5ff599c14b656391c6d4f56a81017013fac0e12506fb","skSm":"d9d39ce984847da21bba54983f8ccc259e65904ffcbd9698230f8a7d446b1e3e","skEm":"c2b0fe035a29b73d57c462aa2ec77f80b997b85c062ac7311fe8f6c04229da5b","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04ebb2396e02ce2751b3cad1278f4c3b63e416dc8b38856907ae8192c59d0c12c95c599cecaf75995d14735bd070c9b5b2ba1bad45b4d63a6a275a84e925529dae","pkSm":"04751aa130b35d9b3b1d305d165f28ac9c749788a9acdab87568f30e386b59b2b4d617cca80c9f676dbde2809b428fbc58d862723950f8e2408f466b5b4c601254","pkEm":"0435ea0b3e1693ee6c10ab35b0d6a01d9c6879be1ca8676cc2fd16e94b622368b4125f4528deeb1d32dbb0a9b815341ee6dc723e00dfad789a46abc337c0cb2d74","enc":"0435ea0b3e1693ee6c10ab35b0d6a01d9c6879be1ca8676cc2fd16e94b622368b4125f4528deeb1d32dbb0a9b815341ee6dc723e00dfad789a46abc337c0cb2d74","shared_secret":"acabc837f0148300e7264c7bfc597ce119a5a77c51eb091fb943573cafa69ce2","key_schedule_context":"038c27d3410cb79f908302ae06a67ad4c6f971cc37f64c23807cb4de4adeaa7d76a633c96fae27707d2cfedac544e900a8b52a016cf86e4bf25a7d350fbe847f8d","secret":"dbbb9e2244449b76d56b48a7c8257f8b03e9a5948fc382528ad4f8464f3b8ee9","key":"51ad48b07edc1bc355bbd8ba1288f90d","nonce":"fa9f85cd9f4e97cc5655eeee","exporter_secret":"25fa7177ee5c4686f095fc5c51d2ce5c5871a6d1210c3e345fe4ba2fc8febbdf","encryptions":[{"aad":"436f756e742d30","ciphertext":"bab2fad2725ecde8486e17afb2ea44d908c023f80ee2592273e8ca7a25367c946d318f3bf241038f9ebd0267b3","nonce":"fa9f85cd9f4e97cc5655eeee","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"63270c658fe7f960837760b763d487ba9b663643a3843399328aa90d06a19046e76b6e5a23460dec758b41a03c","nonce":"fa9f85cd9f4e97cc5655eeef","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"9ee05381c12b4ac0d6fdddfb0efaf7ebe126474af24785af7ead4730b3382155a7924996410f42905b05a7a3de","nonce":"fa9f85cd9f4e97cc5655eeec","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"02e38fd178ff2f481459e3a60b1386db354956583350acb3a2397375c480d95316d544ab903c0aa77493f8d710","nonce":"fa9f85cd9f4e97cc5655eeed","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"971ba4154f709dcd45fd46b3a7cf53cfaa34ffcf8758c7bc6beea9e91b5725cd611356da09dff633517c9284d2","nonce":"fa9f85cd9f4e97cc5655eeea","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"3e07e70884c881a61a71dc6534f10803976e135390e68f89e3c5bc9b62d1bad26316ab86f0eeba89e7886067bb","nonce":"fa9f85cd9f4e97cc5655eeeb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"82612e965f1b24d5b4ae7354e6e1be78994ff185f58e2027ee9595c931280809331d6e9ad09a2656f4d527d207","nonce":"fa9f85cd9f4e97cc5655eee8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"2172db33f3f7b1147be2948077b40872f2ec96f2fb720d0a7154e4f57fc4d85ff3d13f4475929431036b5e5931","nonce":"fa9f85cd9f4e97cc5655eee9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"4683a2c815d3c5ee7dfe92afa0a7262ff082805f38d695c04d4697ad250afdac79dbe358094441520f6f8a7b20","nonce":"fa9f85cd9f4e97cc5655eee6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c2992dfa7a64a715337b76d77ad991735657a958abf68a5c804729589820862e5601608c74081fbd286d868cb3","nonce":"fa9f85cd9f4e97cc5655eee7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"8c0ff21900045dc8038b2f69bed5f85d9a9d7031623149e821b74efa9e164da5"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"ce1ba1ce64cb38b8e67ef8835544069786582ddb831c460aa77cc7c9ebe3b8c1"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"c8222f0acce675ba4e952f9e029c640d8b51dfae1b86348c7ac6c6d51709b0f8"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"0634a1b9044df8e24c0c850a15f8d4c79800481612873d4a070d6886e8aae447"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"bf7a694636a4fe4f9b828ff82581fa0f69dc753daee777c0160e50d6c0b87e13"}]},{"mode":1,"kem_id":16,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"30144dce90e8da40cef827ef2f5be9d50c0758a092a9ebf9e5c95c255f2600ef","seedE":"082b20a74ce728004bf1f21037f02a53f49a1ef8e4bd4449d3cab2dd91365703","skRm":"4ca804179924ec5ce3e4839e194a98d424e55815bf178c9a2691a78775e30b2e","skEm":"cf79fee656566beaf32e1bb840202b8103b698a8f305bb59ea4f4ce020571e74","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04081c74b6d48bc97867816b5837f617ecab50bea0e15d37d95c143e228d81bb504c52e21596b5287a887f6b17b6e93f58ceb9d5a863ac726238f5db9d09261f74","pkEm":"0407ae51ebaecd25784773bf391996fa5bb38593c869918d0286bcfbcd067e8191c074311f438cad22a59c10bd648896b08f78e8ead4661f0d5c60f53545197e9d","enc":"0407ae51ebaecd25784773bf391996fa5bb38593c869918d0286bcfbcd067e8191c074311f438cad22a59c10bd648896b08f78e8ead4661f0d5c60f53545197e9d","shared_secret":"b4ae820185593e14a33a61ba879702eb8ff6906c5d3d307ccc3b535b53617afa","key_schedule_context":"01f433726a9b77cd11901b221010f824334953ba3ab86de05ff8f8ae23c35a6a58db5dcea79c6245a722348982ea03da56990c996747fcf13675cc980bc9bcaf6e","secret":"fd084a5369bd4d1974ff84f5739023b5a86a609106c36c19a16ed428d04bd9dc","key":"b870b956603b57888d9de6056c1e446c04d30cf24a02289c0b9c51b8ac8cbcb2","nonce":"499c4881497bfa644d8f023e","exporter_secret":"38f892be4c083cd8d677005c7da627de280064b938e61b33431aac49c62c66a0","encryptions":[{"aad":"436f756e742d30","ciphertext":"7e8c562381211392f26007ec7161ca7cf062e6fd1abea253e04f98a67ff09a82306b464769cd9e9715180619ad","nonce":"499c4881497bfa644d8f023e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"679fe5a4c5bd983361253da3b0b93056040fef90be39c9324426ba3ca1eb41fe7822b0fb324e3775d89abe4858","nonce":"499c4881497bfa644d8f023f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"1bbca910e45c68abfda87b6447d5c21abdca9d290209be2d827bef0238a01dcd0ce400c31e30ed7c62f5e1b7e4","nonce":"499c4881497bfa644d8f023c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ec208bdc6606a462543045cd19763e678f8bb040d7905a552139f4d8dd99ba4c16bfa4c620846ae9a40d3193d1","nonce":"499c4881497bfa644d8f023d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"33ef12322d760d611538c45b33cbc9334685e7e27ca310e148975d7c29f4b8544aa6f734994c8634d42fc5b31c","nonce":"499c4881497bfa644d8f023a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"3e887a4c6b71d4a540f975f5e05b3ae2c39aa7da55a8496e1d052509202db83b51277d78e1d31dc55aafa9bc0c","nonce":"499c4881497bfa644d8f023b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"f744dac9626c7d42a92e0f98c0472799dc7852b3fa230ae49a4cf119262699a9acdec511647319d48b26b0fb8a","nonce":"499c4881497bfa644d8f0238","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"6076f477c136f311a0504ffbd6644cd8e074363c4379bba4687dad04ee292d2e1549d0017e5c07bb0e2a1d79f9","nonce":"499c4881497bfa644d8f0239","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"19ee10fe30db22c18c092174fb45cb933ae5da2a7abe9824b63c6ebf49641ddd5ab7a2d886246e62a6ba98eab0","nonce":"499c4881497bfa644d8f0236","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"4dd35263c4f03dea7f4a329fdfd567c48ac41c628d2140b3f4c58ee6450a82caf6fb5fc0ad6cfa1461e77712a8","nonce":"499c4881497bfa644d8f0237","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"3e7814f1992e9605e5d36ce870cc62552bedcbea99ea0792999f98ae345315cc"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"26280c704d05f0f2129025cd5c321647d255795130846b98285191f7cdb820a4"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"e17451c393f84759bee24c1c2fd8fcc14b52bcb9c0fedf25a2d90a782931a0db"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"dd04432150426fc746a820d6ba230fc9bf6d0ea8dd270709a0063f0efe1d89ec"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"27a8caaedc09099b676894199f00f9789593a098de8625ddf3ca52c19d58a41c"}]},{"mode":2,"kem_id":16,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b258f3438d53965ca6509d83efb51644d61e966dec8faa14af7ce29ad82e82b9","seedS":"c35e474e1c473791dd85f2fda49ca3e3910fb9b09cf6bce5367bfeaca1dad2ff","seedE":"b93135d53fe4203397e25ea009667164eb3a0cc9482e9457b32da083f65ba10a","skRm":"ef9b18dd12df729e4a10434388ba9f40aa0d0c8ffdfc655af4a2090d4947c215","skSm":"fe4eaf760e1ee90b102011dda46b705bba1a10c75e9f6b0b1c93f07d721aa111","skEm":"e691594f3a9aa3f0b85e8dd336725375485780ca8eb1b991b94c885aa8953941","pkRm":"049bf3c8a0ba5ea99503c48ce1e029da503372385b106ed5105edd8b52fc04a02be2939b8f57c49fa41940fa09bda683ccddbbcac00e1fff77c7b93a75c9268d04","pkSm":"04dbf2887090e0477b444fed9c4fa580bc9bc4dfde5f6e286142049b7d10fe0dcb252f0cab73dc0b2287a6cfd3376a4d2214844d0ae78d39a72c0decf1df2a5828","pkEm":"04c6916f797d69eea4cf9da98adb1c6883f10c13f39b3cf2ab32bde11526642b42a54ba47a54987e242ffdc769fc3ec5dc457b99c3526aa58f54fdfe3ba700da64","enc":"04c6916f797d69eea4cf9da98adb1c6883f10c13f39b3cf2ab32bde11526642b42a54ba47a54987e242ffdc769fc3ec5dc457b99c3526aa58f54fdfe3ba700da64","shared_secret":"cc630ea984e4d32bf5a9c90e236375ce0753037136027601d343cb25186d891d","key_schedule_context":"025c92bcc6813ef740f5d927446355965dffa6d842897d6b73339075d9c87a658bdb5dcea79c6245a722348982ea03da56990c996747fcf13675cc980bc9bcaf6e","secret":"b710085fdd1a9a0dac16a159fee7cb4b105abeb9c0a3abb5af391ac19db2187a","key":"1544ec15a7adbb2d8bda205e4dc82127c6b63a037f1f117dee0c6862a7dd9e43","nonce":"ad3b03c3c6282908a04ac078","exporter_secret":"acdca5cd2ea7bdc6dadd095eb9d3d76f88c1b705061bf8e98d2b7d326fca135d","encryptions":[{"aad":"436f756e742d30","ciphertext":"a28d64117895ddfc39811e35930441c1113defba7a46561fe594e9c5bce02f365e5ae8432a3ffb3f2a1cb0895f","nonce":"ad3b03c3c6282908a04ac078","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"81d3036ce78d8e8f7b67b253ebace6889d031fe07c8529cf59b7784e450248a496ec5a301922f43481c35bc970","nonce":"ad3b03c3c6282908a04ac079","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"69ba30896cbfdc379ebd8dfffc0afe23168abac982db86d3e4592320dfd65b223dbe1c643919132d9bc8d162d3","nonce":"ad3b03c3c6282908a04ac07a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9b6b9e77cfa6af14da57a0ad719079545f7f668ade4026a678222f0c6c9f68748b01416a54dbecb57ce0bc35b9","nonce":"ad3b03c3c6282908a04ac07b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2816f4209315267c00ff92203db037b4c6c65e846a3f92efc35868f7870d3cff2923b81d91d197e6a8763dcf20","nonce":"ad3b03c3c6282908a04ac07c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"5a52ff3624d1cd6d8430210ff936903ea2410a9e34fde986300acd6b19da5c8e25a1acc3302e1af96a5ffc0f76","nonce":"ad3b03c3c6282908a04ac07d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"4d5c7c811efef5e84e0355d9a2a6bba22357385fa101e2bf69de2851340104cb1695e929c17bdcf32cc4afdb4b","nonce":"ad3b03c3c6282908a04ac07e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"3fb284ba584a79791cff4cfb033cb8d0ef720bdfaab8b9c90d35be395b3f246c784654594fd97c941c7ed31f2a","nonce":"ad3b03c3c6282908a04ac07f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"46a5632d6112f15505a784d517f4c16e9cdaafe71a20990e3ce20f6ba21a5f2761bd36f585559e50a1be89988c","nonce":"ad3b03c3c6282908a04ac070","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ffa878cecbe6a73dbc4146b9be16e0b74b5d340e6595b01e866005f2ad751676b3b1114ae1b3870e4999649530","nonce":"ad3b03c3c6282908a04ac071","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"82d03497def1c27e00d729572b77e4ef0661793046faa684e427e9e0696e20b3"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"897c4eb2e1a8184b1eb9c978f9cfc0386b64da6b1b9dd91b8448b94381ce7a40"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0b9cb2c464e002c17515b0789a15a4680645a858fbceb65f9da2c350e54530a4"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"de04503063861ca3ca5a3be2df391597adf03d2d5f4ac0c6e5ee1fc85d698560"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e3ee024f24a11df38978a15c812045e18bb8a6bc33c2a13c95d0dc773e9de6a1"}]},{"mode":3,"kem_id":16,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"f8246c84a85b100432cde4b70cd4702a9720614e25f7235904ee6271ffabe00a","seedS":"6ad2d20422ac9a6d784a1ba53dd3aa309df0b7abd04cdbe68e9192e356d76acc","seedE":"89d6bcfbb2dde2da7d92f40d9d00b09b87e954501f3509f63a748b2373e8f466","skRm":"60ac53d96153260971472d6c9201921bc7d0c60638145f89ada082bceda3a571","skSm":"40fc4c1c632bf63309468cbce611b89d8df18108578c8883567c9cde4dfd899f","skEm":"17cbb948d94daacebb962ee8f355d40364184817ec2412e45c6b1e96cf108149","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0453fd5d33333b21ec5f8910b3fc1c44f1c8657dba1575cd32514e4e0be7e7300d70e4747aea9c965923a20056099cb88717e54b5f3b3d6569a41285bba680a380","pkSm":"044a49c389ed1900a8f058e96cee0d61c0ddde13330a2fc08b4ed361588a8e5476236bb9803c6351312e6e59bed91ad90c6164ebc8f3eb021cd19cb20527043b61","pkEm":"04f81d2a10babc103aa42e54d85b8a2d08407357feae595720e3c7fd57dd49d0bb6df777cda8d5c933af84354b9b3a66ec2bf5fd816bb2a0e65e9284d8871dccd4","enc":"04f81d2a10babc103aa42e54d85b8a2d08407357feae595720e3c7fd57dd49d0bb6df777cda8d5c933af84354b9b3a66ec2bf5fd816bb2a0e65e9284d8871dccd4","shared_secret":"deb5ec014485412ac1e56f20a91ad59da16373ec5a1f6bc1c525b7f30589ea37","key_schedule_context":"03f433726a9b77cd11901b221010f824334953ba3ab86de05ff8f8ae23c35a6a58db5dcea79c6245a722348982ea03da56990c996747fcf13675cc980bc9bcaf6e","secret":"6b867503f042d7e1a7b7a05d79bdfbc1b57f6da46cf0b6b0cc49259ea155101b","key":"951dc95a0bf2a5ec16fdca1be8e4834ab6c8f788a10cc9eca2770038f15dd976","nonce":"6849a1f2710a8526142b3bd0","exporter_secret":"eda5ed2a8dac952792e0a558e58b1c0e584a6edb7aa2b80a461013da7a507e45","encryptions":[{"aad":"436f756e742d30","ciphertext":"44d2563a3d5348b85252463b5e9770da4869ace9333e889f9ac89cc564f8537a96cf3affeec44e0a8b32cf803d","nonce":"6849a1f2710a8526142b3bd0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"33e4a19f81bd096ceea776dac727d35ca1fe73ad541cfb5db4751e7eef357b5328207ed7c9e7d69bc42bc44569","nonce":"6849a1f2710a8526142b3bd1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7b15572b45cea0ae2e8fd10c0ae45d69bf8e1e31fceac38cea797c3d5678b8eb956bef1f1452c4727721ed56d2","nonce":"6849a1f2710a8526142b3bd2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"2732b89b46cb77e28c4911252a62b6662e976ea589cd26b84d4bbb6e35b06e7bbe27ebd20ce57fe7fe7e793ac7","nonce":"6849a1f2710a8526142b3bd3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"e24983665cc172d40cea72023951d59674e501664b5cc3794825741e0516665b4d59452cd148d41aad46cd8daf","nonce":"6849a1f2710a8526142b3bd4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"f298134f57ddd1fb06cbfc9a70f715cabf6ed878fd31d0d0438575b29f4fb945619d1b433e4dae5a32b5e2085c","nonce":"6849a1f2710a8526142b3bd5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"45eea956eeafbfa21b2b1ba2db3678d15dc74d2c6181d503f67178ba225a88d1a3f5a46206b0189ae71c1d22c2","nonce":"6849a1f2710a8526142b3bd6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"ce5ff70bb7ee85dddb9baefea2f739138c5665e5d006b104208000f5c8e7b5b061557fbe05d28a4c0fab343cef","nonce":"6849a1f2710a8526142b3bd7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e5794b9166097caf11ecc691665fb2bc5fcc41d3f5c236d214756ce4f17b4e05d81757b3fbab00179ed7a558e0","nonce":"6849a1f2710a8526142b3bd8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0406542e1a4b01d7127fd6a1c09d4010df82fa4b4d78a014f108b2f10a82db143d14aa21793019969b02f3847a","nonce":"6849a1f2710a8526142b3bd9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1a1c57bf8407b454bb0e471764713bba703202e629e4cfda27d897a29a376ef9"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a4faac4d3b4113973382f5d729b1e8b58da202843ad33550e86573b8c7247729"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"334332880a7f48319790de3d66a2f3e92e094322302bdd26a6a354dd5b68a153"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b0e396a47aac53caa3e1b796698e6e0ee1413cb6416e6d13a4ece58992ae225e"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"fa37e66183010d74d537d08c64a533e22628918ef059c10bc1189d4e8f5c09c9"}]},{"mode":0,"kem_id":16,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"466840f087e9747a8441719f96888dfea093cbe3a4caa4e154891ff0e5a22caf","seedE":"3dddd441d33fb4de895d33c4bb200d650a36abde25cbac0ee53447b7caafeded","skRm":"ba2a98db7ccc7fc3894ca4812904eaae2dc8f6e7455915fdabab5facd90e521d","skEm":"df87d0e9f0409f749499c28bb9cfe9a175cd7de674086ba9cd261a696a12e1d4","pkRm":"04981708fd745a9abe489d8724dbff0ec49241e7aa2b4cb7d463cecb80fc0ee9b7c583bd3b09c6bc0ddd74022342b6df5a6eb3b73528786645925dcc97e728c303","pkEm":"04ce090d292a9adfca5d70c466a4388e9d57943142926455f95cc9b3220c54c6fb0092318c8155980ae94d2c407138410450e2d5a2171b75b0a04895cf8daec8a2","enc":"04ce090d292a9adfca5d70c466a4388e9d57943142926455f95cc9b3220c54c6fb0092318c8155980ae94d2c407138410450e2d5a2171b75b0a04895cf8daec8a2","shared_secret":"dc5f1f85559bdf4f2daceaffd3005baad2cb18a3a40af6d33ef232c157acbd84","key_schedule_context":"005c92bcc6813ef740f5d927446355965dffa6d842897d6b73339075d9c87a658bdb5dcea79c6245a722348982ea03da56990c996747fcf13675cc980bc9bcaf6e","secret":"a2c58978ff0f0ea2c0ceaf312ce27199b01059354d116f426a284a3fde0b539d","key":"22818854f97e1001706745d76e07a06a440b4ea63b11b3405d2ecead866a81a4","nonce":"696fa16d9ae48bfb6deddc27","exporter_secret":"4a397e78ba391f71919941fd477895fa0739954a2b2033a0d5edbe1b4edf6531","encryptions":[{"aad":"436f756e742d30","ciphertext":"cc93284dac4e65f07a30482f8a31ceb671d5d029c8a0e0260dd364e73dfef1aee4a94ce474f0db910cfff24f07","nonce":"696fa16d9ae48bfb6deddc27","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"7cdc5c24c46752beabbcc1cd3c8b373e21da8a709e18424e6a1e3b2c5d3d9246ef46456f0babc370871c683a9b","nonce":"696fa16d9ae48bfb6deddc26","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"c1bd95c8df9901dbc6e3c128bd1534350db5e8e71bef7469102dc33be0aa7576873a0ad34e3b549752c461d2d0","nonce":"696fa16d9ae48bfb6deddc25","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"71142545349be81bba943f8175e1a043ef709f3974e3a27132efcea05f08c091e8dae89187fb5fb267342a0029","nonce":"696fa16d9ae48bfb6deddc24","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"fc640c906098fba7d72b84739665c1d3dc064cfc4d40738999e2f9d38924cd0b0b3272b4552e82e4e94c726714","nonce":"696fa16d9ae48bfb6deddc23","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b347d55ef585fd8bcbe0457de73b984400d10e2ea28f6ece07110cb8e4413cd7f1d8dbab35a02d722dc69ee6b1","nonce":"696fa16d9ae48bfb6deddc22","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"5efc4b3128b5c9bc92fd2269b1e03a4083eb76b7c946a6a68d8c3b6be166e7f4432f87d1efe266d681f43d874b","nonce":"696fa16d9ae48bfb6deddc21","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"5bcea0a89384808f48212dc88112b8e7078b4a8b084e5f6a42294948424716bb2bb2aaee21f966b7e932a6bbe8","nonce":"696fa16d9ae48bfb6deddc20","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"ecea2ea2a9bc10dae58455c9953b31e277da4775781dc33280c14877d3155092831bdfc442965647a6ba3047ba","nonce":"696fa16d9ae48bfb6deddc2f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"4aa3d15a2254d09f79b5050cb6ed6126b40e57adfda2810d4a1420b6916ea72ae21385524db49485ddbd8cec03","nonce":"696fa16d9ae48bfb6deddc2e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"15f4fc793eb5544d393c244f5b9e2b4b645458fe1f0da6b876242c00f12d7cf7"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"0b8ade9a5a2966175f4214a5c9d1881140a28cdf97aa47c2356f5ca991d4b152"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"dccf03eedae715f34376c4e2a87c896a7252aade2fbd6fde65a2a7e44465cb49"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"063e87baf2a8604bae19d7cd9a9054f84f34dd95e7f4722d5b3759e8be05dd31"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c9fed34fcbe2325222f57d338acb58dcf4f8f7862778f3bedcb28f66f7379815"}]},{"mode":0,"kem_id":16,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"483bb0a0fe639035e3909be5c43af275da1cc8a0f355385fc4c7af211fbcad60","seedE":"fcdcc1cd73bf5cc87b991ca1f7b2f4f0ec2aac20e105efcb7111177a150af48c","skRm":"64257b7a86638b98c2d22dc4b730b3f344fa2dcc3573ce85d2bac959750b7709","skEm":"f779ab76bd6a8edaec8edf9c8382ea15f5f4ad6a9aabebc1450b6c1025dd1de3","pkRm":"048716e273cdf7146a7d68941f9d8b0115cf25ee484e37c0519a49c90e79149c60bf7dc40312a324c0710e6eea965f1267ea5c2dd0e6a487b50acdfd6f71cf0fce","pkEm":"042eba2b8c1fa16ee99ab9f4627aee2358f71d6240955e5747ab869b5531a43ddab8dec00e9fbdfb2f92073774a9981f72312ff6361b551bb254295fffea04de02","enc":"042eba2b8c1fa16ee99ab9f4627aee2358f71d6240955e5747ab869b5531a43ddab8dec00e9fbdfb2f92073774a9981f72312ff6361b551bb254295fffea04de02","shared_secret":"23df0808be6ebbef5822349e5dae008d2c1e9f4020367097bde447ed5fcf383e","key_schedule_context":"005193809f9701d761ad3e980ec406cc14ea789817d821d0cb139989260f37f4c6d3da0100c16489caa7ad5adf41151b806e7a2a438b79586881afdfaf8bc6fedd","secret":"e0001a90ebb7efc5e85e1f72c90ea2e98b14c0431379789250bd2acda2a95208","key":"652abfcff470224fec73d73cef7c424401cb4d72d92ff5a8447a865c19830535","nonce":"07e632ae808cddf6acaeb15b","exporter_secret":"f3a31ef376affde7513fa5989ffadf6e32b8c7ee40a71d2c2f890dda77a5dadd","encryptions":[{"aad":"436f756e742d30","ciphertext":"edcfa837ec3e00787a52b462ac2a3a438a75e8df971fd21fa617998398c34ecfb69b4878faaa68c21edc39be2a","nonce":"07e632ae808cddf6acaeb15b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"02dfb0620b7d7835f66dd53b3444742649104532a808aab474b13c311b3d5dfb99e80f00988b9e70546c369021","nonce":"07e632ae808cddf6acaeb15a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"f42d3def0a450bbf6d15a6950a64c198bd36760a9b53e775bc3e60f9ec38253597b725181e6d3b5feaa0ad80ef","nonce":"07e632ae808cddf6acaeb159","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d729d3b60bef054f235af71fa09bc2df2770c1889b431f69396f506b71775e8c5e29653e1b2b63b1e89e4e4fc9","nonce":"07e632ae808cddf6acaeb158","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"03769cf4d9e13994376ee35afd627b9f7d1f495ae2d1d3538c4c803e9c08aa13cf9ae7ec545c0f17b28d6b1cba","nonce":"07e632ae808cddf6acaeb15f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"9df2d9690b5b6d616a4c5d2d2071a409a187ea9a76f11c9247b15c74e5c771a74db613ce35869d43e0f5db31ef","nonce":"07e632ae808cddf6acaeb15e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1458125842e0234f178663fee07446afc0336f52ff76b0e425309941c846fff62a9f065966316345df67cdacd9","nonce":"07e632ae808cddf6acaeb15d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"2d9933061cdd7df0abe4f195924e86a2307863a034deae74ad5ad86c991311f574b32f1f591d7d6ae25b7c75b3","nonce":"07e632ae808cddf6acaeb15c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"ac1bb432b048d0ee419c5c9498bb2ce912fda19d27ed0c70252808240746e78625c448038b8ac0963f57095425","nonce":"07e632ae808cddf6acaeb153","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"1e36fe5f2221a82dca3421b6449f37ccfcc6652c887cd782b644f85e14d89606b7712820f92b4c4af333703204","nonce":"07e632ae808cddf6acaeb152","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"649768704ae994b8143f95e12bc79be662ca632d870b635cf0482ed7d29476b8"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"fc7efd160492ab40b1147296dbd3af5d433c798b52aef3973f0951c2df6d6cec"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"a3c5fe8a2d3a842c30d2ed9aad8c47cb1a465abb20b1a2a6f78baee5f4dd2ec4"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"13f67e00dfc25cba38864d0637176283599cda360d4537c4d49c36d5d3db51fe"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"207a6aeb271d89ed554ee58ae74c1d08cfc758e02c1cd911ad7d5d351575a259"}]},{"mode":1,"kem_id":16,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"4ac36e24812130586b5326c046de98d3186124dedc8fa6afe6bb1181540bd0f7","seedE":"d5f77ccc5d8a284a97f6c9c72fa5cba1daff07cb177770796733129a39de0c14","skRm":"4ef2e67bfc1eb724a58ebea6d96aff6d5de11c7a18991f5771cb30069610a6fc","skEm":"d789d9d4a2a040b785b0a9feabb343425cc8e2d8f6417e42789ea6d18663951c","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0492e832e125ce8981fefdd9cd36d36d729472e634e7ba0a027909f9436b1f26593f02da0257acba3efded2f1073b1f4ccc4b57cc024e8d1fd6df6a122b850ecb2","pkEm":"04f6ddb4c4f41ec4c1577e34519fb3a5b8d659945d425b4b117e02636841c4287fa34bab4c35a5d41d788a8c321b8256cd71c93ff4a8799ed28301114196f9f6a6","enc":"04f6ddb4c4f41ec4c1577e34519fb3a5b8d659945d425b4b117e02636841c4287fa34bab4c35a5d41d788a8c321b8256cd71c93ff4a8799ed28301114196f9f6a6","shared_secret":"c6ab3fe04a92b975f5fd98a09db71063814b03ba86a69da3004e3a0dda8bbc40","key_schedule_context":"017d40471421306b100f7401fbf733fef208e1508bd2744517e95ef7471f21a1dad3da0100c16489caa7ad5adf41151b806e7a2a438b79586881afdfaf8bc6fedd","secret":"6ab05d9bade32456ac456527e164651f1e7b90a22cec55cd32878dd4770271bc","key":"abc5af188ea872c94cafd11dbdb7836cc1930ca0271833ba2a36a04d54404912","nonce":"4724facf9d0af1c7a55a0560","exporter_secret":"38e87692f83d991b20e731e1a29fa86bb92630824de1df6aeaf04fd4d59778e9","encryptions":[{"aad":"436f756e742d30","ciphertext":"6972d38453567d2624db55ad748d42ff3177d1e941bbe57f68d03b53fb0f1d48b6fc2dfcb84d8ef39f3a8ad6c5","nonce":"4724facf9d0af1c7a55a0560","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"6ff2faf2ec58ddd27c3a97a25a1d1b3db45484f2bb1c84c751f58c03d660cee4b942a10bac339044bd65157c65","nonce":"4724facf9d0af1c7a55a0561","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"e2203b51c7d776ed347168dd7d93066184bb7e775277dea7f95bcc3e897cedd52fdcea492158116a8354387f85","nonce":"4724facf9d0af1c7a55a0562","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"458b0a4458330eb1fe600c62867fe26e8cdeb5b16f54b5b774b98ec7922d27ad76d6f823668d7a7b027e9c8682","nonce":"4724facf9d0af1c7a55a0563","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c953c3657872749b048d8245ef98cf33a2f7e4c62f27d9b9e3496fdf50b951e63031092466f4bc67fb93bcee82","nonce":"4724facf9d0af1c7a55a0564","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"46d075d224610a1f9fd9ed18fb5fa898112e27f3f0cf97a8ffe94478904f21bb46e68270d8bd7741d256f12dba","nonce":"4724facf9d0af1c7a55a0565","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"19b51358618270c87ca9820e9df7be39b9f7b581e206f570c85e8011ae114278f869ffe70e69f8ab0aff13315c","nonce":"4724facf9d0af1c7a55a0566","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"376c925d9efb620cb2613647f52ad415831afb9a12ef4122213621e621009a3435df8a99fc184cb7a7d4107621","nonce":"4724facf9d0af1c7a55a0567","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"86848929cb7bf449943f29cfdc6b0d6e9f5c4ea4db69b1ff0f3a244d4bc4b85c5da02600d54d46f23628403944","nonce":"4724facf9d0af1c7a55a0568","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a138f4b4f7fdf18a61acee43458c575b293beca34ecca3d3ee07a229c5aa00f3e357e00db8b97f3e0950680fb1","nonce":"4724facf9d0af1c7a55a0569","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f0ead771d6b184134a6770ea37a1f54fa9298d55cb3a09904894039d7c43369c"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"53227b56dcd547bc4a8dd6df4b3cb88919af2a6511135cbfe96f3aa1f86485cc"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"e0e1a39d3f1927b03f7f4486dcd56edb73004490dcd996f3f6b1e69f62f558ef"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"356ca58ad6658834d97777d59ec0314557b316f5e3396065622bf268be17e207"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"faef5b99303d4689fc49da7a590339877e70262a64340f7c3cfd40f0d1a5e97d"}]},{"mode":2,"kem_id":16,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"df66678a95aaf77b4a3ec2635b23b181dd3d8a05c68022cb6d5d71b119c1535d","seedS":"01bbe1ed07b0688a97d888880ca203b9ac5ebf298f4a5a081e1fa46dbb6e183f","seedE":"336770111a4f3e97ddd1592a15e4734b910b9a5b566e846cd8f28c6199f8c5e7","skRm":"6d50088dd600327d6491736bb152d0e2a2ad70db0c26d5f8a5681e25405bd89d","skSm":"8f24aadec1e93eed8b5570844074591b6c1eb8f54eae8af7ab398a7e48d2fa29","skEm":"cdfd892a2bac5ee9e2422122323da13b17d7f0873386b5053de94d2636f3c53a","pkRm":"0494a8b15d3abddf20f57b09c784687ac1176dcc532cbed5d3704441026b00dc9f2436c77bd1a4a5a219bdf2aa324b4af59fbec5caa86db4e83cf7d5c724e0c0c3","pkSm":"047cdd53556de3eb39e267c546ed61864d2460a3225b224ce64860f695e44ba00ec5433cff0e535713d1f2ae1e138fa93463b22039ebac399e6fa99536688e536c","pkEm":"044b364b95db5fadf0617c48688eed541aab99ddf72a5357ae371c34df7803fcd0da422f17ce4c68d03fef7c6ab272041230a3901361445644c2a6c3d02e9532c5","enc":"044b364b95db5fadf0617c48688eed541aab99ddf72a5357ae371c34df7803fcd0da422f17ce4c68d03fef7c6ab272041230a3901361445644c2a6c3d02e9532c5","shared_secret":"f7b6fa8884784f6723692603cd958db6830cb0c87718f72cdff10758cb97a3ab","key_schedule_context":"025193809f9701d761ad3e980ec406cc14ea789817d821d0cb139989260f37f4c6d3da0100c16489caa7ad5adf41151b806e7a2a438b79586881afdfaf8bc6fedd","secret":"53be166abcfea99cf7bbe7c20e3704bccee414244cebed9dd5a2bc9f3ffe1600","key":"807c3ed1b3fdfa8ffb052e01e2f60e75aa9f47ed8378c17ad737e58f32954888","nonce":"7c84b0a76e3bff59f55eeb66","exporter_secret":"ad0c4d9ecace4d473c702f15f83c14964abc8340d560fb103a8ed9e96d30477a","encryptions":[{"aad":"436f756e742d30","ciphertext":"b626e15a016a4d1141404694d4f42300324839c26442761558aff3f11bead5af3102ca3eaa3d9ebe7d61b5e9ad","nonce":"7c84b0a76e3bff59f55eeb66","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"9a71859d14fc01dd756e9c5ae3bd17f30276f60702913ed52d9bdd1f984dd3c1f8d8da0e3cf80d7948322e5272","nonce":"7c84b0a76e3bff59f55eeb67","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"56e9a11b272337128786b69cbf4969d92bfa91ff642c76815c3ed4169d8708d1736466d5ba124de3de05e274ed","nonce":"7c84b0a76e3bff59f55eeb64","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"bda8c5ea76c250209ed354711e2fa4c7a26d90845b9c2793931449d6c054a4a407a3782f2e8274294ada480ba9","nonce":"7c84b0a76e3bff59f55eeb65","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"47c2b0dd4cc2a0cdb9ece76eca03d71556f33554f52800adc208c1c954a50035d3a0c442ad07e5a4a0af2d3987","nonce":"7c84b0a76e3bff59f55eeb62","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d18c385a2354a5090e99472d499f67585e01542a69bbfd301034532b04171f0526fe7517dd8eabed8df627630e","nonce":"7c84b0a76e3bff59f55eeb63","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"130092f9c1902cdca003a08c28ce46a8507755cd578861f336613da3f165b78f945399a4e3b3b3f9ee1ce69f78","nonce":"7c84b0a76e3bff59f55eeb60","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"fd8e1c6369240ed7ecda11a0bc6dae9e7528c45823820bc3e44071730b63fad4f290c909aae25f25ecf55a85a1","nonce":"7c84b0a76e3bff59f55eeb61","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8dbc566792a20a312e1bfcddcbd6bf7017d3e839db346199effed067c5f4bf3f9b89373c2cc6dfdc2c50440bad","nonce":"7c84b0a76e3bff59f55eeb6e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"8057fcc15fed0a16568fb4a896a7c62acc440f0a2e7b1595a6b52e18c3b01cf8f7984caa96f91abd10b9fb29cc","nonce":"7c84b0a76e3bff59f55eeb6f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"bfe763893bbb429e86e2352ea9c53556c8b4d8b2dadb3fd900371679d293bed2"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a6e3e480c5a99278ec252f56f0efe91c5abf40b3c4fc8624d7ad4cdc239b1c33"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"4186f4de3878e8f46afc5df03b9b7c17036069934ad6c5c1527714176e1f9b05"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"bc0de36f7e92535570e1e21b33a7436c98f126f443a1db316036f2b3e3001eb7"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"934a3d9a609cfefce3b882263edf89b35ec4cacd1e0be0491fe73685a8cd6cae"}]},{"mode":3,"kem_id":16,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"5f587a548f7cba21c98ac0dfdac619e962aba8526339c7ad98e804abd9fcbf19","seedS":"1093c27b5e2719ffade39714b76a8e994341b019de9522d89133b41a200f97da","seedE":"7454e819f88659590461a91dff451738df7789f5b4ced005211ed7b264be713f","skRm":"44d78e464befc5faa20e36e8a5f056bbb2970372f3617a6a28883f05891a5e73","skSm":"6e7a6242333ec01f7651bee7a6d51097208647ba3f31991079b318cca32463a3","skEm":"b0782e95b3b3d115a40a5382ea33a29cd91e51ed85db42fa61fdcc51f5125bfd","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04f464a6bf8ca0cb0679391714160c34a853cc8df2d89c119c18fa835600232c9c73041bd7d17129f7de2573a72385f8f507ba2971280f4f0615fdca8d5701c3cd","pkSm":"04a4f059459fff8a1cfbb58ba01c9763d41355c31bee2c822d3831cb0fec2cd06c970713ee5bfe9ab0f9c4ae70afa88a7bac78ac74dba6fbe12afae83e783fce5c","pkEm":"042b8f991a7f0e1a833f58ce65bf65c96780e9620ae3ab6e8df1645b54b70ed89adbc9c2db9f4b6a0c7c08a76523f24ccbd555da8cdd0403e5f1aaf3f68e0dc62d","enc":"042b8f991a7f0e1a833f58ce65bf65c96780e9620ae3ab6e8df1645b54b70ed89adbc9c2db9f4b6a0c7c08a76523f24ccbd555da8cdd0403e5f1aaf3f68e0dc62d","shared_secret":"ae88d508550ecc1804706bf7ef31c329cd2475f20b3ce3082207dc7c806121d5","key_schedule_context":"037d40471421306b100f7401fbf733fef208e1508bd2744517e95ef7471f21a1dad3da0100c16489caa7ad5adf41151b806e7a2a438b79586881afdfaf8bc6fedd","secret":"35a0d70ef7522b31c1d534e268a6d5139b0943b598e61c1c81f8d21633f459cf","key":"2fc299bf7d673aa547d3cb9972a7976bc262508c52a1a84c617e0f0b6bca3c39","nonce":"4af68b1b2cd29814fc8020d5","exporter_secret":"6370cd9058b498d3db6cce9beb618b094ff0981b846d5cf59676cd7e5e41dd3b","encryptions":[{"aad":"436f756e742d30","ciphertext":"694ad6fefd198fece3706b5fd6fb696ed03f399f3bdfabaec36b52fa63153db22a50978c6b0329a6c583a7380b","nonce":"4af68b1b2cd29814fc8020d5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"b0f4eeb0f9ef54c9f5dbc1b16dec408dc4160e255e768b00cc21aec6c5fb65b29835131275ce081ff80e9f05ff","nonce":"4af68b1b2cd29814fc8020d4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7d72a1eaeb27669fe6fa123a6c4bebecfe9fc035c8b0b2402ccab99dd92c4047c9953a537fb1e647b9e8d49e0f","nonce":"4af68b1b2cd29814fc8020d7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9fd647d26cf03952a2877b1d7507b6ae8fa61f3985dbd41491fdf306b560baf0652d391642f7487474cb5f153e","nonce":"4af68b1b2cd29814fc8020d6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b55b04cb0cfa1911bf1c4cef46fdafeb2352de13cdb25e254d4b611ae59cb2342208ccd645e4be0f6d02a34125","nonce":"4af68b1b2cd29814fc8020d1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"a8fc30cdeb8ecfd7a8cffca1f7e4a59303cb7edd6721868e0ee83c689dde1b17531fe8f87ac50830c4bbf99def","nonce":"4af68b1b2cd29814fc8020d0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"6bdb1f7e55d39ee13694d3a9e06bb82e38e7b38db530e03c3507bb625fbbc743407a11261fcd87c1d0c23e8887","nonce":"4af68b1b2cd29814fc8020d3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e0aa389c3546b37244a0a13fb188aa55c1e84680a21f100edf0e33303804abeb10d5b1cc65f5c06c7bfb5d5a2a","nonce":"4af68b1b2cd29814fc8020d2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"78b7b2716fe7f0fa5351035cc2cc4e9be5ef99d9bd56d10aeef41cf08e60f3724efdf6287be81a8363d8df7e8b","nonce":"4af68b1b2cd29814fc8020dd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"7195492e8fe7517e7c1fbe257e1f32fd742852debcbd218c83cc097c36a9a21cc3dbd52f32ba06fe4ceb49d1b1","nonce":"4af68b1b2cd29814fc8020dc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1c822c8d8f6ea1bbead09f9ccc92df6ce2786b96772053afbf294241c16db4ce"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"b9f17786f59ec280fbbde09f75be3089cd2909ef524a2601a0ce0d8de9eb0cd1"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b6190643fe019c146dbd5e40dc9b48ff5eb651c770518dc38e68f4e6e13ab4d3"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"966bc89d4ea55312007cd418deeadc583e17b644e9d235f818b5b13ff0a17a23"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"dd38c21d8885b436df52160e9f0e666326c55fe9049abaed7d06ba2a2b7218a3"}]},{"mode":0,"kem_id":16,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3d4504f63bd3c1e292043c94dbc37b57085059df1e9f67518158deab2ebae28a","seedE":"c06b7c4fa7fcdf4c149d5616dd913a47c0d861e35f1c3b9bc8228a26aefd4f52","skRm":"3bb1f10127548c1ddcca9ecd25407dadf34b0ca63e8c8efde26bea162f3422d5","skEm":"6246a8df03d24ca9dbb6a32675010d9a472cc97e00ababe835bf3a03b89ae6e9","pkRm":"042460a1b576c061f89bdc25f6149dbb65dd48798407b5500de0cd23922a5fd5a1e55463096bc1a44b1cf761df11ac6acdf49f46fcb025fe2cea367292e762bfa9","pkEm":"04153e63654a815ebfc292776cafbd06fe1f9c5eabd997d146eb98bff3b8064f979217e4903e979a961e81b36aefaf9ff9312765a3754f0bc2fd406947bf5357f2","enc":"04153e63654a815ebfc292776cafbd06fe1f9c5eabd997d146eb98bff3b8064f979217e4903e979a961e81b36aefaf9ff9312765a3754f0bc2fd406947bf5357f2","shared_secret":"f81985f6fc778694728ba142df551a60a529fe0f86add8f402b4786abb91158e","key_schedule_context":"0059a145bcce1c1c862714bcd04c342351f917429e57578e3a2fa684c7ed0403ba264455f90835145bd18f39bfadab2d3808163e74fc91c733021e758f5b70c2668c9942e377e9f72fa4152c161bfba6c407fe5ee3d6517b56634fdf07ade5b4fcb1358e1f01175ac61ef5c191ba765599e625e92cd4623fea16bbe3a0ca2db1df","secret":"56670b96b4a99297fb753156bec636c3f9019e2778520f9650d3dee2827bc35e2f9257437356e333d96c628a4b9c043b36a60db894a3831954a431889b2e0570","key":"0fd75b296c0fcc51ddf829c16b664ccc","nonce":"5b80ab1ace6b4e0add668804","exporter_secret":"1da2e149dd9972a5b45e6dfa8da7ec1d24f8401ef83f1d6244b76bb114f25f36b2963d48e39278f71678edefca22aa3cb7a9a16f243799db93fe95294d323a23","encryptions":[{"aad":"436f756e742d30","ciphertext":"d382add6f0915aec3411bcdb596a531cabb4ea8c09e5171d2b00ca285e6d782e2a5a828ab4c2059993c3e55d95","nonce":"5b80ab1ace6b4e0add668804","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"2d05d58388725a0af35e3baa7d233d358055a856b69919bb3eec858373bca40dcdf1ce07c5a8584e203f1cbed5","nonce":"5b80ab1ace6b4e0add668805","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"ed54296f6579e95cf33dc38c0e8a7158cd09f3041d0c03bb7dc1a1892a36441ba84a10cb470af4954d5d7a07c1","nonce":"5b80ab1ace6b4e0add668806","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"7e986cfdda7660ebd500f9b81caca638caaec9a32c8aa4765a0ef268f6a4c975c9991ca0a9cfd407cd583a4859","nonce":"5b80ab1ace6b4e0add668807","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"172bc3a81f1843724134e3a50da0099dda4f316a8900e55f164f7253a5df977f9bb05bf65464bcf06946ea5c30","nonce":"5b80ab1ace6b4e0add668800","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"a1e235e1d6142e05135b1b6e4d66a556648719f8e2729b8b94eb4f0f16e593911b02dabad8ce9a139e37f76b47","nonce":"5b80ab1ace6b4e0add668801","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1233ac00bfb7dd8d78d427865b18658f27cab952f8d7cc82219053b663ad922be817cde39931d8941ad58e055a","nonce":"5b80ab1ace6b4e0add668802","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"074996f439738ecc4745ba16320095b70f32dc3d58302a811afe0a432e63d219085f7d05ab46da053f140ae4fb","nonce":"5b80ab1ace6b4e0add668803","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"973331248414a7a61c0d83041b1f2aaf13f5415891b7ea4baaf67d1fc6b4f432cdd3757295cf7794e61d6e8fce","nonce":"5b80ab1ace6b4e0add66880c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"44bfe1e3ebbf6b0b5a5cf8fc9f19d343defc943dfc6dbb03ab1c24e1a6a4c808abb00bbfa077f51de8c63ce8a9","nonce":"5b80ab1ace6b4e0add66880d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"a6915faa798ec8ba1af5f4f646380852f0087762fad105d22a48b0dc3276df32"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4482bdb729df726c733680b12c3f3efedaf27e127050c68d9b319d67fcc26246"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"8c70c298303408fbac3245e766fd835e8b4f98158caa69d7e2aa8d9e840b4b44"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"50682fb87496383686668cd66ab7a85099c7eb0be05d51b36783f447352e4b2a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"098209fdb7f854cece7449870758b888a3ed2dd409619df514d0b0aa9b878b02"}]},{"mode":1,"kem_id":16,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"870a8cd14bdccd6dc2d538e4b57fa79d2ae19657fb92163b8c2f776da0d9c5e0","seedE":"8ae414fe57a79d6ee44c6ebf03223c0a23685a9ef131513c9501803155b84650","skRm":"723323b210fa5fb49fa686e20df412f68265cccd19af92bebcd737e403c358c5","skEm":"bc2e5291d700a743050d85ae1ef59494b539eb380d99bedb628dc8195f76f138","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04ac9e67c5e737d35bf3c4c756b8701810819d6debd3068c9a6b3472a307d26dcfe00faa1ffb706bbfd40cef488c6acd57283be40654876a4ae815b8501b7b0cb6","pkEm":"04fee5bf414527ffa5c439a5b1d2e10b8941f0e577a2f6e811755f9248c4ff04610a84653887f9674afeda68b879ea7a4de0e1a1f5a1d89d358499b2d4753311b7","enc":"04fee5bf414527ffa5c439a5b1d2e10b8941f0e577a2f6e811755f9248c4ff04610a84653887f9674afeda68b879ea7a4de0e1a1f5a1d89d358499b2d4753311b7","shared_secret":"35966cf7216392119e7b6a4ec3681de9cc69bbed75c09d66a2aeebe9e1d29e8d","key_schedule_context":"0139f6011ebbfa0b089f98c9db37956a61abf9fb58427f56ada80743584c1a6cdcfbd55ffd4399433c54b22f53e40738082c9489846c4c19c08fa771b0388da3eb8c9942e377e9f72fa4152c161bfba6c407fe5ee3d6517b56634fdf07ade5b4fcb1358e1f01175ac61ef5c191ba765599e625e92cd4623fea16bbe3a0ca2db1df","secret":"d451d6013533360a86d0867a08363b3129ab1907eec7bafdc7f48f854463cdd23edd337f09bf1c62f2b4946a89cd66f5b0a67b82b5d0994f54f49dd84665d1b9","key":"1b70d145c0099c28510618465569948d","nonce":"74eb101dce2cbf07c8692aca","exporter_secret":"4676e4f4a13fba7cf74721c5aef58919003fdf0f61f07250b622a61f12ca10013c490daca9110593c1e731dba7a56e93919644000792f83441c9b4517f0e1dbe","encryptions":[{"aad":"436f756e742d30","ciphertext":"8ab8ca639da1b3355e1d3e642617745b557ccd6777d80b90c849e9a216141fa7168b2c52da7f9f8b30816d5aac","nonce":"74eb101dce2cbf07c8692aca","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ff6472f39880630cea5115008f040e2999d6b2dfedbf3c34c49e7d2ed0abd83ec5375323494b210ad615107dbd","nonce":"74eb101dce2cbf07c8692acb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"ff561682ac310c9fa8838db48ed9cf8c5b3be3830e0b7e00cdac82a2c7e50fc39989e21a20290c5af0be57ec37","nonce":"74eb101dce2cbf07c8692ac8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"4759159f97287d42489c75a2521db52087db1e46f273cc29e6ae3426f5f0dccf89b5fcbd4adb77d3271fa78355","nonce":"74eb101dce2cbf07c8692ac9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"61be985bdadb35e1d08903a46e40b0403de965ec4885517f80d0278a185f227031bed2812512c7fc40b1e42cbb","nonce":"74eb101dce2cbf07c8692ace","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"eda45b17d994523322944cc1bc1ba58ff898b7dbf410d90db06142502f693579a1165e94bd7b344eb372e582b0","nonce":"74eb101dce2cbf07c8692acf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"668a39fe2e0f29c0d224a49253a040d0da64f7f59e3f588d633dc0b5652535d2d1ca7acb09eecbe98491140c5b","nonce":"74eb101dce2cbf07c8692acc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"406ec4231d9c26da8f59a981d5fd402c6b36fe118b48d2d98b6144c46e910eddaf6ccf27f3d8e90553402f65f3","nonce":"74eb101dce2cbf07c8692acd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"9087513b903a1c75cafb8b36e3b34fc4746a582b3c3ee6691aed29bc3c38a5bfa91c9ad866bb3a67b24ff8ea54","nonce":"74eb101dce2cbf07c8692ac2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"6c6c30d924561afd3ec05fd3bcf724abb67b890c6593b7fa7a176a397dbc8b27da588e21db36496b7d2dc7c201","nonce":"74eb101dce2cbf07c8692ac3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f54a1a9b24d4fa4991c8468347a9b64cb8d8df08b2d4fa3688c7e907a7761ec9"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"b0a6e92e2b26d5d4db97dbecb44e4f6779d7c1722e48b92ff93c6a1099766ff8"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"229459cfb47d4761e3146b55477693117e606d26c8cc83a7937765569d3ef732"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"fbd37a00a12a56df5f88b8e0d8c20ab491915a455a66759a655cddac9bfad7c3"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ecdbb3933778c88fecba51f0d3f0abfccd6ed2292701938e2405646191f7adcd"}]},{"mode":2,"kem_id":16,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"96cb1d99dd2d353191e179fe806c5052b93eca6e1d08d7fb3ea20d420b4a921a","seedS":"baed6b6af0f1598fe1711376c0160200b84ced22ff9e898eab0353137f0cb540","seedE":"8248b1d3bfea9c55a1ead6c9f74f010c8322fc79c683eaf25d7a91dae7b17684","skRm":"9034b047ec840a44a75c2f83c9e6a86a5c585119d2e7f3f81f8a79bc38f9e36e","skSm":"f80c28087185d38fbac014f95c38abe3a96b810d7d07b758b9df7c11a9b3fda8","skEm":"07e7a0a40594be31b5807213f8fda3139fd7716ae780cfbe9563543b90e9de9f","pkRm":"04516de058a01c089b0a9bf62b7e3be6dbeeead63aac139c4565cf93aab1c7557846a159f04fb282fa425bfc68933371594c05bd588cd11270de0d550bfbf2b02c","pkSm":"04ae7983ba0cad779487d104642077ddfdfa5ebe4b508d8a7268c448cb30a0ffa97ca34806b36b0cf66c6bdd13cfc65beef97c3909d580423b085843d2d9e6fee0","pkEm":"04803cb253106c0d23f609fd613ad0be7b5354c368b9301c87e27c479a3b64230e463fdd8cb0b76d72d7eda9734b994aafc430254ffc83cdf09ee681417d3f09ff","enc":"04803cb253106c0d23f609fd613ad0be7b5354c368b9301c87e27c479a3b64230e463fdd8cb0b76d72d7eda9734b994aafc430254ffc83cdf09ee681417d3f09ff","shared_secret":"58bf8c9c94a2eae4d4e1bdb51898352b6d9d9b5c8aa83e83b2a5b0fa465c1fe4","key_schedule_context":"0259a145bcce1c1c862714bcd04c342351f917429e57578e3a2fa684c7ed0403ba264455f90835145bd18f39bfadab2d3808163e74fc91c733021e758f5b70c2668c9942e377e9f72fa4152c161bfba6c407fe5ee3d6517b56634fdf07ade5b4fcb1358e1f01175ac61ef5c191ba765599e625e92cd4623fea16bbe3a0ca2db1df","secret":"ccaa506479e8eee3347d4e8fc866a86fddbc8e2cfef229f44ee264ec814b0ad874c5a0fbb19f842ffa1969dcebd804a064032427d5f17e0eafac3960e1811e95","key":"4595017dbf4412c6cdd873001bdc1a55","nonce":"e66f9266b90637a3099e52e6","exporter_secret":"1a5e3fa36b9d898b5efb33f9cc3a5756b1ff3d3593cbe538995c6d56541317662c0e05cfb01015434d885b061cd668b2faad5146aa2b37fa9f9da36585f1efd8","encryptions":[{"aad":"436f756e742d30","ciphertext":"fe47489d387fb3ca019da499b62c0f92dd4630c67df81f382277ddfdd4e2b4d42bb9915108ebf5755f337ef155","nonce":"e66f9266b90637a3099e52e6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"6c57cb1ec364035e655ff9f19ff0684f2fb009ec2a953a259e8268b245a2a17b0e0e4ba2401b68d235f50c240e","nonce":"e66f9266b90637a3099e52e7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"9b9990d9231ede1502308c06427acf7e857ed9a5ecf8e538338412a897f95db793a2369cbc03dbbe174618a23f","nonce":"e66f9266b90637a3099e52e4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"70cd6c2faf311338b8de25c5f46c455622fcb3c64ef887639dbdce4bbe071877098cf3ef07492df95c8f4fcf6f","nonce":"e66f9266b90637a3099e52e5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"282eaa18a3de39abc6c9805ca8e6fe5e2ae85cde764b3287037e633886d1c9b114c6c8ceee3536bb61b286026d","nonce":"e66f9266b90637a3099e52e2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"6ca49ce9ad850cb747b3e781caa27f7c6a9541547561a083b122af469031283430acd875017e495eaeaf58d7ae","nonce":"e66f9266b90637a3099e52e3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"e2f61a704ef6bd444b6fb4bd98e76dec8e159d7c08393ef0ab94847bd6535aa533e37b8bf59503e912caa31560","nonce":"e66f9266b90637a3099e52e0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"99403389fe1e378228a349752be63a52e74a4480cca9bad3757f162d65ce758dd5901393b35c5bc56f81822120","nonce":"e66f9266b90637a3099e52e1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"6736f70cb1f28bfb08b303d93ca0e3b0d5580850cf54ae9325b114f99b87cd5d8f745641ea873f2b6420a0d640","nonce":"e66f9266b90637a3099e52ee","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"085b08c0d24c0ad56a599881ce481f6788e45bd9c7b262782b4f97c36f7b65e29c328572f4220cd19b58130f73","nonce":"e66f9266b90637a3099e52ef","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1073462594bd12498748b3fc94034b0a6b9fd0920827dcca2fb39b18ec50e9a5"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e515c5ded61ef56cdc0343cb5e133d549af71b96b9b8a27234f7ddf728159dad"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"8e859df03e63ae48d0f832c1379ee3c363787bf3c8d15f8cce6d1db2806ea290"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"92cfa5521eb3fd6b9463da6e7e90eae0b4e1a42e6e9d0ed66c06d86917cac3f8"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"f559e3c540e8c24a9189c9ba7d03d34f1a71a588bebc7a5842065b03938f9d17"}]},{"mode":3,"kem_id":16,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"073bcc799a8bfb579a627d8f8b55e93721340f6cf5de0eb357da157374e14eeb","seedS":"17388d5f671b12ef6c67cbaa20c8608619ee6b28ff65daa83ba63212451fd89f","seedE":"3264f316c88af07f985280644d38099b0767a16f88ae82d1e6accb9da3c6bb55","skRm":"5d22f76cd9af7e6aef48218e94c59cdd099d656917d7d3725eced88438808594","skSm":"01a45893d642b80751d7a5f9b07a8225e54734336d015b3aafb6be2d8aa5155e","skEm":"5fa7728ed91abd4589e53c40c96b06e57a8c3e7bfc15d8109f8579cd36e0a78f","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"045fbf495f070a860fc1f5ca05dbc3296caa9b8af281163e766e801f920aaddd99b10505d6086bd7d12fd7c39ca14e3480bcf855fca8eec13941392a00e81f73fc","pkSm":"04fbd2e874739deba895b84c2960a9a9f2b78a38769efa81113a07094549d8c8903f661f6722d20c44ed0a271eaa35676734674c03ff3d49cd659ed4b99889625b","pkEm":"04fafac74b1183efd0274b2b1a0819a7298bbdf4f6b9ec8a1a118da73f1d076f0e3dee8decd09c2ebd63fdc7e41abb308c5f5770d743b1c7426e1412445c5e20e1","enc":"04fafac74b1183efd0274b2b1a0819a7298bbdf4f6b9ec8a1a118da73f1d076f0e3dee8decd09c2ebd63fdc7e41abb308c5f5770d743b1c7426e1412445c5e20e1","shared_secret":"f184ae42ee268c1b3fd6f25b3cfb612d1d288a4921416598146cbf35bbbf2712","key_schedule_context":"0339f6011ebbfa0b089f98c9db37956a61abf9fb58427f56ada80743584c1a6cdcfbd55ffd4399433c54b22f53e40738082c9489846c4c19c08fa771b0388da3eb8c9942e377e9f72fa4152c161bfba6c407fe5ee3d6517b56634fdf07ade5b4fcb1358e1f01175ac61ef5c191ba765599e625e92cd4623fea16bbe3a0ca2db1df","secret":"fe2d56adfa0505528204033a330498957e1f95bb38a3a035cca1d8763b0a2f97f56e26f5981002e55db28c4969ac8b25f7e207e0180f8efe63060eb1fa8de47f","key":"e39381714251f8c506bd9003337d3ef5","nonce":"d59bb13cf84f3d7ffc28f091","exporter_secret":"eab52a0c640878495981d6f9092536c9c0f95e6c456daf497670755b598798aeb17fcd057f632cd546a4ca3585c1e8297d5bf43b4e9f965a581cafd108304e3a","encryptions":[{"aad":"436f756e742d30","ciphertext":"1d1ee90fdfac8e8f3f466de3772b397ab2025bb73adcd97743e6391952a2829a8acb47e7e0541eabd612e6d640","nonce":"d59bb13cf84f3d7ffc28f091","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"c7f0eefa13a77c03400ee3fe44a0df3bce4b4eecddd93b4641d55f9d0d6e1ead7b19ba99c63192af7ea5b4f290","nonce":"d59bb13cf84f3d7ffc28f090","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"1a9ceaa63324a430c1229a6228926e654f419b724a963bbd5ad29b9e00b7c4ccb96a957ca8f910c4e8c2481d9d","nonce":"d59bb13cf84f3d7ffc28f093","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ada59014cc67211d0a231f710ce1e5d22fe36b5cde2e1994306eada30925f76d6988ee9e2419f17a51edcbe07b","nonce":"d59bb13cf84f3d7ffc28f092","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"ffdcdcf7713b25e8efd42c2cffc2bc57956d55375042f5f637649b3ab2c2c55e00f51d13b98db6662bdf705a18","nonce":"d59bb13cf84f3d7ffc28f095","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b1e70f34192b4b21f0f9a44d4777e47e1320d1ad7d8a6c354c328f74f2e25065bfe42e46c91be5078602a65e84","nonce":"d59bb13cf84f3d7ffc28f094","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"82afa299d920cff2455853d8d77dbf171e6a27e9feba17dfc0b970099fc947279b29a9e5d5cc26dc82c3407757","nonce":"d59bb13cf84f3d7ffc28f097","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"179a48012e1ace22453a1ba4fa6799941561d2533a7f565138a6c06154b72560607cb3ed081ad62f3eea9b301b","nonce":"d59bb13cf84f3d7ffc28f096","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e09c95f999d1abd544a719858a48b7f173acb652f6baa3171fd9a1fb2dfe23a4405fc24798ae2c13223780d748","nonce":"d59bb13cf84f3d7ffc28f099","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"52f1851ccc3ceb55030e1743822232895e7a932353c08daf4cd1b387f1bbcc74cb8fcd4bffd517b1588f9da35d","nonce":"d59bb13cf84f3d7ffc28f098","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"4d75a3087f405aa27a807e013ea6d94b4a0187473c3238452a5e3d4da572d1f3"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a9f5799567d926c978bb46020dcc89f30ae8a661babdcffc6ee5400410bf6d02"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"e48871ffb1dbfb34f7752f5a26ef4aa4037464f43faa3efe35362a933d3d927e"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"71848e967d641cfab77715c3a0f7b4c8f538e9b5fbbb115862b1fee3953b618c"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"784f5f3ed53b73257b0d7a16626d6647328c6b67234460a6da534e4cb14225ce"}]},{"mode":0,"kem_id":16,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"823b066d173e0168acb1b7aceb5b008f8c74bb65b18aa35742c3cd3ac70b5eba","seedE":"e16826415ba7c26b77b5090f52377d807bf55b6f500665d1f499daee41d52a07","skRm":"bd8186f046929cf3a8fcebf955c509cb9579dfcb46a6f27c2e3abc1f52baf161","skEm":"2201d77263825a8bd14b6622b4bd8d5e2b6f6a5278112a5f245e5555658e9e5b","pkRm":"041f88bf27edbf094ad864786ea888df8bf9e6856be90c38e902644d47a5fb520c1c146265694d621d0566617bce231cc4d2426cd7f227e126979fe0d567699075","pkEm":"04e4ec14c319364dabd7ccbd5226d757f54669ea7f2755f04a2cdc666167ac3029d44d2658f62df1d5bc4f0662e1e24fac052e34dd8008298a37033ada2f2a4d5a","enc":"04e4ec14c319364dabd7ccbd5226d757f54669ea7f2755f04a2cdc666167ac3029d44d2658f62df1d5bc4f0662e1e24fac052e34dd8008298a37033ada2f2a4d5a","shared_secret":"97f4834091cadf76c1dd234bff67271c77a65c833d934079bb649d040ba72c58","key_schedule_context":"00e8330716b34bfee8656f3e44bdca33abfb241ebd1f719547077656dafcdd8aa74f7156fc99d5cdb20c0284581128d5e18c0a1d9b1ddf53abc0f2c8160ee0ee11b7ecf6aeccbd7dfc9c4f8d6917caba5fd2376a4071a3ed8962f1442f25f34fc2addea034555e7302f685312d3149c4c044a5267eadc7df201c36caca1d871117","secret":"4d906cda7d0b42832fa1cee0b1a6d887571abc52c76edb68054346c7e8d607bfe5afe75b6597a9e950ea6cd99162a2f2acc1404ec8e35587f43deeff8789041b","key":"74459357225bf4680f0dc49080cedaa481f23ebed1c83306761571115e752db9","nonce":"bb8c3ea549c3e929834ac2e1","exporter_secret":"07818080f9489e29bc678b288c2d0500bf5a7c20fb2f26af9ae479316c41afbd973102bcf9569a6251a5a999b543f6ae5e3ad23893a075b03bc4e47d37804b4b","encryptions":[{"aad":"436f756e742d30","ciphertext":"15e0b24708b59781ae373414f0237f86f925a8796ef6615697c846378df0e89c8de4c7b99e34c943a015876b4e","nonce":"bb8c3ea549c3e929834ac2e1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"2a3993a1e21435ff9874ee0d1e7844bca7faa62252af50b835b5a81b4e1aacd664106d69b13de3bb8776a2a56e","nonce":"bb8c3ea549c3e929834ac2e0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"8fbbafd491d0291507460ee8809d70d8098cd21b8d9990d6522cebf78b1cc1455be6f1d704ad92a2a5c99016bb","nonce":"bb8c3ea549c3e929834ac2e3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"acab75e848f0b9083d376c4f52c4c321931b1128abf5e9170a9119b36224661bbf7f74215b76337ab7af5225a5","nonce":"bb8c3ea549c3e929834ac2e2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"db1d91250fb426d5cb058d57f24cd5959bc24a3d97d02d450a5bf7467d0da1eb08ca65fe61a93a3feaa163b33c","nonce":"bb8c3ea549c3e929834ac2e5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"046f4d1a90cdbf90144601291227e80bb5f3223cc9ef153ba6bad652c6271d504b0744ded54f1f29423bb95408","nonce":"bb8c3ea549c3e929834ac2e4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"99e919f27944a55e2258d41be15dfe6db081614154e80f42edf50327b8776b079464d94e918c8126fffbaa79fc","nonce":"bb8c3ea549c3e929834ac2e7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"9f8cb6f84fbab34fc7d3a2fbedc653be7ef8037b193d8e67c4ab7b898ee2904bf4d6435779b5100a8a8160f797","nonce":"bb8c3ea549c3e929834ac2e6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"2b376c1cca925dd09e3db76a30815e2101f0e0658c50cea4a33ea235d4457935f5450339392920eb59c544a70f","nonce":"bb8c3ea549c3e929834ac2e9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"466eaee3885723790c5339b540b0e774ba2b804df0d7b59befef953f31e4af30867006f67f457c4a3d68e9e540","nonce":"bb8c3ea549c3e929834ac2e8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"8155ffb4381cbd725f37644e407bb80c346219d4ffeb5c8b840e52cfa3fda07f"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"941d8a95a4caf16af00b14de59625ec7e5e134e9403e5ae5b3abb24a6209335d"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"fb2ca41dcda93b23cf0a64a0521bb716946a9417af64b25a49d5a03b8a3fddc3"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"3e1598b904748454c741d4edf01e601dace2ce2b1e100afcc2c59269f8f680b9"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"9697f97c5a38f4f817cc601d53cb4e152cd505962ef4de2d2680f034c9b662e2"}]},{"mode":1,"kem_id":16,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0d39d962eb25e8e407533a3f13d29002d57c22bf281c5d92cd49c761ab6316b4","seedE":"c736963dc1680fc7ad621ac9157fe96a91cfe56646faa3a55b73642dc32c2959","skRm":"c2493a2a40c1fa4bc1a215b4ffb3ec9302dbfb96a978873c82f297e8dc6a2fec","skEm":"2c8bc2e74d523d3c8e8287de6b3ae318d5288cd61c485d1d5c8e5f0df752f29f","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"043ba228d14d191ecc14e13699303d7e159df32c9cd2e1780fdf3890363e47c46119ce0e79ac9b00e6ec26f6f6f018ffa6891976bdf00594ae4bb07a59df765eca","pkEm":"040959e7db67c5186a55b37d33a687a69cd2c8d1f9c1067a225b94d71d2697551af10b9c7fc67371df549ada6e01e740486e5d8bd23b0ff5ec282f38c94935e7da","enc":"040959e7db67c5186a55b37d33a687a69cd2c8d1f9c1067a225b94d71d2697551af10b9c7fc67371df549ada6e01e740486e5d8bd23b0ff5ec282f38c94935e7da","shared_secret":"a84774515f7be05fee1405b85fc89788d0db3b823a3469f105be9b6ef84c37a1","key_schedule_context":"01e4a0ff05c4c44e507f4dcfa55d959d4aaf010c069a4e6bb356931f3b4e1558b707f80bbb91ce7f560aa3471f09ad08d1510fe711d60c9fef568b977d067b7f26b7ecf6aeccbd7dfc9c4f8d6917caba5fd2376a4071a3ed8962f1442f25f34fc2addea034555e7302f685312d3149c4c044a5267eadc7df201c36caca1d871117","secret":"f4a7427fa0beabb240bd5eb011ab2881b4ae1f8b1b2a5f5bfbdffd41ea38d47f6271426be714cf98e30808e8ba11231e5a49f8cb22e31e5ad11d561a32bccdbc","key":"d64cc5cfed9924171b7528428190807231129c715b3bf48360fcc37f219038bf","nonce":"8026340c8e646b552390241f","exporter_secret":"a6f80bc3216d83ba16666263fd918fd311a94fb96db51d73b51854491d63b1acc67228b1fb9646b3f3360e6e4d70bccdd1a50b41c88fd87f22beb46367f03d14","encryptions":[{"aad":"436f756e742d30","ciphertext":"0907b2e45f9aa98ccb84020bd803be2bc80f7e6b638e9d660f42f43da600ce77ee0dff0bb79d93c191a37727fc","nonce":"8026340c8e646b552390241f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"c5a2afa5aac499b87da61700f9315aa7969023478a8570977d9bc1a1fa5803f8b0e02afc05a61729ea6ff1472f","nonce":"8026340c8e646b552390241e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"3adb63d286bfe9a403e1280d058f6e820e1629bd20c01cf7d2cdab0e4d866cdc013cfe457c98ee51731d9c1725","nonce":"8026340c8e646b552390241d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"49ea188a5043c256b2553cabf735da62d10faa27cb93a15b8f3e915ec4629b8ffbde4fba3f08781dd0d105035f","nonce":"8026340c8e646b552390241c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"3ff6732fec15b5aac4d07219674a5115e7e69b6e459653cd43c7277740e6e53be01ee0fd8d1b37f082517722e7","nonce":"8026340c8e646b552390241b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"e18987a0243dcea73f2f9dccc5186643d82e81cf3aec2995a669b51028f7070041dad3eb8cd7251c723c72f551","nonce":"8026340c8e646b552390241a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"0d4304922728a96e6556ae4ee45770649be76e40c68bbef5c7f0ae7265c3e123f92fc90510d307aa773849c6b9","nonce":"8026340c8e646b5523902419","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"a04d7167c74962b8b487c960edc1a59648d7519a7d0ac174c8567aea43aec7a358f5dd3c550ea5980120e4b94e","nonce":"8026340c8e646b5523902418","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"58ab1c57c779102d08f195fafaf1955816bdf9043e6c84b494ef0faa1a5065d5d02e6046d4927b94dafefbb222","nonce":"8026340c8e646b5523902417","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"cd3dc890d8b92d7fcf0e6e8beb31833d47bcfa3b59f50bdf01a9802f7a47d79f74531f19be018d3a61abe46a49","nonce":"8026340c8e646b5523902416","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"9965b97fadb989cee8b6f9f1bc2053a066abdf67f54a5917c74316b02e86d204"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a40bc38276675776a5c711d51b8820be971566860e111a94449313632c86268d"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0518b2cc37983aa48c082b41f86791763def1f11887692d650b8b15131f1fb43"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"208c73c2e0c70696299d5f2e542b2b10ae3cf039329285da49c97d88196b4122"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c2cd22bd68f76ba7c5b0900f3493de44279cbb9087d849f359eeedec3416bc39"}]},{"mode":2,"kem_id":16,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"91c559c9f16214fa1f510968268e44a7ffd8900ef2228682234a30601a36fa78","seedS":"7e3d27ae13ac7b93874c249a441b2d400b9118b535288a3990e454179c8df73a","seedE":"8a2b215168adbb38412886f628522efe73a75b825e4cf4d0a4d6d8e75ea422ca","skRm":"91642f9cc9af5b4089183bcdcf844099905c7e9be2d74d73aed86f7f4714e0b5","skSm":"917df5e67eca044638b4ca5b136032f6bc4e0b4fed93b59a8b1c74e299eac71e","skEm":"22c0c29d845e608f62b3762e08fb042985856b52dbfbe9e5708befa346956896","pkRm":"04e2562b9192795edfe26bb0b520f9a9de6ac9138f6985f19098f078791efff5f470ab482311004b89f3cceedd6c0b117ec9b409b636f5cc289b2066270088aa92","pkSm":"049b9b34f68a06fb790685cfb3b5072e52bff8abd804644523047d060fb29c11db56e4d03d79a5475dfb6b561ecd929459644fddd69d8d1baca04a57d168ba861e","pkEm":"045a0470ac0d6a0043c004a8e7493c3a9c01ea8e71216313810f44e190f84931d63e0807683b8a72dae55b222fac17217495a75377dc3928ab2c5dacaae1085911","enc":"045a0470ac0d6a0043c004a8e7493c3a9c01ea8e71216313810f44e190f84931d63e0807683b8a72dae55b222fac17217495a75377dc3928ab2c5dacaae1085911","shared_secret":"5f312de5dc6fac555ab65f129f6238777cb3603f5fdd186c6745f9cb1aec6343","key_schedule_context":"02e8330716b34bfee8656f3e44bdca33abfb241ebd1f719547077656dafcdd8aa74f7156fc99d5cdb20c0284581128d5e18c0a1d9b1ddf53abc0f2c8160ee0ee11b7ecf6aeccbd7dfc9c4f8d6917caba5fd2376a4071a3ed8962f1442f25f34fc2addea034555e7302f685312d3149c4c044a5267eadc7df201c36caca1d871117","secret":"77c2831192e3a97d3e51ade3ed6014b934ca1ed71a63e34e0f5460e16f7211bbdff99f47e47c8ed3732aaf3a6580b9f223d400d81c7e68f5d8be54527415c72e","key":"4925ec670ee559b8cf0fc2079764e0726032dd42f4f80668d50569f4d86203b1","nonce":"ef53cfa9953002266984ffbf","exporter_secret":"f6a54d28700c7ce83004fa3c6fdc6b8b5dd0a086eb8edd27307a3a1e87697b8a8fb4bc396f9c5714255657e119f7e7d8dd5bcdb8ddef2ae3fbb2b99dd0cce8b8","encryptions":[{"aad":"436f756e742d30","ciphertext":"38306c8b3e305c2f7532cf8d73e9e3eeb35b02ccee260ecb83cace47e3cfb19d5c1cb1cbe19878c824115ab738","nonce":"ef53cfa9953002266984ffbf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d6c58d00ef640174967cb3b0b82b1e501159046d17efea5f0c70ca35c9f2d6252be6069733abe50d947d254c8c","nonce":"ef53cfa9953002266984ffbe","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7eeceec6fa3a3d85d9bc7200dc9e7a4b35c3508d0d58fd2f1c560caeb4ec6c71ad34647bb68bb637e35f4c82ca","nonce":"ef53cfa9953002266984ffbd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"2bd75a62994429aa7812b78a46e3460a39c6aaeda14b105805f5631f0e3eb26115e8c61ef00c46cd10620f0204","nonce":"ef53cfa9953002266984ffbc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b10df0748e7ea9bf126f4f949b29ec58dd18338f46d6e71bdf6716ebfd4b26dc158013a029bd4990a053b1e9a2","nonce":"ef53cfa9953002266984ffbb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"6bf6cd46ae7a8e044a07afa178d135132654a0303c6b69d995f02a4f58b520902cc80c92910ef72f4338999e42","nonce":"ef53cfa9953002266984ffba","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"fd2bb67290111c4d327ce3fe4d911386d37e0cc0cda7fff6105aaa479db1ea0f8cd97758b763aa66672e0cac50","nonce":"ef53cfa9953002266984ffb9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"26a7d60f71a763963c3b23e536609d6d117cddefc96218c8dfdbde3b9aa4d5c4727953a086252252f5662c3ff8","nonce":"ef53cfa9953002266984ffb8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"6e98dc0cd3fe6955ea589432a219cab45a8e92208994b01b5183adfe5919dfd0aea75571ddbd7e0c879cb868c0","nonce":"ef53cfa9953002266984ffb7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9c69158b71c6bcafd03abb6c49d21b1987771f8b718d28aaf3753291945fcc706323e6fe217645bb46660c6ef1","nonce":"ef53cfa9953002266984ffb6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"8c50d3135e9154a881ce13fd624ee6979d74ad2bee4099d1bfb81558f898317e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"3595536eeb1c8602b026ed7c0f15c0c4ed41d741413a6fdf01dd7f73539b0436"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"aad5db30e02e3fd6a428c9a2129da0664721e72683e0c0044893cd3b12a8d106"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"76c7bb6e31e4a0a6d3899f33ce95bf489e60e9b8b0155381c6f863df7b122ff5"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"07cfe70e6e8dcc27c96a1608060ac95514703f4e6f8382b380b74f10794a7878"}]},{"mode":3,"kem_id":16,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0918c29592520a9e0f2235dff2e10485109df7364dccedeb3d30131bae0d6d10","seedS":"031b5b0f9493f5b26ce5587f9469861cc92ebe974b3e616647901ec9a71213e0","seedE":"bfb18594e78811253ad4afb6b9397df93d60c999cb578a978d6fc8286547efb7","skRm":"e3e50b41326db961884e59bd5247c139421f71ef41bf67b0671324c6a0a9d988","skSm":"d3d3ad61b5726824bb60b6cd14ac727bba8c8ef64b82e3ea85915785cff45e2b","skEm":"a01f97c8932f278fc87f3748ace5ef25b7058eb3598648afba9a47b558b0f37c","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0448c1c88f2e794ad1cc6e8dd7e03e04621b1e14c4bbf15674c2ba480afe8b643bb57b2d59d6c5a0c821b1dc488da1e09b7a620443b259f066a7b5436aa769587a","pkSm":"04ddc0be02367cd9fac492b54c70f8baaf129f118a11477a05d4d36ed5395b779e26ede12cecad3e5b760f80f501b5bc1e6eec5ae6d1e381b6ab233d39b01589c3","pkEm":"04549ec8b01dbea8f120a0ea1f0c7d3c30ae3a77ca894df5a44517ce06c86d68c0d3e0cb9fa51d334c110965cb731ece0442ac113a149aff8909c756a182449e88","enc":"04549ec8b01dbea8f120a0ea1f0c7d3c30ae3a77ca894df5a44517ce06c86d68c0d3e0cb9fa51d334c110965cb731ece0442ac113a149aff8909c756a182449e88","shared_secret":"2553d5ce79e9be7d4da87249a3cf0cd337123466842769aa7ea3ce722fa2f5e9","key_schedule_context":"03e4a0ff05c4c44e507f4dcfa55d959d4aaf010c069a4e6bb356931f3b4e1558b707f80bbb91ce7f560aa3471f09ad08d1510fe711d60c9fef568b977d067b7f26b7ecf6aeccbd7dfc9c4f8d6917caba5fd2376a4071a3ed8962f1442f25f34fc2addea034555e7302f685312d3149c4c044a5267eadc7df201c36caca1d871117","secret":"c05da60b4428de2a6723ca99450fa6ec73d6a7cd4902de4349960b0930d0e1b7994d58aad9acf3e360ed7774fc4438ab69eacec0b5c82c9c74b747d90d90d85c","key":"30c454a430be91820d1113b61a1ef329e11e33a3bec177a8d7e10f44b00c788f","nonce":"566575c59770a2b546bc87ae","exporter_secret":"6e66824813080c65b95dc0da510a806ade56e975a744f9a6b78061b13e5adeef167ad004430e1a8f9635b34fa1ddf348388c44d181a3f2a1841b7817c010f7cb","encryptions":[{"aad":"436f756e742d30","ciphertext":"1e0c65d8d42ab9af6a25ba62f269371f98d1f36878b09a9afd4f477ee7250902bddd4c16aeeaad06934ab8a0e6","nonce":"566575c59770a2b546bc87ae","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"b6624f14a6160306546181dddb832dfb3587726962e26819f854b2917faf9052b3dd641c21bb0d34ffe2e1aef4","nonce":"566575c59770a2b546bc87af","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"eead5db8438b50ba4eb3fb5c08fcefad66b3fbb07f2d84e751c6a9f49f754a860c77f8de71b32d53b3e794e84a","nonce":"566575c59770a2b546bc87ac","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b3314287fd573edd49bc56ddb220e950421115fd5cba5c84dfbc26bd4b5fc80647450533fee66115a46b755422","nonce":"566575c59770a2b546bc87ad","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"8485d31052e46f016b236320caa6b217361df308171620f33fa5708010f7e839e1526ab24a8384e728b94ce9f1","nonce":"566575c59770a2b546bc87aa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"ccd4bf2780428d6fcfb6a33ca1b99af4e4c4fcc5696f5361531d0281f26fbf37e884f081deaf84acdf4f832e47","nonce":"566575c59770a2b546bc87ab","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"fd8f0933ec05cbffc1d07cb2a87ce9709aa3b61b8a46c1fe159fe7d0e3894e3878c4b988529ba7a0d2503e0357","nonce":"566575c59770a2b546bc87a8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f16c39cd74597c3a6e761f7b4f2775241e5d780ddce0a24614d6c4f07b6d0b98f06d461f37ddacbedf06ec79e3","nonce":"566575c59770a2b546bc87a9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5baf72e19e0bca137649c039f6329170c08d67e514184e2b2e6fd41d8267d4b1cc520043b1afc1a9781e2e205a","nonce":"566575c59770a2b546bc87a6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"2963b4bdd359eebf21ff47b934509351a3270f55f6d9ab640a0075f5c9f1e8878ce8f1029bdaa3f234f3bbf334","nonce":"566575c59770a2b546bc87a7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"33db496ee718d283ff4278a60a89b68f9d06eb11365aa969ac0f5160f964a68f"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9545bb91de18940528abeef20a65e0ff882590577017dfebbc9971eabf634046"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"67299a96335b0cb5981f1a415af645ee23bc27a6f06a98c0f50e8bdab49c69fd"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ba1fd2546c1912ae9939d41ccea4850af0eebba94ee19ca2a8fd5642c45f6488"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"0415931b9f7b16432416dec16f8861436eede89ef5a46fed7f14a2bb816df331"}]},{"mode":0,"kem_id":16,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b061f7e67feb0258e7245c8f8e473a18147a08060cb628a4a03f356ad2514f83","seedE":"864162263c95aede0f3fd2fac213e558810abb738291357eeafb332ce5291d26","skRm":"0440c3774a5b8e4ba71ce14baa3e1d12158b9360f962981554f28635a1fa5fa3","skEm":"5c554094a0b8a278a50f1e4f1aa9b6d024ea2b9b4d6468a3aa772e15c74e84ae","pkRm":"0475cc672d5db040b187506cbac6947bdddb60b0466739b117cf7b07bb679265337810e3fd359a409ccdec9b58682673ab7dfa969235ff0f89228f77cc16cd8811","pkEm":"04e93e5a08c8121bdb7a4c2966168a614fa58f8b7a11555ccc4bb3607087d674941882218d2c06166fe192fbf8cc756ce38875b81d05da6c7fc62e9fe5ac8c0c4b","enc":"04e93e5a08c8121bdb7a4c2966168a614fa58f8b7a11555ccc4bb3607087d674941882218d2c06166fe192fbf8cc756ce38875b81d05da6c7fc62e9fe5ac8c0c4b","shared_secret":"0ba5ff925f0c9aeca983d45b8ac812f721de185d1849c3cc567a9c3bfeb4739b","key_schedule_context":"00e622bbe03266624d8ea93c7d97d8be642f4955d8060d0ed7709255fba73356f48218480f1abfc9301b90f167be9779678624e6fb37cae923ff09a806e31e438ded71e9dde5769168bde996f6ce2fecafea09eefe04952d6c75fa87906c921b2c490d7b953d7ebf66f1ff7b81e80f150131de0d1b207e4d9209f185ae4c886e4b","secret":"79b68d94a06a5234a2b2b75272d90c92aea77f23bdc11e59a8b1c23e6e8c4b566f32d2151be767882dd12653ee152e5650402de20d46939adb81d54eca6d8ac2","key":"5e1cb61e6c8b468f22c24831489bd8471f10c11a3dac649eb42d49485d7687d9","nonce":"d708e8765ec29e285e1ed350","exporter_secret":"98b16f709c8ee264e881c07282ad5f467087558eec6bcd45307bb6ad36f037b1b7b3b004ad3a034c664730c393d2ae8b0fead816e8785360d23d2cfef5401dcf","encryptions":[{"aad":"436f756e742d30","ciphertext":"47db3b0aa16fe85b3b127e6e860a648e26b2b12b20b3fc214226187cdb6b7729dba11fb1a8576e0fb6d2785eae","nonce":"d708e8765ec29e285e1ed350","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"93a5b2c72fcd34c700f9c7b5f989c2ae39a5d77f1b295ac447a5bad197b829dffbd55d4e5f141c9c61321401fe","nonce":"d708e8765ec29e285e1ed351","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"041f70672286d27c8ffa2778edac385b446768187e2da99d7fffa06567ec2641ad8d61d1584bb3f3906eb87b0b","nonce":"d708e8765ec29e285e1ed352","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"7e0b239664bc6f3f7486770285663b8d6c4f04838c22a885f6db7339ca6323e860f2db05c3eb2eb9fd6c710e55","nonce":"d708e8765ec29e285e1ed353","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b785b4427b1d16ef4e18d8a0e7c003c4111d9975327033f087b553be33387c46f2af976172fd7fe1027d527e08","nonce":"d708e8765ec29e285e1ed354","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"65ca50c2c9b11c1486333590db3af5f96f3e5298ce8cf783af01a668c85e38c7563965757b63c4fd7ad1eb707c","nonce":"d708e8765ec29e285e1ed355","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"cbc72079b4bfbebd3942fadff28bc28c6a3a01cef85588b09fbaddeaad7ad5b836c52fcebad22d89fc36b88744","nonce":"d708e8765ec29e285e1ed356","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"ce2a4a499a0fab8c93c289eb1494f95f6dd190c2ea133167bcb3ecc11f8e0a0d06951ce5c02dbf5d1dd3ceed2a","nonce":"d708e8765ec29e285e1ed357","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"390d4ed9960fb9cf60618b93e938150beb99744c9ca56b583986146811160999a7cde9e141facbd07ac30c9b8a","nonce":"d708e8765ec29e285e1ed358","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"bfa96928e2e8236e87d2945c9eedfd6c440356f03f615fbead2984500fd82909b493c354d5c96fa9413f4399ea","nonce":"d708e8765ec29e285e1ed359","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"28b8663af3815617d7277fe2fe970c90f38db4c3af17692679dcc4653cc8da4d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"3dce1ce3315cde15840a6a4b3b08b43dcab5791c8f842550e91405322b8ebee4"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"29f45577bc87105b6732263b3a8ce44eea68cbc4d1f82fccf1f27635e6223dc7"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"d8881a85d89809789e58b91f57f7a92ccc6b9bdfce7855cd431d3ea1dfd9f5f6"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"73cef42867956f369ba10496d24c5ae2da9ea736f08a46579f08525015678c31"}]},{"mode":1,"kem_id":16,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"7829af997003dd82b9f58e2d284699307f24dfb631bc44355c0db6221cea8ace","seedE":"59d9c10fcf7a238b6d7f20851223502f837a0a677833f2b0938976e94d3c3482","skRm":"a81ea9d321bff794554cbb80cc6a640f120d05170c59b597473b761fec5f3b3b","skEm":"628fd86ee8203b5b091940e726868b4f1d065f9f4802f10bb23c19581af72a78","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0482838e233d0972b052a4a3bdb1fdb8e0f8d909211b8a4bac11f49898a5a60ea2873c7a9c5e292b13f57d7c540b6ab3234f5b62cc10ad192d2a974f077a4feaf1","pkEm":"040b569364ecf147dcfaab27c9f32b2d372a4982c687d176a9431a5a4a0d735689261f3f7df13af7ba0f488f33cd277067eab8a1efdffd1a652182601618bcf53c","enc":"040b569364ecf147dcfaab27c9f32b2d372a4982c687d176a9431a5a4a0d735689261f3f7df13af7ba0f488f33cd277067eab8a1efdffd1a652182601618bcf53c","shared_secret":"61bda676b0b45bf76d4490d7f32fc88b5e98a985834d01eca40c2425dcaa3863","key_schedule_context":"010542a7e0afdfd9ca23b9ac7c0331b7593a8505a183a605b94c4b91f9e3c55aaefaab5fa4bfc63e4f27f242c8ad3170fa0da038c1d60aca18b949cb6047c56bf1ed71e9dde5769168bde996f6ce2fecafea09eefe04952d6c75fa87906c921b2c490d7b953d7ebf66f1ff7b81e80f150131de0d1b207e4d9209f185ae4c886e4b","secret":"acca99fa583f5cbbfe380c5b8b8e563ff5660babb79a657efb80c4b119cdcfcda8b8a899b6f38b257e09a892d045850e9be2f9b65a66212a65263707af987102","key":"6637f8affc276bdc902a0aafae3d89320582e01267dff1bab50cfdc86dee749f","nonce":"5e6008a2187680e40b02dcb5","exporter_secret":"98593091409ed29933c6d9f2d66f48c7cd079f32a6581ae8f825b7f24fdd95f1f5585a09c8f530872808b90b9f0f30bbe32d6eed5cbb9fa3a2bc7af316d90ed8","encryptions":[{"aad":"436f756e742d30","ciphertext":"0d02aa8cde4281cd95faf7b45ed59839f7b115d69a2f9b71f0fddf11370541f2eac9b6945e759da39cd1bc76c1","nonce":"5e6008a2187680e40b02dcb5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"9c93f3da62d7ad7ee2a5239e66261706b3845dafbbb31af9d4d81a99cbc784764556a197deaaff37007b454455","nonce":"5e6008a2187680e40b02dcb4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"19459000b301b00b8c203614ff9c285f33eaf26b67ec0c1a633ad948eee028189c4c6643fb579b95f132d4c9ac","nonce":"5e6008a2187680e40b02dcb7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"09dca54f0e438b51d791fb38536cb2af9d43140705718a4da8cdc98638313e690aa991e0c485cbf871bf7762b1","nonce":"5e6008a2187680e40b02dcb6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"17f8d4ff1c94551cf5ce77bd9536c6289144bc2cde44adf769b48b2d4b0fc86c19f1922301a1b918a0bd76abdb","nonce":"5e6008a2187680e40b02dcb1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d7c5eb6547c0437edfada6836a6b7c68de48989a90e05b84024f9cec4dfb44b6ae7f970bc3afaa772e358a4548","nonce":"5e6008a2187680e40b02dcb0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1408f897e06c317943156ff2a7d0f2483dc209ba1d0ab6a6bd7121058ac89b96e2f85f733d563f62cc4dac619c","nonce":"5e6008a2187680e40b02dcb3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"236f968351ef1c24be45688cae77b72f9e6b57ee7672d75fd98a4079a7db6b9291ada14688a3e47f00cedae5e5","nonce":"5e6008a2187680e40b02dcb2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"bc9e909cfea67b70030b39a7c56325dfebf00657b1356aec8213ca8621205fe779356c8fe58e88e175be012edc","nonce":"5e6008a2187680e40b02dcbd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"7817f9ffae65ac104f067cca0568a03218bcffaf18703b20f7973db38b82cc42ab66c549dc840c5e1e541339bc","nonce":"5e6008a2187680e40b02dcbc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"9ec938833be379f35306970221039fe820853e68abe551fab0e5c726cbb36120"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e578cd390df78aa20afb39f41a139a1c12af6c2bc1d588bae94be1ef80918378"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"85890887caf203e632929d29f01b70c5d2f358cbdcb585367f4a5ceaf08f9a97"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"4e2c6d13969c6bd3422e5737ff87f8ee0b3a46f0e92b395e16cbab28b7b282ca"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"0a377edeb68f9a223159e3646ab7a12b320e479d80adae9c09f5eb3f79736d1a"}]},{"mode":2,"kem_id":16,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3975483e6613099b12c9aa65a69dc088918305fce07e635986a5c47a70a77453","seedS":"0ce38851fe2134a68730f84063413ed0bcf1707dd296be62ad34c739ba31dfda","seedE":"e17192a4e1a863a7b4b9e985b59f9d86281fa578f68e8e5e7a0919febff51b32","skRm":"9b27a25c90b9b7b3d00ba9e310028ed7c40909853c3e432c1a9e81ef915e0a5b","skSm":"0d20b214444aa00095b7b982cfb34003ab941999a7d78abe4c3aed79114a75e7","skEm":"f69e98cecebf9a188f1a9fdff538c207c3f7bd4cf111b90cb5d1b5b0e5422d15","pkRm":"04fe1d93e77b4bc8cf3a61ab0329a3b3f8c78abdec0d5870a935e5f18905e3f86f4071515fe974e6157c96645d036766e32ed4d9483bc7077a15c98a4bfef91038","pkSm":"04b6d4ae3f5691816d76b8bd8900af2f8f111117febabb3aa4706ad0472147828223aef0fc9ac1bb6c1e4612301d907bc29e254294c9edd0619b8bbd1b9a93bde4","pkEm":"042c880802d69ff88b24f0b34dab3546b6505554c722cbe371d745169835df37757f9dcc44db2e4d03e08746da5cb0e9272e662589df2e1d1ce670173f3e0046be","enc":"042c880802d69ff88b24f0b34dab3546b6505554c722cbe371d745169835df37757f9dcc44db2e4d03e08746da5cb0e9272e662589df2e1d1ce670173f3e0046be","shared_secret":"92e2e215c1a83d54639c2a1cf809b78a6050765b9f84cf81881d799c6f8b5dc7","key_schedule_context":"02e622bbe03266624d8ea93c7d97d8be642f4955d8060d0ed7709255fba73356f48218480f1abfc9301b90f167be9779678624e6fb37cae923ff09a806e31e438ded71e9dde5769168bde996f6ce2fecafea09eefe04952d6c75fa87906c921b2c490d7b953d7ebf66f1ff7b81e80f150131de0d1b207e4d9209f185ae4c886e4b","secret":"67791051cc284d16971022e4140dad5ebe435fc27067e882caea13272968a75ba054045db86e08066b6ea14f4982043efc560144bd12290751194dbbb85f4961","key":"8eecd47dfa050abca604ff8aeea71df7aa20f2a61ba650e93880160ce781860b","nonce":"dba0aad9cdfd91c3e2bdd9c7","exporter_secret":"9a2e52b3b2f54c0e8f8df55e805d503f09ccd8851f1fb860c0f48ef53169e3a0a6fda981e25a30242d2e4dcdb6cd1d50eda739ae3a9a754a019cc8d18ef02dab","encryptions":[{"aad":"436f756e742d30","ciphertext":"cd47d6b79271dd65a95e651f1594e02de22fa6c6ca59a1eb7335d2c3568f5a37d787e8da6bb16713b07e1920cc","nonce":"dba0aad9cdfd91c3e2bdd9c7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"89d4fb73d7fe464ec758d4076ee0d3a2bb00d25b7ef903acb3871eba1ac1aab119695c53adba8b819176114b69","nonce":"dba0aad9cdfd91c3e2bdd9c6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"692c684d791f6672b1a377f8f17499082a9bb35f7d98589951fdbe6b6dbc967ff6143b721abff9565133ba33ac","nonce":"dba0aad9cdfd91c3e2bdd9c5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"a3d130c6b42477bf3891c4e33c1ade1587c7b33bd1cb2257a1e6abf24414837ee1cdf68beef7af89b274799a14","nonce":"dba0aad9cdfd91c3e2bdd9c4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"6011032c0492384cf8e0104269fd7e89083f4b6a779eee49d14d76a61679fe8aa3434ae9e0cd2e746bea94bc50","nonce":"dba0aad9cdfd91c3e2bdd9c3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"7c490437c971373c093f387b58bccb4e43b67f102dc768311f757a22e0812b38b9be64f4413b34cdff8a13f01f","nonce":"dba0aad9cdfd91c3e2bdd9c2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"2c0b07b9150c30d997715c1538923ca5c825c01ac34dc8ff1ee3747f8b29fedf298658661fba5e707945462434","nonce":"dba0aad9cdfd91c3e2bdd9c1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"13e6520b3a152ffb90181bd806b6d6b15c470340512f017a45fbb2123d3c910a0db8aecc9b29163dd1ecaaebee","nonce":"dba0aad9cdfd91c3e2bdd9c0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e656d5157f662d6958b2f5030084a4f0d77a64b811646a4938bbea17a8ee0b3422a1e186451ffa5d08610994b1","nonce":"dba0aad9cdfd91c3e2bdd9cf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"8b147757b8eddfc5689121627278b39ece9fcabd717df933b116a2ac408e1f11b61e1eef25485551a772583d08","nonce":"dba0aad9cdfd91c3e2bdd9ce","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"03cc00d46a614895cc3be43b10245e1b35dd17a5600c66bd2cf0ef37071040da"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9ead40dd07b3c1b8617c853ac965f6aca452ede79808239600c04d75a30abdd6"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"fe2e2794ee74171b3d44c8d2a65f4f296c5e1d3da2c6bec9df6456c8d9bbf6b4"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"3ad099547cd3209ee8b801299df44274252607496d6178f3a7eb32c0f4ed9773"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"2401d653c088ee5fda56b3caa833442ddecc00cebfbdefb3b95d624f1e6f3a29"}]},{"mode":3,"kem_id":16,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"c32e5a08622ec62f4688d78a8aa0d431088532688f5dc6953e99ffccf3ddf60e","seedS":"83f63934a46e13925f7581c9feb1e3940ab207827b34564ff08277412da1c532","seedE":"d74cf4f19cdf40008a438518fbfb82725809bbcd4d5ff2dd5dfd2529578a84a5","skRm":"3dcbbcc97592cb236ede3a957013415f47aed3cf83b7525ed9398ececc416899","skSm":"520f211a36ef47379ac0d9c4e91ff4aeb282220efb998c7f598190312953f230","skEm":"37f12b882a9c02a83b55d59fb3eb34b3f036ef5e5bf7b6f48baf44b40dedcbbd","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04f8407001cf5dd69d3a316dd921bd950449985510b51b81e714b33850472e3f414bef638b3fe1a60e79b0acd3f4397a4056fdf799db378a661cfdeac3b3d4d56b","pkSm":"040a6281a4bef779452081e500734262e21ecfe18cf5e968297fc98b21536a3bf518ef35f25c67a69077638644a69dec037fadfb940cf82a858f68433031f4b9bb","pkEm":"04dfed83c20373d55ec642d22562863f7220c61457d661bf8e8ca27d6566be3c2d69d94587c7f68784ce68e4d08b8b619495a37a6bcba2fbe156bb543e5f8d62a6","enc":"04dfed83c20373d55ec642d22562863f7220c61457d661bf8e8ca27d6566be3c2d69d94587c7f68784ce68e4d08b8b619495a37a6bcba2fbe156bb543e5f8d62a6","shared_secret":"a523e7db8f26e7003986ec8a633a6c7db0fbe7dc1e222c7cf6250079c9e990c1","key_schedule_context":"030542a7e0afdfd9ca23b9ac7c0331b7593a8505a183a605b94c4b91f9e3c55aaefaab5fa4bfc63e4f27f242c8ad3170fa0da038c1d60aca18b949cb6047c56bf1ed71e9dde5769168bde996f6ce2fecafea09eefe04952d6c75fa87906c921b2c490d7b953d7ebf66f1ff7b81e80f150131de0d1b207e4d9209f185ae4c886e4b","secret":"0acac8bfa5c87a9968f4240620463488d1db7ef4b74616041b34bf0a2c5d01c13e9efd2f51509b8c2612804a9a36d86ed422717e133be1424933d67bbfd8ae40","key":"2de8d0ed2bb0f4ac80df804c157f59a7b735dc80ac679c75208bd0fee66195d5","nonce":"61f2cfc2b6eaff09cf00e852","exporter_secret":"dbb308a5d160f26eed605379e96215a25a652c806e27719218ae42b22bdd13e32354245652ae99a7fbca926106b092a259fabb77c35d7f27c29063ba8eac5062","encryptions":[{"aad":"436f756e742d30","ciphertext":"d931e102f03a85139f19c687e1872bc2e7eb088e0e6f52623fbafe58931413a0ebf74a6dc7a0c867e44aacf14d","nonce":"61f2cfc2b6eaff09cf00e852","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"3a9eb1457608e6db82d027e070975274a6c78d84b65454be23d443f5f123d6901bf2258053aae7a3fc639262be","nonce":"61f2cfc2b6eaff09cf00e853","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"ba91f6569a61474947c8195b6f82446e3ab27b34cc0105cbd27d83c3804c936ac9682520152e3fabb3a7d25de4","nonce":"61f2cfc2b6eaff09cf00e850","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"888be00d8fccd99c9a61711b4988f799456b174f4bf5ca01adedeca57cabb578debd6315fed7b7222c69ecb635","nonce":"61f2cfc2b6eaff09cf00e851","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"89bdcd086d3e6d40469301fa9f1501c6b8513ae3033446c6914b3d361484ab7df88b5fdfc42acd2a2bcc4b4ccc","nonce":"61f2cfc2b6eaff09cf00e856","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"8d015f1a65e56f4e6a40b79e11e4e872c950cd73e187f55bf3f2d528d956d36b182a7a039e788f5329a2d1b6e0","nonce":"61f2cfc2b6eaff09cf00e857","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"098cfbbb0c7da2229b38886118d480fbcd67e4e97c56206a99ce97e2f339d0a571e2ed420e0988aafa41f299e8","nonce":"61f2cfc2b6eaff09cf00e854","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"b4fde11cfbcabc4c2ac865f58bb954d066f22f08359df9047bfffe1c9b882844cb460540817aa9a588a1490e36","nonce":"61f2cfc2b6eaff09cf00e855","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e9de06ebbf1784c19051a4cd50f2a1608a85ae0285617c970d900eb545d9abde1e5bd01b982a2498bcf7ac25f0","nonce":"61f2cfc2b6eaff09cf00e85a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"82c82e24d9fd07af6b6fadd5a05f286785a363e726d2fd30d1298ec031c68fdbab1ba25c8d08ba57d03e518144","nonce":"61f2cfc2b6eaff09cf00e85b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c875e0e5210a7ee5283f9917d28cf7869b959d09eabe10a07b6be3e088bd8df0"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"aceca56efd2f67f774bf21abd3aa82fb6e0112ec42785abf3de27e15d234cb8d"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9a4b7f4bcb09528dc5bbd1f80b30e64be514fdb2fb46204bf46b09bc229065db"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"0d7841b054ffb4681f847438c237694bd0a792d5381c1f93a8ad5c006b3b36f6"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ade658c23485d3d7858cdb7c45982d5c2761501acfc10dfc5cbef8a00f9f0cd4"}]},{"mode":0,"kem_id":18,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"883b63f591af5f3b1c4c7c288a5b3c7d40d3388fce16a1e62c43b8f8a85e9250091c7f1b6b46b1ab36134640d37e0636a344bc58026160edb0badd4ab5a58fc0c568","seedE":"924196136779a5fc979d90c68c8ea9e17cd0c39a8aa506cb494366f72c8032e8ad88530c81a278abefea49f0c6b0bbf778680e12b8f10a3d0d437f931d84cd3575f2","skRm":"001993eb42a296db6a3ec78f6ed4b5030c988de0616f798c81a21fbf573f5c71edfe9164aae52a3c9aeff6efcb2638e8e1ec4deac827a924a9a3f0da85abfb8daf8e","skEm":"01b00e7284c2c38cb7147c36b162373983754a1bae0287030201ad17c0ce5a011919ba38cdb29a6849af11a734783070cb0a5d4a071daea7727f0c74be2f21c3ad1c","pkRm":"0400377fc101f2314202bc00e3b6a145d22a8c5a519bd1bfc68f0718483480b14d1ea3e735fc1eef0487125e2b8b3d50fdc6e829b34d7d662757f54a5cee84051e64ef001eb378e3af7e9c001ae59f5bb9d2b21765f8a9c11933f89286c2593bc39972d92958dcbc9870dd1987d5229988c4634caa82a42795f434b8bcbfb88ad512020813","pkEm":"040032bba569e6b9f5249ec4aa95d2c724c15de4b78b96de19ee860252ce6c647834eeaa62068909c32738f32299cf94ff20acd22e00eedad7a67833739e88d94530b40199f1af2fe20440a7eed0cb38958322c128b3a26f4c6dfc20e8864bfd1e90c3ca63135edd65937fa876cc69a57bb4af6fd758e2131cf24afd3cab39c63c394dd0a4","enc":"040032bba569e6b9f5249ec4aa95d2c724c15de4b78b96de19ee860252ce6c647834eeaa62068909c32738f32299cf94ff20acd22e00eedad7a67833739e88d94530b40199f1af2fe20440a7eed0cb38958322c128b3a26f4c6dfc20e8864bfd1e90c3ca63135edd65937fa876cc69a57bb4af6fd758e2131cf24afd3cab39c63c394dd0a4","shared_secret":"ca3706b50c343d862f3db67d8beb68f5cd10fb7bf2f27558bad5078aa84cc2d58f3fd53691ce4b4f6d651ba6f222dd70470268dce1c8911fcbb807ae4e36542c","key_schedule_context":"00eb019bbafcd598e780a14b2fd24d49bd927c4f7b00c169f110ddd5edcab0266563c3e22d2189ce73cf281fdd334f2165aef7f5ae7015ecc70e16decdc2544bdb","secret":"7e6170f050bb4f2d35c49f0deb1441770497e5e6e87942121882ee1f2bb7fe28","key":"efb5caf6834ea53ba29905ca76d72157","nonce":"71ba271e5c494a6acdcb7440","exporter_secret":"485b072652c31732e003ae54368ecb7b0a161acb16b7386c034ceed4d035137e","encryptions":[{"aad":"436f756e742d30","ciphertext":"7e76da9584726f765c58a551512f15bbf2dc31295cb73abc78a33bec3553f27296160da25a606f32c6bab0687f","nonce":"71ba271e5c494a6acdcb7440","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"beaf5b6a214e83c3ccba4a5c6e212817f312267af6986874489fa2ac491109a9e1973719ed8a115d5eaf1595aa","nonce":"71ba271e5c494a6acdcb7441","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"c6568e2fbe48de1877e646a3d9bb14740200289e6b5b50b5134066dc5facd9528ba97ed4c4f380ff98641877a0","nonce":"71ba271e5c494a6acdcb7442","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"8b3b9c45e3a7d78ad36562e4e1b8202ff800dd8ced4d18a6abe207b2b6c4c28f44086d27548b061af426bb07c6","nonce":"71ba271e5c494a6acdcb7443","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"a5ceda5bf6bcd8c61093a2f4badc6217c49691a5f6223a72f1aec148c448e9759b1c33de8ac492e2c51cb89e43","nonce":"71ba271e5c494a6acdcb7444","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"9484b665a34e65e0f194ab54ef4c49e1efb52bc9fe8bbaffb2723a9a72c6402c4123873aabb71c48b362ac5097","nonce":"71ba271e5c494a6acdcb7445","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"31987fa2009732f8ee05d374086bd3df97daedc67815c1888fbdfedc63e41ed0c685e703ce05f34428348c0fb6","nonce":"71ba271e5c494a6acdcb7446","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"5f5e483a7ec180a37ab75db5b04237014bf1354a882cf7205dd04c826a452a426faedbbf7c7fe2bc245565bf2e","nonce":"71ba271e5c494a6acdcb7447","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"f95e2ab99c90d816f37718753ed2c431f10eb8f30984463fe2c1593915973675af65bf17a764b0ff3f3e7932ed","nonce":"71ba271e5c494a6acdcb7448","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9912a6c284aa299a0167770928f780fd01bd16da13af9f55a24531f199c448cc72ca01b660b3c23be5c76e46df","nonce":"71ba271e5c494a6acdcb7449","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"8af42c0b20c405eb1b0d8b99c6d1658c1f470184d67876dcb3a6dcaf5ce650e4"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"94ed2280ae2b8024f4ccacb620acfe90c317f95be342917d48c68ac81bfa2b2b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1bd714ae6b0f4f9f54c3ac147b70f7c24052633a04ba1f163cdd82d35843f52e"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"822a81dfb867874c36111ecb4855db7f3931adf5299cf0ef21d17bb14fe39898"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"cd87435d18a71e8681545f8b831d4925bf46999867f96a75e7db68050027f17a"}]},{"mode":1,"kem_id":18,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"bcfffcb919c93a135aa9c240bdde09e89ffdb34be7262c63090b687ed1a6f3b67e62ed939e2d9e4e2117fc6b45e5ec71f62bfd5638b3c8cc2ea7917e512076b7a4fc","seedE":"eb205ef7c6f80dd291630b94e95a91499e73e9d15a14f4873588beae7bbe28e356341d6440b3d340673b866d91a3bbaad4d0eee675129e8928cca73d2663e5dce170","skRm":"006ba0fb298dc4698de10e275822720349fb3023602f5c497e0561caa3d903db86ab6899517d7f91cd83408fba363918f73a11bf4d5bd4c399202aa8d5847f784085","skEm":"0193872d5dd52e9c50035e68edd70230363684364efa20483723dd390eb06adea9e83c6c765af3aa5d5cb26b108d054defbaffd466cfbe4ae55f1c7524637dd1237f","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0401052a180494fa898ca3f444d3c4c7d0202abf2613bd9cb6bab164fad706dc15bb5674e432abe7ca264adfdc139d6532f06e036d6dc055cb710e19dfdf120d32688001975d506e22708b80da3dbcf660b220223328e718e60740835e5faa7094882d735c63264aaead194045277766bb3fd5ca40c8e6c800b4e50c059fef7f99fb40fe5c","pkEm":"0401a20d7906148209dd5f31dd677377497392a49919643117bf01c24653c0b3188f4a003cf418918065a1a4c61e6a56c2a3dbac858fcef61d5f88376fc8b54c2218f900eaa12ea41da2b95caa85f9ae8eb315dc2f17658b98cc0d1c4d08cd83137a81588d6bf125db78c1223b7532dbb86e92786fa2080fcf9b772d849a9e1cfdaba5f667","enc":"0401a20d7906148209dd5f31dd677377497392a49919643117bf01c24653c0b3188f4a003cf418918065a1a4c61e6a56c2a3dbac858fcef61d5f88376fc8b54c2218f900eaa12ea41da2b95caa85f9ae8eb315dc2f17658b98cc0d1c4d08cd83137a81588d6bf125db78c1223b7532dbb86e92786fa2080fcf9b772d849a9e1cfdaba5f667","shared_secret":"5ff6ae5f1b9894abc636391de762794be83f9c20f6b7bb60980b09a00bd4a96b0f68a04d63e600ede81862b8fd51e165651e10941ddccc02c99c99e5a5209c8a","key_schedule_context":"015dd167df8d4130b09e24af66848741f066b89054d7926b8d4c82b2c68751bceb63c3e22d2189ce73cf281fdd334f2165aef7f5ae7015ecc70e16decdc2544bdb","secret":"52cbbedbe85dc9cfd93dfb3e508adec934c7e99b2f7f8520f1a2925318b15590","key":"3238b1c5b5efa1413a8867909863da81","nonce":"132b96cc62303e3fbddc304c","exporter_secret":"37064f7c3d0ccefcd22a2bde6849471323f431cd3d88b081bae40103fc520e58","encryptions":[{"aad":"436f756e742d30","ciphertext":"6be53b0ddbf6e3d25074b1a8f11584ba75deff5a55b3eeb7b744139e37086bb74a07b810336057f78874267485","nonce":"132b96cc62303e3fbddc304c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e8021f6dab683ce41ae36e5de06faf441e9778a62c1c3b232fd9c81958e659a91de69e5cf05002879e15439882","nonce":"132b96cc62303e3fbddc304d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"33688f12641154a68644c8c70e9f57c9c60baa4ee71ca2b5cce385dba6b8595f1566eaa07a47d1b8018dbebcbd","nonce":"132b96cc62303e3fbddc304e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d10d08ab7c24763409afde1e976467746daca2e4b57010c9a60e3ad7e07f39c8e5f9ffc33a6ee38d3616f29d3e","nonce":"132b96cc62303e3fbddc304f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"a6ca67384bb3888a12897b9c2872b5910103d4d28cba0103af6b57d46ac4c562fd33e81efcb3f7caecc30c81f3","nonce":"132b96cc62303e3fbddc3048","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"ecd075e87741e18cd60eb98a92af5ae621c2cff12406452999dcac084c8b07e80f6986c04743a7de2a13fba5bc","nonce":"132b96cc62303e3fbddc3049","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"9f920a5c18dad698f590f7f7fdafc66e632bfab31ae0f3371619c5425cf7616712a0be6191a20f56a164d0eec7","nonce":"132b96cc62303e3fbddc304a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"d920e8b018439f275ed4e7f1433c2e7fd272b3d60f609c8ec26321219d14e4dcfe0dd8063d6aaaa7c69bb27b98","nonce":"132b96cc62303e3fbddc304b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d4fe1a5daccb621a565bdc09797e9269f8e72d84c8706d547a13188c55ad8be743178015033a73caab8e4a3b4e","nonce":"132b96cc62303e3fbddc3044","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"5ee3c57f5e7afcd69d5d2bba4bfefb2fb317faa6764c8f45b0d4669b7947d49b21923a2023d944621ac1990689","nonce":"132b96cc62303e3fbddc3045","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"62cac863ac85dce6cab0f5025b28f00d892aefe886d929841c5db018b6cdc4cd"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"85985c0dedaa6874b648ffe2309bdfa363c25272dc19ee9521a1632c587f9bab"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"6e011df6c2c5da3ac11e5709ce9c19e3bffeb32f1a86f01c0a99315336b40b69"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"360de08e21d527bacdfeecaf2df5ed56bc04444ddbd74f2521af38abb6759fe6"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"835e5f5e54db12b144b3524cff06995825f944f2a8c67294940cd73626c9b49c"}]},{"mode":2,"kem_id":18,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"7a40fd2e51e538bbbad16e12f2af6ae5f7dd125c46141fbe172bbd4c8d8ff8c195855e7c7c3aaa05f72ff19a79a09f88ade9e21cd124a0cb7ec0e3b3398da0a885ce","seedS":"9915274f9c98b27d28e6b4caa0aae346292e4279aae1b031de9a57636bd6dca538957cd6241e58e98ab14fa00aab5126e26c65807045198020c4a036849b0bf0e81c","seedE":"7f85ef97913400d6e42bbbcc2f8d350b9cc2c871f0cf9a8e1addfcfd2fb4dd2a1272a3e73d920b62f1ef55eb8768d880c756287b0fbf9bf8f87e3086c8f1e60f2649","skRm":"01261eace5e2de2dc005c85c3d8528773c10657793856ed2330738810c0cc489bdda7785ef7f16e24dce6ed85df1840acd9532201b193caa01104a1875fd029ec556","skSm":"006c7164a9a6ae0ac71ac3ee6accc6d04627422abf2d217f9e0c62663de6b566d3c4215990c174eb79068c09aeabccfafd6bc9c61770e17178e647aefbe02ab2b17e","skEm":"0087d99d333cd16b102bac579d769f45779608961e26783dc1d1803109b7f1ee61202f4fdfca7f8e89186ff2f2b840b3a4fe98c7735007f2cc7032f233249b372457","pkRm":"0401597ec93b14ee576137dcc4295b4253b0de665a9a837f818e30d3de2a3a27da54beb9e2f9c89ec69aa508f4f1a91e9429182fc2c746fc9cfc839d87ec09f88d37910011d9b9b4f933cb7b3b891875bf0a7178db89c4fccbd7532cbc13c698537362602d38fe1b7745c015f1907140491bc71f2e2cc172a8dbb168bbe051bd4b74836bb8","pkSm":"0401bbf341d021e390bae735b94ac33cd911147f8699419cfbfae68d3df1417212dbec694bf69bccf9b52adbc9125e10cc5e15bda9ce3b9030e94a05a5620b0038d296008b35142c100020a00266cb10131a64666e59ea3bfecb6570c4e8036eb22cff730381cdc5b83cfb7c6f50f3038413b6ec9231d814c883e1ed3ddc808e0b11a99f38","pkEm":"0401e46b501645fd1f216d8c0f7db734ccd2ffe19c715f591ea8733ee0d2be59be2a2a6e16ba977f1765344720daf4cd8e9c04c08ea95910a933a238daf8179d6834de00dade88dc8bc03640be50ec0c3024300e2dc89b1348fb90f69770e53fe05c4adf864e5f9067fd4e0d62066b9d31e706d02c1bf297f4664f45a05df3c881639f9bf5","enc":"0401e46b501645fd1f216d8c0f7db734ccd2ffe19c715f591ea8733ee0d2be59be2a2a6e16ba977f1765344720daf4cd8e9c04c08ea95910a933a238daf8179d6834de00dade88dc8bc03640be50ec0c3024300e2dc89b1348fb90f69770e53fe05c4adf864e5f9067fd4e0d62066b9d31e706d02c1bf297f4664f45a05df3c881639f9bf5","shared_secret":"2699d5a9a67c8a789903a1c874f95eb3c5dc5f8a6af18d45d72abf4ec3108323378b82b622b9a1b79e45b0e22265b746167387245edccdaafb932a700b9756af","key_schedule_context":"02eb019bbafcd598e780a14b2fd24d49bd927c4f7b00c169f110ddd5edcab0266563c3e22d2189ce73cf281fdd334f2165aef7f5ae7015ecc70e16decdc2544bdb","secret":"9ba8e80d2290b61d6d243627e30a68d3d9f0551419bdd6d1574ed6d0075ed44b","key":"f01a98f2c465fa7794a112a86ad3f96f","nonce":"4c1687c4f8caa631acfb159f","exporter_secret":"437931bc930991f1a86e9bb4af505b9f96146d56095c739ec4438716cd1dbb72","encryptions":[{"aad":"436f756e742d30","ciphertext":"667fe72156c28642e67807a90671f84bf65e83a18d04b46b522bbe3102e0cb39dcff4b0ea0cf529f4f88794a51","nonce":"4c1687c4f8caa631acfb159f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e7d15754bfe78cd9c6006485761c329a50601cb6469fb07d0c1e882fcac4b8e71748ceb68196e1c6a238bb81b3","nonce":"4c1687c4f8caa631acfb159e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0a3d684520e9765cb9e3917aaeb5fa32e69ffed0bdeb31b9efbc8ac12b7606091de95e216b689471cd3516babf","nonce":"4c1687c4f8caa631acfb159d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"3687c3be20891a0bca8254d49c15da646630dc3fb4badfc20b19ed5f2176a081f78c7bd17f243721508f23abba","nonce":"4c1687c4f8caa631acfb159c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5099ab66dff6582db90cde08bda5cf0d0aec950e7f21647d031240dce43a84f68a1560577d04b8a882c0cc964d","nonce":"4c1687c4f8caa631acfb159b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"6288fbebfd2d8c2919a687802c8969f13f9b2f3e6ee5dc7fd119699e4c8326234d67091de2c75448e5f25f391c","nonce":"4c1687c4f8caa631acfb159a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ac53921b0eb8e855c06ed966ef55342000a403aeb003992e5a53d416ee87d88f765d327c3f7c38e285241380c1","nonce":"4c1687c4f8caa631acfb1599","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"a1d21e2a1a80b144b8963f80a71f7103fa7437e1e714be98839a8f622a287ba2a6cdd5dba928cdcd06ea97c8de","nonce":"4c1687c4f8caa631acfb1598","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"cd84466b74b520bc87887fba5a4b593313e1135666635917094c0c76c94af774b8cbfc32c1ecfcb76ff6343dd1","nonce":"4c1687c4f8caa631acfb1597","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"393c3d1876a86998ef7d558845f03735aeb83c0c0fb8940138764cabd1a03861572835031516f6fa626317208e","nonce":"4c1687c4f8caa631acfb1596","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"102224cc9f9bfdc37c155061062da6b1a73a3701854a1411b071c10794f35c9a"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e70e15c34a084486b53487e83344c31911a4b2ec758b2ccb1815307015f4497d"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"3a89ffac5ee70c38fb6cf876b7afb32266b279f87399d062f18e4d62e5a8ca76"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e17d1ba6e8a6634ebe493843da89b31c949d0dd87ce97878128e2dc7866b2be3"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d78d8b73c548d06caea8ef22ef9df79895a611e4af323cc1ab5be635bcdb619a"}]},{"mode":3,"kem_id":18,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"5bec846892b6974d9e697096721ab56441b4aa13a3ab22e86af11cb65cb19cdd045f812facef3942b68c8ee808a596b2388afd7b8a0264e6ebd975bd127283e1812f","seedS":"9a9a583d77b0ec97d8c645df3bb19c69f9932c8a38d8e7983cc7e07880f9deb0723ee9eedfd793d0ac1d501114994ed91fc944b68893bf72a72f4f1c5b85876a3ceb","seedE":"861bd6aac8080815c8640e0fa5f756d41996c21495af4165bc72abbf22c6c86e13388b6f7b02e940351babc3230ed161f951afd2588aa3d55a6fce8892434e407da9","skRm":"0190d3282aeaa815e05497a2b5f532d2ae2975b81f3fdc4757cbe146402407e2eb060effd7b43bc906015db1c5ee56214846d9c95ce4b8670e08d104c88afd477c9f","skSm":"005c5ea616e78b4ad3985705424c5197f5dab1a21d00069b5497f1d95620d2ba9de87ec5ed2a6002a19b87b3d5a770932b24371d40f937eb5546511d8d59f34934f9","skEm":"01689b2050c8ad4c652ae4be0a923fe86508404c130f968a8ad3887cf807d0e2525718bc206ff1f04801c77cc3f08c0e971d566751d5d842fb6fa16fbea62a3224ca","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0401ad37bb93d2ae6e0c5292d0a4a7cb771595e0d53e276cdbde8379f489bb844b4d1ce4765ee9b9af6d928bd206687b121ee9f813eb32430675058751d8981f98ab7c008eb3b2680f3330d241dba3cdaf8aa48c768c82848d19eca91d6847b25c6a6d83f8a5a6410b9a35763340fbb47bfd4d785f3d6f9424de6b145d21cf45d22238e61d","pkSm":"0401d1d0ffc26f09ba4d2f5c8d7457d55e2904d085365820290a4b70e96c7900ba7478a3db79067d52b4aba180efce4b64ef88c332caa03a8d852911b9162ed20e61db01d1c37ca3b5cdb9ca3653f1c0a9407aaf83b6b82ec4ecdacc73677d3d8e44ab75703e56443875d5fe28d4ebfad20725271e83779046fb108a28718cb71ddebcbc63","pkEm":"0400c2abb61b29e6379fb282572f55b5871bbdf708929126b842fa5b0d321941f8e1c7f0c3a3425108e30b5cdede9d13f25636b7de02dec7309e79e7d3f36b378814170035fbf0e10fee77ec0ada13f8349bfd84279cfacd74dcbc83a91f17439660dbd50330e82155af5094d02af3d27873cb956dc571f27a5fd67185f6fad4216a271f90","enc":"0400c2abb61b29e6379fb282572f55b5871bbdf708929126b842fa5b0d321941f8e1c7f0c3a3425108e30b5cdede9d13f25636b7de02dec7309e79e7d3f36b378814170035fbf0e10fee77ec0ada13f8349bfd84279cfacd74dcbc83a91f17439660dbd50330e82155af5094d02af3d27873cb956dc571f27a5fd67185f6fad4216a271f90","shared_secret":"29981f95190cef5117aa8bb6fdfb0266332a1ea4417eda0602f47fb1f6b61e5f05e86a5d08c9257d206ab090ce56400f164ea86dfc749c138186739fb858b2d6","key_schedule_context":"035dd167df8d4130b09e24af66848741f066b89054d7926b8d4c82b2c68751bceb63c3e22d2189ce73cf281fdd334f2165aef7f5ae7015ecc70e16decdc2544bdb","secret":"6911cf879f086e020949464238d53baf2d622a3664933610ef062926d7ad18e5","key":"efee78f7da9b2e4163f6234034edc8f4","nonce":"0ac2f422453abed28add917f","exporter_secret":"b39440418a94c29d21c2b08c45d16fc41ff0816b486d5424c38294034f2b8016","encryptions":[{"aad":"436f756e742d30","ciphertext":"a77366eedc024c8e6f13fd735ecefd95283af9ba68d5895d82415b3c9b3c2599cf45d07725dd221abbdadfe7b6","nonce":"0ac2f422453abed28add917f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"2a182c102dcba15a6df2982fa69fd342ea1b3736a33288b0a0343bec074b398b1ef77e7db124884ba1a778cf7d","nonce":"0ac2f422453abed28add917e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"bcf789ec1035c49fe0ec6b55983f0397f07df20364faac3df71a1e7a9ef3b8f8aab4d1cae407797c46d2e263ad","nonce":"0ac2f422453abed28add917d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1e8a4334bfa3d23271ff0d7d5ce99b8e2f2debbb6e48e44998b488facf169c28396bf1cde59eeee22b198621cd","nonce":"0ac2f422453abed28add917c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"6708c6b3977f4ba7204e2dc5210dd7d0b75a1b9a9b6a049917ddbbb739d78c991748ebed65244f9a5c5db58151","nonce":"0ac2f422453abed28add917b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"787b45d4dcade6d5e347c1a78176544f9ec8c620ec8c03bd9058cabc88062850cd1d61d7b578300e12f46bfb85","nonce":"0ac2f422453abed28add917a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"06056c6438a52d73712025ac32fc376818e9f67a8a3d61f0869c0b3fdbb312d459ecdb10aa843ab637703b00cd","nonce":"0ac2f422453abed28add9179","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"48801509ce1f93c006940e0c521958cbfd4948985de9b9dad0aca9b4cb303ee1b10987c86471791b973c4c8aec","nonce":"0ac2f422453abed28add9178","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"682641e8dd6a21f8c9be5c335655f85600191320faec87481744dee3d52da8dec5b854b9955ed6990bb36472cf","nonce":"0ac2f422453abed28add9177","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"f27e70d7b16bd3f9f4b4b5af18b75072059c9dd18a34f096a6dafb1acfdfa4934598843de58014080420909f3c","nonce":"0ac2f422453abed28add9176","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"7f8ea6e212b6e0f0733375c9e4e89060f090dd3ef47d7bb590789df7673d44f5"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"58055ba847127891e78d055217f54243540f2e599962e1a943a19541c90f8aa1"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"455c66b166c374dba86cb99ca2d60175cc558a92d2a1799a7ae2c8c1d73db3ab"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"1096b657944a8af87745b1477f00f222032267c490a3dd8da02afd2072177df5"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"64e5a26520d3f60d40369069ec47ed11225e5977173315ff81d5f62de031bc0c"}]},{"mode":0,"kem_id":18,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"7d68e0016a8efafe04ea92a83c36ad7ebf20a4451ca20aa52bd9e8c324a4b7f3836bcc9d74a4bf17c6985d6bae94b7f4f775a751622d3a7dbe8a69e1d7a37e804473","seedE":"c2cf7ab17e805e2e36a2e2f31ca4c11ce2eac6ea63b7931a235d42947d904085942e610c056b5e00daf71f80c124bc3943ed4214776d211e1cc13412d742056da275","skRm":"01785bcf85db89f9488f04bcdd163873c4781f870b5f778c095987c28193a589baa36fe628a0285e4d50a353fdae7989fd3bdecfe6bbb16e2b554e0fa6cc2856c16d","skEm":"00e2b58a245c0945179103980aa9a2eabfc2dd5ab59dbceb64d3eb0b8cff35bf5cf34f721fbfe272da9473098ec4cde03d0b989f970b2601fbe1f3d8397d9bbcc94e","pkRm":"04001d53280f009b961237235784769368f60e935f98ac947818960278b8bed4505f82a9354702dc4f3597cf5e3e6fb9cfd09d881db0e61d44a19d05f9809d5caad24d006ecfc529c4b93e1a654bbe010aa22d8868f6aa3bef20d7c20e3b19bf56dd8146e78621e8a447baf6b2e2dc30e026e090b29eae8e16d431140254c41d781d664001","pkEm":"0400bcf477edb94738b8e49305209817600f0a44599c881d4eade411ec7bd7a74e1bbb2c656df87e7e388a47a43e163e8ae196f088534efadbc9ae9b6b9392fd7d2e9b01fa78fe186bcd11c291bfe0aee53f531621723220f44e2262ff69adb158eba0b1803d43941ea68a4beed7d180100f0b010a3ff22e4533c579f59f564e317bf1d82a","enc":"0400bcf477edb94738b8e49305209817600f0a44599c881d4eade411ec7bd7a74e1bbb2c656df87e7e388a47a43e163e8ae196f088534efadbc9ae9b6b9392fd7d2e9b01fa78fe186bcd11c291bfe0aee53f531621723220f44e2262ff69adb158eba0b1803d43941ea68a4beed7d180100f0b010a3ff22e4533c579f59f564e317bf1d82a","shared_secret":"b5f6df7b147d71f8185547af93ef7661fde31eb675a691a3fab7fe9ceeaae5a39b5932298e68f5fa76ec7ab1bd94c38901265bc5d4d0f68443060846ed1500df","key_schedule_context":"006cc4993ec21e5710cc3844a17243519591c5a338ffbfc8900990c50511368b680fee6343e42a34de218021722990f4771d707f8f92b430f6243c559b4dc31082","secret":"a1e0833b0755cf9ab14c300d5b4513c766b56026910b55a712662dfdd262676d","key":"516c0e09afc2a19f4ebffc340ec4e73e70cbee52c721da45ce4ee7c307d9c3f7","nonce":"c29ffb393e6dbc435168e404","exporter_secret":"83bc79e96d53cead27ba1dfcddd4af1ed48aaaa97ce0c926134ee05cc2c8a10f","encryptions":[{"aad":"436f756e742d30","ciphertext":"d28ed7dc07de3e946c2a2e5657dd9c9f166e4fea4e5a69fb3d9e0ade3c6e142efb618f07893cef7a7e20ffccb0","nonce":"c29ffb393e6dbc435168e404","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"09454d37810276c59eb70ea459c464d9664006feb52656187eaf01c6f0af76138713d1d858e5da715ce8e333bc","nonce":"c29ffb393e6dbc435168e405","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"cb08154f73e5037eba1b07f73e78c491af1c511f7bd5510398fbab3b801917ea6f9357e7ecf6b5248935849a52","nonce":"c29ffb393e6dbc435168e406","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"5b9f30a66fd9ad15f93c79e608e6fae60582f487e6cd8251de6591ecb0479fde949420fdce260d13390b28fe65","nonce":"c29ffb393e6dbc435168e407","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"a3e227daf4c6ab7b9f48e4dd42831713c93e3e2fa26292e34ba030d29f259526bfd91ed794d5a3a49015a7f688","nonce":"c29ffb393e6dbc435168e400","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1b78fa88fb94b300620ec26feda239e9d8abf31d3083325ee44d69bd71523ee71fbe61c9c8440bfc27df253ab7","nonce":"c29ffb393e6dbc435168e401","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"adc69638a5fd29ced5c5c78f89d6a4fa243014802a8da1fc890510b0afdb46eb337e70ac18c40234a3429c143c","nonce":"c29ffb393e6dbc435168e402","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"48a85cf51f5fbed6f4ede827dee43078a42272dfeec1004cd27c582898752777b74ab5b15c5d137a6b7836367f","nonce":"c29ffb393e6dbc435168e403","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"82f43d555b54c9ffa396ad10c80879bf76b583417e510566b50229b3f9b6faa68e963801c7ad13e2127f25217d","nonce":"c29ffb393e6dbc435168e40c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"05a029e482d124abe71e02967ea24de67a1a7090b80b83d0dafe31a44742e9b7113bde2ead3d76e1024ad8d06f","nonce":"c29ffb393e6dbc435168e40d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"358b348bf5cda591d267ac6bfc3d5642b256b0a2f6fe6c0cda023528012bf3db"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"0d792da028fbfe9377ae89a6148e1684560792252d9361eb6c0e7c240a05e116"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"e6f9037b5235bdcc4252fce2a2206decff5e8be2d7556b771130a509d5ce5d25"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"8df243ea332fa32ed78bb3d15a878797df97b0f15a60ad2d0789aae1b1cb4259"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"de5c0bc3cf954d209a19bd03d8b254eb2f1b753f212157baabd2f2b40409d0b2"}]},{"mode":1,"kem_id":18,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"4b4c6355d4d28a1d2bfb09d733a14ff6b7b3253ecc5448fa110c0dd904b3910772fd7aa1ccc3ac5ad89325e75cbaec7ec3c77c8af8b0276822f6bef19e63629b3e5b","seedE":"48f699a7605188793d51bb19a845ab0a73bb23212ede0ac1776cbb2d4ed901783c356e4555a2c4f86b0fb4356366cc99f5e74352c7529afebe5321258239451144c1","skRm":"016bccbfa4b6965b5a9c02da431d209826a8eba1686a50c792ef4104db279e4e17b8d1d6cce959febc831b83133912665d584adea2bb13f90ecb1d9a9854421cf528","skEm":"0117e51c5e7bcb1a23ee3baed6a4ed888e45fefb8cf981b319957708754db30022923e491e70e0a1f40e6d95d1273dbd8db0f57029db76afc38cc2bb4b734682b43e","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0401a28f6c1c4058380f26c3fbf903f8400725347f16ffbc04527de862aa2839b542b9dd9816f16ff350fc598454258919ec0e1ad636694b6c755c920b57af5b85cba500ad3d727f1b3bc1884724d7156d806f2f24a39438c0e843e2d39b652aacc3c69a7baf5fab83752312904a30294b94129182918ce07a26be8d4bf460b7feac0b0874","pkEm":"0401f4767f61f15354f720b9899341c00d69bbee17f0bb0d7403f9798a659db91354fa8a41576f852fb3f5570ab3833df46853c3c87b9a2358178c0f8df015b8a86b1f00afb7675829caf09496807ac63c45dd604e476d8ab805e52bf3eac6e52ceb9b3f43d14f28e57d22fd6997b0b066d9c4bd1370f634b30b9ca24f4b5516dda4629b62","enc":"0401f4767f61f15354f720b9899341c00d69bbee17f0bb0d7403f9798a659db91354fa8a41576f852fb3f5570ab3833df46853c3c87b9a2358178c0f8df015b8a86b1f00afb7675829caf09496807ac63c45dd604e476d8ab805e52bf3eac6e52ceb9b3f43d14f28e57d22fd6997b0b066d9c4bd1370f634b30b9ca24f4b5516dda4629b62","shared_secret":"842138d398ac66645bb54b815eb7775c10d0f77b98e6b5d8908a5a405490530e2d11e9977107851ef27566b06a50d2a564f001519cd7e6ed750093dc1771655a","key_schedule_context":"01b545cdff6122a6240f9a42d61d0a73efbd3f121e05e32083695897aded6f01040fee6343e42a34de218021722990f4771d707f8f92b430f6243c559b4dc31082","secret":"9d0a1f1a8c64e2a76c8c0bec7d9c7406446c02ebdbdf97d2ae64a2a5f7763f90","key":"05d63a46dbc6192dfb736fb9138f77a26d13ae8b8a372543c4d1d21c79c38acf","nonce":"e723e97f9142e8d40ac52b50","exporter_secret":"ef85ed877d13de2eea31e37430d2fe0670342dc2548011f3e9bb59ad280db27e","encryptions":[{"aad":"436f756e742d30","ciphertext":"39d0f56dfefd4c518ff8ae12131225017d698fb5bbe5df351ba9a067a5483d1eed55271c91d7b0b5552a515f7c","nonce":"e723e97f9142e8d40ac52b50","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"815227c9b850510ab92b89d9c50e9db6edfb35500b1d7adbd6f0cd2f933552d26d68d086fb1fed7078dd33dd53","nonce":"e723e97f9142e8d40ac52b51","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"624e3e678457b363d5fbba813c542b0fb97bd3fc5b39723e4d3fddaaeb28218fcdc5ed8ac8b89e4c9661aa6f36","nonce":"e723e97f9142e8d40ac52b52","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"53bc62bf01d8b10999c30a72753ecbce7702507c9d1644b221487d98b7b11d8d9cdf51d5d67e03e5ae3ae5d34d","nonce":"e723e97f9142e8d40ac52b53","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"10d9c40f6ba311175b713c2f7daee0a9b8fe76b33f0e6183edc4cfb5213ae372708daee3b479fbdfdb638520fa","nonce":"e723e97f9142e8d40ac52b54","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"7bf6d397232d853b34345308c9e48ba376ffe6a4e9dd94c3b2a1bda8c5d66c4cffa8395f39ec9876642036fffb","nonce":"e723e97f9142e8d40ac52b55","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1d99155816d66f3663c3f854e76c4667bb59f5e4f7b148f8b6f99d540ef8753929daac8840aa999e0ca839d874","nonce":"e723e97f9142e8d40ac52b56","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"c679982ad874dd4a7f5bc9a4ffbd4777c568b718bfbe5431e338c13522605ef2c742ecd1f8cfda7f51f68b3118","nonce":"e723e97f9142e8d40ac52b57","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d33cc821c984cdab0d5e0c332673aaa9461b9b0c7fc098abe5080a25cb14f0973c068001c31186fce0d45cb7a1","nonce":"e723e97f9142e8d40ac52b58","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"1975bb3ac05e637a9b0db2a938b25adc90d17051b150611852a5e335308e0ee1b1dfa2c3a9f1ac3032ab7caa7f","nonce":"e723e97f9142e8d40ac52b59","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f424b53a5752023fa6a26c551c735258094898f11691afda491d87c294c83f8c"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4803c825ad2a8e9cf522c861624a0c00ec9d87627f595d6f20f3b00be8fdd9da"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"66c23a61056eb0a2b40a5bd6d87b2f40d44859eba77254558ca3412c1e605c05"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"58d7452175dcaa9f346796207a0fc66978ee1f253571834a31c6dfdbd4a4e61b"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5a3707d16217d60ec195a638291f9210e442cd390e7502c7bd7204c1ed131e61"}]},{"mode":2,"kem_id":18,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3a2ce236f1e6918064f97caa0ce8bb456cedc3dc85fa9baf6dd4719e8becf060c6d42802c2c67727446df38d306a565b1297c94eceb30ace6d23cf6604e563735870","seedS":"8f5c4cba3bbad90a4ca142eb0306b60d418520ab6a72a838582abd2990d91cc799c2d74608789a951ca84ce0fe3cdfeaa68b4456674aa05babfbe5d9d8f8f75dff7b","seedE":"e48a27b1b91841e39bd00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","skRm":"00d4978e806094631242fd2386823eb1a5a60946d68c60c6c6bda34c98395006c7c52e6e92587952db058099144b4b9d0152db5cfdd43a3d72db402422ad0669caf3","skSm":"007dbba771de9fef18bb82a9365e5d3bcd82072c6493af6c18d9bb9a8940981daf5e22950f5b251cd20dc18e7d70534420347dfc201c080a9634e9a75c75947d65fd","skEm":"01532076454f46b0945d13b186a91c554f68cd48514b467d4be16e74ac2656df11ec09f82260e4124cf20a49fe02aefb9584c4a7996fca7b9b22b147512fd67c81bb","pkRm":"04006273e3af746c915a10f19c5d558dadac8b216a4e25d8e032d0941c3b1b560ad8f7468e16e522252fbd6c9b6d7f2295f0a64c4ac6f9741c5666dad5a6cdf7d8a59500745918f823df189cf6db4a0eb234840065048158d164897787e8df3578de630e6e2c1c7512c20dc2c67c6bdd5f18ac62ec3ac0130957ebaa6663e51bcb45adcd3f","pkSm":"0401812adc0236448eca5b2724a867712336101191c33c2d20ed17d91f4519a0764ce8b4f0722aca939f34deff0357075ad21013b12394fda1b56384061ba1ee3c95de002a5bd92bcddf0976bb595e407639f5bad2e0315af2de1a01ca03fd4f8bf9eae00b80d82a6e1b2ed525fad06e6849acceda5bf89f69819ed33c4a792fcacd5581f5","pkEm":"040055f72d9bd95aadcf79c55b6bd345f3db1ee987815bc3ed0c4410610d7353a17d525e51688400360e15b21ac18262bac268fec3f51c1312247f8fba2be38d0596d60065cc1352a3319a9bca10da261e61325105a147a53947b75196d46d24638e9308bd1d31fcc887b73cdd5391baa3f2fc78869e07040abeb180829f06496c666ea7b4","enc":"040055f72d9bd95aadcf79c55b6bd345f3db1ee987815bc3ed0c4410610d7353a17d525e51688400360e15b21ac18262bac268fec3f51c1312247f8fba2be38d0596d60065cc1352a3319a9bca10da261e61325105a147a53947b75196d46d24638e9308bd1d31fcc887b73cdd5391baa3f2fc78869e07040abeb180829f06496c666ea7b4","shared_secret":"118b2bfe24dc4bde41f7e394a6f9774c1fa34a07b59689759851f0a7eca4f5131242ff4310f2c6a9bc3a47258708fa7049c5a4ebdbf1ee721225ff4c2f4bc250","key_schedule_context":"026cc4993ec21e5710cc3844a17243519591c5a338ffbfc8900990c50511368b680fee6343e42a34de218021722990f4771d707f8f92b430f6243c559b4dc31082","secret":"3bfe1cf7e64253e9f3c8950f1feb9fb7c62438e7391ed8c0e146283e5811cba7","key":"b117226d059191979d2e82734032de69c99584a06a1c05ac840420aef52c0c5d","nonce":"1470999d8ff714f381403328","exporter_secret":"9d92613e437cb3c662a594498427a2342d41e75b5df24b68618640d2fac6753e","encryptions":[{"aad":"436f756e742d30","ciphertext":"c5c8df4fd07062f6f871bf052659bc6f8469c2317dac377fb94dea600d9a9bbb889046214b63928429ac938d54","nonce":"1470999d8ff714f381403328","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"125fff54dd164571d1a7753589cc9e7564e45fee42db682727606e90e5773d4bc1ff78de0fed3c0821fb99eed6","nonce":"1470999d8ff714f381403329","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"31b92f1bc0db97ae8396cda3d349a75422155a600ba0916572396c7c254ae0b804cb7d7edf9b10a3bc3c027136","nonce":"1470999d8ff714f38140332a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d3ddb417ef5f0e4477d5b584e7dd632cc7c917983cbb6cb519650c1e91aeb84c908161d4f998658e334bbcca65","nonce":"1470999d8ff714f38140332b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"4a1d877ab1e09a7480b76ca43809fdff73cd2e788bf43346852f316cecf597b4b2cd4dbbfe7c2157bcdfde8ecb","nonce":"1470999d8ff714f38140332c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"12cb1adc01c450d73cbf5dab19663bc52a0f6f4b7ba9d27e9b8de81fd6f1abe79f9fd4077caf35f7297b23f09e","nonce":"1470999d8ff714f38140332d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"8de9070b0a2af26866bd07ac65515256f8e60e382f543791d61a31d9a969d4d13ec5261d5ad727cb7f3eb41fcb","nonce":"1470999d8ff714f38140332e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"df78c4956f2823cb22013f9060170cb1c2fff7de31fc28a4d209b73e3b8159f46d46dfd856616a28be8d57b3d9","nonce":"1470999d8ff714f38140332f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"36d6109756defb947e39a287b479d4db33224ba5ab6e05f8caed0d1f4e4ef40e2b88b5d4ec64681e98a1303241","nonce":"1470999d8ff714f381403320","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"d3b28ea2b8e98d38d11c000c5a6afbe04d11760b9d64cd48913e800c2219b7ebe8598b459924132e3a33c86e51","nonce":"1470999d8ff714f381403321","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"faeeb16f942fb3134ed3530238147ae3dbb556158cdd542ce470037937f8eed3"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"d3f224ad4882fecbd31b7d438484657a2cd9b79c7d87bf6175d6f7e77f686a29"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"290512b39203fc767834801cda116afab68c46c385754cec4af612509cb5cea2"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"1aed63a9892bad585961337c57d6b058097bf20f66ae123d3b839424ab2b2e07"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"202fc287acb8b1106bb7883a15c3442efc1d1fc51282b1a0ced6171103ff81f1"}]},{"mode":3,"kem_id":18,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"877efc3213de44d73a97301d3244be03a5cd6b59a65cf11e03122603b90fa2ce14f5cac3ad9cc1dd998ab8c86d762bbbb240e7ac6a94a68d7ef572fe55557df7b26d","seedS":"a30177f7923fa437c6801743dc8d9e6684ea117a2f5f23125614bc74813d9f6c5ca33917a8493aafa6e5d75ef6e5614670883095aec72f1c2abc00d496a72fece071","seedE":"1a3d8fb0a52f24f7fff8caa7e23244764d36e0a7fe69b10ac93298ef5c50934ddef929ece119d374855f028692bffc446187f8424b2707e224cc7f80d22e062d0fa4","skRm":"01ed5d101694552b8d8aa289b67d304927801a0e310adbca6120e269dfe53a242dfac71cc646d2fc4d046d3e49b96ac78d9ca401fa41d644862280c3587bd86c71f7","skSm":"00c10e5d5ccdc8731b5a3a0d0842efe8b276990f3a02e4921a7789150035940e71a60858412d9687a14046034fe17b1b69d03ae86beee015208925eb9067556cab7a","skEm":"0194b9ad589a66037e0fa1bb240d7d6f62fd8e8524b59cb55522516388cd58bb959a57836a1fd06995c08ac8c0130f8a6fe85a6aaddad70b45b37058887b9f05377e","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04003d86d95af7fa167b33981df197a3546255d950e561698fe8b11cfa86ba776e561f0e038366d9e9cc9d0ce492a0efec82a0835723647b6d0b1bef930ee7befe184b015ef51ddcbf9ab79ac61691a5c99540af04bd27b4929b26eb1aff36b87e790f946076c998ab89fd894517329d8ad8ac07bd518cefebbe7860be52e96e9749440f0d","pkSm":"040195e007f17633ad09e96404bcbab2cf5fd4668182a3e194c84db4ba5b6a8c54d918c027a7a86e5d3a39e0a6e63cb7ecc18506b42382c7fe83a6685f8cc48333dd05019b04d637afccbb9720753b7c299a2785293948e8f018cc13c6d9b2b44fc68a05b5242a52cf1992ae4e0624d30e49f51a1983c857ad39e06054b986c84acc36e69b","pkEm":"0401836a33ac4246b5a417d2bd0ea3918b0fd6b082e6ae78495792c3202a955b398e2903f1d6b20c59c1e48aa55a68ecd1aab025f2662bbd747bdd449343063792b69901b7cb711b902582122318bbec190a409ef895d4c8c9f2c3cc9f4092f7f94f91b9a90f15bf8c45beda3ed22e0ff134a964e775fce16bb1b7ce27e74f92fefaf54d3c","enc":"0401836a33ac4246b5a417d2bd0ea3918b0fd6b082e6ae78495792c3202a955b398e2903f1d6b20c59c1e48aa55a68ecd1aab025f2662bbd747bdd449343063792b69901b7cb711b902582122318bbec190a409ef895d4c8c9f2c3cc9f4092f7f94f91b9a90f15bf8c45beda3ed22e0ff134a964e775fce16bb1b7ce27e74f92fefaf54d3c","shared_secret":"0fa02419627ee784931fef1cae2149cf04dacc6e249372614d9fa627f302dddd14332e585f33e7f5cefb4ca10821412119980756839e8e239a5da0ebc82269a6","key_schedule_context":"03b545cdff6122a6240f9a42d61d0a73efbd3f121e05e32083695897aded6f01040fee6343e42a34de218021722990f4771d707f8f92b430f6243c559b4dc31082","secret":"2042dbfdf986f1734fbd105ea630f1048d6c8a6f1dbf620172d8f6f48e7f181b","key":"352ec4e3e91f34bf54a9cf138e69c2a7dfaff4ca494ce3409b5fdfa8eb6246de","nonce":"903b6d72ef7ebdbae9d08815","exporter_secret":"45904977b6733fbc70381867593792ee30f61ea1d80f902cdb5057c499d6755d","encryptions":[{"aad":"436f756e742d30","ciphertext":"4f38370a1563da71b30a6557f722bdd6295d2f9ec580ab156c875625cebee6e3b24cb0b3e83504eb96f830ee76","nonce":"903b6d72ef7ebdbae9d08815","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"78a69157dcdb257794f6ee6334344c6af72c7622e5ace8863fa79b9dd5d362851d3621e3475884939d3e614fff","nonce":"903b6d72ef7ebdbae9d08814","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b2c43d76adca9e2458fd2fa5c254c090c9930c75fc487a3f10a21d0bf038ab5d9f7fefd74d78bd0d9a5dbf8729","nonce":"903b6d72ef7ebdbae9d08817","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"6042939742f122f0a620bac9878e2857175f9e4dd814cec1b0e3581ba98fece91b0083fd32c78e26e89b7c0fc6","nonce":"903b6d72ef7ebdbae9d08816","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"8c6e9363a07ee3e9a9aebf6c1f89d8ab694e8e40075a7cbec969319fb5ec07bd369639029bf36774efdea4b075","nonce":"903b6d72ef7ebdbae9d08811","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"cb42db09e0792a554eeb8398257be1393e82ec8aacee381f67b02d6fc3945b219c8ad35050e64373869fcda44c","nonce":"903b6d72ef7ebdbae9d08810","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"7e8413487fa78183c3ff3ce34f612ac95530be9f809f7ed80ddf777dba225b405ce75e3ac8abab4f71f72f3267","nonce":"903b6d72ef7ebdbae9d08813","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e39cda495c0ffe71b27c99d256bfa75ac671083f047eac2e4a413b43ff52041b393773c0b92790d87ef4277c0d","nonce":"903b6d72ef7ebdbae9d08812","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a175e895e80302f6adfe8b0fe24f3bdf6034a1467ce4a417bef62952ec81a9ac8756faf7e2f3889d36e3a907ef","nonce":"903b6d72ef7ebdbae9d0881d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c4f2d481f6aef2c8dc4e2320e391600d44204a909acf66ebaaca697774986765bb2fae316198862f51390ebed3","nonce":"903b6d72ef7ebdbae9d0881c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c2e98ab5965e329a4c895318314dc055afb13ca8a223cdc655da2eec868d5760"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e8a81d4618b54d82ef8fe3220390f22d9551f17ce32606a68e3778bd0df9912e"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9e447698b3afe5ea1b9c41c2597ec639692812d4d332f446fd9798715265e296"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"480abec70a42a0e9a4fae7f78139965550da908a2ec4732c7fff38c97df7ff5a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"50821d14d8acd067aa0a03b42396245ea06e986437941d2b7e944e4239e5b00c"}]},{"mode":0,"kem_id":18,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b2ca27ee1204df73ab1f2db875fb5a56b544abdaa73e1f0cf2fe24e66b7ed08ce30935e562b922d70742b68a3699b5f895dfb274a2abd014929d2ed0355bab9ed89d","seedE":"9e013e040e389b4bc84a7eca2d0137a217169f954234f13841678fa586ba996752a704ee3baadb694ca79f25fdabdbb7e6ca1e835341a91d76178575c44b20c0b741","skRm":"008a8c0ed7ae8cf7245308f71a08f7937fc2e06659353eefa8523eff209461667ddf05ee359ec5344de616d47e42971a30e180d398e4a262d003f7e5cc587d121577","skEm":"013dd547eca9fabafbb4bfe5ca61ed344320fee25be98731221b5d4dfaad6e024e50ae4a4fc4290ffbe46097de61a9c353328f1dfc6b4b52665a199c504be1d3746e","pkRm":"04015c9abe6613ede70f1c3c12d17a21e7413ac338ef4c091565da2686cf1bf033af67e6cfbf70711e4cc58906b1572ac7e3503715142eae74c64188b253158f508a42018cf9ed335eb73a48e66bcae01bc49c8d742a78fc5b69c3d804c0e3ecba4cf50b129a1f991a4da727d034aecb4e947828f20f2def4dbe1b7e13758fd5bd895c72e7","pkEm":"040069e0729701961658f143143074cbe8b6be603358e03bb78fed54cef3426c417ac7eb8841fbe220f2344ebe35dfd6c7e092f64030a3773cc313aac06bbf0d2059ca002e573f663768574472ab92e1f9e7cb3e031dc6d4cc3a515bd5fd40ae3a0eae11ed290482fc1d0a8b7e34d75e8a05a6e1543040738bddaeb4a6e12f9731cfd73ee8","enc":"040069e0729701961658f143143074cbe8b6be603358e03bb78fed54cef3426c417ac7eb8841fbe220f2344ebe35dfd6c7e092f64030a3773cc313aac06bbf0d2059ca002e573f663768574472ab92e1f9e7cb3e031dc6d4cc3a515bd5fd40ae3a0eae11ed290482fc1d0a8b7e34d75e8a05a6e1543040738bddaeb4a6e12f9731cfd73ee8","shared_secret":"7a55d62f663f46bf0f95908db7cdfeafb2ad3dac3a7a4f7392791371d5badc8ddb8423d444f6b42ba08e8d88e53f17a6e504fcd2d829021f38fe9b502397791a","key_schedule_context":"0068bce131ceb9d0bb238bbe64df9e33d725b06ea82e3053e0e77164f5594110bb696b9a9694b8cd3b05f17760139ba6c64e0b211d6fb62af0374fcc112cdeab00","secret":"b3d25da458dc76198d562c5e22914f09551fc14e14c0e1461c5e5697383f10b5","key":"f91bd12000b579cfb283f74f58a66cd1593f8b9fb40260e680d6ee4f00e8d2fa","nonce":"136cf8abbd7b6e2a6e1fe1b5","exporter_secret":"393fd66d91ec8da2297df3a90cadce581f61f9675d06d3cf69a4d7ce22b1d3c4","encryptions":[{"aad":"436f756e742d30","ciphertext":"1d9648c780fc47295288b89af94f0241642cb5eb1c75b696736cef478dfaab5d0f56d2f5dd8df157174e6350fd","nonce":"136cf8abbd7b6e2a6e1fe1b5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"67a0098a8acef90403dadf0e5134e6273d8d5a5bbfa348dff03d5fb7f4bd8e16f6cff1d16caf1b083efb254a88","nonce":"136cf8abbd7b6e2a6e1fe1b4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"18f71b4281e38beec6c899699da61f5fc560a7d371e76e269af8bb45556f086b05b7a15bc27a9143ede6b6bc37","nonce":"136cf8abbd7b6e2a6e1fe1b7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"89efd53984aa1489c43a45a236bc3eb87e575ac647060c4af803d5b9e1e3ac1e3743046d6bfcdba9569e7112fb","nonce":"136cf8abbd7b6e2a6e1fe1b6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"dae93420ea8a6ac146ad22dd0d79f780ea07d117b94a934185f833e1ca5d74e81fa55c2cc6815889004360f910","nonce":"136cf8abbd7b6e2a6e1fe1b1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b68393c81311a6f58b71921dbdc298382dc7b42ff59176b26a5d6d91fd81a70c2965efdf63620a8f826814e3df","nonce":"136cf8abbd7b6e2a6e1fe1b0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"8d4e2dd521fac31ad4c8a1916644401e47f24ae025bb7ad8dca1658bfecb3f7f9a0c44efa3c21a95e6d588c06c","nonce":"136cf8abbd7b6e2a6e1fe1b3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"4394473c860f17744ee4c13c7bf8d0962f2a3484ac5bc7fdbda1831a7d1024f21ad42bb833ede89d8aec69a4e5","nonce":"136cf8abbd7b6e2a6e1fe1b2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"80bb1f963b011d56e0a5b5d73c029cc131662f33492fcc4c77e7ef5b03f31db670d45950048ed9dac5710129f2","nonce":"136cf8abbd7b6e2a6e1fe1bd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"8d9ad0bbdb2b48bcdbfcb4bb0102fa3a72cb75cd28757c82dcbfc81ac2f3d337a71d2ad3604f353d006677405d","nonce":"136cf8abbd7b6e2a6e1fe1bc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"680b6c5f8a0f19ff462bdf8d5e1757be485b3e50df26b57345b722ac2f357095"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"37e1502f929dd95d359c81e264f85d3f689a52174f4ad1b6a11012cda5f14f82"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"efaa1e0ff2a5d610a36d1b247f3cba34e1746d35d6420be06d6e293bdeab077e"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b17e421b27e83ad93e8668e9422f60503c46967cc7a0902b21d5be503458509a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"78e4a91a93f80cd11e679bb434273d35a3733ea0ec50b809c19ca91050456d60"}]},{"mode":1,"kem_id":18,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"2bf983a8659982907789ee1bfe89c1e644ee46b2569045deb8e86dbe1ea88d90edba6ddf7c399affe96b27b6f3c0c17e9c2a89a71c5eed80e94fb85b154eaa613d48","seedE":"aa548d8188df010735cca80564f6b1c37456814c512337f2298d3ca9e01e717c941cca9d9a461232edd894643af2eb70c905b0eff2f626441759ff7f03487a51521f","skRm":"00eedf8f1b62cd7de56631c6058cbbba07592fc86a89840c26131c67939ce64ffa551a64ad6ba58c3fccea6a3d8c8958ef52036ee3f207cc8af7d0c38a3e77a62d41","skEm":"00d6ad55a2f2eb34c14867ed82464b00cfbba94a26ed3fd86ab5a2733bcbc78f1ffb7b8b6de9b157a33cc8efff9cd755969165500eb474d32bef3ffc6c48eedf0afc","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0400584df74bec3fa7f0dce365c3923ca611feb6691622dbac5321a8a5fa174e9ed2e18c92f7691c6664c7d2a09891917ba3f28a1801c0c9b75414e94127a2765efaea01171750ebaa823dd3f63982a92ff3757fc640228c698fb07d28103582d7bc06d2306c674cc367510fd397bb7af8e975bacfffc49a8d0d3cf67881837f26540668e9","pkEm":"04009477b3dc3f30c402f73b3a9d63391e11cc0a914d5c0a7835e4413e57c0286e0640eaee3533e0e2a80ded9116aa52e9f2e6e5b5bc102b69cd45d85c2b47fb03af10004a2fce3d0a2cd1dd15c7bbe0e423e13ea884b73c1f5d4d3b55e0e9bd738bfbe1896b0b3bca5c4782dafdf6ec05312b5071dca41a973a22bef20612e561ed8e58d7","enc":"04009477b3dc3f30c402f73b3a9d63391e11cc0a914d5c0a7835e4413e57c0286e0640eaee3533e0e2a80ded9116aa52e9f2e6e5b5bc102b69cd45d85c2b47fb03af10004a2fce3d0a2cd1dd15c7bbe0e423e13ea884b73c1f5d4d3b55e0e9bd738bfbe1896b0b3bca5c4782dafdf6ec05312b5071dca41a973a22bef20612e561ed8e58d7","shared_secret":"7b04878d023438a83f6f74580c8b2711aca9a3dec210f7bb5c941b4f66cb84713b82218ff05724697eea9df7161bccacdfd3977a9c5b9670c55e969f830fe677","key_schedule_context":"0117e9751a1ce31a2cb6e3ae98596467c10eb692c73899ae0aba8b6e79fcf3081e696b9a9694b8cd3b05f17760139ba6c64e0b211d6fb62af0374fcc112cdeab00","secret":"6b74b07e493c2f3fb36c593c9c8ca9eeaa7cae330e70d85a78394db540d3c695","key":"b2357f8f74a7d9243998d16ea7baa93457d4639159893f04ef60702d83187edf","nonce":"f6c0d7ce128ff29d905cb88e","exporter_secret":"f79b920e36fcf0f924efc589c9485d403af4d7ee4c6c55a80ecbac151d4dfcf7","encryptions":[{"aad":"436f756e742d30","ciphertext":"3a86b581f718dcf093110154e78529d597e50600e20848e8046943e0662b328ceae04bb0c3df0989a06cb32e53","nonce":"f6c0d7ce128ff29d905cb88e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"c0ac779111acf3ff541aac85950dc850f58464056d9282159f37b05654c9af9e9196373591e96270574ae4c228","nonce":"f6c0d7ce128ff29d905cb88f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"eda3ffe2c54eddf87acd0911caef69f248ed55339e6a0e7744eaddf08c4d6b0cd9eaa6012486acd8453848d78d","nonce":"f6c0d7ce128ff29d905cb88c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ae80cbcbb6de996d724e27b941dc3a42e5512bece94864e725d1da7025086b08ceaa8e6771270fc21a7dbd5b9c","nonce":"f6c0d7ce128ff29d905cb88d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"54ce193b3d33116ca0ace9f7b6f3ed3d3fa4a8c87aa084ea19338912c2b18851ad18cd151b602661275480fd53","nonce":"f6c0d7ce128ff29d905cb88a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"f9f9d24851293447edb9a867c555e2f924740dbb0994b4c2ab74b16ebd11fc0adbd2151d07789e8c9fb28bc54c","nonce":"f6c0d7ce128ff29d905cb88b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"fac04cdbc9dbb92afdf30d16f8448c7b8bf341105486fbe2115cfdbecd0c1082ee9d4ae64377163bfdf273f8ff","nonce":"f6c0d7ce128ff29d905cb888","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f3f1f2c6b2c51289825357de9685ce02ad65e6b4b388e85905fc2ecc11caf3a50bbce58c073471728503f49444","nonce":"f6c0d7ce128ff29d905cb889","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"62a562e500138c6f4395c30ed9477ffc4d15e341d87d99e723523299520d7be6a25df9e4021aabc6b82a5da239","nonce":"f6c0d7ce128ff29d905cb886","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"17ebe1f1141182f8b9eeff2b584b84082e4fd71657bfaa14deb577277a64db18c6b872dd60b7990bb06f4af585","nonce":"f6c0d7ce128ff29d905cb887","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"df7783e259d6d656df5979b7a572b44e2644a2e15748db1afac0d4e29153ecda"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"90a95b2b2763b2ca2f8266941cbe333cf55e1a0a4d2de0cde905ee46fffc11ec"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"25e24a953c4f4b8b61bf5a87deb735b3049d5b5079b172972ca3017dab2ff3eb"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"3d2a15485dda8968208e12f2ccc5746f1cf7e4500f13f875db4a05d90732a88b"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"4259420bba32bc7f1587e3cad4229cea12e1b9dc553276e67196f40bc6bb7149"}]},{"mode":2,"kem_id":18,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"99ea0426c199188f323cd5cd0e75c7fec15ee54a8f5a8b9eeb68093415131196814483850ee972b15143c1ffae2e261747e284486ff645859c3608ea43558b7d41ff","seedS":"907dff3ae86d5fe3513725bf64050a0912ecd0caa182f854a13ad96e7824ad62d10f4ed269e07c17bb0c8c469fd14c8861719966d5aa54f7115f03c3a5baf1841ba4","seedE":"aa056200e1fa696ffa9e5bc070d5e862b040c4cb3b2a1e5a70c2bddd7cf2c80cd1eecea84e8ced27a87c8b9e73cdcf79fe3e4f0f38df3b3260717992324533fe6ca5","skRm":"00d46e36db75090f033e0bf17aa7b482590f20137237165595be995ec28886f34cd253f1f25c7e36d9e0b95b23274da0e6c2e3ac652a4383425f348711ad9f2e3004","skSm":"00614b7f66ea06df1e9ab8f40006231246ffee2bae3d6e404a89eef247dfce113c305cc4a2572b9fc1fe76e57da77e8f2699b0c07549b7b63de61abcd59265123d7e","skEm":"01170d1b92c936ff3b37f8d048b965bc2d42d60a0c8de6cae49894f1b8270d06f68da0dc14a1c41ea666b06f58448f4f19eba5d24f1366e78de66a2a9f025588d6be","pkRm":"0401db105971d353476497caff1edf2eb6c48d61b7cee637306a8ba17da2b57e0261dddd97f892d97cc16b54d14f8425150f699bcff8d6f26a94dd8df38cbd2e8888c200e8a3779134dce660812dc46f320808d3ae4db8d13f5993fc420ea1080f1071a04580f21c0dd04f996ab60fb9bd69a8495bf8b60459abacf75db6c26807a3dbba0d","pkSm":"040013e860214f49dea0cf69bfe6c6e8dfd0438f8eb7ed88bfe91ea86441503f83d437ff4bf9c4149503378c437830be991ddb2f7aef3626922ac9d806f7b317c743cc004e29bf7dfc2dedd50c65e753276b7b0c6975c13f3990686816a46b5ea240164ee9470d70195abb5ae66722ce6f6f24ce2e0f63d69acee87c10d133f98afcc7a325","pkEm":"0400b79d8750d53cc6eb760e8a08e0f8a4db66cfc494ec955c61b4c189c75e9bc633cfa420b4ace20afbb231d1978edc76c6883ea42d84d4a9c24994b3f358f5869806015aa3a8ef9780af72b2fe214a202c1d3a19d5d9ab2815ec8fd914740e90eff86f8176df82220e014cb73c76c03bf284ec67c2688ba311718f3288d00f1b52d1e9e6","enc":"0400b79d8750d53cc6eb760e8a08e0f8a4db66cfc494ec955c61b4c189c75e9bc633cfa420b4ace20afbb231d1978edc76c6883ea42d84d4a9c24994b3f358f5869806015aa3a8ef9780af72b2fe214a202c1d3a19d5d9ab2815ec8fd914740e90eff86f8176df82220e014cb73c76c03bf284ec67c2688ba311718f3288d00f1b52d1e9e6","shared_secret":"62f613d299fa12d63ce034e8dd09518a54ec9e1b04b4d7a1a4f4c06c9885b3dfe0e89e5ba4da2287a9093c78fddf592004063dc2205b5912977a38f0ad4f78ec","key_schedule_context":"0268bce131ceb9d0bb238bbe64df9e33d725b06ea82e3053e0e77164f5594110bb696b9a9694b8cd3b05f17760139ba6c64e0b211d6fb62af0374fcc112cdeab00","secret":"5bec06e998b0c14b8aecc290761e1c4de7a6e3ea935ad3873fe0be81a72205c1","key":"5678d456bdc0676b557872095f5c86668466395c886b67f9556916fb1166ee3c","nonce":"88a24e7615c0284c19194b5c","exporter_secret":"eea859e001d4b20cc1a1e20e767b28ab7481ca7fb23e611781652fe7c92a49e7","encryptions":[{"aad":"436f756e742d30","ciphertext":"13f16cb9295c6994c284d95a7d84d4891194bac9671e71871d39fed08cfeff1936027e3d7539ab0944283ad9fd","nonce":"88a24e7615c0284c19194b5c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"44e0fd32719d2e0f80221519113f52f0129386438b12b5891b6dba0e11aa093a6709a813dc0ecdb46e668429b8","nonce":"88a24e7615c0284c19194b5d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"2e53c758b752aa097b56b0e93e48beb61ed7ecda088879a467b655f212e63f5e422502d54459e754d0cc7f60e1","nonce":"88a24e7615c0284c19194b5e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9c248e3159da0d95ef568c8a2e2247c7d80b70033cedcf33def94d6a8df8a4e1869483c50cc5a1eb4362d677cb","nonce":"88a24e7615c0284c19194b5f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"4667d8745d42c30ceba31f48042719f438c4bb3104ced3b41fb026b60a4d078e7c7270aca99585d0a4faaf4b38","nonce":"88a24e7615c0284c19194b58","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"7efaa3aa5b0655d310b41a2e90e2fd3b4a495e6b8d66b8870f6799fa389126b05880269f8c82c86f21e19abbcb","nonce":"88a24e7615c0284c19194b59","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"9af8f0f313739bc66d66a2eb38f3f9f4ba253758598cf347e782666f34be5fdfd9941e0476dd602f4e30cbdbcc","nonce":"88a24e7615c0284c19194b5a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"a2e0900d1aa7356e6957ddcc8b747506802b3e127ba8d38f8b2357a992417fc699e3f1277ddea3fb67aa807723","nonce":"88a24e7615c0284c19194b5b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"c3461462df718d4b53adb5625cf3914bb54155bc139b814a38855939617fdaf818fbfc3001f76603f30a961614","nonce":"88a24e7615c0284c19194b54","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"79fb220113a556e352138f99e8ec7a327b1ded4968dbb50b0577997bbc75d1c1ba8664a8a8f1b2b381ac9b9cfc","nonce":"88a24e7615c0284c19194b55","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"ff2755bebe2772bd4f99f1370e52e445b4c9f9df2e11c83dfb41e28a9c1f4aef"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"ea13e6d9376e3896c23503a72c03b88638e9b1604d89bb3aee15b6e00ad354d5"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"e2a1e9c00ab4c95f3c584596662cac2ddcfeaacde8917110963c3afa32d3dd2e"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"1a56752e604e49f8bd70117914c2594b917719bc0d4b1a99bf82c9828f0ebc87"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"81abc1c7b8f2b8945bbf78d6228158bca8e71b365215f306ecc2e231cfd5fee7"}]},{"mode":3,"kem_id":18,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"2eb5067f38647048206c2873c3473c6c4567644f9583a47e2e3bcf57f9b9b87d41897fdef33a4d8524318eae6a04190afa53ea649eba1a6161f98f6778660c94f929","seedS":"00af06131e06c7386da9bdb9ce3fb1cdc2d761532f66b352182deb2e4dfb867bf072351e3ca53d0a81d955ba236f280876e7d955bb3cdc78ac881771d588e6b04f02","seedE":"78158b03926181b0d71bcd0913ebf706984b2c7b54b19fec947d31b6d55323c7ef005f63c03b609e3d0ee7369587fb930fad83ae88b7aa97740caff8e4d53eeef551","skRm":"003680140d11ace9becb84d3fb282224c5ff3a6613231a4679efde55581ae37922a0060564c598f4af4c9f828c5bea6a438cc0bdb556d21baeb15e6a9c68eb679772","skSm":"017dd0f876db38ff984884cdfb006521b2a90d85105709e6bbce22dbb50a82cacb6d3471b1a87233668e2d45411b0ad12ea97f283c367ec55cbd1de7f16e3b13d054","skEm":"00d89259ccbc262b2e7538fe00c057f9582f3707ae94b2f3d4a4a99ffb16cc8f73363eb42dba8e68db6b35ac1986dc6a8caa52f9a70c18864caf45512959c6c3f89e","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040040bd8beffb39fd024e1c4bd1530a469e8e74cb4385d03cd9abd2b5cbd1540e37f62d50a5e5e64079fdee4d6b578081282a646f4cc63f7f90c5a6538a8a5207eaeb00c320cdbff6e683ff6cb8d5bdf3d863fddcbace2f32af2c9b5c0d907a72e3b8261930faa0bc14abe265ef87716749c20b866cd7e633469a825078e08ee2b87123fb","pkSm":"0401ed7b91af53d2e36b07181dfa6c7164bfcebbf5613d01ab8d91e65d8d33b482df5c35bd63d8444b2e6c39eb1f4c3944d6484c73f5d74628bf10ab7ddf6adfeddcf6011b4f46fc28d7000fb05c5d0854f97925fbafd09b53394d91b41019ea5b392a6577dc8686a6808cd61cd5d624ca4c80587dfb86af0d280aea3578a07946107424c6","pkEm":"0400a017fa6c144e371c9060d578409a014a35edca2b70941181566d25fee1e25fd5136c0af063c80d5af87e2d15e0e112ca2f4068f6e3542d614d12f0b76d56ad392700fa196e52a2a4381b9a04ef82224675a4eea3a66ce687885a43a773df8278c8768a1b0b5d074a41aabbbf1a0b886d2aa13557f84eb674e1cfeff3d4428425b954cc","enc":"0400a017fa6c144e371c9060d578409a014a35edca2b70941181566d25fee1e25fd5136c0af063c80d5af87e2d15e0e112ca2f4068f6e3542d614d12f0b76d56ad392700fa196e52a2a4381b9a04ef82224675a4eea3a66ce687885a43a773df8278c8768a1b0b5d074a41aabbbf1a0b886d2aa13557f84eb674e1cfeff3d4428425b954cc","shared_secret":"519c14de5eaced325b04da30b8ad02b5601476e55b1a12ee6cd6e2fe754e10161272c2ab66bf897cdefc8e358f6d9653667e2b54287bec530c4d965e272d4014","key_schedule_context":"0317e9751a1ce31a2cb6e3ae98596467c10eb692c73899ae0aba8b6e79fcf3081e696b9a9694b8cd3b05f17760139ba6c64e0b211d6fb62af0374fcc112cdeab00","secret":"f3ad97a8b4474fc89b7b0f9d0787eabe60a43b6e9458de245c4c7617030e61e4","key":"3f974d2380c73a379dba57ee68ca42bc5944c34eeba2276d80a5351a5d4fd5ee","nonce":"ba6be781eb947514bb8273c4","exporter_secret":"6543095482cc642608ed1cd067343ab43e8413f404bd3d5c67fe3105908060e0","encryptions":[{"aad":"436f756e742d30","ciphertext":"d45c37a30c53ed028e54a629180fed544a513fd1bf4279a05a4c6179f3a1a970665b55ec9b3ce7232eb32b1135","nonce":"ba6be781eb947514bb8273c4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"a2be2c35e7cc67ecd61d00551b57db3ab1de3ad5128f184f69add3f47b07a4bc8d90338ec6ce047deddf8c1925","nonce":"ba6be781eb947514bb8273c5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"c5187581417c77c780f8d4f1ff8d8d124faf5405e75afaf2a93c58265c6e9599a1e0bbdef828a42162dfbf9af4","nonce":"ba6be781eb947514bb8273c6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9db8696411a63b438eb269e95881f1eda2295616fee987154331b2e4ce95edac1cca8cff78880f776ed8e5762d","nonce":"ba6be781eb947514bb8273c7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"036a67082ee66fb0bdd691fe729e2e88ed21b2b10b22d63b6237b832a97f0ec3b48249d3b24e7cf1af69333f27","nonce":"ba6be781eb947514bb8273c0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"87f7e8376c9d95efffe3aaf0f5838644adc3e6a3418e54e833d1cb45df1970f6878b6626e352b8c0e3eb0435d0","nonce":"ba6be781eb947514bb8273c1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"a5d9345f0b05c56689603583ba44847f0307790d37e6b48586e7c8a3a2625d0a186d610dd648780b5dbb4efb45","nonce":"ba6be781eb947514bb8273c2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"d5599f15721dc792d93aef27233d5d7ea81fd9c60735b70ee736972a0dcc2e93ef3fe76cc0d18f14594f60bd92","nonce":"ba6be781eb947514bb8273c3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"53cbead6f822c6bfe26f3561df02fa5e9df2a0bc12d9c2f408203affc220c3e21322974a8651148e1bca744a07","nonce":"ba6be781eb947514bb8273cc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"682b1e6b4c42e5ac2aea205a2b074ad107a87b5cef1548e2015877fd39d7fb37d309494ea88a0d835dc7b2068a","nonce":"ba6be781eb947514bb8273cd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f9cb8f3777322a8621d9f28688c395edc7276920b36caabd8c23d11ab1730f1c"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"40c73f0999e453625f8395b98e8cb24509500d26ce4beac82f08bcbb6a3cd23b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1090e07bbd53cfca52b25dad24aa016e1070d1ed64eccb1ea0c1cfd08aec4f3c"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"cc91d600f570b77630acbe099ffac0edb2afe69475fe1720e081e7dad3e86252"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d64af35167f1f2627511be1c4d0e107c1636e1cc83ae8698e56a8ae0a0f40253"}]},{"mode":0,"kem_id":18,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"f43e12a39e3f340ee92a9490461f00c5f52674ace3d7fdee671913421a31ed0eb859a9df301d28939ac945cc73486849916d0059c44d1a7d6d3785789e7df46a37fd","seedE":"819f0e3920604f28b31edf711c96225cec8f9e4cab35f7fee0de321376787f8d3a7026975bd664e8b6991dad84c96c95e4800dffa1cc0b7ee3fa7b46d60eee9159f4","skRm":"01240198a6989112e1379120c01d0796fcc8f82d939706a7e8a8bd0bcc0f53fa7813c8e1015491abbce6278bb7fde75bbe8780d01f1297bb2c0e2dbe2a5166366f15","skEm":"002fb1cbff02dd8281012080200dabb5e8f8477cb9e5dd34608a275cc9e52755c80bae7f7bc3fbfdbe07c706f1d8d31f79ad903c01bdcc25509981d615c9b1b77927","pkRm":"0401f7cda9141e6735475c80055dea2f4b8145c8313c386ba8d438658832cffebab43b0fc24574eca9b5f638944ce44d875dd2d8be1aabbf6dd41431158feb026eb02701e9aee03b22afd1fbf39bed5c31ad1b9bcf135972d30eca361b3860a5af27bf6c7496c3047eaa59239ae18231b6d96cc0563de37677e83f82630bb6ce5c8ee7c586","pkEm":"04016b8d0d1d8580f9b0b2128fd11d60bcbde31ba3cbc5641c85218719e3013bbc889d7cdf58c5b65ca417f0fd4f9dfe91c937cc9b940af3db0ac3d703107ebb62419000385b8dfd047c63ba721b790abe69eef3996f6a2b0a6c856131ec10e1d0f3e6b2fa4af28f85f4578f53ec35f59a021a3224eb1e4804b7abf5055ec3ed15521b243e","enc":"04016b8d0d1d8580f9b0b2128fd11d60bcbde31ba3cbc5641c85218719e3013bbc889d7cdf58c5b65ca417f0fd4f9dfe91c937cc9b940af3db0ac3d703107ebb62419000385b8dfd047c63ba721b790abe69eef3996f6a2b0a6c856131ec10e1d0f3e6b2fa4af28f85f4578f53ec35f59a021a3224eb1e4804b7abf5055ec3ed15521b243e","shared_secret":"2a00469d9ee6734e256db9333fae08816b2981ecf842b07b9d369d001f4809b12bbb58a1840e621fb460bd833487ea098596db41092da01103c5ca91c0ad0d45","key_schedule_context":"00f561da04cd85ee1cc244a2dc01c448761ef6adc50c3278bd9685a8441a52e99ebf93bd8606a1106f8e6cc040b9d01d47da6ed1171e402d7ed278e376d5efe4eb1589804341ddc17e93c29ce4a87139233f08c3224ae89b29e6989ec29c21ba8abc3cbf74cd2fe282dfaa23b36f5d563cb69b09074729c5f23d751098c2807767","secret":"8fa2566064a1beb6c091e142922f473123ba22acbdb986b405f8cdb451a94235c2b9a1ca1e7d467e531662c995ed0f48c219806c44b688b70534e1d8bb8fc4a5","key":"6a395584e24745b9e5b71f72d044dabc","nonce":"e4ec677d9dc43d8531a040b7","exporter_secret":"2bde5abb5aecb032e2728c17f5d8c386a502e803b3b7d72dd0c98db76bf0e5caf43e89a0d358c27b420a4f4b5deef7d730d07cdd5b9951f5f658aaaf04f0cd35","encryptions":[{"aad":"436f756e742d30","ciphertext":"4ca874638b9a9633fd109f8957bb105ce37b3e9c812593fd5605ec859f3d408bbd716d0f1e4384d24acff0d007","nonce":"e4ec677d9dc43d8531a040b7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"983deab2502cbca2d8fdfcb751891c5669729098c6c3e9acb325c36679e662c9d3e863ecc7ceba2944c9bae78d","nonce":"e4ec677d9dc43d8531a040b6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"9427c36fca1bdf4be81a4fcc57d6275efde2037c6e47ebbccd68b4d842e529eb9e38eb2bbba409775e415abd89","nonce":"e4ec677d9dc43d8531a040b5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"95004dcf13f1d51258f6448d44831ce533c0593b6522b9678d0d4cc877cc4fd978ec25cba4e3b693a1ec5bb67a","nonce":"e4ec677d9dc43d8531a040b4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5c270c324697db015edda9eb65483418a64a3a0e410deb60731b1cc7446c08c160b82a9dc060af7bb1ba9cc1aa","nonce":"e4ec677d9dc43d8531a040b3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"bf76b62994ad02a63530673b8eabf300ca84a3688618833d527a328a04445ede3f3cb417c155a59457df859d71","nonce":"e4ec677d9dc43d8531a040b2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"19deb3e1f21fbcabc302169c78ffa0f74bab75966390a231d837dc19ab166c6db43df9acf6bd263b4dd88a9ab4","nonce":"e4ec677d9dc43d8531a040b1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"9be5f540dae2490ce52c876e1cbb3b6d8c9c3a93e8a04cd27cefd113c05d2b00092db1ae3a893c6606d67e9def","nonce":"e4ec677d9dc43d8531a040b0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"474c08f3de07ca42616b9cfb49bb93118d52b3c91c9cd6714d6bec4bcc97bd22ab6ca9433f98a4ff286d543e67","nonce":"e4ec677d9dc43d8531a040bf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"2fdfbd498a87889d2257fe258c54ae0969f485a5b53e0b60dbd02b32fbe20c2fa142af227165d3d86ca979b722","nonce":"e4ec677d9dc43d8531a040be","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e03b8253a1164c7757c6841f9c43748a903272dd80c4e3ff03c455aa7d39e26c"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"07e78f49a665a860d70b40febb8844c702860e911ea712be1fca2401016e00d2"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"13e9db36781be22dccfead703178887a472d7076c08a1eb04ba880bf315b952d"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"f2e8cae5bfff1e797ceddf66229b585c6de3954e2736dfd9937657c6aafcd318"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"833528678794682e9eda37e75fc3b11d88aa9dd13d1b57894d486407c3b30749"}]},{"mode":1,"kem_id":18,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"f73216bc387e50725769cd4eb6616442040285ae70cdd6eaf3963d2f2dbc5d35ad8842a11974411029b5887032b027cf22878632785e8e0f7cd5f146bf9e069607cb","seedE":"6b017fc966a0fe4c5e11d163fb557d31169c06dded835b1b516165ba501e53595896f4a34186aa1405987dd9a8952e78b9df7c30107c95f36b1700ed1114b3896354","skRm":"0109b250864bcb64a2ef307b70bfe0c2c4fe0575f6309f08677ab464f24e24e7270537b58381e5553d4e2c9579b8c55d8ef214426b567e25c84e85df188a3b57370e","skEm":"00590c59e7ef2a14557b86d024ec83abae1dccc4586020793971ea1265d01fb7207d39b9e55935f283777cd83506587d4c44ce8b643fe0d06685ab370bd9e90b0c43","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040159780fc638ba2e57eba4d4f645483adf276be35cd3ff5649577aec7eb2277d095913b3022ff6b4aa908d21108607dbeca564abfc31f95bd640c1962cb79c823f9801f1ba80d9f43ea1ebbe298b33180b230818bdfe9c19b2fec1ffe5d2eee68a8e8aa87a9b9275ccf7cca84aed572742628f0ce0f2990c25d1f3d7de106082cc1fafbf","pkEm":"040175970c9c06165963eba5d7b71abddae5d478cddc95f880e86b2664ac42e25edd142a21f9c148bcceaa14f8ea567ee36149d7a974e512f01f945cce263fb82af11800e23529e800f6f1ef0df605b836aa4227c1e9ef40de521098537afc9c6436d5da26f0e4c95a30a007ea34ad91fa04f99af45fbb70785318dec40e87e7fca0d0eed9","enc":"040175970c9c06165963eba5d7b71abddae5d478cddc95f880e86b2664ac42e25edd142a21f9c148bcceaa14f8ea567ee36149d7a974e512f01f945cce263fb82af11800e23529e800f6f1ef0df605b836aa4227c1e9ef40de521098537afc9c6436d5da26f0e4c95a30a007ea34ad91fa04f99af45fbb70785318dec40e87e7fca0d0eed9","shared_secret":"8aff1d8083b1e2fa35a12af0e735be16c9f6d689c1c26dff378966a45f4bd9cb488ae7f917edac20c01640e5499e84b1b0b6532973e40414f52cb89b44fe8bdb","key_schedule_context":"01b12ec5b1b0cb71c610512ec14f972d365f2160aafbf38da681bf7d9ce9befd8ccbc47c51d6f0ffb420ccd4dafa49d39b3feeb93fbfe58bb91585669799e10f0a1589804341ddc17e93c29ce4a87139233f08c3224ae89b29e6989ec29c21ba8abc3cbf74cd2fe282dfaa23b36f5d563cb69b09074729c5f23d751098c2807767","secret":"ebae2b820e744fe1bb615dcfc1c7f5ae3f98acd8bf9bb57b6fe15f367bda66eb8a267aacae8fedea710e2d434037a8b998f4612cc317ca8221c1d9d6ab42d3c6","key":"23ccdd9d6fc29aed824e04646d708131","nonce":"8ee9860c102e2b2524bae87b","exporter_secret":"412030bb4509b7e9486f1167bea076bd889d1af5eb212d1a0eafd0ac65ca87907276f030994995c43831b7222e60220a167450da26650c3582f602361ef239cd","encryptions":[{"aad":"436f756e742d30","ciphertext":"68d7931b7142f075b788eba9aed528ce6fe8a15c68512d65de13ee64dd7bec70d378e13d3592a741de813e926d","nonce":"8ee9860c102e2b2524bae87b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"5bcee8b0699facf9e8b68fd9a109466915dae70d609ad1d323a843168f0eb3dd476007fd5bcd4de4800c8b2693","nonce":"8ee9860c102e2b2524bae87a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7aee4ad945a439a2e3e6feda56c69ad99aaff4ff2f1b3a9182d1b397c07981f46a2ff10cd05dd30605f7302281","nonce":"8ee9860c102e2b2524bae879","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"0611858c489caa8605244a7b8ec4f3192f932bd7be39527c32fae9fb926568399bd9cb94827e0a847e58bf70cc","nonce":"8ee9860c102e2b2524bae878","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"1ef7694f39dd53bbbe863ddd4fc37c0e63cedaec94619af8c1ad6ef1a5421ae998881343cb12fcdde47b81336c","nonce":"8ee9860c102e2b2524bae87f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"a918e726c2712e448356bba54122178a32b301cbbf84604142dc04d2c43746cf09a8bc62facccd63e13daa288d","nonce":"8ee9860c102e2b2524bae87e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"a904cbac602cb148d817ce8ed4b838f1ed229ad3c27665c7526fe54456624576ae3c76959aa174f0715311c5ec","nonce":"8ee9860c102e2b2524bae87d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"7fdd5b05440847f9785fa817661fbb713ad3e8b1d62951053be8877400c0c47a22747c4cbb466eb0d4f383320a","nonce":"8ee9860c102e2b2524bae87c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"28775e857bd885ecb5f524f96221640fe36b46a4d5801828c3536933ff7f73cd624709a3af153b72917788dc1b","nonce":"8ee9860c102e2b2524bae873","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"5ab15738565a80bd41d3a01afd34bd44492a75b72e992bd1229b0d839b4853d5d165baf7dec3095cb7a36764df","nonce":"8ee9860c102e2b2524bae872","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5290b3a27d734279bf172a6578ec0a130ca2a9c060da37988ca9c0b61a4db4a0"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"3ee60c21dde226df1f7e1e2d611f9fe9d73cf073abd96ff33540371e58c32533"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"722deaad2e30e65e2a99695ca3b6daeaca4025c076bfbaae2013303c188915be"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"98e6eaa5d9e276c0ae76363023040a628e81397ff0519bbde337a82d8ea95727"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"a4204e8e7a4258c4f230db1998986912274b3f2a7901ecd46b41b218a7c2dbde"}]},{"mode":2,"kem_id":18,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"a6b06b3f40ad9be9c5d4e78b6b9b978236409f59af6ff572af67f9de518a8de7029095c18416fd497911721631e9e036dc47141b3748ddd6a0e446062d416e0eaa69","seedS":"2a7cc27ddc9e94ac5e0c45bf39253bb334df63c6cf4bdbd746f1b055653bcf83919d8a1884ee34909263850b9e975d195d825be63379088c15945bcb4793dd15e817","seedE":"e924e36b2a5fbf1ac843a09c58f0b0dde183245a4d459935be153da95b6e70ab37601478a77d42200393e2b0dd5cdfdba5ebb767ca6393e90a1d990e18a0ebe2e043","skRm":"014eac6c36f931d8740bb7bb64160553ae59fa30937e5b1f01a12bbe8e63eed385c9562e0e54a298952d54e58468306d3d4dd231a193d0e59ff6fb04a9d56597c46d","skSm":"0111fd3bc3a7bfedda3cb83fddf38faed459e53b832ea97c5cc80e00003833cb6316e7fc2bdda1f10249d46600f2f11439fe8e8a057c90d21e5f0ee1b6d4fc9e424c","skEm":"0107ff446305050bbedf39d4e2d2a6a9bbc08ce76214f1ef02c9277948fc03568edf3f215221bf63c14f71222d6df5391232e1089ad702df4c1f57b848fba3c25768","pkRm":"0400949942cd6239410338f0728c610ac2bd8e330a453295e785a4b661ea4b1529e4ff90c2c7bdd084cbd9c196539277772b572e808c8d640294de56a37bd2102037b7006f6533b6267370511ec437ec68b2ea8b682ef4ebe60c19b2d67e42ba20b6fd1e2c8d5bb6b9486c129d8513cd649765783b40309286551188486b89de1779b406a1","pkSm":"0401cf1d39eaeb57bc10827606bd1202a12ec8dc7a3320dac7eb91756b9dd6097491379d4b5f8c6bc24121aad57277fa51f50ae89f22d9dc9d223af88eba0414e6665d00274b9bad8516e98981f3943cf9f0d5ccd0cb9df2c1bbb01af7f312d39b6a2b77ad3fdfe5b75e2db5139f541b6ef6177bdc029b9b94d8148051116cdf15b15e4cb7","pkEm":"0401f2f000a0f0c8f55165ab573f9a106624fc88d382d6494ed83c3528d54e6b196cec236f50dc3bf5494f9608c6b32c779c93ea09b8a8e98ced30c049a0d456110f0a01bfeeb699e936744895981e14e53b93525366342072c6fbd6be589fb487d2adedd5f02beda4f907b0c81508568db3a072125a984e2445a47bb7f95af42c6919bd63","enc":"0401f2f000a0f0c8f55165ab573f9a106624fc88d382d6494ed83c3528d54e6b196cec236f50dc3bf5494f9608c6b32c779c93ea09b8a8e98ced30c049a0d456110f0a01bfeeb699e936744895981e14e53b93525366342072c6fbd6be589fb487d2adedd5f02beda4f907b0c81508568db3a072125a984e2445a47bb7f95af42c6919bd63","shared_secret":"7eebcf4193afaa25997bf5cb158e618945a6f2fb808c916e74dde681e7b309798186c05c4da217e8605172b85136e466157ef1abde77b9c4a327f8eb20871a13","key_schedule_context":"02f561da04cd85ee1cc244a2dc01c448761ef6adc50c3278bd9685a8441a52e99ebf93bd8606a1106f8e6cc040b9d01d47da6ed1171e402d7ed278e376d5efe4eb1589804341ddc17e93c29ce4a87139233f08c3224ae89b29e6989ec29c21ba8abc3cbf74cd2fe282dfaa23b36f5d563cb69b09074729c5f23d751098c2807767","secret":"556450381e562042cf3c3aa5c798c14f237a4c7b6eefdf5052616d551147254994ca8a0dbed6cd1026bd81f51b541a57f6dcbc9970eac3737a5521ae916105cd","key":"33b930a97ed702582652678cea425f01","nonce":"facfc3de1d3d16654a3646c6","exporter_secret":"0d137a52999ac3666f1260c7520c55b63ee269938176f5f1cf9cd7c8ac63ccc150302650cbcfbdfa28376f32d2a368c2a86b52cf5306e2c7c0193d9412dd2ed4","encryptions":[{"aad":"436f756e742d30","ciphertext":"b0e7997abd962aa9bf94b591977fac084fc773faf6706e55de1d783df2bdc94ed9c5bccbb32c5b8bda4a30271f","nonce":"facfc3de1d3d16654a3646c6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d60872b9ca21813c413bfe4c5a0f6b1237ec032e095b48ae4c53ff7ef822a0c339f2207548fc7874b6e038bc22","nonce":"facfc3de1d3d16654a3646c7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"3aa0b0bc285783a79ac039f7f21dd40e078e71a5dc65616833d47c67025aac87030ab57d6d198103c9767a5e63","nonce":"facfc3de1d3d16654a3646c4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1bfb77fcd19be061e7802f4db64b23229df599fa6a515b7bb07a444e821c75b3e142f6cf2bb3da3f66a908e70f","nonce":"facfc3de1d3d16654a3646c5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"1d7f887bd329bb672cba847a04b45d9dfedefbd5555e1c116343b2e0afc7f495412c798b16912c9e58bbfefdd7","nonce":"facfc3de1d3d16654a3646c2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"41442da017b36a9c27f3f06fedcb3d09014cc9d411dca7c7d95d38406057676d7ae198e422b1ab7bbe2786126c","nonce":"facfc3de1d3d16654a3646c3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"0614ec3de689aaefca79907eaacc7aa72b602ca54b8c266457f81d33f4e34011fdb6885c6d5a9f9e8cbc83ca4b","nonce":"facfc3de1d3d16654a3646c0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"4881ac5eebbc3c3629c6490daeb84b9f491fa1e7cbc47655fdc77449ab58af5bb26d7fab74aa5f8358d1b06adc","nonce":"facfc3de1d3d16654a3646c1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"cd9e88cc5d93e37ee8fe1569f9a7d576be109004b72b8568fe71bfb213ec8ec9d1c1069ae5ed64c23e35077aea","nonce":"facfc3de1d3d16654a3646ce","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ebaec62cd84c54ce100614621c44d3dd6c468e0bea80d162ae1153f0b59e18f193b09351e02c0f0d1d160cfad7","nonce":"facfc3de1d3d16654a3646cf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"917098cb566a31bf5d25f2e6269eb678ca48be094bc8cbd92e18550297e60770"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"b059929a24d13f83539cd5af3a533ece04c23bc3339903d82a20532ce7c52fc2"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"73e244eedc6a760ac563d8391ebdea1e6cc20bc5d952507a6400033e466c6e2f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"52c8a927b91539056071eeeed79b5dbf79c2d15a9da094783ab0d396747f3ee8"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"7af7616f6537a45510b6aadb25ddbedb93d4b50a2481b2234d6d99af5bb8ef53"}]},{"mode":3,"kem_id":18,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"5f06de72f05e73706e8a0c98f85fc6eff3f2e7ef9498ce1eaa6d3f936acfe82c5fc290cbcc414e014b4be2a4ee14d9967478598a1f64e712f4e68d67aaf41fd3aa51","seedS":"e9e6cc24a272adf73292ff3deb5afd8f0576bd0e54293dd34c73654afc74ba8ffa938e79258f97149301c8ddd7509faece4c13a9e89e78080dca3ac7b1dcc8ff5e93","seedE":"3143ae589ae5aeba6d954c33f01508bf410e8d500dc725a1ae36f0ccb2dee83dbaac4bfb1d0b3ba9af13bc3efe2c1ae1a005baf6cab683a19dbb9e33f2d802d04b5b","skRm":"00a3cbfe527a1e2fac8868d81ef28da38bc6022f9b93b9051161a78843f7422640ac23517f9551a096ea34314f25d07d80a984fd406d67aca47af9a7233cc5c6fa23","skSm":"019fe5b5e3a47133f61a5cb9ee15af83729fa7acb14b4983a4ce679e3710c2686047faed72952b16ada67cb1526a9df8d7807873f35e1277e61f6d5b42dc70d28b41","skEm":"00a6c4acc257c589de087e2430f41abf81285a61e2193f32b2acb7d1a225ddb56436ad5808dee4f233b564a1a8bacc2d4468ebe4f969dea5604dec1acd294e95d84a","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04002bfbf7302ff541cd8b01e27038fbe6f35f74bcba2944b68bf53cfa2ae74e0d365e175dd7b8818f057e9b4e9f1b387e708e7f8e7c0d89b95b6fe192e6d293a98dad0158317ad685e12a1ad93a7bd16997ec7c1632f2ceb56418fd942dc28d0ddf5ff77cf6b24f8c831e2048091389906034e53433fb4a50c01f3efb24da8c73e3fbd737","pkSm":"0401ccf22f46a74a949572e124e87c59a519cce79d40ecafa70684931164ffed6f7651bd08c3a6ff4a933665675a65fb4c212c6e24d3d7b6ac4e4c75377755f54b2b1100a2ead01cfc0d0ca9a1d9e563ceb44aaacfb2d3e8d7ec39831bd947631795bcce06e6e89dd0d81e69c967921685fb342e84e9caf09bdefb39189d2b5537f67e0b84","pkEm":"040057beff01b9625020fc4faa6a54260b73bc4b39636f3e79b2b20cbe094de634831fa88897dfca7456ab05106f72a011efe5a2d72de2ff713924419de7398475130000a589e352cf39ccc5208172c0c720a3c93d71078d5f643b5e2a5d92de1c2c512083204e1826f46bb1aac4f03854f35f45740c240d20120a53898b330fe967721a17","enc":"040057beff01b9625020fc4faa6a54260b73bc4b39636f3e79b2b20cbe094de634831fa88897dfca7456ab05106f72a011efe5a2d72de2ff713924419de7398475130000a589e352cf39ccc5208172c0c720a3c93d71078d5f643b5e2a5d92de1c2c512083204e1826f46bb1aac4f03854f35f45740c240d20120a53898b330fe967721a17","shared_secret":"b77f09c6b711384291a1a4822d9fd5864a08c968902ffe63835878b35335075c257a4863a6a8d6ad6067adfb545050837fb8a19d03ad691cb0cfd7f76d03500c","key_schedule_context":"03b12ec5b1b0cb71c610512ec14f972d365f2160aafbf38da681bf7d9ce9befd8ccbc47c51d6f0ffb420ccd4dafa49d39b3feeb93fbfe58bb91585669799e10f0a1589804341ddc17e93c29ce4a87139233f08c3224ae89b29e6989ec29c21ba8abc3cbf74cd2fe282dfaa23b36f5d563cb69b09074729c5f23d751098c2807767","secret":"6cd564b9a65e237c91771af7a9da548440d0bc9f22f36f72d40a7f9433753548bfbc2e2da1179ac84af405f13b55a68bf2d720b5076de09d38846f1b42640ffc","key":"18f593f0aff921f7f58f50474601eb10","nonce":"b8113a6f9ee5cf29ba88dfd5","exporter_secret":"d15f9c13268af889d0694705c3f98dbd541ce2c33735555a7abd5547251c11c19a44e5ad0e382b704e45f8e58584a8511f6a1df44d2861b3550cf43b7e2d838f","encryptions":[{"aad":"436f756e742d30","ciphertext":"dbabe86a5bdca936147e45a05d744207bf45f1ef4aabab4ff9b6c72fd41190649ec1ebda705b0cd012a0ba28ee","nonce":"b8113a6f9ee5cf29ba88dfd5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"bee4c779624a07eef5ae46e427a39c89f249c2564be98ce87c99c25be66729f939cb3c6bf17587a15d381d7f1f","nonce":"b8113a6f9ee5cf29ba88dfd4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"63124a0efcdecc80a4e202d1865b2b88e67e86a14e875117a40821a02203aa32593bc7ff792aca4ec3b31977cd","nonce":"b8113a6f9ee5cf29ba88dfd7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"4609212683526d757aeee1bb91eaeb147457dc83ec4d49304a2128a57694f589a9219bfa95c4395a3f282f3983","nonce":"b8113a6f9ee5cf29ba88dfd6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"521e5eaef4eb073913249a3cc330631c0e05e56e190e3e837f5415a91c6571e7b96e86ca0a7d414296a393801f","nonce":"b8113a6f9ee5cf29ba88dfd1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"68b48f40a6425413b71fdddb8a9411d65a579f40d1025e594aba227056f2c2f2765736952e8f570ba90ca17420","nonce":"b8113a6f9ee5cf29ba88dfd0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"24202e80f83b5ceaa09e7006a4517d6d31e58a190f6e7495c1ba9b1a3af5c93e67524aa778a88405af41eb04e9","nonce":"b8113a6f9ee5cf29ba88dfd3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"bfa1b2d7332caa15cdbadc9703cd198f48e9d8cbca96a3e9124f024246ce2de93fb1f4ccc0542beea62f68ffa7","nonce":"b8113a6f9ee5cf29ba88dfd2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e963bb2fbb4bbfde98c59d6544d04f38e8fb33a871325761ec31a6863b84f499c41566cf5fe54725e690c90508","nonce":"b8113a6f9ee5cf29ba88dfdd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a7b89f43a4bac6ec41c1abd9126455e9472ad34bc98692a2dafc4616891be6ea89cc60959e9a505fa17ceabd44","nonce":"b8113a6f9ee5cf29ba88dfdc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"163809810a5d97564de6f9e58e59804053a5f6001e6b318cca4f9f0b895d1619"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"df744c018202efe80a2a97a4a4a58e95ef3d80cda9cf3f9cee61b0612100010e"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"bf52deb8e2c0958063e38589edd21ce547a71299662ebb96aeab7beb85e291e6"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"8429381f0b65b4f13481516c4d1387e2e23927a95cd2a16a58b0dfdd1a3c2fc8"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"a47e3e0cc975fda3d6b3bc65a9cf5baf7291125f3b26f5d288fdb78f24fbfb91"}]},{"mode":0,"kem_id":18,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"62641514bccd2858f3d6513305288d6ca0e443f00a86eb33ccd519d1803aebc5d07bbad0e1013ce61d9c9d713b3c90c8e79a1af01d6c69750f67cbbd1d9d4afeedfa","seedE":"1ed3768f499b5b3c2beda3166528b649d4b117a0bd450f0e9e19815c2597d1777ac67ea367415fb28c8819c94b383a0a8a15c9f03b4835330e3e6c8bc8319202e473","skRm":"009f662259723e2774e0ef4ef1fc57dffcf7f96fee05ee32b8534983f25daab861fce9ac5dc0cccd3d346a58963e57653048f933f9c884c74f776bcd57e6669c9a86","skEm":"00c028f97f53e7609c4f9478841b29c0d009abea13d12f4d558f57b78fa6193faafdf15ce03572ea2330510020e9bdd2d94c1d461d1af9e8f2b2f1e7c6dbeddec850","pkRm":"0400dc5973e5ab5a417e82c8115abdf28a78ea32a397cf067b9e783ebff9182d1e3bcb32aeb9ce74ababd634678a6fe716ff15f6135e8ee7b43f46364198ac03c4504301056de893c64abc7314b877dc699db98be5cbf07b12e0c141578e0aeba9911045f193511f074b4f6036dcd5826515dd4aaab522c4a7f44bced319e9583bc118d14c","pkEm":"04000fe222a93e988f2b890bf98345fdd3c08724631091dfbd8c3572a91e2fc8bd878f1537852bffdaaf55e168cfa4511445c390a705bf322ded61f4bf7e5a9f69248101acb73eb821bf6c757ab35286af062fa59f614e319c7eb62a1423c84c86eba1ae8d65280fd69916ff758825e2944c2df3242b3f6b110da559bf20919431cab76cfa","enc":"04000fe222a93e988f2b890bf98345fdd3c08724631091dfbd8c3572a91e2fc8bd878f1537852bffdaaf55e168cfa4511445c390a705bf322ded61f4bf7e5a9f69248101acb73eb821bf6c757ab35286af062fa59f614e319c7eb62a1423c84c86eba1ae8d65280fd69916ff758825e2944c2df3242b3f6b110da559bf20919431cab76cfa","shared_secret":"836dec8ee53432fe6135a364858d61a256848874d645c286d454411eefde448bc7654cf506bf1e4ab3dd43f5d9baeb05b24e2ee6b3591b5136432ff747c71722","key_schedule_context":"005c0b2bdbbffbea1af82c95fa5560defe4ba0a05fd3c301cdfab3bbc2fba9783d13d14ecba2cdc7a7c1f544087eb5b3a22ca199e34879b2bbeab3d644cb2a005dd8854451600d718851b126f132b5ea0cf6942b64e7e586a7f8877bbcc281c8f6c005e9d1c201fa65882d2162ed577741da4aed5c33fa050d83feb94a4e88638c","secret":"71529ceee3d8881f66363e99cd1bade88b2ea7b8c19363fc0e093bb92b961c31d61e9147aeed52bc81be1e4f5ce18bb758a97dc54030e63ce37d3a92860328d6","key":"80358d48c8324176a44632f90c826a6bbfe7b2126f9ee47eca65f58faee8946f","nonce":"7502fc65d8e5db6fd14285c5","exporter_secret":"d876060f03e1ba934c3e3c93416e91888b0a02614f8c5a27d24f3112754c4d654bbc04fd54c1aa052c5dd81358362ecea1c15e20c9cebaa5393e52da73d4f611","encryptions":[{"aad":"436f756e742d30","ciphertext":"ba38cbcd619868b4e993b7757cf8449aeab47d07741a62ec8b3fa72c136b7e5f6c11ee2faceea367f4126181ca","nonce":"7502fc65d8e5db6fd14285c5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"a97932db8c889e85e844b1b8fc75fb3a21e25569bcfacc74ce47287eb35b59372f0e6c1762446674aec9469774","nonce":"7502fc65d8e5db6fd14285c4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"dffe364d097f06751044647b5b992a834414c0d629b25f9db8e0bde6687e26f73cd7f77078bd9d677a4e3555ed","nonce":"7502fc65d8e5db6fd14285c7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"820b741ad9f16c1e434fffb94ff55b6ec7f4063367e4c449bccc1529f758f67f6432a9e935e42196f810116f4c","nonce":"7502fc65d8e5db6fd14285c6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"e48c2e05ec38338e78a2ed2473a6052006f474957d9ff98ff26c07d51418bda9bebb572b6a46bdb8367a65595c","nonce":"7502fc65d8e5db6fd14285c1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"e06d29c5648f88176dde24501610a8f51438d6af6d3e4c84d73906987aa918d8a2b69876c748eab826e603f1b6","nonce":"7502fc65d8e5db6fd14285c0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"9a7ade7c34c2c2c48dfa117a6618e76eabb8fbfe0bfd5fc91dd7c1fa849a3ee95e37026de1cb8120db1a8fdb6f","nonce":"7502fc65d8e5db6fd14285c3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f7c76b6fd22f90d58f43c67da7a9d8ab7ccf53e7f9d586308d5c64cdc268358df5e1a6a44c8a7c611018b9ca7a","nonce":"7502fc65d8e5db6fd14285c2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8d4fca01e27ed84720bfa1ef4cd2ae8df59e0fc41593d68de060ea1e765edd03667ccab3f3ca3a05339196a21c","nonce":"7502fc65d8e5db6fd14285cd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"1abf19cdb9f0cfb71e23569c2a36f283a542a228ac95893e7ee5782cde5c82beb8102ed924f6d0667bcef7d678","nonce":"7502fc65d8e5db6fd14285cc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"25165e98cacc80b167e37a1051b2f3e2c22140959dfe2a9493625e83c9be9f15"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f9b5c7fece670b2d8f0bc6337ead2815e00ef98108ceaf47a42d81f5b180c1d2"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"2c2716e716318f538e2fe72a5578051588efb8948d12082e9611477b511afdb5"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"09ed503d557c02ffc00ba7a86a57506fb967622c17fc6a5b9109135fd6ccbbb0"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"62daccd56fa57ed1dd1998088eef0f20a7272d422a664f31c3b9ee3a7f1ec185"}]},{"mode":1,"kem_id":18,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"41b782c18c14986c9d7a636152f13677aeddf479c1c7791ea46e0ebbe35ca9dd524c23d730eef443741d7d965415833d6c549c8c1b31ad05f2b9a88f916b2930528e","seedE":"64463def238f309f1e9d1f28c15dc126cffa4ded911a4c527eeb71ba593847fb405756239d2c694ce4effa3996cafb5cc0b3736dd988deb7289210ec92bf6b339302","skRm":"0002be614bf40b361548a5a881d5fdb4b5b1bff90bbc5cffb0eeccbf9163076881edc46eb7944623d900868e532b9b1d5eddb47cabf4579a11793193eeecaa5a788d","skEm":"00a173fbc49ecb270b4fa1ab823cc457f1e1e0dbeadf9b481b824099300fe6c11e0329dd0b82894881a9c57209ad5a47d37172283e8af39c6d41de867a7e16c87bbd","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0401dde7fc00593a91eaee630e84d8cc9cc07c5392f779d28c82784b5cfc38fe916f28351dc8857404fcd81a5c317eb82e18ff3ef0fbe87f49db936f6a6c0870c4943401f31ed2fe9192f09f8806441675180b8cd8ab335dfe855acfabbd86e60fa5a08e4e4faab1271e4530ba61dfece5332f55fd14efa2172b8cc4670415a37fd9587dee","pkEm":"040041d3923b7218cf378f7336712e2ab1d254a2e7b0e67b85ccd149f68115e9d1ed4492f5542923586feecf2e5500be432e181e73bbcf87947914ba760ab1216e62f80067e0e0899fbc87ffcf0b2e7556f4bac9395aa3e284f73323c87ab3e5bb8409e2b85ed657170aacad0d83cd8ea71dee1b480634f818383d75899c877d3fa263fe49","enc":"040041d3923b7218cf378f7336712e2ab1d254a2e7b0e67b85ccd149f68115e9d1ed4492f5542923586feecf2e5500be432e181e73bbcf87947914ba760ab1216e62f80067e0e0899fbc87ffcf0b2e7556f4bac9395aa3e284f73323c87ab3e5bb8409e2b85ed657170aacad0d83cd8ea71dee1b480634f818383d75899c877d3fa263fe49","shared_secret":"8fb618ff94fca65c1bb2183b5683bbefd0aefe66d1610e0d1623c8b3d00c2fb5feba21b1050d7752ad1f0b52250624881902f3d5156b4b3c454aaee2b2b20a89","key_schedule_context":"017344e204124da2a856fc5693999bbfd1242c27f4b2f16fdc92751d458fbb606adde7aecc32db4dd5b0fdbea7655c7c0e8363da1a34370ba59bfdb42108a4bebbd8854451600d718851b126f132b5ea0cf6942b64e7e586a7f8877bbcc281c8f6c005e9d1c201fa65882d2162ed577741da4aed5c33fa050d83feb94a4e88638c","secret":"edfc1907ed7d5006b7e821f9802b49192ebd40dad26bb9ebc20192bfc4e6319f22dd9950d51fe7c07c48739ff424509b056acf2a2acb655b59999626b91741b8","key":"6fb2ffb368d1d76a743b9e51d8293d0960810936399fb51dcffe83ddf14c6271","nonce":"ba6d3b6c7435583230a60d86","exporter_secret":"1926473db83cdccbfc308c0a286b0e248c2d2cda275c6c511f50d64768d483229f24f770271cdb01096bdcb15c8269ef5e80e592998fb43c93ea3b8c0e1e46d2","encryptions":[{"aad":"436f756e742d30","ciphertext":"264cd2ede05a9ab1527a01508fd537afe67b6c6f89d5a09e9e28bb3e0a52c61a174f9ae71681f548ec44b38ccd","nonce":"ba6d3b6c7435583230a60d86","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"4b439bc9afa3ce832cbda50c31b549fcab63a7ffd040907e1fdc5200e01d5d0ba4b4349eda9c135d4b1a39da7d","nonce":"ba6d3b6c7435583230a60d87","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b8bf1321fa9d670cd0fea9c59ca8a88583f793a27633a8ab5b026e3309b7861d98c1546ee4205621da2d5899c0","nonce":"ba6d3b6c7435583230a60d84","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"3816786f0f619b1ba80c0046a155638b616fe90d2c33fd4229299a0b01d7b632d9ae77da1bae05d6c0b8fc1342","nonce":"ba6d3b6c7435583230a60d85","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"84a1574168983ccb5b52a5e0b522f04cf5283bd6e818e0f4c3b165e179ad899e34f8675aea5b905605f10cfb15","nonce":"ba6d3b6c7435583230a60d82","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"cf2f3b487370c15dea92ced3d5a5829fea7c539eb4583dbd61b090b2e0b55efe9a93b1e14aacbd3a278d39d272","nonce":"ba6d3b6c7435583230a60d83","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"e26984b3cb713bc5061ec0bf7c9b9ce27e95a1f7c19d027179744aae3788c65d6695ce92148e055369c6094d1d","nonce":"ba6d3b6c7435583230a60d80","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"d51df949ac4584f4428fbf5b391b5e910336401264d7be5366da4818b17e781a960d67f537218969947fe6aee8","nonce":"ba6d3b6c7435583230a60d81","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"7a75a9427db2b5692723ac6e7230ab12f4f477ede1322f28ccc58a6e0cbcd8b6583785b5b20b1211f718882a14","nonce":"ba6d3b6c7435583230a60d8e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c7c2153eebbb2fbdc0f22fff28a5981e548f2007e8dea3e65eb4b0f5f91b7da603b872d17ef2d14f3229576c50","nonce":"ba6d3b6c7435583230a60d8f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1e22305088a733da436e9f34981bf02bc5387c585709050f1d793f92b21dface"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"2c885f289aeef95d8305a401869704320046283bd42c9c827a53c777e97cf9ea"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"c725f067eee0973e37641b9eb160a48ec0b38206b392ddad62366b6c778e6543"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"34e07d6e42b66f2e8151ea3b18ec883116ad69caba9befd7eb15af3595820896"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"363a041e5cd48d14546e9cf1cdc0e07ae84cf4ce92c343a7cfbf2900ba6817e0"}]},{"mode":2,"kem_id":18,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"54af23ea93c8fc34deb6a7cd70e657ea8990fc4e9a18656d5764b62f7a33a9e0212adeae1585ad2ef28688c1b558866c1975973c4dff08955c1f9fd7939b10b5fbfc","seedS":"b65599d814192278ab826ef197a61b77db50f40495f77502dfaa03acd1f3565a3cefebd59de2328ece0638c90d8a89f9ca58f2850e39e9a4c9c339290d66da12fdf0","seedE":"81dc51e31ef8e9b33fefcdf00bd3b0ff585b941fe76cf39a86c269e2f53be7edb3db0be1a58b6cb8d8e6020fe8a2018c59d47cacb35b2b8c61bd4155438b5eda5c0d","skRm":"018c4d39ce0fe30e708136c80fb507b12db90d248da5c823afcf27ecd9b103d965181d870c873c1c221f7e69409b65591acc8ed470576ad76daccdc24cb80ef77ef9","skSm":"00fdac1340626d9d6510afb50ebb7ce865bcce98d33325f30f3cd354e5950f2a905ead357966a2ac549f4756f07fff3c6ed70d5dda8ffd325f0bd5a3582910aef18d","skEm":"01f1407a3723aa7c17931bf192ff7956c82d80f54db79d4576f82b69249df8009f699718e82c77b961cc9d040ff1d9272ff97d2ba2a6c92876950e897e3b5f0f2c05","pkRm":"0401205c8f7f686f4c76e9c4c4915fb8bdfac4003cd9ccb92b885f3b8fbd9f846e47c32c6beedab8fc0643f8fb6345b3d9f75e651c0c9477970dfc688f6c869629650400868296e95f404533db84ad8f2e282218c9588c25e94d5b818dc54f1a5659c36b3c60c95405af87d6b2684bd02ec6462c7802a52524d8886c9e1c7ffa8de9d75680","pkSm":"0401686163e4e2bdbb7d476a3668343270457beaea97a008d943eaa767bf4898ab97c01c16f9312efd77572ee9e958bacd6dbca1c8ed8de22c165a084ad7ea0360fa3b004d33b20332bd85bc9c2b772ed56b40ebe5ce72a01b6a481f591097cd13e6ecfac471586bdd49805ac94ba351d5c5bee6ec66d4b599d1d123ee7b3463c5901b3434","pkEm":"0400c708757d53d8a1ac555426d660014fefab2676fcebf62d7589339f24a0f632e51da9e1b13631f461a48753b756c3322032cc27b32cea63cfefadba56952d7ae35c0166b63cc1e329938a33728a2ef6fce3372589da2b9bcc80ae007dee3e084b1656349f15145905689ef920807ff239f94891b22057385c7b97ea517b1ab21bf5fec8","enc":"0400c708757d53d8a1ac555426d660014fefab2676fcebf62d7589339f24a0f632e51da9e1b13631f461a48753b756c3322032cc27b32cea63cfefadba56952d7ae35c0166b63cc1e329938a33728a2ef6fce3372589da2b9bcc80ae007dee3e084b1656349f15145905689ef920807ff239f94891b22057385c7b97ea517b1ab21bf5fec8","shared_secret":"7258e75f7c2a8ded295523a7b99c1045925dca1628a91bdca9a2e1bdcc187eee3b627f2ab6a73853c8dcb13a95d0980585c21c25cf92b7c9d945430dfc47e690","key_schedule_context":"025c0b2bdbbffbea1af82c95fa5560defe4ba0a05fd3c301cdfab3bbc2fba9783d13d14ecba2cdc7a7c1f544087eb5b3a22ca199e34879b2bbeab3d644cb2a005dd8854451600d718851b126f132b5ea0cf6942b64e7e586a7f8877bbcc281c8f6c005e9d1c201fa65882d2162ed577741da4aed5c33fa050d83feb94a4e88638c","secret":"dc6a1631b3fbc9d6b6b856d60738cefe1743cfc14d1ae0627b38386b9abc9b2f86dde080bb6b9d7c3eb579d6bf599765cb4a5e27cd134703acc06142901164c9","key":"eedfdbacc250f004a9a4027184a95388f9ebf86ce9593c81921da9eef5d9f6e9","nonce":"8c1fb99aa9cca28b2a1ac3ec","exporter_secret":"1f64d525bc6f36488c46c0650b6f0c10a887e0e300737a2c167e4ffd1b4d91193750fcf26173f0c8924f6a86b01fac3f6753d4e9f91abd92b042ae3218d7f45e","encryptions":[{"aad":"436f756e742d30","ciphertext":"1f4da6829a7336ec414ffeebec31807dd1acb2ec248b165b5d29732dd0057fa76be483b9af01437b32ebe6c061","nonce":"8c1fb99aa9cca28b2a1ac3ec","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"168714b29e7f1c3a91dffdb6cc576b7be34ef929b7ccd598435c4ef1af52c5d7ddbe43f51ac50b27bbf9ce0e73","nonce":"8c1fb99aa9cca28b2a1ac3ed","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"639d9f6c9ca75d91fff8d4a9b0608d10db800fe6a1ed208a09fb907f70a327c61414a20e4910a54f12f2ada7a6","nonce":"8c1fb99aa9cca28b2a1ac3ee","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"8f90fa8fcb29c639026f1f56a6ac3926a0a00f683ae8ef41d96dcb1227b67a3e95293864d68e3db50cd027d3d5","nonce":"8c1fb99aa9cca28b2a1ac3ef","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"e325abd75e86991abc1ba269fef64c5ccb3a5c1636f4c8e026205ad45470cae1771d9a5c87a3a21af1d6b89cc0","nonce":"8c1fb99aa9cca28b2a1ac3e8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"e1a27236cb42c406eba76558911566feb7599ed953f9a90949a26a2f58eb1b3c3271fa839c30fb94e25a50b98c","nonce":"8c1fb99aa9cca28b2a1ac3e9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"2c4b97f2267c0cdae0dca989a4e2dc273742938c0a512839e4ead5c27c6c37941f181b6ab9492abedaf1139f73","nonce":"8c1fb99aa9cca28b2a1ac3ea","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f47cb2016143f9c989a456f608c79fb482eb2100c7df02961f51db7a52095560e12fb2014838a44ae3bb714ebd","nonce":"8c1fb99aa9cca28b2a1ac3eb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5a0ecf0fba2d379a909080d947a2396541c7cbe17b129197a00d3bf8ada54e042de1b9ea7fac92ad212ea44507","nonce":"8c1fb99aa9cca28b2a1ac3e4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"923b8cd6aaa17919dc2a7781aed4683be667d0e1d3813e87ec1cdf1e3831ff4048200f86feaac65c905fadd5f8","nonce":"8c1fb99aa9cca28b2a1ac3e5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"7a96638a8687bc888f4b0d085684dc250e8e6f8781d3f9529863cddda962f26f"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"647aafb6c2ef4fed30aca20558f1c3d20adb5b113ddfdd9ddc382226ddad88d6"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0c1623f289d451b5c9409ff9c249ebf93b6f60f7b26220d8f440d34b3d953b77"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"dad5bda5c3f44c7bc916083e5cabf83d236ebfc11969bd12f9749f6343cf37a7"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5aa4b65d67adeb2bd6c61d69dd1d9f034a5081c6775ef18ce0e55f5047690937"}]},{"mode":3,"kem_id":18,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"46592c2b171b8cdcce89601fab103f63ed43badadcf9df62a928ae3b7fa91f269eff3485f6401c374e19a8bb988005626b9c26d39795282b1095bcc4f62a67255e15","seedS":"d02446c344c10cd162486caa69aa1156ac3066e0fd668fa7faaf13bdbc944edbc0cd68ee36e4c30ecc36c2c5ab0978473eb1b5dcfff27985c9328877e85fd48b657d","seedE":"dc1fda9b21a1af6925ecf9ad79d2422f698b4168587c7908b36f5f58352181b9506554d8d8c9427e0dd2cfda25f0eabf58e9f5597e1b76ac12c799fe96e3cc03dc59","skRm":"0060669f64320d18ab930d3d8445d08c60cc160c7f6fec3cf00c0d4fd2683c78a4fd379e764717e8c15d5ec65cf35c333113c8441249d17f61d476b55cea893b54ac","skSm":"01e1aac5ee87bf982e74faf7a452e9336084472898bfb9a5e38b3e6bea42e5cf8b8dae5a81e0de94d01a27f3f519d7bf5fa2fb6210cc704090062c230eff8ab45395","skEm":"01cd84ef7d3c0d780d48e74460dfdd6c8af9e7658c5fed7a9e5b24c77cfba485ae985ea0f12bdf7d71a30842a56f0eeab035c6154d0676ef83d7ff189aba3581c8ea","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0400a45f815c40cb61ab387708fb38cb3283dde4750bec539d124ce268ea991554fca7ace0d096ca2607c4f9d53e19a45b25415f4eef39ed601a43ca15b2de81b91d1e00f2a93bbc4c2ece7841e67916d23f5582bc0930bb8a22c8401b7402511b93a28887ecd81ca17ae2a3cc11e9e9663ee1385e8f245d4a1720bcd8334faee88ddb849a","pkSm":"0400a7b0299c29e52f560b84c357c5b3b379a3f32b1f5f2c48c89fe88c655f28e980dc6deab743cca6a12eaaa1df826f25d17c5eb8fcda8d6ca207153a24108f59c675013edf7d12d93f82de1e1a47d1fb27d082f3dc1ca605792b11171c8e0815f8c9f575e7fc0bbcf6108a0326fa5fdf713282ba60196d6524ead737d512e3b1c0e94c69","pkEm":"04007abb917b25112c8bf9a75233c90e0f55a4b6cd4f52a9f8a8856e85f82bbd84ac0d1941f01aab2c7846e6b562c0f5168727f4443acb84249f357d591f7bef8651d2019e0f9ef53c20a74f6cc9e6080e792877201ec7d4fb5fa22e184d1d848314811a3d110112172bc802805ef7405dc0fac4f5f401865f0410c05d172524a71039963e","enc":"04007abb917b25112c8bf9a75233c90e0f55a4b6cd4f52a9f8a8856e85f82bbd84ac0d1941f01aab2c7846e6b562c0f5168727f4443acb84249f357d591f7bef8651d2019e0f9ef53c20a74f6cc9e6080e792877201ec7d4fb5fa22e184d1d848314811a3d110112172bc802805ef7405dc0fac4f5f401865f0410c05d172524a71039963e","shared_secret":"82913b51b3809a9177ab90ca628e661126d8b64ca95739f6172b93ff511ccc0b7b6255dd9bc17d692b598acd10c1a3b86fb242554824f06df693f75c5d2935d6","key_schedule_context":"037344e204124da2a856fc5693999bbfd1242c27f4b2f16fdc92751d458fbb606adde7aecc32db4dd5b0fdbea7655c7c0e8363da1a34370ba59bfdb42108a4bebbd8854451600d718851b126f132b5ea0cf6942b64e7e586a7f8877bbcc281c8f6c005e9d1c201fa65882d2162ed577741da4aed5c33fa050d83feb94a4e88638c","secret":"fd3c39728bad99fcb7c2430841690994f624a2bcfaba38affe3596b651bae01ccd0b7b1c9fbf10de0fddb9ec06bfc9dfcd0c1fcdb2cbfee6e27e4a653bc24344","key":"7262c38cfa0c8f468160fb1530579d53c433559a58bc1acf1facf5231bdbc7cf","nonce":"65560e6c300fd5a0a7dba420","exporter_secret":"58a7173f251e03619d615542539e40c9bf480f96efd02621621106296dbff95aff003971cafb9265d92ba3d7fbf67283c40364f7def04cd4d6429c015172e76e","encryptions":[{"aad":"436f756e742d30","ciphertext":"e0d4d9b38eb8b8dc1f2c986005a83b7df5bde76d48c95dd59bd60456639a82feb3ea3205b6fce5e672fad9c73d","nonce":"65560e6c300fd5a0a7dba420","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"a905aa5e9c23600c8bdd8c45b2bdd3352727175c565d4d60b7e4d7083b10fe26afde4ccdab36726e6e0c26d78f","nonce":"65560e6c300fd5a0a7dba421","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"f8d5733f3b2e850176ae68f998268125662161b4edf86752a80b70ec03762dcbb8508c495852fc313cbca8e065","nonce":"65560e6c300fd5a0a7dba422","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"800f11fa1dc970978fab07a6a4fbd9101239fbbc931167373fd2ee5129cff5e1db3ae36d9596ce9476ec2a925a","nonce":"65560e6c300fd5a0a7dba423","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"644ce2fe731274c00b455a25e7a733032dd2916d25a4a39d28a89f3f5282b12b20afde48860ea31f187c4c4ecd","nonce":"65560e6c300fd5a0a7dba424","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"3ef4ede51efec97da0af338e7f2c8a30885ee77c0a23cb33aaf9509118c97aa247bd40c0b0488ffdfc9411a77e","nonce":"65560e6c300fd5a0a7dba425","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"2214739cc80e0455e890177151f3395f79a2d19c121065e4e8f67ebcbb0c10d530e931327b1ca9fe506406d629","nonce":"65560e6c300fd5a0a7dba426","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"25d21a04b992960fcfc181ccc73d2106951c7ee6a6edbe8aa9de7d9f6104a16823e843fb30f02772689a01b3cc","nonce":"65560e6c300fd5a0a7dba427","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a1e2f5eb982c4be137fd6deff6ca1f20241d79b1428cfe29502df25ba47d62e332ba396cf9dffe00ba694ef866","nonce":"65560e6c300fd5a0a7dba428","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9be2404dce63045a15f601705f7d6caaac998e78462485474965b6c2c56eca046fe15b69b2e93288cbaced2bf5","nonce":"65560e6c300fd5a0a7dba429","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1f80dacf98a15b2eff384c6aac4fd98dfe425968fa7d8ec76d2361da973acffa"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"0eede8db2d45fbd3a3a4ad5ad47ffa593e57a9c6b165dfe1a4b3a179f6583276"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0e32f7da3eaa86937d5c6564d1b478b498091b8d783f331b7574762c77f11081"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e658a561a3ddecdb7adc3357c553e55c3eef3ff9c8698979c59029d4c16dbbfc"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"3f2c9c7eae96e43cefbdfb5df2607a442a3dedb0bfa6c9a3b15bf7475dddcc6c"}]},{"mode":3,"kem_id":18,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"afe4407749e1accb6df86bda61cd7d61a0e295efcc9ddffab0ef8324fcf281d15ed770776017518bf16740c0ba6523eced924c525a676ef0dcafe60d38042fff7788","seedS":"03e44c22c38d193cda5d66a314d9f36605f3c3b155acde8fe56ed2261879ffd85bf395053af9f51d54f4684ec92d7208a95692ba920c9e96f8fc131dfff8a1dac71d","seedE":"f9991b4bc4ec5ef506e36eab43ef7422b068c5e66e2ce15c0d7bfe44ceff2a3807a87638d1a3797e8f774cdf681248589cc6894d1a64da8027666328a1c32165963a","skRm":"001b6f9d8b218e96132f6f51cbbebafca37d0cbb6ef517034ce41534c90ed4687c84beebc59e8065b30937970050053a3896a6367d65f444484133e7d86597ad48cb","skSm":"0069d82b87057772df7f75dc74e78896b3450f6b694022e670f7b813bb95f9b17c8ea57d07ee79f49510d5d479fabcee75c459ed730d50ea9e055b1fe2647026aa17","skEm":"01ba14a645f950d05dea697069be887b3bd90649c7f2877ef501f83ef231e6839e07428c1731200b44082a6f184ddb26fce2641d855bf66564470752033179570bff","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040154dd6d80dcaf2bcfba96edb7e52550e41fe5d768729b5559dd77334d3ecde2b88c237f250e08184098445c3fc3596c47cdea9a2e0435f9ce472f199e5eeba3b7d100b5f6a6a55ca05a36dc544ed5cbc2b556f5e7149d11a8e7b6c5e85003118d2af94bbdd82050ece599ff29b4435da6acfb7ec3f364b8a95c577cc70a6a9a42d17c6e","pkSm":"0401367b19816b3d3a8c71cc53d2037793260a90e979ae9b4d3910e52b3cdda705dc29c4d63dfcfa0adeb2ce2827ffb52e6f0ba7d0c4aedabc68e6dd372368b8a88784014916cf8e23c8d529739d074dbe7045c81881f09dd163bbd7e9db6bcb82a45e0ef044ca181d709b7c325900e52984b82d4120d9886be387623bb9b82a4ba3537f0b","pkEm":"040011ba58eaa601f71289bcc8fa90bc70d35bcaf0d2f0afa02a3d0f4820cf70906fcf1274f2a1163081a85e81794e9fc285a57572d433189e8662fcf74f352e6c3df7010eb5612096b921e03eeb4b6bcf2a5abbc0d6dbf060d97f87628f19d97ec60a7524c28fdc0d0dbfc1765909bced9a10371abe96b47c55454ea9659bb139df6907b5","enc":"040011ba58eaa601f71289bcc8fa90bc70d35bcaf0d2f0afa02a3d0f4820cf70906fcf1274f2a1163081a85e81794e9fc285a57572d433189e8662fcf74f352e6c3df7010eb5612096b921e03eeb4b6bcf2a5abbc0d6dbf060d97f87628f19d97ec60a7524c28fdc0d0dbfc1765909bced9a10371abe96b47c55454ea9659bb139df6907b5","shared_secret":"5313dfd8b46f5749afe2457b166fe3da5ab5fd49b04fe5a13c3a23c9493320c3a32565d8fb4f8e31b0b9fb5ec81317238380a0d333afa4f243b43fe4d26626b7","key_schedule_context":"03ba90b638d5ae2c6488edc28f7abc5188a60b96c6e96367794c34759163a5ebee443d2f641d7a0594ce08b4f3653353ee089cc3091c939e8b6fe3eb4ff3748cb285b4705ede051b724ef3f87671693f5557e24db97b1d0f9157193ccb5e5493f80502223f08b249a52c75d3f0c7d70e95b529f34e03240a6755ddc65ee7b72241","secret":"3edfd3e7d221adb57d9f0c2c8005ea31e712b0d2fe21655555f9f22ba95e879669f3b634c76c21a9be38ac1965dece161a4d8cd3c63357b4f3b25e249eb5d453","key":"852e9e96c1324407fec8bfab71bcdd586984471dde8b1aa9695adb9e82b177cb","nonce":"b23012a7ee4c4dc0efa5615b","exporter_secret":"030d34aeff16f253db254d669d9a94917e098e1deb058e0c1e357868a015a76b249e8f5b339bfa9cf9cfc6844af2baffccffeeee9e64f3f912e7d738bc4c53b6","encryptions":[{"aad":"436f756e742d30","ciphertext":"c3987a07a677eaae164acf205dd188a613e6aad523b82c7d9f223fbf002ee21487a890d1df5c87f964320f6b4b","nonce":"b23012a7ee4c4dc0efa5615b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"91d2a397e07129db85c99852fa4341585ddf921d211a8f8d70b6352405210dbeb362b2dfb4d56e2c62ed5a82b3","nonce":"b23012a7ee4c4dc0efa5615a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"bc130311bc5d2987c83517797265572b43137ac317d826e59e5331a63bcea7db6081b7061ceaa8276baec39aff","nonce":"b23012a7ee4c4dc0efa56159","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"55bd00ea2b8183677a1d2dc4dbca2ab4ec2c4b39aa561113e87bccac91eba37d268c1f61b5fb2c711ea40ccd30","nonce":"b23012a7ee4c4dc0efa56158","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"a6cc3d0f30af2a46f60fff15b7cd5f256c31741085d4784a9da338f19696868495ab767f697969c476b835fff7","nonce":"b23012a7ee4c4dc0efa5615f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"082507620a7c623154bb00c92ddf9a391e4d6c3684dfaf3f55a8c4286abc781f90f24409438f510f7d16dc5a28","nonce":"b23012a7ee4c4dc0efa5615e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"62ac7e5c1a4a5ae2b17a8834b03c0ba2d6a8ef1fa3f83e8d11dc3cb489739ab793e69f0f8995b9ba74616f0328","nonce":"b23012a7ee4c4dc0efa5615d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"0c99ad2a03da9cba99c0eb5f9a70d04d028c9467379a42751af7fb38d1aea8407e2db454abb0a3dc2f547ba0a3","nonce":"b23012a7ee4c4dc0efa5615c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"647762eb26e1e1efd20eb602fd9566a0ae7a3bccbe21251cbcb8bf330b5fe10b5fa26ec765c6cda817a9b7f084","nonce":"b23012a7ee4c4dc0efa56153","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"49f0b0e212db9d73109d28b2be96309d7280d59f2e780014feea75ac0a64c4df83b00a592338ac0668e8d4c34e","nonce":"b23012a7ee4c4dc0efa56152","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"ac45b252413470b0d0187a96a64f3efd83fb804f27f3073d6175c34449c51380"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"57fd376cae557718624dc9ad46d56423e79c6d48566a0e7cd018323213a91b96"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"6f654552eb5ef7820273290de89195efd8e3a5ceb9f1a581fe7c0187015f12e8"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e30fc773747808c8be4968e9461e90467cc5d2026fb99851a64657128cca0e80"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e00988474bc3c508f397e55d160eff3d3f01793c6b66e09ad0405500f8894d91"}]},{"mode":0,"kem_id":18,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"34f96d72455fff5cf5cbf7dc32ad32473cc48f407d156f17e946fa9f8ec8c244daeb885dc5f0307d1fbec88c964dadf4aa6e0acb7df5e371bbbdcd0f6703ab1e9df2","seedE":"23df8975e1b2996c05bd32bf4cbefafec98a1f9880cf877f05af5a077d976f2bce0af7eadb24359767878cbd60f0df4d40708e900cfa08f4855b67634f842f784656","skRm":"00e11b5ce02614d436787a07b371af522c16864645091df9d1c3c4bb50870dae5d3229dd0f3f3955bab7933454c6f9b958a1979da757c21e705bf56920842aeb4dc5","skEm":"00a135a1d72cc0d10d654641f9f8c6d0d666419f8eb97a6d288dc8b091f8d8c77de3dcd0ab4b340efd7f1bdf9f511f00b33b35d00c9d8d87c00192ea8ed4f137cdfa","pkRm":"04000f20a75c2c4797a2cffd54020cdbe8e8ffa975e3222323bf160e667db88b1deded22d9b8ef5e4401c86b5f293d353d6d28da03c06ed36e5c4759eccaa61b06b760010418a7e5ac5ebc270613fbc39dace37fd082c58680c7861be126627e45d99dea4311dd4075f0288eeebe090216d367c661478fb73f87b1bc7f34ad819e968fca67","pkEm":"0401e061860220dfd47ed6b2911ab27870e3d798fcf7c06328e446648c781f60d7c71389dbd1bdb41ce2bba456191c326e3c44bafcabd13b85bdb5b98438abadeca55b00fbe389412fe3d8770b72e6b096e5d1777de3b75cfbb8d920d9c2730a05f71490e295f8304177d37b9c021bcf9ab79b301f59c30f46efb50cb20f13a9090f7ec19a","enc":"0401e061860220dfd47ed6b2911ab27870e3d798fcf7c06328e446648c781f60d7c71389dbd1bdb41ce2bba456191c326e3c44bafcabd13b85bdb5b98438abadeca55b00fbe389412fe3d8770b72e6b096e5d1777de3b75cfbb8d920d9c2730a05f71490e295f8304177d37b9c021bcf9ab79b301f59c30f46efb50cb20f13a9090f7ec19a","shared_secret":"032c6f5a957f0f62c33d26c0204f79a0e68211f46c8b9e199383d19c91a33621032e423d9a0cc73688ea51eb63902e0f6f94738f2ed59fc5636863cafdf203fb","key_schedule_context":"000c4b4692570e10a3ccd0199ca48594d44ab05fdec28bbee21b8a7c0ba7c15b68cb32a4df5f9f6e4584454e9bc484777e35170a86e8efb50ff97fc9c192657bd285b4705ede051b724ef3f87671693f5557e24db97b1d0f9157193ccb5e5493f80502223f08b249a52c75d3f0c7d70e95b529f34e03240a6755ddc65ee7b72241","secret":"ab42a848d9780ae1931fb23bb04ffe56c48baa7c434bfac848c6e82086731d079a11bba87bff947a3045c9a695435c7e1b3e61c3dcf9ca52f9a64ec304771b83","key":"e35998471d57288d507acca857d1a54aac979b33a09970792d701750c5ce80e8","nonce":"b05eaaa142a6c099b1ca6bd5","exporter_secret":"087ab9bb45fc44ef31ad7613d1e6e23bff633cc62419b2a9a2fb85d758498c09339d6825f6050c022a8dadbcc6cbce8af6c3dcac5c0922643add9be37d650879","encryptions":[{"aad":"436f756e742d30","ciphertext":"f8e000cb5bf86633c9b5843fca18a9b76d8403b6e5b34b9d32e17b54bc8b3fd8e1a3e6d46bb77e183923f898eb","nonce":"b05eaaa142a6c099b1ca6bd5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"55277cc7058163d4a452475b799860918baf2d1abd39dc1cddafa7644a7f7f4531040573c4b28d51a843fb93c5","nonce":"b05eaaa142a6c099b1ca6bd4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"f0e236a160eb3099a54bd9442a00cceed874c3f8e978b4c8eb8d5d9422ea277f53d4c32e256c0319fe8ef811be","nonce":"b05eaaa142a6c099b1ca6bd7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"36c6f570dc06af1942c2215c938e0492a3ca55454e178695b68988a6d0f048eb27243481c380e2b087f7b98746","nonce":"b05eaaa142a6c099b1ca6bd6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"47937d634c694c2bc5dc129f63575bc8ffd124c74bcda217611ace1e85d0f2068502a07f8bf9e1b11b866902ee","nonce":"b05eaaa142a6c099b1ca6bd1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d255bbb6093c09dae581acecc9ad346ae6dd36434ab901049bac2c025f596001598db8916c4e18693947883f90","nonce":"b05eaaa142a6c099b1ca6bd0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"eed848c4d26eeb0ff0d9efd83e58141ccbbad6aff02c0bf860cb1c72336ef675e0ab8344783da73c88d4800f20","nonce":"b05eaaa142a6c099b1ca6bd3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"cb5c20d1933a689471c4b41dc0536f55c632ed5b813ed858698f48212182b46194a65fa3e45f0dc2c85e709f70","nonce":"b05eaaa142a6c099b1ca6bd2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"b17bb76868696bea4d2f53b0093f3417ad7abb420b9b70136f0e410412760485daac2d6b8079048956c27339cf","nonce":"b05eaaa142a6c099b1ca6bdd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0e018ba4f0e68609e0c25d1cbb60b76d3e82307a4082c2f84644ba057d4e30ffad17dd88ea84e6991e1bdbae56","nonce":"b05eaaa142a6c099b1ca6bdc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"08304ed9b5662626f17776984b6e436064cccd7e127d310500a7a5a1148bda62"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"d9284031c5313ba52af01c94610522c461b197ba5e41bdfd40715d3160b9ab6b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b237a77ff26dac6bc943e8c1591450ef14746d3e5c0cfdd992c83511639b639c"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c65e387998306596a46ba5eec6de3656981a9109c04a61189872e7d024d19061"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"44b1e6f27a6c8a64eab67f38e9e05b3d9faea16b8ad15754017be8379f31c7df"}]},{"mode":1,"kem_id":18,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"06ce5eac5f1a343457310f980a85c98a025f7d347a4989f20b37d4490be06973e0e7387b354741bb8c68b0430b92d6c40d261a5133a9c4089b1ac330a0942b8f1d6d","seedE":"215ad8753c7ec0943db82736f0f27dec22ef24e0eb907404fb54529a80bb295bf190e351c071152e45a40d8b334e26d129017759f89c05eb9e4d8fe5b4c101332e6e","skRm":"003f9b68b4b9bb36a971332ffd3c261ef9ec5f3a1b35709587d52451250aeccb00ebd45498fc49ed2f68e953cfef143a94042069dee78453a4ecd92723a0378d1d30","skEm":"0078a53316b3eae95a32615fb823ab2c4f9d1a6a399781c91b47f6346aac8c7048d0ee49d13eef1caf06d8a5db7676650fa502a93a7f25cda37274c4f0aa831608e8","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04014c8135371e0adcf36f3d89a4517e432f52685901e9007029826482cf88f2c32d127275665a1b7e899cc0669644a8568268c30e4138c2077fbbf86473a74b9d03dc000865206ab6144f0822b71ab108ddad34de1798baa0fb0b3027ab79f6309767a0fa6d897d41be6d39130396f8a8e294d63dce5a561b34a21021d3241fec084feacf","pkEm":"0401e84ce1918ec8493e0f1677eb82df1d572d66edf701868d1069fc9fcd2e375b8d87db4c3ace7377b40075344f0998381e6153128a25b3fdae0dee905be99beaac42013c034473a22ed6b47d61a1b73974c7b126d26237f6025384467f0c5fcff0b00fa5b5f3ebe307d1d62022e63b023ffbba6fc699bbfd194b10436d36520b65bed0ba","enc":"0401e84ce1918ec8493e0f1677eb82df1d572d66edf701868d1069fc9fcd2e375b8d87db4c3ace7377b40075344f0998381e6153128a25b3fdae0dee905be99beaac42013c034473a22ed6b47d61a1b73974c7b126d26237f6025384467f0c5fcff0b00fa5b5f3ebe307d1d62022e63b023ffbba6fc699bbfd194b10436d36520b65bed0ba","shared_secret":"2ad342c278b53163e11fb875f0faaf20e9d94064f3f59f0666f3d0c65bd32ccfb81014d230beaaf020bfe2f299207ed083e22ea2fb969075bac0ff0123f125b8","key_schedule_context":"01ba90b638d5ae2c6488edc28f7abc5188a60b96c6e96367794c34759163a5ebee443d2f641d7a0594ce08b4f3653353ee089cc3091c939e8b6fe3eb4ff3748cb285b4705ede051b724ef3f87671693f5557e24db97b1d0f9157193ccb5e5493f80502223f08b249a52c75d3f0c7d70e95b529f34e03240a6755ddc65ee7b72241","secret":"ba24c236cb1fa88b056dc0c4785fb9f84e21be13457dfe8e1de33880774a7623f6433991c3c2454c8730b29b253d059db2ce45d2b64b5a03e38655842d0abee4","key":"e0f3753dc876574371aa8e394a7bb57d7111a9ac89e831d01fab3e696192c4f6","nonce":"1c89b4c0bfcc29ef25a86332","exporter_secret":"6fdc99f9f22334e67a7c001edfa51022937bd55b39b55e6338241e9c483c50ca80e2f6d55ded200eabd6b5906f2436fa7add2a19522bf1c5e7ae3a6d265aab60","encryptions":[{"aad":"436f756e742d30","ciphertext":"9ebc5df2bf8909d59be29c6c21ad762d155d0da35d56c307ce5d07725a27fd4b05dd81594b11859e69c0314ad0","nonce":"1c89b4c0bfcc29ef25a86332","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"3a386a718d4f1b1236b53b80930cc6446eaecec3344ea5faf9dea7baca6cd9b72a9c380aa228129db8e2b264f0","nonce":"1c89b4c0bfcc29ef25a86333","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"6fa2d6e7499ae9e07e6e74cdfd6ad0268019ad1148eb66b8f838a60f511310983f9ac8e3066a24da9022bbea10","nonce":"1c89b4c0bfcc29ef25a86330","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"185f703fd97382de28c5112a16644e0f2fc93d298fdf8866c264861b753d1b650e43ba2a11c4ec5ead75edf472","nonce":"1c89b4c0bfcc29ef25a86331","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b977ef5a55a218276270b82b9e8cb90834ad084d79c98510f48b6bb67f8b3c5d543c027d5a5e8684fc5334cee6","nonce":"1c89b4c0bfcc29ef25a86336","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"174c17d85c76cba81350d6e3defe1508d1cb3dff7c29248861fac50b41cff84aa005d465003570129bbfc81d43","nonce":"1c89b4c0bfcc29ef25a86337","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"993cef0582117fad1c9c96912ddad7181c4f58b83e7a04e6ab675013a400e7c7fadefdd9a6e9067db2560834ef","nonce":"1c89b4c0bfcc29ef25a86334","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"0529400ccf6ec71e4ae67825a0382600fccf79bead2a7213eb6d5656ac106fb2ca8bae529c8074f51f9627e80c","nonce":"1c89b4c0bfcc29ef25a86335","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"447615a7d3ace31a21318a17c12e0bd8591f84c97af7c8e0743d80bfc528a57b7cbe1997dff9569020205a756a","nonce":"1c89b4c0bfcc29ef25a8633a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"539df2098a05ecca7292f3365710b5069edd4cb08807aeffde0998d02e26262daca7f30bc70803e16625f7fe70","nonce":"1c89b4c0bfcc29ef25a8633b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c667337f991a30700c05e844f2583684879d751a47233ddb648a26b11d6dadf3"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"5f1d637ce893b6d7623363ab5a5e96da30dc38722066ab47083926024d9d10f0"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"678ab9525540685f6392caf8e993a55c75e1a1d1d3f86a5e9e518cbb07f526d8"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"776549da419022b315f56c0bf22e6e52a022d19e1e309068fccac969c7aa20c5"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"9c76568baea3c1a56ecde1563957f06eea16450965e99a4d834c2fe99846fa72"}]},{"mode":2,"kem_id":18,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"bdc75e222461b29945232c18e575c43dfbc87248babfa4946ba5cf81bca05738f37c98a353ea5f4a040f3e4033af0f23a23ea247c6b46d51efbeb62c7b023ea3b148","seedS":"14a6b525f3a31214e0622df5914b1e2c88f085ec4c365eace3776f53b96f25dacd53655ded74fa0404e2b6fad7bbea49d00510f6cc1586db408e099196af3712e31b","seedE":"663368cede158c61cb598d3e941018c92c57dda845769ad43edebc5421faeda7c8f3b7b151991847a24af7dcaf68d49b53746d57fc56c6273a5a8210842144b9ff5f","skRm":"00fd468b7f46869792a31fddaf39a2952db8fb25f0f70c2dc1c4dd755c579837e7bb4107b15c516392a5fd60603e1d4eb96588d9f81d4add76a86ac3cbcf17517b03","skSm":"01b84829e2c24fa23e679061d049d2e0ec92bbad36f45466dd05b62f63308a3443bff73b7d4e602e3288418b6300bd679f0b733f46e820ec30ce52984ba447a8f15b","skEm":"0003d8bbac36045c78cdcab360682542310c5c7381ef1f7a7155008aa76209a4b04ea8cd1ae25af3666f49643f2f79bc2b242acb3cbbcf4c4a6acce668bac8da9e4a","pkRm":"040180404868dcb3e9c55a9dd5d667bdc1f7745ad4911ae21cff8a84d54ff2767ae2f52b2dbd56a7359afc5d63c9b26c6704597d37c0d10b2a063bdc2bcef872ba266901405f3b12625fb57739bab027da62622732fd098bb10b3c9be7d9263ab58ab40da8ee9544716de4ade3dbce40d0b3d9dbdbc2935955d5ead812bfd43ae8f3e3dd87","pkSm":"0401780a6096a2b3737a94d2fdc7cbe17ea25bece2ede690ec5b8318feb09710c9dc6985d1d55e71d82899b46b8f81dcf0a5e9a728b0b7c1896b6ec2cabf314b017a3100fed5e4a2a147da5f747819b894f4768e8d15ec6b44b983dba8c927d5988d8b48c49cad592197f257c0a490204d2a4cd780f9ab0ec47e466bdafac2cecfcecfb0bb","pkEm":"04017136a689703e87f63e9a72f63e8eceaf0ee7430212f5a95b0a8de447276fb8b4ea1f95e429776a2dfe0e687327072bba3e422d2454f74da6a838caa20c0e420dd700de3828b02ad43ce01ebd3e1524e83c2ab4f1c8989c252856bad2c3d646137c627f64a682dde2af46fa3fe1461243992c45039d7365bb5d19e8df355dbf57f426b1","enc":"04017136a689703e87f63e9a72f63e8eceaf0ee7430212f5a95b0a8de447276fb8b4ea1f95e429776a2dfe0e687327072bba3e422d2454f74da6a838caa20c0e420dd700de3828b02ad43ce01ebd3e1524e83c2ab4f1c8989c252856bad2c3d646137c627f64a682dde2af46fa3fe1461243992c45039d7365bb5d19e8df355dbf57f426b1","shared_secret":"0b92b8a7ab50f9c1d6412174d8b6cce17e7eb1ef0b455ee9bd01688fae37b1a07f4b69fcbd15c45aed54d9b05f32c1c1e79e9da25ecb290b3255b94059667ec8","key_schedule_context":"020c4b4692570e10a3ccd0199ca48594d44ab05fdec28bbee21b8a7c0ba7c15b68cb32a4df5f9f6e4584454e9bc484777e35170a86e8efb50ff97fc9c192657bd285b4705ede051b724ef3f87671693f5557e24db97b1d0f9157193ccb5e5493f80502223f08b249a52c75d3f0c7d70e95b529f34e03240a6755ddc65ee7b72241","secret":"1ae455b1ff4262402d51ef444b365e3fc4a7db7fbbe803ba99dd0c95666c13c79e4a076361a51fa2dbecef1203cc5e8b41a4e0f0a557357aa0bcf153f557a89c","key":"74d2dd38d29d85a7fea3477ac829f87761c895dae1eadbf08bb3fb54cb1a3002","nonce":"26491428068e251cd5ad4abc","exporter_secret":"199eb590ec1b3efba9862f2aad38cbaffa7707f6efe322f51b739dce559d2790f849f42df2b3970e0b11c3ac167a8b7beef3a767fc010d63d8842b2945858e32","encryptions":[{"aad":"436f756e742d30","ciphertext":"4c91d2555698f13bcd72b9a7182ceff63b8b87923878a8c7cf123544021d507793e2240002e0cf9eb6194a4abc","nonce":"26491428068e251cd5ad4abc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"695b3cd21bbb0d761f687b491a26f7a37b6882077cd009088b163252952be614c8298130fa162f172c79ae9b08","nonce":"26491428068e251cd5ad4abd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"297f2f4016e8f8548237f71260a61d97988aa735e51416c5d50f9526963d952358879acdf0d42ae62ff752e398","nonce":"26491428068e251cd5ad4abe","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"77f36aa92abfca832eff9eebab38aae243fca2f5e92104e121073354c5e91d0bae83bbb0ebc22c2f714ece511a","nonce":"26491428068e251cd5ad4abf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"cac020669fc237f86d87ff01da53700e30926ababaa969e9cedff09927fea51ba085968e5c771df21d221c4586","nonce":"26491428068e251cd5ad4ab8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"c5ba87783306fef4dc9194303842157f15297db455e03a0ab3d9fcb1668aefbd04fd67061094430e36d80c0277","nonce":"26491428068e251cd5ad4ab9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"5e8843a20d892552805509ce1fd56145d7daecfeb9ee68f0219acd24a30450c98afa0c71c081473126e0183619","nonce":"26491428068e251cd5ad4aba","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"41794416c888b614a61e1ed77e4a0e67be499f5149776df19fb21f20b513931c9eaf176f05d04a774dd575da76","nonce":"26491428068e251cd5ad4abb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5bd00423e8ead9723974afbc69dcefe1c927e5a1d2468bec18ae974716bfd4c0f611ecdd733597012e07e48f23","nonce":"26491428068e251cd5ad4ab4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"beeb349c2d3e9d9854e10360c693276fc37b68bb525f1d5ca7e52693cf56fe5f3d40590cb4881557aa281fc0a8","nonce":"26491428068e251cd5ad4ab5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c2f634df11bdf5c8fb625574b5dca7454ebd831c429a4ba93bce77f7da313eed"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"0194148e428330492491c5a2edc42ced978e95a8aef4f7dc232203dd0b458516"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"bf81fe58fcc3ee0fc74498e411f00c29121027c435ef10e74a2c665dd905a34e"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b8e3f171a971de018ef915256f2c0df13f98f4658b2633ae4bba37ba5dfe999b"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"fa48a2235fecceb879de1ef4f1871a74304b96d49c68c52c101836a88b35687b"}]}] \ No newline at end of file diff --git a/crypto/hpke/translate_test_vectors.py b/crypto/hpke/translate_test_vectors.py index 05669bd727..6d73228347 100755 --- a/crypto/hpke/translate_test_vectors.py +++ b/crypto/hpke/translate_test_vectors.py @@ -47,10 +47,10 @@ def read_test_vectors_and_generate_code(json_file_in_path, test_file_out_path): for test in test_vecs: # Filter out test cases that we don't use. if (test["mode"] != HPKE_MODE_BASE or - test["kemID"] != HPKE_DHKEM_X25519_SHA256): + test["kem_id"] != HPKE_DHKEM_X25519_SHA256): continue - for key in ("kdfID", "aeadID", "info", "skRm", "skEm", "pkRm", "pkEm"): + for key in ("kdf_id", "aead_id", "info", "skRm", "skEm", "pkRm", "pkEm"): lines.append("{} = {}".format(key, str(test[key]))) for i, enc in enumerate(test["encryptions"]): From 56308910f38a7e558205eccda134bc6e2215fb7e Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Thu, 13 Aug 2020 15:07:00 -0700 Subject: [PATCH 072/399] delocate: use 64-bit GOT offsets in the large memory model. I tried to save space and use 32-bit GOT offsets since a GOT > 2GiB is crazy. However, Clang's linker emits 64-bit relocations even for .long, thus the four bytes following each offset get stomped. It mostly works because the relocations are applied in order, thus the following relocation gets stomped but is then processed and fixed. But there's four bytes of stomp at the end which hits the module integrity hash, which is fatal. This could be fixed by adding four bytes of padding after the list of offsets, but that's piling a hack on a hack. So this change just switches to 64-bit offsets. Change-Id: I227eec67c481d93a414fbed19aa99471f9df0f0e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42484 Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- util/fipstools/delocate/delocate.go | 14 ++++++-------- .../delocate/testdata/x86_64-LargeMemory/out.s | 8 ++++---- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/util/fipstools/delocate/delocate.go b/util/fipstools/delocate/delocate.go index 05d591193a..200a8388e2 100644 --- a/util/fipstools/delocate/delocate.go +++ b/util/fipstools/delocate/delocate.go @@ -1271,12 +1271,10 @@ Args: changed = true wrappers = append(wrappers, func(k func()) { - // While the compiler output supports 64-bit offsets in the GOT, - // https://refspecs.linuxbase.org/elf/x86_64-abi-0.98.pdf page 70, footnote - // 3 says that the GOT is limited to 32 bits. It's not clear about - // signed/unsigned but a GOT with more than 2^31 entries seems implausible - // so we save the extra space. - d.output.WriteString(fmt.Sprintf("\tmovsl .Lboringssl_%s_%s(%%rip), %s\n", prefix, symbol, targetReg)) + // Even if one tries to use 32-bit GOT offsets, Clang's linker (at the time + // of writing) emits 64-bit relocations anyway, so the following four bytes + // get stomped. Thus we use 64-bit offsets. + d.output.WriteString(fmt.Sprintf("\tmovq .Lboringssl_%s_%s(%%rip), %s\n", prefix, symbol, targetReg)) }) default: @@ -1573,11 +1571,11 @@ func transform(w stringWriter, inputs []inputFile) error { for _, name := range sortedSet(d.gotOffsetsNeeded) { w.WriteString(".Lboringssl_got_" + name + ":\n") - w.WriteString("\t.long " + name + "@GOT\n") + w.WriteString("\t.quad " + name + "@GOT\n") } for _, name := range sortedSet(d.gotOffOffsetsNeeded) { w.WriteString(".Lboringssl_gotoff_" + name + ":\n") - w.WriteString("\t.long " + name + "@GOTOFF\n") + w.WriteString("\t.quad " + name + "@GOTOFF\n") } } diff --git a/util/fipstools/delocate/testdata/x86_64-LargeMemory/out.s b/util/fipstools/delocate/testdata/x86_64-LargeMemory/out.s index 9000b010a2..d4534f8a0d 100644 --- a/util/fipstools/delocate/testdata/x86_64-LargeMemory/out.s +++ b/util/fipstools/delocate/testdata/x86_64-LargeMemory/out.s @@ -13,7 +13,7 @@ BORINGSSL_bcm_text_start: addq $.Lboringssl_got_delta-.L0, %rcx addq %rax, %rcx # WAS movabsq $_Z1gv@GOTOFF, %rax - movsl .Lboringssl_gotoff__Z1gv(%rip), %rax + movq .Lboringssl_gotoff__Z1gv(%rip), %rax addq %rcx, %rax jmpq *%rax @@ -27,7 +27,7 @@ BORINGSSL_bcm_text_start: addq $.Lboringssl_got_delta-.L0$pb, %rcx addq %rax, %rcx # WAS movabsq $h@GOT, %rax - movsl .Lboringssl_got_h(%rip), %rax + movq .Lboringssl_got_h(%rip), %rax movq (%rcx,%rax), %rax movl (%rax), %eax retq @@ -55,9 +55,9 @@ OPENSSL_ia32cap_addr_delta: .Lboringssl_got_delta: .quad _GLOBAL_OFFSET_TABLE_-.Lboringssl_got_delta .Lboringssl_got_h: - .long h@GOT + .quad h@GOT .Lboringssl_gotoff__Z1gv: - .long _Z1gv@GOTOFF + .quad _Z1gv@GOTOFF .type BORINGSSL_bcm_text_hash, @object .size BORINGSSL_bcm_text_hash, 64 BORINGSSL_bcm_text_hash: From edd4c5f76796e7c03168f8e30740d9edfc6caa90 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 19 Aug 2020 14:46:17 -0400 Subject: [PATCH 073/399] Consistently sort generated build files. Most of the output formats manually call sorted(), which I've retained since they often concatenate multiple file lists, but the JSON output dumps the object to JSON directly. Sort everything earlier so the JSON output is deterministic. Change-Id: I9940f4ef3eb85a3fd7337058f5d7ce0ce6e28b9d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42544 Reviewed-by: Adam Langley --- util/generate_build_files.py | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/util/generate_build_files.py b/util/generate_build_files.py index 793652875e..ba87f654e2 100644 --- a/util/generate_build_files.py +++ b/util/generate_build_files.py @@ -701,6 +701,7 @@ def FindCFiles(directory, filter_func): if not filter_func(path, dirname, True): del dirnames[i] + cfiles.sort() return cfiles @@ -720,6 +721,7 @@ def FindHeaderFiles(directory, filter_func): if not filter_func(path, dirname, True): del dirnames[i] + hfiles.sort() return hfiles @@ -817,6 +819,9 @@ def WriteAsmFiles(perlasms): for (key, non_perl_asm_files) in NON_PERL_FILES.iteritems(): asmfiles.setdefault(key, []).extend(non_perl_asm_files) + for files in asmfiles.itervalues(): + files.sort() + return asmfiles @@ -869,6 +874,7 @@ def main(platforms): cwd=os.path.join('src', 'crypto', 'err'), stdout=err_data) crypto_c_files.append('err_data.c') + crypto_c_files.sort() test_support_c_files = FindCFiles(os.path.join('src', 'crypto', 'test'), NotGTestSupport) @@ -898,12 +904,14 @@ def main(platforms): file for file in crypto_test_files if not file.endswith('/urandom_test.cc') ] + crypto_test_files.sort() ssl_test_files = FindCFiles(os.path.join('src', 'ssl'), OnlyTests) ssl_test_files += [ 'src/crypto/test/abi_test.cc', 'src/crypto/test/gtest_main.cc', ] + ssl_test_files.sort() urandom_test_files = [ 'src/crypto/fipsmodule/rand/urandom_test.cc', @@ -911,17 +919,13 @@ def main(platforms): fuzz_c_files = FindCFiles(os.path.join('src', 'fuzz'), NoTests) - ssl_h_files = ( - FindHeaderFiles( - os.path.join('src', 'include', 'openssl'), - SSLHeaderFiles)) + ssl_h_files = FindHeaderFiles(os.path.join('src', 'include', 'openssl'), + SSLHeaderFiles) def NotSSLHeaderFiles(path, filename, is_dir): return not SSLHeaderFiles(path, filename, is_dir) - crypto_h_files = ( - FindHeaderFiles( - os.path.join('src', 'include', 'openssl'), - NotSSLHeaderFiles)) + crypto_h_files = FindHeaderFiles(os.path.join('src', 'include', 'openssl'), + NotSSLHeaderFiles) ssl_internal_h_files = FindHeaderFiles(os.path.join('src', 'ssl'), NoTests) crypto_internal_h_files = ( @@ -933,19 +937,19 @@ def NotSSLHeaderFiles(path, filename, is_dir): 'crypto': crypto_c_files, 'crypto_headers': crypto_h_files, 'crypto_internal_headers': crypto_internal_h_files, - 'crypto_test': sorted(crypto_test_files), + 'crypto_test': crypto_test_files, 'crypto_test_data': sorted('src/' + x for x in cmake['CRYPTO_TEST_DATA']), 'fips_fragments': fips_fragments, 'fuzz': fuzz_c_files, 'ssl': ssl_source_files, 'ssl_headers': ssl_h_files, 'ssl_internal_headers': ssl_internal_h_files, - 'ssl_test': sorted(ssl_test_files), + 'ssl_test': ssl_test_files, 'tool': tool_c_files, 'tool_headers': tool_h_files, 'test_support': test_support_c_files, 'test_support_headers': test_support_h_files, - 'urandom_test': sorted(urandom_test_files), + 'urandom_test': urandom_test_files, } asm_outputs = sorted(WriteAsmFiles(ReadPerlAsmOperations()).iteritems()) From c947efabcbc38dcf93e8ad0e6a76206cf0ec8072 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 19 Aug 2020 12:24:32 -0400 Subject: [PATCH 074/399] Add set1 versions of X509 timestamp setters. OpenSSL renamed the preferred spelling of X509_set_notBefore to X509_set1_notBefore, etc., in 568ce3a583a17c33feacbf5028ece9f7f0680478. Add the set1 names and update uses within the library. Change-Id: Ib211e356da9de963990ad2b330249383ccfef7e5 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42524 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/x509/t_crl.c | 6 ++-- crypto/x509/x509_set.c | 4 +-- crypto/x509/x509_vfy.c | 14 ++++----- crypto/x509/x509cset.c | 4 +-- include/openssl/x509.h | 67 ++++++++++++++++++++++++++++++++---------- 5 files changed, 65 insertions(+), 30 deletions(-) diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c index dc9b87f8fc..14f98c54ed 100644 --- a/crypto/x509/t_crl.c +++ b/crypto/x509/t_crl.c @@ -91,10 +91,10 @@ int X509_CRL_print(BIO *out, X509_CRL *x) BIO_printf(out, "%8sIssuer: %s\n", "", p); OPENSSL_free(p); BIO_printf(out, "%8sLast Update: ", ""); - ASN1_TIME_print(out, X509_CRL_get_lastUpdate(x)); + ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x)); BIO_printf(out, "\n%8sNext Update: ", ""); - if (X509_CRL_get_nextUpdate(x)) - ASN1_TIME_print(out, X509_CRL_get_nextUpdate(x)); + if (X509_CRL_get0_nextUpdate(x)) + ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x)); else BIO_printf(out, "NONE"); BIO_printf(out, "\n"); diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index e7bfbe38af..0fcdc5a698 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -117,7 +117,7 @@ int X509_set_subject_name(X509 *x, X509_NAME *name) return (X509_NAME_set(&x->cert_info->subject, name)); } -int X509_set_notBefore(X509 *x, const ASN1_TIME *tm) +int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm) { ASN1_TIME *in; @@ -155,7 +155,7 @@ ASN1_TIME *X509_get_notBefore(const X509 *x509) return x509->cert_info->validity->notBefore; } -int X509_set_notAfter(X509 *x, const ASN1_TIME *tm) +int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm) { ASN1_TIME *in; diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 308ebbc3ae..9839b95e3b 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1037,7 +1037,7 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) else ptime = NULL; - i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); + i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime); if (i == 0) { if (!notify) return 0; @@ -1054,8 +1054,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) return 0; } - if (X509_CRL_get_nextUpdate(crl)) { - i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); + if (X509_CRL_get0_nextUpdate(crl)) { + i = X509_cmp_time(X509_CRL_get0_nextUpdate(crl), ptime); if (i == 0) { if (!notify) @@ -1100,8 +1100,8 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, /* If current CRL is equivalent use it if it is newer */ if (crl_score == best_score && best_crl != NULL) { int day, sec; - if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl), - X509_CRL_get_lastUpdate(crl)) == 0) + if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl), + X509_CRL_get0_lastUpdate(crl)) == 0) continue; /* * ASN1_TIME_diff never returns inconsistent signs for |day| @@ -2058,9 +2058,9 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer))) goto memerr; - if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer))) + if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer))) goto memerr; - if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer))) + if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer))) goto memerr; /* Set base CRL number: must be critical */ diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index d2f2b8fa0b..ba868b3c22 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -79,7 +79,7 @@ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) return (X509_NAME_set(&x->crl->issuer, name)); } -int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) +int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) { ASN1_TIME *in; @@ -96,7 +96,7 @@ int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) return (in != NULL); } -int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) +int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) { ASN1_TIME *in; diff --git a/include/openssl/x509.h b/include/openssl/x509.h index d3b32a83b5..4127377998 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -146,7 +146,7 @@ struct X509_name_st { STACK_OF(X509_NAME_ENTRY) * entries; int modified; // true if 'bytes' needs to be built BUF_MEM *bytes; - // unsigned long hash; Keep the hash around for lookups + // unsigned long hash; Keep the hash around for lookups unsigned char *canon_enc; int canon_enclen; } /* X509_NAME */; @@ -470,6 +470,11 @@ struct Netscape_spki_st { extern "C" { #endif +// TODO(davidben): Document remaining functions, reorganize them, and define +// supported patterns for using |X509| objects in general. In particular, when +// it is safe to call mutating functions is a little tricky due to various +// internal caches. + // X509_get_version returns the numerical value of |x509|'s version. That is, // it returns zero for X.509v1, one for X.509v2, and two for X.509v3. Unknown // versions are rejected by the parser, but a manually-created |X509| object may @@ -477,16 +482,40 @@ extern "C" { // version, or -1 on overflow. OPENSSL_EXPORT long X509_get_version(const X509 *x509); -// X509_get_notBefore returns |x509|'s notBefore value. Note this function is -// not const-correct for legacy reasons. Use |X509_get0_notBefore| or +// X509_get0_notBefore returns |x509|'s notBefore time. +OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x509); + +// X509_get0_notAfter returns |x509|'s notAfter time. +OPENSSL_EXPORT const ASN1_TIME *X509_get0_notAfter(const X509 *x509); + +// X509_set1_notBefore sets |x509|'s notBefore time to |tm|. It returns one on +// success and zero on error. +OPENSSL_EXPORT int X509_set1_notBefore(X509 *x509, const ASN1_TIME *tm); + +// X509_set1_notAfter sets |x509|'s notAfter time to |tm|. it returns one on +// success and zero on error. +OPENSSL_EXPORT int X509_set1_notAfter(X509 *x509, const ASN1_TIME *tm); + +// X509_getm_notBefore returns a mutable pointer to |x509|'s notBefore time. +OPENSSL_EXPORT ASN1_TIME *X509_getm_notBefore(X509 *x509); + +// X509_getm_notAfter returns a mutable pointer to |x509|'s notAfter time. +OPENSSL_EXPORT ASN1_TIME *X509_getm_notAfter(X509 *x); + +// X509_get_notBefore returns |x509|'s notBefore time. Note this function is not +// const-correct for legacy reasons. Use |X509_get0_notBefore| or // |X509_getm_notBefore| instead. OPENSSL_EXPORT ASN1_TIME *X509_get_notBefore(const X509 *x509); -// X509_get_notAfter returns |x509|'s notAfter value. Note this function is not +// X509_get_notAfter returns |x509|'s notAfter time. Note this function is not // const-correct for legacy reasons. Use |X509_get0_notAfter| or // |X509_getm_notAfter| instead. OPENSSL_EXPORT ASN1_TIME *X509_get_notAfter(const X509 *x509); +// The following symbols are deprecated aliases to |X509_set1_*|. +#define X509_set_notBefore X509_set1_notBefore +#define X509_set_notAfter X509_set1_notAfter + // X509_get_cert_info returns |x509|'s TBSCertificate structure. Note this // function is not const-correct for legacy reasons. // @@ -521,15 +550,29 @@ OPENSSL_EXPORT long X509_CRL_get_version(const X509_CRL *crl); // X509_CRL_get0_lastUpdate returns |crl|'s lastUpdate time. OPENSSL_EXPORT const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); -// X509_CRL_get0_lastUpdate returns |crl|'s nextUpdate time. +// X509_CRL_get0_nextUpdate returns |crl|'s nextUpdate time, or NULL if |crl| +// has none. OPENSSL_EXPORT const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +// X509_CRL_set1_lastUpdate sets |crl|'s lastUpdate time to |tm|. It returns one +// on success and zero on error. +OPENSSL_EXPORT int X509_CRL_set1_lastUpdate(X509_CRL *crl, const ASN1_TIME *tm); + +// X509_CRL_set1_nextUpdate sets |crl|'s nextUpdate time to |tm|. It returns one +// on success and zero on error. +OPENSSL_EXPORT int X509_CRL_set1_nextUpdate(X509_CRL *crl, const ASN1_TIME *tm); + +// The following symbols are deprecated aliases to |X509_CRL_set1_*|. +#define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate +#define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate + // X509_CRL_get_lastUpdate returns a mutable pointer to |crl|'s lastUpdate time. -// Use |X509_CRL_get0_lastUpdate| or |X509_CRL_set_lastUpdate| instead. +// Use |X509_CRL_get0_lastUpdate| or |X509_CRL_set1_lastUpdate| instead. OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl); -// X509_CRL_get_nextUpdate returns a mutable pointer to |crl|'s nextUpdate time. -// Use |X509_CRL_get0_nextUpdate| or |X509_CRL_set_nextUpdate| instead. +// X509_CRL_get_nextUpdate returns a mutable pointer to |crl|'s nextUpdate time, +// or NULL if |crl| has none. Use |X509_CRL_get0_nextUpdate| or +// |X509_CRL_set1_nextUpdate| instead. OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl); // X509_CRL_get_issuer returns |crl|'s issuer name. Note this function is not @@ -858,12 +901,6 @@ OPENSSL_EXPORT int X509_set_issuer_name(X509 *x, X509_NAME *name); OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(X509 *a); OPENSSL_EXPORT int X509_set_subject_name(X509 *x, X509_NAME *name); OPENSSL_EXPORT X509_NAME *X509_get_subject_name(X509 *a); -OPENSSL_EXPORT int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); -OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x); -OPENSSL_EXPORT ASN1_TIME *X509_getm_notBefore(X509 *x); -OPENSSL_EXPORT int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); -OPENSSL_EXPORT const ASN1_TIME *X509_get0_notAfter(const X509 *x); -OPENSSL_EXPORT ASN1_TIME *X509_getm_notAfter(X509 *x); OPENSSL_EXPORT int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x); OPENSSL_EXPORT ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); @@ -911,8 +948,6 @@ OPENSSL_EXPORT int X509_REQ_add1_attr_by_txt(X509_REQ *req, OPENSSL_EXPORT int X509_CRL_set_version(X509_CRL *x, long version); OPENSSL_EXPORT int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); -OPENSSL_EXPORT int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); -OPENSSL_EXPORT int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); OPENSSL_EXPORT int X509_CRL_sort(X509_CRL *crl); OPENSSL_EXPORT int X509_CRL_up_ref(X509_CRL *crl); From 9372f38cd06d181e8c9badf34d0d733670f282cc Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 14 Aug 2020 13:58:34 -0400 Subject: [PATCH 075/399] Bound RSA and DSA key sizes better. Most asymmetric operations scale superlinearly, which makes them potential DoS vectors. This (and other problems) are mitigated with fixed sizes, like RSA-2048, P-256, or curve25519. In older algorithms like RSA and DSA, these sizes are conventions rather than well-defined algorithms. "Everyone" uses RSA-2048, but code which imports an RSA key may see an arbitrary key size, possibly from an untrusted source. This is commonly a public key, so we bound RSA key sizes in check_modulus_and_exponent_sizes. However, some applications import external private keys, and may need tighter bounds. These typically parse the key then check the result. However, parsing itself can perform superlinear work (RSA_check_key or recovering the DSA public key). This CL does the following: - Rename check_modulus_and_exponent_sizes to rsa_check_public_key and additionally call it from RSA_check_key. - Fix a bug where RSA_check_key, on CRT-less keys, did not bound d, and bound p and q before multiplying (quadratic). - Our DSA verifier had stricter checks on q (160-, 224-, and 256-bit only) than our DSA signer (multiple of 8 bits). Aligner the signer to the verifier's checks. - Validate DSA group sizes on parse, as well as priv_key < q, to bound the running time. Ideally these invariants would be checked exactly once at construction, but our RSA and DSA implementations suffer from some OpenSSL's API mistakes (https://crbug.com/boringssl/316), which means it is hard to consistently enforce invariants. This CL focuses on the parser, but later I'd like to better rationalize the freeze_private_key logic. Performance of parsing RSA and DSA keys, gathered on my laptop. Did 15130 RSA-2048 parse operations in 5022458us (3012.5 ops/sec) Did 4888 RSA-4096 parse operations in 5060606us (965.9 ops/sec) Did 354 RSA-16384 parse operations in 5043565us (70.2 ops/sec) Did 88 RSA-32768 parse operations in 5038293us (17.5 ops/sec) [rejected by this CL] Did 35000 DSA-1024/256 parse operations in 5030447us (6957.6 ops/sec) Did 11316 DSA-2048/256 parse operations in 5094664us (2221.1 ops/sec) Did 5488 DSA-3072/256 parse operations in 5096032us (1076.9 ops/sec) Did 3172 DSA-4096/256 parse operations in 5041220us (629.2 ops/sec) Did 840 DSA-8192/256 parse operations in 5070616us (165.7 ops/sec) Did 285 DSA-10000/256 parse operations in 5004033us (57.0 ops/sec) Did 74 DSA-20000/256 parse operations in 5066299us (14.6 ops/sec) [rejected by this CL] Update-Note: Some invalid or overly large RSA and DSA keys may previously have been accepted that are now rejected at parse time. For public keys, this only moves the error from verification to parsing. In some private key cases, we would previously allow signing with those keys, but the resulting signatures would not be accepted by BoringSSL anyway. This CL makes us behave more consistently. Bug: oss-fuzz:24730 Change-Id: I4ad2003ee61138b693e65d3da4c6aa00bc165251 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42504 Reviewed-by: Adam Langley --- crypto/dsa/dsa.c | 52 +++++----------------------- crypto/dsa/dsa_asn1.c | 59 +++++++++++++++++++++++++++++--- crypto/dsa/internal.h | 34 ++++++++++++++++++ crypto/evp/p_dsa_asn1.c | 8 +++-- crypto/fipsmodule/rsa/internal.h | 4 +++ crypto/fipsmodule/rsa/rsa.c | 40 ++++++++++++++++------ crypto/fipsmodule/rsa/rsa_impl.c | 25 ++++++-------- include/openssl/evp.h | 4 ++- 8 files changed, 151 insertions(+), 75 deletions(-) create mode 100644 crypto/dsa/internal.h diff --git a/crypto/dsa/dsa.c b/crypto/dsa/dsa.c index 5cd98f8b48..c8695687cf 100644 --- a/crypto/dsa/dsa.c +++ b/crypto/dsa/dsa.c @@ -72,12 +72,11 @@ #include #include +#include "internal.h" #include "../fipsmodule/bn/internal.h" #include "../internal.h" -#define OPENSSL_DSA_MAX_MODULUS_BITS 10000 - // Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of // Miller-Rabin. #define DSS_prime_checks 50 @@ -568,23 +567,7 @@ static int mod_mul_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len, const DSA *dsa) { - if (!dsa->p || !dsa->q || !dsa->g) { - OPENSSL_PUT_ERROR(DSA, DSA_R_MISSING_PARAMETERS); - return NULL; - } - - // Reject invalid parameters. In particular, the algorithm will infinite loop - // if |g| is zero. - if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) { - OPENSSL_PUT_ERROR(DSA, DSA_R_INVALID_PARAMETERS); - return NULL; - } - - // We only support DSA keys that are a multiple of 8 bits. (This is a weaker - // check than the one in |DSA_do_check_signature|, which only allows 160-, - // 224-, and 256-bit keys. - if (BN_num_bits(dsa->q) % 8 != 0) { - OPENSSL_PUT_ERROR(DSA, DSA_R_BAD_Q_VALUE); + if (!dsa_check_parameters(dsa)) { return NULL; } @@ -678,35 +661,17 @@ int DSA_do_verify(const uint8_t *digest, size_t digest_len, DSA_SIG *sig, int DSA_do_check_signature(int *out_valid, const uint8_t *digest, size_t digest_len, DSA_SIG *sig, const DSA *dsa) { - BN_CTX *ctx; - BIGNUM u1, u2, t1; - int ret = 0; - unsigned i; - *out_valid = 0; - - if (!dsa->p || !dsa->q || !dsa->g) { - OPENSSL_PUT_ERROR(DSA, DSA_R_MISSING_PARAMETERS); - return 0; - } - - i = BN_num_bits(dsa->q); - // FIPS 186-3 allows only different sizes for q. - if (i != 160 && i != 224 && i != 256) { - OPENSSL_PUT_ERROR(DSA, DSA_R_BAD_Q_VALUE); - return 0; - } - - if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { - OPENSSL_PUT_ERROR(DSA, DSA_R_MODULUS_TOO_LARGE); + if (!dsa_check_parameters(dsa)) { return 0; } + int ret = 0; + BIGNUM u1, u2, t1; BN_init(&u1); BN_init(&u2); BN_init(&t1); - - ctx = BN_CTX_new(); + BN_CTX *ctx = BN_CTX_new(); if (ctx == NULL) { goto err; } @@ -729,11 +694,12 @@ int DSA_do_check_signature(int *out_valid, const uint8_t *digest, } // save M in u1 - if (digest_len > (i >> 3)) { + unsigned q_bits = BN_num_bits(dsa->q); + if (digest_len > (q_bits >> 3)) { // if the digest length is greater than the size of q use the // BN_num_bits(dsa->q) leftmost bits of the digest, see // fips 186-3, 4.2 - digest_len = (i >> 3); + digest_len = (q_bits >> 3); } if (BN_bin2bn(digest, digest_len, &u1) == NULL) { diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index 97fd07fee1..3f3bd48866 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -61,9 +61,45 @@ #include #include +#include "internal.h" #include "../bytestring/internal.h" +#define OPENSSL_DSA_MAX_MODULUS_BITS 10000 + +// This function is in dsa_asn1.c rather than dsa.c because it is reachable from +// |EVP_PKEY| parsers. This makes it easier for the static linker to drop most +// of the DSA implementation. +int dsa_check_parameters(const DSA *dsa) { + if (!dsa->p || !dsa->q || !dsa->g) { + OPENSSL_PUT_ERROR(DSA, DSA_R_MISSING_PARAMETERS); + return 0; + } + + // Reject invalid parameters. In particular, signing will infinite loop if |g| + // is zero. + if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) { + OPENSSL_PUT_ERROR(DSA, DSA_R_INVALID_PARAMETERS); + return 0; + } + + // FIPS 186-4 allows only three different sizes for q. + unsigned q_bits = BN_num_bits(dsa->q); + if (q_bits != 160 && q_bits != 224 && q_bits != 256) { + OPENSSL_PUT_ERROR(DSA, DSA_R_BAD_Q_VALUE); + return 0; + } + + // Bound |dsa->p| to avoid a DoS vector. Note this limit is much larger than + // the one in FIPS 186-4, which only allows L = 1024, 2048, and 3072. + if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { + OPENSSL_PUT_ERROR(DSA, DSA_R_MODULUS_TOO_LARGE); + return 0; + } + + return 1; +} + static int parse_integer(CBS *cbs, BIGNUM **out) { assert(*out == NULL); *out = BN_new(); @@ -124,10 +160,16 @@ DSA *DSA_parse_public_key(CBS *cbs) { !parse_integer(&child, &ret->g) || CBS_len(&child) != 0) { OPENSSL_PUT_ERROR(DSA, DSA_R_DECODE_ERROR); - DSA_free(ret); - return NULL; + goto err; + } + if (!dsa_check_parameters(ret)) { + goto err; } return ret; + +err: + DSA_free(ret); + return NULL; } int DSA_marshal_public_key(CBB *cbb, const DSA *dsa) { @@ -156,10 +198,16 @@ DSA *DSA_parse_parameters(CBS *cbs) { !parse_integer(&child, &ret->g) || CBS_len(&child) != 0) { OPENSSL_PUT_ERROR(DSA, DSA_R_DECODE_ERROR); - DSA_free(ret); - return NULL; + goto err; + } + if (!dsa_check_parameters(ret)) { + goto err; } return ret; + +err: + DSA_free(ret); + return NULL; } int DSA_marshal_parameters(CBB *cbb, const DSA *dsa) { @@ -203,6 +251,9 @@ DSA *DSA_parse_private_key(CBS *cbs) { OPENSSL_PUT_ERROR(DSA, DSA_R_DECODE_ERROR); goto err; } + if (!dsa_check_parameters(ret)) { + goto err; + } return ret; err: diff --git a/crypto/dsa/internal.h b/crypto/dsa/internal.h new file mode 100644 index 0000000000..2d86edb2dc --- /dev/null +++ b/crypto/dsa/internal.h @@ -0,0 +1,34 @@ +/* Copyright (c) 2020, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_DSA_INTERNAL_H +#define OPENSSL_HEADER_DSA_INTERNAL_H + +#include + +#if defined(__cplusplus) +extern "C" { +#endif + + +// dsa_check_parameters checks that |dsa|'s group is within DoS bounds. It +// returns one on success and zero on error. +int dsa_check_parameters(const DSA *dsa); + + +#if defined(__cplusplus) +} // extern C +#endif + +#endif // OPENSSL_HEADER_DSA_INTERNAL_H diff --git a/crypto/evp/p_dsa_asn1.c b/crypto/evp/p_dsa_asn1.c index d50e0fc374..ac91127b69 100644 --- a/crypto/evp/p_dsa_asn1.c +++ b/crypto/evp/p_dsa_asn1.c @@ -141,9 +141,13 @@ static int dsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) { goto err; } - // Decode the key. + // Decode the key. To avoid DoS attacks when importing private keys, we bound + // |dsa->priv_key| against |dsa->q|, which itself bound by + // |DSA_parse_parameters|. (We cannot call |BN_num_bits| on |dsa->priv_key|. + // That would leak a secret bit width.) if (!BN_parse_asn1_unsigned(key, dsa->priv_key) || - CBS_len(key) != 0) { + CBS_len(key) != 0 || + BN_cmp(dsa->priv_key, dsa->q) >= 0) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); goto err; } diff --git a/crypto/fipsmodule/rsa/internal.h b/crypto/fipsmodule/rsa/internal.h index faa6fb7470..d9d6fac80b 100644 --- a/crypto/fipsmodule/rsa/internal.h +++ b/crypto/fipsmodule/rsa/internal.h @@ -108,6 +108,10 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *out, size_t *out_len, int RSA_padding_add_none(uint8_t *to, size_t to_len, const uint8_t *from, size_t from_len); +// rsa_check_public_key checks that |rsa|'s public modulus and exponent are +// within DoS bounds. +int rsa_check_public_key(const RSA *rsa); + // RSA_private_transform calls either the method-specific |private_transform| // function (if given) or the generic one. See the comment for // |private_transform| in |rsa_meth_st|. diff --git a/crypto/fipsmodule/rsa/rsa.c b/crypto/fipsmodule/rsa/rsa.c index 29296737e0..ae63e1a673 100644 --- a/crypto/fipsmodule/rsa/rsa.c +++ b/crypto/fipsmodule/rsa/rsa.c @@ -661,6 +661,9 @@ static int check_mod_inverse(int *out_ok, const BIGNUM *a, const BIGNUM *ainv, return 1; } + // Note |bn_mul_consttime| and |bn_div_consttime| do not scale linearly, but + // checking |ainv| is in range bounds the running time, assuming |m|'s bounds + // were checked by the caller. BN_CTX_start(ctx); BIGNUM *tmp = BN_CTX_get(ctx); int ret = tmp != NULL && @@ -674,22 +677,35 @@ static int check_mod_inverse(int *out_ok, const BIGNUM *a, const BIGNUM *ainv, } int RSA_check_key(const RSA *key) { + // TODO(davidben): RSA key initialization is spread across + // |rsa_check_public_key|, |RSA_check_key|, |freeze_private_key|, and + // |BN_MONT_CTX_set_locked| as a result of API issues. See + // https://crbug.com/boringssl/316. As a result, we inconsistently check RSA + // invariants. We should fix this and integrate that logic. + if (RSA_is_opaque(key)) { // Opaque keys can't be checked. return 1; } + if (!rsa_check_public_key(key)) { + return 0; + } + if ((key->p != NULL) != (key->q != NULL)) { OPENSSL_PUT_ERROR(RSA, RSA_R_ONLY_ONE_OF_P_Q_GIVEN); return 0; } - if (!key->n || !key->e) { - OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING); + // |key->d| must be bounded by |key->n|. This ensures bounds on |RSA_bits| + // translate to bounds on the running time of private key operations. + if (key->d != NULL && + (BN_is_negative(key->d) || BN_cmp(key->d, key->n) >= 0)) { + OPENSSL_PUT_ERROR(RSA, RSA_R_D_OUT_OF_RANGE); return 0; } - if (!key->d || !key->p) { + if (key->d == NULL || key->p == NULL) { // For a public key, or without p and q, there's nothing that can be // checked. return 1; @@ -709,24 +725,28 @@ int RSA_check_key(const RSA *key) { BN_init(&qm1); BN_init(&dmp1); BN_init(&dmq1); + + // Check that p * q == n. Before we multiply, we check that p and q are in + // bounds, to avoid a DoS vector in |bn_mul_consttime| below. Note that + // n was bound by |rsa_check_public_key|. + if (BN_is_negative(key->p) || BN_cmp(key->p, key->n) >= 0 || + BN_is_negative(key->q) || BN_cmp(key->q, key->n) >= 0) { + OPENSSL_PUT_ERROR(RSA, RSA_R_N_NOT_EQUAL_P_Q); + goto out; + } if (!bn_mul_consttime(&tmp, key->p, key->q, ctx)) { OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN); goto out; } - if (BN_cmp(&tmp, key->n) != 0) { OPENSSL_PUT_ERROR(RSA, RSA_R_N_NOT_EQUAL_P_Q); goto out; } - if (BN_is_negative(key->d) || BN_cmp(key->d, key->n) >= 0) { - OPENSSL_PUT_ERROR(RSA, RSA_R_D_OUT_OF_RANGE); - goto out; - } - // d must be an inverse of e mod the Carmichael totient, lcm(p-1, q-1), but it // may be unreduced because other implementations use the Euler totient. We - // simply check that d * e is one mod p-1 and mod q-1. + // simply check that d * e is one mod p-1 and mod q-1. Note d and e were bound + // by earlier checks in this function. if (!bn_usub_consttime(&pm1, key->p, BN_value_one()) || !bn_usub_consttime(&qm1, key->q, BN_value_one()) || !bn_mul_consttime(&de, key->d, key->e, ctx) || diff --git a/crypto/fipsmodule/rsa/rsa_impl.c b/crypto/fipsmodule/rsa/rsa_impl.c index 2d9a9c9fa9..86ff2f389c 100644 --- a/crypto/fipsmodule/rsa/rsa_impl.c +++ b/crypto/fipsmodule/rsa/rsa_impl.c @@ -73,7 +73,12 @@ #include "../rand/fork_detect.h" -static int check_modulus_and_exponent_sizes(const RSA *rsa) { +int rsa_check_public_key(const RSA *rsa) { + if (rsa->n == NULL || rsa->e == NULL) { + OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING); + return 0; + } + unsigned rsa_bits = BN_num_bits(rsa->n); if (rsa_bits > 16 * 1024) { @@ -253,8 +258,7 @@ size_t rsa_default_size(const RSA *rsa) { int RSA_encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, const uint8_t *in, size_t in_len, int padding) { - if (rsa->n == NULL || rsa->e == NULL) { - OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING); + if (!rsa_check_public_key(rsa)) { return 0; } @@ -269,10 +273,6 @@ int RSA_encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, return 0; } - if (!check_modulus_and_exponent_sizes(rsa)) { - return 0; - } - ctx = BN_CTX_new(); if (ctx == NULL) { goto err; @@ -592,8 +592,7 @@ static int mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, const uint8_t *in, size_t in_len, int padding) { - if (rsa->n == NULL || rsa->e == NULL) { - OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING); + if (!rsa_check_public_key(rsa)) { return 0; } @@ -610,10 +609,6 @@ int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, return 0; } - if (!check_modulus_and_exponent_sizes(rsa)) { - return 0; - } - BN_CTX *ctx = BN_CTX_new(); if (ctx == NULL) { return 0; @@ -1121,8 +1116,8 @@ static int rsa_generate_key_impl(RSA *rsa, int bits, const BIGNUM *e_value, // Reject excessively large public exponents. Windows CryptoAPI and Go don't // support values larger than 32 bits, so match their limits for generating - // keys. (|check_modulus_and_exponent_sizes| uses a slightly more conservative - // value, but we don't need to support generating such keys.) + // keys. (|rsa_check_public_key| uses a slightly more conservative value, but + // we don't need to support generating such keys.) // https://github.com/golang/go/issues/3161 // https://msdn.microsoft.com/en-us/library/aa387685(VS.85).aspx if (BN_num_bits(e_value) > 32) { diff --git a/include/openssl/evp.h b/include/openssl/evp.h index b305225bdb..e647cdf60a 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -219,7 +219,9 @@ OPENSSL_EXPORT int EVP_marshal_public_key(CBB *cbb, const EVP_PKEY *key); // // The caller must check the type of the parsed private key to ensure it is // suitable and validate other desired key properties such as RSA modulus size -// or EC curve. +// or EC curve. In particular, RSA private key operations scale cubicly, so +// applications accepting RSA private keys from external sources may need to +// bound key sizes (use |EVP_PKEY_bits| or |RSA_bits|) to avoid a DoS vector. // // A PrivateKeyInfo ends with an optional set of attributes. These are not // processed and so this function will silently ignore any trailing data in the From 48cb69f8bd5606933e1844460551a4bc140622c0 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 20 Aug 2020 14:07:36 -0400 Subject: [PATCH 076/399] Add X509_get0_uids from OpenSSL 1.1.0. Change-Id: I89938c652abe6b0a04808070a6d1f131dc3484b7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42564 Reviewed-by: Adam Langley --- crypto/x509/x509_set.c | 11 +++++++++++ include/openssl/x509.h | 7 +++++++ 2 files changed, 18 insertions(+) diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 0fcdc5a698..8e85a7ecc1 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -193,6 +193,17 @@ ASN1_TIME *X509_get_notAfter(const X509 *x509) return x509->cert_info->validity->notAfter; } +void X509_get0_uids(const X509 *x509, const ASN1_BIT_STRING **out_issuer_uid, + const ASN1_BIT_STRING **out_subject_uid) +{ + if (out_issuer_uid != NULL) { + *out_issuer_uid = x509->cert_info->issuerUID; + } + if (out_subject_uid != NULL) { + *out_subject_uid = x509->cert_info->subjectUID; + } +} + int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) { if ((x == NULL) || (x->cert_info == NULL)) diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 4127377998..6919c90aa6 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -516,6 +516,13 @@ OPENSSL_EXPORT ASN1_TIME *X509_get_notAfter(const X509 *x509); #define X509_set_notBefore X509_set1_notBefore #define X509_set_notAfter X509_set1_notAfter +// X509_get0_uids sets |*out_issuer_uid| and |*out_subject_uid| to non-owning +// pointers to the issuerUID and subjectUID fields, respectively, of |x509|. +// Either output pointer may be NULL to skip the field. +OPENSSL_EXPORT void X509_get0_uids(const X509 *x509, + const ASN1_BIT_STRING **out_issuer_uid, + const ASN1_BIT_STRING **out_subject_uid); + // X509_get_cert_info returns |x509|'s TBSCertificate structure. Note this // function is not const-correct for legacy reasons. // From 95d8eaa660040cfe7075a6a0390038a10cb64ff7 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 21 Aug 2020 13:30:29 -0400 Subject: [PATCH 077/399] Make X509_set_not{Before,After} functions rather than macros. Some bindings libraries are sensitive to the difference and break with https://boringssl-review.googlesource.com/c/boringssl/+/42524. Change-Id: If7c3758fba3f71575c36b663fa5e596391e4b362 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42604 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/x509/x509_set.c | 10 ++++++++++ include/openssl/x509.h | 10 +++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 8e85a7ecc1..6fd0d6392a 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -134,6 +134,11 @@ int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm) return (in != NULL); } +int X509_set_notBefore(X509 *x, const ASN1_TIME *tm) +{ + return X509_set1_notBefore(x, tm); +} + const ASN1_TIME *X509_get0_notBefore(const X509 *x) { return x->cert_info->validity->notBefore; @@ -172,6 +177,11 @@ int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm) return (in != NULL); } +int X509_set_notAfter(X509 *x, const ASN1_TIME *tm) +{ + return X509_set1_notAfter(x, tm); +} + const ASN1_TIME *X509_get0_notAfter(const X509 *x) { return x->cert_info->validity->notAfter; diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 6919c90aa6..20c59225c6 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -512,9 +512,13 @@ OPENSSL_EXPORT ASN1_TIME *X509_get_notBefore(const X509 *x509); // |X509_getm_notAfter| instead. OPENSSL_EXPORT ASN1_TIME *X509_get_notAfter(const X509 *x509); -// The following symbols are deprecated aliases to |X509_set1_*|. -#define X509_set_notBefore X509_set1_notBefore -#define X509_set_notAfter X509_set1_notAfter +// X509_set_notBefore calls |X509_set1_notBefore|. Use |X509_set1_notBefore| +// instead. +OPENSSL_EXPORT int X509_set_notBefore(X509 *x509, const ASN1_TIME *tm); + +// X509_set_notAfter calls |X509_set1_notAfter|. Use |X509_set1_notAfter| +// instead. +OPENSSL_EXPORT int X509_set_notAfter(X509 *x509, const ASN1_TIME *tm); // X509_get0_uids sets |*out_issuer_uid| and |*out_subject_uid| to non-owning // pointers to the issuerUID and subjectUID fields, respectively, of |x509|. From 125a38fad9fc08cb9ac36925988c667d04fda993 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 20 Aug 2020 14:54:02 -0400 Subject: [PATCH 078/399] Const-correct various X509 functions. Actually making crypto/asn1 and crypto/x509 const-correct will be a tall order, between all the hidden caches, non-const ASN.1 macros, and ambiguity between mutable and immutable getters. But upstream const-corrected a number of things, so align with them. (In particular, it is not currently possible to usefully use a non-const X509_NAME.) I think I've gotten most of x509.h. I started going through x509v3.h, but all the conf bits take non-const char* pointers, which shows up in the public (but probably unused) X509V3_CONF_METHOD, so I've left it alone in this CL. For some reason, OpenSSL made X509_get_subject_name a const-to-non-const function but kept X509_get_serialNumber uniformly non-const while adding a uniformly const X509_get0_serialNumber. I've just mirrored this for compatibility's sake. Change-Id: Ia33a7576165cf2da5922807fc065f1f114b0f84c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42584 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/x509/a_strex.c | 6 +-- crypto/x509/t_x509.c | 2 +- crypto/x509/x509_cmp.c | 9 +++- crypto/x509/x509_ext.c | 39 +++++++++-------- crypto/x509/x509_obj.c | 2 +- crypto/x509/x509_trs.c | 6 +-- crypto/x509/x509_v3.c | 6 +-- crypto/x509/x509name.c | 17 ++++---- crypto/x509v3/v3_genn.c | 4 +- crypto/x509v3/v3_info.c | 2 +- crypto/x509v3/v3_purp.c | 8 ++-- crypto/x509v3/v3_skey.c | 2 +- include/openssl/x509.h | 93 ++++++++++++++++++++++------------------ include/openssl/x509v3.h | 16 +++---- 14 files changed, 115 insertions(+), 97 deletions(-) diff --git a/crypto/x509/a_strex.c b/crypto/x509/a_strex.c index eeec5d15e7..2c4824e5d6 100644 --- a/crypto/x509/a_strex.c +++ b/crypto/x509/a_strex.c @@ -446,7 +446,7 @@ static int do_indent(char_io *io_ch, void *arg, int indent) #define FN_WIDTH_LN 25 #define FN_WIDTH_SN 10 -static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, +static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, int indent, unsigned long flags) { int i, prev = -1, orflags, cnt; @@ -584,7 +584,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, /* Wrappers round the main functions */ -int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, +int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags) { if (flags == XN_FLAG_COMPAT) @@ -593,7 +593,7 @@ int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, } #ifndef OPENSSL_NO_FP_API -int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, +int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags) { if (flags == XN_FLAG_COMPAT) { diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index e45a765968..5db8746c1c 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -494,7 +494,7 @@ int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm) { return 0; } -int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) +int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase) { char *s, *c, *b; int ret = 0, l, i; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index cd025abcaf..92ed8715a2 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -131,7 +131,7 @@ int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) return OPENSSL_memcmp(a->sha1_hash, b->sha1_hash, 20); } -X509_NAME *X509_get_issuer_name(X509 *a) +X509_NAME *X509_get_issuer_name(const X509 *a) { return (a->cert_info->issuer); } @@ -146,7 +146,7 @@ unsigned long X509_issuer_name_hash_old(X509 *x) return (X509_NAME_hash_old(x->cert_info->issuer)); } -X509_NAME *X509_get_subject_name(X509 *a) +X509_NAME *X509_get_subject_name(const X509 *a) { return (a->cert_info->subject); } @@ -156,6 +156,11 @@ ASN1_INTEGER *X509_get_serialNumber(X509 *a) return (a->cert_info->serialNumber); } +const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x509) +{ + return x509->cert_info->serialNumber; +} + unsigned long X509_subject_name_hash(X509 *x) { return (X509_NAME_hash(x->cert_info->subject)); diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c index a329f6fab4..a8f0ab684e 100644 --- a/crypto/x509/x509_ext.c +++ b/crypto/x509/x509_ext.c @@ -62,27 +62,28 @@ #include #include -int X509_CRL_get_ext_count(X509_CRL *x) +int X509_CRL_get_ext_count(const X509_CRL *x) { return (X509v3_get_ext_count(x->crl->extensions)); } -int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos) +int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos) { return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos)); } -int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos) +int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, + int lastpos) { return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos)); } -int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos) +int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos) { return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos)); } -X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc) +X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc) { return (X509v3_get_ext(x->crl->extensions, loc)); } @@ -92,7 +93,7 @@ X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) return (X509v3_delete_ext(x->crl->extensions, loc)); } -void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx) +void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx) { return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); } @@ -108,28 +109,28 @@ int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL); } -int X509_get_ext_count(X509 *x) +int X509_get_ext_count(const X509 *x) { return (X509v3_get_ext_count(x->cert_info->extensions)); } -int X509_get_ext_by_NID(X509 *x, int nid, int lastpos) +int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos) { return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos)); } -int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos) +int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos) { return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos)); } -int X509_get_ext_by_critical(X509 *x, int crit, int lastpos) +int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos) { return (X509v3_get_ext_by_critical (x->cert_info->extensions, crit, lastpos)); } -X509_EXTENSION *X509_get_ext(X509 *x, int loc) +X509_EXTENSION *X509_get_ext(const X509 *x, int loc) { return (X509v3_get_ext(x->cert_info->extensions, loc)); } @@ -144,7 +145,7 @@ int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL); } -void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) +void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx) { return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); } @@ -156,28 +157,29 @@ int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, flags); } -int X509_REVOKED_get_ext_count(X509_REVOKED *x) +int X509_REVOKED_get_ext_count(const X509_REVOKED *x) { return (X509v3_get_ext_count(x->extensions)); } -int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos) +int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos) { return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos)); } -int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, +int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, int lastpos) { return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos)); } -int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos) +int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, + int lastpos) { return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos)); } -X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc) +X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc) { return (X509v3_get_ext(x->extensions, loc)); } @@ -192,7 +194,8 @@ int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL); } -void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx) +void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, + int *idx) { return X509V3_get_d2i(x->extensions, nid, crit, idx); } diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c index 520b7a0793..80d16c1a45 100644 --- a/crypto/x509/x509_obj.c +++ b/crypto/x509/x509_obj.c @@ -73,7 +73,7 @@ #define NAME_ONELINE_MAX (1024 * 1024) -char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) +char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len) { X509_NAME_ENTRY *ne; size_t i; diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 019301ab8e..d3002e831b 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -260,17 +260,17 @@ void X509_TRUST_cleanup(void) trtable = NULL; } -int X509_TRUST_get_flags(X509_TRUST *xp) +int X509_TRUST_get_flags(const X509_TRUST *xp) { return xp->flags; } -char *X509_TRUST_get0_name(X509_TRUST *xp) +char *X509_TRUST_get0_name(const X509_TRUST *xp) { return xp->name; } -int X509_TRUST_get_trust(X509_TRUST *xp) +int X509_TRUST_get_trust(const X509_TRUST *xp) { return xp->trust; } diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index ecbc0ddc0b..7cfd6e9352 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -181,7 +181,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, int crit, - ASN1_OCTET_STRING *data) + const ASN1_OCTET_STRING *data) { const ASN1_OBJECT *obj; X509_EXTENSION *ret; @@ -197,7 +197,7 @@ X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, const ASN1_OBJECT *obj, int crit, - ASN1_OCTET_STRING *data) + const ASN1_OCTET_STRING *data) { X509_EXTENSION *ret; @@ -242,7 +242,7 @@ int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) return (1); } -int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) +int X509_EXTENSION_set_data(X509_EXTENSION *ex, const ASN1_OCTET_STRING *data) { int i; diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c index fbb76f0b05..0bf3459412 100644 --- a/crypto/x509/x509name.c +++ b/crypto/x509/x509name.c @@ -66,7 +66,8 @@ #include "../internal.h" -int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) +int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, char *buf, + int len) { const ASN1_OBJECT *obj; @@ -76,7 +77,7 @@ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) return (X509_NAME_get_text_by_OBJ(name, obj, buf, len)); } -int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, +int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len) { int i; @@ -94,14 +95,14 @@ int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, return (i); } -int X509_NAME_entry_count(X509_NAME *name) +int X509_NAME_entry_count(const X509_NAME *name) { if (name == NULL) return (0); return (sk_X509_NAME_ENTRY_num(name->entries)); } -int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) +int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos) { const ASN1_OBJECT *obj; @@ -112,7 +113,7 @@ int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) } /* NOTE: you should be passsing -1, not 0 as lastpos */ -int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, +int X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, int lastpos) { int n; @@ -133,7 +134,7 @@ int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, return (-1); } -X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc) +X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc) { if (name == NULL || loc < 0 || sk_X509_NAME_ENTRY_num(name->entries) <= (size_t)loc) @@ -374,14 +375,14 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, return (1); } -ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne) +ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne) { if (ne == NULL) return (NULL); return (ne->object); } -ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne) +ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne) { if (ne == NULL) return (NULL); diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c index 552a524431..57223b4a4e 100644 --- a/crypto/x509v3/v3_genn.c +++ b/crypto/x509v3/v3_genn.c @@ -188,7 +188,7 @@ void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value) a->type = type; } -void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype) +void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype) { if (ptype) *ptype = a->type; @@ -233,7 +233,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, return 1; } -int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, +int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, ASN1_OBJECT **poid, ASN1_TYPE **pvalue) { if (gen->type != GEN_OTHERNAME) diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index 7a48bd5543..3615c71d51 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -208,7 +208,7 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD return NULL; } -int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a) +int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a) { i2a_ASN1_OBJECT(bp, a->method); #ifdef UNDEF diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index e41b657feb..e77a3d1bbb 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -307,22 +307,22 @@ void X509_PURPOSE_cleanup(void) xptable = NULL; } -int X509_PURPOSE_get_id(X509_PURPOSE *xp) +int X509_PURPOSE_get_id(const X509_PURPOSE *xp) { return xp->purpose; } -char *X509_PURPOSE_get0_name(X509_PURPOSE *xp) +char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp) { return xp->name; } -char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp) +char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp) { return xp->sname; } -int X509_PURPOSE_get_trust(X509_PURPOSE *xp) +int X509_PURPOSE_get_trust(const X509_PURPOSE *xp) { return xp->trust; } diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index 6a16e78ef1..8c628ecf24 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c @@ -77,7 +77,7 @@ const X509V3_EXT_METHOD v3_skey_id = { NULL }; -char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct) +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, const ASN1_OCTET_STRING *oct) { return x509v3_bytes_to_hex(oct->data, oct->length); } diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 20c59225c6..d4176314c7 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -482,6 +482,9 @@ extern "C" { // version, or -1 on overflow. OPENSSL_EXPORT long X509_get_version(const X509 *x509); +// X509_get0_serialNumber returns |x509|'s serial number. +OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x509); + // X509_get0_notBefore returns |x509|'s notBefore time. OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x509); @@ -882,7 +885,7 @@ DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) #ifndef OPENSSL_NO_EVP OPENSSL_EXPORT X509_INFO *X509_INFO_new(void); OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a); -OPENSSL_EXPORT char *X509_NAME_oneline(X509_NAME *a, char *buf, int size); +OPENSSL_EXPORT char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); OPENSSL_EXPORT int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, unsigned char *md, unsigned int *len); @@ -909,9 +912,9 @@ OPENSSL_EXPORT int X509_set_version(X509 *x, long version); OPENSSL_EXPORT int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x); OPENSSL_EXPORT int X509_set_issuer_name(X509 *x, X509_NAME *name); -OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(X509 *a); +OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(const X509 *a); OPENSSL_EXPORT int X509_set_subject_name(X509 *x, X509_NAME *name); -OPENSSL_EXPORT X509_NAME *X509_get_subject_name(X509 *a); +OPENSSL_EXPORT X509_NAME *X509_get_subject_name(const X509 *a); OPENSSL_EXPORT int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x); OPENSSL_EXPORT ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); @@ -1016,12 +1019,12 @@ OPENSSL_EXPORT int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, OPENSSL_EXPORT int X509_print_fp(FILE *bp, X509 *x); OPENSSL_EXPORT int X509_CRL_print_fp(FILE *bp, X509_CRL *x); OPENSSL_EXPORT int X509_REQ_print_fp(FILE *bp, X509_REQ *req); -OPENSSL_EXPORT int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, - unsigned long flags); +OPENSSL_EXPORT int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, + int indent, unsigned long flags); #endif -OPENSSL_EXPORT int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); -OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, +OPENSSL_EXPORT int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags); OPENSSL_EXPORT int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, unsigned long cflag); @@ -1033,21 +1036,22 @@ OPENSSL_EXPORT int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); OPENSSL_EXPORT int X509_REQ_print(BIO *bp, X509_REQ *req); -OPENSSL_EXPORT int X509_NAME_entry_count(X509_NAME *name); -OPENSSL_EXPORT int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, +OPENSSL_EXPORT int X509_NAME_entry_count(const X509_NAME *name); +OPENSSL_EXPORT int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, char *buf, int len); -OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(X509_NAME *name, +OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len); // NOTE: you should be passsing -1, not 0 as lastpos. The functions that use // lastpos, search after that position on. -OPENSSL_EXPORT int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, +OPENSSL_EXPORT int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos); -OPENSSL_EXPORT int X509_NAME_get_index_by_OBJ(X509_NAME *name, +OPENSSL_EXPORT int X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, int lastpos); -OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); +OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, + int loc); OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); OPENSSL_EXPORT int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, @@ -1078,8 +1082,9 @@ OPENSSL_EXPORT int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, OPENSSL_EXPORT int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len); -OPENSSL_EXPORT ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); -OPENSSL_EXPORT ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); +OPENSSL_EXPORT ASN1_OBJECT *X509_NAME_ENTRY_get_object( + const X509_NAME_ENTRY *ne); +OPENSSL_EXPORT ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); OPENSSL_EXPORT int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) * x); OPENSSL_EXPORT int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) * x, @@ -1097,59 +1102,63 @@ OPENSSL_EXPORT X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) * x, OPENSSL_EXPORT STACK_OF(X509_EXTENSION) * X509v3_add_ext(STACK_OF(X509_EXTENSION) * *x, X509_EXTENSION *ex, int loc); -OPENSSL_EXPORT int X509_get_ext_count(X509 *x); -OPENSSL_EXPORT int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); -OPENSSL_EXPORT int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos); -OPENSSL_EXPORT int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); -OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(X509 *x, int loc); +OPENSSL_EXPORT int X509_get_ext_count(const X509 *x); +OPENSSL_EXPORT int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +OPENSSL_EXPORT int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, + int lastpos); +OPENSSL_EXPORT int X509_get_ext_by_critical(const X509 *x, int crit, + int lastpos); +OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(const X509 *x, int loc); OPENSSL_EXPORT X509_EXTENSION *X509_delete_ext(X509 *x, int loc); OPENSSL_EXPORT int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); -OPENSSL_EXPORT void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); +OPENSSL_EXPORT void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, unsigned long flags); -OPENSSL_EXPORT int X509_CRL_get_ext_count(X509_CRL *x); -OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); -OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, - int lastpos); -OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, +OPENSSL_EXPORT int X509_CRL_get_ext_count(const X509_CRL *x); +OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, + const ASN1_OBJECT *obj, int lastpos); +OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); -OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); +OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); OPENSSL_EXPORT X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); OPENSSL_EXPORT int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); -OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, +OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); OPENSSL_EXPORT int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, unsigned long flags); -OPENSSL_EXPORT int X509_REVOKED_get_ext_count(X509_REVOKED *x); -OPENSSL_EXPORT int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, +OPENSSL_EXPORT int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +OPENSSL_EXPORT int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, + int lastpos); +OPENSSL_EXPORT int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, + const ASN1_OBJECT *obj, int lastpos); -OPENSSL_EXPORT int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, - ASN1_OBJECT *obj, int lastpos); -OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, - int lastpos); -OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); +OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, + int crit, int lastpos); +OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, + int loc); OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); -OPENSSL_EXPORT void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, +OPENSSL_EXPORT void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, int *idx); OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, unsigned long flags); OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_NID( - X509_EXTENSION **ex, int nid, int crit, ASN1_OCTET_STRING *data); + X509_EXTENSION **ex, int nid, int crit, const ASN1_OCTET_STRING *data); OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_OBJ( X509_EXTENSION **ex, const ASN1_OBJECT *obj, int crit, - ASN1_OCTET_STRING *data); + const ASN1_OCTET_STRING *data); OPENSSL_EXPORT int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); OPENSSL_EXPORT int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); OPENSSL_EXPORT int X509_EXTENSION_set_data(X509_EXTENSION *ex, - ASN1_OCTET_STRING *data); + const ASN1_OCTET_STRING *data); OPENSSL_EXPORT ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); OPENSSL_EXPORT ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); OPENSSL_EXPORT int X509_EXTENSION_get_critical(X509_EXTENSION *ex); @@ -1236,9 +1245,9 @@ OPENSSL_EXPORT int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), char *name, int arg1, void *arg2); OPENSSL_EXPORT void X509_TRUST_cleanup(void); -OPENSSL_EXPORT int X509_TRUST_get_flags(X509_TRUST *xp); -OPENSSL_EXPORT char *X509_TRUST_get0_name(X509_TRUST *xp); -OPENSSL_EXPORT int X509_TRUST_get_trust(X509_TRUST *xp); +OPENSSL_EXPORT int X509_TRUST_get_flags(const X509_TRUST *xp); +OPENSSL_EXPORT char *X509_TRUST_get0_name(const X509_TRUST *xp); +OPENSSL_EXPORT int X509_TRUST_get_trust(const X509_TRUST *xp); typedef struct rsa_pss_params_st { diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index b5db7157ee..6e64778a0b 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -558,17 +558,17 @@ DECLARE_ASN1_FUNCTIONS(OTHERNAME) DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) OPENSSL_EXPORT int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); OPENSSL_EXPORT void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); -OPENSSL_EXPORT void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype); +OPENSSL_EXPORT void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); OPENSSL_EXPORT int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, ASN1_OBJECT *oid, ASN1_TYPE *value); -OPENSSL_EXPORT int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, +OPENSSL_EXPORT int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, ASN1_OBJECT **poid, ASN1_TYPE **pvalue); -OPENSSL_EXPORT char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); +OPENSSL_EXPORT char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, const ASN1_OCTET_STRING *ia5); OPENSSL_EXPORT ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) -OPENSSL_EXPORT int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a); +OPENSSL_EXPORT int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION* a); DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) DECLARE_ASN1_FUNCTIONS(POLICYINFO) @@ -691,11 +691,11 @@ OPENSSL_EXPORT int X509_PURPOSE_get_by_id(int id); OPENSSL_EXPORT int X509_PURPOSE_add(int id, int trust, int flags, int (*ck)(const X509_PURPOSE *, const X509 *, int), char *name, char *sname, void *arg); -OPENSSL_EXPORT char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); -OPENSSL_EXPORT char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); -OPENSSL_EXPORT int X509_PURPOSE_get_trust(X509_PURPOSE *xp); +OPENSSL_EXPORT char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); +OPENSSL_EXPORT char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); +OPENSSL_EXPORT int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); OPENSSL_EXPORT void X509_PURPOSE_cleanup(void); -OPENSSL_EXPORT int X509_PURPOSE_get_id(X509_PURPOSE *); +OPENSSL_EXPORT int X509_PURPOSE_get_id(const X509_PURPOSE *); OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); From 1c58648f14ed75f2a8cc3ae08897987d97f493ec Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 20 Jun 2020 11:50:24 -0400 Subject: [PATCH 079/399] Remove sxnet and pkey_usage_period extensions. These aren't used within the verifier and no one ever extracts them. Update-Note: Parsers for these two extensions are removed. Parsing the types directly or passing NID_sxnet and NID_pkey_usage_period into X509V3_get_d2i, or *_get_ext_d2i will no longer work. Change-Id: I359e64466fd0c042eda45c41cbc0843ebb04df9f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42585 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/CMakeLists.txt | 2 - crypto/x509v3/ext_dat.h | 5 +- crypto/x509v3/v3_pku.c | 110 ---------------- crypto/x509v3/v3_sxnet.c | 274 --------------------------------------- include/openssl/x509v3.h | 33 ----- 5 files changed, 1 insertion(+), 423 deletions(-) delete mode 100644 crypto/x509v3/v3_pku.c delete mode 100644 crypto/x509v3/v3_sxnet.c diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 26295d4b1f..edb21cca67 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -415,12 +415,10 @@ add_library( x509v3/v3_pci.c x509v3/v3_pcia.c x509v3/v3_pcons.c - x509v3/v3_pku.c x509v3/v3_pmaps.c x509v3/v3_prn.c x509v3/v3_purp.c x509v3/v3_skey.c - x509v3/v3_sxnet.c x509v3/v3_utl.c $ diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index a6ca45bf4f..7930126394 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -61,8 +61,7 @@ extern "C" { #endif extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; -extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, - v3_sinfo; +extern const X509V3_EXT_METHOD v3_info, v3_sinfo; extern const X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; @@ -96,7 +95,6 @@ static const X509V3_EXT_METHOD *const standard_exts[] = { &v3_ns_ia5_list[6], &v3_skey_id, &v3_key_usage, - &v3_pkey_usage_period, &v3_alt[0], &v3_alt[1], &v3_bcons, @@ -108,7 +106,6 @@ static const X509V3_EXT_METHOD *const standard_exts[] = { &v3_delta_crl, &v3_crl_reason, &v3_crl_invdate, - &v3_sxnet, &v3_info, #ifndef OPENSSL_NO_OCSP &v3_ocsp_nonce, diff --git a/crypto/x509v3/v3_pku.c b/crypto/x509v3/v3_pku.c deleted file mode 100644 index e4868b47d1..0000000000 --- a/crypto/x509v3/v3_pku.c +++ /dev/null @@ -1,110 +0,0 @@ -/* v3_pku.c */ -/* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). */ - -#include - -#include -#include -#include -#include -#include - -static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, - PKEY_USAGE_PERIOD *usage, BIO *out, - int indent); -/* - * static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, - * X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); - */ -const X509V3_EXT_METHOD v3_pkey_usage_period = { - NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD), - 0, 0, 0, 0, - 0, 0, 0, 0, - (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL, - NULL -}; - -ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = { - ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0), - ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1) -} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD) - -IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) - -static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, - PKEY_USAGE_PERIOD *usage, BIO *out, - int indent) -{ - BIO_printf(out, "%*s", indent, ""); - if (usage->notBefore) { - BIO_write(out, "Not Before: ", 12); - ASN1_GENERALIZEDTIME_print(out, usage->notBefore); - if (usage->notAfter) - BIO_write(out, ", ", 2); - } - if (usage->notAfter) { - BIO_write(out, "Not After: ", 11); - ASN1_GENERALIZEDTIME_print(out, usage->notAfter); - } - return 1; -} - -/* - * static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values) - * X509V3_EXT_METHOD *method; X509V3_CTX *ctx; STACK_OF(CONF_VALUE) *values; - * { return NULL; } - */ diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c deleted file mode 100644 index 51c5a676f0..0000000000 --- a/crypto/x509v3/v3_sxnet.c +++ /dev/null @@ -1,274 +0,0 @@ -/* v3_sxnet.c */ -/* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -/* Support for Thawte strong extranet extension */ - -#define SXNET_TEST - -static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, - int indent); -#ifdef SXNET_TEST -static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); -#endif -const X509V3_EXT_METHOD v3_sxnet = { - NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), - 0, 0, 0, 0, - 0, 0, - 0, -#ifdef SXNET_TEST - (X509V3_EXT_V2I)sxnet_v2i, -#else - 0, -#endif - (X509V3_EXT_I2R)sxnet_i2r, - 0, - NULL -}; - -ASN1_SEQUENCE(SXNETID) = { - ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER), - ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(SXNETID) - -IMPLEMENT_ASN1_FUNCTIONS(SXNETID) - -ASN1_SEQUENCE(SXNET) = { - ASN1_SIMPLE(SXNET, version, ASN1_INTEGER), - ASN1_SEQUENCE_OF(SXNET, ids, SXNETID) -} ASN1_SEQUENCE_END(SXNET) - -IMPLEMENT_ASN1_FUNCTIONS(SXNET) - -static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, - int indent) -{ - long v; - char *tmp; - SXNETID *id; - size_t i; - v = ASN1_INTEGER_get(sx->version); - BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); - for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { - id = sk_SXNETID_value(sx->ids, i); - tmp = i2s_ASN1_INTEGER(NULL, id->zone); - BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); - OPENSSL_free(tmp); - M_ASN1_OCTET_STRING_print(out, id->user); - } - return 1; -} - -#ifdef SXNET_TEST - -/* - * NBB: this is used for testing only. It should *not* be used for anything - * else because it will just take static IDs from the configuration file and - * they should really be separate values for each user. - */ - -static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) -{ - CONF_VALUE *cnf; - SXNET *sx = NULL; - size_t i; - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - cnf = sk_CONF_VALUE_value(nval, i); - if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) - return NULL; - } - return sx; -} - -#endif - -/* Strong Extranet utility functions */ - -/* Add an id given the zone as an ASCII number */ - -int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen) -{ - ASN1_INTEGER *izone = NULL; - if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { - OPENSSL_PUT_ERROR(X509V3, X509V3_R_ERROR_CONVERTING_ZONE); - return 0; - } - return SXNET_add_id_INTEGER(psx, izone, user, userlen); -} - -/* Add an id given the zone as an unsigned long */ - -int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, - int userlen) -{ - ASN1_INTEGER *izone = NULL; - if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { - OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); - M_ASN1_INTEGER_free(izone); - return 0; - } - return SXNET_add_id_INTEGER(psx, izone, user, userlen); - -} - -/* - * Add an id given the zone as an ASN1_INTEGER. Note this version uses the - * passed integer and doesn't make a copy so don't free it up afterwards. - */ - -int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, - int userlen) -{ - SXNET *sx = NULL; - SXNETID *id = NULL; - if (!psx || !zone || !user) { - OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_ARGUMENT); - return 0; - } - if (userlen == -1) - userlen = strlen(user); - if (userlen > 64) { - OPENSSL_PUT_ERROR(X509V3, X509V3_R_USER_TOO_LONG); - return 0; - } - if (!*psx) { - if (!(sx = SXNET_new())) - goto err; - if (!ASN1_INTEGER_set(sx->version, 0)) - goto err; - *psx = sx; - } else - sx = *psx; - if (SXNET_get_id_INTEGER(sx, zone)) { - OPENSSL_PUT_ERROR(X509V3, X509V3_R_DUPLICATE_ZONE_ID); - return 0; - } - - if (!(id = SXNETID_new())) - goto err; - if (userlen == -1) - userlen = strlen(user); - - if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) - goto err; - if (!sk_SXNETID_push(sx->ids, id)) - goto err; - id->zone = zone; - return 1; - - err: - OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); - SXNETID_free(id); - SXNET_free(sx); - *psx = NULL; - return 0; -} - -ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) -{ - ASN1_INTEGER *izone = NULL; - ASN1_OCTET_STRING *oct; - if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { - OPENSSL_PUT_ERROR(X509V3, X509V3_R_ERROR_CONVERTING_ZONE); - return NULL; - } - oct = SXNET_get_id_INTEGER(sx, izone); - M_ASN1_INTEGER_free(izone); - return oct; -} - -ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) -{ - ASN1_INTEGER *izone = NULL; - ASN1_OCTET_STRING *oct; - if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { - OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); - M_ASN1_INTEGER_free(izone); - return NULL; - } - oct = SXNET_get_id_INTEGER(sx, izone); - M_ASN1_INTEGER_free(izone); - return oct; -} - -ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) -{ - SXNETID *id; - size_t i; - for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { - id = sk_SXNETID_value(sx->ids, i); - if (!M_ASN1_INTEGER_cmp(id->zone, zone)) - return id->user; - } - return NULL; -} - -IMPLEMENT_ASN1_SET_OF(SXNETID) diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 6e64778a0b..aff7c0b94a 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -162,11 +162,6 @@ ASN1_INTEGER *pathlen; }; -typedef struct PKEY_USAGE_PERIOD_st { -ASN1_GENERALIZEDTIME *notBefore; -ASN1_GENERALIZEDTIME *notAfter; -} PKEY_USAGE_PERIOD; - typedef struct otherName_st { ASN1_OBJECT *type_id; ASN1_TYPE *value; @@ -272,21 +267,6 @@ GENERAL_NAMES *issuer; ASN1_INTEGER *serial; }; -/* Strong extranet structures */ - -typedef struct SXNET_ID_st { - ASN1_INTEGER *zone; - ASN1_OCTET_STRING *user; -} SXNETID; - -DEFINE_STACK_OF(SXNETID) -DECLARE_ASN1_SET_OF(SXNETID) - -typedef struct SXNET_st { - ASN1_INTEGER *version; - STACK_OF(SXNETID) *ids; -} SXNET; - typedef struct NOTICEREF_st { ASN1_STRING *organization; STACK_OF(ASN1_INTEGER) *noticenos; @@ -517,21 +497,8 @@ DEFINE_STACK_OF(X509_PURPOSE) DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) -DECLARE_ASN1_FUNCTIONS(SXNET) -DECLARE_ASN1_FUNCTIONS(SXNETID) - -int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); -int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); -int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); - -ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone); -ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); -ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); - DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) -DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) - DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) OPENSSL_EXPORT GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); OPENSSL_EXPORT int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); From 298d8bea0356799ce77c871b22fd6780383365bf Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 24 Aug 2020 16:54:35 -0400 Subject: [PATCH 080/399] Add subject key ID and authority key ID accessors. Although extensions are accessible via X509_get_ext_d2i, OpenSSL's X509 object carries caches of a number of extensions. OpenSSL added accessors for some of these in 1.1.0 (X509_get0_subject_key_id) and 1.1.1d (the others), so mirror this. Note that, although they look like simpler getters, the error-handling is tricky. (For now I'm just looking to mirror OpenSSL's accessors and finally make the structs opaque. Go's x509.Certificate structure also recognizes a collection of built-in certificate fields, but error-handling is in the parser. That could be one path out of this cached fields mess, at the cost of making the parse operation do more work.) Change-Id: I051512aa296bd103229ba6eb2b5639d79e9eb63f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42624 Reviewed-by: Adam Langley --- crypto/x509v3/v3_purp.c | 32 ++++++++++++++++++++++++++++++ include/openssl/x509v3.h | 42 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index e77a3d1bbb..51783a4bab 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -880,3 +880,35 @@ uint32_t X509_get_extended_key_usage(X509 *x) return x->ex_xkusage; return UINT32_MAX; } + +const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x509) +{ + if (!x509v3_cache_extensions(x509)) { + return NULL; + } + return x509->skid; +} + +const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x509) +{ + if (!x509v3_cache_extensions(x509)) { + return NULL; + } + return x509->akid != NULL ? x509->akid->keyid : NULL; +} + +const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x509) +{ + if (!x509v3_cache_extensions(x509)) { + return NULL; + } + return x509->akid != NULL ? x509->akid->issuer : NULL; +} + +const ASN1_INTEGER *X509_get0_authority_serial(X509 *x509) +{ + if (!x509v3_cache_extensions(x509)) { + return NULL; + } + return x509->akid != NULL ? x509->akid->serial : NULL; +} diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index aff7c0b94a..2b2b4d910c 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -651,6 +651,48 @@ OPENSSL_EXPORT uint32_t X509_get_extension_flags(X509 *x); OPENSSL_EXPORT uint32_t X509_get_key_usage(X509 *x); OPENSSL_EXPORT uint32_t X509_get_extended_key_usage(X509 *x); +// X509_get0_subject_key_id returns |x509|'s subject key identifier, if present. +// (See RFC5280, section 4.2.1.2.) It returns NULL if the extension is not +// present or if some extension in |x509| was invalid. +// +// Note that decoding an |X509| object will not check for invalid extensions. To +// detect the error case, call |X509_get_extensions_flags| and check the +// |EXFLAG_INVALID| bit. +OPENSSL_EXPORT const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x509); + +// X509_get0_authority_key_id returns keyIdentifier of |x509|'s authority key +// identifier, if the extension and field are present. (See RFC5280, +// section 4.2.1.1.) It returns NULL if the extension is not present, if it is +// present but lacks a keyIdentifier field, or if some extension in |x509| was +// invalid. +// +// Note that decoding an |X509| object will not check for invalid extensions. To +// detect the error case, call |X509_get_extensions_flags| and check the +// |EXFLAG_INVALID| bit. +OPENSSL_EXPORT const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x509); + +// X509_get0_authority_issuer returns the authorityCertIssuer of |x509|'s +// authority key identifier, if the extension and field are present. (See +// RFC5280, section 4.2.1.1.) It returns NULL if the extension is not present, +// if it is present but lacks a authorityCertIssuer field, or if some extension +// in |x509| was invalid. +// +// Note that decoding an |X509| object will not check for invalid extensions. To +// detect the error case, call |X509_get_extensions_flags| and check the +// |EXFLAG_INVALID| bit. +OPENSSL_EXPORT const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x509); + +// X509_get0_authority_serial returns the authorityCertSerialNumber of |x509|'s +// authority key identifier, if the extension and field are present. (See +// RFC5280, section 4.2.1.1.) It returns NULL if the extension is not present, +// if it is present but lacks a authorityCertSerialNumber field, or if some +// extension in |x509| was invalid. +// +// Note that decoding an |X509| object will not check for invalid extensions. To +// detect the error case, call |X509_get_extensions_flags| and check the +// |EXFLAG_INVALID| bit. +OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_authority_serial(X509 *x509); + OPENSSL_EXPORT int X509_PURPOSE_get_count(void); OPENSSL_EXPORT X509_PURPOSE * X509_PURPOSE_get0(int idx); OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(char *sname); From 4ef5de02c7d0d9cf8c1ec72450ab825b633c7b76 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 25 Aug 2020 20:00:44 -0400 Subject: [PATCH 081/399] Document a few more functions in x509.h. While I'm there, tidy up some variable names and stray parens. Change-Id: Ifec36a532b9e9799a633b6e3b250b74255620283 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42665 Reviewed-by: Adam Langley --- crypto/x509/x509_txt.c | 134 ++++++++++++++++++++--------------------- crypto/x509/x_all.c | 20 +++--- crypto/x509/x_crl.c | 4 +- include/openssl/x509.h | 32 +++++++--- 4 files changed, 102 insertions(+), 88 deletions(-) diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 8e6ac27d4c..17e14a629b 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -56,144 +56,144 @@ #include -const char *X509_verify_cert_error_string(long n) +const char *X509_verify_cert_error_string(long err) { - switch ((int)n) { + switch (err) { case X509_V_OK: - return ("ok"); + return "ok"; case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - return ("unable to get issuer certificate"); + return "unable to get issuer certificate"; case X509_V_ERR_UNABLE_TO_GET_CRL: - return ("unable to get certificate CRL"); + return "unable to get certificate CRL"; case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: - return ("unable to decrypt certificate's signature"); + return "unable to decrypt certificate's signature"; case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: - return ("unable to decrypt CRL's signature"); + return "unable to decrypt CRL's signature"; case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: - return ("unable to decode issuer public key"); + return "unable to decode issuer public key"; case X509_V_ERR_CERT_SIGNATURE_FAILURE: - return ("certificate signature failure"); + return "certificate signature failure"; case X509_V_ERR_CRL_SIGNATURE_FAILURE: - return ("CRL signature failure"); + return "CRL signature failure"; case X509_V_ERR_CERT_NOT_YET_VALID: - return ("certificate is not yet valid"); + return "certificate is not yet valid"; case X509_V_ERR_CRL_NOT_YET_VALID: - return ("CRL is not yet valid"); + return "CRL is not yet valid"; case X509_V_ERR_CERT_HAS_EXPIRED: - return ("certificate has expired"); + return "certificate has expired"; case X509_V_ERR_CRL_HAS_EXPIRED: - return ("CRL has expired"); + return "CRL has expired"; case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - return ("format error in certificate's notBefore field"); + return "format error in certificate's notBefore field"; case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - return ("format error in certificate's notAfter field"); + return "format error in certificate's notAfter field"; case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: - return ("format error in CRL's lastUpdate field"); + return "format error in CRL's lastUpdate field"; case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: - return ("format error in CRL's nextUpdate field"); + return "format error in CRL's nextUpdate field"; case X509_V_ERR_OUT_OF_MEM: - return ("out of memory"); + return "out of memory"; case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - return ("self signed certificate"); + return "self signed certificate"; case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - return ("self signed certificate in certificate chain"); + return "self signed certificate in certificate chain"; case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - return ("unable to get local issuer certificate"); + return "unable to get local issuer certificate"; case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: - return ("unable to verify the first certificate"); + return "unable to verify the first certificate"; case X509_V_ERR_CERT_CHAIN_TOO_LONG: - return ("certificate chain too long"); + return "certificate chain too long"; case X509_V_ERR_CERT_REVOKED: - return ("certificate revoked"); + return "certificate revoked"; case X509_V_ERR_INVALID_CA: - return ("invalid CA certificate"); + return "invalid CA certificate"; case X509_V_ERR_INVALID_NON_CA: - return ("invalid non-CA certificate (has CA markings)"); + return "invalid non-CA certificate (has CA markings)"; case X509_V_ERR_PATH_LENGTH_EXCEEDED: - return ("path length constraint exceeded"); + return "path length constraint exceeded"; case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: - return ("proxy path length constraint exceeded"); + return "proxy path length constraint exceeded"; case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: return - ("proxy certificates not allowed, please set the appropriate flag"); + "proxy certificates not allowed, please set the appropriate flag"; case X509_V_ERR_INVALID_PURPOSE: - return ("unsupported certificate purpose"); + return "unsupported certificate purpose"; case X509_V_ERR_CERT_UNTRUSTED: - return ("certificate not trusted"); + return "certificate not trusted"; case X509_V_ERR_CERT_REJECTED: - return ("certificate rejected"); + return "certificate rejected"; case X509_V_ERR_APPLICATION_VERIFICATION: - return ("application verification failure"); + return "application verification failure"; case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: - return ("subject issuer mismatch"); + return "subject issuer mismatch"; case X509_V_ERR_AKID_SKID_MISMATCH: - return ("authority and subject key identifier mismatch"); + return "authority and subject key identifier mismatch"; case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: - return ("authority and issuer serial number mismatch"); + return "authority and issuer serial number mismatch"; case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: - return ("key usage does not include certificate signing"); + return "key usage does not include certificate signing"; case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: - return ("unable to get CRL issuer certificate"); + return "unable to get CRL issuer certificate"; case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: - return ("unhandled critical extension"); + return "unhandled critical extension"; case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: - return ("key usage does not include CRL signing"); + return "key usage does not include CRL signing"; case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: - return ("key usage does not include digital signature"); + return "key usage does not include digital signature"; case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: - return ("unhandled critical CRL extension"); + return "unhandled critical CRL extension"; case X509_V_ERR_INVALID_EXTENSION: - return ("invalid or inconsistent certificate extension"); + return "invalid or inconsistent certificate extension"; case X509_V_ERR_INVALID_POLICY_EXTENSION: - return ("invalid or inconsistent certificate policy extension"); + return "invalid or inconsistent certificate policy extension"; case X509_V_ERR_NO_EXPLICIT_POLICY: - return ("no explicit policy"); + return "no explicit policy"; case X509_V_ERR_DIFFERENT_CRL_SCOPE: - return ("Different CRL scope"); + return "Different CRL scope"; case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: - return ("Unsupported extension feature"); + return "Unsupported extension feature"; case X509_V_ERR_UNNESTED_RESOURCE: - return ("RFC 3779 resource not subset of parent's resources"); + return "RFC 3779 resource not subset of parent's resources"; case X509_V_ERR_PERMITTED_VIOLATION: - return ("permitted subtree violation"); + return "permitted subtree violation"; case X509_V_ERR_EXCLUDED_VIOLATION: - return ("excluded subtree violation"); + return "excluded subtree violation"; case X509_V_ERR_SUBTREE_MINMAX: - return ("name constraints minimum and maximum not supported"); + return "name constraints minimum and maximum not supported"; case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: - return ("unsupported name constraint type"); + return "unsupported name constraint type"; case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: - return ("unsupported or invalid name constraint syntax"); + return "unsupported or invalid name constraint syntax"; case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: - return ("unsupported or invalid name syntax"); + return "unsupported or invalid name syntax"; case X509_V_ERR_CRL_PATH_VALIDATION_ERROR: - return ("CRL path validation error"); + return "CRL path validation error"; case X509_V_ERR_SUITE_B_INVALID_VERSION: - return ("Suite B: certificate version invalid"); + return "Suite B: certificate version invalid"; case X509_V_ERR_SUITE_B_INVALID_ALGORITHM: - return ("Suite B: invalid public key algorithm"); + return "Suite B: invalid public key algorithm"; case X509_V_ERR_SUITE_B_INVALID_CURVE: - return ("Suite B: invalid ECC curve"); + return "Suite B: invalid ECC curve"; case X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: - return ("Suite B: invalid signature algorithm"); + return "Suite B: invalid signature algorithm"; case X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED: - return ("Suite B: curve not allowed for this LOS"); + return "Suite B: curve not allowed for this LOS"; case X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: - return ("Suite B: cannot sign P-384 with P-256"); + return "Suite B: cannot sign P-384 with P-256"; case X509_V_ERR_HOSTNAME_MISMATCH: - return ("Hostname mismatch"); + return "Hostname mismatch"; case X509_V_ERR_EMAIL_MISMATCH: - return ("Email address mismatch"); + return "Email address mismatch"; case X509_V_ERR_IP_ADDRESS_MISMATCH: - return ("IP address mismatch"); + return "IP address mismatch"; case X509_V_ERR_INVALID_CALL: - return ("Invalid certificate verification context"); + return "Invalid certificate verification context"; case X509_V_ERR_STORE_LOOKUP: - return ("Issuer certificate lookup error"); + return "Issuer certificate lookup error"; case X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS: return "Issuer has name constraints but leaf has no SANs"; diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 33c11b685b..a29e038a03 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -66,20 +66,20 @@ #include #include -int X509_verify(X509 *a, EVP_PKEY *r) +int X509_verify(X509 *x509, EVP_PKEY *pkey) { - if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) { + if (X509_ALGOR_cmp(x509->sig_alg, x509->cert_info->signature)) { OPENSSL_PUT_ERROR(X509, X509_R_SIGNATURE_ALGORITHM_MISMATCH); return 0; } - return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg, - a->signature, a->cert_info, r)); + return ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), x509->sig_alg, + x509->signature, x509->cert_info, pkey); } -int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) +int X509_REQ_verify(X509_REQ *req, EVP_PKEY *pkey) { - return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), - a->sig_alg, a->signature, a->req_info, r)); + return ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), + req->sig_alg, req->signature, req->req_info, pkey); } int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) @@ -131,10 +131,10 @@ int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) x->signature, x->spkac, pkey, md)); } -int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *x, EVP_PKEY *pkey) +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *spki, EVP_PKEY *pkey) { - return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, - x->signature, x->spkac, pkey)); + return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), spki->sig_algor, + spki->signature, spki->spkac, pkey)); } #ifndef OPENSSL_NO_FP_API diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c index f8ec4a330c..b1c485aa09 100644 --- a/crypto/x509/x_crl.c +++ b/crypto/x509/x_crl.c @@ -411,10 +411,10 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) return 1; } -int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r) +int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *pkey) { if (crl->meth->crl_verify) - return crl->meth->crl_verify(crl, r); + return crl->meth->crl_verify(crl, pkey); return 0; } diff --git a/include/openssl/x509.h b/include/openssl/x509.h index d4176314c7..1353879759 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -643,14 +643,31 @@ OPENSSL_EXPORT void *X509_CRL_get_meth_data(X509_CRL *crl); // object. OPENSSL_EXPORT X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509); -OPENSSL_EXPORT const char *X509_verify_cert_error_string(long n); +// X509_verify_cert_error_string returns |err| as a human-readable string, where +// |err| should be one of the |X509_V_*| values. If |err| is unknown, it returns +// a default description. +// +// TODO(davidben): Move this function to x509_vfy.h, with the |X509_V_*| +// definitions, or fold x509_vfy.h into this function. +OPENSSL_EXPORT const char *X509_verify_cert_error_string(long err); -#ifndef OPENSSL_NO_EVP -OPENSSL_EXPORT int X509_verify(X509 *a, EVP_PKEY *r); +// X509_verify checks that |x509| has a valid signature by |pkey|. It returns +// one if the signature is valid and zero otherwise. Note this function only +// checks the signature itself and does not perform a full certificate +// validation. +OPENSSL_EXPORT int X509_verify(X509 *x509, EVP_PKEY *pkey); + +// X509_REQ_verify checks that |req| has a valid signature by |pkey|. It returns +// one if the signature is valid and zero otherwise. +OPENSSL_EXPORT int X509_REQ_verify(X509_REQ *req, EVP_PKEY *pkey); + +// X509_CRL_verify checks that |crl| has a valid signature by |pkey|. It returns +// one if the signature is valid and zero otherwise. +OPENSSL_EXPORT int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *pkey); -OPENSSL_EXPORT int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); -OPENSSL_EXPORT int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); -OPENSSL_EXPORT int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); +// NETSCAPE_SPKI_verify checks that |spki| has a valid signature by |pkey|. It +// returns one if the signature is valid and zero otherwise. +OPENSSL_EXPORT int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *spki, EVP_PKEY *pkey); OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len); @@ -684,7 +701,6 @@ OPENSSL_EXPORT int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md, unsigned int *len); OPENSSL_EXPORT int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, unsigned int *len); -#endif // X509_parse_from_buffer parses an X.509 structure from |buf| and returns a // fresh X509 or NULL on error. There must not be any trailing data in |buf|. @@ -882,7 +898,6 @@ OPENSSL_EXPORT void X509_PKEY_free(X509_PKEY *a); DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) -#ifndef OPENSSL_NO_EVP OPENSSL_EXPORT X509_INFO *X509_INFO_new(void); OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a); OPENSSL_EXPORT char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); @@ -906,7 +921,6 @@ OPENSSL_EXPORT int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx); -#endif OPENSSL_EXPORT int X509_set_version(X509 *x, long version); OPENSSL_EXPORT int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); From bef6a2f5f51b9753b9ee49a236e3433f6e623067 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Fri, 21 Aug 2020 16:16:09 -0700 Subject: [PATCH 082/399] acvp: support working with files. A direct connections to the ACVP servers may not always be available. In some cases, NVLAP labs will interact with the servers and send JSON back and forth as files. This change supports both dumping the capabilities JSON (which a lab will need in order to send to the server) and processing vectors from a file on disk. Change-Id: Iefa0c411b9a19808b5a7eb431169068d1c2ea966 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42704 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- util/fipstools/acvp/acvptool/acvp.go | 113 +++++++++++++++++- .../acvp/acvptool/subprocess/subprocess.go | 4 +- 2 files changed, 113 insertions(+), 4 deletions(-) diff --git a/util/fipstools/acvp/acvptool/acvp.go b/util/fipstools/acvp/acvptool/acvp.go index 2753dd3ad0..4dec04f4c8 100644 --- a/util/fipstools/acvp/acvptool/acvp.go +++ b/util/fipstools/acvp/acvptool/acvp.go @@ -41,7 +41,9 @@ import ( ) var ( + dumpRegcap = flag.Bool("regcap", false, "Print module capabilities JSON to stdout") configFilename = flag.String("config", "config.json", "Location of the configuration JSON file") + jsonInputFile = flag.String("json", "", "Location of a vector-set input file") runFlag = flag.String("run", "", "Name of primitive to run tests for") wrapperPath = flag.String("wrapper", "../../../../build/util/fipstools/acvp/modulewrapper/modulewrapper", "Path to the wrapper binary") ) @@ -124,7 +126,7 @@ func TOTP(secret []byte) string { type Middle interface { Close() Config() ([]byte, error) - Process(algorithm string, vectorSet []byte) ([]byte, error) + Process(algorithm string, vectorSet []byte) (interface{}, error) } func loadCachedSessionTokens(server *acvp.Server, cachePath string) error { @@ -173,6 +175,85 @@ func trimLeadingSlash(s string) string { return s } +// processFile reads a file containing vector sets, at least in the format +// preferred by our lab, and writes the results to stdout. +func processFile(filename string, supportedAlgos []map[string]interface{}, middle Middle) error { + jsonBytes, err := ioutil.ReadFile(filename) + if err != nil { + return err + } + + var elements []json.RawMessage + if err := json.Unmarshal(jsonBytes, &elements); err != nil { + return err + } + + // There must be at least a header and one vector set in the file. + if len(elements) < 2 { + return fmt.Errorf("only %d elements in JSON array", len(elements)) + } + header := elements[0] + + // Build a map of which algorithms our Middle supports. + algos := make(map[string]struct{}) + for _, supportedAlgo := range supportedAlgos { + algoInterface, ok := supportedAlgo["algorithm"] + if !ok { + continue + } + algo, ok := algoInterface.(string) + if !ok { + continue + } + algos[algo] = struct{}{} + } + + var result bytes.Buffer + result.WriteString("[") + headerBytes, err := json.MarshalIndent(header, "", " ") + if err != nil { + return err + } + result.Write(headerBytes) + + for i, element := range elements[1:] { + var commonFields struct { + Algo string `json:"algorithm"` + ID uint64 `json:"vsId"` + } + if err := json.Unmarshal(element, &commonFields); err != nil { + return fmt.Errorf("failed to extract common fields from vector set #%d", i+1) + } + + algo := commonFields.Algo + if _, ok := algos[algo]; !ok { + return fmt.Errorf("vector set #%d contains unsupported algorithm %q", i+1, algo) + } + + replyGroups, err := middle.Process(algo, element) + if err != nil { + return fmt.Errorf("while processing vector set #%d: %s", i+1, err) + } + + group := map[string]interface{}{ + "vsId": commonFields.ID, + "testGroups": replyGroups, + } + replyBytes, err := json.MarshalIndent(group, "", " ") + if err != nil { + return err + } + + result.WriteString(",") + result.Write(replyBytes) + } + + result.WriteString("]\n") + os.Stdout.Write(result.Bytes()) + + return nil +} + func main() { flag.Parse() @@ -229,6 +310,27 @@ func main() { log.Fatalf("failed to parse configuration from Middle: %s", err) } + if *dumpRegcap { + regcap := []map[string]interface{}{ + map[string]interface{}{"acvVersion": "1.0"}, + map[string]interface{}{"algorithms": supportedAlgos}, + } + regcapBytes, err := json.MarshalIndent(regcap, "", " ") + if err != nil { + log.Fatalf("failed to marshal regcap: %s", err) + } + os.Stdout.Write(regcapBytes) + os.Stdout.WriteString("\n") + os.Exit(0) + } + + if len(*jsonInputFile) > 0 { + if err := processFile(*jsonInputFile, supportedAlgos, middle); err != nil { + log.Fatalf("failed to process input file: %s", err) + } + os.Exit(0) + } + runAlgos := make(map[string]bool) if len(*runFlag) > 0 { for _, substr := range strings.Split(*runFlag, ",") { @@ -370,7 +472,14 @@ func main() { var resultBuf bytes.Buffer resultBuf.Write(headerBytes[:len(headerBytes)-1]) resultBuf.WriteString(`,"testGroups":`) - resultBuf.Write(replyGroups) + replyBytes, err := json.Marshal(replyGroups) + if err != nil { + log.Printf("Failed to marshal result: %s", err) + log.Printf("Deleting test set") + server.Delete(url) + os.Exit(1) + } + resultBuf.Write(replyBytes) resultBuf.WriteString("}") resultData := resultBuf.Bytes() diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index 990223ea5c..431c315042 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -185,7 +185,7 @@ func (m *Subprocess) Config() ([]byte, error) { } // Process runs a set of test vectors and returns the result. -func (m *Subprocess) Process(algorithm string, vectorSet []byte) ([]byte, error) { +func (m *Subprocess) Process(algorithm string, vectorSet []byte) (interface{}, error) { prim, ok := m.primitives[algorithm] if !ok { return nil, fmt.Errorf("unknown algorithm %q", algorithm) @@ -194,7 +194,7 @@ func (m *Subprocess) Process(algorithm string, vectorSet []byte) ([]byte, error) if err != nil { return nil, err } - return json.Marshal(ret) + return ret, nil } type primitive interface { From bc2480510960a77bea24edc64fcb089aca103940 Mon Sep 17 00:00:00 2001 From: Daniel McArdle Date: Tue, 25 Aug 2020 17:32:22 -0400 Subject: [PATCH 083/399] Implement PSK variants of HPKE setup functions. Change-Id: Ic190ac1efbb079e42bb22b39083ccb96e0a61e57 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42664 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- crypto/err/evp.errordata | 1 + crypto/evp/evp.c | 4 + crypto/hpke/hpke.c | 109 ++++++- crypto/hpke/hpke_test.cc | 148 +++++++-- crypto/hpke/hpke_test_vectors.txt | 432 ++++++++++++++++++++++++++ crypto/hpke/internal.h | 57 +++- crypto/hpke/translate_test_vectors.py | 11 +- include/openssl/evp.h | 1 + 8 files changed, 725 insertions(+), 38 deletions(-) diff --git a/crypto/err/evp.errordata b/crypto/err/evp.errordata index 390dec0634..d0f09d4e1e 100644 --- a/crypto/err/evp.errordata +++ b/crypto/err/evp.errordata @@ -3,6 +3,7 @@ EVP,101,COMMAND_NOT_SUPPORTED EVP,102,DECODE_ERROR EVP,103,DIFFERENT_KEY_TYPES EVP,104,DIFFERENT_PARAMETERS +EVP,136,EMPTY_PSK EVP,105,ENCODE_ERROR EVP,106,EXPECTING_AN_EC_KEY_KEY EVP,107,EXPECTING_AN_RSA_KEY diff --git a/crypto/evp/evp.c b/crypto/evp/evp.c index 60fdf64edb..653d6573fd 100644 --- a/crypto/evp/evp.c +++ b/crypto/evp/evp.c @@ -76,6 +76,10 @@ // TODO(davidben): Fix Node to not touch the error queue itself and remove this. OPENSSL_DECLARE_ERROR_REASON(EVP, NOT_XOF_OR_INVALID_LENGTH) +// The HPKE module uses the EVP error namespace, but it lives in another +// directory. +OPENSSL_DECLARE_ERROR_REASON(EVP, EMPTY_PSK) + EVP_PKEY *EVP_PKEY_new(void) { EVP_PKEY *ret; diff --git a/crypto/hpke/hpke.c b/crypto/hpke/hpke.c index cacc19e05a..2e0a58192e 100644 --- a/crypto/hpke/hpke.c +++ b/crypto/hpke/hpke.c @@ -38,6 +38,7 @@ #define HPKE_SUITE_ID_LEN 10 #define HPKE_MODE_BASE 0 +#define HPKE_MODE_PSK 1 static const char kHpkeRfcId[] = "HPKE-05 "; @@ -115,7 +116,7 @@ static int hpke_extract_and_expand(const EVP_MD *hkdf_md, uint8_t *out_key, X25519_PUBLIC_VALUE_LEN)) { return 0; } - const char kPRKExpandLabel[] = "shared_secret"; + static const char kPRKExpandLabel[] = "shared_secret"; if (!hpke_labeled_expand(hkdf_md, out_key, out_len, prk, prk_len, kX25519SuiteID, sizeof(kX25519SuiteID), kPRKExpandLabel, kem_context, KEM_CONTEXT_LEN)) { @@ -150,9 +151,28 @@ static const EVP_MD *hpke_get_kdf(uint16_t kdf_id) { return NULL; } -static int hpke_key_schedule(EVP_HPKE_CTX *hpke, const uint8_t *shared_secret, +static int hpke_key_schedule(EVP_HPKE_CTX *hpke, uint8_t mode, + const uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *info, - size_t info_len) { + size_t info_len, const uint8_t *psk, + size_t psk_len, const uint8_t *psk_id, + size_t psk_id_len) { + // Verify the PSK inputs. + switch (mode) { + case HPKE_MODE_BASE: + // This is an internal error, unreachable from the caller. + assert(psk_len == 0 && psk_id_len == 0); + break; + case HPKE_MODE_PSK: + if (psk_len == 0 || psk_id_len == 0) { + OPENSSL_PUT_ERROR(EVP, EVP_R_EMPTY_PSK); + return 0; + } + break; + default: + return 0; + } + // Attempt to get an EVP_AEAD*. const EVP_AEAD *aead = hpke_get_aead(hpke->aead_id); if (aead == NULL) { @@ -170,7 +190,7 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, const uint8_t *shared_secret, size_t psk_id_hash_len; if (!hpke_labeled_extract(hpke->hkdf_md, psk_id_hash, &psk_id_hash_len, NULL, 0, suite_id, sizeof(suite_id), kPskIdHashLabel, - NULL, 0)) { + psk_id, psk_id_len)) { return 0; } @@ -189,7 +209,7 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, const uint8_t *shared_secret, size_t context_len; CBB context_cbb; if (!CBB_init_fixed(&context_cbb, context, sizeof(context)) || - !CBB_add_u8(&context_cbb, HPKE_MODE_BASE) || + !CBB_add_u8(&context_cbb, mode) || !CBB_add_bytes(&context_cbb, psk_id_hash, psk_id_hash_len) || !CBB_add_bytes(&context_cbb, info_hash, info_hash_len) || !CBB_finish(&context_cbb, NULL, &context_len)) { @@ -201,8 +221,8 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, const uint8_t *shared_secret, uint8_t psk_hash[EVP_MAX_MD_SIZE]; size_t psk_hash_len; if (!hpke_labeled_extract(hpke->hkdf_md, psk_hash, &psk_hash_len, NULL, 0, - suite_id, sizeof(suite_id), kPskHashLabel, NULL, - 0)) { + suite_id, sizeof(suite_id), kPskHashLabel, psk, + psk_len)) { return 0; } @@ -338,8 +358,9 @@ int EVP_HPKE_CTX_setup_base_s_x25519_for_test( uint8_t shared_secret[SHA256_DIGEST_LENGTH]; if (!hpke_encap(hpke, shared_secret, peer_public_value, ephemeral_private, ephemeral_public) || - !hpke_key_schedule(hpke, shared_secret, sizeof(shared_secret), info, - info_len)) { + !hpke_key_schedule(hpke, HPKE_MODE_BASE, shared_secret, + sizeof(shared_secret), info, info_len, NULL, 0, NULL, + 0)) { return 0; } return 1; @@ -360,8 +381,74 @@ int EVP_HPKE_CTX_setup_base_r_x25519( } uint8_t shared_secret[SHA256_DIGEST_LENGTH]; if (!hpke_decap(hpke, shared_secret, enc, public_key, private_key) || - !hpke_key_schedule(hpke, shared_secret, sizeof(shared_secret), info, - info_len)) { + !hpke_key_schedule(hpke, HPKE_MODE_BASE, shared_secret, + sizeof(shared_secret), info, info_len, NULL, 0, NULL, + 0)) { + return 0; + } + return 1; +} + +int EVP_HPKE_CTX_setup_psk_s_x25519( + EVP_HPKE_CTX *hpke, uint8_t out_enc[X25519_PUBLIC_VALUE_LEN], + uint16_t kdf_id, uint16_t aead_id, + const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN], + const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len, + const uint8_t *psk_id, size_t psk_id_len) { + // The GenerateKeyPair() step technically belongs in the KEM's Encap() + // function, but we've moved it up a layer to make it easier for tests to + // inject an ephemeral keypair. + uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN]; + X25519_keypair(out_enc, ephemeral_private); + return EVP_HPKE_CTX_setup_psk_s_x25519_for_test( + hpke, kdf_id, aead_id, peer_public_value, info, info_len, psk, psk_len, + psk_id, psk_id_len, ephemeral_private, out_enc); +} + +int EVP_HPKE_CTX_setup_psk_s_x25519_for_test( + EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id, + const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN], + const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len, + const uint8_t *psk_id, size_t psk_id_len, + const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN], + const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]) { + hpke->is_sender = 1; + hpke->kdf_id = kdf_id; + hpke->aead_id = aead_id; + hpke->hkdf_md = hpke_get_kdf(kdf_id); + if (hpke->hkdf_md == NULL) { + return 0; + } + uint8_t shared_secret[SHA256_DIGEST_LENGTH]; + if (!hpke_encap(hpke, shared_secret, peer_public_value, ephemeral_private, + ephemeral_public) || + !hpke_key_schedule(hpke, HPKE_MODE_PSK, shared_secret, + sizeof(shared_secret), info, info_len, psk, psk_len, + psk_id, psk_id_len)) { + return 0; + } + return 1; +} + +int EVP_HPKE_CTX_setup_psk_r_x25519( + EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id, + const uint8_t enc[X25519_PUBLIC_VALUE_LEN], + const uint8_t public_key[X25519_PUBLIC_VALUE_LEN], + const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info, + size_t info_len, const uint8_t *psk, size_t psk_len, const uint8_t *psk_id, + size_t psk_id_len) { + hpke->is_sender = 0; + hpke->kdf_id = kdf_id; + hpke->aead_id = aead_id; + hpke->hkdf_md = hpke_get_kdf(kdf_id); + if (hpke->hkdf_md == NULL) { + return 0; + } + uint8_t shared_secret[SHA256_DIGEST_LENGTH]; + if (!hpke_decap(hpke, shared_secret, enc, public_key, private_key) || + !hpke_key_schedule(hpke, HPKE_MODE_PSK, shared_secret, + sizeof(shared_secret), info, info_len, psk, psk_len, + psk_id, psk_id_len)) { return 0; } return 1; diff --git a/crypto/hpke/hpke_test.cc b/crypto/hpke/hpke_test.cc index 6f942d22f5..49c9b060a0 100644 --- a/crypto/hpke/hpke_test.cc +++ b/crypto/hpke/hpke_test.cc @@ -13,8 +13,8 @@ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include -#include #include +#include #include #include @@ -23,7 +23,9 @@ #include #include #include +#include #include +#include #include "../test/file_test.h" #include "../test/test_util.h" @@ -33,31 +35,66 @@ namespace bssl { namespace { -// HpkeTestVector corresponds to one array member in the published +enum class HPKEMode { + kBase = 0, + kPSK = 1, +}; + +// HPKETestVector corresponds to one array member in the published // test-vectors.json. -class HpkeTestVector { +class HPKETestVector { public: - explicit HpkeTestVector() = default; - ~HpkeTestVector() = default; + explicit HPKETestVector() = default; + ~HPKETestVector() = default; bool ReadFromFileTest(FileTest *t); void Verify() const { - // Set up the sender. ScopedEVP_HPKE_CTX sender_ctx; - ASSERT_GT(secret_key_e_.size(), 0u); - - ASSERT_TRUE(EVP_HPKE_CTX_setup_base_s_x25519_for_test( - sender_ctx.get(), kdf_id_, aead_id_, public_key_r_.data(), info_.data(), - info_.size(), secret_key_e_.data(), public_key_e_.data())); - - // Set up the receiver. ScopedEVP_HPKE_CTX receiver_ctx; - ASSERT_TRUE(EVP_HPKE_CTX_setup_base_r_x25519( - receiver_ctx.get(), kdf_id_, aead_id_, public_key_e_.data(), - public_key_r_.data(), secret_key_r_.data(), info_.data(), - info_.size())); + switch (mode_) { + case HPKEMode::kBase: + ASSERT_GT(secret_key_e_.size(), 0u); + ASSERT_EQ(psk_.size(), 0u); + ASSERT_EQ(psk_id_.size(), 0u); + + // Set up the sender. + ASSERT_TRUE(EVP_HPKE_CTX_setup_base_s_x25519_for_test( + sender_ctx.get(), kdf_id_, aead_id_, public_key_r_.data(), + info_.data(), info_.size(), secret_key_e_.data(), + public_key_e_.data())); + + // Set up the receiver. + ASSERT_TRUE(EVP_HPKE_CTX_setup_base_r_x25519( + receiver_ctx.get(), kdf_id_, aead_id_, public_key_e_.data(), + public_key_r_.data(), secret_key_r_.data(), info_.data(), + info_.size())); + break; + + case HPKEMode::kPSK: + ASSERT_GT(secret_key_e_.size(), 0u); + ASSERT_GT(psk_.size(), 0u); + ASSERT_GT(psk_id_.size(), 0u); + + // Set up the sender. + ASSERT_TRUE(EVP_HPKE_CTX_setup_psk_s_x25519_for_test( + sender_ctx.get(), kdf_id_, aead_id_, public_key_r_.data(), + info_.data(), info_.size(), psk_.data(), psk_.size(), + psk_id_.data(), psk_id_.size(), secret_key_e_.data(), + public_key_e_.data())); + + // Set up the receiver. + ASSERT_TRUE(EVP_HPKE_CTX_setup_psk_r_x25519( + receiver_ctx.get(), kdf_id_, aead_id_, public_key_e_.data(), + public_key_r_.data(), secret_key_r_.data(), info_.data(), + info_.size(), psk_.data(), psk_.size(), psk_id_.data(), + psk_id_.size())); + break; + default: + FAIL() << "Unsupported mode"; + return; + } VerifyEncryptions(sender_ctx.get(), receiver_ctx.get()); VerifyExports(sender_ctx.get()); @@ -112,6 +149,7 @@ class HpkeTestVector { std::vector exportValue; }; + HPKEMode mode_; uint16_t kdf_id_; uint16_t aead_id_; std::vector context_; @@ -122,6 +160,8 @@ class HpkeTestVector { std::vector secret_key_r_; std::vector encryptions_; std::vector exports_; + std::vector psk_; // Empty when mode is not PSK. + std::vector psk_id_; // Empty when mode is not PSK. }; // Match FileTest's naming scheme for duplicated attribute names. @@ -156,7 +196,13 @@ bool FileTestReadInt(FileTest *file_test, T *out, const std::string &key) { } -bool HpkeTestVector::ReadFromFileTest(FileTest *t) { +bool HPKETestVector::ReadFromFileTest(FileTest *t) { + uint8_t mode_tmp; + if (!FileTestReadInt(t, &mode_tmp, "mode")) { + return false; + } + mode_ = static_cast(mode_tmp); + if (!FileTestReadInt(t, &kdf_id_, "kdf_id") || !FileTestReadInt(t, &aead_id_, "aead_id") || !t->GetBytes(&info_, "info") || @@ -167,6 +213,13 @@ bool HpkeTestVector::ReadFromFileTest(FileTest *t) { return false; } + if (mode_ == HPKEMode::kPSK) { + if (!t->GetBytes(&psk_, "psk") || + !t->GetBytes(&psk_id_, "psk_id")) { + return false; + } + } + for (int i = 1; t->HasAttribute(BuildAttrName("aad", i)); i++) { Encryption encryption; if (!t->GetBytes(&encryption.aad, BuildAttrName("aad", i)) || @@ -194,7 +247,7 @@ bool HpkeTestVector::ReadFromFileTest(FileTest *t) { TEST(HPKETest, VerifyTestVectors) { FileTestGTest("crypto/hpke/hpke_test_vectors.txt", [](FileTest *t) { - HpkeTestVector test_vec; + HPKETestVector test_vec; EXPECT_TRUE(test_vec.ReadFromFileTest(t)); test_vec.Verify(); }); @@ -356,6 +409,63 @@ TEST(HPKETest, SenderInvalidOpen) { kMockCiphertextLen, nullptr, 0)); } +// Test that the PSK variants of Setup functions fail when any of the PSK inputs +// are empty. +TEST(HPKETest, EmptyPSK) { + const uint8_t kMockEnc[X25519_PUBLIC_VALUE_LEN] = {0xff}; + const uint8_t kMockPSK[100] = {0xff}; + const bssl::Span kPSKValues[] = { + {kMockPSK, sizeof(kMockPSK)}, + {nullptr, 0}, + }; + + // Generate the receiver's keypair. + uint8_t secret_key_r[X25519_PRIVATE_KEY_LEN]; + uint8_t public_key_r[X25519_PUBLIC_VALUE_LEN]; + X25519_keypair(public_key_r, secret_key_r); + + // Vary the PSK and PSKID inputs for the sender and receiver, trying all four + // permutations of empty and nonempty inputs. + + for (const auto psk : kPSKValues) { + for (const auto psk_id : kPSKValues) { + const bool kExpectSuccess = psk.size() > 0 && psk_id.size() > 0; + + ASSERT_EQ(ERR_get_error(), 0u); + + ScopedEVP_HPKE_CTX sender_ctx; + uint8_t enc[X25519_PUBLIC_VALUE_LEN]; + ASSERT_EQ(EVP_HPKE_CTX_setup_psk_s_x25519( + sender_ctx.get(), enc, EVP_HPKE_HKDF_SHA256, + EVP_HPKE_AEAD_AES_GCM_128, public_key_r, nullptr, 0, + psk.data(), psk.size(), psk_id.data(), psk_id.size()), + kExpectSuccess); + + if (!kExpectSuccess) { + uint32_t err = ERR_get_error(); + EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err)); + EXPECT_EQ(EVP_R_EMPTY_PSK, ERR_GET_REASON(err)); + } + ERR_clear_error(); + + ScopedEVP_HPKE_CTX receiver_ctx; + ASSERT_EQ( + EVP_HPKE_CTX_setup_psk_r_x25519( + receiver_ctx.get(), EVP_HPKE_HKDF_SHA256, + EVP_HPKE_AEAD_AES_GCM_128, kMockEnc, public_key_r, secret_key_r, + nullptr, 0, psk.data(), psk.size(), psk_id.data(), psk_id.size()), + kExpectSuccess); + + if (!kExpectSuccess) { + uint32_t err = ERR_get_error(); + EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err)); + EXPECT_EQ(EVP_R_EMPTY_PSK, ERR_GET_REASON(err)); + } + ERR_clear_error(); + } + } +} + TEST(HPKETest, InternalParseIntSafe) { uint8_t u8 = 0xff; ASSERT_FALSE(ParseIntSafe(&u8, "-1")); diff --git a/crypto/hpke/hpke_test_vectors.txt b/crypto/hpke/hpke_test_vectors.txt index 10669d4f45..9d787e984c 100644 --- a/crypto/hpke/hpke_test_vectors.txt +++ b/crypto/hpke/hpke_test_vectors.txt @@ -1,3 +1,4 @@ +mode = 0 kdf_id = 1 aead_id = 1 info = 4f6465206f6e2061204772656369616e2055726e @@ -66,6 +67,78 @@ exportContext = 436f6e746578742d34 exportLength = 32 exportValue = c4823eeb3efd2d5216b2d3b16e542bf57470dc9b9ea9af6bce85b151a3589d90 +mode = 1 +kdf_id = 1 +aead_id = 1 +info = 4f6465206f6e2061204772656369616e2055726e +skRm = 4b41ef269169090551fcea177ecdf622bca86d82298e21cd93119b804ccc5eab +skEm = e7d2b539792a48a24451303ccd0cfe77176b6cb06823c439edfd217458a1398a +pkRm = a5c85773bed3a831e7096f7df4ff5d1d8bac48fc97bfac366141efab91892a3a +pkEm = 08d39d3e7f9b586341b6004dafba9679d2bd9340066edb247e3e919013efcd0f +psk = 5db3b80a81cb63ca59470c83414ef70a +psk_id = 456e6e796e20447572696e206172616e204d6f726961 +# encryptions[0] +aad = 436f756e742d30 +ciphertext = fb68f911b4e4033d1547f646ea30c9cee987fb4b4a8c30918e5de6e96de32fc63466f2fc05e09aeff552489741 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[1] +aad = 436f756e742d31 +ciphertext = 85e7472fbb7e2341af35fb2a0795df9a85caa99a8f584056b11d452bc160470672e297f9892ce2c5020e794ae1 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[2] +aad = 436f756e742d32 +ciphertext = 74229b7491102bcf94cf7633888bc48baa4e5a73cc544bfad4ff61585506facb44b359ade03c0b2b35c6430e4c +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[3] +aad = 436f756e742d33 +ciphertext = 013476197af9440a8be89a0cf7d3802eae519d5f5b39cb600e8b285e16ad90c3d903f6108946616723e9a93b73 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[4] +aad = 436f756e742d34 +ciphertext = 5aeb09a3798d21dc2ca01f5c255624c9c8c20d75d79d19269eca7b280be0cb7851fae82b646bd5673d10368276 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[5] +aad = 436f756e742d35 +ciphertext = e9cac48b89f3f8898a85562007854b9f61bdf2d2c3e32e9b6162e9fa2f83924d138194528946d96cf7988685a0 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[6] +aad = 436f756e742d36 +ciphertext = 2aa76414e0cb28ba7ba0f24d800bc4fec24d51cd1f75e839233ee10610bda97f3daf46fadb53ca01762bbe8a04 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[7] +aad = 436f756e742d37 +ciphertext = 96148b343eb53df8d528af57214e65de028461ac69f2d9e371cb0aa4d732201d693766a17fd49ec6025bc98705 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[8] +aad = 436f756e742d38 +ciphertext = 39b7e966e0ada05d8cd8a9beb5765941baad38473f18f705443f882a207ff96bfe1c71ae386e97e2fa91960bbe +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[9] +aad = 436f756e742d39 +ciphertext = 25bd0d0614a38b19a05dff783a1bbd003c25cade55ba0e24e234b803991cae60ba7d105d35e47519a8cf598580 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# exports[0] +exportContext = 436f6e746578742d30 +exportLength = 32 +exportValue = bd292b132fae00243851451c3f3a87e9e11c3293c14d61b114b7e12e07245ffd +# exports[1] +exportContext = 436f6e746578742d31 +exportLength = 32 +exportValue = 695de26bc9336caee01cb04826f6e224f4d2108066ab17fc18f0c993dce05f24 +# exports[2] +exportContext = 436f6e746578742d32 +exportLength = 32 +exportValue = c53f26ef1bf4f5fd5469d807c418a0e103d035c76ccdbc6afb5bc42b24968f6c +# exports[3] +exportContext = 436f6e746578742d33 +exportLength = 32 +exportValue = 8cea4a595dfe3de84644ca8ea7ea9401a345f0db29bb4beebc2c471afc602ec4 +# exports[4] +exportContext = 436f6e746578742d34 +exportLength = 32 +exportValue = e6313f12f6c2054c69018f273211c54fcf2439d90173392eaa34b4caac929068 + +mode = 0 kdf_id = 1 aead_id = 2 info = 4f6465206f6e2061204772656369616e2055726e @@ -134,6 +207,78 @@ exportContext = 436f6e746578742d34 exportLength = 32 exportValue = 807d14a692749503f44e54660e8ebe4e93311715b9ba7d540973b2bb3c606825 +mode = 1 +kdf_id = 1 +aead_id = 2 +info = 4f6465206f6e2061204772656369616e2055726e +skRm = cb798ffb68e7b3db33913c365bf45a811fca8382522ac8815b12b26d3377a049 +skEm = bf3981d4d9b43ea83365747e25d8ba71e14d21cca47e35e70b5311e1d48f8a0d +pkRm = 4a9269e9db60008f5c7f3c7d39bb8c4923bc2f244b3ed9085191ef54cd10cf0c +pkEm = 8f65c9f75b4b774d36052dfac0bdd37a03f309b92c9a9ca47e903683be34d04d +psk = 5db3b80a81cb63ca59470c83414ef70a +psk_id = 456e6e796e20447572696e206172616e204d6f726961 +# encryptions[0] +aad = 436f756e742d30 +ciphertext = ad2a3e08e10413e7bdf9e89f2db169338fc68bcf8dc7bb073ca779024996de5922d338cf8407d34109cd2fdccf +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[1] +aad = 436f756e742d31 +ciphertext = d7c94516707aef83e37dc5cbe3e9668260de5954899d54e8ecab3f1cfba8556557f1ff2238f817e0eb75d3cbb7 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[2] +aad = 436f756e742d32 +ciphertext = 371412a9a86704990e8d7170282134096fc623c74411d5ff95380692a74c438deb0e38f41bfba0562042e987a0 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[3] +aad = 436f756e742d33 +ciphertext = 4e3486ffca6d42f064c885d169210f6fcce2b3d4981d185d4b1a5c1e82733c14f14fcb8b1f16dd1e7b707907ab +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[4] +aad = 436f756e742d34 +ciphertext = 45f532caeed9f6c35a990812773cfd688f686288dfcb500ae04f8fac4d3704204bb051e704c422edcc3107737b +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[5] +aad = 436f756e742d35 +ciphertext = 1c0aee5fa393a0c4e2dbd70f7ce475542c71fd402b6fb8431855ac8fbafc6801c777996f8243c53a7d96d131c8 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[6] +aad = 436f756e742d36 +ciphertext = 66cd0eeb97fc59c1863898f9b7f1f67c82c5aede5794c17937f5e0909641af770c4973aec2a21967c0f17a64ba +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[7] +aad = 436f756e742d37 +ciphertext = c96bb3363b31b582476239e1eb0792d2ac632ddaa7a1dc9ac7f9d588b62970016040a278e448256f5bbbf09ed7 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[8] +aad = 436f756e742d38 +ciphertext = 71b3055db5efe1165e685d25c4a749b6fdf8cb7a59f7e3e76cfbf63c109db9387fc751cc9c36cf886dd0f79411 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[9] +aad = 436f756e742d39 +ciphertext = 14372e32a6dee0536a11b66343eb436c099d7adf658900fa624a45d6f1a8e84297c56ec6e05b2745605dfcd99e +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# exports[0] +exportContext = 436f6e746578742d30 +exportLength = 32 +exportValue = c52ecbb65af1c6764ce7d2fd1131d5f050ee2f943a4fe56e9c855b44385b00cf +# exports[1] +exportContext = 436f6e746578742d31 +exportLength = 32 +exportValue = 42c5cf4f81152d05bacc9323e805eab8e429850dd029937c2c42f17ce7fea09b +# exports[2] +exportContext = 436f6e746578742d32 +exportLength = 32 +exportValue = 89d7f97327d51d61a4ac04b2507e51a977c8706bd932941f5acf1f542cfd034b +# exports[3] +exportContext = 436f6e746578742d33 +exportLength = 32 +exportValue = 581e3a66a1ad5309c3295825bc03407c7d9e34673e61aed2c543b47764577783 +# exports[4] +exportContext = 436f6e746578742d34 +exportLength = 32 +exportValue = 599f10537288a9ec87d53c16aaa5881715061e6152a5b51b1e0433a396b38d10 + +mode = 0 kdf_id = 1 aead_id = 3 info = 4f6465206f6e2061204772656369616e2055726e @@ -202,6 +347,78 @@ exportContext = 436f6e746578742d34 exportLength = 32 exportValue = d4f8878dbc471935e86cdee08746e53837bbb4b6013003bebb0bc1cc3e074085 +mode = 1 +kdf_id = 1 +aead_id = 3 +info = 4f6465206f6e2061204772656369616e2055726e +skRm = a6ab4e1bb782d580d837843089d65ebe271a0ee9b5a951777cecf1293c58c150 +skEm = 4bfdb62b95ae2a1f29f20ea49e24aa2673e0d240c6e967f668f55ed5dee996dc +pkRm = c49b46ed73ecb7d3a6a3e44f54b8f00f9ab872b57dd79ded66d7231a14c64144 +pkEm = f4639297e3305b03d34dd5d86522ddc6ba11a608a0003670a30734823cdd3763 +psk = 5db3b80a81cb63ca59470c83414ef70a +psk_id = 456e6e796e20447572696e206172616e204d6f726961 +# encryptions[0] +aad = 436f756e742d30 +ciphertext = f97ca72675b8199e8ffec65b4c200d901110b177b246f241b6f9716fb60b35b32a6d452675534b591e8141468a +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[1] +aad = 436f756e742d31 +ciphertext = 57796e2b9dd0ddf807f1a7cb5884dfc50e61468c4fd69fa03963731e51674ca88fee94eeac3290734e1627ded6 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[2] +aad = 436f756e742d32 +ciphertext = b514150af1057151687d0036a9b4a3ad50fb186253f839d8433622baa85719ed5d2532017a0ce7b9ca0007f276 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[3] +aad = 436f756e742d33 +ciphertext = 50a645f0f9bddac7b1029dba61921d2cdc10258e6d67e4918000eab0d617fb04a655caeeab308eb159585ae07a +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[4] +aad = 436f756e742d34 +ciphertext = 6232e4a184dbff7361f9e4d6bfaaf97631225ee317e63cb09e8f74fc93efeedb6385d4f4cb2e30ffb82aea0e1f +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[5] +aad = 436f756e742d35 +ciphertext = ab801465f2080c1b9a06b582a919b51fc289e1b5b14bbad0b09cd92a82d27a1de1b934fd809cde8f19ef988373 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[6] +aad = 436f756e742d36 +ciphertext = 83248649e62ac67c3b9d5525b886c04960b00b02df2d34c91284e8ed537feba132b03d12b868822af1e583118d +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[7] +aad = 436f756e742d37 +ciphertext = 5ad03248b8e5270a654b090df5eb8955120d5cdc00f5dfb004942125cec1fbcbaef7d9fdef284bddc134018b74 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[8] +aad = 436f756e742d38 +ciphertext = 56333a4ee1e5512cf2ffa1fd135fa54ba666f4388cf654fda9d7696ccfca1c51facda5a9bf80c9ac789026955a +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[9] +aad = 436f756e742d39 +ciphertext = e352a356575dcee382c8d2489bc45dc3a757979638e952dbac969eb092e9c616d8654e9dec8d1c0777e39478c3 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# exports[0] +exportContext = 436f6e746578742d30 +exportLength = 32 +exportValue = 735400cd9b9193daffe840f412074728ade6b1978e9ae27957aacd588dbd7c9e +# exports[1] +exportContext = 436f6e746578742d31 +exportLength = 32 +exportValue = cf4e351e1943d171ff2d88726f18160086ecbec52a8151dba8cf5ba0737a6097 +# exports[2] +exportContext = 436f6e746578742d32 +exportLength = 32 +exportValue = 8e23b44d4f23dd906d1c100580a670d171132c9786212c4ca2876a1541a84fae +# exports[3] +exportContext = 436f6e746578742d33 +exportLength = 32 +exportValue = 56252a940ece53d4013eb619b444ee1d019a08eec427ded2b6dbf24be624a4a0 +# exports[4] +exportContext = 436f6e746578742d34 +exportLength = 32 +exportValue = fc6cdca9ce8ab062401478ffd16ee1c07e2b15d7c781d4227f07c6043d937fad + +mode = 0 kdf_id = 3 aead_id = 1 info = 4f6465206f6e2061204772656369616e2055726e @@ -270,6 +487,78 @@ exportContext = 436f6e746578742d34 exportLength = 32 exportValue = 1538807322f02dbded405d10de3aafc4f6d365d9aefbef081d114dcedbe1cae2 +mode = 1 +kdf_id = 3 +aead_id = 1 +info = 4f6465206f6e2061204772656369616e2055726e +skRm = ac1f54ecf81f53a71c5be7f734346fffe084ba6f5966d2b3173df819145bd722 +skEm = 20c9020273ac6193f27fb69af406cdab8154090c28aa2c7b870b92513d8805f4 +pkRm = 7e8561e6b753c6992df8d89cc1e447bebd4e21fcd4d1dc868f6b2ea663ce7e18 +pkEm = 7c35810fdc4009af7cb98dca0838ad32495c71c3003be650ed1ea0f6cd1ecc3c +psk = 5db3b80a81cb63ca59470c83414ef70a +psk_id = 456e6e796e20447572696e206172616e204d6f726961 +# encryptions[0] +aad = 436f756e742d30 +ciphertext = 13d119d97709546435a5fbc99a39d9ac3f2ef459c9841305582282c435aab714af1df2f52bd07f196bfe9294f5 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[1] +aad = 436f756e742d31 +ciphertext = e8f9743ee3eeb41cebade4ba2f0d758b679c560a53a720aeb88017bbd778537b02b3eca27bca61fa13898847ec +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[2] +aad = 436f756e742d32 +ciphertext = 7f0218fe141ffccc6229d096516a27cce109e1300f59a3500288cc1bb57c765b91b4a240075493d94abb9e4cf9 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[3] +aad = 436f756e742d33 +ciphertext = b893adce352a2b1c780f67475062a9eb827ba2fb2e7ec4ae21e27d6663e1a988d81390b50d99b4de2b451afce1 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[4] +aad = 436f756e742d34 +ciphertext = 8e733ddc1dd2b80ad6decf1b0ce08a28e9f5e644a7439621cd028ac9599c7657dac34173f7d5489e34be099462 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[5] +aad = 436f756e742d35 +ciphertext = 4551173fc2233def235d52c738dc5095bc7abb6e3c3c7f8e58ae983bf68cb5b6fdfdf334b9bef4e1c5b11c2884 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[6] +aad = 436f756e742d36 +ciphertext = 3384441833b623b36930d89a3e795fcc31e703d460ec48dc43be345794a2d73af9f4283494f23b904ba609197d +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[7] +aad = 436f756e742d37 +ciphertext = ad5a5977bd3486ec319850a52fb8e7cba74d0e2c2ee261ec9a6b2bfb579f7a55f8bac5ab774c2bc28d86623ff7 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[8] +aad = 436f756e742d38 +ciphertext = 8d4466e0d99086ee1c0171a111a2c1ea5736ba9324eb20aa0d071dcd8c4581ea1dda96e25dd3f341c84c9c3529 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[9] +aad = 436f756e742d39 +ciphertext = adf8ca449b303657e9d81bf9566d7562d9b28d9c63758bfa93586f5ba69a2fe2dca1dafd022831de39b6453c28 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# exports[0] +exportContext = 436f6e746578742d30 +exportLength = 32 +exportValue = 899f63d5646d1116e63029c0c03a3a8b63b815af58a0e197c440e8075daa220d +# exports[1] +exportContext = 436f6e746578742d31 +exportLength = 32 +exportValue = a2da1ff2773723418e07c63d39455d70be0865d6d0fb29e355eda599a62441da +# exports[2] +exportContext = 436f6e746578742d32 +exportLength = 32 +exportValue = 1c361d5b9b14c6f75660c8c960b908394c0281895fbba9288730822511a24171 +# exports[3] +exportContext = 436f6e746578742d33 +exportLength = 32 +exportValue = b5258b7e39ea3a68177b50a5a492b6cb8083707a1756e5a7d5d4370556c856de +# exports[4] +exportContext = 436f6e746578742d34 +exportLength = 32 +exportValue = 81ddfe54c7894f987e2945333a5ec809068890587759b6407feb1d6f1ca26e6e + +mode = 0 kdf_id = 3 aead_id = 2 info = 4f6465206f6e2061204772656369616e2055726e @@ -338,6 +627,78 @@ exportContext = 436f6e746578742d34 exportLength = 32 exportValue = 5c49cd3ebcb956aeb7e41c9a0f2d4b4c9501f66cc544d8d7fa62ce96d2938857 +mode = 1 +kdf_id = 3 +aead_id = 2 +info = 4f6465206f6e2061204772656369616e2055726e +skRm = 939a0b48510924ccf6449c0eaaa1069bb41ab9cf54d090e6c6eb9aaab6051d69 +skEm = d3668380f7053086047e1f8a66e0e32c45c1086002b6a67dc9a942058a655073 +pkRm = 4af18720a608d13ce17268aa1721876e96ec4173a40788ddfd60c886b4c08605 +pkEm = 2ed53926385da5d41c76e75a636cd795fea5200d0e7ef6affd4b741a1196be37 +psk = 5db3b80a81cb63ca59470c83414ef70a +psk_id = 456e6e796e20447572696e206172616e204d6f726961 +# encryptions[0] +aad = 436f756e742d30 +ciphertext = b5039652103f36bdcf1380b947ed8b6dc3413b98cff2c6451aff5fabee7234ace274918eb665f6d08850a70093 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[1] +aad = 436f756e742d31 +ciphertext = f1a1beb03a0c2d3f756d992cba6712247e24561e8407aef299285cefc337beaf249b8b92325a6718feffb1cfad +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[2] +aad = 436f756e742d32 +ciphertext = 0f5f58f918a19f55efc146bf3ecd5c72bb0c00893c02ca56cf291904e1e1f8f6d0768f1cfed9d64d3f7f35d912 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[3] +aad = 436f756e742d33 +ciphertext = 14177f71f6716d128baaff214e360bb9b8dc0ddb34ba7bcb8d0dcb01c548d42d3c43875ec8ff083acba591ca24 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[4] +aad = 436f756e742d34 +ciphertext = f8ee21f3af210dacb7aea148b444a98e643f161040db1350429c366a667bbc4b0cb6dbf047c2ba9f86a8ecf425 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[5] +aad = 436f756e742d35 +ciphertext = 9f5ffc686ca660de6101a9dbf412c61de6fc574954f72f7d2c652c0ab61e8597170ec713b5314e41f0601fbf49 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[6] +aad = 436f756e742d36 +ciphertext = 3f415ff7bc48fbdb69babce3045049ae2bc2a6983ddaf08cc9b3368362f7918bb73a4872c37fed3e3d808a9c1e +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[7] +aad = 436f756e742d37 +ciphertext = bd2199064b596d3ef9a77fa8a5db93f1510bf996e320da92635e435c4b59120702c344825fc012393dcbddc05e +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[8] +aad = 436f756e742d38 +ciphertext = 789faf060328cb1d359a7a30a3ce9d303612ef9c9da56c78fee82334953d425bb1613e757b2d7ab1aafd5be927 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[9] +aad = 436f756e742d39 +ciphertext = ac41c4a676448ef3f39a471f588d8576bb30817055ce8ac4404b61a4fdbb71adbababd15117cec7371aac83b0e +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# exports[0] +exportContext = 436f6e746578742d30 +exportLength = 32 +exportValue = e98921e4c437992d7ac035d74dfae232ef41227e2f27e4e4d801b4bd8934a5b6 +# exports[1] +exportContext = 436f6e746578742d31 +exportLength = 32 +exportValue = 1269029586ff64d8bde114359411f61c22211e8725a2b86ea145b8b9151c3915 +# exports[2] +exportContext = 436f6e746578742d32 +exportLength = 32 +exportValue = b8f393d7cea5934e16f4de8ef9a8912104b741ecd464d4c84886f7eef28cc301 +# exports[3] +exportContext = 436f6e746578742d33 +exportLength = 32 +exportValue = eb5c8739d172a30b48235316e13a12fa8abd05d72cc5c330fd3ab3de3371ddc4 +# exports[4] +exportContext = 436f6e746578742d34 +exportLength = 32 +exportValue = 0b15c1a0dccac801a3078a8a01145c940ade7d9993111bf614ac69d073913a6f + +mode = 0 kdf_id = 3 aead_id = 3 info = 4f6465206f6e2061204772656369616e2055726e @@ -405,3 +766,74 @@ exportValue = d440fbf13b9e3956c7d6772166e07305a8f5a396e2bd361b5b9fbae9b0b04909 exportContext = 436f6e746578742d34 exportLength = 32 exportValue = 1474f8e9dac70e76041b4bb365f1fc4e1e2509f43c188b5d15b8d89113c197f7 + +mode = 1 +kdf_id = 3 +aead_id = 3 +info = 4f6465206f6e2061204772656369616e2055726e +skRm = c9221f98c17117ab4216e062481934ad21a12c8ba833a0611ca1910fac031563 +skEm = 9e38eaa97787575e564949bd84845965e910ae90a17bf841f68a4c791385afd3 +pkRm = 4ca2dcf3f5fa2b8b782536f695b3279f03569857a88e90075d5e4a67e4c4a44d +pkEm = 886c15a9d1c3609a3f3f6be3b5d1b60817f6a557e2b7344456dbc8ae49f5e93c +psk = 5db3b80a81cb63ca59470c83414ef70a +psk_id = 456e6e796e20447572696e206172616e204d6f726961 +# encryptions[0] +aad = 436f756e742d30 +ciphertext = 2f3eba789b7706b85fd2fcadf189f640a726160a7a0ef22b6483aaf69210c02d4c22113740235783dbd70ca1b7 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[1] +aad = 436f756e742d31 +ciphertext = ea76c297d6440fcc6e753980678adf65389171c591cd2ce0cc6de56c4560e6642ca5df5d910b3006b653372657 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[2] +aad = 436f756e742d32 +ciphertext = 7bed7b81628f1892518ced3b292cdf8e17dd0fa270600177a5c122204bfc381bc01f9bd5de77c4a568055ad19c +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[3] +aad = 436f756e742d33 +ciphertext = 38ad518591bbb6bbbe114e08e76a90b0040ef5571dbeb9a4ca778b72eba6e729c75efaf476e1dc69d2a95ba304 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[4] +aad = 436f756e742d34 +ciphertext = a38f5cf41d1ad3802ec4043067e4ff1aff3c557d1961cb76f6fbecea500f45ce780c27cc2894057093298d782e +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[5] +aad = 436f756e742d35 +ciphertext = 0844adf506c653ff4cb9eaa595b4a6382055d53bfe4490a323d3ed0369b33a206f6fbed3a2c2409a646edcce70 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[6] +aad = 436f756e742d36 +ciphertext = 747700aa0de178a38e2ac8ee358e0d79d2b6026a8e86e215312d359933da08bcbb443e9e2280932e2e37ca0c7d +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[7] +aad = 436f756e742d37 +ciphertext = 31b7a490d05bd9e31b6ddc82b2eef9d6500675273e5c215c2f3fd4a28f04b73c752a7b7f89c2220cc5d26d3ef4 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[8] +aad = 436f756e742d38 +ciphertext = b57d6cb945a21064c1dd0a293ae28d315e7160764e20d48f50ba9be6d3d530cd064a851f7f9fd16f61fd8afef0 +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# encryptions[9] +aad = 436f756e742d39 +ciphertext = 1bb75c2eb81165d8c95d893c9dc1425d2de1628696c488d6ff0213674a6bdba09a3ad6ef506ca339d64f02e46e +plaintext = 4265617574792069732074727574682c20747275746820626561757479 +# exports[0] +exportContext = 436f6e746578742d30 +exportLength = 32 +exportValue = bf8d87036ace4835ee917a504016601ce7b5add0b8d72aa64ea493ea241786f4 +# exports[1] +exportContext = 436f6e746578742d31 +exportLength = 32 +exportValue = 9583f302506aabded442f4a3c4cb976682fed99c4bcbdf5ad41c2f00d3fbc27a +# exports[2] +exportContext = 436f6e746578742d32 +exportLength = 32 +exportValue = fa169c1e9ca8582381a72b5067da174995500198484520d60d22bf9bb4c34ead +# exports[3] +exportContext = 436f6e746578742d33 +exportLength = 32 +exportValue = 56fbba55aef923240daf63ebd30508e891cdffbe0bfe03306727320d6dfa29e6 +# exports[4] +exportContext = 436f6e746578742d34 +exportLength = 32 +exportValue = eb30f91427038c6e3716310c0ffc431ca9ea2b10c2f264f7aee82f86f817b8e2 diff --git a/crypto/hpke/internal.h b/crypto/hpke/internal.h index 79f65aaeb3..87c049a509 100644 --- a/crypto/hpke/internal.h +++ b/crypto/hpke/internal.h @@ -27,9 +27,10 @@ extern "C" { // Hybrid Public Key Encryption. // // Hybrid Public Key Encryption (HPKE) enables a sender to encrypt messages to a -// receiver with a public key. +// receiver with a public key. Optionally, the sender may authenticate its +// possession of a pre-shared key to the recipient. // -// See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-04. +// See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-05. // EVP_HPKE_AEAD_* are AEAD identifiers. #define EVP_HPKE_AEAD_AES_GCM_128 0x0001 @@ -78,13 +79,11 @@ OPENSSL_EXPORT void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx); // must be one of the |EVP_HPKE_HKDF_*| constants. |aead_id| selects the AEAD // for the "open" and "seal" operations and must be one of the |EVP_HPKE_AEAD_*" // constants." -// -// See https://www.ietf.org/id/draft-irtf-cfrg-hpke-04.html#section-5.1.1. // EVP_HPKE_CTX_setup_base_s_x25519 sets up |hpke| as a sender context that can // encrypt for the private key corresponding to |peer_public_value| (the // recipient's public key). It returns one on success, and zero otherwise. Note -// that this function may fail if |peer_public_value| is invalid. +// that this function will fail if |peer_public_value| is invalid. // // This function writes the encapsulated shared secret to |out_enc|. OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_s_x25519( @@ -106,7 +105,7 @@ OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_s_x25519_for_test( // EVP_HPKE_CTX_setup_base_r_x25519 sets up |hpke| as a recipient context that // can decrypt messages. |private_key| is the recipient's private key, and |enc| // is the encapsulated shared secret from the sender. Note that this function -// may fail if |enc| is invalid. +// will fail if |enc| is invalid. OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_r_x25519( EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id, const uint8_t enc[X25519_PUBLIC_VALUE_LEN], @@ -114,6 +113,52 @@ OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_r_x25519( const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info, size_t info_len); +// EVP_HPKE_CTX_setup_psk_s_x25519 sets up |hpke| as a sender context that can +// encrypt for the private key corresponding to |peer_public_value| (the +// recipient's public key) and authenticate its possession of a PSK. It returns +// one on success, and zero otherwise. Note that this function will fail if +// |peer_public_value| is invalid. +// +// The PSK and its ID must be provided in |psk| and |psk_id|, respectively. Both +// must be nonempty (|psk_len| and |psk_id_len| must be non-zero), or this +// function will fail. +// +// This function writes the encapsulated shared secret to |out_enc|. +OPENSSL_EXPORT int EVP_HPKE_CTX_setup_psk_s_x25519( + EVP_HPKE_CTX *hpke, uint8_t out_enc[X25519_PUBLIC_VALUE_LEN], + uint16_t kdf_id, uint16_t aead_id, + const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN], + const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len, + const uint8_t *psk_id, size_t psk_id_len); + +// EVP_HPKE_CTX_setup_psk_s_x25519_for_test behaves like +// |EVP_HPKE_CTX_setup_psk_s_x25519|, but takes a pre-generated ephemeral sender +// key. +OPENSSL_EXPORT int EVP_HPKE_CTX_setup_psk_s_x25519_for_test( + EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id, + const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN], + const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len, + const uint8_t *psk_id, size_t psk_id_len, + const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN], + const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]); + +// EVP_HPKE_CTX_setup_psk_r_x25519 sets up |hpke| as a recipient context that +// can decrypt messages. Future open (decrypt) operations will fail if the +// sender does not possess the PSK indicated by |psk| and |psk_id|. +// |private_key| is the recipient's private key, and |enc| is the encapsulated +// shared secret from the sender. If |enc| is invalid, this function will fail. +// +// The PSK and its ID must be provided in |psk| and |psk_id|, respectively. Both +// must be nonempty (|psk_len| and |psk_id_len| must be non-zero), or this +// function will fail. +OPENSSL_EXPORT int EVP_HPKE_CTX_setup_psk_r_x25519( + EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id, + const uint8_t enc[X25519_PUBLIC_VALUE_LEN], + const uint8_t public_key[X25519_PUBLIC_VALUE_LEN], + const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info, + size_t info_len, const uint8_t *psk, size_t psk_len, const uint8_t *psk_id, + size_t psk_id_len); + // Using an HPKE context. diff --git a/crypto/hpke/translate_test_vectors.py b/crypto/hpke/translate_test_vectors.py index 6d73228347..d53787a573 100755 --- a/crypto/hpke/translate_test_vectors.py +++ b/crypto/hpke/translate_test_vectors.py @@ -28,6 +28,7 @@ import sys HPKE_MODE_BASE = 0 +HPKE_MODE_PSK = 1 HPKE_DHKEM_X25519_SHA256 = 0x0020 @@ -46,11 +47,17 @@ def read_test_vectors_and_generate_code(json_file_in_path, test_file_out_path): lines = [] for test in test_vecs: # Filter out test cases that we don't use. - if (test["mode"] != HPKE_MODE_BASE or + if (test["mode"] not in [HPKE_MODE_BASE, HPKE_MODE_PSK] or test["kem_id"] != HPKE_DHKEM_X25519_SHA256): continue - for key in ("kdf_id", "aead_id", "info", "skRm", "skEm", "pkRm", "pkEm"): + keys = ["mode", "kdf_id", "aead_id", "info", "skRm", "skEm", "pkRm", "pkEm"] + + if test["mode"] == HPKE_MODE_PSK: + keys.append("psk") + keys.append("psk_id") + + for key in keys: lines.append("{} = {}".format(key, str(test[key]))) for i, enc in enumerate(test["encryptions"]): diff --git a/include/openssl/evp.h b/include/openssl/evp.h index e647cdf60a..da114d4f6a 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1117,5 +1117,6 @@ BSSL_NAMESPACE_END #define EVP_R_INVALID_PARAMETERS 133 #define EVP_R_INVALID_PEER_KEY 134 #define EVP_R_NOT_XOF_OR_INVALID_LENGTH 135 +#define EVP_R_EMPTY_PSK 136 #endif // OPENSSL_HEADER_EVP_H From 6a263ce483b9ff03c7998bcae031ed42f092368e Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Fri, 11 Sep 2020 18:16:05 +0000 Subject: [PATCH 084/399] Revert "Check AlgorithmIdentifier parameters for RSA and ECDSA signatures." This reverts commit 9dd9d4fc242f31584f5a42e41e63d132c790421f. BUG=b/167375496,342 Original change's description: > Check AlgorithmIdentifier parameters for RSA and ECDSA signatures. > > This aligns with the Chromium certificate verifier, which allows NULL or > empty for RSA and requires empty for ECDSA. > > Bug: 342 > Change-Id: I34acf68f63b4d133dd47b73144b2f27224c499ee > Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41804 > Reviewed-by: Adam Langley > Commit-Queue: David Benjamin TBR=agl@google.com,davidben@google.com # Not skipping CQ checks because original CL landed > 1 day ago. Change-Id: If8f136a09fea68e64c9f4f9ffae88b6209ede124 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42804 Commit-Queue: Adam Langley Reviewed-by: Adam Langley --- crypto/x509/algorithm.c | 8 --- crypto/x509/x509_test.cc | 116 --------------------------------------- 2 files changed, 124 deletions(-) diff --git a/crypto/x509/algorithm.c b/crypto/x509/algorithm.c index b9f3314c9b..8f53fff6db 100644 --- a/crypto/x509/algorithm.c +++ b/crypto/x509/algorithm.c @@ -142,14 +142,6 @@ int x509_digest_verify_init(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, return 0; } - /* RSA signature algorithms include an explicit NULL parameter but we also - * accept omitted values for compatibility. Other algorithms must omit it. */ - if (sigalg->parameter != NULL && (pkey_nid != EVP_PKEY_RSA || - sigalg->parameter->type != V_ASN1_NULL)) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PARAMETER); - return 0; - } - /* Otherwise, initialize with the digest from the OID. */ const EVP_MD *digest = EVP_get_digestbynid(digest_nid); if (digest == NULL) { diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index 38c9bc599a..d71dee92ff 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -233,13 +233,6 @@ static const char kRSAKey[] = "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n" "-----END RSA PRIVATE KEY-----\n"; -static const char kP256Key[] = - "-----BEGIN PRIVATE KEY-----\n" - "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ\n" - "TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N\n" - "Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB\n" - "-----END PRIVATE KEY-----\n"; - // kCRLTestRoot is a test root certificate. It has private key: // // -----BEGIN RSA PRIVATE KEY----- @@ -2452,112 +2445,3 @@ TEST(X509Test, InvalidVersion) { EXPECT_FALSE(CertFromPEM(kV1WithIssuerUniqueIDPEM)); EXPECT_FALSE(CertFromPEM(kV1WithSubjectUniqueIDPEM)); } - -// The following strings are test certificates signed by kP256Key and kRSAKey, -// with missing, NULL, or invalid algorithm parameters. -static const char kP256NoParam[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBIDCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX\n" - "DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0\n" - "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke\n" - "DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w\n" - "DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAqdIiF+bN9Cl44oUeICpy\n" - "aXd7HqhpVUaglYKw9ChmNUACIQCpMdL0fNkFNDbRww9dSl/y7kBdk/tp16HiqeSy\n" - "gGzFYg==\n" - "-----END CERTIFICATE-----\n"; -static const char kP256NullParam[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBJDCByKADAgECAgIE0jAMBggqhkjOPQQDAgUAMA8xDTALBgNVBAMTBFRlc3Qw\n" - "IBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMA8xDTALBgNVBAMTBFRl\n" - "c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2niv2Wfl74vHg2UikzVl2u3\n" - "qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLBoxAw\n" - "DjAMBgNVHRMEBTADAQH/MAwGCCqGSM49BAMCBQADSQAwRgIhAKILHmyo+F3Cn/VX\n" - "UUeSXOQQKX5aLzsQitwwmNF3ZgH3AiEAsYHcrVj/ftmoQIORARkQ/+PrqntXev8r\n" - "t6uPxHrmpUY=\n" - "-----END CERTIFICATE-----\n"; -static const char kP256InvalidParam[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBMTCBz6ADAgECAgIE0jATBggqhkjOPQQDAgQHZ2FyYmFnZTAPMQ0wCwYDVQQD\n" - "EwRUZXN0MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYD\n" - "VQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4N\n" - "lIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1L\n" - "z3IiwaMQMA4wDAYDVR0TBAUwAwEB/zATBggqhkjOPQQDAgQHZ2FyYmFnZQNIADBF\n" - "AiAglpDf/YhN89LeJ2WAs/F0SJIrsuhS4uoInIz6WXUiuQIhAIu5Pwhp5E3Pbo8y\n" - "fLULTZnynuQUULQkRcF7S7T2WpIL\n" - "-----END CERTIFICATE-----\n"; -static const char kRSANoParam[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBWzCBx6ADAgECAgIE0jALBgkqhkiG9w0BAQswDzENMAsGA1UEAxMEVGVzdDAg\n" - "Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz\n" - "dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep\n" - "Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO\n" - "MAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4GBAC1f8W3W0Ao7CPfIBQYDSbPh\n" - "brZpbxdBU5x27JOS7iSa+Lc9pEH5VCX9vIypHVHXLPEfZ38yIt11eiyrmZB6w62N\n" - "l9kIeZ6FVPmC30d3sXx70Jjs+ZX9yt7kD1gLyNAQQfeYfa4rORAZT1n2YitD74NY\n" - "TWUH2ieFP3l+ecj1SeQR\n" - "-----END CERTIFICATE-----\n"; -static const char kRSANullParam[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBXzCByaADAgECAgIE0jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRUZXN0\n" - "MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRU\n" - "ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdr\n" - "t6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQ\n" - "MA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAzVcfIv+Rq1KrMXqIL\n" - "fPq/cWZjgqFZA1RGaGElNaqp+rkJfamq5tDGzckWpebrK+jjRN7yIlcWDtPpy3Gy\n" - "seZfvtBDR0TwJm0S/pQl8prKB4wgALcwe3bmi56Rq85nzY5ZLNcP16LQxL+jAAua\n" - "SwmQUz4bRpckRBj+sIyp1We+pg==\n" - "-----END CERTIFICATE-----\n"; -static const char kRSAInvalidParam[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBbTCB0KADAgECAgIE0jAUBgkqhkiG9w0BAQsEB2dhcmJhZ2UwDzENMAsGA1UE\n" - "AxMEVGVzdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsG\n" - "A1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8e\n" - "DZSKTNWXa7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQt\n" - "S89yIsGjEDAOMAwGA1UdEwQFMAMBAf8wFAYJKoZIhvcNAQELBAdnYXJiYWdlA4GB\n" - "AHTJ6cWWjCNrZhqiWWVI3jdK+h5xpRG8jGMXxR4JnjtoYRRusJLOXhmapwCB6fA0\n" - "4vc+66O27v36yDmQX+tIc/hDrTpKNJptU8q3n2VagREvoHhkOTYkcCeS8vmnMtn8\n" - "5OMNZ/ajVwOssw61GcAlScRqEHkZFBoGp7e+QpgB2tf9\n" - "-----END CERTIFICATE-----\n"; - -TEST(X509Test, AlgorithmParameters) { - // P-256 requires the parameter be omitted. - bssl::UniquePtr key = PrivateKeyFromPEM(kP256Key); - ASSERT_TRUE(key); - - bssl::UniquePtr cert = CertFromPEM(kP256NoParam); - ASSERT_TRUE(cert); - EXPECT_TRUE(X509_verify(cert.get(), key.get())); - - cert = CertFromPEM(kP256NullParam); - ASSERT_TRUE(cert); - EXPECT_FALSE(X509_verify(cert.get(), key.get())); - uint32_t err = ERR_get_error(); - EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); - EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err)); - - cert = CertFromPEM(kP256InvalidParam); - ASSERT_TRUE(cert); - EXPECT_FALSE(X509_verify(cert.get(), key.get())); - err = ERR_get_error(); - EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); - EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err)); - - // RSA parameters should be NULL, but we accept omitted ones. - key = PrivateKeyFromPEM(kRSAKey); - ASSERT_TRUE(key); - - cert = CertFromPEM(kRSANoParam); - ASSERT_TRUE(cert); - EXPECT_TRUE(X509_verify(cert.get(), key.get())); - - cert = CertFromPEM(kRSANullParam); - ASSERT_TRUE(cert); - EXPECT_TRUE(X509_verify(cert.get(), key.get())); - - cert = CertFromPEM(kRSAInvalidParam); - ASSERT_TRUE(cert); - EXPECT_FALSE(X509_verify(cert.get(), key.get())); - err = ERR_get_error(); - EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); - EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err)); -} From 6ad3b46b24ea45afb609a2852f6dc16f52840583 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 31 Aug 2020 11:10:57 -0400 Subject: [PATCH 085/399] Remove ASN1_STRING_length_set. This function is unused and quite unsafe. Update-Note: Use ASN1_STRING_set instead, though this function appears to be unused. Change-Id: Ie6f4dec4b9e11ebde95b322ef91e1b8d63fbb8af Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42724 Reviewed-by: Adam Langley --- crypto/asn1/asn1_lib.c | 6 ------ include/openssl/asn1.h | 1 - 2 files changed, 7 deletions(-) diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 1091009177..128d28f6f2 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -424,12 +424,6 @@ int ASN1_STRING_length(const ASN1_STRING *x) return M_ASN1_STRING_length(x); } -void ASN1_STRING_length_set(ASN1_STRING *x, int len) -{ - M_ASN1_STRING_length_set(x, len); - return; -} - int ASN1_STRING_type(const ASN1_STRING *x) { return M_ASN1_STRING_type(x); diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index c1a8d5af47..d50879f9b7 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -487,7 +487,6 @@ typedef struct BIT_STRING_BITNAME_st { #define M_ASN1_STRING_length(x) ((x)->length) -#define M_ASN1_STRING_length_set(x, n) ((x)->length = (n)) #define M_ASN1_STRING_type(x) ((x)->type) #define M_ASN1_STRING_data(x) ((x)->data) From 662bfad81002086c217a9042ed459efd5e0bf82c Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 15 Sep 2020 15:22:01 -0400 Subject: [PATCH 086/399] Fix potential leak in bssl::Array::Shrink. We don't currently use this type anywhere with a nontrivial destructor, so this doesn't matter right now. But handle this correctly in case we ever do. (One of these days, we should sort out using the STL and Abseil in here...) Change-Id: I6a198ccf87f953cedcdbe658fa508a3b79d47305 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42825 Commit-Queue: Adam Langley Reviewed-by: Adam Langley --- ssl/internal.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ssl/internal.h b/ssl/internal.h index e08505fc79..750bfe93af 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -345,6 +345,9 @@ class Array { if (new_size > size_) { abort(); } + for (size_t i = new_size; i < size_; i++) { + data_[i].~T(); + } size_ = new_size; } From a82cfdf08370bc4fd945f21c66d7dee3c4b7bd48 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 29 Aug 2020 17:22:31 -0400 Subject: [PATCH 087/399] Document more of x509.h. Change-Id: Idda4d1e822c63ae341154c5c12953519fee04e4f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42725 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- include/openssl/x509.h | 37 ++++++++++++++++++++++++++++++------- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 1353879759..38bdf52b20 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -669,17 +669,40 @@ OPENSSL_EXPORT int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *pkey); // returns one if the signature is valid and zero otherwise. OPENSSL_EXPORT int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *spki, EVP_PKEY *pkey); +// NETSCAPE_SPKI_b64_decode decodes |len| bytes from |str| as a base64-encoded +// Netscape signed public key and challenge (SPKAC) structure. It returns a +// newly-allocated |NETSCAPE_SPKI| structure with the result, or NULL on error. +// If |len| is 0 or negative, the length is calculated with |strlen| and |str| +// must be a NUL-terminated C string. OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len); -OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); -OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); -OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); -OPENSSL_EXPORT int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); - -OPENSSL_EXPORT int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, +// NETSCAPE_SPKI_b64_encode encodes |spki| as a base64-encoded Netscape signed +// public key and challenge (SPKAC) structure. It returns a newly-allocated +// NUL-terminated C string with the result, or NULL on error. The caller must +// release the memory with |OPENSSL_free| when done. +OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki); + +// NETSCAPE_SPKI_get_pubkey decodes and returns the public key in |spki| as an +// |EVP_PKEY|, or NULL on error. The resulting pointer is non-owning and valid +// until |spki| is released or mutated. The caller should take a reference with +// |EVP_PKEY_up_ref| to extend the lifetime. +OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *spki); + +// NETSCAPE_SPKI_set_pubkey sets |spki|'s public key to |pkey|. It returns one +// on success or zero on error. This function does not take ownership of |pkey|, +// so the caller may continue to manage its lifetime independently of |spki|. +OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *spki, + EVP_PKEY *pkey); + +// X509_signature_dump writes a human-readable representation of |sig| to |bio|, +// indented with |indent| spaces. It returns one on success and zero on error. +OPENSSL_EXPORT int X509_signature_dump(BIO *bio, const ASN1_STRING *sig, int indent); -OPENSSL_EXPORT int X509_signature_print(BIO *bp, const X509_ALGOR *alg, + +// X509_signature_print writes a human-readable representation of |alg| and +// |sig| to |bio|. It returns one on success and zero on error. +OPENSSL_EXPORT int X509_signature_print(BIO *bio, const X509_ALGOR *alg, const ASN1_STRING *sig); OPENSSL_EXPORT int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); From 49e9f67d8b7cbeb3953b5548ad1009d15947a523 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 16 Sep 2020 12:29:13 -0400 Subject: [PATCH 088/399] Bump OPENSSL_VERSION_NUMBER to 1.1.1. With TLS 1.3 and Ed25519 support, we're much closer to OpenSSL 1.1.1 these days than OpenSSL 1.1.0. I've also added a test to keep OPENSSL_VERSION_NUMBER and OPENSSL_VERSION_TEXT in sync. Update-Note: Some OPENSSL_VERSION_NUMBER/OPENSSL_IS_BORINGSSL checks may need to be updated. Hopefully even more can go away. Bug: 367 Change-Id: Idaa238b74f35993c9c03fec31f1346c15cf82968 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42864 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/CMakeLists.txt | 1 + crypto/crypto_test.cc | 35 +++++++++++++++++++++++++++++++++++ include/openssl/base.h | 2 +- include/openssl/crypto.h | 2 +- 4 files changed, 38 insertions(+), 2 deletions(-) create mode 100644 crypto/crypto_test.cc diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index edb21cca67..a872626de5 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -495,6 +495,7 @@ add_executable( compiler_test.cc constant_time_test.cc cpu-arm-linux_test.cc + crypto_test.cc curve25519/ed25519_test.cc curve25519/spake25519_test.cc curve25519/x25519_test.cc diff --git a/crypto/crypto_test.cc b/crypto/crypto_test.cc new file mode 100644 index 0000000000..f6c23740af --- /dev/null +++ b/crypto/crypto_test.cc @@ -0,0 +1,35 @@ +/* Copyright (c) 2020, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include + +#include + +#include +#include + +#include + +// Test that OPENSSL_VERSION_NUMBER and OPENSSL_VERSION_TEXT are consistent. +// Node.js parses the version out of OPENSSL_VERSION_TEXT instead of using +// OPENSSL_VERSION_NUMBER. +TEST(CryptoTest, Version) { + char expected[512]; + snprintf(expected, sizeof(expected), "OpenSSL %d.%d.%d ", + OPENSSL_VERSION_NUMBER >> 28, (OPENSSL_VERSION_NUMBER >> 20) & 0xff, + (OPENSSL_VERSION_NUMBER >> 12) & 0xff); + EXPECT_EQ(expected, + std::string(OPENSSL_VERSION_TEXT).substr(0, strlen(expected))); +} diff --git a/include/openssl/base.h b/include/openssl/base.h index 69f51e86ef..d681bdf81e 100644 --- a/include/openssl/base.h +++ b/include/openssl/base.h @@ -173,7 +173,7 @@ extern "C" { #endif #define OPENSSL_IS_BORINGSSL -#define OPENSSL_VERSION_NUMBER 0x1010007f +#define OPENSSL_VERSION_NUMBER 0x1010107f #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER // BORINGSSL_API_VERSION is a positive integer that increments as BoringSSL diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 0dc5373237..b820e40d00 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -76,7 +76,7 @@ OPENSSL_EXPORT void CRYPTO_pre_sandbox_init(void); // OPENSSL_VERSION_TEXT contains a string the identifies the version of // “OpenSSL”. node.js requires a version number in this text. -#define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0 (compatible; BoringSSL)" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1 (compatible; BoringSSL)" #define OPENSSL_VERSION 0 #define OPENSSL_CFLAGS 1 From 6247347edd347b5a5c14b2a50a9c77659e77c24d Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 29 Aug 2020 17:43:15 -0400 Subject: [PATCH 089/399] Avoid unions in X509_NAME logic. Cast between T* and ASN1_VALUE* directly, rather than messing with unions. This is necessary to avoid UB in C++ and is a strict aliasing violation in C too. (While C does allow type-punning in unions, pointers to union fields have weird rules. I suspect most of our unions should be reworked.) Change-Id: Ibe274a7df5d5826f8c5f335255d196e9b7587105 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42726 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/x509/x_name.c | 68 ++++++++++++++++++-------------------------- 1 file changed, 28 insertions(+), 40 deletions(-) diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index 78241004d9..bef9ec471c 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -197,18 +197,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, char opt, ASN1_TLC *ctx) { const unsigned char *p = *in, *q; - union { - STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; - ASN1_VALUE *a; - } intname = { - NULL - }; - union { - X509_NAME *x; - ASN1_VALUE *a; - } nm = { - NULL - }; + STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL; + X509_NAME *nm = NULL; size_t i, j; int ret; STACK_OF(X509_NAME_ENTRY) *entries; @@ -220,46 +210,48 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, q = p; /* Get internal representation of Name */ - ret = ASN1_item_ex_d2i(&intname.a, + ASN1_VALUE *intname_val = NULL; + ret = ASN1_item_ex_d2i(&intname_val, &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), tag, aclass, opt, ctx); - if (ret <= 0) return ret; + intname = (STACK_OF(STACK_OF_X509_NAME_ENTRY) *)intname_val; if (*val) x509_name_ex_free(val, NULL); - if (!x509_name_ex_new(&nm.a, NULL)) + ASN1_VALUE *nm_val = NULL; + if (!x509_name_ex_new(&nm_val, NULL)) goto err; + nm = (X509_NAME *)nm_val; /* We've decoded it: now cache encoding */ - if (!BUF_MEM_grow(nm.x->bytes, p - q)) + if (!BUF_MEM_grow(nm->bytes, p - q)) goto err; - OPENSSL_memcpy(nm.x->bytes->data, q, p - q); + OPENSSL_memcpy(nm->bytes->data, q, p - q); /* Convert internal representation to X509_NAME structure */ - for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) { - entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i); + for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname); i++) { + entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname, i); for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { entry = sk_X509_NAME_ENTRY_value(entries, j); entry->set = i; - if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) + if (!sk_X509_NAME_ENTRY_push(nm->entries, entry)) goto err; (void)sk_X509_NAME_ENTRY_set(entries, j, NULL); } } - ret = x509_name_canon(nm.x); + ret = x509_name_canon(nm); if (!ret) goto err; - sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, local_sk_X509_NAME_ENTRY_free); - nm.x->modified = 0; - *val = nm.a; + nm->modified = 0; + *val = (ASN1_VALUE *)nm; *in = p; return ret; err: - if (nm.x != NULL) - X509_NAME_free(nm.x); - sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + X509_NAME_free(nm); + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, local_sk_X509_NAME_ENTRY_pop_free); OPENSSL_PUT_ERROR(X509, ERR_R_ASN1_LIB); return 0; @@ -288,20 +280,15 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, static int x509_name_encode(X509_NAME *a) { - union { - STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; - ASN1_VALUE *a; - } intname = { - NULL - }; int len; unsigned char *p; STACK_OF(X509_NAME_ENTRY) *entries = NULL; X509_NAME_ENTRY *entry; int set = -1; size_t i; - intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null(); - if (!intname.s) + STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = + sk_STACK_OF_X509_NAME_ENTRY_new_null(); + if (!intname) goto memerr; for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { entry = sk_X509_NAME_ENTRY_value(a->entries, i); @@ -309,7 +296,7 @@ static int x509_name_encode(X509_NAME *a) entries = sk_X509_NAME_ENTRY_new_null(); if (!entries) goto memerr; - if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) { + if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) { sk_X509_NAME_ENTRY_free(entries); goto memerr; } @@ -318,19 +305,20 @@ static int x509_name_encode(X509_NAME *a) if (!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr; } - len = ASN1_item_ex_i2d(&intname.a, NULL, + ASN1_VALUE *intname_val = (ASN1_VALUE *)intname; + len = ASN1_item_ex_i2d(&intname_val, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); if (!BUF_MEM_grow(a->bytes, len)) goto memerr; p = (unsigned char *)a->bytes->data; - ASN1_item_ex_i2d(&intname.a, + ASN1_item_ex_i2d(&intname_val, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); - sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, local_sk_X509_NAME_ENTRY_free); a->modified = 0; return len; memerr: - sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, local_sk_X509_NAME_ENTRY_free); OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return -1; From 6d70353ca8bc55b54f19af00fb7d9b074208ff1c Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 29 Aug 2020 18:00:11 -0400 Subject: [PATCH 090/399] Const-correct X509V3_CONF_METHOD. This is needed to fix all the config APIs to take const char *. I've split it out as it's the only incompatible half of the change. Update-Note: External definitions of X509V3_CONF_METHOD will need fix the types of their functions. There should not be any of these (probably hide this struct), but if there are, this aligns with upstream OpenSSL. Change-Id: I6e760cfbca5d3f408215b8f3744acd1fd7f31391 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42727 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/x509v3/v3_conf.c | 10 +++++++--- include/openssl/x509v3.h | 4 ++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index e98d0fcdcb..b3deb7f521 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -428,13 +428,17 @@ void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) ctx->db_meth->free_section(ctx->db, section); } -static char *nconf_get_string(void *db, char *section, char *value) +static char *nconf_get_string(void *db, const char *section, const char *value) { - /* TODO(fork): this should return a const value. */ + /* TODO(fork): This returns a non-const pointer because |X509V3_CONF_METHOD| + * allows |get_string| to return caller-owned pointers, provided they're + * freed by |free_string|. |nconf_method| leaves |free_string| NULL, and + * there are no other implementations of |X509V3_CONF_METHOD|, so this can + * be simplified if we make it private. */ return (char *)NCONF_get_string(db, section, value); } -static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) +static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, const char *section) { return NCONF_get_section(db, section); } diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 2b2b4d910c..0fd44bcc70 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -126,8 +126,8 @@ void *usr_data; /* Any extension specific data */ }; typedef struct X509V3_CONF_METHOD_st { -char * (*get_string)(void *db, char *section, char *value); -STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section); +char * (*get_string)(void *db, const char *section, const char *value); +STACK_OF(CONF_VALUE) * (*get_section)(void *db, const char *section); void (*free_string)(void *db, char * string); void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); } X509V3_CONF_METHOD; From ca3f243cf0cf1dd50b79f3385154ffb6c7261073 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 31 Aug 2020 14:47:49 -0400 Subject: [PATCH 091/399] Require non-NULL store in X509_STORE_CTX_init. X509_STORE_CTX_init is documented upstream to allow a NULL store and has logic to account for it. However, attempting to use such an X509_STORE_CTX crashes in X509_verify_cert due to the additional_untrusted logic we added. Moreover, before that change, it still crashes because X509_STORE_CTX_get1_issuer (the default get_issuer hook) assumes ctx->ctx (the store) is non-null. This was also true in upstream but later fixed in https://github.com/openssl/openssl/pull/6001. However, without a store, there is no trust anchor, so this is not very useful. Reject NULL stores in X509_STORE_CTX_init and remove the logic allowing for a NULL one. Thanks to Danny Halawi for catching this. Update-Note: X509_STORE_CTX_init will now fail when the store is NULL, rather than report success, only to crash later in X509_verify_cert. Breakage should thus be limited to code which was passing in a NULL store but never used the resulting X509_STORE_CTX. Change-Id: I9db0289612cc245a8d62d6fa647d6b56b2daabda Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42728 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/x509/x509_test.cc | 10 ++++++++ crypto/x509/x509_vfy.c | 50 ++++++++++++++++++---------------------- 2 files changed, 32 insertions(+), 28 deletions(-) diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index d71dee92ff..426e18183e 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -2445,3 +2445,13 @@ TEST(X509Test, InvalidVersion) { EXPECT_FALSE(CertFromPEM(kV1WithIssuerUniqueIDPEM)); EXPECT_FALSE(CertFromPEM(kV1WithSubjectUniqueIDPEM)); } + +// Unlike upstream OpenSSL, we require a non-null store in +// |X509_STORE_CTX_init|. +TEST(X509Test, NullStore) { + bssl::UniquePtr leaf(CertFromPEM(kLeafPEM)); + ASSERT_TRUE(leaf); + bssl::UniquePtr ctx(X509_STORE_CTX_new()); + ASSERT_TRUE(ctx); + EXPECT_FALSE(X509_STORE_CTX_init(ctx.get(), nullptr, leaf.get(), nullptr)); +} diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 9839b95e3b..a997202e8a 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2307,8 +2307,6 @@ void X509_STORE_CTX_free(X509_STORE_CTX *ctx) int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain) { - int ret = 1; - X509_STORE_CTX_zero(ctx); ctx->ctx = store; ctx->cert = x509; @@ -2316,78 +2314,74 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, CRYPTO_new_ex_data(&ctx->ex_data); + if (store == NULL) { + OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER); + goto err; + } + ctx->param = X509_VERIFY_PARAM_new(); if (!ctx->param) goto err; /* - * Inherit callbacks and flags from X509_STORE if not set use defaults. + * Inherit callbacks and flags from X509_STORE. */ - if (store) - ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); - else - ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE; - - if (store) { - ctx->verify_cb = store->verify_cb; - ctx->cleanup = store->cleanup; - } else - ctx->cleanup = 0; + ctx->verify_cb = store->verify_cb; + ctx->cleanup = store->cleanup; - if (ret) - ret = X509_VERIFY_PARAM_inherit(ctx->param, - X509_VERIFY_PARAM_lookup("default")); - - if (ret == 0) + if (!X509_VERIFY_PARAM_inherit(ctx->param, store->param) || + !X509_VERIFY_PARAM_inherit(ctx->param, + X509_VERIFY_PARAM_lookup("default"))) { goto err; + } - if (store && store->check_issued) + if (store->check_issued) ctx->check_issued = store->check_issued; else ctx->check_issued = check_issued; - if (store && store->get_issuer) + if (store->get_issuer) ctx->get_issuer = store->get_issuer; else ctx->get_issuer = X509_STORE_CTX_get1_issuer; - if (store && store->verify_cb) + if (store->verify_cb) ctx->verify_cb = store->verify_cb; else ctx->verify_cb = null_callback; - if (store && store->verify) + if (store->verify) ctx->verify = store->verify; else ctx->verify = internal_verify; - if (store && store->check_revocation) + if (store->check_revocation) ctx->check_revocation = store->check_revocation; else ctx->check_revocation = check_revocation; - if (store && store->get_crl) + if (store->get_crl) ctx->get_crl = store->get_crl; else ctx->get_crl = NULL; - if (store && store->check_crl) + if (store->check_crl) ctx->check_crl = store->check_crl; else ctx->check_crl = check_crl; - if (store && store->cert_crl) + if (store->cert_crl) ctx->cert_crl = store->cert_crl; else ctx->cert_crl = cert_crl; - if (store && store->lookup_certs) + if (store->lookup_certs) ctx->lookup_certs = store->lookup_certs; else ctx->lookup_certs = X509_STORE_get1_certs; - if (store && store->lookup_crls) + if (store->lookup_crls) ctx->lookup_crls = store->lookup_crls; else ctx->lookup_crls = X509_STORE_get1_crls; From 5eeaf3029dab6b7264522c57a7a2acb461c0a434 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Fri, 18 Sep 2020 10:28:46 -0700 Subject: [PATCH 092/399] Add some accommodations for FreeRDP Change-Id: Iad962fd50ede78eb94e10ba2438163509c4587e0 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42924 Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- crypto/fipsmodule/digest/digest.c | 2 ++ include/openssl/cipher.h | 6 ++++++ include/openssl/digest.h | 9 +++++++++ 3 files changed, 17 insertions(+) diff --git a/crypto/fipsmodule/digest/digest.c b/crypto/fipsmodule/digest/digest.c index a0b3bf5080..6b0c198661 100644 --- a/crypto/fipsmodule/digest/digest.c +++ b/crypto/fipsmodule/digest/digest.c @@ -122,6 +122,8 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, uint8_t *out, size_t len) { uint32_t EVP_MD_meth_get_flags(const EVP_MD *md) { return EVP_MD_flags(md); } +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) {} + int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) { // |in->digest| may be NULL if this is a signing |EVP_MD_CTX| for, e.g., // Ed25519 which does not hash with |EVP_MD_CTX|. diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h index d22a6c216a..31390a3f63 100644 --- a/include/openssl/cipher.h +++ b/include/openssl/cipher.h @@ -380,6 +380,12 @@ OPENSSL_EXPORT int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, // processing. #define EVP_CIPH_CUSTOM_COPY 0x1000 +// EVP_CIPH_FLAG_NON_FIPS_ALLOW is meaningless. In OpenSSL it permits non-FIPS +// algorithms in FIPS mode. But BoringSSL FIPS mode doesn't prohibit algorithms +// (it's up the the caller to use the FIPS module in a fashion compliant with +// their needs). Thus this exists only to allow code to compile. +#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0 + // Deprecated functions diff --git a/include/openssl/digest.h b/include/openssl/digest.h index 7b0ed06cb3..8e398e8b87 100644 --- a/include/openssl/digest.h +++ b/include/openssl/digest.h @@ -283,6 +283,15 @@ OPENSSL_EXPORT int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, uint8_t *out, // EVP_MD_meth_get_flags calls |EVP_MD_flags|. OPENSSL_EXPORT uint32_t EVP_MD_meth_get_flags(const EVP_MD *md); +// EVP_MD_CTX_set_flags does nothing. +OPENSSL_EXPORT void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); + +// EVP_MD_CTX_FLAG_NON_FIPS_ALLOW is meaningless. In OpenSSL it permits non-FIPS +// algorithms in FIPS mode. But BoringSSL FIPS mode doesn't prohibit algorithms +// (it's up the the caller to use the FIPS module in a fashion compliant with +// their needs). Thus this exists only to allow code to compile. +#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0 + struct evp_md_pctx_ops; From ee4af9e94e7766afe739f6aa433f10b1b404c991 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 31 Aug 2020 16:54:47 -0400 Subject: [PATCH 093/399] Add X509_get_pathlen and X509_REVOKED_get0_extensions. Conscrypt will need these functions. Also fix a bug in X509_get_extension_flags's error-handling. While I'm here, add X509_CRL_get0_extensions for completeness. Nothing uses this yet, but this could later be an alternative to avoid Conscrypt's mess with templates. Change-Id: I9393b75fcf53346535e6a4712355be081baa630d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42744 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/x509/test/basic_constraints_ca.pem | 9 ++ .../test/basic_constraints_ca_pathlen_0.pem | 9 ++ .../test/basic_constraints_ca_pathlen_1.pem | 9 ++ .../test/basic_constraints_ca_pathlen_10.pem | 9 ++ crypto/x509/test/basic_constraints_leaf.pem | 9 ++ crypto/x509/test/basic_constraints_none.pem | 9 ++ crypto/x509/test/make_basic_constraints.go | 100 ++++++++++++++++++ crypto/x509/x509_test.cc | 30 ++++++ crypto/x509/x509cset.c | 11 ++ crypto/x509v3/v3_purp.c | 23 +++- include/openssl/x509.h | 21 +++- sources.cmake | 6 ++ 12 files changed, 240 insertions(+), 5 deletions(-) create mode 100644 crypto/x509/test/basic_constraints_ca.pem create mode 100644 crypto/x509/test/basic_constraints_ca_pathlen_0.pem create mode 100644 crypto/x509/test/basic_constraints_ca_pathlen_1.pem create mode 100644 crypto/x509/test/basic_constraints_ca_pathlen_10.pem create mode 100644 crypto/x509/test/basic_constraints_leaf.pem create mode 100644 crypto/x509/test/basic_constraints_none.pem create mode 100644 crypto/x509/test/make_basic_constraints.go diff --git a/crypto/x509/test/basic_constraints_ca.pem b/crypto/x509/test/basic_constraints_ca.pem new file mode 100644 index 0000000000..50d1318fcd --- /dev/null +++ b/crypto/x509/test/basic_constraints_ca.pem @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE----- +MIIBOzCB4qADAgECAgEBMAoGCCqGSM49BAMCMBwxGjAYBgNVBAMTEUJhc2ljIENv +bnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAcMRow +GAYDVQQDExFCYXNpYyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABJEq2LxVbZGSZr4q32NCQw2K2UKzSXnDy7dJLCbsdlES+ZwEIkGNUhERpxGo +jS6aHNHZXk0vMEE/3I8P8D4KHlejEzARMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZI +zj0EAwIDSAAwRQIgTNs2aQPDZs+Pal5LA1fAKyC4AKTNN+JE/vEYndKhFxYCIQDf +b7IjDoXx/3GBnsrht14NUmzUBdqkQafJvC+eHIdtQA== +-----END CERTIFICATE----- diff --git a/crypto/x509/test/basic_constraints_ca_pathlen_0.pem b/crypto/x509/test/basic_constraints_ca_pathlen_0.pem new file mode 100644 index 0000000000..2d6680117a --- /dev/null +++ b/crypto/x509/test/basic_constraints_ca_pathlen_0.pem @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE----- +MIIBPjCB5aADAgECAgEBMAoGCCqGSM49BAMCMBwxGjAYBgNVBAMTEUJhc2ljIENv +bnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAcMRow +GAYDVQQDExFCYXNpYyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABJEq2LxVbZGSZr4q32NCQw2K2UKzSXnDy7dJLCbsdlES+ZwEIkGNUhERpxGo +jS6aHNHZXk0vMEE/3I8P8D4KHlejFjAUMBIGA1UdEwEB/wQIMAYBAf8CAQAwCgYI +KoZIzj0EAwIDSAAwRQIgHdMalNLi3hzz58PdNQPAqiA5KAa/dfQWuNNjzE6iDIcC +IQCda6js7OKQvdqCFb/POHPriXX1YXIJ3N95+SE7qFJ9Gg== +-----END CERTIFICATE----- diff --git a/crypto/x509/test/basic_constraints_ca_pathlen_1.pem b/crypto/x509/test/basic_constraints_ca_pathlen_1.pem new file mode 100644 index 0000000000..b9d35d0142 --- /dev/null +++ b/crypto/x509/test/basic_constraints_ca_pathlen_1.pem @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE----- +MIIBPjCB5aADAgECAgEBMAoGCCqGSM49BAMCMBwxGjAYBgNVBAMTEUJhc2ljIENv +bnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAcMRow +GAYDVQQDExFCYXNpYyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABJEq2LxVbZGSZr4q32NCQw2K2UKzSXnDy7dJLCbsdlES+ZwEIkGNUhERpxGo +jS6aHNHZXk0vMEE/3I8P8D4KHlejFjAUMBIGA1UdEwEB/wQIMAYBAf8CAQEwCgYI +KoZIzj0EAwIDSAAwRQIgZx7fIDI65CU7Lck0t7ep/GtBkpELR0gKkUJrI09/JJoC +IQDFPukkJgYA7RpFsAsEq77S+i9gf/S/IreobhvQm/401w== +-----END CERTIFICATE----- diff --git a/crypto/x509/test/basic_constraints_ca_pathlen_10.pem b/crypto/x509/test/basic_constraints_ca_pathlen_10.pem new file mode 100644 index 0000000000..c4698a6a78 --- /dev/null +++ b/crypto/x509/test/basic_constraints_ca_pathlen_10.pem @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE----- +MIIBPjCB5aADAgECAgEBMAoGCCqGSM49BAMCMBwxGjAYBgNVBAMTEUJhc2ljIENv +bnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAcMRow +GAYDVQQDExFCYXNpYyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABJEq2LxVbZGSZr4q32NCQw2K2UKzSXnDy7dJLCbsdlES+ZwEIkGNUhERpxGo +jS6aHNHZXk0vMEE/3I8P8D4KHlejFjAUMBIGA1UdEwEB/wQIMAYBAf8CAQowCgYI +KoZIzj0EAwIDSAAwRQIhALj37ijrYfommrWjrXMXjJyILvGNH7KxViKU1cWjX5dF +AiA6WjePmZdKilZebpZ++MTPs5cbpdcShWYuJ45sANCKgw== +-----END CERTIFICATE----- diff --git a/crypto/x509/test/basic_constraints_leaf.pem b/crypto/x509/test/basic_constraints_leaf.pem new file mode 100644 index 0000000000..4b9b8c295c --- /dev/null +++ b/crypto/x509/test/basic_constraints_leaf.pem @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE----- +MIIBOTCB36ADAgECAgEBMAoGCCqGSM49BAMCMBwxGjAYBgNVBAMTEUJhc2ljIENv +bnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAcMRow +GAYDVQQDExFCYXNpYyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABJEq2LxVbZGSZr4q32NCQw2K2UKzSXnDy7dJLCbsdlES+ZwEIkGNUhERpxGo +jS6aHNHZXk0vMEE/3I8P8D4KHlejEDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0E +AwIDSQAwRgIhAIc3Cbr1SRZZ8ZusjOQjA/9Ro5ijEZbMaD1ClW62/GqSAiEAy1tU +No3zRwTUcuyAnav+XbXkS1a5Fm2/rFBoWN8ZAxA= +-----END CERTIFICATE----- diff --git a/crypto/x509/test/basic_constraints_none.pem b/crypto/x509/test/basic_constraints_none.pem new file mode 100644 index 0000000000..1228961ff7 --- /dev/null +++ b/crypto/x509/test/basic_constraints_none.pem @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE----- +MIIBKjCB0aADAgECAgEBMAoGCCqGSM49BAMCMBwxGjAYBgNVBAMTEUJhc2ljIENv +bnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAcMRow +GAYDVQQDExFCYXNpYyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABJEq2LxVbZGSZr4q32NCQw2K2UKzSXnDy7dJLCbsdlES+ZwEIkGNUhERpxGo +jS6aHNHZXk0vMEE/3I8P8D4KHlejAjAAMAoGCCqGSM49BAMCA0gAMEUCIQCQ1/Ca +RanCM+PIUqVkCpfumEeLKawHMYIA2ZM3Yy2wngIgZg10Sd25/POZKIXlMAiwlDrM +UQcfzZiBh8T5JEWKeRc= +-----END CERTIFICATE----- diff --git a/crypto/x509/test/make_basic_constraints.go b/crypto/x509/test/make_basic_constraints.go new file mode 100644 index 0000000000..23158b5947 --- /dev/null +++ b/crypto/x509/test/make_basic_constraints.go @@ -0,0 +1,100 @@ +/* Copyright (c) 2020, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +// make_basic_constraints.go generates self-signed certificates with the basic +// constraints extension. +package main + +import ( + "crypto/ecdsa" + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "fmt" + "io/ioutil" + "math/big" + "time" +) + +func main() { + key := ecdsaKeyFromPEMOrPanic(keyPEM) + + notBefore, err := time.Parse(time.RFC3339, "2000-01-01T00:00:00Z") + if err != nil { + panic(err) + } + notAfter, err := time.Parse(time.RFC3339, "2100-01-01T00:00:00Z") + if err != nil { + panic(err) + } + + baseTemplate := x509.Certificate{ + SerialNumber: new(big.Int).SetInt64(1), + Subject: pkix.Name{CommonName: "Basic Constraints"}, + NotBefore: notBefore, + NotAfter: notAfter, + SignatureAlgorithm: x509.ECDSAWithSHA256, + } + + certs := []struct { + name string + basicConstraintsValid bool + isCA bool + maxPathLen int + maxPathLenZero bool + }{ + {name: "none"}, + {name: "leaf", basicConstraintsValid: true}, + {name: "ca", basicConstraintsValid: true, isCA: true}, + {name: "ca_pathlen_0", basicConstraintsValid: true, isCA: true, maxPathLenZero: true}, + {name: "ca_pathlen_1", basicConstraintsValid: true, isCA: true, maxPathLen: 1}, + {name: "ca_pathlen_10", basicConstraintsValid: true, isCA: true, maxPathLen: 10}, + } + for _, cert := range certs { + template := baseTemplate + template.BasicConstraintsValid = cert.basicConstraintsValid + template.IsCA = cert.isCA + template.MaxPathLen = cert.maxPathLen + template.MaxPathLenZero = cert.maxPathLenZero + + certBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &key.PublicKey, key) + if err != nil { + panic(err) + } + + certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certBytes}) + if err := ioutil.WriteFile(fmt.Sprintf("basic_constraints_%s.pem", cert.name), certPEM, 0666); err != nil { + panic(err) + } + } +} + +const keyPEM = `-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgoPUXNXuH9mgiS/nk +024SYxryxMa3CyGJldiHymLxSquhRANCAASRKti8VW2Rkma+Kt9jQkMNitlCs0l5 +w8u3SSwm7HZREvmcBCJBjVIREacRqI0umhzR2V5NLzBBP9yPD/A+Ch5X +-----END PRIVATE KEY-----` + +func ecdsaKeyFromPEMOrPanic(in string) *ecdsa.PrivateKey { + keyBlock, _ := pem.Decode([]byte(in)) + if keyBlock == nil || keyBlock.Type != "PRIVATE KEY" { + panic("could not decode private key") + } + key, err := x509.ParsePKCS8PrivateKey(keyBlock.Bytes) + if err != nil { + panic(err) + } + return key.(*ecdsa.PrivateKey) +} diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index 426e18183e..599abf50f4 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -2455,3 +2455,33 @@ TEST(X509Test, NullStore) { ASSERT_TRUE(ctx); EXPECT_FALSE(X509_STORE_CTX_init(ctx.get(), nullptr, leaf.get(), nullptr)); } + +TEST(X509Test, BasicConstraints) { + const uint32_t kFlagMask = EXFLAG_CA | EXFLAG_BCONS | EXFLAG_INVALID; + + static const struct { + const char *file; + uint32_t flags; + int path_len; + } kTests[] = { + {"basic_constraints_none.pem", 0, -1}, + {"basic_constraints_ca.pem", EXFLAG_CA | EXFLAG_BCONS, -1}, + {"basic_constraints_ca_pathlen_0.pem", EXFLAG_CA | EXFLAG_BCONS, 0}, + {"basic_constraints_ca_pathlen_1.pem", EXFLAG_CA | EXFLAG_BCONS, 1}, + {"basic_constraints_ca_pathlen_10.pem", EXFLAG_CA | EXFLAG_BCONS, 10}, + {"basic_constraints_leaf.pem", EXFLAG_BCONS, -1}, + {"invalid_extension_leaf_basic_constraints.pem", EXFLAG_INVALID, -1}, + }; + + for (const auto &test : kTests) { + SCOPED_TRACE(test.file); + + std::string path = "crypto/x509/test/"; + path += test.file; + + bssl::UniquePtr cert = CertFromPEM(GetTestData(path.c_str()).c_str()); + ASSERT_TRUE(cert); + EXPECT_EQ(test.flags, X509_get_extension_flags(cert.get()) & kFlagMask); + EXPECT_EQ(test.path_len, X509_get_pathlen(cert.get())); + } +} diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index ba868b3c22..b07ff27318 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -170,6 +170,11 @@ STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl) return crl->crl->revoked; } +const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl) +{ + return crl->crl->extensions; +} + void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg) { @@ -228,6 +233,12 @@ int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) return (in != NULL); } +const STACK_OF(X509_EXTENSION) * + X509_REVOKED_get0_extensions(const X509_REVOKED *r) +{ + return r->extensions; +} + int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { crl->crl->enc.modified = 1; diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 51783a4bab..acb760250c 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -451,8 +451,14 @@ int x509v3_cache_extensions(X509 *x) || !bs->ca) { x->ex_flags |= EXFLAG_INVALID; x->ex_pathlen = 0; - } else + } else { + /* TODO(davidben): |ASN1_INTEGER_get| returns -1 on overflow, + * which currently acts as if the constraint isn't present. This + * works (an overflowing path length constraint may as well be + * infinity), but Chromium's verifier simply treats values above + * 255 as an error. */ x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); + } } else x->ex_pathlen = -1; BASIC_CONSTRAINTS_free(bs); @@ -855,9 +861,9 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) uint32_t X509_get_extension_flags(X509 *x) { - if (!x509v3_cache_extensions(x)) { - return 0; - } + /* Ignore the return value. On failure, |x->ex_flags| will include + * |EXFLAG_INVALID|. */ + x509v3_cache_extensions(x); return x->ex_flags; } @@ -912,3 +918,12 @@ const ASN1_INTEGER *X509_get0_authority_serial(X509 *x509) } return x509->akid != NULL ? x509->akid->serial : NULL; } + +long X509_get_pathlen(X509 *x509) +{ + if (!x509v3_cache_extensions(x509) || + (x509->ex_flags & EXFLAG_BCONS) == 0) { + return -1; + } + return x509->ex_pathlen; +} diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 38bdf52b20..9d307d4ce5 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -541,6 +541,15 @@ OPENSSL_EXPORT X509_CINF *X509_get_cert_info(const X509 *x509); // |X509_get_pubkey| instead. #define X509_extract_key(x) X509_get_pubkey(x) +// X509_get_pathlen returns path length constraint from the basic constraints +// extension in |x509|. (See RFC5280, section 4.2.1.9.) It returns -1 if the +// constraint is not present, or if some extension in |x509| was invalid. +// +// Note that decoding an |X509| object will not check for invalid extensions. To +// detect the error case, call |X509_get_extensions_flags| and check the +// |EXFLAG_INVALID| bit. +OPENSSL_EXPORT long X509_get_pathlen(X509 *x509); + // X509_REQ_get_version returns the numerical value of |req|'s version. That is, // it returns zero for a v1 request. If |req| is invalid, it may return another // value, or -1 on overflow. @@ -600,6 +609,10 @@ OPENSSL_EXPORT X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); // would break existing callers. For now, we match upstream. OPENSSL_EXPORT STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +// X509_CRL_get0_extensions returns |crl|'s extension list. +OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) * + X509_CRL_get0_extensions(const X509_CRL *crl); + // X509_CINF_set_modified marks |cinf| as modified so that changes will be // reflected in serializing the structure. // @@ -955,7 +968,9 @@ OPENSSL_EXPORT X509_NAME *X509_get_subject_name(const X509 *a); OPENSSL_EXPORT int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x); OPENSSL_EXPORT ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); -OPENSSL_EXPORT STACK_OF(X509_EXTENSION) * X509_get0_extensions(const X509 *x); +// TODO(davidben): |X509_get0_extensions| should return a const pointer to +// match upstream. +OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); OPENSSL_EXPORT const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); OPENSSL_EXPORT int X509_REQ_set_version(X509_REQ *x, long version); @@ -1017,6 +1032,10 @@ OPENSSL_EXPORT const ASN1_TIME *X509_REVOKED_get0_revocationDate( OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +// X509_REVOKED_get0_extensions returns |r|'s extensions. +OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) * + X509_REVOKED_get0_extensions(const X509_REVOKED *r); + OPENSSL_EXPORT X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); diff --git a/sources.cmake b/sources.cmake index e20aef08d4..7daa7e2188 100644 --- a/sources.cmake +++ b/sources.cmake @@ -58,6 +58,12 @@ set( crypto/hpke/hpke_test_vectors.txt crypto/poly1305/poly1305_tests.txt crypto/siphash/siphash_tests.txt + crypto/x509/test/basic_constraints_ca.pem + crypto/x509/test/basic_constraints_ca_pathlen_0.pem + crypto/x509/test/basic_constraints_ca_pathlen_1.pem + crypto/x509/test/basic_constraints_ca_pathlen_10.pem + crypto/x509/test/basic_constraints_leaf.pem + crypto/x509/test/basic_constraints_none.pem crypto/x509/test/invalid_extension_intermediate.pem crypto/x509/test/invalid_extension_intermediate_authority_key_identifier.pem crypto/x509/test/invalid_extension_intermediate_basic_constraints.pem From 9adcb0aa7eb946bea9197276121412ef68776315 Mon Sep 17 00:00:00 2001 From: Steven Valdez Date: Thu, 10 Sep 2020 10:59:15 -0400 Subject: [PATCH 094/399] Add TrustTokenV2. Changes: - Remove point prefixes. - Don't verify SRR on the client. TODO: - Replace SRR generation with RR generation on issuer. - Add finalized PrivacyPass version. Change-Id: Ibfb04aaba2cf669639af77299da22ab668175edb Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42824 Commit-Queue: Steven Valdez Reviewed-by: David Benjamin --- crypto/trust_token/internal.h | 46 ++++- crypto/trust_token/pmbtoken.c | 270 ++++++++++++++++++++----- crypto/trust_token/trust_token.c | 84 ++++++-- crypto/trust_token/trust_token_test.cc | 123 ++++++++--- include/openssl/trust_token.h | 32 ++- 5 files changed, 449 insertions(+), 106 deletions(-) diff --git a/crypto/trust_token/internal.h b/crypto/trust_token/internal.h index a44de76c0a..c935888ea2 100644 --- a/crypto/trust_token/internal.h +++ b/crypto/trust_token/internal.h @@ -110,6 +110,39 @@ int pmbtoken_exp1_read(const PMBTOKEN_ISSUER_KEY *key, // function is used to confirm H was computed as expected. OPENSSL_EXPORT int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]); +// The following functions implement the corresponding |TRUST_TOKENS_METHOD| +// functions for |TRUST_TOKENS_experiment_v2|'s PMBTokens construction which +// uses P-384. +// +// We use P-384 instead of our usual choice of P-256. See Appendix I which +// describes two attacks which may affect smaller curves. In particular, p-1 for +// P-256 is smooth, giving a low complexity for the p-1 attack. P-384's p-1 has +// a 281-bit prime factor, +// 3055465788140352002733946906144561090641249606160407884365391979704929268480326390471. +// This lower-bounds the p-1 attack at O(2^140). The p+1 attack is lower-bounded +// by O(p^(1/3)) or O(2^128), so we do not need to check the smoothness of p+1. +int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public); +int pmbtoken_exp2_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key, + const uint8_t *in, size_t len); +int pmbtoken_exp2_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key, + const uint8_t *in, size_t len); +STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count); +int pmbtoken_exp2_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, + size_t num_requested, size_t num_to_issue, + uint8_t private_metadata); +STACK_OF(TRUST_TOKEN) * + pmbtoken_exp2_unblind(const PMBTOKEN_CLIENT_KEY *key, + const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens, + CBS *cbs, size_t count, uint32_t key_id); +int pmbtoken_exp2_read(const PMBTOKEN_ISSUER_KEY *key, + uint8_t out_nonce[PMBTOKEN_NONCE_SIZE], + uint8_t *out_private_metadata, const uint8_t *token, + size_t token_len); + +// pmbtoken_exp2_get_h_for_testing returns H in uncompressed coordinates. This +// function is used to confirm H was computed as expected. +OPENSSL_EXPORT int pmbtoken_exp2_get_h_for_testing(uint8_t out[97]); + // Trust Tokens internals. @@ -172,6 +205,15 @@ struct trust_token_method_st { uint8_t out_nonce[PMBTOKEN_NONCE_SIZE], uint8_t *out_private_metadata, const uint8_t *token, size_t token_len); + + // whether the construction supports private metadata. + int has_private_metadata; + + // max keys that can be configured. + size_t max_keys; + + // whether the SRR is part of the protocol. + int has_srr; }; // Structure representing a single Trust Token public key with the specified ID. @@ -195,7 +237,7 @@ struct trust_token_client_st { // keys is the set of public keys that are supported by the client for // issuance/redemptions. - struct trust_token_client_key_st keys[3]; + struct trust_token_client_key_st keys[6]; // num_keys is the number of keys currently configured. size_t num_keys; @@ -217,7 +259,7 @@ struct trust_token_issuer_st { // keys is the set of private keys that are supported by the issuer for // issuance/redemptions. The public metadata is an index into this list of // keys. - struct trust_token_issuer_key_st keys[3]; + struct trust_token_issuer_key_st keys[6]; // num_keys is the number of keys currently configured. size_t num_keys; diff --git a/crypto/trust_token/pmbtoken.c b/crypto/trust_token/pmbtoken.c index 5ea60c347f..f9132e6642 100644 --- a/crypto/trust_token/pmbtoken.c +++ b/crypto/trust_token/pmbtoken.c @@ -52,6 +52,7 @@ typedef struct { // hash_c implements the H_c operation in PMBTokens. It returns one on success // and zero on error. hash_c_func_t hash_c; + int prefix_point : 1; } PMBTOKEN_METHOD; static const uint8_t kDefaultAdditionalData[32] = {0}; @@ -59,7 +60,7 @@ static const uint8_t kDefaultAdditionalData[32] = {0}; static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid, const uint8_t *h_bytes, size_t h_len, hash_t_func_t hash_t, hash_s_func_t hash_s, - hash_c_func_t hash_c) { + hash_c_func_t hash_c, int prefix_point) { method->group = EC_GROUP_new_by_curve_name(curve_nid); if (method->group == NULL) { return 0; @@ -68,6 +69,7 @@ static int pmbtoken_init_method(PMBTOKEN_METHOD *method, int curve_nid, method->hash_t = hash_t; method->hash_s = hash_s; method->hash_c = hash_c; + method->prefix_point = prefix_point; EC_AFFINE h; if (!ec_point_from_uncompressed(method->group, &h, h_bytes, h_len)) { @@ -113,11 +115,40 @@ static int point_to_cbb(CBB *out, const EC_GROUP *group, len) == len; } +static int cbb_add_prefixed_point(CBB *out, const EC_GROUP *group, + const EC_AFFINE *point, int prefix_point) { + if (prefix_point) { + CBB child; + if (!CBB_add_u16_length_prefixed(out, &child) || + !point_to_cbb(&child, group, point) || + !CBB_flush(out)) { + return 0; + } + } else { + if (!point_to_cbb(out, group, point) || + !CBB_flush(out)) { + return 0; + } + } + + return 1; +} + static int cbs_get_prefixed_point(CBS *cbs, const EC_GROUP *group, - EC_AFFINE *out) { + EC_AFFINE *out, int prefix_point) { CBS child; - if (!CBS_get_u16_length_prefixed(cbs, &child) || - !ec_point_from_uncompressed(group, out, CBS_data(&child), + if (prefix_point) { + if (!CBS_get_u16_length_prefixed(cbs, &child)) { + return 0; + } + } else { + size_t plen = 1 + 2 * BN_num_bytes(&group->field); + if (!CBS_get_bytes(cbs, &child, plen)) { + return 0; + } + } + + if (!ec_point_from_uncompressed(group, out, CBS_data(&child), CBS_len(&child))) { return 0; } @@ -166,16 +197,12 @@ static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method, return 0; } - // TODO(https://crbug.com/boringssl/331): When updating the key format, remove - // the redundant length prefixes. - CBB child; - if (!CBB_add_u16_length_prefixed(out_public, &child) || - !point_to_cbb(&child, group, &pub_affine[0]) || - !CBB_add_u16_length_prefixed(out_public, &child) || - !point_to_cbb(&child, group, &pub_affine[1]) || - !CBB_add_u16_length_prefixed(out_public, &child) || - !point_to_cbb(&child, group, &pub_affine[2]) || - !CBB_flush(out_public)) { + if (!cbb_add_prefixed_point(out_public, group, &pub_affine[0], + method->prefix_point) || + !cbb_add_prefixed_point(out_public, group, &pub_affine[1], + method->prefix_point) || + !cbb_add_prefixed_point(out_public, group, &pub_affine[2], + method->prefix_point)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BUFFER_TOO_SMALL); return 0; } @@ -186,13 +213,14 @@ static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method, static int pmbtoken_client_key_from_bytes(const PMBTOKEN_METHOD *method, PMBTOKEN_CLIENT_KEY *key, const uint8_t *in, size_t len) { - // TODO(https://crbug.com/boringssl/331): When updating the key format, remove - // the redundant length prefixes. CBS cbs; CBS_init(&cbs, in, len); - if (!cbs_get_prefixed_point(&cbs, method->group, &key->pub0) || - !cbs_get_prefixed_point(&cbs, method->group, &key->pub1) || - !cbs_get_prefixed_point(&cbs, method->group, &key->pubs) || + if (!cbs_get_prefixed_point(&cbs, method->group, &key->pub0, + method->prefix_point) || + !cbs_get_prefixed_point(&cbs, method->group, &key->pub1, + method->prefix_point) || + !cbs_get_prefixed_point(&cbs, method->group, &key->pubs, + method->prefix_point) || CBS_len(&cbs) != 0) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); return 0; @@ -282,12 +310,8 @@ static STACK_OF(PMBTOKEN_PRETOKEN) * goto err; } - // TODO(https://crbug.com/boringssl/331): When updating the key format, - // remove the redundant length prefixes. - CBB child; - if (!CBB_add_u16_length_prefixed(cbb, &child) || - !point_to_cbb(&child, group, &pretoken->Tp) || - !CBB_flush(cbb)) { + if (!cbb_add_prefixed_point(cbb, group, &pretoken->Tp, + method->prefix_point)) { goto err; } } @@ -750,7 +774,7 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method, for (size_t i = 0; i < num_to_issue; i++) { EC_AFFINE Tp_affine; EC_RAW_POINT Tp; - if (!cbs_get_prefixed_point(cbs, group, &Tp_affine)) { + if (!cbs_get_prefixed_point(cbs, group, &Tp_affine, method->prefix_point)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); goto err; } @@ -766,7 +790,6 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method, // The |jacobians| and |affines| contain Sp, Wp, and Wsp. EC_RAW_POINT jacobians[3]; EC_AFFINE affines[3]; - CBB child; if (!method->hash_s(group, &jacobians[0], &Tp_affine, s) || !ec_point_mul_scalar_batch(group, &jacobians[1], &Tp, &xb, &jacobians[0], &yb, NULL, NULL) || @@ -774,12 +797,8 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method, &jacobians[0], &key->ys, NULL, NULL) || !ec_jacobian_to_affine_batch(group, affines, jacobians, 3) || !CBB_add_bytes(cbb, s, PMBTOKEN_NONCE_SIZE) || - // TODO(https://crbug.com/boringssl/331): When updating the key format, - // remove the redundant length prefixes. - !CBB_add_u16_length_prefixed(cbb, &child) || - !point_to_cbb(&child, group, &affines[1]) || - !CBB_add_u16_length_prefixed(cbb, &child) || - !point_to_cbb(&child, group, &affines[2])) { + !cbb_add_prefixed_point(cbb, group, &affines[1], method->prefix_point) || + !cbb_add_prefixed_point(cbb, group, &affines[2], method->prefix_point)) { goto err; } @@ -835,7 +854,11 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method, // Skip over any unused requests. size_t point_len = 1 + 2 * BN_num_bytes(&group->field); - if (!CBS_skip(cbs, (2 + point_len) * (num_requested - num_to_issue))) { + size_t token_len = point_len; + if (method->prefix_point) { + token_len += 2; + } + if (!CBS_skip(cbs, token_len * (num_requested - num_to_issue))) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); goto err; } @@ -902,8 +925,9 @@ static STACK_OF(TRUST_TOKEN) * uint8_t s[PMBTOKEN_NONCE_SIZE]; EC_AFFINE Wp_affine, Wsp_affine; if (!CBS_copy_bytes(cbs, s, PMBTOKEN_NONCE_SIZE) || - !cbs_get_prefixed_point(cbs, group, &Wp_affine) || - !cbs_get_prefixed_point(cbs, group, &Wsp_affine)) { + !cbs_get_prefixed_point(cbs, group, &Wp_affine, method->prefix_point) || + !cbs_get_prefixed_point(cbs, group, &Wsp_affine, + method->prefix_point)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); goto err; } @@ -937,19 +961,17 @@ static STACK_OF(TRUST_TOKEN) * // Serialize the token. Include |key_id| to avoid an extra copy in the layer // above. - CBB token_cbb, child; + CBB token_cbb; size_t point_len = 1 + 2 * BN_num_bytes(&group->field); if (!CBB_init(&token_cbb, 4 + PMBTOKEN_NONCE_SIZE + 3 * (2 + point_len)) || !CBB_add_u32(&token_cbb, key_id) || !CBB_add_bytes(&token_cbb, pretoken->t, PMBTOKEN_NONCE_SIZE) || - // TODO(https://crbug.com/boringssl/331): When updating the key format, - // remove the redundant length prefixes. - !CBB_add_u16_length_prefixed(&token_cbb, &child) || - !point_to_cbb(&child, group, &affines[0]) || - !CBB_add_u16_length_prefixed(&token_cbb, &child) || - !point_to_cbb(&child, group, &affines[1]) || - !CBB_add_u16_length_prefixed(&token_cbb, &child) || - !point_to_cbb(&child, group, &affines[2]) || + !cbb_add_prefixed_point(&token_cbb, group, &affines[0], + method->prefix_point) || + !cbb_add_prefixed_point(&token_cbb, group, &affines[1], + method->prefix_point) || + !cbb_add_prefixed_point(&token_cbb, group, &affines[2], + method->prefix_point) || !CBB_flush(&token_cbb)) { CBB_cleanup(&token_cbb); goto err; @@ -1021,9 +1043,9 @@ static int pmbtoken_read(const PMBTOKEN_METHOD *method, CBS_init(&cbs, token, token_len); EC_AFFINE S, W, Ws; if (!CBS_copy_bytes(&cbs, out_nonce, PMBTOKEN_NONCE_SIZE) || - !cbs_get_prefixed_point(&cbs, group, &S) || - !cbs_get_prefixed_point(&cbs, group, &W) || - !cbs_get_prefixed_point(&cbs, group, &Ws) || + !cbs_get_prefixed_point(&cbs, group, &S, method->prefix_point) || + !cbs_get_prefixed_point(&cbs, group, &W, method->prefix_point) || + !cbs_get_prefixed_point(&cbs, group, &Ws, method->prefix_point) || CBS_len(&cbs) != 0) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN); return 0; @@ -1140,7 +1162,7 @@ static void pmbtoken_exp1_init_method_impl(void) { pmbtoken_exp1_ok = pmbtoken_init_method(&pmbtoken_exp1_method, NID_secp384r1, kH, sizeof(kH), pmbtoken_exp1_hash_t, pmbtoken_exp1_hash_s, - pmbtoken_exp1_hash_c); + pmbtoken_exp1_hash_c, 1); } static int pmbtoken_exp1_init_method(void) { @@ -1225,3 +1247,153 @@ int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]) { ec_point_to_bytes(pmbtoken_exp1_method.group, &h, POINT_CONVERSION_UNCOMPRESSED, out, 97) == 97; } + +// PMBTokens experiment v2. + +static int pmbtoken_exp2_hash_t(const EC_GROUP *group, EC_RAW_POINT *out, + const uint8_t t[PMBTOKEN_NONCE_SIZE]) { + const uint8_t kHashTLabel[] = "PMBTokens Experiment V2 HashT"; + return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07( + group, out, kHashTLabel, sizeof(kHashTLabel), t, PMBTOKEN_NONCE_SIZE); +} + +static int pmbtoken_exp2_hash_s(const EC_GROUP *group, EC_RAW_POINT *out, + const EC_AFFINE *t, + const uint8_t s[PMBTOKEN_NONCE_SIZE]) { + const uint8_t kHashSLabel[] = "PMBTokens Experiment V2 HashS"; + int ret = 0; + CBB cbb; + uint8_t *buf = NULL; + size_t len; + if (!CBB_init(&cbb, 0) || + !point_to_cbb(&cbb, group, t) || + !CBB_add_bytes(&cbb, s, PMBTOKEN_NONCE_SIZE) || + !CBB_finish(&cbb, &buf, &len) || + !ec_hash_to_curve_p384_xmd_sha512_sswu_draft07( + group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + goto err; + } + + ret = 1; + +err: + OPENSSL_free(buf); + CBB_cleanup(&cbb); + return ret; +} + +static int pmbtoken_exp2_hash_c(const EC_GROUP *group, EC_SCALAR *out, + uint8_t *buf, size_t len) { + const uint8_t kHashCLabel[] = "PMBTokens Experiment V2 HashC"; + return ec_hash_to_scalar_p384_xmd_sha512_draft07( + group, out, kHashCLabel, sizeof(kHashCLabel), buf, len); +} + +static int pmbtoken_exp2_ok = 0; +static PMBTOKEN_METHOD pmbtoken_exp2_method; +static CRYPTO_once_t pmbtoken_exp2_method_once = CRYPTO_ONCE_INIT; + +static void pmbtoken_exp2_init_method_impl(void) { + // This is the output of |ec_hash_to_scalar_p384_xmd_sha512_draft07| with DST + // "PMBTokens Experiment V2 HashH" and message "generator". + static const uint8_t kH[] = { + 0x04, 0xbc, 0x27, 0x24, 0x99, 0xfa, 0xc9, 0xa4, 0x74, 0x6f, 0xf9, + 0x07, 0x81, 0x55, 0xf8, 0x1f, 0x6f, 0xda, 0x09, 0xe7, 0x8c, 0x5d, + 0x9e, 0x4e, 0x14, 0x7c, 0x53, 0x14, 0xbc, 0x7e, 0x29, 0x57, 0x92, + 0x17, 0x94, 0x6e, 0xd2, 0xdf, 0xa5, 0x31, 0x1b, 0x4e, 0xb7, 0xfc, + 0x93, 0xe3, 0x6e, 0x14, 0x1f, 0x4f, 0x14, 0xf3, 0xe5, 0x47, 0x61, + 0x1c, 0x2c, 0x72, 0x25, 0xf0, 0x4a, 0x45, 0x23, 0x2d, 0x57, 0x93, + 0x0e, 0xb2, 0x55, 0xb8, 0x57, 0x25, 0x4c, 0x1e, 0xdb, 0xfd, 0x58, + 0x70, 0x17, 0x9a, 0xbb, 0x9e, 0x5e, 0x93, 0x9e, 0x92, 0xd3, 0xe8, + 0x25, 0x62, 0xbf, 0x59, 0xb2, 0xd2, 0x3d, 0x71, 0xff + }; + + pmbtoken_exp2_ok = + pmbtoken_init_method(&pmbtoken_exp2_method, NID_secp384r1, kH, sizeof(kH), + pmbtoken_exp2_hash_t, pmbtoken_exp2_hash_s, + pmbtoken_exp2_hash_c, 0); +} + +static int pmbtoken_exp2_init_method(void) { + CRYPTO_once(&pmbtoken_exp2_method_once, pmbtoken_exp2_init_method_impl); + if (!pmbtoken_exp2_ok) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR); + return 0; + } + return 1; +} + +int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public) { + if (!pmbtoken_exp2_init_method()) { + return 0; + } + + return pmbtoken_generate_key(&pmbtoken_exp2_method, out_private, out_public); +} + +int pmbtoken_exp2_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key, + const uint8_t *in, size_t len) { + if (!pmbtoken_exp2_init_method()) { + return 0; + } + return pmbtoken_client_key_from_bytes(&pmbtoken_exp2_method, key, in, len); +} + +int pmbtoken_exp2_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key, + const uint8_t *in, size_t len) { + if (!pmbtoken_exp2_init_method()) { + return 0; + } + return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp2_method, key, in, len); +} + +STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count) { + if (!pmbtoken_exp2_init_method()) { + return NULL; + } + return pmbtoken_blind(&pmbtoken_exp2_method, cbb, count); +} + +int pmbtoken_exp2_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, + size_t num_requested, size_t num_to_issue, + uint8_t private_metadata) { + if (!pmbtoken_exp2_init_method()) { + return 0; + } + return pmbtoken_sign(&pmbtoken_exp2_method, key, cbb, cbs, num_requested, + num_to_issue, private_metadata); +} + +STACK_OF(TRUST_TOKEN) * + pmbtoken_exp2_unblind(const PMBTOKEN_CLIENT_KEY *key, + const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens, + CBS *cbs, size_t count, uint32_t key_id) { + if (!pmbtoken_exp2_init_method()) { + return NULL; + } + return pmbtoken_unblind(&pmbtoken_exp2_method, key, pretokens, cbs, count, + key_id); +} + +int pmbtoken_exp2_read(const PMBTOKEN_ISSUER_KEY *key, + uint8_t out_nonce[PMBTOKEN_NONCE_SIZE], + uint8_t *out_private_metadata, const uint8_t *token, + size_t token_len) { + if (!pmbtoken_exp2_init_method()) { + return 0; + } + return pmbtoken_read(&pmbtoken_exp2_method, key, out_nonce, + out_private_metadata, token, token_len); +} + +int pmbtoken_exp2_get_h_for_testing(uint8_t out[97]) { + if (!pmbtoken_exp2_init_method()) { + return 0; + } + EC_AFFINE h; + return ec_jacobian_to_affine(pmbtoken_exp2_method.group, &h, + &pmbtoken_exp2_method.h) && + ec_point_to_bytes(pmbtoken_exp2_method.group, &h, + POINT_CONVERSION_UNCOMPRESSED, out, 97) == 97; +} diff --git a/crypto/trust_token/trust_token.c b/crypto/trust_token/trust_token.c index 87b827714c..fea619ef5e 100644 --- a/crypto/trust_token/trust_token.c +++ b/crypto/trust_token/trust_token.c @@ -36,6 +36,41 @@ const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void) { pmbtoken_exp1_sign, pmbtoken_exp1_unblind, pmbtoken_exp1_read, + 1, /* has_private_metadata */ + 3, /* max_keys */ + 1, /* has_srr */ + }; + return &kMethod; +} + +const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_pp(void) { + static const TRUST_TOKEN_METHOD kMethod = { + pmbtoken_exp2_generate_key, + pmbtoken_exp2_client_key_from_bytes, + pmbtoken_exp2_issuer_key_from_bytes, + pmbtoken_exp2_blind, + pmbtoken_exp2_sign, + pmbtoken_exp2_unblind, + pmbtoken_exp2_read, + 0, /* has_private_metadata */ + 6, /* max_keys */ + 0, /* has_srr */ + }; + return &kMethod; +} + +const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_pmb(void) { + static const TRUST_TOKEN_METHOD kMethod = { + pmbtoken_exp2_generate_key, + pmbtoken_exp2_client_key_from_bytes, + pmbtoken_exp2_issuer_key_from_bytes, + pmbtoken_exp2_blind, + pmbtoken_exp2_sign, + pmbtoken_exp2_unblind, + pmbtoken_exp2_read, + 1, /* has_private_metadata */ + 3, /* max_keys */ + 0, /* has_srr */ }; return &kMethod; } @@ -131,7 +166,8 @@ void TRUST_TOKEN_CLIENT_free(TRUST_TOKEN_CLIENT *ctx) { int TRUST_TOKEN_CLIENT_add_key(TRUST_TOKEN_CLIENT *ctx, size_t *out_key_index, const uint8_t *key, size_t key_len) { - if (ctx->num_keys == OPENSSL_ARRAY_SIZE(ctx->keys)) { + if (ctx->num_keys == OPENSSL_ARRAY_SIZE(ctx->keys) || + ctx->num_keys >= ctx->method->max_keys) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_TOO_MANY_KEYS); return 0; } @@ -153,6 +189,9 @@ int TRUST_TOKEN_CLIENT_add_key(TRUST_TOKEN_CLIENT *ctx, size_t *out_key_index, } int TRUST_TOKEN_CLIENT_set_srr_key(TRUST_TOKEN_CLIENT *ctx, EVP_PKEY *key) { + if (!ctx->method->has_srr) { + return 1; + } EVP_PKEY_free(ctx->srr_key); EVP_PKEY_up_ref(key); ctx->srr_key = key; @@ -270,15 +309,10 @@ int TRUST_TOKEN_CLIENT_begin_redemption(TRUST_TOKEN_CLIENT *ctx, uint8_t **out, } int TRUST_TOKEN_CLIENT_finish_redemption(TRUST_TOKEN_CLIENT *ctx, - uint8_t **out_srr, size_t *out_srr_len, + uint8_t **out_rr, size_t *out_rr_len, uint8_t **out_sig, size_t *out_sig_len, const uint8_t *response, size_t response_len) { - if (ctx->srr_key == NULL) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_NO_SRR_KEY_CONFIGURED); - return 0; - } - CBS in, srr, sig; CBS_init(&in, response, response_len); if (!CBS_get_u16_length_prefixed(&in, &srr) || @@ -287,16 +321,24 @@ int TRUST_TOKEN_CLIENT_finish_redemption(TRUST_TOKEN_CLIENT *ctx, return 0; } - EVP_MD_CTX md_ctx; - EVP_MD_CTX_init(&md_ctx); - int sig_ok = EVP_DigestVerifyInit(&md_ctx, NULL, NULL, NULL, ctx->srr_key) && - EVP_DigestVerify(&md_ctx, CBS_data(&sig), CBS_len(&sig), - CBS_data(&srr), CBS_len(&srr)); - EVP_MD_CTX_cleanup(&md_ctx); + if (ctx->method->has_srr) { + if (ctx->srr_key == NULL) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_NO_SRR_KEY_CONFIGURED); + return 0; + } - if (!sig_ok) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_SRR_SIGNATURE_ERROR); - return 0; + EVP_MD_CTX md_ctx; + EVP_MD_CTX_init(&md_ctx); + int sig_ok = + EVP_DigestVerifyInit(&md_ctx, NULL, NULL, NULL, ctx->srr_key) && + EVP_DigestVerify(&md_ctx, CBS_data(&sig), CBS_len(&sig), CBS_data(&srr), + CBS_len(&srr)); + EVP_MD_CTX_cleanup(&md_ctx); + + if (!sig_ok) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_SRR_SIGNATURE_ERROR); + return 0; + } } uint8_t *srr_buf = NULL, *sig_buf = NULL; @@ -309,8 +351,8 @@ int TRUST_TOKEN_CLIENT_finish_redemption(TRUST_TOKEN_CLIENT *ctx, return 0; } - *out_srr = srr_buf; - *out_srr_len = srr_len; + *out_rr = srr_buf; + *out_rr_len = srr_len; *out_sig = sig_buf; *out_sig_len = sig_len; return 1; @@ -346,7 +388,8 @@ void TRUST_TOKEN_ISSUER_free(TRUST_TOKEN_ISSUER *ctx) { int TRUST_TOKEN_ISSUER_add_key(TRUST_TOKEN_ISSUER *ctx, const uint8_t *key, size_t key_len) { - if (ctx->num_keys == OPENSSL_ARRAY_SIZE(ctx->keys)) { + if (ctx->num_keys == OPENSSL_ARRAY_SIZE(ctx->keys) || + ctx->num_keys >= ctx->method->max_keys) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_TOO_MANY_KEYS); return 0; } @@ -411,7 +454,8 @@ int TRUST_TOKEN_ISSUER_issue(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, const struct trust_token_issuer_key_st *key = trust_token_issuer_get_key(ctx, public_metadata); - if (key == NULL || private_metadata > 1) { + if (key == NULL || private_metadata > 1 || + (!ctx->method->has_private_metadata && private_metadata != 0)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_METADATA); return 0; } diff --git a/crypto/trust_token/trust_token_test.cc b/crypto/trust_token/trust_token_test.cc index f6ff86c2b5..b282500cac 100644 --- a/crypto/trust_token/trust_token_test.cc +++ b/crypto/trust_token/trust_token_test.cc @@ -56,6 +56,30 @@ TEST(TrustTokenTest, KeyGenExp1) { ASSERT_EQ(301u, pub_key_len); } +TEST(TrustTokenTest, KeyGenExp2PP) { + uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE]; + uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE]; + size_t priv_key_len, pub_key_len; + ASSERT_TRUE(TRUST_TOKEN_generate_key( + TRUST_TOKEN_experiment_v2_pp(), priv_key, &priv_key_len, + TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE, pub_key, &pub_key_len, + TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, 0x0001)); + ASSERT_EQ(292u, priv_key_len); + ASSERT_EQ(295u, pub_key_len); +} + +TEST(TrustTokenTest, KeyGenExp2PMB) { + uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE]; + uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE]; + size_t priv_key_len, pub_key_len; + ASSERT_TRUE(TRUST_TOKEN_generate_key( + TRUST_TOKEN_experiment_v2_pmb(), priv_key, &priv_key_len, + TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE, pub_key, &pub_key_len, + TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, 0x0001)); + ASSERT_EQ(292u, priv_key_len); + ASSERT_EQ(295u, pub_key_len); +} + // Test that H in |TRUST_TOKEN_experiment_v1| was computed correctly. TEST(TrustTokenTest, HExp1) { const EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1); @@ -78,8 +102,34 @@ TEST(TrustTokenTest, HExp1) { EXPECT_EQ(Bytes(h), Bytes(expected_bytes, expected_len)); } +// Test that H in |TRUST_TOKEN_experiment_v2_pmb| was computed correctly. +TEST(TrustTokenTest, HExp2) { + const EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1); + ASSERT_TRUE(group); + + const uint8_t kHGen[] = "generator"; + const uint8_t kHLabel[] = "PMBTokens Experiment V2 HashH"; + + bssl::UniquePtr expected_h(EC_POINT_new(group)); + ASSERT_TRUE(expected_h); + ASSERT_TRUE(ec_hash_to_curve_p384_xmd_sha512_sswu_draft07( + group, &expected_h->raw, kHLabel, sizeof(kHLabel), kHGen, sizeof(kHGen))); + uint8_t expected_bytes[1 + 2 * EC_MAX_BYTES]; + size_t expected_len = + EC_POINT_point2oct(group, expected_h.get(), POINT_CONVERSION_UNCOMPRESSED, + expected_bytes, sizeof(expected_bytes), nullptr); + + uint8_t h[97]; + ASSERT_TRUE(pmbtoken_exp2_get_h_for_testing(h)); + EXPECT_EQ(Bytes(h), Bytes(expected_bytes, expected_len)); +} + static std::vector AllMethods() { - return {TRUST_TOKEN_experiment_v1()}; + return { + TRUST_TOKEN_experiment_v1(), + TRUST_TOKEN_experiment_v2_pp(), + TRUST_TOKEN_experiment_v2_pmb() + }; } class TrustTokenProtocolTestBase : public ::testing::Test { @@ -102,7 +152,7 @@ class TrustTokenProtocolTestBase : public ::testing::Test { issuer.reset(TRUST_TOKEN_ISSUER_new(method(), issuer_max_batchsize)); ASSERT_TRUE(issuer); - for (size_t i = 0; i < 3; i++) { + for (size_t i = 0; i < method()->max_keys; i++) { uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE]; uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE]; size_t priv_key_len, pub_key_len, key_index; @@ -163,7 +213,7 @@ TEST_P(TrustTokenProtocolTest, InvalidToken) { bssl::UniquePtr free_issue_msg(issue_msg); ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue( issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len, - /*public_metadata=*/KeyID(0), /*private_metadata=*/1, + /*public_metadata=*/KeyID(0), /*private_metadata=*/0, /*max_issuance=*/10)); bssl::UniquePtr free_msg(issue_resp); bssl::UniquePtr tokens( @@ -428,9 +478,14 @@ TEST_P(TrustTokenMetadataTest, SetAndGetMetadata) { &msg_len, 10)); bssl::UniquePtr free_issue_msg(issue_msg); size_t tokens_issued; - ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue( + bool result = TRUST_TOKEN_ISSUER_issue( issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len, - public_metadata(), private_metadata(), /*max_issuance=*/1)); + public_metadata(), private_metadata(), /*max_issuance=*/1); + if (!method()->has_private_metadata && private_metadata()) { + ASSERT_FALSE(result); + return; + } + ASSERT_TRUE(result); bssl::UniquePtr free_msg(issue_resp); size_t key_index; bssl::UniquePtr tokens( @@ -510,6 +565,10 @@ TEST_P(TrustTokenMetadataTest, SetAndGetMetadata) { } TEST_P(TrustTokenMetadataTest, TooManyRequests) { + if (!method()->has_private_metadata && private_metadata()) { + return; + } + issuer_max_batchsize = 1; ASSERT_NO_FATAL_FAILURE(SetupContexts()); @@ -534,6 +593,10 @@ TEST_P(TrustTokenMetadataTest, TooManyRequests) { TEST_P(TrustTokenMetadataTest, TruncatedProof) { + if (!method()->has_private_metadata && private_metadata()) { + return; + } + ASSERT_NO_FATAL_FAILURE(SetupContexts()); uint8_t *issue_msg = NULL, *issue_resp = NULL; @@ -558,19 +621,16 @@ TEST_P(TrustTokenMetadataTest, TruncatedProof) { ASSERT_TRUE(CBS_get_u32(&real_response, &public_metadata)); ASSERT_TRUE(CBB_add_u32(bad_response.get(), public_metadata)); + const EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1); + size_t token_length = + PMBTOKEN_NONCE_SIZE + 2 * (1 + 2 * BN_num_bytes(&group->field)); + if (method() == TRUST_TOKEN_experiment_v1()) { + token_length += 4; + } for (size_t i = 0; i < count; i++) { - uint8_t s[PMBTOKEN_NONCE_SIZE]; - CBS tmp; - ASSERT_TRUE(CBS_copy_bytes(&real_response, s, PMBTOKEN_NONCE_SIZE)); - ASSERT_TRUE(CBB_add_bytes(bad_response.get(), s, PMBTOKEN_NONCE_SIZE)); - ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp)); - ASSERT_TRUE(CBB_add_u16(bad_response.get(), CBS_len(&tmp))); - ASSERT_TRUE( - CBB_add_bytes(bad_response.get(), CBS_data(&tmp), CBS_len(&tmp))); - ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp)); - ASSERT_TRUE(CBB_add_u16(bad_response.get(), CBS_len(&tmp))); - ASSERT_TRUE( - CBB_add_bytes(bad_response.get(), CBS_data(&tmp), CBS_len(&tmp))); + ASSERT_TRUE(CBB_add_bytes(bad_response.get(), CBS_data(&real_response), + token_length)); + ASSERT_TRUE(CBS_skip(&real_response, token_length)); } CBS tmp; @@ -593,6 +653,10 @@ TEST_P(TrustTokenMetadataTest, TruncatedProof) { } TEST_P(TrustTokenMetadataTest, ExcessDataProof) { + if (!method()->has_private_metadata && private_metadata()) { + return; + } + ASSERT_NO_FATAL_FAILURE(SetupContexts()); uint8_t *issue_msg = NULL, *issue_resp = NULL; @@ -617,19 +681,16 @@ TEST_P(TrustTokenMetadataTest, ExcessDataProof) { ASSERT_TRUE(CBS_get_u32(&real_response, &public_metadata)); ASSERT_TRUE(CBB_add_u32(bad_response.get(), public_metadata)); + const EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1); + size_t token_length = + PMBTOKEN_NONCE_SIZE + 2 * (1 + 2 * BN_num_bytes(&group->field)); + if (method() == TRUST_TOKEN_experiment_v1()) { + token_length += 4; + } for (size_t i = 0; i < count; i++) { - uint8_t s[PMBTOKEN_NONCE_SIZE]; - CBS tmp; - ASSERT_TRUE(CBS_copy_bytes(&real_response, s, PMBTOKEN_NONCE_SIZE)); - ASSERT_TRUE(CBB_add_bytes(bad_response.get(), s, PMBTOKEN_NONCE_SIZE)); - ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp)); - ASSERT_TRUE(CBB_add_u16(bad_response.get(), CBS_len(&tmp))); - ASSERT_TRUE( - CBB_add_bytes(bad_response.get(), CBS_data(&tmp), CBS_len(&tmp))); - ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp)); - ASSERT_TRUE(CBB_add_u16(bad_response.get(), CBS_len(&tmp))); - ASSERT_TRUE( - CBB_add_bytes(bad_response.get(), CBS_data(&tmp), CBS_len(&tmp))); + ASSERT_TRUE(CBB_add_bytes(bad_response.get(), CBS_data(&real_response), + token_length)); + ASSERT_TRUE(CBS_skip(&real_response, token_length)); } CBS tmp; @@ -673,6 +734,10 @@ class TrustTokenBadKeyTest }; TEST_P(TrustTokenBadKeyTest, BadKey) { + if (!method()->has_private_metadata && private_metadata()) { + return; + } + ASSERT_NO_FATAL_FAILURE(SetupContexts()); uint8_t *issue_msg = NULL, *issue_resp = NULL; diff --git a/include/openssl/trust_token.h b/include/openssl/trust_token.h index 9ecf75f193..b6c00b2620 100644 --- a/include/openssl/trust_token.h +++ b/include/openssl/trust_token.h @@ -40,6 +40,20 @@ extern "C" { // PMBTokens and P-384. OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void); +// TRUST_TOKEN_experiment_v2_pp is an experimental Trust Tokens protocol using +// PMBTokens (with no private metadata) and P-384 with up to 6 keys, without RR +// verification. +// +// This version is incomplete and should not be used. +// TODO(svaldez): Update to use the PrivacyPass primitive +OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_pp(void); + +// TRUST_TOKEN_experiment_v2_pmb is an experimental Trust Tokens protocol using +// PMBTokens and P-384 with up to 3 keys, without RR verification. +// +// This version is incomplete and should not be used. +OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_pmb(void); + // trust_token_st represents a single-use token for the Trust Token protocol. // For the client, this is the token and its corresponding signature. For the // issuer, this is the token itself. @@ -146,13 +160,19 @@ OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_begin_redemption( const TRUST_TOKEN *token, const uint8_t *data, size_t data_len, uint64_t time); -// TRUST_TOKEN_CLIENT_finish_redemption consumes |response| from the issuer and -// verifies the SRR. If valid, it returns one and sets |*out_srr| and -// |*out_srr_len| (respectively, |*out_sig| and |*out_sig_len|) to a -// newly-allocated buffer containing the SRR (respectively, the SRR signature). -// Otherwise, it returns zero. +// TRUST_TOKEN_CLIENT_finish_redemption consumes |response| from the issuer. In +// |TRUST_TOKEN_experiment_v1|, it then verifies the SRR and if valid sets +// |*out_rr| and |*out_rr_len| (respectively, |*out_sig| and |*out_sig_len|) +// to a newly-allocated buffer containing the SRR (respectively, the SRR +// signature). In other versions, it sets |*out_rr| and |*out_rr_len| +// (respectively, |*out_sig| and |*out_sig_len|) to a newly-allocated buffer +// containing the SRR (respectively, the SRR signature). It returns one on +// success or zero on failure. +// +// TODO(svaldez): Return the entire response in |*out_rr| and omit |*out_sig| in +// non-|TRUST_TOKEN_experiment_v1| versions. OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_finish_redemption( - TRUST_TOKEN_CLIENT *ctx, uint8_t **out_srr, size_t *out_srr_len, + TRUST_TOKEN_CLIENT *ctx, uint8_t **out_rr, size_t *out_rr_len, uint8_t **out_sig, size_t *out_sig_len, const uint8_t *response, size_t response_len); From 3743aafdacff2f7b083615a043a37101f740fa53 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 21 Sep 2020 13:55:16 -0400 Subject: [PATCH 095/399] Add SSL_CIPHER_get_protocol_id. This was introduced in OpenSSL 1.1.1, and wpa_supplicant expects us to have it. We had this same function as SSL_CIPHER_get_value (to match SSL_get_cipher_by_value). Align with upstream's name. It seems we also had a ssl_cipher_get_value lying around, so fold them together. (I've retained the assert in ssl_cipher_get_value as it seems reasonable enough; casting a hypothetical SSLv2 cipher ID to uint16_t would not behave correctly.) Change-Id: Ifbec460435bbc483f2c3de988522e321f2708172 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42966 Commit-Queue: Adam Langley Reviewed-by: Adam Langley --- include/openssl/ssl.h | 11 +++++++++-- ssl/handshake_client.cc | 2 +- ssl/handshake_server.cc | 2 +- ssl/internal.h | 3 --- ssl/ssl_cipher.cc | 17 ++++++++--------- ssl/test/mock_quic_transport.cc | 4 ++-- ssl/tls13_server.cc | 4 ++-- 7 files changed, 23 insertions(+), 20 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 96ba53b61e..3e4b638cdf 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1293,8 +1293,8 @@ OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value); // cast to a |uint16_t| to get it. OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher); -// SSL_CIPHER_get_value returns |cipher|'s IANA-assigned number. -OPENSSL_EXPORT uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher); +// SSL_CIPHER_get_protocol_id returns |cipher|'s IANA-assigned number. +OPENSSL_EXPORT uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *cipher); // SSL_CIPHER_is_aead returns one if |cipher| uses an AEAD cipher. OPENSSL_EXPORT int SSL_CIPHER_is_aead(const SSL_CIPHER *cipher); @@ -4717,6 +4717,13 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_HASH_VALUE #define SSL_R_TLSV1_CERTIFICATE_REQUIRED SSL_R_TLSV1_ALERT_CERTIFICATE_REQUIRED +// SSL_CIPHER_get_value calls |SSL_CIPHER_get_protocol_id|. +// +// TODO(davidben): |SSL_CIPHER_get_value| was our name for this function, but +// upstream added it as |SSL_CIPHER_get_protocol_id|. Switch callers to the new +// name and remove this one. +OPENSSL_EXPORT uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher); + // Nodejs compatibility section (hidden). // diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc index 670e476434..1b7bb1b580 100644 --- a/ssl/handshake_client.cc +++ b/ssl/handshake_client.cc @@ -259,7 +259,7 @@ static bool ssl_write_client_cipher_list(SSL_HANDSHAKE *hs, CBB *out) { continue; } any_enabled = true; - if (!CBB_add_u16(&child, ssl_cipher_get_value(cipher))) { + if (!CBB_add_u16(&child, SSL_CIPHER_get_protocol_id(cipher))) { return false; } } diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc index 2489428953..26227d3417 100644 --- a/ssl/handshake_server.cc +++ b/ssl/handshake_server.cc @@ -908,7 +908,7 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) { !CBB_add_u8_length_prefixed(&body, &session_id) || !CBB_add_bytes(&session_id, session->session_id, session->session_id_length) || - !CBB_add_u16(&body, ssl_cipher_get_value(hs->new_cipher)) || + !CBB_add_u16(&body, SSL_CIPHER_get_protocol_id(hs->new_cipher)) || !CBB_add_u8(&body, 0 /* no compression */) || !ssl_add_serverhello_tlsext(hs, &body) || !ssl_add_message_cbb(ssl, cbb.get())) { diff --git a/ssl/internal.h b/ssl/internal.h index 750bfe93af..ffc18a52da 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -634,9 +634,6 @@ const EVP_MD *ssl_get_handshake_digest(uint16_t version, bool ssl_create_cipher_list(UniquePtr *out_cipher_list, const char *rule_str, bool strict); -// ssl_cipher_get_value returns the cipher suite id of |cipher|. -uint16_t ssl_cipher_get_value(const SSL_CIPHER *cipher); - // ssl_cipher_auth_mask_for_key returns the mask of cipher |algorithm_auth| // values suitable for use with |key| in TLS 1.2 and below. uint32_t ssl_cipher_auth_mask_for_key(const EVP_PKEY *key); diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc index c4212926c7..4f5049c607 100644 --- a/ssl/ssl_cipher.cc +++ b/ssl/ssl_cipher.cc @@ -1279,14 +1279,6 @@ bool ssl_create_cipher_list(UniquePtr *out_cipher_list, return true; } -uint16_t ssl_cipher_get_value(const SSL_CIPHER *cipher) { - uint32_t id = cipher->id; - // All OpenSSL cipher IDs are prefaced with 0x03. Historically this referred - // to SSLv2 vs SSLv3. - assert((id & 0xff000000) == 0x03000000); - return id & 0xffff; -} - uint32_t ssl_cipher_auth_mask_for_key(const EVP_PKEY *key) { switch (EVP_PKEY_id(key)) { case EVP_PKEY_RSA: @@ -1376,10 +1368,17 @@ const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value) { uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher) { return cipher->id; } -uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher) { +uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *cipher) { + // All OpenSSL cipher IDs are prefaced with 0x03. Historically this referred + // to SSLv2 vs SSLv3. + assert((cipher->id & 0xff000000) == 0x03000000); return static_cast(cipher->id); } +uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher) { + return SSL_CIPHER_get_protocol_id(cipher); +} + int SSL_CIPHER_is_aead(const SSL_CIPHER *cipher) { return (cipher->algorithm_mac & SSL_AEAD) != 0; } diff --git a/ssl/test/mock_quic_transport.cc b/ssl/test/mock_quic_transport.cc index 0929432440..6a3f0e8ace 100644 --- a/ssl/test/mock_quic_transport.cc +++ b/ssl/test/mock_quic_transport.cc @@ -38,7 +38,7 @@ bool MockQuicTransport::SetReadSecret(enum ssl_encryption_level_t level, const uint8_t *secret, size_t secret_len) { // TODO(davidben): Assert the various encryption secret invariants. - read_levels_[level].cipher = SSL_CIPHER_get_value(cipher); + read_levels_[level].cipher = SSL_CIPHER_get_protocol_id(cipher); read_levels_[level].secret.assign(secret, secret + secret_len); return true; } @@ -48,7 +48,7 @@ bool MockQuicTransport::SetWriteSecret(enum ssl_encryption_level_t level, const uint8_t *secret, size_t secret_len) { // TODO(davidben): Assert the various encryption secret invariants. - write_levels_[level].cipher = SSL_CIPHER_get_value(cipher); + write_levels_[level].cipher = SSL_CIPHER_get_protocol_id(cipher); write_levels_[level].secret.assign(secret, secret + secret_len); return true; } diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc index 25c13ef915..0105f1cdf7 100644 --- a/ssl/tls13_server.cc +++ b/ssl/tls13_server.cc @@ -501,7 +501,7 @@ static enum ssl_hs_wait_t do_send_hello_retry_request(SSL_HANDSHAKE *hs) { !CBB_add_bytes(&body, kHelloRetryRequest, SSL3_RANDOM_SIZE) || !CBB_add_u8_length_prefixed(&body, &session_id) || !CBB_add_bytes(&session_id, hs->session_id, hs->session_id_len) || - !CBB_add_u16(&body, ssl_cipher_get_value(hs->new_cipher)) || + !CBB_add_u16(&body, SSL_CIPHER_get_protocol_id(hs->new_cipher)) || !CBB_add_u8(&body, 0 /* no compression */) || !tls1_get_shared_group(hs, &group_id) || !CBB_add_u16_length_prefixed(&body, &extensions) || @@ -613,7 +613,7 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) { !CBB_add_bytes(&body, ssl->s3->server_random, SSL3_RANDOM_SIZE) || !CBB_add_u8_length_prefixed(&body, &session_id) || !CBB_add_bytes(&session_id, hs->session_id, hs->session_id_len) || - !CBB_add_u16(&body, ssl_cipher_get_value(hs->new_cipher)) || + !CBB_add_u16(&body, SSL_CIPHER_get_protocol_id(hs->new_cipher)) || !CBB_add_u8(&body, 0) || !CBB_add_u16_length_prefixed(&body, &extensions) || !ssl_ext_pre_shared_key_add_serverhello(hs, &extensions) || From cefbf9ceaa2ed47b5108eae40a20430637b93170 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 17 Sep 2020 15:06:05 -0400 Subject: [PATCH 096/399] Const-correct X509_get0_extensions. In upstream, this returns a const pointer, so we should match. Update-Note: Callers may need to update their calls of X509_get0_extensions, but I believe everything affected has been fixed. Change-Id: Ic92660e18868cc681399ba4fc3f47ea1796fb164 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42884 Reviewed-by: Adam Langley --- crypto/x509/x509_set.c | 2 +- include/openssl/x509.h | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 6fd0d6392a..470bf70a06 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -221,7 +221,7 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) return (X509_PUBKEY_set(&(x->cert_info->key), pkey)); } -STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x) +const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x) { return x->cert_info->extensions; } diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 9d307d4ce5..38a42197ca 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -968,9 +968,8 @@ OPENSSL_EXPORT X509_NAME *X509_get_subject_name(const X509 *a); OPENSSL_EXPORT int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x); OPENSSL_EXPORT ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); -// TODO(davidben): |X509_get0_extensions| should return a const pointer to -// match upstream. -OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) * + X509_get0_extensions(const X509 *x); OPENSSL_EXPORT const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); OPENSSL_EXPORT int X509_REQ_set_version(X509_REQ *x, long version); From e0900ac5e1b123ea0877b2b69e601e69e9e65afa Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 9 Sep 2020 10:16:18 -0400 Subject: [PATCH 097/399] Mirror dsa.h's deprecation notice in dh.h. https://raccoon-attack.com/ also applies to anyone using DH_compute_key with a static key. Add a warning to header. Change-Id: I937f111706bd3b4d57b076c1d0fc328809b36bb0 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42904 Reviewed-by: Adam Langley --- include/openssl/dh.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/openssl/dh.h b/include/openssl/dh.h index f3badcc163..34e70c94ff 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -69,6 +69,10 @@ extern "C" { // DH contains functions for performing Diffie-Hellman key agreement in // multiplicative groups. +// +// This module is deprecated and retained for legacy reasons only. It is not +// considered a priority for performance or hardening work. Do not use it in +// new code. Use X25519 or ECDH with P-256 instead. // Allocation and destruction. @@ -164,6 +168,14 @@ OPENSSL_EXPORT int DH_generate_key(DH *dh); // writes it as a big-endian integer into |out|, which must have |DH_size| // bytes of space. It returns the number of bytes written, or a negative number // on error. +// +// Note the output may be shorter than |DH_size| bytes. Contrary to PKCS #3, +// this function returns a variable-length shared key with leading zeros +// removed. This may result in sporadic key mismatch and, if |dh| is reused, +// side channel attacks such as https://raccoon-attack.com/. +// +// This is a legacy algorithm, so we do not provide a fixed-width variant. Use +// X25519 or ECDH with P-256 instead. OPENSSL_EXPORT int DH_compute_key(uint8_t *out, const BIGNUM *peers_key, DH *dh); From b13e7b5fdca961b6f91af5d62bd080a22087f470 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 25 Sep 2020 13:48:29 -0400 Subject: [PATCH 098/399] Silence some clang warnings on macOS and iOS CQ bots. Looks like some toolchain updated recently and the bots are complaining about copy vs reference. While I'm here, this is a test and just declaring a pair of vectors is much less typing than an external array and a pair of spans. Change-Id: Iffc0beed99f5ef492d78bc58b5bb02d7c595a072 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43044 Reviewed-by: Adam Langley --- crypto/hpke/hpke_test.cc | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/crypto/hpke/hpke_test.cc b/crypto/hpke/hpke_test.cc index 49c9b060a0..3239e4762b 100644 --- a/crypto/hpke/hpke_test.cc +++ b/crypto/hpke/hpke_test.cc @@ -413,11 +413,8 @@ TEST(HPKETest, SenderInvalidOpen) { // are empty. TEST(HPKETest, EmptyPSK) { const uint8_t kMockEnc[X25519_PUBLIC_VALUE_LEN] = {0xff}; - const uint8_t kMockPSK[100] = {0xff}; - const bssl::Span kPSKValues[] = { - {kMockPSK, sizeof(kMockPSK)}, - {nullptr, 0}, - }; + const std::vector kPSKValues[] = {std::vector(100, 0xff), + {}}; // Generate the receiver's keypair. uint8_t secret_key_r[X25519_PRIVATE_KEY_LEN]; @@ -427,8 +424,8 @@ TEST(HPKETest, EmptyPSK) { // Vary the PSK and PSKID inputs for the sender and receiver, trying all four // permutations of empty and nonempty inputs. - for (const auto psk : kPSKValues) { - for (const auto psk_id : kPSKValues) { + for (const auto &psk : kPSKValues) { + for (const auto &psk_id : kPSKValues) { const bool kExpectSuccess = psk.size() > 0 && psk_id.size() > 0; ASSERT_EQ(ERR_get_error(), 0u); From 5850a016b212407708a963f4f94e4217ae18dd0e Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Thu, 24 Sep 2020 14:48:29 -0700 Subject: [PATCH 099/399] Disable check that X.509 extensions implies v3. Expect to reenable in January 2021. Change-Id: I364ffcf235901398196c60c45ff1c07fcac3f801 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43024 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- crypto/x509/x509_test.cc | 12 ++++++++++-- crypto/x509/x_x509.c | 4 +++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index 599abf50f4..07bf2cb027 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -2372,6 +2372,11 @@ static const char kOverflowVersionPEM[] = "xAcCIHweeRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU\n" "-----END CERTIFICATE-----\n"; +/* + +Test cases disabled. TODO re-enable in Jan 2021. +https://crbug.com/boringssl/375 + // kV1WithExtensionsPEM is an X.509v1 certificate with extensions. static const char kV1WithExtensionsPEM[] = "-----BEGIN CERTIFICATE-----\n" @@ -2401,6 +2406,7 @@ static const char kV2WithExtensionsPEM[] = "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n" "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n" "-----END CERTIFICATE-----\n"; +*/ // kV1WithIssuerUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID. static const char kV1WithIssuerUniqueIDPEM[] = @@ -2440,8 +2446,10 @@ TEST(X509Test, InvalidVersion) { EXPECT_FALSE(CertFromPEM(kNegativeVersionPEM)); EXPECT_FALSE(CertFromPEM(kFutureVersionPEM)); EXPECT_FALSE(CertFromPEM(kOverflowVersionPEM)); - EXPECT_FALSE(CertFromPEM(kV1WithExtensionsPEM)); - EXPECT_FALSE(CertFromPEM(kV2WithExtensionsPEM)); + // Test cases disabled. TODO re-enable in Jan 2021. + // https://crbug.com/boringssl/375 + //EXPECT_FALSE(CertFromPEM(kV1WithExtensionsPEM)); + //EXPECT_FALSE(CertFromPEM(kV2WithExtensionsPEM)); EXPECT_FALSE(CertFromPEM(kV1WithIssuerUniqueIDPEM)); EXPECT_FALSE(CertFromPEM(kV1WithSubjectUniqueIDPEM)); } diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index cddceb8210..ab246515e9 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -136,10 +136,12 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, } /* Per RFC5280, section 4.1.2.9, extensions require v3. */ + /* Check disabled. TODO re-enable in Jan 2021. + https://crbug.com/boringssl/375 if (version != 2 && ret->cert_info->extensions != NULL) { OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION); return 0; - } + }*/ break; } From c4ec14c71dfa6e59d7d9055daaae887ce0f6b5c2 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 21 Sep 2020 18:42:52 -0400 Subject: [PATCH 100/399] Switch ssl_parse_extensions to bool and Span. This function is still a bit too C-like, but this is slightly better. Change-Id: Id8931753c9b8a2445d12089af5391833a68c4901 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43004 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- ssl/handshake.cc | 36 ++++++++++++++++++------------------ ssl/handshake_client.cc | 3 +-- ssl/internal.h | 12 ++++++------ ssl/tls13_both.cc | 3 +-- ssl/tls13_client.cc | 12 ++++-------- 5 files changed, 30 insertions(+), 36 deletions(-) diff --git a/ssl/handshake.cc b/ssl/handshake.cc index 7bceb1dcbb..66d108e79f 100644 --- a/ssl/handshake.cc +++ b/ssl/handshake.cc @@ -235,13 +235,13 @@ bool ssl_hash_message(SSL_HANDSHAKE *hs, const SSLMessage &msg) { return hs->transcript.Update(msg.raw); } -int ssl_parse_extensions(const CBS *cbs, uint8_t *out_alert, - const SSL_EXTENSION_TYPE *ext_types, - size_t num_ext_types, int ignore_unknown) { +bool ssl_parse_extensions(const CBS *cbs, uint8_t *out_alert, + Span ext_types, + bool ignore_unknown) { // Reset everything. - for (size_t i = 0; i < num_ext_types; i++) { - *ext_types[i].out_present = 0; - CBS_init(ext_types[i].out_data, NULL, 0); + for (const SSL_EXTENSION_TYPE &ext_type : ext_types) { + *ext_type.out_present = false; + CBS_init(ext_type.out_data, nullptr, 0); } CBS copy = *cbs; @@ -252,38 +252,38 @@ int ssl_parse_extensions(const CBS *cbs, uint8_t *out_alert, !CBS_get_u16_length_prefixed(©, &data)) { OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT); *out_alert = SSL_AD_DECODE_ERROR; - return 0; + return false; } - const SSL_EXTENSION_TYPE *ext_type = NULL; - for (size_t i = 0; i < num_ext_types; i++) { - if (type == ext_types[i].type) { - ext_type = &ext_types[i]; + const SSL_EXTENSION_TYPE *found = nullptr; + for (const SSL_EXTENSION_TYPE &ext_type : ext_types) { + if (type == ext_type.type) { + found = &ext_type; break; } } - if (ext_type == NULL) { + if (found == nullptr) { if (ignore_unknown) { continue; } OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION); *out_alert = SSL_AD_UNSUPPORTED_EXTENSION; - return 0; + return false; } // Duplicate ext_types are forbidden. - if (*ext_type->out_present) { + if (*found->out_present) { OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_EXTENSION); *out_alert = SSL_AD_ILLEGAL_PARAMETER; - return 0; + return false; } - *ext_type->out_present = 1; - *ext_type->out_data = data; + *found->out_present = 1; + *found->out_data = data; } - return 1; + return true; } enum ssl_verify_result_t ssl_verify_peer_cert(SSL_HANDSHAKE *hs) { diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc index 1b7bb1b580..5c800fb5f5 100644 --- a/ssl/handshake_client.cc +++ b/ssl/handshake_client.cc @@ -358,8 +358,7 @@ static bool parse_supported_versions(SSL_HANDSHAKE *hs, uint16_t *version, uint8_t alert = SSL_AD_DECODE_ERROR; if (!ssl_parse_extensions(&extensions, &alert, ext_types, - OPENSSL_ARRAY_SIZE(ext_types), - 1 /* ignore unknown */)) { + /*ignore_unknown=*/true)) { ssl_send_alert(ssl, SSL3_AL_FATAL, alert); return false; } diff --git a/ssl/internal.h b/ssl/internal.h index ffc18a52da..9dd206e374 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -1926,12 +1926,12 @@ struct SSL_EXTENSION_TYPE { // ssl_parse_extensions parses a TLS extensions block out of |cbs| and advances // it. It writes the parsed extensions to pointers denoted by |ext_types|. On -// success, it fills in the |out_present| and |out_data| fields and returns one. -// Otherwise, it sets |*out_alert| to an alert to send and returns zero. Unknown -// extensions are rejected unless |ignore_unknown| is 1. -int ssl_parse_extensions(const CBS *cbs, uint8_t *out_alert, - const SSL_EXTENSION_TYPE *ext_types, - size_t num_ext_types, int ignore_unknown); +// success, it fills in the |out_present| and |out_data| fields and returns +// true. Otherwise, it sets |*out_alert| to an alert to send and returns false. +// Unknown extensions are rejected unless |ignore_unknown| is true. +bool ssl_parse_extensions(const CBS *cbs, uint8_t *out_alert, + Span ext_types, + bool ignore_unknown); // ssl_verify_peer_cert verifies the peer certificate for |hs|. enum ssl_verify_result_t ssl_verify_peer_cert(SSL_HANDSHAKE *hs); diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc index 93e2f6a1e3..c6bc2b19a4 100644 --- a/ssl/tls13_both.cc +++ b/ssl/tls13_both.cc @@ -244,8 +244,7 @@ bool tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, uint8_t alert = SSL_AD_DECODE_ERROR; if (!ssl_parse_extensions(&extensions, &alert, ext_types, - OPENSSL_ARRAY_SIZE(ext_types), - 0 /* reject unknown */)) { + /*ignore_unknown=*/false)) { ssl_send_alert(ssl, SSL3_AL_FATAL, alert); return false; } diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc index cb379b0c95..8cadd734ff 100644 --- a/ssl/tls13_client.cc +++ b/ssl/tls13_client.cc @@ -172,8 +172,7 @@ static enum ssl_hs_wait_t do_read_hello_retry_request(SSL_HANDSHAKE *hs) { uint8_t alert = SSL_AD_DECODE_ERROR; if (!ssl_parse_extensions(&extensions, &alert, ext_types, - OPENSSL_ARRAY_SIZE(ext_types), - 0 /* reject unknown */)) { + /*ignore_unknown=*/false)) { ssl_send_alert(ssl, SSL3_AL_FATAL, alert); return ssl_hs_error; } @@ -338,8 +337,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) { uint8_t alert = SSL_AD_DECODE_ERROR; if (!ssl_parse_extensions(&extensions, &alert, ext_types, - OPENSSL_ARRAY_SIZE(ext_types), - 0 /* reject unknown */)) { + /*ignore_unknown=*/false)) { ssl_send_alert(ssl, SSL3_AL_FATAL, alert); return ssl_hs_error; } @@ -568,8 +566,7 @@ static enum ssl_hs_wait_t do_read_certificate_request(SSL_HANDSHAKE *hs) { !CBS_get_u16_length_prefixed(&body, &extensions) || CBS_len(&body) != 0 || !ssl_parse_extensions(&extensions, &alert, ext_types, - OPENSSL_ARRAY_SIZE(ext_types), - 1 /* accept unknown */) || + /*ignore_unknown=*/true) || (have_ca && CBS_len(&ca) == 0) || !have_sigalgs || !CBS_get_u16_length_prefixed(&sigalgs, @@ -989,8 +986,7 @@ UniquePtr tls13_create_session_with_ticket(SSL *ssl, CBS *body) { uint8_t alert = SSL_AD_DECODE_ERROR; if (!ssl_parse_extensions(&extensions, &alert, ext_types, - OPENSSL_ARRAY_SIZE(ext_types), - 1 /* ignore unknown */)) { + /*ignore_unknown=*/true)) { ssl_send_alert(ssl, SSL3_AL_FATAL, alert); return nullptr; } From a6386ea1851039458725e91cf40583e8dde28db6 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 22 Sep 2020 17:49:19 -0400 Subject: [PATCH 101/399] runner: Rewrite sessionState parsing with byteReader. This will make it less tedious to add new fields later. Change-Id: I82fe8f1859e4eaf0c72551d4ca5cf9534bee10b5 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43005 Commit-Queue: David Benjamin Reviewed-by: Steven Valdez --- ssl/test/runner/runner.go | 4 +- ssl/test/runner/ticket.go | 93 +++++++++++---------------------------- 2 files changed, 27 insertions(+), 70 deletions(-) diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index aac4567d74..2bf8d133e6 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -3396,7 +3396,7 @@ read alert 1 0 // Servers should reject QUIC client hellos that have a legacy // session ID. testCases = append(testCases, testCase{ - name: "QUICCompatibilityMode", + name: "QUICCompatibilityMode", testType: serverTest, protocol: quic, config: Config{ @@ -3405,7 +3405,7 @@ read alert 1 0 CompatModeWithQUIC: true, }, }, - shouldFail: true, + shouldFail: true, expectedError: ":UNEXPECTED_COMPATIBILITY_MODE:", }) } diff --git a/ssl/test/runner/ticket.go b/ssl/test/runner/ticket.go index 10ac54f7a4..af8754734c 100644 --- a/ssl/test/runner/ticket.go +++ b/ssl/test/runner/ticket.go @@ -10,7 +10,6 @@ import ( "crypto/hmac" "crypto/sha256" "crypto/subtle" - "encoding/binary" "errors" "io" "time" @@ -66,91 +65,49 @@ func (s *sessionState) marshal() []byte { } func (s *sessionState) unmarshal(data []byte) bool { - if len(data) < 8 { + reader := byteReader(data) + var numCerts uint16 + if !reader.readU16(&s.vers) || + !reader.readU16(&s.cipherSuite) || + !reader.readU16LengthPrefixedBytes(&s.masterSecret) || + !reader.readU16LengthPrefixedBytes(&s.handshakeHash) || + !reader.readU16(&numCerts) { return false } - s.vers = uint16(data[0])<<8 | uint16(data[1]) - s.cipherSuite = uint16(data[2])<<8 | uint16(data[3]) - masterSecretLen := int(data[4])<<8 | int(data[5]) - data = data[6:] - if len(data) < masterSecretLen { - return false - } - - s.masterSecret = data[:masterSecretLen] - data = data[masterSecretLen:] - - if len(data) < 2 { - return false - } - - handshakeHashLen := int(data[0])<<8 | int(data[1]) - data = data[2:] - if len(data) < handshakeHashLen { - return false - } - - s.handshakeHash = data[:handshakeHashLen] - data = data[handshakeHashLen:] - - if len(data) < 2 { - return false - } - - numCerts := int(data[0])<<8 | int(data[1]) - data = data[2:] - - s.certificates = make([][]byte, numCerts) + s.certificates = make([][]byte, int(numCerts)) for i := range s.certificates { - if len(data) < 4 { - return false - } - certLen := int(data[0])<<24 | int(data[1])<<16 | int(data[2])<<8 | int(data[3]) - data = data[4:] - if certLen < 0 { - return false - } - if len(data) < certLen { + if !reader.readU32LengthPrefixedBytes(&s.certificates[i]) { return false } - s.certificates[i] = data[:certLen] - data = data[certLen:] } - if len(data) < 1 { + var extendedMasterSecret uint8 + if !reader.readU8(&extendedMasterSecret) { return false } - - s.extendedMasterSecret = false - if data[0] == 1 { + if extendedMasterSecret == 0 { + s.extendedMasterSecret = false + } else if extendedMasterSecret == 1 { s.extendedMasterSecret = true + } else { + return false } - data = data[1:] if s.vers >= VersionTLS13 { - if len(data) < 24 { + var ticketCreationTime, ticketExpiration uint64 + if !reader.readU64(&ticketCreationTime) || + !reader.readU64(&ticketExpiration) || + !reader.readU32(&s.ticketFlags) || + !reader.readU32(&s.ticketAgeAdd) { return false } - s.ticketCreationTime = time.Unix(0, int64(binary.BigEndian.Uint64(data))) - data = data[8:] - s.ticketExpiration = time.Unix(0, int64(binary.BigEndian.Uint64(data))) - data = data[8:] - s.ticketFlags = binary.BigEndian.Uint32(data) - data = data[4:] - s.ticketAgeAdd = binary.BigEndian.Uint32(data) - data = data[4:] - } - - earlyALPNLen := int(data[0])<<8 | int(data[1]) - data = data[2:] - if len(data) < earlyALPNLen { - return false + s.ticketCreationTime = time.Unix(0, int64(ticketCreationTime)) + s.ticketExpiration = time.Unix(0, int64(ticketExpiration)) } - s.earlyALPN = data[:earlyALPNLen] - data = data[earlyALPNLen:] - if len(data) > 0 { + if !reader.readU16LengthPrefixedBytes(&s.earlyALPN) || + len(reader) > 0 { return false } From b0e98e408c88dd91583f6f8fac233f0d4433b55b Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 24 Sep 2020 12:49:03 -0400 Subject: [PATCH 102/399] Test SSL_get0_alpn_selected on both client and server. On the server, we echo the selected ALPN back out of the same getter as the client. Change-Id: I11978b9cd0a3e7c611f162e9cf5054e52005a195 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43045 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- ssl/test/bssl_shim.cc | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index a91524adff..76df66d35c 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -524,16 +524,18 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume, } } - if (!config->is_server) { - const uint8_t *alpn_proto; - unsigned alpn_proto_len; - SSL_get0_alpn_selected(ssl, &alpn_proto, &alpn_proto_len); - if (alpn_proto_len != config->expect_alpn.size() || - OPENSSL_memcmp(alpn_proto, config->expect_alpn.data(), - alpn_proto_len) != 0) { - fprintf(stderr, "negotiated alpn proto mismatch\n"); - return false; - } + // On the server, the protocol selected in the ALPN callback must be echoed + // out of |SSL_get0_alpn_selected|. On the client, it should report what the + // test expected. + const std::string &expect_alpn = + config->is_server ? config->select_alpn : config->expect_alpn; + const uint8_t *alpn_proto; + unsigned alpn_proto_len; + SSL_get0_alpn_selected(ssl, &alpn_proto, &alpn_proto_len); + if (alpn_proto_len != expect_alpn.size() || + OPENSSL_memcmp(alpn_proto, expect_alpn.data(), alpn_proto_len) != 0) { + fprintf(stderr, "negotiated alpn proto mismatch\n"); + return false; } if (!config->expect_quic_transport_params.empty() && expect_handshake_done) { From 0ee5808fed3a3b4ec5f54f0338e5f8e30472b797 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 29 Sep 2020 12:13:28 -0400 Subject: [PATCH 103/399] Add a few more OPENSSL_NO_* constants. Bumping OPENSSL_VERSION_NUMBER to 1.1.1 pulled in a few more to define for compatibility. Change-Id: I596c537d230f126dd53e8abe32c5132968a54826 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43104 Reviewed-by: Adam Langley --- include/openssl/opensslconf.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/openssl/opensslconf.h b/include/openssl/opensslconf.h index 3c6ffd8be9..3f1faf324d 100644 --- a/include/openssl/opensslconf.h +++ b/include/openssl/opensslconf.h @@ -55,6 +55,9 @@ #define OPENSSL_NO_RMD160 #define OPENSSL_NO_SCTP #define OPENSSL_NO_SEED +#define OPENSSL_NO_SM2 +#define OPENSSL_NO_SM3 +#define OPENSSL_NO_SM4 #define OPENSSL_NO_SRP #define OPENSSL_NO_SSL2 #define OPENSSL_NO_SSL3 From bb72a8d649232a74951401a22a9d99fcc5407a3a Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 25 Sep 2020 17:56:05 -0400 Subject: [PATCH 104/399] Allow specifying different initial and resumption expectations. We have an ad-hoc expectResumeVersion, and I'll want to add one for ALPS (to confirm changing ALPS on resumption works). We probably could have done with such a test for ALPN too. Wrap all the ConnectionState expectations into a struct with an optional resumeExpectations field. Also move the OCSPResponse() method to ConnectionState for consistency. Change-Id: Icaabf5571c51e78ed078f57de0e04928d3f3fa8d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43084 Reviewed-by: Steven Valdez Commit-Queue: David Benjamin --- ssl/test/runner/common.go | 1 + ssl/test/runner/conn.go | 10 +- ssl/test/runner/runner.go | 696 ++++++++++++++++++++++++-------------- 3 files changed, 452 insertions(+), 255 deletions(-) diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go index 6a744db85d..d1ea08df83 100644 --- a/ssl/test/runner/common.go +++ b/ssl/test/runner/common.go @@ -249,6 +249,7 @@ type ConnectionState struct { ServerName string // server name requested by client, if any (server side only) PeerCertificates []*x509.Certificate // certificate chain presented by remote peer VerifiedChains [][]*x509.Certificate // verified chains built from PeerCertificates + OCSPResponse []byte // stapled OCSP response from the peer, if any ChannelID *ecdsa.PublicKey // the channel ID for this connection TokenBindingNegotiated bool // whether Token Binding was negotiated TokenBindingParam uint8 // the negotiated Token Binding key parameter diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go index a449f2fa69..04fe16c9be 100644 --- a/ssl/test/runner/conn.go +++ b/ssl/test/runner/conn.go @@ -1872,6 +1872,7 @@ func (c *Conn) ConnectionState() ConnectionState { state.CipherSuite = c.cipherSuite.id state.PeerCertificates = c.peerCertificates state.VerifiedChains = c.verifiedChains + state.OCSPResponse = c.ocspResponse state.ServerName = c.serverName state.ChannelID = c.channelID state.TokenBindingNegotiated = c.tokenBindingNegotiated @@ -1887,15 +1888,6 @@ func (c *Conn) ConnectionState() ConnectionState { return state } -// OCSPResponse returns the stapled OCSP response from the TLS server, if -// any. (Only valid for client connections.) -func (c *Conn) OCSPResponse() []byte { - c.handshakeMutex.Lock() - defer c.handshakeMutex.Unlock() - - return c.ocspResponse -} - // VerifyHostname checks that the peer certificate chain is valid for // connecting to host. If so, it returns nil; if not, it returns an error // describing the problem. diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 2bf8d133e6..4baf90113b 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -491,6 +491,50 @@ const ( npn = 2 ) +// connectionExpectations contains connection-level test expectations to check +// on the runner side. +type connectionExpectations struct { + // version, if non-zero, specifies the TLS version that must be negotiated. + version uint16 + // cipher, if non-zero, specifies the TLS cipher suite that should be + // negotiated. + cipher uint16 + // channelID controls whether the connection should have negotiated a + // Channel ID with channelIDKey. + channelID bool + // tokenBinding controls whether the connection should have negotiated Token + // Binding. + tokenBinding bool + // tokenBindingParam is the Token Binding parameter that should have been + // negotiated (if tokenBinding is true). + tokenBindingParam uint8 + // nextProto controls whether the connection should negotiate a next + // protocol via NPN or ALPN. + nextProto string + // noNextProto, if true, means that no next protocol should be negotiated. + noNextProto bool + // nextProtoType, if non-zero, is the next protocol negotiation mechanism. + nextProtoType int + // srtpProtectionProfile is the DTLS-SRTP profile that should be negotiated. + // If zero, none should be negotiated. + srtpProtectionProfile uint16 + // ocspResponse, if not nil, is the OCSP response to be received. + ocspResponse []uint8 + // sctList, if not nil, is the SCT list to be received. + sctList []uint8 + // peerSignatureAlgorithm, if not zero, is the signature algorithm that the + // peer should have used in the handshake. + peerSignatureAlgorithm signatureAlgorithm + // curveID, if not zero, is the curve that the handshake should have used. + curveID CurveID + // peerCertificate, if not nil, is the certificate chain the peer is + // expected to send. + peerCertificate *Certificate + // quicTransportParams contains the QUIC transport parameters that are to be + // sent by the peer. + quicTransportParams []byte +} + type testCase struct { testType testType protocol protocol @@ -501,46 +545,12 @@ type testCase struct { // expectedLocalError, if not empty, contains a substring that must be // found in the local error. expectedLocalError string - // expectedVersion, if non-zero, specifies the TLS version that must be - // negotiated. - expectedVersion uint16 - // expectedResumeVersion, if non-zero, specifies the TLS version that - // must be negotiated on resumption. If zero, expectedVersion is used. - expectedResumeVersion uint16 - // expectedCipher, if non-zero, specifies the TLS cipher suite that - // should be negotiated. - expectedCipher uint16 - // expectChannelID controls whether the connection should have - // negotiated a Channel ID with channelIDKey. - expectChannelID bool - // expectTokenBinding controls whether the connection should have - // negotiated Token Binding. - expectTokenBinding bool - // expectedTokenBindingParam is the Token Binding parameter that should - // have been negotiated (if expectTokenBinding is true). - expectedTokenBindingParam uint8 - // expectedNextProto controls whether the connection should - // negotiate a next protocol via NPN or ALPN. - expectedNextProto string - // expectNoNextProto, if true, means that no next protocol should be - // negotiated. - expectNoNextProto bool - // expectedNextProtoType, if non-zero, is the expected next - // protocol negotiation mechanism. - expectedNextProtoType int - // expectedSRTPProtectionProfile is the DTLS-SRTP profile that - // should be negotiated. If zero, none should be negotiated. - expectedSRTPProtectionProfile uint16 - // expectedOCSPResponse, if not nil, is the expected OCSP response to be received. - expectedOCSPResponse []uint8 - // expectedSCTList, if not nil, is the expected SCT list to be received. - expectedSCTList []uint8 - // expectedPeerSignatureAlgorithm, if not zero, is the signature - // algorithm that the peer should have used in the handshake. - expectedPeerSignatureAlgorithm signatureAlgorithm - // expectedCurveID, if not zero, is the curve that the handshake should - // have used. - expectedCurveID CurveID + // expectations contains test expectations for the initial + // connection. + expectations connectionExpectations + // resumeExpectations, if non-nil, contains test expectations for the + // resumption connection. If nil, |expectations| is used. + resumeExpectations *connectionExpectations // messageLen is the length, in bytes, of the test message that will be // sent. messageLen int @@ -639,17 +649,11 @@ type testCase struct { // expectMessageDropped, if true, means the test message is expected to // be dropped by the client rather than echoed back. expectMessageDropped bool - // expectPeerCertificate, if not nil, is the certificate chain the peer - // is expected to send. - expectPeerCertificate *Certificate // shimPrefix is the prefix that the shim will send to the server. shimPrefix string // resumeShimPrefix is the prefix that the shim will send to the server on a // resumption. resumeShimPrefix string - // expectedQUICTransportParams contains the QUIC transport - // parameters that are expected to be sent by the peer. - expectedQUICTransportParams []byte // exportTrafficSecrets, if true, configures the test to export the TLS 1.3 // traffic secrets and confirms that they match. exportTrafficSecrets bool @@ -819,26 +823,23 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, tr return err } - // TODO(davidben): move all per-connection expectations into a dedicated - // expectations struct that can be specified separately for the two - // legs. - expectedVersion := test.expectedVersion - if isResume && test.expectedResumeVersion != 0 { - expectedVersion = test.expectedResumeVersion + expectations := &test.expectations + if isResume && test.resumeExpectations != nil { + expectations = test.resumeExpectations } connState := tlsConn.ConnectionState() - if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion { - return fmt.Errorf("got version %x, expected %x", vers, expectedVersion) + if vers := connState.Version; expectations.version != 0 && vers != expectations.version { + return fmt.Errorf("got version %x, expected %x", vers, expectations.version) } - if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher { - return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher) + if cipher := connState.CipherSuite; expectations.cipher != 0 && cipher != expectations.cipher { + return fmt.Errorf("got cipher %x, expected %x", cipher, expectations.cipher) } if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected { return fmt.Errorf("didResume is %t, but we expected the opposite", didResume) } - if test.expectChannelID { + if expectations.channelID { channelID := connState.ChannelID if channelID == nil { return fmt.Errorf("no channel ID negotiated") @@ -852,68 +853,68 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, tr return fmt.Errorf("channel ID unexpectedly negotiated") } - if test.expectTokenBinding { + if expectations.tokenBinding { if !connState.TokenBindingNegotiated { return errors.New("no Token Binding negotiated") } - if connState.TokenBindingParam != test.expectedTokenBindingParam { - return fmt.Errorf("expected param %02x, but got %02x", test.expectedTokenBindingParam, connState.TokenBindingParam) + if connState.TokenBindingParam != expectations.tokenBindingParam { + return fmt.Errorf("expected param %02x, but got %02x", expectations.tokenBindingParam, connState.TokenBindingParam) } } else if connState.TokenBindingNegotiated { return errors.New("Token Binding unexpectedly negotiated") } - if expected := test.expectedNextProto; expected != "" { + if expected := expectations.nextProto; expected != "" { if actual := connState.NegotiatedProtocol; actual != expected { return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected) } } - if test.expectNoNextProto { + if expectations.noNextProto { if actual := connState.NegotiatedProtocol; actual != "" { return fmt.Errorf("got unexpected next proto %s", actual) } } - if test.expectedNextProtoType != 0 { - if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN { + if expectations.nextProtoType != 0 { + if (expectations.nextProtoType == alpn) != connState.NegotiatedProtocolFromALPN { return fmt.Errorf("next proto type mismatch") } } - if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile { - return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile) + if p := connState.SRTPProtectionProfile; p != expectations.srtpProtectionProfile { + return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, expectations.srtpProtectionProfile) } - if test.expectedOCSPResponse != nil && !bytes.Equal(test.expectedOCSPResponse, tlsConn.OCSPResponse()) { - return fmt.Errorf("OCSP Response mismatch: got %x, wanted %x", tlsConn.OCSPResponse(), test.expectedOCSPResponse) + if expectations.ocspResponse != nil && !bytes.Equal(expectations.ocspResponse, connState.OCSPResponse) { + return fmt.Errorf("OCSP Response mismatch: got %x, wanted %x", connState.OCSPResponse, expectations.ocspResponse) } - if test.expectedSCTList != nil && !bytes.Equal(test.expectedSCTList, connState.SCTList) { + if expectations.sctList != nil && !bytes.Equal(expectations.sctList, connState.SCTList) { return fmt.Errorf("SCT list mismatch") } - if expected := test.expectedPeerSignatureAlgorithm; expected != 0 && expected != connState.PeerSignatureAlgorithm { + if expected := expectations.peerSignatureAlgorithm; expected != 0 && expected != connState.PeerSignatureAlgorithm { return fmt.Errorf("expected peer to use signature algorithm %04x, but got %04x", expected, connState.PeerSignatureAlgorithm) } - if expected := test.expectedCurveID; expected != 0 && expected != connState.CurveID { + if expected := expectations.curveID; expected != 0 && expected != connState.CurveID { return fmt.Errorf("expected peer to use curve %04x, but got %04x", expected, connState.CurveID) } - if test.expectPeerCertificate != nil { - if len(connState.PeerCertificates) != len(test.expectPeerCertificate.Certificate) { - return fmt.Errorf("expected peer to send %d certificates, but got %d", len(connState.PeerCertificates), len(test.expectPeerCertificate.Certificate)) + if expectations.peerCertificate != nil { + if len(connState.PeerCertificates) != len(expectations.peerCertificate.Certificate) { + return fmt.Errorf("expected peer to send %d certificates, but got %d", len(connState.PeerCertificates), len(expectations.peerCertificate.Certificate)) } for i, cert := range connState.PeerCertificates { - if !bytes.Equal(cert.Raw, test.expectPeerCertificate.Certificate[i]) { + if !bytes.Equal(cert.Raw, expectations.peerCertificate.Certificate[i]) { return fmt.Errorf("peer certificate %d did not match", i+1) } } } - if len(test.expectedQUICTransportParams) > 0 { - if !bytes.Equal(test.expectedQUICTransportParams, connState.QUICTransportParams) { + if len(expectations.quicTransportParams) > 0 { + if !bytes.Equal(expectations.quicTransportParams, connState.QUICTransportParams) { return errors.New("Peer did not send expected QUIC transport params") } } @@ -1228,7 +1229,7 @@ func runTest(statusChan chan statusMsg, test *testCase, shimPath string, mallocN continue } - if test.config.MaxVersion == 0 && test.config.MinVersion == 0 && test.expectedVersion == 0 { + if test.config.MaxVersion == 0 && test.config.MinVersion == 0 && test.expectations.version == 0 { panic(fmt.Sprintf("The name of test %q suggests that it's version specific, but min/max version in the Config is %x/%x. One of them should probably be %x", test.name, test.config.MinVersion, test.config.MaxVersion, ver.version)) } } @@ -1274,7 +1275,10 @@ func runTest(statusChan chan statusMsg, test *testCase, shimPath string, mallocN if test.resumeConfig != nil { test.resumeConfig.QUICTransportParams = []byte{1, 2} } - test.expectedQUICTransportParams = []byte{3, 4} + test.expectations.quicTransportParams = []byte{3, 4} + if test.resumeExpectations != nil { + test.resumeExpectations.quicTransportParams = []byte{3, 4} + } flags = append(flags, []string{ "-quic-transport-params", @@ -1294,8 +1298,12 @@ func runTest(statusChan chan statusMsg, test *testCase, shimPath string, mallocN if test.resumeConfig != nil { test.resumeConfig.NextProtos = []string{"foo"} } - test.expectedNextProto = "foo" - test.expectedNextProtoType = alpn + test.expectations.nextProto = "foo" + test.expectations.nextProtoType = alpn + if test.resumeExpectations != nil { + test.resumeExpectations.nextProto = "foo" + test.resumeExpectations.nextProtoType = alpn + } } } @@ -1882,7 +1890,9 @@ read alert 1 0 SkipCertificateVerify: true, }, }, - expectPeerCertificate: &rsaChainCertificate, + expectations: connectionExpectations{ + peerCertificate: &rsaChainCertificate, + }, flags: []string{ "-require-any-client-certificate", }, @@ -2017,7 +2027,9 @@ read alert 1 0 FragmentClientVersion: true, }, }, - expectedVersion: VersionTLS13, + expectations: connectionExpectations{ + version: VersionTLS13, + }, }, { testType: serverTest, @@ -3880,8 +3892,10 @@ func addCipherSuiteTests() { MaxVersion: VersionTLS12, CipherSuites: t.ciphers, }, - flags: []string{"-cipher", negotiationTestCiphers}, - expectedCipher: t.expected, + flags: []string{"-cipher", negotiationTestCiphers}, + expectations: connectionExpectations{ + cipher: t.expected, + }, }) } } @@ -4174,7 +4188,9 @@ func addClientAuthTests() { MaxVersion: ver.version, ChannelID: channelIDKey, }, - expectChannelID: true, + expectations: connectionExpectations{ + channelID: true, + }, flags: []string{ "-enable-channel-id", "-verify-peer-if-no-obc", @@ -5044,7 +5060,9 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { config: Config{ MaxVersion: vers.version, }, - expectedOCSPResponse: testOCSPResponse, + expectations: connectionExpectations{ + ocspResponse: testOCSPResponse, + }, flags: []string{ "-ocsp-response", base64.StdEncoding.EncodeToString(testOCSPResponse), @@ -5117,7 +5135,9 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { config: Config{ MaxVersion: vers.version, }, - expectedOCSPResponse: testOCSPResponse, + expectations: connectionExpectations{ + ocspResponse: testOCSPResponse, + }, flags: []string{ "-use-ocsp-callback", "-set-ocsp-in-callback", @@ -5136,7 +5156,9 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { config: Config{ MaxVersion: vers.version, }, - expectedOCSPResponse: []byte{}, + expectations: connectionExpectations{ + ocspResponse: []byte{}, + }, flags: []string{ "-use-ocsp-callback", "-decline-ocsp-callback", @@ -5497,10 +5519,12 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: VersionTLS12, NextProtos: []string{"foo"}, }, - flags: []string{"-select-next-proto", "foo"}, - resumeSession: true, - expectedNextProto: "foo", - expectedNextProtoType: npn, + flags: []string{"-select-next-proto", "foo"}, + resumeSession: true, + expectations: connectionExpectations{ + nextProto: "foo", + nextProtoType: npn, + }, }) tests = append(tests, testCase{ testType: serverTest, @@ -5513,9 +5537,11 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { "-advertise-npn", "\x03foo\x03bar\x03baz", "-expect-next-proto", "bar", }, - resumeSession: true, - expectedNextProto: "bar", - expectedNextProtoType: npn, + resumeSession: true, + expectations: connectionExpectations{ + nextProto: "bar", + nextProtoType: npn, + }, }) // Client does False Start and negotiates NPN. @@ -5619,10 +5645,12 @@ read alert 1 0 "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), "-select-next-proto", "foo", }, - resumeSession: true, - expectChannelID: true, - expectedNextProto: "foo", - expectedNextProtoType: npn, + resumeSession: true, + expectations: connectionExpectations{ + channelID: true, + nextProto: "foo", + nextProtoType: npn, + }, }) tests = append(tests, testCase{ testType: serverTest, @@ -5638,10 +5666,12 @@ read alert 1 0 "-advertise-npn", "\x03foo\x03bar\x03baz", "-expect-next-proto", "bar", }, - resumeSession: true, - expectChannelID: true, - expectedNextProto: "bar", - expectedNextProtoType: npn, + resumeSession: true, + expectations: connectionExpectations{ + channelID: true, + nextProto: "bar", + nextProtoType: npn, + }, }) // Bidirectional shutdown with the runner initiating. @@ -5668,9 +5698,11 @@ read alert 1 0 MaxVersion: ver.version, RequestChannelID: true, }, - flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)}, - resumeSession: true, - expectChannelID: true, + flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)}, + resumeSession: true, + expectations: connectionExpectations{ + channelID: true, + }, }) // Server accepts a Channel ID. @@ -5685,8 +5717,10 @@ read alert 1 0 "-expect-channel-id", base64.StdEncoding.EncodeToString(channelIDBytes), }, - resumeSession: true, - expectChannelID: true, + resumeSession: true, + expectations: connectionExpectations{ + channelID: true, + }, }) tests = append(tests, testCase{ @@ -5714,11 +5748,13 @@ read alert 1 0 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, ChannelID: channelIDKey, }, - expectChannelID: false, - flags: []string{"-enable-channel-id"}, + expectations: connectionExpectations{ + channelID: false, + }, + flags: []string{"-enable-channel-id"}, }) - // Sanity-check setting expectChannelID false works. + // Sanity-check setting expectations.channelID false works. tests = append(tests, testCase{ testType: serverTest, name: "ChannelID-ECDHE-" + ver.name, @@ -5727,7 +5763,9 @@ read alert 1 0 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}, ChannelID: channelIDKey, }, - expectChannelID: false, + expectations: connectionExpectations{ + channelID: false, + }, flags: []string{"-enable-channel-id"}, shouldFail: true, expectedLocalError: "channel ID unexpectedly negotiated", @@ -6018,8 +6056,10 @@ func addVersionNegotiationTests() { ExpectInitialRecordVersion: clientVers, }, }, - flags: flags, - expectedVersion: expectedVersion, + flags: flags, + expectations: connectionExpectations{ + version: expectedVersion, + }, }) testCases = append(testCases, testCase{ protocol: protocol, @@ -6031,8 +6071,10 @@ func addVersionNegotiationTests() { ExpectInitialRecordVersion: clientVers, }, }, - flags: flags2, - expectedVersion: expectedVersion, + flags: flags2, + expectations: connectionExpectations{ + version: expectedVersion, + }, }) testCases = append(testCases, testCase{ @@ -6045,8 +6087,10 @@ func addVersionNegotiationTests() { ExpectInitialRecordVersion: serverVers, }, }, - flags: flags, - expectedVersion: expectedVersion, + flags: flags, + expectations: connectionExpectations{ + version: expectedVersion, + }, }) testCases = append(testCases, testCase{ protocol: protocol, @@ -6058,8 +6102,10 @@ func addVersionNegotiationTests() { ExpectInitialRecordVersion: serverVers, }, }, - flags: flags2, - expectedVersion: expectedVersion, + flags: flags2, + expectations: connectionExpectations{ + version: expectedVersion, + }, }) } } @@ -6080,7 +6126,9 @@ func addVersionNegotiationTests() { IgnoreTLS13DowngradeRandom: true, }, }, - expectedVersion: vers.version, + expectations: connectionExpectations{ + version: vers.version, + }, }) } } @@ -6121,7 +6169,9 @@ func addVersionNegotiationTests() { IgnoreTLS13DowngradeRandom: true, }, }, - expectedVersion: VersionTLS12, + expectations: connectionExpectations{ + version: VersionTLS12, + }, }) testCases = append(testCases, testCase{ @@ -6135,7 +6185,9 @@ func addVersionNegotiationTests() { }, }, // The extension takes precedence over the ClientHello version. - expectedVersion: VersionTLS11, + expectations: connectionExpectations{ + version: VersionTLS11, + }, }) testCases = append(testCases, testCase{ @@ -6149,7 +6201,9 @@ func addVersionNegotiationTests() { }, }, // The extension takes precedence over the ClientHello version. - expectedVersion: VersionTLS12, + expectations: connectionExpectations{ + version: VersionTLS12, + }, }) // Test that TLS 1.2 isn't negotiated by the supported_versions extension in @@ -6177,7 +6231,9 @@ func addVersionNegotiationTests() { SendSupportedVersions: []uint16{VersionTLS12, VersionTLS13}, }, }, - expectedVersion: VersionTLS13, + expectations: connectionExpectations{ + version: VersionTLS13, + }, }) // Test for version tolerance. @@ -6191,7 +6247,9 @@ func addVersionNegotiationTests() { IgnoreTLS13DowngradeRandom: true, }, }, - expectedVersion: VersionTLS12, + expectations: connectionExpectations{ + version: VersionTLS12, + }, }) testCases = append(testCases, testCase{ testType: serverTest, @@ -6205,7 +6263,9 @@ func addVersionNegotiationTests() { }, // TLS 1.3 must be negotiated with the supported_versions // extension, not ClientHello.version. - expectedVersion: VersionTLS12, + expectations: connectionExpectations{ + version: VersionTLS12, + }, }) testCases = append(testCases, testCase{ testType: serverTest, @@ -6218,7 +6278,9 @@ func addVersionNegotiationTests() { SendClientVersion: 0x0400, }, }, - expectedVersion: VersionTLS13, + expectations: connectionExpectations{ + version: VersionTLS13, + }, }) testCases = append(testCases, testCase{ @@ -6231,7 +6293,9 @@ func addVersionNegotiationTests() { OmitSupportedVersions: true, }, }, - expectedVersion: VersionTLS12, + expectations: connectionExpectations{ + version: VersionTLS12, + }, }) testCases = append(testCases, testCase{ protocol: dtls, @@ -6243,7 +6307,9 @@ func addVersionNegotiationTests() { OmitSupportedVersions: true, }, }, - expectedVersion: VersionTLS12, + expectations: connectionExpectations{ + version: VersionTLS12, + }, }) // Test that versions below 3.0 are rejected. @@ -6304,7 +6370,9 @@ func addVersionNegotiationTests() { NegotiateVersion: test.version, }, }, - expectedVersion: test.version, + expectations: connectionExpectations{ + version: test.version, + }, shouldFail: true, expectedError: ":TLS13_DOWNGRADE:", expectedLocalError: "remote error: illegal parameter", @@ -6319,7 +6387,9 @@ func addVersionNegotiationTests() { NegotiateVersion: test.version, }, }, - expectedVersion: test.version, + expectations: connectionExpectations{ + version: test.version, + }, flags: []string{ "-ignore-tls13-downgrade", "-expect-tls13-downgrade", @@ -6335,7 +6405,9 @@ func addVersionNegotiationTests() { SendSupportedVersions: []uint16{test.version}, }, }, - expectedVersion: test.version, + expectations: connectionExpectations{ + version: test.version, + }, shouldFail: true, expectedLocalError: test.clientShimError, }) @@ -6352,7 +6424,9 @@ func addVersionNegotiationTests() { AlertBeforeFalseStartTest: alertAccessDenied, }, }, - expectedVersion: VersionTLS12, + expectations: connectionExpectations{ + version: VersionTLS12, + }, flags: []string{ "-false-start", "-advertise-alpn", "\x03foo", @@ -6447,8 +6521,10 @@ func addMinimumVersionTests() { IgnorePeerCipherPreferences: shouldFail, }, }, - flags: flags, - expectedVersion: expectedVersion, + flags: flags, + expectations: connectionExpectations{ + version: expectedVersion, + }, shouldFail: shouldFail, expectedError: expectedError, expectedLocalError: expectedLocalError, @@ -6467,8 +6543,10 @@ func addMinimumVersionTests() { IgnorePeerCipherPreferences: shouldFail, }, }, - flags: flags2, - expectedVersion: expectedVersion, + flags: flags2, + expectations: connectionExpectations{ + version: expectedVersion, + }, shouldFail: shouldFail, expectedError: expectedError, expectedLocalError: expectedLocalError, @@ -6481,8 +6559,10 @@ func addMinimumVersionTests() { config: Config{ MaxVersion: runnerVers.version, }, - flags: flags, - expectedVersion: expectedVersion, + flags: flags, + expectations: connectionExpectations{ + version: expectedVersion, + }, shouldFail: shouldFail, expectedError: expectedError, expectedLocalError: expectedLocalError, @@ -6494,8 +6574,10 @@ func addMinimumVersionTests() { config: Config{ MaxVersion: runnerVers.version, }, - flags: flags2, - expectedVersion: expectedVersion, + flags: flags2, + expectations: connectionExpectations{ + version: expectedVersion, + }, shouldFail: shouldFail, expectedError: expectedError, expectedLocalError: expectedLocalError, @@ -6623,9 +6705,11 @@ func addExtensionTests() { "-advertise-alpn", "\x03foo\x03bar\x03baz", "-expect-alpn", "foo", }, - expectedNextProto: "foo", - expectedNextProtoType: alpn, - resumeSession: true, + expectations: connectionExpectations{ + nextProto: "foo", + nextProtoType: alpn, + }, + resumeSession: true, }) testCases = append(testCases, testCase{ testType: clientTest, @@ -6669,9 +6753,11 @@ func addExtensionTests() { "-expect-advertised-alpn", "\x03foo\x03bar\x03baz", "-select-alpn", "foo", }, - expectedNextProto: "foo", - expectedNextProtoType: alpn, - resumeSession: true, + expectations: connectionExpectations{ + nextProto: "foo", + nextProtoType: alpn, + }, + resumeSession: true, }) testCases = append(testCases, testCase{ testType: serverTest, @@ -6680,9 +6766,11 @@ func addExtensionTests() { MaxVersion: ver.version, NextProtos: []string{"foo", "bar", "baz"}, }, - flags: []string{"-decline-alpn"}, - expectNoNextProto: true, - resumeSession: true, + flags: []string{"-decline-alpn"}, + expectations: connectionExpectations{ + noNextProto: true, + }, + resumeSession: true, }) // Test that the server implementation catches itself if the // callback tries to return an invalid empty ALPN protocol. @@ -6718,9 +6806,11 @@ func addExtensionTests() { "-select-alpn", "foo", "-async", }, - expectedNextProto: "foo", - expectedNextProtoType: alpn, - resumeSession: true, + expectations: connectionExpectations{ + nextProto: "foo", + nextProtoType: alpn, + }, + resumeSession: true, }) var emptyString string @@ -6773,9 +6863,11 @@ func addExtensionTests() { "-select-alpn", "foo", "-advertise-npn", "\x03foo\x03bar\x03baz", }, - expectedNextProto: "foo", - expectedNextProtoType: alpn, - resumeSession: true, + expectations: connectionExpectations{ + nextProto: "foo", + nextProtoType: alpn, + }, + resumeSession: true, }) testCases = append(testCases, testCase{ testType: serverTest, @@ -6792,9 +6884,11 @@ func addExtensionTests() { "-select-alpn", "foo", "-advertise-npn", "\x03foo\x03bar\x03baz", }, - expectedNextProto: "foo", - expectedNextProtoType: alpn, - resumeSession: true, + expectations: connectionExpectations{ + nextProto: "foo", + nextProtoType: alpn, + }, + resumeSession: true, }) // Test that negotiating both NPN and ALPN is forbidden. @@ -6909,8 +7003,10 @@ func addExtensionTests() { TokenBindingParams: []byte{0, 1, 2}, TokenBindingVersion: maxTokenBindingVersion, }, - expectTokenBinding: true, - expectedTokenBindingParam: 2, + expectations: connectionExpectations{ + tokenBinding: true, + tokenBindingParam: 2, + }, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -6958,8 +7054,10 @@ func addExtensionTests() { TokenBindingParams: []byte{0, 1, 2}, TokenBindingVersion: maxTokenBindingVersion + 1, }, - expectTokenBinding: true, - expectedTokenBindingParam: 2, + expectations: connectionExpectations{ + tokenBinding: true, + tokenBindingParam: 2, + }, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -6994,8 +7092,10 @@ func addExtensionTests() { TokenBindingParams: []byte{0, 1, 2, 2}, TokenBindingVersion: maxTokenBindingVersion, }, - expectTokenBinding: true, - expectedTokenBindingParam: 2, + expectations: connectionExpectations{ + tokenBinding: true, + tokenBindingParam: 2, + }, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -7261,9 +7361,11 @@ func addExtensionTests() { TokenBindingVersion: maxTokenBindingVersion, MaxEarlyDataSize: 16384, }, - resumeSession: true, - expectTokenBinding: true, - expectedTokenBindingParam: 2, + resumeSession: true, + expectations: connectionExpectations{ + tokenBinding: true, + tokenBindingParam: 2, + }, flags: []string{ "-enable-early-data", "-expect-ticket-supports-early-data", @@ -7293,8 +7395,10 @@ func addExtensionTests() { "-expect-quic-transport-params", base64.StdEncoding.EncodeToString([]byte{1, 2}), }, - expectedQUICTransportParams: []byte{3, 4}, - skipTransportParamsConfig: true, + expectations: connectionExpectations{ + quicTransportParams: []byte{3, 4}, + }, + skipTransportParamsConfig: true, }) testCases = append(testCases, testCase{ testType: clientTest, @@ -7328,8 +7432,10 @@ func addExtensionTests() { "-expect-quic-transport-params", base64.StdEncoding.EncodeToString([]byte{1, 2}), }, - expectedQUICTransportParams: []byte{3, 4}, - skipTransportParamsConfig: true, + expectations: connectionExpectations{ + quicTransportParams: []byte{3, 4}, + }, + skipTransportParamsConfig: true, }) testCases = append(testCases, testCase{ testType: serverTest, @@ -7343,10 +7449,12 @@ func addExtensionTests() { "-quic-transport-params", base64.StdEncoding.EncodeToString([]byte{3, 4}), }, - expectedQUICTransportParams: []byte{3, 4}, - shouldFail: true, - expectedError: ":MISSING_EXTENSION:", - skipTransportParamsConfig: true, + expectations: connectionExpectations{ + quicTransportParams: []byte{3, 4}, + }, + shouldFail: true, + expectedError: ":MISSING_EXTENSION:", + skipTransportParamsConfig: true, }) } testCases = append(testCases, testCase{ @@ -7512,7 +7620,9 @@ func addExtensionTests() { "-srtp-profiles", "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32", }, - expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80, + expectations: connectionExpectations{ + srtpProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80, + }, }) testCases = append(testCases, testCase{ protocol: dtls, @@ -7526,7 +7636,9 @@ func addExtensionTests() { "-srtp-profiles", "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32", }, - expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80, + expectations: connectionExpectations{ + srtpProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80, + }, }) // Test that the MKI is ignored. testCases = append(testCases, testCase{ @@ -7544,7 +7656,9 @@ func addExtensionTests() { "-srtp-profiles", "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32", }, - expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80, + expectations: connectionExpectations{ + srtpProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80, + }, }) // Test that SRTP isn't negotiated on the server if there were // no matching profiles. @@ -7560,7 +7674,9 @@ func addExtensionTests() { "-srtp-profiles", "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32", }, - expectedSRTPProtectionProfile: 0, + expectations: connectionExpectations{ + srtpProtectionProfile: 0, + }, }) // Test that the server returning an invalid SRTP profile is // flagged as an error by the client. @@ -7629,8 +7745,10 @@ func addExtensionTests() { "-signed-cert-timestamps", base64.StdEncoding.EncodeToString(testSCTList), }, - expectedSCTList: testSCTList, - resumeSession: true, + expectations: connectionExpectations{ + sctList: testSCTList, + }, + resumeSession: true, }) emptySCTListCert := *testCerts[0].cert @@ -7960,8 +8078,12 @@ func addResumptionVersionTests() { ExpectNoTLS13PSK: sessionVers.version < VersionTLS13, }, }, - expectedVersion: sessionVers.version, - expectedResumeVersion: resumeVers.version, + expectations: connectionExpectations{ + version: sessionVers.version, + }, + resumeExpectations: &connectionExpectations{ + version: resumeVers.version, + }, }) } else { testCases = append(testCases, testCase{ @@ -7971,16 +8093,20 @@ func addResumptionVersionTests() { config: Config{ MaxVersion: sessionVers.version, }, - expectedVersion: sessionVers.version, + expectations: connectionExpectations{ + version: sessionVers.version, + }, resumeConfig: &Config{ MaxVersion: resumeVers.version, Bugs: ProtocolBugs{ AcceptAnySession: true, }, }, - expectedResumeVersion: resumeVers.version, - shouldFail: true, - expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:", + resumeExpectations: &connectionExpectations{ + version: resumeVers.version, + }, + shouldFail: true, + expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:", }) } @@ -7991,13 +8117,17 @@ func addResumptionVersionTests() { config: Config{ MaxVersion: sessionVers.version, }, - expectedVersion: sessionVers.version, + expectations: connectionExpectations{ + version: sessionVers.version, + }, resumeConfig: &Config{ MaxVersion: resumeVers.version, }, - newSessionsOnResume: true, - expectResumeRejected: true, - expectedResumeVersion: resumeVers.version, + newSessionsOnResume: true, + expectResumeRejected: true, + resumeExpectations: &connectionExpectations{ + version: resumeVers.version, + }, }) testCases = append(testCases, testCase{ @@ -8008,7 +8138,9 @@ func addResumptionVersionTests() { config: Config{ MaxVersion: sessionVers.version, }, - expectedVersion: sessionVers.version, + expectations: connectionExpectations{ + version: sessionVers.version, + }, expectResumeRejected: sessionVers != resumeVers, resumeConfig: &Config{ MaxVersion: resumeVers.version, @@ -8016,7 +8148,9 @@ func addResumptionVersionTests() { SendBothTickets: true, }, }, - expectedResumeVersion: resumeVers.version, + resumeExpectations: &connectionExpectations{ + version: resumeVers.version, + }, }) // Repeat the test using session IDs, rather than tickets. @@ -8030,13 +8164,17 @@ func addResumptionVersionTests() { MaxVersion: sessionVers.version, SessionTicketsDisabled: true, }, - expectedVersion: sessionVers.version, + expectations: connectionExpectations{ + version: sessionVers.version, + }, expectResumeRejected: sessionVers != resumeVers, resumeConfig: &Config{ MaxVersion: resumeVers.version, SessionTicketsDisabled: true, }, - expectedResumeVersion: resumeVers.version, + resumeExpectations: &connectionExpectations{ + version: resumeVers.version, + }, }) } } @@ -9125,10 +9263,12 @@ func addSignatureAlgorithmTests() { "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)), "-enable-all-curves", }, - shouldFail: shouldFail, - expectedError: signError, - expectedLocalError: signLocalError, - expectedPeerSignatureAlgorithm: alg.id, + shouldFail: shouldFail, + expectedError: signError, + expectedLocalError: signLocalError, + expectations: connectionExpectations{ + peerSignatureAlgorithm: alg.id, + }, } // Test that the shim will select the algorithm when configured to only @@ -9146,7 +9286,9 @@ func addSignatureAlgorithmTests() { "-enable-all-curves", "-signing-prefs", strconv.Itoa(int(alg.id)), }, - expectedPeerSignatureAlgorithm: alg.id, + expectations: connectionExpectations{ + peerSignatureAlgorithm: alg.id, + }, } if testType == serverTest { @@ -9328,7 +9470,9 @@ func addSignatureAlgorithmTests() { "-cert-file", path.Join(*resourceDir, rsaCertificateFile), "-key-file", path.Join(*resourceDir, rsaKeyFile), }, - expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA384, + expectations: connectionExpectations{ + peerSignatureAlgorithm: signatureRSAPKCS1WithSHA384, + }, }) testCases = append(testCases, testCase{ @@ -9347,7 +9491,9 @@ func addSignatureAlgorithmTests() { "-cert-file", path.Join(*resourceDir, rsaCertificateFile), "-key-file", path.Join(*resourceDir, rsaKeyFile), }, - expectedPeerSignatureAlgorithm: signatureRSAPSSWithSHA384, + expectations: connectionExpectations{ + peerSignatureAlgorithm: signatureRSAPSSWithSHA384, + }, }) testCases = append(testCases, testCase{ @@ -9362,7 +9508,9 @@ func addSignatureAlgorithmTests() { signatureECDSAWithSHA1, }, }, - expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA384, + expectations: connectionExpectations{ + peerSignatureAlgorithm: signatureRSAPKCS1WithSHA384, + }, }) testCases = append(testCases, testCase{ @@ -9377,7 +9525,9 @@ func addSignatureAlgorithmTests() { signatureECDSAWithSHA1, }, }, - expectedPeerSignatureAlgorithm: signatureRSAPSSWithSHA384, + expectations: connectionExpectations{ + peerSignatureAlgorithm: signatureRSAPSSWithSHA384, + }, }) // Test that signature verification takes the key type into account. @@ -9696,7 +9846,9 @@ func addSignatureAlgorithmTests() { "-signing-prefs", strconv.Itoa(int(signatureRSAPKCS1WithSHA256)), "-signing-prefs", strconv.Itoa(int(signatureRSAPKCS1WithSHA1)), }, - expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA256, + expectations: connectionExpectations{ + peerSignatureAlgorithm: signatureRSAPKCS1WithSHA256, + }, }) testCases = append(testCases, testCase{ name: "Agree-Digest-SHA1", @@ -9714,7 +9866,9 @@ func addSignatureAlgorithmTests() { "-signing-prefs", strconv.Itoa(int(signatureRSAPKCS1WithSHA256)), "-signing-prefs", strconv.Itoa(int(signatureRSAPKCS1WithSHA1)), }, - expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA1, + expectations: connectionExpectations{ + peerSignatureAlgorithm: signatureRSAPKCS1WithSHA1, + }, }) testCases = append(testCases, testCase{ name: "Agree-Digest-Default", @@ -9732,7 +9886,9 @@ func addSignatureAlgorithmTests() { "-cert-file", path.Join(*resourceDir, rsaCertificateFile), "-key-file", path.Join(*resourceDir, rsaKeyFile), }, - expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA256, + expectations: connectionExpectations{ + peerSignatureAlgorithm: signatureRSAPKCS1WithSHA256, + }, }) // Test that the signing preference list may include extra algorithms @@ -9754,7 +9910,9 @@ func addSignatureAlgorithmTests() { "-signing-prefs", strconv.Itoa(int(signatureRSAPKCS1WithSHA256)), "-signing-prefs", strconv.Itoa(int(fakeSigAlg2)), }, - expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA256, + expectations: connectionExpectations{ + peerSignatureAlgorithm: signatureRSAPKCS1WithSHA256, + }, }) // In TLS 1.2 and below, ECDSA uses the curve list rather than the @@ -9827,7 +9985,9 @@ func addSignatureAlgorithmTests() { "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile), "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile), }, - expectedPeerSignatureAlgorithm: signatureECDSAWithP256AndSHA256, + expectations: connectionExpectations{ + peerSignatureAlgorithm: signatureECDSAWithP256AndSHA256, + }, }) // RSASSA-PSS with SHA-512 is too large for 1024-bit RSA. Test that the @@ -10611,7 +10771,9 @@ func addCurveTests() { "-enable-all-curves", "-expect-curve-id", strconv.Itoa(int(curve.id)), }, - expectedCurveID: curve.id, + expectations: connectionExpectations{ + curveID: curve.id, + }, }) testCases = append(testCases, testCase{ testType: serverTest, @@ -10629,7 +10791,9 @@ func addCurveTests() { "-enable-all-curves", "-expect-curve-id", strconv.Itoa(int(curve.id)), }, - expectedCurveID: curve.id, + expectations: connectionExpectations{ + curveID: curve.id, + }, }) if curve.id != CurveX25519 && !isPqGroup(curve.id) { @@ -10736,7 +10900,9 @@ func addCurveTests() { }, CurvePreferences: []CurveID{CurveP224}, }, - expectedCipher: TLS_RSA_WITH_AES_128_GCM_SHA256, + expectations: connectionExpectations{ + cipher: TLS_RSA_WITH_AES_128_GCM_SHA256, + }, }) // The client must reject bogus curves and disabled curves. @@ -11226,8 +11392,10 @@ func addSessionTicketTests() { SendPSKKeyExchangeModes: []byte{0x1a, pskDHEKEMode, 0x2a}, }, }, - resumeSession: true, - expectedResumeVersion: VersionTLS13, + resumeSession: true, + expectations: connectionExpectations{ + version: VersionTLS13, + }, }) // Test that the server does not send session tickets with no matching key exchange mode. @@ -12864,8 +13032,10 @@ func addTLS13HandshakeTests() { DefaultCurves: []CurveID{}, CurvePreferences: []CurveID{CurveX25519}, }, - expectedCurveID: CurveX25519, - flags: []string{"-expect-hrr"}, + expectations: connectionExpectations{ + curveID: CurveX25519, + }, + flags: []string{"-expect-hrr"}, }) testCases = append(testCases, testCase{ @@ -12878,8 +13048,10 @@ func addTLS13HandshakeTests() { }, // Although the ClientHello did not predict our preferred curve, // we always select it whether it is predicted or not. - expectedCurveID: CurveX25519, - flags: []string{"-expect-hrr"}, + expectations: connectionExpectations{ + curveID: CurveX25519, + }, + flags: []string{"-expect-hrr"}, }) testCases = append(testCases, testCase{ @@ -13883,8 +14055,10 @@ func addTLS13HandshakeTests() { MaxEarlyDataSize: 16384, RequestChannelID: true, }, - resumeSession: true, - expectChannelID: true, + resumeSession: true, + expectations: connectionExpectations{ + channelID: true, + }, shouldFail: true, expectedError: ":UNEXPECTED_EXTENSION_ON_EARLY_DATA:", expectedLocalError: "remote error: illegal parameter", @@ -13908,8 +14082,10 @@ func addTLS13HandshakeTests() { AlwaysRejectEarlyData: true, }, }, - resumeSession: true, - expectChannelID: true, + resumeSession: true, + expectations: connectionExpectations{ + channelID: true, + }, flags: []string{ "-enable-early-data", "-expect-ticket-supports-early-data", @@ -13952,8 +14128,10 @@ func addTLS13HandshakeTests() { ExpectEarlyDataAccepted: false, }, }, - resumeSession: true, - expectChannelID: true, + resumeSession: true, + expectations: connectionExpectations{ + channelID: true, + }, flags: []string{ "-enable-early-data", "-expect-reject-early-data", @@ -13976,8 +14154,10 @@ func addTLS13HandshakeTests() { ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, }, }, - resumeSession: true, - expectChannelID: false, + resumeSession: true, + expectations: connectionExpectations{ + channelID: false, + }, flags: []string{ "-enable-early-data", "-on-resume-expect-accept-early-data", @@ -14133,7 +14313,9 @@ func addTLS13HandshakeTests() { SkipCertificateVerify: true, }, }, - expectPeerCertificate: &rsaChainCertificate, + expectations: connectionExpectations{ + peerCertificate: &rsaChainCertificate, + }, flags: []string{ "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile), "-key-file", path.Join(*resourceDir, rsaChainKeyFile), @@ -14154,7 +14336,9 @@ func addTLS13HandshakeTests() { SkipCertificateVerify: true, }, }, - expectPeerCertificate: &rsaChainCertificate, + expectations: connectionExpectations{ + peerCertificate: &rsaChainCertificate, + }, flags: []string{ "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile), "-key-file", path.Join(*resourceDir, rsaChainKeyFile), @@ -14167,9 +14351,11 @@ func addTLS13HandshakeTests() { // If the client or server has 0-RTT enabled but disabled TLS 1.3, it should // report a reason of protocol_version. testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyDataEnabled-Client-MaxTLS12", - expectedVersion: VersionTLS12, + testType: clientTest, + name: "EarlyDataEnabled-Client-MaxTLS12", + expectations: connectionExpectations{ + version: VersionTLS12, + }, flags: []string{ "-enable-early-data", "-max-version", strconv.Itoa(VersionTLS12), @@ -14177,9 +14363,11 @@ func addTLS13HandshakeTests() { }, }) testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyDataEnabled-Server-MaxTLS12", - expectedVersion: VersionTLS12, + testType: serverTest, + name: "EarlyDataEnabled-Server-MaxTLS12", + expectations: connectionExpectations{ + version: VersionTLS12, + }, flags: []string{ "-enable-early-data", "-max-version", strconv.Itoa(VersionTLS12), @@ -14197,7 +14385,9 @@ func addTLS13HandshakeTests() { config: Config{ MaxVersion: VersionTLS12, }, - expectedVersion: VersionTLS12, + expectations: connectionExpectations{ + version: VersionTLS12, + }, flags: []string{ "-enable-early-data", "-expect-early-data-reason", "protocol_version", @@ -14368,7 +14558,9 @@ func addTLS13CipherPreferenceTests() { flags: []string{ "-curves", strconv.Itoa(int(CurveCECPQ2)), }, - expectedCipher: TLS_AES_256_GCM_SHA384, + expectations: connectionExpectations{ + cipher: TLS_AES_256_GCM_SHA384, + }, }) // ... but when CECPQ2 isn't being used, the client's preference controls. testCases = append(testCases, testCase{ @@ -14384,7 +14576,9 @@ func addTLS13CipherPreferenceTests() { flags: []string{ "-curves", strconv.Itoa(int(CurveX25519)), }, - expectedCipher: TLS_AES_128_GCM_SHA256, + expectations: connectionExpectations{ + cipher: TLS_AES_128_GCM_SHA256, + }, }) // Test that CECPQ2 continues to honor AES vs ChaCha20 logic. @@ -14554,7 +14748,9 @@ func addCertificateTests() { Certificates: []Certificate{rsaChainCertificate}, ClientAuth: RequireAnyClientCert, }, - expectPeerCertificate: &rsaChainCertificate, + expectations: connectionExpectations{ + peerCertificate: &rsaChainCertificate, + }, flags: []string{ "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile), "-key-file", path.Join(*resourceDir, rsaChainKeyFile), @@ -14570,7 +14766,9 @@ func addCertificateTests() { MaxVersion: ver.version, Certificates: []Certificate{rsaChainCertificate}, }, - expectPeerCertificate: &rsaChainCertificate, + expectations: connectionExpectations{ + peerCertificate: &rsaChainCertificate, + }, flags: []string{ "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile), "-key-file", path.Join(*resourceDir, rsaChainKeyFile), @@ -15502,8 +15700,10 @@ func addJDK11WorkaroundTests() { ExpectJDK11DowngradeRandom: t.isJDK11, }, }, - expectedVersion: expectedVersion, - flags: []string{"-jdk11-workaround"}, + expectations: connectionExpectations{ + version: expectedVersion, + }, + flags: []string{"-jdk11-workaround"}, }) // With the workaround disabled, we always negotiate TLS 1.3. @@ -15518,7 +15718,9 @@ func addJDK11WorkaroundTests() { ExpectJDK11DowngradeRandom: false, }, }, - expectedVersion: VersionTLS13, + expectations: connectionExpectations{ + version: VersionTLS13, + }, }) // If the server does not support TLS 1.3, the workaround should @@ -15535,7 +15737,9 @@ func addJDK11WorkaroundTests() { ExpectJDK11DowngradeRandom: false, }, }, - expectedVersion: VersionTLS12, + expectations: connectionExpectations{ + version: VersionTLS12, + }, flags: []string{ "-jdk11-workaround", "-max-version", strconv.Itoa(VersionTLS12), From 437eabd0399a9293ba6c4501de293c51794cd70a Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 29 Sep 2020 10:55:09 -0700 Subject: [PATCH 105/399] modulewrapper: fix sending empty spans. Sending empty spans tripped up the code because it never considered the iovec to have been sent. Instead, filter out empty iovecs in the first place. Change-Id: I48ea2a887ca64c73051346f3096735c30507525a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43124 Commit-Queue: Adam Langley Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- util/fipstools/acvp/modulewrapper/modulewrapper.cc | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index 5de8b5de7f..219fe7ed7f 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -78,14 +78,19 @@ static bool WriteReply(int fd, Args... args) { iovs[0].iov_base = nums; iovs[0].iov_len = sizeof(uint32_t) * (1 + spans.size()); + size_t num_iov = 1; for (size_t i = 0; i < spans.size(); i++) { const auto &span = spans[i]; nums[i + 1] = span.size(); - iovs[i + 1].iov_base = const_cast(span.data()); - iovs[i + 1].iov_len = span.size(); + if (span.size() == 0) { + continue; + } + + iovs[num_iov].iov_base = const_cast(span.data()); + iovs[num_iov].iov_len = span.size(); + num_iov++; } - const size_t num_iov = spans.size() + 1; size_t iov_done = 0; while (iov_done < num_iov) { ssize_t r; @@ -98,7 +103,7 @@ static bool WriteReply(int fd, Args... args) { } size_t written = r; - for (size_t i = iov_done; written > 0 && i < num_iov; i++) { + for (size_t i = iov_done; i < num_iov && written > 0; i++) { iovec &iov = iovs[i]; size_t done = written; From 3ff161cc0876443bfa54c511b37d033312c81328 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 26 Sep 2020 12:58:13 -0400 Subject: [PATCH 106/399] Print SSL_get_error in bssl_shim. If a test fails due to an unexpected SSL_get_error result, notably 0-RTT rejection, it's very difficult to debug. Change-Id: I08585551f6d3d3c4ea414bf3ac7bc9ba0ed4063b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43085 Reviewed-by: Steven Valdez Commit-Queue: David Benjamin --- ssl/test/bssl_shim.cc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index 76df66d35c..55f9c38932 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -804,6 +804,12 @@ static bool DoConnection(bssl::UniquePtr *out_session, } if (!ret) { + // Print the |SSL_get_error| code. Otherwise, some failures are silent and + // hard to debug. + int ssl_err = SSL_get_error(ssl.get(), -1); + if (ssl_err != SSL_ERROR_NONE) { + fprintf(stderr, "SSL error: %s\n", SSL_error_description(ssl_err)); + } return false; } From 8097632475b8093f669ef33fa24414fc36e51eea Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 29 Sep 2020 10:55:55 -0700 Subject: [PATCH 107/399] modulewrapper: fix unknown functions. Due to a typo, if an unknown function was requested it was previously ignored. Change-Id: Id815c4b7e80d1452034b10bf9c7beb80a5ac3ed2 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43125 Reviewed-by: David Benjamin --- util/fipstools/acvp/modulewrapper/modulewrapper.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index 219fe7ed7f..6ea51432b9 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -703,7 +703,7 @@ int main() { offset += nums[i + 1]; } - bool found = true; + bool found = false; for (const auto &func : kFunctions) { if (args[0].size() == strlen(func.name) && memcmp(args[0].data(), func.name, args[0].size()) == 0) { @@ -715,6 +715,7 @@ int main() { } if (!func.handler(&args[1])) { + fprintf(stderr, "\'%s\' operation failed.\n", func.name); return 4; } From 63fa33d7eace08f5cbc671d8b202443805d45645 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 29 Sep 2020 17:55:18 -0400 Subject: [PATCH 108/399] Tell clang-format that STACK_OF and LHASH_OF are types. If clang-format sees STACK_OF(T) *foo, it has a hard time telling whether * is a multiplication or a pointer and often indents things wrong. There is now a TypenameMacros option to fix this. Change-Id: I235f2f40ef32760e0232da265e78a4fbd5f187a0 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43145 Reviewed-by: Adam Langley --- .clang-format | 1 + 1 file changed, 1 insertion(+) diff --git a/.clang-format b/.clang-format index 3ccecaac1f..f8a95c6871 100644 --- a/.clang-format +++ b/.clang-format @@ -8,4 +8,5 @@ PointerAlignment: Right # IncludeCategories does not recognize . We should # reconfigure IncludeCategories to match. For now, keep it at Preserve. IncludeBlocks: Preserve +TypenameMacros: ['LHASH_OF', 'STACK_OF'] From 67818bea6690a230e2f42e8a588e0f54949bbbf1 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 29 Sep 2020 10:59:35 -0700 Subject: [PATCH 109/399] acvp: add AES-CTR support. Change-Id: I61ba8b0eb717d2e66f3e2b098819ce979b8aca88 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43126 Reviewed-by: David Benjamin --- util/fipstools/acvp/acvptool/acvp/acvp.go | 2 +- .../acvp/acvptool/subprocess/block.go | 11 +++--- .../acvp/acvptool/subprocess/subprocess.go | 5 +-- .../acvp/modulewrapper/modulewrapper.cc | 34 +++++++++++++++++++ 4 files changed, 44 insertions(+), 8 deletions(-) diff --git a/util/fipstools/acvp/acvptool/acvp/acvp.go b/util/fipstools/acvp/acvptool/acvp/acvp.go index 52d7488758..55d2f0bae6 100644 --- a/util/fipstools/acvp/acvptool/acvp/acvp.go +++ b/util/fipstools/acvp/acvptool/acvp/acvp.go @@ -89,7 +89,7 @@ func NewServer(prefix string, logFile string, derCertificates [][]byte, privateK return conn, err }, }, - Timeout: 10 * time.Second, + Timeout: 30 * time.Second, } return &Server{client: client, prefix: prefix, totpFunc: totp, PrefixTokens: make(map[string]string)} diff --git a/util/fipstools/acvp/acvptool/subprocess/block.go b/util/fipstools/acvp/acvptool/subprocess/block.go index 69a6517030..9e51078a09 100644 --- a/util/fipstools/acvp/acvptool/subprocess/block.go +++ b/util/fipstools/acvp/acvptool/subprocess/block.go @@ -23,9 +23,10 @@ import ( // blockCipher implements an ACVP algorithm by making requests to the subprocess // to encrypt and decrypt with a block cipher. type blockCipher struct { - algo string - blockSize int - hasIV bool + algo string + blockSize int + inputsAreBlockMultiples bool + hasIV bool } type blockCipherVectorSet struct { @@ -97,7 +98,7 @@ func (b *blockCipher) Process(vectorSet []byte, m Transactable) (interface{}, er var mct bool switch group.Type { - case "AFT": + case "AFT", "CTR": mct = false case "MCT": mct = true @@ -132,7 +133,7 @@ func (b *blockCipher) Process(vectorSet []byte, m Transactable) (interface{}, er return nil, fmt.Errorf("failed to decode hex in test case %d/%d: %s", group.ID, test.ID, err) } - if len(input)%b.blockSize != 0 { + if b.inputsAreBlockMultiples && len(input)%b.blockSize != 0 { return nil, fmt.Errorf("test case %d/%d has input of length %d, but expected multiple of %d", group.ID, test.ID, len(input), b.blockSize) } diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index 431c315042..af757d5453 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -76,8 +76,9 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess "SHA2-256": &hashPrimitive{"SHA2-256", 32}, "SHA2-384": &hashPrimitive{"SHA2-384", 48}, "SHA2-512": &hashPrimitive{"SHA2-512", 64}, - "ACVP-AES-ECB": &blockCipher{"AES", 16, false}, - "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, true}, + "ACVP-AES-ECB": &blockCipher{"AES", 16, true, false}, + "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, true, true}, + "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, false, true}, "HMAC-SHA-1": &hmacPrimitive{"HMAC-SHA-1", 20}, "HMAC-SHA2-224": &hmacPrimitive{"HMAC-SHA2-224", 28}, "HMAC-SHA2-256": &hmacPrimitive{"HMAC-SHA2-256", 32}, diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index 6ea51432b9..043d37553a 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -170,6 +170,18 @@ static bool GetConfig(const Span args[]) { "direction": ["encrypt", "decrypt"], "keyLen": [128, 192, 256] }, + { + "algorithm": "ACVP-AES-CTR", + "revision": "1.0", + "direction": ["encrypt", "decrypt"], + "keyLen": [128, 192, 256], + "payloadLen": [{ + "min": 8, "max": 128, "increment": 8 + }], + "incrementalCounter": true, + "overflowCounter": true, + "performCounterTests": true + }, { "algorithm": "ACVP-AES-CBC", "revision": "1.0", @@ -379,6 +391,26 @@ static bool AES_CBC(const Span args[]) { return WriteReply(STDOUT_FILENO, Span(out)); } +static bool AES_CTR(const Span args[]) { + AES_KEY key; + if (AES_set_encrypt_key(args[0].data(), args[0].size() * 8, &key) != 0) { + return false; + } + if (args[2].size() != AES_BLOCK_SIZE) { + return false; + } + uint8_t iv[AES_BLOCK_SIZE]; + memcpy(iv, args[2].data(), AES_BLOCK_SIZE); + + std::vector out; + out.resize(args[1].size()); + unsigned num = 0; + uint8_t ecount_buf[AES_BLOCK_SIZE]; + AES_ctr128_encrypt(args[1].data(), out.data(), args[1].size(), &key, iv, + ecount_buf, &num); + return WriteReply(STDOUT_FILENO, Span(out)); +} + template static bool HMAC(const Span args[]) { const EVP_MD *const md = HashFunc(); @@ -624,6 +656,8 @@ static constexpr struct { {"AES/decrypt", 2, AES}, {"AES-CBC/encrypt", 3, AES_CBC}, {"AES-CBC/decrypt", 3, AES_CBC}, + {"AES-CTR/encrypt", 3, AES_CTR}, + {"AES-CTR/decrypt", 3, AES_CTR}, {"HMAC-SHA-1", 2, HMAC}, {"HMAC-SHA2-224", 2, HMAC}, {"HMAC-SHA2-256", 2, HMAC}, From 6b6b66bacd089ae4faf8c22fdc47fe0a9fe6ef50 Mon Sep 17 00:00:00 2001 From: Pete Bentley Date: Wed, 30 Sep 2020 17:55:55 +0100 Subject: [PATCH 110/399] Disable fork detection on Trusty. Trusty doesn't have madvise() or sysconf() and more importantly, doesn't have fork() (confirmed chatting to ncbray), so the no-op #if branch in fork_detect.c seems appropriate. Change-Id: I41b41e79d59919bae6c6ece0e0efd3872105e9b1 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43204 Commit-Queue: Pete Bentley Commit-Queue: Adam Langley Reviewed-by: Adam Langley --- crypto/fipsmodule/rand/fork_detect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/fipsmodule/rand/fork_detect.c b/crypto/fipsmodule/rand/fork_detect.c index 8dd2c95870..96cb595bef 100644 --- a/crypto/fipsmodule/rand/fork_detect.c +++ b/crypto/fipsmodule/rand/fork_detect.c @@ -20,7 +20,7 @@ #include "fork_detect.h" -#if defined(OPENSSL_LINUX) +#if defined(OPENSSL_LINUX) && !defined(OPENSSL_TRUSTY) #include #include #include From fda92cd640e36e2fd8ab455f4ca0c1a301c35011 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 29 Sep 2020 11:00:51 -0700 Subject: [PATCH 111/399] acvp: add AES-GCM support. Change-Id: I7636736752ac371fc8d86fbc6bf81ca797ac5092 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43127 Reviewed-by: Adam Langley Reviewed-by: David Benjamin Commit-Queue: Adam Langley --- .../acvp/acvptool/subprocess/aead.go | 193 ++++++++++++++++++ .../acvp/acvptool/subprocess/subprocess.go | 1 + .../acvp/modulewrapper/modulewrapper.cc | 112 ++++++++++ 3 files changed, 306 insertions(+) create mode 100644 util/fipstools/acvp/acvptool/subprocess/aead.go diff --git a/util/fipstools/acvp/acvptool/subprocess/aead.go b/util/fipstools/acvp/acvptool/subprocess/aead.go new file mode 100644 index 0000000000..0c38b8589a --- /dev/null +++ b/util/fipstools/acvp/acvptool/subprocess/aead.go @@ -0,0 +1,193 @@ +// Copyright (c) 2020, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +package subprocess + +import ( + "encoding/hex" + "encoding/json" + "fmt" +) + +// aead implements an ACVP algorithm by making requests to the subprocess +// to encrypt and decrypt with an AEAD. +type aead struct { + algo string +} + +type aeadVectorSet struct { + Groups []aeadTestGroup `json:"testGroups"` +} + +type aeadTestGroup struct { + ID uint64 `json:"tgId"` + Type string `json:"testType"` + Direction string `json:"direction"` + KeyBits int `json:"keyLen"` + TagBits int `json:"tagLen"` + Tests []struct { + ID uint64 `json:"tcId"` + PlaintextHex string `json:"pt"` + CiphertextHex string `json:"ct"` + IVHex string `json:"iv"` + KeyHex string `json:"key"` + AADHex string `json:"aad"` + TagHex string `json:"tag"` + } `json:"tests"` +} + +type aeadTestGroupResponse struct { + ID uint64 `json:"tgId"` + Tests []aeadTestResponse `json:"tests"` +} + +type aeadTestResponse struct { + ID uint64 `json:"tcId"` + CiphertextHex *string `json:"ct,omitempty"` + TagHex string `json:"tag,omitempty"` + PlaintextHex *string `json:"pt,omitempty"` + Passed *bool `json:"testPassed,omitempty"` +} + +func (a *aead) Process(vectorSet []byte, m Transactable) (interface{}, error) { + var parsed aeadVectorSet + if err := json.Unmarshal(vectorSet, &parsed); err != nil { + return nil, err + } + + var ret []aeadTestGroupResponse + // See draft-celi-acvp-symmetric.html#table-6. (NIST no longer publish HTML + // versions of the ACVP documents. You can find fragments in + // https://github.com/usnistgov/ACVP.) + for _, group := range parsed.Groups { + response := aeadTestGroupResponse{ + ID: group.ID, + } + + var encrypt bool + switch group.Direction { + case "encrypt": + encrypt = true + case "decrypt": + encrypt = false + default: + return nil, fmt.Errorf("test group %d has unknown direction %q", group.ID, group.Direction) + } + + op := a.algo + "/seal" + if !encrypt { + op = a.algo + "/open" + } + + if group.KeyBits%8 != 0 || group.KeyBits < 0 { + return nil, fmt.Errorf("test group %d contains non-byte-multiple key length %d", group.ID, group.KeyBits) + } + keyBytes := group.KeyBits / 8 + + if group.TagBits%8 != 0 || group.TagBits < 0 { + return nil, fmt.Errorf("test group %d contains non-byte-multiple tag length %d", group.ID, group.TagBits) + } + tagBytes := group.TagBits / 8 + + for _, test := range group.Tests { + if len(test.KeyHex) != keyBytes*2 { + return nil, fmt.Errorf("test case %d/%d contains key %q of length %d, but expected %d-bit key", group.ID, test.ID, test.KeyHex, len(test.KeyHex), group.KeyBits) + } + + key, err := hex.DecodeString(test.KeyHex) + if err != nil { + return nil, fmt.Errorf("failed to decode key in test case %d/%d: %s", group.ID, test.ID, err) + } + + nonce, err := hex.DecodeString(test.IVHex) + if err != nil { + return nil, fmt.Errorf("failed to decode nonce in test case %d/%d: %s", group.ID, test.ID, err) + } + + aad, err := hex.DecodeString(test.AADHex) + if err != nil { + return nil, fmt.Errorf("failed to decode aad in test case %d/%d: %s", group.ID, test.ID, err) + } + + var tag []byte + if !encrypt { + if tag, err = hex.DecodeString(test.TagHex); err != nil { + return nil, fmt.Errorf("failed to decode tag in test case %d/%d: %s", group.ID, test.ID, err) + } + if len(tag) != tagBytes { + return nil, fmt.Errorf("tag in test case %d/%d is %d bytes long, but should be %d", group.ID, test.ID, len(tag), tagBytes) + } + } else if len(test.TagHex) != 0 { + return nil, fmt.Errorf("test case %d/%d has unexpected tag input", group.ID, test.ID) + } + + var inputHex, otherHex string + if encrypt { + inputHex, otherHex = test.PlaintextHex, test.CiphertextHex + } else { + inputHex, otherHex = test.CiphertextHex, test.PlaintextHex + } + + if len(otherHex) != 0 { + return nil, fmt.Errorf("test case %d/%d has unexpected plain/ciphertext input", group.ID, test.ID) + } + + input, err := hex.DecodeString(inputHex) + if err != nil { + return nil, fmt.Errorf("failed to decode hex in test case %d/%d: %s", group.ID, test.ID, err) + } + + testResp := aeadTestResponse{ID: test.ID} + + if encrypt { + result, err := m.Transact(op, 1, uint32le(uint32(tagBytes)), key, input, nonce, aad) + if err != nil { + return nil, err + } + + if len(result[0]) < tagBytes { + return nil, fmt.Errorf("ciphertext from subprocess for test case %d/%d is shorter than the tag (%d vs %d)", group.ID, test.ID, len(result[0]), tagBytes) + } + + ciphertext := result[0][:len(result[0])-tagBytes] + ciphertextHex := hex.EncodeToString(ciphertext) + tag := result[0][len(result[0])-tagBytes:] + + testResp.CiphertextHex = &ciphertextHex + testResp.TagHex = hex.EncodeToString(tag) + } else { + result, err := m.Transact(op, 2, uint32le(uint32(tagBytes)), key, append(input, tag...), nonce, aad) + if err != nil { + return nil, err + } + + if len(result[0]) != 1 || (result[0][0]&0xfe) != 0 { + return nil, fmt.Errorf("invalid AEAD status result from subprocess") + } + passed := result[0][0] == 1 + testResp.Passed = &passed + if passed { + plaintextHex := hex.EncodeToString(result[1]) + testResp.PlaintextHex = &plaintextHex + } + } + + response.Tests = append(response.Tests, testResp) + } + + ret = append(ret, response) + } + + return ret, nil +} diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index af757d5453..a9fbdfc5ae 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -79,6 +79,7 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess "ACVP-AES-ECB": &blockCipher{"AES", 16, true, false}, "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, true, true}, "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, false, true}, + "ACVP-AES-GCM": &aead{"AES-GCM"}, "HMAC-SHA-1": &hmacPrimitive{"HMAC-SHA-1", 20}, "HMAC-SHA2-224": &hmacPrimitive{"HMAC-SHA2-224", 28}, "HMAC-SHA2-256": &hmacPrimitive{"HMAC-SHA2-256", 32}, diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index 043d37553a..2e9598bc42 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -22,6 +22,7 @@ #include #include +#include #include #include #include @@ -188,6 +189,21 @@ static bool GetConfig(const Span args[]) { "direction": ["encrypt", "decrypt"], "keyLen": [128, 192, 256] }, + { + "algorithm": "ACVP-AES-GCM", + "revision": "1.0", + "direction": ["encrypt", "decrypt"], + "keyLen": [128, 192, 256], + "payloadLen": [{ + "min": 0, "max": 256, "increment": 8 + }], + "aadLen": [{ + "min": 0, "max": 256, "increment": 8 + }], + "tagLen": [128], + "ivLen": [96], + "ivGen": "external" + }, { "algorithm": "HMAC-SHA-1", "revision": "1.0", @@ -411,6 +427,100 @@ static bool AES_CTR(const Span args[]) { return WriteReply(STDOUT_FILENO, Span(out)); } +static bool AESGCMSetup(EVP_AEAD_CTX *ctx, Span tag_len_span, + Span key) { + uint32_t tag_len_32; + if (tag_len_span.size() != sizeof(tag_len_32)) { + fprintf(stderr, "Tag size value is %u bytes, not an uint32_t\n", + static_cast(tag_len_span.size())); + return false; + } + memcpy(&tag_len_32, tag_len_span.data(), sizeof(tag_len_32)); + + const EVP_AEAD *aead; + switch (key.size()) { + case 16: + aead = EVP_aead_aes_128_gcm(); + break; + case 24: + aead = EVP_aead_aes_192_gcm(); + break; + case 32: + aead = EVP_aead_aes_256_gcm(); + break; + default: + fprintf(stderr, "Bad AES-GCM key length %u\n", + static_cast(key.size())); + return false; + } + + if (!EVP_AEAD_CTX_init(ctx, aead, key.data(), key.size(), tag_len_32, + nullptr)) { + fprintf(stderr, "Failed to setup AES-GCM with tag length %u\n", + static_cast(tag_len_32)); + return false; + } + + return true; +} + +static bool AESGCMSeal(const Span args[]) { + Span tag_len_span = args[0]; + Span key = args[1]; + Span plaintext = args[2]; + Span nonce = args[3]; + Span ad = args[4]; + + bssl::ScopedEVP_AEAD_CTX ctx; + if (!AESGCMSetup(ctx.get(), tag_len_span, key)) { + return false; + } + + if (EVP_AEAD_MAX_OVERHEAD + plaintext.size() < EVP_AEAD_MAX_OVERHEAD) { + return false; + } + std::vector out(EVP_AEAD_MAX_OVERHEAD + plaintext.size()); + + size_t out_len; + if (!EVP_AEAD_CTX_seal(ctx.get(), out.data(), &out_len, out.size(), + nonce.data(), nonce.size(), plaintext.data(), + plaintext.size(), ad.data(), ad.size())) { + return false; + } + + out.resize(out_len); + return WriteReply(STDOUT_FILENO, Span(out)); +} + +static bool AESGCMOpen(const Span args[]) { + Span tag_len_span = args[0]; + Span key = args[1]; + Span ciphertext = args[2]; + Span nonce = args[3]; + Span ad = args[4]; + + bssl::ScopedEVP_AEAD_CTX ctx; + if (!AESGCMSetup(ctx.get(), tag_len_span, key)) { + return false; + } + + std::vector out(ciphertext.size()); + size_t out_len; + uint8_t success[1] = {0}; + + if (!EVP_AEAD_CTX_open(ctx.get(), out.data(), &out_len, out.size(), + nonce.data(), nonce.size(), ciphertext.data(), + ciphertext.size(), ad.data(), ad.size())) { + return WriteReply(STDOUT_FILENO, Span(success), + Span()); + } + + out.resize(out_len); + success[0] = 1; + return WriteReply(STDOUT_FILENO, Span(success), + Span(out)); +} + template static bool HMAC(const Span args[]) { const EVP_MD *const md = HashFunc(); @@ -658,6 +768,8 @@ static constexpr struct { {"AES-CBC/decrypt", 3, AES_CBC}, {"AES-CTR/encrypt", 3, AES_CTR}, {"AES-CTR/decrypt", 3, AES_CTR}, + {"AES-GCM/seal", 5, AESGCMSeal}, + {"AES-GCM/open", 5, AESGCMOpen}, {"HMAC-SHA-1", 2, HMAC}, {"HMAC-SHA2-224", 2, HMAC}, {"HMAC-SHA2-256", 2, HMAC}, From 9bf1634b93394385651858960309be05010015fe Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 30 Sep 2020 15:24:18 -0400 Subject: [PATCH 112/399] Move Trusty workaround to the OPENSSL_LINUX define. See b/169780122. This CL should be a no-op (the only other OPENSSL_LINUX defines are in urandom/getrandom logic, which Trusty doesn't use), but should be easier to work for future code. Change-Id: I7676ce234a20ddaf54a881f2da1e1fcd680d1c78 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43224 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/fipsmodule/rand/fork_detect.c | 2 +- include/openssl/base.h | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/fipsmodule/rand/fork_detect.c b/crypto/fipsmodule/rand/fork_detect.c index 96cb595bef..8dd2c95870 100644 --- a/crypto/fipsmodule/rand/fork_detect.c +++ b/crypto/fipsmodule/rand/fork_detect.c @@ -20,7 +20,7 @@ #include "fork_detect.h" -#if defined(OPENSSL_LINUX) && !defined(OPENSSL_TRUSTY) +#if defined(OPENSSL_LINUX) #include #include #include diff --git a/include/openssl/base.h b/include/openssl/base.h index d681bdf81e..0bdb1db4dc 100644 --- a/include/openssl/base.h +++ b/include/openssl/base.h @@ -138,7 +138,10 @@ extern "C" { #define OPENSSL_WINDOWS #endif -#if defined(__linux__) +// Trusty isn't Linux but currently defines __linux__. As a workaround, we +// exclude it here. +// TODO(b/169780122): Remove this workaround once Trusty no longer defines it. +#if defined(__linux__) && !defined(TRUSTY) #define OPENSSL_LINUX #endif From 38bcb5368cae46458a501760e023b5f25de92d92 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 30 Sep 2020 15:38:25 -0400 Subject: [PATCH 113/399] Add a warning to des.h. DES being deprecated is hopefully well-established enough that no one is going start complaining our implementation isn't constant-time. But I think this is the only non-constant-time code left without a warning, so add one for completeness. (It is possible to implement DES with bitslicing, but 3DES TLS ciphers are too slow as it is and hopefully not long for the world.) Change-Id: I6b0de915e89ffe2d11372f7109642fcff44b11bf Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43244 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- include/openssl/des.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/openssl/des.h b/include/openssl/des.h index af1c822ddb..539b2c524c 100644 --- a/include/openssl/des.h +++ b/include/openssl/des.h @@ -65,6 +65,12 @@ extern "C" { // DES. +// +// This module is deprecated and retained for legacy reasons only. It is slow +// and may leak key material with timing or cache side channels. Moreover, +// single-keyed DES is broken and can be brute-forced in under a day. +// +// Use a modern cipher, such as AES-GCM or ChaCha20-Poly1305, instead. typedef struct DES_cblock_st { From 5e086956f20e1af3670ff00dca80bff84ca9ed0c Mon Sep 17 00:00:00 2001 From: Nick Harper Date: Wed, 30 Sep 2020 13:59:14 -0700 Subject: [PATCH 114/399] Fix handling of quic_early_data_context. The quic_early_data_context should always be saved in the SSL_SESSION. This change fixes a bug where it was only saved in the SSL_SESSION on full handshakes (but not resumption handshakes). Bug: 376 Change-Id: I3659d3398e85ac4263760b504d7ea8458fc7e1e2 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43264 Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- ssl/ssl_session.cc | 6 ------ ssl/ssl_test.cc | 40 ++++++++++++++++++++++++++++++++++++++++ ssl/tls13_server.cc | 9 +++++++++ 3 files changed, 49 insertions(+), 6 deletions(-) diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc index 4c6d04578f..ef902f0d4c 100644 --- a/ssl/ssl_session.cc +++ b/ssl/ssl_session.cc @@ -364,12 +364,6 @@ int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) { session->is_server = is_server; session->ssl_version = ssl->version; session->is_quic = ssl->quic_method != nullptr; - if (is_server && ssl->enable_early_data && session->is_quic) { - if (!session->quic_early_data_context.CopyFrom( - hs->config->quic_early_data_context)) { - return 0; - } - } // Fill in the time from the |SSL_CTX|'s clock. struct OPENSSL_timeval now; diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index eb4570060f..451b401cfc 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -5434,6 +5434,46 @@ TEST_F(QUICMethodTest, ZeroRTTAccept) { EXPECT_FALSE(SSL_in_early_data(server_.get())); EXPECT_TRUE(SSL_early_data_accepted(client_.get())); EXPECT_TRUE(SSL_early_data_accepted(server_.get())); + + // Finish handling post-handshake messages after the first 0-RTT resumption. + EXPECT_TRUE(ProvideHandshakeData(client_.get())); + EXPECT_TRUE(SSL_process_quic_post_handshake(client_.get())); + + // Perform a second 0-RTT resumption attempt, and confirm that 0-RTT is + // accepted again. + ASSERT_TRUE(CreateClientAndServer()); + SSL_set_session(client_.get(), g_last_session.get()); + + // The client handshake should return immediately into the early data state. + ASSERT_EQ(SSL_do_handshake(client_.get()), 1); + EXPECT_TRUE(SSL_in_early_data(client_.get())); + // The transport should have keys for sending 0-RTT data. + EXPECT_TRUE(transport_->client()->HasWriteSecret(ssl_encryption_early_data)); + + // The server will consume the ClientHello and also enter the early data + // state. + ASSERT_TRUE(ProvideHandshakeData(server_.get())); + ASSERT_EQ(SSL_do_handshake(server_.get()), 1); + EXPECT_TRUE(SSL_in_early_data(server_.get())); + EXPECT_TRUE(transport_->SecretsMatch(ssl_encryption_early_data)); + // At this point, the server has half-RTT write keys, but it cannot access + // 1-RTT read keys until client Finished. + EXPECT_TRUE(transport_->server()->HasWriteSecret(ssl_encryption_application)); + EXPECT_FALSE(transport_->server()->HasReadSecret(ssl_encryption_application)); + + // Finish up the client and server handshakes. + ASSERT_TRUE(CompleteHandshakesForQUIC()); + + // Both sides can now exchange 1-RTT data. + ExpectHandshakeSuccess(); + EXPECT_TRUE(SSL_session_reused(client_.get())); + EXPECT_TRUE(SSL_session_reused(server_.get())); + EXPECT_FALSE(SSL_in_early_data(client_.get())); + EXPECT_FALSE(SSL_in_early_data(server_.get())); + EXPECT_TRUE(SSL_early_data_accepted(client_.get())); + EXPECT_TRUE(SSL_early_data_accepted(server_.get())); + EXPECT_EQ(SSL_get_early_data_reason(client_.get()), ssl_early_data_accepted); + EXPECT_EQ(SSL_get_early_data_reason(server_.get()), ssl_early_data_accepted); } TEST_F(QUICMethodTest, ZeroRTTRejectMismatchedParameters) { diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc index 0105f1cdf7..716b7dc9ff 100644 --- a/ssl/tls13_server.cc +++ b/ssl/tls13_server.cc @@ -431,6 +431,15 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) { return ssl_hs_error; } + // Copy the QUIC early data context to the session. + if (ssl->enable_early_data && ssl->quic_method) { + if (!hs->new_session->quic_early_data_context.CopyFrom( + hs->config->quic_early_data_context)) { + ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + return ssl_hs_error; + } + } + if (ssl->ctx->dos_protection_cb != NULL && ssl->ctx->dos_protection_cb(&client_hello) == 0) { // Connection rejected for DOS reasons. From 35ee5ab8cffe677fe8f94118d64f111740eaaa6a Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 29 Sep 2020 14:30:07 -0700 Subject: [PATCH 115/399] acvp: support saving vectors. Since we have support for reading vectors from files, this change adds support for saving them. There's no support for uploading the saved vectors, rather it's just for quicker debugging since the NIST server is taking over a minute to produce vectors at the moment and that's a little frustrating to iterate with. Change-Id: I5da8a084eb06b81aefa838b4e7ad8d529d1d31a6 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43144 Reviewed-by: David Benjamin --- util/fipstools/acvp/acvptool/acvp.go | 37 +++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/util/fipstools/acvp/acvptool/acvp.go b/util/fipstools/acvp/acvptool/acvp.go index 4dec04f4c8..feebed5044 100644 --- a/util/fipstools/acvp/acvptool/acvp.go +++ b/util/fipstools/acvp/acvptool/acvp.go @@ -45,6 +45,7 @@ var ( configFilename = flag.String("config", "config.json", "Location of the configuration JSON file") jsonInputFile = flag.String("json", "", "Location of a vector-set input file") runFlag = flag.String("run", "", "Name of primitive to run tests for") + fetchFlag = flag.String("fetch", "", "Name of primitive to fetch vectors for") wrapperPath = flag.String("wrapper", "../../../../build/util/fipstools/acvp/modulewrapper/modulewrapper", "Path to the wrapper binary") ) @@ -331,9 +332,19 @@ func main() { os.Exit(0) } - runAlgos := make(map[string]bool) + var requestedAlgosFlag string + if len(*runFlag) > 0 && len(*fetchFlag) > 0 { + log.Fatalf("cannot specify both -run and -fetch") + } if len(*runFlag) > 0 { - for _, substr := range strings.Split(*runFlag, ",") { + requestedAlgosFlag = *runFlag + } else { + requestedAlgosFlag = *fetchFlag + } + + runAlgos := make(map[string]bool) + if len(requestedAlgosFlag) > 0 { + for _, substr := range strings.Split(requestedAlgosFlag, ",") { runAlgos[substr] = false } } @@ -389,7 +400,7 @@ func main() { log.Fatalf("failed to login: %s", err) } - if len(*runFlag) == 0 { + if len(requestedAlgosFlag) == 0 { if interactiveModeSupported { runInteractive(server, config) } else { @@ -423,6 +434,15 @@ func main() { log.Printf("Have vector sets %v", result.VectorSetURLs) + if len(*fetchFlag) > 0 { + os.Stdout.WriteString("[\n") + json.NewEncoder(os.Stdout).Encode(map[string]interface{}{ + "url": url, + "vectorSetUrls": result.VectorSetURLs, + "time": time.Now().Format(time.RFC3339), + }) + } + for _, setURL := range result.VectorSetURLs { firstTime := true for { @@ -450,6 +470,12 @@ func main() { continue } + if len(*fetchFlag) > 0 { + os.Stdout.WriteString(",\n") + os.Stdout.Write(vectorsBytes) + break + } + replyGroups, err := middle.Process(vectors.Algo, vectorsBytes) if err != nil { log.Printf("Failed: %s", err) @@ -535,6 +561,11 @@ func main() { } } + if len(*fetchFlag) > 0 { + os.Stdout.WriteString("]\n") + os.Exit(0) + } + FetchResults: for { var results acvp.SessionResults From 81658a95c9458c6733d61535038f8aac9a2d2f81 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 29 Sep 2020 14:54:09 -0700 Subject: [PATCH 116/399] acvp: add AES-KW support. Change-Id: I8cfa1f525a029a015db2f41e4502e9b5332ba102 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43164 Reviewed-by: David Benjamin --- .../acvp/acvptool/subprocess/subprocess.go | 1 + .../acvp/modulewrapper/modulewrapper.cc | 87 ++++++++++++++++++- 2 files changed, 84 insertions(+), 4 deletions(-) diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index a9fbdfc5ae..a3b81aec85 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -80,6 +80,7 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, true, true}, "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, false, true}, "ACVP-AES-GCM": &aead{"AES-GCM"}, + "ACVP-AES-KW": &aead{"AES-KW"}, "HMAC-SHA-1": &hmacPrimitive{"HMAC-SHA-1", 20}, "HMAC-SHA2-224": &hmacPrimitive{"HMAC-SHA2-224", 28}, "HMAC-SHA2-256": &hmacPrimitive{"HMAC-SHA2-256", 32}, diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index 2e9598bc42..d4a220722f 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -17,6 +17,7 @@ #include #include +#include #include #include #include @@ -204,6 +205,21 @@ static bool GetConfig(const Span args[]) { "ivLen": [96], "ivGen": "external" }, + { + "algorithm": "ACVP-AES-KW", + "revision": "1.0", + "direction": [ + "encrypt", + "decrypt" + ], + "kwCipher": [ + "cipher" + ], + "keyLen": [ + 128, 192, 256 + ], + "payloadLen": [{"min": 128, "max": 1024, "increment": 64}] + }, { "algorithm": "HMAC-SHA-1", "revision": "1.0", @@ -506,18 +522,79 @@ static bool AESGCMOpen(const Span args[]) { std::vector out(ciphertext.size()); size_t out_len; - uint8_t success[1] = {0}; + uint8_t success_flag[1] = {0}; if (!EVP_AEAD_CTX_open(ctx.get(), out.data(), &out_len, out.size(), nonce.data(), nonce.size(), ciphertext.data(), ciphertext.size(), ad.data(), ad.size())) { - return WriteReply(STDOUT_FILENO, Span(success), + return WriteReply(STDOUT_FILENO, Span(success_flag), Span()); } out.resize(out_len); - success[0] = 1; - return WriteReply(STDOUT_FILENO, Span(success), + success_flag[0] = 1; + return WriteReply(STDOUT_FILENO, Span(success_flag), + Span(out)); +} + +static bool AESKeyWrapSetup(AES_KEY *out, bool decrypt, Span key, + Span input) { + if ((decrypt ? AES_set_decrypt_key : AES_set_encrypt_key)( + key.data(), key.size() * 8, out) != 0) { + fprintf(stderr, "Invalid AES key length for AES-KW: %u\n", + static_cast(key.size())); + return false; + } + if (input.size() % 8) { + fprintf(stderr, "Invalid AES-KW input length: %u\n", + static_cast(input.size())); + return false; + } + + return true; +} + +static bool AESKeyWrapSeal(const Span args[]) { + Span key = args[1]; + Span plaintext = args[2]; + + AES_KEY aes; + if (!AESKeyWrapSetup(&aes, /*decrypt=*/false, key, plaintext) || + plaintext.size() > INT_MAX - 8) { + return false; + } + + std::vector out(plaintext.size() + 8); + if (AES_wrap_key(&aes, /*iv=*/nullptr, out.data(), plaintext.data(), + plaintext.size()) != static_cast(out.size())) { + fprintf(stderr, "AES-KW failed\n"); + return false; + } + + return WriteReply(STDOUT_FILENO, Span(out)); +} + +static bool AESKeyWrapOpen(const Span args[]) { + Span key = args[1]; + Span ciphertext = args[2]; + + AES_KEY aes; + if (!AESKeyWrapSetup(&aes, /*decrypt=*/true, key, ciphertext) || + ciphertext.size() < 8 || + ciphertext.size() > INT_MAX) { + return false; + } + + std::vector out(ciphertext.size() - 8); + uint8_t success_flag[1] = {0}; + if (AES_unwrap_key(&aes, /*iv=*/nullptr, out.data(), ciphertext.data(), + ciphertext.size()) != static_cast(out.size())) { + return WriteReply(STDOUT_FILENO, Span(success_flag), + Span()); + } + + success_flag[0] = 1; + return WriteReply(STDOUT_FILENO, Span(success_flag), Span(out)); } @@ -770,6 +847,8 @@ static constexpr struct { {"AES-CTR/decrypt", 3, AES_CTR}, {"AES-GCM/seal", 5, AESGCMSeal}, {"AES-GCM/open", 5, AESGCMOpen}, + {"AES-KW/seal", 5, AESKeyWrapSeal}, + {"AES-KW/open", 5, AESKeyWrapOpen}, {"HMAC-SHA-1", 2, HMAC}, {"HMAC-SHA2-224", 2, HMAC}, {"HMAC-SHA2-256", 2, HMAC}, From b117a3a0b7bd11fe6ebd503ec6b45d6b910b41a1 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 29 Sep 2020 15:36:52 -0700 Subject: [PATCH 117/399] acvp: add AES-KWP support. Change-Id: I826d1cf305b3906e0d0ff6ff5389561291065706 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43165 Reviewed-by: David Benjamin --- .../acvp/acvptool/subprocess/subprocess.go | 1 + .../acvp/modulewrapper/modulewrapper.cc | 79 ++++++++++++++++++- 2 files changed, 77 insertions(+), 3 deletions(-) diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index a3b81aec85..9c554c2e2f 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -81,6 +81,7 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, false, true}, "ACVP-AES-GCM": &aead{"AES-GCM"}, "ACVP-AES-KW": &aead{"AES-KW"}, + "ACVP-AES-KWP": &aead{"AES-KWP"}, "HMAC-SHA-1": &hmacPrimitive{"HMAC-SHA-1", 20}, "HMAC-SHA2-224": &hmacPrimitive{"HMAC-SHA2-224", 28}, "HMAC-SHA2-256": &hmacPrimitive{"HMAC-SHA2-256", 32}, diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index d4a220722f..961eaf7b4e 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -220,6 +220,21 @@ static bool GetConfig(const Span args[]) { ], "payloadLen": [{"min": 128, "max": 1024, "increment": 64}] }, + { + "algorithm": "ACVP-AES-KWP", + "revision": "1.0", + "direction": [ + "encrypt", + "decrypt" + ], + "kwCipher": [ + "cipher" + ], + "keyLen": [ + 128, 192, 256 + ], + "payloadLen": [{"min": 8, "max": 1024, "increment": 8}] + }, { "algorithm": "HMAC-SHA-1", "revision": "1.0", @@ -537,14 +552,23 @@ static bool AESGCMOpen(const Span args[]) { Span(out)); } -static bool AESKeyWrapSetup(AES_KEY *out, bool decrypt, Span key, - Span input) { +static bool AESPaddedKeyWrapSetup(AES_KEY *out, bool decrypt, + Span key) { if ((decrypt ? AES_set_decrypt_key : AES_set_encrypt_key)( key.data(), key.size() * 8, out) != 0) { - fprintf(stderr, "Invalid AES key length for AES-KW: %u\n", + fprintf(stderr, "Invalid AES key length for AES-KW(P): %u\n", static_cast(key.size())); return false; } + return true; +} + +static bool AESKeyWrapSetup(AES_KEY *out, bool decrypt, Span key, + Span input) { + if (!AESPaddedKeyWrapSetup(out, decrypt, key)) { + return false; + } + if (input.size() % 8) { fprintf(stderr, "Invalid AES-KW input length: %u\n", static_cast(input.size())); @@ -598,6 +622,53 @@ static bool AESKeyWrapOpen(const Span args[]) { Span(out)); } +static bool AESPaddedKeyWrapSeal(const Span args[]) { + Span key = args[1]; + Span plaintext = args[2]; + + AES_KEY aes; + if (!AESPaddedKeyWrapSetup(&aes, /*decrypt=*/false, key) || + plaintext.size() + 15 < 15) { + return false; + } + + std::vector out(plaintext.size() + 15); + size_t out_len; + if (!AES_wrap_key_padded(&aes, out.data(), &out_len, out.size(), + plaintext.data(), plaintext.size())) { + fprintf(stderr, "AES-KWP failed\n"); + return false; + } + + out.resize(out_len); + return WriteReply(STDOUT_FILENO, Span(out)); +} + +static bool AESPaddedKeyWrapOpen(const Span args[]) { + Span key = args[1]; + Span ciphertext = args[2]; + + AES_KEY aes; + if (!AESPaddedKeyWrapSetup(&aes, /*decrypt=*/true, key) || + ciphertext.size() % 8) { + return false; + } + + std::vector out(ciphertext.size()); + size_t out_len; + uint8_t success_flag[1] = {0}; + if (!AES_unwrap_key_padded(&aes, out.data(), &out_len, out.size(), + ciphertext.data(), ciphertext.size())) { + return WriteReply(STDOUT_FILENO, Span(success_flag), + Span()); + } + + success_flag[0] = 1; + out.resize(out_len); + return WriteReply(STDOUT_FILENO, Span(success_flag), + Span(out)); +} + template static bool HMAC(const Span args[]) { const EVP_MD *const md = HashFunc(); @@ -849,6 +920,8 @@ static constexpr struct { {"AES-GCM/open", 5, AESGCMOpen}, {"AES-KW/seal", 5, AESKeyWrapSeal}, {"AES-KW/open", 5, AESKeyWrapOpen}, + {"AES-KWP/seal", 5, AESPaddedKeyWrapSeal}, + {"AES-KWP/open", 5, AESPaddedKeyWrapOpen}, {"HMAC-SHA-1", 2, HMAC}, {"HMAC-SHA2-224", 2, HMAC}, {"HMAC-SHA2-256", 2, HMAC}, From 723faad51da1e5b0b7ce5a25be018a2ad2d972c6 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 2 Oct 2020 16:11:10 -0400 Subject: [PATCH 118/399] Fix some malloc error handling. See 309e73dfe067b3b774ef6f57bf665f41373a81ca from upstream, though note that v3_alt.c's fix was rewritten. (We don't have sk_reserve, and I don't think their fix was quite right anyway.) Change-Id: Ieabd19d87d4628658324b212cce2ed3ce451ad22 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43284 Reviewed-by: Adam Langley --- crypto/x509v3/pcy_data.c | 8 +++++--- crypto/x509v3/v3_alt.c | 28 ++++++++++++++-------------- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c index 498de4dd13..58584c2e58 100644 --- a/crypto/x509v3/pcy_data.c +++ b/crypto/x509v3/pcy_data.c @@ -98,13 +98,15 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, } else id = NULL; ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); - if (!ret) + if (!ret) { + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); + ASN1_OBJECT_free(id); return NULL; + } ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); if (!ret->expected_policy_set) { OPENSSL_free(ret); - if (id) - ASN1_OBJECT_free(id); + ASN1_OBJECT_free(id); return NULL; } diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index 0e79b450a3..7a6e3e0fbd 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -288,40 +288,40 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) { - GENERAL_NAMES *ialt; - GENERAL_NAME *gen; - X509_EXTENSION *ext; - int i; - size_t j; if (ctx && (ctx->flags == CTX_TEST)) return 1; if (!ctx || !ctx->issuer_cert) { OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_ISSUER_DETAILS); - goto err; + return 0; } - i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); + int i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); if (i < 0) return 1; + + int ret = 0; + GENERAL_NAMES *ialt = NULL; + X509_EXTENSION *ext; if (!(ext = X509_get_ext(ctx->issuer_cert, i)) || !(ialt = X509V3_EXT_d2i(ext))) { OPENSSL_PUT_ERROR(X509V3, X509V3_R_ISSUER_DECODE_ERROR); goto err; } - for (j = 0; j < sk_GENERAL_NAME_num(ialt); j++) { - gen = sk_GENERAL_NAME_value(ialt, j); + for (size_t j = 0; j < sk_GENERAL_NAME_num(ialt); j++) { + GENERAL_NAME *gen = sk_GENERAL_NAME_value(ialt, j); if (!sk_GENERAL_NAME_push(gens, gen)) { OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); goto err; } + /* Ownership of |gen| has moved from |ialt| to |gens|. */ + sk_GENERAL_NAME_set(ialt, j, NULL); } - sk_GENERAL_NAME_free(ialt); - - return 1; - err: - return 0; + ret = 1; +err: + GENERAL_NAMES_free(ialt); + return ret; } static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, From 991835dfa9e08cf7972d0a2f587029e09b33de83 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 2 Oct 2020 16:21:25 -0400 Subject: [PATCH 119/399] Switch x509_test.cc to use C++ raw string literals. It's a lot easier to copy certificates to and from x509_test.cc when there isn't an indent to worry about. Note this does stick a newline in front of each string, but the PEM parsers don't care. Change-Id: I06aff263a2470596e8c50564c198693cfdbf9c59 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43285 Reviewed-by: Adam Langley --- crypto/x509/x509_test.cc | 1570 ++++++++++++++++++++------------------ 1 file changed, 811 insertions(+), 759 deletions(-) diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index 07bf2cb027..458f7469d0 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -37,201 +37,212 @@ std::string GetTestData(const char *path); -static const char kCrossSigningRootPEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICcTCCAdqgAwIBAgIIagJHiPvE0MowDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE\n" - "ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v\n" - "dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowPDEaMBgGA1UE\n" - "ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v\n" - "dCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwo3qFvSB9Zmlbpzn9wJp\n" - "ikI75Rxkatez8VkLqyxbOhPYl2Haz8F5p1gDG96dCI6jcLGgu3AKT9uhEQyyUko5\n" - "EKYasazSeA9CQrdyhPg0mkTYVETnPM1W/ebid1YtqQbq1CMWlq2aTDoSGAReGFKP\n" - "RTdXAbuAXzpCfi/d8LqV13UCAwEAAaN6MHgwDgYDVR0PAQH/BAQDAgIEMB0GA1Ud\n" - "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MBkGA1Ud\n" - "DgQSBBBHKHC7V3Z/3oLvEZx0RZRwMBsGA1UdIwQUMBKAEEcocLtXdn/egu8RnHRF\n" - "lHAwDQYJKoZIhvcNAQELBQADgYEAnglibsy6mGtpIXivtlcz4zIEnHw/lNW+r/eC\n" - "CY7evZTmOoOuC/x9SS3MF9vawt1HFUummWM6ZgErqVBOXIB4//ykrcCgf5ZbF5Hr\n" - "+3EFprKhBqYiXdD8hpBkrBoXwn85LPYWNd2TceCrx0YtLIprE2R5MB2RIq8y4Jk3\n" - "YFXvkME=\n" - "-----END CERTIFICATE-----\n"; - -static const char kRootCAPEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICVTCCAb6gAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwLjEaMBgGA1UE\n" - "ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwIBcNMTUwMTAx\n" - "MDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMC4xGjAYBgNVBAoTEUJvcmluZ1NTTCBU\n" - "RVNUSU5HMRAwDgYDVQQDEwdSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n" - "iQKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/VImi2XeJM\n" - "2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2m8PX+plZ\n" - "w7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQABo3oweDAO\n" - "BgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8G\n" - "A1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEEA31wH7QC+4HH5UBCeMWQEwGwYDVR0j\n" - "BBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOBgQDXylEK77Za\n" - "kKeY6ZerrScWyZhrjIGtHFu09qVpdJEzrk87k2G7iHHR9CAvSofCgEExKtWNS9dN\n" - "+9WiZp/U48iHLk7qaYXdEuO07No4BYtXn+lkOykE+FUxmA4wvOF1cTd2tdj3MzX2\n" - "kfGIBAYhzGZWhY3JbhIfTEfY1PNM1pWChQ==\n" - "-----END CERTIFICATE-----\n"; - -static const char kRootCrossSignedPEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICYzCCAcygAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE\n" - "ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v\n" - "dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowLjEaMBgGA1UE\n" - "ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwgZ8wDQYJKoZI\n" - "hvcNAQEBBQADgY0AMIGJAoGBAOkOfxEM5lrmhoNw9lEHLgJ4EfWyJJI47iZiAseU\n" - "8T6hd2rAj9UiaLZd4kza4IURNcKSckmNgbSIl2u3/LJEW9lNBnD5DMaP6bPfo2qE\n" - "bENZvp2y0Habw9f6mVnDuOXzUwO9SdazzKJD/q3CC7kBuFYplAMkpw0oISmprpRb\n" - "SvmfAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcD\n" - "AQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQQDfXAftAL7gc\n" - "flQEJ4xZATAbBgNVHSMEFDASgBBHKHC7V3Z/3oLvEZx0RZRwMA0GCSqGSIb3DQEB\n" - "CwUAA4GBAErTxYJ0en9HVRHAAr5OO5wuk5Iq3VMc79TMyQLCXVL8YH8Uk7KEwv+q\n" - "9MEKZv2eR/Vfm4HlXlUuIqfgUXbwrAYC/YVVX86Wnbpy/jc73NYVCq8FEZeO+0XU\n" - "90SWAPDdp+iL7aZdimnMtG1qlM1edmz8AKbrhN/R3IbA2CL0nCWV\n" - "-----END CERTIFICATE-----\n"; - -static const char kIntermediatePEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICXjCCAcegAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMC4xGjAYBgNV\n" - "BAoTEUJvcmluZ1NTTCBURVNUSU5HMRAwDgYDVQQDEwdSb290IENBMCAXDTE1MDEw\n" - "MTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjA2MRowGAYDVQQKExFCb3JpbmdTU0wg\n" - "VEVTVElORzEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMIGfMA0GCSqGSIb3DQEB\n" - "AQUAA4GNADCBiQKBgQC7YtI0l8ocTYJ0gKyXTtPL4iMJCNY4OcxXl48jkncVG1Hl\n" - "blicgNUa1r9m9YFtVkxvBinb8dXiUpEGhVg4awRPDcatlsBSEBuJkiZGYbRcAmSu\n" - "CmZYnf6u3aYQ18SU8WqVERPpE4cwVVs+6kwlzRw0+XDoZAczu8ZezVhCUc6NbQID\n" - "AQABo3oweDAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\n" - "AQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEIwaaKi1dttdV3sfjRSy\n" - "BqMwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOB\n" - "gQCvnolNWEHuQS8PFVVyuLR+FKBeUUdrVbSfHSzTqNAqQGp0C9fk5oCzDq6ZgTfY\n" - "ESXM4cJhb3IAnW0UM0NFsYSKQJ50JZL2L3z5ZLQhHdbs4RmODGoC40BVdnJ4/qgB\n" - "aGSh09eQRvAVmbVCviDK2ipkWNegdyI19jFfNP5uIkGlYg==\n" - "-----END CERTIFICATE-----\n"; - -static const char kIntermediateSelfSignedPEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICZjCCAc+gAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV\n" - "BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew\n" - "IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDYxGjAYBgNVBAoTEUJv\n" - "cmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwgZ8wDQYJ\n" - "KoZIhvcNAQEBBQADgY0AMIGJAoGBALti0jSXyhxNgnSArJdO08viIwkI1jg5zFeX\n" - "jyOSdxUbUeVuWJyA1RrWv2b1gW1WTG8GKdvx1eJSkQaFWDhrBE8Nxq2WwFIQG4mS\n" - "JkZhtFwCZK4KZlid/q7dphDXxJTxapURE+kThzBVWz7qTCXNHDT5cOhkBzO7xl7N\n" - "WEJRzo1tAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEF\n" - "BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQjBpoqLV2\n" - "211Xex+NFLIGozAbBgNVHSMEFDASgBCMGmiotXbbXVd7H40UsgajMA0GCSqGSIb3\n" - "DQEBCwUAA4GBALcccSrAQ0/EqQBsx0ZDTUydHXXNP2DrUkpUKmAXIe8McqIVSlkT\n" - "6H4xz7z8VRKBo9j+drjjtCw2i0CQc8aOLxRb5WJ8eVLnaW2XRlUqAzhF0CrulfVI\n" - "E4Vs6ZLU+fra1WAuIj6qFiigRja+3YkZArG8tMA9vtlhTX/g7YBZIkqH\n" - "-----END CERTIFICATE-----\n"; - -static const char kLeafPEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICXjCCAcegAwIBAgIIWjO48ufpunYwDQYJKoZIhvcNAQELBQAwNjEaMBgGA1UE\n" - "ChMRQm9yaW5nU1NMIFRFU1RJTkcxGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBDQTAg\n" - "Fw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowMjEaMBgGA1UEChMRQm9y\n" - "aW5nU1NMIFRFU1RJTkcxFDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3\n" - "DQEBAQUAA4GNADCBiQKBgQDD0U0ZYgqShJ7oOjsyNKyVXEHqeafmk/bAoPqY/h1c\n" - "oPw2E8KmeqiUSoTPjG5IXSblOxcqpbAXgnjPzo8DI3GNMhAf8SYNYsoH7gc7Uy7j\n" - "5x8bUrisGnuTHqkqH6d4/e7ETJ7i3CpR8bvK16DggEvQTudLipz8FBHtYhFakfdh\n" - "TwIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\n" - "CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEKN5pvbur7mlXjeMEYA0\n" - "4nUwGwYDVR0jBBQwEoAQjBpoqLV2211Xex+NFLIGozANBgkqhkiG9w0BAQsFAAOB\n" - "gQBj/p+JChp//LnXWC1k121LM/ii7hFzQzMrt70bny406SGz9jAjaPOX4S3gt38y\n" - "rhjpPukBlSzgQXFg66y6q5qp1nQTD1Cw6NkKBe9WuBlY3iYfmsf7WT8nhlT1CttU\n" - "xNCwyMX9mtdXdQicOfNjIGUCD5OLV5PgHFPRKiHHioBAhg==\n" - "-----END CERTIFICATE-----\n"; - -static const char kLeafNoKeyUsagePEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICNTCCAZ6gAwIBAgIJAIFQGaLQ0G2mMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV\n" - "BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew\n" - "IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDcxGjAYBgNVBAoTEUJv\n" - "cmluZ1NTTCBURVNUSU5HMRkwFwYDVQQDExBldmlsLmV4YW1wbGUuY29tMIGfMA0G\n" - "CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOKoZe75NPz77EOaMMl4/0s3PyQw++zJvp\n" - "ejHAxZiTPCJgMbEHLrSzNoHdopg+CLUH5bE4wTXM8w9Inv5P8OAFJt7gJuPUunmk\n" - "j+NoU3QfzOR6BroePcz1vXX9jyVHRs087M/sLqWRHu9IR+/A+UTcBaWaFiDVUxtJ\n" - "YOwFMwjNPQIDAQABo0gwRjAMBgNVHRMBAf8EAjAAMBkGA1UdDgQSBBBJfLEUWHq1\n" - "27rZ1AVx2J5GMBsGA1UdIwQUMBKAEIwaaKi1dttdV3sfjRSyBqMwDQYJKoZIhvcN\n" - "AQELBQADgYEALVKN2Y3LZJOtu6SxFIYKxbLaXhTGTdIjxipZhmbBRDFjbZjZZOTe\n" - "6Oo+VDNPYco4rBexK7umYXJyfTqoY0E8dbiImhTcGTEj7OAB3DbBomgU1AYe+t2D\n" - "uwBqh4Y3Eto+Zn4pMVsxGEfUpjzjZDel7bN1/oU/9KWPpDfywfUmjgk=\n" - "-----END CERTIFICATE-----\n"; - -static const char kForgeryPEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICZzCCAdCgAwIBAgIIdTlMzQoKkeMwDQYJKoZIhvcNAQELBQAwNzEaMBgGA1UE\n" - "ChMRQm9yaW5nU1NMIFRFU1RJTkcxGTAXBgNVBAMTEGV2aWwuZXhhbXBsZS5jb20w\n" - "IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDoxGjAYBgNVBAoTEUJv\n" - "cmluZ1NTTCBURVNUSU5HMRwwGgYDVQQDExNmb3JnZXJ5LmV4YW1wbGUuY29tMIGf\n" - "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDADTwruBQZGb7Ay6s9HiYv5d1lwtEy\n" - "xQdA2Sy8Rn8uA20Q4KgqwVY7wzIZ+z5Butrsmwb70gdG1XU+yRaDeE7XVoW6jSpm\n" - "0sw35/5vJbTcL4THEFbnX0OPZnvpuZDFUkvVtq5kxpDWsVyM24G8EEq7kPih3Sa3\n" - "OMhXVXF8kso6UQIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI\n" - "KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEEYJ/WHM\n" - "8p64erPWIg4/liwwGwYDVR0jBBQwEoAQSXyxFFh6tdu62dQFcdieRjANBgkqhkiG\n" - "9w0BAQsFAAOBgQA+zH7bHPElWRWJvjxDqRexmYLn+D3Aivs8XgXQJsM94W0EzSUf\n" - "DSLfRgaQwcb2gg2xpDFoG+W0vc6O651uF23WGt5JaFFJJxqjII05IexfCNhuPmp4\n" - "4UZAXPttuJXpn74IY1tuouaM06B3vXKZR+/ityKmfJvSwxacmFcK+2ziAg==\n" - "-----END CERTIFICATE-----\n"; +static const char kCrossSigningRootPEM[] = R"( +-----BEGIN CERTIFICATE----- +MIICcTCCAdqgAwIBAgIIagJHiPvE0MowDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE +ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v +dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowPDEaMBgGA1UE +ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v +dCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwo3qFvSB9Zmlbpzn9wJp +ikI75Rxkatez8VkLqyxbOhPYl2Haz8F5p1gDG96dCI6jcLGgu3AKT9uhEQyyUko5 +EKYasazSeA9CQrdyhPg0mkTYVETnPM1W/ebid1YtqQbq1CMWlq2aTDoSGAReGFKP +RTdXAbuAXzpCfi/d8LqV13UCAwEAAaN6MHgwDgYDVR0PAQH/BAQDAgIEMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MBkGA1Ud +DgQSBBBHKHC7V3Z/3oLvEZx0RZRwMBsGA1UdIwQUMBKAEEcocLtXdn/egu8RnHRF +lHAwDQYJKoZIhvcNAQELBQADgYEAnglibsy6mGtpIXivtlcz4zIEnHw/lNW+r/eC +CY7evZTmOoOuC/x9SS3MF9vawt1HFUummWM6ZgErqVBOXIB4//ykrcCgf5ZbF5Hr ++3EFprKhBqYiXdD8hpBkrBoXwn85LPYWNd2TceCrx0YtLIprE2R5MB2RIq8y4Jk3 +YFXvkME= +-----END CERTIFICATE----- +)"; + +static const char kRootCAPEM[] = R"( +-----BEGIN CERTIFICATE----- +MIICVTCCAb6gAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwLjEaMBgGA1UE +ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwIBcNMTUwMTAx +MDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMC4xGjAYBgNVBAoTEUJvcmluZ1NTTCBU +RVNUSU5HMRAwDgYDVQQDEwdSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/VImi2XeJM +2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2m8PX+plZ +w7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQABo3oweDAO +BgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8G +A1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEEA31wH7QC+4HH5UBCeMWQEwGwYDVR0j +BBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOBgQDXylEK77Za +kKeY6ZerrScWyZhrjIGtHFu09qVpdJEzrk87k2G7iHHR9CAvSofCgEExKtWNS9dN ++9WiZp/U48iHLk7qaYXdEuO07No4BYtXn+lkOykE+FUxmA4wvOF1cTd2tdj3MzX2 +kfGIBAYhzGZWhY3JbhIfTEfY1PNM1pWChQ== +-----END CERTIFICATE----- +)"; + +static const char kRootCrossSignedPEM[] = R"( +-----BEGIN CERTIFICATE----- +MIICYzCCAcygAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE +ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v +dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowLjEaMBgGA1UE +ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBAOkOfxEM5lrmhoNw9lEHLgJ4EfWyJJI47iZiAseU +8T6hd2rAj9UiaLZd4kza4IURNcKSckmNgbSIl2u3/LJEW9lNBnD5DMaP6bPfo2qE +bENZvp2y0Habw9f6mVnDuOXzUwO9SdazzKJD/q3CC7kBuFYplAMkpw0oISmprpRb +SvmfAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQQDfXAftAL7gc +flQEJ4xZATAbBgNVHSMEFDASgBBHKHC7V3Z/3oLvEZx0RZRwMA0GCSqGSIb3DQEB +CwUAA4GBAErTxYJ0en9HVRHAAr5OO5wuk5Iq3VMc79TMyQLCXVL8YH8Uk7KEwv+q +9MEKZv2eR/Vfm4HlXlUuIqfgUXbwrAYC/YVVX86Wnbpy/jc73NYVCq8FEZeO+0XU +90SWAPDdp+iL7aZdimnMtG1qlM1edmz8AKbrhN/R3IbA2CL0nCWV +-----END CERTIFICATE----- +)"; + +static const char kIntermediatePEM[] = R"( +-----BEGIN CERTIFICATE----- +MIICXjCCAcegAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMC4xGjAYBgNV +BAoTEUJvcmluZ1NTTCBURVNUSU5HMRAwDgYDVQQDEwdSb290IENBMCAXDTE1MDEw +MTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjA2MRowGAYDVQQKExFCb3JpbmdTU0wg +VEVTVElORzEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQC7YtI0l8ocTYJ0gKyXTtPL4iMJCNY4OcxXl48jkncVG1Hl +blicgNUa1r9m9YFtVkxvBinb8dXiUpEGhVg4awRPDcatlsBSEBuJkiZGYbRcAmSu +CmZYnf6u3aYQ18SU8WqVERPpE4cwVVs+6kwlzRw0+XDoZAczu8ZezVhCUc6NbQID +AQABo3oweDAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEIwaaKi1dttdV3sfjRSy +BqMwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOB +gQCvnolNWEHuQS8PFVVyuLR+FKBeUUdrVbSfHSzTqNAqQGp0C9fk5oCzDq6ZgTfY +ESXM4cJhb3IAnW0UM0NFsYSKQJ50JZL2L3z5ZLQhHdbs4RmODGoC40BVdnJ4/qgB +aGSh09eQRvAVmbVCviDK2ipkWNegdyI19jFfNP5uIkGlYg== +-----END CERTIFICATE----- +)"; + +static const char kIntermediateSelfSignedPEM[] = R"( +-----BEGIN CERTIFICATE----- +MIICZjCCAc+gAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV +BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew +IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDYxGjAYBgNVBAoTEUJv +cmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBALti0jSXyhxNgnSArJdO08viIwkI1jg5zFeX +jyOSdxUbUeVuWJyA1RrWv2b1gW1WTG8GKdvx1eJSkQaFWDhrBE8Nxq2WwFIQG4mS +JkZhtFwCZK4KZlid/q7dphDXxJTxapURE+kThzBVWz7qTCXNHDT5cOhkBzO7xl7N +WEJRzo1tAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQjBpoqLV2 +211Xex+NFLIGozAbBgNVHSMEFDASgBCMGmiotXbbXVd7H40UsgajMA0GCSqGSIb3 +DQEBCwUAA4GBALcccSrAQ0/EqQBsx0ZDTUydHXXNP2DrUkpUKmAXIe8McqIVSlkT +6H4xz7z8VRKBo9j+drjjtCw2i0CQc8aOLxRb5WJ8eVLnaW2XRlUqAzhF0CrulfVI +E4Vs6ZLU+fra1WAuIj6qFiigRja+3YkZArG8tMA9vtlhTX/g7YBZIkqH +-----END CERTIFICATE----- +)"; + +static const char kLeafPEM[] = R"( +-----BEGIN CERTIFICATE----- +MIICXjCCAcegAwIBAgIIWjO48ufpunYwDQYJKoZIhvcNAQELBQAwNjEaMBgGA1UE +ChMRQm9yaW5nU1NMIFRFU1RJTkcxGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBDQTAg +Fw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowMjEaMBgGA1UEChMRQm9y +aW5nU1NMIFRFU1RJTkcxFDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3 +DQEBAQUAA4GNADCBiQKBgQDD0U0ZYgqShJ7oOjsyNKyVXEHqeafmk/bAoPqY/h1c +oPw2E8KmeqiUSoTPjG5IXSblOxcqpbAXgnjPzo8DI3GNMhAf8SYNYsoH7gc7Uy7j +5x8bUrisGnuTHqkqH6d4/e7ETJ7i3CpR8bvK16DggEvQTudLipz8FBHtYhFakfdh +TwIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG +CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEKN5pvbur7mlXjeMEYA0 +4nUwGwYDVR0jBBQwEoAQjBpoqLV2211Xex+NFLIGozANBgkqhkiG9w0BAQsFAAOB +gQBj/p+JChp//LnXWC1k121LM/ii7hFzQzMrt70bny406SGz9jAjaPOX4S3gt38y +rhjpPukBlSzgQXFg66y6q5qp1nQTD1Cw6NkKBe9WuBlY3iYfmsf7WT8nhlT1CttU +xNCwyMX9mtdXdQicOfNjIGUCD5OLV5PgHFPRKiHHioBAhg== +-----END CERTIFICATE----- +)"; + +static const char kLeafNoKeyUsagePEM[] = R"( +-----BEGIN CERTIFICATE----- +MIICNTCCAZ6gAwIBAgIJAIFQGaLQ0G2mMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV +BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew +IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDcxGjAYBgNVBAoTEUJv +cmluZ1NTTCBURVNUSU5HMRkwFwYDVQQDExBldmlsLmV4YW1wbGUuY29tMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOKoZe75NPz77EOaMMl4/0s3PyQw++zJvp +ejHAxZiTPCJgMbEHLrSzNoHdopg+CLUH5bE4wTXM8w9Inv5P8OAFJt7gJuPUunmk +j+NoU3QfzOR6BroePcz1vXX9jyVHRs087M/sLqWRHu9IR+/A+UTcBaWaFiDVUxtJ +YOwFMwjNPQIDAQABo0gwRjAMBgNVHRMBAf8EAjAAMBkGA1UdDgQSBBBJfLEUWHq1 +27rZ1AVx2J5GMBsGA1UdIwQUMBKAEIwaaKi1dttdV3sfjRSyBqMwDQYJKoZIhvcN +AQELBQADgYEALVKN2Y3LZJOtu6SxFIYKxbLaXhTGTdIjxipZhmbBRDFjbZjZZOTe +6Oo+VDNPYco4rBexK7umYXJyfTqoY0E8dbiImhTcGTEj7OAB3DbBomgU1AYe+t2D +uwBqh4Y3Eto+Zn4pMVsxGEfUpjzjZDel7bN1/oU/9KWPpDfywfUmjgk= +-----END CERTIFICATE----- +)"; + +static const char kForgeryPEM[] = R"( +-----BEGIN CERTIFICATE----- +MIICZzCCAdCgAwIBAgIIdTlMzQoKkeMwDQYJKoZIhvcNAQELBQAwNzEaMBgGA1UE +ChMRQm9yaW5nU1NMIFRFU1RJTkcxGTAXBgNVBAMTEGV2aWwuZXhhbXBsZS5jb20w +IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDoxGjAYBgNVBAoTEUJv +cmluZ1NTTCBURVNUSU5HMRwwGgYDVQQDExNmb3JnZXJ5LmV4YW1wbGUuY29tMIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDADTwruBQZGb7Ay6s9HiYv5d1lwtEy +xQdA2Sy8Rn8uA20Q4KgqwVY7wzIZ+z5Butrsmwb70gdG1XU+yRaDeE7XVoW6jSpm +0sw35/5vJbTcL4THEFbnX0OPZnvpuZDFUkvVtq5kxpDWsVyM24G8EEq7kPih3Sa3 +OMhXVXF8kso6UQIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI +KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEEYJ/WHM +8p64erPWIg4/liwwGwYDVR0jBBQwEoAQSXyxFFh6tdu62dQFcdieRjANBgkqhkiG +9w0BAQsFAAOBgQA+zH7bHPElWRWJvjxDqRexmYLn+D3Aivs8XgXQJsM94W0EzSUf +DSLfRgaQwcb2gg2xpDFoG+W0vc6O651uF23WGt5JaFFJJxqjII05IexfCNhuPmp4 +4UZAXPttuJXpn74IY1tuouaM06B3vXKZR+/ityKmfJvSwxacmFcK+2ziAg== +-----END CERTIFICATE----- +)"; // kExamplePSSCert is an example RSA-PSS self-signed certificate, signed with // the default hash functions. -static const char kExamplePSSCert[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICYjCCAcagAwIBAgIJAI3qUyT6SIfzMBIGCSqGSIb3DQEBCjAFogMCAWowRTEL\n" - "MAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVy\n" - "bmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNDEwMDkxOTA5NTVaFw0xNTEwMDkxOTA5\n" - "NTVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK\n" - "DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A\n" - "MIGJAoGBAPi4bIO0vNmoV8CltFl2jFQdeesiUgR+0zfrQf2D+fCmhRU0dXFahKg8\n" - "0u9aTtPel4rd/7vPCqqGkr64UOTNb4AzMHYTj8p73OxaymPHAyXvqIqDWHYg+hZ3\n" - "13mSYwFIGth7Z/FSVUlO1m5KXNd6NzYM3t2PROjCpywrta9kS2EHAgMBAAGjUDBO\n" - "MB0GA1UdDgQWBBTQQfuJQR6nrVrsNF1JEflVgXgfEzAfBgNVHSMEGDAWgBTQQfuJ\n" - "QR6nrVrsNF1JEflVgXgfEzAMBgNVHRMEBTADAQH/MBIGCSqGSIb3DQEBCjAFogMC\n" - "AWoDgYEASUy2RZcgNbNQZA0/7F+V1YTLEXwD16bm+iSVnzGwtexmQVEYIZG74K/w\n" - "xbdZQdTbpNJkp1QPjPfh0zsatw6dmt5QoZ8K8No0DjR9dgf+Wvv5WJvJUIQBoAVN\n" - "Z0IL+OQFz6+LcTHxD27JJCebrATXZA0wThGTQDm7crL+a+SujBY=\n" - "-----END CERTIFICATE-----\n"; +static const char kExamplePSSCert[] = R"( +-----BEGIN CERTIFICATE----- +MIICYjCCAcagAwIBAgIJAI3qUyT6SIfzMBIGCSqGSIb3DQEBCjAFogMCAWowRTEL +MAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVy +bmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNDEwMDkxOTA5NTVaFw0xNTEwMDkxOTA5 +NTVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK +DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBAPi4bIO0vNmoV8CltFl2jFQdeesiUgR+0zfrQf2D+fCmhRU0dXFahKg8 +0u9aTtPel4rd/7vPCqqGkr64UOTNb4AzMHYTj8p73OxaymPHAyXvqIqDWHYg+hZ3 +13mSYwFIGth7Z/FSVUlO1m5KXNd6NzYM3t2PROjCpywrta9kS2EHAgMBAAGjUDBO +MB0GA1UdDgQWBBTQQfuJQR6nrVrsNF1JEflVgXgfEzAfBgNVHSMEGDAWgBTQQfuJ +QR6nrVrsNF1JEflVgXgfEzAMBgNVHRMEBTADAQH/MBIGCSqGSIb3DQEBCjAFogMC +AWoDgYEASUy2RZcgNbNQZA0/7F+V1YTLEXwD16bm+iSVnzGwtexmQVEYIZG74K/w +xbdZQdTbpNJkp1QPjPfh0zsatw6dmt5QoZ8K8No0DjR9dgf+Wvv5WJvJUIQBoAVN +Z0IL+OQFz6+LcTHxD27JJCebrATXZA0wThGTQDm7crL+a+SujBY= +-----END CERTIFICATE----- +)"; // kBadPSSCertPEM is a self-signed RSA-PSS certificate with bad parameters. -static const char kBadPSSCertPEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI\n" - "AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD\n" - "VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz\n" - "NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj\n" - "ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH\n" - "qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL\n" - "IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT\n" - "IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k\n" - "dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq\n" - "QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa\n" - "5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2\n" - "4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB\n" - "Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii\n" - "BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb\n" - "xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn\n" - "plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY\n" - "DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p\n" - "NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ\n" - "lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8=\n" - "-----END CERTIFICATE-----\n"; - -static const char kRSAKey[] = - "-----BEGIN RSA PRIVATE KEY-----\n" - "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n" - "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n" - "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n" - "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n" - "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n" - "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n" - "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n" - "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n" - "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n" - "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n" - "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n" - "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n" - "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n" - "-----END RSA PRIVATE KEY-----\n"; +static const char kBadPSSCertPEM[] = R"( +-----BEGIN CERTIFICATE----- +MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI +AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD +VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz +NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj +ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH +qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL +IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT +IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k +dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq +QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa +5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2 +4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB +Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii +BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb +xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn +plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY +DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p +NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ +lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8= +-----END CERTIFICATE----- +)"; + +static const char kRSAKey[] = R"( +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92 +kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF +KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB +AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe +i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+ +WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ +m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj +QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk +aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj +LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk +104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/ +tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd +moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ== +-----END RSA PRIVATE KEY----- +)"; // kCRLTestRoot is a test root certificate. It has private key: // @@ -262,207 +273,219 @@ static const char kRSAKey[] = // Lbf3v2dvxOpTNTONWjp2c+iUQo8QxJCZr5Sfb21oQ9Ktcrmc/CY7LeBVDibXwxdM // vRG8kBzvslFWh7REzC3u06GSVhyKDfW93kN2cKVwGoahRlhj7oHuZQ== // -----END RSA PRIVATE KEY----- -static const char kCRLTestRoot[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV\n" - "BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW\n" - "aWV3MRIwEAYDVQQKDAlCb3JpbmdTU0wwHhcNMTYwOTI2MTUwNjI2WhcNMjYwOTI0\n" - "MTUwNjI2WjBOMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG\n" - "A1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJQm9yaW5nU1NMMIIBIjANBgkq\n" - "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3B\n" - "S/dUBpbrzd1aeFzNlI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+\n" - "5R/Du0iCb1tCZIPY07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWp\n" - "uRqO6rctN9qUoMlTIAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n\n" - "8H922qmvPNA9idmX9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbL\n" - "P2o9orxGx7aCtnnBZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABo1Aw\n" - "TjAdBgNVHQ4EFgQUWPt3N5cZ/CRvubbrkqfBnAqhq94wHwYDVR0jBBgwFoAUWPt3\n" - "N5cZ/CRvubbrkqfBnAqhq94wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC\n" - "AQEAORu6M0MOwXy+3VEBwNilfTxyqDfruQsc1jA4PT8Oe8zora1WxE1JB4q2FJOz\n" - "EAuM3H/NXvEnBuN+ITvKZAJUfm4NKX97qmjMJwLKWe1gVv+VQTr63aR7mgWJReQN\n" - "XdMztlVeZs2dppV6uEg3ia1X0G7LARxGpA9ETbMyCpb39XxlYuTClcbA5ftDN99B\n" - "3Xg9KNdd++Ew22O3HWRDvdDpTO/JkzQfzi3sYwUtzMEonENhczJhGf7bQMmvL/w5\n" - "24Wxj4Z7KzzWIHsNqE/RIs6RV3fcW61j/mRgW2XyoWnMVeBzvcJr9NXp4VQYmFPw\n" - "amd8GKMZQvP0ufGnUn7D7uartA==\n" - "-----END CERTIFICATE-----\n"; - -static const char kCRLTestLeaf[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIDkDCCAnigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCVVMx\n" - "EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEjAQ\n" - "BgNVBAoMCUJvcmluZ1NTTDAeFw0xNjA5MjYxNTA4MzFaFw0xNzA5MjYxNTA4MzFa\n" - "MEsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQKDAlC\n" - "b3JpbmdTU0wxEzARBgNVBAMMCmJvcmluZy5zc2wwggEiMA0GCSqGSIb3DQEBAQUA\n" - "A4IBDwAwggEKAoIBAQDc5v1S1M0W+QWM+raWfO0LH8uvqEwuJQgODqMaGnSlWUx9\n" - "8iQcnWfjyPja3lWg9K62hSOFDuSyEkysKHDxijz5R93CfLcfnVXjWQDJe7EJTTDP\n" - "ozEvxN6RjAeYv7CF000euYr3QT5iyBjg76+bon1p0jHZBJeNPP1KqGYgyxp+hzpx\n" - "e0gZmTlGAXd8JQK4v8kpdYwD6PPifFL/jpmQpqOtQmH/6zcLjY4ojmqpEdBqIKIX\n" - "+saA29hMq0+NK3K+wgg31RU+cVWxu3tLOIiesETkeDgArjWRS1Vkzbi4v9SJxtNu\n" - "OZuAxWiynRJw3JwH/OFHYZIvQqz68ZBoj96cepjPAgMBAAGjezB5MAkGA1UdEwQC\n" - "MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl\n" - "MB0GA1UdDgQWBBTGn0OVVh/aoYt0bvEKG+PIERqnDzAfBgNVHSMEGDAWgBRY+3c3\n" - "lxn8JG+5tuuSp8GcCqGr3jANBgkqhkiG9w0BAQsFAAOCAQEAd2nM8gCQN2Dc8QJw\n" - "XSZXyuI3DBGGCHcay/3iXu0JvTC3EiQo8J6Djv7WLI0N5KH8mkm40u89fJAB2lLZ\n" - "ShuHVtcC182bOKnePgwp9CNwQ21p0rDEu/P3X46ZvFgdxx82E9xLa0tBB8PiPDWh\n" - "lV16jbaKTgX5AZqjnsyjR5o9/mbZVupZJXx5Syq+XA8qiJfstSYJs4KyKK9UOjql\n" - "ICkJVKpi2ahDBqX4MOH4SLfzVk8pqSpviS6yaA1RXqjpkxiN45WWaXDldVHMSkhC\n" - "5CNXsXi4b1nAntu89crwSLA3rEwzCWeYj+BX7e1T9rr3oJdwOU/2KQtW1js1yQUG\n" - "tjJMFw==\n" - "-----END CERTIFICATE-----\n"; - -static const char kBasicCRL[] = - "-----BEGIN X509 CRL-----\n" - "MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n" - "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n" - "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV\n" - "HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN\n" - "ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo\n" - "eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os\n" - "dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv\n" - "diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho\n" - "/vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==\n" - "-----END X509 CRL-----\n"; - -static const char kRevokedCRL[] = - "-----BEGIN X509 CRL-----\n" - "MIIBvjCBpwIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n" - "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n" - "Qm9yaW5nU1NMFw0xNjA5MjYxNTEyNDRaFw0xNjEwMjYxNTEyNDRaMBUwEwICEAAX\n" - "DTE2MDkyNjE1MTIyNlqgDjAMMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBCwUAA4IB\n" - "AQCUGaM4DcWzlQKrcZvI8TMeR8BpsvQeo5BoI/XZu2a8h//PyRyMwYeaOM+3zl0d\n" - "sjgCT8b3C1FPgT+P2Lkowv7rJ+FHJRNQkogr+RuqCSPTq65ha4WKlRGWkMFybzVH\n" - "NloxC+aU3lgp/NlX9yUtfqYmJek1CDrOOGPrAEAwj1l/BUeYKNGqfBWYJQtPJu+5\n" - "OaSvIYGpETCZJscUWODmLEb/O3DM438vLvxonwGqXqS0KX37+CHpUlyhnSovxXxp\n" - "Pz4aF+L7OtczxL0GYtD2fR9B7TDMqsNmHXgQrixvvOY7MUdLGbd4RfJL3yA53hyO\n" - "xzfKY2TzxLiOmctG0hXFkH5J\n" - "-----END X509 CRL-----\n"; - -static const char kBadIssuerCRL[] = - "-----BEGIN X509 CRL-----\n" - "MIIBwjCBqwIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzETMBEGA1UE\n" - "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEWMBQGA1UECgwN\n" - "Tm90IEJvcmluZ1NTTBcNMTYwOTI2MTUxMjQ0WhcNMTYxMDI2MTUxMjQ0WjAVMBMC\n" - "AhAAFw0xNjA5MjYxNTEyMjZaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsF\n" - "AAOCAQEAlBmjOA3Fs5UCq3GbyPEzHkfAabL0HqOQaCP12btmvIf/z8kcjMGHmjjP\n" - "t85dHbI4Ak/G9wtRT4E/j9i5KML+6yfhRyUTUJKIK/kbqgkj06uuYWuFipURlpDB\n" - "cm81RzZaMQvmlN5YKfzZV/clLX6mJiXpNQg6zjhj6wBAMI9ZfwVHmCjRqnwVmCUL\n" - "TybvuTmkryGBqREwmSbHFFjg5ixG/ztwzON/Ly78aJ8Bql6ktCl9+/gh6VJcoZ0q\n" - "L8V8aT8+Ghfi+zrXM8S9BmLQ9n0fQe0wzKrDZh14EK4sb7zmOzFHSxm3eEXyS98g\n" - "Od4cjsc3ymNk88S4jpnLRtIVxZB+SQ==\n" - "-----END X509 CRL-----\n"; +static const char kCRLTestRoot[] = R"( +-----BEGIN CERTIFICATE----- +MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV +BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW +aWV3MRIwEAYDVQQKDAlCb3JpbmdTU0wwHhcNMTYwOTI2MTUwNjI2WhcNMjYwOTI0 +MTUwNjI2WjBOMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG +A1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJQm9yaW5nU1NMMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3B +S/dUBpbrzd1aeFzNlI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+ +5R/Du0iCb1tCZIPY07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWp +uRqO6rctN9qUoMlTIAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n +8H922qmvPNA9idmX9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbL +P2o9orxGx7aCtnnBZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABo1Aw +TjAdBgNVHQ4EFgQUWPt3N5cZ/CRvubbrkqfBnAqhq94wHwYDVR0jBBgwFoAUWPt3 +N5cZ/CRvubbrkqfBnAqhq94wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAORu6M0MOwXy+3VEBwNilfTxyqDfruQsc1jA4PT8Oe8zora1WxE1JB4q2FJOz +EAuM3H/NXvEnBuN+ITvKZAJUfm4NKX97qmjMJwLKWe1gVv+VQTr63aR7mgWJReQN +XdMztlVeZs2dppV6uEg3ia1X0G7LARxGpA9ETbMyCpb39XxlYuTClcbA5ftDN99B +3Xg9KNdd++Ew22O3HWRDvdDpTO/JkzQfzi3sYwUtzMEonENhczJhGf7bQMmvL/w5 +24Wxj4Z7KzzWIHsNqE/RIs6RV3fcW61j/mRgW2XyoWnMVeBzvcJr9NXp4VQYmFPw +amd8GKMZQvP0ufGnUn7D7uartA== +-----END CERTIFICATE----- +)"; + +static const char kCRLTestLeaf[] = R"( +-----BEGIN CERTIFICATE----- +MIIDkDCCAnigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEjAQ +BgNVBAoMCUJvcmluZ1NTTDAeFw0xNjA5MjYxNTA4MzFaFw0xNzA5MjYxNTA4MzFa +MEsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQKDAlC +b3JpbmdTU0wxEzARBgNVBAMMCmJvcmluZy5zc2wwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDc5v1S1M0W+QWM+raWfO0LH8uvqEwuJQgODqMaGnSlWUx9 +8iQcnWfjyPja3lWg9K62hSOFDuSyEkysKHDxijz5R93CfLcfnVXjWQDJe7EJTTDP +ozEvxN6RjAeYv7CF000euYr3QT5iyBjg76+bon1p0jHZBJeNPP1KqGYgyxp+hzpx +e0gZmTlGAXd8JQK4v8kpdYwD6PPifFL/jpmQpqOtQmH/6zcLjY4ojmqpEdBqIKIX ++saA29hMq0+NK3K+wgg31RU+cVWxu3tLOIiesETkeDgArjWRS1Vkzbi4v9SJxtNu +OZuAxWiynRJw3JwH/OFHYZIvQqz68ZBoj96cepjPAgMBAAGjezB5MAkGA1UdEwQC +MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl +MB0GA1UdDgQWBBTGn0OVVh/aoYt0bvEKG+PIERqnDzAfBgNVHSMEGDAWgBRY+3c3 +lxn8JG+5tuuSp8GcCqGr3jANBgkqhkiG9w0BAQsFAAOCAQEAd2nM8gCQN2Dc8QJw +XSZXyuI3DBGGCHcay/3iXu0JvTC3EiQo8J6Djv7WLI0N5KH8mkm40u89fJAB2lLZ +ShuHVtcC182bOKnePgwp9CNwQ21p0rDEu/P3X46ZvFgdxx82E9xLa0tBB8PiPDWh +lV16jbaKTgX5AZqjnsyjR5o9/mbZVupZJXx5Syq+XA8qiJfstSYJs4KyKK9UOjql +ICkJVKpi2ahDBqX4MOH4SLfzVk8pqSpviS6yaA1RXqjpkxiN45WWaXDldVHMSkhC +5CNXsXi4b1nAntu89crwSLA3rEwzCWeYj+BX7e1T9rr3oJdwOU/2KQtW1js1yQUG +tjJMFw== +-----END CERTIFICATE----- +)"; + +static const char kBasicCRL[] = R"( +-----BEGIN X509 CRL----- +MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ +Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV +HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN +ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo +eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os +dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv +diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho +/vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw== +-----END X509 CRL----- +)"; + +static const char kRevokedCRL[] = R"( +-----BEGIN X509 CRL----- +MIIBvjCBpwIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ +Qm9yaW5nU1NMFw0xNjA5MjYxNTEyNDRaFw0xNjEwMjYxNTEyNDRaMBUwEwICEAAX +DTE2MDkyNjE1MTIyNlqgDjAMMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBCwUAA4IB +AQCUGaM4DcWzlQKrcZvI8TMeR8BpsvQeo5BoI/XZu2a8h//PyRyMwYeaOM+3zl0d +sjgCT8b3C1FPgT+P2Lkowv7rJ+FHJRNQkogr+RuqCSPTq65ha4WKlRGWkMFybzVH +NloxC+aU3lgp/NlX9yUtfqYmJek1CDrOOGPrAEAwj1l/BUeYKNGqfBWYJQtPJu+5 +OaSvIYGpETCZJscUWODmLEb/O3DM438vLvxonwGqXqS0KX37+CHpUlyhnSovxXxp +Pz4aF+L7OtczxL0GYtD2fR9B7TDMqsNmHXgQrixvvOY7MUdLGbd4RfJL3yA53hyO +xzfKY2TzxLiOmctG0hXFkH5J +-----END X509 CRL----- +)"; + +static const char kBadIssuerCRL[] = R"( +-----BEGIN X509 CRL----- +MIIBwjCBqwIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEWMBQGA1UECgwN +Tm90IEJvcmluZ1NTTBcNMTYwOTI2MTUxMjQ0WhcNMTYxMDI2MTUxMjQ0WjAVMBMC +AhAAFw0xNjA5MjYxNTEyMjZaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsF +AAOCAQEAlBmjOA3Fs5UCq3GbyPEzHkfAabL0HqOQaCP12btmvIf/z8kcjMGHmjjP +t85dHbI4Ak/G9wtRT4E/j9i5KML+6yfhRyUTUJKIK/kbqgkj06uuYWuFipURlpDB +cm81RzZaMQvmlN5YKfzZV/clLX6mJiXpNQg6zjhj6wBAMI9ZfwVHmCjRqnwVmCUL +TybvuTmkryGBqREwmSbHFFjg5ixG/ztwzON/Ly78aJ8Bql6ktCl9+/gh6VJcoZ0q +L8V8aT8+Ghfi+zrXM8S9BmLQ9n0fQe0wzKrDZh14EK4sb7zmOzFHSxm3eEXyS98g +Od4cjsc3ymNk88S4jpnLRtIVxZB+SQ== +-----END X509 CRL----- +)"; // kKnownCriticalCRL is kBasicCRL but with a critical issuing distribution point // extension. -static const char kKnownCriticalCRL[] = - "-----BEGIN X509 CRL-----\n" - "MIIBuDCBoQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n" - "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n" - "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoB8wHTAKBgNV\n" - "HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAs37Jq\n" - "3Htcehm6C2PKXOHekwTqTLOPWsYHfF68kYhdzcopDZBeoKE7jLRkRRGFDaR/tfUs\n" - "kwLSDNSQ8EwPb9PT1X8kmFn9QmJgWD6f6BzaH5ZZ9iBUwOcvrydlb/jnjdIZHQxs\n" - "fKOAceW5XX3f7DANC3qwYLsQZR/APkfV8nXjPYVUz1kKj04uq/BbQviInjyUYixN\n" - "xDx+GDWVVXccehcwAu983kAqP+JDaVQPBVksLuBXz2adrEWwvbLCnZeL3zH1IY9h\n" - "6MFO6echpvGbU/H+dRX9UkhdJ7gdwKVD3RjfJl+DRVox9lz8Pbo5H699Tkv9/DQP\n" - "9dMWxqhQlv23osLp\n" - "-----END X509 CRL-----\n"; +static const char kKnownCriticalCRL[] = R"( +-----BEGIN X509 CRL----- +MIIBuDCBoQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ +Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoB8wHTAKBgNV +HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAs37Jq +3Htcehm6C2PKXOHekwTqTLOPWsYHfF68kYhdzcopDZBeoKE7jLRkRRGFDaR/tfUs +kwLSDNSQ8EwPb9PT1X8kmFn9QmJgWD6f6BzaH5ZZ9iBUwOcvrydlb/jnjdIZHQxs +fKOAceW5XX3f7DANC3qwYLsQZR/APkfV8nXjPYVUz1kKj04uq/BbQviInjyUYixN +xDx+GDWVVXccehcwAu983kAqP+JDaVQPBVksLuBXz2adrEWwvbLCnZeL3zH1IY9h +6MFO6echpvGbU/H+dRX9UkhdJ7gdwKVD3RjfJl+DRVox9lz8Pbo5H699Tkv9/DQP +9dMWxqhQlv23osLp +-----END X509 CRL----- +)"; // kUnknownCriticalCRL is kBasicCRL but with an unknown critical extension. -static const char kUnknownCriticalCRL[] = - "-----BEGIN X509 CRL-----\n" - "MIIBvDCBpQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n" - "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n" - "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCMwITAKBgNV\n" - "HRQEAwIBATATBgwqhkiG9xIEAYS3CQABAf8EADANBgkqhkiG9w0BAQsFAAOCAQEA\n" - "GvBP0xqL509InMj/3493YVRV+ldTpBv5uTD6jewzf5XdaxEQ/VjTNe5zKnxbpAib\n" - "Kf7cwX0PMSkZjx7k7kKdDlEucwVvDoqC+O9aJcqVmM6GDyNb9xENxd0XCXja6MZC\n" - "yVgP4AwLauB2vSiEprYJyI1APph3iAEeDm60lTXX/wBM/tupQDDujKh2GPyvBRfJ\n" - "+wEDwGg3ICwvu4gO4zeC5qnFR+bpL9t5tOMAQnVZ0NWv+k7mkd2LbHdD44dxrfXC\n" - "nhtfERx99SDmC/jtUAJrGhtCO8acr7exCeYcduN7KKCm91OeCJKK6OzWst0Og1DB\n" - "kwzzU2rL3G65CrZ7H0SZsQ==\n" - "-----END X509 CRL-----\n"; +static const char kUnknownCriticalCRL[] = R"( +-----BEGIN X509 CRL----- +MIIBvDCBpQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ +Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCMwITAKBgNV +HRQEAwIBATATBgwqhkiG9xIEAYS3CQABAf8EADANBgkqhkiG9w0BAQsFAAOCAQEA +GvBP0xqL509InMj/3493YVRV+ldTpBv5uTD6jewzf5XdaxEQ/VjTNe5zKnxbpAib +Kf7cwX0PMSkZjx7k7kKdDlEucwVvDoqC+O9aJcqVmM6GDyNb9xENxd0XCXja6MZC +yVgP4AwLauB2vSiEprYJyI1APph3iAEeDm60lTXX/wBM/tupQDDujKh2GPyvBRfJ ++wEDwGg3ICwvu4gO4zeC5qnFR+bpL9t5tOMAQnVZ0NWv+k7mkd2LbHdD44dxrfXC +nhtfERx99SDmC/jtUAJrGhtCO8acr7exCeYcduN7KKCm91OeCJKK6OzWst0Og1DB +kwzzU2rL3G65CrZ7H0SZsQ== +-----END X509 CRL----- +)"; // kUnknownCriticalCRL2 is kBasicCRL but with a critical issuing distribution // point extension followed by an unknown critical extension -static const char kUnknownCriticalCRL2[] = - "-----BEGIN X509 CRL-----\n" - "MIIBzTCBtgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n" - "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n" - "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoDQwMjAKBgNV\n" - "HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MBMGDCqGSIb3EgQBhLcJAAEB/wQAMA0G\n" - "CSqGSIb3DQEBCwUAA4IBAQBgSogsC5kf2wzr+0hmZtmLXYd0itAiYO0Gh9AyaEOO\n" - "myJFuqICHBSLXXUgwNkTUa2x2I/ivyReVFV756VOlWoaV2wJUs0zeCeVBgC9ZFsq\n" - "5a+8OGgXwgoYESFV5Y3QRF2a1Ytzfbw/o6xLXzTngvMsLOs12D4B5SkopyEZibF4\n" - "tXlRZyvEudTg3CCrjNP+p/GV07nZ3wcMmKJwQeilgzFUV7NaVCCo9jvPBGp0RxAN\n" - "KNif7jmjK4hD5mswo/Eq5kxQIc+mTfuUFdgHuAu1hfLYe0YK+Hr4RFf6Qy4hl7Ne\n" - "YjqkkSVIcr87u+8AznwdstnQzsyD27Jt7SjVORkYRywi\n" - "-----END X509 CRL-----\n"; +static const char kUnknownCriticalCRL2[] = R"( +-----BEGIN X509 CRL----- +MIIBzTCBtgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ +Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoDQwMjAKBgNV +HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MBMGDCqGSIb3EgQBhLcJAAEB/wQAMA0G +CSqGSIb3DQEBCwUAA4IBAQBgSogsC5kf2wzr+0hmZtmLXYd0itAiYO0Gh9AyaEOO +myJFuqICHBSLXXUgwNkTUa2x2I/ivyReVFV756VOlWoaV2wJUs0zeCeVBgC9ZFsq +5a+8OGgXwgoYESFV5Y3QRF2a1Ytzfbw/o6xLXzTngvMsLOs12D4B5SkopyEZibF4 +tXlRZyvEudTg3CCrjNP+p/GV07nZ3wcMmKJwQeilgzFUV7NaVCCo9jvPBGp0RxAN +KNif7jmjK4hD5mswo/Eq5kxQIc+mTfuUFdgHuAu1hfLYe0YK+Hr4RFf6Qy4hl7Ne +YjqkkSVIcr87u+8AznwdstnQzsyD27Jt7SjVORkYRywi +-----END X509 CRL----- +)"; // kBadExtensionCRL is kBasicCRL but with an incorrectly-encoded issuing // distribution point extension. -static const char kBadExtensionCRL[] = - "-----BEGIN X509 CRL-----\n" - "MIIBujCBowIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n" - "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n" - "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCEwHzAKBgNV\n" - "HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+3\n" - "i+5e5Ub8sccfgOBs6WVJFI9c8gvJjrJ8/dYfFIAuCyeocs7DFXn1n13CRZ+URR/Q\n" - "mVWgU28+xeusuSPYFpd9cyYTcVyNUGNTI3lwgcE/yVjPaOmzSZKdPakApRxtpKKQ\n" - "NN/56aQz3bnT/ZSHQNciRB8U6jiD9V30t0w+FDTpGaG+7bzzUH3UVF9xf9Ctp60A\n" - "3mfLe0scas7owSt4AEFuj2SPvcE7yvdOXbu+IEv21cEJUVExJAbhvIweHXh6yRW+\n" - "7VVeiNzdIjkZjyTmAzoXGha4+wbxXyBRbfH+XWcO/H+8nwyG8Gktdu2QB9S9nnIp\n" - "o/1TpfOMSGhMyMoyPrk=\n" - "-----END X509 CRL-----\n"; +static const char kBadExtensionCRL[] = R"( +-----BEGIN X509 CRL----- +MIIBujCBowIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE +CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ +Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCEwHzAKBgNV +HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+3 +i+5e5Ub8sccfgOBs6WVJFI9c8gvJjrJ8/dYfFIAuCyeocs7DFXn1n13CRZ+URR/Q +mVWgU28+xeusuSPYFpd9cyYTcVyNUGNTI3lwgcE/yVjPaOmzSZKdPakApRxtpKKQ +NN/56aQz3bnT/ZSHQNciRB8U6jiD9V30t0w+FDTpGaG+7bzzUH3UVF9xf9Ctp60A +3mfLe0scas7owSt4AEFuj2SPvcE7yvdOXbu+IEv21cEJUVExJAbhvIweHXh6yRW+ +7VVeiNzdIjkZjyTmAzoXGha4+wbxXyBRbfH+XWcO/H+8nwyG8Gktdu2QB9S9nnIp +o/1TpfOMSGhMyMoyPrk= +-----END X509 CRL----- +)"; // kEd25519Cert is a self-signed Ed25519 certificate. -static const char kEd25519Cert[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBkTCCAUOgAwIBAgIJAJwooam0UCDmMAUGAytlcDBFMQswCQYDVQQGEwJBVTET\n" - "MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ\n" - "dHkgTHRkMB4XDTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UE\n" - "BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp\n" - "ZGdpdHMgUHR5IEx0ZDAqMAUGAytlcAMhANdamAGCsQq31Uv+08lkBzoO4XLz2qYj\n" - "Ja8CGmj3B1Eao1AwTjAdBgNVHQ4EFgQUoux7eV+fJK2v3ah6QPU/lj1/+7UwHwYD\n" - "VR0jBBgwFoAUoux7eV+fJK2v3ah6QPU/lj1/+7UwDAYDVR0TBAUwAwEB/zAFBgMr\n" - "ZXADQQBuCzqji8VP9xU8mHEMjXGChX7YP5J664UyVKHKH9Z1u4wEbB8dJ3ScaWSL\n" - "r+VHVKUhsrvcdCelnXRrrSD7xWAL\n" - "-----END CERTIFICATE-----\n"; +static const char kEd25519Cert[] = R"( +-----BEGIN CERTIFICATE----- +MIIBkTCCAUOgAwIBAgIJAJwooam0UCDmMAUGAytlcDBFMQswCQYDVQQGEwJBVTET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMB4XDTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UE +BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp +ZGdpdHMgUHR5IEx0ZDAqMAUGAytlcAMhANdamAGCsQq31Uv+08lkBzoO4XLz2qYj +Ja8CGmj3B1Eao1AwTjAdBgNVHQ4EFgQUoux7eV+fJK2v3ah6QPU/lj1/+7UwHwYD +VR0jBBgwFoAUoux7eV+fJK2v3ah6QPU/lj1/+7UwDAYDVR0TBAUwAwEB/zAFBgMr +ZXADQQBuCzqji8VP9xU8mHEMjXGChX7YP5J664UyVKHKH9Z1u4wEbB8dJ3ScaWSL +r+VHVKUhsrvcdCelnXRrrSD7xWAL +-----END CERTIFICATE----- +)"; // kEd25519CertNull is an invalid self-signed Ed25519 with an explicit NULL in // the signature algorithm. -static const char kEd25519CertNull[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBlTCCAUWgAwIBAgIJAJwooam0UCDmMAcGAytlcAUAMEUxCzAJBgNVBAYTAkFV\n" - "MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz\n" - "IFB0eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYD\n" - "VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg\n" - "V2lkZ2l0cyBQdHkgTHRkMCowBQYDK2VwAyEA11qYAYKxCrfVS/7TyWQHOg7hcvPa\n" - "piMlrwIaaPcHURqjUDBOMB0GA1UdDgQWBBSi7Ht5X58kra/dqHpA9T+WPX/7tTAf\n" - "BgNVHSMEGDAWgBSi7Ht5X58kra/dqHpA9T+WPX/7tTAMBgNVHRMEBTADAQH/MAcG\n" - "AytlcAUAA0EA70uefNocdJohkKPNROKVyBuBD3LXMyvmdTklsaxSRY3PcZdOohlr\n" - "recgVPpVS7B+d9g4EwtZXIh4lodTBDHBBw==\n" - "-----END CERTIFICATE-----\n"; +static const char kEd25519CertNull[] = R"( +-----BEGIN CERTIFICATE----- +MIIBlTCCAUWgAwIBAgIJAJwooam0UCDmMAcGAytlcAUAMEUxCzAJBgNVBAYTAkFV +MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz +IFB0eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYD +VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg +V2lkZ2l0cyBQdHkgTHRkMCowBQYDK2VwAyEA11qYAYKxCrfVS/7TyWQHOg7hcvPa +piMlrwIaaPcHURqjUDBOMB0GA1UdDgQWBBSi7Ht5X58kra/dqHpA9T+WPX/7tTAf +BgNVHSMEGDAWgBSi7Ht5X58kra/dqHpA9T+WPX/7tTAMBgNVHRMEBTADAQH/MAcG +AytlcAUAA0EA70uefNocdJohkKPNROKVyBuBD3LXMyvmdTklsaxSRY3PcZdOohlr +recgVPpVS7B+d9g4EwtZXIh4lodTBDHBBw== +-----END CERTIFICATE----- +)"; // kSANTypesLeaf is a leaf certificate (signed by |kSANTypesRoot|) which // contains SANS for example.com, test@example.com, 127.0.0.1, and // https://example.com/. (The latter is useless for now since crypto/x509 // doesn't deal with URI SANs directly.) -static const char kSANTypesLeaf[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIClzCCAgCgAwIBAgIJAOjwnT/iW+qmMA0GCSqGSIb3DQEBCwUAMCsxFzAVBgNV\n" - "BAoTDkJvcmluZ1NTTCBUZXN0MRAwDgYDVQQDEwdSb290IENBMB4XDTE1MDEwMTAw\n" - "MDAwMFoXDTI1MDEwMTAwMDAwMFowLzEXMBUGA1UEChMOQm9yaW5nU1NMIFRlc3Qx\n" - "FDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" - "gQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+l3mYQPtPbRT9\n" - "KxOLwqUuZ9jUCZ7WIji3Sgt0cyvCNPHRk+WW2XR781ifbGE8wLBB1NkrKyQjd1sc\n" - "O711Xc4gVM+hY4cdHiTE8x0aUIuqthRD7ZendWL0FMhS1wIDAQABo4G+MIG7MA4G\n" - "A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD\n" - "VR0TAQH/BAIwADAZBgNVHQ4EEgQQn5EWH0NDPkmm3m22gNefYDAbBgNVHSMEFDAS\n" - "gBBAN9cB+0AvuBx+VAQnjFkBMEQGA1UdEQQ9MDuCC2V4YW1wbGUuY29tgRB0ZXN0\n" - "QGV4YW1wbGUuY29thwR/AAABhhRodHRwczovL2V4YW1wbGUuY29tLzANBgkqhkiG\n" - "9w0BAQsFAAOBgQBtwJvY6+Tk6D6DOtDVaNoJ5y8E25CCuE/Ga4OuIcYJas+yLckf\n" - "dZwUV3GUG2oBXl2MrpUFxXd4hKBO1CmlBY+hZEeIx0Yp6QWK9P/vnZeydOTP26mk\n" - "jusJ2PqSmtKNU1Zcaba4d29oFejmOAfeguhR8AHpsc/zHEaS5Q9cJsuJcw==\n" - "-----END CERTIFICATE-----\n"; +static const char kSANTypesLeaf[] = R"( +-----BEGIN CERTIFICATE----- +MIIClzCCAgCgAwIBAgIJAOjwnT/iW+qmMA0GCSqGSIb3DQEBCwUAMCsxFzAVBgNV +BAoTDkJvcmluZ1NTTCBUZXN0MRAwDgYDVQQDEwdSb290IENBMB4XDTE1MDEwMTAw +MDAwMFoXDTI1MDEwMTAwMDAwMFowLzEXMBUGA1UEChMOQm9yaW5nU1NMIFRlc3Qx +FDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+l3mYQPtPbRT9 +KxOLwqUuZ9jUCZ7WIji3Sgt0cyvCNPHRk+WW2XR781ifbGE8wLBB1NkrKyQjd1sc +O711Xc4gVM+hY4cdHiTE8x0aUIuqthRD7ZendWL0FMhS1wIDAQABo4G+MIG7MA4G +A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD +VR0TAQH/BAIwADAZBgNVHQ4EEgQQn5EWH0NDPkmm3m22gNefYDAbBgNVHSMEFDAS +gBBAN9cB+0AvuBx+VAQnjFkBMEQGA1UdEQQ9MDuCC2V4YW1wbGUuY29tgRB0ZXN0 +QGV4YW1wbGUuY29thwR/AAABhhRodHRwczovL2V4YW1wbGUuY29tLzANBgkqhkiG +9w0BAQsFAAOBgQBtwJvY6+Tk6D6DOtDVaNoJ5y8E25CCuE/Ga4OuIcYJas+yLckf +dZwUV3GUG2oBXl2MrpUFxXd4hKBO1CmlBY+hZEeIx0Yp6QWK9P/vnZeydOTP26mk +jusJ2PqSmtKNU1Zcaba4d29oFejmOAfeguhR8AHpsc/zHEaS5Q9cJsuJcw== +-----END CERTIFICATE----- +)"; // -----BEGIN RSA PRIVATE KEY----- // MIICWwIBAAKBgQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+ @@ -480,22 +503,23 @@ static const char kSANTypesLeaf[] = // YvJUG1zoHwUVrxxbR3DbpTODlktLcl/0b97D0IkH3w== // -----END RSA PRIVATE KEY----- -static const char kSANTypesRoot[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICTTCCAbagAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwKzEXMBUGA1UE\n" - "ChMOQm9yaW5nU1NMIFRlc3QxEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTUwMTAxMDAw\n" - "MDAwWhcNMjUwMTAxMDAwMDAwWjArMRcwFQYDVQQKEw5Cb3JpbmdTU0wgVGVzdDEQ\n" - "MA4GA1UEAxMHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6Q5/\n" - "EQzmWuaGg3D2UQcuAngR9bIkkjjuJmICx5TxPqF3asCP1SJotl3iTNrghRE1wpJy\n" - "SY2BtIiXa7f8skRb2U0GcPkMxo/ps9+jaoRsQ1m+nbLQdpvD1/qZWcO45fNTA71J\n" - "1rPMokP+rcILuQG4VimUAySnDSghKamulFtK+Z8CAwEAAaN6MHgwDgYDVR0PAQH/\n" - "BAQDAgIEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8E\n" - "BTADAQH/MBkGA1UdDgQSBBBAN9cB+0AvuBx+VAQnjFkBMBsGA1UdIwQUMBKAEEA3\n" - "1wH7QC+4HH5UBCeMWQEwDQYJKoZIhvcNAQELBQADgYEAc4N6hTE62/3gwg+kyc2f\n" - "c/Jj1mHrOt+0NRaBnmvbmNpsEjHS96Ef4Wt/ZlPXPkkv1C1VosJnOIMF3Q522wRH\n" - "bqaxARldS12VAa3gcWisDWD+SqSyDxjyojz0XDiJkTrFuCTCUiZO+1GLB7SO10Ms\n" - "d5YVX0c90VMnUhF/dlrqS9U=\n" - "-----END CERTIFICATE-----\n"; +static const char kSANTypesRoot[] = R"( +-----BEGIN CERTIFICATE----- +MIICTTCCAbagAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwKzEXMBUGA1UE +ChMOQm9yaW5nU1NMIFRlc3QxEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTUwMTAxMDAw +MDAwWhcNMjUwMTAxMDAwMDAwWjArMRcwFQYDVQQKEw5Cb3JpbmdTU0wgVGVzdDEQ +MA4GA1UEAxMHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6Q5/ +EQzmWuaGg3D2UQcuAngR9bIkkjjuJmICx5TxPqF3asCP1SJotl3iTNrghRE1wpJy +SY2BtIiXa7f8skRb2U0GcPkMxo/ps9+jaoRsQ1m+nbLQdpvD1/qZWcO45fNTA71J +1rPMokP+rcILuQG4VimUAySnDSghKamulFtK+Z8CAwEAAaN6MHgwDgYDVR0PAQH/ +BAQDAgIEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8E +BTADAQH/MBkGA1UdDgQSBBBAN9cB+0AvuBx+VAQnjFkBMBsGA1UdIwQUMBKAEEA3 +1wH7QC+4HH5UBCeMWQEwDQYJKoZIhvcNAQELBQADgYEAc4N6hTE62/3gwg+kyc2f +c/Jj1mHrOt+0NRaBnmvbmNpsEjHS96Ef4Wt/ZlPXPkkv1C1VosJnOIMF3Q522wRH +bqaxARldS12VAa3gcWisDWD+SqSyDxjyojz0XDiJkTrFuCTCUiZO+1GLB7SO10Ms +d5YVX0c90VMnUhF/dlrqS9U= +-----END CERTIFICATE----- +)"; // -----BEGIN RSA PRIVATE KEY----- // MIICXAIBAAKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/V @@ -592,157 +616,166 @@ static const char kSANTypesRoot[] = // kNoBasicConstraintsCertSignIntermediate doesn't have isCA set, but contains // certSign in the keyUsage. -static const char kNoBasicConstraintsCertSignIntermediate[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBqjCCAROgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n" - "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n" - "MDk5MDEwMTAwMDAwMFowHzEdMBsGA1UEAxMUTm8gQmFzaWMgQ29uc3RyYWludHMw\n" - "WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASEFMblfxIEDO8My7wHtHWTuDzNyID1\n" - "OsPkMGkn32O/pSyXxXuAqDeFoMVffUMTyfm8JcYugSEbrv2qEXXM4bZRoy8wLTAO\n" - "BgNVHQ8BAf8EBAMCAgQwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkq\n" - "hkiG9w0BAQsFAAOBgQC1Lh6hIAm3K5kRh5iIydU0YAEm7eV6ZSskERDUq3DLJyl9\n" - "ZUZCHUzvb464dkwZjeNzaUVS1pdElJslwX3DtGgeJLJGCnk8zUjBjaNrrDm0kzPW\n" - "xKt/6oif1ci/KCKqKNXJAIFbc4e+IiBpenwpxHk3If4NM+Ek0nKoO8Uj0NkgTQ==\n" - "-----END CERTIFICATE-----\n"; - -static const char kNoBasicConstraintsCertSignLeaf[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBUDCB96ADAgECAgEDMAoGCCqGSM49BAMCMB8xHTAbBgNVBAMTFE5vIEJhc2lj\n" - "IENvbnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkwMTAxMDAwMDAwWjAx\n" - "MS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNpYyBDb25zdHJhaW50\n" - "czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEsYPMwzdJKjB+2gpC90ib2ilHoB\n" - "w/arQ6ikUX0CNUDDaKaOu/jF39ogzVlg4lDFrjCKShSfCCcrwgONv70IZGijEDAO\n" - "MAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIgbV7R99yM+okXSIs6Fp3o\n" - "eCOXiDL60IBxaTOcLS44ywcCIQDbn87Gj5cFgHBYAkzdHqDsyGXkxQTHDq9jmX24\n" - "Djy3Zw==\n" - "-----END CERTIFICATE-----\n"; +static const char kNoBasicConstraintsCertSignIntermediate[] = R"( +-----BEGIN CERTIFICATE----- +MIIBqjCCAROgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp +bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y +MDk5MDEwMTAwMDAwMFowHzEdMBsGA1UEAxMUTm8gQmFzaWMgQ29uc3RyYWludHMw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASEFMblfxIEDO8My7wHtHWTuDzNyID1 +OsPkMGkn32O/pSyXxXuAqDeFoMVffUMTyfm8JcYugSEbrv2qEXXM4bZRoy8wLTAO +BgNVHQ8BAf8EBAMCAgQwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkq +hkiG9w0BAQsFAAOBgQC1Lh6hIAm3K5kRh5iIydU0YAEm7eV6ZSskERDUq3DLJyl9 +ZUZCHUzvb464dkwZjeNzaUVS1pdElJslwX3DtGgeJLJGCnk8zUjBjaNrrDm0kzPW +xKt/6oif1ci/KCKqKNXJAIFbc4e+IiBpenwpxHk3If4NM+Ek0nKoO8Uj0NkgTQ== +-----END CERTIFICATE----- +)"; + +static const char kNoBasicConstraintsCertSignLeaf[] = R"( +-----BEGIN CERTIFICATE----- +MIIBUDCB96ADAgECAgEDMAoGCCqGSM49BAMCMB8xHTAbBgNVBAMTFE5vIEJhc2lj +IENvbnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkwMTAxMDAwMDAwWjAx +MS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNpYyBDb25zdHJhaW50 +czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEsYPMwzdJKjB+2gpC90ib2ilHoB +w/arQ6ikUX0CNUDDaKaOu/jF39ogzVlg4lDFrjCKShSfCCcrwgONv70IZGijEDAO +MAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIgbV7R99yM+okXSIs6Fp3o +eCOXiDL60IBxaTOcLS44ywcCIQDbn87Gj5cFgHBYAkzdHqDsyGXkxQTHDq9jmX24 +Djy3Zw== +-----END CERTIFICATE----- +)"; // kNoBasicConstraintsNetscapeCAIntermediate doesn't have isCA set, but contains // a Netscape certificate-type extension that asserts a type of "SSL CA". -static const char kNoBasicConstraintsNetscapeCAIntermediate[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBuDCCASGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n" - "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n" - "MDk5MDEwMTAwMDAwMFowKjEoMCYGA1UEAxMfTm8gQmFzaWMgQ29uc3RyYWludHMg\n" - "KE5ldHNjYXBlKTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCeMbmCaOtMzXBqi\n" - "PrCdNOH23CkaawUA+pAezitAN4RXS1O2CGK5sJjGPVVeogROU8G7/b+mU+ciZIzH\n" - "1PP8FJKjMjAwMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEwEQYJYIZIAYb4\n" - "QgEBBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4GBAAgNWjh7cfBTClTAk+Ml//5xb9Ju\n" - "tkBhG6Rm+kkMD+qiSMO6t7xS7CsA0+jIBjkdEYaLZ3oxtQCBdZsVNxUvRxZ0AUfF\n" - "G3DtRFTsrI1f7IQhpMuqEMF4shPW+5x54hrq0Fo6xMs6XoinJZcTUaaB8EeXRF6M\n" - "P9p6HuyLrmn0c/F0\n" - "-----END CERTIFICATE-----\n"; - -static const char kNoBasicConstraintsNetscapeCALeaf[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBXDCCAQKgAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9ObyBCYXNp\n" - "YyBDb25zdHJhaW50cyAoTmV0c2NhcGUpMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkw\n" - "MTAxMDAwMDAwWjAxMS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNp\n" - "YyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDlJKolDu3R2\n" - "tPqSDycr0QJcWhxdBv76V0EEVflcHRxED6vAioTEcnQszt1OfKtBZvjlo0yp6i6Q\n" - "DaYit0ZInmWjEDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIhAJsh\n" - "aZL6BHeEfoUBj1oZ2Ln91qzj3UCVMJ+vrmwAFdYyAiA3wp2JphgchvmoUFuzPXwj\n" - "XyPwWPbymSTpzKhB4xB7qQ==\n" - "-----END CERTIFICATE-----\n"; - -static const char kSelfSignedMismatchAlgorithms[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIFMjCCAxqgAwIBAgIJAL0mG5fOeJ7xMA0GCSqGSIb3DQEBDQUAMC0xCzAJBgNV\n" - "BAYTAkdCMQ8wDQYDVQQHDAZMb25kb24xDTALBgNVBAoMBFRlc3QwIBcNMTgwOTE3\n" - "MTIxNzU3WhgPMjExODA4MjQxMjE3NTdaMC0xCzAJBgNVBAYTAkdCMQ8wDQYDVQQH\n" - "DAZMb25kb24xDTALBgNVBAoMBFRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\n" - "ggIKAoICAQDCMhBrRAGGw+n2GdctBr/cEK4FZA6ajiHjihgpCHoSBdyL4R2jGKLS\n" - "g0WgaMXa1HpkKN7LcIySosEBPlmcRkr1RqbEvQStOSvoFCXYvtx3alM6HTbXMcDR\n" - "mqoKoABP6LXsPSoMWIgqMtP2X9EOppzHVIK1yFYFfbIlvYUV2Ka+MuMe0Vh5wvD1\n" - "4GanPb+cWSKgdRSVQovCCMY3yWtZKVEaxRpCsk/mYYIFWz0tcgMjIKwDx1XXgiAV\n" - "nU6NK43xbaw3XhtnaD/pv9lhTTbNrlcln9LjTD097BaK4R+1AEPHnpfxA9Ui3upn\n" - "kbsNUdGdOB0ksZi/vd7lh833YgquQUIAhYrbfvq/HFCpVV1gljzlS3sqULYpLE//\n" - "i3OsuL2mE+CYIJGpIi2GeJJWXciNMTJDOqTn+fRDtVb4RPp4Y70DJirp7XzaBi3q\n" - "H0edANCzPSRCDbZsOhzIXhXshldiXVRX666DDlbMQgLTEnNKrkwv6DmU8o15XQsb\n" - "8k1Os2YwXmkEOxUQ7AJZXVTZSf6UK9Znmdq1ZrHjybMfRUkHVxJcnKvrxfryralv\n" - "gzfvu+D6HuxrCo3Ojqa+nDgIbxKEBtdrcsMhq1jWPFhjwo1fSadAkKOfdCAuXJRD\n" - "THg3b4Sf+W7Cpc570YHrIpBf7WFl2XsPcEM0mJZ5+yATASCubNozQwIDAQABo1Mw\n" - "UTAdBgNVHQ4EFgQUES0hupZSqY21JOba10QyZuxm91EwHwYDVR0jBBgwFoAUES0h\n" - "upZSqY21JOba10QyZuxm91EwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsF\n" - "AAOCAgEABTN5S30ng/RMpBweDm2N561PdpaCdiRXtAFCRVWR2mkDYC/Xj9Vqe6be\n" - "PyM7L/5OKYVjzF1yJu67z/dx+ja5o+41g17jdqla7hyPx+9B4uRyDh+1KJTa+duj\n" - "mw/aA1LCr6O6W4WizDOsChJ6FaB2Y1+GlFnKWb5nUdhVJqXQE1WOX9dZnw8Y4Npd\n" - "VmAsjWot0BZorJrt3fwfcv3QfA896twkbo7Llv/8qzg4sXZXZ4ZtgAOqnPngiSn+\n" - "JT/vYCXZ406VvAFpFqMcVz2dO/VGuL8lGIMHRKNyafrsV81EzH1W/XmRWOgvgj6r\n" - "yQI63ln/AMY72HQ97xLkE1xKunGz6bK5Ug5+O43Uftc4Mb6MUgzo+ZqEQ3Ob+cAV\n" - "cvjmtwDaPO/O39O5Xq0tLTlkn2/cKf4OQ6S++GDxzyRVHh5JXgP4j9+jfZY57Woy\n" - "R1bE7N50JjY4cDermBJKdlBIjL7UPhqmLyaG7V0hBitFlgGBUCcJtJOV0xYd5aF3\n" - "pxNkvMXhBmh95fjxJ0cJjpO7tN1RAwtMMNgsl7OUbuVRQCHOPW5DgP5qY21jDeRn\n" - "BY82382l+9QzykmJLI5MZnmj4BA9uIDCwMtoTTvP++SsvhUAbuvh7MOOUQL0EY4m\n" - "KStYq7X9PKseN+PvmfeoffIKc5R/Ha39oi7cGMVHCr8aiEhsf94=\n" - "-----END CERTIFICATE-----\n"; +static const char kNoBasicConstraintsNetscapeCAIntermediate[] = R"( +-----BEGIN CERTIFICATE----- +MIIBuDCCASGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp +bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y +MDk5MDEwMTAwMDAwMFowKjEoMCYGA1UEAxMfTm8gQmFzaWMgQ29uc3RyYWludHMg +KE5ldHNjYXBlKTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCeMbmCaOtMzXBqi +PrCdNOH23CkaawUA+pAezitAN4RXS1O2CGK5sJjGPVVeogROU8G7/b+mU+ciZIzH +1PP8FJKjMjAwMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEwEQYJYIZIAYb4 +QgEBBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4GBAAgNWjh7cfBTClTAk+Ml//5xb9Ju +tkBhG6Rm+kkMD+qiSMO6t7xS7CsA0+jIBjkdEYaLZ3oxtQCBdZsVNxUvRxZ0AUfF +G3DtRFTsrI1f7IQhpMuqEMF4shPW+5x54hrq0Fo6xMs6XoinJZcTUaaB8EeXRF6M +P9p6HuyLrmn0c/F0 +-----END CERTIFICATE----- +)"; + +static const char kNoBasicConstraintsNetscapeCALeaf[] = R"( +-----BEGIN CERTIFICATE----- +MIIBXDCCAQKgAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9ObyBCYXNp +YyBDb25zdHJhaW50cyAoTmV0c2NhcGUpMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkw +MTAxMDAwMDAwWjAxMS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNp +YyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDlJKolDu3R2 +tPqSDycr0QJcWhxdBv76V0EEVflcHRxED6vAioTEcnQszt1OfKtBZvjlo0yp6i6Q +DaYit0ZInmWjEDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIhAJsh +aZL6BHeEfoUBj1oZ2Ln91qzj3UCVMJ+vrmwAFdYyAiA3wp2JphgchvmoUFuzPXwj +XyPwWPbymSTpzKhB4xB7qQ== +-----END CERTIFICATE----- +)"; + +static const char kSelfSignedMismatchAlgorithms[] = R"( +-----BEGIN CERTIFICATE----- +MIIFMjCCAxqgAwIBAgIJAL0mG5fOeJ7xMA0GCSqGSIb3DQEBDQUAMC0xCzAJBgNV +BAYTAkdCMQ8wDQYDVQQHDAZMb25kb24xDTALBgNVBAoMBFRlc3QwIBcNMTgwOTE3 +MTIxNzU3WhgPMjExODA4MjQxMjE3NTdaMC0xCzAJBgNVBAYTAkdCMQ8wDQYDVQQH +DAZMb25kb24xDTALBgNVBAoMBFRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDCMhBrRAGGw+n2GdctBr/cEK4FZA6ajiHjihgpCHoSBdyL4R2jGKLS +g0WgaMXa1HpkKN7LcIySosEBPlmcRkr1RqbEvQStOSvoFCXYvtx3alM6HTbXMcDR +mqoKoABP6LXsPSoMWIgqMtP2X9EOppzHVIK1yFYFfbIlvYUV2Ka+MuMe0Vh5wvD1 +4GanPb+cWSKgdRSVQovCCMY3yWtZKVEaxRpCsk/mYYIFWz0tcgMjIKwDx1XXgiAV +nU6NK43xbaw3XhtnaD/pv9lhTTbNrlcln9LjTD097BaK4R+1AEPHnpfxA9Ui3upn +kbsNUdGdOB0ksZi/vd7lh833YgquQUIAhYrbfvq/HFCpVV1gljzlS3sqULYpLE// +i3OsuL2mE+CYIJGpIi2GeJJWXciNMTJDOqTn+fRDtVb4RPp4Y70DJirp7XzaBi3q +H0edANCzPSRCDbZsOhzIXhXshldiXVRX666DDlbMQgLTEnNKrkwv6DmU8o15XQsb +8k1Os2YwXmkEOxUQ7AJZXVTZSf6UK9Znmdq1ZrHjybMfRUkHVxJcnKvrxfryralv +gzfvu+D6HuxrCo3Ojqa+nDgIbxKEBtdrcsMhq1jWPFhjwo1fSadAkKOfdCAuXJRD +THg3b4Sf+W7Cpc570YHrIpBf7WFl2XsPcEM0mJZ5+yATASCubNozQwIDAQABo1Mw +UTAdBgNVHQ4EFgQUES0hupZSqY21JOba10QyZuxm91EwHwYDVR0jBBgwFoAUES0h +upZSqY21JOba10QyZuxm91EwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsF +AAOCAgEABTN5S30ng/RMpBweDm2N561PdpaCdiRXtAFCRVWR2mkDYC/Xj9Vqe6be +PyM7L/5OKYVjzF1yJu67z/dx+ja5o+41g17jdqla7hyPx+9B4uRyDh+1KJTa+duj +mw/aA1LCr6O6W4WizDOsChJ6FaB2Y1+GlFnKWb5nUdhVJqXQE1WOX9dZnw8Y4Npd +VmAsjWot0BZorJrt3fwfcv3QfA896twkbo7Llv/8qzg4sXZXZ4ZtgAOqnPngiSn+ +JT/vYCXZ406VvAFpFqMcVz2dO/VGuL8lGIMHRKNyafrsV81EzH1W/XmRWOgvgj6r +yQI63ln/AMY72HQ97xLkE1xKunGz6bK5Ug5+O43Uftc4Mb6MUgzo+ZqEQ3Ob+cAV +cvjmtwDaPO/O39O5Xq0tLTlkn2/cKf4OQ6S++GDxzyRVHh5JXgP4j9+jfZY57Woy +R1bE7N50JjY4cDermBJKdlBIjL7UPhqmLyaG7V0hBitFlgGBUCcJtJOV0xYd5aF3 +pxNkvMXhBmh95fjxJ0cJjpO7tN1RAwtMMNgsl7OUbuVRQCHOPW5DgP5qY21jDeRn +BY82382l+9QzykmJLI5MZnmj4BA9uIDCwMtoTTvP++SsvhUAbuvh7MOOUQL0EY4m +KStYq7X9PKseN+PvmfeoffIKc5R/Ha39oi7cGMVHCr8aiEhsf94= +-----END CERTIFICATE----- +)"; // kCommonNameWithSANs is a leaf certificate signed by kSANTypesRoot, with // *.host1.test as the common name and a SAN list of *.host2.test and // foo.host3.test. -static const char kCommonNameWithSANs[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIB2zCCAUSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n" - "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n" - "MDk5MDEwMTAwMDAwMFowNzEeMBwGA1UEChMVQ29tbW9uIG5hbWUgd2l0aCBTQU5z\n" - "MRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\n" - "AASgWzfnFnpQrokSLIC+LhCKJDUAY/2usfIDpOnafYoYCasbYetkmOslgyY4Nn07\n" - "zjvjNROprA/0bdULXAkdL9bNo0gwRjAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn\n" - "jFkBMCcGA1UdEQQgMB6CDCouaG9zdDIudGVzdIIOZm9vLmhvc3QzLnRlc3QwDQYJ\n" - "KoZIhvcNAQELBQADgYEAtv2e3hBhsslXB1HTxgusjoschWOVtvGZUaYlhkKzKTCL\n" - "4YpDn50BccnucBU/b9phYvaEZtyzOv4ZXhxTGyLnLrIVB9x5ikfCcfl+LNYNjDwM\n" - "enm/h1zOfJ7wXLyscD4kU29Wc/zxBd70thIgLYn16CC1S9NtXKsXXDXv5VVH/bg=\n" - "-----END CERTIFICATE-----\n"; +static const char kCommonNameWithSANs[] = R"( +-----BEGIN CERTIFICATE----- +MIIB2zCCAUSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp +bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y +MDk5MDEwMTAwMDAwMFowNzEeMBwGA1UEChMVQ29tbW9uIG5hbWUgd2l0aCBTQU5z +MRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC +AASgWzfnFnpQrokSLIC+LhCKJDUAY/2usfIDpOnafYoYCasbYetkmOslgyY4Nn07 +zjvjNROprA/0bdULXAkdL9bNo0gwRjAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn +jFkBMCcGA1UdEQQgMB6CDCouaG9zdDIudGVzdIIOZm9vLmhvc3QzLnRlc3QwDQYJ +KoZIhvcNAQELBQADgYEAtv2e3hBhsslXB1HTxgusjoschWOVtvGZUaYlhkKzKTCL +4YpDn50BccnucBU/b9phYvaEZtyzOv4ZXhxTGyLnLrIVB9x5ikfCcfl+LNYNjDwM +enm/h1zOfJ7wXLyscD4kU29Wc/zxBd70thIgLYn16CC1S9NtXKsXXDXv5VVH/bg= +-----END CERTIFICATE----- +)"; // kCommonNameWithSANs is a leaf certificate signed by kSANTypesRoot, with // *.host1.test as the common name and no SAN list. -static const char kCommonNameWithoutSANs[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBtTCCAR6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n" - "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n" - "MDk5MDEwMTAwMDAwMFowOjEhMB8GA1UEChMYQ29tbW9uIG5hbWUgd2l0aG91dCBT\n" - "QU5zMRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMB\n" - "BwNCAARt2vjlIrPE+kr11VS1rRP/AYQu4fvf1bNw/K9rwYlVBhmLMPYasEmpCtKE\n" - "0bDIFydtDYC3wZDpSS+YiaG40sdAox8wHTAbBgNVHSMEFDASgBBAN9cB+0AvuBx+\n" - "VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHRbIeaCEytOpJpw9O2dlB656AHe1+t5\n" - "4JiS5mvtzoVOLn7fFk5EFQtZS7sG1Uc2XjlSw+iyvFoTFEqfKyU/mIdc2vBuPwA2\n" - "+YXT8aE4S+UZ9oz5j0gDpikGnkSCW0cyHD8L8fntNjaQRSaM482JpmtdmuxClmWO\n" - "pFFXI2B5usgI\n" - "-----END CERTIFICATE-----\n"; +static const char kCommonNameWithoutSANs[] = R"( +-----BEGIN CERTIFICATE----- +MIIBtTCCAR6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp +bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y +MDk5MDEwMTAwMDAwMFowOjEhMB8GA1UEChMYQ29tbW9uIG5hbWUgd2l0aG91dCBT +QU5zMRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMB +BwNCAARt2vjlIrPE+kr11VS1rRP/AYQu4fvf1bNw/K9rwYlVBhmLMPYasEmpCtKE +0bDIFydtDYC3wZDpSS+YiaG40sdAox8wHTAbBgNVHSMEFDASgBBAN9cB+0AvuBx+ +VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHRbIeaCEytOpJpw9O2dlB656AHe1+t5 +4JiS5mvtzoVOLn7fFk5EFQtZS7sG1Uc2XjlSw+iyvFoTFEqfKyU/mIdc2vBuPwA2 ++YXT8aE4S+UZ9oz5j0gDpikGnkSCW0cyHD8L8fntNjaQRSaM482JpmtdmuxClmWO +pFFXI2B5usgI +-----END CERTIFICATE----- +)"; // kCommonNameWithEmailSAN is a leaf certificate signed by kSANTypesRoot, with // *.host1.test as the common name and the email address test@host2.test in the // SAN list. -static const char kCommonNameWithEmailSAN[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBvDCCASWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n" - "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n" - "MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI\n" - "zj0CAQYIKoZIzj0DAQcDQgAEtevOxcTjpPzlNGoUMFfZyr1k03/Hiuh+EsnuScDs\n" - "8XLKi6fDkvSaDClI99ycabQZRPIrvyT+dglDC6ugQd+CYqNJMEcwDAYDVR0TAQH/\n" - "BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMBoGA1UdEQQTMBGBD3Rl\n" - "c3RAaG9zdDIudGVzdDANBgkqhkiG9w0BAQsFAAOBgQCGbqb78OWJWl4zb+qw0Dz2\n" - "HJgZZJt6/+nNG/XJKdaYeS4eofsbwsJI4fuuOF6ZvYCJxVNtGqdfZDgycvFA9hjv\n" - "NGosBF1/spP17cmzTahLjxs71jDvHV/EQJbKGl/Zpta1Em1VrzSrwoOFabPXzZTJ\n" - "aet/mER21Z/9ZsTUoJQPJw==\n" - "-----END CERTIFICATE-----\n"; +static const char kCommonNameWithEmailSAN[] = R"( +-----BEGIN CERTIFICATE----- +MIIBvDCCASWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp +bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y +MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAEtevOxcTjpPzlNGoUMFfZyr1k03/Hiuh+EsnuScDs +8XLKi6fDkvSaDClI99ycabQZRPIrvyT+dglDC6ugQd+CYqNJMEcwDAYDVR0TAQH/ +BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMBoGA1UdEQQTMBGBD3Rl +c3RAaG9zdDIudGVzdDANBgkqhkiG9w0BAQsFAAOBgQCGbqb78OWJWl4zb+qw0Dz2 +HJgZZJt6/+nNG/XJKdaYeS4eofsbwsJI4fuuOF6ZvYCJxVNtGqdfZDgycvFA9hjv +NGosBF1/spP17cmzTahLjxs71jDvHV/EQJbKGl/Zpta1Em1VrzSrwoOFabPXzZTJ +aet/mER21Z/9ZsTUoJQPJw== +-----END CERTIFICATE----- +)"; // kCommonNameWithIPSAN is a leaf certificate signed by kSANTypesRoot, with // *.host1.test as the common name and the IP address 127.0.0.1 in the // SAN list. -static const char kCommonNameWithIPSAN[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBsTCCARqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n" - "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n" - "MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI\n" - "zj0CAQYIKoZIzj0DAQcDQgAEFKrgkxm8PysXbwnHQeTD3p8YY0+sY4ssnZgmj8wX\n" - "KTyn893fdBHWlz71GO6t82wMTF5d+ZYwI2XU52pfl4SB2aM+MDwwDAYDVR0TAQH/\n" - "BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA8GA1UdEQQIMAaHBH8A\n" - "AAEwDQYJKoZIhvcNAQELBQADgYEAQWZ8Oj059ZjS109V/ijMYT28xuAN5n6HHxCO\n" - "DopTP56Zu9+gme5wTETWEfocspZvgecoUOcedTFoKSQ7JafO09NcVLA+D6ddYpju\n" - "mgfuiLy9dDhqvX/NHaLBMxOBWWbOLwWE+ibyX+pOzjWRCw1L7eUXOr6PhZAOQsmU\n" - "D0+O6KI=\n" - "-----END CERTIFICATE-----\n"; +static const char kCommonNameWithIPSAN[] = R"( +-----BEGIN CERTIFICATE----- +MIIBsTCCARqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp +bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y +MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAEFKrgkxm8PysXbwnHQeTD3p8YY0+sY4ssnZgmj8wX +KTyn893fdBHWlz71GO6t82wMTF5d+ZYwI2XU52pfl4SB2aM+MDwwDAYDVR0TAQH/ +BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA8GA1UdEQQIMAaHBH8A +AAEwDQYJKoZIhvcNAQELBQADgYEAQWZ8Oj059ZjS109V/ijMYT28xuAN5n6HHxCO +DopTP56Zu9+gme5wTETWEfocspZvgecoUOcedTFoKSQ7JafO09NcVLA+D6ddYpju +mgfuiLy9dDhqvX/NHaLBMxOBWWbOLwWE+ibyX+pOzjWRCw1L7eUXOr6PhZAOQsmU +D0+O6KI= +-----END CERTIFICATE----- +)"; // kConstrainedIntermediate is an intermediate signed by kSANTypesRoot, with // permitted DNS names of permitted1.test and foo.permitted2.test and an @@ -753,84 +786,89 @@ static const char kCommonNameWithIPSAN[] = // JhNOfIv/d8heWFBeKOfMR+RfaROhRANCAASbbbWYiN6mn+BCpg4XNpibOH0D/DN4 // kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzKLY1y // -----END PRIVATE KEY----- -static const char kConstrainedIntermediate[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICDjCCAXegAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n" - "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n" - "MDk5MDEwMTAwMDAwMFowKDEmMCQGA1UEAxMdTmFtZSBDb25zdHJhaW50cyBJbnRl\n" - "cm1lZGlhdGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASbbbWYiN6mn+BCpg4X\n" - "NpibOH0D/DN4kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzK\n" - "LY1yo4GJMIGGMA8GA1UdEwEB/wQFMAMBAf8wGwYDVR0jBBQwEoAQQDfXAftAL7gc\n" - "flQEJ4xZATBWBgNVHR4BAf8ETDBKoCowEYIPcGVybWl0dGVkMS50ZXN0MBWCE2Zv\n" - "by5wZXJtaXR0ZWQyLnRlc3ShHDAaghhleGNsdWRlZC5wZXJtaXR0ZWQxLnRlc3Qw\n" - "DQYJKoZIhvcNAQELBQADgYEAFq1Ka05hiKREwRpSceQPzIIH4B5a5IVBg5/EvmQI\n" - "9V0fXyAE1GmahPt70sIBxIgzNTEaY8P/IoOuCdlZWe0msmyEO3S6YSAzOWR5Van6\n" - "cXmFM1uMd95TlkxUMRdV+jKJTvG6R/BM2zltaV7Xt662k5HtzT5Svw0rZlFaggZz\n" - "UyM=\n" - "-----END CERTIFICATE-----\n"; +static const char kConstrainedIntermediate[] = R"( +-----BEGIN CERTIFICATE----- +MIICDjCCAXegAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp +bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y +MDk5MDEwMTAwMDAwMFowKDEmMCQGA1UEAxMdTmFtZSBDb25zdHJhaW50cyBJbnRl +cm1lZGlhdGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASbbbWYiN6mn+BCpg4X +NpibOH0D/DN4kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzK +LY1yo4GJMIGGMA8GA1UdEwEB/wQFMAMBAf8wGwYDVR0jBBQwEoAQQDfXAftAL7gc +flQEJ4xZATBWBgNVHR4BAf8ETDBKoCowEYIPcGVybWl0dGVkMS50ZXN0MBWCE2Zv +by5wZXJtaXR0ZWQyLnRlc3ShHDAaghhleGNsdWRlZC5wZXJtaXR0ZWQxLnRlc3Qw +DQYJKoZIhvcNAQELBQADgYEAFq1Ka05hiKREwRpSceQPzIIH4B5a5IVBg5/EvmQI +9V0fXyAE1GmahPt70sIBxIgzNTEaY8P/IoOuCdlZWe0msmyEO3S6YSAzOWR5Van6 +cXmFM1uMd95TlkxUMRdV+jKJTvG6R/BM2zltaV7Xt662k5HtzT5Svw0rZlFaggZz +UyM= +-----END CERTIFICATE----- +)"; // kCommonNamePermittedLeaf is a leaf certificate signed by // kConstrainedIntermediate. Its common name is permitted by the name // constraints. -static const char kCommonNamePermittedLeaf[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBaDCCAQ2gAwIBAgIBAzAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv\n" - "bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw\n" - "MTAwMDAwMFowPjEeMBwGA1UEChMVQ29tbW9uIG5hbWUgcGVybWl0dGVkMRwwGgYD\n" - "VQQDExNmb28ucGVybWl0dGVkMS50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" - "QgAENX5Ycs8q8MRzPYUz6DqLHhJR3wcmniFRgkiEa7MxE/mRe00y0VGwH7xi7Aoc\n" - "emXPrtD4JwN5bssbcxWGAKYYzaMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjOPQQD\n" - "AgNJADBGAiEAtsnWuRQXtw2xbieC78Y8SVEtTjcZUx8uZyQe1GPLfGICIQDR4fNY\n" - "yg3PC94ydPNQZVsFxAne32CbonWWsokalTFpUQ==\n" - "-----END CERTIFICATE-----\n"; +static const char kCommonNamePermittedLeaf[] = R"( +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAzAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv +bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw +MTAwMDAwMFowPjEeMBwGA1UEChMVQ29tbW9uIG5hbWUgcGVybWl0dGVkMRwwGgYD +VQQDExNmb28ucGVybWl0dGVkMS50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAENX5Ycs8q8MRzPYUz6DqLHhJR3wcmniFRgkiEa7MxE/mRe00y0VGwH7xi7Aoc +emXPrtD4JwN5bssbcxWGAKYYzaMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjOPQQD +AgNJADBGAiEAtsnWuRQXtw2xbieC78Y8SVEtTjcZUx8uZyQe1GPLfGICIQDR4fNY +yg3PC94ydPNQZVsFxAne32CbonWWsokalTFpUQ== +-----END CERTIFICATE----- +)"; static const char kCommonNamePermitted[] = "foo.permitted1.test"; // kCommonNameNotPermittedLeaf is a leaf certificate signed by // kConstrainedIntermediate. Its common name is not permitted by the name // constraints. -static const char kCommonNameNotPermittedLeaf[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBazCCARCgAwIBAgIBBDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv\n" - "bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw\n" - "MTAwMDAwMFowQTEiMCAGA1UEChMZQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZDEb\n" - "MBkGA1UEAxMSbm90LXBlcm1pdHRlZC50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D\n" - "AQcDQgAEzfghKuWf0JoXb0Drp09C3yXMSQQ1byt+AUaymvsHOWsxQ9v1Q+vkF/IM\n" - "HRqGTk2TyxrB2iClVEn/Uu+YtYox1KMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjO\n" - "PQQDAgNJADBGAiEAxaUslxmoWL1tIvnDz7gDkto/HcmdU0jHVuUQLXcCG8wCIQCN\n" - "5xZjitlCQU8UB5qSu9wH4B+0JcVO3Ss4Az76HEJWMw==\n" - "-----END CERTIFICATE-----\n"; +static const char kCommonNameNotPermittedLeaf[] = R"( +-----BEGIN CERTIFICATE----- +MIIBazCCARCgAwIBAgIBBDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv +bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw +MTAwMDAwMFowQTEiMCAGA1UEChMZQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZDEb +MBkGA1UEAxMSbm90LXBlcm1pdHRlZC50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D +AQcDQgAEzfghKuWf0JoXb0Drp09C3yXMSQQ1byt+AUaymvsHOWsxQ9v1Q+vkF/IM +HRqGTk2TyxrB2iClVEn/Uu+YtYox1KMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjO +PQQDAgNJADBGAiEAxaUslxmoWL1tIvnDz7gDkto/HcmdU0jHVuUQLXcCG8wCIQCN +5xZjitlCQU8UB5qSu9wH4B+0JcVO3Ss4Az76HEJWMw== +-----END CERTIFICATE----- +)"; static const char kCommonNameNotPermitted[] = "not-permitted.test"; // kCommonNameNotPermittedWithSANsLeaf is a leaf certificate signed by // kConstrainedIntermediate. Its common name is not permitted by the name // constraints but it has a SAN list. -static const char kCommonNameNotPermittedWithSANsLeaf[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBqTCCAU+gAwIBAgIBBjAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv\n" - "bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw\n" - "MTAwMDAwMFowSzEsMCoGA1UEChMjQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZCB3\n" - "aXRoIFNBTlMxGzAZBgNVBAMTEm5vdC1wZXJtaXR0ZWQudGVzdDBZMBMGByqGSM49\n" - "AgEGCCqGSM49AwEHA0IABKsn9wOApXFHrqhLdQgbFSeaSoAIbxgO0zVSRZUb5naR\n" - "93zoL3MFOvZEF8xiEqh7le+l3XuUig0fwqpcsZzRNJajRTBDMAwGA1UdEwEB/wQC\n" - "MAAwMwYDVR0RBCwwKoITZm9vLnBlcm1pdHRlZDEudGVzdIITZm9vLnBlcm1pdHRl\n" - "ZDIudGVzdDAKBggqhkjOPQQDAgNIADBFAiACk+1f184KkKAXuntmrz+Ygcq8MiZl\n" - "4delx44FtcNaegIhAIA5nYfzxNcTXxDo3U+x1vSLH6Y7faLvHiFySp7O//q+\n" - "-----END CERTIFICATE-----\n"; +static const char kCommonNameNotPermittedWithSANsLeaf[] = R"( +-----BEGIN CERTIFICATE----- +MIIBqTCCAU+gAwIBAgIBBjAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv +bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw +MTAwMDAwMFowSzEsMCoGA1UEChMjQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZCB3 +aXRoIFNBTlMxGzAZBgNVBAMTEm5vdC1wZXJtaXR0ZWQudGVzdDBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABKsn9wOApXFHrqhLdQgbFSeaSoAIbxgO0zVSRZUb5naR +93zoL3MFOvZEF8xiEqh7le+l3XuUig0fwqpcsZzRNJajRTBDMAwGA1UdEwEB/wQC +MAAwMwYDVR0RBCwwKoITZm9vLnBlcm1pdHRlZDEudGVzdIITZm9vLnBlcm1pdHRl +ZDIudGVzdDAKBggqhkjOPQQDAgNIADBFAiACk+1f184KkKAXuntmrz+Ygcq8MiZl +4delx44FtcNaegIhAIA5nYfzxNcTXxDo3U+x1vSLH6Y7faLvHiFySp7O//q+ +-----END CERTIFICATE----- +)"; static const char kCommonNameNotPermittedWithSANs[] = "not-permitted.test"; // kCommonNameNotDNSLeaf is a leaf certificate signed by // kConstrainedIntermediate. Its common name is not a DNS name. -static const char kCommonNameNotDNSLeaf[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBYTCCAQagAwIBAgIBCDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv\n" - "bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw\n" - "MTAwMDAwMFowNzEcMBoGA1UEChMTQ29tbW9uIG5hbWUgbm90IEROUzEXMBUGA1UE\n" - "AxMOTm90IGEgRE5TIG5hbWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASnueyc\n" - "Zxtnw5ke2J2T0/LwAK37auQP/RSFd9mem+BJVbgviawtAlignJmafp7Zw4/GdYEJ\n" - "Vm8qlriOJtluvXGcoxAwDjAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0kAMEYC\n" - "IQChUAmVNI39VHe0zemRE09VDcSEgOxr1nTvjLcg/Q8pVQIhAJYZnJI0YZAi05QH\n" - "RHNlAkTK2TnUaVn3fGSylaLiFS1r\n" - "-----END CERTIFICATE-----\n"; +static const char kCommonNameNotDNSLeaf[] = R"( +-----BEGIN CERTIFICATE----- +MIIBYTCCAQagAwIBAgIBCDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv +bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw +MTAwMDAwMFowNzEcMBoGA1UEChMTQ29tbW9uIG5hbWUgbm90IEROUzEXMBUGA1UE +AxMOTm90IGEgRE5TIG5hbWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASnueyc +Zxtnw5ke2J2T0/LwAK37auQP/RSFd9mem+BJVbgviawtAlignJmafp7Zw4/GdYEJ +Vm8qlriOJtluvXGcoxAwDjAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0kAMEYC +IQChUAmVNI39VHe0zemRE09VDcSEgOxr1nTvjLcg/Q8pVQIhAJYZnJI0YZAi05QH +RHNlAkTK2TnUaVn3fGSylaLiFS1r +-----END CERTIFICATE----- +)"; static const char kCommonNameNotDNS[] = "Not a DNS name"; // The following six certificates are issued by |kSANTypesRoot| and have @@ -861,88 +899,94 @@ static const char kCommonNameNotDNS[] = "Not a DNS name"; // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: leafDER}) // } -static const char kMicrosoftSGCCert[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBtDCCAR2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n" - "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n" - "MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C\n" - "AQYIKoZIzj0DAQcDQgAEEn61v3Vs+q6bTyyRnrJvuKBE8PTNVLbXGB52jig4Qse2\n" - "mGygNEysS0uzZ0luz+rn2hDRUFL6sHLUs1d8UMbI/6NEMEIwFQYDVR0lBA4wDAYK\n" - "KwYBBAGCNwoDAzAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5U\n" - "BCeMWQEwDQYJKoZIhvcNAQELBQADgYEAgDQI9RSo3E3ZVnU71TV/LjG9xwHtfk6I\n" - "rlNnlJJ0lsTHAuMc1mwCbzhtsmasetwYlIa9G8GFWB9Gh/QqHA7G649iGGmXShqe\n" - "aVDuWgeSEJxBPE2jILoMm4pEYF7jfonTn7XXX6O78yuSlP+NPIU0gUKHkWZ1sWk0\n" - "cC4l0r/6jik=\n" - "-----END CERTIFICATE-----\n"; - -static const char kNetscapeSGCCert[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBszCCARygAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n" - "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n" - "MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C\n" - "AQYIKoZIzj0DAQcDQgAE3NbT+TnBfq1DWJCezjaUL52YhDU7cOkI2S2PoWgJ1v7x\n" - "kKLwBonUFZjppZs69SyBHeJdti+KoJ3qTW+hCG08EaNDMEEwFAYDVR0lBA0wCwYJ\n" - "YIZIAYb4QgQBMAwGA1UdEwEB/wQCMAAwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQE\n" - "J4xZATANBgkqhkiG9w0BAQsFAAOBgQBuiyVcfazekHkCWksxdFmjPmMtWCxFjkzc\n" - "8VBxFE0CfSHQAfZ8J7tXd1FbAq/eXdZvvo8v0JB4sOM4Ex1ob1fuvDFHdSAHAD7W\n" - "dhKIjJyzVojoxjCjyue0XMeEPl7RiqbdxoS/R5HFAqAF0T2OeQAqP9gTpOXoau1M\n" - "RQHX6HQJJg==\n" - "-----END CERTIFICATE-----\n"; - -static const char kServerEKUCert[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBsjCCARugAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n" - "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n" - "MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C\n" - "AQYIKoZIzj0DAQcDQgAEDd35i+VWPwIOKLrLWTuP5cqD+yJDB5nujEzPgkXP5LKJ\n" - "SZRbHTqTdpYZB2jy6y90RY2Bsjx7FfZ7nN5G2g1GOKNCMEAwEwYDVR0lBAwwCgYI\n" - "KwYBBQUHAwEwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn\n" - "jFkBMA0GCSqGSIb3DQEBCwUAA4GBAIKmbMBjuivL/rxDu7u7Vr3o3cdmEggBJxwL\n" - "iatNW3x1wg0645aNYOktW/iQ7mAAiziTY73GFyfiJDWqnY+CwA94ZWyQidjHdN/I\n" - "6BR52sN/dkYEoInYEbmDNMc/if+T0yqeBQLP4BeKLiT8p0qqaimae6LgibS19hDP\n" - "2hoEMdz2\n" - "-----END CERTIFICATE-----\n"; - -static const char kServerEKUPlusMicrosoftSGCCert[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBvjCCASegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n" - "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n" - "MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C\n" - "AQYIKoZIzj0DAQcDQgAEDO1MYPxq+U4oXMIK8UnsS4C696wpcu4UOmcMJJ5CUd5Z\n" - "ZpJShN6kYKnrb3GK/6xEgbUGntmrzSRG5FYqk6QgD6NOMEwwHwYDVR0lBBgwFgYI\n" - "KwYBBQUHAwEGCisGAQQBgjcKAwMwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBA\n" - "N9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHOu2IBa4lHzVGS36HxS\n" - "SejUE87Ji1ysM6BgkYbfxfS9MuV+J3UnqH57JjbH/3CFl4ZDWceF6SGBSCn8LqKa\n" - "KHpwoNFU3zA99iQzVJgbUyN0PbKwHEanLyKDJZyFk71R39ToxhSNQgaQYjZYCy1H\n" - "5V9oXd1bodEqVsOZ/mur24Ku\n" - "-----END CERTIFICATE-----\n"; - -static const char kAnyEKU[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBrjCCARegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n" - "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n" - "MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C\n" - "AQYIKoZIzj0DAQcDQgAE9nsLABDporlTvx1OBUc4Hd5vxfX+8nS/OhbHmKtFLYNu\n" - "1CLLrImbwMQYD2G+PgLO6sQHmASq2jmJKp6ZWsRkTqM+MDwwDwYDVR0lBAgwBgYE\n" - "VR0lADAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEw\n" - "DQYJKoZIhvcNAQELBQADgYEAxgjgn1SAzQ+2GeCicZ5ndvVhKIeFelGCQ989XTVq\n" - "uUbAYBW6v8GXNuVzoXYxDgNSanF6U+w+INrJ6daKVrIxAxdk9QFgBXqJoupuRAA3\n" - "/OqnmYux0EqOTLbTK1P8DhaiaD0KV6dWGUwzqsgBmPkZ0lgNaPjvb1mKV3jhBkjz\n" - "L6A=\n" - "-----END CERTIFICATE-----\n"; - -static const char kNoEKU[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBnTCCAQagAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp\n" - "bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y\n" - "MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C\n" - "AQYIKoZIzj0DAQcDQgAEpSFSqbYY86ZcMamE606dqdyjWlwhSHKOLUFsUUIzkMPz\n" - "KHRu/x3Yzi8+Hm8eFK/TnCbkpYsYw4hIw00176dYzaMtMCswDAYDVR0TAQH/BAIw\n" - "ADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GB\n" - "AHvYzynIkjLThExHRS+385hfv4vgrQSMmCM1SAnEIjSBGsU7RPgiGAstN06XivuF\n" - "T1fNugRmTu4OtOIbfdYkcjavJufw9hR9zWTt77CNMTy9XmOZLgdS5boFTtLCztr3\n" - "TXHOSQQD8Dl4BK0wOet+TP6LBEjHlRFjAqK4bu9xpxV2\n" - "-----END CERTIFICATE-----\n"; +static const char kMicrosoftSGCCert[] = R"( +-----BEGIN CERTIFICATE----- +MIIBtDCCAR2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp +bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y +MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEEn61v3Vs+q6bTyyRnrJvuKBE8PTNVLbXGB52jig4Qse2 +mGygNEysS0uzZ0luz+rn2hDRUFL6sHLUs1d8UMbI/6NEMEIwFQYDVR0lBA4wDAYK +KwYBBAGCNwoDAzAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5U +BCeMWQEwDQYJKoZIhvcNAQELBQADgYEAgDQI9RSo3E3ZVnU71TV/LjG9xwHtfk6I +rlNnlJJ0lsTHAuMc1mwCbzhtsmasetwYlIa9G8GFWB9Gh/QqHA7G649iGGmXShqe +aVDuWgeSEJxBPE2jILoMm4pEYF7jfonTn7XXX6O78yuSlP+NPIU0gUKHkWZ1sWk0 +cC4l0r/6jik= +-----END CERTIFICATE----- +)"; + +static const char kNetscapeSGCCert[] = R"( +-----BEGIN CERTIFICATE----- +MIIBszCCARygAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp +bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y +MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAE3NbT+TnBfq1DWJCezjaUL52YhDU7cOkI2S2PoWgJ1v7x +kKLwBonUFZjppZs69SyBHeJdti+KoJ3qTW+hCG08EaNDMEEwFAYDVR0lBA0wCwYJ +YIZIAYb4QgQBMAwGA1UdEwEB/wQCMAAwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQE +J4xZATANBgkqhkiG9w0BAQsFAAOBgQBuiyVcfazekHkCWksxdFmjPmMtWCxFjkzc +8VBxFE0CfSHQAfZ8J7tXd1FbAq/eXdZvvo8v0JB4sOM4Ex1ob1fuvDFHdSAHAD7W +dhKIjJyzVojoxjCjyue0XMeEPl7RiqbdxoS/R5HFAqAF0T2OeQAqP9gTpOXoau1M +RQHX6HQJJg== +-----END CERTIFICATE----- +)"; + +static const char kServerEKUCert[] = R"( +-----BEGIN CERTIFICATE----- +MIIBsjCCARugAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp +bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y +MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEDd35i+VWPwIOKLrLWTuP5cqD+yJDB5nujEzPgkXP5LKJ +SZRbHTqTdpYZB2jy6y90RY2Bsjx7FfZ7nN5G2g1GOKNCMEAwEwYDVR0lBAwwCgYI +KwYBBQUHAwEwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn +jFkBMA0GCSqGSIb3DQEBCwUAA4GBAIKmbMBjuivL/rxDu7u7Vr3o3cdmEggBJxwL +iatNW3x1wg0645aNYOktW/iQ7mAAiziTY73GFyfiJDWqnY+CwA94ZWyQidjHdN/I +6BR52sN/dkYEoInYEbmDNMc/if+T0yqeBQLP4BeKLiT8p0qqaimae6LgibS19hDP +2hoEMdz2 +-----END CERTIFICATE----- +)"; + +static const char kServerEKUPlusMicrosoftSGCCert[] = R"( +-----BEGIN CERTIFICATE----- +MIIBvjCCASegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp +bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y +MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEDO1MYPxq+U4oXMIK8UnsS4C696wpcu4UOmcMJJ5CUd5Z +ZpJShN6kYKnrb3GK/6xEgbUGntmrzSRG5FYqk6QgD6NOMEwwHwYDVR0lBBgwFgYI +KwYBBQUHAwEGCisGAQQBgjcKAwMwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBA +N9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHOu2IBa4lHzVGS36HxS +SejUE87Ji1ysM6BgkYbfxfS9MuV+J3UnqH57JjbH/3CFl4ZDWceF6SGBSCn8LqKa +KHpwoNFU3zA99iQzVJgbUyN0PbKwHEanLyKDJZyFk71R39ToxhSNQgaQYjZYCy1H +5V9oXd1bodEqVsOZ/mur24Ku +-----END CERTIFICATE----- +)"; + +static const char kAnyEKU[] = R"( +-----BEGIN CERTIFICATE----- +MIIBrjCCARegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp +bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y +MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAE9nsLABDporlTvx1OBUc4Hd5vxfX+8nS/OhbHmKtFLYNu +1CLLrImbwMQYD2G+PgLO6sQHmASq2jmJKp6ZWsRkTqM+MDwwDwYDVR0lBAgwBgYE +VR0lADAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEw +DQYJKoZIhvcNAQELBQADgYEAxgjgn1SAzQ+2GeCicZ5ndvVhKIeFelGCQ989XTVq +uUbAYBW6v8GXNuVzoXYxDgNSanF6U+w+INrJ6daKVrIxAxdk9QFgBXqJoupuRAA3 +/OqnmYux0EqOTLbTK1P8DhaiaD0KV6dWGUwzqsgBmPkZ0lgNaPjvb1mKV3jhBkjz +L6A= +-----END CERTIFICATE----- +)"; + +static const char kNoEKU[] = R"( +-----BEGIN CERTIFICATE----- +MIIBnTCCAQagAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp +bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y +MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEpSFSqbYY86ZcMamE606dqdyjWlwhSHKOLUFsUUIzkMPz +KHRu/x3Yzi8+Hm8eFK/TnCbkpYsYw4hIw00176dYzaMtMCswDAYDVR0TAQH/BAIw +ADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GB +AHvYzynIkjLThExHRS+385hfv4vgrQSMmCM1SAnEIjSBGsU7RPgiGAstN06XivuF +T1fNugRmTu4OtOIbfdYkcjavJufw9hR9zWTt77CNMTy9XmOZLgdS5boFTtLCztr3 +TXHOSQQD8Dl4BK0wOet+TP6LBEjHlRFjAqK4bu9xpxV2 +-----END CERTIFICATE----- +)"; // CertFromPEM parses the given, NUL-terminated pem block and returns an // |X509*|. @@ -2315,62 +2359,66 @@ TEST(X509Test, InvalidExtensions) { // kExplicitDefaultVersionPEM is an X.509v1 certificate with the version number // encoded explicitly, rather than omitted as required by DER. -static const char kExplicitDefaultVersionPEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBfTCCASSgAwIBAAIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n" - "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n" - "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n" - "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n" - "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n" - "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n" - "HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w\n" - "BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ\n" - "FA==\n" - "-----END CERTIFICATE-----\n"; +static const char kExplicitDefaultVersionPEM[] = R"( +-----BEGIN CERTIFICATE----- +MIIBfTCCASSgAwIBAAIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC +QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp +dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ +BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l +dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni +v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa +HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w +BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ +FA== +-----END CERTIFICATE----- +)"; // kNegativeVersionPEM is an X.509 certificate with a negative version number. -static const char kNegativeVersionPEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBfTCCASSgAwIB/wIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n" - "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n" - "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n" - "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n" - "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n" - "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n" - "HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w\n" - "BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ\n" - "FA==\n" - "-----END CERTIFICATE-----\n"; +static const char kNegativeVersionPEM[] = R"( +-----BEGIN CERTIFICATE----- +MIIBfTCCASSgAwIB/wIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC +QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp +dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ +BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l +dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni +v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa +HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w +BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ +FA== +-----END CERTIFICATE----- +)"; // kFutureVersionPEM is an X.509 certificate with a version number value of // three, which is not defined. (v3 has value two). -static const char kFutureVersionPEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBfTCCASSgAwIBAwIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n" - "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n" - "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n" - "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n" - "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n" - "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n" - "HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w\n" - "BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ\n" - "FA==\n" - "-----END CERTIFICATE-----\n"; +static const char kFutureVersionPEM[] = R"( +-----BEGIN CERTIFICATE----- +MIIBfTCCASSgAwIBAwIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC +QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp +dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ +BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l +dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni +v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa +HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w +BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ +FA== +-----END CERTIFICATE----- +)"; // kOverflowVersionPEM is an X.509 certificate with a version field which // overflows |uint64_t|. -static const char kOverflowVersionPEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBoDCCAUegJgIkAP//////////////////////////////////////////////\n" - "AgkA2UwE2kl9v+swCQYHKoZIzj0EATBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwK\n" - "U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4X\n" - "DTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UEBhMCQVUxEzAR\n" - "BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5\n" - "IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWX\n" - "a7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsEw\n" - "CQYHKoZIzj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYdd\n" - "xAcCIHweeRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU\n" - "-----END CERTIFICATE-----\n"; +static const char kOverflowVersionPEM[] = R"( +-----BEGIN CERTIFICATE----- +MIIBoDCCAUegJgIkAP////////////////////////////////////////////// +AgkA2UwE2kl9v+swCQYHKoZIzj0EATBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwK +U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4X +DTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UEBhMCQVUxEzAR +BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5 +IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWX +a7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsEw +CQYHKoZIzj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYdd +xAcCIHweeRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU +-----END CERTIFICATE----- +)"; /* @@ -2378,63 +2426,67 @@ Test cases disabled. TODO re-enable in Jan 2021. https://crbug.com/boringssl/375 // kV1WithExtensionsPEM is an X.509v1 certificate with extensions. -static const char kV1WithExtensionsPEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIByjCCAXECCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw\n" - "EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0\n" - "eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG\n" - "EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk\n" - "Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+\n" - "Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x\n" - "lC1Lz3IiwaNQME4wHQYDVR0OBBYEFKuE0qyrlfCCThZ4B1VXX+QmjYLRMB8GA1Ud\n" - "IwQYMBaAFKuE0qyrlfCCThZ4B1VXX+QmjYLRMAwGA1UdEwQFMAMBAf8wCQYHKoZI\n" - "zj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYddxAcCIHwe\n" - "eRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU\n" - "-----END CERTIFICATE-----\n"; +static const char kV1WithExtensionsPEM[] = R"( +-----BEGIN CERTIFICATE----- +MIIByjCCAXECCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw +EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG +EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk +Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+ +Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x +lC1Lz3IiwaNQME4wHQYDVR0OBBYEFKuE0qyrlfCCThZ4B1VXX+QmjYLRMB8GA1Ud +IwQYMBaAFKuE0qyrlfCCThZ4B1VXX+QmjYLRMAwGA1UdEwQFMAMBAf8wCQYHKoZI +zj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYddxAcCIHwe +eRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU +-----END CERTIFICATE----- +)"; // kV2WithExtensionsPEM is an X.509v2 certificate with extensions. -static const char kV2WithExtensionsPEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBzzCCAXagAwIBAQIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC\n" - "QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp\n" - "dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ\n" - "BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l\n" - "dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni\n" - "v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa\n" - "HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw\n" - "HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ\n" - "BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E\n" - "BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=\n" - "-----END CERTIFICATE-----\n"; +static const char kV2WithExtensionsPEM[] = R"( +-----BEGIN CERTIFICATE----- +MIIBzzCCAXagAwIBAQIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC +QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp +dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ +BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l +dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni +v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa +HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw +HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ +BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E +BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ= +-----END CERTIFICATE----- +)"; */ // kV1WithIssuerUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID. -static const char kV1WithIssuerUniqueIDPEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw\n" - "EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0\n" - "eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG\n" - "EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk\n" - "Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+\n" - "Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x\n" - "lC1Lz3IiwYEJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb\n" - "7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf\n" - "MlJhXnXJFA==\n" - "-----END CERTIFICATE-----\n"; +static const char kV1WithIssuerUniqueIDPEM[] = R"( +-----BEGIN CERTIFICATE----- +MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw +EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG +EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk +Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+ +Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x +lC1Lz3IiwYEJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb +7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf +MlJhXnXJFA== +-----END CERTIFICATE----- +)"; // kV1WithSubjectUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID. -static const char kV1WithSubjectUniqueIDPEM[] = - "-----BEGIN CERTIFICATE-----\n" - "MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw\n" - "EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0\n" - "eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG\n" - "EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk\n" - "Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+\n" - "Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x\n" - "lC1Lz3IiwYIJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb\n" - "7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf\n" - "MlJhXnXJFA==\n" - "-----END CERTIFICATE-----\n"; +static const char kV1WithSubjectUniqueIDPEM[] = R"( +-----BEGIN CERTIFICATE----- +MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw +EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG +EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk +Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+ +Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x +lC1Lz3IiwYIJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb +7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf +MlJhXnXJFA== +-----END CERTIFICATE----- +)"; // Test that the X.509 parser enforces versions are valid and match the fields // present. From 51b428153d5190c443e985f8feee9dbb5b2d0a39 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 5 Oct 2020 10:02:53 -0700 Subject: [PATCH 120/399] Include rodata subsections in FIPS-shared build. Sometimes the linker will generate rodata subsections even if we don't have -fdata-sections enabled. That's ok, so include them in the FIPS module. The other subsections continue to be discarded to ensure that unexpected sections don't appear and escape the module. Bug: b/142971559 Change-Id: Icebcf40bd3d0e63f20456e44f6c2564f4316b561 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43324 Commit-Queue: Adam Langley Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- crypto/fipsmodule/fips_shared.lds | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/crypto/fipsmodule/fips_shared.lds b/crypto/fipsmodule/fips_shared.lds index c3db1013bd..323de73b00 100644 --- a/crypto/fipsmodule/fips_shared.lds +++ b/crypto/fipsmodule/fips_shared.lds @@ -8,18 +8,17 @@ SECTIONS .rodata : { BORINGSSL_bcm_rodata_start = .; *(.rodata) + *(.rodata.*) BORINGSSL_bcm_rodata_end = .; } /DISCARD/ : { + /* These sections shouldn't exist. In order to catch any slip-ups, direct + * the linker to discard them. */ *(.rela.dyn) *(.data) *(.rel.ro) *(*.text.*) *(*.data.*) - - /* This should be included to catch any unexpected rodata subsections, but - it crashes the linker! - *(*.rodata.*) */ } } From 6222fe767dd911bc2dac62b7cbf170c5b73dee8d Mon Sep 17 00:00:00 2001 From: Dan McArdle Date: Mon, 28 Sep 2020 12:50:18 -0400 Subject: [PATCH 121/399] runner: Refactor BoGo clientHelloMsg extension marshalling. This CL replaces clientHelloMsg's npnAfterAlpn and pskBinderFirst fields with a new field: prefixExtensions. The extensions in prefixExtensions are tried first when marshalling clientHelloMsg. The ability to control extensions' marshalling order will make it simpler to implement the "outer_extensions" behavior defined in draft-ietf-tls-esni-07. Bug: 275 Change-Id: Ib6dcc1e6fa0281f312cb65a9e204415c3f3ef2c6 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43064 Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- ssl/test/runner/common.go | 1 + ssl/test/runner/handshake_client.go | 20 ++- ssl/test/runner/handshake_messages.go | 241 ++++++++++++++++---------- 3 files changed, 167 insertions(+), 95 deletions(-) diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go index d1ea08df83..b7517e71e6 100644 --- a/ssl/test/runner/common.go +++ b/ssl/test/runner/common.go @@ -125,6 +125,7 @@ const ( extensionQUICTransportParams uint16 = 0xffa5 // draft-ietf-quic-tls-13 extensionChannelID uint16 = 30032 // not IANA assigned extensionDelegatedCredentials uint16 = 0x22 // draft-ietf-tls-subcerts-06 + extensionDuplicate uint16 = 0xffff // not IANA assigned ) // TLS signaling cipher suite values diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go index 8548b78899..241518fedb 100644 --- a/ssl/test/runner/handshake_client.go +++ b/ssl/test/runner/handshake_client.go @@ -100,6 +100,19 @@ func (c *Conn) clientHandshake() error { return errors.New("tls: NextProtos values too large") } + // Translate the bugs that modify ClientHello extension order into a + // list of prefix extensions. The marshal function will try these + // extensions before any others, followed by any remaining extensions in + // the default order. + var prefixExtensions []uint16 + if c.config.Bugs.PSKBinderFirst && !c.config.Bugs.OnlyCorruptSecondPSKBinder { + prefixExtensions = append(prefixExtensions, extensionPreSharedKey) + } + if c.config.Bugs.SwapNPNAndALPN { + prefixExtensions = append(prefixExtensions, extensionALPN) + prefixExtensions = append(prefixExtensions, extensionNextProtoNeg) + } + minVersion := c.config.minVersion(c.isDTLS) maxVersion := c.config.maxVersion(c.isDTLS) hello := &clientHelloMsg{ @@ -119,15 +132,14 @@ func (c *Conn) clientHandshake() error { channelIDSupported: c.config.ChannelID != nil, tokenBindingParams: c.config.TokenBindingParams, tokenBindingVersion: c.config.TokenBindingVersion, - npnAfterAlpn: c.config.Bugs.SwapNPNAndALPN, extendedMasterSecret: maxVersion >= VersionTLS10, srtpProtectionProfiles: c.config.SRTPProtectionProfiles, srtpMasterKeyIdentifier: c.config.Bugs.SRTPMasterKeyIdentifer, customExtension: c.config.Bugs.CustomExtension, - pskBinderFirst: c.config.Bugs.PSKBinderFirst && !c.config.Bugs.OnlyCorruptSecondPSKBinder, omitExtensions: c.config.Bugs.OmitExtensions, emptyExtensions: c.config.Bugs.EmptyExtensions, delegatedCredentials: !c.config.Bugs.DisableDelegatedCredentials, + prefixExtensions: prefixExtensions, } if maxVersion >= VersionTLS13 { @@ -608,7 +620,9 @@ NextCipherSuite: hello.hasEarlyData = c.config.Bugs.SendEarlyDataOnSecondClientHello // The first ClientHello may have skipped this due to OnlyCorruptSecondPSKBinder. - hello.pskBinderFirst = c.config.Bugs.PSKBinderFirst + if c.config.Bugs.PSKBinderFirst && c.config.Bugs.OnlyCorruptSecondPSKBinder { + hello.prefixExtensions = append(hello.prefixExtensions, extensionPreSharedKey) + } if c.config.Bugs.OmitPSKsOnSecondClientHello { hello.pskIdentities = nil hello.pskBinders = nil diff --git a/ssl/test/runner/handshake_messages.go b/ssl/test/runner/handshake_messages.go index 9d3b6bcbd6..500e14ee24 100644 --- a/ssl/test/runner/handshake_messages.go +++ b/ssl/test/runner/handshake_messages.go @@ -285,19 +285,18 @@ type clientHelloMsg struct { channelIDSupported bool tokenBindingParams []byte tokenBindingVersion uint16 - npnAfterAlpn bool extendedMasterSecret bool srtpProtectionProfiles []uint16 srtpMasterKeyIdentifier string sctListSupported bool customExtension string hasGREASEExtension bool - pskBinderFirst bool omitExtensions bool emptyExtensions bool pad int compressedCertAlgs []uint16 delegatedCredentials bool + prefixExtensions []uint16 } func (m *clientHelloMsg) equal(i interface{}) bool { @@ -340,19 +339,18 @@ func (m *clientHelloMsg) equal(i interface{}) bool { m.channelIDSupported == m1.channelIDSupported && bytes.Equal(m.tokenBindingParams, m1.tokenBindingParams) && m.tokenBindingVersion == m1.tokenBindingVersion && - m.npnAfterAlpn == m1.npnAfterAlpn && m.extendedMasterSecret == m1.extendedMasterSecret && eqUint16s(m.srtpProtectionProfiles, m1.srtpProtectionProfiles) && m.srtpMasterKeyIdentifier == m1.srtpMasterKeyIdentifier && m.sctListSupported == m1.sctListSupported && m.customExtension == m1.customExtension && m.hasGREASEExtension == m1.hasGREASEExtension && - m.pskBinderFirst == m1.pskBinderFirst && m.omitExtensions == m1.omitExtensions && m.emptyExtensions == m1.emptyExtensions && m.pad == m1.pad && eqUint16s(m.compressedCertAlgs, m1.compressedCertAlgs) && - m.delegatedCredentials == m1.delegatedCredentials + m.delegatedCredentials == m1.delegatedCredentials && + eqUint16s(m.prefixExtensions, m1.prefixExtensions) } func (m *clientHelloMsg) marshalKeyShares(bb *byteBuilder) { @@ -390,34 +388,20 @@ func (m *clientHelloMsg) marshal() []byte { compressionMethods := hello.addU8LengthPrefixed() compressionMethods.addBytes(m.compressionMethods) - extensions := hello.addU16LengthPrefixed() - if len(m.pskIdentities) > 0 && m.pskBinderFirst { - extensions.addU16(extensionPreSharedKey) - pskExtension := extensions.addU16LengthPrefixed() - - pskIdentities := pskExtension.addU16LengthPrefixed() - for _, psk := range m.pskIdentities { - pskIdentities.addU16LengthPrefixed().addBytes(psk.ticket) - pskIdentities.addU32(psk.obfuscatedTicketAge) - } - pskBinders := pskExtension.addU16LengthPrefixed() - for _, binder := range m.pskBinders { - pskBinders.addU8LengthPrefixed().addBytes(binder) - } + type extension struct { + id uint16 + body []byte } + var extensions []extension + if m.duplicateExtension { // Add a duplicate bogus extension at the beginning and end. - extensions.addU16(0xffff) - extensions.addU16(0) // 0-length for empty extension + extensions = append(extensions, extension{id: extensionDuplicate}) } - if m.nextProtoNeg && !m.npnAfterAlpn { - extensions.addU16(extensionNextProtoNeg) - extensions.addU16(0) // The length is always 0 + if m.nextProtoNeg { + extensions = append(extensions, extension{id: extensionNextProtoNeg}) } if len(m.serverName) > 0 { - extensions.addU16(extensionServerName) - serverNameList := extensions.addU16LengthPrefixed() - // RFC 3546, section 3.1 // // struct { @@ -437,138 +421,170 @@ func (m *clientHelloMsg) marshal() []byte { // ServerName server_name_list<1..2^16-1> // } ServerNameList; + serverNameList := newByteBuilder() serverName := serverNameList.addU16LengthPrefixed() serverName.addU8(0) // NameType host_name(0) hostName := serverName.addU16LengthPrefixed() hostName.addBytes([]byte(m.serverName)) + + extensions = append(extensions, extension{ + id: extensionServerName, + body: serverNameList.finish(), + }) } if m.ocspStapling { - extensions.addU16(extensionStatusRequest) - certificateStatusRequest := extensions.addU16LengthPrefixed() - + certificateStatusRequest := newByteBuilder() // RFC 4366, section 3.6 certificateStatusRequest.addU8(1) // OCSP type // Two zero valued uint16s for the two lengths. certificateStatusRequest.addU16(0) // ResponderID length certificateStatusRequest.addU16(0) // Extensions length + extensions = append(extensions, extension{ + id: extensionStatusRequest, + body: certificateStatusRequest.finish(), + }) } if len(m.supportedCurves) > 0 { // http://tools.ietf.org/html/rfc4492#section-5.1.1 - extensions.addU16(extensionSupportedCurves) - supportedCurvesList := extensions.addU16LengthPrefixed() + supportedCurvesList := newByteBuilder() supportedCurves := supportedCurvesList.addU16LengthPrefixed() for _, curve := range m.supportedCurves { supportedCurves.addU16(uint16(curve)) } + extensions = append(extensions, extension{ + id: extensionSupportedCurves, + body: supportedCurvesList.finish(), + }) } if len(m.supportedPoints) > 0 { // http://tools.ietf.org/html/rfc4492#section-5.1.2 - extensions.addU16(extensionSupportedPoints) - supportedPointsList := extensions.addU16LengthPrefixed() + supportedPointsList := newByteBuilder() supportedPoints := supportedPointsList.addU8LengthPrefixed() supportedPoints.addBytes(m.supportedPoints) + extensions = append(extensions, extension{ + id: extensionSupportedPoints, + body: supportedPointsList.finish(), + }) } if m.hasKeyShares { - extensions.addU16(extensionKeyShare) - keyShareList := extensions.addU16LengthPrefixed() + keyShareList := newByteBuilder() m.marshalKeyShares(keyShareList) + extensions = append(extensions, extension{ + id: extensionKeyShare, + body: keyShareList.finish(), + }) } if len(m.pskKEModes) > 0 { - extensions.addU16(extensionPSKKeyExchangeModes) - pskModesExtension := extensions.addU16LengthPrefixed() + pskModesExtension := newByteBuilder() pskModesExtension.addU8LengthPrefixed().addBytes(m.pskKEModes) + extensions = append(extensions, extension{ + id: extensionPSKKeyExchangeModes, + body: pskModesExtension.finish(), + }) } if m.hasEarlyData { - extensions.addU16(extensionEarlyData) - extensions.addU16(0) // The length is zero. + extensions = append(extensions, extension{id: extensionEarlyData}) } if len(m.tls13Cookie) > 0 { - extensions.addU16(extensionCookie) - body := extensions.addU16LengthPrefixed() + body := newByteBuilder() body.addU16LengthPrefixed().addBytes(m.tls13Cookie) + extensions = append(extensions, extension{ + id: extensionCookie, + body: body.finish(), + }) } if m.ticketSupported { // http://tools.ietf.org/html/rfc5077#section-3.2 - extensions.addU16(extensionSessionTicket) - sessionTicketExtension := extensions.addU16LengthPrefixed() - sessionTicketExtension.addBytes(m.sessionTicket) + extensions = append(extensions, extension{ + id: extensionSessionTicket, + body: m.sessionTicket, + }) } if len(m.signatureAlgorithms) > 0 { // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 - extensions.addU16(extensionSignatureAlgorithms) - signatureAlgorithmsExtension := extensions.addU16LengthPrefixed() + signatureAlgorithmsExtension := newByteBuilder() signatureAlgorithms := signatureAlgorithmsExtension.addU16LengthPrefixed() for _, sigAlg := range m.signatureAlgorithms { signatureAlgorithms.addU16(uint16(sigAlg)) } + extensions = append(extensions, extension{ + id: extensionSignatureAlgorithms, + body: signatureAlgorithmsExtension.finish(), + }) } if len(m.signatureAlgorithmsCert) > 0 { - extensions.addU16(extensionSignatureAlgorithmsCert) - signatureAlgorithmsCertExtension := extensions.addU16LengthPrefixed() + signatureAlgorithmsCertExtension := newByteBuilder() signatureAlgorithmsCert := signatureAlgorithmsCertExtension.addU16LengthPrefixed() for _, sigAlg := range m.signatureAlgorithmsCert { signatureAlgorithmsCert.addU16(uint16(sigAlg)) } + extensions = append(extensions, extension{ + id: extensionSignatureAlgorithmsCert, + body: signatureAlgorithmsCertExtension.finish(), + }) } if len(m.supportedVersions) > 0 { - extensions.addU16(extensionSupportedVersions) - supportedVersionsExtension := extensions.addU16LengthPrefixed() + supportedVersionsExtension := newByteBuilder() supportedVersions := supportedVersionsExtension.addU8LengthPrefixed() for _, version := range m.supportedVersions { supportedVersions.addU16(uint16(version)) } + extensions = append(extensions, extension{ + id: extensionSupportedVersions, + body: supportedVersionsExtension.finish(), + }) } if m.secureRenegotiation != nil { - extensions.addU16(extensionRenegotiationInfo) - secureRenegoExt := extensions.addU16LengthPrefixed() - secureRenego := secureRenegoExt.addU8LengthPrefixed() - secureRenego.addBytes(m.secureRenegotiation) + secureRenegoExt := newByteBuilder() + secureRenegoExt.addU8LengthPrefixed().addBytes(m.secureRenegotiation) + extensions = append(extensions, extension{ + id: extensionRenegotiationInfo, + body: secureRenegoExt.finish(), + }) } if len(m.alpnProtocols) > 0 { // https://tools.ietf.org/html/rfc7301#section-3.1 - extensions.addU16(extensionALPN) - alpnExtension := extensions.addU16LengthPrefixed() - + alpnExtension := newByteBuilder() protocolNameList := alpnExtension.addU16LengthPrefixed() for _, s := range m.alpnProtocols { protocolName := protocolNameList.addU8LengthPrefixed() protocolName.addBytes([]byte(s)) } + extensions = append(extensions, extension{ + id: extensionALPN, + body: alpnExtension.finish(), + }) } if len(m.quicTransportParams) > 0 { - extensions.addU16(extensionQUICTransportParams) - params := extensions.addU16LengthPrefixed() - params.addBytes(m.quicTransportParams) + extensions = append(extensions, extension{ + id: extensionQUICTransportParams, + body: m.quicTransportParams, + }) } if m.channelIDSupported { - extensions.addU16(extensionChannelID) - extensions.addU16(0) // Length is always 0 + extensions = append(extensions, extension{id: extensionChannelID}) } if m.tokenBindingParams != nil { - extensions.addU16(extensionTokenBinding) - tokbindExtension := extensions.addU16LengthPrefixed() + tokbindExtension := newByteBuilder() tokbindExtension.addU16(m.tokenBindingVersion) tokbindParams := tokbindExtension.addU8LengthPrefixed() tokbindParams.addBytes(m.tokenBindingParams) - } - if m.nextProtoNeg && m.npnAfterAlpn { - extensions.addU16(extensionNextProtoNeg) - extensions.addU16(0) // Length is always 0 + extensions = append(extensions, extension{ + id: extensionTokenBinding, + body: tokbindExtension.finish(), + }) } if m.duplicateExtension { // Add a duplicate bogus extension at the beginning and end. - extensions.addU16(0xffff) - extensions.addU16(0) + extensions = append(extensions, extension{id: extensionDuplicate}) } if m.extendedMasterSecret { // https://tools.ietf.org/html/rfc7627 - extensions.addU16(extensionExtendedMasterSecret) - extensions.addU16(0) // Length is always 0 + extensions = append(extensions, extension{id: extensionExtendedMasterSecret}) } if len(m.srtpProtectionProfiles) > 0 { // https://tools.ietf.org/html/rfc5764#section-4.1.1 - extensions.addU16(extensionUseSRTP) - useSrtpExt := extensions.addU16LengthPrefixed() + useSrtpExt := newByteBuilder() srtpProtectionProfiles := useSrtpExt.addU16LengthPrefixed() for _, p := range m.srtpProtectionProfiles { @@ -576,38 +592,47 @@ func (m *clientHelloMsg) marshal() []byte { } srtpMki := useSrtpExt.addU8LengthPrefixed() srtpMki.addBytes([]byte(m.srtpMasterKeyIdentifier)) + + extensions = append(extensions, extension{ + id: extensionUseSRTP, + body: useSrtpExt.finish(), + }) } if m.sctListSupported { - extensions.addU16(extensionSignedCertificateTimestamp) - extensions.addU16(0) // Length is always 0 + extensions = append(extensions, extension{id: extensionSignedCertificateTimestamp}) } if l := len(m.customExtension); l > 0 { - extensions.addU16(extensionCustom) - customExt := extensions.addU16LengthPrefixed() - customExt.addBytes([]byte(m.customExtension)) + extensions = append(extensions, extension{ + id: extensionCustom, + body: []byte(m.customExtension), + }) } if len(m.compressedCertAlgs) > 0 { - extensions.addU16(extensionCompressedCertAlgs) - body := extensions.addU16LengthPrefixed() + body := newByteBuilder() algIDs := body.addU8LengthPrefixed() for _, v := range m.compressedCertAlgs { algIDs.addU16(v) } + extensions = append(extensions, extension{ + id: extensionCompressedCertAlgs, + body: body.finish(), + }) } if m.delegatedCredentials { - extensions.addU16(extensionDelegatedCredentials) - body := extensions.addU16LengthPrefixed() + body := newByteBuilder() signatureSchemeList := body.addU16LengthPrefixed() for _, sigAlg := range m.signatureAlgorithms { signatureSchemeList.addU16(uint16(sigAlg)) } + extensions = append(extensions, extension{ + id: extensionDelegatedCredentials, + body: body.finish(), + }) } // The PSK extension must be last. See https://tools.ietf.org/html/rfc8446#section-4.2.11 - if len(m.pskIdentities) > 0 && !m.pskBinderFirst { - extensions.addU16(extensionPreSharedKey) - pskExtension := extensions.addU16LengthPrefixed() - + if len(m.pskIdentities) > 0 { + pskExtension := newByteBuilder() pskIdentities := pskExtension.addU16LengthPrefixed() for _, psk := range m.pskIdentities { pskIdentities.addU16LengthPrefixed().addBytes(psk.ticket) @@ -617,11 +642,43 @@ func (m *clientHelloMsg) marshal() []byte { for _, binder := range m.pskBinders { pskBinders.addU8LengthPrefixed().addBytes(binder) } + extensions = append(extensions, extension{ + id: extensionPreSharedKey, + body: pskExtension.finish(), + }) + } + + // Write each extension in |extensions| to the |hello| message, hoisting + // the extensions named in |m.prefixExtensions| to the front. + extensionsBB := hello.addU16LengthPrefixed() + extMap := make(map[uint16][]byte) + for _, ext := range extensions { + extMap[ext.id] = ext.body + } + // Write each of the prefix extensions, if we have it. + for _, extID := range m.prefixExtensions { + if body, ok := extMap[extID]; ok { + extensionsBB.addU16(extID) + extensionsBB.addU16LengthPrefixed().addBytes(body) + } + } + // Forget each of the prefix extensions. This loop is separate from the + // extension-writing loop because |m.prefixExtensions| may contain + // duplicates. + for _, extID := range m.prefixExtensions { + delete(extMap, extID) + } + // Write each of the remaining extensions in their original order. + for _, ext := range extensions { + if _, ok := extMap[ext.id]; ok { + extensionsBB.addU16(ext.id) + extensionsBB.addU16LengthPrefixed().addBytes(ext.body) + } } if m.pad != 0 && hello.len()%m.pad != 0 { - extensions.addU16(extensionPadding) - padding := extensions.addU16LengthPrefixed() + extensionsBB.addU16(extensionPadding) + padding := extensionsBB.addU16LengthPrefixed() // Note hello.len() has changed at this point from the length // prefix. if l := hello.len() % m.pad; l != 0 { @@ -1236,7 +1293,7 @@ type serverExtensions struct { func (m *serverExtensions) marshal(extensions *byteBuilder) { if m.duplicateExtension { // Add a duplicate bogus extension at the beginning and end. - extensions.addU16(0xffff) + extensions.addU16(extensionDuplicate) extensions.addU16(0) // length = 0 for empty extension } if m.nextProtoNeg && !m.npnAfterAlpn { @@ -1286,7 +1343,7 @@ func (m *serverExtensions) marshal(extensions *byteBuilder) { } if m.duplicateExtension { // Add a duplicate bogus extension at the beginning and end. - extensions.addU16(0xffff) + extensions.addU16(extensionDuplicate) extensions.addU16(0) } if m.extendedMasterSecret { From 048f354b2a4085ef59b40c904fc8b8e1c318f873 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 5 Oct 2020 15:48:12 -0700 Subject: [PATCH 122/399] acvp: handle more private key formats. This change adds a config parameter PrivateKeyFile (to replace PrivateKeyDERFile, although that still exists) because taking PKCS#1 DER is a little odd for people. Also probe for PEM/DER and PKCS#1/8 automatically to try and work with whatever private key the user has. Change-Id: I0f4efcd79528cfb26f791e9ee8c5141fc6a93723 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43344 Reviewed-by: David Benjamin --- util/fipstools/acvp/ACVP.md | 4 ++-- util/fipstools/acvp/acvptool/acvp.go | 34 ++++++++++++++++++++++------ 2 files changed, 29 insertions(+), 9 deletions(-) diff --git a/util/fipstools/acvp/ACVP.md b/util/fipstools/acvp/ACVP.md index ddae4ed41d..71501de7db 100644 --- a/util/fipstools/acvp/ACVP.md +++ b/util/fipstools/acvp/ACVP.md @@ -13,14 +13,14 @@ Configuration is done via a `config.json` file in the current working directory. { "ACVPServer": "https://demo.acvts.nist.gov/", "CertPEMFile": "certificate_from_nist.pem", - "PrivateKeyDERFile": "your_private_key.key", + "PrivateKeyFile": "your_private_key.key", "TOTPSecret": "", "SessionTokensCache": "~/.cache/acvp-session-tokens", "LogFile": "log" } ``` -NIST's ACVP servers use both TLS client certificates and TOTP for authentication. When registering with NIST, they'll sign a CSR and return a certificate in PEM format, which is pointed to be `CertPEMFile`. The corresponding PKCS#1, DER-encoded private key is expected in `PrivateKeyDERFile`. Lastly, NIST will provide a file that contains the base64-encoded TOTP seed, which must be pasted in as the value of `TOTPSecret`. +NIST's ACVP servers use both TLS client certificates and TOTP for authentication. When registering with NIST, they'll sign a CSR and return a certificate in PEM format, which is pointed to be `CertPEMFile`. The corresponding private key is expected in `PrivateKeyFile`. Lastly, NIST will provide a file that contains the base64-encoded TOTP seed, which must be pasted in as the value of `TOTPSecret`. NIST's ACVP server provides special access tokens for each test session and test sessions can _only_ be accessed via those tokens. The reasoning behind this is unclear but this client can, optionally, keep records of these access tokens in the directory named by `SessionTokensCache`. If that directory name begins with `~/` then that prefix will be replaced with the value of `$HOME`. diff --git a/util/fipstools/acvp/acvptool/acvp.go b/util/fipstools/acvp/acvptool/acvp.go index feebed5044..bc8b0d87e3 100644 --- a/util/fipstools/acvp/acvptool/acvp.go +++ b/util/fipstools/acvp/acvptool/acvp.go @@ -17,6 +17,7 @@ package main import ( "bufio" "bytes" + "crypto" "crypto/hmac" "crypto/sha256" "crypto/x509" @@ -51,6 +52,7 @@ var ( type Config struct { CertPEMFile string + PrivateKeyFile string PrivateKeyDERFile string TOTPSecret string ACVPServer string @@ -281,17 +283,35 @@ func main() { block, _ := pem.Decode(certPEM) certDER := block.Bytes - if len(config.PrivateKeyDERFile) == 0 { - log.Fatal("Config file missing PrivateKeyDERFile") + if len(config.PrivateKeyDERFile) == 0 && len(config.PrivateKeyFile) == 0 { + log.Fatal("Config file missing PrivateKeyDERFile and PrivateKeyFile") } - keyDER, err := ioutil.ReadFile(config.PrivateKeyDERFile) - if err != nil { - log.Fatalf("failed to read private key from %q: %s", config.PrivateKeyDERFile, err) + if len(config.PrivateKeyDERFile) != 0 && len(config.PrivateKeyFile) != 0 { + log.Fatal("Config file has both PrivateKeyDERFile and PrivateKeyFile. Can only have one.") + } + privateKeyFile := config.PrivateKeyDERFile + if len(config.PrivateKeyFile) > 0 { + privateKeyFile = config.PrivateKeyFile } - certKey, err := x509.ParsePKCS1PrivateKey(keyDER) + keyBytes, err := ioutil.ReadFile(privateKeyFile) if err != nil { - log.Fatalf("failed to parse private key from %q: %s", config.PrivateKeyDERFile, err) + log.Fatalf("failed to read private key from %q: %s", privateKeyFile, err) + } + + var keyDER []byte + pemBlock, _ := pem.Decode(keyBytes) + if pemBlock != nil { + keyDER = pemBlock.Bytes + } else { + keyDER = keyBytes + } + + var certKey crypto.PrivateKey + if certKey, err = x509.ParsePKCS1PrivateKey(keyDER); err != nil { + if certKey, err = x509.ParsePKCS8PrivateKey(keyDER); err != nil { + log.Fatalf("failed to parse private key from %q: %s", privateKeyFile, err) + } } var middle Middle From 56b28d84466aedd4d2c82b5dc26572c9b0e2bfa8 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 5 Oct 2020 15:57:23 -0700 Subject: [PATCH 123/399] acvp: highlight that the TOTP secret goes in the config file. Change-Id: I469a49f0f678235700b8859d84b1b25b9f51518e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43325 Reviewed-by: David Benjamin --- util/fipstools/acvp/acvptool/acvp.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/fipstools/acvp/acvptool/acvp.go b/util/fipstools/acvp/acvptool/acvp.go index bc8b0d87e3..352247372c 100644 --- a/util/fipstools/acvp/acvptool/acvp.go +++ b/util/fipstools/acvp/acvptool/acvp.go @@ -270,7 +270,7 @@ func main() { } totpSecret, err := base64.StdEncoding.DecodeString(config.TOTPSecret) if err != nil { - log.Fatalf("Failed to decode TOTP secret from config file: %s", err) + log.Fatalf("Failed to base64-decode TOTP secret from config file: %s. (Note that the secret _itself_ should be in the config, not the name of a file that contains it.)", err) } if len(config.CertPEMFile) == 0 { From f94e6d7f9dc94842c33e6e6cb90691210ecf6b47 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Fri, 2 Oct 2020 14:04:37 -0700 Subject: [PATCH 124/399] acvp: add AES-CCM support. Change-Id: Ia8cbfd0b8f0f3932aea20e801e031d8df318f386 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43286 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- .../acvp/acvptool/subprocess/aead.go | 52 +++++++++------ .../acvp/acvptool/subprocess/subprocess.go | 7 +- .../acvp/modulewrapper/modulewrapper.cc | 65 +++++++++++++++++-- 3 files changed, 96 insertions(+), 28 deletions(-) diff --git a/util/fipstools/acvp/acvptool/subprocess/aead.go b/util/fipstools/acvp/acvptool/subprocess/aead.go index 0c38b8589a..e6585d1b6a 100644 --- a/util/fipstools/acvp/acvptool/subprocess/aead.go +++ b/util/fipstools/acvp/acvptool/subprocess/aead.go @@ -23,7 +23,8 @@ import ( // aead implements an ACVP algorithm by making requests to the subprocess // to encrypt and decrypt with an AEAD. type aead struct { - algo string + algo string + tagMergedWithCiphertext bool } type aeadVectorSet struct { @@ -120,18 +121,6 @@ func (a *aead) Process(vectorSet []byte, m Transactable) (interface{}, error) { return nil, fmt.Errorf("failed to decode aad in test case %d/%d: %s", group.ID, test.ID, err) } - var tag []byte - if !encrypt { - if tag, err = hex.DecodeString(test.TagHex); err != nil { - return nil, fmt.Errorf("failed to decode tag in test case %d/%d: %s", group.ID, test.ID, err) - } - if len(tag) != tagBytes { - return nil, fmt.Errorf("tag in test case %d/%d is %d bytes long, but should be %d", group.ID, test.ID, len(tag), tagBytes) - } - } else if len(test.TagHex) != 0 { - return nil, fmt.Errorf("test case %d/%d has unexpected tag input", group.ID, test.ID) - } - var inputHex, otherHex string if encrypt { inputHex, otherHex = test.PlaintextHex, test.CiphertextHex @@ -148,6 +137,27 @@ func (a *aead) Process(vectorSet []byte, m Transactable) (interface{}, error) { return nil, fmt.Errorf("failed to decode hex in test case %d/%d: %s", group.ID, test.ID, err) } + var tag []byte + if a.tagMergedWithCiphertext { + if len(test.TagHex) != 0 { + return nil, fmt.Errorf("test case %d/%d has unexpected tag input (should be merged into ciphertext)", group.ID, test.ID) + } + if !encrypt && len(input) < tagBytes { + return nil, fmt.Errorf("test case %d/%d has ciphertext shorter than the tag, but the tag should be included in it", group.ID, test.ID) + } + } else { + if !encrypt { + if tag, err = hex.DecodeString(test.TagHex); err != nil { + return nil, fmt.Errorf("failed to decode tag in test case %d/%d: %s", group.ID, test.ID, err) + } + if len(tag) != tagBytes { + return nil, fmt.Errorf("tag in test case %d/%d is %d bytes long, but should be %d", group.ID, test.ID, len(tag), tagBytes) + } + } else if len(test.TagHex) != 0 { + return nil, fmt.Errorf("test case %d/%d has unexpected tag input", group.ID, test.ID) + } + } + testResp := aeadTestResponse{ID: test.ID} if encrypt { @@ -160,12 +170,16 @@ func (a *aead) Process(vectorSet []byte, m Transactable) (interface{}, error) { return nil, fmt.Errorf("ciphertext from subprocess for test case %d/%d is shorter than the tag (%d vs %d)", group.ID, test.ID, len(result[0]), tagBytes) } - ciphertext := result[0][:len(result[0])-tagBytes] - ciphertextHex := hex.EncodeToString(ciphertext) - tag := result[0][len(result[0])-tagBytes:] - - testResp.CiphertextHex = &ciphertextHex - testResp.TagHex = hex.EncodeToString(tag) + if a.tagMergedWithCiphertext { + ciphertextHex := hex.EncodeToString(result[0]) + testResp.CiphertextHex = &ciphertextHex + } else { + ciphertext := result[0][:len(result[0])-tagBytes] + ciphertextHex := hex.EncodeToString(ciphertext) + testResp.CiphertextHex = &ciphertextHex + tag := result[0][len(result[0])-tagBytes:] + testResp.TagHex = hex.EncodeToString(tag) + } } else { result, err := m.Transact(op, 2, uint32le(uint32(tagBytes)), key, append(input, tag...), nonce, aad) if err != nil { diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index 9c554c2e2f..c713ea8f43 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -79,9 +79,10 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess "ACVP-AES-ECB": &blockCipher{"AES", 16, true, false}, "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, true, true}, "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, false, true}, - "ACVP-AES-GCM": &aead{"AES-GCM"}, - "ACVP-AES-KW": &aead{"AES-KW"}, - "ACVP-AES-KWP": &aead{"AES-KWP"}, + "ACVP-AES-GCM": &aead{"AES-GCM", false}, + "ACVP-AES-CCM": &aead{"AES-CCM", true}, + "ACVP-AES-KW": &aead{"AES-KW", false}, + "ACVP-AES-KWP": &aead{"AES-KWP", false}, "HMAC-SHA-1": &hmacPrimitive{"HMAC-SHA-1", 20}, "HMAC-SHA2-224": &hmacPrimitive{"HMAC-SHA2-224", 28}, "HMAC-SHA2-256": &hmacPrimitive{"HMAC-SHA2-256", 32}, diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index 961eaf7b4e..ff5ef6cf3b 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -235,6 +235,21 @@ static bool GetConfig(const Span args[]) { ], "payloadLen": [{"min": 8, "max": 1024, "increment": 8}] }, + { + "algorithm": "ACVP-AES-CCM", + "revision": "1.0", + "direction": [ + "encrypt", + "decrypt" + ], + "keyLen": [ + 128 + ], + "payloadLen": [{"min": 0, "max": 256, "increment": 8}], + "ivLen": [104], + "tagLen": [32], + "aadLen": [{"min": 0, "max": 1024, "increment": 8}] + }, { "algorithm": "HMAC-SHA-1", "revision": "1.0", @@ -495,7 +510,41 @@ static bool AESGCMSetup(EVP_AEAD_CTX *ctx, Span tag_len_span, return true; } -static bool AESGCMSeal(const Span args[]) { +static bool AESCCMSetup(EVP_AEAD_CTX *ctx, Span tag_len_span, + Span key) { + uint32_t tag_len_32; + if (tag_len_span.size() != sizeof(tag_len_32)) { + fprintf(stderr, "Tag size value is %u bytes, not an uint32_t\n", + static_cast(tag_len_span.size())); + return false; + } + memcpy(&tag_len_32, tag_len_span.data(), sizeof(tag_len_32)); + if (tag_len_32 != 4) { + fprintf(stderr, "AES-CCM only supports 4-byte tags, but %u was requested\n", + static_cast(tag_len_32)); + return false; + } + + if (key.size() != 16) { + fprintf(stderr, + "AES-CCM only supports 128-bit keys, but %u bits were given\n", + static_cast(key.size() * 8)); + return false; + } + + if (!EVP_AEAD_CTX_init(ctx, EVP_aead_aes_128_ccm_bluetooth(), key.data(), + key.size(), tag_len_32, nullptr)) { + fprintf(stderr, "Failed to setup AES-CCM with tag length %u\n", + static_cast(tag_len_32)); + return false; + } + + return true; +} + +template tag_len_span, + Span key)> +static bool AEADSeal(const Span args[]) { Span tag_len_span = args[0]; Span key = args[1]; Span plaintext = args[2]; @@ -503,7 +552,7 @@ static bool AESGCMSeal(const Span args[]) { Span ad = args[4]; bssl::ScopedEVP_AEAD_CTX ctx; - if (!AESGCMSetup(ctx.get(), tag_len_span, key)) { + if (!SetupFunc(ctx.get(), tag_len_span, key)) { return false; } @@ -523,7 +572,9 @@ static bool AESGCMSeal(const Span args[]) { return WriteReply(STDOUT_FILENO, Span(out)); } -static bool AESGCMOpen(const Span args[]) { +template tag_len_span, + Span key)> +static bool AEADOpen(const Span args[]) { Span tag_len_span = args[0]; Span key = args[1]; Span ciphertext = args[2]; @@ -531,7 +582,7 @@ static bool AESGCMOpen(const Span args[]) { Span ad = args[4]; bssl::ScopedEVP_AEAD_CTX ctx; - if (!AESGCMSetup(ctx.get(), tag_len_span, key)) { + if (!SetupFunc(ctx.get(), tag_len_span, key)) { return false; } @@ -916,12 +967,14 @@ static constexpr struct { {"AES-CBC/decrypt", 3, AES_CBC}, {"AES-CTR/encrypt", 3, AES_CTR}, {"AES-CTR/decrypt", 3, AES_CTR}, - {"AES-GCM/seal", 5, AESGCMSeal}, - {"AES-GCM/open", 5, AESGCMOpen}, + {"AES-GCM/seal", 5, AEADSeal}, + {"AES-GCM/open", 5, AEADOpen}, {"AES-KW/seal", 5, AESKeyWrapSeal}, {"AES-KW/open", 5, AESKeyWrapOpen}, {"AES-KWP/seal", 5, AESPaddedKeyWrapSeal}, {"AES-KWP/open", 5, AESPaddedKeyWrapOpen}, + {"AES-CCM/seal", 5, AEADSeal}, + {"AES-CCM/open", 5, AEADOpen}, {"HMAC-SHA-1", 2, HMAC}, {"HMAC-SHA2-224", 2, HMAC}, {"HMAC-SHA2-256", 2, HMAC}, From f2b2ef84072604ef6ecbbd10a38332b12acea82c Mon Sep 17 00:00:00 2001 From: Steven Valdez Date: Mon, 21 Sep 2020 11:39:22 -0400 Subject: [PATCH 125/399] Update TrustTokenV2 to use VOPRFs and assemble RR. Change-Id: I2f1f6b187bf42ebfdb61def73726d95740a9d55c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42965 Commit-Queue: Steven Valdez Reviewed-by: David Benjamin --- crypto/CMakeLists.txt | 1 + crypto/trust_token/internal.h | 153 +++-- crypto/trust_token/pmbtoken.c | 120 ++-- crypto/trust_token/trust_token.c | 139 +++-- crypto/trust_token/trust_token_test.cc | 59 +- crypto/trust_token/voprf.c | 766 +++++++++++++++++++++++++ include/openssl/trust_token.h | 16 +- tool/speed.cc | 43 +- 8 files changed, 1092 insertions(+), 205 deletions(-) create mode 100644 crypto/trust_token/voprf.c diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index a872626de5..2771768f43 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -340,6 +340,7 @@ add_library( thread_win.c trust_token/pmbtoken.c trust_token/trust_token.c + trust_token/voprf.c x509/a_digest.c x509/a_sign.c x509/a_strex.c diff --git a/crypto/trust_token/internal.h b/crypto/trust_token/internal.h index c935888ea2..0aa19363f1 100644 --- a/crypto/trust_token/internal.h +++ b/crypto/trust_token/internal.h @@ -30,16 +30,20 @@ extern "C" { #endif -// PMBTokens. -// -// PMBTokens is described in https://eprint.iacr.org/2020/072/20200324:214215 -// and provides anonymous tokens with private metadata. We implement the -// construction with validity verification, described in appendix H, -// construction 6. +// For the following cryptographic schemes, we use P-384 instead of our usual +// choice of P-256. See Appendix I of +// https://eprint.iacr.org/2020/072/20200324:214215 which describes two attacks +// which may affect smaller curves. In particular, p-1 for P-256 is smooth, +// giving a low complexity for the p-1 attack. P-384's p-1 has a 281-bit prime +// factor, +// 3055465788140352002733946906144561090641249606160407884365391979704929268480326390471. +// This lower-bounds the p-1 attack at O(2^140). The p+1 attack is lower-bounded +// by O(p^(1/3)) or O(2^128), so we do not need to check the smoothness of p+1. + -// PMBTOKEN_NONCE_SIZE is the size of nonces used as part of the PMBToken +// TRUST_TOKEN_NONCE_SIZE is the size of nonces used as part of the Trust_Token // protocol. -#define PMBTOKEN_NONCE_SIZE 64 +#define TRUST_TOKEN_NONCE_SIZE 64 typedef struct { // TODO(https://crbug.com/boringssl/334): These should store |EC_PRECOMP| so @@ -47,7 +51,7 @@ typedef struct { EC_AFFINE pub0; EC_AFFINE pub1; EC_AFFINE pubs; -} PMBTOKEN_CLIENT_KEY; +} TRUST_TOKEN_CLIENT_KEY; typedef struct { EC_SCALAR x0; @@ -62,47 +66,47 @@ typedef struct { EC_PRECOMP pub1_precomp; EC_AFFINE pubs; EC_PRECOMP pubs_precomp; -} PMBTOKEN_ISSUER_KEY; +} TRUST_TOKEN_ISSUER_KEY; -// PMBTOKEN_PRETOKEN represents the intermediate state a client keeps during a -// PMBToken issuance operation. +// TRUST_TOKEN_PRETOKEN represents the intermediate state a client keeps during +// a Trust_Token issuance operation. typedef struct pmb_pretoken_st { - uint8_t t[PMBTOKEN_NONCE_SIZE]; + uint8_t t[TRUST_TOKEN_NONCE_SIZE]; EC_SCALAR r; EC_AFFINE Tp; -} PMBTOKEN_PRETOKEN; +} TRUST_TOKEN_PRETOKEN; + +// TRUST_TOKEN_PRETOKEN_free releases the memory associated with |token|. +OPENSSL_EXPORT void TRUST_TOKEN_PRETOKEN_free(TRUST_TOKEN_PRETOKEN *token); + +DEFINE_STACK_OF(TRUST_TOKEN_PRETOKEN) -// PMBTOKEN_PRETOKEN_free releases the memory associated with |token|. -OPENSSL_EXPORT void PMBTOKEN_PRETOKEN_free(PMBTOKEN_PRETOKEN *token); -DEFINE_STACK_OF(PMBTOKEN_PRETOKEN) +// PMBTokens. +// +// PMBTokens is described in https://eprint.iacr.org/2020/072/20200324:214215 +// and provides anonymous tokens with private metadata. We implement the +// construction with validity verification, described in appendix H, +// construction 6. // The following functions implement the corresponding |TRUST_TOKENS_METHOD| // functions for |TRUST_TOKENS_experiment_v1|'s PMBTokens construction which // uses P-384. -// -// We use P-384 instead of our usual choice of P-256. See Appendix I which -// describes two attacks which may affect smaller curves. In particular, p-1 for -// P-256 is smooth, giving a low complexity for the p-1 attack. P-384's p-1 has -// a 281-bit prime factor, -// 3055465788140352002733946906144561090641249606160407884365391979704929268480326390471. -// This lower-bounds the p-1 attack at O(2^140). The p+1 attack is lower-bounded -// by O(p^(1/3)) or O(2^128), so we do not need to check the smoothness of p+1. int pmbtoken_exp1_generate_key(CBB *out_private, CBB *out_public); -int pmbtoken_exp1_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key, +int pmbtoken_exp1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key, const uint8_t *in, size_t len); -int pmbtoken_exp1_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key, +int pmbtoken_exp1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key, const uint8_t *in, size_t len); -STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp1_blind(CBB *cbb, size_t count); -int pmbtoken_exp1_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, +STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_exp1_blind(CBB *cbb, size_t count); +int pmbtoken_exp1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested, size_t num_to_issue, uint8_t private_metadata); STACK_OF(TRUST_TOKEN) * - pmbtoken_exp1_unblind(const PMBTOKEN_CLIENT_KEY *key, - const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens, + pmbtoken_exp1_unblind(const TRUST_TOKEN_CLIENT_KEY *key, + const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens, CBS *cbs, size_t count, uint32_t key_id); -int pmbtoken_exp1_read(const PMBTOKEN_ISSUER_KEY *key, - uint8_t out_nonce[PMBTOKEN_NONCE_SIZE], +int pmbtoken_exp1_read(const TRUST_TOKEN_ISSUER_KEY *key, + uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE], uint8_t *out_private_metadata, const uint8_t *token, size_t token_len); @@ -113,29 +117,21 @@ OPENSSL_EXPORT int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]); // The following functions implement the corresponding |TRUST_TOKENS_METHOD| // functions for |TRUST_TOKENS_experiment_v2|'s PMBTokens construction which // uses P-384. -// -// We use P-384 instead of our usual choice of P-256. See Appendix I which -// describes two attacks which may affect smaller curves. In particular, p-1 for -// P-256 is smooth, giving a low complexity for the p-1 attack. P-384's p-1 has -// a 281-bit prime factor, -// 3055465788140352002733946906144561090641249606160407884365391979704929268480326390471. -// This lower-bounds the p-1 attack at O(2^140). The p+1 attack is lower-bounded -// by O(p^(1/3)) or O(2^128), so we do not need to check the smoothness of p+1. int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public); -int pmbtoken_exp2_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key, +int pmbtoken_exp2_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key, const uint8_t *in, size_t len); -int pmbtoken_exp2_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key, +int pmbtoken_exp2_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key, const uint8_t *in, size_t len); -STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count); -int pmbtoken_exp2_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, +STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count); +int pmbtoken_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested, size_t num_to_issue, uint8_t private_metadata); STACK_OF(TRUST_TOKEN) * - pmbtoken_exp2_unblind(const PMBTOKEN_CLIENT_KEY *key, - const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens, + pmbtoken_exp2_unblind(const TRUST_TOKEN_CLIENT_KEY *key, + const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens, CBS *cbs, size_t count, uint32_t key_id); -int pmbtoken_exp2_read(const PMBTOKEN_ISSUER_KEY *key, - uint8_t out_nonce[PMBTOKEN_NONCE_SIZE], +int pmbtoken_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key, + uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE], uint8_t *out_private_metadata, const uint8_t *token, size_t token_len); @@ -144,6 +140,37 @@ int pmbtoken_exp2_read(const PMBTOKEN_ISSUER_KEY *key, OPENSSL_EXPORT int pmbtoken_exp2_get_h_for_testing(uint8_t out[97]); +// VOPRF. +// +// VOPRFs are described in https://tools.ietf.org/html/draft-irtf-cfrg-voprf-04 +// and provide anonymous tokens. This implementation uses TrustToken DSTs and +// the DLEQ batching primitive from +// https://eprint.iacr.org/2020/072/20200324:214215. +// VOPRF only uses the |pub|' field of the TRUST_TOKEN_CLIENT_KEY and +// |xs|/|pubs| fields of the TRUST_TOKEN_ISSUER_KEY. + +// The following functions implement the corresponding |TRUST_TOKENS_METHOD| +// functions for |TRUST_TOKENS_experiment_v2|'s VOPRF construction which uses +// P-384. +int voprf_exp2_generate_key(CBB *out_private, CBB *out_public); +int voprf_exp2_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key, + const uint8_t *in, size_t len); +int voprf_exp2_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key, + const uint8_t *in, size_t len); +STACK_OF(TRUST_TOKEN_PRETOKEN) * voprf_exp2_blind(CBB *cbb, size_t count); +int voprf_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, + size_t num_requested, size_t num_to_issue, + uint8_t private_metadata); +STACK_OF(TRUST_TOKEN) * + voprf_exp2_unblind(const TRUST_TOKEN_CLIENT_KEY *key, + const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens, + CBS *cbs, size_t count, uint32_t key_id); +int voprf_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key, + uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE], + uint8_t *out_private_metadata, const uint8_t *token, + size_t token_len); + + // Trust Tokens internals. struct trust_token_method_st { @@ -155,23 +182,23 @@ struct trust_token_method_st { // client_key_from_bytes decodes a client key from |in| and sets |key| // to the resulting key. It returns one on success and zero // on failure. - int (*client_key_from_bytes)(PMBTOKEN_CLIENT_KEY *key, const uint8_t *in, + int (*client_key_from_bytes)(TRUST_TOKEN_CLIENT_KEY *key, const uint8_t *in, size_t len); // issuer_key_from_bytes decodes a issuer key from |in| and sets |key| // to the resulting key. It returns one on success and zero // on failure. - int (*issuer_key_from_bytes)(PMBTOKEN_ISSUER_KEY *key, const uint8_t *in, + int (*issuer_key_from_bytes)(TRUST_TOKEN_ISSUER_KEY *key, const uint8_t *in, size_t len); // blind generates a new issuance request for |count| tokens. On - // success, it returns a newly-allocated |STACK_OF(PMBTOKEN_PRETOKEN)| and + // success, it returns a newly-allocated |STACK_OF(TRUST_TOKEN_PRETOKEN)| and // writes a request to the issuer to |cbb|. On failure, it returns NULL. The - // |STACK_OF(PMBTOKEN_PRETOKEN)|s should be passed to |pmbtoken_unblind| when + // |STACK_OF(TRUST_TOKEN_PRETOKEN)|s should be passed to |pmbtoken_unblind| when // the server responds. // // This function implements the AT.Usr0 operation. - STACK_OF(PMBTOKEN_PRETOKEN) *(*blind)(CBB *cbb, size_t count); + STACK_OF(TRUST_TOKEN_PRETOKEN) * (*blind)(CBB *cbb, size_t count); // sign parses a request for |num_requested| tokens from |cbs| and // issues |num_to_issue| tokens with |key| and a private metadata value of @@ -179,7 +206,7 @@ struct trust_token_method_st { // success and zero on failure. // // This function implements the AT.Sig operation. - int (*sign)(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, + int (*sign)(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested, size_t num_to_issue, uint8_t private_metadata); @@ -192,8 +219,8 @@ struct trust_token_method_st { // // This function implements the AT.Usr1 operation. STACK_OF(TRUST_TOKEN) * - (*unblind)(const PMBTOKEN_CLIENT_KEY *key, - const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens, CBS *cbs, + (*unblind)(const TRUST_TOKEN_CLIENT_KEY *key, + const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens, CBS *cbs, size_t count, uint32_t key_id); // read parses a PMBToken from |token| and verifies it using |key|. On @@ -201,8 +228,8 @@ struct trust_token_method_st { // |out_nonce| and |*out_private_metadata|. Otherwise, it returns zero. Note // that, unlike the output of |unblind|, |token| does not have a // four-byte key ID prepended. - int (*read)(const PMBTOKEN_ISSUER_KEY *key, - uint8_t out_nonce[PMBTOKEN_NONCE_SIZE], + int (*read)(const TRUST_TOKEN_ISSUER_KEY *key, + uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE], uint8_t *out_private_metadata, const uint8_t *token, size_t token_len); @@ -219,14 +246,14 @@ struct trust_token_method_st { // Structure representing a single Trust Token public key with the specified ID. struct trust_token_client_key_st { uint32_t id; - PMBTOKEN_CLIENT_KEY key; + TRUST_TOKEN_CLIENT_KEY key; }; // Structure representing a single Trust Token private key with the specified // ID. struct trust_token_issuer_key_st { uint32_t id; - PMBTOKEN_ISSUER_KEY key; + TRUST_TOKEN_ISSUER_KEY key; }; struct trust_token_client_st { @@ -243,7 +270,7 @@ struct trust_token_client_st { size_t num_keys; // pretokens is the intermediate state during an active issuance. - STACK_OF(PMBTOKEN_PRETOKEN)* pretokens; + STACK_OF(TRUST_TOKEN_PRETOKEN)* pretokens; // srr_key is the public key used to verify the signature of the SRR. EVP_PKEY *srr_key; @@ -281,7 +308,7 @@ extern "C++" { BSSL_NAMESPACE_BEGIN -BORINGSSL_MAKE_DELETER(PMBTOKEN_PRETOKEN, PMBTOKEN_PRETOKEN_free) +BORINGSSL_MAKE_DELETER(TRUST_TOKEN_PRETOKEN, TRUST_TOKEN_PRETOKEN_free) BSSL_NAMESPACE_END diff --git a/crypto/trust_token/pmbtoken.c b/crypto/trust_token/pmbtoken.c index f9132e6642..a6549b9c5f 100644 --- a/crypto/trust_token/pmbtoken.c +++ b/crypto/trust_token/pmbtoken.c @@ -31,10 +31,10 @@ typedef int (*hash_t_func_t)(const EC_GROUP *group, EC_RAW_POINT *out, - const uint8_t t[PMBTOKEN_NONCE_SIZE]); + const uint8_t t[TRUST_TOKEN_NONCE_SIZE]); typedef int (*hash_s_func_t)(const EC_GROUP *group, EC_RAW_POINT *out, const EC_AFFINE *t, - const uint8_t s[PMBTOKEN_NONCE_SIZE]); + const uint8_t s[TRUST_TOKEN_NONCE_SIZE]); typedef int (*hash_c_func_t)(const EC_GROUP *group, EC_SCALAR *out, uint8_t *buf, size_t len); @@ -165,10 +165,6 @@ static int mul_public_3(const EC_GROUP *group, EC_RAW_POINT *out, scalars, 3); } -void PMBTOKEN_PRETOKEN_free(PMBTOKEN_PRETOKEN *pretoken) { - OPENSSL_free(pretoken); -} - static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method, CBB *out_private, CBB *out_public) { const EC_GROUP *group = method->group; @@ -211,7 +207,7 @@ static int pmbtoken_generate_key(const PMBTOKEN_METHOD *method, } static int pmbtoken_client_key_from_bytes(const PMBTOKEN_METHOD *method, - PMBTOKEN_CLIENT_KEY *key, + TRUST_TOKEN_CLIENT_KEY *key, const uint8_t *in, size_t len) { CBS cbs; CBS_init(&cbs, in, len); @@ -230,7 +226,7 @@ static int pmbtoken_client_key_from_bytes(const PMBTOKEN_METHOD *method, } static int pmbtoken_issuer_key_from_bytes(const PMBTOKEN_METHOD *method, - PMBTOKEN_ISSUER_KEY *key, + TRUST_TOKEN_ISSUER_KEY *key, const uint8_t *in, size_t len) { const EC_GROUP *group = method->group; CBS cbs, tmp; @@ -269,10 +265,10 @@ static int pmbtoken_issuer_key_from_bytes(const PMBTOKEN_METHOD *method, return 1; } -static STACK_OF(PMBTOKEN_PRETOKEN) * +static STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_blind(const PMBTOKEN_METHOD *method, CBB *cbb, size_t count) { const EC_GROUP *group = method->group; - STACK_OF(PMBTOKEN_PRETOKEN) *pretokens = sk_PMBTOKEN_PRETOKEN_new_null(); + STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens = sk_TRUST_TOKEN_PRETOKEN_new_null(); if (pretokens == NULL) { OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); goto err; @@ -280,11 +276,11 @@ static STACK_OF(PMBTOKEN_PRETOKEN) * for (size_t i = 0; i < count; i++) { // Insert |pretoken| into |pretokens| early to simplify error-handling. - PMBTOKEN_PRETOKEN *pretoken = OPENSSL_malloc(sizeof(PMBTOKEN_PRETOKEN)); + TRUST_TOKEN_PRETOKEN *pretoken = OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN)); if (pretoken == NULL || - !sk_PMBTOKEN_PRETOKEN_push(pretokens, pretoken)) { + !sk_TRUST_TOKEN_PRETOKEN_push(pretokens, pretoken)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); - PMBTOKEN_PRETOKEN_free(pretoken); + TRUST_TOKEN_PRETOKEN_free(pretoken); goto err; } @@ -319,7 +315,7 @@ static STACK_OF(PMBTOKEN_PRETOKEN) * return pretokens; err: - sk_PMBTOKEN_PRETOKEN_pop_free(pretokens, PMBTOKEN_PRETOKEN_free); + sk_TRUST_TOKEN_PRETOKEN_pop_free(pretokens, TRUST_TOKEN_PRETOKEN_free); return NULL; } @@ -455,9 +451,10 @@ static int hash_c_batch(const PMBTOKEN_METHOD *method, EC_SCALAR *out, // DLEQOR2 with only one value (n=1). static int dleq_generate(const PMBTOKEN_METHOD *method, CBB *cbb, - const PMBTOKEN_ISSUER_KEY *priv, const EC_RAW_POINT *T, - const EC_RAW_POINT *S, const EC_RAW_POINT *W, - const EC_RAW_POINT *Ws, uint8_t private_metadata) { + const TRUST_TOKEN_ISSUER_KEY *priv, + const EC_RAW_POINT *T, const EC_RAW_POINT *S, + const EC_RAW_POINT *W, const EC_RAW_POINT *Ws, + uint8_t private_metadata) { const EC_GROUP *group = method->group; // We generate a DLEQ proof for the validity token and a DLEQOR2 proof for the @@ -616,7 +613,7 @@ static int dleq_generate(const PMBTOKEN_METHOD *method, CBB *cbb, } static int dleq_verify(const PMBTOKEN_METHOD *method, CBS *cbs, - const PMBTOKEN_CLIENT_KEY *pub, const EC_RAW_POINT *T, + const TRUST_TOKEN_CLIENT_KEY *pub, const EC_RAW_POINT *T, const EC_RAW_POINT *S, const EC_RAW_POINT *W, const EC_RAW_POINT *Ws) { const EC_GROUP *group = method->group; @@ -735,7 +732,7 @@ static int dleq_verify(const PMBTOKEN_METHOD *method, CBS *cbs, } static int pmbtoken_sign(const PMBTOKEN_METHOD *method, - const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, + const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested, size_t num_to_issue, uint8_t private_metadata) { const EC_GROUP *group = method->group; @@ -785,8 +782,8 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method, ec_scalar_select(group, &xb, mask, &key->x1, &key->x0); ec_scalar_select(group, &yb, mask, &key->y1, &key->y0); - uint8_t s[PMBTOKEN_NONCE_SIZE]; - RAND_bytes(s, PMBTOKEN_NONCE_SIZE); + uint8_t s[TRUST_TOKEN_NONCE_SIZE]; + RAND_bytes(s, TRUST_TOKEN_NONCE_SIZE); // The |jacobians| and |affines| contain Sp, Wp, and Wsp. EC_RAW_POINT jacobians[3]; EC_AFFINE affines[3]; @@ -796,9 +793,11 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method, !ec_point_mul_scalar_batch(group, &jacobians[2], &Tp, &key->xs, &jacobians[0], &key->ys, NULL, NULL) || !ec_jacobian_to_affine_batch(group, affines, jacobians, 3) || - !CBB_add_bytes(cbb, s, PMBTOKEN_NONCE_SIZE) || - !cbb_add_prefixed_point(cbb, group, &affines[1], method->prefix_point) || - !cbb_add_prefixed_point(cbb, group, &affines[2], method->prefix_point)) { + !CBB_add_bytes(cbb, s, TRUST_TOKEN_NONCE_SIZE) || + !cbb_add_prefixed_point(cbb, group, &affines[1], + method->prefix_point) || + !cbb_add_prefixed_point(cbb, group, &affines[2], + method->prefix_point)) { goto err; } @@ -877,11 +876,11 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method, static STACK_OF(TRUST_TOKEN) * pmbtoken_unblind(const PMBTOKEN_METHOD *method, - const PMBTOKEN_CLIENT_KEY *key, - const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens, CBS *cbs, + const TRUST_TOKEN_CLIENT_KEY *key, + const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens, CBS *cbs, size_t count, uint32_t key_id) { const EC_GROUP *group = method->group; - if (count > sk_PMBTOKEN_PRETOKEN_num(pretokens)) { + if (count > sk_TRUST_TOKEN_PRETOKEN_num(pretokens)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); return NULL; } @@ -919,12 +918,12 @@ static STACK_OF(TRUST_TOKEN) * } for (size_t i = 0; i < count; i++) { - const PMBTOKEN_PRETOKEN *pretoken = - sk_PMBTOKEN_PRETOKEN_value(pretokens, i); + const TRUST_TOKEN_PRETOKEN *pretoken = + sk_TRUST_TOKEN_PRETOKEN_value(pretokens, i); - uint8_t s[PMBTOKEN_NONCE_SIZE]; + uint8_t s[TRUST_TOKEN_NONCE_SIZE]; EC_AFFINE Wp_affine, Wsp_affine; - if (!CBS_copy_bytes(cbs, s, PMBTOKEN_NONCE_SIZE) || + if (!CBS_copy_bytes(cbs, s, TRUST_TOKEN_NONCE_SIZE) || !cbs_get_prefixed_point(cbs, group, &Wp_affine, method->prefix_point) || !cbs_get_prefixed_point(cbs, group, &Wsp_affine, method->prefix_point)) { @@ -963,9 +962,10 @@ static STACK_OF(TRUST_TOKEN) * // above. CBB token_cbb; size_t point_len = 1 + 2 * BN_num_bytes(&group->field); - if (!CBB_init(&token_cbb, 4 + PMBTOKEN_NONCE_SIZE + 3 * (2 + point_len)) || + if (!CBB_init(&token_cbb, + 4 + TRUST_TOKEN_NONCE_SIZE + 3 * (2 + point_len)) || !CBB_add_u32(&token_cbb, key_id) || - !CBB_add_bytes(&token_cbb, pretoken->t, PMBTOKEN_NONCE_SIZE) || + !CBB_add_bytes(&token_cbb, pretoken->t, TRUST_TOKEN_NONCE_SIZE) || !cbb_add_prefixed_point(&token_cbb, group, &affines[0], method->prefix_point) || !cbb_add_prefixed_point(&token_cbb, group, &affines[1], @@ -1034,15 +1034,15 @@ static STACK_OF(TRUST_TOKEN) * } static int pmbtoken_read(const PMBTOKEN_METHOD *method, - const PMBTOKEN_ISSUER_KEY *key, - uint8_t out_nonce[PMBTOKEN_NONCE_SIZE], + const TRUST_TOKEN_ISSUER_KEY *key, + uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE], uint8_t *out_private_metadata, const uint8_t *token, size_t token_len) { const EC_GROUP *group = method->group; CBS cbs; CBS_init(&cbs, token, token_len); EC_AFFINE S, W, Ws; - if (!CBS_copy_bytes(&cbs, out_nonce, PMBTOKEN_NONCE_SIZE) || + if (!CBS_copy_bytes(&cbs, out_nonce, TRUST_TOKEN_NONCE_SIZE) || !cbs_get_prefixed_point(&cbs, group, &S, method->prefix_point) || !cbs_get_prefixed_point(&cbs, group, &W, method->prefix_point) || !cbs_get_prefixed_point(&cbs, group, &Ws, method->prefix_point) || @@ -1101,15 +1101,15 @@ static int pmbtoken_read(const PMBTOKEN_METHOD *method, // PMBTokens experiment v1. static int pmbtoken_exp1_hash_t(const EC_GROUP *group, EC_RAW_POINT *out, - const uint8_t t[PMBTOKEN_NONCE_SIZE]) { + const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) { const uint8_t kHashTLabel[] = "PMBTokens Experiment V1 HashT"; return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07( - group, out, kHashTLabel, sizeof(kHashTLabel), t, PMBTOKEN_NONCE_SIZE); + group, out, kHashTLabel, sizeof(kHashTLabel), t, TRUST_TOKEN_NONCE_SIZE); } static int pmbtoken_exp1_hash_s(const EC_GROUP *group, EC_RAW_POINT *out, const EC_AFFINE *t, - const uint8_t s[PMBTOKEN_NONCE_SIZE]) { + const uint8_t s[TRUST_TOKEN_NONCE_SIZE]) { const uint8_t kHashSLabel[] = "PMBTokens Experiment V1 HashS"; int ret = 0; CBB cbb; @@ -1117,7 +1117,7 @@ static int pmbtoken_exp1_hash_s(const EC_GROUP *group, EC_RAW_POINT *out, size_t len; if (!CBB_init(&cbb, 0) || !point_to_cbb(&cbb, group, t) || - !CBB_add_bytes(&cbb, s, PMBTOKEN_NONCE_SIZE) || + !CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) || !CBB_finish(&cbb, &buf, &len) || !ec_hash_to_curve_p384_xmd_sha512_sswu_draft07( group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) { @@ -1182,7 +1182,7 @@ int pmbtoken_exp1_generate_key(CBB *out_private, CBB *out_public) { return pmbtoken_generate_key(&pmbtoken_exp1_method, out_private, out_public); } -int pmbtoken_exp1_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key, +int pmbtoken_exp1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key, const uint8_t *in, size_t len) { if (!pmbtoken_exp1_init_method()) { return 0; @@ -1190,7 +1190,7 @@ int pmbtoken_exp1_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key, return pmbtoken_client_key_from_bytes(&pmbtoken_exp1_method, key, in, len); } -int pmbtoken_exp1_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key, +int pmbtoken_exp1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key, const uint8_t *in, size_t len) { if (!pmbtoken_exp1_init_method()) { return 0; @@ -1198,14 +1198,14 @@ int pmbtoken_exp1_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key, return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp1_method, key, in, len); } -STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp1_blind(CBB *cbb, size_t count) { +STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_exp1_blind(CBB *cbb, size_t count) { if (!pmbtoken_exp1_init_method()) { return NULL; } return pmbtoken_blind(&pmbtoken_exp1_method, cbb, count); } -int pmbtoken_exp1_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, +int pmbtoken_exp1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested, size_t num_to_issue, uint8_t private_metadata) { if (!pmbtoken_exp1_init_method()) { @@ -1216,8 +1216,8 @@ int pmbtoken_exp1_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, } STACK_OF(TRUST_TOKEN) * - pmbtoken_exp1_unblind(const PMBTOKEN_CLIENT_KEY *key, - const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens, + pmbtoken_exp1_unblind(const TRUST_TOKEN_CLIENT_KEY *key, + const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens, CBS *cbs, size_t count, uint32_t key_id) { if (!pmbtoken_exp1_init_method()) { return NULL; @@ -1226,8 +1226,8 @@ STACK_OF(TRUST_TOKEN) * key_id); } -int pmbtoken_exp1_read(const PMBTOKEN_ISSUER_KEY *key, - uint8_t out_nonce[PMBTOKEN_NONCE_SIZE], +int pmbtoken_exp1_read(const TRUST_TOKEN_ISSUER_KEY *key, + uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE], uint8_t *out_private_metadata, const uint8_t *token, size_t token_len) { if (!pmbtoken_exp1_init_method()) { @@ -1251,15 +1251,15 @@ int pmbtoken_exp1_get_h_for_testing(uint8_t out[97]) { // PMBTokens experiment v2. static int pmbtoken_exp2_hash_t(const EC_GROUP *group, EC_RAW_POINT *out, - const uint8_t t[PMBTOKEN_NONCE_SIZE]) { + const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) { const uint8_t kHashTLabel[] = "PMBTokens Experiment V2 HashT"; return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07( - group, out, kHashTLabel, sizeof(kHashTLabel), t, PMBTOKEN_NONCE_SIZE); + group, out, kHashTLabel, sizeof(kHashTLabel), t, TRUST_TOKEN_NONCE_SIZE); } static int pmbtoken_exp2_hash_s(const EC_GROUP *group, EC_RAW_POINT *out, const EC_AFFINE *t, - const uint8_t s[PMBTOKEN_NONCE_SIZE]) { + const uint8_t s[TRUST_TOKEN_NONCE_SIZE]) { const uint8_t kHashSLabel[] = "PMBTokens Experiment V2 HashS"; int ret = 0; CBB cbb; @@ -1267,7 +1267,7 @@ static int pmbtoken_exp2_hash_s(const EC_GROUP *group, EC_RAW_POINT *out, size_t len; if (!CBB_init(&cbb, 0) || !point_to_cbb(&cbb, group, t) || - !CBB_add_bytes(&cbb, s, PMBTOKEN_NONCE_SIZE) || + !CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) || !CBB_finish(&cbb, &buf, &len) || !ec_hash_to_curve_p384_xmd_sha512_sswu_draft07( group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) { @@ -1332,7 +1332,7 @@ int pmbtoken_exp2_generate_key(CBB *out_private, CBB *out_public) { return pmbtoken_generate_key(&pmbtoken_exp2_method, out_private, out_public); } -int pmbtoken_exp2_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key, +int pmbtoken_exp2_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key, const uint8_t *in, size_t len) { if (!pmbtoken_exp2_init_method()) { return 0; @@ -1340,7 +1340,7 @@ int pmbtoken_exp2_client_key_from_bytes(PMBTOKEN_CLIENT_KEY *key, return pmbtoken_client_key_from_bytes(&pmbtoken_exp2_method, key, in, len); } -int pmbtoken_exp2_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key, +int pmbtoken_exp2_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key, const uint8_t *in, size_t len) { if (!pmbtoken_exp2_init_method()) { return 0; @@ -1348,14 +1348,14 @@ int pmbtoken_exp2_issuer_key_from_bytes(PMBTOKEN_ISSUER_KEY *key, return pmbtoken_issuer_key_from_bytes(&pmbtoken_exp2_method, key, in, len); } -STACK_OF(PMBTOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count) { +STACK_OF(TRUST_TOKEN_PRETOKEN) * pmbtoken_exp2_blind(CBB *cbb, size_t count) { if (!pmbtoken_exp2_init_method()) { return NULL; } return pmbtoken_blind(&pmbtoken_exp2_method, cbb, count); } -int pmbtoken_exp2_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, +int pmbtoken_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested, size_t num_to_issue, uint8_t private_metadata) { if (!pmbtoken_exp2_init_method()) { @@ -1366,8 +1366,8 @@ int pmbtoken_exp2_sign(const PMBTOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, } STACK_OF(TRUST_TOKEN) * - pmbtoken_exp2_unblind(const PMBTOKEN_CLIENT_KEY *key, - const STACK_OF(PMBTOKEN_PRETOKEN) * pretokens, + pmbtoken_exp2_unblind(const TRUST_TOKEN_CLIENT_KEY *key, + const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens, CBS *cbs, size_t count, uint32_t key_id) { if (!pmbtoken_exp2_init_method()) { return NULL; @@ -1376,8 +1376,8 @@ STACK_OF(TRUST_TOKEN) * key_id); } -int pmbtoken_exp2_read(const PMBTOKEN_ISSUER_KEY *key, - uint8_t out_nonce[PMBTOKEN_NONCE_SIZE], +int pmbtoken_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key, + uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE], uint8_t *out_private_metadata, const uint8_t *token, size_t token_len) { if (!pmbtoken_exp2_init_method()) { diff --git a/crypto/trust_token/trust_token.c b/crypto/trust_token/trust_token.c index fea619ef5e..a4891d8117 100644 --- a/crypto/trust_token/trust_token.c +++ b/crypto/trust_token/trust_token.c @@ -43,15 +43,15 @@ const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void) { return &kMethod; } -const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_pp(void) { +const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_voprf(void) { static const TRUST_TOKEN_METHOD kMethod = { - pmbtoken_exp2_generate_key, - pmbtoken_exp2_client_key_from_bytes, - pmbtoken_exp2_issuer_key_from_bytes, - pmbtoken_exp2_blind, - pmbtoken_exp2_sign, - pmbtoken_exp2_unblind, - pmbtoken_exp2_read, + voprf_exp2_generate_key, + voprf_exp2_client_key_from_bytes, + voprf_exp2_issuer_key_from_bytes, + voprf_exp2_blind, + voprf_exp2_sign, + voprf_exp2_unblind, + voprf_exp2_read, 0, /* has_private_metadata */ 6, /* max_keys */ 0, /* has_srr */ @@ -75,6 +75,10 @@ const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_pmb(void) { return &kMethod; } +void TRUST_TOKEN_PRETOKEN_free(TRUST_TOKEN_PRETOKEN *pretoken) { + OPENSSL_free(pretoken); +} + TRUST_TOKEN *TRUST_TOKEN_new(const uint8_t *data, size_t len) { TRUST_TOKEN *ret = OPENSSL_malloc(sizeof(TRUST_TOKEN)); if (ret == NULL) { @@ -160,7 +164,7 @@ void TRUST_TOKEN_CLIENT_free(TRUST_TOKEN_CLIENT *ctx) { return; } EVP_PKEY_free(ctx->srr_key); - sk_PMBTOKEN_PRETOKEN_pop_free(ctx->pretokens, PMBTOKEN_PRETOKEN_free); + sk_TRUST_TOKEN_PRETOKEN_pop_free(ctx->pretokens, TRUST_TOKEN_PRETOKEN_free); OPENSSL_free(ctx); } @@ -206,7 +210,7 @@ int TRUST_TOKEN_CLIENT_begin_issuance(TRUST_TOKEN_CLIENT *ctx, uint8_t **out, int ret = 0; CBB request; - STACK_OF(PMBTOKEN_PRETOKEN) *pretokens = NULL; + STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens = NULL; if (!CBB_init(&request, 0) || !CBB_add_u16(&request, count)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); @@ -223,14 +227,14 @@ int TRUST_TOKEN_CLIENT_begin_issuance(TRUST_TOKEN_CLIENT *ctx, uint8_t **out, goto err; } - sk_PMBTOKEN_PRETOKEN_pop_free(ctx->pretokens, PMBTOKEN_PRETOKEN_free); + sk_TRUST_TOKEN_PRETOKEN_pop_free(ctx->pretokens, TRUST_TOKEN_PRETOKEN_free); ctx->pretokens = pretokens; pretokens = NULL; ret = 1; err: CBB_cleanup(&request); - sk_PMBTOKEN_PRETOKEN_pop_free(pretokens, PMBTOKEN_PRETOKEN_free); + sk_TRUST_TOKEN_PRETOKEN_pop_free(pretokens, TRUST_TOKEN_PRETOKEN_free); return ret; } @@ -264,7 +268,7 @@ STACK_OF(TRUST_TOKEN) * return NULL; } - if (count > sk_PMBTOKEN_PRETOKEN_num(ctx->pretokens)) { + if (count > sk_TRUST_TOKEN_PRETOKEN_num(ctx->pretokens)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); return NULL; } @@ -281,7 +285,7 @@ STACK_OF(TRUST_TOKEN) * return NULL; } - sk_PMBTOKEN_PRETOKEN_pop_free(ctx->pretokens, PMBTOKEN_PRETOKEN_free); + sk_TRUST_TOKEN_PRETOKEN_pop_free(ctx->pretokens, TRUST_TOKEN_PRETOKEN_free); ctx->pretokens = NULL; *out_key_index = key_index; @@ -315,30 +319,39 @@ int TRUST_TOKEN_CLIENT_finish_redemption(TRUST_TOKEN_CLIENT *ctx, size_t response_len) { CBS in, srr, sig; CBS_init(&in, response, response_len); + if (!ctx->method->has_srr) { + if (!CBS_stow(&in, out_rr, out_rr_len)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + return 0; + } + + *out_sig = NULL; + *out_sig_len = 0; + return 1; + } + if (!CBS_get_u16_length_prefixed(&in, &srr) || - !CBS_get_u16_length_prefixed(&in, &sig)) { + !CBS_get_u16_length_prefixed(&in, &sig) || + CBS_len(&in) != 0) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_ERROR); return 0; } - if (ctx->method->has_srr) { - if (ctx->srr_key == NULL) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_NO_SRR_KEY_CONFIGURED); - return 0; - } + if (ctx->srr_key == NULL) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_NO_SRR_KEY_CONFIGURED); + return 0; + } - EVP_MD_CTX md_ctx; - EVP_MD_CTX_init(&md_ctx); - int sig_ok = - EVP_DigestVerifyInit(&md_ctx, NULL, NULL, NULL, ctx->srr_key) && - EVP_DigestVerify(&md_ctx, CBS_data(&sig), CBS_len(&sig), CBS_data(&srr), - CBS_len(&srr)); - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX md_ctx; + EVP_MD_CTX_init(&md_ctx); + int sig_ok = EVP_DigestVerifyInit(&md_ctx, NULL, NULL, NULL, ctx->srr_key) && + EVP_DigestVerify(&md_ctx, CBS_data(&sig), CBS_len(&sig), + CBS_data(&srr), CBS_len(&srr)); + EVP_MD_CTX_cleanup(&md_ctx); - if (!sig_ok) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_SRR_SIGNATURE_ERROR); - return 0; - } + if (!sig_ok) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_SRR_SIGNATURE_ERROR); + return 0; } uint8_t *srr_buf = NULL, *sig_buf = NULL; @@ -588,7 +601,7 @@ int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, const struct trust_token_issuer_key_st *key = trust_token_issuer_get_key(ctx, public_metadata); - uint8_t nonce[PMBTOKEN_NONCE_SIZE]; + uint8_t nonce[TRUST_TOKEN_NONCE_SIZE]; if (key == NULL || !ctx->method->read(&key->key, nonce, &private_metadata, CBS_data(&token_cbs), CBS_len(&token_cbs))) { @@ -672,16 +685,56 @@ int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, goto err; } - CBB child; - uint8_t *ptr; - if (!CBB_add_u16_length_prefixed(&response, &child) || - !CBB_add_bytes(&child, srr_buf, srr_len) || - !CBB_add_u16_length_prefixed(&response, &child) || - !CBB_reserve(&child, &ptr, sig_len) || - !EVP_DigestSign(&md_ctx, ptr, &sig_len, srr_buf, srr_len) || - !CBB_did_write(&child, sig_len)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); - goto err; + // Merge SRR and Signature into single string. + // TODO(svaldez): Expose API to construct this from the caller. + if (!ctx->method->has_srr) { + static const char kSRRHeader[] = "body=:"; + static const char kSRRSplit[] = ":, signature=:"; + static const char kSRREnd[] = ":"; + + size_t srr_b64_len, sig_b64_len; + if (!EVP_EncodedLength(&srr_b64_len, srr_len) || + !EVP_EncodedLength(&sig_b64_len, sig_len)) { + goto err; + } + + sig_buf = OPENSSL_malloc(sig_len); + uint8_t *srr_b64_buf = OPENSSL_malloc(srr_b64_len); + uint8_t *sig_b64_buf = OPENSSL_malloc(sig_b64_len); + if (!sig_buf || + !srr_b64_buf || + !sig_b64_buf || + !EVP_DigestSign(&md_ctx, sig_buf, &sig_len, srr_buf, srr_len) || + !CBB_add_bytes(&response, (const uint8_t *)kSRRHeader, + strlen(kSRRHeader)) || + !CBB_add_bytes(&response, srr_b64_buf, + EVP_EncodeBlock(srr_b64_buf, srr_buf, srr_len)) || + !CBB_add_bytes(&response, (const uint8_t *)kSRRSplit, + strlen(kSRRSplit)) || + !CBB_add_bytes(&response, sig_b64_buf, + EVP_EncodeBlock(sig_b64_buf, sig_buf, sig_len)) || + !CBB_add_bytes(&response, (const uint8_t *)kSRREnd, strlen(kSRREnd))) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + OPENSSL_free(srr_b64_buf); + OPENSSL_free(sig_b64_buf); + goto err; + } + + OPENSSL_free(srr_b64_buf); + OPENSSL_free(sig_b64_buf); + } else { + CBB child; + uint8_t *ptr; + if (!CBB_add_u16_length_prefixed(&response, &child) || + !CBB_add_bytes(&child, srr_buf, srr_len) || + !CBB_add_u16_length_prefixed(&response, &child) || + !CBB_reserve(&child, &ptr, sig_len) || + !EVP_DigestSign(&md_ctx, ptr, &sig_len, srr_buf, srr_len) || + !CBB_did_write(&child, sig_len) || + !CBB_flush(&response)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + goto err; + } } if (!CBS_stow(&client_data, &client_data_buf, &client_data_len) || @@ -690,7 +743,7 @@ int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, goto err; } - TRUST_TOKEN *token = TRUST_TOKEN_new(nonce, PMBTOKEN_NONCE_SIZE); + TRUST_TOKEN *token = TRUST_TOKEN_new(nonce, TRUST_TOKEN_NONCE_SIZE); if (token == NULL) { OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/trust_token/trust_token_test.cc b/crypto/trust_token/trust_token_test.cc index b282500cac..7f9b79ede5 100644 --- a/crypto/trust_token/trust_token_test.cc +++ b/crypto/trust_token/trust_token_test.cc @@ -56,16 +56,16 @@ TEST(TrustTokenTest, KeyGenExp1) { ASSERT_EQ(301u, pub_key_len); } -TEST(TrustTokenTest, KeyGenExp2PP) { +TEST(TrustTokenTest, KeyGenExp2VOPRF) { uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE]; uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE]; size_t priv_key_len, pub_key_len; ASSERT_TRUE(TRUST_TOKEN_generate_key( - TRUST_TOKEN_experiment_v2_pp(), priv_key, &priv_key_len, + TRUST_TOKEN_experiment_v2_voprf(), priv_key, &priv_key_len, TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE, pub_key, &pub_key_len, TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, 0x0001)); - ASSERT_EQ(292u, priv_key_len); - ASSERT_EQ(295u, pub_key_len); + ASSERT_EQ(52u, priv_key_len); + ASSERT_EQ(101u, pub_key_len); } TEST(TrustTokenTest, KeyGenExp2PMB) { @@ -127,7 +127,7 @@ TEST(TrustTokenTest, HExp2) { static std::vector AllMethods() { return { TRUST_TOKEN_experiment_v1(), - TRUST_TOKEN_experiment_v2_pp(), + TRUST_TOKEN_experiment_v2_voprf(), TRUST_TOKEN_experiment_v2_pmb() }; } @@ -389,10 +389,14 @@ TEST_P(TrustTokenProtocolTest, TruncatedRedemptionResponse) { Bytes(client_data, client_data_len)); resp_len = 10; + // If the protocol doesn't use SRRs, TRUST_TOKEN_CLIENT_finish_redemtpion + // leaves all SRR validation to the caller. uint8_t *srr = NULL, *sig = NULL; size_t srr_len, sig_len; - ASSERT_FALSE(TRUST_TOKEN_CLIENT_finish_redemption( - client.get(), &srr, &srr_len, &sig, &sig_len, redeem_resp, resp_len)); + bool expect_failure = !method()->has_srr; + ASSERT_EQ(expect_failure, TRUST_TOKEN_CLIENT_finish_redemption( + client.get(), &srr, &srr_len, &sig, &sig_len, + redeem_resp, resp_len)); bssl::UniquePtr free_srr(srr); bssl::UniquePtr free_sig(sig); } @@ -534,6 +538,27 @@ TEST_P(TrustTokenMetadataTest, SetAndGetMetadata) { bssl::UniquePtr free_srr(srr); bssl::UniquePtr free_sig(sig); + if (!method()->has_srr) { + size_t b64_len; + ASSERT_TRUE(EVP_EncodedLength(&b64_len, sizeof(kExpectedSRR) - 1)); + b64_len -= 1; + + const char kSRRHeader[] = "body=:"; + ASSERT_LT(sizeof(kSRRHeader) - 1 + b64_len, srr_len); + + ASSERT_EQ(Bytes(kSRRHeader, sizeof(kSRRHeader) - 1), + Bytes(srr, sizeof(kSRRHeader) - 1)); + uint8_t *decoded_srr = + (uint8_t *)OPENSSL_malloc(sizeof(kExpectedSRR) + 1); + ASSERT_TRUE(decoded_srr); + ASSERT_LT( + int(sizeof(kExpectedSRR) - 1), + EVP_DecodeBlock(decoded_srr, srr + sizeof(kSRRHeader) - 1, b64_len)); + srr = decoded_srr; + srr_len = sizeof(kExpectedSRR) - 1; + free_srr.reset(srr); + } + const uint8_t kTokenHashDSTLabel[] = "TrustTokenV0 TokenHash"; uint8_t token_hash[SHA256_DIGEST_LENGTH]; SHA256_CTX sha_ctx; @@ -547,8 +572,8 @@ TEST_P(TrustTokenMetadataTest, SetAndGetMetadata) { uint8_t decode_private_metadata; ASSERT_TRUE(TRUST_TOKEN_decode_private_metadata( - method(), &decode_private_metadata, metadata_key, sizeof(metadata_key), - token_hash, sizeof(token_hash), srr[27])); + method(), &decode_private_metadata, metadata_key, + sizeof(metadata_key), token_hash, sizeof(token_hash), srr[27])); ASSERT_EQ(srr[18], public_metadata()); ASSERT_EQ(decode_private_metadata, private_metadata()); @@ -623,10 +648,13 @@ TEST_P(TrustTokenMetadataTest, TruncatedProof) { const EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1); size_t token_length = - PMBTOKEN_NONCE_SIZE + 2 * (1 + 2 * BN_num_bytes(&group->field)); + TRUST_TOKEN_NONCE_SIZE + 2 * (1 + 2 * BN_num_bytes(&group->field)); if (method() == TRUST_TOKEN_experiment_v1()) { token_length += 4; } + if (method() == TRUST_TOKEN_experiment_v2_voprf()) { + token_length = 1 + 2 * BN_num_bytes(&group->field); + } for (size_t i = 0; i < count; i++) { ASSERT_TRUE(CBB_add_bytes(bad_response.get(), CBS_data(&real_response), token_length)); @@ -683,10 +711,13 @@ TEST_P(TrustTokenMetadataTest, ExcessDataProof) { const EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1); size_t token_length = - PMBTOKEN_NONCE_SIZE + 2 * (1 + 2 * BN_num_bytes(&group->field)); + TRUST_TOKEN_NONCE_SIZE + 2 * (1 + 2 * BN_num_bytes(&group->field)); if (method() == TRUST_TOKEN_experiment_v1()) { token_length += 4; } + if (method() == TRUST_TOKEN_experiment_v2_voprf()) { + token_length = 1 + 2 * BN_num_bytes(&group->field); + } for (size_t i = 0; i < count; i++) { ASSERT_TRUE(CBB_add_bytes(bad_response.get(), CBS_data(&real_response), token_length)); @@ -734,7 +765,11 @@ class TrustTokenBadKeyTest }; TEST_P(TrustTokenBadKeyTest, BadKey) { - if (!method()->has_private_metadata && private_metadata()) { + // For versions without private metadata, only corruptions of 'xs' (the 4th + // entry in |scalars| below) result in a bad key, as the other scalars are + // unused internally. + if (!method()->has_private_metadata && + (private_metadata() || corrupted_key() != 4)) { return; } diff --git a/crypto/trust_token/voprf.c b/crypto/trust_token/voprf.c new file mode 100644 index 0000000000..f93ee9cd1e --- /dev/null +++ b/crypto/trust_token/voprf.c @@ -0,0 +1,766 @@ +/* Copyright (c) 2020, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "../ec_extra/internal.h" +#include "../fipsmodule/ec/internal.h" + +#include "internal.h" + + +typedef int (*hash_to_group_func_t)(const EC_GROUP *group, EC_RAW_POINT *out, + const uint8_t t[TRUST_TOKEN_NONCE_SIZE]); +typedef int (*hash_to_scalar_func_t)(const EC_GROUP *group, EC_SCALAR *out, + uint8_t *buf, size_t len); + +typedef struct { + const EC_GROUP *group; + + // hash_to_group implements the HashToGroup operation for VOPRFs. It returns + // one on success and zero on error. + hash_to_group_func_t hash_to_group; + // hash_to_scalar implements the HashToScalar operation for VOPRFs. It returns + // one on success and zero on error. + hash_to_scalar_func_t hash_to_scalar; +} VOPRF_METHOD; + +static const uint8_t kDefaultAdditionalData[32] = {0}; + +static int voprf_init_method(VOPRF_METHOD *method, int curve_nid, + hash_to_group_func_t hash_to_group, + hash_to_scalar_func_t hash_to_scalar) { + method->group = EC_GROUP_new_by_curve_name(curve_nid); + if (method->group == NULL) { + return 0; + } + + method->hash_to_group = hash_to_group; + method->hash_to_scalar = hash_to_scalar; + + return 1; +} + +static int cbb_add_point(CBB *out, const EC_GROUP *group, + const EC_AFFINE *point) { + size_t len = + ec_point_to_bytes(group, point, POINT_CONVERSION_UNCOMPRESSED, NULL, 0); + if (len == 0) { + return 0; + } + + uint8_t *p; + return CBB_add_space(out, &p, len) && + ec_point_to_bytes(group, point, POINT_CONVERSION_UNCOMPRESSED, p, + len) == len && + CBB_flush(out); +} + +static int cbs_get_point(CBS *cbs, const EC_GROUP *group, EC_AFFINE *out) { + CBS child; + size_t plen = 1 + 2 * BN_num_bytes(&group->field); + if (!CBS_get_bytes(cbs, &child, plen) || + !ec_point_from_uncompressed(group, out, CBS_data(&child), + CBS_len(&child))) { + return 0; + } + return 1; +} + +static int scalar_to_cbb(CBB *out, const EC_GROUP *group, + const EC_SCALAR *scalar) { + uint8_t *buf; + size_t scalar_len = BN_num_bytes(&group->order); + if (!CBB_add_space(out, &buf, scalar_len)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + return 0; + } + ec_scalar_to_bytes(group, buf, &scalar_len, scalar); + return 1; +} + +static int scalar_from_cbs(CBS *cbs, const EC_GROUP *group, EC_SCALAR *out) { + size_t scalar_len = BN_num_bytes(&group->order); + CBS tmp; + if (!CBS_get_bytes(cbs, &tmp, scalar_len)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + return 0; + } + + ec_scalar_from_bytes(group, out, CBS_data(&tmp), CBS_len(&tmp)); + return 1; +} + +static int voprf_generate_key(const VOPRF_METHOD *method, CBB *out_private, + CBB *out_public) { + const EC_GROUP *group = method->group; + EC_RAW_POINT pub; + EC_SCALAR priv; + EC_AFFINE pub_affine; + if (!ec_random_nonzero_scalar(group, &priv, kDefaultAdditionalData) || + !ec_point_mul_scalar_base(group, &pub, &priv) || + !ec_jacobian_to_affine(group, &pub_affine, &pub)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_KEYGEN_FAILURE); + return 0; + } + + if (!scalar_to_cbb(out_private, group, &priv) || + !cbb_add_point(out_public, group, &pub_affine)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BUFFER_TOO_SMALL); + return 0; + } + + return 1; +} + +static int voprf_client_key_from_bytes(const VOPRF_METHOD *method, + TRUST_TOKEN_CLIENT_KEY *key, + const uint8_t *in, size_t len) { + const EC_GROUP *group = method->group; + if (!ec_point_from_uncompressed(group, &key->pubs, in, len)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + return 0; + } + + return 1; +} + +static int voprf_issuer_key_from_bytes(const VOPRF_METHOD *method, + TRUST_TOKEN_ISSUER_KEY *key, + const uint8_t *in, size_t len) { + const EC_GROUP *group = method->group; + if (!ec_scalar_from_bytes(group, &key->xs, in, len)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + return 0; + } + + // Recompute the public key. + EC_RAW_POINT pub; + if (!ec_point_mul_scalar_base(group, &pub, &key->xs) || + !ec_jacobian_to_affine(group, &key->pubs, &pub)) { + return 0; + } + + return 1; +} + +static STACK_OF(TRUST_TOKEN_PRETOKEN) * + voprf_blind(const VOPRF_METHOD *method, CBB *cbb, size_t count) { + const EC_GROUP *group = method->group; + STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens = + sk_TRUST_TOKEN_PRETOKEN_new_null(); + if (pretokens == NULL) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + goto err; + } + + for (size_t i = 0; i < count; i++) { + // Insert |pretoken| into |pretokens| early to simplify error-handling. + TRUST_TOKEN_PRETOKEN *pretoken = + OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN)); + if (pretoken == NULL || + !sk_TRUST_TOKEN_PRETOKEN_push(pretokens, pretoken)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + TRUST_TOKEN_PRETOKEN_free(pretoken); + goto err; + } + + RAND_bytes(pretoken->t, sizeof(pretoken->t)); + + // We sample r in Montgomery form to simplify inverting. + EC_SCALAR r; + if (!ec_random_nonzero_scalar(group, &r, + kDefaultAdditionalData)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + goto err; + } + + // pretoken->r is rinv. + ec_scalar_inv0_montgomery(group, &pretoken->r, &r); + // Convert both out of Montgomery form. + ec_scalar_from_montgomery(group, &r, &r); + ec_scalar_from_montgomery(group, &pretoken->r, &pretoken->r); + + // Tp is the blinded token in the VOPRF protocol. + EC_RAW_POINT P, Tp; + if (!method->hash_to_group(group, &P, pretoken->t) || + !ec_point_mul_scalar(group, &Tp, &P, &r) || + !ec_jacobian_to_affine(group, &pretoken->Tp, &Tp)) { + goto err; + } + + if (!cbb_add_point(cbb, group, &pretoken->Tp)) { + goto err; + } + } + + return pretokens; + +err: + sk_TRUST_TOKEN_PRETOKEN_pop_free(pretokens, TRUST_TOKEN_PRETOKEN_free); + return NULL; +} + +static int hash_to_scalar_dleq(const VOPRF_METHOD *method, EC_SCALAR *out, + const EC_AFFINE *X, const EC_AFFINE *T, + const EC_AFFINE *W, const EC_AFFINE *K0, + const EC_AFFINE *K1) { + static const uint8_t kDLEQLabel[] = "DLEQ"; + + int ok = 0; + CBB cbb; + CBB_zero(&cbb); + uint8_t *buf = NULL; + size_t len; + if (!CBB_init(&cbb, 0) || + !CBB_add_bytes(&cbb, kDLEQLabel, sizeof(kDLEQLabel)) || + !cbb_add_point(&cbb, method->group, X) || + !cbb_add_point(&cbb, method->group, T) || + !cbb_add_point(&cbb, method->group, W) || + !cbb_add_point(&cbb, method->group, K0) || + !cbb_add_point(&cbb, method->group, K1) || + !CBB_finish(&cbb, &buf, &len) || + !method->hash_to_scalar(method->group, out, buf, len)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + goto err; + } + + ok = 1; + +err: + CBB_cleanup(&cbb); + OPENSSL_free(buf); + return ok; +} + +static int hash_to_scalar_batch(const VOPRF_METHOD *method, EC_SCALAR *out, + const CBB *points, size_t index) { + static const uint8_t kDLEQBatchLabel[] = "DLEQ BATCH"; + if (index > 0xffff) { + // The protocol supports only two-byte batches. + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW); + return 0; + } + + int ok = 0; + CBB cbb; + CBB_zero(&cbb); + uint8_t *buf = NULL; + size_t len; + if (!CBB_init(&cbb, 0) || + !CBB_add_bytes(&cbb, kDLEQBatchLabel, sizeof(kDLEQBatchLabel)) || + !CBB_add_bytes(&cbb, CBB_data(points), CBB_len(points)) || + !CBB_add_u16(&cbb, (uint16_t)index) || + !CBB_finish(&cbb, &buf, &len) || + !method->hash_to_scalar(method->group, out, buf, len)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + goto err; + } + + ok = 1; + +err: + CBB_cleanup(&cbb); + OPENSSL_free(buf); + return ok; +} + +static int dleq_generate(const VOPRF_METHOD *method, CBB *cbb, + const TRUST_TOKEN_ISSUER_KEY *priv, + const EC_RAW_POINT *T, const EC_RAW_POINT *W) { + const EC_GROUP *group = method->group; + + enum { + idx_T, + idx_W, + idx_k0, + idx_k1, + num_idx, + }; + EC_RAW_POINT jacobians[num_idx]; + + // Setup the DLEQ proof. + EC_SCALAR r; + if (// r <- Zp + !ec_random_nonzero_scalar(group, &r, kDefaultAdditionalData) || + // k0;k1 = r*(G;T) + !ec_point_mul_scalar_base(group, &jacobians[idx_k0], &r) || + !ec_point_mul_scalar(group, &jacobians[idx_k1], T, &r)) { + return 0; + } + + EC_AFFINE affines[num_idx]; + jacobians[idx_T] = *T; + jacobians[idx_W] = *W; + if (!ec_jacobian_to_affine_batch(group, affines, jacobians, num_idx)) { + return 0; + } + + // Compute c = Hc(...). + EC_SCALAR c; + if (!hash_to_scalar_dleq(method, &c, &priv->pubs, &affines[idx_T], + &affines[idx_W], &affines[idx_k0], + &affines[idx_k1])) { + return 0; + } + + + EC_SCALAR c_mont; + ec_scalar_to_montgomery(group, &c_mont, &c); + + // u = r + c*xs + EC_SCALAR u; + ec_scalar_mul_montgomery(group, &u, &priv->xs, &c_mont); + ec_scalar_add(group, &u, &r, &u); + + // Store DLEQ proof in transcript. + if (!scalar_to_cbb(cbb, group, &c) || + !scalar_to_cbb(cbb, group, &u)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + return 0; + } + + return 1; +} + +static int mul_public_2(const EC_GROUP *group, EC_RAW_POINT *out, + const EC_RAW_POINT *p0, const EC_SCALAR *scalar0, + const EC_RAW_POINT *p1, const EC_SCALAR *scalar1) { + EC_RAW_POINT points[2] = {*p0, *p1}; + EC_SCALAR scalars[2] = {*scalar0, *scalar1}; + return ec_point_mul_scalar_public_batch(group, out, /*g_scalar=*/NULL, points, + scalars, 2); +} + +static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs, + const TRUST_TOKEN_CLIENT_KEY *pub, const EC_RAW_POINT *T, + const EC_RAW_POINT *W) { + const EC_GROUP *group = method->group; + + + enum { + idx_T, + idx_W, + idx_k0, + idx_k1, + num_idx, + }; + EC_RAW_POINT jacobians[num_idx]; + + // Decode the DLEQ proof. + EC_SCALAR c, u; + if (!scalar_from_cbs(cbs, group, &c) || + !scalar_from_cbs(cbs, group, &u)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + return 0; + } + + // k0;k1 = u*(G;T) - c*(pub;W) + EC_RAW_POINT pubs; + ec_affine_to_jacobian(group, &pubs, &pub->pubs); + EC_SCALAR minus_c; + ec_scalar_neg(group, &minus_c, &c); + if (!ec_point_mul_scalar_public(group, &jacobians[idx_k0], &u, &pubs, + &minus_c) || + !mul_public_2(group, &jacobians[idx_k1], T, &u, W, &minus_c)) { + return 0; + } + + // Check the DLEQ proof. + EC_AFFINE affines[num_idx]; + jacobians[idx_T] = *T; + jacobians[idx_W] = *W; + if (!ec_jacobian_to_affine_batch(group, affines, jacobians, num_idx)) { + return 0; + } + + // Compute c = Hc(...). + EC_SCALAR calculated; + if (!hash_to_scalar_dleq(method, &calculated, &pub->pubs, &affines[idx_T], + &affines[idx_W], &affines[idx_k0], + &affines[idx_k1])) { + return 0; + } + + // c == calculated + if (!ec_scalar_equal_vartime(group, &c, &calculated)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_PROOF); + return 0; + } + + return 1; +} + +static int voprf_sign(const VOPRF_METHOD *method, + const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, + size_t num_requested, size_t num_to_issue) { + const EC_GROUP *group = method->group; + if (num_requested < num_to_issue) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR); + return 0; + } + + if (num_to_issue > ((size_t)-1) / sizeof(EC_RAW_POINT) || + num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW); + return 0; + } + + int ret = 0; + EC_RAW_POINT *BTs = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT)); + EC_RAW_POINT *Zs = OPENSSL_malloc(num_to_issue * sizeof(EC_RAW_POINT)); + EC_SCALAR *es = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR)); + CBB batch_cbb; + CBB_zero(&batch_cbb); + if (!BTs || + !Zs || + !es || + !CBB_init(&batch_cbb, 0) || + !cbb_add_point(&batch_cbb, method->group, &key->pubs)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + goto err; + } + + for (size_t i = 0; i < num_to_issue; i++) { + EC_AFFINE BT_affine, Z_affine; + EC_RAW_POINT BT, Z; + if (!cbs_get_point(cbs, group, &BT_affine)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + goto err; + } + ec_affine_to_jacobian(group, &BT, &BT_affine); + if (!ec_point_mul_scalar(group, &Z, &BT, &key->xs) || + !ec_jacobian_to_affine(group, &Z_affine, &Z) || + !cbb_add_point(cbb, group, &Z_affine)) { + goto err; + } + + if (!cbb_add_point(&batch_cbb, group, &BT_affine) || + !cbb_add_point(&batch_cbb, group, &Z_affine)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + goto err; + } + BTs[i] = BT; + Zs[i] = Z; + + if (!CBB_flush(cbb)) { + goto err; + } + } + + // The DLEQ batching construction is described in appendix B of + // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional + // computations all act on public inputs. + for (size_t i = 0; i < num_to_issue; i++) { + if (!hash_to_scalar_batch(method, &es[i], &batch_cbb, i)) { + goto err; + } + } + + EC_RAW_POINT BT_batch, Z_batch; + if (!ec_point_mul_scalar_public_batch(group, &BT_batch, + /*g_scalar=*/NULL, BTs, es, + num_to_issue) || + !ec_point_mul_scalar_public_batch(group, &Z_batch, + /*g_scalar=*/NULL, Zs, es, + num_to_issue)) { + goto err; + } + + CBB proof; + if (!CBB_add_u16_length_prefixed(cbb, &proof) || + !dleq_generate(method, &proof, key, &BT_batch, &Z_batch) || + !CBB_flush(cbb)) { + goto err; + } + + // Skip over any unused requests. + size_t point_len = 1 + 2 * BN_num_bytes(&group->field); + if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + goto err; + } + + ret = 1; + +err: + OPENSSL_free(BTs); + OPENSSL_free(Zs); + OPENSSL_free(es); + CBB_cleanup(&batch_cbb); + return ret; +} + +static STACK_OF(TRUST_TOKEN) * + voprf_unblind(const VOPRF_METHOD *method, const TRUST_TOKEN_CLIENT_KEY *key, + const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens, CBS *cbs, + size_t count, uint32_t key_id) { + const EC_GROUP *group = method->group; + if (count > sk_TRUST_TOKEN_PRETOKEN_num(pretokens)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + return NULL; + } + + int ok = 0; + STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null(); + if (ret == NULL) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (count > ((size_t)-1) / sizeof(EC_RAW_POINT) || + count > ((size_t)-1) / sizeof(EC_SCALAR)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW); + return 0; + } + EC_RAW_POINT *BTs = OPENSSL_malloc(count * sizeof(EC_RAW_POINT)); + EC_RAW_POINT *Zs = OPENSSL_malloc(count * sizeof(EC_RAW_POINT)); + EC_SCALAR *es = OPENSSL_malloc(count * sizeof(EC_SCALAR)); + CBB batch_cbb; + CBB_zero(&batch_cbb); + if (!BTs || + !Zs || + !es || + !CBB_init(&batch_cbb, 0) || + !cbb_add_point(&batch_cbb, method->group, &key->pubs)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + goto err; + } + + for (size_t i = 0; i < count; i++) { + const TRUST_TOKEN_PRETOKEN *pretoken = + sk_TRUST_TOKEN_PRETOKEN_value(pretokens, i); + + EC_AFFINE Z_affine; + if (!cbs_get_point(cbs, group, &Z_affine)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + goto err; + } + + ec_affine_to_jacobian(group, &BTs[i], &pretoken->Tp); + ec_affine_to_jacobian(group, &Zs[i], &Z_affine); + + if (!cbb_add_point(&batch_cbb, group, &pretoken->Tp) || + !cbb_add_point(&batch_cbb, group, &Z_affine)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + goto err; + } + + // Unblind the token. + // pretoken->r is rinv. + EC_RAW_POINT N; + EC_AFFINE N_affine; + if (!ec_point_mul_scalar(group, &N, &Zs[i], &pretoken->r) || + !ec_jacobian_to_affine(group, &N_affine, &N)) { + goto err; + } + + // Serialize the token. Include |key_id| to avoid an extra copy in the layer + // above. + CBB token_cbb; + size_t point_len = 1 + 2 * BN_num_bytes(&group->field); + if (!CBB_init(&token_cbb, 4 + TRUST_TOKEN_NONCE_SIZE + (2 + point_len)) || + !CBB_add_u32(&token_cbb, key_id) || + !CBB_add_bytes(&token_cbb, pretoken->t, TRUST_TOKEN_NONCE_SIZE) || + !cbb_add_point(&token_cbb, group, &N_affine) || + !CBB_flush(&token_cbb)) { + CBB_cleanup(&token_cbb); + goto err; + } + + TRUST_TOKEN *token = + TRUST_TOKEN_new(CBB_data(&token_cbb), CBB_len(&token_cbb)); + CBB_cleanup(&token_cbb); + if (token == NULL || + !sk_TRUST_TOKEN_push(ret, token)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + TRUST_TOKEN_free(token); + goto err; + } + } + + // The DLEQ batching construction is described in appendix B of + // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional + // computations all act on public inputs. + for (size_t i = 0; i < count; i++) { + if (!hash_to_scalar_batch(method, &es[i], &batch_cbb, i)) { + goto err; + } + } + + EC_RAW_POINT BT_batch, Z_batch; + if (!ec_point_mul_scalar_public_batch(group, &BT_batch, + /*g_scalar=*/NULL, BTs, es, count) || + !ec_point_mul_scalar_public_batch(group, &Z_batch, + /*g_scalar=*/NULL, Zs, es, count)) { + goto err; + } + + CBS proof; + if (!CBS_get_u16_length_prefixed(cbs, &proof) || + !dleq_verify(method, &proof, key, &BT_batch, &Z_batch) || + CBS_len(&proof) != 0) { + goto err; + } + + ok = 1; + +err: + OPENSSL_free(BTs); + OPENSSL_free(Zs); + OPENSSL_free(es); + CBB_cleanup(&batch_cbb); + if (!ok) { + sk_TRUST_TOKEN_pop_free(ret, TRUST_TOKEN_free); + ret = NULL; + } + return ret; +} + +static int voprf_read(const VOPRF_METHOD *method, + const TRUST_TOKEN_ISSUER_KEY *key, + uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE], + const uint8_t *token, size_t token_len) { + const EC_GROUP *group = method->group; + CBS cbs; + CBS_init(&cbs, token, token_len); + EC_AFFINE Ws; + if (!CBS_copy_bytes(&cbs, out_nonce, TRUST_TOKEN_NONCE_SIZE) || + !cbs_get_point(&cbs, group, &Ws) || + CBS_len(&cbs) != 0) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN); + return 0; + } + + + EC_RAW_POINT T; + if (!method->hash_to_group(group, &T, out_nonce)) { + return 0; + } + + EC_RAW_POINT Ws_calculated; + if (!ec_point_mul_scalar(group, &Ws_calculated, &T, &key->xs) || + !ec_affine_jacobian_equal(group, &Ws, &Ws_calculated)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_BAD_VALIDITY_CHECK); + return 0; + } + + return 1; +} + + +// VOPRF experiment v2. + +static int voprf_exp2_hash_to_group(const EC_GROUP *group, EC_RAW_POINT *out, + const uint8_t t[TRUST_TOKEN_NONCE_SIZE]) { + const uint8_t kHashTLabel[] = "TrustToken VOPRF Experiment V2 HashToGroup"; + return ec_hash_to_curve_p384_xmd_sha512_sswu_draft07( + group, out, kHashTLabel, sizeof(kHashTLabel), t, TRUST_TOKEN_NONCE_SIZE); +} + +static int voprf_exp2_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out, + uint8_t *buf, size_t len) { + const uint8_t kHashCLabel[] = "TrustToken VOPRF Experiment V2 HashToScalar"; + return ec_hash_to_scalar_p384_xmd_sha512_draft07( + group, out, kHashCLabel, sizeof(kHashCLabel), buf, len); +} + +static int voprf_exp2_ok = 0; +static VOPRF_METHOD voprf_exp2_method; +static CRYPTO_once_t voprf_exp2_method_once = CRYPTO_ONCE_INIT; + +static void voprf_exp2_init_method_impl(void) { + voprf_exp2_ok = + voprf_init_method(&voprf_exp2_method, NID_secp384r1, + voprf_exp2_hash_to_group, voprf_exp2_hash_to_scalar); +} + +static int voprf_exp2_init_method(void) { + CRYPTO_once(&voprf_exp2_method_once, voprf_exp2_init_method_impl); + if (!voprf_exp2_ok) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_INTERNAL_ERROR); + return 0; + } + return 1; +} + +int voprf_exp2_generate_key(CBB *out_private, CBB *out_public) { + if (!voprf_exp2_init_method()) { + return 0; + } + + return voprf_generate_key(&voprf_exp2_method, out_private, out_public); +} + +int voprf_exp2_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key, + const uint8_t *in, size_t len) { + if (!voprf_exp2_init_method()) { + return 0; + } + return voprf_client_key_from_bytes(&voprf_exp2_method, key, in, len); +} + +int voprf_exp2_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key, + const uint8_t *in, size_t len) { + if (!voprf_exp2_init_method()) { + return 0; + } + return voprf_issuer_key_from_bytes(&voprf_exp2_method, key, in, len); +} + +STACK_OF(TRUST_TOKEN_PRETOKEN) * voprf_exp2_blind(CBB *cbb, size_t count) { + if (!voprf_exp2_init_method()) { + return NULL; + } + return voprf_blind(&voprf_exp2_method, cbb, count); +} + +int voprf_exp2_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, + size_t num_requested, size_t num_to_issue, + uint8_t private_metadata) { + if (!voprf_exp2_init_method() || private_metadata != 0) { + return 0; + } + return voprf_sign(&voprf_exp2_method, key, cbb, cbs, num_requested, + num_to_issue); +} + +STACK_OF(TRUST_TOKEN) * + voprf_exp2_unblind(const TRUST_TOKEN_CLIENT_KEY *key, + const STACK_OF(TRUST_TOKEN_PRETOKEN) * pretokens, + CBS *cbs, size_t count, uint32_t key_id) { + if (!voprf_exp2_init_method()) { + return NULL; + } + return voprf_unblind(&voprf_exp2_method, key, pretokens, cbs, count, + key_id); +} + +int voprf_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key, + uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE], + uint8_t *out_private_metadata, const uint8_t *token, + size_t token_len) { + if (!voprf_exp2_init_method()) { + return 0; + } + return voprf_read(&voprf_exp2_method, key, out_nonce, token, token_len); +} diff --git a/include/openssl/trust_token.h b/include/openssl/trust_token.h index b6c00b2620..7146995eab 100644 --- a/include/openssl/trust_token.h +++ b/include/openssl/trust_token.h @@ -40,13 +40,11 @@ extern "C" { // PMBTokens and P-384. OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void); -// TRUST_TOKEN_experiment_v2_pp is an experimental Trust Tokens protocol using -// PMBTokens (with no private metadata) and P-384 with up to 6 keys, without RR -// verification. +// TRUST_TOKEN_experiment_v2_voprf is an experimental Trust Tokens protocol +// using VOPRFs and P-384 with up to 6 keys, without RR verification. // // This version is incomplete and should not be used. -// TODO(svaldez): Update to use the PrivacyPass primitive -OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_pp(void); +OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_voprf(void); // TRUST_TOKEN_experiment_v2_pmb is an experimental Trust Tokens protocol using // PMBTokens and P-384 with up to 3 keys, without RR verification. @@ -165,12 +163,8 @@ OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_begin_redemption( // |*out_rr| and |*out_rr_len| (respectively, |*out_sig| and |*out_sig_len|) // to a newly-allocated buffer containing the SRR (respectively, the SRR // signature). In other versions, it sets |*out_rr| and |*out_rr_len| -// (respectively, |*out_sig| and |*out_sig_len|) to a newly-allocated buffer -// containing the SRR (respectively, the SRR signature). It returns one on -// success or zero on failure. -// -// TODO(svaldez): Return the entire response in |*out_rr| and omit |*out_sig| in -// non-|TRUST_TOKEN_experiment_v1| versions. +// to a newly-allocated buffer containing |response| and leaves all validation +// to the caller. It returns one on success or zero on failure. OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_finish_redemption( TRUST_TOKEN_CLIENT *ctx, uint8_t **out_rr, size_t *out_rr_len, uint8_t **out_sig, size_t *out_sig_len, const uint8_t *response, diff --git a/tool/speed.cc b/tool/speed.cc index af81a603fd..5d724e77ad 100644 --- a/tool/speed.cc +++ b/tool/speed.cc @@ -984,11 +984,12 @@ static bool SpeedHashToCurve(const std::string &selected) { return true; } -static PMBTOKEN_PRETOKEN *pmbtoken_pretoken_dup(PMBTOKEN_PRETOKEN *in) { - PMBTOKEN_PRETOKEN *out = - (PMBTOKEN_PRETOKEN *)OPENSSL_malloc(sizeof(PMBTOKEN_PRETOKEN)); +static TRUST_TOKEN_PRETOKEN *trust_token_pretoken_dup( + TRUST_TOKEN_PRETOKEN *in) { + TRUST_TOKEN_PRETOKEN *out = + (TRUST_TOKEN_PRETOKEN *)OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN)); if (out) { - OPENSSL_memcpy(out, in, sizeof(PMBTOKEN_PRETOKEN)); + OPENSSL_memcpy(out, in, sizeof(TRUST_TOKEN_PRETOKEN)); } return out; } @@ -1059,9 +1060,9 @@ static bool SpeedTrustToken(std::string name, const TRUST_TOKEN_METHOD *method, &msg_len, batchsize); OPENSSL_free(issue_msg); // Clear pretokens. - sk_PMBTOKEN_PRETOKEN_pop_free(client->pretokens, - PMBTOKEN_PRETOKEN_free); - client->pretokens = sk_PMBTOKEN_PRETOKEN_new_null(); + sk_TRUST_TOKEN_PRETOKEN_pop_free(client->pretokens, + TRUST_TOKEN_PRETOKEN_free); + client->pretokens = sk_TRUST_TOKEN_PRETOKEN_new_null(); return ok; })) { fprintf(stderr, "TRUST_TOKEN_CLIENT_begin_issuance failed.\n"); @@ -1078,9 +1079,10 @@ static bool SpeedTrustToken(std::string name, const TRUST_TOKEN_METHOD *method, } bssl::UniquePtr free_issue_msg(issue_msg); - bssl::UniquePtr pretokens( - sk_PMBTOKEN_PRETOKEN_deep_copy(client->pretokens, pmbtoken_pretoken_dup, - PMBTOKEN_PRETOKEN_free)); + bssl::UniquePtr pretokens( + sk_TRUST_TOKEN_PRETOKEN_deep_copy(client->pretokens, + trust_token_pretoken_dup, + TRUST_TOKEN_PRETOKEN_free)); if (!TimeFunction(&results, [&]() -> bool { uint8_t *issue_resp = NULL; @@ -1116,8 +1118,9 @@ static bool SpeedTrustToken(std::string name, const TRUST_TOKEN_METHOD *method, issue_resp, resp_len)); // Reset pretokens. - client->pretokens = sk_PMBTOKEN_PRETOKEN_deep_copy( - pretokens.get(), pmbtoken_pretoken_dup, PMBTOKEN_PRETOKEN_free); + client->pretokens = sk_TRUST_TOKEN_PRETOKEN_deep_copy( + pretokens.get(), trust_token_pretoken_dup, + TRUST_TOKEN_PRETOKEN_free); return !!tokens; })) { fprintf(stderr, "TRUST_TOKEN_CLIENT_finish_issuance failed.\n"); @@ -1203,9 +1206,9 @@ static bool SpeedTrustToken(std::string name, const TRUST_TOKEN_METHOD *method, if (!TimeFunction(&results, [&]() -> bool { uint8_t *srr = NULL, *sig = NULL; size_t srr_len, sig_len; - int ok = TRUST_TOKEN_CLIENT_finish_redemption(client.get(), &srr, - &srr_len, &sig, &sig_len, - redeem_resp, resp_len); + int ok = TRUST_TOKEN_CLIENT_finish_redemption( + client.get(), &srr, &srr_len, &sig, &sig_len, redeem_resp, + redeem_resp_len); OPENSSL_free(srr); OPENSSL_free(sig); return ok; @@ -1352,7 +1355,15 @@ bool Speed(const std::vector &args) { !SpeedTrustToken("TrustToken-Exp1-Batch1", TRUST_TOKEN_experiment_v1(), 1, selected) || !SpeedTrustToken("TrustToken-Exp1-Batch10", TRUST_TOKEN_experiment_v1(), - 10, selected)) { + 10, selected) || + !SpeedTrustToken("TrustToken-Exp2VOPRF-Batch1", + TRUST_TOKEN_experiment_v2_voprf(), 1, selected) || + !SpeedTrustToken("TrustToken-Exp2VOPRF-Batch10", + TRUST_TOKEN_experiment_v2_voprf(), 10, selected) || + !SpeedTrustToken("TrustToken-Exp2PMB-Batch1", + TRUST_TOKEN_experiment_v2_pmb(), 1, selected) || + !SpeedTrustToken("TrustToken-Exp2PMB-Batch10", + TRUST_TOKEN_experiment_v2_pmb(), 10, selected)) { return false; } if (g_print_json) { From 974ac218e7141132fa84a81dfe8142e71680da5c Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 6 Oct 2020 16:12:09 -0400 Subject: [PATCH 126/399] runner: Implement a more complete ClientHello consistency check. The Go TLS implementation, at the time runner forked, had custom testing-only equal methods on all the handshake messages. We've since removed all of them except for ClientHello, where we repurposed the function to check ClientHello consistency on HelloVerifyRequest and HelloRetryRequest. These are tedious to update. Upstream has since replaced them with reflect.DeepEqual, but the comparison we want is even tighter. Even unknown extensions aren't allowed to change. Replace the check with a custom one that works on the byte serialization and remove clientHelloMsg.equal. Along the way, I've fixed the HRR PSK identity logic to match the spec a bit more and check binders more consistently. Change-Id: Ib39e8791201c42d37e304ae5110c7aeed62c8b3f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43364 Reviewed-by: Adam Langley Reviewed-by: Steven Valdez Commit-Queue: David Benjamin --- ssl/test/runner/handshake_messages.go | 142 --------------- ssl/test/runner/handshake_server.go | 250 ++++++++++++++++++++------ 2 files changed, 191 insertions(+), 201 deletions(-) diff --git a/ssl/test/runner/handshake_messages.go b/ssl/test/runner/handshake_messages.go index 500e14ee24..4378e77fbd 100644 --- a/ssl/test/runner/handshake_messages.go +++ b/ssl/test/runner/handshake_messages.go @@ -5,7 +5,6 @@ package runner import ( - "bytes" "encoding/binary" "fmt" ) @@ -299,60 +298,6 @@ type clientHelloMsg struct { prefixExtensions []uint16 } -func (m *clientHelloMsg) equal(i interface{}) bool { - m1, ok := i.(*clientHelloMsg) - if !ok { - return false - } - - return bytes.Equal(m.raw, m1.raw) && - m.isDTLS == m1.isDTLS && - m.vers == m1.vers && - bytes.Equal(m.random, m1.random) && - bytes.Equal(m.sessionId, m1.sessionId) && - bytes.Equal(m.cookie, m1.cookie) && - eqUint16s(m.cipherSuites, m1.cipherSuites) && - bytes.Equal(m.compressionMethods, m1.compressionMethods) && - m.nextProtoNeg == m1.nextProtoNeg && - m.serverName == m1.serverName && - m.ocspStapling == m1.ocspStapling && - eqCurveIDs(m.supportedCurves, m1.supportedCurves) && - bytes.Equal(m.supportedPoints, m1.supportedPoints) && - m.hasKeyShares == m1.hasKeyShares && - eqKeyShareEntryLists(m.keyShares, m1.keyShares) && - m.trailingKeyShareData == m1.trailingKeyShareData && - eqPSKIdentityLists(m.pskIdentities, m1.pskIdentities) && - bytes.Equal(m.pskKEModes, m1.pskKEModes) && - eqByteSlices(m.pskBinders, m1.pskBinders) && - m.hasEarlyData == m1.hasEarlyData && - bytes.Equal(m.tls13Cookie, m1.tls13Cookie) && - m.ticketSupported == m1.ticketSupported && - bytes.Equal(m.sessionTicket, m1.sessionTicket) && - eqSignatureAlgorithms(m.signatureAlgorithms, m1.signatureAlgorithms) && - eqSignatureAlgorithms(m.signatureAlgorithmsCert, m1.signatureAlgorithmsCert) && - eqUint16s(m.supportedVersions, m1.supportedVersions) && - bytes.Equal(m.secureRenegotiation, m1.secureRenegotiation) && - (m.secureRenegotiation == nil) == (m1.secureRenegotiation == nil) && - eqStrings(m.alpnProtocols, m1.alpnProtocols) && - bytes.Equal(m.quicTransportParams, m1.quicTransportParams) && - m.duplicateExtension == m1.duplicateExtension && - m.channelIDSupported == m1.channelIDSupported && - bytes.Equal(m.tokenBindingParams, m1.tokenBindingParams) && - m.tokenBindingVersion == m1.tokenBindingVersion && - m.extendedMasterSecret == m1.extendedMasterSecret && - eqUint16s(m.srtpProtectionProfiles, m1.srtpProtectionProfiles) && - m.srtpMasterKeyIdentifier == m1.srtpMasterKeyIdentifier && - m.sctListSupported == m1.sctListSupported && - m.customExtension == m1.customExtension && - m.hasGREASEExtension == m1.hasGREASEExtension && - m.omitExtensions == m1.omitExtensions && - m.emptyExtensions == m1.emptyExtensions && - m.pad == m1.pad && - eqUint16s(m.compressedCertAlgs, m1.compressedCertAlgs) && - m.delegatedCredentials == m1.delegatedCredentials && - eqUint16s(m.prefixExtensions, m1.prefixExtensions) -} - func (m *clientHelloMsg) marshalKeyShares(bb *byteBuilder) { keyShares := bb.addU16LengthPrefixed() for _, keyShare := range m.keyShares { @@ -2591,90 +2536,3 @@ func (*endOfEarlyDataMsg) unmarshal(data []byte) bool { // ssl3NoCertificateMsg is a dummy message to handle SSL 3.0 using a warning // alert in the handshake. type ssl3NoCertificateMsg struct{} - -func eqUint16s(x, y []uint16) bool { - if len(x) != len(y) { - return false - } - for i, v := range x { - if y[i] != v { - return false - } - } - return true -} - -func eqCurveIDs(x, y []CurveID) bool { - if len(x) != len(y) { - return false - } - for i, v := range x { - if y[i] != v { - return false - } - } - return true -} - -func eqStrings(x, y []string) bool { - if len(x) != len(y) { - return false - } - for i, v := range x { - if y[i] != v { - return false - } - } - return true -} - -func eqByteSlices(x, y [][]byte) bool { - if len(x) != len(y) { - return false - } - for i, v := range x { - if !bytes.Equal(v, y[i]) { - return false - } - } - return true -} - -func eqSignatureAlgorithms(x, y []signatureAlgorithm) bool { - if len(x) != len(y) { - return false - } - for i, v := range x { - v2 := y[i] - if v != v2 { - return false - } - } - return true -} - -func eqKeyShareEntryLists(x, y []keyShareEntry) bool { - if len(x) != len(y) { - return false - } - for i, v := range x { - if y[i].group != v.group || !bytes.Equal(y[i].keyExchange, v.keyExchange) { - return false - } - } - return true - -} - -func eqPSKIdentityLists(x, y []pskIdentity) bool { - if len(x) != len(y) { - return false - } - for i, v := range x { - if !bytes.Equal(y[i].ticket, v.ticket) || y[i].obfuscatedTicketAge != v.obfuscatedTicketAge { - return false - } - } - return true - -} diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go index 931ecca21c..88e186d5dc 100644 --- a/ssl/test/runner/handshake_server.go +++ b/ssl/test/runner/handshake_server.go @@ -185,18 +185,8 @@ func (hs *serverHandshakeState) readClientHello() error { if !bytes.Equal(newClientHello.cookie, helloVerifyRequest.cookie) { return errors.New("dtls: invalid cookie") } - - // Apart from the cookie, the two ClientHellos must - // match. Note that clientHello.equal compares the - // serialization, so we make a copy. - oldClientHelloCopy := *hs.clientHello - oldClientHelloCopy.raw = nil - oldClientHelloCopy.cookie = nil - newClientHelloCopy := *newClientHello - newClientHelloCopy.raw = nil - newClientHelloCopy.cookie = nil - if !oldClientHelloCopy.equal(&newClientHelloCopy) { - return errors.New("dtls: retransmitted ClientHello does not match") + if err := checkClientHellosEqual(hs.clientHello.raw, newClientHello.raw, c.isDTLS, nil); err != nil { + return err } hs.clientHello = newClientHello } @@ -465,12 +455,16 @@ Curves: pskIdentities := hs.clientHello.pskIdentities pskKEModes := hs.clientHello.pskKEModes + var replacedPSKIdentities bool if len(pskIdentities) == 0 && len(hs.clientHello.sessionTicket) > 0 && c.config.Bugs.AcceptAnySession { + // Pick up the ticket from the TLS 1.2 extension, to test the + // client does not get in a mixed up state. psk := pskIdentity{ ticket: hs.clientHello.sessionTicket, } pskIdentities = []pskIdentity{psk} pskKEModes = []byte{pskDHEKEMode} + replacedPSKIdentities = true } var pskIndex int @@ -502,6 +496,13 @@ Curves: return errors.New("tls: invalid ticket age") } + if !replacedPSKIdentities { + binderToVerify := hs.clientHello.pskBinders[i] + if err := verifyPSKBinder(c.wireVersion, hs.clientHello, sessionState, binderToVerify, []byte{}, []byte{}); err != nil { + return err + } + } + hs.sessionState = sessionState hs.hello.hasPSKIdentity = true hs.hello.pskIdentity = uint16(i) @@ -519,15 +520,6 @@ Curves: hs.hello.pskIdentity = 0 } - // Verify the PSK binder. Note there may not be a PSK binder if - // AcceptAnyBinder is set. See https://crbug.com/boringssl/115. - if hs.sessionState != nil && !config.Bugs.AcceptAnySession { - binderToVerify := hs.clientHello.pskBinders[pskIndex] - if err := verifyPSKBinder(c.wireVersion, hs.clientHello, hs.sessionState, binderToVerify, []byte{}, []byte{}); err != nil { - return err - } - } - // Resolve PSK and compute the early secret. if hs.sessionState != nil { hs.finishedHash.addEntropy(hs.sessionState.masterSecret) @@ -643,70 +635,84 @@ ResendHelloRetryRequest: return fmt.Errorf("tls: client offered unexpected PSK identities after HelloRetryRequest") } - if newClientHello.hasEarlyData { - return errors.New("tls: EarlyData sent in new ClientHello") - } - applyBugsToClientHello(newClientHello, config) // Check that the new ClientHello matches the old ClientHello, - // except for relevant modifications. - // - // TODO(davidben): Make this check more precise. - oldClientHelloCopy := *hs.clientHello - oldClientHelloCopy.raw = nil - oldClientHelloCopy.hasEarlyData = false - newClientHelloCopy := *newClientHello - newClientHelloCopy.raw = nil + // except for relevant modifications. See RFC 8446, section 4.1.2. + ignoreExtensions := []uint16{extensionPadding} if helloRetryRequest.hasSelectedGroup { - newKeyShares := newClientHelloCopy.keyShares + newKeyShares := newClientHello.keyShares if len(newKeyShares) != 1 || newKeyShares[0].group != helloRetryRequest.selectedGroup { return errors.New("tls: KeyShare from HelloRetryRequest not in new ClientHello") } selectedKeyShare = &newKeyShares[0] - newClientHelloCopy.keyShares = oldClientHelloCopy.keyShares + ignoreExtensions = append(ignoreExtensions, extensionKeyShare) } if len(helloRetryRequest.cookie) > 0 { - if !bytes.Equal(newClientHelloCopy.tls13Cookie, helloRetryRequest.cookie) { + if !bytes.Equal(newClientHello.tls13Cookie, helloRetryRequest.cookie) { return errors.New("tls: cookie from HelloRetryRequest not present in new ClientHello") } - newClientHelloCopy.tls13Cookie = nil + ignoreExtensions = append(ignoreExtensions, extensionCookie) } - // PSK binders and obfuscated ticket age are both updated in the - // second ClientHello. - if len(oldClientHelloCopy.pskIdentities) != len(newClientHelloCopy.pskIdentities) { - newClientHelloCopy.pskIdentities = oldClientHelloCopy.pskIdentities - } else { - if len(oldClientHelloCopy.pskIdentities) != len(newClientHelloCopy.pskIdentities) { - return errors.New("tls: PSK identity count from old and new ClientHello do not match") + // The second ClientHello refreshes binders, and may drop PSK identities + // that are no longer consistent with the cipher suite. + oldPSKIdentities := hs.clientHello.pskIdentities + for _, identity := range newClientHello.pskIdentities { + // Skip to the matching PSK identity in oldPSKIdentities. + for len(oldPSKIdentities) > 0 && !bytes.Equal(oldPSKIdentities[0].ticket, identity.ticket) { + oldPSKIdentities = oldPSKIdentities[1:] + } + // The identity now either matches, or oldPSKIdentities is empty. + if len(oldPSKIdentities) == 0 { + return errors.New("tls: unexpected PSK identity in second ClientHello") + } + oldPSKIdentities = oldPSKIdentities[1:] + } + ignoreExtensions = append(ignoreExtensions, extensionPreSharedKey) + + // Update the index for the identity we resumed. The client may have + // dropped some entries. + if hs.sessionState != nil { + var found bool + ticket := hs.clientHello.pskIdentities[pskIndex].ticket + for i, identity := range newClientHello.pskIdentities { + if bytes.Equal(identity.ticket, ticket) { + found = true + pskIndex = i + break + } } - for i, identity := range oldClientHelloCopy.pskIdentities { - newClientHelloCopy.pskIdentities[i].obfuscatedTicketAge = identity.obfuscatedTicketAge + if found { + binderToVerify := newClientHello.pskBinders[pskIndex] + if err := verifyPSKBinder(c.wireVersion, newClientHello, hs.sessionState, binderToVerify, oldClientHelloBytes, helloRetryRequest.marshal()); err != nil { + return err + } + } else if !config.Bugs.AcceptAnySession { + // If AcceptAnySession is set, the client may have already noticed + // the selected session is incompatible with the HelloRetryRequest + // and correctly dropped the PSK identity. We may also have + // attempted to resume a session from the TLS 1.2 extension. + return errors.New("tls: second ClientHello is missing selected session") } } - newClientHelloCopy.pskBinders = oldClientHelloCopy.pskBinders - newClientHelloCopy.hasEarlyData = oldClientHelloCopy.hasEarlyData - if !oldClientHelloCopy.equal(&newClientHelloCopy) { - return errors.New("tls: new ClientHello does not match") + // The second ClientHello must stop offering early data. + if newClientHello.hasEarlyData { + return errors.New("tls: EarlyData sent in new ClientHello") + } + ignoreExtensions = append(ignoreExtensions, extensionEarlyData) + + if err := checkClientHellosEqual(hs.clientHello.raw, newClientHello.raw, c.isDTLS, ignoreExtensions); err != nil { + return err } if firstHelloRetryRequest && config.Bugs.SecondHelloRetryRequest { firstHelloRetryRequest = false goto ResendHelloRetryRequest } - - // Verify the PSK binder. Note there may not be a PSK binder if - // AcceptAnyBinder is set. See https://crbug.com/115. - if hs.sessionState != nil && !config.Bugs.AcceptAnySession { - binderToVerify := newClientHello.pskBinders[pskIndex] - if err := verifyPSKBinder(c.wireVersion, newClientHello, hs.sessionState, binderToVerify, oldClientHelloBytes, helloRetryRequest.marshal()); err != nil { - return err - } - } } // Decide whether or not to accept early data. @@ -2211,3 +2217,129 @@ func verifyPSKBinder(version uint16, clientHello *clientHelloMsg, sessionState * return nil } + +// checkClientHellosEqual checks whether a and b are equal ClientHello +// messages. If isDTLS is true, the ClientHellos are parsed as DTLS and any +// differences in the cookie field are ignored. Extensions listed in +// ignoreExtensions may change or be removed between the two ClientHellos. +func checkClientHellosEqual(a, b []byte, isDTLS bool, ignoreExtensions []uint16) error { + ignoreExtensionsSet := make(map[uint16]struct{}) + for _, ext := range ignoreExtensions { + ignoreExtensionsSet[ext] = struct{}{} + } + + // Skip the handshake message header. + aReader := byteReader(a[4:]) + bReader := byteReader(b[4:]) + + var aVers, bVers uint16 + var aRandom, bRandom []byte + var aSessionID, bSessionID []byte + if !aReader.readU16(&aVers) || + !bReader.readU16(&bVers) || + !aReader.readBytes(&aRandom, 32) || + !bReader.readBytes(&bRandom, 32) || + !aReader.readU8LengthPrefixedBytes(&aSessionID) || + !bReader.readU8LengthPrefixedBytes(&bSessionID) { + return errors.New("tls: could not parse ClientHello") + } + + if aVers != bVers { + return errors.New("tls: second ClientHello version did not match") + } + if !bytes.Equal(aRandom, bRandom) { + return errors.New("tls: second ClientHello random did not match") + } + if !bytes.Equal(aSessionID, bSessionID) { + return errors.New("tls: second ClientHello session ID did not match") + } + + if isDTLS { + // DTLS 1.2 checks two ClientHellos match after a HelloVerifyRequest, + // where we expect the cookies to change. DTLS 1.3 forbids the legacy + // cookie altogether. If we implement DTLS 1.3, we'll need to ensure + // that parsing logic above this function rejects this cookie. + var aCookie, bCookie []byte + if !aReader.readU8LengthPrefixedBytes(&aCookie) || + !bReader.readU8LengthPrefixedBytes(&bCookie) { + return errors.New("tls: could not parse ClientHello") + } + } + + var aCipherSuites, bCipherSuites, aCompressionMethods, bCompressionMethods []byte + if !aReader.readU16LengthPrefixedBytes(&aCipherSuites) || + !bReader.readU16LengthPrefixedBytes(&bCipherSuites) || + !aReader.readU8LengthPrefixedBytes(&aCompressionMethods) || + !bReader.readU8LengthPrefixedBytes(&bCompressionMethods) { + return errors.New("tls: could not parse ClientHello") + } + if !bytes.Equal(aCipherSuites, bCipherSuites) { + return errors.New("tls: second ClientHello cipher suites did not match") + } + if !bytes.Equal(aCompressionMethods, bCompressionMethods) { + return errors.New("tls: second ClientHello compression methods did not match") + } + + if len(aReader) == 0 && len(bReader) == 0 { + // Both ClientHellos omit the extensions block. + return nil + } + + var aExtensions, bExtensions byteReader + if !aReader.readU16LengthPrefixed(&aExtensions) || + !bReader.readU16LengthPrefixed(&bExtensions) || + len(aReader) != 0 || + len(bReader) != 0 { + return errors.New("tls: could not parse ClientHello") + } + + for len(aExtensions) != 0 { + var aID uint16 + var aBody []byte + if !aExtensions.readU16(&aID) || + !aExtensions.readU16LengthPrefixedBytes(&aBody) { + return errors.New("tls: could not parse ClientHello") + } + if _, ok := ignoreExtensionsSet[aID]; ok { + continue + } + + for { + if len(bExtensions) == 0 { + return fmt.Errorf("tls: second ClientHello missing extension %d", aID) + } + var bID uint16 + var bBody []byte + if !bExtensions.readU16(&bID) || + !bExtensions.readU16LengthPrefixedBytes(&bBody) { + return errors.New("tls: could not parse ClientHello") + } + if _, ok := ignoreExtensionsSet[bID]; ok { + continue + } + if aID != bID { + return fmt.Errorf("tls: unexpected extension %d in second ClientHello (wanted %d)", bID, aID) + } + if !bytes.Equal(aBody, bBody) { + return fmt.Errorf("tls: extension %d in second ClientHello unexpectedly changed", aID) + } + break + } + } + + // Any remaining extensions in the second ClientHello must be in the + // ignored set. + for len(bExtensions) != 0 { + var id uint16 + var body []byte + if !bExtensions.readU16(&id) || + !bExtensions.readU16LengthPrefixedBytes(&body) { + return errors.New("tls: could not parse ClientHello") + } + if _, ok := ignoreExtensionsSet[id]; !ok { + return fmt.Errorf("tls: unexpected extension %d in second ClientHello", id) + } + } + + return nil +} From f42d5df92487bfde18a0f7f8f1e7303efaa2f25d Mon Sep 17 00:00:00 2001 From: Daniel McArdle Date: Thu, 9 Jul 2020 13:28:25 -0400 Subject: [PATCH 127/399] Add Go implementation of HPKE draft 05 to runner. Bug: 275 Change-Id: Ie54ddc0898a9ed80ceccdf221a7a48f7ab447fc7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42124 Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- ssl/test/runner/hpke/hpke.go | 212 ++++++++++++++++++ ssl/test/runner/hpke/hpke_test.go | 179 +++++++++++++++ ssl/test/runner/hpke/kem.go | 137 +++++++++++ .../runner/hpke/testdata/test-vectors.json | 1 + 4 files changed, 529 insertions(+) create mode 100644 ssl/test/runner/hpke/hpke.go create mode 100644 ssl/test/runner/hpke/hpke_test.go create mode 100644 ssl/test/runner/hpke/kem.go create mode 100644 ssl/test/runner/hpke/testdata/test-vectors.json diff --git a/ssl/test/runner/hpke/hpke.go b/ssl/test/runner/hpke/hpke.go new file mode 100644 index 0000000000..c2ed28ec07 --- /dev/null +++ b/ssl/test/runner/hpke/hpke.go @@ -0,0 +1,212 @@ +// Copyright (c) 2020, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +// Package hpke implements Hybrid Public Key Encryption (HPKE). +// +// See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-05. +package hpke + +import ( + "crypto/aes" + "crypto/cipher" + "encoding/binary" + "errors" + + "golang.org/x/crypto/chacha20poly1305" +) + +// KEM scheme IDs. +const ( + X25519WithHKDFSHA256 uint16 = 0x0020 +) + +// HPKE AEAD IDs. +const ( + AES128GCM uint16 = 0x0001 + AES256GCM uint16 = 0x0002 + ChaCha20Poly1305 uint16 = 0x0003 +) + +// HPKE KDF IDs. +const ( + HKDFSHA256 uint16 = 0x0001 + HKDFSHA384 uint16 = 0x0002 + HKDFSHA512 uint16 = 0x0003 +) + +// Internal constants. +const ( + hpkeModeBase uint8 = 0 +) + +type GenerateKeyPairFunc func() (public []byte, secret []byte, e error) + +// Context holds the HPKE state for a sender or a receiver. +type Context struct { + kemID uint16 + kdfID uint16 + aeadID uint16 + + aead cipher.AEAD + + key []byte + baseNonce []byte + seq uint64 + exporterSecret []byte +} + +// SetupBaseSenderX25519 corresponds to the spec's SetupBaseS(), but only +// supports X25519. +func SetupBaseSenderX25519(kdfID, aeadID uint16, publicKeyR, info []byte, ephemKeygen GenerateKeyPairFunc) (context *Context, enc []byte, err error) { + sharedSecret, enc, err := x25519Encap(publicKeyR, ephemKeygen) + if err != nil { + return nil, nil, err + } + context, err = keySchedule(X25519WithHKDFSHA256, kdfID, aeadID, sharedSecret, info) + return +} + +// SetupBaseReceiverX25519 corresponds to the spec's SetupBaseR(), but only +// supports X25519. +func SetupBaseReceiverX25519(kdfID, aeadID uint16, enc, secretKeyR, info []byte) (context *Context, err error) { + sharedSecret, err := x25519Decap(enc, secretKeyR) + if err != nil { + return nil, err + } + return keySchedule(X25519WithHKDFSHA256, kdfID, aeadID, sharedSecret, info) +} + +func (c *Context) Seal(additionalData, plaintext []byte) []byte { + ciphertext := c.aead.Seal(nil, c.computeNonce(), plaintext, additionalData) + c.incrementSeq() + return ciphertext +} + +func (c *Context) Open(additionalData, ciphertext []byte) ([]byte, error) { + plaintext, err := c.aead.Open(nil, c.computeNonce(), ciphertext, additionalData) + if err != nil { + return nil, err + } + c.incrementSeq() + return plaintext, nil +} + +func (c *Context) Export(exporterContext []byte, length int) []byte { + suiteID := buildSuiteID(c.kemID, c.kdfID, c.aeadID) + kdfHash := getKDFHash(c.kdfID) + return labeledExpand(kdfHash, c.exporterSecret, suiteID, []byte("sec"), exporterContext, length) +} + +func buildSuiteID(kemID, kdfID, aeadID uint16) []byte { + ret := make([]byte, 0, 10) + ret = append(ret, "HPKE"...) + ret = appendBigEndianUint16(ret, kemID) + ret = appendBigEndianUint16(ret, kdfID) + ret = appendBigEndianUint16(ret, aeadID) + return ret +} + +func newAEAD(aeadID uint16, key []byte) (cipher.AEAD, error) { + if len(key) != expectedKeyLength(aeadID) { + return nil, errors.New("wrong key length for specified AEAD") + } + switch aeadID { + case AES128GCM, AES256GCM: + block, err := aes.NewCipher(key) + if err != nil { + return nil, err + } + aead, err := cipher.NewGCM(block) + if err != nil { + return nil, err + } + return aead, nil + case ChaCha20Poly1305: + aead, err := chacha20poly1305.New(key) + if err != nil { + return nil, err + } + return aead, nil + } + return nil, errors.New("unsupported AEAD") +} + +func keySchedule(kemID, kdfID, aeadID uint16, sharedSecret, info []byte) (*Context, error) { + kdfHash := getKDFHash(kdfID) + suiteID := buildSuiteID(kemID, kdfID, aeadID) + pskIDHash := labeledExtract(kdfHash, nil, suiteID, []byte("psk_id_hash"), nil) + infoHash := labeledExtract(kdfHash, nil, suiteID, []byte("info_hash"), info) + + keyScheduleContext := make([]byte, 0) + keyScheduleContext = append(keyScheduleContext, hpkeModeBase) + keyScheduleContext = append(keyScheduleContext, pskIDHash...) + keyScheduleContext = append(keyScheduleContext, infoHash...) + + pskHash := labeledExtract(kdfHash, nil, suiteID, []byte("psk_hash"), nil) + secret := labeledExtract(kdfHash, pskHash, suiteID, []byte("secret"), sharedSecret) + key := labeledExpand(kdfHash, secret, suiteID, []byte("key"), keyScheduleContext, expectedKeyLength(aeadID)) + + aead, err := newAEAD(aeadID, key) + if err != nil { + return nil, err + } + + nonce := labeledExpand(kdfHash, secret, suiteID, []byte("nonce"), keyScheduleContext, aead.NonceSize()) + exporterSecret := labeledExpand(kdfHash, secret, suiteID, []byte("exp"), keyScheduleContext, kdfHash.Size()) + + return &Context{ + kemID: kemID, + kdfID: kdfID, + aeadID: aeadID, + aead: aead, + key: key, + baseNonce: nonce, + seq: 0, + exporterSecret: exporterSecret, + }, nil +} + +func (c Context) computeNonce() []byte { + nonce := make([]byte, len(c.baseNonce)) + // Write the big-endian |c.seq| value at the *end* of |baseNonce|. + binary.BigEndian.PutUint64(nonce[len(nonce)-8:], c.seq) + // XOR the big-endian |seq| with |c.baseNonce|. + for i, b := range c.baseNonce { + nonce[i] ^= b + } + return nonce +} + +func (c *Context) incrementSeq() { + c.seq++ + if c.seq == 0 { + panic("sequence overflow") + } +} + +func expectedKeyLength(aeadID uint16) int { + switch aeadID { + case AES128GCM: + return 128 / 8 + case AES256GCM: + return 256 / 8 + case ChaCha20Poly1305: + return chacha20poly1305.KeySize + } + panic("unsupported AEAD") +} + +func appendBigEndianUint16(b []byte, v uint16) []byte { + return append(b, byte(v>>8), byte(v)) +} diff --git a/ssl/test/runner/hpke/hpke_test.go b/ssl/test/runner/hpke/hpke_test.go new file mode 100644 index 0000000000..25da3d9500 --- /dev/null +++ b/ssl/test/runner/hpke/hpke_test.go @@ -0,0 +1,179 @@ +// Copyright (c) 2020, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +package hpke + +import ( + "bytes" + _ "crypto/sha256" + _ "crypto/sha512" + "encoding/hex" + "encoding/json" + "errors" + "flag" + "fmt" + "io/ioutil" + "path/filepath" + "testing" +) + +var ( + testDataDir = flag.String("testdata", "testdata", "The path to the test vector JSON file.") +) + +// Simple round-trip test for fixed inputs. +func TestRoundTrip(t *testing.T) { + publicKeyR, secretKeyR, err := GenerateKeyPair() + if err != nil { + t.Errorf("failed to generate key pair: %s", err) + return + } + + // Set up the sender and receiver contexts. + senderContext, enc, err := SetupBaseSenderX25519(HKDFSHA256, AES256GCM, publicKeyR, nil, nil) + if err != nil { + t.Errorf("failed to set up sender: %s", err) + return + } + receiverContext, err := SetupBaseReceiverX25519(HKDFSHA256, AES256GCM, enc, secretKeyR, nil) + if err != nil { + t.Errorf("failed to set up receiver: %s", err) + return + } + + // Seal() our plaintext with the sender context, then Open() the + // ciphertext with the receiver context. + plaintext := []byte("foobar") + ciphertext := senderContext.Seal(nil, plaintext) + decrypted, err := receiverContext.Open(nil, ciphertext) + if err != nil { + t.Errorf("encryption round trip failed: %s", err) + return + } + checkBytesEqual(t, "decrypted", decrypted, plaintext) +} + +// HpkeTestVector defines the subset of test-vectors.json that we read. +type HpkeTestVector struct { + KEM uint16 `json:"kem_id"` + Mode uint8 `json:"mode"` + KDF uint16 `json:"kdf_id"` + AEAD uint16 `json:"aead_id"` + Info HexString `json:"info"` + SecretKeyR HexString `json:"skRm"` + SecretKeyE HexString `json:"skEm"` + PublicKeyR HexString `json:"pkRm"` + PublicKeyE HexString `json:"pkEm"` + Enc HexString `json:"enc"` + Encryptions []EncryptionTestVector `json:"encryptions"` + Exports []ExportTestVector `json:"exports"` +} +type EncryptionTestVector struct { + Plaintext HexString `json:"plaintext"` + AdditionalData HexString `json:"aad"` + Ciphertext HexString `json:"ciphertext"` +} +type ExportTestVector struct { + ExportContext HexString `json:"exportContext"` + ExportLength int `json:"exportLength"` + ExportValue HexString `json:"exportValue"` +} + +// TestVectors checks all relevant test vectors in test-vectors.json. +func TestVectors(t *testing.T) { + jsonStr, err := ioutil.ReadFile(filepath.Join(*testDataDir, "test-vectors.json")) + if err != nil { + t.Errorf("error reading test vectors: %s", err) + return + } + + var testVectors []HpkeTestVector + err = json.Unmarshal(jsonStr, &testVectors) + if err != nil { + t.Errorf("error parsing test vectors: %s", err) + return + } + + var numSkippedTests = 0 + + for testNum, testVec := range testVectors { + // Skip this vector if it specifies an unsupported KEM or Mode. + if testVec.KEM != X25519WithHKDFSHA256 || + testVec.Mode != hpkeModeBase { + numSkippedTests++ + continue + } + + testVec := testVec // capture the range variable + t.Run(fmt.Sprintf("test%d,KDF=%d,AEAD=%d", testNum, testVec.KDF, testVec.AEAD), func(t *testing.T) { + senderContext, enc, err := SetupBaseSenderX25519(testVec.KDF, testVec.AEAD, testVec.PublicKeyR, testVec.Info, + func() ([]byte, []byte, error) { + return testVec.PublicKeyE, testVec.SecretKeyE, nil + }) + if err != nil { + t.Errorf("failed to set up sender: %s", err) + return + } + checkBytesEqual(t, "sender enc", enc, testVec.Enc) + + receiverContext, err := SetupBaseReceiverX25519(testVec.KDF, testVec.AEAD, enc, testVec.SecretKeyR, testVec.Info) + if err != nil { + t.Errorf("failed to set up receiver: %s", err) + return + } + + for encryptionNum, e := range testVec.Encryptions { + ciphertext := senderContext.Seal(e.AdditionalData, e.Plaintext) + checkBytesEqual(t, "ciphertext", ciphertext, e.Ciphertext) + + decrypted, err := receiverContext.Open(e.AdditionalData, ciphertext) + if err != nil { + t.Errorf("decryption %d failed: %s", encryptionNum, err) + return + } + checkBytesEqual(t, "decrypted plaintext", decrypted, e.Plaintext) + } + + for _, ex := range testVec.Exports { + exportValue := senderContext.Export(ex.ExportContext, ex.ExportLength) + checkBytesEqual(t, "exportValue", exportValue, ex.ExportValue) + + exportValue = receiverContext.Export(ex.ExportContext, ex.ExportLength) + checkBytesEqual(t, "exportValue", exportValue, ex.ExportValue) + } + }) + } + + if numSkippedTests == len(testVectors) { + panic("no test vectors were used") + } +} + +// HexString enables us to unmarshal JSON strings containing hex byte strings. +type HexString []byte + +func (h *HexString) UnmarshalJSON(data []byte) error { + if len(data) < 2 || data[0] != '"' || data[len(data)-1] != '"' { + return errors.New("missing double quotes") + } + var err error + *h, err = hex.DecodeString(string(data[1 : len(data)-1])) + return err +} + +func checkBytesEqual(t *testing.T, name string, actual, expected []byte) { + if !bytes.Equal(actual, expected) { + t.Errorf("%s = %x; want %x", name, actual, expected) + } +} diff --git a/ssl/test/runner/hpke/kem.go b/ssl/test/runner/hpke/kem.go new file mode 100644 index 0000000000..7efc32356a --- /dev/null +++ b/ssl/test/runner/hpke/kem.go @@ -0,0 +1,137 @@ +// Copyright (c) 2020, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +package hpke + +import ( + "crypto" + "crypto/rand" + + "golang.org/x/crypto/curve25519" + "golang.org/x/crypto/hkdf" +) + +const ( + rfcLabel string = "HPKE-05 " +) + +func getKDFHash(kdfID uint16) crypto.Hash { + switch kdfID { + case HKDFSHA256: + return crypto.SHA256 + case HKDFSHA384: + return crypto.SHA384 + case HKDFSHA512: + return crypto.SHA512 + } + panic("unknown KDF") +} + +func labeledExtract(kdfHash crypto.Hash, salt, suiteID, label, ikm []byte) []byte { + var labeledIKM []byte + labeledIKM = append(labeledIKM, rfcLabel...) + labeledIKM = append(labeledIKM, suiteID...) + labeledIKM = append(labeledIKM, label...) + labeledIKM = append(labeledIKM, ikm...) + return hkdf.Extract(kdfHash.New, labeledIKM, salt) +} + +func labeledExpand(kdfHash crypto.Hash, prk, suiteID, label, info []byte, length int) []byte { + lengthU16 := uint16(length) + if int(lengthU16) != length { + panic("length must be a valid uint16 value") + } + + var labeledInfo []byte + labeledInfo = appendBigEndianUint16(labeledInfo, lengthU16) + labeledInfo = append(labeledInfo, rfcLabel...) + labeledInfo = append(labeledInfo, suiteID...) + labeledInfo = append(labeledInfo, label...) + labeledInfo = append(labeledInfo, info...) + + reader := hkdf.Expand(kdfHash.New, prk, labeledInfo) + key := make([]uint8, length) + _, err := reader.Read(key) + if err != nil { + panic("failed to perform HKDF expand operation") + } + return key +} + +// GenerateKeyPair generates a random key pair. +func GenerateKeyPair() (publicKey, secretKeyOut []byte, err error) { + // Generate a new private key. + var secretKey [curve25519.ScalarSize]byte + _, err = rand.Read(secretKey[:]) + if err != nil { + return + } + // Compute the corresponding public key. + publicKey, err = curve25519.X25519(secretKey[:], curve25519.Basepoint) + if err != nil { + return + } + return publicKey, secretKey[:], nil +} + +// x25519Encap returns an ephemeral, fixed-length symmetric key |sharedSecret| +// and a fixed-length encapsulation of that key |enc| that can be decapsulated +// by the receiver with the secret key corresponding to |publicKeyR|. +// Internally, |keygenOptional| is used to generate an ephemeral keypair. If +// |keygenOptional| is nil, |GenerateKeyPair| will be substituted. +func x25519Encap(publicKeyR []byte, keygen GenerateKeyPairFunc) ([]byte, []byte, error) { + if keygen == nil { + keygen = GenerateKeyPair + } + publicKeyEphem, secretKeyEphem, err := keygen() + if err != nil { + return nil, nil, err + } + dh, err := curve25519.X25519(secretKeyEphem, publicKeyR) + if err != nil { + return nil, nil, err + } + sharedSecret := extractAndExpand(dh, publicKeyEphem, publicKeyR) + return sharedSecret, publicKeyEphem, nil +} + +// x25519Decap uses the receiver's secret key |secretKeyR| to recover the +// ephemeral symmetric key contained in |enc|. +func x25519Decap(enc, secretKeyR []byte) ([]byte, error) { + dh, err := curve25519.X25519(secretKeyR, enc) + if err != nil { + return nil, err + } + // For simplicity, we recompute the receiver's public key. A production + // implementation of HPKE should incorporate it into the receiver key + // and halve the number of point multiplications needed. + publicKeyR, err := curve25519.X25519(secretKeyR, curve25519.Basepoint) + if err != nil { + return nil, err + } + return extractAndExpand(dh, enc, publicKeyR[:]), nil +} + +func extractAndExpand(dh, enc, publicKeyR []byte) []byte { + var kemContext []byte + kemContext = append(kemContext, enc...) + kemContext = append(kemContext, publicKeyR...) + + suite := []byte("KEM") + suite = appendBigEndianUint16(suite, X25519WithHKDFSHA256) + + kdfHash := getKDFHash(HKDFSHA256) + prk := labeledExtract(kdfHash, nil, suite, []byte("eae_prk"), dh) + return labeledExpand(kdfHash, prk, suite, []byte("shared_secret"), kemContext, 32) +} diff --git a/ssl/test/runner/hpke/testdata/test-vectors.json b/ssl/test/runner/hpke/testdata/test-vectors.json new file mode 100644 index 0000000000..046d86108f --- /dev/null +++ b/ssl/test/runner/hpke/testdata/test-vectors.json @@ -0,0 +1 @@ +[{"mode":0,"kem_id":32,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"1289f0db1d8f68d0c531b5e53a40911a2a2347059355d7c267717033fef2b08c","seedE":"a77ae3e14cc2ec9e603a9049423d48e66a5e3139e896e95cf19919430657adc7","skRm":"5a8aa0d2476b28521588e0c704b14db82cdd4970d340d293a9576deaee9ec1c7","skEm":"8c490e5b0c7dbe0c6d2192484d2b7a0423b3b4544f2481095a99dbf238fb350f","pkRm":"8756e2580c07c1d2ffcb662f5fadc6d6ff13da85abd7adfecf984aaa102c1269","pkEm":"8a07563949fac6232936ed6f36c4fa735930ecdeaef6734e314aeac35a56fd0a","enc":"8a07563949fac6232936ed6f36c4fa735930ecdeaef6734e314aeac35a56fd0a","shared_secret":"f3822302c852b924c5f984f192d39705ddd287ea93bb73e3c5f95ba6da7e01f5","key_schedule_context":"000c085d4e6d2e6a568b5dcf334f7badd56222cd79f2ac98b6f99059f311c3f16a44c484c33962433c90728ac6c2893f828d58cebf58ba4fdae59b0a8f7ab84ff8","secret":"98a35c8191d511d39a35afcb6cd4072d5038afb2bcc1ecb468626466b2870447","key":"550ee0b7ec1ea2532f2e2bac87040a4c","nonce":"2b855847756795a57229559a","exporter_secret":"1aabf0ea393517daa48a9eaf44a886f5e059d455988a65ae8d66b3c017fc3722","encryptions":[{"aad":"436f756e742d30","ciphertext":"971ba65db526758ea30ae748cd769bc8d90579b62a037816057f24ce427416bd47c05ed1c2446ac8e19ec9ae79","nonce":"2b855847756795a57229559a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"f18f1ec397667ca069b9a6ee0bebf0890cd5caa34bb9875b3600ca0142cba774dd35f2aafd79a02a08ca5f2806","nonce":"2b855847756795a57229559b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"51a8dea350fe6e753f743ec17c956de4cbdfa35f3018fc6a12752c51d1372c5093959f18c7253da9c953c6cfbe","nonce":"2b855847756795a572295598","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ee2c9cb45a5088256b061a28b528fcd252d2a014d73523bf3ffb0c8687d9996ec6fb69c487a0b62fbc45b04ccb","nonce":"2b855847756795a572295599","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2e5fa3a358e3ab64e5e981c4b89b5ae4cc5b800aaf726dc64ff857536a3db0e6d816199e711aac60c4670c2a31","nonce":"2b855847756795a57229559e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d2d0d40c685b3646527da571ff9bb23eee8d0f124a2ab937ad9aacb314209ba150b12bce3be844a414b2b81e15","nonce":"2b855847756795a57229559f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"107b5d77e79b423ddc8feb4f1d42094244d9363b1157e2a46de9b192d1ebaf6053164878a8e9f3ab6c87260355","nonce":"2b855847756795a57229559c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"64b5285667328e0fa12c51e282eb4d446c69404944134958dcbee1b947ce413eaff910146f2ae47586055c05ec","nonce":"2b855847756795a57229559d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"89dd974790c8491cd5539f51537708bd2cbf4d6e0322637fb4dbe6008e6f59b75e3c527587cfefdb37ca68e6cd","nonce":"2b855847756795a572295592","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e84394b6142059384e270407a6360760827eba0e90c0d2dfd8d6170eed7667cf933fb9854ab766cede7306bda3","nonce":"2b855847756795a572295593","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"0df04ac640d34a56561419bab20a68e6b7331070208004f89c7b973f4c472e92"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"723c2c8f80e6b827e72bd8e80973a801a05514afe3d4bc46e82e505dceb953aa"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"38010c7d5d81093a11b55e2403a258e9a195bcf066817b332dd996b0a9bcbc9a"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ebf6ab4c3186131de9b2c3c0bc3e2ad21dfcbc4efaf050cd0473f5b1535a8b6d"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c4823eeb3efd2d5216b2d3b16e542bf57470dc9b9ea9af6bce85b151a3589d90"}]},{"mode":1,"kem_id":32,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"326ee379f778718e6cb343f55668fbb9d0098ba0503cd4414a8f1ce252605c39","seedE":"0fa1407ccee05de0cceb2f2d2381d2df0602dbd43be90eefd288ce4ad0b3ba32","skRm":"4b41ef269169090551fcea177ecdf622bca86d82298e21cd93119b804ccc5eab","skEm":"e7d2b539792a48a24451303ccd0cfe77176b6cb06823c439edfd217458a1398a","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"a5c85773bed3a831e7096f7df4ff5d1d8bac48fc97bfac366141efab91892a3a","pkEm":"08d39d3e7f9b586341b6004dafba9679d2bd9340066edb247e3e919013efcd0f","enc":"08d39d3e7f9b586341b6004dafba9679d2bd9340066edb247e3e919013efcd0f","shared_secret":"9d4fe1809006b38854f056830b8900086f562207dce6010eadf23d2d5303cdf8","key_schedule_context":"01512564fc13bf3387a7d73eb72eb6b62766480582bfe146c4e5afb8788652269644c484c33962433c90728ac6c2893f828d58cebf58ba4fdae59b0a8f7ab84ff8","secret":"84d1c77bdf45e43e2e84f607573f0db0758c56f322500a673be8e2062d343b1f","key":"811e9b2d7a10f4f9d58786bf8a534ca6","nonce":"b79b0c5a8c3808e238b10411","exporter_secret":"7e9ef6d537503f815d0eaf70550a1f8e9af12c1cccb76919aafe93535547c150","encryptions":[{"aad":"436f756e742d30","ciphertext":"fb68f911b4e4033d1547f646ea30c9cee987fb4b4a8c30918e5de6e96de32fc63466f2fc05e09aeff552489741","nonce":"b79b0c5a8c3808e238b10411","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"85e7472fbb7e2341af35fb2a0795df9a85caa99a8f584056b11d452bc160470672e297f9892ce2c5020e794ae1","nonce":"b79b0c5a8c3808e238b10410","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"74229b7491102bcf94cf7633888bc48baa4e5a73cc544bfad4ff61585506facb44b359ade03c0b2b35c6430e4c","nonce":"b79b0c5a8c3808e238b10413","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"013476197af9440a8be89a0cf7d3802eae519d5f5b39cb600e8b285e16ad90c3d903f6108946616723e9a93b73","nonce":"b79b0c5a8c3808e238b10412","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5aeb09a3798d21dc2ca01f5c255624c9c8c20d75d79d19269eca7b280be0cb7851fae82b646bd5673d10368276","nonce":"b79b0c5a8c3808e238b10415","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"e9cac48b89f3f8898a85562007854b9f61bdf2d2c3e32e9b6162e9fa2f83924d138194528946d96cf7988685a0","nonce":"b79b0c5a8c3808e238b10414","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"2aa76414e0cb28ba7ba0f24d800bc4fec24d51cd1f75e839233ee10610bda97f3daf46fadb53ca01762bbe8a04","nonce":"b79b0c5a8c3808e238b10417","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"96148b343eb53df8d528af57214e65de028461ac69f2d9e371cb0aa4d732201d693766a17fd49ec6025bc98705","nonce":"b79b0c5a8c3808e238b10416","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"39b7e966e0ada05d8cd8a9beb5765941baad38473f18f705443f882a207ff96bfe1c71ae386e97e2fa91960bbe","nonce":"b79b0c5a8c3808e238b10419","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"25bd0d0614a38b19a05dff783a1bbd003c25cade55ba0e24e234b803991cae60ba7d105d35e47519a8cf598580","nonce":"b79b0c5a8c3808e238b10418","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"bd292b132fae00243851451c3f3a87e9e11c3293c14d61b114b7e12e07245ffd"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"695de26bc9336caee01cb04826f6e224f4d2108066ab17fc18f0c993dce05f24"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"c53f26ef1bf4f5fd5469d807c418a0e103d035c76ccdbc6afb5bc42b24968f6c"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"8cea4a595dfe3de84644ca8ea7ea9401a345f0db29bb4beebc2c471afc602ec4"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e6313f12f6c2054c69018f273211c54fcf2439d90173392eaa34b4caac929068"}]},{"mode":2,"kem_id":32,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"518df90f0f5044ce653180c700e4902d37a7ba1cd23482a76e18b300fecaac4e","seedS":"262a05ad0c08030cdbbaafc03d64f33b95bf8089f216c62ac39b72064a4b4dcb","seedE":"02900cb4856b5f222293a9bd7bda2f1f81c562dc3002336ad1c39f6572402b7d","skRm":"c4148fc8253ccf99b0738b94d376ff58e7eb3845494b5dc945c2f2dbda65da85","skSm":"6836d31499e13bdcc51b8318060e6a752849c9424d02e7f404bb03a0341b0878","skEm":"ca30ef092d6b9bfdf0dc96bc96c5153c8f61cffd01603936ca09fc6146ec523c","pkRm":"07828ba8fb4171c0393edf8cf975268e263245fea4726e16393f536ccca7c46e","pkSm":"76ce23e7f9144663772e283a16fc25950ad4a53b1200a8576442b159d14e5c3f","pkEm":"56a21e8b5416d187c3d865765794e7f361d631049ebbb6a64ed28fd071068121","enc":"56a21e8b5416d187c3d865765794e7f361d631049ebbb6a64ed28fd071068121","shared_secret":"dec9ae331e9017669151e07c06d1cd7f3dd318c180c9cad5223e1c2b019d2243","key_schedule_context":"020c085d4e6d2e6a568b5dcf334f7badd56222cd79f2ac98b6f99059f311c3f16a44c484c33962433c90728ac6c2893f828d58cebf58ba4fdae59b0a8f7ab84ff8","secret":"a78ac3f106be621d7ce48d7f02e9c69f23c042912697a985787c34e5340ca8e7","key":"82a24b8790521d6b2d260664d9bfaefc","nonce":"bb0cb3a72dff841c796fce56","exporter_secret":"933d7ef819b2fabc810db31f7fcbe5b16c4efa0f4b715e888466829d9b22062d","encryptions":[{"aad":"436f756e742d30","ciphertext":"86dea722bc4f4cb0983b70dbdb539cf79e393546805d90d3f832af5f907c86f37ac579976db191a479c9450f37","nonce":"bb0cb3a72dff841c796fce56","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"4f6b757fc0e807cf8f4726ed1bd05c6b87714b2332372795f7e8579fe21e104ff8180fea797855a62f71a37aea","nonce":"bb0cb3a72dff841c796fce57","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"999285da95ed93dfb48bbe99d46ebba43c98e35f6ccd4fed92edf9d618e98174b63a0a2c12ab91521669fdad2c","nonce":"bb0cb3a72dff841c796fce54","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1a28de36d92f579a485b4ef4c598c7173bee06be8d9cab4aec6a81a0ec545855f72b82fbc078bd2f8cda61acb3","nonce":"bb0cb3a72dff841c796fce55","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"1ac6af74dfe65c63b046eb99fb9036ce759ddf5bfb3a396796892c78ce3f35beeedb7b3d1b515a9dff7d9af365","nonce":"bb0cb3a72dff841c796fce52","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d7bf489f2452682d7794df762ef0156887dc69e664ecaceeda81825838196cc77ded5ffcea7650cf1739ff7df5","nonce":"bb0cb3a72dff841c796fce53","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"7815584cffb6f9571a2cd317aa84b437dbca0e85bc6f67c075059ad8325007709515b3dfc87246fc7b9d4da2a4","nonce":"bb0cb3a72dff841c796fce50","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"02b863056cd2d58e1214a73cbb81d59ea1397d407da2709b32d65ccf38d86e91872332a51ce64c818788d6c0d0","nonce":"bb0cb3a72dff841c796fce51","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"ef4debbf21e4ed4a1f8eb408907b6c7191196db3cfe301dc57d489fee24e7daf2a30753961d326a393f6d27121","nonce":"bb0cb3a72dff841c796fce5e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ea8b29a8489eba2c66d01aeb3d937d76374e5fdd86cbae3902cd6c0f4edbd64749453449ac50b86348ad839826","nonce":"bb0cb3a72dff841c796fce5f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"569accd852ca9f1bbb1cc2ac01126f5be0f40cff54c2192f6c7d2e9b4208aae8"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"21e678d4feb8d3e63cad48c0bc0d7cd4d9898f3582306921d6f594c7548748eb"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9b6d0e4fc457c91692ffed826a7656e33f6deec5b502ac2b8eb895a6bb6e3a65"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"d129c80ae79865868c859543aef97588ee135a7d2d42d026f8055313adb90535"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"082427af691bcea347bda235464d8389a104ec70b3ff1a24c63709a4ad3a9b7a"}]},{"mode":3,"kem_id":32,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"02a965d8f53bbdcc11cc618d4f31f69277500b75959ca97fd533058315511d1b","seedS":"e9c09a3e50073935e75d3846007a26088a93ebf58ad0bb30ad6c42a9d4d2419e","seedE":"c1d1028243a951dbf6469025f3a1304407b08fb932104e61c7aab42ab4f1995c","skRm":"a13722050e593c33f367a4d048dd6a6e0c25b1d8288d8f9ac7a3b00228cad946","skSm":"e19b525b64f4799822d229b5c6769ab4244773aa2d48720d3bbc36aa5b9d5aac","skEm":"d9ddce685897eeccc4390d07f30aceea8151d6c0d3468bc7f2a16702b2ac13e3","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"cbc7508f3232db133971f3c7dfd97f00c01de68ac8103f61fa60ac5ae2800153","pkSm":"48cddb9d276b4d14895e14973bfbd72db587c0036f9a75409b45334844360a7a","pkEm":"0f496b65ac352457865d9f6cb30e0ceaffee742accb016c2c1a7cec68a33244c","enc":"0f496b65ac352457865d9f6cb30e0ceaffee742accb016c2c1a7cec68a33244c","shared_secret":"83272c7b992c197f882d992ef6737bb7f4b17ddf103368e1d7e90b07c946b2e3","key_schedule_context":"03512564fc13bf3387a7d73eb72eb6b62766480582bfe146c4e5afb8788652269644c484c33962433c90728ac6c2893f828d58cebf58ba4fdae59b0a8f7ab84ff8","secret":"619e4c000edf5cb8c2b795fbf2dce842d0ff5cba4e12312f5fc67510eb059560","key":"b305d06827e854504246d9bbae3b1f80","nonce":"4940e55b734bbe1d46e24bd6","exporter_secret":"bd6ec34885e97fe0c07bda3454d47ece7b6e9a1a05f729223485e4335c40cbdf","encryptions":[{"aad":"436f756e742d30","ciphertext":"c7200a5246b4aa9e6878e22830d19466ca31394651ae84383f183991d3a8662415d60e1e073209e6dadd480ff2","nonce":"4940e55b734bbe1d46e24bd6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"8071f54a0a43f77a30de1fd96133d91184b5f863525d7810eb9350aa25558bc470781e62c27fe9a566f15efdc8","nonce":"4940e55b734bbe1d46e24bd7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"fc9747b21f74c098899e408d86c11d28617a1a3eb2d985fe4af7ccea202343df096920759614bfa2586f0f1c5a","nonce":"4940e55b734bbe1d46e24bd4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"feb4cb8de805d855c0df8e75293a2a50cce58c9f4db7ead85e91eb10c498de2878961da5dab9d59237d524f4f6","nonce":"4940e55b734bbe1d46e24bd5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d85c2d06220ae34064210c4129f8c95dd43c45fb87ab25885467dc2c6a663deb84043eedde254968c55ef693e6","nonce":"4940e55b734bbe1d46e24bd2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"f9f00677d11dfbc321f5bc94c34df253e4f413d01f3e3fcf916ac9a767d0830f17f6bfe772e28642eed51e865c","nonce":"4940e55b734bbe1d46e24bd3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"061c0a2f036735c87afe3e1b091f634ca3dc1b33a393cdf7ddd054c68ea1d26e9c39322d332b2923017700d5a3","nonce":"4940e55b734bbe1d46e24bd0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"9aba719d419a3b91e51c84b905d4bfbbe8ad9b1e47ec15c207b930d4a4cbdd585410390d41cf38107c08872a8f","nonce":"4940e55b734bbe1d46e24bd1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"54fecbce208e6416f62f1e0e12af14937b5b292cb36d6a7df527d38a7f30de63e7846b18662507e46fa389b5af","nonce":"4940e55b734bbe1d46e24bde","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"1d39d1782ab76f9293b709d0958b0faa7b6e8ae299017e42d6595064aaed942f254cdb48db49b5fad6a7842f53","nonce":"4940e55b734bbe1d46e24bdf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f8e91bf713455564a66e27755294012dda09d1b4bb7d5d8b893678173093aa3f"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"d98a71a97c5cc4c87f74b3bc8073aa41f393942c2a4f41b273676da28f99f139"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"39168f2f0360a48eebcc72bd19504e294b1b456a391014e15b97d0c318f2ae3a"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"1b41f68bd5f990aab48869931b433256f88899111ac158516e2a4326c83eb892"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"9432ffb5d534c88e7e7e5ed8434206be52855547e130b2b75cc1000ced6fef0e"}]},{"mode":0,"kem_id":32,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"83ee68e36ddc609bf738125f72d9f1f27bce7c6934070a69b6c2a78ca921918b","seedE":"adda7fa5deb77a957f598da6f20c056993862b3286845e23e1cc08696ed2f1f2","skRm":"d7f9945b55b697a7452105630095894758508599694f401aaaed77a88364b8a1","skEm":"dfe953241ce3e4bd96b6f7421124136a3203aaa239fda95352eab223e821677d","pkRm":"f14d42cde2eaac0eb8e36c4658b927791941d6e2aefb8435d722b5fac3d3a842","pkEm":"97f8c9d24e6fc9f26de91a180fc2368b43aa7464185e3618d43bb341fb83b75b","enc":"97f8c9d24e6fc9f26de91a180fc2368b43aa7464185e3618d43bb341fb83b75b","shared_secret":"f00937b7094c31669fb1d349f12be9400267872ffd2292d50c5816bd52716a7a","key_schedule_context":"0052abd58a159195ab1612c2748d4ceeea5070496ba8c288bbe08601d1b2d14a4d873ee9cafb5415c4177a8661bc0f493c76414cd81fe7d6e8b390a6e3e6c93abe","secret":"98f6a3a62bb3b8c2cdb9b0f0264616e8863eff6d0f7282b4c153a8e766e5a9c5","key":"2a893cfc4e62539953aa8ff2cc1431562f661ab3b33744f1d4f1708e841435ec","nonce":"5d1b1f352ad6bfcfe9c4da65","exporter_secret":"6786153d8812c7889346b007ec0ca4ec9d9fe1d07e1b1c4e437bc4c69df04be5","encryptions":[{"aad":"436f756e742d30","ciphertext":"922b657481e80bf18b8814a435d31c776759859e8ca40884157247c0cbed07bcbd3c22ed029a50da93d08fa065","nonce":"5d1b1f352ad6bfcfe9c4da65","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"5b6efad025ff8edee5cee6b32f161cb33f2ba397469e9b35a48f9bad8a7a9dd2522748f68a1d64521d79097901","nonce":"5d1b1f352ad6bfcfe9c4da64","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"a2039f9c4b3cf3a71ecf972c55541ae1bef3931a73d98c5178d8f2bbe0c0f56e058077719fc4e63a882f104f64","nonce":"5d1b1f352ad6bfcfe9c4da67","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ac3967baf9b52e321eecc638ef42c53a7502b60890ac84200a1580bd825d4f89e83c2710c136e56644784f1a71","nonce":"5d1b1f352ad6bfcfe9c4da66","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"cfe4cca91ae9bf4e3c6cfd5d3ab777cda301041ab8c695388f94bb883763b3f0dd85dfaf483c117549176107e8","nonce":"5d1b1f352ad6bfcfe9c4da61","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"721543123239a19a8242c8aab8aa997c04d758fc7819930dda8633dbdc5af5e33c5a451f3d8cd1691e3eb28310","nonce":"5d1b1f352ad6bfcfe9c4da60","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ef970051362035083bdf24d2262d5a597f4361922eace58811df54c3dc12fc6622f853e4dec8b483178f61567e","nonce":"5d1b1f352ad6bfcfe9c4da63","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"c5653e7a823bdf8d083e3fbdd7c9b9c2838c80cbfcd6d1adfd18d237f43a02d5a83c3808c1d4b4451dbbed5f98","nonce":"5d1b1f352ad6bfcfe9c4da62","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"04278bdacd59166890abb0f67a19c577acb0b108801db93fba1e271522f98d43c2c2fcac66378d174463c146ee","nonce":"5d1b1f352ad6bfcfe9c4da6d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c0a4e4e239d9c59d61fa2809fc47476941b53b262d95aa14bf29ea24b6de10783148e2762d8900640d2798f255","nonce":"5d1b1f352ad6bfcfe9c4da6c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"de705a4b13a12250f4d5487de67705190737e6d1ba8b57f70d87ba585ea1cf85"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f4e86ab469491b2a7ad91d17ddb8964884a114549f63d0985355d9b844dacd4c"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"47c20438e2a2fbca12b2ac55c2cccb1ff5ef0907c80ead4bd36ab1a10d57fb2e"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ae7cd43f0d52ee38ac4655d5f2d191fd8ec573ab1d47702684dfea85b52b5a38"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"807d14a692749503f44e54660e8ebe4e93311715b9ba7d540973b2bb3c606825"}]},{"mode":1,"kem_id":32,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"9d0d68a6649cc66c65782569d4a79da1e2f73a34b84191d759569428479a510c","seedE":"8c51282bb46acb5132fbcf26f1e2cdab29408c19f0f66960d7264d7ce676a023","skRm":"cb798ffb68e7b3db33913c365bf45a811fca8382522ac8815b12b26d3377a049","skEm":"bf3981d4d9b43ea83365747e25d8ba71e14d21cca47e35e70b5311e1d48f8a0d","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"4a9269e9db60008f5c7f3c7d39bb8c4923bc2f244b3ed9085191ef54cd10cf0c","pkEm":"8f65c9f75b4b774d36052dfac0bdd37a03f309b92c9a9ca47e903683be34d04d","enc":"8f65c9f75b4b774d36052dfac0bdd37a03f309b92c9a9ca47e903683be34d04d","shared_secret":"f228aa9be7ff1ebd78f52b8b00b7f15688935ce105e24df508ad27c68eea703a","key_schedule_context":"01e623aa22a604f74ba1383391cf0c046f3461b30b65733a0a9e9043172f9317da873ee9cafb5415c4177a8661bc0f493c76414cd81fe7d6e8b390a6e3e6c93abe","secret":"f7878c2d949a446b44b95b2587dc3cc5155a83a837013582eeefea774b32f526","key":"743493cb30aac02389f8db1be74b6a2f2e09f7b6fe337095b207bb3b750b1ace","nonce":"3b83c923d13310f21c71baba","exporter_secret":"555a2c91cf21b146f7cdd2fce83dc165133b1896613c0e21d31583641b972967","encryptions":[{"aad":"436f756e742d30","ciphertext":"ad2a3e08e10413e7bdf9e89f2db169338fc68bcf8dc7bb073ca779024996de5922d338cf8407d34109cd2fdccf","nonce":"3b83c923d13310f21c71baba","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d7c94516707aef83e37dc5cbe3e9668260de5954899d54e8ecab3f1cfba8556557f1ff2238f817e0eb75d3cbb7","nonce":"3b83c923d13310f21c71babb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"371412a9a86704990e8d7170282134096fc623c74411d5ff95380692a74c438deb0e38f41bfba0562042e987a0","nonce":"3b83c923d13310f21c71bab8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"4e3486ffca6d42f064c885d169210f6fcce2b3d4981d185d4b1a5c1e82733c14f14fcb8b1f16dd1e7b707907ab","nonce":"3b83c923d13310f21c71bab9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"45f532caeed9f6c35a990812773cfd688f686288dfcb500ae04f8fac4d3704204bb051e704c422edcc3107737b","nonce":"3b83c923d13310f21c71babe","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1c0aee5fa393a0c4e2dbd70f7ce475542c71fd402b6fb8431855ac8fbafc6801c777996f8243c53a7d96d131c8","nonce":"3b83c923d13310f21c71babf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"66cd0eeb97fc59c1863898f9b7f1f67c82c5aede5794c17937f5e0909641af770c4973aec2a21967c0f17a64ba","nonce":"3b83c923d13310f21c71babc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"c96bb3363b31b582476239e1eb0792d2ac632ddaa7a1dc9ac7f9d588b62970016040a278e448256f5bbbf09ed7","nonce":"3b83c923d13310f21c71babd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"71b3055db5efe1165e685d25c4a749b6fdf8cb7a59f7e3e76cfbf63c109db9387fc751cc9c36cf886dd0f79411","nonce":"3b83c923d13310f21c71bab2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"14372e32a6dee0536a11b66343eb436c099d7adf658900fa624a45d6f1a8e84297c56ec6e05b2745605dfcd99e","nonce":"3b83c923d13310f21c71bab3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c52ecbb65af1c6764ce7d2fd1131d5f050ee2f943a4fe56e9c855b44385b00cf"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"42c5cf4f81152d05bacc9323e805eab8e429850dd029937c2c42f17ce7fea09b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"89d7f97327d51d61a4ac04b2507e51a977c8706bd932941f5acf1f542cfd034b"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"581e3a66a1ad5309c3295825bc03407c7d9e34673e61aed2c543b47764577783"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"599f10537288a9ec87d53c16aaa5881715061e6152a5b51b1e0433a396b38d10"}]},{"mode":2,"kem_id":32,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"c1a41b7efd403c8f04e2998c09ad725768ab626cba81880cc676bcdb5dbca74b","seedS":"6cc54ffec5f01c01c5b756c26498c910f2d024713baef267cf225dd2d3c5f409","seedE":"b8975c2b6df6a87ca61f910353f540c1b79aab73015d8f8cf59fd404c9c8a638","skRm":"c771870b6aa79a169d4bd426f34dac32174e78840973a8adbefe0108e3747cc9","skSm":"3735f9ba5702a15fa76c56f8c907b5611dbeafa6390dceccccc3c7f12a17460c","skEm":"ae178b9103efd5eb4f8bde61fb3cd83a52e0c1cce7a4fe859c949331f956d511","pkRm":"081bcda65a1808a9579f7e20ddaa3d03298d1eeba4befcd3d5975972167fbf57","pkSm":"37b491977d9bb9f271a3632064bed9f302d150357d0839ccdbadbcd6173a4419","pkEm":"9d49cfea83e2ccb0cfb7eabdbd1ef6c55fb8ffc739d03e180bf115791ff87c02","enc":"9d49cfea83e2ccb0cfb7eabdbd1ef6c55fb8ffc739d03e180bf115791ff87c02","shared_secret":"c019ff113e0f309e487dc5960adc4fcd6911350a9e85fc4383792122daa73837","key_schedule_context":"0252abd58a159195ab1612c2748d4ceeea5070496ba8c288bbe08601d1b2d14a4d873ee9cafb5415c4177a8661bc0f493c76414cd81fe7d6e8b390a6e3e6c93abe","secret":"b1ceca5c1b3376f8b37f71344c6fe1521090c6ee010692f083e6a5e6e45b6863","key":"83599f5f934755e886914e61a29de1d52ff52ab9517bc5d1c7fb28263a6ceebf","nonce":"447624b35e2c38133a2defd9","exporter_secret":"9f900e30337b61db9d212648d70885f6e40bac84c279b51f9a6fc22da8978e3e","encryptions":[{"aad":"436f756e742d30","ciphertext":"0ba66fa26360c526051791e6f377e6e35d0d7254c9269eaf01ab5b272ff8da13ac7f4339cb325568134e3365f6","nonce":"447624b35e2c38133a2defd9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"689222e02e128c36de72cf5169779a2769ac3a6f39ace69607a44970f9afabc7b236b3c600900d9f7ce9da6e17","nonce":"447624b35e2c38133a2defd8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"75aae78f896b62c95b423c12a087152b0f3f45057c36925cc2ee6e3f9bda3eaf447628e90fd4ca77300b3c45ba","nonce":"447624b35e2c38133a2defdb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"cc3b4f802b2278b4a3107fbbbb7f9e78667fee91957004aa6143cbbc1cef354d311e95010c19152eba1a731f71","nonce":"447624b35e2c38133a2defda","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"7d6dd0646b7ea2ad191d4a6a069e464642ed0c53392a4612238e06700b4ab20e0a9c025fc5b25b1feaae541346","nonce":"447624b35e2c38133a2defdd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1cf00297bcdb18f8f2295416afdf7cb589982cf50ce6277df8cb3dbd70c270d8b0805111e7f165bd3ea1c24316","nonce":"447624b35e2c38133a2defdc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"cec9a809a4a06ba86c89930ed21a2db95fb8942f70fbf2619be69e0e02169ea18f8390b905bc86435987c424bb","nonce":"447624b35e2c38133a2defdf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"5df50bbe002481f084c0194661e02f670e19898acdde8f78859db4915b951916ce7fc7b717472de39415e095ee","nonce":"447624b35e2c38133a2defde","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d2f8e9034f9f32cd85e0f69fc9cb4e93c55419bd9b1b7d748528e10d69e7a0654cf424bfcb7d8eef5deb1f3312","nonce":"447624b35e2c38133a2defd1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"3c3661439f0a31e2319b56648f6d4c30efb5922fa222c6be7a389a4d6441a7fb0de07057b455734ba506c2c5a6","nonce":"447624b35e2c38133a2defd0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"bfbc0230819d3e6dba6ae32f39e0840b8ddb14b927800a021bc9376d62462c90"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"207607306e5d68cbd2f32d73f472a9b3cf36598dd316da93d463ea025270935f"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"e498d7a98e6bc111ffb07ec8539d54e0b685061cace510fc5226c56ff1ca9134"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"24555bdc2881b2fa8814bca0803f49d768c7fc05f5f27c10cb8c2df2c4c4d584"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"23cee20b371e7b062ade45eea3e290749cc95e337d80b4d7ee36e4043724b35d"}]},{"mode":3,"kem_id":32,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"127a413bb98fa67dcfa9ae1391d9f2ceb637429ccf7634fbfaaa9b7c2d95394a","seedS":"26715ac5390fc7f72a55a95fc4ea7ea4def939213a1ee511c571edfdadab420e","seedE":"cc1cc98b3286bb960d74a304d96233b1f1d7b7298ebb6b79157c88b83dfbf4ef","skRm":"8368aa6054c102a4c4ca085ba83bd2a6ae241aa2a5f0247af76b0b7756042d46","skSm":"e2eafeb1389d6496565c01b6a4a5ff3f2d69475f8f43118f64768d7ccd0909d8","skEm":"c7a95b0534b3596cdb772bde4c80146bbe33c211d85d3f117b92f7f80796ce46","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"1dc131613febf7dc74dbd3326949bc73c5982335e52282b169807bdc62926148","pkSm":"70f2270817fd42b0ed69b0680fdb2912560f4f0440b9be05d93d7c431e7d8d7c","pkEm":"8b7d2426569473b14243aaffbe2ec64ab0bb58945144335f8fa58261355f3503","enc":"8b7d2426569473b14243aaffbe2ec64ab0bb58945144335f8fa58261355f3503","shared_secret":"0e4a803a76f093f4fb7a82e840cac442b06a0b30cabb20ba59b5982a773f78b3","key_schedule_context":"03e623aa22a604f74ba1383391cf0c046f3461b30b65733a0a9e9043172f9317da873ee9cafb5415c4177a8661bc0f493c76414cd81fe7d6e8b390a6e3e6c93abe","secret":"b7535e2df30b527576f29063894af1e3611957014aaaabe969fd31e47ad8984e","key":"d02364c8e94e08e015e6061ea31eda2c8c0fd5b4973d26dca610af14510b0821","nonce":"a3cd47557401fdf1a349b243","exporter_secret":"0b0f201f5c76048f2fd58d0817583e89807e9d899271bf862b795389be021885","encryptions":[{"aad":"436f756e742d30","ciphertext":"ec5d9354593006285b097295886b22854742ee7f44f0d1dd4235b99bbceec5a95c626fc9983ecb1b2be8f10f6c","nonce":"a3cd47557401fdf1a349b243","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"91b640c5045448c8c6c5657aceeda12c82eb2749611895eacc5bc7c4c8122588e37636823382c7ccb879784817","nonce":"a3cd47557401fdf1a349b242","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"037ed304c37b14836ff38a92fb7ab5a0d797db37f379ee84b6f533b703bf48985c6ae374202d715920325c7cc5","nonce":"a3cd47557401fdf1a349b241","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9d2c7f7e20007d014aa38308de433e60abb4cfd8dead753ba33c14a6c96c873e5e6ba56a219cd655bb017dbc5c","nonce":"a3cd47557401fdf1a349b240","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"8d970fcc5794969c4a35353adf89d6ea7ab4c62d8546ef1d1d6369ae6bb4a1c1620329e66f93066c7e377ae4ea","nonce":"a3cd47557401fdf1a349b247","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d67832b32dfb350c6a5272af809ff548bd1998b87662144112b7891966f3476b0600dc774a4d8de682cf84dd66","nonce":"a3cd47557401fdf1a349b246","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"b23098fa0591b56e6a885326d69081eac13723d0d58067b4a66f47bb161f6d18b5b5d708b45dae3ff8ad20ad65","nonce":"a3cd47557401fdf1a349b245","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"091e27dcfa24dc5b26d8a29e1c206a6969354545ba8f793ab8a4a689a3822483184bccf68126541b09c3d68fff","nonce":"a3cd47557401fdf1a349b244","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"f1b42d5b3a4a3e0808d694d101b8b1f8e543511ba4e303fc71d4cf1e5a932817dc26412cbcc6e30947003c6c92","nonce":"a3cd47557401fdf1a349b24b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"d48648b2c75eb86ffb00341417826ca6a9565a5bfd8578dc5e9d663507eed7ff4aca583607c22e8b57f14a0624","nonce":"a3cd47557401fdf1a349b24a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5e2de257432a21533c1d28cbbc3fa41b6bc7d649ec26ca4b132e7652eb2f7fb8"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"0f233d0ca18809f3c9be821053e24a4d345f5b5a930238341db6fee81aaf0cb4"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"af7de682aa69736a773b872dfa8bb8293943a60686b8a55685ec1c303ebe4bd3"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ae8b3011f3959dac604fa7256e3e4b99d26f2617d04b160f18b6e0db4d3b2194"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"9e866bddb361fb288d4c4f10d1086ad23c3f8e16694457e93cc7a70c103d4a25"}]},{"mode":3,"kem_id":32,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"9a063358dc95c04f2bdf2a9a2911145c0632f49012829d92b2b5d9f398a9cbe3","seedS":"bc7c6a9ce74ba9e7fff0644da70899148f4775eaa1857478f0275af76cabb764","seedE":"ca35fe19e214033e34465a3bb125dfea8b483e55fb8163774413d95a4d9b1f0e","skRm":"50553ecb05c3ad2feab069f7e767ce7fccf8f99b5f555499b0bec4c88b8541de","skSm":"910500b78fee3ab807b1e08f664d2822be453e7a795e1d613487cf15266ef933","skEm":"753d98048ba28e8bdd6a22c3530dcc208cecb7386aeebca9b49cab1b91f46b6e","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"b8a27c312fd14d866ceed49df7d847879d609d3ba074534f657dae1fb2ef7d3d","pkSm":"1b38fe7dc7c255ba5caf7116eb9fcaf3d63d60a1667042b6e19e769596ee3754","pkEm":"a6125996b3bb128bfa05392ffb39afd1e5b0031625e26c8c484e4aea0721ec39","enc":"a6125996b3bb128bfa05392ffb39afd1e5b0031625e26c8c484e4aea0721ec39","shared_secret":"0c9ac657691ef63b088f9777e84a9a8ccda766f0c9834ad318c0e49cc34fa43f","key_schedule_context":"03f5f7e2ba59c3ff0cff51f71c4204fcfc76c95f778b37ccdc6a83b3df36c33e7b6da3f8f29fa93987a2c185c1c17e719f7ae8eb4d564b80119e012c9c959b0ca1","secret":"502a94d9ee9cf5367beb65a97e7bfeae19a7cfbff25c6a4d2a9d1ece4d744b41","key":"968ebe599b1443cbfbd1914daa5bf667a52cf7a3339ecb209e8684f1f9c97d86","nonce":"a0bcc93f25f5b9e707f453e3","exporter_secret":"12fa76c18f0c16769262574bc6d49e9b22cac1d963e3e6b91031f61ef4277350","encryptions":[{"aad":"436f756e742d30","ciphertext":"1b049559f757b7c16d77bec8a8cf9c1cecc6becaa08aa513c791822b829345cf4477936df226e34804acb93b33","nonce":"a0bcc93f25f5b9e707f453e3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"21311cd102acdb30e18669620623c54dc66eb0c5cc7fad1ac1a327062d89fc1fb6cd1228f8de48418d089a709d","nonce":"a0bcc93f25f5b9e707f453e2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"3e84e9e5c3d004a6d8cea022c8ae5a10bac7d75829a189b137db55e6a5c11974792e8a6b92cc208d615f424d45","nonce":"a0bcc93f25f5b9e707f453e1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"a377781085d6292c5a91fce21c269dd5eb220be5bf2035de16530a98cc0e96ceff4c79b7cb50ede50c2f70bb20","nonce":"a0bcc93f25f5b9e707f453e0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"595f2004a961c4762e418d33821f5c73335a681e75512134c5a5e3912d24bd089b074e018f042e6164bc72c5f5","nonce":"a0bcc93f25f5b9e707f453e7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"4099f8c58c8fabd9af32abd2b9abec08d62b2fd88332f28ed804c64a9aa19a6f87a0950b7e4c5611b18110dff2","nonce":"a0bcc93f25f5b9e707f453e6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"e140cb63407363267cc24b31404281fca03280e3649c2da0f7e1fd4c900777bc5546bea0a3b2f1cf0040b4f2b3","nonce":"a0bcc93f25f5b9e707f453e5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"d7c3341b0ec12be40a56c83817f4d1f513c99851b4b26db3a4b848c0f1bb073124d3c4ce0a50b75eeefacc3fe4","nonce":"a0bcc93f25f5b9e707f453e4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d06d49a68ebf2e9081c526d64648cab19707935222dcfab9eec9cea9a02175debaa8d4a06ad92eb999b437edb7","nonce":"a0bcc93f25f5b9e707f453eb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"462fb838e0be597ad4b4db41c01ec74f5b5a5e981a1ca071c1042d3bd871bc50cc0dc848377fcad65628acb6c1","nonce":"a0bcc93f25f5b9e707f453ea","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"6c1ec2b099cd01a2f9b4f27df92bf6366fb964f6187b95126c00c9756521bfc2"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"7ba60f793b074bf90f9c3a5d910ef5aff0b87b44973047e5e10d98624f0f1238"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"df036ec1ceafd079400aad707110f98b69e461151b55a6506a21eb12e1b8a2f0"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"83657e205ebe05e085beb9d22441df8eb4b3dfac384f65be7165bc31ac670dd2"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"92cd0de496d63d465b9e2e544b3de7b62fae045d12a207d88ef61060053fa475"}]},{"mode":0,"kem_id":32,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"da0002ddf1803c7d54c1fb10fd68eb76afa2aa4577352b9ce26462cf63a97f6f","seedE":"8c5a8a722a10c144a7577a73bbbbddb0284ea3436f9901a12c54eafd6eb5cb81","skRm":"62139576dcbf9878ccd56262d1b28dbea897821c03370d81971513cc74aea3ff","skEm":"5006a9a0f0138b9b5d577ed4a67c4f795aee8fc146ac63d7a4167765be3ad7dc","pkRm":"1ae26f65041b36ad69eb392c198bfd33df1c6ff17a910cb3e49db7506b6a4e7f","pkEm":"716281787b035b2fee90455d951fa70b3db6cc92f13bedfd758c3487994b7020","enc":"716281787b035b2fee90455d951fa70b3db6cc92f13bedfd758c3487994b7020","shared_secret":"f995f043efe63c77ac333fbe6007240fd01006bac1b075d2807845afae89a19f","key_schedule_context":"00cbe688614d6e54c26594f3c118e6cb1a01f6c6572a9112dc2687bd3e8b1e6ba06da3f8f29fa93987a2c185c1c17e719f7ae8eb4d564b80119e012c9c959b0ca1","secret":"b061e1b7e604df2fe8a4d32e25d33aeb5a0849e7b15dd212231adbf656259f8b","key":"1d5e71e2885ddadbcc479798cc65ea74d308f2a9e99c0cc7fe480adce66b5722","nonce":"8354a7fcfef97d4bbef6d24e","exporter_secret":"3ef38fcad3a0bc7fca8ba8ccea4a556db32320bca35140cb9ee6ec6dd801b602","encryptions":[{"aad":"436f756e742d30","ciphertext":"fa4632a400962c98143e58450e75d879365359afca81a5f5b5997c6555647ec302045a80c57d3e2c2abe7e1ced","nonce":"8354a7fcfef97d4bbef6d24e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"8313fcbf760714f5a93b6864820e48dcec3ddd476ad4408ff1c1a1f7bfb8cb8699fada4a9e59bf8086eb1c0635","nonce":"8354a7fcfef97d4bbef6d24f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"020f2856d95b85e1def9549bf327c484d327616f1e213045f117be4c287571ab983958f74766cbc6f8197c8d8d","nonce":"8354a7fcfef97d4bbef6d24c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"14d88332e147f24efd749dc5b37de8d9367fea2dca34f8117bd8d2093e08489fae56595eed6503e2a5997f66a2","nonce":"8354a7fcfef97d4bbef6d24d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5e688918b05e96631628eef3e74781caf41c4f25ee1ef52ca1d746ca31561392c8833a7232036bf8e839a4c8e0","nonce":"8354a7fcfef97d4bbef6d24a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"3ad1659d8d0060428598bd13b790b0893d81ad11155ed618de7ac950c65a2d4a883a78b954946d58b2395a53db","nonce":"8354a7fcfef97d4bbef6d24b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"08eb46778b70677b32ead9ebe04f31a6dcc06eb19d41a79d9efc5af6e94a54a97558ce7a783b4037112a870a93","nonce":"8354a7fcfef97d4bbef6d248","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"0e3b0d39dfb10f63905b30b12bcbc87735dfbac2e66c3724a6803da266ea58e464df3638cb7605f801e8d8f1f5","nonce":"8354a7fcfef97d4bbef6d249","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"c3f4cdbba72516de891a4b1b6d6ae1cc071a9adb2a17383182c6c5e9d34e38217d59711700f3b3503233225b1d","nonce":"8354a7fcfef97d4bbef6d246","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"7dddf70f5cd25cb840b70fe4355b5c9c77aaaf12fe158114df2718dc2ce9e148eac89966b1b68660135c8eca4b","nonce":"8354a7fcfef97d4bbef6d247","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"22bbe971392c685b55e13544cdaf976f36b89dc1dbe1296c2884971a5aa9e331"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"5c0fa72053a2622d8999b726446db9ef743e725e2cb040afac2d83eae0d41981"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"72b0f9999fd37ac2b948a07dadd01132587501a5a9460d596c1f7383299a2442"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"73d2308ed5bdd63aacd236effa0db2d3a30742b6293a924d95a372e76d90486b"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d4f8878dbc471935e86cdee08746e53837bbb4b6013003bebb0bc1cc3e074085"}]},{"mode":1,"kem_id":32,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"2dc8b23353f632c2797ba4644fafb7363d958c1fce79162a215863951bd9a06c","seedE":"31c63611a67f55281f76477958758873f7a65113f3e1666ba5fce96e96852684","skRm":"a6ab4e1bb782d580d837843089d65ebe271a0ee9b5a951777cecf1293c58c150","skEm":"4bfdb62b95ae2a1f29f20ea49e24aa2673e0d240c6e967f668f55ed5dee996dc","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"c49b46ed73ecb7d3a6a3e44f54b8f00f9ab872b57dd79ded66d7231a14c64144","pkEm":"f4639297e3305b03d34dd5d86522ddc6ba11a608a0003670a30734823cdd3763","enc":"f4639297e3305b03d34dd5d86522ddc6ba11a608a0003670a30734823cdd3763","shared_secret":"95978c18311fc9e360209dd2cd10b2fcacf019ed25f7703cb2b4e4538558c13f","key_schedule_context":"01f5f7e2ba59c3ff0cff51f71c4204fcfc76c95f778b37ccdc6a83b3df36c33e7b6da3f8f29fa93987a2c185c1c17e719f7ae8eb4d564b80119e012c9c959b0ca1","secret":"2c25a1d6e3b889cc8ea031a96aa3357f16973f83ab1d444114e7bb4f56e4a639","key":"396c06a52b39d0930594aa2c6944561cc1741f638557a12bef1c1cad349157c9","nonce":"baa4ecf96b5d6d536d0d7210","exporter_secret":"96c88d4b561a2fc98cbafc9cb7d98895c8962ba5d9693da550cf7ed115d9753f","encryptions":[{"aad":"436f756e742d30","ciphertext":"f97ca72675b8199e8ffec65b4c200d901110b177b246f241b6f9716fb60b35b32a6d452675534b591e8141468a","nonce":"baa4ecf96b5d6d536d0d7210","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"57796e2b9dd0ddf807f1a7cb5884dfc50e61468c4fd69fa03963731e51674ca88fee94eeac3290734e1627ded6","nonce":"baa4ecf96b5d6d536d0d7211","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b514150af1057151687d0036a9b4a3ad50fb186253f839d8433622baa85719ed5d2532017a0ce7b9ca0007f276","nonce":"baa4ecf96b5d6d536d0d7212","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"50a645f0f9bddac7b1029dba61921d2cdc10258e6d67e4918000eab0d617fb04a655caeeab308eb159585ae07a","nonce":"baa4ecf96b5d6d536d0d7213","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"6232e4a184dbff7361f9e4d6bfaaf97631225ee317e63cb09e8f74fc93efeedb6385d4f4cb2e30ffb82aea0e1f","nonce":"baa4ecf96b5d6d536d0d7214","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"ab801465f2080c1b9a06b582a919b51fc289e1b5b14bbad0b09cd92a82d27a1de1b934fd809cde8f19ef988373","nonce":"baa4ecf96b5d6d536d0d7215","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"83248649e62ac67c3b9d5525b886c04960b00b02df2d34c91284e8ed537feba132b03d12b868822af1e583118d","nonce":"baa4ecf96b5d6d536d0d7216","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"5ad03248b8e5270a654b090df5eb8955120d5cdc00f5dfb004942125cec1fbcbaef7d9fdef284bddc134018b74","nonce":"baa4ecf96b5d6d536d0d7217","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"56333a4ee1e5512cf2ffa1fd135fa54ba666f4388cf654fda9d7696ccfca1c51facda5a9bf80c9ac789026955a","nonce":"baa4ecf96b5d6d536d0d7218","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"e352a356575dcee382c8d2489bc45dc3a757979638e952dbac969eb092e9c616d8654e9dec8d1c0777e39478c3","nonce":"baa4ecf96b5d6d536d0d7219","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"735400cd9b9193daffe840f412074728ade6b1978e9ae27957aacd588dbd7c9e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"cf4e351e1943d171ff2d88726f18160086ecbec52a8151dba8cf5ba0737a6097"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"8e23b44d4f23dd906d1c100580a670d171132c9786212c4ca2876a1541a84fae"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"56252a940ece53d4013eb619b444ee1d019a08eec427ded2b6dbf24be624a4a0"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"fc6cdca9ce8ab062401478ffd16ee1c07e2b15d7c781d4227f07c6043d937fad"}]},{"mode":2,"kem_id":32,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"71237558db2b55c1a09f6695187d2af6e7d1dd97256cbb927bfc8a794476d07f","seedS":"4255c61730d15a7ed2018a023ad45274c1ab38ce621d4b597636e08e97619ef1","seedE":"c9c2d6f5a6f88e4c2bf5600817aa140fcb46dc682942bfca357c30fe2db17d6b","skRm":"05f54678e1c66bccf4c485cd297d080b4bfaf7cb049f876d80d9102f8ad06fb6","skSm":"18bbae7f265b459930a1e2773c6e3d447ba1bbdc8a59d91bbae159e87f131e8b","skEm":"91f86be15caa8696aea8e14c27c05a5139a87d049a3cfb97606989c7cd996335","pkRm":"c7667fb6e14617b12aa7bbc25cb916b360b324b0e08d10570533d258b8a87962","pkSm":"2c8f2577674c52ed6c8e6d3485afb7746a1edd02985b85f139fa51c617ea0070","pkEm":"f82cc290dd57c0c63f041ad62605d1ae0c5436243e18758b2b63658904ee6a09","enc":"f82cc290dd57c0c63f041ad62605d1ae0c5436243e18758b2b63658904ee6a09","shared_secret":"92d03a5e87f58fda583129e62f1cb55769df02a2453863b0a09f55e4bd5ff7be","key_schedule_context":"02cbe688614d6e54c26594f3c118e6cb1a01f6c6572a9112dc2687bd3e8b1e6ba06da3f8f29fa93987a2c185c1c17e719f7ae8eb4d564b80119e012c9c959b0ca1","secret":"4760feb6cc5ac6891ef2114490723c6ca2ad3352b2c52a60b390616d731f7767","key":"7638c7ade5856344fbc3a92600fa278dfff1c22b5857fe2c391e5bd248ac32ac","nonce":"1d14b2320b54376e6c43e791","exporter_secret":"0ea20eb846e3c26f1ee8b2ecf55c9abdfecc910387945528c73a5ff91bc4ef38","encryptions":[{"aad":"436f756e742d30","ciphertext":"30b013196168dcaf7a07047eda596f8c4f425abe6cfa269a7602b2a2b0bea958e2ded3c68c8c9e341ca4bf2e31","nonce":"1d14b2320b54376e6c43e791","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"a259ce67a35c44ff9616f83cceadb2f0f542b208e9410686ece7e3eb92f08ca2e3fc95ccde64e849c96367952a","nonce":"1d14b2320b54376e6c43e790","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"4691caf957cf159e39a3f66cee9cd76e06ae3e7f97c577898423babfdc9800669d69356531dab839e0a491d502","nonce":"1d14b2320b54376e6c43e793","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"11acad0d8b2d5f2e82bdb87201f5b09df5f71c4341eb33a8a0c6f253bd122945b5706d40a11614ee128cae6131","nonce":"1d14b2320b54376e6c43e792","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"471ccbb6a81a3bfcc4c11dbeed62e95a7279fdab214f3b0cf22e998a89a2fd054fdf6326ea6a340b20cfafae20","nonce":"1d14b2320b54376e6c43e795","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"9a51e37bc5c41261c6fcb9f8036611faffc4e39a2190b3c313c2ef62d8904a14a6ad81cd56d56e1ab99d5b3889","nonce":"1d14b2320b54376e6c43e794","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"822661572ff4fb84619b4b12c38640fc1b1ebad69fb97dd425ce0efa4fe08aa9090bc2297aad658ede2cc20a96","nonce":"1d14b2320b54376e6c43e797","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"5ca6f9ced86a2f0fda6e1c2f0ac2a9ec3c9ce66c467fdb306a94cba91d9bf50e435f75416633bad5c97bedc730","nonce":"1d14b2320b54376e6c43e796","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"1128b6ad625f2617d471f1608aa45b21122b43dd212223a62445e301e3c4ef4ca199bb7bfcb7b20d509a08b14e","nonce":"1d14b2320b54376e6c43e799","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"3658f02680a2beea1e1e3502f4714521cbbb4578a13812d3aea17147e79b4ae062bd1f8790bf4f20607cfd4dfc","nonce":"1d14b2320b54376e6c43e798","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"b8902ea677882e79e60f0e65253918c21b346a97fc2767ad3f47e51d387b6400"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"aa92552439bd2ad01821df3dc0d554ec2ddfaa744df9e338db8a523fb24b4170"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"64c8473dd1d246edf1cca89cf90c37c38aaf0a80745f2d085a143179f77e444b"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"bfa826352fddf2fa033349f0a9fdc679f4df87af7d94723657119531ff4e81e3"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ec90bb6309c5d1a206f8ed9789f08abf76469c0507edbfaa4586d4aee0d68c1b"}]},{"mode":3,"kem_id":32,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"5e9430f75100e243779110bcd9166d0581dfd2f99db6e0080457e147295bf34d","seedS":"5d1d360a576b3ed866b57bf67e7bcc2280b28c050abb1b4c000f851ed2a48547","seedE":"5915b3eb940bdab74b2fb99d50d1fe978ee9d52063a68595db47f4cfb08d310e","skRm":"f7f65fbb3dccb4296f8e184f08e8cab0cc713367d7fe482ab0bc82f70426fc9a","skSm":"37185c6564c333864a81671f36f49dde8e0ede8ab44c0f9ef2a18d378d3ef737","skEm":"589a5406ccac263fc8d7b442a71835e14e90eb4fdc9e43e92070fc6b7cdfe404","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"e05a289a384add8f188bbc2c875b7e361e0475d099eb6d27cc49e88664fadf6d","pkSm":"1f47c8be014cabf904cea3a57ffb41c5faf20ed7aad5b538979a61e7f4f56b09","pkEm":"cb6469d6708a6e4a0d4f36b875a90849e230689cdd17be2bc724b4d12bc9cb29","enc":"cb6469d6708a6e4a0d4f36b875a90849e230689cdd17be2bc724b4d12bc9cb29","shared_secret":"facb471314510a2aae54c0a110018c89ab2f80ccf1a8298f7cf0269e13db94d4","key_schedule_context":"03cc094b22955765a9aa3dc3ff58b26c8c84758bed960d693e13d606cca12454c2dcc3cbad2443923c74ac8b066de4f99a57ceceb24859069eb6c7d69ae315def8762135448ab48be035e789e67e0affbee59d601f0251c30987f11cfc5ac445462e5ce28b7932d547576975e27519875cc5504c30c151aa97ee3dc1398788d52a","secret":"9a2b49cda253a428a2e9c41f6143eaf748539bc10f2e2c959155f9062b3caef9eeff54811abee4c48c04cad4bbbf3cf87949add9901ef20a7941a0850f43ae2a","key":"7b24b1064c176c7a7b63cc2bf5488765","nonce":"c20982814d1fec4d10678e67","exporter_secret":"04337c3fa35c7e4ff83a14cd5e78741f6f31db85bd80529ceab30e5c850b955510d8feee8c255334547ac14fb16bc7fc2270f4fe99548e4ed7abebc5253acc33","encryptions":[{"aad":"436f756e742d30","ciphertext":"5417bcde0bcf1e2aa3b3d497fb05096a76925a678db4afbc34861a895bf25fe3731b09b9fbb57907784cad077c","nonce":"c20982814d1fec4d10678e67","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"c046ce0b0edd3c3868a740626f9263641046e0364cbe0448b8abd3e7f2cd744670d6fadf112b3fad35e29740c3","nonce":"c20982814d1fec4d10678e66","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7235ba9a22292c6f49d982fcf97790d403b68746db53150a7b1dd25b5a7187ef4103763ff61d5faae82222cf1e","nonce":"c20982814d1fec4d10678e65","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"06f54ba39744b06d3947a03333427f807578415d4a4bcaf8b011b691f758a145ed137b843d50e7ad4eae44bc0c","nonce":"c20982814d1fec4d10678e64","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b7c642834a9d609fe87fc7443659ab5fbdc8a4be018ae6d4166001095c9cb362bd713448a3e8b625ddd545e650","nonce":"c20982814d1fec4d10678e63","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"098e528b7b818ea150eeea942ad6457ecdad711ba6a8f8ef4a1685f77c0de09ceeee2cad0ae341fba8c4342890","nonce":"c20982814d1fec4d10678e62","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"dd3df7c7678904c08faf2cc95996834dcebc8832c039325f94e915e34a6249e46714de28cc22ce9d9a7c7b83b5","nonce":"c20982814d1fec4d10678e61","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"498724f30c4e624f9dae0883e5ce979839d3b1aa5094dccbbcdcef13d687747e79d1808462c619bf635e7c77fa","nonce":"c20982814d1fec4d10678e60","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"20af71cd8eedd815958bc62cdfab2bb612dd9fb8fe32bda58dc357939b73108180d4140278fcbe6633617d5c19","nonce":"c20982814d1fec4d10678e6f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"4e07810b686425fe70974a481317d09d89b1d49dd0e164a12c44c7f15d92445b3dd30eb3ea3c166ecc49345b38","nonce":"c20982814d1fec4d10678e6e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"14877f91ade5df257d363a72709b108a728c225a4a3efa9c29d961dc931f2a0e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"447583e788e3e0d6336d2b373775023ab55a2bf448a6df7fd6da8276c24da466"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"5815b192c95cd1614f4b0de668c63a50b409ad73d95b6eec674484f7044e4f36"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e33e1e5c7556debeda5da3c8de0dc486b3d712a82e7f3c2161f1f01fc037332f"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"f5f9e2657aab8c09a2f7566a51b199c84761ad683f80bb371a2e4553475bd1cb"}]},{"mode":0,"kem_id":32,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"a786126e19a5e0e3c4e54b7882fb80fcbf19941cd4183c67d467c91af0927239","seedE":"4bdf1773e0b1f9baf8ae5b49682f5b419ac2f2dc399e2f81381d869416e30246","skRm":"f1d9c20bd7a7b88aea23c2d6f457b9d14c83a02f4bd52ed34760e3a70b4d1f5e","skEm":"7854915a6fbec01530902324cee60646536d189633d980f04dc03711b49defb2","pkRm":"cdb3ddcca2377569ab2888bc2c529ea8c16e55bb68f6925888a9212aad89fc19","pkEm":"d1976db4826912a68d1e1d562ba37b2a04faef62e71193c142d78b874bb24f78","enc":"d1976db4826912a68d1e1d562ba37b2a04faef62e71193c142d78b874bb24f78","shared_secret":"0b41304c37562993d694c0f8ca11800c028f56a993d0812bca623fbbfac185df","key_schedule_context":"006203383e1ae65f6b455b5858e95955a07ebf7b673d1ef93ae2bd3bd4cfd952978a62a7d140c519e4a4d9167aed8819b2034c29fce41574f10a87e0dac20767a4762135448ab48be035e789e67e0affbee59d601f0251c30987f11cfc5ac445462e5ce28b7932d547576975e27519875cc5504c30c151aa97ee3dc1398788d52a","secret":"333b5f32babf57b5d712101d00b41d6b46b19ba5ea365be46c7edac2f27d68eceefededd7e1d1e2cbf59dbc95e7f6a4fa7f8fc2d56cad77daf293a8281f6197b","key":"db2ed7a433455b2e89c7c8cea7693cf1","nonce":"9ad24c7c53bfb35a41210b0e","exporter_secret":"1cb1229f21d3599f4b8317e1a419fa3360a6ea9923245e29e934c30502d3ace6bedb9ebfb99909d1f6afcda7039d0517d52e3c6dbb303673714c089179df710f","encryptions":[{"aad":"436f756e742d30","ciphertext":"fbba8d4f66c1a5cf77a89eaf5201a538a7e6fc8a37b6bd96a29fc3cc7a51496ec92f46e6392dcec9eba772109f","nonce":"9ad24c7c53bfb35a41210b0e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"05326c3d17447ac21d1f17e720c93c7a9fc3f57c1bb682cafbd026e27def58b950aeab78cc17a070e992552436","nonce":"9ad24c7c53bfb35a41210b0f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"55958c515d297358af6ea2c952ec05513499ef9923c282dafa8b235e7bad03c130cc838c765a9e604c7aaa1c9f","nonce":"9ad24c7c53bfb35a41210b0c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"60dbbaecf091daabb228b43111979f1212dfef251017606443671a160419655f170f8ee2f23ad1754a56de4107","nonce":"9ad24c7c53bfb35a41210b0d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d316d2a28311d228c341a36fdee46028bb44b0a474a1059113440e970a3064cf9a72a56b24577c0f84341a125d","nonce":"9ad24c7c53bfb35a41210b0a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"48dc6be6fd66205fba951df5aa2b33d8e25641075f3cb2f4d165b909be1318bbc5f3450549f2e746f078478f7c","nonce":"9ad24c7c53bfb35a41210b0b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ea1e4f1154364ef394d9493e2d5e9e33e98f7e64f2a51d0f394851d3329e7aecf7a8dc6c24ca1b12420dd210df","nonce":"9ad24c7c53bfb35a41210b08","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"c0bd46a29e1ac5f34755f87928e4fc1b8d1894d0e731fac3c706a33a7f2a15fed65566c345f0bfcdb708adcb1f","nonce":"9ad24c7c53bfb35a41210b09","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8a24e35391caf3359190ad6b25a4536bdca240273e65ffba76c978d8f2047c7a291e4caf8aac2af4b04ef8365d","nonce":"9ad24c7c53bfb35a41210b06","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"5b9b653e1fc92401823f8f0914763056d012b0a9830809d1ad68363ddf278ad9bf58f9e727a2ee9e4524d2f28a","nonce":"9ad24c7c53bfb35a41210b07","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"760cec56bab6780fb7ee51563e7b9e6145d38ffda10faa1053f65b1f74fc2733"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"25e50184173be00e1e07a8e6a8bbda8bf628909f7088e01b9b1c720ece0526fd"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"fa4207bb0bff9af2183978736f84a703d23568b82675a964681383c3f11047eb"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"fdbebeb2901e996284387bf0a7d4d26ee8eca9f7f5858bf98015d7595813bad3"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"1538807322f02dbded405d10de3aafc4f6d365d9aefbef081d114dcedbe1cae2"}]},{"mode":1,"kem_id":32,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"43ecb1a6e630e12cb24332e2a08951ff7d94937d46f591381cba6f7a463d200b","seedE":"0cf1f0a982cf339261868e6548345d5e610054d55daf35fd41a166ffef95b8ad","skRm":"ac1f54ecf81f53a71c5be7f734346fffe084ba6f5966d2b3173df819145bd722","skEm":"20c9020273ac6193f27fb69af406cdab8154090c28aa2c7b870b92513d8805f4","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"7e8561e6b753c6992df8d89cc1e447bebd4e21fcd4d1dc868f6b2ea663ce7e18","pkEm":"7c35810fdc4009af7cb98dca0838ad32495c71c3003be650ed1ea0f6cd1ecc3c","enc":"7c35810fdc4009af7cb98dca0838ad32495c71c3003be650ed1ea0f6cd1ecc3c","shared_secret":"29755d2e5faab6748d601ec4c68c752ab23f04d6438c21ab14acdfab860cd4cd","key_schedule_context":"01cc094b22955765a9aa3dc3ff58b26c8c84758bed960d693e13d606cca12454c2dcc3cbad2443923c74ac8b066de4f99a57ceceb24859069eb6c7d69ae315def8762135448ab48be035e789e67e0affbee59d601f0251c30987f11cfc5ac445462e5ce28b7932d547576975e27519875cc5504c30c151aa97ee3dc1398788d52a","secret":"c809f7b5f7421deb5812b39a787aed6b52591115c427d3d53b578f419d0dbc3ded44f89a822f1caf9c2438d020caf2e78858c1f1825ff929d96acfdf317d17c1","key":"b11d0f2382a047a9b0ffec876c42b57b","nonce":"3414ed70345e48e38abc1414","exporter_secret":"2985eb1aa88c3425898e1ebca382890438b961d0f79edb76ab6a41fbb0e9516c4f41dea0b592e32aa9fdd8aecd69a7751e028b0b043d0fb642411847b44d5a07","encryptions":[{"aad":"436f756e742d30","ciphertext":"13d119d97709546435a5fbc99a39d9ac3f2ef459c9841305582282c435aab714af1df2f52bd07f196bfe9294f5","nonce":"3414ed70345e48e38abc1414","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e8f9743ee3eeb41cebade4ba2f0d758b679c560a53a720aeb88017bbd778537b02b3eca27bca61fa13898847ec","nonce":"3414ed70345e48e38abc1415","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7f0218fe141ffccc6229d096516a27cce109e1300f59a3500288cc1bb57c765b91b4a240075493d94abb9e4cf9","nonce":"3414ed70345e48e38abc1416","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b893adce352a2b1c780f67475062a9eb827ba2fb2e7ec4ae21e27d6663e1a988d81390b50d99b4de2b451afce1","nonce":"3414ed70345e48e38abc1417","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"8e733ddc1dd2b80ad6decf1b0ce08a28e9f5e644a7439621cd028ac9599c7657dac34173f7d5489e34be099462","nonce":"3414ed70345e48e38abc1410","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"4551173fc2233def235d52c738dc5095bc7abb6e3c3c7f8e58ae983bf68cb5b6fdfdf334b9bef4e1c5b11c2884","nonce":"3414ed70345e48e38abc1411","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"3384441833b623b36930d89a3e795fcc31e703d460ec48dc43be345794a2d73af9f4283494f23b904ba609197d","nonce":"3414ed70345e48e38abc1412","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"ad5a5977bd3486ec319850a52fb8e7cba74d0e2c2ee261ec9a6b2bfb579f7a55f8bac5ab774c2bc28d86623ff7","nonce":"3414ed70345e48e38abc1413","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8d4466e0d99086ee1c0171a111a2c1ea5736ba9324eb20aa0d071dcd8c4581ea1dda96e25dd3f341c84c9c3529","nonce":"3414ed70345e48e38abc141c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"adf8ca449b303657e9d81bf9566d7562d9b28d9c63758bfa93586f5ba69a2fe2dca1dafd022831de39b6453c28","nonce":"3414ed70345e48e38abc141d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"899f63d5646d1116e63029c0c03a3a8b63b815af58a0e197c440e8075daa220d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a2da1ff2773723418e07c63d39455d70be0865d6d0fb29e355eda599a62441da"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1c361d5b9b14c6f75660c8c960b908394c0281895fbba9288730822511a24171"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b5258b7e39ea3a68177b50a5a492b6cb8083707a1756e5a7d5d4370556c856de"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"81ddfe54c7894f987e2945333a5ec809068890587759b6407feb1d6f1ca26e6e"}]},{"mode":2,"kem_id":32,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"820bf46d4ab7bebf7a02c40192ccd12787e7f9ed3dc7b8ae82d1c91d5d15ddb9","seedS":"52ad475488a9dc5a8f9d135b64e1d254db3d29b77774834df12cdd0942a24ebb","seedE":"5b2125ff49e1a1c36f8759c6558ce9c12dfeb1b5e241341fd3fdbe7330522640","skRm":"cb83517c3c0cc1dbfa0498b8f279789e193b17401e884cf06173d656f98820aa","skSm":"ad94176aac3504ee1d0f30ae7f38c21d6f3e5227a19cf24d1ebf7d69dc17dc1c","skEm":"0374f17011a923033eae1847e561e82c259889d35168261eae560c3764ba7f3d","pkRm":"fec1d8bfa85daa89319ddd2d46684f42fce1c0a25c4bfa07b54eb4e3dbdeba03","pkSm":"80417415eb586d2bd47412519393c1165b073f57086ba95e72c177766854710e","pkEm":"1f17c1c0b29d9c312fe8f71c0e29f5441998fdbd0b029a1d52a751d8b01b6b58","enc":"1f17c1c0b29d9c312fe8f71c0e29f5441998fdbd0b029a1d52a751d8b01b6b58","shared_secret":"fc4fedbcd0985bc84eaee1aa6b174e6273ac9f16c6048fdfb02faa9560199a0b","key_schedule_context":"026203383e1ae65f6b455b5858e95955a07ebf7b673d1ef93ae2bd3bd4cfd952978a62a7d140c519e4a4d9167aed8819b2034c29fce41574f10a87e0dac20767a4762135448ab48be035e789e67e0affbee59d601f0251c30987f11cfc5ac445462e5ce28b7932d547576975e27519875cc5504c30c151aa97ee3dc1398788d52a","secret":"b182e6f939f95a4e97cd8a239da503e39e614c911a1142c6b79275085e22d80cc4c9113b3bf9379f8930805aaff187652b2cda69d98de2340ded32a90b244efe","key":"26321329cf054a5576d37b0a0c9fde45","nonce":"003ec10fde32244c5dce2b8d","exporter_secret":"9c5125374a4d074afa1fb2f8d875ebae2b2bb4436cee8dc57be6fe64c493492c46c6c04ca58c1b94f1126859c7459ac8fd08c8945219987fd02fa8fd14027bf6","encryptions":[{"aad":"436f756e742d30","ciphertext":"837827a4dc33b7a23ab23ddb5f0ed898c5f744609ec9bde56f6b07bf0373b6585c9b04df17203595a4a683bb47","nonce":"003ec10fde32244c5dce2b8d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"20a40e718f89db3fccbe3fef32b7ceee4419e1aa6be0844dd81914f44658d9b39efe412debaff411a186a45824","nonce":"003ec10fde32244c5dce2b8c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"1bd2f1d9195420adfa58e7d06aa900354006388e51bf1d065e2f891cb7175b00a297d4eba78a584589916e806b","nonce":"003ec10fde32244c5dce2b8f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"2e56cabafa81dcd7c5e58e2060c98fa8e3543e1c76065abd390a72c6d3a39745b49d23a3090e360783d3600e37","nonce":"003ec10fde32244c5dce2b8e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"fe3390926d7896140c946723f50dd12980dc5097990f67e050b5a99d10b6947449f6953871234db7a2afcafe23","nonce":"003ec10fde32244c5dce2b89","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"f9d9374b9287be63f8daa4404bb150f162ccf97afd74c7016bf03085f9f4b9511cc2e1cc48618553474c7c7767","nonce":"003ec10fde32244c5dce2b88","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ff60b8b544531a5cdf5dbd0a79a76a50f3369f327b05d5c2145bf24567a475bcaf2e167495685c55454d56b98c","nonce":"003ec10fde32244c5dce2b8b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"8df1f8d039429ef3b6e1e27b9bd59d609c3d0e7515a88c3ca8446ef3350c2f32a8cb0e78ee0b42388ad957537f","nonce":"003ec10fde32244c5dce2b8a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"0a506355098c5f15c8f46212eb8b3df09525207b5d32e180848f9f77022bf7d58bbae86830fc45e658d6c6f527","nonce":"003ec10fde32244c5dce2b85","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a3f4cec2871eae9c16d3093442d065e3314fc78e603e7730cdcbff81e92b8dc0789a5a1290dc9cfc5c881ec894","nonce":"003ec10fde32244c5dce2b84","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"0ec37494f7b2544c1f448226710ee12be3b12c54cae4168e4617fed253b08095"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"77c29b8ed6700ca670a6db3af32bfe1a9c779c695b36e7359df169aefc68ec64"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"a91be9089d657c587a7ad01cb7809760d8f8b7dc91d6d36e56f65ddffa6d62e6"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"a840afe2012451a8115f49894473d23124de4341fbd4212a6127fa1db05278db"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"0af4ca04a20107f7398a6aa40e2674e3fce58618837b89914fa6e1b8980390b8"}]},{"mode":0,"kem_id":32,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"e783b7ad03555657c49ba93b11e2b5ea13fc69b9548b59fe2389f9d879531efa","seedE":"d1497d0f8d8ec8db2b4774e8367f54be80f4c0dc0e9beef474c35e8e3fe8d762","skRm":"6c84707a1b8a46e356795ce20e2f556da0f518eb29477ceb2b5dcfdd68989212","skEm":"64ed0bb5e6b71e91eaf9fbf5196f422f8430f0d79b91844b892b59c25086c628","pkRm":"bc66fc66209686476b3c9b2e7489a3bdb9835df1a888eb5022c417d0ca1fdf7f","pkEm":"ba09ff75d7e2a7a2fa9d698a0706a4e1bad0d5615c55c69628aa88b3fc270a6d","enc":"ba09ff75d7e2a7a2fa9d698a0706a4e1bad0d5615c55c69628aa88b3fc270a6d","shared_secret":"9defe9cf50fffc4242ba343f05d6a071fe3ace1c9d9093eb76265f51609f2151","key_schedule_context":"0073f945acda7f7a9a792b4a2ea025189ef12f6b88a87b421600137423872748fd73ecbafd48f4c15c1959360588c12918ef3b7804b01b088b9c7329c283be06d822b8255fb5743844a872c00dab0350f4b3c350db3842f9b3f8951a62ee666551a290ffb1a799100f0b56291f800042cad3fd852fcb2a723ebe437daa77ed156b","secret":"561142644e4ba9117267514b04f1ba228da1ee10b20b12cf8ab44fddef9431e1ad055103f2559f32fbe8a2cc61d570648e3c697b7a67c26ed20b5e1f010b224d","key":"886c8089975343cb4bd736c5f31ee45d3289133034723e9aaa0eea6d0054b775","nonce":"f70c49b42ede03de377b48e1","exporter_secret":"1b06858fe246cc0260d9fc0275c6b741946a87d3ffafdbe8d0ce6776fb0387bcf92fb07bb305df7a7ce872b6d6728f9eff6cafc9ae0a330887f17e098cb1cb8f","encryptions":[{"aad":"436f756e742d30","ciphertext":"65e2512b6bea0738746d1c9b5a3bc2149c5c7fd43ade420b4c55f884264a2c606dee89aeafa6a66e55213a0dec","nonce":"f70c49b42ede03de377b48e1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"32fa3a5253b53a802a493f9a2c4857775b641a16989c643ce2b2f4c01e49e39b72e961c9a3ed4b648fcde75a11","nonce":"f70c49b42ede03de377b48e0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0e537e6ccff81b53299c440e9045e1374944f9b60c175903037ad7d551e61ee9915b78035c297df7c6134c3ec6","nonce":"f70c49b42ede03de377b48e3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b8c65d5c4bd920821f82c2499da8286f74998bcd4ae102e66987bfc7580094612fa0c560ad37784bda9298fc1e","nonce":"f70c49b42ede03de377b48e2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c8f1681adebac7f109b5cf5b0c7e85fbaa190d3d4a9d16ada8e08763feed8ef2fcb2bb85081c1f652fd45d2a29","nonce":"f70c49b42ede03de377b48e5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"8240b9bce84dc4b202d61e1687b37d746e49b233820d3493ac2a5c97cb3a2f70839fb6f7c4b6eaa80e21e80d76","nonce":"f70c49b42ede03de377b48e4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"42541a69b5953fd02ea5a2f5129447425572c99339a3228016f49153def718e1315292ce7d2c8b3a7f74567bdf","nonce":"f70c49b42ede03de377b48e7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"d2316427e8c48f92f70acc180818e642aba734dd481dd889d47a08fa9a9cb67aa39ed90faad8bda2151a745391","nonce":"f70c49b42ede03de377b48e6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"dbdbb33329d44fb93c437343af27791b2817c1ec392f6771ea598e60e73d06b2714978034f2b5270e80f0945fb","nonce":"f70c49b42ede03de377b48e9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"f8c7f2a437bbcc472cba3aa7928414e4b4cf9867e0b12be1b4de0f8a9177a19d4c2f4fcb7f1f27cad391d7f3a2","nonce":"f70c49b42ede03de377b48e8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"87c135b0f1670f076865bd364a21612ef0afa0cb70daceea3ba9a01b0007a521"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f25e4fd51a25cc972a405638273d2a7b7ee84807633121b2611da1bdf15a2f46"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"83e790e3c6dc91401e5fd3070f31b3a8886ad26d177b0dd2c4e38e1530154bbd"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"3d4f5cb496ace65fdd21b82568ae0e528526df3f10760c55784a2c9a1f46bc37"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5c49cd3ebcb956aeb7e41c9a0f2d4b4c9501f66cc544d8d7fa62ce96d2938857"}]},{"mode":1,"kem_id":32,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0d03b1625cd52b651ce738cbb7053a39ccce696a2783a03e3e9db11cb0a68265","seedE":"10a5f0275769776ea7f121bb9fd7b12f062b8bc14bfaa502bfbcc937cbbd163f","skRm":"939a0b48510924ccf6449c0eaaa1069bb41ab9cf54d090e6c6eb9aaab6051d69","skEm":"d3668380f7053086047e1f8a66e0e32c45c1086002b6a67dc9a942058a655073","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"4af18720a608d13ce17268aa1721876e96ec4173a40788ddfd60c886b4c08605","pkEm":"2ed53926385da5d41c76e75a636cd795fea5200d0e7ef6affd4b741a1196be37","enc":"2ed53926385da5d41c76e75a636cd795fea5200d0e7ef6affd4b741a1196be37","shared_secret":"24f1483ed8d4abe6c92a5c5e5e61e28e9314a71dacf646c6bbb9cff1bcaf0918","key_schedule_context":"01dd48bfdb63d00c44a4845d06c258b5c5b4ccdf948bc3d346a3dde3bcf3b46db6064faa4d81649134adeab3c4027df3962ff1c6fea27fc18fbc63e9d4bf262b3c22b8255fb5743844a872c00dab0350f4b3c350db3842f9b3f8951a62ee666551a290ffb1a799100f0b56291f800042cad3fd852fcb2a723ebe437daa77ed156b","secret":"b99a46823fbdd9b6c3da2adb68d2030cfbf85d3ab7453d91b485dc40799ac1e4eb17a06519f46597b87d211f70008ad9584e69a1e89704be0e20a4f2dcfbef17","key":"36cfcebe83218f402cd1ac2961c6e27d0201affee517fc13360d79bf4d82b3ad","nonce":"590c8c1ac13132d2068c994d","exporter_secret":"b43d818759306b815ceb2d8258414cceb0add065b455d0e95c5c40635d78e9e3ba5ef66f23c237a4f1ee08a709365291577e83d9f620f41a0e94754b6c61fadc","encryptions":[{"aad":"436f756e742d30","ciphertext":"b5039652103f36bdcf1380b947ed8b6dc3413b98cff2c6451aff5fabee7234ace274918eb665f6d08850a70093","nonce":"590c8c1ac13132d2068c994d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"f1a1beb03a0c2d3f756d992cba6712247e24561e8407aef299285cefc337beaf249b8b92325a6718feffb1cfad","nonce":"590c8c1ac13132d2068c994c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0f5f58f918a19f55efc146bf3ecd5c72bb0c00893c02ca56cf291904e1e1f8f6d0768f1cfed9d64d3f7f35d912","nonce":"590c8c1ac13132d2068c994f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"14177f71f6716d128baaff214e360bb9b8dc0ddb34ba7bcb8d0dcb01c548d42d3c43875ec8ff083acba591ca24","nonce":"590c8c1ac13132d2068c994e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"f8ee21f3af210dacb7aea148b444a98e643f161040db1350429c366a667bbc4b0cb6dbf047c2ba9f86a8ecf425","nonce":"590c8c1ac13132d2068c9949","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"9f5ffc686ca660de6101a9dbf412c61de6fc574954f72f7d2c652c0ab61e8597170ec713b5314e41f0601fbf49","nonce":"590c8c1ac13132d2068c9948","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"3f415ff7bc48fbdb69babce3045049ae2bc2a6983ddaf08cc9b3368362f7918bb73a4872c37fed3e3d808a9c1e","nonce":"590c8c1ac13132d2068c994b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"bd2199064b596d3ef9a77fa8a5db93f1510bf996e320da92635e435c4b59120702c344825fc012393dcbddc05e","nonce":"590c8c1ac13132d2068c994a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"789faf060328cb1d359a7a30a3ce9d303612ef9c9da56c78fee82334953d425bb1613e757b2d7ab1aafd5be927","nonce":"590c8c1ac13132d2068c9945","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ac41c4a676448ef3f39a471f588d8576bb30817055ce8ac4404b61a4fdbb71adbababd15117cec7371aac83b0e","nonce":"590c8c1ac13132d2068c9944","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e98921e4c437992d7ac035d74dfae232ef41227e2f27e4e4d801b4bd8934a5b6"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"1269029586ff64d8bde114359411f61c22211e8725a2b86ea145b8b9151c3915"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b8f393d7cea5934e16f4de8ef9a8912104b741ecd464d4c84886f7eef28cc301"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"eb5c8739d172a30b48235316e13a12fa8abd05d72cc5c330fd3ab3de3371ddc4"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"0b15c1a0dccac801a3078a8a01145c940ade7d9993111bf614ac69d073913a6f"}]},{"mode":2,"kem_id":32,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"2a7b45d6305a056fcce0d67b79dafbb432d71393d9b88e922e653beaf8f3e946","seedS":"182775b06c6f01c1982b399bd82a091f13f78d38b5d77bd89d3137435012b7da","seedE":"017d68ccefbcab067d91e07bf5d1e350259a1f66d6ee2283cf0a1bd2a35a461d","skRm":"4d2b363c2a0687c9d47891ab5b6bec2099225a8925bceab2c3b5fc72ed309f5d","skSm":"0400f73d1caea31392020ecdcfeb20ac62ae6307f01483c31d27684e222cbe50","skEm":"e33e3e7527db822323f2c775b9870703fdb7bc5f656ca5bfe8b98b153816df3c","pkRm":"c257e08a244254f8f5ee3ceed0bb3c6910e46f148be79819c98b886311084042","pkSm":"48dc53e8fdb2e3906672aafef929187cad8f2a4c5da18c97a67f9fd9c7aa7b69","pkEm":"9956046c4dc3e938a4064b0f86ec3b8f326aed97c82e0f92a42328388f51727c","enc":"9956046c4dc3e938a4064b0f86ec3b8f326aed97c82e0f92a42328388f51727c","shared_secret":"a020bc7ea7c31373cd178e88d1576865d405c8f8bc7f7a242b02306af17affee","key_schedule_context":"0273f945acda7f7a9a792b4a2ea025189ef12f6b88a87b421600137423872748fd73ecbafd48f4c15c1959360588c12918ef3b7804b01b088b9c7329c283be06d822b8255fb5743844a872c00dab0350f4b3c350db3842f9b3f8951a62ee666551a290ffb1a799100f0b56291f800042cad3fd852fcb2a723ebe437daa77ed156b","secret":"e8bce0628aad315927acfe34c304c74ee9ae48b0c751b1e65036345b85ba4c7200fe241f373d4522d256709b88f806c54c30da02c65b9498e64a9f47d182d9db","key":"12962c25138767a8a57a0bdaa1a2e7bfdf381df782c4c8c38756f69ea706a914","nonce":"9b65f79afdd17fece149388d","exporter_secret":"077cc63b553e1537d689f589867076dd7d601889e5960e40ba7ea2751374a46b7fa01cf24a042340c8386160464921c136559c176f7853da6da4c9adf7d90afc","encryptions":[{"aad":"436f756e742d30","ciphertext":"69c49d792bd7a208614a02efbd94744aaefe027fb53020008d8de9ad7645f5e5b6c9b7afd168e897aa5deacb2d","nonce":"9b65f79afdd17fece149388d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"57959be8cd78ed36953237dae72071217b049b53f0f028b5f59afeb99b034b71d463d8cad18ffb6b94b9e2f8ba","nonce":"9b65f79afdd17fece149388c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"6ccf7df54580a9d4927ea991441b9f0d01bb799de66de783ab74fa156b538184f0ffb5969c678f1cf393cba716","nonce":"9b65f79afdd17fece149388f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"2e8c246a49e206c32efe36f10b3cffb5b12e6f42d62607a874ffabe4cbd91d5a7a5c0fd535646a3085d200d935","nonce":"9b65f79afdd17fece149388e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"8220b6d725cbc86c14fec128fb1a9b06ca183b0f8f5b65dd375bf56f30b705ac56b2203c6fea7d7e3a0323492e","nonce":"9b65f79afdd17fece1493889","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"35499f5d6769dee34e370fe5334668b8dfe0cba924b447643bfef607525cc8d55f1c2b1f80f93eb5fb5dd7f093","nonce":"9b65f79afdd17fece1493888","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"b497af4782f9af1992f5b8e1720514aaa68339893e901fde50e173f6316aff5ce58185a4065603196aabfdde58","nonce":"9b65f79afdd17fece149388b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"180ab688b58578cbffa5db7c7288efbf193a5fcd65050a7bded835a52a9189cbad22a16f33c91a51c972db4eaf","nonce":"9b65f79afdd17fece149388a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"43f7c06777d41a76b00900c65502ef596a89f670852bfe555da1cf93f156a27f1a7b84721388968a5673aff2e2","nonce":"9b65f79afdd17fece1493885","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c697efac7a5c92c9aedcf7f8a951a2e82aab4dcb93c5eca879fc23ef11b9528b90307eaf5ccff6fd6dc98b0574","nonce":"9b65f79afdd17fece1493884","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"2676176972f00ac0dd9c8f81a64afa7f9677a19b978826c7778940c4570fe0fd"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"b5b3c0422bdcb07c9da4e6a18f2d19deabd48a7ff662bdf6b636e1bab916fe28"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"27fc2f21aea82ebb1e237243524586cb6031aa1ab8d1f803f127f5ca92dff8a0"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"8c7896b50d4c015b37a7b843331d1c44410849e0cc49d99833d4f10113beead0"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"4b29cd3e75e6bf4a1bed920791fad6bc5fad920bfe30f6154759f21cbffeeddc"}]},{"mode":3,"kem_id":32,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"8b024d42dd06e8d20eb7949813edbe7399dadfda6c081f97f0eb0e99cf290161","seedS":"4dc5131e785d369fec29b6b6612a1054c7536aff240bd2a99df2bda6bf75193a","seedE":"c03da7722e4622a50def5894f714e1cb9b7823704f0ef7f234713376c45b6131","skRm":"82b9abb9a4ea102ab1664768a98f3eed874eea4f764f64489690ee4ac6102bc9","skSm":"a91d0b1ace8465586869a38cd285f10c3a50e535e2ab675ef491a551e8490898","skEm":"472dc1deebdc2af356ffdea748eac44c4db8855cbef574301752b590484278b6","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"4e5ec5dda6ae02ee6f908f80c7da5bc39c01edfe7152af0da8d175eafcc8ed60","pkSm":"8ed496ebac8da6abe752bb166b4c4388f8e1b15d06379e5d496ab5b14ce3b225","pkEm":"3d47d52b21a5c8878bfc123e62aa76ce5df05b1e0cd74762ae9ccd98414a7325","enc":"3d47d52b21a5c8878bfc123e62aa76ce5df05b1e0cd74762ae9ccd98414a7325","shared_secret":"588898e474468b1e63cb7943ec41835ad8cf89d529c9a914498472065f2ecd82","key_schedule_context":"03dd48bfdb63d00c44a4845d06c258b5c5b4ccdf948bc3d346a3dde3bcf3b46db6064faa4d81649134adeab3c4027df3962ff1c6fea27fc18fbc63e9d4bf262b3c22b8255fb5743844a872c00dab0350f4b3c350db3842f9b3f8951a62ee666551a290ffb1a799100f0b56291f800042cad3fd852fcb2a723ebe437daa77ed156b","secret":"9afad4013cfdf6f4454e7fee7d49f3e7b9b9ad1ba69cd610f9f88cf38e44a61c7482505efd0970c8e561a56bfa7cbf63f720b642991cd626d3c3fe91a9416b72","key":"347612500663d0be23c6cf1473be28df3169b2e83b8783971320bc5d117e399d","nonce":"fe9c8f48b28b6b6045fdfda6","exporter_secret":"88b41d7b53c11329730fe9e80ca27bd1ffafc59c79ff3d10a477cb2be3b5953a6176412f7f9099d50098169fd7ac9ba183a0d533d5857e2fd9c88d891b6ec42a","encryptions":[{"aad":"436f756e742d30","ciphertext":"c485075b232e7e872df61a07561d5931262e0fe00cea7393bb7a75280f703a1e02b8123a4faadb3fe919798ff3","nonce":"fe9c8f48b28b6b6045fdfda6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"c4be24a9ecdbb9a5fa56b519c74f8b5572d367dd4015ab127073c0afadce2db2ea47f9150f52e39fdb2007a722","nonce":"fe9c8f48b28b6b6045fdfda7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"863005c2127cea10ae1c821d04f96cf1e723ab5b37c9f03631d9a45cb6afbe88849706d9b63a93fae1d45eee76","nonce":"fe9c8f48b28b6b6045fdfda4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1ede5bfc3ecaac5ce4e64166ec288dcf45172679f32f581d9fb6ecb312ae2598ff42d1e6f908196f621eaf02c7","nonce":"fe9c8f48b28b6b6045fdfda5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2dd3bfbaec2f89735b051eb9be71884daa531fb5ab7a130eabe54b73eba56f05c68f1d626ed529e8c8f07d5ceb","nonce":"fe9c8f48b28b6b6045fdfda2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"c7b9530761d08c3efc9a3948bca1f638cec20e03dfc0813eb09b9885f83481aee39294dfe5eb58cc8e4bee3f72","nonce":"fe9c8f48b28b6b6045fdfda3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"20422f75ab22af1e845643beb764c1d5e69d534cd933d284a31f893f7a08eb8f6eee96746290520596aeff5f0f","nonce":"fe9c8f48b28b6b6045fdfda0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"7a9fc21915f99f90b16351f6ed394241421a3c439f1c66e41a21eea5709146a33c12b9ed58b34369dfcc5767ee","nonce":"fe9c8f48b28b6b6045fdfda1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"ddd70f33980774ff79113fa443634bdcbb70751d10d14c884a8fc9dfed97db86eb4262dfef14097dfde261fda9","nonce":"fe9c8f48b28b6b6045fdfdae","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"1700189f793f3db0ee7951a5320efee797b38c1d08efa4dcad35969f34156a5b29e219270c784abdbad825bd1c","nonce":"fe9c8f48b28b6b6045fdfdaf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5d741b5b622b3466e89505ceb55e17b66d49866de3e7417d5e6dab1b9c76fb59"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"238d2201bd7466e80d9b6cb2717ec54514c71561da26a87d27deba5779a8ca81"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"2ff78266464d700f81c3eb8be5bc70abfefddbd6d365f82358d2e4e9854dba54"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"71a3a5250fb38dd3a2c6d136740945336827eb0b1b2945025285da6817e04a40"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e2809534e90e79b5ca8874bd57ef01b2c27d13cc6572414015812174be909560"}]},{"mode":0,"kem_id":32,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"bd17a99be261cea263f97d5ed248596078f0f2c5b31f78745c595707592f238f","seedE":"c465e324a0355b2e4b3a5f2abdfaca60817f087bf7ed8205708b4f88a9e3355c","skRm":"80a54bfb48d9a6680a355127ad3e9ea3b8725b47f7f5f2022b79a43feb231f84","skEm":"06a1b9d7915cd1fe501de50d1d2ec1712662f4179b18a672f1622ae807ff2543","pkRm":"cbba177f103979838f8d46577662c399dabe9732cc79f9081e9d481dc533807c","pkEm":"7c1f8d203bcea456ea16ba3e72f1f1d8018cca78751c5b49742df6ae1462640d","enc":"7c1f8d203bcea456ea16ba3e72f1f1d8018cca78751c5b49742df6ae1462640d","shared_secret":"b8d4cde6e1d7fe1f25e09462eafa2dcaf252f4f7c5e0a1f1b0e5dfc3c96b50e0","key_schedule_context":"0087c58ee510f46e12e7e873ae6d81d7ebfdda8bbba76771357f98760168bdfd345464e9f7a12aebfacbc09b2acf5a3496e805c0642bd323b8547bae228b71ddc9314503cc3d6722f18adbe020a4f637c49464a70ef95aa699f2b9c279b02f101f48c3ecc1b64d47ef8aebfde7c6e208bb7a155a65e3c0781df6cf0c19479deb1e","secret":"32a4bd541c869d8cc8b7cdd97e9c09931a76a495026bfc0fd344223e071b323245c60489e5452b08bae1b5dada06ff5e7d3e0e35d32aa5f992259caa8f38fe6c","key":"2053a36e42b28ffe2c12abbf8fead182647cfa0f975054efea3d3d5f16699d47","nonce":"d6af23bee6e537d5b2ebe361","exporter_secret":"65e9541a809e8d17bfe8ca3158111a6912e39b6965b118663cd542e5f2a84c226618196967da0209c3622785f9c22b645a984475d04e57b6ba03766abff2dab2","encryptions":[{"aad":"436f756e742d30","ciphertext":"9e59f241a345e708d96e786986c789b6da9a134cd4e38dde9a8acce177b97052ae6fcc3bf378e3535f9739c678","nonce":"d6af23bee6e537d5b2ebe361","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"2f9b8e92eae0a795fcb9bf1c180e02625f15f76fa95894e5cd21f3b275f330eca957998f0385c30c34e99fb377","nonce":"d6af23bee6e537d5b2ebe360","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"791394c37b2c7910186f885ceb4badba54a3f44054a13475e31e343f476fc214dced7b7dcf349ca3fd2bc49729","nonce":"d6af23bee6e537d5b2ebe363","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"14ea622ea1fab744a5a5c3b875727151741854fb0d948d14d685a8df603cd090bb3264f9a474b6c19647771211","nonce":"d6af23bee6e537d5b2ebe362","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"59b3299e76fcb0c9ed1180c995f34b3a0161fcf9cb055b53e8d548f0bcc001dc79f30619c892e738aeef6c778d","nonce":"d6af23bee6e537d5b2ebe365","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"550f977d3f9ca10a1cc30a73b2e858cdf7a13798d85a1c4c904c908f4612acc6d2cbbaf073a127e41b9816dcc7","nonce":"d6af23bee6e537d5b2ebe364","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"7cb1d8890ad19aa43f84ad86e1d09cc2d14a102e838c19dd55977a1f3d07791ca5f7797671eb66db5099f53917","nonce":"d6af23bee6e537d5b2ebe367","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"d5d9d138cd42161eab8800e71a2e06bb895c1ef7538bb0337b638438e51d824a5e8bd1515607c0b985058ec19b","nonce":"d6af23bee6e537d5b2ebe366","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5f1b9078dabaf0c16821256a0591f1287c42cc22d002d38fbaeb64d77a0943c2f092615185e716eb28681a3a0d","nonce":"d6af23bee6e537d5b2ebe369","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"575e3da798641f1e965d6e18384cac54d9190e5c663959de71b071b1e244763bafa959ed512a0e266c6b1afcc1","nonce":"d6af23bee6e537d5b2ebe368","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5f0a458aca1ea6118fa1d0883a99b5bb626aa71b55de2e73436f53e93b8073a7"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"c5aff969431e6d731c9b26fb8e4377b4e859430345af77d4374dd71461e772da"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0c40105c9bc2e407d9d4a64dfb1392e46d393e78747701c5daaaa530878e001c"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"d440fbf13b9e3956c7d6772166e07305a8f5a396e2bd361b5b9fbae9b0b04909"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"1474f8e9dac70e76041b4bb365f1fc4e1e2509f43c188b5d15b8d89113c197f7"}]},{"mode":1,"kem_id":32,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"c30e9658c3d803a6422b892ce6df64978144cf7d6a992da307a326bde6694c34","seedE":"e1e85070d88e22ddb3e6058a803c5e18f3db025589d30610a196fd1a67e527f7","skRm":"c9221f98c17117ab4216e062481934ad21a12c8ba833a0611ca1910fac031563","skEm":"9e38eaa97787575e564949bd84845965e910ae90a17bf841f68a4c791385afd3","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"4ca2dcf3f5fa2b8b782536f695b3279f03569857a88e90075d5e4a67e4c4a44d","pkEm":"886c15a9d1c3609a3f3f6be3b5d1b60817f6a557e2b7344456dbc8ae49f5e93c","enc":"886c15a9d1c3609a3f3f6be3b5d1b60817f6a557e2b7344456dbc8ae49f5e93c","shared_secret":"222e3ad153c4fbc5d5044711ad16e5929aab1f072cfce7ecfac23b31b90167b1","key_schedule_context":"0143c397935cce815be04393774bc6bb839a62e7ccfe08c622716b273836d78abbac643b1a9ed26e5dd5ca7c1474c98fbfc32c0cf2c784561ce67d4bbed5cd2c98314503cc3d6722f18adbe020a4f637c49464a70ef95aa699f2b9c279b02f101f48c3ecc1b64d47ef8aebfde7c6e208bb7a155a65e3c0781df6cf0c19479deb1e","secret":"0ebc65a14a17dc5e3397c3207b4b6943174e36718e1a63bb7c391c989ceb5c781fbc24641c209bdef2550be5d6c26bd5c8cce772ad65947d62549695b194bece","key":"e9d8a65ebf6384c2e98619a700a3ed4c80b1f4a5d0fe36ac32d19afac15a749e","nonce":"b11eb847d5050f3299c83832","exporter_secret":"c949d252eddb9d52ca395e8f4f6cb1d10a00c36cae2477de74bf46285edfc3144176d3258234e26f3ee1a93fb389b9ccd7036be33ad32acf0259d327e73e18a0","encryptions":[{"aad":"436f756e742d30","ciphertext":"2f3eba789b7706b85fd2fcadf189f640a726160a7a0ef22b6483aaf69210c02d4c22113740235783dbd70ca1b7","nonce":"b11eb847d5050f3299c83832","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ea76c297d6440fcc6e753980678adf65389171c591cd2ce0cc6de56c4560e6642ca5df5d910b3006b653372657","nonce":"b11eb847d5050f3299c83833","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7bed7b81628f1892518ced3b292cdf8e17dd0fa270600177a5c122204bfc381bc01f9bd5de77c4a568055ad19c","nonce":"b11eb847d5050f3299c83830","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"38ad518591bbb6bbbe114e08e76a90b0040ef5571dbeb9a4ca778b72eba6e729c75efaf476e1dc69d2a95ba304","nonce":"b11eb847d5050f3299c83831","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"a38f5cf41d1ad3802ec4043067e4ff1aff3c557d1961cb76f6fbecea500f45ce780c27cc2894057093298d782e","nonce":"b11eb847d5050f3299c83836","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"0844adf506c653ff4cb9eaa595b4a6382055d53bfe4490a323d3ed0369b33a206f6fbed3a2c2409a646edcce70","nonce":"b11eb847d5050f3299c83837","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"747700aa0de178a38e2ac8ee358e0d79d2b6026a8e86e215312d359933da08bcbb443e9e2280932e2e37ca0c7d","nonce":"b11eb847d5050f3299c83834","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"31b7a490d05bd9e31b6ddc82b2eef9d6500675273e5c215c2f3fd4a28f04b73c752a7b7f89c2220cc5d26d3ef4","nonce":"b11eb847d5050f3299c83835","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"b57d6cb945a21064c1dd0a293ae28d315e7160764e20d48f50ba9be6d3d530cd064a851f7f9fd16f61fd8afef0","nonce":"b11eb847d5050f3299c8383a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"1bb75c2eb81165d8c95d893c9dc1425d2de1628696c488d6ff0213674a6bdba09a3ad6ef506ca339d64f02e46e","nonce":"b11eb847d5050f3299c8383b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"bf8d87036ace4835ee917a504016601ce7b5add0b8d72aa64ea493ea241786f4"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9583f302506aabded442f4a3c4cb976682fed99c4bcbdf5ad41c2f00d3fbc27a"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"fa169c1e9ca8582381a72b5067da174995500198484520d60d22bf9bb4c34ead"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"56fbba55aef923240daf63ebd30508e891cdffbe0bfe03306727320d6dfa29e6"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"eb30f91427038c6e3716310c0ffc431ca9ea2b10c2f264f7aee82f86f817b8e2"}]},{"mode":2,"kem_id":32,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"363f0085e3c914edd27a323f84789c2e206c6234811d7c7f5b5c12c0d3e67b59","seedS":"5ca8955411a106bb9ea8329bcf0b31a374bf9f01ebe394f53733c843f8917673","seedE":"764d97c13832b46cf04eb7ceb50c926c83ae5536f035f29901cefb97c21018c1","skRm":"d141e5a404d693aec79c189a41687f3a31c5ca98d22b0a0d816ef7f1841ffc95","skSm":"b6b32f5d1d926e84f0a7b0f681a3003cfc6a35ac9ce2756c723912850f9fd0c3","skEm":"e7909be5308616242af7b86d8c1de4821181c6daa8dafac2b15d3be550fa284d","pkRm":"b8856097782470ab2c82d747250fac3d8fad9c50f932c271ec8474171f842425","pkSm":"3f695084ae37582436720b354913adcf670a84a0fcf5402a3e04d0b6966ae90e","pkEm":"3be0463d6f9cdf743b0913115d8546788b23125b1108473e4cc064e9c0b7315a","enc":"3be0463d6f9cdf743b0913115d8546788b23125b1108473e4cc064e9c0b7315a","shared_secret":"ce822a6c6990bb223d231a465a816fb33df4308b9e510f2b015ee2dbbfe21c40","key_schedule_context":"0287c58ee510f46e12e7e873ae6d81d7ebfdda8bbba76771357f98760168bdfd345464e9f7a12aebfacbc09b2acf5a3496e805c0642bd323b8547bae228b71ddc9314503cc3d6722f18adbe020a4f637c49464a70ef95aa699f2b9c279b02f101f48c3ecc1b64d47ef8aebfde7c6e208bb7a155a65e3c0781df6cf0c19479deb1e","secret":"b050a99f3ff262e6b2b0f44ae4f8aad77e4e7448b01bba7259b30aa5b98cafc5b7aa04fa5dbe1bfb60be9321d081f7a072e1f7c00277ff8468c1a9c34db6bc21","key":"cc3567050a01273280d84800736fe9b6d4dea9a3fdcf79bb304aee9d73b0f68e","nonce":"17d7c834b3345e54be529050","exporter_secret":"e11fa30ecc7d77f0afbcafa34c724ab1e1401d84fb973f21d75878f0e0af171a2ce1ebcc777c0173d57a9983c6da96e89509f25d4d953c1ae24d26140fc41029","encryptions":[{"aad":"436f756e742d30","ciphertext":"b3a1fac48dc6545072af738f976361d3cb95098bc670c0fbb3d0d99173b4682b2b40336b71420cd48c6bf7917a","nonce":"17d7c834b3345e54be529050","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"75e134e0ab362827c90b13e04fad8a02075aea3d965890fc3dd7be1dde8406f16c7b4a751c887e5bb48062b2cc","nonce":"17d7c834b3345e54be529051","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"fdd8479be3b40ecc28499796e89e6a744295709069c59fca2e6c32c92b4a954ae9e597cbd244c51827c8af852f","nonce":"17d7c834b3345e54be529052","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"bd3612cb0b5880344d6d0520e3ab0d840716d1c1935ddb49b8dcf560b27642b2768d9ec6dacabe71e0ab4b56c0","nonce":"17d7c834b3345e54be529053","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c5d4fd561b3ec01b2ed97e3677e5fd3b6a80378974245d0364ead9160ef8990d4df68141cc08c08875ac16cfa8","nonce":"17d7c834b3345e54be529054","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b0a6df60a2032daa7146f6bc44328f8e71401b790019d6859a00748ff9776f131e1cd653ed600ef8df6b4dda07","nonce":"17d7c834b3345e54be529055","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"edea5a2976a6919ca3f303fc32b6148daf57a5ebc1715cc7979975bf34dd189965fe07a23416a99f54877ff604","nonce":"17d7c834b3345e54be529056","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"1f349017fbfbf3f5e62b91a884177eec09102ea320783dd30d6c9b96a5c8ae296a3052a4f0e41e3fd8562edc04","nonce":"17d7c834b3345e54be529057","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a5f1ccfa3e64a7ea4bd6bf3955fc5fb8e6ce187474e90c762732b9440faf49fa40695c5545c9a6ef17b675ed54","nonce":"17d7c834b3345e54be529058","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"4ece108c75a3ccdc2e430a969fd89a3e3339b7168560d8ccb932d373c63d0c55b37b139a67f2744f4d67342b86","nonce":"17d7c834b3345e54be529059","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"42181bb90eb2e1a419f10b0a63e752c5301a9c1bb2eddf85d153d10d40c1b8a7"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"1d3e745c429d3efb9fc7cd4ed1807551ecad38b99db0a08e683710745499e798"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b715a7cd3adac15a1f85a96201eeeecb78e057ff89e448fe527068f462c93846"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b1d367dde1dd771fac5433e8522cf6fbd290ff589b491430c24b89e2c75092f9"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"eeefc65db8df1b1bb3d4513a918b1485696f1e928a7155ac47138a4a333a893a"}]},{"mode":3,"kem_id":32,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"233a58d91e52244505bec4000ad9d835d05e88517776d28fb90c32efce830f7a","seedS":"ce18d4b2548facf57aaed72142db5eb562396c07e445d5c8bc9efcb5488efcc4","seedE":"22826ded7a08458cfbe1ec517cefd9ab8631344ec9364a86bf3635fcbf16b6d4","skRm":"7d6405d7177b2dac780da972e747e2f5e6bf8a0ecd8a39c135513ae4db24ea7d","skSm":"64cd714c1fdbcc80708e8a5d590311e5758353b2787102638623d68e0e636d14","skEm":"cf40b44720860cedcbed79de0fbcaedefa6706fbc9963748111482c78b1b0b66","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"08347bae5c99bb13fca893f6cbc70638dd7a2ff9058a9750ace959f125484926","pkSm":"44f97e6b0f9f3f7dc2c731f1a1f42d96c6e4a8a3ef2d730c041801c8780b1448","pkEm":"5d8fe3bd678deb9ba21b3ed36fca7cb51382504f33b1c60a0d71be0643843151","enc":"5d8fe3bd678deb9ba21b3ed36fca7cb51382504f33b1c60a0d71be0643843151","shared_secret":"b2d3fe7eb181503689a32e08240b492442a1d3340e9fa8820c8e9af056e34b7e","key_schedule_context":"0343c397935cce815be04393774bc6bb839a62e7ccfe08c622716b273836d78abbac643b1a9ed26e5dd5ca7c1474c98fbfc32c0cf2c784561ce67d4bbed5cd2c98314503cc3d6722f18adbe020a4f637c49464a70ef95aa699f2b9c279b02f101f48c3ecc1b64d47ef8aebfde7c6e208bb7a155a65e3c0781df6cf0c19479deb1e","secret":"f20f4f3ccab5c16814ad12a1ce0463e11075b2560ac25e7984a45c4f7784bf3192e7fdc423210ad3652957fcd1e5fe6c8a653605a4a2fb4eaa1de67b3e8e70a0","key":"1b15b275b603558db955eb490cd8717514e287647e07a28e82b7a20c5f2870c6","nonce":"d81f1a89588dc2c61da33085","exporter_secret":"126e127812f6e44fa04690dc8af2701ec8d348d647e7fedfc8d1fedb9b394e6efe0c4f3af883e625c744abc8929c165f17db60bb8558e7cb78f1c29c695dc942","encryptions":[{"aad":"436f756e742d30","ciphertext":"639f1871790993148f8c975000124fd323ed1353fa653875a5779adc7f3342a96ff835f70c41a6d9b36b29cb1a","nonce":"d81f1a89588dc2c61da33085","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"2d47c64b2fdecd7a58f50729d9c1310bb322ac321d68dede9a84dfec8897f71b1122aecc830eb6a43805552aee","nonce":"d81f1a89588dc2c61da33084","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"d6cf3482557de23c52dc62a6f2e7425e6606484ffac099dfb47f9119d096ce6112b6de8981d7e884093ff3e80a","nonce":"d81f1a89588dc2c61da33087","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"295f254ccc64f04889a3b7c7102cd398bf3d2f7d364764aed1ddce25bb5f36e3217a5d50444696cfbb5e64b8cb","nonce":"d81f1a89588dc2c61da33086","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"cce3b64b62d742c9bc50c43111afe39472a4c4b030a4f66b5ac696d392c7816845e143ea7d076229c4b112ecb7","nonce":"d81f1a89588dc2c61da33081","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"a0ad35f0f057038d628fa577b8b71d577eb747a510eff008c13c80f76c4f31e038b7303134d89fd3a336e15ccd","nonce":"d81f1a89588dc2c61da33080","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"a803a8e795ba403b00825f2614fd482ff4ff1e875c4a514fcd2c04aa981a19976595846b66fcc295400276de9b","nonce":"d81f1a89588dc2c61da33083","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"90ea0b5252d5c765ee0a1215c7478a548cbf86788a204bf0722c304f68f3a6688316e588a10675903a9f3f8253","nonce":"d81f1a89588dc2c61da33082","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"213bcde6d5c846e1781c50efc9ec5f4ca86cc3c1888da0db59bd1aa9c3b834741a2aaf85ad1af63e3dc596f8d4","nonce":"d81f1a89588dc2c61da3308d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a0f16420ca607806dc1d058805297911a6cc9b7a4ad0b26690bdfde986784bce41c5d24b09c72f3390605d2d3d","nonce":"d81f1a89588dc2c61da3308c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"955fa57827a8f9306db8617a7d3d436ed9a02668ceb7293fc69c01008858f4f7"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"3f5cdb9ad427a300e4083dc10e72ab1681b833865d6488748733a00a10361b19"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"c307218e9d9ae3d6ecea9c7a1de30464d22e054e0302b47d461820c0ec94ca57"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"536c514d7bf8d9b38b8048468b2ccee56d12eaed756b4e6e6da91be09cbbbdf0"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"76025659e4a7a00e6b7c3c85b92d722c6b034b90cdfb95b72e75eea80937ed90"}]},{"mode":3,"kem_id":33,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"11ea3791ccf3c31d8ca4a02f3b17ff10ce4e9ea58725ae8fb161e87df4ca32b537ec94862245ede88eab4a163130542b520a92785b9af864","seedS":"8eadb637621667d3e414c6205adb9e9a82222b2d05a3bdae240f3c3677cec67349ab424fb2b97c7da16d3f4d9ccd2fbff1f6bdf61b230088","seedE":"199880d66afbfc12f3e53c187e7823361aae6b0062e96d038b3e35ffb8557c6fa14a916dbc3764a5ff0ca74f1c866b16d437dae323693942","skRm":"35b8703880baa256b1514b1dbe9e35fa5736dea679d36fd30b2f648a60f659f3dea3d0442610fee0d7bfb471da12b39ac1193b8a40c8d9e8","skSm":"eea8dfc2fd049a16f72c925d79295706653e87c45a51709f95592ee38535bac92c78c3d2eba119e29a60aa8ab48c72c5b4e64fa6139781e9","skEm":"ceffb64f0cf79a10ed0efd136fd1907ddf04d190fe6bd545a576a9bbe156c61c1a62ccb42a1da214e81e7b4c6a4526d1a760af1470cac70e","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"d547ae02df61beeec89acbebe8ddf18b3d0f5ea4bef46febbd6c1da54a6752730e108323f42680ef66de42567244bcc3b76ba4536380ea45","pkSm":"ba37766ccead9080896568e64f31b29d1a9537884c900c9ab9ea5e0717bd991821051884f35ab27fe07ccd764ca5906cb2c1e5db68515676","pkEm":"1a8221557a9f356c3b58666d694fe4c63222d273d727a62e7c96161ebc2c32fefd057ae9625b87ae894dadf733827897b1060cb6564ba7f9","enc":"1a8221557a9f356c3b58666d694fe4c63222d273d727a62e7c96161ebc2c32fefd057ae9625b87ae894dadf733827897b1060cb6564ba7f9","shared_secret":"68763a46f6566802d4e5211dfd0cda20574cdedf198789cfedbedd93673952e84b91240ca1df8af2e150d917a607b1272000b5b33f066267abb5fe2c87be84c2","key_schedule_context":"0378a529697c7004818b8af5a225548b44be8d0766690b5a2ca50a9cba77481c23ec45fc1e118e7e28e97cde7959a48beef4959c6176131f818392aaad29caf78e","secret":"a16f2cfcae1ee298ed69f285390ce99ac5db538d54e943975d5b9a39ab44e7f3","key":"87146c90840cc3e18b72613d2ebfe8ac","nonce":"310ce50aa641bbde455b8e76","exporter_secret":"252aa958259709dabcd9f165b987c7da356f6e006e77f23e9a7e11c1305b0d18","encryptions":[{"aad":"436f756e742d30","ciphertext":"3d275b7735f8cd485f543c291ea80701f3a3a88e9c89a63c69e512738ab3e5b507e8306f96efc9b7fb53cfc1ee","nonce":"310ce50aa641bbde455b8e76","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"be3ea270a97e5a5f0f80649a7a5e835b2c5fb505f13647e449bbd6b132837d11bfc3e0212038318c23a7b7ec95","nonce":"310ce50aa641bbde455b8e77","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"94151334b02244fe0fc86856339d40f43a7ea77f4a9ea3ff8e71df97c756f31dfd884d5ee90708ec8f906229a0","nonce":"310ce50aa641bbde455b8e74","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"05a3d260e4f835a1a34cea954843c2b0b7e72693d6e076a402bceefeeb696979ee961d461b9b5d913c6230a709","nonce":"310ce50aa641bbde455b8e75","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"4c66a3a3c8f4826b911290f703bb80ea619bccbda4fd23ef8393b4649d2a8a2f039bcb2e1c4b939d4b1931aff6","nonce":"310ce50aa641bbde455b8e72","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"50279c22488cab35baeea5d859dec0d86d39f426a545583077f9961faf0de7c6b60409e56088c43427a683ed2b","nonce":"310ce50aa641bbde455b8e73","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"2840fa9d3435084701797c8c6bd8fb0543e1d0b9a242ab38b4283ebfc99bbe8861ec39f56ac9e1226871e732b6","nonce":"310ce50aa641bbde455b8e70","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"84a8db32e486663fa9cfdc55fc4e3f0825062c8b04c10ae5877ff1f97130586385d691775630beae3c0a65f4fb","nonce":"310ce50aa641bbde455b8e71","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"602a233ce5aae8face241c18279a1716abd97ea0ab59c4824fcd72b277459e0d0239b3ac7b54be2c6a0e8bbd49","nonce":"310ce50aa641bbde455b8e7e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0d6dabb93cea5f584c34aee6cb20a8b796004c23270f67db78493995b52dadf95e1074527a7c04a7f8a62fa1fb","nonce":"310ce50aa641bbde455b8e7f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"d1f616aea0d1836d387aa5bf4d062dae6fc9092eae034c6db70914b3f16acf03"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"148c2be20001da340a4b71840fff6bd5be36d8d54d250c176d4c3245a70ccfac"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"5762892367434465262351db6a342e95bc6d62821ac9a7ffd28b8359bb75adc1"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e56358ec3a531328a19a4976360c3b20a59de2a8ecae73dd63977d25abc82735"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ab40d827b55a42c28ce9308befeb526feb72ba73a6adfccdcb8798b5a1c239ff"}]},{"mode":0,"kem_id":33,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"edd38a46ec129da70b75ce398e57365d1ab3600cd8984da1d96df68d75b3c7cbd871a8ff0be7dbf0b3fa44f66689d63f237cfab36bc70070","seedE":"c7eeb0549f577095706400cef8bb0689580de6152b89bef46818769a18d4f5480cad49531d9329668b2f64161f62036a56e9db128f756fc5","skRm":"ee9d0a8f539ee58e5c813c4f4c4a36a89d70492a4e888b878522f902f86cfcd77eca4f21ad4c9728e1cef9697c94905a950ffc7757d3dbdc","skEm":"5eb24f3f4f474f4ac8f0027048b8ea230372c52d89e04f31d6cab3e1e5b46a22c61d6424b19408bf35f03888b734c8d3baa75342a1f9e14b","pkRm":"335cb28eb12a5677f3e3f4678df86d674141e258bf1709a2140a1873c6e8543b68c26f577a457bb26702cb47d79d07dd971de493f75d6965","pkEm":"4bb52b1773b7d3b6bcebf5b429e40e83b8b52b987829c24b417e5c6d5097ff6c55de1bb3501c1f50466b2ef17cc76b168066303506be93e4","enc":"4bb52b1773b7d3b6bcebf5b429e40e83b8b52b987829c24b417e5c6d5097ff6c55de1bb3501c1f50466b2ef17cc76b168066303506be93e4","shared_secret":"d2c00054bf68a3d564dac55dbab0a6f74c3061b8f9b8950b7d6bf80827e203b78dbf00951b577addddb0d3d78af29ae88f9c0cdaf9ba5523d1b0e2f3b59190df","key_schedule_context":"007637e763b51bb8f614a2ab36af7b189cbe66dacd3714f6721c6e066e7b3515acec45fc1e118e7e28e97cde7959a48beef4959c6176131f818392aaad29caf78e","secret":"ee471671bac354cb8c7ce0eb08985143ab37d69bd7d55a973e385fb07881c296","key":"8e400b071a712f8422ad65ceb76f9506","nonce":"27fea2c4dfea3f19f2dc6c37","exporter_secret":"56e731d650293604be9173e9d78a683b703859c2443480b5b2401f802886e079","encryptions":[{"aad":"436f756e742d30","ciphertext":"66eac177fa8f12d727205e67903b49155c1e3924cb83a23ec4dbd4df7896a7794931d4023dc02fb34d02cb1801","nonce":"27fea2c4dfea3f19f2dc6c37","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ce3ee44de9951aa2bbc3c31ef4412d74f7e263e0f70dc9cf56f7f6bddaa30aa660bd79a17372e6d18009c303d0","nonce":"27fea2c4dfea3f19f2dc6c36","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"ec6a5731db1cb2fea00cb7715545f9658ee95fdd122fe83dec34a34987dc34c44b28400e19d36152d0e67e08d5","nonce":"27fea2c4dfea3f19f2dc6c35","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"fbfc9583d7511e109bbe5b09b2e0bffca8a99b424cfb5b346654a485b6e372e617d781b3dc050c1b0b10ae8b3d","nonce":"27fea2c4dfea3f19f2dc6c34","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d8814497888486f325c45b734caf262abfa52dc6ce0f4af60ece22e7d5f767a459e6fbda7386ddb9f6aa2462dd","nonce":"27fea2c4dfea3f19f2dc6c33","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"0f0bc72403d629e51e8e99d4f3ba83475f0218c9d1f26221aabac5883655f1477139baf808cdfaa52e06526b14","nonce":"27fea2c4dfea3f19f2dc6c32","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"cd707965ecdb2f6e3f0bae668bd475642882f2b1232dad6ad6aefd9aaea21e0f01966f726c8c14eb75407c9d42","nonce":"27fea2c4dfea3f19f2dc6c31","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"d5f85e23cf15fb39f4c12f666655e22bcb07644d190d5466c7704c34a31e6796a42190caceaf2f5bdc7c4e3020","nonce":"27fea2c4dfea3f19f2dc6c30","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"6df05d157cae48d7e4e3ebc309d47e9c936452c6bbb558506dbfca4e1155af39001f04594e327e48b14cd00b61","nonce":"27fea2c4dfea3f19f2dc6c3f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c267b3ffb34a30789b1351bc9ae79d6bdba44c18dfa1e1edccf53882c78011270d44ad9d9c76ecf69a02470c96","nonce":"27fea2c4dfea3f19f2dc6c3e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"9c160bdcfa734da33a9d11bfa1ff1556acaa3c59d12707b563909dadeb739657"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"3f1cd49a2cb62a712b6631bf0871e4a9dd201ea60115751838616336c9acfbc3"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"bfb779e1f648f3c6c0a0bf913e70ace00ec17e93022b9f312e031989296ce63f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e1acf2868c209c568193e020afa9c4ed7525695cdf1daaf53d5c02b599e1005f"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d4ee15708e6e5770d522d626780c89e9964d8c2a2a9d76a2851e02dc50579e9b"}]},{"mode":1,"kem_id":33,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"187c91efdf36a6881e056705e2fda3bbff11309834c93be10ed9b9cadffe55e883fa2685e1b9d180308f49d2d273a24a651b9a07434c2d6c","seedE":"38c5b1535dc834d8c99bb90cfc62b8687af4de7105b1f41dd44a0a66d90545f4edd577ee6312d3af08c23cd040772aa2ced12b5df36002c9","skRm":"210cf894a93c2de421e3536a20d5fad929d41d496d0c9151633809e036b5d02a67898b85cda8a8370530fbfa983b6470352186277c48cddd","skEm":"c3724fa946940c0b8e486be840140c10c7da3a8aca782867ea301bce43e2e23ee9fe7c4b71f40feb3c9d27aabf8781787ded1cf01390efd8","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"4af54303289af16d303d8790054793f50b65a18d8d062da29c1cfae100afbd975e06573a35a9c1a2a5a152e84d13084c2c5836c12cc2ed6a","pkEm":"191b7f447d5043df3981b3a4b257864561723972aad8a89403be2ca6fbd7e9108f6d9a6eeba1ad3bc943df84be110fd1456ccedec3b665f9","enc":"191b7f447d5043df3981b3a4b257864561723972aad8a89403be2ca6fbd7e9108f6d9a6eeba1ad3bc943df84be110fd1456ccedec3b665f9","shared_secret":"0f609813e0f5c6b4b39df0dff711e9f897241f7a624952dda9205ba2dcdaa30018c259ed8e64369d24708ca8a220eb2ec7b453c3a0c8d899efaf69e58ca8c781","key_schedule_context":"0178a529697c7004818b8af5a225548b44be8d0766690b5a2ca50a9cba77481c23ec45fc1e118e7e28e97cde7959a48beef4959c6176131f818392aaad29caf78e","secret":"aa693e8819e909475870dd6aafacd3bb7620a1c59932317d746f3704ae02695a","key":"7c50dcabd485d519a88d94f02cfd0d86","nonce":"864426e0ef9dcc418e3ef9b8","exporter_secret":"5a9c352865fe7fe15a190a0ae3f35719c019585868fca86708878073e8326fc8","encryptions":[{"aad":"436f756e742d30","ciphertext":"63fa252f8bbd9f1dd1566d018de7b3718b822b2ddd90a451220f6f845620b0ba6b63a90c1c2f3c82ffa5853acc","nonce":"864426e0ef9dcc418e3ef9b8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e990656d4d876a3496a6a5514f9177a712bdd8a3aa12923a09ff4c228548c8a8b46bec3bcbb4e6571f3a8a7331","nonce":"864426e0ef9dcc418e3ef9b9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"2c6f35ee1c6ec4703ad29b9ee01bdf177fbcacd49cd5f04bc17b1b251397637021dd5a79c105ddd79d89d3e341","nonce":"864426e0ef9dcc418e3ef9ba","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"030eb9875a0edee2b8447af20369ea721040a89559214a46002ab43a563c970bc73064fce73334fbc71cfd7636","nonce":"864426e0ef9dcc418e3ef9bb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d94b837b9860700a90fea288894c6a9a5511804e63c1bd4fe0cf5e20efaaa9129be4da204a8086184372a1aa03","nonce":"864426e0ef9dcc418e3ef9bc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"90420a577ee23b66cd374f936ea5fea85a647aa57c96b67322e36f2c4278e36f9c7e7621d4b56cddd87cff5e29","nonce":"864426e0ef9dcc418e3ef9bd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"32ff9b476a56d18b1ccd70caafdd06bfbab782a19a874d1d4ee2a016c4369ebdb485f80425406febc77bc70352","nonce":"864426e0ef9dcc418e3ef9be","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"8726a6384f5c10e897a68e9ebe69535a707e26628e1fa945f14b912c09912ebfd1faf60f4f0532c674fa499664","nonce":"864426e0ef9dcc418e3ef9bf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5bed8cabcfa513bed8f35b43f3ecac3f0e667b59c0284791b2078eb0a6b57ad612a950da0e3a5dbac4ad85c5e0","nonce":"864426e0ef9dcc418e3ef9b0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ce504a031cdb8d0a7970b4d4cb2e9f314ddb5d93779a08b4f65b2108e90d2d2da5bf1f61fd42556b938bda09a2","nonce":"864426e0ef9dcc418e3ef9b1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f8e2b59efab661703ac7f65335c4fe1a2d6844e0ee77a196ab9d57015cbd6202"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"8395130e27a11d1b3ec80a72f8788c765c6a4968a786e1208e366caee58efb09"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"f97c3ce62fc4f68835a843e9ded3add36d58ecabf0923f544f98a41d2d851247"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e6a936202ec20beefc991f170c1a5389bfd93c0d8bfd8049356f0e2ccfad6498"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"017a0f3d6641c13257ecfafa3554029f8426254b5a29a4e37cbd6d86554fa8f9"}]},{"mode":2,"kem_id":33,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"f8a2a7ecb21eb886b8ec56ab4aa02514ed1ded3c19abbc6d58bc8f7b596239aed469bc34cac73fc8bfe135a0508dc43c3747e7feb245caa6","seedS":"746b24de561783b87bba3616ea7c631675038cc0c5bc2ca8fc50cb793e580594bc7757b9f554a20be294df87778508d82955efc9a954551b","seedE":"dd35cfb173339595853ad88013c1a4fb8c55d985cd3d226ae1d3fac16ed19e8b73dfdf8c6f434e88daafa37373f22b13553beec50f34f81a","skRm":"4c14a13eacf01df0db63dc7822e3ea90eca77ae8851d54fd0f4f148787a5168893bc06aa8be1908cb9e5e545820f9bcb3c467d6b0e65defc","skSm":"243770a3f8ae7624ad981a24a8e047cb0a7c7eb014fba1657a86c92b6c9cb3b960e5cf329a97af728525d8e151cf3a89feafc7dab4a8048c","skEm":"b2a1c90ca079b0eeedbf84434defaa6d6a6e3810bff1e939497e2410fefeb7a5c5b046389652077e36dc006d8479d1f43c5e7c79d304df09","pkRm":"d6fb3e761720de6797f7838550775b814df440c76cdad8e1e3071ce92925a5d898f075161ccfb8495b0297471635fb1c8f77ffc59abd2dde","pkSm":"0f24fc27e5eddb3e68338bf7712d4d42788e5ef32ad1748fd684b084c8bf2af8e82ba23a6a189554e53bc9ac22835b1ae9d3ae49dad1a0eb","pkEm":"0de148c3ff3655e2444fd1d75eaa5902eacc445471184f83ec4da9db6cfca54071ae6d3c5d2efdc1152e80910cdf5f0fc265760857434490","enc":"0de148c3ff3655e2444fd1d75eaa5902eacc445471184f83ec4da9db6cfca54071ae6d3c5d2efdc1152e80910cdf5f0fc265760857434490","shared_secret":"476026ca9903b0a6f30ab99c390a6d89ce0e43c4acdb08461f409a2e8bf342eb5ba4500ed2281257b2fed23bb1bda9ec815cb31355a8f694edcd63acf159a982","key_schedule_context":"027637e763b51bb8f614a2ab36af7b189cbe66dacd3714f6721c6e066e7b3515acec45fc1e118e7e28e97cde7959a48beef4959c6176131f818392aaad29caf78e","secret":"40b76560320db8ad9a5fbf31f7b28c68dc7af634a9a58b2984b95433a6010d03","key":"e8faaa9faf6ddacdc5e8d82de34e62cd","nonce":"fa479777b460af5d94cab5d5","exporter_secret":"93e6ea450d4dad0ed95423cf9ce4ade6150a9aacc6b9f61f3a3ab1ecb7ced63b","encryptions":[{"aad":"436f756e742d30","ciphertext":"8c0d8a1d769c9d05c7ed6b82d3f9039b773bc6ad1f8bfda2d5f776a08c5f9f1282eebff0fa51affcc260bda776","nonce":"fa479777b460af5d94cab5d5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"b75214a4d494b9067afba98ec855d7f7231afc48d48eb8b4ecb0bfcd452e1eb8620df63b2b5e3087d3040ecf63","nonce":"fa479777b460af5d94cab5d4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b24f59a49800253dd6d4b96a366d29133feb4a711854957ac1dd089f77a94266274a1d1421b53dc677cd417aa0","nonce":"fa479777b460af5d94cab5d7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9ced9a7a63732cab78bf083f4bf2718164d42366502f15eb64104e39edbcf484f62a5e9f9704765f27cf04debe","nonce":"fa479777b460af5d94cab5d6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c773d78e116e80bc8d367b1eea69b0c25f80286cef049befc13a3fcecd3170049c6c1f2cfd1dea99c03b85887f","nonce":"fa479777b460af5d94cab5d1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b4c981b6f5a1534cbbda8106217a221cc9a155e6078f470fca174b19a464af8f4878f5a141802e984c69ac03e1","nonce":"fa479777b460af5d94cab5d0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"43004b3d9b642654da6782a080bac6f1678f6b0ab99428dcfbbccaef39b0bf178bdd8ea3b2114346ed93bb7b2b","nonce":"fa479777b460af5d94cab5d3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e8404d6aadeccc39026cb8e26facef1383664662d673d94057e719eaa7fd4b8c1bce863639c0f17aa40c1e6ecc","nonce":"fa479777b460af5d94cab5d2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a278bad4d99b5a9c3d84844af85af63df4ca96feb35f085e86c6d2a041ecea21f5301d6941024faf7e3b68ce1a","nonce":"fa479777b460af5d94cab5dd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"433fb80b33c14f6a62dcd85883150f5128add3549334be227c877bc58dedcd73aeb61e6abc4338393ef06de834","nonce":"fa479777b460af5d94cab5dc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"89b57b9f22443d8ba2893d594bcfc31612168c6aa338a610476d05bd3934f8e3"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"32078dc3a22f99b3c84363aa958afd7531dc9b9dab59e148d9fb2a4f1cb7dcea"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0eabe263bc1614a06b28cf334ad5a39651e5b2aa89f9e537b9ded0b39b3166f8"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"0deebcada7d72d4c211493d2f8a0522690ee6c526e098f8758c67b57b74208ec"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d12502f84e8ba530184fb14fa3aad4d4b85b5365bce22f9e9fc818d487654471"}]},{"mode":1,"kem_id":33,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"fde902f38e08bf251b43a479755f883f1110159c663b6a57e300a75ed5fdd65753501c76dc59f17900b75f90a7f05a4663a8a06abf0533d4","seedE":"d6758984451862254c489381c841bbf554485ff45ef4f69f21531139e2821493d297665bb99e7ff77c194528dd3520cafdbb0384410f1a75","skRm":"b1d73fc566eb793a3c249043b8773496970b2f43a96629f710960b1dc5226f4203248bf976a6c6416ad29b9f40eac39543add592f9e8935d","skEm":"99ae1146dc27216e42d1696507b3995b32aefcc46363981d3784707beecbaa4b97394e604c9aaaccce28a44fa4c76d8449cb161cf7a69ea5","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"8a27c8ba8b8e8189c7a6e0523d869e1cefc69f40487f7c8bd6189c00b5becb1013b40f1f5518aa1e4671651c8a136d3135832daba940b17b","pkEm":"ed8f82c7d6ec6df3cf21c9f7c594699fd3d8487b0ff52f9e37d539ea537e61833d65cc2c4444e20886b9c0dcfc3427d92ea65fa089d346f3","enc":"ed8f82c7d6ec6df3cf21c9f7c594699fd3d8487b0ff52f9e37d539ea537e61833d65cc2c4444e20886b9c0dcfc3427d92ea65fa089d346f3","shared_secret":"c2b6f12ece73c9a19ec00b90b80a2f119807652ae3253193ffa9eb070890956e07dfb173599a48d99a1a7256fc53f9814e47c18894fe89a90e7ec0ce84d5916f","key_schedule_context":"01de6d9192189182309c4c5b2ed1340a7d3b7a658019b10e2727f442357352d8387489993fc53c01e467acb9e813e93cf59dbddb92fe273c67cca0582a2e482be4","secret":"c7e9e7604bc6e4ff55973c9e0d179f1dd340dc0e2dc408e0c8d1afff88899fd7","key":"eacad4765ba36fb528de011999d0e49bdd57bf10ea73277be79d6916a47a0d5e","nonce":"8e9644405d44e969cfdcfa69","exporter_secret":"408bcc314c04cd9451e88cf5037ec1a9adeaec119be300be4e478bafdd19728c","encryptions":[{"aad":"436f756e742d30","ciphertext":"70deba173d7e1d7ba408c51efdab89b4b7aba995a1bdeb7de4b0eb232354c2356e2390626f9a5b62a2a604dff7","nonce":"8e9644405d44e969cfdcfa69","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"55b1c0b0a78da95232962b1528e6da4ed43aa7a24c6050596baa17b6d6727b70df4722aad006ffa35044a3b88e","nonce":"8e9644405d44e969cfdcfa68","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"76fc4afb0847d364601ddd5ba555301d2ed12de29b66b1ad97ab4a67dc8fbab27000541688b1b0af296ccc3e76","nonce":"8e9644405d44e969cfdcfa6b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"da76d243451605f5d55f2160854e13aa468366ded40cf46f9b2160e974b5dd3e9e15292cc7afec92e56edfe7f9","nonce":"8e9644405d44e969cfdcfa6a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5a193f5b3dfda9abb2a92980ecf2cd6ca462e33ea5641d5bd02ff74b85cb68678734cdd8b435292dd30824861a","nonce":"8e9644405d44e969cfdcfa6d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"063e47c63415ac80f223391899e5270d409a630da7a0527f0bc818486087a2d219264a342a95c31823af278674","nonce":"8e9644405d44e969cfdcfa6c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"f16e5e478851c1387d30cdc77400647de8a29cd9d6106ccdf0f6050bafaadf6330aefdd763668cdce63a54c29c","nonce":"8e9644405d44e969cfdcfa6f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"885a5707d8866c4d3068b890c4de29f6953dfb90c848d37b2c63ae91f9522d0bb2898ce389a0ff5f69c6b0f4ed","nonce":"8e9644405d44e969cfdcfa6e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"c0f9f75f9ded9ec70bd758df30d2e5ff145d413938838861148937c6c8ae5ab3a8537bb1455cf15aa3e7b71615","nonce":"8e9644405d44e969cfdcfa61","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"cbeae9cbe74470c73f7166bfdad9d5e51319f4f30551ee7cd236e0a1e87039a768ec2f9873b1e49e5844e052a0","nonce":"8e9644405d44e969cfdcfa60","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"0d5026d91397975544febab5d9f789be7a100653d73a4119685b3a726535bfe9"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"94d3d9dc9bdc20bc79387a3aa9b0a049fa469d371e5fe942f9c9b8ae0db0a4ba"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"53df7ddb7a75f7f0a91ed27d25f74191685e59e673106b4e3f5deecd248c24aa"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"3ee04fb7060b8d0072aecae63c5ba2e04a9536a70cc1602b4ae781ef13f2512c"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"f4fee6ec4ca105b4eb33044ec7199c8ad6e2c3d519a864c91dd9f55ce085d3e5"}]},{"mode":2,"kem_id":33,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"85867fa68d095842dda73da0c0ba207065a6529b12859a6c2b3dd71feef88d323529248a355e2b035ed04c93b793524415ea376cae96d11c","seedS":"c6a514be4901d3202ad91e7be13471f5047419e2eee8fe359799811fda603fd3f60b4f8596c136e450814db99fdff4f1f656d5e4c942d988","seedE":"f8b8e6ed3aa3f6e01aa1e1b2e80fea41f5d4867c97973701c48dc88d0cfe1dc37338acef0d75201b3c38f96cabef6999e54b9424d6ea2735","skRm":"7d7a3179665b4411fede6a44e289870f6a60982bdab74cd3a79bc5b565bb38a6faf837a123040ff2645bb416dcc84ce024e29dee802040fc","skSm":"a244d996df474d480c5b36d6517299128945f6bdc8491c043230183b20f0fb739da4a9b42ba5f090882980dcf40aba52bd8e70a41f987850","skEm":"ab04eef8a43308ef161a5340020e54e0cc19d685ed49846f2a70e0209abd13693183af17d0aac1d8c5051aea1b2fe919863fbb55db6ee02e","pkRm":"bf074d0583d1aefeca2cb0810e978929438720cb704864f4f37ba99184edbc1f6c95c4ab5de9c13e180eab9ff33543ea1bdb7748760f57de","pkSm":"51918020f48e4b96994ecb7b097768e3d18929fc982ad4580723c3efac419b070e5117792db0286eb514a13b42b6eec13720bde540c01f8a","pkEm":"8f68860803ab12bda74358b3d6a6edc2eb959032cbb1b9ced78e663b0155ebadc6b038d87ce902b8cf94be47408dc63caefc06b68a78ab66","enc":"8f68860803ab12bda74358b3d6a6edc2eb959032cbb1b9ced78e663b0155ebadc6b038d87ce902b8cf94be47408dc63caefc06b68a78ab66","shared_secret":"660be9e07b7d0724ab30b1620a35492b52ebde7509abcaf6531a70007373c5c66590037b760b7ced97fc227d94f16363148b28c625b590a24637aadd12d2edc8","key_schedule_context":"025057c11b73576e77b95c5eeef1246d13b0ccf6f8b222a3d300a09bec8a7fc6a07489993fc53c01e467acb9e813e93cf59dbddb92fe273c67cca0582a2e482be4","secret":"738ff205d95a1f2be091ed63649ee8446b44a53278618ce453434f972decf0c9","key":"8f3a7791ae3031e83c36c84b091f9583e59ab6b23c1370975d06222b10f01b9b","nonce":"46c3254c7ef0d118abe35284","exporter_secret":"bec7e30d04f9b97dafde477e754d3315c0cc58f6322b168830a7b553c99207d2","encryptions":[{"aad":"436f756e742d30","ciphertext":"3ec5e123988189f15b2ff1338e34efeee77dafc8873f490df8fed694b53fe98e1d3e5172865afe3177b18f507e","nonce":"46c3254c7ef0d118abe35284","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"3ec36d955b6e7d345e7a662164dbbdcdda8e649918079d5b872b549cd7f4d43edde8ba682c273253236d374355","nonce":"46c3254c7ef0d118abe35285","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"195322be6cd116db2d34f6cb6f2be679a4cb5d78fbb9cfa0fd2410b1e038f7a671368bb600228463b0c2b78a9a","nonce":"46c3254c7ef0d118abe35286","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"83c3c837af0351d0e31ec7aa6c465b8db495b8c83f24da746199cd607f459ca2988bb71f4e3f74743bc3b6b3f9","nonce":"46c3254c7ef0d118abe35287","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"55953efb4d5e546b61c4b0fa8c105befdb67c3114ac085a4fb01e4d34d4679d286b5ea354d81877638bea210ed","nonce":"46c3254c7ef0d118abe35280","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"34636c8715d05b74e3da31bb0d6b7f6e6fc0ed7c4d3ba9e35b7280e75f81677b24162c60e07f30c8214baca818","nonce":"46c3254c7ef0d118abe35281","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"34c6a063493fb0ed7f45d3139b2a839d811b769994431ebf6e18da572bedddc9d2638e76325af7ba94515b956e","nonce":"46c3254c7ef0d118abe35282","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"32fb5ac9875e527e890a8d0706ad50feac3baecd4f812d29897231c022642b210ba019ee3edc55cb4baaa0c652","nonce":"46c3254c7ef0d118abe35283","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a65da4c7dac822712e33976878aa1084408f5979ddbb6fb8fcdf1944d6b2b5f02c250754c8711f67ca3b391570","nonce":"46c3254c7ef0d118abe3528c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0fdf4d91e3583dcee16e6333b8afdab5815c97464da5b6da6529c4174f06bf35458c22a0ea4acf996c1bd69726","nonce":"46c3254c7ef0d118abe3528d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"07b3774dc0e60dfd0b08c850dfd3849a2ea13dec1c4cdfc44fa622082f20b43a"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"702a581be0ab35e718d64a7723de5e797b4f1a64c99898077321f6c215a62887"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"66a7047d8a949af6e188972638aad81288188b202d726351d4d6eff58cf65de3"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"be542f49bd3f85fb50106625aa1e8052149ec0f22ad8343b5e5e0c316a793649"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"37a2ab65647f022ed2313aac60c55f67579a29aa55beca39a3501e75239fa999"}]},{"mode":3,"kem_id":33,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"99199b17de274a7cace772f708c4cda6315aac5c255f4f3fb126b450f30c5c555d318ec8f87b516345618d815fb08d6ae06d1e2482f2386c","seedS":"f85efb5df259cda577cfd3fa0d5313746587c685374d78c268a8b1c2b28446d19541bfae05beb38efec66d11ab7c7fafa87cb4fc00a7dfb4","seedE":"7717c66909f31f8d82e345a4cbc456df66c5a1b3629f0fa66f7c1c45ab01b513820eeaed9ada7f281aa8368a1a23108406e76d708890f709","skRm":"4a4b3a58bb2de05ea148a40d190142d4dba31a2e2102e605b5d9318b860d7f9646479ab57e2d3c679d0e9bc23ea36fbe71f044b945b3b52e","skSm":"650be62a9774ef251a4a140bd1ac453368b0aa29481612841f6ab10222d2fb784c9738eab6722dcc10a88ad97395904ef7f14c5559699616","skEm":"f351a67d841df44dda36315913327190c2487d924697f317c9074d86ed32994f7f0f71f7b64ef24b8e8b3468c52ed90023ba07b592dab56b","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"47fde1e052cbde93064898e42b24007703991e93aec5493af1ce8a1df9b07fe5977ed9bfce68ede5186b923a12390cd1305f67de29e6de1d","pkSm":"7dcc702d3b465062ecad762149f515593cafb59ffbad9ab06bbd3cf58be235ab19ab6a4918f145ddf4c81fd3429271b4efed2629798f396f","pkEm":"0632d00791732fc626c857b30c0d3e3e1dd79e6bb46745d04d61e11ae982b03fd6e2e4aaf53740ffe72076a713633dcb07b344e487fe2603","enc":"0632d00791732fc626c857b30c0d3e3e1dd79e6bb46745d04d61e11ae982b03fd6e2e4aaf53740ffe72076a713633dcb07b344e487fe2603","shared_secret":"da6f64f2ddec81302a2ffc25c3e455dd38aa5bd95be1ba4e2f8bd6ab75ecec5d8ffcb27de67e1ada16182de3245e7e87ddf7a6279663a64e93de24f32d224516","key_schedule_context":"03de6d9192189182309c4c5b2ed1340a7d3b7a658019b10e2727f442357352d8387489993fc53c01e467acb9e813e93cf59dbddb92fe273c67cca0582a2e482be4","secret":"da09e1bd2615121ce87523b9329ff51a53cff93aa2f37f6479694d880f1afcf7","key":"15459c6b6c00119b4526e08e3849fb4dbe1d71a7953440b924bff51726c5942e","nonce":"0cba9e7f9bda353097c19d29","exporter_secret":"d0d69fc66c28694d3ed781cae32ea92dfdc96ceb3eb72fa034fa266d2dae664b","encryptions":[{"aad":"436f756e742d30","ciphertext":"cbf82cebf59dc7e600b2714119a83c8abcfed40d1e60efe43543eb5993001b5f5cd9fac6a9e9410109b80b9518","nonce":"0cba9e7f9bda353097c19d29","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"bec2a27b7a05a34493be2525c91eb002379be7339eb90f433ab5adab525276e65084055515dcac9857aeda0f12","nonce":"0cba9e7f9bda353097c19d28","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"4295efc71dc5292dcfdb74df8c1ebcc4bfc00106632655e240be8364995fbb4edbac81da8ba16485074086fb87","nonce":"0cba9e7f9bda353097c19d2b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d2e9d05cf330b13d8851c29dbde0171bb379c52c547df6a093bbeb623ed561c712848221cd2a9fbb106d349038","nonce":"0cba9e7f9bda353097c19d2a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"3dd2cf14d2dc26e2d6bae391fa8672b686d81ce38265e81029ef508d60d4d846b56e21faae35393ceb37381e98","nonce":"0cba9e7f9bda353097c19d2d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"09ce68ce9a78486c3e594697f55c2b877838dc0307c74b45baf506cac656db8f4e371d7fd6f480b2fddeb24e85","nonce":"0cba9e7f9bda353097c19d2c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1ee31c80355f902b1362d627484ae488e304804930411fd1b780beb57ab72e336cf4428f65e45c51ef075d5538","nonce":"0cba9e7f9bda353097c19d2f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"10f324755e7a932b90aed1a4fe17a6c97b7128c9d04cff484a7efb265c1c14196a86d02296a1daf98a4fdd036f","nonce":"0cba9e7f9bda353097c19d2e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"13a1c2e55a8151bf9113bbc64a584a1eb8bc2bf1f3e7d071247fbb999c6be1fd9c842452d8fe854411eecd5569","nonce":"0cba9e7f9bda353097c19d21","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"3df2f384f8f68c3b6adc64fdc8afc4c934b05e1363e0cd1ac63979ecd5b75e4cf8624f397f8e48058ad9c0aad0","nonce":"0cba9e7f9bda353097c19d20","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"88127b708662b1fa0dbafe14825c69874499fbbc0c3fb40f3d4d3ce0e236faa2"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"1c21e9e09b3a12388c173f73ef2df922d4da0bcef7db508321997e4e20969991"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"a85bc0c79f4052c77de9053b6a8918430c92c8a41ac6c8ed3f234d20c20539e0"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e0f733a0573befb1049c0b8c3d64c82d32b1ab87bf977e958e4835b4b1c01b23"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c27f2744f7df8bd2d544663434513259570171ff1eb30410311dd5671568351c"}]},{"mode":0,"kem_id":33,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0b8c4c4ec52e8f0f632aad9d34e4778fb02a620b8853f3f46df02818e67bb09cb7b323e4b8ba860890fe286ea63f0bb9a47514e3bfd41f87","seedE":"8ab1885c7aa71077748a2729730bbf45eafa48e43496d640b8355ebcac0c16b72d27c0a3ac6a81e5c4ec7157452a067c91ee265177ea046c","skRm":"e41de2e424f44bdb6b766b67cf9e563d019d529c68d2b9bf049c203caeabfd21e46e07fa41b1f7905faef1648e4705f14810127230ec8b88","skEm":"9642d5e7f47a5cdb2bb9c341e94d97eaf87abbbf146728a6b19d987888c8d13123d2b0c18b503e294034de8083921f683505bbfac3191aeb","pkRm":"e04c798c2e677d4e0ba7a1884fcc6824b7e0b90bf75894b91470c37abd9d01890ff20515396bec2106d8a6cdd2a35a39a6c8cbbaba8c73ff","pkEm":"0be9fd12e57a5cd996c7aacfc0b4bd94e6d29c292fc6db89a24dbe935d3efa6848cc9bafad9297324a99f6cd6616d9c0c0c238af312a4f6b","enc":"0be9fd12e57a5cd996c7aacfc0b4bd94e6d29c292fc6db89a24dbe935d3efa6848cc9bafad9297324a99f6cd6616d9c0c0c238af312a4f6b","shared_secret":"58be019b0287449206574676eac0600dec6bf1e618c7e33043e253cf94e2c573b0b83032771deaff9e8f7ded3977ce9cc0a892cbe208c074bec26b3bd0c8f211","key_schedule_context":"005057c11b73576e77b95c5eeef1246d13b0ccf6f8b222a3d300a09bec8a7fc6a07489993fc53c01e467acb9e813e93cf59dbddb92fe273c67cca0582a2e482be4","secret":"fe9d68689d05bc6f8c837dd938fa3fb613d84796c08ab2e462c33daa8182ca9e","key":"3bf0a2c961a1f146a5147d35cd89a3db06b5b8c60e62df060188b5bf7abe750e","nonce":"6a7584fbf93c9e31d3f66a0c","exporter_secret":"d2f1ac2e5f0af6a940be18847e8b3b6a481c1d6f4787cfdcf2e0d059b17b4414","encryptions":[{"aad":"436f756e742d30","ciphertext":"0fe91e0dc5954f1a05df8e21fafd3e2749e0ac6b0cc733f125f60ccb1c3f29c445f5bcbb37790e261584c48ef9","nonce":"6a7584fbf93c9e31d3f66a0c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"45c1ddee15ad6b2048fb73d8c6deb429ab87c09cdefcbb1502a20a9ce666f5e2add0ab64bfa3d1e1213a3754b2","nonce":"6a7584fbf93c9e31d3f66a0d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"44aa8fdb5e1c3c6359e96ec9f6292d38764c3adc840bf96a839352482114594fb640e6c0706e1a8adfbeac8625","nonce":"6a7584fbf93c9e31d3f66a0e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"cf7fbfe58e047dead7d6d8de3a71d1d26be2e7d6ea5d606773351299d46f8768d49a1e2c5dbdd528d48c5307dc","nonce":"6a7584fbf93c9e31d3f66a0f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"94aeca06538057cb916c5ad5e27d69aedf2f27507d1d28fde011c2c394f3bb0875fb77d37217628425a13da7d0","nonce":"6a7584fbf93c9e31d3f66a08","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"aaee5d7066018b840d9cb780d699fe97b17df72feeb7026376698ebc0ec5b01f21f8307bcc3bfc8fcbea923fe5","nonce":"6a7584fbf93c9e31d3f66a09","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"06fd8e117183eb4e94e749ca61b26d72481a68186b8d78b840922b91f28fea47467b7f2ec4d0b0cbec6ba8672f","nonce":"6a7584fbf93c9e31d3f66a0a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"941820ee50b84f69ee6f39a2eda20acb3be5220eeba1bfc594acb4ee4944903e39572ebcd346c8d6d6f1526904","nonce":"6a7584fbf93c9e31d3f66a0b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"c7fc6424744092d60a7316e999178d1eef3c25adda58049667873fa57a2fdc66179f06da98aa9cf694670ba7a6","nonce":"6a7584fbf93c9e31d3f66a04","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"efc54408a42c66a387c9ce55114f0af9d3b8b4de3ced6918d327088421d41748e0a43dde59f001c4cf2bd3a4ea","nonce":"6a7584fbf93c9e31d3f66a05","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"aab38c2b0e86a2f8151da17abc40eb20625a1f0c26b03009a6fd7d540370c6f4"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"98ad5e6ed780775fe9664b13a4071d29391c5284b6080be6030e58976e288138"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"570db86edba10ecc6ce2714bef20edcbdcc8e12b80d64593b1b2ad40c1b9449f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"d20ccce491be64cb4e19b6edb3bfb7f47f181946fe50df348ba9b6e0feac722a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"9ad8b770dd7b35e24f9729dbd857d204e1122df44600308cd8dd3d29967f2c7e"}]},{"mode":0,"kem_id":33,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"152eef656d9c65f0f8ea3ca383392de3223b38e233f89a8c6a34b65583159cd5bccdbeb22e770819baaf5358ea589904db6669710600c202","seedE":"6e8a3ca45d8a7e5e65e553c1d012ba92ec82c93b337800cbc2ab2d6a444d63722c163930fcd4e1830019e6fd58dee38f6523bc6e50e327b1","skRm":"5b25cae27597e1e508b48ff3604a2b4f995faa4473d05597a06733a9c58e48defda48e2e036fbbc2213c9dd369b9aed000d032afdf8d7134","skEm":"f15a64279359020b052f5f58f1a8a0682968c1fc33805bb30a484706aebd7c07376447293f43949c1a835459fdd834b9b97730e6aa0448cc","pkRm":"59fab7e185bb71f3c33c092a70a052151213b0052333c0cff61e8d6f67505216b994efc3b5621a72187b80b0ec0a8e0b03254061689d39ea","pkEm":"1322fef7cffce45496a8cd37deba37b171ceccf615033872491858da9333b6a5a23a9d7f11c50f8e5478ec2a60d43e85c0ea879522cb12e5","enc":"1322fef7cffce45496a8cd37deba37b171ceccf615033872491858da9333b6a5a23a9d7f11c50f8e5478ec2a60d43e85c0ea879522cb12e5","shared_secret":"345013e8a9d4ec33d0c78d3c0f632d1c28cac291806a33fd007e268d54d290cd3c6c4a9552f64fc53b20c54489bf64f2bffb5c3fdaa6d38bc77049d7f56122b4","key_schedule_context":"002b8f02bd1528e10a5db81bdfd552f8ade1fcbaee98c6171d8742d4b7eacc6e5dc0145fd4bbe76b938b1db8a0015dded39e0f54ec5bc80dca911db0c14bb1cba5","secret":"631763a3bda5d9659cb80582a510cc700fc6778a87f53b0f0d44b915be216c60","key":"470eeb80c458ac986ed88b7bf3732d7d77e09402d766b58b5b58926a25a20902","nonce":"26012de04740ed1fdae0b335","exporter_secret":"7016fbd2c332b3adfe0c0189019724a3222994706ba85aecd87401fe156b54d2","encryptions":[{"aad":"436f756e742d30","ciphertext":"263642d6c87269e7b81b005131ca08aad7cfb9cf82a5dcafc7b5e64a79bb0becb8e6db4ebcc5ac8ede95002851","nonce":"26012de04740ed1fdae0b335","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"0e88e9c0ab64245ed4d5947851e9b1569c7b6060e056a4d08ffbfd78514390842f566daa71ab95268223b93a8f","nonce":"26012de04740ed1fdae0b334","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"c59c5bf707b8e9b1265014bfaa869dfb9170cee4ad77234b018c585e19e261aea75ca7c471dc7b62c1a3486903","nonce":"26012de04740ed1fdae0b337","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"afc4626114ad4c7a85271245655a28d183c06cc9e4dd87a0f1e059b9958409e6f7ec73bf426f985d7c6ef9bb5d","nonce":"26012de04740ed1fdae0b336","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"0270b9cf34548e25a8645c3a1aaba18c585bd1d1b465a9908bdc14f0e5ff8ed5d8622cab2621460630de29912a","nonce":"26012de04740ed1fdae0b331","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"a83d4b8954539fe3594854bc687d55f4810763a756149b8fe868f07f3725f7c31a604cd8b7fbd73d4256759f6b","nonce":"26012de04740ed1fdae0b330","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"f92b53f97af7d4d9ec315aa10ea16934930be4e0128d0f3cd51b7cd0dd0df19bed23768a50fb32f87fec627834","nonce":"26012de04740ed1fdae0b333","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"d1435a299e04e4a00f2e878d4efc81917ee37868cfffe01a402211fe0e91a5f1aa678e9712d539f87c2ee42c9f","nonce":"26012de04740ed1fdae0b332","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d9e273b0bc3ecef3f278965d51a362dcec6aed400f029c70bc43eeb345e2f71a71bef3ceb8d7810a4bf3af7921","nonce":"26012de04740ed1fdae0b33d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"cf355db0753cf6c6b29a79cc8a88c14e0c332c934404362b878363557f05bab097e1506ce03fa496b31a6ad23f","nonce":"26012de04740ed1fdae0b33c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"b8479d310d5b93310447b6ccdd5f5f90f20d2a991ad91d459731e732df675565"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"ab03e32dff5709274ebfb2d8b030d3c9b2255b50875170ba8915ff7d0f1b80a2"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0bee7658a03ca765b80c827b45d885f8cd3b7b80aedddca264fc604cfb8c44e4"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e6f48db0e5287d8105b5d9f18e914e0c10f988abb26deade9eea4fbafd392437"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5c4a9f02dfffd39c3b6f69ac6156a7b25098f04d82ef99aa6ec62ec32f05a6cd"}]},{"mode":1,"kem_id":33,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3f31c1a6b129d952c00429c53313d8b05fb1d87ab7b1c223e02c7e502cbfea24cb772f2e09ebfbbf1eea53d183ed0957d71135f6abe613dd","seedE":"cbe7cb1abc04bde868eede5224b61761247a339ad66753865b44bf88db472d28d62ae9715147669486133688214e10974bbffb0fd3181140","skRm":"8ac84a55aad6804115ee853ec8a118379b9e6b25f38a466b7d20ee4623640213908c98da599b44d1f193bed52af5bf87fa34df5a4b7097aa","skEm":"b13ebcbfe9c89a3b55d5937c3c9c2a1c8731715cfd8173d692803b9bf1531e724da45600d8c5c7b8c6b052ebe6bb9a26c6ec6bef8a6d792e","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"d4c749a7351bb41a8ceb3dfef5f5c795ef8c83361049d86c1c8fc839d6558fd1812c93f6327cae4c773ed151054e212d8ccc7c4cd4344c54","pkEm":"5b69ea3b9e318523ddbf3278eda6ebf86016ddd7629239cfdfa4402714b40554d97d778e9b58053d2b444939c323a85bbab467258d3af2b9","enc":"5b69ea3b9e318523ddbf3278eda6ebf86016ddd7629239cfdfa4402714b40554d97d778e9b58053d2b444939c323a85bbab467258d3af2b9","shared_secret":"861893f7cc4f900c25b8bb55d3b5f2acb604abee65895266661747aadc30faca5aacf415eca88dba80fca790889d281e1ce22d07b54f26a21c5da74d0ca0f626","key_schedule_context":"0160b33b678eb261e664f7ebeb4c9f0e2ade08c83dd68a7b83cf15b17d3191379fc0145fd4bbe76b938b1db8a0015dded39e0f54ec5bc80dca911db0c14bb1cba5","secret":"b8d767f8febad22ca72180503ba0dd26d40d345072b1d1f3da08123911301f72","key":"5e96521ea27acec733b0f10c6355b4fd66f3c2dd3f810902ec0533c2acf2762e","nonce":"97099d0ff5ee002c4b136aac","exporter_secret":"f1d2f974cb54ab869901a0a01c158c4d063579fc7ea118c0852d8ffd17e97e4f","encryptions":[{"aad":"436f756e742d30","ciphertext":"3f0d91321c0eebce712d29d0d8f6ba07e0e582febc70b0ae07e031a659993ed2ed78e07c25961db4cfddee0eac","nonce":"97099d0ff5ee002c4b136aac","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"3ed6b2ad5fd06d5f355aa697e5a74f40c09c84d0f630c6f61215eeb0c27beaeee983dfe2a6d61bc7aa4c8e728b","nonce":"97099d0ff5ee002c4b136aad","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"f8118affd70ebd55a5a0ddb27ba923200ab0987bc16c653de3da5a59b38560c2b874ebac6bde5121da59253052","nonce":"97099d0ff5ee002c4b136aae","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"81838b8a5c389295ebdde07201a189cbaa77643633c080850ec1124209f927bd4c4b9a29448ba69df0cb05940f","nonce":"97099d0ff5ee002c4b136aaf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2015d7c06c792fd5bc9ec2fb9fc2a4a29efcba9a35123c38ab0f16475e0c23a50bd5b54660896e468cd46dc77f","nonce":"97099d0ff5ee002c4b136aa8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"fa0b0b8f74b605174ed007eb56d8bc36f5a6cd62bd3d4efe06dbdf6e58bfd9595cb61b9dcb5f16d5738c999f02","nonce":"97099d0ff5ee002c4b136aa9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"35285a47ab789afd3e2b370eb03eaaaca9f51b8f2e98d4e62959a76a9d8fdda192292c70b49b47b84e4cc9bed9","nonce":"97099d0ff5ee002c4b136aaa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"39ff6d4702566d3e96c8f29d5b9063928c740de80c50ebf33a56a614ea5c0068ae71dc56200675cd25fd76559e","nonce":"97099d0ff5ee002c4b136aab","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"0f3d82a85023c63a9bc3a33c35d55b0f3089dfbd1e10875bcbeba66006646d1684aacbf4d15348c89830707292","nonce":"97099d0ff5ee002c4b136aa4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"1cd3ea58da0622cfe3014e9ac84ed4659f408f137793bd8a9f128fdaf98a5bb50bf038e85e40f2b7600ef8a4af","nonce":"97099d0ff5ee002c4b136aa5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"556887468e18082fa78688d3f0485e26ef9bdaa983adc09aaffdc28693844d60"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"57c3719dc9196def5d2f7e159fdb107b9c724a178d724aa89f84aa453dc82795"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"02d7d395a9b890223fa29265fbeccfd2c9d4e1ce4f2d337e6b465aae10ad1ef0"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"cce4071e42b5c1c0befdc4139bffd91075fbb45273053bbe64eb7c06c1296f4a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"73bdb6adeffba85f45895e1c664fd30988f889f64d46ff980e4ba3160441e9bc"}]},{"mode":2,"kem_id":33,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"25287cfa577abaf5b9887033e1ce7625541104149bc6f860a4a21c014f9c0571549bd2ce3f790a85f9d59cf66777ce2f502d491a5cac3dea","seedS":"3e3e1edf4bf7b595cbbc7899b2b480e6f7b7b0584ec55e4ffad309d68f4fbe9f20c94179f9cf8b854701c2b2c7060d9a08089c3be546d333","seedE":"2ed5e9727dee68d17536d127b54c75fb5d35fae432b41b8ca0e47c679c2c9d68e168054d7536686469cd04fe6fa4c86356fb0bfe80af2f65","skRm":"4ee4da4638a72a53bf36d19085b438da5666f685fc771036b6d1e5d42ed5b929b6894cbdcd7c622bfa89e472d43fda0609962d896d859548","skSm":"701c906748ddd6fa71391f8e2af54f6cdc9012133accb2a57955c294454c01e62cd4fcadbb6250a046d4d8d956ed8fdbd8d076daaf9da872","skEm":"dac7e07aa9dab5731d47ca19a466bb02221dd94132d00f4c2323e62c5d67affd414079955cfa2b787d5bf10f781ae64e5e6937f04bae1760","pkRm":"264c22ac7762c8d31fe623ab796792f919f8873bb7bc2e9ae2b65fd277af42f300ae93b44aea1c9d0ba470f497c82fd8ef2c6dafdb785acf","pkSm":"c8eca8f703c77f9f1b0f035d7451a1d5ea30c396ebb32a761ec59e99f77077efa9b92d78150b78f9b580efc8f62a078f1c06ebca082d961a","pkEm":"02e3dfe93f39fbd0de9db6876a5939d147df2df81cce43dd8500bcff541a1e94c7db88d6e23b67c36f77e12fee7c06190ee6b45dc411eb5f","enc":"02e3dfe93f39fbd0de9db6876a5939d147df2df81cce43dd8500bcff541a1e94c7db88d6e23b67c36f77e12fee7c06190ee6b45dc411eb5f","shared_secret":"5c88ed198157e18205072fbda016c059dabf4720d883b8f54163183a065cbaedef1effb169ceb4fd5eaa3143ab1de35d5b7ce8d1a82d8e8e81b050df7d3417a0","key_schedule_context":"022b8f02bd1528e10a5db81bdfd552f8ade1fcbaee98c6171d8742d4b7eacc6e5dc0145fd4bbe76b938b1db8a0015dded39e0f54ec5bc80dca911db0c14bb1cba5","secret":"b9f018fab9bb8863a1955aab88da7130ff343a43450212a8d0034d4ab92030b1","key":"5803804b27e31a4c226d8a519235fcfee864b0b227daaca9c53afdd88224c84e","nonce":"cd059158c6e638ade09bbc61","exporter_secret":"9769274d1ab2a934242bad5d21afe445edcaa4678790026c573a90580f8ae453","encryptions":[{"aad":"436f756e742d30","ciphertext":"f8ce7a7c2fe43f37bb5cc35e4db8fa232149b45f2d95ce3f88e79b54bfbfd5ce77f23ba7472d5ca8247b3d9332","nonce":"cd059158c6e638ade09bbc61","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"17fdc08a7893af23c5a4ebf889bcc28e3d9b3085ee678ca9213ff3345e590276a9c4acad0b81e7e74180986d9e","nonce":"cd059158c6e638ade09bbc60","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"1a955bf88b30f183377d8494d1a676b1a27b0d2be68fdc781d4aebca24741f64e476ffd139f7cc6c334e22e2a3","nonce":"cd059158c6e638ade09bbc63","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"5ebb4d7d7919f295df2e4fdddea703b2da7edaa7389dc6b4ba6bbed4bec60e22df43b104cca13f0f12f9406ae0","nonce":"cd059158c6e638ade09bbc62","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b98f8bbb65eb82d4a9918f770648f4f40920f5676c534ff4ac6fb53a24d8800bc39600a3c82a7b311de31b9aa7","nonce":"cd059158c6e638ade09bbc65","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"08e580f6033214f25bc032fdc14a3bb661557139f1ca976473bea371482705756d1d2659900789f6c27cbf9eda","nonce":"cd059158c6e638ade09bbc64","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"923080e329bdc7ed64cf8ee4e5bb8c3af1a8002b2cf96b792214234351f2db13f2b4cd2d43a2e6dbd5f508ca0c","nonce":"cd059158c6e638ade09bbc67","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"871455d005ecbd0e19a5a4214acc71308752bd3b6fb163462ffac3bde9125e1894b194f306b127c8d850e27ae9","nonce":"cd059158c6e638ade09bbc66","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8fbc6f2e6dea47eaf5663611e87d4474381f07b638a3c12f6c6c71f3d57fc1398f59b780d59860fe728048045e","nonce":"cd059158c6e638ade09bbc69","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"67c8041dde518f2a13f13dc4a3b35ad351f3d46a55ee836e1f311bd9aa0bb1a459b87b90cbc98c06545109ffe3","nonce":"cd059158c6e638ade09bbc68","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"8948052d92df634cf37ec6ae4fa29695bdc8a6c6d7713bc89008761f54b9e698"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"7a1347fbadbe6931da5b6b68c1d686fb4c802015ff0928c7dda275baac10284e"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"82eb6e06e729439445b9ef494c87fe6ecfb1e8eb3407ac5efa82b2625da1bfa6"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"f80f5f3ed1b4d1c3dcffd6392bed02c97299f18135ec136a0eec90cec6750c57"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"54b203a3d58378bcf839eb5b998d509b80cc53897d24163ddb721587465deae9"}]},{"mode":3,"kem_id":33,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b40b5ff469deed2ad6363d2554f1600ca4206bc6874381ab9fcca2153d2f6c6ca02339558ae32ccd1ff640030e321f63fe1056f7716122e2","seedS":"c10703a86b8e7274ec4ca8f5ee3a1696960ba9db764d517ebfa37567141d7af0fbeef6196fbfdcd76cec65d228f23d883dbc34f91eb01bd6","seedE":"71eac45a2e9971054caff3b70c0355ced179eeb0b041a63c48d8cdab38bd961ee9a0a46a2d190311b3c0ac645bf00f02d9a68defcc0a0d2e","skRm":"8c3a62dbb72bb89cd35a3bdc422bd27f49dc714d1435b6157f42174bd8d109c55d1885da65e6212cc766c70592cf8d9d1010e91d8f8256b3","skSm":"4e1d51ea700684c53beb805fe01b6bf8f0cb6256f04d9bbff39fb2b49b965aa7d1dca955846a68bd65c97be151895cf3255d85a4d6f4f94a","skEm":"3b77dcaea6bfc14cf89ec89a3370e9b36d0383f93644ad10d4c310e3a7d3818606f2cdea3495d64dede5d23e7fad0ae358f3c439a2b13b4b","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"a0bb840213bf5800d13016fe35700872d3b403bcac14192de7a3cb3b5055ba2c8926ec28a7f57a2cdb615e8657b2ca38edb78c7edb0588bf","pkSm":"87caeeac827587fb8b6edff096b8c7a94d32eca43367ef84f7ab4bac8b2af2eae7cd17cfa394b48be757affaf9fe50fc8f0d38ab9d55d7bb","pkEm":"4270618c60c2e9a48fbb2b6b81b0f7b3148383393e6f8facd5a4c67960c909fdcbb73150326afc0e0cedc3bc0377cdf1f4da489ddf367e54","enc":"4270618c60c2e9a48fbb2b6b81b0f7b3148383393e6f8facd5a4c67960c909fdcbb73150326afc0e0cedc3bc0377cdf1f4da489ddf367e54","shared_secret":"1e683726676fd1c6421e6f3cd46121d62000005b923756a95dda5f84cdaddaa3884d28dcf92042805338f68cf6c0b6369a7b91c44b78949374fbea44c0031828","key_schedule_context":"0360b33b678eb261e664f7ebeb4c9f0e2ade08c83dd68a7b83cf15b17d3191379fc0145fd4bbe76b938b1db8a0015dded39e0f54ec5bc80dca911db0c14bb1cba5","secret":"4c85e58fa17bef7d0646af59cf06614339e0538bc6be79bc980cb1a1205b7b25","key":"6c5b4bb172966c369798511372f6b3466fc0dd8770135c128aadc41c89df5492","nonce":"72216807db1ad3cb8bf336e2","exporter_secret":"f8ebf43478a0773cf7dad5e176fa2cdd6fcf75798a43f5ff90adbcf6066d2729","encryptions":[{"aad":"436f756e742d30","ciphertext":"4da7ec65d462ecfa94de2e20b8e86891d2852da25ea7031285e66e022230359d6a9fb3ae7b68626df9f271f544","nonce":"72216807db1ad3cb8bf336e2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"bd9d78d9e0b6f152cf4c10192b22deee3df3d452bc29a8277beea09d3f9397dd54c7597bc2536ff691a73f2866","nonce":"72216807db1ad3cb8bf336e3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"92b71616c19dcba3daa30d3f96dc6406955da08309e2ab6d90b7baddd61d941cdf12803fc3333d1033eb9fc22e","nonce":"72216807db1ad3cb8bf336e0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"94d0a5018d110d3c881c3130c752b9db725df51e1a8c163aaed7ea24a8777e9f885eaa7b3a5de1899870d70986","nonce":"72216807db1ad3cb8bf336e1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"7c90aadeae406d1b0cc00ae9e28924c12a81af3354ed0f9e53bcad1f4a45634a5f84b5b2de53652df151290134","nonce":"72216807db1ad3cb8bf336e6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"01d4431079858e7f56bce4de406d072d945fd3c38341064cabef84aa1b67a1fac1ba69354f39309f247704fcca","nonce":"72216807db1ad3cb8bf336e7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1f59fffc76b067cd2716bcfa6a71d7382a953713ab1a0538fc9369ab772b5a6eb4d96cd8b161184ee170889940","nonce":"72216807db1ad3cb8bf336e4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"079f62fe721ff48ef01d4491d3aff6837f23c63e0219238efa42d916a18f323a9d8c2c129ec68141a5e32bf601","nonce":"72216807db1ad3cb8bf336e5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"23001a980c108791b7d153ff9f81594c5167124735c7feecda7da93cfc857a4e8bae9d9a6c1909afc4a32d489e","nonce":"72216807db1ad3cb8bf336ea","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ab310e1e2613af557ac63e2c752a0c4ac487a387decafb3199b140e9307054a74d5ca3d5a8be5341b26a926949","nonce":"72216807db1ad3cb8bf336eb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"825d5f3f3000d98a056025dafc2ab80d905b0bc4d1e317704a13d3fe3f599199"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"73b63aad01e20c74173aec2bb530d39f22393524939fa1e3529f91a16c61be6b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"ef3b95c9778bc495a23de52dedc5f7a84b93e6e31e689392e01960b0b06b4783"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"a7757e51476a9e200d22bc4aff2eae57a0eb69160ad4db8806c6d440be6472fe"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"964ce7bca098643be539b9d555802f6dd1dc8030123dce4a979e6088eccbc874"}]},{"mode":2,"kem_id":33,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"27fcfcf1a55ed562445ef999353a1894eb7671af8ce6f03151fb5d5f93235f44da1c32781168a448499c8fd2b8a4828b0088e3d7ef9abec8","seedS":"22a6972235a42ad557944c5d36f4f38e3659794aa399a78c5beb5b037c5e2404d57e418f9080edefc4c525fe47c1c89d45ce072d515b45bd","seedE":"af66c36135c57286feba0ef23ccd4fbfc6f12922556150c109b362db1673af446b8923f3d2013511aac1e154d28360be1b2c5309c2d3ecdd","skRm":"61cf934d4a15734121195eb4bdb925e754920be595746cbad44b3cd020c90c37f01b5c982897cbbef07b1cd55194295ee4d9cd92878bcb2e","skSm":"0e00205f71f1f0c5818eae997188b41cfb7a6622fba5cc7577173ad5240df15f9a285650269b8e881ac4cc2b34abe72ed6b1fd266fbb7cc2","skEm":"41d7dab149bf26e26d93f867cbdac4b10c6203e4fb0e665e59bf54059bfb1082ec3809a78b3599537b0614a8a7df698771ab60f30ccc5812","pkRm":"25c4f6870d74f51dd7dcd0b1dab37edab70114c163840f729f04dfa6b1d2ca2624d68842c7d81c4250b32afc6cf85317a487fd63a8c5b81b","pkSm":"b16c9e5d76483478c8beca90fcbaf8b17a25d4ab32608d57ce1c1861e6bd92bb2d38450ac2b1d8cf34e1d9e85e9e39d2587beda8a309f3fb","pkEm":"82aa10cb64ff3be99241d81233445f530b5cd8f867cec70790de1363de94d33cd5261cad9d2ddf4d8718d0bd94f5a0cc0ff34320a6815c42","enc":"82aa10cb64ff3be99241d81233445f530b5cd8f867cec70790de1363de94d33cd5261cad9d2ddf4d8718d0bd94f5a0cc0ff34320a6815c42","shared_secret":"8ddafde754208d8430cbd9c1cedcfad641d7f173584f83ba4a366add2bb22ef0f10458fe9c6fac1ff9cacd6835cce38c2ee57d2875a2f0f0fa924d1741643822","key_schedule_context":"025d51d75e5b6f166cd8b3f200bb9646620b4b45c205483628fd330118ab8b530410a42988985d900acb2d52b068b37da9a4fc1c1bdb2952941a95db6be723e5c362adcc0c79cd0b968b815a83011ebe5c6f02404c89dcb6dd6b980095a163c99f19eb76bdd4e21cee08a19a1c50b98380ce01640ee02953f6789aaaa0ad2c45af","secret":"00d19b2f3025c9f8872edd49a054e6f6a5eed8d4124f30ffc07b4c75e6c7569d763e485cbed7787e4fcc87633caa8f73ecee4fd6244006e15260614f42f48c28","key":"f7b9fc5bd000071914939828181889a3","nonce":"816601c863fdfce9a4a3a15d","exporter_secret":"0c9e3f5f82b5669bd027dbeef29f0c1213a893c8e9f498e70d3caca6dda0a81df4530ef95ca3c99f949173f6ce02984c2a1e8e8760f8521001cdabc0387d4d19","encryptions":[{"aad":"436f756e742d30","ciphertext":"ad72bc52aa8073a1f90556bcce259b2d565be9a3c114df8c0c1e3eafd2f4228fa971b8ca43717a5fc5e5804c03","nonce":"816601c863fdfce9a4a3a15d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"f00127e0c443931958f701883007b6e1a50a6b10c1461990a36c62b7c1fad053bf7328504d0a22ff114a649493","nonce":"816601c863fdfce9a4a3a15c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"c140c5d64f323a4e55dbdc9d4ace434e81010ea268bc66ef79d2f98a343e49dfeb47d8f4d03209c19bad9406a4","nonce":"816601c863fdfce9a4a3a15f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"71bfb9ad1af731b7192d75ba5acbd7c9404718511b5f3e4ad439fd709eb2802e38f1fc50757f28d65bbf7dc855","nonce":"816601c863fdfce9a4a3a15e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c9ec025105ade2d803c7b406e5e4d10ed00897253cc7f577389749d55012c334de0da94bb2517168e28a796d2f","nonce":"816601c863fdfce9a4a3a159","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"2d90c3472fe774f62dbbf8795b0df0a8069e2e60a7872b9c9ce3b750c5368da65532170911f1608bcbf4d45e23","nonce":"816601c863fdfce9a4a3a158","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"99ba751a7a4140ee3233b8a16a0f5066640b8399ea718cfb767f7ec86812c67f791ba8f9b4a6e3243b3c1979ad","nonce":"816601c863fdfce9a4a3a15b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f76142aad62ed75f3e4f70269688d7d6861f0b1b0afdabedfda6d32850314f7297ed47510912ceb8d2e1e49de5","nonce":"816601c863fdfce9a4a3a15a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"056de5d273f7e561e64d9b90bc33751cee6955ded05a3dd959f0aa52e7b18e72c0c6b055e769525025ce7da1cb","nonce":"816601c863fdfce9a4a3a155","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ccb02cf3c17a635a4d2770583073d745d8d6baa8187efe5c5767ac7db5fd6288051aa802110bc0d869294e2514","nonce":"816601c863fdfce9a4a3a154","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"9d783a7adcee76f512f21ae44c63c735bdb230c653ae87c3a6cedbca5e29f080"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"5d8e2f1845a7e4a99036b09e364243a99d02e86a98b62b932f19f1a979aa0bb0"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"87bbea40f8d47428218666f2db76ed4c7064c002b2f0da00193dcdc0104181b8"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"4e5c4b7de90713fb3083f9628ade164312f54ecaa83a21ac8e25f7e6f9c50d09"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"f7a1fdaa32a4974bafe0cf96c36bc73b210fe99f2719c595077ea0c0d1f0cd88"}]},{"mode":3,"kem_id":33,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"492a05907c9333451345b9e3e9e6e773c3abc580669d95cc420f4d0b41b96b7dcfa73218c35971095c5dff55e3c5c050a8befa23eae54c63","seedS":"de7e57886f023a5f139fecbee0028c575e69c381ed766e708554bd1caa3867fcf6c799d3daa575299352107822de4623e026a2050bd9b229","seedE":"0ab4328bdc77d0c7de08f752bf5e7b93aff5f5f01b151297b2f489721e0e9ff62cc0fbb2af32c1f94615751c0dcfa3c5d4feca8fbee5e5f4","skRm":"e8e9dc198f259e6c902eaac03efabeca7c3b1ec48aca1730f59c1ab79f1ded8edd530911fd5514b3bc68c049d6010b15bdc684f4ea9214a5","skSm":"d8b46cd2ea92de565e620093843b4da23f77b6989d99995caf0b1d8940af7c59a8ffc0670b3e48dfd45bdca0fc718485304b6237d1c53935","skEm":"3db80feb1d68cac9ec2b4d51aef14bbc60cb6ab35fb5098ef27f82bb77a4893636a0d835477ca9c1c50789f7711ce5860f7c4f9c0bc850ed","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"02e85703d4aa1bd51fe239c1d199e902ff0f2cef5a07a9457e352fdcaf2c8fa326d01950a3bfe465c3d5a96a735898d6a2223a1108399255","pkSm":"988dcd43a6a9e97bd642fcc604f9d7a13f1e579eced688b7cdc46b4dba3b436a097279c925cf48c0d5f3a360eebef655542576e661163a3e","pkEm":"49f736fa1851d53335a14666898adbfe37f69a9a82673271d5212c6d1186d4ea2d025936319223626a72169279456a847b2ca31ed7985ad4","enc":"49f736fa1851d53335a14666898adbfe37f69a9a82673271d5212c6d1186d4ea2d025936319223626a72169279456a847b2ca31ed7985ad4","shared_secret":"514222683da8588d53b89b526c1ed5b05bf35f8f8d073499b951c67fab37d2ffb93d2b3b0443fdc96c96b419f78d9254c02b899e16dcf7cf79e3e5e7f068d21e","key_schedule_context":"03cc21a52de94b0a329e224dd508f16ef2a0ea4d49a6dad47e45c9657e7309d5f5e8673b72bf8a440dc517e88f4bb22b990cb594b65cc33814be7ba4f6167492d262adcc0c79cd0b968b815a83011ebe5c6f02404c89dcb6dd6b980095a163c99f19eb76bdd4e21cee08a19a1c50b98380ce01640ee02953f6789aaaa0ad2c45af","secret":"484a8424d063dbf353979bab4bd642b5e4488b4aa2fc7482463ce32f75f1e7b827d3865850faa66572ce8fc43e75c806c5d491f8f5f785f1b438a551a6ecafac","key":"573a464751df979ff0075f357139672f","nonce":"89861896be87d3c09120026a","exporter_secret":"34a4e7b423f79694000c18d93780c4bd5060a3c2997fc27c71c4709ff9802269c58a8790cad5a5d140cb8ae4c6b10fecdea82fdae147811d4e9411a44b0b8423","encryptions":[{"aad":"436f756e742d30","ciphertext":"cd9e3aa1d093b4e0d21ebf098d8db95f32a414a870479b50d2c906a07ba1863182493a651cfa95eda655245d2c","nonce":"89861896be87d3c09120026a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"23cea2fec3adc34073546237cb16ba573de1600355f86f56a7a94365cec14716961e4e2e2085427db145bc5e17","nonce":"89861896be87d3c09120026b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"4ff3846cea6e14410f7497af988734f403c2abe3996df2b4360ec66051bc3ad4c9f198f7a0b145569f91f312ef","nonce":"89861896be87d3c091200268","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1fab75193fcf2bc77ed03bd0fa3a0ac8db9a54a12fd26c7d87e2cf218c505429d60efb6c9f5de4bf291c3639f5","nonce":"89861896be87d3c091200269","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"6858b4624dc6f7cfebbbfdb91898a269a5a173cc2a849024ab9a81e598f28adc958b0867df6d54605b3cc29544","nonce":"89861896be87d3c09120026e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"50220690603568358a58ad6102b1a4f13b1b62ba53622b1293aef183d2ed6ded13a826216a28a4c21718decd81","nonce":"89861896be87d3c09120026f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"0e22702fcea9c7fc450811be23f90e0f884bc49c60bc04eb3953ec8ac59ab80d777126581b48ce870a304e0344","nonce":"89861896be87d3c09120026c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"5dea91cf3c6d5ba0e4ebd4c6ae5b89085fdb33c6fc30e1016f7adb00eab466996a21c294a194ea32e5c04b23d4","nonce":"89861896be87d3c09120026d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"1fbf1cffa7abacd1dbdb081ea942a5d47773910b8f30fac45638597ba72ebf9087099c95776fdea429ea9835c5","nonce":"89861896be87d3c091200262","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"12ae8e5e3a4b09fb78b22449fe457d186216456e2c32bf546bbdfd6dd82cfb1204207320542903b56510219ca0","nonce":"89861896be87d3c091200263","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"20796a9fb6d464a8ebfe5a64ef97c3e57935585fb8628095c5665af9a22246d0"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"10df6aed035d8adb65e65f8d534e853ade16d762b2ecf972cb70d6a5f550f83a"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"ffc793d331e22990ede4a0a024f4ef0132c6537328c5c376f8f77cd2bd9ac27f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"7ed3fa7a37c5466f72e6ede994d21c6316d8f5db977854b9d22efcd742895746"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"bf215205266401791f172c334694f007fac348585824dc6527d2c9aa3e8d3e89"}]},{"mode":0,"kem_id":33,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0f19220f2681231e23a309f507b041ec8540b3918e5dfad94fe9ed0109435e65973ad68a8ab8d58c6d42526999620c8d2aff76ffb376aa91","seedE":"6050076722962753ef9a009821c53276d2f4a18017b8bb92785e026d8168f37e9fe0b18942928fb7eb117a08469ce121490e0e6fc833388d","skRm":"3107a207cc726b228abd268d828aa306af1e92f009792df8107d98009ae6613aea3561ddbce8666ada8f74e278389202949df00540cb8fb1","skEm":"f3830255dd9798b8605691e0829bb4d81590cada8549e78f1a3324a88acd731733a1c5f242b3c7226533207c8fdea9e585d0d5640140452e","pkRm":"33f79f1e42558f1fd0864cbe376fb245bdca880fb3d97421855c4292b4bb745271e4cd3825bd050ce0797785f0f72cd40a479a5123ecc11c","pkEm":"98c2c211cde375f23bef4106b3ae9cd68d2c05041951c65160e7cad40ce653573620a4b555595f552ad28a9acf41863696bf8c690390d670","enc":"98c2c211cde375f23bef4106b3ae9cd68d2c05041951c65160e7cad40ce653573620a4b555595f552ad28a9acf41863696bf8c690390d670","shared_secret":"b041b9db313b0f6a884a0e8bcbc7122035f97c96c896f4030a4ed64bb78479ed6ff44074f311e78c548b65cf3c49402a14d5f5e5bc65bc962c6af82561d01ca3","key_schedule_context":"005d51d75e5b6f166cd8b3f200bb9646620b4b45c205483628fd330118ab8b530410a42988985d900acb2d52b068b37da9a4fc1c1bdb2952941a95db6be723e5c362adcc0c79cd0b968b815a83011ebe5c6f02404c89dcb6dd6b980095a163c99f19eb76bdd4e21cee08a19a1c50b98380ce01640ee02953f6789aaaa0ad2c45af","secret":"ac15e386cb4c1603f8baa59eeaac90d9a6478f47140c686d0e6b1d33b8adb8ce53552fb98827021fadc0c119a63c451cf1c159c0b094444a291f20c9a911d95f","key":"73742d76103f4c9cff35fca35e7b5add","nonce":"5d052acda60c2d966bb034a1","exporter_secret":"cba72cf36c19b940db9bd01454eae911afb566b5c474ff8b58450e0270bcad10f945feb420b527561fedf7f6de6ec99d8ba7aeeb068db011ac738c53f56f0f77","encryptions":[{"aad":"436f756e742d30","ciphertext":"cd601f53e81152295b84c531f919fc79096b8f5c62d15cec196e856078f70c24057db0007172a593d0b199b012","nonce":"5d052acda60c2d966bb034a1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"51aff83472028d64a11ab0339dd92e134b28d0e8d16e3c9771630e95b8acc55dc1fbbf4b9a6c4fb288d665207c","nonce":"5d052acda60c2d966bb034a0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"6c3e9651739351ccd6d1adacd2643c522d8d1157ad8b5b36069259f544572a120f4f3e912c7e88af540e9c3104","nonce":"5d052acda60c2d966bb034a3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"081174e7f23850c0973d0d9054b3c9a6fca9cabecb37c3b54950d187a2cbdf77b97dd786764edb648f74a26b20","nonce":"5d052acda60c2d966bb034a2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"15866799bdacd4184143e06c6d7a7991f4a45b7166371e6ae7d8ce447a1d937b2d11cc60e1b5efadeb03a0b317","nonce":"5d052acda60c2d966bb034a5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b9ef89bb296d82ef65f46ac3c3d0370309867e9bf6723d09da784fdf9120c24fd030d0bf0f6f32436fcb8fa29a","nonce":"5d052acda60c2d966bb034a4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"9dc10c4ca633265356564144953ad81af098d11bf68ec9ca0918248e2708a2f609b6e79a4451a4d074d4188e9c","nonce":"5d052acda60c2d966bb034a7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e97a7258a5cc6f9f3d8edd226b9908a6c20e6542347e08c88bc7e098d57a6787b88831d52ac0da51932d3c2ad4","nonce":"5d052acda60c2d966bb034a6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"6051d9ad419653b97c9d1d9c9bfc7c4e07a230605af5e9919888e3b62e314a6a262aebc42f55e594902594d952","nonce":"5d052acda60c2d966bb034a9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"bfc202ad0d94bb762326233443c491b19b67042abb1d2631b249e14953c5e4d780fd83cb9e0aaef8f73cb0aeb2","nonce":"5d052acda60c2d966bb034a8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"59ea4af8da44808957f8f87ddee9277bd336a9540e6640176f45ba4019c96ce5"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"5169ce1517ab3638ebf4e546c9f085f291ae1502e1df58915956b7bfcc896e53"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"ff223c7c1731f0ee8800f767f5ad827fe8fa6e70d196dfe034821982e9265073"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"19f7b26824686d8bebb1c58a671f4b6ceed9bcb8289b056547ca52689045b65f"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"653953c2761895008cc617c346ea40ada7c1d46bd58d00a4e768d0400998e9d6"}]},{"mode":1,"kem_id":33,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"4a8ca6773ce624674cf4712be6532be268c1aa9e5a0d1d7674351cb0031353968cbf00d2af942593d25c45aa07aa64ae0000000000000000","seedE":"1015a5c84bf856f48f91dff4e02b203a4945a36d983868f4c6aa873c77be282e3171b1c7b5524436907ab4271d856cb435415cd0725ddc75","skRm":"df6dc8364055e453dabb1a410ca8184df78a909be951613b1935f42b01e79ce5fb58b29dd307a2673b463e8e3c60380c33c3f657cf36a7d7","skEm":"0f2bba5c2c9af90403847a72b107c33a156214d1321ea23057bddb2e98cf117df878db8c475d08e286cf647121b746782c4b9f2e56ddfc18","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"eb2de413057cfa13d57cbba12f20b3261b7e12c564c1e116d570ee8f7476fa1f00b327ad3194e9f6c19532a188f77bffbe6528f596d7cb8f","pkEm":"32f0064fbf6bfbe5e7be112f3dc38e61c7e6193bda7e727b229b96e2cb5f76552c0545b1f689fbdbfb35d031ceb44178ebcd403c1f2ed20a","enc":"32f0064fbf6bfbe5e7be112f3dc38e61c7e6193bda7e727b229b96e2cb5f76552c0545b1f689fbdbfb35d031ceb44178ebcd403c1f2ed20a","shared_secret":"bb5a259338a230fdda5714a910b1081ca6d6bb883091e824c6d54100efafba4da41b8721f8e89cbbeb66b2fa6eab904f4459a1b2040314fa9846a7c98d8eacf9","key_schedule_context":"01cc21a52de94b0a329e224dd508f16ef2a0ea4d49a6dad47e45c9657e7309d5f5e8673b72bf8a440dc517e88f4bb22b990cb594b65cc33814be7ba4f6167492d262adcc0c79cd0b968b815a83011ebe5c6f02404c89dcb6dd6b980095a163c99f19eb76bdd4e21cee08a19a1c50b98380ce01640ee02953f6789aaaa0ad2c45af","secret":"fda0bddae602495d0ec51802f4aa6217c1fe9b8ebd7a1b32e59b3b35881781791132838c9fa2df6f1fe2526507a34fc2605b0154b9f6caad3d3bb3f5dc7a6bf7","key":"bf57cd65eb3cca8c974e880355d6b5ed","nonce":"0efc3be01b60e273719ff2b1","exporter_secret":"01636a5329db27f65be6fd0f59d97f847df3695f443d2cb8e38487ca2990b2353cde2cf29d871c510406130c8f3e2460482499c7361d5ef030cc8ab7e6631b3b","encryptions":[{"aad":"436f756e742d30","ciphertext":"855ee4684cb2b7dffccf3f739fe7497148a480aa28e8202dc12dedd0a4f7514a1541674a3416698a7000417c8f","nonce":"0efc3be01b60e273719ff2b1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"941ad4b75b2abe687e7680bc595146d9f7bb8f72e465ce4a1dad2eb6236cf9ba3ed3f4fa4981f72235db459058","nonce":"0efc3be01b60e273719ff2b0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"3067a38a01188974b337b11c35908ddea240614d922e493f9a8b6690a36ceae4cbc6022575795ce5f6386da423","nonce":"0efc3be01b60e273719ff2b3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"62fa57456b95553a8902872930242368267df2325286b47f9f5046c6ca7068d421171a8446e13463f0f0a1ec9e","nonce":"0efc3be01b60e273719ff2b2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"de5a69c74c2a238addc0aa9c734c03d734ab89f8591262f5ca8134ca56966b44e4fec3d93661c7b2a0890acc0c","nonce":"0efc3be01b60e273719ff2b5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"0abbeffd9af3ba18a3615cbf9ccc321cc39f0d11b5633bbce45f9ffc32df5c90b6f68fb5764e3bd032c08b867f","nonce":"0efc3be01b60e273719ff2b4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"22aafa65c0b72c55987c5b812dfab96e7cc8cf4fb2b9f39a97128e97325fe5f6fff0f64391f7afe99e6ee54f8c","nonce":"0efc3be01b60e273719ff2b7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"128f0715b460dd2787898d9b33bc232fbc30b3be16605b20d4d09743c54126accc1a174bf2f0023bed6685efbf","nonce":"0efc3be01b60e273719ff2b6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"4e488d6061b249462696d49f7826a5fec9cafc49513c64e475e7c9efb4db09a20957406459b3522a4dfddbffff","nonce":"0efc3be01b60e273719ff2b9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"77c49ec9f77241259d71fa267f7663ff17d0484f735ebfa80ef105f477a439a559e7e9ef32a92ec85acb0007d1","nonce":"0efc3be01b60e273719ff2b8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"b205534f9bd4059548486b148dfbe4257dadacec5cf2342e131140ad6286cb19"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"bd3b8c3e47a88b1feb0053e79bb4b52b47f43d012699b827e67b18f359c6ca78"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"707114c83b15324de470377831a43982209abfe093bbfc30fa86b39903e45145"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"f27707e284da281348b2b0cfb2fdc5b67655241d9742252bb3c27f604d2bd49a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"82abcd8bd86392fa791c39b75f9da1ff8aa91f2b8c1bc8bcfbb01db30c92c456"}]},{"mode":0,"kem_id":33,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"12684735fb94654b1a127bc48ab4eabdf12eeab245af66a9f5e3cb79f30ce17dc477ade44170ad0f80c7b02a01473cb0ec928594d55b0295","seedE":"468563e1ebe7d0b8aa04a3c863a842428607ef45dd7a2b95425ec918dcd5c1012c9614523317e4f311ff0963fba4dac4ecf353e38291934f","skRm":"f8089f023bf6b0202cfd015d1ddb699bb5da08391f2fc5f349c0a32751650b173650e948d46464a1fd2e7be3716a2d64b815a67a250a5b4f","skEm":"ea774d71891fec036f2190ba255ab20224b0a88f8c129a1bb7c1d5097aaa6d8044b1b6ad89bf988fc5b8e089ab0688c12a14297f5ca4f3c1","pkRm":"5f8c4c3f3c94a51d098968a1eb9ed8b54419dc5e8143e3cd49e6f2101fb71f48b563d312d4356366a9d5bb0e80555da3aa31fb30e5c503b9","pkEm":"f64be0dbe9f5bcc5a3e9bdc34eaf7873f4163f98db5d00ce913af789013e82242b22854f66854ffb625f2c8ed02ddd46a04c7d3b48613f93","enc":"f64be0dbe9f5bcc5a3e9bdc34eaf7873f4163f98db5d00ce913af789013e82242b22854f66854ffb625f2c8ed02ddd46a04c7d3b48613f93","shared_secret":"6273e5d79d9c2d8db9e5dea73878a19991e7dadfffc37e4197a2bb985e58c76527e70e143cfefd57711599da2108c438a13ccfbed45c7cfb3c6ee6286d1a9708","key_schedule_context":"00a4a6828e50394582b8d4f101de1c624fecf9153b9e803944a8c22d8bf985a46840a56d0a67554a9ab9b5979a752796ba11b915ca3af1e418798f7eaa752d03eb4b04213a6327751ae97ddc9638f81e97f5aff8055b24257c74a7f446115b2be1496a2850f949347aeeda33a7c46057fa7a4733274acec5d1d58936a13838b421","secret":"9194dcb174a36a359eb17dde349a5e3e41a5595649decd9244e9b91064c8de29368636cddfedd51001e66c7ee7dc342f755757efca041e4336177b9b3b27c437","key":"c314fd0f6be845d33338d0c3df6a71a1163558082e44176ca0469a055cbfb15b","nonce":"e3c2ba06dec7c1f8a046c2c6","exporter_secret":"293c7402516c261de2a32d0d81facd1410a042999a9b3ef14134e130fffb59e6f539674fdde330d5f24e9c24d14fd5b8944040f04886c222e9e0f5c604f2a8a3","encryptions":[{"aad":"436f756e742d30","ciphertext":"e40cb667cd288fcd5aae7e691e35202d2f2d7a4e5a048c9e237cf1dbd5970893559e8e0fb08523f00d1720d908","nonce":"e3c2ba06dec7c1f8a046c2c6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"30defbd6bc8ec2ab827a2e7d05148cf0a5941cbbe4a925b92323d7df0a811e37296c780107d5ab003ac36df5cb","nonce":"e3c2ba06dec7c1f8a046c2c7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"d14121acabce4245081cc291e35d5f2fbd19736bbef7a4141434a3e18b0ff83b8968005571e0462a64045b22b3","nonce":"e3c2ba06dec7c1f8a046c2c4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"79da6a00596d80153ebc1fac08a15a5874b361573ed0c2a281b72b5f93f41b31ddb5824e7efa9948b21a399d70","nonce":"e3c2ba06dec7c1f8a046c2c5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"1ecad5b3d780ef9f6be90de9cc8681b1a4ae24506e170f91d729cfa052776e2a2a82bb13873b45109e90226a2d","nonce":"e3c2ba06dec7c1f8a046c2c2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"ee4fffc5e0ca32f39e7202963e3a88e1db57f909bf95dffe2436304651cfb3eca51cc7ff99cbe47662a5b9ae65","nonce":"e3c2ba06dec7c1f8a046c2c3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"54aaf7bf3dab9b4b328ad01b9aec483ce0c9337b1bd139c1e552ddbe470e12eb4514d7f087f16d0effd0cb30f1","nonce":"e3c2ba06dec7c1f8a046c2c0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"7cceb10b88655bf5b81d6d61e958a3c509df7ed80686e9ee33f83a13cc671d69ad443479881d0c6e88fefbc94e","nonce":"e3c2ba06dec7c1f8a046c2c1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"85b828bf7c58840a8a09e4f955ff100b5da4e65b1dcdc0a42bc34e4bec0886675822242cd8aaa99a06024f6e61","nonce":"e3c2ba06dec7c1f8a046c2ce","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"52242e3cb91abe500ff7a4c67d1e01b3cb066bcf9d77304d68f9b29de8c0d11d842d48d07046ed67dbcc07fe14","nonce":"e3c2ba06dec7c1f8a046c2cf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"d08f6cf70fd5d380d21ca0f8ccfafbdf20a6b1a45e4f145673e2e50f16c53c7b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"35a21a53733a0f7211d032cc9cf0763612898ef2acbc63694bfd5fe61e5e564b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"76317113f198add5398b74b5ceeb44ef955954d8d6021a6f61c1fba30bc49f70"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"110899af64167e3f643e0911884f1841e0c52d3607ce9248c6c161f85c6bcb7b"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5477ab51f582b7fe4574a3eb0e84c7c5f18ccc083720ec2db4b434601fdda5bf"}]},{"mode":1,"kem_id":33,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"e6423d7eac45b0ff9d5b642fc6d375f2960615175b4003d5335a242220da8ac58c1aec1d7e035fbea45c4f4b62b75de829b933c3039c7f50","seedE":"5b68c114f92f0d348b460c51f09e9e3e2983ac98e9194e2c6f15e44a6499cbf6a7600a73207c2629e5c8c376ec24b20bf82b4ade27c8e7ff","skRm":"6a47dcea0154d00c0c7a98a97e2dc614443d9436ae30e2c040e40a33b4d0e32c9d3fcc5c0e9484f5601c2d40ef51764b0d833f1232f69e8d","skEm":"58e42a04bbc17488211a7a089e14e89902852854285aec11000ec7ad805914afd695ebd9f3c567fda44e708f5a8f03a97b0147866338411e","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"c79d510841e470963352fe59e1130c59f9e6e3f2b8f65e3a82c1de892de33e61aa4d166086b8537f8daf742d562ca4d7423eef337310e0d4","pkEm":"9a35a39551c90549a40a3a652e642c62d51a96f65984cf7b036ceb791ac5c72076f4c997b7ff743a1b808cd55e02d5cafedd7a9328f8d740","enc":"9a35a39551c90549a40a3a652e642c62d51a96f65984cf7b036ceb791ac5c72076f4c997b7ff743a1b808cd55e02d5cafedd7a9328f8d740","shared_secret":"f879bf0832d7bc61a6d57c65b5684d2a754bc08852b48418e08fbcccd7b8d17028ee36fd8345b37c6fda187ed99fd9e1d10b627f7ac821d542170353ae139875","key_schedule_context":"01270eb32f1aa6bd1804e98fae038c96f1258a5efb64dd856e466a1b25bbc4f54c49e8fa12042bc8895415e773fb0f8e81714a217deaa194f326b96175fe8834ed4b04213a6327751ae97ddc9638f81e97f5aff8055b24257c74a7f446115b2be1496a2850f949347aeeda33a7c46057fa7a4733274acec5d1d58936a13838b421","secret":"e14d1170aa4c1af756abe9504c4f121457eddcca0f1f79b0173a686f5a22c95b8da9001efd88b7abcbde5057cbcc79c277befc112bc8c25aa77ef82e8aa06035","key":"01835374fe4557e0ec736c9da908ea06fef00c47f091a6c633fff452b3c95962","nonce":"e602e0148b819201540968e8","exporter_secret":"d4b6822ed504736cac26bab8d01887ad4b59c19cecdd7bdf7c0812062d4fb9427e9685c15bf9ad4bc051b1f8dd93ded54b731750c5aacf27dc7473dc9d15f9a8","encryptions":[{"aad":"436f756e742d30","ciphertext":"dca3e94e1d99849d88898109fddba983103106760f3ca3636ec44bfd0d175bede4b746f300602bf62561e27097","nonce":"e602e0148b819201540968e8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"798e33f6c48ac7736fe36fad6643d3356b6a4cb589de0e891ffe4461a32816ce6b2a68c4fa8a9c0c9655249d15","nonce":"e602e0148b819201540968e9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0c81b5a98f18645954d8cc3f1faa898185c9b7a64f177273ee0b425433d368109b2dcfb1dac2640a40d2fa548b","nonce":"e602e0148b819201540968ea","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1186422dbe4feebe1d445cfc819dc0d5495e541b754de94d79ee67a0d8754f5947ef251f3e97a3dcd76d28fa15","nonce":"e602e0148b819201540968eb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"e4664d96e7cb00030751b0f81a86f2f718f0f6d344148c589cd817d629ebd98d2b03d0880b70a2f2ba8de2fa36","nonce":"e602e0148b819201540968ec","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"607009cd53eb8e9645f8561d83e37825ec20429c06774aa195442b61fba3dc5c6b8c196337f4678f138726a507","nonce":"e602e0148b819201540968ed","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"c1fe6a5a5baf20a0268feb0fae4b92386811527b1a1ed7f9e08e6abee27c4502ffdcd188cdd310aa7c5b14db35","nonce":"e602e0148b819201540968ee","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"04601c093ee9ab4ab1e14bb053e13bd02eba7a47cfee60b8ea4de340dca576e642a6f8378e2cb812af4709cdc8","nonce":"e602e0148b819201540968ef","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"0782ae574a218da34ef2f73b1f4c8b0016177fbd037428948b2a299f0b1f8e6170cae28992c9fb6a0ff9f8d8ea","nonce":"e602e0148b819201540968e0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"6e0a4153994bf4ce2ffb2ded505983863177574c17c1f3c7753c17fdd37cc2fc5d2db35af0a741ec6537085db4","nonce":"e602e0148b819201540968e1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"dd1a7a522c85da3784758f1fefed178f831e057d8c71586f227324718a72a2b7"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"09d63098fefd60d4604ca7b12887154f3bc2d558c95067cdc324cd333f147632"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"29cc8fc16975032aa13449a4ac5fba39f3ec55c7fd1c9243e21896447671818a"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"fc50e4bfc4ad2d78082ff8f2e85fae782f990619076d1abbcfdf45c542c2a078"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"77e8d0dbc5cd8193a85b5efb9ff8c926addc0adf2e4f94032deeb0cc0132134c"}]},{"mode":2,"kem_id":33,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3d6e5522102615c277d119e8f277fcdbc9eda0c65927024607efc190b9d378408a456b65854717c86f0588407ecc5e1ce57db4dfa2480c79","seedS":"1c07a040301aabd3100ca6e094d14093c8d4bfd774d35aa201c84187418f64d4e48196bdcf8aca8f56f7cbbac75b3ccb5e6f53c230a70617","seedE":"ba747512572a5e1d5845b9342fc017663b0073d915bb2f4a3d532534229fcb8d61b79648f177456b2bb86483457b7a61c924cb5891f23bb7","skRm":"de386be1f5cbe675fe0aae18e640d49a6e33202c8ffcc3a04fcb221f9bb177c50c3fb4dbbe6555e6c472802b524bfc23e658089ec4e6e0e6","skSm":"8bf6c596f2eefd49c0cb357ab1d6665db85024a2ed150d8eba2bf3325c40bde35eb60cf70e417e74713c8f625cf1cf3910c837f39ee7996c","skEm":"52e4929709ab17982ab2a6a3e19ca2973c2f6c477e6361fa5aee85e8adf89bf4b7bad702566c4dfa9a988d3280a0d5469a8b6e5c475b13bb","pkRm":"5e719bd817d0e738b2b39b2e9a00cbb7b4e5b7befacfc286094d98a51944e9ff725006ec53fafbedf51a1158574912aff07a6c1013191ba6","pkSm":"db571cc1df7df6ef0534d6d607aabf32b3e68854aa6c6b246e7157b47719c314c0526d201aa9d6310f9519d0384e9fb6c46760100e5b2401","pkEm":"8817c337f6efd5aa756ea38f4b8c139812b0e719c6ac38157604fc04cb5d7552a57b760d1ff9760da6353cd4924c83306160fc39fca48ad5","enc":"8817c337f6efd5aa756ea38f4b8c139812b0e719c6ac38157604fc04cb5d7552a57b760d1ff9760da6353cd4924c83306160fc39fca48ad5","shared_secret":"121daf7d9e070adf4a5c5e64280585de0c6549f63e4a5f69fc8807e155ca8efa068b9d2e9a5eac517316487953a45077b6d5b74a223ca11f1730c73d2ee608c7","key_schedule_context":"02a4a6828e50394582b8d4f101de1c624fecf9153b9e803944a8c22d8bf985a46840a56d0a67554a9ab9b5979a752796ba11b915ca3af1e418798f7eaa752d03eb4b04213a6327751ae97ddc9638f81e97f5aff8055b24257c74a7f446115b2be1496a2850f949347aeeda33a7c46057fa7a4733274acec5d1d58936a13838b421","secret":"78abdd3a983347d4e16f7f17ae2d1e003c5068d6dde35074f325f28fb59d40066222e56e01b78970bfdcbf40afe7e970551bb52e496b5126ab43e32467d77f2a","key":"b4935f834fcd9de1e5c6710aabbf51340666d3d6247245a01f18214f24c0faf5","nonce":"054faf900de9fab0ae1ed01d","exporter_secret":"a0c5c7f46788f14d2871c35b4df7aa06aeec855a4fc610c8b165dbd6eb070da21cd4202f6ff37996f14bf3212df9007ec8f1b11c0698d9efc2e2e40d811a7b6e","encryptions":[{"aad":"436f756e742d30","ciphertext":"a488bb71bc42e68bbb9030fc2719f4e7e3148d126e3bb8471125e6562e775db5ea8517167e4b22f5998ce13a3f","nonce":"054faf900de9fab0ae1ed01d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"fc861667fff4be393123eb8f69fca1fa7002b0dc69ead7a7ca364553febea34ae2382ae48541570de8b98d1b86","nonce":"054faf900de9fab0ae1ed01c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"34a91e7eb386aa9fdc4ba14e8db2345ae38d6a3dcf4a673242adcb244abe368e8a95639945b913835a0baa82b5","nonce":"054faf900de9fab0ae1ed01f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"2a46ba4636614007a305049f34ddd53987ea15e3ed09258d0dbc63fba4a701d33b1488b7b96c581015a7de3e33","nonce":"054faf900de9fab0ae1ed01e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"7bb313f3995ba7dc3d7f70cbf351d67827b3f7fdeee745f79507c05364ad12e743f69d5c51a8cb8796d515f95b","nonce":"054faf900de9fab0ae1ed019","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"715064eef3e4629a8ed104b5521db7aa202d1b307f67bf825258d30a25e318ff5b0062a19da0182f662fda5c2e","nonce":"054faf900de9fab0ae1ed018","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"b0719c97014b1a904762a5ffacf0683e4bbba0b974364c0e170849b4860ec2357a8b2fdc928fd6c86538cd6c4b","nonce":"054faf900de9fab0ae1ed01b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"b0a9926e6fbff811ee2bf10c35a8f18b94662f04db78b503ea2c9927c998cc697a9c90667032d177eaa117e05b","nonce":"054faf900de9fab0ae1ed01a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"b124d983b1aa4cac12c6274f3b064f4870e07d4093e32eb359d764cd7117fa8a831435ad424f23c4bf4f05ba9f","nonce":"054faf900de9fab0ae1ed015","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"381f9c08fbb3c9bacd73eb87da10b3661a796d32e1d4ea0bc864c8c55768e504a01e42f90367cc0b2c695bfed4","nonce":"054faf900de9fab0ae1ed014","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1c44aebcd90ad6e2d7a36b08799c9d17fde40f3bc66bd8fa82ed2fc2069ed194"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"1089cf50f4536b1a9d1171c94708d27750c5a5200a760fefc9c38fe0945c04c3"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9c2ca49214fc81c108eba6fc10dff3e02c4be39198b8166b80aef4382ca2a92a"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"09bafdbb2b6cf1b939be3c0bef720fadaec2b32ca4b89eabf1fa50ae7f53f519"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d6f527d5bfe0c909cd1ad035f0d570d04681e509d4ee8c17f4e87fc5b4821bde"}]},{"mode":3,"kem_id":33,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"13521f68c6286bf84a882b8790b8e7ecd6fa0c743ff56e2e4ca3c8a9d3f41c921cf171073e03298aa29a5638658623564e783d639d332a92","seedS":"572aad7eb2ca9a1e1dcf6d84660882039087ffe89afd7db3504046b5ced7aedfcb6af7a6d3e6fe06147d75de82e518206745769436e1d31d","seedE":"12d0d37bb6c7a6edb44ca68fd62d9e44c00ab8c93c864fd7b2e8dac02a92f4ad17676d7ccd8ce42e1533916a63553b49d379c6b02d846578","skRm":"c10ba658ebf82cdc09c5f136cefe90f36eba7d96aa27f921f27dd36c1ed069263a70bb5e376702ba0842058842524267ced12a824fd3bbb1","skSm":"287d7fd3638cb7b0437e9981275d8fda6b51c2a46494997c44d466765e214c43d7eebe4c4c7bb318728ebacebd8afdc5c8d3147ab3389de7","skEm":"0954948e3ae5eaa8f18f888a4266b491c92db0ba4316e6d0c4436f6454440334402e45e1f8d61fef2292e18c49e80c88cf30316858b36cd9","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"35e190fb6f4cfcc75aa14fde61fa9b7896e83cc12efa86b90b8887f6138c72ee65a33b40918128324f103d5415980f440bba03f43c80431c","pkSm":"6d5903f60c73f0e840aa9c9e22bca71d179808297026e79057f15b297a7585cb395ab143a8942b69c2146c5c5c7c2963537cc82a604c1330","pkEm":"d8e656d733e728843310d95d4bff073d6ce4f15b208ecb21efaa8dc240a82043917ed010f1a8ed67d9c9d5fa66f08e0a80fd2b010b51d820","enc":"d8e656d733e728843310d95d4bff073d6ce4f15b208ecb21efaa8dc240a82043917ed010f1a8ed67d9c9d5fa66f08e0a80fd2b010b51d820","shared_secret":"728bbee83b6b180ce8d69a929060f725933d813fb2e6f132fe3f2215fbf522f72515f4a0226b91bcae7247070888368ec618a8d2674073c85744cd6ef5111dd0","key_schedule_context":"03270eb32f1aa6bd1804e98fae038c96f1258a5efb64dd856e466a1b25bbc4f54c49e8fa12042bc8895415e773fb0f8e81714a217deaa194f326b96175fe8834ed4b04213a6327751ae97ddc9638f81e97f5aff8055b24257c74a7f446115b2be1496a2850f949347aeeda33a7c46057fa7a4733274acec5d1d58936a13838b421","secret":"3a375117f246b53e052f84b35e843d32d415e5f8d3dbf3e5852ee75b323a33039ab7a983d8616cce9faa2496e557b2283f355533028f4d1d598d89299505fd97","key":"97e6608603090e1f010431046c5c590a5399c3bd94c5828c5685ff209b1b60d5","nonce":"564ae5511cee1c8bcce5d9f3","exporter_secret":"0d48d3bac9f44ee42652ed61c1529e2f74b2d020c9c5614df7d679a66c55115b34f9c2342ef7f6949b98650d05d2d4e0396242847f743dd856a1ab06ba772c83","encryptions":[{"aad":"436f756e742d30","ciphertext":"80f748d2853581eee2315e1eead8d58066a320508a793b280ded362320de3ce84d9e1b317a34a47dacfde861aa","nonce":"564ae5511cee1c8bcce5d9f3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"2a07e06f7b0a3261e43bb0733519efc33fc933d83cd2d6b2734a5dbf87b940c6dd6c9bbbf1d28b67627f690ba3","nonce":"564ae5511cee1c8bcce5d9f2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"108fafb8fbc11257c2ab8edfae59a1f4ebaf9f5ac6e5abf62da3f595aee74cd3005f6885912aaf2f0938b4126b","nonce":"564ae5511cee1c8bcce5d9f1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c8d08fda05476ff33db9877ff28d801543f27d4659112bbc18d3427faf5755415c686a9e58e9e9a97227b13f4e","nonce":"564ae5511cee1c8bcce5d9f0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"086fbcadc8c2976af4aa658049531700ea4db41ffeec2ce46ff6d7bebcf17c2d85f938ffb2130c1a0e5c1b0675","nonce":"564ae5511cee1c8bcce5d9f7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"30026c91c563736fee502d2af52721ca5e60deb4c7998ecb7b9e395e1b0da39bb43fa4c15b066c69bbd5b606f2","nonce":"564ae5511cee1c8bcce5d9f6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"cecc563b2b4a759843a4a3dbf64e4b542ba42e69a1865af19aeb58c18854092149806ebc0d3060c89ff901e0e2","nonce":"564ae5511cee1c8bcce5d9f5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"3fc8f433f307c3a141387700a48d9c775d491797ef9ed875340fc2b4a07b9c3c7973c6ef3cdd3a06254a59878a","nonce":"564ae5511cee1c8bcce5d9f4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a26dcf88f35d3af1b87e4b136776e356ec1a760b78adb5d475c322e615247fe6e9c29f27bb4f0e35a7c58598ed","nonce":"564ae5511cee1c8bcce5d9fb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"f82f662c006635b2112b69207e940a97960231c0fbed3a63c7fabac8785940f215cf8e4239491be4b146e3bf0c","nonce":"564ae5511cee1c8bcce5d9fa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"d1988a3f35413f8601aaa8d47a11d8212d9de4c5012686f6b9fe07babcd8b2c9"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"d6a3752296fc2780725258877b92830b9565662507429484bb6732bcfe51f527"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"5f61437060f9f4d682622b1cd29084982109f1a3fe01261c281b4f0950acfbf3"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e2d855fd656828026e74cb858f29b07f8d4517a58a1e577a20cd8224080c6bfa"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5bc6449b879f245814cf4e986cd6ddc70000c088e22dfdff1190567456361bde"}]},{"mode":1,"kem_id":33,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"203771c4e993533769a70d4b7f96140b423511fed0b9271d8f5c383fe0599c6c336181e51013dc72c5f2b7f7cb1c08167ddce6d739bb0f13","seedE":"a5d567fed542bae28f570c11f3fb20136d01a9ee4342ae081333696802968d13d5d5b2aaddea3b9a94ce91db7e1e80cb339b66eb9f632c96","skRm":"6302eedad39332878954936954a0967a6c8bdd96d90f1500aa29412e931f25499c6296c57ee1170c1dca6a06c064f0ef1b1e6ad42048db42","skEm":"ded888ef2b32a9ecf5b45d9d930eda1329e2de4e030f8cccff65337633b7a35885c37a7800ba5612507c06dac99d4a6a6dc0c99f9a5a0920","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"f2ec6213a3afb83c484a9cac28f4672b8e4e3aec99cb6b6653440445d47fb69252a0d18cf2ec8227ab20e2f96dc204de9203a83686bde831","pkEm":"11eed6e0d37b76a827a8a97f5d6e41b4c8cb00afecb0fa642b3e1c18502077deb72791b2bcd987b5fe28d1f7d8cedd0b9501fe72b5fe530e","enc":"11eed6e0d37b76a827a8a97f5d6e41b4c8cb00afecb0fa642b3e1c18502077deb72791b2bcd987b5fe28d1f7d8cedd0b9501fe72b5fe530e","shared_secret":"c2c9dac7864047d1cc0a0e61291af549b087701d4d17151db00ae59bfcef09623ead8cf4ca8a134c40e0c026014b55b13fb530d68628b36f9312f0ea41ed6e10","key_schedule_context":"01a582fa2066caee8eeec8b15e18264048512c071dcc6713d863afe894092c6c8bad26e2f209333569be9ed3562f8ce234815ad8b5491a602fb85fe52189154952328a725dd18e4ad29eae9417de74d3bfc492a53eacf6a587ea8959c3acf9c00167497cee7032b254ee92ec9bb58db92724f35310364ad193e684390be2bdc1b6","secret":"3c3b9b38496a06a8a5cad5ac29a74fae92bc6615de246812813d1525ea6ddce082068044c3c92d77648cb0b2551629d46db74194555cde3ace75180831aa81bc","key":"ac794528ef3eb085de5461ae0a8026b4856c1d8ce5ba008810a80e8f66d2f4cb","nonce":"1ff7899f246f0f9af99e889e","exporter_secret":"b8015dc47656c4aef70c76abdf8b97970908fd7457293db4e74cd346b408b547863cdf9deedd41fea403bd8cec519ee6a81260c7a534c6a4a75307e06932dcf1","encryptions":[{"aad":"436f756e742d30","ciphertext":"cb511f9085f04c83d1e75887f2844afbdd5e3c5cf2acd41e42743d443d980000d492b876c75187b5dc54301707","nonce":"1ff7899f246f0f9af99e889e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e28b4b7dc96131bfc7d039d969808d6a3412ca55313808fd7c64321e3ca058b788be97f56583b53b9bc9b6f8bb","nonce":"1ff7899f246f0f9af99e889f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"9e6f44703515e462464f8e4395a267431025c3e957a4a07850e1c0eddbe0fcb32c9e56d8ccf5ed25e4f69e7131","nonce":"1ff7899f246f0f9af99e889c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"2753aa6dc408db0a3e8479be15fc8a6958d87486288a6196ec5e1f387e6fb26553c48e311591a11215204b66b6","nonce":"1ff7899f246f0f9af99e889d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"610b9d391c4d0b70ce62e19764915ed7ffcd6f268b39d2742ebe92fd72e5bc230306aba3b1f53331ac1e06a296","nonce":"1ff7899f246f0f9af99e889a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"97107b5188b8e5e442fbdcd2aeafef978908bd62df010fa856ea2e68e35db87927a4556f7e6438179d2f717f71","nonce":"1ff7899f246f0f9af99e889b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"e9538213f043c636e2da48de7ae19ff0a43fc21dac392f0ebeb911c78a12d51e4b5aa0dbd6004179c5bb28d89d","nonce":"1ff7899f246f0f9af99e8898","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f32041f71470d1afca87718d0c80960a36675bcb9473946c940b24ee4ccf7f07b9595fee06724802bbbd6e39ba","nonce":"1ff7899f246f0f9af99e8899","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a66303b8c6b3352b0bea9c491deb8552e173e23799e01deba9269f35ab796781fb8f51e97dba9ee737f12f87ea","nonce":"1ff7899f246f0f9af99e8896","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"2477477a7a0994623f69d3e4c4a859e8cbb30b9eee775097a270f8a2cdaa0c49761c770dd2f7f783db7fd4c756","nonce":"1ff7899f246f0f9af99e8897","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"46249b43354819e5cb1a115a1a9f9b1c9130d14ad3a628e2eac71a5e14f2f062"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"0b2dda2ab0a7c37f725f1e6bc54c4a1d9c86e3b5f7a347b9748f17a43aeda76b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"30cdfd9b8495615090f2e8a40e330e38049698dd263efd6faa894d8ab1a306be"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"051fddfcca20bb7784400301ebdb0a299233000d3f9355f96251d844391fdb1d"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"dbeeb7e9a57691330008bbeb831a53a877f68825dd75288e18c618a9267d6089"}]},{"mode":2,"kem_id":33,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"107a25cf96d1648294ecaddc47b3d9a5877ec1ec9dafbb41ad8ba8644ccb7d777ca99262371d15fd7eaa9c345a1d91fb206dbd66df99ff7f","seedS":"99d1993004b16f164626b4c1f3f25383fd77c2a8304cc7eff86ea6af7885cf7bb49dca399890a87114a45e97620a1e946b4e7daec2743628","seedE":"b46feaf969180be4de42db779c3956ce5e8ac797cb5915ca3a07d7eec5ea45d62b4a38aa8659dda2d9f0eeb550368c8255d7c54bc187eaeb","skRm":"b200be2dd13e2084d53c0c3465f166a85d55b287fccc907229856b90df704232a420af978778f033c9501796e33e68311d9b24d4d042bbb5","skSm":"f82859859fa5d6fab67af06b9a6c24d9f8efd11b8364ceaaa9164038e0154c633813352276036db4f5bf222cb364f9a9c75ea1447ca04e15","skEm":"332491c052cba1a6ad7f54e8105ecdcd325d9f7bafeb380efe022321e7620078622e1caee2de1763d52d083b14cd5697326d87d3cb5c0741","pkRm":"13d56d8381bf424b361bec7f7f5b634cfd7aa79f5b6483bd89b7575e4e06679503e9e115ad3a7b9de365735023286433f6a6177079320266","pkSm":"9633ee1ffbb0104c746e3856f78d87c8a21c5b99c6fdb9137800a7bc4d5ff9916ee4b6bb9eeae59e78a3f88a33c2157869c77d40b4968915","pkEm":"21aa84c3126d4c27ce1a8465ad4b2535501ca44fd79cfe42d9a4673693fe9e5ae3a2d2d894a48fb944a042a2811daba49fd996ff50796cef","enc":"21aa84c3126d4c27ce1a8465ad4b2535501ca44fd79cfe42d9a4673693fe9e5ae3a2d2d894a48fb944a042a2811daba49fd996ff50796cef","shared_secret":"fdc7c9456ea7d9d6ba7021aebeb5fb1225e69779915e878b3079491274cead3a77e7649fa102a729b16f3aa23ababe9bd8ed07ec8752bc538d5fba69c2ff04ad","key_schedule_context":"02949d30f15a3c476eb5e6947de88e3cb3e8b5a45874d4abd686177b5afd9702da927cba7e52411e08576e4788f91c25697bbbc25c333eebb1511e6436d856cd8f328a725dd18e4ad29eae9417de74d3bfc492a53eacf6a587ea8959c3acf9c00167497cee7032b254ee92ec9bb58db92724f35310364ad193e684390be2bdc1b6","secret":"75f63552523fce4479f1dfecf63210b0b1bdc9f9bdabdcea576846130a86394402f87c0744a438149b1ec28a55a05538a2d34582342d1b28d7fa44074d2d3e10","key":"f90372666daa1121c012e830a66cf484e29d8dad58fd130d47e034821960a27f","nonce":"b79a0fd5c77efad080414303","exporter_secret":"60e5a5c31aa42ffd932eeece958296aa9ae144be70d64d1bfc90ead1014fcab4b3cc4b0765cc941ae70331657930581baee277233647c971699abaaa021470eb","encryptions":[{"aad":"436f756e742d30","ciphertext":"c01995470d656ad9a4b4a01ff698e8567c843672b5fa5e47629d47c284129947c0dd6b2090c41b492a40809194","nonce":"b79a0fd5c77efad080414303","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"60e070f64e66aa99b5f5f9dd78422ed9cef1366532097f20e364ba946e39110308986c36067effea399594758b","nonce":"b79a0fd5c77efad080414302","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b6fdfd206b442f117260e745482f35320512650ccc18a99f5132279900f03c88af9d1d70e54fd7a3d8b948f685","nonce":"b79a0fd5c77efad080414301","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"5fe3e78000c8e168163f1dee902e57c9aac7352137f2f2f9dc3c8ae394a1701df5148acf722d724176dd35607c","nonce":"b79a0fd5c77efad080414300","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"de0a82c62d31be9f068d50d45e30dd0fcef0129b9b25975ddc1b237ba7e9c491491c2e1c1ea95204313fd02a49","nonce":"b79a0fd5c77efad080414307","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"0a15d694b6c0044b97d9e388ef08438362a1db41d54f6b18b4068542e564718937769538c923e6f1260db692fc","nonce":"b79a0fd5c77efad080414306","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"6dc4924aa25126900f22924ab12f1ee0d70a02cc0af8dbe059223ebc23cddc5152073c5412fc4c0434de82aab9","nonce":"b79a0fd5c77efad080414305","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"fed47335231e6ec95660a6da9d613bba81635f88ea15179a6744519efadc55f81faed9e61280120c563b57235b","nonce":"b79a0fd5c77efad080414304","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"19e1b35e3ec9a91604a831e04c431aa37908de5510f061ffa1170addc47682dc28c9abab263ada85aa3fec64f6","nonce":"b79a0fd5c77efad08041430b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a168ad13e7dd3b6b298b01826d8049676f25fd2a4e8c74856d6494e122c5fb3aa62f7d98296df5b40b9fce8035","nonce":"b79a0fd5c77efad08041430a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"a3850a2dfe8335912be6f5a89591c68f8420211ec1d682a3e9173ad19984809d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"8dfe369c3da8b6ba2d1073a6bb7e55c7fb3478e6e653240ee39f4b3f388a065c"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"18a5ec9eb90a4d12ab25915b7ab624e492eb19d201062cd10bb5668bf03ca234"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"31f7f1e653a44beae7d14e37fe627d533808077c526eaee32ca3bdfd27007802"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"7b8e97b6cc8657fab07be70a2830ae2c28124a0b9c07c2a654cf0c021e40294e"}]},{"mode":3,"kem_id":33,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"f9efc7a4b82b54a3ddf6ece1d4f185d957d01f7c630e5cfc9d71d7d5912dac50b72d61df40b1d087391c452f029ea54c6c71a04325667b65","seedS":"6751ce992f7dba1ad48eeadd81a4d93c4c860212ce363f36c304f463b04fc966a69983f4ff137ce461a34c3a9d867c2b88aafc7b7bcf89a4","seedE":"7d9687706099aeb9fdcb611f5bc6d8f5875697bb435cbf24d97a603c1b4219e6a95c9be2632f1f460c9a71339b69805210cabe4250a6dde0","skRm":"dc410d2556a7a6db1e2c150f66110b8be961ad2337beeb553d5ed22034495183b6266f2eb8b26a2b60f3c75105593bf6094e16e640a0ac1e","skSm":"555402ca385d27e88558f4ec2b2d8bc5ca5728ebe4c298da6462eebe6b5180dc785b47cd205fb45934ea245f66397874acf653deb36baa97","skEm":"7af0acea9cd8085959788be327845ef74accd96e11f663045428ff3deed9b752cfdfa68296f8d32dddfb0e2358899335f1880dd51e0221cb","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"e4921613240e46b5c43eb20e09ebf8f80ef675e592765ef59eb3be1919867bc6ff658cdfe1b6c05447d48d984046fd0047a493a291e21bc7","pkSm":"ee59a3e466d468757ec8841a12be67933afadb8162b647100ab88decb10fc3febb6a4b15f5135edb4d19c0724936a9151493aae2a348679e","pkEm":"2bd17a955e5df3b11ab4e64eef9d2372d22b0055149c9ddeaed39f2fd5f81a4dcaa048e1674722d7ac36752da16bc5d737db0a671016759b","enc":"2bd17a955e5df3b11ab4e64eef9d2372d22b0055149c9ddeaed39f2fd5f81a4dcaa048e1674722d7ac36752da16bc5d737db0a671016759b","shared_secret":"0c0349678cf035512d68a4a81e13fd4cdfcb2d2932028ddbb9f901a6c39d96e221b72738be51b0278f715c7b6b5d6e5934687e033b33f08ed970a9f76bc68f76","key_schedule_context":"03a582fa2066caee8eeec8b15e18264048512c071dcc6713d863afe894092c6c8bad26e2f209333569be9ed3562f8ce234815ad8b5491a602fb85fe52189154952328a725dd18e4ad29eae9417de74d3bfc492a53eacf6a587ea8959c3acf9c00167497cee7032b254ee92ec9bb58db92724f35310364ad193e684390be2bdc1b6","secret":"e79a48c324c48585df6204a95d0d78e552b0a67ee82983371e1b43352005f34d4b0af8911fd4c7d5942bd2edf074d145028c31e2458932311359a920590b165d","key":"e43856f2d944c2039598af74c576aa4984ec466fa943245ef1704e6b74a78286","nonce":"983bccea0ce43cda86db0c72","exporter_secret":"cf7c7aa54ca8ce02e9435467bb044c6c4122242c5244a4a962582f734b49c389af17b5a170ab5a2452fb5059210e3dcdc0564dc21c6b25441ce5e1d20df17009","encryptions":[{"aad":"436f756e742d30","ciphertext":"40bbb464b661a4cba57fef131af2098abb53411990af9d652e80bd3fe83df47b986fce6456548a4569ba971268","nonce":"983bccea0ce43cda86db0c72","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"252cf353fba0f373241d4311fdbe6f2937ec330fbd1f28bed63e08d2c22acdc459399491dd449e8518eb91ea90","nonce":"983bccea0ce43cda86db0c73","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"81b3ec62aaab4df7bb45f507c3bd74bc4b35d804329310c8935c1ea9bcfa7954da72acd58769892f581d4f089a","nonce":"983bccea0ce43cda86db0c70","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"147a3921b060c8e3a854b4a118463aafe35e093a331eb42609a15d94eaf30c836595efcfb8cb7d19f8fa2698a2","nonce":"983bccea0ce43cda86db0c71","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"d8e05d3d97cdf18214c4f28775d63e0d60d431ff53d172561ca5482648c92ef66bb2701ac973e86fd3aacea97e","nonce":"983bccea0ce43cda86db0c76","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"8edeed464c1af56e7b8f9921ffc1014945d5316e78d55d4159055daabe09a0ecd4265d700c76341814b180f99a","nonce":"983bccea0ce43cda86db0c77","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"394cecaf44ce2e2945458a9451252aac77d0261fc4b7d9c001001ea5edc1a2cdfa366603e2cf5215909537f327","nonce":"983bccea0ce43cda86db0c74","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"ecd094958bb028e50807ac880e9a89aaad3ec6239826cfcb41116c3f7001f6ba0340c446d6057a71b92379f08f","nonce":"983bccea0ce43cda86db0c75","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"359eb4f1404078b80644c8f5902883780bc99efd47210603f080c059c185d385a680b6719e8692a163e4c6ad51","nonce":"983bccea0ce43cda86db0c7a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"2a37371fba755453f4ab2bb34bc606ec53aeab3a2a48e0871f32a1c792c73b22c5ed203bfae73f22aad38d7086","nonce":"983bccea0ce43cda86db0c7b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"244d5a5a214d36595b3441761299b6bf69f7271402e57a5ff82ed517eecdd1e3"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"1b9cfd9b17e946e834579084ef304fe6bb2a41007ca80d0788b9d19e755be326"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"53e0a335b6e3565b7a9d274982874bb00b4fd6697b419832e481d39f74ea253e"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b717ff3452f194a17f8de5a14ec294070c7eb361accca60ae0a8a79771064dc1"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ef32585bad422663f1338a70cca5226362d1f814d7f99b6fb09b7082f1fc174c"}]},{"mode":0,"kem_id":33,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"e591b5c9c7f834294f02f4cb956db64b4bdf176ab2ac3de731f63e8a4bd7a5fc087841141925404aacc7fe26967c1382a43ac05779b75128","seedE":"80db21de690815eed8258d592e23f2b21d3efb9a79465c42ba7a29dc736c0f70b288f5629ca1d82222b3e686c12ac58e8db238b1462276f3","skRm":"66eebbbf3e982e501e612328be2ab056ea1b8c38a2270c9f93383e50606507593bb7e5d888ea0d748d502b77eed41c4349c200a96a6f428d","skEm":"6d6c372300b4eb582c9ff5366e722b2fdf680665446d4a6edea48438a13932a8224ce174746703d77a46802a837e42f1cb5e828dcc94c731","pkRm":"90a7773c8673273ef3e6581a337675aea8ec42600bf31f0b4b55e741df2b0e402a962283b0336744d96486e96a24992b4f4a4435a5222a9a","pkEm":"5e5d06141e78f7a94b6275dff0ecf6af15947cc4e99cbe408a9d20a712a939833acf526b30ee01cf9ec86fdf13791ddba7d7a70bdfe1ad05","enc":"5e5d06141e78f7a94b6275dff0ecf6af15947cc4e99cbe408a9d20a712a939833acf526b30ee01cf9ec86fdf13791ddba7d7a70bdfe1ad05","shared_secret":"43c250123c2dacc763874cf4030810517fd84009a8250301ade70fa30bdb81eb3f198f8f30d8868fc3e1326f34be4d9b5aa29aeb09bae4a0cbaf84889fa8bcc5","key_schedule_context":"00949d30f15a3c476eb5e6947de88e3cb3e8b5a45874d4abd686177b5afd9702da927cba7e52411e08576e4788f91c25697bbbc25c333eebb1511e6436d856cd8f328a725dd18e4ad29eae9417de74d3bfc492a53eacf6a587ea8959c3acf9c00167497cee7032b254ee92ec9bb58db92724f35310364ad193e684390be2bdc1b6","secret":"3956648a1aa6b44c7f559b6acd1a6aac48dd3272cb9d934d627539901b49807abd8211d490406d1f046987274bc239b72de06459301ae11f2cffedc7be326d36","key":"083d3fa7958a3d5ebc4f3cae94447060707f7b7a4da98a825a2e579d5ed93e8b","nonce":"12ce3d9d40c187b8377e0ddf","exporter_secret":"65a7401afb2876e12420969ca1bad97fce7e245723eadf3281b66450a05d2378076189e5660f6bb5631c439db805a9ccafd34edb0317d2fa902117e6b6ec1cbf","encryptions":[{"aad":"436f756e742d30","ciphertext":"6f01de655a40dee69a07370b51d0f1183b4603881f30388dc598364d0b860411146ba44b769487388ed1841a6d","nonce":"12ce3d9d40c187b8377e0ddf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"dffb2604362e07a5a22992483b68d94c879257f3a92e3158017264de2dab8b332270b1143f01f62a57adb0bcab","nonce":"12ce3d9d40c187b8377e0dde","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"489924221b016f04fb2c5c3fb356a1343011b901e0cf7bb9fd036251f3cf99b7f20926c00d74b6f882fe513698","nonce":"12ce3d9d40c187b8377e0ddd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"c3b3e6d57c9233769b2e58a952ac1b80449deeea83b84fbe2656882ca8e942d74342f6732a57f410ac846f129e","nonce":"12ce3d9d40c187b8377e0ddc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"0fe25dd70dc35f71e0e297843c5eae558e3b3d2db4ad335c58362381b0e3eae008c38c13502569dd8a06c30b3b","nonce":"12ce3d9d40c187b8377e0ddb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"5d78285b136cf2fb07d5dfd0233e8c7cbdbd251951d3f6b9e1bd575b30e3274ba5845ae17cdb060763d0ff790f","nonce":"12ce3d9d40c187b8377e0dda","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"20a9adf213dde86c2074783a95affc055971ae0ac87f61be5708f1eabf8e6f00762f2c19beb61f0944689d1a90","nonce":"12ce3d9d40c187b8377e0dd9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"a5acbada7a5d5742c44962162d76d85e6b1534f478ebb0e125ce9302783ec3f5787993cc4ee844bea8b7743bc3","nonce":"12ce3d9d40c187b8377e0dd8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"9f92ff892bc47db0e3ccaa0eec402782fd7dad2b4cd050f90331dbadc102589d683e3f2eafe30eefc0549e0c06","nonce":"12ce3d9d40c187b8377e0dd7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"19e688f8514230b582d2066026719221c60d5f0b88d7370b81d002b8ec7e98bdc17e8b00df50a2914a41c24ffd","nonce":"12ce3d9d40c187b8377e0dd6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"62f8798bc12e1e26b665900a143346a7c2a2e06873917294d7e58330ab827aa8"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"8a217709de572f1ce94f03033dcd71100a2dca801f8595ba75ae05cbbdbb2f69"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"95146fca21cf8e83a25c7c4b937c3bcea09ef110b0cb36c4c01c3a54d59557cf"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ae30213755c43930e16d7fe7c4a36ea651106ce4c267411f36ed8c87f4033272"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"563c82e453d51898bc0495fc5aaa04926a5b518bfc5c1b5907ab8ebc92219d0e"}]},{"mode":0,"kem_id":16,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"67bc0b8ba01fd8a1526d13c803d4d9ffe1a9914ac27e7a6c925b1580893a8485","seedE":"616ed5a6277fd3324e0cc0f4349cd345b0adbb1ceb98de44c03aab083fbaa6e6","skRm":"3846bf6b40f92e3645c5a8c725ad44354c59187b59140c35497b339a10d0beba","skEm":"d37c52c07a637e858ceeb0fa8b972307e07b17218d99581cf46a88f9a3b2af73","pkRm":"04f79409119f58d542a8e4f8ad6fad6394f83c39d34496d990357e30dc0b38a8d8add95f8f4ca7feaa7c29520632845d36fdf94e73cb038a59be020f82b93fe141","pkEm":"048a0c9b27c844f5f1c6a1d9d570e34909c6359997b6acbd8132f1536d1f7685ff0d203f205dfe4a789e4af3f599172b613d060c80d0e1341f066a87c0f83d827c","enc":"048a0c9b27c844f5f1c6a1d9d570e34909c6359997b6acbd8132f1536d1f7685ff0d203f205dfe4a789e4af3f599172b613d060c80d0e1341f066a87c0f83d827c","shared_secret":"5f175bec391524f0153b05559212adbc2f5d6981b95a5d53fa7ed58fe5e156be","key_schedule_context":"00c14ae6a0da7c6764c62eba270ec0cc28b5b568b4849a9b59425c08860800fad8a633c96fae27707d2cfedac544e900a8b52a016cf86e4bf25a7d350fbe847f8d","secret":"f753e6728460efed42ca308bef93e8b6646cec0252a0154d8310984445bb0629","key":"d0696b5461fee5620d54f33b04a00f79","nonce":"99f33bd3ad9ad334b17de055","exporter_secret":"f79e9a0e83b5c678cc0c9240b68fc3a84096ce374f37673ad4ea345ef0a3510c","encryptions":[{"aad":"436f756e742d30","ciphertext":"0d77ad2340cc7af125fcd7f4ea63bca7e857d774d08365eff8c7f63091a5e5aebca4721c854579b11149649209","nonce":"99f33bd3ad9ad334b17de055","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"90260e86b560860d0bf7bd1273bf7b6f4bf43aa94d475c93015c5d5b536aae7631227968ab1aecc337cd080988","nonce":"99f33bd3ad9ad334b17de054","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"fba616306cbe53eb8faef059a8d39947102a037c2e5bfb6b770bf7241576b74e197ae6972c39177b8393e4bece","nonce":"99f33bd3ad9ad334b17de057","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"2f4681e2af177e92b34f7e2160507a629119c6fb70c928f64a0e65e07aca151cc32dd3fdfa3f7932bc46626706","nonce":"99f33bd3ad9ad334b17de056","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"ca7c1e359bb916ec8aed3a10bd2a703d044af6a1a1b5a8f8bbba63141f35ca7c292516bda6c97c4bfe85333f6f","nonce":"99f33bd3ad9ad334b17de051","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"7d878cfad5124f066fdc229349bf8ab1c82015a748a35e00fbec324602726871759838c64d132aee8e9e0a772a","nonce":"99f33bd3ad9ad334b17de050","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"b5d9fb5376c667950032051e67a5c981dac6a3fbf416fe28e98d87d075ab71151eca8a3ebde0d9532c82d6120f","nonce":"99f33bd3ad9ad334b17de053","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"7bfedf8a3d0e909bb8b7d894d0b602f50900cc4ee7e10e94480201b0a41405f65bdbe549c76d82fbe36df309c4","nonce":"99f33bd3ad9ad334b17de052","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"dc922098754661b41651d1e254cec89890ac0e76867bf9be2702a2dd1bacfc393abb5706b8743362ce949e2a36","nonce":"99f33bd3ad9ad334b17de05d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c6613ca71e6951ccbd3a3c2d52b815c7d4c284fcbcad506b89d21a49d0f812079b515aefa52d48cd2d8164810b","nonce":"99f33bd3ad9ad334b17de05c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"23fe2c722df89643d0987e657da15f39c7548e273cd17b469721665b212c44ce"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"c29c28d8f6550d8f8ed4a36fe1e3ed98a1dd1f075d97b5ce0eed8298bea8c035"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"a3d75d106a706e2c6f5515e0d423aa8f6596b903f3996ece7762f43e9bee28c7"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"fd588757856a2fb1d63a80c5151d389c41254120a1cbd2397c9a31c1cac3249e"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d44987f0cc98d2366ebc0ae856e2abd15f7112fd6b40e6cc0d8f009fd0e5759f"}]},{"mode":1,"kem_id":16,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"236ddc165201cb79b2d8c7399c7f6e6e8cc4542b2fd1b75d107875db2b89cced","seedE":"8131f719cf2d1f5263da51e133876a99eaaf5d5fb118bda64ef12ca6fa40f987","skRm":"725658a8e129bddeb7b6769634fa7d64ead6277488cb57e88e68dd77f5cda19b","skEm":"e9338b646027098a903c0c5f66bd58fd895eca90e171e55766e31951cfe6cc39","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04c5a0bfad2ebb4c7a7d1ee2f56cb2503bcf73c17b7239bba0d23b6910292f162ea2466e2d0ec5ee4aa52d81f18870dd2723f288bd87bb98ad314b3b1a55e1a3de","pkEm":"04df79d22d7cba95ff448cf84ffa01cdd87a68c9ef70dd926fe164a76d2cd243036f3a34e9bac0725406fcb46d7c723248e42c3b329bed5bf8fcaa47d87d9d3e00","enc":"04df79d22d7cba95ff448cf84ffa01cdd87a68c9ef70dd926fe164a76d2cd243036f3a34e9bac0725406fcb46d7c723248e42c3b329bed5bf8fcaa47d87d9d3e00","shared_secret":"1f245a22765eaf94b3a76463b9a248941078d138c3216acfcbd1d25f8772afda","key_schedule_context":"018c27d3410cb79f908302ae06a67ad4c6f971cc37f64c23807cb4de4adeaa7d76a633c96fae27707d2cfedac544e900a8b52a016cf86e4bf25a7d350fbe847f8d","secret":"fc6a6aca6b179515d69086844efec0acda07bd55efd50873cb46fb811faea941","key":"89fb75a38ba6bab89b1a8b0fc7db366e","nonce":"00b1c2de64b6a56a51921d56","exporter_secret":"cbd0d3b0ce32cc4ad834a0e81cecd21ecba042a0f4f25ae839a1fe95e56b89ff","encryptions":[{"aad":"436f756e742d30","ciphertext":"75e82c5e991af745c380557b2f03f793dde5f4a78b3bf31429735aebbbd881580917e8a489fb0da3b081444319","nonce":"00b1c2de64b6a56a51921d56","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"bc7e436c6435634a69147dc20e3abae51f2c02f96ec2b198138b5e10e28420cb45a7ee149b1d936154ca320e08","nonce":"00b1c2de64b6a56a51921d57","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"bd020f02b8eaae481e512bfe4969b2b285c636f756c72d70022f31af52bf00692c57264bb214a412ac8fb1b965","nonce":"00b1c2de64b6a56a51921d54","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"a9f3741535b1f99ff328a857d2e0231ca11078afd787cf8d267fbcf224820a89f33a30b672bfbf7170bf958a21","nonce":"00b1c2de64b6a56a51921d55","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b1ff4e7b8ec452aff36b06c5c1bcf7e4e1cdd3211f1516ce752366f1b81d5cc813e4d5e2142239afcbd1a75f4e","nonce":"00b1c2de64b6a56a51921d52","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"fe66cbc16ed4829324352f5183b6c456477f2ee6af0a31bf2def8bd9b0a2c242403e4bdd6144f965a1299fa6c4","nonce":"00b1c2de64b6a56a51921d53","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"97c1e8908fabaec4bc83efef957048c2baf70aee75f2d46386f446739c6b8dd5778e01dfda7f11ca58e660255b","nonce":"00b1c2de64b6a56a51921d50","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f134462139d6cd110a14bda61aa16eb359d2b585f2fb45abc9b23ec8871b6a1eb9acc44159cfb93cd7f40a05a2","nonce":"00b1c2de64b6a56a51921d51","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"c989f5d31f2609fcb643c706113104c2f3b48f7ded406b42f02cf394cd9ea077a7e9ec7a158f25a3aabaf001ff","nonce":"00b1c2de64b6a56a51921d5e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"411f0e5327416e9f01916346a2c0a242e946dba349f05bd10baa5787675ffe6dccc5b05400bab94c9ea22c0973","nonce":"00b1c2de64b6a56a51921d5f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5442920c851a483c22402c95e872d21a6145286ecf8f1406711d691d15874a44"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"8ffe3f22d326b2164530a35ab50420dd36cab7d2941ffdb9819858257c18a9fc"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"26d98b7e5e4ee486411687551d6be41ea07316ee975e552726aa80c8bb23f734"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"31eb98cc4dd527c04c89784f17bc0d1e9c9717b25ea9a8559690a8faa8dd34b3"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"f4e7d010e2b9df1329ff819d24209c4c3d66b7c80f99aa61bf2a6ea08869717b"}]},{"mode":2,"kem_id":16,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"740a67dba29760f8d95e953a1ae75fda6d5eede2a41c15f4860b5557d4763fbf","seedS":"174deda86fb885b78e5ef8ad158be3c38349c5322120f03ee9ddb6336788d8ca","seedE":"f9b977313fa3cd4dd8637307fc93e48093ab6bcd45781ad9f7a79f5f0e379bb6","skRm":"c66e74f49ade18cd81aa612cf8e5363ebf0da7cfd06f07ec266f46c29e9919cc","skSm":"7e8de5af9ea0240a8638421db70967ea6a1d610d5dcb6faec575dab5d6079a8f","skEm":"d1e640b7630e0ba4423a4ea17fb1fc7976580e31048523c5dfdf7c78ed775aaa","pkRm":"043902c8e06ba874cb4eff0db4bed84ecfe3afb85e837308c4e87ba0f41bea35d56c17ea6a72ab671aa513ecae24df1d03bf976f670ad13e6bfbb3ade658d14dc4","pkSm":"04a5db098f6637ebc548feabdb9564d52e52db469590d6d55b6572474df0e8007471493bca84c4d152c2682166cc7e9825849a7e1a9f162aec8e6a773760682911","pkEm":"04686fc26c925890636fdaabae3434af53172035f7a191bc21fbc7ad9161ee1673c0e6b61d0c4b2db3140d622c46c8e42fd4e10fb48b4fd522ff59f795659a5b13","enc":"04686fc26c925890636fdaabae3434af53172035f7a191bc21fbc7ad9161ee1673c0e6b61d0c4b2db3140d622c46c8e42fd4e10fb48b4fd522ff59f795659a5b13","shared_secret":"8e1409be7adea332a36fbf29bf8668ae13d66cfecf5d02e8d2cb2c16950af36e","key_schedule_context":"02c14ae6a0da7c6764c62eba270ec0cc28b5b568b4849a9b59425c08860800fad8a633c96fae27707d2cfedac544e900a8b52a016cf86e4bf25a7d350fbe847f8d","secret":"35cafa2133584ef110a63010be05bcbc32fe5b5985f5b62ae94c07cd3a844ae1","key":"40eef365aa0dcee18cb7d16b0d24e35d","nonce":"a5f0d2f22f3e404976ca7b1b","exporter_secret":"162a8e2af6ba4e66e110b8dca44a076f49d4fba4614540341f4013159eab5e69","encryptions":[{"aad":"436f756e742d30","ciphertext":"1e9233f2b21834f72bc2b23173b107770d97092d1fc57960aaf0d011b1bb8f1767d6ff8cb3b5bdb857168260ee","nonce":"a5f0d2f22f3e404976ca7b1b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e870727eec0872dfc176e3d48e894a6fd23c560b2f7c097febd70cf819710e8a0c30adfe0a1d740b5e42d09325","nonce":"a5f0d2f22f3e404976ca7b1a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"1b28bcf1c88146063ca68a999bee8b6d339bf9ec9ce1b22aad255abf96b7951f0d14db39d2a7042402d2ff3b41","nonce":"a5f0d2f22f3e404976ca7b19","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"df6d0b7d3e15eeda33e63942f9d5e60e64ceedcea2e19b0fe41c7a7df0c4c7a4ee4e83bb49462722fc0780aa23","nonce":"a5f0d2f22f3e404976ca7b18","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"10ec221a706669d206e4fdaffe72adadf4c98286728aa58b91ffea2035179ecf97677723a814464d6c0e3220f5","nonce":"a5f0d2f22f3e404976ca7b1f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"98f6093648abbedf6e20b09b67b7d85ccb3d5fc37a604ad55343576cbaa639d4dfb4819591749d0a727b5da868","nonce":"a5f0d2f22f3e404976ca7b1e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"0201aba31cc93a603a390962519da378d3cc7db6bdaebd9e9690e0bdc26833d112099503f27b002f9adf377c9c","nonce":"a5f0d2f22f3e404976ca7b1d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"b4f9e059f243342d3de4aa73eeae2e191c55377f58bd6f2487d1ccfce5739ac084167dca2c4fbe4b04728e47ff","nonce":"a5f0d2f22f3e404976ca7b1c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"1482376408b564b4d856c52843b325da4f1d8a0a10e6f455be96c1c3a13401877ece5e387657d87ec135405bff","nonce":"a5f0d2f22f3e404976ca7b13","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9df3134f355f41dc559b2ba228fb721a249bb81311f67a0b74d6c22cf92cccd28633d756079c84bc9728b3ea44","nonce":"a5f0d2f22f3e404976ca7b12","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"bef66b4290f5ffc092c61b8f92e7bf504329e5edf28b850d80e0b4f9385a077b"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"52480991a6dad93f4a82ad346de990cbc66e31e2e9e0963bed53027ce4c7a769"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"f12626be2223e055ce3c151faf68731e0dd895f34daf7cbc7e44cf87ba313f5f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ad2ff40ccb7744209ecc48b5e0bde903b79497a3bf0ee4f9ac92a525907f2e71"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"80ef89f0569f4bf789fbba227f8e631c23b6766ce6d5a3e2462570746b5cd0ee"}]},{"mode":3,"kem_id":16,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"85c7ca573ca20cffc0db7748f2b93a1faaa951aaedace61a6cc0b15755cf7cdb","seedS":"adfa10a0be028fec577fc0d8da73b3af3f6c8d96976ac3664b1a191c8ef0506c","seedE":"ac7928bd504449496e56517f59ad30ba62575c3c328864340247d73217823bb3","skRm":"bd739bdaba378bb0592f5ff599c14b656391c6d4f56a81017013fac0e12506fb","skSm":"d9d39ce984847da21bba54983f8ccc259e65904ffcbd9698230f8a7d446b1e3e","skEm":"c2b0fe035a29b73d57c462aa2ec77f80b997b85c062ac7311fe8f6c04229da5b","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04ebb2396e02ce2751b3cad1278f4c3b63e416dc8b38856907ae8192c59d0c12c95c599cecaf75995d14735bd070c9b5b2ba1bad45b4d63a6a275a84e925529dae","pkSm":"04751aa130b35d9b3b1d305d165f28ac9c749788a9acdab87568f30e386b59b2b4d617cca80c9f676dbde2809b428fbc58d862723950f8e2408f466b5b4c601254","pkEm":"0435ea0b3e1693ee6c10ab35b0d6a01d9c6879be1ca8676cc2fd16e94b622368b4125f4528deeb1d32dbb0a9b815341ee6dc723e00dfad789a46abc337c0cb2d74","enc":"0435ea0b3e1693ee6c10ab35b0d6a01d9c6879be1ca8676cc2fd16e94b622368b4125f4528deeb1d32dbb0a9b815341ee6dc723e00dfad789a46abc337c0cb2d74","shared_secret":"acabc837f0148300e7264c7bfc597ce119a5a77c51eb091fb943573cafa69ce2","key_schedule_context":"038c27d3410cb79f908302ae06a67ad4c6f971cc37f64c23807cb4de4adeaa7d76a633c96fae27707d2cfedac544e900a8b52a016cf86e4bf25a7d350fbe847f8d","secret":"dbbb9e2244449b76d56b48a7c8257f8b03e9a5948fc382528ad4f8464f3b8ee9","key":"51ad48b07edc1bc355bbd8ba1288f90d","nonce":"fa9f85cd9f4e97cc5655eeee","exporter_secret":"25fa7177ee5c4686f095fc5c51d2ce5c5871a6d1210c3e345fe4ba2fc8febbdf","encryptions":[{"aad":"436f756e742d30","ciphertext":"bab2fad2725ecde8486e17afb2ea44d908c023f80ee2592273e8ca7a25367c946d318f3bf241038f9ebd0267b3","nonce":"fa9f85cd9f4e97cc5655eeee","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"63270c658fe7f960837760b763d487ba9b663643a3843399328aa90d06a19046e76b6e5a23460dec758b41a03c","nonce":"fa9f85cd9f4e97cc5655eeef","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"9ee05381c12b4ac0d6fdddfb0efaf7ebe126474af24785af7ead4730b3382155a7924996410f42905b05a7a3de","nonce":"fa9f85cd9f4e97cc5655eeec","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"02e38fd178ff2f481459e3a60b1386db354956583350acb3a2397375c480d95316d544ab903c0aa77493f8d710","nonce":"fa9f85cd9f4e97cc5655eeed","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"971ba4154f709dcd45fd46b3a7cf53cfaa34ffcf8758c7bc6beea9e91b5725cd611356da09dff633517c9284d2","nonce":"fa9f85cd9f4e97cc5655eeea","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"3e07e70884c881a61a71dc6534f10803976e135390e68f89e3c5bc9b62d1bad26316ab86f0eeba89e7886067bb","nonce":"fa9f85cd9f4e97cc5655eeeb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"82612e965f1b24d5b4ae7354e6e1be78994ff185f58e2027ee9595c931280809331d6e9ad09a2656f4d527d207","nonce":"fa9f85cd9f4e97cc5655eee8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"2172db33f3f7b1147be2948077b40872f2ec96f2fb720d0a7154e4f57fc4d85ff3d13f4475929431036b5e5931","nonce":"fa9f85cd9f4e97cc5655eee9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"4683a2c815d3c5ee7dfe92afa0a7262ff082805f38d695c04d4697ad250afdac79dbe358094441520f6f8a7b20","nonce":"fa9f85cd9f4e97cc5655eee6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c2992dfa7a64a715337b76d77ad991735657a958abf68a5c804729589820862e5601608c74081fbd286d868cb3","nonce":"fa9f85cd9f4e97cc5655eee7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"8c0ff21900045dc8038b2f69bed5f85d9a9d7031623149e821b74efa9e164da5"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"ce1ba1ce64cb38b8e67ef8835544069786582ddb831c460aa77cc7c9ebe3b8c1"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"c8222f0acce675ba4e952f9e029c640d8b51dfae1b86348c7ac6c6d51709b0f8"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"0634a1b9044df8e24c0c850a15f8d4c79800481612873d4a070d6886e8aae447"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"bf7a694636a4fe4f9b828ff82581fa0f69dc753daee777c0160e50d6c0b87e13"}]},{"mode":1,"kem_id":16,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"30144dce90e8da40cef827ef2f5be9d50c0758a092a9ebf9e5c95c255f2600ef","seedE":"082b20a74ce728004bf1f21037f02a53f49a1ef8e4bd4449d3cab2dd91365703","skRm":"4ca804179924ec5ce3e4839e194a98d424e55815bf178c9a2691a78775e30b2e","skEm":"cf79fee656566beaf32e1bb840202b8103b698a8f305bb59ea4f4ce020571e74","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04081c74b6d48bc97867816b5837f617ecab50bea0e15d37d95c143e228d81bb504c52e21596b5287a887f6b17b6e93f58ceb9d5a863ac726238f5db9d09261f74","pkEm":"0407ae51ebaecd25784773bf391996fa5bb38593c869918d0286bcfbcd067e8191c074311f438cad22a59c10bd648896b08f78e8ead4661f0d5c60f53545197e9d","enc":"0407ae51ebaecd25784773bf391996fa5bb38593c869918d0286bcfbcd067e8191c074311f438cad22a59c10bd648896b08f78e8ead4661f0d5c60f53545197e9d","shared_secret":"b4ae820185593e14a33a61ba879702eb8ff6906c5d3d307ccc3b535b53617afa","key_schedule_context":"01f433726a9b77cd11901b221010f824334953ba3ab86de05ff8f8ae23c35a6a58db5dcea79c6245a722348982ea03da56990c996747fcf13675cc980bc9bcaf6e","secret":"fd084a5369bd4d1974ff84f5739023b5a86a609106c36c19a16ed428d04bd9dc","key":"b870b956603b57888d9de6056c1e446c04d30cf24a02289c0b9c51b8ac8cbcb2","nonce":"499c4881497bfa644d8f023e","exporter_secret":"38f892be4c083cd8d677005c7da627de280064b938e61b33431aac49c62c66a0","encryptions":[{"aad":"436f756e742d30","ciphertext":"7e8c562381211392f26007ec7161ca7cf062e6fd1abea253e04f98a67ff09a82306b464769cd9e9715180619ad","nonce":"499c4881497bfa644d8f023e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"679fe5a4c5bd983361253da3b0b93056040fef90be39c9324426ba3ca1eb41fe7822b0fb324e3775d89abe4858","nonce":"499c4881497bfa644d8f023f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"1bbca910e45c68abfda87b6447d5c21abdca9d290209be2d827bef0238a01dcd0ce400c31e30ed7c62f5e1b7e4","nonce":"499c4881497bfa644d8f023c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ec208bdc6606a462543045cd19763e678f8bb040d7905a552139f4d8dd99ba4c16bfa4c620846ae9a40d3193d1","nonce":"499c4881497bfa644d8f023d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"33ef12322d760d611538c45b33cbc9334685e7e27ca310e148975d7c29f4b8544aa6f734994c8634d42fc5b31c","nonce":"499c4881497bfa644d8f023a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"3e887a4c6b71d4a540f975f5e05b3ae2c39aa7da55a8496e1d052509202db83b51277d78e1d31dc55aafa9bc0c","nonce":"499c4881497bfa644d8f023b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"f744dac9626c7d42a92e0f98c0472799dc7852b3fa230ae49a4cf119262699a9acdec511647319d48b26b0fb8a","nonce":"499c4881497bfa644d8f0238","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"6076f477c136f311a0504ffbd6644cd8e074363c4379bba4687dad04ee292d2e1549d0017e5c07bb0e2a1d79f9","nonce":"499c4881497bfa644d8f0239","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"19ee10fe30db22c18c092174fb45cb933ae5da2a7abe9824b63c6ebf49641ddd5ab7a2d886246e62a6ba98eab0","nonce":"499c4881497bfa644d8f0236","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"4dd35263c4f03dea7f4a329fdfd567c48ac41c628d2140b3f4c58ee6450a82caf6fb5fc0ad6cfa1461e77712a8","nonce":"499c4881497bfa644d8f0237","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"3e7814f1992e9605e5d36ce870cc62552bedcbea99ea0792999f98ae345315cc"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"26280c704d05f0f2129025cd5c321647d255795130846b98285191f7cdb820a4"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"e17451c393f84759bee24c1c2fd8fcc14b52bcb9c0fedf25a2d90a782931a0db"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"dd04432150426fc746a820d6ba230fc9bf6d0ea8dd270709a0063f0efe1d89ec"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"27a8caaedc09099b676894199f00f9789593a098de8625ddf3ca52c19d58a41c"}]},{"mode":2,"kem_id":16,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b258f3438d53965ca6509d83efb51644d61e966dec8faa14af7ce29ad82e82b9","seedS":"c35e474e1c473791dd85f2fda49ca3e3910fb9b09cf6bce5367bfeaca1dad2ff","seedE":"b93135d53fe4203397e25ea009667164eb3a0cc9482e9457b32da083f65ba10a","skRm":"ef9b18dd12df729e4a10434388ba9f40aa0d0c8ffdfc655af4a2090d4947c215","skSm":"fe4eaf760e1ee90b102011dda46b705bba1a10c75e9f6b0b1c93f07d721aa111","skEm":"e691594f3a9aa3f0b85e8dd336725375485780ca8eb1b991b94c885aa8953941","pkRm":"049bf3c8a0ba5ea99503c48ce1e029da503372385b106ed5105edd8b52fc04a02be2939b8f57c49fa41940fa09bda683ccddbbcac00e1fff77c7b93a75c9268d04","pkSm":"04dbf2887090e0477b444fed9c4fa580bc9bc4dfde5f6e286142049b7d10fe0dcb252f0cab73dc0b2287a6cfd3376a4d2214844d0ae78d39a72c0decf1df2a5828","pkEm":"04c6916f797d69eea4cf9da98adb1c6883f10c13f39b3cf2ab32bde11526642b42a54ba47a54987e242ffdc769fc3ec5dc457b99c3526aa58f54fdfe3ba700da64","enc":"04c6916f797d69eea4cf9da98adb1c6883f10c13f39b3cf2ab32bde11526642b42a54ba47a54987e242ffdc769fc3ec5dc457b99c3526aa58f54fdfe3ba700da64","shared_secret":"cc630ea984e4d32bf5a9c90e236375ce0753037136027601d343cb25186d891d","key_schedule_context":"025c92bcc6813ef740f5d927446355965dffa6d842897d6b73339075d9c87a658bdb5dcea79c6245a722348982ea03da56990c996747fcf13675cc980bc9bcaf6e","secret":"b710085fdd1a9a0dac16a159fee7cb4b105abeb9c0a3abb5af391ac19db2187a","key":"1544ec15a7adbb2d8bda205e4dc82127c6b63a037f1f117dee0c6862a7dd9e43","nonce":"ad3b03c3c6282908a04ac078","exporter_secret":"acdca5cd2ea7bdc6dadd095eb9d3d76f88c1b705061bf8e98d2b7d326fca135d","encryptions":[{"aad":"436f756e742d30","ciphertext":"a28d64117895ddfc39811e35930441c1113defba7a46561fe594e9c5bce02f365e5ae8432a3ffb3f2a1cb0895f","nonce":"ad3b03c3c6282908a04ac078","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"81d3036ce78d8e8f7b67b253ebace6889d031fe07c8529cf59b7784e450248a496ec5a301922f43481c35bc970","nonce":"ad3b03c3c6282908a04ac079","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"69ba30896cbfdc379ebd8dfffc0afe23168abac982db86d3e4592320dfd65b223dbe1c643919132d9bc8d162d3","nonce":"ad3b03c3c6282908a04ac07a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9b6b9e77cfa6af14da57a0ad719079545f7f668ade4026a678222f0c6c9f68748b01416a54dbecb57ce0bc35b9","nonce":"ad3b03c3c6282908a04ac07b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"2816f4209315267c00ff92203db037b4c6c65e846a3f92efc35868f7870d3cff2923b81d91d197e6a8763dcf20","nonce":"ad3b03c3c6282908a04ac07c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"5a52ff3624d1cd6d8430210ff936903ea2410a9e34fde986300acd6b19da5c8e25a1acc3302e1af96a5ffc0f76","nonce":"ad3b03c3c6282908a04ac07d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"4d5c7c811efef5e84e0355d9a2a6bba22357385fa101e2bf69de2851340104cb1695e929c17bdcf32cc4afdb4b","nonce":"ad3b03c3c6282908a04ac07e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"3fb284ba584a79791cff4cfb033cb8d0ef720bdfaab8b9c90d35be395b3f246c784654594fd97c941c7ed31f2a","nonce":"ad3b03c3c6282908a04ac07f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"46a5632d6112f15505a784d517f4c16e9cdaafe71a20990e3ce20f6ba21a5f2761bd36f585559e50a1be89988c","nonce":"ad3b03c3c6282908a04ac070","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ffa878cecbe6a73dbc4146b9be16e0b74b5d340e6595b01e866005f2ad751676b3b1114ae1b3870e4999649530","nonce":"ad3b03c3c6282908a04ac071","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"82d03497def1c27e00d729572b77e4ef0661793046faa684e427e9e0696e20b3"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"897c4eb2e1a8184b1eb9c978f9cfc0386b64da6b1b9dd91b8448b94381ce7a40"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0b9cb2c464e002c17515b0789a15a4680645a858fbceb65f9da2c350e54530a4"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"de04503063861ca3ca5a3be2df391597adf03d2d5f4ac0c6e5ee1fc85d698560"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e3ee024f24a11df38978a15c812045e18bb8a6bc33c2a13c95d0dc773e9de6a1"}]},{"mode":3,"kem_id":16,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"f8246c84a85b100432cde4b70cd4702a9720614e25f7235904ee6271ffabe00a","seedS":"6ad2d20422ac9a6d784a1ba53dd3aa309df0b7abd04cdbe68e9192e356d76acc","seedE":"89d6bcfbb2dde2da7d92f40d9d00b09b87e954501f3509f63a748b2373e8f466","skRm":"60ac53d96153260971472d6c9201921bc7d0c60638145f89ada082bceda3a571","skSm":"40fc4c1c632bf63309468cbce611b89d8df18108578c8883567c9cde4dfd899f","skEm":"17cbb948d94daacebb962ee8f355d40364184817ec2412e45c6b1e96cf108149","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0453fd5d33333b21ec5f8910b3fc1c44f1c8657dba1575cd32514e4e0be7e7300d70e4747aea9c965923a20056099cb88717e54b5f3b3d6569a41285bba680a380","pkSm":"044a49c389ed1900a8f058e96cee0d61c0ddde13330a2fc08b4ed361588a8e5476236bb9803c6351312e6e59bed91ad90c6164ebc8f3eb021cd19cb20527043b61","pkEm":"04f81d2a10babc103aa42e54d85b8a2d08407357feae595720e3c7fd57dd49d0bb6df777cda8d5c933af84354b9b3a66ec2bf5fd816bb2a0e65e9284d8871dccd4","enc":"04f81d2a10babc103aa42e54d85b8a2d08407357feae595720e3c7fd57dd49d0bb6df777cda8d5c933af84354b9b3a66ec2bf5fd816bb2a0e65e9284d8871dccd4","shared_secret":"deb5ec014485412ac1e56f20a91ad59da16373ec5a1f6bc1c525b7f30589ea37","key_schedule_context":"03f433726a9b77cd11901b221010f824334953ba3ab86de05ff8f8ae23c35a6a58db5dcea79c6245a722348982ea03da56990c996747fcf13675cc980bc9bcaf6e","secret":"6b867503f042d7e1a7b7a05d79bdfbc1b57f6da46cf0b6b0cc49259ea155101b","key":"951dc95a0bf2a5ec16fdca1be8e4834ab6c8f788a10cc9eca2770038f15dd976","nonce":"6849a1f2710a8526142b3bd0","exporter_secret":"eda5ed2a8dac952792e0a558e58b1c0e584a6edb7aa2b80a461013da7a507e45","encryptions":[{"aad":"436f756e742d30","ciphertext":"44d2563a3d5348b85252463b5e9770da4869ace9333e889f9ac89cc564f8537a96cf3affeec44e0a8b32cf803d","nonce":"6849a1f2710a8526142b3bd0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"33e4a19f81bd096ceea776dac727d35ca1fe73ad541cfb5db4751e7eef357b5328207ed7c9e7d69bc42bc44569","nonce":"6849a1f2710a8526142b3bd1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7b15572b45cea0ae2e8fd10c0ae45d69bf8e1e31fceac38cea797c3d5678b8eb956bef1f1452c4727721ed56d2","nonce":"6849a1f2710a8526142b3bd2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"2732b89b46cb77e28c4911252a62b6662e976ea589cd26b84d4bbb6e35b06e7bbe27ebd20ce57fe7fe7e793ac7","nonce":"6849a1f2710a8526142b3bd3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"e24983665cc172d40cea72023951d59674e501664b5cc3794825741e0516665b4d59452cd148d41aad46cd8daf","nonce":"6849a1f2710a8526142b3bd4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"f298134f57ddd1fb06cbfc9a70f715cabf6ed878fd31d0d0438575b29f4fb945619d1b433e4dae5a32b5e2085c","nonce":"6849a1f2710a8526142b3bd5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"45eea956eeafbfa21b2b1ba2db3678d15dc74d2c6181d503f67178ba225a88d1a3f5a46206b0189ae71c1d22c2","nonce":"6849a1f2710a8526142b3bd6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"ce5ff70bb7ee85dddb9baefea2f739138c5665e5d006b104208000f5c8e7b5b061557fbe05d28a4c0fab343cef","nonce":"6849a1f2710a8526142b3bd7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e5794b9166097caf11ecc691665fb2bc5fcc41d3f5c236d214756ce4f17b4e05d81757b3fbab00179ed7a558e0","nonce":"6849a1f2710a8526142b3bd8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0406542e1a4b01d7127fd6a1c09d4010df82fa4b4d78a014f108b2f10a82db143d14aa21793019969b02f3847a","nonce":"6849a1f2710a8526142b3bd9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1a1c57bf8407b454bb0e471764713bba703202e629e4cfda27d897a29a376ef9"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a4faac4d3b4113973382f5d729b1e8b58da202843ad33550e86573b8c7247729"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"334332880a7f48319790de3d66a2f3e92e094322302bdd26a6a354dd5b68a153"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b0e396a47aac53caa3e1b796698e6e0ee1413cb6416e6d13a4ece58992ae225e"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"fa37e66183010d74d537d08c64a533e22628918ef059c10bc1189d4e8f5c09c9"}]},{"mode":0,"kem_id":16,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"466840f087e9747a8441719f96888dfea093cbe3a4caa4e154891ff0e5a22caf","seedE":"3dddd441d33fb4de895d33c4bb200d650a36abde25cbac0ee53447b7caafeded","skRm":"ba2a98db7ccc7fc3894ca4812904eaae2dc8f6e7455915fdabab5facd90e521d","skEm":"df87d0e9f0409f749499c28bb9cfe9a175cd7de674086ba9cd261a696a12e1d4","pkRm":"04981708fd745a9abe489d8724dbff0ec49241e7aa2b4cb7d463cecb80fc0ee9b7c583bd3b09c6bc0ddd74022342b6df5a6eb3b73528786645925dcc97e728c303","pkEm":"04ce090d292a9adfca5d70c466a4388e9d57943142926455f95cc9b3220c54c6fb0092318c8155980ae94d2c407138410450e2d5a2171b75b0a04895cf8daec8a2","enc":"04ce090d292a9adfca5d70c466a4388e9d57943142926455f95cc9b3220c54c6fb0092318c8155980ae94d2c407138410450e2d5a2171b75b0a04895cf8daec8a2","shared_secret":"dc5f1f85559bdf4f2daceaffd3005baad2cb18a3a40af6d33ef232c157acbd84","key_schedule_context":"005c92bcc6813ef740f5d927446355965dffa6d842897d6b73339075d9c87a658bdb5dcea79c6245a722348982ea03da56990c996747fcf13675cc980bc9bcaf6e","secret":"a2c58978ff0f0ea2c0ceaf312ce27199b01059354d116f426a284a3fde0b539d","key":"22818854f97e1001706745d76e07a06a440b4ea63b11b3405d2ecead866a81a4","nonce":"696fa16d9ae48bfb6deddc27","exporter_secret":"4a397e78ba391f71919941fd477895fa0739954a2b2033a0d5edbe1b4edf6531","encryptions":[{"aad":"436f756e742d30","ciphertext":"cc93284dac4e65f07a30482f8a31ceb671d5d029c8a0e0260dd364e73dfef1aee4a94ce474f0db910cfff24f07","nonce":"696fa16d9ae48bfb6deddc27","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"7cdc5c24c46752beabbcc1cd3c8b373e21da8a709e18424e6a1e3b2c5d3d9246ef46456f0babc370871c683a9b","nonce":"696fa16d9ae48bfb6deddc26","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"c1bd95c8df9901dbc6e3c128bd1534350db5e8e71bef7469102dc33be0aa7576873a0ad34e3b549752c461d2d0","nonce":"696fa16d9ae48bfb6deddc25","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"71142545349be81bba943f8175e1a043ef709f3974e3a27132efcea05f08c091e8dae89187fb5fb267342a0029","nonce":"696fa16d9ae48bfb6deddc24","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"fc640c906098fba7d72b84739665c1d3dc064cfc4d40738999e2f9d38924cd0b0b3272b4552e82e4e94c726714","nonce":"696fa16d9ae48bfb6deddc23","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b347d55ef585fd8bcbe0457de73b984400d10e2ea28f6ece07110cb8e4413cd7f1d8dbab35a02d722dc69ee6b1","nonce":"696fa16d9ae48bfb6deddc22","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"5efc4b3128b5c9bc92fd2269b1e03a4083eb76b7c946a6a68d8c3b6be166e7f4432f87d1efe266d681f43d874b","nonce":"696fa16d9ae48bfb6deddc21","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"5bcea0a89384808f48212dc88112b8e7078b4a8b084e5f6a42294948424716bb2bb2aaee21f966b7e932a6bbe8","nonce":"696fa16d9ae48bfb6deddc20","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"ecea2ea2a9bc10dae58455c9953b31e277da4775781dc33280c14877d3155092831bdfc442965647a6ba3047ba","nonce":"696fa16d9ae48bfb6deddc2f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"4aa3d15a2254d09f79b5050cb6ed6126b40e57adfda2810d4a1420b6916ea72ae21385524db49485ddbd8cec03","nonce":"696fa16d9ae48bfb6deddc2e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"15f4fc793eb5544d393c244f5b9e2b4b645458fe1f0da6b876242c00f12d7cf7"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"0b8ade9a5a2966175f4214a5c9d1881140a28cdf97aa47c2356f5ca991d4b152"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"dccf03eedae715f34376c4e2a87c896a7252aade2fbd6fde65a2a7e44465cb49"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"063e87baf2a8604bae19d7cd9a9054f84f34dd95e7f4722d5b3759e8be05dd31"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c9fed34fcbe2325222f57d338acb58dcf4f8f7862778f3bedcb28f66f7379815"}]},{"mode":0,"kem_id":16,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"483bb0a0fe639035e3909be5c43af275da1cc8a0f355385fc4c7af211fbcad60","seedE":"fcdcc1cd73bf5cc87b991ca1f7b2f4f0ec2aac20e105efcb7111177a150af48c","skRm":"64257b7a86638b98c2d22dc4b730b3f344fa2dcc3573ce85d2bac959750b7709","skEm":"f779ab76bd6a8edaec8edf9c8382ea15f5f4ad6a9aabebc1450b6c1025dd1de3","pkRm":"048716e273cdf7146a7d68941f9d8b0115cf25ee484e37c0519a49c90e79149c60bf7dc40312a324c0710e6eea965f1267ea5c2dd0e6a487b50acdfd6f71cf0fce","pkEm":"042eba2b8c1fa16ee99ab9f4627aee2358f71d6240955e5747ab869b5531a43ddab8dec00e9fbdfb2f92073774a9981f72312ff6361b551bb254295fffea04de02","enc":"042eba2b8c1fa16ee99ab9f4627aee2358f71d6240955e5747ab869b5531a43ddab8dec00e9fbdfb2f92073774a9981f72312ff6361b551bb254295fffea04de02","shared_secret":"23df0808be6ebbef5822349e5dae008d2c1e9f4020367097bde447ed5fcf383e","key_schedule_context":"005193809f9701d761ad3e980ec406cc14ea789817d821d0cb139989260f37f4c6d3da0100c16489caa7ad5adf41151b806e7a2a438b79586881afdfaf8bc6fedd","secret":"e0001a90ebb7efc5e85e1f72c90ea2e98b14c0431379789250bd2acda2a95208","key":"652abfcff470224fec73d73cef7c424401cb4d72d92ff5a8447a865c19830535","nonce":"07e632ae808cddf6acaeb15b","exporter_secret":"f3a31ef376affde7513fa5989ffadf6e32b8c7ee40a71d2c2f890dda77a5dadd","encryptions":[{"aad":"436f756e742d30","ciphertext":"edcfa837ec3e00787a52b462ac2a3a438a75e8df971fd21fa617998398c34ecfb69b4878faaa68c21edc39be2a","nonce":"07e632ae808cddf6acaeb15b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"02dfb0620b7d7835f66dd53b3444742649104532a808aab474b13c311b3d5dfb99e80f00988b9e70546c369021","nonce":"07e632ae808cddf6acaeb15a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"f42d3def0a450bbf6d15a6950a64c198bd36760a9b53e775bc3e60f9ec38253597b725181e6d3b5feaa0ad80ef","nonce":"07e632ae808cddf6acaeb159","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d729d3b60bef054f235af71fa09bc2df2770c1889b431f69396f506b71775e8c5e29653e1b2b63b1e89e4e4fc9","nonce":"07e632ae808cddf6acaeb158","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"03769cf4d9e13994376ee35afd627b9f7d1f495ae2d1d3538c4c803e9c08aa13cf9ae7ec545c0f17b28d6b1cba","nonce":"07e632ae808cddf6acaeb15f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"9df2d9690b5b6d616a4c5d2d2071a409a187ea9a76f11c9247b15c74e5c771a74db613ce35869d43e0f5db31ef","nonce":"07e632ae808cddf6acaeb15e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1458125842e0234f178663fee07446afc0336f52ff76b0e425309941c846fff62a9f065966316345df67cdacd9","nonce":"07e632ae808cddf6acaeb15d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"2d9933061cdd7df0abe4f195924e86a2307863a034deae74ad5ad86c991311f574b32f1f591d7d6ae25b7c75b3","nonce":"07e632ae808cddf6acaeb15c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"ac1bb432b048d0ee419c5c9498bb2ce912fda19d27ed0c70252808240746e78625c448038b8ac0963f57095425","nonce":"07e632ae808cddf6acaeb153","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"1e36fe5f2221a82dca3421b6449f37ccfcc6652c887cd782b644f85e14d89606b7712820f92b4c4af333703204","nonce":"07e632ae808cddf6acaeb152","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"649768704ae994b8143f95e12bc79be662ca632d870b635cf0482ed7d29476b8"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"fc7efd160492ab40b1147296dbd3af5d433c798b52aef3973f0951c2df6d6cec"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"a3c5fe8a2d3a842c30d2ed9aad8c47cb1a465abb20b1a2a6f78baee5f4dd2ec4"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"13f67e00dfc25cba38864d0637176283599cda360d4537c4d49c36d5d3db51fe"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"207a6aeb271d89ed554ee58ae74c1d08cfc758e02c1cd911ad7d5d351575a259"}]},{"mode":1,"kem_id":16,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"4ac36e24812130586b5326c046de98d3186124dedc8fa6afe6bb1181540bd0f7","seedE":"d5f77ccc5d8a284a97f6c9c72fa5cba1daff07cb177770796733129a39de0c14","skRm":"4ef2e67bfc1eb724a58ebea6d96aff6d5de11c7a18991f5771cb30069610a6fc","skEm":"d789d9d4a2a040b785b0a9feabb343425cc8e2d8f6417e42789ea6d18663951c","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0492e832e125ce8981fefdd9cd36d36d729472e634e7ba0a027909f9436b1f26593f02da0257acba3efded2f1073b1f4ccc4b57cc024e8d1fd6df6a122b850ecb2","pkEm":"04f6ddb4c4f41ec4c1577e34519fb3a5b8d659945d425b4b117e02636841c4287fa34bab4c35a5d41d788a8c321b8256cd71c93ff4a8799ed28301114196f9f6a6","enc":"04f6ddb4c4f41ec4c1577e34519fb3a5b8d659945d425b4b117e02636841c4287fa34bab4c35a5d41d788a8c321b8256cd71c93ff4a8799ed28301114196f9f6a6","shared_secret":"c6ab3fe04a92b975f5fd98a09db71063814b03ba86a69da3004e3a0dda8bbc40","key_schedule_context":"017d40471421306b100f7401fbf733fef208e1508bd2744517e95ef7471f21a1dad3da0100c16489caa7ad5adf41151b806e7a2a438b79586881afdfaf8bc6fedd","secret":"6ab05d9bade32456ac456527e164651f1e7b90a22cec55cd32878dd4770271bc","key":"abc5af188ea872c94cafd11dbdb7836cc1930ca0271833ba2a36a04d54404912","nonce":"4724facf9d0af1c7a55a0560","exporter_secret":"38e87692f83d991b20e731e1a29fa86bb92630824de1df6aeaf04fd4d59778e9","encryptions":[{"aad":"436f756e742d30","ciphertext":"6972d38453567d2624db55ad748d42ff3177d1e941bbe57f68d03b53fb0f1d48b6fc2dfcb84d8ef39f3a8ad6c5","nonce":"4724facf9d0af1c7a55a0560","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"6ff2faf2ec58ddd27c3a97a25a1d1b3db45484f2bb1c84c751f58c03d660cee4b942a10bac339044bd65157c65","nonce":"4724facf9d0af1c7a55a0561","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"e2203b51c7d776ed347168dd7d93066184bb7e775277dea7f95bcc3e897cedd52fdcea492158116a8354387f85","nonce":"4724facf9d0af1c7a55a0562","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"458b0a4458330eb1fe600c62867fe26e8cdeb5b16f54b5b774b98ec7922d27ad76d6f823668d7a7b027e9c8682","nonce":"4724facf9d0af1c7a55a0563","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"c953c3657872749b048d8245ef98cf33a2f7e4c62f27d9b9e3496fdf50b951e63031092466f4bc67fb93bcee82","nonce":"4724facf9d0af1c7a55a0564","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"46d075d224610a1f9fd9ed18fb5fa898112e27f3f0cf97a8ffe94478904f21bb46e68270d8bd7741d256f12dba","nonce":"4724facf9d0af1c7a55a0565","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"19b51358618270c87ca9820e9df7be39b9f7b581e206f570c85e8011ae114278f869ffe70e69f8ab0aff13315c","nonce":"4724facf9d0af1c7a55a0566","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"376c925d9efb620cb2613647f52ad415831afb9a12ef4122213621e621009a3435df8a99fc184cb7a7d4107621","nonce":"4724facf9d0af1c7a55a0567","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"86848929cb7bf449943f29cfdc6b0d6e9f5c4ea4db69b1ff0f3a244d4bc4b85c5da02600d54d46f23628403944","nonce":"4724facf9d0af1c7a55a0568","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a138f4b4f7fdf18a61acee43458c575b293beca34ecca3d3ee07a229c5aa00f3e357e00db8b97f3e0950680fb1","nonce":"4724facf9d0af1c7a55a0569","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f0ead771d6b184134a6770ea37a1f54fa9298d55cb3a09904894039d7c43369c"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"53227b56dcd547bc4a8dd6df4b3cb88919af2a6511135cbfe96f3aa1f86485cc"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"e0e1a39d3f1927b03f7f4486dcd56edb73004490dcd996f3f6b1e69f62f558ef"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"356ca58ad6658834d97777d59ec0314557b316f5e3396065622bf268be17e207"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"faef5b99303d4689fc49da7a590339877e70262a64340f7c3cfd40f0d1a5e97d"}]},{"mode":2,"kem_id":16,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"df66678a95aaf77b4a3ec2635b23b181dd3d8a05c68022cb6d5d71b119c1535d","seedS":"01bbe1ed07b0688a97d888880ca203b9ac5ebf298f4a5a081e1fa46dbb6e183f","seedE":"336770111a4f3e97ddd1592a15e4734b910b9a5b566e846cd8f28c6199f8c5e7","skRm":"6d50088dd600327d6491736bb152d0e2a2ad70db0c26d5f8a5681e25405bd89d","skSm":"8f24aadec1e93eed8b5570844074591b6c1eb8f54eae8af7ab398a7e48d2fa29","skEm":"cdfd892a2bac5ee9e2422122323da13b17d7f0873386b5053de94d2636f3c53a","pkRm":"0494a8b15d3abddf20f57b09c784687ac1176dcc532cbed5d3704441026b00dc9f2436c77bd1a4a5a219bdf2aa324b4af59fbec5caa86db4e83cf7d5c724e0c0c3","pkSm":"047cdd53556de3eb39e267c546ed61864d2460a3225b224ce64860f695e44ba00ec5433cff0e535713d1f2ae1e138fa93463b22039ebac399e6fa99536688e536c","pkEm":"044b364b95db5fadf0617c48688eed541aab99ddf72a5357ae371c34df7803fcd0da422f17ce4c68d03fef7c6ab272041230a3901361445644c2a6c3d02e9532c5","enc":"044b364b95db5fadf0617c48688eed541aab99ddf72a5357ae371c34df7803fcd0da422f17ce4c68d03fef7c6ab272041230a3901361445644c2a6c3d02e9532c5","shared_secret":"f7b6fa8884784f6723692603cd958db6830cb0c87718f72cdff10758cb97a3ab","key_schedule_context":"025193809f9701d761ad3e980ec406cc14ea789817d821d0cb139989260f37f4c6d3da0100c16489caa7ad5adf41151b806e7a2a438b79586881afdfaf8bc6fedd","secret":"53be166abcfea99cf7bbe7c20e3704bccee414244cebed9dd5a2bc9f3ffe1600","key":"807c3ed1b3fdfa8ffb052e01e2f60e75aa9f47ed8378c17ad737e58f32954888","nonce":"7c84b0a76e3bff59f55eeb66","exporter_secret":"ad0c4d9ecace4d473c702f15f83c14964abc8340d560fb103a8ed9e96d30477a","encryptions":[{"aad":"436f756e742d30","ciphertext":"b626e15a016a4d1141404694d4f42300324839c26442761558aff3f11bead5af3102ca3eaa3d9ebe7d61b5e9ad","nonce":"7c84b0a76e3bff59f55eeb66","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"9a71859d14fc01dd756e9c5ae3bd17f30276f60702913ed52d9bdd1f984dd3c1f8d8da0e3cf80d7948322e5272","nonce":"7c84b0a76e3bff59f55eeb67","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"56e9a11b272337128786b69cbf4969d92bfa91ff642c76815c3ed4169d8708d1736466d5ba124de3de05e274ed","nonce":"7c84b0a76e3bff59f55eeb64","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"bda8c5ea76c250209ed354711e2fa4c7a26d90845b9c2793931449d6c054a4a407a3782f2e8274294ada480ba9","nonce":"7c84b0a76e3bff59f55eeb65","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"47c2b0dd4cc2a0cdb9ece76eca03d71556f33554f52800adc208c1c954a50035d3a0c442ad07e5a4a0af2d3987","nonce":"7c84b0a76e3bff59f55eeb62","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d18c385a2354a5090e99472d499f67585e01542a69bbfd301034532b04171f0526fe7517dd8eabed8df627630e","nonce":"7c84b0a76e3bff59f55eeb63","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"130092f9c1902cdca003a08c28ce46a8507755cd578861f336613da3f165b78f945399a4e3b3b3f9ee1ce69f78","nonce":"7c84b0a76e3bff59f55eeb60","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"fd8e1c6369240ed7ecda11a0bc6dae9e7528c45823820bc3e44071730b63fad4f290c909aae25f25ecf55a85a1","nonce":"7c84b0a76e3bff59f55eeb61","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8dbc566792a20a312e1bfcddcbd6bf7017d3e839db346199effed067c5f4bf3f9b89373c2cc6dfdc2c50440bad","nonce":"7c84b0a76e3bff59f55eeb6e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"8057fcc15fed0a16568fb4a896a7c62acc440f0a2e7b1595a6b52e18c3b01cf8f7984caa96f91abd10b9fb29cc","nonce":"7c84b0a76e3bff59f55eeb6f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"bfe763893bbb429e86e2352ea9c53556c8b4d8b2dadb3fd900371679d293bed2"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a6e3e480c5a99278ec252f56f0efe91c5abf40b3c4fc8624d7ad4cdc239b1c33"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"4186f4de3878e8f46afc5df03b9b7c17036069934ad6c5c1527714176e1f9b05"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"bc0de36f7e92535570e1e21b33a7436c98f126f443a1db316036f2b3e3001eb7"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"934a3d9a609cfefce3b882263edf89b35ec4cacd1e0be0491fe73685a8cd6cae"}]},{"mode":3,"kem_id":16,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"5f587a548f7cba21c98ac0dfdac619e962aba8526339c7ad98e804abd9fcbf19","seedS":"1093c27b5e2719ffade39714b76a8e994341b019de9522d89133b41a200f97da","seedE":"7454e819f88659590461a91dff451738df7789f5b4ced005211ed7b264be713f","skRm":"44d78e464befc5faa20e36e8a5f056bbb2970372f3617a6a28883f05891a5e73","skSm":"6e7a6242333ec01f7651bee7a6d51097208647ba3f31991079b318cca32463a3","skEm":"b0782e95b3b3d115a40a5382ea33a29cd91e51ed85db42fa61fdcc51f5125bfd","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04f464a6bf8ca0cb0679391714160c34a853cc8df2d89c119c18fa835600232c9c73041bd7d17129f7de2573a72385f8f507ba2971280f4f0615fdca8d5701c3cd","pkSm":"04a4f059459fff8a1cfbb58ba01c9763d41355c31bee2c822d3831cb0fec2cd06c970713ee5bfe9ab0f9c4ae70afa88a7bac78ac74dba6fbe12afae83e783fce5c","pkEm":"042b8f991a7f0e1a833f58ce65bf65c96780e9620ae3ab6e8df1645b54b70ed89adbc9c2db9f4b6a0c7c08a76523f24ccbd555da8cdd0403e5f1aaf3f68e0dc62d","enc":"042b8f991a7f0e1a833f58ce65bf65c96780e9620ae3ab6e8df1645b54b70ed89adbc9c2db9f4b6a0c7c08a76523f24ccbd555da8cdd0403e5f1aaf3f68e0dc62d","shared_secret":"ae88d508550ecc1804706bf7ef31c329cd2475f20b3ce3082207dc7c806121d5","key_schedule_context":"037d40471421306b100f7401fbf733fef208e1508bd2744517e95ef7471f21a1dad3da0100c16489caa7ad5adf41151b806e7a2a438b79586881afdfaf8bc6fedd","secret":"35a0d70ef7522b31c1d534e268a6d5139b0943b598e61c1c81f8d21633f459cf","key":"2fc299bf7d673aa547d3cb9972a7976bc262508c52a1a84c617e0f0b6bca3c39","nonce":"4af68b1b2cd29814fc8020d5","exporter_secret":"6370cd9058b498d3db6cce9beb618b094ff0981b846d5cf59676cd7e5e41dd3b","encryptions":[{"aad":"436f756e742d30","ciphertext":"694ad6fefd198fece3706b5fd6fb696ed03f399f3bdfabaec36b52fa63153db22a50978c6b0329a6c583a7380b","nonce":"4af68b1b2cd29814fc8020d5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"b0f4eeb0f9ef54c9f5dbc1b16dec408dc4160e255e768b00cc21aec6c5fb65b29835131275ce081ff80e9f05ff","nonce":"4af68b1b2cd29814fc8020d4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7d72a1eaeb27669fe6fa123a6c4bebecfe9fc035c8b0b2402ccab99dd92c4047c9953a537fb1e647b9e8d49e0f","nonce":"4af68b1b2cd29814fc8020d7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9fd647d26cf03952a2877b1d7507b6ae8fa61f3985dbd41491fdf306b560baf0652d391642f7487474cb5f153e","nonce":"4af68b1b2cd29814fc8020d6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b55b04cb0cfa1911bf1c4cef46fdafeb2352de13cdb25e254d4b611ae59cb2342208ccd645e4be0f6d02a34125","nonce":"4af68b1b2cd29814fc8020d1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"a8fc30cdeb8ecfd7a8cffca1f7e4a59303cb7edd6721868e0ee83c689dde1b17531fe8f87ac50830c4bbf99def","nonce":"4af68b1b2cd29814fc8020d0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"6bdb1f7e55d39ee13694d3a9e06bb82e38e7b38db530e03c3507bb625fbbc743407a11261fcd87c1d0c23e8887","nonce":"4af68b1b2cd29814fc8020d3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e0aa389c3546b37244a0a13fb188aa55c1e84680a21f100edf0e33303804abeb10d5b1cc65f5c06c7bfb5d5a2a","nonce":"4af68b1b2cd29814fc8020d2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"78b7b2716fe7f0fa5351035cc2cc4e9be5ef99d9bd56d10aeef41cf08e60f3724efdf6287be81a8363d8df7e8b","nonce":"4af68b1b2cd29814fc8020dd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"7195492e8fe7517e7c1fbe257e1f32fd742852debcbd218c83cc097c36a9a21cc3dbd52f32ba06fe4ceb49d1b1","nonce":"4af68b1b2cd29814fc8020dc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1c822c8d8f6ea1bbead09f9ccc92df6ce2786b96772053afbf294241c16db4ce"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"b9f17786f59ec280fbbde09f75be3089cd2909ef524a2601a0ce0d8de9eb0cd1"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b6190643fe019c146dbd5e40dc9b48ff5eb651c770518dc38e68f4e6e13ab4d3"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"966bc89d4ea55312007cd418deeadc583e17b644e9d235f818b5b13ff0a17a23"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"dd38c21d8885b436df52160e9f0e666326c55fe9049abaed7d06ba2a2b7218a3"}]},{"mode":0,"kem_id":16,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3d4504f63bd3c1e292043c94dbc37b57085059df1e9f67518158deab2ebae28a","seedE":"c06b7c4fa7fcdf4c149d5616dd913a47c0d861e35f1c3b9bc8228a26aefd4f52","skRm":"3bb1f10127548c1ddcca9ecd25407dadf34b0ca63e8c8efde26bea162f3422d5","skEm":"6246a8df03d24ca9dbb6a32675010d9a472cc97e00ababe835bf3a03b89ae6e9","pkRm":"042460a1b576c061f89bdc25f6149dbb65dd48798407b5500de0cd23922a5fd5a1e55463096bc1a44b1cf761df11ac6acdf49f46fcb025fe2cea367292e762bfa9","pkEm":"04153e63654a815ebfc292776cafbd06fe1f9c5eabd997d146eb98bff3b8064f979217e4903e979a961e81b36aefaf9ff9312765a3754f0bc2fd406947bf5357f2","enc":"04153e63654a815ebfc292776cafbd06fe1f9c5eabd997d146eb98bff3b8064f979217e4903e979a961e81b36aefaf9ff9312765a3754f0bc2fd406947bf5357f2","shared_secret":"f81985f6fc778694728ba142df551a60a529fe0f86add8f402b4786abb91158e","key_schedule_context":"0059a145bcce1c1c862714bcd04c342351f917429e57578e3a2fa684c7ed0403ba264455f90835145bd18f39bfadab2d3808163e74fc91c733021e758f5b70c2668c9942e377e9f72fa4152c161bfba6c407fe5ee3d6517b56634fdf07ade5b4fcb1358e1f01175ac61ef5c191ba765599e625e92cd4623fea16bbe3a0ca2db1df","secret":"56670b96b4a99297fb753156bec636c3f9019e2778520f9650d3dee2827bc35e2f9257437356e333d96c628a4b9c043b36a60db894a3831954a431889b2e0570","key":"0fd75b296c0fcc51ddf829c16b664ccc","nonce":"5b80ab1ace6b4e0add668804","exporter_secret":"1da2e149dd9972a5b45e6dfa8da7ec1d24f8401ef83f1d6244b76bb114f25f36b2963d48e39278f71678edefca22aa3cb7a9a16f243799db93fe95294d323a23","encryptions":[{"aad":"436f756e742d30","ciphertext":"d382add6f0915aec3411bcdb596a531cabb4ea8c09e5171d2b00ca285e6d782e2a5a828ab4c2059993c3e55d95","nonce":"5b80ab1ace6b4e0add668804","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"2d05d58388725a0af35e3baa7d233d358055a856b69919bb3eec858373bca40dcdf1ce07c5a8584e203f1cbed5","nonce":"5b80ab1ace6b4e0add668805","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"ed54296f6579e95cf33dc38c0e8a7158cd09f3041d0c03bb7dc1a1892a36441ba84a10cb470af4954d5d7a07c1","nonce":"5b80ab1ace6b4e0add668806","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"7e986cfdda7660ebd500f9b81caca638caaec9a32c8aa4765a0ef268f6a4c975c9991ca0a9cfd407cd583a4859","nonce":"5b80ab1ace6b4e0add668807","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"172bc3a81f1843724134e3a50da0099dda4f316a8900e55f164f7253a5df977f9bb05bf65464bcf06946ea5c30","nonce":"5b80ab1ace6b4e0add668800","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"a1e235e1d6142e05135b1b6e4d66a556648719f8e2729b8b94eb4f0f16e593911b02dabad8ce9a139e37f76b47","nonce":"5b80ab1ace6b4e0add668801","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1233ac00bfb7dd8d78d427865b18658f27cab952f8d7cc82219053b663ad922be817cde39931d8941ad58e055a","nonce":"5b80ab1ace6b4e0add668802","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"074996f439738ecc4745ba16320095b70f32dc3d58302a811afe0a432e63d219085f7d05ab46da053f140ae4fb","nonce":"5b80ab1ace6b4e0add668803","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"973331248414a7a61c0d83041b1f2aaf13f5415891b7ea4baaf67d1fc6b4f432cdd3757295cf7794e61d6e8fce","nonce":"5b80ab1ace6b4e0add66880c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"44bfe1e3ebbf6b0b5a5cf8fc9f19d343defc943dfc6dbb03ab1c24e1a6a4c808abb00bbfa077f51de8c63ce8a9","nonce":"5b80ab1ace6b4e0add66880d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"a6915faa798ec8ba1af5f4f646380852f0087762fad105d22a48b0dc3276df32"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4482bdb729df726c733680b12c3f3efedaf27e127050c68d9b319d67fcc26246"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"8c70c298303408fbac3245e766fd835e8b4f98158caa69d7e2aa8d9e840b4b44"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"50682fb87496383686668cd66ab7a85099c7eb0be05d51b36783f447352e4b2a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"098209fdb7f854cece7449870758b888a3ed2dd409619df514d0b0aa9b878b02"}]},{"mode":1,"kem_id":16,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"870a8cd14bdccd6dc2d538e4b57fa79d2ae19657fb92163b8c2f776da0d9c5e0","seedE":"8ae414fe57a79d6ee44c6ebf03223c0a23685a9ef131513c9501803155b84650","skRm":"723323b210fa5fb49fa686e20df412f68265cccd19af92bebcd737e403c358c5","skEm":"bc2e5291d700a743050d85ae1ef59494b539eb380d99bedb628dc8195f76f138","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04ac9e67c5e737d35bf3c4c756b8701810819d6debd3068c9a6b3472a307d26dcfe00faa1ffb706bbfd40cef488c6acd57283be40654876a4ae815b8501b7b0cb6","pkEm":"04fee5bf414527ffa5c439a5b1d2e10b8941f0e577a2f6e811755f9248c4ff04610a84653887f9674afeda68b879ea7a4de0e1a1f5a1d89d358499b2d4753311b7","enc":"04fee5bf414527ffa5c439a5b1d2e10b8941f0e577a2f6e811755f9248c4ff04610a84653887f9674afeda68b879ea7a4de0e1a1f5a1d89d358499b2d4753311b7","shared_secret":"35966cf7216392119e7b6a4ec3681de9cc69bbed75c09d66a2aeebe9e1d29e8d","key_schedule_context":"0139f6011ebbfa0b089f98c9db37956a61abf9fb58427f56ada80743584c1a6cdcfbd55ffd4399433c54b22f53e40738082c9489846c4c19c08fa771b0388da3eb8c9942e377e9f72fa4152c161bfba6c407fe5ee3d6517b56634fdf07ade5b4fcb1358e1f01175ac61ef5c191ba765599e625e92cd4623fea16bbe3a0ca2db1df","secret":"d451d6013533360a86d0867a08363b3129ab1907eec7bafdc7f48f854463cdd23edd337f09bf1c62f2b4946a89cd66f5b0a67b82b5d0994f54f49dd84665d1b9","key":"1b70d145c0099c28510618465569948d","nonce":"74eb101dce2cbf07c8692aca","exporter_secret":"4676e4f4a13fba7cf74721c5aef58919003fdf0f61f07250b622a61f12ca10013c490daca9110593c1e731dba7a56e93919644000792f83441c9b4517f0e1dbe","encryptions":[{"aad":"436f756e742d30","ciphertext":"8ab8ca639da1b3355e1d3e642617745b557ccd6777d80b90c849e9a216141fa7168b2c52da7f9f8b30816d5aac","nonce":"74eb101dce2cbf07c8692aca","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"ff6472f39880630cea5115008f040e2999d6b2dfedbf3c34c49e7d2ed0abd83ec5375323494b210ad615107dbd","nonce":"74eb101dce2cbf07c8692acb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"ff561682ac310c9fa8838db48ed9cf8c5b3be3830e0b7e00cdac82a2c7e50fc39989e21a20290c5af0be57ec37","nonce":"74eb101dce2cbf07c8692ac8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"4759159f97287d42489c75a2521db52087db1e46f273cc29e6ae3426f5f0dccf89b5fcbd4adb77d3271fa78355","nonce":"74eb101dce2cbf07c8692ac9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"61be985bdadb35e1d08903a46e40b0403de965ec4885517f80d0278a185f227031bed2812512c7fc40b1e42cbb","nonce":"74eb101dce2cbf07c8692ace","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"eda45b17d994523322944cc1bc1ba58ff898b7dbf410d90db06142502f693579a1165e94bd7b344eb372e582b0","nonce":"74eb101dce2cbf07c8692acf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"668a39fe2e0f29c0d224a49253a040d0da64f7f59e3f588d633dc0b5652535d2d1ca7acb09eecbe98491140c5b","nonce":"74eb101dce2cbf07c8692acc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"406ec4231d9c26da8f59a981d5fd402c6b36fe118b48d2d98b6144c46e910eddaf6ccf27f3d8e90553402f65f3","nonce":"74eb101dce2cbf07c8692acd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"9087513b903a1c75cafb8b36e3b34fc4746a582b3c3ee6691aed29bc3c38a5bfa91c9ad866bb3a67b24ff8ea54","nonce":"74eb101dce2cbf07c8692ac2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"6c6c30d924561afd3ec05fd3bcf724abb67b890c6593b7fa7a176a397dbc8b27da588e21db36496b7d2dc7c201","nonce":"74eb101dce2cbf07c8692ac3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f54a1a9b24d4fa4991c8468347a9b64cb8d8df08b2d4fa3688c7e907a7761ec9"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"b0a6e92e2b26d5d4db97dbecb44e4f6779d7c1722e48b92ff93c6a1099766ff8"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"229459cfb47d4761e3146b55477693117e606d26c8cc83a7937765569d3ef732"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"fbd37a00a12a56df5f88b8e0d8c20ab491915a455a66759a655cddac9bfad7c3"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ecdbb3933778c88fecba51f0d3f0abfccd6ed2292701938e2405646191f7adcd"}]},{"mode":2,"kem_id":16,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"96cb1d99dd2d353191e179fe806c5052b93eca6e1d08d7fb3ea20d420b4a921a","seedS":"baed6b6af0f1598fe1711376c0160200b84ced22ff9e898eab0353137f0cb540","seedE":"8248b1d3bfea9c55a1ead6c9f74f010c8322fc79c683eaf25d7a91dae7b17684","skRm":"9034b047ec840a44a75c2f83c9e6a86a5c585119d2e7f3f81f8a79bc38f9e36e","skSm":"f80c28087185d38fbac014f95c38abe3a96b810d7d07b758b9df7c11a9b3fda8","skEm":"07e7a0a40594be31b5807213f8fda3139fd7716ae780cfbe9563543b90e9de9f","pkRm":"04516de058a01c089b0a9bf62b7e3be6dbeeead63aac139c4565cf93aab1c7557846a159f04fb282fa425bfc68933371594c05bd588cd11270de0d550bfbf2b02c","pkSm":"04ae7983ba0cad779487d104642077ddfdfa5ebe4b508d8a7268c448cb30a0ffa97ca34806b36b0cf66c6bdd13cfc65beef97c3909d580423b085843d2d9e6fee0","pkEm":"04803cb253106c0d23f609fd613ad0be7b5354c368b9301c87e27c479a3b64230e463fdd8cb0b76d72d7eda9734b994aafc430254ffc83cdf09ee681417d3f09ff","enc":"04803cb253106c0d23f609fd613ad0be7b5354c368b9301c87e27c479a3b64230e463fdd8cb0b76d72d7eda9734b994aafc430254ffc83cdf09ee681417d3f09ff","shared_secret":"58bf8c9c94a2eae4d4e1bdb51898352b6d9d9b5c8aa83e83b2a5b0fa465c1fe4","key_schedule_context":"0259a145bcce1c1c862714bcd04c342351f917429e57578e3a2fa684c7ed0403ba264455f90835145bd18f39bfadab2d3808163e74fc91c733021e758f5b70c2668c9942e377e9f72fa4152c161bfba6c407fe5ee3d6517b56634fdf07ade5b4fcb1358e1f01175ac61ef5c191ba765599e625e92cd4623fea16bbe3a0ca2db1df","secret":"ccaa506479e8eee3347d4e8fc866a86fddbc8e2cfef229f44ee264ec814b0ad874c5a0fbb19f842ffa1969dcebd804a064032427d5f17e0eafac3960e1811e95","key":"4595017dbf4412c6cdd873001bdc1a55","nonce":"e66f9266b90637a3099e52e6","exporter_secret":"1a5e3fa36b9d898b5efb33f9cc3a5756b1ff3d3593cbe538995c6d56541317662c0e05cfb01015434d885b061cd668b2faad5146aa2b37fa9f9da36585f1efd8","encryptions":[{"aad":"436f756e742d30","ciphertext":"fe47489d387fb3ca019da499b62c0f92dd4630c67df81f382277ddfdd4e2b4d42bb9915108ebf5755f337ef155","nonce":"e66f9266b90637a3099e52e6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"6c57cb1ec364035e655ff9f19ff0684f2fb009ec2a953a259e8268b245a2a17b0e0e4ba2401b68d235f50c240e","nonce":"e66f9266b90637a3099e52e7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"9b9990d9231ede1502308c06427acf7e857ed9a5ecf8e538338412a897f95db793a2369cbc03dbbe174618a23f","nonce":"e66f9266b90637a3099e52e4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"70cd6c2faf311338b8de25c5f46c455622fcb3c64ef887639dbdce4bbe071877098cf3ef07492df95c8f4fcf6f","nonce":"e66f9266b90637a3099e52e5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"282eaa18a3de39abc6c9805ca8e6fe5e2ae85cde764b3287037e633886d1c9b114c6c8ceee3536bb61b286026d","nonce":"e66f9266b90637a3099e52e2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"6ca49ce9ad850cb747b3e781caa27f7c6a9541547561a083b122af469031283430acd875017e495eaeaf58d7ae","nonce":"e66f9266b90637a3099e52e3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"e2f61a704ef6bd444b6fb4bd98e76dec8e159d7c08393ef0ab94847bd6535aa533e37b8bf59503e912caa31560","nonce":"e66f9266b90637a3099e52e0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"99403389fe1e378228a349752be63a52e74a4480cca9bad3757f162d65ce758dd5901393b35c5bc56f81822120","nonce":"e66f9266b90637a3099e52e1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"6736f70cb1f28bfb08b303d93ca0e3b0d5580850cf54ae9325b114f99b87cd5d8f745641ea873f2b6420a0d640","nonce":"e66f9266b90637a3099e52ee","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"085b08c0d24c0ad56a599881ce481f6788e45bd9c7b262782b4f97c36f7b65e29c328572f4220cd19b58130f73","nonce":"e66f9266b90637a3099e52ef","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1073462594bd12498748b3fc94034b0a6b9fd0920827dcca2fb39b18ec50e9a5"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e515c5ded61ef56cdc0343cb5e133d549af71b96b9b8a27234f7ddf728159dad"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"8e859df03e63ae48d0f832c1379ee3c363787bf3c8d15f8cce6d1db2806ea290"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"92cfa5521eb3fd6b9463da6e7e90eae0b4e1a42e6e9d0ed66c06d86917cac3f8"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"f559e3c540e8c24a9189c9ba7d03d34f1a71a588bebc7a5842065b03938f9d17"}]},{"mode":3,"kem_id":16,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"073bcc799a8bfb579a627d8f8b55e93721340f6cf5de0eb357da157374e14eeb","seedS":"17388d5f671b12ef6c67cbaa20c8608619ee6b28ff65daa83ba63212451fd89f","seedE":"3264f316c88af07f985280644d38099b0767a16f88ae82d1e6accb9da3c6bb55","skRm":"5d22f76cd9af7e6aef48218e94c59cdd099d656917d7d3725eced88438808594","skSm":"01a45893d642b80751d7a5f9b07a8225e54734336d015b3aafb6be2d8aa5155e","skEm":"5fa7728ed91abd4589e53c40c96b06e57a8c3e7bfc15d8109f8579cd36e0a78f","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"045fbf495f070a860fc1f5ca05dbc3296caa9b8af281163e766e801f920aaddd99b10505d6086bd7d12fd7c39ca14e3480bcf855fca8eec13941392a00e81f73fc","pkSm":"04fbd2e874739deba895b84c2960a9a9f2b78a38769efa81113a07094549d8c8903f661f6722d20c44ed0a271eaa35676734674c03ff3d49cd659ed4b99889625b","pkEm":"04fafac74b1183efd0274b2b1a0819a7298bbdf4f6b9ec8a1a118da73f1d076f0e3dee8decd09c2ebd63fdc7e41abb308c5f5770d743b1c7426e1412445c5e20e1","enc":"04fafac74b1183efd0274b2b1a0819a7298bbdf4f6b9ec8a1a118da73f1d076f0e3dee8decd09c2ebd63fdc7e41abb308c5f5770d743b1c7426e1412445c5e20e1","shared_secret":"f184ae42ee268c1b3fd6f25b3cfb612d1d288a4921416598146cbf35bbbf2712","key_schedule_context":"0339f6011ebbfa0b089f98c9db37956a61abf9fb58427f56ada80743584c1a6cdcfbd55ffd4399433c54b22f53e40738082c9489846c4c19c08fa771b0388da3eb8c9942e377e9f72fa4152c161bfba6c407fe5ee3d6517b56634fdf07ade5b4fcb1358e1f01175ac61ef5c191ba765599e625e92cd4623fea16bbe3a0ca2db1df","secret":"fe2d56adfa0505528204033a330498957e1f95bb38a3a035cca1d8763b0a2f97f56e26f5981002e55db28c4969ac8b25f7e207e0180f8efe63060eb1fa8de47f","key":"e39381714251f8c506bd9003337d3ef5","nonce":"d59bb13cf84f3d7ffc28f091","exporter_secret":"eab52a0c640878495981d6f9092536c9c0f95e6c456daf497670755b598798aeb17fcd057f632cd546a4ca3585c1e8297d5bf43b4e9f965a581cafd108304e3a","encryptions":[{"aad":"436f756e742d30","ciphertext":"1d1ee90fdfac8e8f3f466de3772b397ab2025bb73adcd97743e6391952a2829a8acb47e7e0541eabd612e6d640","nonce":"d59bb13cf84f3d7ffc28f091","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"c7f0eefa13a77c03400ee3fe44a0df3bce4b4eecddd93b4641d55f9d0d6e1ead7b19ba99c63192af7ea5b4f290","nonce":"d59bb13cf84f3d7ffc28f090","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"1a9ceaa63324a430c1229a6228926e654f419b724a963bbd5ad29b9e00b7c4ccb96a957ca8f910c4e8c2481d9d","nonce":"d59bb13cf84f3d7ffc28f093","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ada59014cc67211d0a231f710ce1e5d22fe36b5cde2e1994306eada30925f76d6988ee9e2419f17a51edcbe07b","nonce":"d59bb13cf84f3d7ffc28f092","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"ffdcdcf7713b25e8efd42c2cffc2bc57956d55375042f5f637649b3ab2c2c55e00f51d13b98db6662bdf705a18","nonce":"d59bb13cf84f3d7ffc28f095","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b1e70f34192b4b21f0f9a44d4777e47e1320d1ad7d8a6c354c328f74f2e25065bfe42e46c91be5078602a65e84","nonce":"d59bb13cf84f3d7ffc28f094","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"82afa299d920cff2455853d8d77dbf171e6a27e9feba17dfc0b970099fc947279b29a9e5d5cc26dc82c3407757","nonce":"d59bb13cf84f3d7ffc28f097","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"179a48012e1ace22453a1ba4fa6799941561d2533a7f565138a6c06154b72560607cb3ed081ad62f3eea9b301b","nonce":"d59bb13cf84f3d7ffc28f096","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e09c95f999d1abd544a719858a48b7f173acb652f6baa3171fd9a1fb2dfe23a4405fc24798ae2c13223780d748","nonce":"d59bb13cf84f3d7ffc28f099","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"52f1851ccc3ceb55030e1743822232895e7a932353c08daf4cd1b387f1bbcc74cb8fcd4bffd517b1588f9da35d","nonce":"d59bb13cf84f3d7ffc28f098","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"4d75a3087f405aa27a807e013ea6d94b4a0187473c3238452a5e3d4da572d1f3"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a9f5799567d926c978bb46020dcc89f30ae8a661babdcffc6ee5400410bf6d02"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"e48871ffb1dbfb34f7752f5a26ef4aa4037464f43faa3efe35362a933d3d927e"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"71848e967d641cfab77715c3a0f7b4c8f538e9b5fbbb115862b1fee3953b618c"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"784f5f3ed53b73257b0d7a16626d6647328c6b67234460a6da534e4cb14225ce"}]},{"mode":0,"kem_id":16,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"823b066d173e0168acb1b7aceb5b008f8c74bb65b18aa35742c3cd3ac70b5eba","seedE":"e16826415ba7c26b77b5090f52377d807bf55b6f500665d1f499daee41d52a07","skRm":"bd8186f046929cf3a8fcebf955c509cb9579dfcb46a6f27c2e3abc1f52baf161","skEm":"2201d77263825a8bd14b6622b4bd8d5e2b6f6a5278112a5f245e5555658e9e5b","pkRm":"041f88bf27edbf094ad864786ea888df8bf9e6856be90c38e902644d47a5fb520c1c146265694d621d0566617bce231cc4d2426cd7f227e126979fe0d567699075","pkEm":"04e4ec14c319364dabd7ccbd5226d757f54669ea7f2755f04a2cdc666167ac3029d44d2658f62df1d5bc4f0662e1e24fac052e34dd8008298a37033ada2f2a4d5a","enc":"04e4ec14c319364dabd7ccbd5226d757f54669ea7f2755f04a2cdc666167ac3029d44d2658f62df1d5bc4f0662e1e24fac052e34dd8008298a37033ada2f2a4d5a","shared_secret":"97f4834091cadf76c1dd234bff67271c77a65c833d934079bb649d040ba72c58","key_schedule_context":"00e8330716b34bfee8656f3e44bdca33abfb241ebd1f719547077656dafcdd8aa74f7156fc99d5cdb20c0284581128d5e18c0a1d9b1ddf53abc0f2c8160ee0ee11b7ecf6aeccbd7dfc9c4f8d6917caba5fd2376a4071a3ed8962f1442f25f34fc2addea034555e7302f685312d3149c4c044a5267eadc7df201c36caca1d871117","secret":"4d906cda7d0b42832fa1cee0b1a6d887571abc52c76edb68054346c7e8d607bfe5afe75b6597a9e950ea6cd99162a2f2acc1404ec8e35587f43deeff8789041b","key":"74459357225bf4680f0dc49080cedaa481f23ebed1c83306761571115e752db9","nonce":"bb8c3ea549c3e929834ac2e1","exporter_secret":"07818080f9489e29bc678b288c2d0500bf5a7c20fb2f26af9ae479316c41afbd973102bcf9569a6251a5a999b543f6ae5e3ad23893a075b03bc4e47d37804b4b","encryptions":[{"aad":"436f756e742d30","ciphertext":"15e0b24708b59781ae373414f0237f86f925a8796ef6615697c846378df0e89c8de4c7b99e34c943a015876b4e","nonce":"bb8c3ea549c3e929834ac2e1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"2a3993a1e21435ff9874ee0d1e7844bca7faa62252af50b835b5a81b4e1aacd664106d69b13de3bb8776a2a56e","nonce":"bb8c3ea549c3e929834ac2e0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"8fbbafd491d0291507460ee8809d70d8098cd21b8d9990d6522cebf78b1cc1455be6f1d704ad92a2a5c99016bb","nonce":"bb8c3ea549c3e929834ac2e3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"acab75e848f0b9083d376c4f52c4c321931b1128abf5e9170a9119b36224661bbf7f74215b76337ab7af5225a5","nonce":"bb8c3ea549c3e929834ac2e2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"db1d91250fb426d5cb058d57f24cd5959bc24a3d97d02d450a5bf7467d0da1eb08ca65fe61a93a3feaa163b33c","nonce":"bb8c3ea549c3e929834ac2e5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"046f4d1a90cdbf90144601291227e80bb5f3223cc9ef153ba6bad652c6271d504b0744ded54f1f29423bb95408","nonce":"bb8c3ea549c3e929834ac2e4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"99e919f27944a55e2258d41be15dfe6db081614154e80f42edf50327b8776b079464d94e918c8126fffbaa79fc","nonce":"bb8c3ea549c3e929834ac2e7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"9f8cb6f84fbab34fc7d3a2fbedc653be7ef8037b193d8e67c4ab7b898ee2904bf4d6435779b5100a8a8160f797","nonce":"bb8c3ea549c3e929834ac2e6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"2b376c1cca925dd09e3db76a30815e2101f0e0658c50cea4a33ea235d4457935f5450339392920eb59c544a70f","nonce":"bb8c3ea549c3e929834ac2e9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"466eaee3885723790c5339b540b0e774ba2b804df0d7b59befef953f31e4af30867006f67f457c4a3d68e9e540","nonce":"bb8c3ea549c3e929834ac2e8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"8155ffb4381cbd725f37644e407bb80c346219d4ffeb5c8b840e52cfa3fda07f"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"941d8a95a4caf16af00b14de59625ec7e5e134e9403e5ae5b3abb24a6209335d"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"fb2ca41dcda93b23cf0a64a0521bb716946a9417af64b25a49d5a03b8a3fddc3"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"3e1598b904748454c741d4edf01e601dace2ce2b1e100afcc2c59269f8f680b9"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"9697f97c5a38f4f817cc601d53cb4e152cd505962ef4de2d2680f034c9b662e2"}]},{"mode":1,"kem_id":16,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0d39d962eb25e8e407533a3f13d29002d57c22bf281c5d92cd49c761ab6316b4","seedE":"c736963dc1680fc7ad621ac9157fe96a91cfe56646faa3a55b73642dc32c2959","skRm":"c2493a2a40c1fa4bc1a215b4ffb3ec9302dbfb96a978873c82f297e8dc6a2fec","skEm":"2c8bc2e74d523d3c8e8287de6b3ae318d5288cd61c485d1d5c8e5f0df752f29f","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"043ba228d14d191ecc14e13699303d7e159df32c9cd2e1780fdf3890363e47c46119ce0e79ac9b00e6ec26f6f6f018ffa6891976bdf00594ae4bb07a59df765eca","pkEm":"040959e7db67c5186a55b37d33a687a69cd2c8d1f9c1067a225b94d71d2697551af10b9c7fc67371df549ada6e01e740486e5d8bd23b0ff5ec282f38c94935e7da","enc":"040959e7db67c5186a55b37d33a687a69cd2c8d1f9c1067a225b94d71d2697551af10b9c7fc67371df549ada6e01e740486e5d8bd23b0ff5ec282f38c94935e7da","shared_secret":"a84774515f7be05fee1405b85fc89788d0db3b823a3469f105be9b6ef84c37a1","key_schedule_context":"01e4a0ff05c4c44e507f4dcfa55d959d4aaf010c069a4e6bb356931f3b4e1558b707f80bbb91ce7f560aa3471f09ad08d1510fe711d60c9fef568b977d067b7f26b7ecf6aeccbd7dfc9c4f8d6917caba5fd2376a4071a3ed8962f1442f25f34fc2addea034555e7302f685312d3149c4c044a5267eadc7df201c36caca1d871117","secret":"f4a7427fa0beabb240bd5eb011ab2881b4ae1f8b1b2a5f5bfbdffd41ea38d47f6271426be714cf98e30808e8ba11231e5a49f8cb22e31e5ad11d561a32bccdbc","key":"d64cc5cfed9924171b7528428190807231129c715b3bf48360fcc37f219038bf","nonce":"8026340c8e646b552390241f","exporter_secret":"a6f80bc3216d83ba16666263fd918fd311a94fb96db51d73b51854491d63b1acc67228b1fb9646b3f3360e6e4d70bccdd1a50b41c88fd87f22beb46367f03d14","encryptions":[{"aad":"436f756e742d30","ciphertext":"0907b2e45f9aa98ccb84020bd803be2bc80f7e6b638e9d660f42f43da600ce77ee0dff0bb79d93c191a37727fc","nonce":"8026340c8e646b552390241f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"c5a2afa5aac499b87da61700f9315aa7969023478a8570977d9bc1a1fa5803f8b0e02afc05a61729ea6ff1472f","nonce":"8026340c8e646b552390241e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"3adb63d286bfe9a403e1280d058f6e820e1629bd20c01cf7d2cdab0e4d866cdc013cfe457c98ee51731d9c1725","nonce":"8026340c8e646b552390241d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"49ea188a5043c256b2553cabf735da62d10faa27cb93a15b8f3e915ec4629b8ffbde4fba3f08781dd0d105035f","nonce":"8026340c8e646b552390241c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"3ff6732fec15b5aac4d07219674a5115e7e69b6e459653cd43c7277740e6e53be01ee0fd8d1b37f082517722e7","nonce":"8026340c8e646b552390241b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"e18987a0243dcea73f2f9dccc5186643d82e81cf3aec2995a669b51028f7070041dad3eb8cd7251c723c72f551","nonce":"8026340c8e646b552390241a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"0d4304922728a96e6556ae4ee45770649be76e40c68bbef5c7f0ae7265c3e123f92fc90510d307aa773849c6b9","nonce":"8026340c8e646b5523902419","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"a04d7167c74962b8b487c960edc1a59648d7519a7d0ac174c8567aea43aec7a358f5dd3c550ea5980120e4b94e","nonce":"8026340c8e646b5523902418","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"58ab1c57c779102d08f195fafaf1955816bdf9043e6c84b494ef0faa1a5065d5d02e6046d4927b94dafefbb222","nonce":"8026340c8e646b5523902417","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"cd3dc890d8b92d7fcf0e6e8beb31833d47bcfa3b59f50bdf01a9802f7a47d79f74531f19be018d3a61abe46a49","nonce":"8026340c8e646b5523902416","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"9965b97fadb989cee8b6f9f1bc2053a066abdf67f54a5917c74316b02e86d204"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"a40bc38276675776a5c711d51b8820be971566860e111a94449313632c86268d"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0518b2cc37983aa48c082b41f86791763def1f11887692d650b8b15131f1fb43"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"208c73c2e0c70696299d5f2e542b2b10ae3cf039329285da49c97d88196b4122"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"c2cd22bd68f76ba7c5b0900f3493de44279cbb9087d849f359eeedec3416bc39"}]},{"mode":2,"kem_id":16,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"91c559c9f16214fa1f510968268e44a7ffd8900ef2228682234a30601a36fa78","seedS":"7e3d27ae13ac7b93874c249a441b2d400b9118b535288a3990e454179c8df73a","seedE":"8a2b215168adbb38412886f628522efe73a75b825e4cf4d0a4d6d8e75ea422ca","skRm":"91642f9cc9af5b4089183bcdcf844099905c7e9be2d74d73aed86f7f4714e0b5","skSm":"917df5e67eca044638b4ca5b136032f6bc4e0b4fed93b59a8b1c74e299eac71e","skEm":"22c0c29d845e608f62b3762e08fb042985856b52dbfbe9e5708befa346956896","pkRm":"04e2562b9192795edfe26bb0b520f9a9de6ac9138f6985f19098f078791efff5f470ab482311004b89f3cceedd6c0b117ec9b409b636f5cc289b2066270088aa92","pkSm":"049b9b34f68a06fb790685cfb3b5072e52bff8abd804644523047d060fb29c11db56e4d03d79a5475dfb6b561ecd929459644fddd69d8d1baca04a57d168ba861e","pkEm":"045a0470ac0d6a0043c004a8e7493c3a9c01ea8e71216313810f44e190f84931d63e0807683b8a72dae55b222fac17217495a75377dc3928ab2c5dacaae1085911","enc":"045a0470ac0d6a0043c004a8e7493c3a9c01ea8e71216313810f44e190f84931d63e0807683b8a72dae55b222fac17217495a75377dc3928ab2c5dacaae1085911","shared_secret":"5f312de5dc6fac555ab65f129f6238777cb3603f5fdd186c6745f9cb1aec6343","key_schedule_context":"02e8330716b34bfee8656f3e44bdca33abfb241ebd1f719547077656dafcdd8aa74f7156fc99d5cdb20c0284581128d5e18c0a1d9b1ddf53abc0f2c8160ee0ee11b7ecf6aeccbd7dfc9c4f8d6917caba5fd2376a4071a3ed8962f1442f25f34fc2addea034555e7302f685312d3149c4c044a5267eadc7df201c36caca1d871117","secret":"77c2831192e3a97d3e51ade3ed6014b934ca1ed71a63e34e0f5460e16f7211bbdff99f47e47c8ed3732aaf3a6580b9f223d400d81c7e68f5d8be54527415c72e","key":"4925ec670ee559b8cf0fc2079764e0726032dd42f4f80668d50569f4d86203b1","nonce":"ef53cfa9953002266984ffbf","exporter_secret":"f6a54d28700c7ce83004fa3c6fdc6b8b5dd0a086eb8edd27307a3a1e87697b8a8fb4bc396f9c5714255657e119f7e7d8dd5bcdb8ddef2ae3fbb2b99dd0cce8b8","encryptions":[{"aad":"436f756e742d30","ciphertext":"38306c8b3e305c2f7532cf8d73e9e3eeb35b02ccee260ecb83cace47e3cfb19d5c1cb1cbe19878c824115ab738","nonce":"ef53cfa9953002266984ffbf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d6c58d00ef640174967cb3b0b82b1e501159046d17efea5f0c70ca35c9f2d6252be6069733abe50d947d254c8c","nonce":"ef53cfa9953002266984ffbe","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7eeceec6fa3a3d85d9bc7200dc9e7a4b35c3508d0d58fd2f1c560caeb4ec6c71ad34647bb68bb637e35f4c82ca","nonce":"ef53cfa9953002266984ffbd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"2bd75a62994429aa7812b78a46e3460a39c6aaeda14b105805f5631f0e3eb26115e8c61ef00c46cd10620f0204","nonce":"ef53cfa9953002266984ffbc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b10df0748e7ea9bf126f4f949b29ec58dd18338f46d6e71bdf6716ebfd4b26dc158013a029bd4990a053b1e9a2","nonce":"ef53cfa9953002266984ffbb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"6bf6cd46ae7a8e044a07afa178d135132654a0303c6b69d995f02a4f58b520902cc80c92910ef72f4338999e42","nonce":"ef53cfa9953002266984ffba","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"fd2bb67290111c4d327ce3fe4d911386d37e0cc0cda7fff6105aaa479db1ea0f8cd97758b763aa66672e0cac50","nonce":"ef53cfa9953002266984ffb9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"26a7d60f71a763963c3b23e536609d6d117cddefc96218c8dfdbde3b9aa4d5c4727953a086252252f5662c3ff8","nonce":"ef53cfa9953002266984ffb8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"6e98dc0cd3fe6955ea589432a219cab45a8e92208994b01b5183adfe5919dfd0aea75571ddbd7e0c879cb868c0","nonce":"ef53cfa9953002266984ffb7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9c69158b71c6bcafd03abb6c49d21b1987771f8b718d28aaf3753291945fcc706323e6fe217645bb46660c6ef1","nonce":"ef53cfa9953002266984ffb6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"8c50d3135e9154a881ce13fd624ee6979d74ad2bee4099d1bfb81558f898317e"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"3595536eeb1c8602b026ed7c0f15c0c4ed41d741413a6fdf01dd7f73539b0436"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"aad5db30e02e3fd6a428c9a2129da0664721e72683e0c0044893cd3b12a8d106"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"76c7bb6e31e4a0a6d3899f33ce95bf489e60e9b8b0155381c6f863df7b122ff5"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"07cfe70e6e8dcc27c96a1608060ac95514703f4e6f8382b380b74f10794a7878"}]},{"mode":3,"kem_id":16,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"0918c29592520a9e0f2235dff2e10485109df7364dccedeb3d30131bae0d6d10","seedS":"031b5b0f9493f5b26ce5587f9469861cc92ebe974b3e616647901ec9a71213e0","seedE":"bfb18594e78811253ad4afb6b9397df93d60c999cb578a978d6fc8286547efb7","skRm":"e3e50b41326db961884e59bd5247c139421f71ef41bf67b0671324c6a0a9d988","skSm":"d3d3ad61b5726824bb60b6cd14ac727bba8c8ef64b82e3ea85915785cff45e2b","skEm":"a01f97c8932f278fc87f3748ace5ef25b7058eb3598648afba9a47b558b0f37c","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0448c1c88f2e794ad1cc6e8dd7e03e04621b1e14c4bbf15674c2ba480afe8b643bb57b2d59d6c5a0c821b1dc488da1e09b7a620443b259f066a7b5436aa769587a","pkSm":"04ddc0be02367cd9fac492b54c70f8baaf129f118a11477a05d4d36ed5395b779e26ede12cecad3e5b760f80f501b5bc1e6eec5ae6d1e381b6ab233d39b01589c3","pkEm":"04549ec8b01dbea8f120a0ea1f0c7d3c30ae3a77ca894df5a44517ce06c86d68c0d3e0cb9fa51d334c110965cb731ece0442ac113a149aff8909c756a182449e88","enc":"04549ec8b01dbea8f120a0ea1f0c7d3c30ae3a77ca894df5a44517ce06c86d68c0d3e0cb9fa51d334c110965cb731ece0442ac113a149aff8909c756a182449e88","shared_secret":"2553d5ce79e9be7d4da87249a3cf0cd337123466842769aa7ea3ce722fa2f5e9","key_schedule_context":"03e4a0ff05c4c44e507f4dcfa55d959d4aaf010c069a4e6bb356931f3b4e1558b707f80bbb91ce7f560aa3471f09ad08d1510fe711d60c9fef568b977d067b7f26b7ecf6aeccbd7dfc9c4f8d6917caba5fd2376a4071a3ed8962f1442f25f34fc2addea034555e7302f685312d3149c4c044a5267eadc7df201c36caca1d871117","secret":"c05da60b4428de2a6723ca99450fa6ec73d6a7cd4902de4349960b0930d0e1b7994d58aad9acf3e360ed7774fc4438ab69eacec0b5c82c9c74b747d90d90d85c","key":"30c454a430be91820d1113b61a1ef329e11e33a3bec177a8d7e10f44b00c788f","nonce":"566575c59770a2b546bc87ae","exporter_secret":"6e66824813080c65b95dc0da510a806ade56e975a744f9a6b78061b13e5adeef167ad004430e1a8f9635b34fa1ddf348388c44d181a3f2a1841b7817c010f7cb","encryptions":[{"aad":"436f756e742d30","ciphertext":"1e0c65d8d42ab9af6a25ba62f269371f98d1f36878b09a9afd4f477ee7250902bddd4c16aeeaad06934ab8a0e6","nonce":"566575c59770a2b546bc87ae","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"b6624f14a6160306546181dddb832dfb3587726962e26819f854b2917faf9052b3dd641c21bb0d34ffe2e1aef4","nonce":"566575c59770a2b546bc87af","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"eead5db8438b50ba4eb3fb5c08fcefad66b3fbb07f2d84e751c6a9f49f754a860c77f8de71b32d53b3e794e84a","nonce":"566575c59770a2b546bc87ac","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"b3314287fd573edd49bc56ddb220e950421115fd5cba5c84dfbc26bd4b5fc80647450533fee66115a46b755422","nonce":"566575c59770a2b546bc87ad","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"8485d31052e46f016b236320caa6b217361df308171620f33fa5708010f7e839e1526ab24a8384e728b94ce9f1","nonce":"566575c59770a2b546bc87aa","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"ccd4bf2780428d6fcfb6a33ca1b99af4e4c4fcc5696f5361531d0281f26fbf37e884f081deaf84acdf4f832e47","nonce":"566575c59770a2b546bc87ab","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"fd8f0933ec05cbffc1d07cb2a87ce9709aa3b61b8a46c1fe159fe7d0e3894e3878c4b988529ba7a0d2503e0357","nonce":"566575c59770a2b546bc87a8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f16c39cd74597c3a6e761f7b4f2775241e5d780ddce0a24614d6c4f07b6d0b98f06d461f37ddacbedf06ec79e3","nonce":"566575c59770a2b546bc87a9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5baf72e19e0bca137649c039f6329170c08d67e514184e2b2e6fd41d8267d4b1cc520043b1afc1a9781e2e205a","nonce":"566575c59770a2b546bc87a6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"2963b4bdd359eebf21ff47b934509351a3270f55f6d9ab640a0075f5c9f1e8878ce8f1029bdaa3f234f3bbf334","nonce":"566575c59770a2b546bc87a7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"33db496ee718d283ff4278a60a89b68f9d06eb11365aa969ac0f5160f964a68f"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9545bb91de18940528abeef20a65e0ff882590577017dfebbc9971eabf634046"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"67299a96335b0cb5981f1a415af645ee23bc27a6f06a98c0f50e8bdab49c69fd"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"ba1fd2546c1912ae9939d41ccea4850af0eebba94ee19ca2a8fd5642c45f6488"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"0415931b9f7b16432416dec16f8861436eede89ef5a46fed7f14a2bb816df331"}]},{"mode":0,"kem_id":16,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b061f7e67feb0258e7245c8f8e473a18147a08060cb628a4a03f356ad2514f83","seedE":"864162263c95aede0f3fd2fac213e558810abb738291357eeafb332ce5291d26","skRm":"0440c3774a5b8e4ba71ce14baa3e1d12158b9360f962981554f28635a1fa5fa3","skEm":"5c554094a0b8a278a50f1e4f1aa9b6d024ea2b9b4d6468a3aa772e15c74e84ae","pkRm":"0475cc672d5db040b187506cbac6947bdddb60b0466739b117cf7b07bb679265337810e3fd359a409ccdec9b58682673ab7dfa969235ff0f89228f77cc16cd8811","pkEm":"04e93e5a08c8121bdb7a4c2966168a614fa58f8b7a11555ccc4bb3607087d674941882218d2c06166fe192fbf8cc756ce38875b81d05da6c7fc62e9fe5ac8c0c4b","enc":"04e93e5a08c8121bdb7a4c2966168a614fa58f8b7a11555ccc4bb3607087d674941882218d2c06166fe192fbf8cc756ce38875b81d05da6c7fc62e9fe5ac8c0c4b","shared_secret":"0ba5ff925f0c9aeca983d45b8ac812f721de185d1849c3cc567a9c3bfeb4739b","key_schedule_context":"00e622bbe03266624d8ea93c7d97d8be642f4955d8060d0ed7709255fba73356f48218480f1abfc9301b90f167be9779678624e6fb37cae923ff09a806e31e438ded71e9dde5769168bde996f6ce2fecafea09eefe04952d6c75fa87906c921b2c490d7b953d7ebf66f1ff7b81e80f150131de0d1b207e4d9209f185ae4c886e4b","secret":"79b68d94a06a5234a2b2b75272d90c92aea77f23bdc11e59a8b1c23e6e8c4b566f32d2151be767882dd12653ee152e5650402de20d46939adb81d54eca6d8ac2","key":"5e1cb61e6c8b468f22c24831489bd8471f10c11a3dac649eb42d49485d7687d9","nonce":"d708e8765ec29e285e1ed350","exporter_secret":"98b16f709c8ee264e881c07282ad5f467087558eec6bcd45307bb6ad36f037b1b7b3b004ad3a034c664730c393d2ae8b0fead816e8785360d23d2cfef5401dcf","encryptions":[{"aad":"436f756e742d30","ciphertext":"47db3b0aa16fe85b3b127e6e860a648e26b2b12b20b3fc214226187cdb6b7729dba11fb1a8576e0fb6d2785eae","nonce":"d708e8765ec29e285e1ed350","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"93a5b2c72fcd34c700f9c7b5f989c2ae39a5d77f1b295ac447a5bad197b829dffbd55d4e5f141c9c61321401fe","nonce":"d708e8765ec29e285e1ed351","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"041f70672286d27c8ffa2778edac385b446768187e2da99d7fffa06567ec2641ad8d61d1584bb3f3906eb87b0b","nonce":"d708e8765ec29e285e1ed352","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"7e0b239664bc6f3f7486770285663b8d6c4f04838c22a885f6db7339ca6323e860f2db05c3eb2eb9fd6c710e55","nonce":"d708e8765ec29e285e1ed353","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b785b4427b1d16ef4e18d8a0e7c003c4111d9975327033f087b553be33387c46f2af976172fd7fe1027d527e08","nonce":"d708e8765ec29e285e1ed354","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"65ca50c2c9b11c1486333590db3af5f96f3e5298ce8cf783af01a668c85e38c7563965757b63c4fd7ad1eb707c","nonce":"d708e8765ec29e285e1ed355","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"cbc72079b4bfbebd3942fadff28bc28c6a3a01cef85588b09fbaddeaad7ad5b836c52fcebad22d89fc36b88744","nonce":"d708e8765ec29e285e1ed356","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"ce2a4a499a0fab8c93c289eb1494f95f6dd190c2ea133167bcb3ecc11f8e0a0d06951ce5c02dbf5d1dd3ceed2a","nonce":"d708e8765ec29e285e1ed357","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"390d4ed9960fb9cf60618b93e938150beb99744c9ca56b583986146811160999a7cde9e141facbd07ac30c9b8a","nonce":"d708e8765ec29e285e1ed358","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"bfa96928e2e8236e87d2945c9eedfd6c440356f03f615fbead2984500fd82909b493c354d5c96fa9413f4399ea","nonce":"d708e8765ec29e285e1ed359","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"28b8663af3815617d7277fe2fe970c90f38db4c3af17692679dcc4653cc8da4d"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"3dce1ce3315cde15840a6a4b3b08b43dcab5791c8f842550e91405322b8ebee4"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"29f45577bc87105b6732263b3a8ce44eea68cbc4d1f82fccf1f27635e6223dc7"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"d8881a85d89809789e58b91f57f7a92ccc6b9bdfce7855cd431d3ea1dfd9f5f6"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"73cef42867956f369ba10496d24c5ae2da9ea736f08a46579f08525015678c31"}]},{"mode":1,"kem_id":16,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"7829af997003dd82b9f58e2d284699307f24dfb631bc44355c0db6221cea8ace","seedE":"59d9c10fcf7a238b6d7f20851223502f837a0a677833f2b0938976e94d3c3482","skRm":"a81ea9d321bff794554cbb80cc6a640f120d05170c59b597473b761fec5f3b3b","skEm":"628fd86ee8203b5b091940e726868b4f1d065f9f4802f10bb23c19581af72a78","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0482838e233d0972b052a4a3bdb1fdb8e0f8d909211b8a4bac11f49898a5a60ea2873c7a9c5e292b13f57d7c540b6ab3234f5b62cc10ad192d2a974f077a4feaf1","pkEm":"040b569364ecf147dcfaab27c9f32b2d372a4982c687d176a9431a5a4a0d735689261f3f7df13af7ba0f488f33cd277067eab8a1efdffd1a652182601618bcf53c","enc":"040b569364ecf147dcfaab27c9f32b2d372a4982c687d176a9431a5a4a0d735689261f3f7df13af7ba0f488f33cd277067eab8a1efdffd1a652182601618bcf53c","shared_secret":"61bda676b0b45bf76d4490d7f32fc88b5e98a985834d01eca40c2425dcaa3863","key_schedule_context":"010542a7e0afdfd9ca23b9ac7c0331b7593a8505a183a605b94c4b91f9e3c55aaefaab5fa4bfc63e4f27f242c8ad3170fa0da038c1d60aca18b949cb6047c56bf1ed71e9dde5769168bde996f6ce2fecafea09eefe04952d6c75fa87906c921b2c490d7b953d7ebf66f1ff7b81e80f150131de0d1b207e4d9209f185ae4c886e4b","secret":"acca99fa583f5cbbfe380c5b8b8e563ff5660babb79a657efb80c4b119cdcfcda8b8a899b6f38b257e09a892d045850e9be2f9b65a66212a65263707af987102","key":"6637f8affc276bdc902a0aafae3d89320582e01267dff1bab50cfdc86dee749f","nonce":"5e6008a2187680e40b02dcb5","exporter_secret":"98593091409ed29933c6d9f2d66f48c7cd079f32a6581ae8f825b7f24fdd95f1f5585a09c8f530872808b90b9f0f30bbe32d6eed5cbb9fa3a2bc7af316d90ed8","encryptions":[{"aad":"436f756e742d30","ciphertext":"0d02aa8cde4281cd95faf7b45ed59839f7b115d69a2f9b71f0fddf11370541f2eac9b6945e759da39cd1bc76c1","nonce":"5e6008a2187680e40b02dcb5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"9c93f3da62d7ad7ee2a5239e66261706b3845dafbbb31af9d4d81a99cbc784764556a197deaaff37007b454455","nonce":"5e6008a2187680e40b02dcb4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"19459000b301b00b8c203614ff9c285f33eaf26b67ec0c1a633ad948eee028189c4c6643fb579b95f132d4c9ac","nonce":"5e6008a2187680e40b02dcb7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"09dca54f0e438b51d791fb38536cb2af9d43140705718a4da8cdc98638313e690aa991e0c485cbf871bf7762b1","nonce":"5e6008a2187680e40b02dcb6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"17f8d4ff1c94551cf5ce77bd9536c6289144bc2cde44adf769b48b2d4b0fc86c19f1922301a1b918a0bd76abdb","nonce":"5e6008a2187680e40b02dcb1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d7c5eb6547c0437edfada6836a6b7c68de48989a90e05b84024f9cec4dfb44b6ae7f970bc3afaa772e358a4548","nonce":"5e6008a2187680e40b02dcb0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1408f897e06c317943156ff2a7d0f2483dc209ba1d0ab6a6bd7121058ac89b96e2f85f733d563f62cc4dac619c","nonce":"5e6008a2187680e40b02dcb3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"236f968351ef1c24be45688cae77b72f9e6b57ee7672d75fd98a4079a7db6b9291ada14688a3e47f00cedae5e5","nonce":"5e6008a2187680e40b02dcb2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"bc9e909cfea67b70030b39a7c56325dfebf00657b1356aec8213ca8621205fe779356c8fe58e88e175be012edc","nonce":"5e6008a2187680e40b02dcbd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"7817f9ffae65ac104f067cca0568a03218bcffaf18703b20f7973db38b82cc42ab66c549dc840c5e1e541339bc","nonce":"5e6008a2187680e40b02dcbc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"9ec938833be379f35306970221039fe820853e68abe551fab0e5c726cbb36120"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e578cd390df78aa20afb39f41a139a1c12af6c2bc1d588bae94be1ef80918378"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"85890887caf203e632929d29f01b70c5d2f358cbdcb585367f4a5ceaf08f9a97"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"4e2c6d13969c6bd3422e5737ff87f8ee0b3a46f0e92b395e16cbab28b7b282ca"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"0a377edeb68f9a223159e3646ab7a12b320e479d80adae9c09f5eb3f79736d1a"}]},{"mode":2,"kem_id":16,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3975483e6613099b12c9aa65a69dc088918305fce07e635986a5c47a70a77453","seedS":"0ce38851fe2134a68730f84063413ed0bcf1707dd296be62ad34c739ba31dfda","seedE":"e17192a4e1a863a7b4b9e985b59f9d86281fa578f68e8e5e7a0919febff51b32","skRm":"9b27a25c90b9b7b3d00ba9e310028ed7c40909853c3e432c1a9e81ef915e0a5b","skSm":"0d20b214444aa00095b7b982cfb34003ab941999a7d78abe4c3aed79114a75e7","skEm":"f69e98cecebf9a188f1a9fdff538c207c3f7bd4cf111b90cb5d1b5b0e5422d15","pkRm":"04fe1d93e77b4bc8cf3a61ab0329a3b3f8c78abdec0d5870a935e5f18905e3f86f4071515fe974e6157c96645d036766e32ed4d9483bc7077a15c98a4bfef91038","pkSm":"04b6d4ae3f5691816d76b8bd8900af2f8f111117febabb3aa4706ad0472147828223aef0fc9ac1bb6c1e4612301d907bc29e254294c9edd0619b8bbd1b9a93bde4","pkEm":"042c880802d69ff88b24f0b34dab3546b6505554c722cbe371d745169835df37757f9dcc44db2e4d03e08746da5cb0e9272e662589df2e1d1ce670173f3e0046be","enc":"042c880802d69ff88b24f0b34dab3546b6505554c722cbe371d745169835df37757f9dcc44db2e4d03e08746da5cb0e9272e662589df2e1d1ce670173f3e0046be","shared_secret":"92e2e215c1a83d54639c2a1cf809b78a6050765b9f84cf81881d799c6f8b5dc7","key_schedule_context":"02e622bbe03266624d8ea93c7d97d8be642f4955d8060d0ed7709255fba73356f48218480f1abfc9301b90f167be9779678624e6fb37cae923ff09a806e31e438ded71e9dde5769168bde996f6ce2fecafea09eefe04952d6c75fa87906c921b2c490d7b953d7ebf66f1ff7b81e80f150131de0d1b207e4d9209f185ae4c886e4b","secret":"67791051cc284d16971022e4140dad5ebe435fc27067e882caea13272968a75ba054045db86e08066b6ea14f4982043efc560144bd12290751194dbbb85f4961","key":"8eecd47dfa050abca604ff8aeea71df7aa20f2a61ba650e93880160ce781860b","nonce":"dba0aad9cdfd91c3e2bdd9c7","exporter_secret":"9a2e52b3b2f54c0e8f8df55e805d503f09ccd8851f1fb860c0f48ef53169e3a0a6fda981e25a30242d2e4dcdb6cd1d50eda739ae3a9a754a019cc8d18ef02dab","encryptions":[{"aad":"436f756e742d30","ciphertext":"cd47d6b79271dd65a95e651f1594e02de22fa6c6ca59a1eb7335d2c3568f5a37d787e8da6bb16713b07e1920cc","nonce":"dba0aad9cdfd91c3e2bdd9c7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"89d4fb73d7fe464ec758d4076ee0d3a2bb00d25b7ef903acb3871eba1ac1aab119695c53adba8b819176114b69","nonce":"dba0aad9cdfd91c3e2bdd9c6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"692c684d791f6672b1a377f8f17499082a9bb35f7d98589951fdbe6b6dbc967ff6143b721abff9565133ba33ac","nonce":"dba0aad9cdfd91c3e2bdd9c5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"a3d130c6b42477bf3891c4e33c1ade1587c7b33bd1cb2257a1e6abf24414837ee1cdf68beef7af89b274799a14","nonce":"dba0aad9cdfd91c3e2bdd9c4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"6011032c0492384cf8e0104269fd7e89083f4b6a779eee49d14d76a61679fe8aa3434ae9e0cd2e746bea94bc50","nonce":"dba0aad9cdfd91c3e2bdd9c3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"7c490437c971373c093f387b58bccb4e43b67f102dc768311f757a22e0812b38b9be64f4413b34cdff8a13f01f","nonce":"dba0aad9cdfd91c3e2bdd9c2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"2c0b07b9150c30d997715c1538923ca5c825c01ac34dc8ff1ee3747f8b29fedf298658661fba5e707945462434","nonce":"dba0aad9cdfd91c3e2bdd9c1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"13e6520b3a152ffb90181bd806b6d6b15c470340512f017a45fbb2123d3c910a0db8aecc9b29163dd1ecaaebee","nonce":"dba0aad9cdfd91c3e2bdd9c0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e656d5157f662d6958b2f5030084a4f0d77a64b811646a4938bbea17a8ee0b3422a1e186451ffa5d08610994b1","nonce":"dba0aad9cdfd91c3e2bdd9cf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"8b147757b8eddfc5689121627278b39ece9fcabd717df933b116a2ac408e1f11b61e1eef25485551a772583d08","nonce":"dba0aad9cdfd91c3e2bdd9ce","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"03cc00d46a614895cc3be43b10245e1b35dd17a5600c66bd2cf0ef37071040da"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"9ead40dd07b3c1b8617c853ac965f6aca452ede79808239600c04d75a30abdd6"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"fe2e2794ee74171b3d44c8d2a65f4f296c5e1d3da2c6bec9df6456c8d9bbf6b4"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"3ad099547cd3209ee8b801299df44274252607496d6178f3a7eb32c0f4ed9773"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"2401d653c088ee5fda56b3caa833442ddecc00cebfbdefb3b95d624f1e6f3a29"}]},{"mode":3,"kem_id":16,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"c32e5a08622ec62f4688d78a8aa0d431088532688f5dc6953e99ffccf3ddf60e","seedS":"83f63934a46e13925f7581c9feb1e3940ab207827b34564ff08277412da1c532","seedE":"d74cf4f19cdf40008a438518fbfb82725809bbcd4d5ff2dd5dfd2529578a84a5","skRm":"3dcbbcc97592cb236ede3a957013415f47aed3cf83b7525ed9398ececc416899","skSm":"520f211a36ef47379ac0d9c4e91ff4aeb282220efb998c7f598190312953f230","skEm":"37f12b882a9c02a83b55d59fb3eb34b3f036ef5e5bf7b6f48baf44b40dedcbbd","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04f8407001cf5dd69d3a316dd921bd950449985510b51b81e714b33850472e3f414bef638b3fe1a60e79b0acd3f4397a4056fdf799db378a661cfdeac3b3d4d56b","pkSm":"040a6281a4bef779452081e500734262e21ecfe18cf5e968297fc98b21536a3bf518ef35f25c67a69077638644a69dec037fadfb940cf82a858f68433031f4b9bb","pkEm":"04dfed83c20373d55ec642d22562863f7220c61457d661bf8e8ca27d6566be3c2d69d94587c7f68784ce68e4d08b8b619495a37a6bcba2fbe156bb543e5f8d62a6","enc":"04dfed83c20373d55ec642d22562863f7220c61457d661bf8e8ca27d6566be3c2d69d94587c7f68784ce68e4d08b8b619495a37a6bcba2fbe156bb543e5f8d62a6","shared_secret":"a523e7db8f26e7003986ec8a633a6c7db0fbe7dc1e222c7cf6250079c9e990c1","key_schedule_context":"030542a7e0afdfd9ca23b9ac7c0331b7593a8505a183a605b94c4b91f9e3c55aaefaab5fa4bfc63e4f27f242c8ad3170fa0da038c1d60aca18b949cb6047c56bf1ed71e9dde5769168bde996f6ce2fecafea09eefe04952d6c75fa87906c921b2c490d7b953d7ebf66f1ff7b81e80f150131de0d1b207e4d9209f185ae4c886e4b","secret":"0acac8bfa5c87a9968f4240620463488d1db7ef4b74616041b34bf0a2c5d01c13e9efd2f51509b8c2612804a9a36d86ed422717e133be1424933d67bbfd8ae40","key":"2de8d0ed2bb0f4ac80df804c157f59a7b735dc80ac679c75208bd0fee66195d5","nonce":"61f2cfc2b6eaff09cf00e852","exporter_secret":"dbb308a5d160f26eed605379e96215a25a652c806e27719218ae42b22bdd13e32354245652ae99a7fbca926106b092a259fabb77c35d7f27c29063ba8eac5062","encryptions":[{"aad":"436f756e742d30","ciphertext":"d931e102f03a85139f19c687e1872bc2e7eb088e0e6f52623fbafe58931413a0ebf74a6dc7a0c867e44aacf14d","nonce":"61f2cfc2b6eaff09cf00e852","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"3a9eb1457608e6db82d027e070975274a6c78d84b65454be23d443f5f123d6901bf2258053aae7a3fc639262be","nonce":"61f2cfc2b6eaff09cf00e853","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"ba91f6569a61474947c8195b6f82446e3ab27b34cc0105cbd27d83c3804c936ac9682520152e3fabb3a7d25de4","nonce":"61f2cfc2b6eaff09cf00e850","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"888be00d8fccd99c9a61711b4988f799456b174f4bf5ca01adedeca57cabb578debd6315fed7b7222c69ecb635","nonce":"61f2cfc2b6eaff09cf00e851","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"89bdcd086d3e6d40469301fa9f1501c6b8513ae3033446c6914b3d361484ab7df88b5fdfc42acd2a2bcc4b4ccc","nonce":"61f2cfc2b6eaff09cf00e856","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"8d015f1a65e56f4e6a40b79e11e4e872c950cd73e187f55bf3f2d528d956d36b182a7a039e788f5329a2d1b6e0","nonce":"61f2cfc2b6eaff09cf00e857","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"098cfbbb0c7da2229b38886118d480fbcd67e4e97c56206a99ce97e2f339d0a571e2ed420e0988aafa41f299e8","nonce":"61f2cfc2b6eaff09cf00e854","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"b4fde11cfbcabc4c2ac865f58bb954d066f22f08359df9047bfffe1c9b882844cb460540817aa9a588a1490e36","nonce":"61f2cfc2b6eaff09cf00e855","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e9de06ebbf1784c19051a4cd50f2a1608a85ae0285617c970d900eb545d9abde1e5bd01b982a2498bcf7ac25f0","nonce":"61f2cfc2b6eaff09cf00e85a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"82c82e24d9fd07af6b6fadd5a05f286785a363e726d2fd30d1298ec031c68fdbab1ba25c8d08ba57d03e518144","nonce":"61f2cfc2b6eaff09cf00e85b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c875e0e5210a7ee5283f9917d28cf7869b959d09eabe10a07b6be3e088bd8df0"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"aceca56efd2f67f774bf21abd3aa82fb6e0112ec42785abf3de27e15d234cb8d"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9a4b7f4bcb09528dc5bbd1f80b30e64be514fdb2fb46204bf46b09bc229065db"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"0d7841b054ffb4681f847438c237694bd0a792d5381c1f93a8ad5c006b3b36f6"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"ade658c23485d3d7858cdb7c45982d5c2761501acfc10dfc5cbef8a00f9f0cd4"}]},{"mode":0,"kem_id":18,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"883b63f591af5f3b1c4c7c288a5b3c7d40d3388fce16a1e62c43b8f8a85e9250091c7f1b6b46b1ab36134640d37e0636a344bc58026160edb0badd4ab5a58fc0c568","seedE":"924196136779a5fc979d90c68c8ea9e17cd0c39a8aa506cb494366f72c8032e8ad88530c81a278abefea49f0c6b0bbf778680e12b8f10a3d0d437f931d84cd3575f2","skRm":"001993eb42a296db6a3ec78f6ed4b5030c988de0616f798c81a21fbf573f5c71edfe9164aae52a3c9aeff6efcb2638e8e1ec4deac827a924a9a3f0da85abfb8daf8e","skEm":"01b00e7284c2c38cb7147c36b162373983754a1bae0287030201ad17c0ce5a011919ba38cdb29a6849af11a734783070cb0a5d4a071daea7727f0c74be2f21c3ad1c","pkRm":"0400377fc101f2314202bc00e3b6a145d22a8c5a519bd1bfc68f0718483480b14d1ea3e735fc1eef0487125e2b8b3d50fdc6e829b34d7d662757f54a5cee84051e64ef001eb378e3af7e9c001ae59f5bb9d2b21765f8a9c11933f89286c2593bc39972d92958dcbc9870dd1987d5229988c4634caa82a42795f434b8bcbfb88ad512020813","pkEm":"040032bba569e6b9f5249ec4aa95d2c724c15de4b78b96de19ee860252ce6c647834eeaa62068909c32738f32299cf94ff20acd22e00eedad7a67833739e88d94530b40199f1af2fe20440a7eed0cb38958322c128b3a26f4c6dfc20e8864bfd1e90c3ca63135edd65937fa876cc69a57bb4af6fd758e2131cf24afd3cab39c63c394dd0a4","enc":"040032bba569e6b9f5249ec4aa95d2c724c15de4b78b96de19ee860252ce6c647834eeaa62068909c32738f32299cf94ff20acd22e00eedad7a67833739e88d94530b40199f1af2fe20440a7eed0cb38958322c128b3a26f4c6dfc20e8864bfd1e90c3ca63135edd65937fa876cc69a57bb4af6fd758e2131cf24afd3cab39c63c394dd0a4","shared_secret":"ca3706b50c343d862f3db67d8beb68f5cd10fb7bf2f27558bad5078aa84cc2d58f3fd53691ce4b4f6d651ba6f222dd70470268dce1c8911fcbb807ae4e36542c","key_schedule_context":"00eb019bbafcd598e780a14b2fd24d49bd927c4f7b00c169f110ddd5edcab0266563c3e22d2189ce73cf281fdd334f2165aef7f5ae7015ecc70e16decdc2544bdb","secret":"7e6170f050bb4f2d35c49f0deb1441770497e5e6e87942121882ee1f2bb7fe28","key":"efb5caf6834ea53ba29905ca76d72157","nonce":"71ba271e5c494a6acdcb7440","exporter_secret":"485b072652c31732e003ae54368ecb7b0a161acb16b7386c034ceed4d035137e","encryptions":[{"aad":"436f756e742d30","ciphertext":"7e76da9584726f765c58a551512f15bbf2dc31295cb73abc78a33bec3553f27296160da25a606f32c6bab0687f","nonce":"71ba271e5c494a6acdcb7440","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"beaf5b6a214e83c3ccba4a5c6e212817f312267af6986874489fa2ac491109a9e1973719ed8a115d5eaf1595aa","nonce":"71ba271e5c494a6acdcb7441","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"c6568e2fbe48de1877e646a3d9bb14740200289e6b5b50b5134066dc5facd9528ba97ed4c4f380ff98641877a0","nonce":"71ba271e5c494a6acdcb7442","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"8b3b9c45e3a7d78ad36562e4e1b8202ff800dd8ced4d18a6abe207b2b6c4c28f44086d27548b061af426bb07c6","nonce":"71ba271e5c494a6acdcb7443","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"a5ceda5bf6bcd8c61093a2f4badc6217c49691a5f6223a72f1aec148c448e9759b1c33de8ac492e2c51cb89e43","nonce":"71ba271e5c494a6acdcb7444","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"9484b665a34e65e0f194ab54ef4c49e1efb52bc9fe8bbaffb2723a9a72c6402c4123873aabb71c48b362ac5097","nonce":"71ba271e5c494a6acdcb7445","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"31987fa2009732f8ee05d374086bd3df97daedc67815c1888fbdfedc63e41ed0c685e703ce05f34428348c0fb6","nonce":"71ba271e5c494a6acdcb7446","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"5f5e483a7ec180a37ab75db5b04237014bf1354a882cf7205dd04c826a452a426faedbbf7c7fe2bc245565bf2e","nonce":"71ba271e5c494a6acdcb7447","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"f95e2ab99c90d816f37718753ed2c431f10eb8f30984463fe2c1593915973675af65bf17a764b0ff3f3e7932ed","nonce":"71ba271e5c494a6acdcb7448","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9912a6c284aa299a0167770928f780fd01bd16da13af9f55a24531f199c448cc72ca01b660b3c23be5c76e46df","nonce":"71ba271e5c494a6acdcb7449","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"8af42c0b20c405eb1b0d8b99c6d1658c1f470184d67876dcb3a6dcaf5ce650e4"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"94ed2280ae2b8024f4ccacb620acfe90c317f95be342917d48c68ac81bfa2b2b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1bd714ae6b0f4f9f54c3ac147b70f7c24052633a04ba1f163cdd82d35843f52e"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"822a81dfb867874c36111ecb4855db7f3931adf5299cf0ef21d17bb14fe39898"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"cd87435d18a71e8681545f8b831d4925bf46999867f96a75e7db68050027f17a"}]},{"mode":1,"kem_id":18,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"bcfffcb919c93a135aa9c240bdde09e89ffdb34be7262c63090b687ed1a6f3b67e62ed939e2d9e4e2117fc6b45e5ec71f62bfd5638b3c8cc2ea7917e512076b7a4fc","seedE":"eb205ef7c6f80dd291630b94e95a91499e73e9d15a14f4873588beae7bbe28e356341d6440b3d340673b866d91a3bbaad4d0eee675129e8928cca73d2663e5dce170","skRm":"006ba0fb298dc4698de10e275822720349fb3023602f5c497e0561caa3d903db86ab6899517d7f91cd83408fba363918f73a11bf4d5bd4c399202aa8d5847f784085","skEm":"0193872d5dd52e9c50035e68edd70230363684364efa20483723dd390eb06adea9e83c6c765af3aa5d5cb26b108d054defbaffd466cfbe4ae55f1c7524637dd1237f","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0401052a180494fa898ca3f444d3c4c7d0202abf2613bd9cb6bab164fad706dc15bb5674e432abe7ca264adfdc139d6532f06e036d6dc055cb710e19dfdf120d32688001975d506e22708b80da3dbcf660b220223328e718e60740835e5faa7094882d735c63264aaead194045277766bb3fd5ca40c8e6c800b4e50c059fef7f99fb40fe5c","pkEm":"0401a20d7906148209dd5f31dd677377497392a49919643117bf01c24653c0b3188f4a003cf418918065a1a4c61e6a56c2a3dbac858fcef61d5f88376fc8b54c2218f900eaa12ea41da2b95caa85f9ae8eb315dc2f17658b98cc0d1c4d08cd83137a81588d6bf125db78c1223b7532dbb86e92786fa2080fcf9b772d849a9e1cfdaba5f667","enc":"0401a20d7906148209dd5f31dd677377497392a49919643117bf01c24653c0b3188f4a003cf418918065a1a4c61e6a56c2a3dbac858fcef61d5f88376fc8b54c2218f900eaa12ea41da2b95caa85f9ae8eb315dc2f17658b98cc0d1c4d08cd83137a81588d6bf125db78c1223b7532dbb86e92786fa2080fcf9b772d849a9e1cfdaba5f667","shared_secret":"5ff6ae5f1b9894abc636391de762794be83f9c20f6b7bb60980b09a00bd4a96b0f68a04d63e600ede81862b8fd51e165651e10941ddccc02c99c99e5a5209c8a","key_schedule_context":"015dd167df8d4130b09e24af66848741f066b89054d7926b8d4c82b2c68751bceb63c3e22d2189ce73cf281fdd334f2165aef7f5ae7015ecc70e16decdc2544bdb","secret":"52cbbedbe85dc9cfd93dfb3e508adec934c7e99b2f7f8520f1a2925318b15590","key":"3238b1c5b5efa1413a8867909863da81","nonce":"132b96cc62303e3fbddc304c","exporter_secret":"37064f7c3d0ccefcd22a2bde6849471323f431cd3d88b081bae40103fc520e58","encryptions":[{"aad":"436f756e742d30","ciphertext":"6be53b0ddbf6e3d25074b1a8f11584ba75deff5a55b3eeb7b744139e37086bb74a07b810336057f78874267485","nonce":"132b96cc62303e3fbddc304c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e8021f6dab683ce41ae36e5de06faf441e9778a62c1c3b232fd9c81958e659a91de69e5cf05002879e15439882","nonce":"132b96cc62303e3fbddc304d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"33688f12641154a68644c8c70e9f57c9c60baa4ee71ca2b5cce385dba6b8595f1566eaa07a47d1b8018dbebcbd","nonce":"132b96cc62303e3fbddc304e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d10d08ab7c24763409afde1e976467746daca2e4b57010c9a60e3ad7e07f39c8e5f9ffc33a6ee38d3616f29d3e","nonce":"132b96cc62303e3fbddc304f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"a6ca67384bb3888a12897b9c2872b5910103d4d28cba0103af6b57d46ac4c562fd33e81efcb3f7caecc30c81f3","nonce":"132b96cc62303e3fbddc3048","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"ecd075e87741e18cd60eb98a92af5ae621c2cff12406452999dcac084c8b07e80f6986c04743a7de2a13fba5bc","nonce":"132b96cc62303e3fbddc3049","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"9f920a5c18dad698f590f7f7fdafc66e632bfab31ae0f3371619c5425cf7616712a0be6191a20f56a164d0eec7","nonce":"132b96cc62303e3fbddc304a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"d920e8b018439f275ed4e7f1433c2e7fd272b3d60f609c8ec26321219d14e4dcfe0dd8063d6aaaa7c69bb27b98","nonce":"132b96cc62303e3fbddc304b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d4fe1a5daccb621a565bdc09797e9269f8e72d84c8706d547a13188c55ad8be743178015033a73caab8e4a3b4e","nonce":"132b96cc62303e3fbddc3044","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"5ee3c57f5e7afcd69d5d2bba4bfefb2fb317faa6764c8f45b0d4669b7947d49b21923a2023d944621ac1990689","nonce":"132b96cc62303e3fbddc3045","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"62cac863ac85dce6cab0f5025b28f00d892aefe886d929841c5db018b6cdc4cd"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"85985c0dedaa6874b648ffe2309bdfa363c25272dc19ee9521a1632c587f9bab"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"6e011df6c2c5da3ac11e5709ce9c19e3bffeb32f1a86f01c0a99315336b40b69"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"360de08e21d527bacdfeecaf2df5ed56bc04444ddbd74f2521af38abb6759fe6"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"835e5f5e54db12b144b3524cff06995825f944f2a8c67294940cd73626c9b49c"}]},{"mode":2,"kem_id":18,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"7a40fd2e51e538bbbad16e12f2af6ae5f7dd125c46141fbe172bbd4c8d8ff8c195855e7c7c3aaa05f72ff19a79a09f88ade9e21cd124a0cb7ec0e3b3398da0a885ce","seedS":"9915274f9c98b27d28e6b4caa0aae346292e4279aae1b031de9a57636bd6dca538957cd6241e58e98ab14fa00aab5126e26c65807045198020c4a036849b0bf0e81c","seedE":"7f85ef97913400d6e42bbbcc2f8d350b9cc2c871f0cf9a8e1addfcfd2fb4dd2a1272a3e73d920b62f1ef55eb8768d880c756287b0fbf9bf8f87e3086c8f1e60f2649","skRm":"01261eace5e2de2dc005c85c3d8528773c10657793856ed2330738810c0cc489bdda7785ef7f16e24dce6ed85df1840acd9532201b193caa01104a1875fd029ec556","skSm":"006c7164a9a6ae0ac71ac3ee6accc6d04627422abf2d217f9e0c62663de6b566d3c4215990c174eb79068c09aeabccfafd6bc9c61770e17178e647aefbe02ab2b17e","skEm":"0087d99d333cd16b102bac579d769f45779608961e26783dc1d1803109b7f1ee61202f4fdfca7f8e89186ff2f2b840b3a4fe98c7735007f2cc7032f233249b372457","pkRm":"0401597ec93b14ee576137dcc4295b4253b0de665a9a837f818e30d3de2a3a27da54beb9e2f9c89ec69aa508f4f1a91e9429182fc2c746fc9cfc839d87ec09f88d37910011d9b9b4f933cb7b3b891875bf0a7178db89c4fccbd7532cbc13c698537362602d38fe1b7745c015f1907140491bc71f2e2cc172a8dbb168bbe051bd4b74836bb8","pkSm":"0401bbf341d021e390bae735b94ac33cd911147f8699419cfbfae68d3df1417212dbec694bf69bccf9b52adbc9125e10cc5e15bda9ce3b9030e94a05a5620b0038d296008b35142c100020a00266cb10131a64666e59ea3bfecb6570c4e8036eb22cff730381cdc5b83cfb7c6f50f3038413b6ec9231d814c883e1ed3ddc808e0b11a99f38","pkEm":"0401e46b501645fd1f216d8c0f7db734ccd2ffe19c715f591ea8733ee0d2be59be2a2a6e16ba977f1765344720daf4cd8e9c04c08ea95910a933a238daf8179d6834de00dade88dc8bc03640be50ec0c3024300e2dc89b1348fb90f69770e53fe05c4adf864e5f9067fd4e0d62066b9d31e706d02c1bf297f4664f45a05df3c881639f9bf5","enc":"0401e46b501645fd1f216d8c0f7db734ccd2ffe19c715f591ea8733ee0d2be59be2a2a6e16ba977f1765344720daf4cd8e9c04c08ea95910a933a238daf8179d6834de00dade88dc8bc03640be50ec0c3024300e2dc89b1348fb90f69770e53fe05c4adf864e5f9067fd4e0d62066b9d31e706d02c1bf297f4664f45a05df3c881639f9bf5","shared_secret":"2699d5a9a67c8a789903a1c874f95eb3c5dc5f8a6af18d45d72abf4ec3108323378b82b622b9a1b79e45b0e22265b746167387245edccdaafb932a700b9756af","key_schedule_context":"02eb019bbafcd598e780a14b2fd24d49bd927c4f7b00c169f110ddd5edcab0266563c3e22d2189ce73cf281fdd334f2165aef7f5ae7015ecc70e16decdc2544bdb","secret":"9ba8e80d2290b61d6d243627e30a68d3d9f0551419bdd6d1574ed6d0075ed44b","key":"f01a98f2c465fa7794a112a86ad3f96f","nonce":"4c1687c4f8caa631acfb159f","exporter_secret":"437931bc930991f1a86e9bb4af505b9f96146d56095c739ec4438716cd1dbb72","encryptions":[{"aad":"436f756e742d30","ciphertext":"667fe72156c28642e67807a90671f84bf65e83a18d04b46b522bbe3102e0cb39dcff4b0ea0cf529f4f88794a51","nonce":"4c1687c4f8caa631acfb159f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"e7d15754bfe78cd9c6006485761c329a50601cb6469fb07d0c1e882fcac4b8e71748ceb68196e1c6a238bb81b3","nonce":"4c1687c4f8caa631acfb159e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"0a3d684520e9765cb9e3917aaeb5fa32e69ffed0bdeb31b9efbc8ac12b7606091de95e216b689471cd3516babf","nonce":"4c1687c4f8caa631acfb159d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"3687c3be20891a0bca8254d49c15da646630dc3fb4badfc20b19ed5f2176a081f78c7bd17f243721508f23abba","nonce":"4c1687c4f8caa631acfb159c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5099ab66dff6582db90cde08bda5cf0d0aec950e7f21647d031240dce43a84f68a1560577d04b8a882c0cc964d","nonce":"4c1687c4f8caa631acfb159b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"6288fbebfd2d8c2919a687802c8969f13f9b2f3e6ee5dc7fd119699e4c8326234d67091de2c75448e5f25f391c","nonce":"4c1687c4f8caa631acfb159a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"ac53921b0eb8e855c06ed966ef55342000a403aeb003992e5a53d416ee87d88f765d327c3f7c38e285241380c1","nonce":"4c1687c4f8caa631acfb1599","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"a1d21e2a1a80b144b8963f80a71f7103fa7437e1e714be98839a8f622a287ba2a6cdd5dba928cdcd06ea97c8de","nonce":"4c1687c4f8caa631acfb1598","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"cd84466b74b520bc87887fba5a4b593313e1135666635917094c0c76c94af774b8cbfc32c1ecfcb76ff6343dd1","nonce":"4c1687c4f8caa631acfb1597","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"393c3d1876a86998ef7d558845f03735aeb83c0c0fb8940138764cabd1a03861572835031516f6fa626317208e","nonce":"4c1687c4f8caa631acfb1596","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"102224cc9f9bfdc37c155061062da6b1a73a3701854a1411b071c10794f35c9a"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e70e15c34a084486b53487e83344c31911a4b2ec758b2ccb1815307015f4497d"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"3a89ffac5ee70c38fb6cf876b7afb32266b279f87399d062f18e4d62e5a8ca76"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e17d1ba6e8a6634ebe493843da89b31c949d0dd87ce97878128e2dc7866b2be3"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d78d8b73c548d06caea8ef22ef9df79895a611e4af323cc1ab5be635bcdb619a"}]},{"mode":3,"kem_id":18,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"5bec846892b6974d9e697096721ab56441b4aa13a3ab22e86af11cb65cb19cdd045f812facef3942b68c8ee808a596b2388afd7b8a0264e6ebd975bd127283e1812f","seedS":"9a9a583d77b0ec97d8c645df3bb19c69f9932c8a38d8e7983cc7e07880f9deb0723ee9eedfd793d0ac1d501114994ed91fc944b68893bf72a72f4f1c5b85876a3ceb","seedE":"861bd6aac8080815c8640e0fa5f756d41996c21495af4165bc72abbf22c6c86e13388b6f7b02e940351babc3230ed161f951afd2588aa3d55a6fce8892434e407da9","skRm":"0190d3282aeaa815e05497a2b5f532d2ae2975b81f3fdc4757cbe146402407e2eb060effd7b43bc906015db1c5ee56214846d9c95ce4b8670e08d104c88afd477c9f","skSm":"005c5ea616e78b4ad3985705424c5197f5dab1a21d00069b5497f1d95620d2ba9de87ec5ed2a6002a19b87b3d5a770932b24371d40f937eb5546511d8d59f34934f9","skEm":"01689b2050c8ad4c652ae4be0a923fe86508404c130f968a8ad3887cf807d0e2525718bc206ff1f04801c77cc3f08c0e971d566751d5d842fb6fa16fbea62a3224ca","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0401ad37bb93d2ae6e0c5292d0a4a7cb771595e0d53e276cdbde8379f489bb844b4d1ce4765ee9b9af6d928bd206687b121ee9f813eb32430675058751d8981f98ab7c008eb3b2680f3330d241dba3cdaf8aa48c768c82848d19eca91d6847b25c6a6d83f8a5a6410b9a35763340fbb47bfd4d785f3d6f9424de6b145d21cf45d22238e61d","pkSm":"0401d1d0ffc26f09ba4d2f5c8d7457d55e2904d085365820290a4b70e96c7900ba7478a3db79067d52b4aba180efce4b64ef88c332caa03a8d852911b9162ed20e61db01d1c37ca3b5cdb9ca3653f1c0a9407aaf83b6b82ec4ecdacc73677d3d8e44ab75703e56443875d5fe28d4ebfad20725271e83779046fb108a28718cb71ddebcbc63","pkEm":"0400c2abb61b29e6379fb282572f55b5871bbdf708929126b842fa5b0d321941f8e1c7f0c3a3425108e30b5cdede9d13f25636b7de02dec7309e79e7d3f36b378814170035fbf0e10fee77ec0ada13f8349bfd84279cfacd74dcbc83a91f17439660dbd50330e82155af5094d02af3d27873cb956dc571f27a5fd67185f6fad4216a271f90","enc":"0400c2abb61b29e6379fb282572f55b5871bbdf708929126b842fa5b0d321941f8e1c7f0c3a3425108e30b5cdede9d13f25636b7de02dec7309e79e7d3f36b378814170035fbf0e10fee77ec0ada13f8349bfd84279cfacd74dcbc83a91f17439660dbd50330e82155af5094d02af3d27873cb956dc571f27a5fd67185f6fad4216a271f90","shared_secret":"29981f95190cef5117aa8bb6fdfb0266332a1ea4417eda0602f47fb1f6b61e5f05e86a5d08c9257d206ab090ce56400f164ea86dfc749c138186739fb858b2d6","key_schedule_context":"035dd167df8d4130b09e24af66848741f066b89054d7926b8d4c82b2c68751bceb63c3e22d2189ce73cf281fdd334f2165aef7f5ae7015ecc70e16decdc2544bdb","secret":"6911cf879f086e020949464238d53baf2d622a3664933610ef062926d7ad18e5","key":"efee78f7da9b2e4163f6234034edc8f4","nonce":"0ac2f422453abed28add917f","exporter_secret":"b39440418a94c29d21c2b08c45d16fc41ff0816b486d5424c38294034f2b8016","encryptions":[{"aad":"436f756e742d30","ciphertext":"a77366eedc024c8e6f13fd735ecefd95283af9ba68d5895d82415b3c9b3c2599cf45d07725dd221abbdadfe7b6","nonce":"0ac2f422453abed28add917f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"2a182c102dcba15a6df2982fa69fd342ea1b3736a33288b0a0343bec074b398b1ef77e7db124884ba1a778cf7d","nonce":"0ac2f422453abed28add917e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"bcf789ec1035c49fe0ec6b55983f0397f07df20364faac3df71a1e7a9ef3b8f8aab4d1cae407797c46d2e263ad","nonce":"0ac2f422453abed28add917d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1e8a4334bfa3d23271ff0d7d5ce99b8e2f2debbb6e48e44998b488facf169c28396bf1cde59eeee22b198621cd","nonce":"0ac2f422453abed28add917c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"6708c6b3977f4ba7204e2dc5210dd7d0b75a1b9a9b6a049917ddbbb739d78c991748ebed65244f9a5c5db58151","nonce":"0ac2f422453abed28add917b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"787b45d4dcade6d5e347c1a78176544f9ec8c620ec8c03bd9058cabc88062850cd1d61d7b578300e12f46bfb85","nonce":"0ac2f422453abed28add917a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"06056c6438a52d73712025ac32fc376818e9f67a8a3d61f0869c0b3fdbb312d459ecdb10aa843ab637703b00cd","nonce":"0ac2f422453abed28add9179","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"48801509ce1f93c006940e0c521958cbfd4948985de9b9dad0aca9b4cb303ee1b10987c86471791b973c4c8aec","nonce":"0ac2f422453abed28add9178","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"682641e8dd6a21f8c9be5c335655f85600191320faec87481744dee3d52da8dec5b854b9955ed6990bb36472cf","nonce":"0ac2f422453abed28add9177","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"f27e70d7b16bd3f9f4b4b5af18b75072059c9dd18a34f096a6dafb1acfdfa4934598843de58014080420909f3c","nonce":"0ac2f422453abed28add9176","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"7f8ea6e212b6e0f0733375c9e4e89060f090dd3ef47d7bb590789df7673d44f5"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"58055ba847127891e78d055217f54243540f2e599962e1a943a19541c90f8aa1"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"455c66b166c374dba86cb99ca2d60175cc558a92d2a1799a7ae2c8c1d73db3ab"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"1096b657944a8af87745b1477f00f222032267c490a3dd8da02afd2072177df5"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"64e5a26520d3f60d40369069ec47ed11225e5977173315ff81d5f62de031bc0c"}]},{"mode":0,"kem_id":18,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"7d68e0016a8efafe04ea92a83c36ad7ebf20a4451ca20aa52bd9e8c324a4b7f3836bcc9d74a4bf17c6985d6bae94b7f4f775a751622d3a7dbe8a69e1d7a37e804473","seedE":"c2cf7ab17e805e2e36a2e2f31ca4c11ce2eac6ea63b7931a235d42947d904085942e610c056b5e00daf71f80c124bc3943ed4214776d211e1cc13412d742056da275","skRm":"01785bcf85db89f9488f04bcdd163873c4781f870b5f778c095987c28193a589baa36fe628a0285e4d50a353fdae7989fd3bdecfe6bbb16e2b554e0fa6cc2856c16d","skEm":"00e2b58a245c0945179103980aa9a2eabfc2dd5ab59dbceb64d3eb0b8cff35bf5cf34f721fbfe272da9473098ec4cde03d0b989f970b2601fbe1f3d8397d9bbcc94e","pkRm":"04001d53280f009b961237235784769368f60e935f98ac947818960278b8bed4505f82a9354702dc4f3597cf5e3e6fb9cfd09d881db0e61d44a19d05f9809d5caad24d006ecfc529c4b93e1a654bbe010aa22d8868f6aa3bef20d7c20e3b19bf56dd8146e78621e8a447baf6b2e2dc30e026e090b29eae8e16d431140254c41d781d664001","pkEm":"0400bcf477edb94738b8e49305209817600f0a44599c881d4eade411ec7bd7a74e1bbb2c656df87e7e388a47a43e163e8ae196f088534efadbc9ae9b6b9392fd7d2e9b01fa78fe186bcd11c291bfe0aee53f531621723220f44e2262ff69adb158eba0b1803d43941ea68a4beed7d180100f0b010a3ff22e4533c579f59f564e317bf1d82a","enc":"0400bcf477edb94738b8e49305209817600f0a44599c881d4eade411ec7bd7a74e1bbb2c656df87e7e388a47a43e163e8ae196f088534efadbc9ae9b6b9392fd7d2e9b01fa78fe186bcd11c291bfe0aee53f531621723220f44e2262ff69adb158eba0b1803d43941ea68a4beed7d180100f0b010a3ff22e4533c579f59f564e317bf1d82a","shared_secret":"b5f6df7b147d71f8185547af93ef7661fde31eb675a691a3fab7fe9ceeaae5a39b5932298e68f5fa76ec7ab1bd94c38901265bc5d4d0f68443060846ed1500df","key_schedule_context":"006cc4993ec21e5710cc3844a17243519591c5a338ffbfc8900990c50511368b680fee6343e42a34de218021722990f4771d707f8f92b430f6243c559b4dc31082","secret":"a1e0833b0755cf9ab14c300d5b4513c766b56026910b55a712662dfdd262676d","key":"516c0e09afc2a19f4ebffc340ec4e73e70cbee52c721da45ce4ee7c307d9c3f7","nonce":"c29ffb393e6dbc435168e404","exporter_secret":"83bc79e96d53cead27ba1dfcddd4af1ed48aaaa97ce0c926134ee05cc2c8a10f","encryptions":[{"aad":"436f756e742d30","ciphertext":"d28ed7dc07de3e946c2a2e5657dd9c9f166e4fea4e5a69fb3d9e0ade3c6e142efb618f07893cef7a7e20ffccb0","nonce":"c29ffb393e6dbc435168e404","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"09454d37810276c59eb70ea459c464d9664006feb52656187eaf01c6f0af76138713d1d858e5da715ce8e333bc","nonce":"c29ffb393e6dbc435168e405","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"cb08154f73e5037eba1b07f73e78c491af1c511f7bd5510398fbab3b801917ea6f9357e7ecf6b5248935849a52","nonce":"c29ffb393e6dbc435168e406","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"5b9f30a66fd9ad15f93c79e608e6fae60582f487e6cd8251de6591ecb0479fde949420fdce260d13390b28fe65","nonce":"c29ffb393e6dbc435168e407","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"a3e227daf4c6ab7b9f48e4dd42831713c93e3e2fa26292e34ba030d29f259526bfd91ed794d5a3a49015a7f688","nonce":"c29ffb393e6dbc435168e400","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"1b78fa88fb94b300620ec26feda239e9d8abf31d3083325ee44d69bd71523ee71fbe61c9c8440bfc27df253ab7","nonce":"c29ffb393e6dbc435168e401","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"adc69638a5fd29ced5c5c78f89d6a4fa243014802a8da1fc890510b0afdb46eb337e70ac18c40234a3429c143c","nonce":"c29ffb393e6dbc435168e402","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"48a85cf51f5fbed6f4ede827dee43078a42272dfeec1004cd27c582898752777b74ab5b15c5d137a6b7836367f","nonce":"c29ffb393e6dbc435168e403","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"82f43d555b54c9ffa396ad10c80879bf76b583417e510566b50229b3f9b6faa68e963801c7ad13e2127f25217d","nonce":"c29ffb393e6dbc435168e40c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"05a029e482d124abe71e02967ea24de67a1a7090b80b83d0dafe31a44742e9b7113bde2ead3d76e1024ad8d06f","nonce":"c29ffb393e6dbc435168e40d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"358b348bf5cda591d267ac6bfc3d5642b256b0a2f6fe6c0cda023528012bf3db"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"0d792da028fbfe9377ae89a6148e1684560792252d9361eb6c0e7c240a05e116"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"e6f9037b5235bdcc4252fce2a2206decff5e8be2d7556b771130a509d5ce5d25"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"8df243ea332fa32ed78bb3d15a878797df97b0f15a60ad2d0789aae1b1cb4259"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"de5c0bc3cf954d209a19bd03d8b254eb2f1b753f212157baabd2f2b40409d0b2"}]},{"mode":1,"kem_id":18,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"4b4c6355d4d28a1d2bfb09d733a14ff6b7b3253ecc5448fa110c0dd904b3910772fd7aa1ccc3ac5ad89325e75cbaec7ec3c77c8af8b0276822f6bef19e63629b3e5b","seedE":"48f699a7605188793d51bb19a845ab0a73bb23212ede0ac1776cbb2d4ed901783c356e4555a2c4f86b0fb4356366cc99f5e74352c7529afebe5321258239451144c1","skRm":"016bccbfa4b6965b5a9c02da431d209826a8eba1686a50c792ef4104db279e4e17b8d1d6cce959febc831b83133912665d584adea2bb13f90ecb1d9a9854421cf528","skEm":"0117e51c5e7bcb1a23ee3baed6a4ed888e45fefb8cf981b319957708754db30022923e491e70e0a1f40e6d95d1273dbd8db0f57029db76afc38cc2bb4b734682b43e","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0401a28f6c1c4058380f26c3fbf903f8400725347f16ffbc04527de862aa2839b542b9dd9816f16ff350fc598454258919ec0e1ad636694b6c755c920b57af5b85cba500ad3d727f1b3bc1884724d7156d806f2f24a39438c0e843e2d39b652aacc3c69a7baf5fab83752312904a30294b94129182918ce07a26be8d4bf460b7feac0b0874","pkEm":"0401f4767f61f15354f720b9899341c00d69bbee17f0bb0d7403f9798a659db91354fa8a41576f852fb3f5570ab3833df46853c3c87b9a2358178c0f8df015b8a86b1f00afb7675829caf09496807ac63c45dd604e476d8ab805e52bf3eac6e52ceb9b3f43d14f28e57d22fd6997b0b066d9c4bd1370f634b30b9ca24f4b5516dda4629b62","enc":"0401f4767f61f15354f720b9899341c00d69bbee17f0bb0d7403f9798a659db91354fa8a41576f852fb3f5570ab3833df46853c3c87b9a2358178c0f8df015b8a86b1f00afb7675829caf09496807ac63c45dd604e476d8ab805e52bf3eac6e52ceb9b3f43d14f28e57d22fd6997b0b066d9c4bd1370f634b30b9ca24f4b5516dda4629b62","shared_secret":"842138d398ac66645bb54b815eb7775c10d0f77b98e6b5d8908a5a405490530e2d11e9977107851ef27566b06a50d2a564f001519cd7e6ed750093dc1771655a","key_schedule_context":"01b545cdff6122a6240f9a42d61d0a73efbd3f121e05e32083695897aded6f01040fee6343e42a34de218021722990f4771d707f8f92b430f6243c559b4dc31082","secret":"9d0a1f1a8c64e2a76c8c0bec7d9c7406446c02ebdbdf97d2ae64a2a5f7763f90","key":"05d63a46dbc6192dfb736fb9138f77a26d13ae8b8a372543c4d1d21c79c38acf","nonce":"e723e97f9142e8d40ac52b50","exporter_secret":"ef85ed877d13de2eea31e37430d2fe0670342dc2548011f3e9bb59ad280db27e","encryptions":[{"aad":"436f756e742d30","ciphertext":"39d0f56dfefd4c518ff8ae12131225017d698fb5bbe5df351ba9a067a5483d1eed55271c91d7b0b5552a515f7c","nonce":"e723e97f9142e8d40ac52b50","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"815227c9b850510ab92b89d9c50e9db6edfb35500b1d7adbd6f0cd2f933552d26d68d086fb1fed7078dd33dd53","nonce":"e723e97f9142e8d40ac52b51","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"624e3e678457b363d5fbba813c542b0fb97bd3fc5b39723e4d3fddaaeb28218fcdc5ed8ac8b89e4c9661aa6f36","nonce":"e723e97f9142e8d40ac52b52","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"53bc62bf01d8b10999c30a72753ecbce7702507c9d1644b221487d98b7b11d8d9cdf51d5d67e03e5ae3ae5d34d","nonce":"e723e97f9142e8d40ac52b53","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"10d9c40f6ba311175b713c2f7daee0a9b8fe76b33f0e6183edc4cfb5213ae372708daee3b479fbdfdb638520fa","nonce":"e723e97f9142e8d40ac52b54","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"7bf6d397232d853b34345308c9e48ba376ffe6a4e9dd94c3b2a1bda8c5d66c4cffa8395f39ec9876642036fffb","nonce":"e723e97f9142e8d40ac52b55","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"1d99155816d66f3663c3f854e76c4667bb59f5e4f7b148f8b6f99d540ef8753929daac8840aa999e0ca839d874","nonce":"e723e97f9142e8d40ac52b56","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"c679982ad874dd4a7f5bc9a4ffbd4777c568b718bfbe5431e338c13522605ef2c742ecd1f8cfda7f51f68b3118","nonce":"e723e97f9142e8d40ac52b57","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"d33cc821c984cdab0d5e0c332673aaa9461b9b0c7fc098abe5080a25cb14f0973c068001c31186fce0d45cb7a1","nonce":"e723e97f9142e8d40ac52b58","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"1975bb3ac05e637a9b0db2a938b25adc90d17051b150611852a5e335308e0ee1b1dfa2c3a9f1ac3032ab7caa7f","nonce":"e723e97f9142e8d40ac52b59","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f424b53a5752023fa6a26c551c735258094898f11691afda491d87c294c83f8c"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"4803c825ad2a8e9cf522c861624a0c00ec9d87627f595d6f20f3b00be8fdd9da"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"66c23a61056eb0a2b40a5bd6d87b2f40d44859eba77254558ca3412c1e605c05"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"58d7452175dcaa9f346796207a0fc66978ee1f253571834a31c6dfdbd4a4e61b"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5a3707d16217d60ec195a638291f9210e442cd390e7502c7bd7204c1ed131e61"}]},{"mode":2,"kem_id":18,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"3a2ce236f1e6918064f97caa0ce8bb456cedc3dc85fa9baf6dd4719e8becf060c6d42802c2c67727446df38d306a565b1297c94eceb30ace6d23cf6604e563735870","seedS":"8f5c4cba3bbad90a4ca142eb0306b60d418520ab6a72a838582abd2990d91cc799c2d74608789a951ca84ce0fe3cdfeaa68b4456674aa05babfbe5d9d8f8f75dff7b","seedE":"e48a27b1b91841e39bd00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","skRm":"00d4978e806094631242fd2386823eb1a5a60946d68c60c6c6bda34c98395006c7c52e6e92587952db058099144b4b9d0152db5cfdd43a3d72db402422ad0669caf3","skSm":"007dbba771de9fef18bb82a9365e5d3bcd82072c6493af6c18d9bb9a8940981daf5e22950f5b251cd20dc18e7d70534420347dfc201c080a9634e9a75c75947d65fd","skEm":"01532076454f46b0945d13b186a91c554f68cd48514b467d4be16e74ac2656df11ec09f82260e4124cf20a49fe02aefb9584c4a7996fca7b9b22b147512fd67c81bb","pkRm":"04006273e3af746c915a10f19c5d558dadac8b216a4e25d8e032d0941c3b1b560ad8f7468e16e522252fbd6c9b6d7f2295f0a64c4ac6f9741c5666dad5a6cdf7d8a59500745918f823df189cf6db4a0eb234840065048158d164897787e8df3578de630e6e2c1c7512c20dc2c67c6bdd5f18ac62ec3ac0130957ebaa6663e51bcb45adcd3f","pkSm":"0401812adc0236448eca5b2724a867712336101191c33c2d20ed17d91f4519a0764ce8b4f0722aca939f34deff0357075ad21013b12394fda1b56384061ba1ee3c95de002a5bd92bcddf0976bb595e407639f5bad2e0315af2de1a01ca03fd4f8bf9eae00b80d82a6e1b2ed525fad06e6849acceda5bf89f69819ed33c4a792fcacd5581f5","pkEm":"040055f72d9bd95aadcf79c55b6bd345f3db1ee987815bc3ed0c4410610d7353a17d525e51688400360e15b21ac18262bac268fec3f51c1312247f8fba2be38d0596d60065cc1352a3319a9bca10da261e61325105a147a53947b75196d46d24638e9308bd1d31fcc887b73cdd5391baa3f2fc78869e07040abeb180829f06496c666ea7b4","enc":"040055f72d9bd95aadcf79c55b6bd345f3db1ee987815bc3ed0c4410610d7353a17d525e51688400360e15b21ac18262bac268fec3f51c1312247f8fba2be38d0596d60065cc1352a3319a9bca10da261e61325105a147a53947b75196d46d24638e9308bd1d31fcc887b73cdd5391baa3f2fc78869e07040abeb180829f06496c666ea7b4","shared_secret":"118b2bfe24dc4bde41f7e394a6f9774c1fa34a07b59689759851f0a7eca4f5131242ff4310f2c6a9bc3a47258708fa7049c5a4ebdbf1ee721225ff4c2f4bc250","key_schedule_context":"026cc4993ec21e5710cc3844a17243519591c5a338ffbfc8900990c50511368b680fee6343e42a34de218021722990f4771d707f8f92b430f6243c559b4dc31082","secret":"3bfe1cf7e64253e9f3c8950f1feb9fb7c62438e7391ed8c0e146283e5811cba7","key":"b117226d059191979d2e82734032de69c99584a06a1c05ac840420aef52c0c5d","nonce":"1470999d8ff714f381403328","exporter_secret":"9d92613e437cb3c662a594498427a2342d41e75b5df24b68618640d2fac6753e","encryptions":[{"aad":"436f756e742d30","ciphertext":"c5c8df4fd07062f6f871bf052659bc6f8469c2317dac377fb94dea600d9a9bbb889046214b63928429ac938d54","nonce":"1470999d8ff714f381403328","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"125fff54dd164571d1a7753589cc9e7564e45fee42db682727606e90e5773d4bc1ff78de0fed3c0821fb99eed6","nonce":"1470999d8ff714f381403329","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"31b92f1bc0db97ae8396cda3d349a75422155a600ba0916572396c7c254ae0b804cb7d7edf9b10a3bc3c027136","nonce":"1470999d8ff714f38140332a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"d3ddb417ef5f0e4477d5b584e7dd632cc7c917983cbb6cb519650c1e91aeb84c908161d4f998658e334bbcca65","nonce":"1470999d8ff714f38140332b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"4a1d877ab1e09a7480b76ca43809fdff73cd2e788bf43346852f316cecf597b4b2cd4dbbfe7c2157bcdfde8ecb","nonce":"1470999d8ff714f38140332c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"12cb1adc01c450d73cbf5dab19663bc52a0f6f4b7ba9d27e9b8de81fd6f1abe79f9fd4077caf35f7297b23f09e","nonce":"1470999d8ff714f38140332d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"8de9070b0a2af26866bd07ac65515256f8e60e382f543791d61a31d9a969d4d13ec5261d5ad727cb7f3eb41fcb","nonce":"1470999d8ff714f38140332e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"df78c4956f2823cb22013f9060170cb1c2fff7de31fc28a4d209b73e3b8159f46d46dfd856616a28be8d57b3d9","nonce":"1470999d8ff714f38140332f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"36d6109756defb947e39a287b479d4db33224ba5ab6e05f8caed0d1f4e4ef40e2b88b5d4ec64681e98a1303241","nonce":"1470999d8ff714f381403320","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"d3b28ea2b8e98d38d11c000c5a6afbe04d11760b9d64cd48913e800c2219b7ebe8598b459924132e3a33c86e51","nonce":"1470999d8ff714f381403321","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"faeeb16f942fb3134ed3530238147ae3dbb556158cdd542ce470037937f8eed3"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"d3f224ad4882fecbd31b7d438484657a2cd9b79c7d87bf6175d6f7e77f686a29"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"290512b39203fc767834801cda116afab68c46c385754cec4af612509cb5cea2"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"1aed63a9892bad585961337c57d6b058097bf20f66ae123d3b839424ab2b2e07"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"202fc287acb8b1106bb7883a15c3442efc1d1fc51282b1a0ced6171103ff81f1"}]},{"mode":3,"kem_id":18,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"877efc3213de44d73a97301d3244be03a5cd6b59a65cf11e03122603b90fa2ce14f5cac3ad9cc1dd998ab8c86d762bbbb240e7ac6a94a68d7ef572fe55557df7b26d","seedS":"a30177f7923fa437c6801743dc8d9e6684ea117a2f5f23125614bc74813d9f6c5ca33917a8493aafa6e5d75ef6e5614670883095aec72f1c2abc00d496a72fece071","seedE":"1a3d8fb0a52f24f7fff8caa7e23244764d36e0a7fe69b10ac93298ef5c50934ddef929ece119d374855f028692bffc446187f8424b2707e224cc7f80d22e062d0fa4","skRm":"01ed5d101694552b8d8aa289b67d304927801a0e310adbca6120e269dfe53a242dfac71cc646d2fc4d046d3e49b96ac78d9ca401fa41d644862280c3587bd86c71f7","skSm":"00c10e5d5ccdc8731b5a3a0d0842efe8b276990f3a02e4921a7789150035940e71a60858412d9687a14046034fe17b1b69d03ae86beee015208925eb9067556cab7a","skEm":"0194b9ad589a66037e0fa1bb240d7d6f62fd8e8524b59cb55522516388cd58bb959a57836a1fd06995c08ac8c0130f8a6fe85a6aaddad70b45b37058887b9f05377e","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04003d86d95af7fa167b33981df197a3546255d950e561698fe8b11cfa86ba776e561f0e038366d9e9cc9d0ce492a0efec82a0835723647b6d0b1bef930ee7befe184b015ef51ddcbf9ab79ac61691a5c99540af04bd27b4929b26eb1aff36b87e790f946076c998ab89fd894517329d8ad8ac07bd518cefebbe7860be52e96e9749440f0d","pkSm":"040195e007f17633ad09e96404bcbab2cf5fd4668182a3e194c84db4ba5b6a8c54d918c027a7a86e5d3a39e0a6e63cb7ecc18506b42382c7fe83a6685f8cc48333dd05019b04d637afccbb9720753b7c299a2785293948e8f018cc13c6d9b2b44fc68a05b5242a52cf1992ae4e0624d30e49f51a1983c857ad39e06054b986c84acc36e69b","pkEm":"0401836a33ac4246b5a417d2bd0ea3918b0fd6b082e6ae78495792c3202a955b398e2903f1d6b20c59c1e48aa55a68ecd1aab025f2662bbd747bdd449343063792b69901b7cb711b902582122318bbec190a409ef895d4c8c9f2c3cc9f4092f7f94f91b9a90f15bf8c45beda3ed22e0ff134a964e775fce16bb1b7ce27e74f92fefaf54d3c","enc":"0401836a33ac4246b5a417d2bd0ea3918b0fd6b082e6ae78495792c3202a955b398e2903f1d6b20c59c1e48aa55a68ecd1aab025f2662bbd747bdd449343063792b69901b7cb711b902582122318bbec190a409ef895d4c8c9f2c3cc9f4092f7f94f91b9a90f15bf8c45beda3ed22e0ff134a964e775fce16bb1b7ce27e74f92fefaf54d3c","shared_secret":"0fa02419627ee784931fef1cae2149cf04dacc6e249372614d9fa627f302dddd14332e585f33e7f5cefb4ca10821412119980756839e8e239a5da0ebc82269a6","key_schedule_context":"03b545cdff6122a6240f9a42d61d0a73efbd3f121e05e32083695897aded6f01040fee6343e42a34de218021722990f4771d707f8f92b430f6243c559b4dc31082","secret":"2042dbfdf986f1734fbd105ea630f1048d6c8a6f1dbf620172d8f6f48e7f181b","key":"352ec4e3e91f34bf54a9cf138e69c2a7dfaff4ca494ce3409b5fdfa8eb6246de","nonce":"903b6d72ef7ebdbae9d08815","exporter_secret":"45904977b6733fbc70381867593792ee30f61ea1d80f902cdb5057c499d6755d","encryptions":[{"aad":"436f756e742d30","ciphertext":"4f38370a1563da71b30a6557f722bdd6295d2f9ec580ab156c875625cebee6e3b24cb0b3e83504eb96f830ee76","nonce":"903b6d72ef7ebdbae9d08815","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"78a69157dcdb257794f6ee6334344c6af72c7622e5ace8863fa79b9dd5d362851d3621e3475884939d3e614fff","nonce":"903b6d72ef7ebdbae9d08814","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b2c43d76adca9e2458fd2fa5c254c090c9930c75fc487a3f10a21d0bf038ab5d9f7fefd74d78bd0d9a5dbf8729","nonce":"903b6d72ef7ebdbae9d08817","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"6042939742f122f0a620bac9878e2857175f9e4dd814cec1b0e3581ba98fece91b0083fd32c78e26e89b7c0fc6","nonce":"903b6d72ef7ebdbae9d08816","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"8c6e9363a07ee3e9a9aebf6c1f89d8ab694e8e40075a7cbec969319fb5ec07bd369639029bf36774efdea4b075","nonce":"903b6d72ef7ebdbae9d08811","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"cb42db09e0792a554eeb8398257be1393e82ec8aacee381f67b02d6fc3945b219c8ad35050e64373869fcda44c","nonce":"903b6d72ef7ebdbae9d08810","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"7e8413487fa78183c3ff3ce34f612ac95530be9f809f7ed80ddf777dba225b405ce75e3ac8abab4f71f72f3267","nonce":"903b6d72ef7ebdbae9d08813","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"e39cda495c0ffe71b27c99d256bfa75ac671083f047eac2e4a413b43ff52041b393773c0b92790d87ef4277c0d","nonce":"903b6d72ef7ebdbae9d08812","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a175e895e80302f6adfe8b0fe24f3bdf6034a1467ce4a417bef62952ec81a9ac8756faf7e2f3889d36e3a907ef","nonce":"903b6d72ef7ebdbae9d0881d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c4f2d481f6aef2c8dc4e2320e391600d44204a909acf66ebaaca697774986765bb2fae316198862f51390ebed3","nonce":"903b6d72ef7ebdbae9d0881c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c2e98ab5965e329a4c895318314dc055afb13ca8a223cdc655da2eec868d5760"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"e8a81d4618b54d82ef8fe3220390f22d9551f17ce32606a68e3778bd0df9912e"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"9e447698b3afe5ea1b9c41c2597ec639692812d4d332f446fd9798715265e296"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"480abec70a42a0e9a4fae7f78139965550da908a2ec4732c7fff38c97df7ff5a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"50821d14d8acd067aa0a03b42396245ea06e986437941d2b7e944e4239e5b00c"}]},{"mode":0,"kem_id":18,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"b2ca27ee1204df73ab1f2db875fb5a56b544abdaa73e1f0cf2fe24e66b7ed08ce30935e562b922d70742b68a3699b5f895dfb274a2abd014929d2ed0355bab9ed89d","seedE":"9e013e040e389b4bc84a7eca2d0137a217169f954234f13841678fa586ba996752a704ee3baadb694ca79f25fdabdbb7e6ca1e835341a91d76178575c44b20c0b741","skRm":"008a8c0ed7ae8cf7245308f71a08f7937fc2e06659353eefa8523eff209461667ddf05ee359ec5344de616d47e42971a30e180d398e4a262d003f7e5cc587d121577","skEm":"013dd547eca9fabafbb4bfe5ca61ed344320fee25be98731221b5d4dfaad6e024e50ae4a4fc4290ffbe46097de61a9c353328f1dfc6b4b52665a199c504be1d3746e","pkRm":"04015c9abe6613ede70f1c3c12d17a21e7413ac338ef4c091565da2686cf1bf033af67e6cfbf70711e4cc58906b1572ac7e3503715142eae74c64188b253158f508a42018cf9ed335eb73a48e66bcae01bc49c8d742a78fc5b69c3d804c0e3ecba4cf50b129a1f991a4da727d034aecb4e947828f20f2def4dbe1b7e13758fd5bd895c72e7","pkEm":"040069e0729701961658f143143074cbe8b6be603358e03bb78fed54cef3426c417ac7eb8841fbe220f2344ebe35dfd6c7e092f64030a3773cc313aac06bbf0d2059ca002e573f663768574472ab92e1f9e7cb3e031dc6d4cc3a515bd5fd40ae3a0eae11ed290482fc1d0a8b7e34d75e8a05a6e1543040738bddaeb4a6e12f9731cfd73ee8","enc":"040069e0729701961658f143143074cbe8b6be603358e03bb78fed54cef3426c417ac7eb8841fbe220f2344ebe35dfd6c7e092f64030a3773cc313aac06bbf0d2059ca002e573f663768574472ab92e1f9e7cb3e031dc6d4cc3a515bd5fd40ae3a0eae11ed290482fc1d0a8b7e34d75e8a05a6e1543040738bddaeb4a6e12f9731cfd73ee8","shared_secret":"7a55d62f663f46bf0f95908db7cdfeafb2ad3dac3a7a4f7392791371d5badc8ddb8423d444f6b42ba08e8d88e53f17a6e504fcd2d829021f38fe9b502397791a","key_schedule_context":"0068bce131ceb9d0bb238bbe64df9e33d725b06ea82e3053e0e77164f5594110bb696b9a9694b8cd3b05f17760139ba6c64e0b211d6fb62af0374fcc112cdeab00","secret":"b3d25da458dc76198d562c5e22914f09551fc14e14c0e1461c5e5697383f10b5","key":"f91bd12000b579cfb283f74f58a66cd1593f8b9fb40260e680d6ee4f00e8d2fa","nonce":"136cf8abbd7b6e2a6e1fe1b5","exporter_secret":"393fd66d91ec8da2297df3a90cadce581f61f9675d06d3cf69a4d7ce22b1d3c4","encryptions":[{"aad":"436f756e742d30","ciphertext":"1d9648c780fc47295288b89af94f0241642cb5eb1c75b696736cef478dfaab5d0f56d2f5dd8df157174e6350fd","nonce":"136cf8abbd7b6e2a6e1fe1b5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"67a0098a8acef90403dadf0e5134e6273d8d5a5bbfa348dff03d5fb7f4bd8e16f6cff1d16caf1b083efb254a88","nonce":"136cf8abbd7b6e2a6e1fe1b4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"18f71b4281e38beec6c899699da61f5fc560a7d371e76e269af8bb45556f086b05b7a15bc27a9143ede6b6bc37","nonce":"136cf8abbd7b6e2a6e1fe1b7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"89efd53984aa1489c43a45a236bc3eb87e575ac647060c4af803d5b9e1e3ac1e3743046d6bfcdba9569e7112fb","nonce":"136cf8abbd7b6e2a6e1fe1b6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"dae93420ea8a6ac146ad22dd0d79f780ea07d117b94a934185f833e1ca5d74e81fa55c2cc6815889004360f910","nonce":"136cf8abbd7b6e2a6e1fe1b1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"b68393c81311a6f58b71921dbdc298382dc7b42ff59176b26a5d6d91fd81a70c2965efdf63620a8f826814e3df","nonce":"136cf8abbd7b6e2a6e1fe1b0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"8d4e2dd521fac31ad4c8a1916644401e47f24ae025bb7ad8dca1658bfecb3f7f9a0c44efa3c21a95e6d588c06c","nonce":"136cf8abbd7b6e2a6e1fe1b3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"4394473c860f17744ee4c13c7bf8d0962f2a3484ac5bc7fdbda1831a7d1024f21ad42bb833ede89d8aec69a4e5","nonce":"136cf8abbd7b6e2a6e1fe1b2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"80bb1f963b011d56e0a5b5d73c029cc131662f33492fcc4c77e7ef5b03f31db670d45950048ed9dac5710129f2","nonce":"136cf8abbd7b6e2a6e1fe1bd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"8d9ad0bbdb2b48bcdbfcb4bb0102fa3a72cb75cd28757c82dcbfc81ac2f3d337a71d2ad3604f353d006677405d","nonce":"136cf8abbd7b6e2a6e1fe1bc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"680b6c5f8a0f19ff462bdf8d5e1757be485b3e50df26b57345b722ac2f357095"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"37e1502f929dd95d359c81e264f85d3f689a52174f4ad1b6a11012cda5f14f82"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"efaa1e0ff2a5d610a36d1b247f3cba34e1746d35d6420be06d6e293bdeab077e"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b17e421b27e83ad93e8668e9422f60503c46967cc7a0902b21d5be503458509a"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"78e4a91a93f80cd11e679bb434273d35a3733ea0ec50b809c19ca91050456d60"}]},{"mode":1,"kem_id":18,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"2bf983a8659982907789ee1bfe89c1e644ee46b2569045deb8e86dbe1ea88d90edba6ddf7c399affe96b27b6f3c0c17e9c2a89a71c5eed80e94fb85b154eaa613d48","seedE":"aa548d8188df010735cca80564f6b1c37456814c512337f2298d3ca9e01e717c941cca9d9a461232edd894643af2eb70c905b0eff2f626441759ff7f03487a51521f","skRm":"00eedf8f1b62cd7de56631c6058cbbba07592fc86a89840c26131c67939ce64ffa551a64ad6ba58c3fccea6a3d8c8958ef52036ee3f207cc8af7d0c38a3e77a62d41","skEm":"00d6ad55a2f2eb34c14867ed82464b00cfbba94a26ed3fd86ab5a2733bcbc78f1ffb7b8b6de9b157a33cc8efff9cd755969165500eb474d32bef3ffc6c48eedf0afc","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0400584df74bec3fa7f0dce365c3923ca611feb6691622dbac5321a8a5fa174e9ed2e18c92f7691c6664c7d2a09891917ba3f28a1801c0c9b75414e94127a2765efaea01171750ebaa823dd3f63982a92ff3757fc640228c698fb07d28103582d7bc06d2306c674cc367510fd397bb7af8e975bacfffc49a8d0d3cf67881837f26540668e9","pkEm":"04009477b3dc3f30c402f73b3a9d63391e11cc0a914d5c0a7835e4413e57c0286e0640eaee3533e0e2a80ded9116aa52e9f2e6e5b5bc102b69cd45d85c2b47fb03af10004a2fce3d0a2cd1dd15c7bbe0e423e13ea884b73c1f5d4d3b55e0e9bd738bfbe1896b0b3bca5c4782dafdf6ec05312b5071dca41a973a22bef20612e561ed8e58d7","enc":"04009477b3dc3f30c402f73b3a9d63391e11cc0a914d5c0a7835e4413e57c0286e0640eaee3533e0e2a80ded9116aa52e9f2e6e5b5bc102b69cd45d85c2b47fb03af10004a2fce3d0a2cd1dd15c7bbe0e423e13ea884b73c1f5d4d3b55e0e9bd738bfbe1896b0b3bca5c4782dafdf6ec05312b5071dca41a973a22bef20612e561ed8e58d7","shared_secret":"7b04878d023438a83f6f74580c8b2711aca9a3dec210f7bb5c941b4f66cb84713b82218ff05724697eea9df7161bccacdfd3977a9c5b9670c55e969f830fe677","key_schedule_context":"0117e9751a1ce31a2cb6e3ae98596467c10eb692c73899ae0aba8b6e79fcf3081e696b9a9694b8cd3b05f17760139ba6c64e0b211d6fb62af0374fcc112cdeab00","secret":"6b74b07e493c2f3fb36c593c9c8ca9eeaa7cae330e70d85a78394db540d3c695","key":"b2357f8f74a7d9243998d16ea7baa93457d4639159893f04ef60702d83187edf","nonce":"f6c0d7ce128ff29d905cb88e","exporter_secret":"f79b920e36fcf0f924efc589c9485d403af4d7ee4c6c55a80ecbac151d4dfcf7","encryptions":[{"aad":"436f756e742d30","ciphertext":"3a86b581f718dcf093110154e78529d597e50600e20848e8046943e0662b328ceae04bb0c3df0989a06cb32e53","nonce":"f6c0d7ce128ff29d905cb88e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"c0ac779111acf3ff541aac85950dc850f58464056d9282159f37b05654c9af9e9196373591e96270574ae4c228","nonce":"f6c0d7ce128ff29d905cb88f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"eda3ffe2c54eddf87acd0911caef69f248ed55339e6a0e7744eaddf08c4d6b0cd9eaa6012486acd8453848d78d","nonce":"f6c0d7ce128ff29d905cb88c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"ae80cbcbb6de996d724e27b941dc3a42e5512bece94864e725d1da7025086b08ceaa8e6771270fc21a7dbd5b9c","nonce":"f6c0d7ce128ff29d905cb88d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"54ce193b3d33116ca0ace9f7b6f3ed3d3fa4a8c87aa084ea19338912c2b18851ad18cd151b602661275480fd53","nonce":"f6c0d7ce128ff29d905cb88a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"f9f9d24851293447edb9a867c555e2f924740dbb0994b4c2ab74b16ebd11fc0adbd2151d07789e8c9fb28bc54c","nonce":"f6c0d7ce128ff29d905cb88b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"fac04cdbc9dbb92afdf30d16f8448c7b8bf341105486fbe2115cfdbecd0c1082ee9d4ae64377163bfdf273f8ff","nonce":"f6c0d7ce128ff29d905cb888","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f3f1f2c6b2c51289825357de9685ce02ad65e6b4b388e85905fc2ecc11caf3a50bbce58c073471728503f49444","nonce":"f6c0d7ce128ff29d905cb889","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"62a562e500138c6f4395c30ed9477ffc4d15e341d87d99e723523299520d7be6a25df9e4021aabc6b82a5da239","nonce":"f6c0d7ce128ff29d905cb886","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"17ebe1f1141182f8b9eeff2b584b84082e4fd71657bfaa14deb577277a64db18c6b872dd60b7990bb06f4af585","nonce":"f6c0d7ce128ff29d905cb887","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"df7783e259d6d656df5979b7a572b44e2644a2e15748db1afac0d4e29153ecda"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"90a95b2b2763b2ca2f8266941cbe333cf55e1a0a4d2de0cde905ee46fffc11ec"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"25e24a953c4f4b8b61bf5a87deb735b3049d5b5079b172972ca3017dab2ff3eb"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"3d2a15485dda8968208e12f2ccc5746f1cf7e4500f13f875db4a05d90732a88b"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"4259420bba32bc7f1587e3cad4229cea12e1b9dc553276e67196f40bc6bb7149"}]},{"mode":2,"kem_id":18,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"99ea0426c199188f323cd5cd0e75c7fec15ee54a8f5a8b9eeb68093415131196814483850ee972b15143c1ffae2e261747e284486ff645859c3608ea43558b7d41ff","seedS":"907dff3ae86d5fe3513725bf64050a0912ecd0caa182f854a13ad96e7824ad62d10f4ed269e07c17bb0c8c469fd14c8861719966d5aa54f7115f03c3a5baf1841ba4","seedE":"aa056200e1fa696ffa9e5bc070d5e862b040c4cb3b2a1e5a70c2bddd7cf2c80cd1eecea84e8ced27a87c8b9e73cdcf79fe3e4f0f38df3b3260717992324533fe6ca5","skRm":"00d46e36db75090f033e0bf17aa7b482590f20137237165595be995ec28886f34cd253f1f25c7e36d9e0b95b23274da0e6c2e3ac652a4383425f348711ad9f2e3004","skSm":"00614b7f66ea06df1e9ab8f40006231246ffee2bae3d6e404a89eef247dfce113c305cc4a2572b9fc1fe76e57da77e8f2699b0c07549b7b63de61abcd59265123d7e","skEm":"01170d1b92c936ff3b37f8d048b965bc2d42d60a0c8de6cae49894f1b8270d06f68da0dc14a1c41ea666b06f58448f4f19eba5d24f1366e78de66a2a9f025588d6be","pkRm":"0401db105971d353476497caff1edf2eb6c48d61b7cee637306a8ba17da2b57e0261dddd97f892d97cc16b54d14f8425150f699bcff8d6f26a94dd8df38cbd2e8888c200e8a3779134dce660812dc46f320808d3ae4db8d13f5993fc420ea1080f1071a04580f21c0dd04f996ab60fb9bd69a8495bf8b60459abacf75db6c26807a3dbba0d","pkSm":"040013e860214f49dea0cf69bfe6c6e8dfd0438f8eb7ed88bfe91ea86441503f83d437ff4bf9c4149503378c437830be991ddb2f7aef3626922ac9d806f7b317c743cc004e29bf7dfc2dedd50c65e753276b7b0c6975c13f3990686816a46b5ea240164ee9470d70195abb5ae66722ce6f6f24ce2e0f63d69acee87c10d133f98afcc7a325","pkEm":"0400b79d8750d53cc6eb760e8a08e0f8a4db66cfc494ec955c61b4c189c75e9bc633cfa420b4ace20afbb231d1978edc76c6883ea42d84d4a9c24994b3f358f5869806015aa3a8ef9780af72b2fe214a202c1d3a19d5d9ab2815ec8fd914740e90eff86f8176df82220e014cb73c76c03bf284ec67c2688ba311718f3288d00f1b52d1e9e6","enc":"0400b79d8750d53cc6eb760e8a08e0f8a4db66cfc494ec955c61b4c189c75e9bc633cfa420b4ace20afbb231d1978edc76c6883ea42d84d4a9c24994b3f358f5869806015aa3a8ef9780af72b2fe214a202c1d3a19d5d9ab2815ec8fd914740e90eff86f8176df82220e014cb73c76c03bf284ec67c2688ba311718f3288d00f1b52d1e9e6","shared_secret":"62f613d299fa12d63ce034e8dd09518a54ec9e1b04b4d7a1a4f4c06c9885b3dfe0e89e5ba4da2287a9093c78fddf592004063dc2205b5912977a38f0ad4f78ec","key_schedule_context":"0268bce131ceb9d0bb238bbe64df9e33d725b06ea82e3053e0e77164f5594110bb696b9a9694b8cd3b05f17760139ba6c64e0b211d6fb62af0374fcc112cdeab00","secret":"5bec06e998b0c14b8aecc290761e1c4de7a6e3ea935ad3873fe0be81a72205c1","key":"5678d456bdc0676b557872095f5c86668466395c886b67f9556916fb1166ee3c","nonce":"88a24e7615c0284c19194b5c","exporter_secret":"eea859e001d4b20cc1a1e20e767b28ab7481ca7fb23e611781652fe7c92a49e7","encryptions":[{"aad":"436f756e742d30","ciphertext":"13f16cb9295c6994c284d95a7d84d4891194bac9671e71871d39fed08cfeff1936027e3d7539ab0944283ad9fd","nonce":"88a24e7615c0284c19194b5c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"44e0fd32719d2e0f80221519113f52f0129386438b12b5891b6dba0e11aa093a6709a813dc0ecdb46e668429b8","nonce":"88a24e7615c0284c19194b5d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"2e53c758b752aa097b56b0e93e48beb61ed7ecda088879a467b655f212e63f5e422502d54459e754d0cc7f60e1","nonce":"88a24e7615c0284c19194b5e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9c248e3159da0d95ef568c8a2e2247c7d80b70033cedcf33def94d6a8df8a4e1869483c50cc5a1eb4362d677cb","nonce":"88a24e7615c0284c19194b5f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"4667d8745d42c30ceba31f48042719f438c4bb3104ced3b41fb026b60a4d078e7c7270aca99585d0a4faaf4b38","nonce":"88a24e7615c0284c19194b58","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"7efaa3aa5b0655d310b41a2e90e2fd3b4a495e6b8d66b8870f6799fa389126b05880269f8c82c86f21e19abbcb","nonce":"88a24e7615c0284c19194b59","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"9af8f0f313739bc66d66a2eb38f3f9f4ba253758598cf347e782666f34be5fdfd9941e0476dd602f4e30cbdbcc","nonce":"88a24e7615c0284c19194b5a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"a2e0900d1aa7356e6957ddcc8b747506802b3e127ba8d38f8b2357a992417fc699e3f1277ddea3fb67aa807723","nonce":"88a24e7615c0284c19194b5b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"c3461462df718d4b53adb5625cf3914bb54155bc139b814a38855939617fdaf818fbfc3001f76603f30a961614","nonce":"88a24e7615c0284c19194b54","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"79fb220113a556e352138f99e8ec7a327b1ded4968dbb50b0577997bbc75d1c1ba8664a8a8f1b2b381ac9b9cfc","nonce":"88a24e7615c0284c19194b55","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"ff2755bebe2772bd4f99f1370e52e445b4c9f9df2e11c83dfb41e28a9c1f4aef"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"ea13e6d9376e3896c23503a72c03b88638e9b1604d89bb3aee15b6e00ad354d5"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"e2a1e9c00ab4c95f3c584596662cac2ddcfeaacde8917110963c3afa32d3dd2e"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"1a56752e604e49f8bd70117914c2594b917719bc0d4b1a99bf82c9828f0ebc87"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"81abc1c7b8f2b8945bbf78d6228158bca8e71b365215f306ecc2e231cfd5fee7"}]},{"mode":3,"kem_id":18,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"2eb5067f38647048206c2873c3473c6c4567644f9583a47e2e3bcf57f9b9b87d41897fdef33a4d8524318eae6a04190afa53ea649eba1a6161f98f6778660c94f929","seedS":"00af06131e06c7386da9bdb9ce3fb1cdc2d761532f66b352182deb2e4dfb867bf072351e3ca53d0a81d955ba236f280876e7d955bb3cdc78ac881771d588e6b04f02","seedE":"78158b03926181b0d71bcd0913ebf706984b2c7b54b19fec947d31b6d55323c7ef005f63c03b609e3d0ee7369587fb930fad83ae88b7aa97740caff8e4d53eeef551","skRm":"003680140d11ace9becb84d3fb282224c5ff3a6613231a4679efde55581ae37922a0060564c598f4af4c9f828c5bea6a438cc0bdb556d21baeb15e6a9c68eb679772","skSm":"017dd0f876db38ff984884cdfb006521b2a90d85105709e6bbce22dbb50a82cacb6d3471b1a87233668e2d45411b0ad12ea97f283c367ec55cbd1de7f16e3b13d054","skEm":"00d89259ccbc262b2e7538fe00c057f9582f3707ae94b2f3d4a4a99ffb16cc8f73363eb42dba8e68db6b35ac1986dc6a8caa52f9a70c18864caf45512959c6c3f89e","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040040bd8beffb39fd024e1c4bd1530a469e8e74cb4385d03cd9abd2b5cbd1540e37f62d50a5e5e64079fdee4d6b578081282a646f4cc63f7f90c5a6538a8a5207eaeb00c320cdbff6e683ff6cb8d5bdf3d863fddcbace2f32af2c9b5c0d907a72e3b8261930faa0bc14abe265ef87716749c20b866cd7e633469a825078e08ee2b87123fb","pkSm":"0401ed7b91af53d2e36b07181dfa6c7164bfcebbf5613d01ab8d91e65d8d33b482df5c35bd63d8444b2e6c39eb1f4c3944d6484c73f5d74628bf10ab7ddf6adfeddcf6011b4f46fc28d7000fb05c5d0854f97925fbafd09b53394d91b41019ea5b392a6577dc8686a6808cd61cd5d624ca4c80587dfb86af0d280aea3578a07946107424c6","pkEm":"0400a017fa6c144e371c9060d578409a014a35edca2b70941181566d25fee1e25fd5136c0af063c80d5af87e2d15e0e112ca2f4068f6e3542d614d12f0b76d56ad392700fa196e52a2a4381b9a04ef82224675a4eea3a66ce687885a43a773df8278c8768a1b0b5d074a41aabbbf1a0b886d2aa13557f84eb674e1cfeff3d4428425b954cc","enc":"0400a017fa6c144e371c9060d578409a014a35edca2b70941181566d25fee1e25fd5136c0af063c80d5af87e2d15e0e112ca2f4068f6e3542d614d12f0b76d56ad392700fa196e52a2a4381b9a04ef82224675a4eea3a66ce687885a43a773df8278c8768a1b0b5d074a41aabbbf1a0b886d2aa13557f84eb674e1cfeff3d4428425b954cc","shared_secret":"519c14de5eaced325b04da30b8ad02b5601476e55b1a12ee6cd6e2fe754e10161272c2ab66bf897cdefc8e358f6d9653667e2b54287bec530c4d965e272d4014","key_schedule_context":"0317e9751a1ce31a2cb6e3ae98596467c10eb692c73899ae0aba8b6e79fcf3081e696b9a9694b8cd3b05f17760139ba6c64e0b211d6fb62af0374fcc112cdeab00","secret":"f3ad97a8b4474fc89b7b0f9d0787eabe60a43b6e9458de245c4c7617030e61e4","key":"3f974d2380c73a379dba57ee68ca42bc5944c34eeba2276d80a5351a5d4fd5ee","nonce":"ba6be781eb947514bb8273c4","exporter_secret":"6543095482cc642608ed1cd067343ab43e8413f404bd3d5c67fe3105908060e0","encryptions":[{"aad":"436f756e742d30","ciphertext":"d45c37a30c53ed028e54a629180fed544a513fd1bf4279a05a4c6179f3a1a970665b55ec9b3ce7232eb32b1135","nonce":"ba6be781eb947514bb8273c4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"a2be2c35e7cc67ecd61d00551b57db3ab1de3ad5128f184f69add3f47b07a4bc8d90338ec6ce047deddf8c1925","nonce":"ba6be781eb947514bb8273c5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"c5187581417c77c780f8d4f1ff8d8d124faf5405e75afaf2a93c58265c6e9599a1e0bbdef828a42162dfbf9af4","nonce":"ba6be781eb947514bb8273c6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"9db8696411a63b438eb269e95881f1eda2295616fee987154331b2e4ce95edac1cca8cff78880f776ed8e5762d","nonce":"ba6be781eb947514bb8273c7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"036a67082ee66fb0bdd691fe729e2e88ed21b2b10b22d63b6237b832a97f0ec3b48249d3b24e7cf1af69333f27","nonce":"ba6be781eb947514bb8273c0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"87f7e8376c9d95efffe3aaf0f5838644adc3e6a3418e54e833d1cb45df1970f6878b6626e352b8c0e3eb0435d0","nonce":"ba6be781eb947514bb8273c1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"a5d9345f0b05c56689603583ba44847f0307790d37e6b48586e7c8a3a2625d0a186d610dd648780b5dbb4efb45","nonce":"ba6be781eb947514bb8273c2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"d5599f15721dc792d93aef27233d5d7ea81fd9c60735b70ee736972a0dcc2e93ef3fe76cc0d18f14594f60bd92","nonce":"ba6be781eb947514bb8273c3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"53cbead6f822c6bfe26f3561df02fa5e9df2a0bc12d9c2f408203affc220c3e21322974a8651148e1bca744a07","nonce":"ba6be781eb947514bb8273cc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"682b1e6b4c42e5ac2aea205a2b074ad107a87b5cef1548e2015877fd39d7fb37d309494ea88a0d835dc7b2068a","nonce":"ba6be781eb947514bb8273cd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"f9cb8f3777322a8621d9f28688c395edc7276920b36caabd8c23d11ab1730f1c"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"40c73f0999e453625f8395b98e8cb24509500d26ce4beac82f08bcbb6a3cd23b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"1090e07bbd53cfca52b25dad24aa016e1070d1ed64eccb1ea0c1cfd08aec4f3c"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"cc91d600f570b77630acbe099ffac0edb2afe69475fe1720e081e7dad3e86252"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"d64af35167f1f2627511be1c4d0e107c1636e1cc83ae8698e56a8ae0a0f40253"}]},{"mode":0,"kem_id":18,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"f43e12a39e3f340ee92a9490461f00c5f52674ace3d7fdee671913421a31ed0eb859a9df301d28939ac945cc73486849916d0059c44d1a7d6d3785789e7df46a37fd","seedE":"819f0e3920604f28b31edf711c96225cec8f9e4cab35f7fee0de321376787f8d3a7026975bd664e8b6991dad84c96c95e4800dffa1cc0b7ee3fa7b46d60eee9159f4","skRm":"01240198a6989112e1379120c01d0796fcc8f82d939706a7e8a8bd0bcc0f53fa7813c8e1015491abbce6278bb7fde75bbe8780d01f1297bb2c0e2dbe2a5166366f15","skEm":"002fb1cbff02dd8281012080200dabb5e8f8477cb9e5dd34608a275cc9e52755c80bae7f7bc3fbfdbe07c706f1d8d31f79ad903c01bdcc25509981d615c9b1b77927","pkRm":"0401f7cda9141e6735475c80055dea2f4b8145c8313c386ba8d438658832cffebab43b0fc24574eca9b5f638944ce44d875dd2d8be1aabbf6dd41431158feb026eb02701e9aee03b22afd1fbf39bed5c31ad1b9bcf135972d30eca361b3860a5af27bf6c7496c3047eaa59239ae18231b6d96cc0563de37677e83f82630bb6ce5c8ee7c586","pkEm":"04016b8d0d1d8580f9b0b2128fd11d60bcbde31ba3cbc5641c85218719e3013bbc889d7cdf58c5b65ca417f0fd4f9dfe91c937cc9b940af3db0ac3d703107ebb62419000385b8dfd047c63ba721b790abe69eef3996f6a2b0a6c856131ec10e1d0f3e6b2fa4af28f85f4578f53ec35f59a021a3224eb1e4804b7abf5055ec3ed15521b243e","enc":"04016b8d0d1d8580f9b0b2128fd11d60bcbde31ba3cbc5641c85218719e3013bbc889d7cdf58c5b65ca417f0fd4f9dfe91c937cc9b940af3db0ac3d703107ebb62419000385b8dfd047c63ba721b790abe69eef3996f6a2b0a6c856131ec10e1d0f3e6b2fa4af28f85f4578f53ec35f59a021a3224eb1e4804b7abf5055ec3ed15521b243e","shared_secret":"2a00469d9ee6734e256db9333fae08816b2981ecf842b07b9d369d001f4809b12bbb58a1840e621fb460bd833487ea098596db41092da01103c5ca91c0ad0d45","key_schedule_context":"00f561da04cd85ee1cc244a2dc01c448761ef6adc50c3278bd9685a8441a52e99ebf93bd8606a1106f8e6cc040b9d01d47da6ed1171e402d7ed278e376d5efe4eb1589804341ddc17e93c29ce4a87139233f08c3224ae89b29e6989ec29c21ba8abc3cbf74cd2fe282dfaa23b36f5d563cb69b09074729c5f23d751098c2807767","secret":"8fa2566064a1beb6c091e142922f473123ba22acbdb986b405f8cdb451a94235c2b9a1ca1e7d467e531662c995ed0f48c219806c44b688b70534e1d8bb8fc4a5","key":"6a395584e24745b9e5b71f72d044dabc","nonce":"e4ec677d9dc43d8531a040b7","exporter_secret":"2bde5abb5aecb032e2728c17f5d8c386a502e803b3b7d72dd0c98db76bf0e5caf43e89a0d358c27b420a4f4b5deef7d730d07cdd5b9951f5f658aaaf04f0cd35","encryptions":[{"aad":"436f756e742d30","ciphertext":"4ca874638b9a9633fd109f8957bb105ce37b3e9c812593fd5605ec859f3d408bbd716d0f1e4384d24acff0d007","nonce":"e4ec677d9dc43d8531a040b7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"983deab2502cbca2d8fdfcb751891c5669729098c6c3e9acb325c36679e662c9d3e863ecc7ceba2944c9bae78d","nonce":"e4ec677d9dc43d8531a040b6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"9427c36fca1bdf4be81a4fcc57d6275efde2037c6e47ebbccd68b4d842e529eb9e38eb2bbba409775e415abd89","nonce":"e4ec677d9dc43d8531a040b5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"95004dcf13f1d51258f6448d44831ce533c0593b6522b9678d0d4cc877cc4fd978ec25cba4e3b693a1ec5bb67a","nonce":"e4ec677d9dc43d8531a040b4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"5c270c324697db015edda9eb65483418a64a3a0e410deb60731b1cc7446c08c160b82a9dc060af7bb1ba9cc1aa","nonce":"e4ec677d9dc43d8531a040b3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"bf76b62994ad02a63530673b8eabf300ca84a3688618833d527a328a04445ede3f3cb417c155a59457df859d71","nonce":"e4ec677d9dc43d8531a040b2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"19deb3e1f21fbcabc302169c78ffa0f74bab75966390a231d837dc19ab166c6db43df9acf6bd263b4dd88a9ab4","nonce":"e4ec677d9dc43d8531a040b1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"9be5f540dae2490ce52c876e1cbb3b6d8c9c3a93e8a04cd27cefd113c05d2b00092db1ae3a893c6606d67e9def","nonce":"e4ec677d9dc43d8531a040b0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"474c08f3de07ca42616b9cfb49bb93118d52b3c91c9cd6714d6bec4bcc97bd22ab6ca9433f98a4ff286d543e67","nonce":"e4ec677d9dc43d8531a040bf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"2fdfbd498a87889d2257fe258c54ae0969f485a5b53e0b60dbd02b32fbe20c2fa142af227165d3d86ca979b722","nonce":"e4ec677d9dc43d8531a040be","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"e03b8253a1164c7757c6841f9c43748a903272dd80c4e3ff03c455aa7d39e26c"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"07e78f49a665a860d70b40febb8844c702860e911ea712be1fca2401016e00d2"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"13e9db36781be22dccfead703178887a472d7076c08a1eb04ba880bf315b952d"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"f2e8cae5bfff1e797ceddf66229b585c6de3954e2736dfd9937657c6aafcd318"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"833528678794682e9eda37e75fc3b11d88aa9dd13d1b57894d486407c3b30749"}]},{"mode":1,"kem_id":18,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"f73216bc387e50725769cd4eb6616442040285ae70cdd6eaf3963d2f2dbc5d35ad8842a11974411029b5887032b027cf22878632785e8e0f7cd5f146bf9e069607cb","seedE":"6b017fc966a0fe4c5e11d163fb557d31169c06dded835b1b516165ba501e53595896f4a34186aa1405987dd9a8952e78b9df7c30107c95f36b1700ed1114b3896354","skRm":"0109b250864bcb64a2ef307b70bfe0c2c4fe0575f6309f08677ab464f24e24e7270537b58381e5553d4e2c9579b8c55d8ef214426b567e25c84e85df188a3b57370e","skEm":"00590c59e7ef2a14557b86d024ec83abae1dccc4586020793971ea1265d01fb7207d39b9e55935f283777cd83506587d4c44ce8b643fe0d06685ab370bd9e90b0c43","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040159780fc638ba2e57eba4d4f645483adf276be35cd3ff5649577aec7eb2277d095913b3022ff6b4aa908d21108607dbeca564abfc31f95bd640c1962cb79c823f9801f1ba80d9f43ea1ebbe298b33180b230818bdfe9c19b2fec1ffe5d2eee68a8e8aa87a9b9275ccf7cca84aed572742628f0ce0f2990c25d1f3d7de106082cc1fafbf","pkEm":"040175970c9c06165963eba5d7b71abddae5d478cddc95f880e86b2664ac42e25edd142a21f9c148bcceaa14f8ea567ee36149d7a974e512f01f945cce263fb82af11800e23529e800f6f1ef0df605b836aa4227c1e9ef40de521098537afc9c6436d5da26f0e4c95a30a007ea34ad91fa04f99af45fbb70785318dec40e87e7fca0d0eed9","enc":"040175970c9c06165963eba5d7b71abddae5d478cddc95f880e86b2664ac42e25edd142a21f9c148bcceaa14f8ea567ee36149d7a974e512f01f945cce263fb82af11800e23529e800f6f1ef0df605b836aa4227c1e9ef40de521098537afc9c6436d5da26f0e4c95a30a007ea34ad91fa04f99af45fbb70785318dec40e87e7fca0d0eed9","shared_secret":"8aff1d8083b1e2fa35a12af0e735be16c9f6d689c1c26dff378966a45f4bd9cb488ae7f917edac20c01640e5499e84b1b0b6532973e40414f52cb89b44fe8bdb","key_schedule_context":"01b12ec5b1b0cb71c610512ec14f972d365f2160aafbf38da681bf7d9ce9befd8ccbc47c51d6f0ffb420ccd4dafa49d39b3feeb93fbfe58bb91585669799e10f0a1589804341ddc17e93c29ce4a87139233f08c3224ae89b29e6989ec29c21ba8abc3cbf74cd2fe282dfaa23b36f5d563cb69b09074729c5f23d751098c2807767","secret":"ebae2b820e744fe1bb615dcfc1c7f5ae3f98acd8bf9bb57b6fe15f367bda66eb8a267aacae8fedea710e2d434037a8b998f4612cc317ca8221c1d9d6ab42d3c6","key":"23ccdd9d6fc29aed824e04646d708131","nonce":"8ee9860c102e2b2524bae87b","exporter_secret":"412030bb4509b7e9486f1167bea076bd889d1af5eb212d1a0eafd0ac65ca87907276f030994995c43831b7222e60220a167450da26650c3582f602361ef239cd","encryptions":[{"aad":"436f756e742d30","ciphertext":"68d7931b7142f075b788eba9aed528ce6fe8a15c68512d65de13ee64dd7bec70d378e13d3592a741de813e926d","nonce":"8ee9860c102e2b2524bae87b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"5bcee8b0699facf9e8b68fd9a109466915dae70d609ad1d323a843168f0eb3dd476007fd5bcd4de4800c8b2693","nonce":"8ee9860c102e2b2524bae87a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"7aee4ad945a439a2e3e6feda56c69ad99aaff4ff2f1b3a9182d1b397c07981f46a2ff10cd05dd30605f7302281","nonce":"8ee9860c102e2b2524bae879","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"0611858c489caa8605244a7b8ec4f3192f932bd7be39527c32fae9fb926568399bd9cb94827e0a847e58bf70cc","nonce":"8ee9860c102e2b2524bae878","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"1ef7694f39dd53bbbe863ddd4fc37c0e63cedaec94619af8c1ad6ef1a5421ae998881343cb12fcdde47b81336c","nonce":"8ee9860c102e2b2524bae87f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"a918e726c2712e448356bba54122178a32b301cbbf84604142dc04d2c43746cf09a8bc62facccd63e13daa288d","nonce":"8ee9860c102e2b2524bae87e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"a904cbac602cb148d817ce8ed4b838f1ed229ad3c27665c7526fe54456624576ae3c76959aa174f0715311c5ec","nonce":"8ee9860c102e2b2524bae87d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"7fdd5b05440847f9785fa817661fbb713ad3e8b1d62951053be8877400c0c47a22747c4cbb466eb0d4f383320a","nonce":"8ee9860c102e2b2524bae87c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"28775e857bd885ecb5f524f96221640fe36b46a4d5801828c3536933ff7f73cd624709a3af153b72917788dc1b","nonce":"8ee9860c102e2b2524bae873","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"5ab15738565a80bd41d3a01afd34bd44492a75b72e992bd1229b0d839b4853d5d165baf7dec3095cb7a36764df","nonce":"8ee9860c102e2b2524bae872","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"5290b3a27d734279bf172a6578ec0a130ca2a9c060da37988ca9c0b61a4db4a0"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"3ee60c21dde226df1f7e1e2d611f9fe9d73cf073abd96ff33540371e58c32533"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"722deaad2e30e65e2a99695ca3b6daeaca4025c076bfbaae2013303c188915be"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"98e6eaa5d9e276c0ae76363023040a628e81397ff0519bbde337a82d8ea95727"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"a4204e8e7a4258c4f230db1998986912274b3f2a7901ecd46b41b218a7c2dbde"}]},{"mode":2,"kem_id":18,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"a6b06b3f40ad9be9c5d4e78b6b9b978236409f59af6ff572af67f9de518a8de7029095c18416fd497911721631e9e036dc47141b3748ddd6a0e446062d416e0eaa69","seedS":"2a7cc27ddc9e94ac5e0c45bf39253bb334df63c6cf4bdbd746f1b055653bcf83919d8a1884ee34909263850b9e975d195d825be63379088c15945bcb4793dd15e817","seedE":"e924e36b2a5fbf1ac843a09c58f0b0dde183245a4d459935be153da95b6e70ab37601478a77d42200393e2b0dd5cdfdba5ebb767ca6393e90a1d990e18a0ebe2e043","skRm":"014eac6c36f931d8740bb7bb64160553ae59fa30937e5b1f01a12bbe8e63eed385c9562e0e54a298952d54e58468306d3d4dd231a193d0e59ff6fb04a9d56597c46d","skSm":"0111fd3bc3a7bfedda3cb83fddf38faed459e53b832ea97c5cc80e00003833cb6316e7fc2bdda1f10249d46600f2f11439fe8e8a057c90d21e5f0ee1b6d4fc9e424c","skEm":"0107ff446305050bbedf39d4e2d2a6a9bbc08ce76214f1ef02c9277948fc03568edf3f215221bf63c14f71222d6df5391232e1089ad702df4c1f57b848fba3c25768","pkRm":"0400949942cd6239410338f0728c610ac2bd8e330a453295e785a4b661ea4b1529e4ff90c2c7bdd084cbd9c196539277772b572e808c8d640294de56a37bd2102037b7006f6533b6267370511ec437ec68b2ea8b682ef4ebe60c19b2d67e42ba20b6fd1e2c8d5bb6b9486c129d8513cd649765783b40309286551188486b89de1779b406a1","pkSm":"0401cf1d39eaeb57bc10827606bd1202a12ec8dc7a3320dac7eb91756b9dd6097491379d4b5f8c6bc24121aad57277fa51f50ae89f22d9dc9d223af88eba0414e6665d00274b9bad8516e98981f3943cf9f0d5ccd0cb9df2c1bbb01af7f312d39b6a2b77ad3fdfe5b75e2db5139f541b6ef6177bdc029b9b94d8148051116cdf15b15e4cb7","pkEm":"0401f2f000a0f0c8f55165ab573f9a106624fc88d382d6494ed83c3528d54e6b196cec236f50dc3bf5494f9608c6b32c779c93ea09b8a8e98ced30c049a0d456110f0a01bfeeb699e936744895981e14e53b93525366342072c6fbd6be589fb487d2adedd5f02beda4f907b0c81508568db3a072125a984e2445a47bb7f95af42c6919bd63","enc":"0401f2f000a0f0c8f55165ab573f9a106624fc88d382d6494ed83c3528d54e6b196cec236f50dc3bf5494f9608c6b32c779c93ea09b8a8e98ced30c049a0d456110f0a01bfeeb699e936744895981e14e53b93525366342072c6fbd6be589fb487d2adedd5f02beda4f907b0c81508568db3a072125a984e2445a47bb7f95af42c6919bd63","shared_secret":"7eebcf4193afaa25997bf5cb158e618945a6f2fb808c916e74dde681e7b309798186c05c4da217e8605172b85136e466157ef1abde77b9c4a327f8eb20871a13","key_schedule_context":"02f561da04cd85ee1cc244a2dc01c448761ef6adc50c3278bd9685a8441a52e99ebf93bd8606a1106f8e6cc040b9d01d47da6ed1171e402d7ed278e376d5efe4eb1589804341ddc17e93c29ce4a87139233f08c3224ae89b29e6989ec29c21ba8abc3cbf74cd2fe282dfaa23b36f5d563cb69b09074729c5f23d751098c2807767","secret":"556450381e562042cf3c3aa5c798c14f237a4c7b6eefdf5052616d551147254994ca8a0dbed6cd1026bd81f51b541a57f6dcbc9970eac3737a5521ae916105cd","key":"33b930a97ed702582652678cea425f01","nonce":"facfc3de1d3d16654a3646c6","exporter_secret":"0d137a52999ac3666f1260c7520c55b63ee269938176f5f1cf9cd7c8ac63ccc150302650cbcfbdfa28376f32d2a368c2a86b52cf5306e2c7c0193d9412dd2ed4","encryptions":[{"aad":"436f756e742d30","ciphertext":"b0e7997abd962aa9bf94b591977fac084fc773faf6706e55de1d783df2bdc94ed9c5bccbb32c5b8bda4a30271f","nonce":"facfc3de1d3d16654a3646c6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"d60872b9ca21813c413bfe4c5a0f6b1237ec032e095b48ae4c53ff7ef822a0c339f2207548fc7874b6e038bc22","nonce":"facfc3de1d3d16654a3646c7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"3aa0b0bc285783a79ac039f7f21dd40e078e71a5dc65616833d47c67025aac87030ab57d6d198103c9767a5e63","nonce":"facfc3de1d3d16654a3646c4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"1bfb77fcd19be061e7802f4db64b23229df599fa6a515b7bb07a444e821c75b3e142f6cf2bb3da3f66a908e70f","nonce":"facfc3de1d3d16654a3646c5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"1d7f887bd329bb672cba847a04b45d9dfedefbd5555e1c116343b2e0afc7f495412c798b16912c9e58bbfefdd7","nonce":"facfc3de1d3d16654a3646c2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"41442da017b36a9c27f3f06fedcb3d09014cc9d411dca7c7d95d38406057676d7ae198e422b1ab7bbe2786126c","nonce":"facfc3de1d3d16654a3646c3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"0614ec3de689aaefca79907eaacc7aa72b602ca54b8c266457f81d33f4e34011fdb6885c6d5a9f9e8cbc83ca4b","nonce":"facfc3de1d3d16654a3646c0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"4881ac5eebbc3c3629c6490daeb84b9f491fa1e7cbc47655fdc77449ab58af5bb26d7fab74aa5f8358d1b06adc","nonce":"facfc3de1d3d16654a3646c1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"cd9e88cc5d93e37ee8fe1569f9a7d576be109004b72b8568fe71bfb213ec8ec9d1c1069ae5ed64c23e35077aea","nonce":"facfc3de1d3d16654a3646ce","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"ebaec62cd84c54ce100614621c44d3dd6c468e0bea80d162ae1153f0b59e18f193b09351e02c0f0d1d160cfad7","nonce":"facfc3de1d3d16654a3646cf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"917098cb566a31bf5d25f2e6269eb678ca48be094bc8cbd92e18550297e60770"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"b059929a24d13f83539cd5af3a533ece04c23bc3339903d82a20532ce7c52fc2"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"73e244eedc6a760ac563d8391ebdea1e6cc20bc5d952507a6400033e466c6e2f"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"52c8a927b91539056071eeeed79b5dbf79c2d15a9da094783ab0d396747f3ee8"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"7af7616f6537a45510b6aadb25ddbedb93d4b50a2481b2234d6d99af5bb8ef53"}]},{"mode":3,"kem_id":18,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"5f06de72f05e73706e8a0c98f85fc6eff3f2e7ef9498ce1eaa6d3f936acfe82c5fc290cbcc414e014b4be2a4ee14d9967478598a1f64e712f4e68d67aaf41fd3aa51","seedS":"e9e6cc24a272adf73292ff3deb5afd8f0576bd0e54293dd34c73654afc74ba8ffa938e79258f97149301c8ddd7509faece4c13a9e89e78080dca3ac7b1dcc8ff5e93","seedE":"3143ae589ae5aeba6d954c33f01508bf410e8d500dc725a1ae36f0ccb2dee83dbaac4bfb1d0b3ba9af13bc3efe2c1ae1a005baf6cab683a19dbb9e33f2d802d04b5b","skRm":"00a3cbfe527a1e2fac8868d81ef28da38bc6022f9b93b9051161a78843f7422640ac23517f9551a096ea34314f25d07d80a984fd406d67aca47af9a7233cc5c6fa23","skSm":"019fe5b5e3a47133f61a5cb9ee15af83729fa7acb14b4983a4ce679e3710c2686047faed72952b16ada67cb1526a9df8d7807873f35e1277e61f6d5b42dc70d28b41","skEm":"00a6c4acc257c589de087e2430f41abf81285a61e2193f32b2acb7d1a225ddb56436ad5808dee4f233b564a1a8bacc2d4468ebe4f969dea5604dec1acd294e95d84a","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04002bfbf7302ff541cd8b01e27038fbe6f35f74bcba2944b68bf53cfa2ae74e0d365e175dd7b8818f057e9b4e9f1b387e708e7f8e7c0d89b95b6fe192e6d293a98dad0158317ad685e12a1ad93a7bd16997ec7c1632f2ceb56418fd942dc28d0ddf5ff77cf6b24f8c831e2048091389906034e53433fb4a50c01f3efb24da8c73e3fbd737","pkSm":"0401ccf22f46a74a949572e124e87c59a519cce79d40ecafa70684931164ffed6f7651bd08c3a6ff4a933665675a65fb4c212c6e24d3d7b6ac4e4c75377755f54b2b1100a2ead01cfc0d0ca9a1d9e563ceb44aaacfb2d3e8d7ec39831bd947631795bcce06e6e89dd0d81e69c967921685fb342e84e9caf09bdefb39189d2b5537f67e0b84","pkEm":"040057beff01b9625020fc4faa6a54260b73bc4b39636f3e79b2b20cbe094de634831fa88897dfca7456ab05106f72a011efe5a2d72de2ff713924419de7398475130000a589e352cf39ccc5208172c0c720a3c93d71078d5f643b5e2a5d92de1c2c512083204e1826f46bb1aac4f03854f35f45740c240d20120a53898b330fe967721a17","enc":"040057beff01b9625020fc4faa6a54260b73bc4b39636f3e79b2b20cbe094de634831fa88897dfca7456ab05106f72a011efe5a2d72de2ff713924419de7398475130000a589e352cf39ccc5208172c0c720a3c93d71078d5f643b5e2a5d92de1c2c512083204e1826f46bb1aac4f03854f35f45740c240d20120a53898b330fe967721a17","shared_secret":"b77f09c6b711384291a1a4822d9fd5864a08c968902ffe63835878b35335075c257a4863a6a8d6ad6067adfb545050837fb8a19d03ad691cb0cfd7f76d03500c","key_schedule_context":"03b12ec5b1b0cb71c610512ec14f972d365f2160aafbf38da681bf7d9ce9befd8ccbc47c51d6f0ffb420ccd4dafa49d39b3feeb93fbfe58bb91585669799e10f0a1589804341ddc17e93c29ce4a87139233f08c3224ae89b29e6989ec29c21ba8abc3cbf74cd2fe282dfaa23b36f5d563cb69b09074729c5f23d751098c2807767","secret":"6cd564b9a65e237c91771af7a9da548440d0bc9f22f36f72d40a7f9433753548bfbc2e2da1179ac84af405f13b55a68bf2d720b5076de09d38846f1b42640ffc","key":"18f593f0aff921f7f58f50474601eb10","nonce":"b8113a6f9ee5cf29ba88dfd5","exporter_secret":"d15f9c13268af889d0694705c3f98dbd541ce2c33735555a7abd5547251c11c19a44e5ad0e382b704e45f8e58584a8511f6a1df44d2861b3550cf43b7e2d838f","encryptions":[{"aad":"436f756e742d30","ciphertext":"dbabe86a5bdca936147e45a05d744207bf45f1ef4aabab4ff9b6c72fd41190649ec1ebda705b0cd012a0ba28ee","nonce":"b8113a6f9ee5cf29ba88dfd5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"bee4c779624a07eef5ae46e427a39c89f249c2564be98ce87c99c25be66729f939cb3c6bf17587a15d381d7f1f","nonce":"b8113a6f9ee5cf29ba88dfd4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"63124a0efcdecc80a4e202d1865b2b88e67e86a14e875117a40821a02203aa32593bc7ff792aca4ec3b31977cd","nonce":"b8113a6f9ee5cf29ba88dfd7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"4609212683526d757aeee1bb91eaeb147457dc83ec4d49304a2128a57694f589a9219bfa95c4395a3f282f3983","nonce":"b8113a6f9ee5cf29ba88dfd6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"521e5eaef4eb073913249a3cc330631c0e05e56e190e3e837f5415a91c6571e7b96e86ca0a7d414296a393801f","nonce":"b8113a6f9ee5cf29ba88dfd1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"68b48f40a6425413b71fdddb8a9411d65a579f40d1025e594aba227056f2c2f2765736952e8f570ba90ca17420","nonce":"b8113a6f9ee5cf29ba88dfd0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"24202e80f83b5ceaa09e7006a4517d6d31e58a190f6e7495c1ba9b1a3af5c93e67524aa778a88405af41eb04e9","nonce":"b8113a6f9ee5cf29ba88dfd3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"bfa1b2d7332caa15cdbadc9703cd198f48e9d8cbca96a3e9124f024246ce2de93fb1f4ccc0542beea62f68ffa7","nonce":"b8113a6f9ee5cf29ba88dfd2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"e963bb2fbb4bbfde98c59d6544d04f38e8fb33a871325761ec31a6863b84f499c41566cf5fe54725e690c90508","nonce":"b8113a6f9ee5cf29ba88dfdd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"a7b89f43a4bac6ec41c1abd9126455e9472ad34bc98692a2dafc4616891be6ea89cc60959e9a505fa17ceabd44","nonce":"b8113a6f9ee5cf29ba88dfdc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"163809810a5d97564de6f9e58e59804053a5f6001e6b318cca4f9f0b895d1619"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"df744c018202efe80a2a97a4a4a58e95ef3d80cda9cf3f9cee61b0612100010e"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"bf52deb8e2c0958063e38589edd21ce547a71299662ebb96aeab7beb85e291e6"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"8429381f0b65b4f13481516c4d1387e2e23927a95cd2a16a58b0dfdd1a3c2fc8"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"a47e3e0cc975fda3d6b3bc65a9cf5baf7291125f3b26f5d288fdb78f24fbfb91"}]},{"mode":0,"kem_id":18,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"62641514bccd2858f3d6513305288d6ca0e443f00a86eb33ccd519d1803aebc5d07bbad0e1013ce61d9c9d713b3c90c8e79a1af01d6c69750f67cbbd1d9d4afeedfa","seedE":"1ed3768f499b5b3c2beda3166528b649d4b117a0bd450f0e9e19815c2597d1777ac67ea367415fb28c8819c94b383a0a8a15c9f03b4835330e3e6c8bc8319202e473","skRm":"009f662259723e2774e0ef4ef1fc57dffcf7f96fee05ee32b8534983f25daab861fce9ac5dc0cccd3d346a58963e57653048f933f9c884c74f776bcd57e6669c9a86","skEm":"00c028f97f53e7609c4f9478841b29c0d009abea13d12f4d558f57b78fa6193faafdf15ce03572ea2330510020e9bdd2d94c1d461d1af9e8f2b2f1e7c6dbeddec850","pkRm":"0400dc5973e5ab5a417e82c8115abdf28a78ea32a397cf067b9e783ebff9182d1e3bcb32aeb9ce74ababd634678a6fe716ff15f6135e8ee7b43f46364198ac03c4504301056de893c64abc7314b877dc699db98be5cbf07b12e0c141578e0aeba9911045f193511f074b4f6036dcd5826515dd4aaab522c4a7f44bced319e9583bc118d14c","pkEm":"04000fe222a93e988f2b890bf98345fdd3c08724631091dfbd8c3572a91e2fc8bd878f1537852bffdaaf55e168cfa4511445c390a705bf322ded61f4bf7e5a9f69248101acb73eb821bf6c757ab35286af062fa59f614e319c7eb62a1423c84c86eba1ae8d65280fd69916ff758825e2944c2df3242b3f6b110da559bf20919431cab76cfa","enc":"04000fe222a93e988f2b890bf98345fdd3c08724631091dfbd8c3572a91e2fc8bd878f1537852bffdaaf55e168cfa4511445c390a705bf322ded61f4bf7e5a9f69248101acb73eb821bf6c757ab35286af062fa59f614e319c7eb62a1423c84c86eba1ae8d65280fd69916ff758825e2944c2df3242b3f6b110da559bf20919431cab76cfa","shared_secret":"836dec8ee53432fe6135a364858d61a256848874d645c286d454411eefde448bc7654cf506bf1e4ab3dd43f5d9baeb05b24e2ee6b3591b5136432ff747c71722","key_schedule_context":"005c0b2bdbbffbea1af82c95fa5560defe4ba0a05fd3c301cdfab3bbc2fba9783d13d14ecba2cdc7a7c1f544087eb5b3a22ca199e34879b2bbeab3d644cb2a005dd8854451600d718851b126f132b5ea0cf6942b64e7e586a7f8877bbcc281c8f6c005e9d1c201fa65882d2162ed577741da4aed5c33fa050d83feb94a4e88638c","secret":"71529ceee3d8881f66363e99cd1bade88b2ea7b8c19363fc0e093bb92b961c31d61e9147aeed52bc81be1e4f5ce18bb758a97dc54030e63ce37d3a92860328d6","key":"80358d48c8324176a44632f90c826a6bbfe7b2126f9ee47eca65f58faee8946f","nonce":"7502fc65d8e5db6fd14285c5","exporter_secret":"d876060f03e1ba934c3e3c93416e91888b0a02614f8c5a27d24f3112754c4d654bbc04fd54c1aa052c5dd81358362ecea1c15e20c9cebaa5393e52da73d4f611","encryptions":[{"aad":"436f756e742d30","ciphertext":"ba38cbcd619868b4e993b7757cf8449aeab47d07741a62ec8b3fa72c136b7e5f6c11ee2faceea367f4126181ca","nonce":"7502fc65d8e5db6fd14285c5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"a97932db8c889e85e844b1b8fc75fb3a21e25569bcfacc74ce47287eb35b59372f0e6c1762446674aec9469774","nonce":"7502fc65d8e5db6fd14285c4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"dffe364d097f06751044647b5b992a834414c0d629b25f9db8e0bde6687e26f73cd7f77078bd9d677a4e3555ed","nonce":"7502fc65d8e5db6fd14285c7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"820b741ad9f16c1e434fffb94ff55b6ec7f4063367e4c449bccc1529f758f67f6432a9e935e42196f810116f4c","nonce":"7502fc65d8e5db6fd14285c6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"e48c2e05ec38338e78a2ed2473a6052006f474957d9ff98ff26c07d51418bda9bebb572b6a46bdb8367a65595c","nonce":"7502fc65d8e5db6fd14285c1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"e06d29c5648f88176dde24501610a8f51438d6af6d3e4c84d73906987aa918d8a2b69876c748eab826e603f1b6","nonce":"7502fc65d8e5db6fd14285c0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"9a7ade7c34c2c2c48dfa117a6618e76eabb8fbfe0bfd5fc91dd7c1fa849a3ee95e37026de1cb8120db1a8fdb6f","nonce":"7502fc65d8e5db6fd14285c3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f7c76b6fd22f90d58f43c67da7a9d8ab7ccf53e7f9d586308d5c64cdc268358df5e1a6a44c8a7c611018b9ca7a","nonce":"7502fc65d8e5db6fd14285c2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"8d4fca01e27ed84720bfa1ef4cd2ae8df59e0fc41593d68de060ea1e765edd03667ccab3f3ca3a05339196a21c","nonce":"7502fc65d8e5db6fd14285cd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"1abf19cdb9f0cfb71e23569c2a36f283a542a228ac95893e7ee5782cde5c82beb8102ed924f6d0667bcef7d678","nonce":"7502fc65d8e5db6fd14285cc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"25165e98cacc80b167e37a1051b2f3e2c22140959dfe2a9493625e83c9be9f15"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"f9b5c7fece670b2d8f0bc6337ead2815e00ef98108ceaf47a42d81f5b180c1d2"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"2c2716e716318f538e2fe72a5578051588efb8948d12082e9611477b511afdb5"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"09ed503d557c02ffc00ba7a86a57506fb967622c17fc6a5b9109135fd6ccbbb0"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"62daccd56fa57ed1dd1998088eef0f20a7272d422a664f31c3b9ee3a7f1ec185"}]},{"mode":1,"kem_id":18,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"41b782c18c14986c9d7a636152f13677aeddf479c1c7791ea46e0ebbe35ca9dd524c23d730eef443741d7d965415833d6c549c8c1b31ad05f2b9a88f916b2930528e","seedE":"64463def238f309f1e9d1f28c15dc126cffa4ded911a4c527eeb71ba593847fb405756239d2c694ce4effa3996cafb5cc0b3736dd988deb7289210ec92bf6b339302","skRm":"0002be614bf40b361548a5a881d5fdb4b5b1bff90bbc5cffb0eeccbf9163076881edc46eb7944623d900868e532b9b1d5eddb47cabf4579a11793193eeecaa5a788d","skEm":"00a173fbc49ecb270b4fa1ab823cc457f1e1e0dbeadf9b481b824099300fe6c11e0329dd0b82894881a9c57209ad5a47d37172283e8af39c6d41de867a7e16c87bbd","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0401dde7fc00593a91eaee630e84d8cc9cc07c5392f779d28c82784b5cfc38fe916f28351dc8857404fcd81a5c317eb82e18ff3ef0fbe87f49db936f6a6c0870c4943401f31ed2fe9192f09f8806441675180b8cd8ab335dfe855acfabbd86e60fa5a08e4e4faab1271e4530ba61dfece5332f55fd14efa2172b8cc4670415a37fd9587dee","pkEm":"040041d3923b7218cf378f7336712e2ab1d254a2e7b0e67b85ccd149f68115e9d1ed4492f5542923586feecf2e5500be432e181e73bbcf87947914ba760ab1216e62f80067e0e0899fbc87ffcf0b2e7556f4bac9395aa3e284f73323c87ab3e5bb8409e2b85ed657170aacad0d83cd8ea71dee1b480634f818383d75899c877d3fa263fe49","enc":"040041d3923b7218cf378f7336712e2ab1d254a2e7b0e67b85ccd149f68115e9d1ed4492f5542923586feecf2e5500be432e181e73bbcf87947914ba760ab1216e62f80067e0e0899fbc87ffcf0b2e7556f4bac9395aa3e284f73323c87ab3e5bb8409e2b85ed657170aacad0d83cd8ea71dee1b480634f818383d75899c877d3fa263fe49","shared_secret":"8fb618ff94fca65c1bb2183b5683bbefd0aefe66d1610e0d1623c8b3d00c2fb5feba21b1050d7752ad1f0b52250624881902f3d5156b4b3c454aaee2b2b20a89","key_schedule_context":"017344e204124da2a856fc5693999bbfd1242c27f4b2f16fdc92751d458fbb606adde7aecc32db4dd5b0fdbea7655c7c0e8363da1a34370ba59bfdb42108a4bebbd8854451600d718851b126f132b5ea0cf6942b64e7e586a7f8877bbcc281c8f6c005e9d1c201fa65882d2162ed577741da4aed5c33fa050d83feb94a4e88638c","secret":"edfc1907ed7d5006b7e821f9802b49192ebd40dad26bb9ebc20192bfc4e6319f22dd9950d51fe7c07c48739ff424509b056acf2a2acb655b59999626b91741b8","key":"6fb2ffb368d1d76a743b9e51d8293d0960810936399fb51dcffe83ddf14c6271","nonce":"ba6d3b6c7435583230a60d86","exporter_secret":"1926473db83cdccbfc308c0a286b0e248c2d2cda275c6c511f50d64768d483229f24f770271cdb01096bdcb15c8269ef5e80e592998fb43c93ea3b8c0e1e46d2","encryptions":[{"aad":"436f756e742d30","ciphertext":"264cd2ede05a9ab1527a01508fd537afe67b6c6f89d5a09e9e28bb3e0a52c61a174f9ae71681f548ec44b38ccd","nonce":"ba6d3b6c7435583230a60d86","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"4b439bc9afa3ce832cbda50c31b549fcab63a7ffd040907e1fdc5200e01d5d0ba4b4349eda9c135d4b1a39da7d","nonce":"ba6d3b6c7435583230a60d87","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"b8bf1321fa9d670cd0fea9c59ca8a88583f793a27633a8ab5b026e3309b7861d98c1546ee4205621da2d5899c0","nonce":"ba6d3b6c7435583230a60d84","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"3816786f0f619b1ba80c0046a155638b616fe90d2c33fd4229299a0b01d7b632d9ae77da1bae05d6c0b8fc1342","nonce":"ba6d3b6c7435583230a60d85","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"84a1574168983ccb5b52a5e0b522f04cf5283bd6e818e0f4c3b165e179ad899e34f8675aea5b905605f10cfb15","nonce":"ba6d3b6c7435583230a60d82","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"cf2f3b487370c15dea92ced3d5a5829fea7c539eb4583dbd61b090b2e0b55efe9a93b1e14aacbd3a278d39d272","nonce":"ba6d3b6c7435583230a60d83","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"e26984b3cb713bc5061ec0bf7c9b9ce27e95a1f7c19d027179744aae3788c65d6695ce92148e055369c6094d1d","nonce":"ba6d3b6c7435583230a60d80","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"d51df949ac4584f4428fbf5b391b5e910336401264d7be5366da4818b17e781a960d67f537218969947fe6aee8","nonce":"ba6d3b6c7435583230a60d81","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"7a75a9427db2b5692723ac6e7230ab12f4f477ede1322f28ccc58a6e0cbcd8b6583785b5b20b1211f718882a14","nonce":"ba6d3b6c7435583230a60d8e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"c7c2153eebbb2fbdc0f22fff28a5981e548f2007e8dea3e65eb4b0f5f91b7da603b872d17ef2d14f3229576c50","nonce":"ba6d3b6c7435583230a60d8f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1e22305088a733da436e9f34981bf02bc5387c585709050f1d793f92b21dface"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"2c885f289aeef95d8305a401869704320046283bd42c9c827a53c777e97cf9ea"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"c725f067eee0973e37641b9eb160a48ec0b38206b392ddad62366b6c778e6543"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"34e07d6e42b66f2e8151ea3b18ec883116ad69caba9befd7eb15af3595820896"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"363a041e5cd48d14546e9cf1cdc0e07ae84cf4ce92c343a7cfbf2900ba6817e0"}]},{"mode":2,"kem_id":18,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"54af23ea93c8fc34deb6a7cd70e657ea8990fc4e9a18656d5764b62f7a33a9e0212adeae1585ad2ef28688c1b558866c1975973c4dff08955c1f9fd7939b10b5fbfc","seedS":"b65599d814192278ab826ef197a61b77db50f40495f77502dfaa03acd1f3565a3cefebd59de2328ece0638c90d8a89f9ca58f2850e39e9a4c9c339290d66da12fdf0","seedE":"81dc51e31ef8e9b33fefcdf00bd3b0ff585b941fe76cf39a86c269e2f53be7edb3db0be1a58b6cb8d8e6020fe8a2018c59d47cacb35b2b8c61bd4155438b5eda5c0d","skRm":"018c4d39ce0fe30e708136c80fb507b12db90d248da5c823afcf27ecd9b103d965181d870c873c1c221f7e69409b65591acc8ed470576ad76daccdc24cb80ef77ef9","skSm":"00fdac1340626d9d6510afb50ebb7ce865bcce98d33325f30f3cd354e5950f2a905ead357966a2ac549f4756f07fff3c6ed70d5dda8ffd325f0bd5a3582910aef18d","skEm":"01f1407a3723aa7c17931bf192ff7956c82d80f54db79d4576f82b69249df8009f699718e82c77b961cc9d040ff1d9272ff97d2ba2a6c92876950e897e3b5f0f2c05","pkRm":"0401205c8f7f686f4c76e9c4c4915fb8bdfac4003cd9ccb92b885f3b8fbd9f846e47c32c6beedab8fc0643f8fb6345b3d9f75e651c0c9477970dfc688f6c869629650400868296e95f404533db84ad8f2e282218c9588c25e94d5b818dc54f1a5659c36b3c60c95405af87d6b2684bd02ec6462c7802a52524d8886c9e1c7ffa8de9d75680","pkSm":"0401686163e4e2bdbb7d476a3668343270457beaea97a008d943eaa767bf4898ab97c01c16f9312efd77572ee9e958bacd6dbca1c8ed8de22c165a084ad7ea0360fa3b004d33b20332bd85bc9c2b772ed56b40ebe5ce72a01b6a481f591097cd13e6ecfac471586bdd49805ac94ba351d5c5bee6ec66d4b599d1d123ee7b3463c5901b3434","pkEm":"0400c708757d53d8a1ac555426d660014fefab2676fcebf62d7589339f24a0f632e51da9e1b13631f461a48753b756c3322032cc27b32cea63cfefadba56952d7ae35c0166b63cc1e329938a33728a2ef6fce3372589da2b9bcc80ae007dee3e084b1656349f15145905689ef920807ff239f94891b22057385c7b97ea517b1ab21bf5fec8","enc":"0400c708757d53d8a1ac555426d660014fefab2676fcebf62d7589339f24a0f632e51da9e1b13631f461a48753b756c3322032cc27b32cea63cfefadba56952d7ae35c0166b63cc1e329938a33728a2ef6fce3372589da2b9bcc80ae007dee3e084b1656349f15145905689ef920807ff239f94891b22057385c7b97ea517b1ab21bf5fec8","shared_secret":"7258e75f7c2a8ded295523a7b99c1045925dca1628a91bdca9a2e1bdcc187eee3b627f2ab6a73853c8dcb13a95d0980585c21c25cf92b7c9d945430dfc47e690","key_schedule_context":"025c0b2bdbbffbea1af82c95fa5560defe4ba0a05fd3c301cdfab3bbc2fba9783d13d14ecba2cdc7a7c1f544087eb5b3a22ca199e34879b2bbeab3d644cb2a005dd8854451600d718851b126f132b5ea0cf6942b64e7e586a7f8877bbcc281c8f6c005e9d1c201fa65882d2162ed577741da4aed5c33fa050d83feb94a4e88638c","secret":"dc6a1631b3fbc9d6b6b856d60738cefe1743cfc14d1ae0627b38386b9abc9b2f86dde080bb6b9d7c3eb579d6bf599765cb4a5e27cd134703acc06142901164c9","key":"eedfdbacc250f004a9a4027184a95388f9ebf86ce9593c81921da9eef5d9f6e9","nonce":"8c1fb99aa9cca28b2a1ac3ec","exporter_secret":"1f64d525bc6f36488c46c0650b6f0c10a887e0e300737a2c167e4ffd1b4d91193750fcf26173f0c8924f6a86b01fac3f6753d4e9f91abd92b042ae3218d7f45e","encryptions":[{"aad":"436f756e742d30","ciphertext":"1f4da6829a7336ec414ffeebec31807dd1acb2ec248b165b5d29732dd0057fa76be483b9af01437b32ebe6c061","nonce":"8c1fb99aa9cca28b2a1ac3ec","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"168714b29e7f1c3a91dffdb6cc576b7be34ef929b7ccd598435c4ef1af52c5d7ddbe43f51ac50b27bbf9ce0e73","nonce":"8c1fb99aa9cca28b2a1ac3ed","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"639d9f6c9ca75d91fff8d4a9b0608d10db800fe6a1ed208a09fb907f70a327c61414a20e4910a54f12f2ada7a6","nonce":"8c1fb99aa9cca28b2a1ac3ee","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"8f90fa8fcb29c639026f1f56a6ac3926a0a00f683ae8ef41d96dcb1227b67a3e95293864d68e3db50cd027d3d5","nonce":"8c1fb99aa9cca28b2a1ac3ef","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"e325abd75e86991abc1ba269fef64c5ccb3a5c1636f4c8e026205ad45470cae1771d9a5c87a3a21af1d6b89cc0","nonce":"8c1fb99aa9cca28b2a1ac3e8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"e1a27236cb42c406eba76558911566feb7599ed953f9a90949a26a2f58eb1b3c3271fa839c30fb94e25a50b98c","nonce":"8c1fb99aa9cca28b2a1ac3e9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"2c4b97f2267c0cdae0dca989a4e2dc273742938c0a512839e4ead5c27c6c37941f181b6ab9492abedaf1139f73","nonce":"8c1fb99aa9cca28b2a1ac3ea","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"f47cb2016143f9c989a456f608c79fb482eb2100c7df02961f51db7a52095560e12fb2014838a44ae3bb714ebd","nonce":"8c1fb99aa9cca28b2a1ac3eb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5a0ecf0fba2d379a909080d947a2396541c7cbe17b129197a00d3bf8ada54e042de1b9ea7fac92ad212ea44507","nonce":"8c1fb99aa9cca28b2a1ac3e4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"923b8cd6aaa17919dc2a7781aed4683be667d0e1d3813e87ec1cdf1e3831ff4048200f86feaac65c905fadd5f8","nonce":"8c1fb99aa9cca28b2a1ac3e5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"7a96638a8687bc888f4b0d085684dc250e8e6f8781d3f9529863cddda962f26f"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"647aafb6c2ef4fed30aca20558f1c3d20adb5b113ddfdd9ddc382226ddad88d6"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0c1623f289d451b5c9409ff9c249ebf93b6f60f7b26220d8f440d34b3d953b77"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"dad5bda5c3f44c7bc916083e5cabf83d236ebfc11969bd12f9749f6343cf37a7"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"5aa4b65d67adeb2bd6c61d69dd1d9f034a5081c6775ef18ce0e55f5047690937"}]},{"mode":3,"kem_id":18,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"46592c2b171b8cdcce89601fab103f63ed43badadcf9df62a928ae3b7fa91f269eff3485f6401c374e19a8bb988005626b9c26d39795282b1095bcc4f62a67255e15","seedS":"d02446c344c10cd162486caa69aa1156ac3066e0fd668fa7faaf13bdbc944edbc0cd68ee36e4c30ecc36c2c5ab0978473eb1b5dcfff27985c9328877e85fd48b657d","seedE":"dc1fda9b21a1af6925ecf9ad79d2422f698b4168587c7908b36f5f58352181b9506554d8d8c9427e0dd2cfda25f0eabf58e9f5597e1b76ac12c799fe96e3cc03dc59","skRm":"0060669f64320d18ab930d3d8445d08c60cc160c7f6fec3cf00c0d4fd2683c78a4fd379e764717e8c15d5ec65cf35c333113c8441249d17f61d476b55cea893b54ac","skSm":"01e1aac5ee87bf982e74faf7a452e9336084472898bfb9a5e38b3e6bea42e5cf8b8dae5a81e0de94d01a27f3f519d7bf5fa2fb6210cc704090062c230eff8ab45395","skEm":"01cd84ef7d3c0d780d48e74460dfdd6c8af9e7658c5fed7a9e5b24c77cfba485ae985ea0f12bdf7d71a30842a56f0eeab035c6154d0676ef83d7ff189aba3581c8ea","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0400a45f815c40cb61ab387708fb38cb3283dde4750bec539d124ce268ea991554fca7ace0d096ca2607c4f9d53e19a45b25415f4eef39ed601a43ca15b2de81b91d1e00f2a93bbc4c2ece7841e67916d23f5582bc0930bb8a22c8401b7402511b93a28887ecd81ca17ae2a3cc11e9e9663ee1385e8f245d4a1720bcd8334faee88ddb849a","pkSm":"0400a7b0299c29e52f560b84c357c5b3b379a3f32b1f5f2c48c89fe88c655f28e980dc6deab743cca6a12eaaa1df826f25d17c5eb8fcda8d6ca207153a24108f59c675013edf7d12d93f82de1e1a47d1fb27d082f3dc1ca605792b11171c8e0815f8c9f575e7fc0bbcf6108a0326fa5fdf713282ba60196d6524ead737d512e3b1c0e94c69","pkEm":"04007abb917b25112c8bf9a75233c90e0f55a4b6cd4f52a9f8a8856e85f82bbd84ac0d1941f01aab2c7846e6b562c0f5168727f4443acb84249f357d591f7bef8651d2019e0f9ef53c20a74f6cc9e6080e792877201ec7d4fb5fa22e184d1d848314811a3d110112172bc802805ef7405dc0fac4f5f401865f0410c05d172524a71039963e","enc":"04007abb917b25112c8bf9a75233c90e0f55a4b6cd4f52a9f8a8856e85f82bbd84ac0d1941f01aab2c7846e6b562c0f5168727f4443acb84249f357d591f7bef8651d2019e0f9ef53c20a74f6cc9e6080e792877201ec7d4fb5fa22e184d1d848314811a3d110112172bc802805ef7405dc0fac4f5f401865f0410c05d172524a71039963e","shared_secret":"82913b51b3809a9177ab90ca628e661126d8b64ca95739f6172b93ff511ccc0b7b6255dd9bc17d692b598acd10c1a3b86fb242554824f06df693f75c5d2935d6","key_schedule_context":"037344e204124da2a856fc5693999bbfd1242c27f4b2f16fdc92751d458fbb606adde7aecc32db4dd5b0fdbea7655c7c0e8363da1a34370ba59bfdb42108a4bebbd8854451600d718851b126f132b5ea0cf6942b64e7e586a7f8877bbcc281c8f6c005e9d1c201fa65882d2162ed577741da4aed5c33fa050d83feb94a4e88638c","secret":"fd3c39728bad99fcb7c2430841690994f624a2bcfaba38affe3596b651bae01ccd0b7b1c9fbf10de0fddb9ec06bfc9dfcd0c1fcdb2cbfee6e27e4a653bc24344","key":"7262c38cfa0c8f468160fb1530579d53c433559a58bc1acf1facf5231bdbc7cf","nonce":"65560e6c300fd5a0a7dba420","exporter_secret":"58a7173f251e03619d615542539e40c9bf480f96efd02621621106296dbff95aff003971cafb9265d92ba3d7fbf67283c40364f7def04cd4d6429c015172e76e","encryptions":[{"aad":"436f756e742d30","ciphertext":"e0d4d9b38eb8b8dc1f2c986005a83b7df5bde76d48c95dd59bd60456639a82feb3ea3205b6fce5e672fad9c73d","nonce":"65560e6c300fd5a0a7dba420","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"a905aa5e9c23600c8bdd8c45b2bdd3352727175c565d4d60b7e4d7083b10fe26afde4ccdab36726e6e0c26d78f","nonce":"65560e6c300fd5a0a7dba421","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"f8d5733f3b2e850176ae68f998268125662161b4edf86752a80b70ec03762dcbb8508c495852fc313cbca8e065","nonce":"65560e6c300fd5a0a7dba422","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"800f11fa1dc970978fab07a6a4fbd9101239fbbc931167373fd2ee5129cff5e1db3ae36d9596ce9476ec2a925a","nonce":"65560e6c300fd5a0a7dba423","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"644ce2fe731274c00b455a25e7a733032dd2916d25a4a39d28a89f3f5282b12b20afde48860ea31f187c4c4ecd","nonce":"65560e6c300fd5a0a7dba424","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"3ef4ede51efec97da0af338e7f2c8a30885ee77c0a23cb33aaf9509118c97aa247bd40c0b0488ffdfc9411a77e","nonce":"65560e6c300fd5a0a7dba425","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"2214739cc80e0455e890177151f3395f79a2d19c121065e4e8f67ebcbb0c10d530e931327b1ca9fe506406d629","nonce":"65560e6c300fd5a0a7dba426","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"25d21a04b992960fcfc181ccc73d2106951c7ee6a6edbe8aa9de7d9f6104a16823e843fb30f02772689a01b3cc","nonce":"65560e6c300fd5a0a7dba427","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"a1e2f5eb982c4be137fd6deff6ca1f20241d79b1428cfe29502df25ba47d62e332ba396cf9dffe00ba694ef866","nonce":"65560e6c300fd5a0a7dba428","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"9be2404dce63045a15f601705f7d6caaac998e78462485474965b6c2c56eca046fe15b69b2e93288cbaced2bf5","nonce":"65560e6c300fd5a0a7dba429","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"1f80dacf98a15b2eff384c6aac4fd98dfe425968fa7d8ec76d2361da973acffa"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"0eede8db2d45fbd3a3a4ad5ad47ffa593e57a9c6b165dfe1a4b3a179f6583276"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"0e32f7da3eaa86937d5c6564d1b478b498091b8d783f331b7574762c77f11081"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e658a561a3ddecdb7adc3357c553e55c3eef3ff9c8698979c59029d4c16dbbfc"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"3f2c9c7eae96e43cefbdfb5df2607a442a3dedb0bfa6c9a3b15bf7475dddcc6c"}]},{"mode":3,"kem_id":18,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"afe4407749e1accb6df86bda61cd7d61a0e295efcc9ddffab0ef8324fcf281d15ed770776017518bf16740c0ba6523eced924c525a676ef0dcafe60d38042fff7788","seedS":"03e44c22c38d193cda5d66a314d9f36605f3c3b155acde8fe56ed2261879ffd85bf395053af9f51d54f4684ec92d7208a95692ba920c9e96f8fc131dfff8a1dac71d","seedE":"f9991b4bc4ec5ef506e36eab43ef7422b068c5e66e2ce15c0d7bfe44ceff2a3807a87638d1a3797e8f774cdf681248589cc6894d1a64da8027666328a1c32165963a","skRm":"001b6f9d8b218e96132f6f51cbbebafca37d0cbb6ef517034ce41534c90ed4687c84beebc59e8065b30937970050053a3896a6367d65f444484133e7d86597ad48cb","skSm":"0069d82b87057772df7f75dc74e78896b3450f6b694022e670f7b813bb95f9b17c8ea57d07ee79f49510d5d479fabcee75c459ed730d50ea9e055b1fe2647026aa17","skEm":"01ba14a645f950d05dea697069be887b3bd90649c7f2877ef501f83ef231e6839e07428c1731200b44082a6f184ddb26fce2641d855bf66564470752033179570bff","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040154dd6d80dcaf2bcfba96edb7e52550e41fe5d768729b5559dd77334d3ecde2b88c237f250e08184098445c3fc3596c47cdea9a2e0435f9ce472f199e5eeba3b7d100b5f6a6a55ca05a36dc544ed5cbc2b556f5e7149d11a8e7b6c5e85003118d2af94bbdd82050ece599ff29b4435da6acfb7ec3f364b8a95c577cc70a6a9a42d17c6e","pkSm":"0401367b19816b3d3a8c71cc53d2037793260a90e979ae9b4d3910e52b3cdda705dc29c4d63dfcfa0adeb2ce2827ffb52e6f0ba7d0c4aedabc68e6dd372368b8a88784014916cf8e23c8d529739d074dbe7045c81881f09dd163bbd7e9db6bcb82a45e0ef044ca181d709b7c325900e52984b82d4120d9886be387623bb9b82a4ba3537f0b","pkEm":"040011ba58eaa601f71289bcc8fa90bc70d35bcaf0d2f0afa02a3d0f4820cf70906fcf1274f2a1163081a85e81794e9fc285a57572d433189e8662fcf74f352e6c3df7010eb5612096b921e03eeb4b6bcf2a5abbc0d6dbf060d97f87628f19d97ec60a7524c28fdc0d0dbfc1765909bced9a10371abe96b47c55454ea9659bb139df6907b5","enc":"040011ba58eaa601f71289bcc8fa90bc70d35bcaf0d2f0afa02a3d0f4820cf70906fcf1274f2a1163081a85e81794e9fc285a57572d433189e8662fcf74f352e6c3df7010eb5612096b921e03eeb4b6bcf2a5abbc0d6dbf060d97f87628f19d97ec60a7524c28fdc0d0dbfc1765909bced9a10371abe96b47c55454ea9659bb139df6907b5","shared_secret":"5313dfd8b46f5749afe2457b166fe3da5ab5fd49b04fe5a13c3a23c9493320c3a32565d8fb4f8e31b0b9fb5ec81317238380a0d333afa4f243b43fe4d26626b7","key_schedule_context":"03ba90b638d5ae2c6488edc28f7abc5188a60b96c6e96367794c34759163a5ebee443d2f641d7a0594ce08b4f3653353ee089cc3091c939e8b6fe3eb4ff3748cb285b4705ede051b724ef3f87671693f5557e24db97b1d0f9157193ccb5e5493f80502223f08b249a52c75d3f0c7d70e95b529f34e03240a6755ddc65ee7b72241","secret":"3edfd3e7d221adb57d9f0c2c8005ea31e712b0d2fe21655555f9f22ba95e879669f3b634c76c21a9be38ac1965dece161a4d8cd3c63357b4f3b25e249eb5d453","key":"852e9e96c1324407fec8bfab71bcdd586984471dde8b1aa9695adb9e82b177cb","nonce":"b23012a7ee4c4dc0efa5615b","exporter_secret":"030d34aeff16f253db254d669d9a94917e098e1deb058e0c1e357868a015a76b249e8f5b339bfa9cf9cfc6844af2baffccffeeee9e64f3f912e7d738bc4c53b6","encryptions":[{"aad":"436f756e742d30","ciphertext":"c3987a07a677eaae164acf205dd188a613e6aad523b82c7d9f223fbf002ee21487a890d1df5c87f964320f6b4b","nonce":"b23012a7ee4c4dc0efa5615b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"91d2a397e07129db85c99852fa4341585ddf921d211a8f8d70b6352405210dbeb362b2dfb4d56e2c62ed5a82b3","nonce":"b23012a7ee4c4dc0efa5615a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"bc130311bc5d2987c83517797265572b43137ac317d826e59e5331a63bcea7db6081b7061ceaa8276baec39aff","nonce":"b23012a7ee4c4dc0efa56159","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"55bd00ea2b8183677a1d2dc4dbca2ab4ec2c4b39aa561113e87bccac91eba37d268c1f61b5fb2c711ea40ccd30","nonce":"b23012a7ee4c4dc0efa56158","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"a6cc3d0f30af2a46f60fff15b7cd5f256c31741085d4784a9da338f19696868495ab767f697969c476b835fff7","nonce":"b23012a7ee4c4dc0efa5615f","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"082507620a7c623154bb00c92ddf9a391e4d6c3684dfaf3f55a8c4286abc781f90f24409438f510f7d16dc5a28","nonce":"b23012a7ee4c4dc0efa5615e","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"62ac7e5c1a4a5ae2b17a8834b03c0ba2d6a8ef1fa3f83e8d11dc3cb489739ab793e69f0f8995b9ba74616f0328","nonce":"b23012a7ee4c4dc0efa5615d","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"0c99ad2a03da9cba99c0eb5f9a70d04d028c9467379a42751af7fb38d1aea8407e2db454abb0a3dc2f547ba0a3","nonce":"b23012a7ee4c4dc0efa5615c","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"647762eb26e1e1efd20eb602fd9566a0ae7a3bccbe21251cbcb8bf330b5fe10b5fa26ec765c6cda817a9b7f084","nonce":"b23012a7ee4c4dc0efa56153","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"49f0b0e212db9d73109d28b2be96309d7280d59f2e780014feea75ac0a64c4df83b00a592338ac0668e8d4c34e","nonce":"b23012a7ee4c4dc0efa56152","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"ac45b252413470b0d0187a96a64f3efd83fb804f27f3073d6175c34449c51380"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"57fd376cae557718624dc9ad46d56423e79c6d48566a0e7cd018323213a91b96"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"6f654552eb5ef7820273290de89195efd8e3a5ceb9f1a581fe7c0187015f12e8"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"e30fc773747808c8be4968e9461e90467cc5d2026fb99851a64657128cca0e80"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"e00988474bc3c508f397e55d160eff3d3f01793c6b66e09ad0405500f8894d91"}]},{"mode":0,"kem_id":18,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"34f96d72455fff5cf5cbf7dc32ad32473cc48f407d156f17e946fa9f8ec8c244daeb885dc5f0307d1fbec88c964dadf4aa6e0acb7df5e371bbbdcd0f6703ab1e9df2","seedE":"23df8975e1b2996c05bd32bf4cbefafec98a1f9880cf877f05af5a077d976f2bce0af7eadb24359767878cbd60f0df4d40708e900cfa08f4855b67634f842f784656","skRm":"00e11b5ce02614d436787a07b371af522c16864645091df9d1c3c4bb50870dae5d3229dd0f3f3955bab7933454c6f9b958a1979da757c21e705bf56920842aeb4dc5","skEm":"00a135a1d72cc0d10d654641f9f8c6d0d666419f8eb97a6d288dc8b091f8d8c77de3dcd0ab4b340efd7f1bdf9f511f00b33b35d00c9d8d87c00192ea8ed4f137cdfa","pkRm":"04000f20a75c2c4797a2cffd54020cdbe8e8ffa975e3222323bf160e667db88b1deded22d9b8ef5e4401c86b5f293d353d6d28da03c06ed36e5c4759eccaa61b06b760010418a7e5ac5ebc270613fbc39dace37fd082c58680c7861be126627e45d99dea4311dd4075f0288eeebe090216d367c661478fb73f87b1bc7f34ad819e968fca67","pkEm":"0401e061860220dfd47ed6b2911ab27870e3d798fcf7c06328e446648c781f60d7c71389dbd1bdb41ce2bba456191c326e3c44bafcabd13b85bdb5b98438abadeca55b00fbe389412fe3d8770b72e6b096e5d1777de3b75cfbb8d920d9c2730a05f71490e295f8304177d37b9c021bcf9ab79b301f59c30f46efb50cb20f13a9090f7ec19a","enc":"0401e061860220dfd47ed6b2911ab27870e3d798fcf7c06328e446648c781f60d7c71389dbd1bdb41ce2bba456191c326e3c44bafcabd13b85bdb5b98438abadeca55b00fbe389412fe3d8770b72e6b096e5d1777de3b75cfbb8d920d9c2730a05f71490e295f8304177d37b9c021bcf9ab79b301f59c30f46efb50cb20f13a9090f7ec19a","shared_secret":"032c6f5a957f0f62c33d26c0204f79a0e68211f46c8b9e199383d19c91a33621032e423d9a0cc73688ea51eb63902e0f6f94738f2ed59fc5636863cafdf203fb","key_schedule_context":"000c4b4692570e10a3ccd0199ca48594d44ab05fdec28bbee21b8a7c0ba7c15b68cb32a4df5f9f6e4584454e9bc484777e35170a86e8efb50ff97fc9c192657bd285b4705ede051b724ef3f87671693f5557e24db97b1d0f9157193ccb5e5493f80502223f08b249a52c75d3f0c7d70e95b529f34e03240a6755ddc65ee7b72241","secret":"ab42a848d9780ae1931fb23bb04ffe56c48baa7c434bfac848c6e82086731d079a11bba87bff947a3045c9a695435c7e1b3e61c3dcf9ca52f9a64ec304771b83","key":"e35998471d57288d507acca857d1a54aac979b33a09970792d701750c5ce80e8","nonce":"b05eaaa142a6c099b1ca6bd5","exporter_secret":"087ab9bb45fc44ef31ad7613d1e6e23bff633cc62419b2a9a2fb85d758498c09339d6825f6050c022a8dadbcc6cbce8af6c3dcac5c0922643add9be37d650879","encryptions":[{"aad":"436f756e742d30","ciphertext":"f8e000cb5bf86633c9b5843fca18a9b76d8403b6e5b34b9d32e17b54bc8b3fd8e1a3e6d46bb77e183923f898eb","nonce":"b05eaaa142a6c099b1ca6bd5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"55277cc7058163d4a452475b799860918baf2d1abd39dc1cddafa7644a7f7f4531040573c4b28d51a843fb93c5","nonce":"b05eaaa142a6c099b1ca6bd4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"f0e236a160eb3099a54bd9442a00cceed874c3f8e978b4c8eb8d5d9422ea277f53d4c32e256c0319fe8ef811be","nonce":"b05eaaa142a6c099b1ca6bd7","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"36c6f570dc06af1942c2215c938e0492a3ca55454e178695b68988a6d0f048eb27243481c380e2b087f7b98746","nonce":"b05eaaa142a6c099b1ca6bd6","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"47937d634c694c2bc5dc129f63575bc8ffd124c74bcda217611ace1e85d0f2068502a07f8bf9e1b11b866902ee","nonce":"b05eaaa142a6c099b1ca6bd1","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"d255bbb6093c09dae581acecc9ad346ae6dd36434ab901049bac2c025f596001598db8916c4e18693947883f90","nonce":"b05eaaa142a6c099b1ca6bd0","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"eed848c4d26eeb0ff0d9efd83e58141ccbbad6aff02c0bf860cb1c72336ef675e0ab8344783da73c88d4800f20","nonce":"b05eaaa142a6c099b1ca6bd3","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"cb5c20d1933a689471c4b41dc0536f55c632ed5b813ed858698f48212182b46194a65fa3e45f0dc2c85e709f70","nonce":"b05eaaa142a6c099b1ca6bd2","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"b17bb76868696bea4d2f53b0093f3417ad7abb420b9b70136f0e410412760485daac2d6b8079048956c27339cf","nonce":"b05eaaa142a6c099b1ca6bdd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"0e018ba4f0e68609e0c25d1cbb60b76d3e82307a4082c2f84644ba057d4e30ffad17dd88ea84e6991e1bdbae56","nonce":"b05eaaa142a6c099b1ca6bdc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"08304ed9b5662626f17776984b6e436064cccd7e127d310500a7a5a1148bda62"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"d9284031c5313ba52af01c94610522c461b197ba5e41bdfd40715d3160b9ab6b"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"b237a77ff26dac6bc943e8c1591450ef14746d3e5c0cfdd992c83511639b639c"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"c65e387998306596a46ba5eec6de3656981a9109c04a61189872e7d024d19061"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"44b1e6f27a6c8a64eab67f38e9e05b3d9faea16b8ad15754017be8379f31c7df"}]},{"mode":1,"kem_id":18,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"06ce5eac5f1a343457310f980a85c98a025f7d347a4989f20b37d4490be06973e0e7387b354741bb8c68b0430b92d6c40d261a5133a9c4089b1ac330a0942b8f1d6d","seedE":"215ad8753c7ec0943db82736f0f27dec22ef24e0eb907404fb54529a80bb295bf190e351c071152e45a40d8b334e26d129017759f89c05eb9e4d8fe5b4c101332e6e","skRm":"003f9b68b4b9bb36a971332ffd3c261ef9ec5f3a1b35709587d52451250aeccb00ebd45498fc49ed2f68e953cfef143a94042069dee78453a4ecd92723a0378d1d30","skEm":"0078a53316b3eae95a32615fb823ab2c4f9d1a6a399781c91b47f6346aac8c7048d0ee49d13eef1caf06d8a5db7676650fa502a93a7f25cda37274c4f0aa831608e8","psk":"5db3b80a81cb63ca59470c83414ef70a","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04014c8135371e0adcf36f3d89a4517e432f52685901e9007029826482cf88f2c32d127275665a1b7e899cc0669644a8568268c30e4138c2077fbbf86473a74b9d03dc000865206ab6144f0822b71ab108ddad34de1798baa0fb0b3027ab79f6309767a0fa6d897d41be6d39130396f8a8e294d63dce5a561b34a21021d3241fec084feacf","pkEm":"0401e84ce1918ec8493e0f1677eb82df1d572d66edf701868d1069fc9fcd2e375b8d87db4c3ace7377b40075344f0998381e6153128a25b3fdae0dee905be99beaac42013c034473a22ed6b47d61a1b73974c7b126d26237f6025384467f0c5fcff0b00fa5b5f3ebe307d1d62022e63b023ffbba6fc699bbfd194b10436d36520b65bed0ba","enc":"0401e84ce1918ec8493e0f1677eb82df1d572d66edf701868d1069fc9fcd2e375b8d87db4c3ace7377b40075344f0998381e6153128a25b3fdae0dee905be99beaac42013c034473a22ed6b47d61a1b73974c7b126d26237f6025384467f0c5fcff0b00fa5b5f3ebe307d1d62022e63b023ffbba6fc699bbfd194b10436d36520b65bed0ba","shared_secret":"2ad342c278b53163e11fb875f0faaf20e9d94064f3f59f0666f3d0c65bd32ccfb81014d230beaaf020bfe2f299207ed083e22ea2fb969075bac0ff0123f125b8","key_schedule_context":"01ba90b638d5ae2c6488edc28f7abc5188a60b96c6e96367794c34759163a5ebee443d2f641d7a0594ce08b4f3653353ee089cc3091c939e8b6fe3eb4ff3748cb285b4705ede051b724ef3f87671693f5557e24db97b1d0f9157193ccb5e5493f80502223f08b249a52c75d3f0c7d70e95b529f34e03240a6755ddc65ee7b72241","secret":"ba24c236cb1fa88b056dc0c4785fb9f84e21be13457dfe8e1de33880774a7623f6433991c3c2454c8730b29b253d059db2ce45d2b64b5a03e38655842d0abee4","key":"e0f3753dc876574371aa8e394a7bb57d7111a9ac89e831d01fab3e696192c4f6","nonce":"1c89b4c0bfcc29ef25a86332","exporter_secret":"6fdc99f9f22334e67a7c001edfa51022937bd55b39b55e6338241e9c483c50ca80e2f6d55ded200eabd6b5906f2436fa7add2a19522bf1c5e7ae3a6d265aab60","encryptions":[{"aad":"436f756e742d30","ciphertext":"9ebc5df2bf8909d59be29c6c21ad762d155d0da35d56c307ce5d07725a27fd4b05dd81594b11859e69c0314ad0","nonce":"1c89b4c0bfcc29ef25a86332","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"3a386a718d4f1b1236b53b80930cc6446eaecec3344ea5faf9dea7baca6cd9b72a9c380aa228129db8e2b264f0","nonce":"1c89b4c0bfcc29ef25a86333","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"6fa2d6e7499ae9e07e6e74cdfd6ad0268019ad1148eb66b8f838a60f511310983f9ac8e3066a24da9022bbea10","nonce":"1c89b4c0bfcc29ef25a86330","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"185f703fd97382de28c5112a16644e0f2fc93d298fdf8866c264861b753d1b650e43ba2a11c4ec5ead75edf472","nonce":"1c89b4c0bfcc29ef25a86331","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"b977ef5a55a218276270b82b9e8cb90834ad084d79c98510f48b6bb67f8b3c5d543c027d5a5e8684fc5334cee6","nonce":"1c89b4c0bfcc29ef25a86336","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"174c17d85c76cba81350d6e3defe1508d1cb3dff7c29248861fac50b41cff84aa005d465003570129bbfc81d43","nonce":"1c89b4c0bfcc29ef25a86337","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"993cef0582117fad1c9c96912ddad7181c4f58b83e7a04e6ab675013a400e7c7fadefdd9a6e9067db2560834ef","nonce":"1c89b4c0bfcc29ef25a86334","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"0529400ccf6ec71e4ae67825a0382600fccf79bead2a7213eb6d5656ac106fb2ca8bae529c8074f51f9627e80c","nonce":"1c89b4c0bfcc29ef25a86335","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"447615a7d3ace31a21318a17c12e0bd8591f84c97af7c8e0743d80bfc528a57b7cbe1997dff9569020205a756a","nonce":"1c89b4c0bfcc29ef25a8633a","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"539df2098a05ecca7292f3365710b5069edd4cb08807aeffde0998d02e26262daca7f30bc70803e16625f7fe70","nonce":"1c89b4c0bfcc29ef25a8633b","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c667337f991a30700c05e844f2583684879d751a47233ddb648a26b11d6dadf3"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"5f1d637ce893b6d7623363ab5a5e96da30dc38722066ab47083926024d9d10f0"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"678ab9525540685f6392caf8e993a55c75e1a1d1d3f86a5e9e518cbb07f526d8"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"776549da419022b315f56c0bf22e6e52a022d19e1e309068fccac969c7aa20c5"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"9c76568baea3c1a56ecde1563957f06eea16450965e99a4d834c2fe99846fa72"}]},{"mode":2,"kem_id":18,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","seedR":"bdc75e222461b29945232c18e575c43dfbc87248babfa4946ba5cf81bca05738f37c98a353ea5f4a040f3e4033af0f23a23ea247c6b46d51efbeb62c7b023ea3b148","seedS":"14a6b525f3a31214e0622df5914b1e2c88f085ec4c365eace3776f53b96f25dacd53655ded74fa0404e2b6fad7bbea49d00510f6cc1586db408e099196af3712e31b","seedE":"663368cede158c61cb598d3e941018c92c57dda845769ad43edebc5421faeda7c8f3b7b151991847a24af7dcaf68d49b53746d57fc56c6273a5a8210842144b9ff5f","skRm":"00fd468b7f46869792a31fddaf39a2952db8fb25f0f70c2dc1c4dd755c579837e7bb4107b15c516392a5fd60603e1d4eb96588d9f81d4add76a86ac3cbcf17517b03","skSm":"01b84829e2c24fa23e679061d049d2e0ec92bbad36f45466dd05b62f63308a3443bff73b7d4e602e3288418b6300bd679f0b733f46e820ec30ce52984ba447a8f15b","skEm":"0003d8bbac36045c78cdcab360682542310c5c7381ef1f7a7155008aa76209a4b04ea8cd1ae25af3666f49643f2f79bc2b242acb3cbbcf4c4a6acce668bac8da9e4a","pkRm":"040180404868dcb3e9c55a9dd5d667bdc1f7745ad4911ae21cff8a84d54ff2767ae2f52b2dbd56a7359afc5d63c9b26c6704597d37c0d10b2a063bdc2bcef872ba266901405f3b12625fb57739bab027da62622732fd098bb10b3c9be7d9263ab58ab40da8ee9544716de4ade3dbce40d0b3d9dbdbc2935955d5ead812bfd43ae8f3e3dd87","pkSm":"0401780a6096a2b3737a94d2fdc7cbe17ea25bece2ede690ec5b8318feb09710c9dc6985d1d55e71d82899b46b8f81dcf0a5e9a728b0b7c1896b6ec2cabf314b017a3100fed5e4a2a147da5f747819b894f4768e8d15ec6b44b983dba8c927d5988d8b48c49cad592197f257c0a490204d2a4cd780f9ab0ec47e466bdafac2cecfcecfb0bb","pkEm":"04017136a689703e87f63e9a72f63e8eceaf0ee7430212f5a95b0a8de447276fb8b4ea1f95e429776a2dfe0e687327072bba3e422d2454f74da6a838caa20c0e420dd700de3828b02ad43ce01ebd3e1524e83c2ab4f1c8989c252856bad2c3d646137c627f64a682dde2af46fa3fe1461243992c45039d7365bb5d19e8df355dbf57f426b1","enc":"04017136a689703e87f63e9a72f63e8eceaf0ee7430212f5a95b0a8de447276fb8b4ea1f95e429776a2dfe0e687327072bba3e422d2454f74da6a838caa20c0e420dd700de3828b02ad43ce01ebd3e1524e83c2ab4f1c8989c252856bad2c3d646137c627f64a682dde2af46fa3fe1461243992c45039d7365bb5d19e8df355dbf57f426b1","shared_secret":"0b92b8a7ab50f9c1d6412174d8b6cce17e7eb1ef0b455ee9bd01688fae37b1a07f4b69fcbd15c45aed54d9b05f32c1c1e79e9da25ecb290b3255b94059667ec8","key_schedule_context":"020c4b4692570e10a3ccd0199ca48594d44ab05fdec28bbee21b8a7c0ba7c15b68cb32a4df5f9f6e4584454e9bc484777e35170a86e8efb50ff97fc9c192657bd285b4705ede051b724ef3f87671693f5557e24db97b1d0f9157193ccb5e5493f80502223f08b249a52c75d3f0c7d70e95b529f34e03240a6755ddc65ee7b72241","secret":"1ae455b1ff4262402d51ef444b365e3fc4a7db7fbbe803ba99dd0c95666c13c79e4a076361a51fa2dbecef1203cc5e8b41a4e0f0a557357aa0bcf153f557a89c","key":"74d2dd38d29d85a7fea3477ac829f87761c895dae1eadbf08bb3fb54cb1a3002","nonce":"26491428068e251cd5ad4abc","exporter_secret":"199eb590ec1b3efba9862f2aad38cbaffa7707f6efe322f51b739dce559d2790f849f42df2b3970e0b11c3ac167a8b7beef3a767fc010d63d8842b2945858e32","encryptions":[{"aad":"436f756e742d30","ciphertext":"4c91d2555698f13bcd72b9a7182ceff63b8b87923878a8c7cf123544021d507793e2240002e0cf9eb6194a4abc","nonce":"26491428068e251cd5ad4abc","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ciphertext":"695b3cd21bbb0d761f687b491a26f7a37b6882077cd009088b163252952be614c8298130fa162f172c79ae9b08","nonce":"26491428068e251cd5ad4abd","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ciphertext":"297f2f4016e8f8548237f71260a61d97988aa735e51416c5d50f9526963d952358879acdf0d42ae62ff752e398","nonce":"26491428068e251cd5ad4abe","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ciphertext":"77f36aa92abfca832eff9eebab38aae243fca2f5e92104e121073354c5e91d0bae83bbb0ebc22c2f714ece511a","nonce":"26491428068e251cd5ad4abf","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ciphertext":"cac020669fc237f86d87ff01da53700e30926ababaa969e9cedff09927fea51ba085968e5c771df21d221c4586","nonce":"26491428068e251cd5ad4ab8","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ciphertext":"c5ba87783306fef4dc9194303842157f15297db455e03a0ab3d9fcb1668aefbd04fd67061094430e36d80c0277","nonce":"26491428068e251cd5ad4ab9","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ciphertext":"5e8843a20d892552805509ce1fd56145d7daecfeb9ee68f0219acd24a30450c98afa0c71c081473126e0183619","nonce":"26491428068e251cd5ad4aba","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ciphertext":"41794416c888b614a61e1ed77e4a0e67be499f5149776df19fb21f20b513931c9eaf176f05d04a774dd575da76","nonce":"26491428068e251cd5ad4abb","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ciphertext":"5bd00423e8ead9723974afbc69dcefe1c927e5a1d2468bec18ae974716bfd4c0f611ecdd733597012e07e48f23","nonce":"26491428068e251cd5ad4ab4","plaintext":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ciphertext":"beeb349c2d3e9d9854e10360c693276fc37b68bb525f1d5ca7e52693cf56fe5f3d40590cb4881557aa281fc0a8","nonce":"26491428068e251cd5ad4ab5","plaintext":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exportContext":"436f6e746578742d30","exportLength":32,"exportValue":"c2f634df11bdf5c8fb625574b5dca7454ebd831c429a4ba93bce77f7da313eed"},{"exportContext":"436f6e746578742d31","exportLength":32,"exportValue":"0194148e428330492491c5a2edc42ced978e95a8aef4f7dc232203dd0b458516"},{"exportContext":"436f6e746578742d32","exportLength":32,"exportValue":"bf81fe58fcc3ee0fc74498e411f00c29121027c435ef10e74a2c665dd905a34e"},{"exportContext":"436f6e746578742d33","exportLength":32,"exportValue":"b8e3f171a971de018ef915256f2c0df13f98f4658b2633ae4bba37ba5dfe999b"},{"exportContext":"436f6e746578742d34","exportLength":32,"exportValue":"fa48a2235fecceb879de1ef4f1871a74304b96d49c68c52c101836a88b35687b"}]}] \ No newline at end of file From 6d2c799920eba8fd8bbf85c5c652b02c1a595813 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 7 Oct 2020 12:49:16 -0700 Subject: [PATCH 128/399] acvp: abstract out MCT iteration functions. (There's going to be more and it was getting too big.) Change-Id: I16a49f77975697bb5a04f2adfd465b09c2a09ef3 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43404 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- .../acvp/acvptool/subprocess/block.go | 216 +++++++++++------- .../acvp/acvptool/subprocess/subprocess.go | 6 +- 2 files changed, 132 insertions(+), 90 deletions(-) diff --git a/util/fipstools/acvp/acvptool/subprocess/block.go b/util/fipstools/acvp/acvptool/subprocess/block.go index 9e51078a09..fa933c6613 100644 --- a/util/fipstools/acvp/acvptool/subprocess/block.go +++ b/util/fipstools/acvp/acvptool/subprocess/block.go @@ -20,6 +20,126 @@ import ( "fmt" ) +// aesKeyShuffle is the "AES Monte Carlo Key Shuffle" from the ACVP +// specification. +func aesKeyShuffle(key, result, prevResult []byte) { + switch len(key) { + case 16: + for i := range key { + key[i] ^= result[i] + } + case 24: + for i := 0; i < 8; i++ { + key[i] ^= prevResult[i+8] + } + for i := range result { + key[i+8] ^= result[i] + } + case 32: + for i, b := range prevResult { + key[i] ^= b + } + for i, b := range result { + key[i+16] ^= b + } + default: + panic("unhandled key length") + } +} + +// IterateAES implements the "AES Monte Carlo Test - ECB mode" from the ACVP +// specification. +func IterateAES(transact func(n int, args ...[]byte) ([][]byte, error), encrypt bool, key, input, iv []byte) (mctResults []blockCipherMCTResult) { + for i := 0; i < 100; i++ { + var iteration blockCipherMCTResult + iteration.KeyHex = hex.EncodeToString(key) + if encrypt { + iteration.PlaintextHex = hex.EncodeToString(input) + } else { + iteration.CiphertextHex = hex.EncodeToString(input) + } + + var result, prevResult []byte + for j := 0; j < 1000; j++ { + prevResult = input + result, err := transact(1, key, input) + if err != nil { + panic("block operation failed") + } + input = result[0] + } + result = input + + if encrypt { + iteration.CiphertextHex = hex.EncodeToString(result) + } else { + iteration.PlaintextHex = hex.EncodeToString(result) + } + + aesKeyShuffle(key, result, prevResult) + mctResults = append(mctResults, iteration) + } + + return mctResults +} + +// IterateAESCBC implements the "AES Monte Carlo Test - CBC mode" from the ACVP +// specification. +func IterateAESCBC(transact func(n int, args ...[]byte) ([][]byte, error), encrypt bool, key, input, iv []byte) (mctResults []blockCipherMCTResult) { + for i := 0; i < 100; i++ { + var iteration blockCipherMCTResult + iteration.KeyHex = hex.EncodeToString(key) + if encrypt { + iteration.PlaintextHex = hex.EncodeToString(input) + } else { + iteration.CiphertextHex = hex.EncodeToString(input) + } + + var result, prevResult []byte + iteration.IVHex = hex.EncodeToString(iv) + + var prevInput []byte + for j := 0; j < 1000; j++ { + prevResult = result + if j > 0 { + if encrypt { + iv = result + } else { + iv = prevInput + } + } + + results, err := transact(1, key, input, iv) + if err != nil { + panic("block operation failed") + } + result = results[0] + + prevInput = input + if j == 0 { + input = iv + } else { + input = prevResult + } + } + + if encrypt { + iteration.CiphertextHex = hex.EncodeToString(result) + } else { + iteration.PlaintextHex = hex.EncodeToString(result) + } + + aesKeyShuffle(key, result, prevResult) + + iv = result + input = prevResult + + mctResults = append(mctResults, iteration) + } + + return mctResults +} + // blockCipher implements an ACVP algorithm by making requests to the subprocess // to encrypt and decrypt with a block cipher. type blockCipher struct { @@ -27,6 +147,7 @@ type blockCipher struct { blockSize int inputsAreBlockMultiples bool hasIV bool + mctFunc func(transact func(n int, args ...[]byte) ([][]byte, error), encrypt bool, key, input, iv []byte) (result []blockCipherMCTResult) } type blockCipherVectorSet struct { @@ -101,6 +222,9 @@ func (b *blockCipher) Process(vectorSet []byte, m Transactable) (interface{}, er case "AFT", "CTR": mct = false case "MCT": + if b.mctFunc == nil { + return nil, fmt.Errorf("test group %d has type MCT which is unsupported for %q", group.ID, op) + } mct = true default: return nil, fmt.Errorf("test group %d has unknown type %q", group.ID, group.Type) @@ -111,6 +235,10 @@ func (b *blockCipher) Process(vectorSet []byte, m Transactable) (interface{}, er } keyBytes := group.KeyBits / 8 + transact := func(n int, args ...[]byte) ([][]byte, error) { + return m.Transact(op, n, args...) + } + for _, test := range group.Tests { if len(test.KeyHex) != keyBytes*2 { return nil, fmt.Errorf("test case %d/%d contains key %q of length %d, but expected %d-bit key", group.ID, test.ID, test.KeyHex, len(test.KeyHex), group.KeyBits) @@ -167,93 +295,7 @@ func (b *blockCipher) Process(vectorSet []byte, m Transactable) (interface{}, er testResp.PlaintextHex = hex.EncodeToString(result[0]) } } else { - for i := 0; i < 100; i++ { - var iteration blockCipherMCTResult - iteration.KeyHex = hex.EncodeToString(key) - if encrypt { - iteration.PlaintextHex = hex.EncodeToString(input) - } else { - iteration.CiphertextHex = hex.EncodeToString(input) - } - - var result, prevResult []byte - if !b.hasIV { - for j := 0; j < 1000; j++ { - prevResult = input - result, err := m.Transact(op, 1, key, input) - if err != nil { - panic("block operation failed") - } - input = result[0] - } - result = input - } else { - iteration.IVHex = hex.EncodeToString(iv) - - var prevInput []byte - for j := 0; j < 1000; j++ { - prevResult = result - if j > 0 { - if encrypt { - iv = result - } else { - iv = prevInput - } - } - - results, err := m.Transact(op, 1, key, input, iv) - if err != nil { - panic("block operation failed") - } - result = results[0] - - prevInput = input - if j == 0 { - input = iv - } else { - input = prevResult - } - } - } - - if encrypt { - iteration.CiphertextHex = hex.EncodeToString(result) - } else { - iteration.PlaintextHex = hex.EncodeToString(result) - } - - switch keyBytes { - case 16: - for i := range key { - key[i] ^= result[i] - } - case 24: - for i := 0; i < 8; i++ { - key[i] ^= prevResult[i+8] - } - for i := range result { - key[i+8] ^= result[i] - } - case 32: - for i, b := range prevResult { - key[i] ^= b - } - for i, b := range result { - key[i+16] ^= b - } - default: - panic("unhandled key length") - } - - if !b.hasIV { - input = result - } else { - iv = result - input = prevResult - } - - testResp.MCTResults = append(testResp.MCTResults, iteration) - } + testResp.MCTResults = b.mctFunc(transact, encrypt, key, input, iv) } response.Tests = append(response.Tests, testResp) diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index c713ea8f43..cfa300f45f 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -76,9 +76,9 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess "SHA2-256": &hashPrimitive{"SHA2-256", 32}, "SHA2-384": &hashPrimitive{"SHA2-384", 48}, "SHA2-512": &hashPrimitive{"SHA2-512", 64}, - "ACVP-AES-ECB": &blockCipher{"AES", 16, true, false}, - "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, true, true}, - "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, false, true}, + "ACVP-AES-ECB": &blockCipher{"AES", 16, true, false, IterateAES}, + "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, true, true, IterateAESCBC}, + "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, false, true, nil}, "ACVP-AES-GCM": &aead{"AES-GCM", false}, "ACVP-AES-CCM": &aead{"AES-CCM", true}, "ACVP-AES-KW": &aead{"AES-KW", false}, From a673d02458b1b7d897084266b93d5c610e36bd17 Mon Sep 17 00:00:00 2001 From: Daniel McArdle Date: Wed, 26 Aug 2020 11:10:45 -0400 Subject: [PATCH 129/399] Add PSK variants of HPKE setup functions to BoGo. Change-Id: Ie0bef08f80aca60cfa2f94fdc4219c51d038b559 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42684 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- ssl/test/runner/hpke/hpke.go | 52 ++++++++++++++++++++++++---- ssl/test/runner/hpke/hpke_test.go | 56 +++++++++++++++++++++++-------- 2 files changed, 88 insertions(+), 20 deletions(-) diff --git a/ssl/test/runner/hpke/hpke.go b/ssl/test/runner/hpke/hpke.go index c2ed28ec07..d5081323b2 100644 --- a/ssl/test/runner/hpke/hpke.go +++ b/ssl/test/runner/hpke/hpke.go @@ -48,6 +48,7 @@ const ( // Internal constants. const ( hpkeModeBase uint8 = 0 + hpkeModePSK uint8 = 1 ) type GenerateKeyPairFunc func() (public []byte, secret []byte, e error) @@ -73,7 +74,7 @@ func SetupBaseSenderX25519(kdfID, aeadID uint16, publicKeyR, info []byte, ephemK if err != nil { return nil, nil, err } - context, err = keySchedule(X25519WithHKDFSHA256, kdfID, aeadID, sharedSecret, info) + context, err = keySchedule(hpkeModeBase, X25519WithHKDFSHA256, kdfID, aeadID, sharedSecret, info, nil, nil) return } @@ -84,7 +85,32 @@ func SetupBaseReceiverX25519(kdfID, aeadID uint16, enc, secretKeyR, info []byte) if err != nil { return nil, err } - return keySchedule(X25519WithHKDFSHA256, kdfID, aeadID, sharedSecret, info) + return keySchedule(hpkeModeBase, X25519WithHKDFSHA256, kdfID, aeadID, sharedSecret, info, nil, nil) +} + +// SetupPSKSenderX25519 corresponds to the spec's SetupPSKS(), but only supports +// X25519. +func SetupPSKSenderX25519(kdfID, aeadID uint16, publicKeyR, info, psk, pskID []byte, ephemKeygen GenerateKeyPairFunc) (context *Context, enc []byte, err error) { + sharedSecret, enc, err := x25519Encap(publicKeyR, ephemKeygen) + if err != nil { + return nil, nil, err + } + context, err = keySchedule(hpkeModePSK, X25519WithHKDFSHA256, kdfID, aeadID, sharedSecret, info, psk, pskID) + return +} + +// SetupPSKReceiverX25519 corresponds to the spec's SetupPSKR(), but only +// supports X25519. +func SetupPSKReceiverX25519(kdfID, aeadID uint16, enc, secretKeyR, info, psk, pskID []byte) (context *Context, err error) { + sharedSecret, err := x25519Decap(enc, secretKeyR) + if err != nil { + return nil, err + } + context, err = keySchedule(hpkeModePSK, X25519WithHKDFSHA256, kdfID, aeadID, sharedSecret, info, psk, pskID) + if err != nil { + return nil, err + } + return context, nil } func (c *Context) Seal(additionalData, plaintext []byte) []byte { @@ -142,18 +168,32 @@ func newAEAD(aeadID uint16, key []byte) (cipher.AEAD, error) { return nil, errors.New("unsupported AEAD") } -func keySchedule(kemID, kdfID, aeadID uint16, sharedSecret, info []byte) (*Context, error) { +func keySchedule(mode uint8, kemID, kdfID, aeadID uint16, sharedSecret, info, psk, pskID []byte) (*Context, error) { + // Verify the PSK inputs. + switch mode { + case hpkeModeBase: + if len(psk) > 0 || len(pskID) > 0 { + panic("unnecessary psk inputs were provided") + } + case hpkeModePSK: + if len(psk) == 0 || len(pskID) == 0 { + panic("missing psk inputs") + } + default: + panic("unknown mode") + } + kdfHash := getKDFHash(kdfID) suiteID := buildSuiteID(kemID, kdfID, aeadID) - pskIDHash := labeledExtract(kdfHash, nil, suiteID, []byte("psk_id_hash"), nil) + pskIDHash := labeledExtract(kdfHash, nil, suiteID, []byte("psk_id_hash"), pskID) infoHash := labeledExtract(kdfHash, nil, suiteID, []byte("info_hash"), info) keyScheduleContext := make([]byte, 0) - keyScheduleContext = append(keyScheduleContext, hpkeModeBase) + keyScheduleContext = append(keyScheduleContext, mode) keyScheduleContext = append(keyScheduleContext, pskIDHash...) keyScheduleContext = append(keyScheduleContext, infoHash...) - pskHash := labeledExtract(kdfHash, nil, suiteID, []byte("psk_hash"), nil) + pskHash := labeledExtract(kdfHash, nil, suiteID, []byte("psk_hash"), psk) secret := labeledExtract(kdfHash, pskHash, suiteID, []byte("secret"), sharedSecret) key := labeledExpand(kdfHash, secret, suiteID, []byte("key"), keyScheduleContext, expectedKeyLength(aeadID)) diff --git a/ssl/test/runner/hpke/hpke_test.go b/ssl/test/runner/hpke/hpke_test.go index 25da3d9500..c1c9bf4520 100644 --- a/ssl/test/runner/hpke/hpke_test.go +++ b/ssl/test/runner/hpke/hpke_test.go @@ -71,6 +71,8 @@ type HpkeTestVector struct { KDF uint16 `json:"kdf_id"` AEAD uint16 `json:"aead_id"` Info HexString `json:"info"` + PSK HexString `json:"psk"` + PSKID HexString `json:"psk_id"` SecretKeyR HexString `json:"skRm"` SecretKeyE HexString `json:"skEm"` PublicKeyR HexString `json:"pkRm"` @@ -110,27 +112,53 @@ func TestVectors(t *testing.T) { for testNum, testVec := range testVectors { // Skip this vector if it specifies an unsupported KEM or Mode. if testVec.KEM != X25519WithHKDFSHA256 || - testVec.Mode != hpkeModeBase { + (testVec.Mode != hpkeModeBase && testVec.Mode != hpkeModePSK) { numSkippedTests++ continue } testVec := testVec // capture the range variable t.Run(fmt.Sprintf("test%d,KDF=%d,AEAD=%d", testNum, testVec.KDF, testVec.AEAD), func(t *testing.T) { - senderContext, enc, err := SetupBaseSenderX25519(testVec.KDF, testVec.AEAD, testVec.PublicKeyR, testVec.Info, - func() ([]byte, []byte, error) { - return testVec.PublicKeyE, testVec.SecretKeyE, nil - }) - if err != nil { - t.Errorf("failed to set up sender: %s", err) - return - } - checkBytesEqual(t, "sender enc", enc, testVec.Enc) + var senderContext *Context + var receiverContext *Context + var enc []byte + var err error + + switch testVec.Mode { + case hpkeModeBase: + senderContext, enc, err = SetupBaseSenderX25519(testVec.KDF, testVec.AEAD, testVec.PublicKeyR, testVec.Info, + func() ([]byte, []byte, error) { + return testVec.PublicKeyE, testVec.SecretKeyE, nil + }) + if err != nil { + t.Errorf("failed to set up sender: %s", err) + return + } + checkBytesEqual(t, "sender enc", enc, testVec.Enc) + + receiverContext, err = SetupBaseReceiverX25519(testVec.KDF, testVec.AEAD, enc, testVec.SecretKeyR, testVec.Info) + if err != nil { + t.Errorf("failed to set up receiver: %s", err) + return + } + case hpkeModePSK: + senderContext, enc, err = SetupPSKSenderX25519(testVec.KDF, testVec.AEAD, testVec.PublicKeyR, testVec.Info, testVec.PSK, testVec.PSKID, + func() ([]byte, []byte, error) { + return testVec.PublicKeyE, testVec.SecretKeyE, nil + }) + if err != nil { + t.Errorf("failed to set up sender: %s", err) + return + } + checkBytesEqual(t, "sender enc", enc, testVec.Enc) - receiverContext, err := SetupBaseReceiverX25519(testVec.KDF, testVec.AEAD, enc, testVec.SecretKeyR, testVec.Info) - if err != nil { - t.Errorf("failed to set up receiver: %s", err) - return + receiverContext, err = SetupPSKReceiverX25519(testVec.KDF, testVec.AEAD, enc, testVec.SecretKeyR, testVec.Info, testVec.PSK, testVec.PSKID) + if err != nil { + t.Errorf("failed to set up receiver: %s", err) + return + } + default: + panic("unsupported mode") } for encryptionNum, e := range testVec.Encryptions { From 5e549fb6408bbd867ab10a7cfc5c963a2ad96ad0 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 9 Oct 2020 16:18:33 -0400 Subject: [PATCH 130/399] clang-format pem.h and convert comments. Change-Id: Ic35a94eaeff96083ef727907166fb96daed9f8e8 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43425 Reviewed-by: Adam Langley --- .clang-format | 35 ++++- include/openssl/pem.h | 321 ++++++++++++++++++++++++------------------ 2 files changed, 221 insertions(+), 135 deletions(-) diff --git a/.clang-format b/.clang-format index f8a95c6871..55644fa327 100644 --- a/.clang-format +++ b/.clang-format @@ -9,4 +9,37 @@ PointerAlignment: Right # reconfigure IncludeCategories to match. For now, keep it at Preserve. IncludeBlocks: Preserve TypenameMacros: ['LHASH_OF', 'STACK_OF'] - +StatementMacros: + - "DECLARE_PEM_read" + - "DECLARE_PEM_read_bio" + - "DECLARE_PEM_read_fp" + - "DECLARE_PEM_rw" + - "DECLARE_PEM_rw_cb" + - "DECLARE_PEM_rw_const" + - "DECLARE_PEM_write" + - "DECLARE_PEM_write_bio" + - "DECLARE_PEM_write_bio_const" + - "DECLARE_PEM_write_cb" + - "DECLARE_PEM_write_cb_bio" + - "DECLARE_PEM_write_cb_fp" + - "DECLARE_PEM_write_const" + - "DECLARE_PEM_write_fp" + - "DECLARE_PEM_write_fp_const" + - "IMPLEMENT_PEM_read" + - "IMPLEMENT_PEM_read_bio" + - "IMPLEMENT_PEM_read_fp" + - "IMPLEMENT_PEM_rw" + - "IMPLEMENT_PEM_rw_cb" + - "IMPLEMENT_PEM_rw_const" + - "IMPLEMENT_PEM_write" + - "IMPLEMENT_PEM_write_bio" + - "IMPLEMENT_PEM_write_bio_const" + - "IMPLEMENT_PEM_write_cb" + - "IMPLEMENT_PEM_write_cb_bio" + - "IMPLEMENT_PEM_write_cb_bio_const" + - "IMPLEMENT_PEM_write_cb_const" + - "IMPLEMENT_PEM_write_cb_fp" + - "IMPLEMENT_PEM_write_cb_fp_const" + - "IMPLEMENT_PEM_write_const" + - "IMPLEMENT_PEM_write_fp" + - "IMPLEMENT_PEM_write_fp_const" diff --git a/include/openssl/pem.h b/include/openssl/pem.h index 9c0ff93cc4..7ad1c3dadf 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -62,64 +62,63 @@ #include #include #include -#include #include +#include #include -/* For compatibility with open-iscsi, which assumes that it can get - * |OPENSSL_malloc| from pem.h or err.h */ +// For compatibility with open-iscsi, which assumes that it can get +// |OPENSSL_malloc| from pem.h or err.h #include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif -#define PEM_BUFSIZE 1024 - -#define PEM_STRING_X509_OLD "X509 CERTIFICATE" -#define PEM_STRING_X509 "CERTIFICATE" -#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" -#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" -#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" -#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" -#define PEM_STRING_X509_CRL "X509 CRL" -#define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" -#define PEM_STRING_PUBLIC "PUBLIC KEY" -#define PEM_STRING_RSA "RSA PRIVATE KEY" -#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" -#define PEM_STRING_DSA "DSA PRIVATE KEY" -#define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" +#define PEM_BUFSIZE 1024 + +#define PEM_STRING_X509_OLD "X509 CERTIFICATE" +#define PEM_STRING_X509 "CERTIFICATE" +#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" +#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" +#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" +#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +#define PEM_STRING_X509_CRL "X509 CRL" +#define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" +#define PEM_STRING_PUBLIC "PUBLIC KEY" +#define PEM_STRING_RSA "RSA PRIVATE KEY" +#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" +#define PEM_STRING_DSA "DSA PRIVATE KEY" +#define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" #define PEM_STRING_EC "EC PRIVATE KEY" -#define PEM_STRING_PKCS7 "PKCS7" -#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" -#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" -#define PEM_STRING_PKCS8INF "PRIVATE KEY" -#define PEM_STRING_DHPARAMS "DH PARAMETERS" -#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" -#define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +#define PEM_STRING_PKCS7 "PKCS7" +#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" +#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" +#define PEM_STRING_PKCS8INF "PRIVATE KEY" +#define PEM_STRING_DHPARAMS "DH PARAMETERS" +#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" +#define PEM_STRING_DSAPARAMS "DSA PARAMETERS" #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" -#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" -#define PEM_STRING_CMS "CMS" +#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +#define PEM_STRING_CMS "CMS" -/* enc_type is one off */ -#define PEM_TYPE_ENCRYPTED 10 -#define PEM_TYPE_MIC_ONLY 20 -#define PEM_TYPE_MIC_CLEAR 30 -#define PEM_TYPE_CLEAR 40 +// enc_type is one off +#define PEM_TYPE_ENCRYPTED 10 +#define PEM_TYPE_MIC_ONLY 20 +#define PEM_TYPE_MIC_CLEAR 30 +#define PEM_TYPE_CLEAR 40 -/* These macros make the PEM_read/PEM_write functions easier to maintain and - * write. Now they are all implemented with either: - * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...) - */ +// These macros make the PEM_read/PEM_write functions easier to maintain and +// write. Now they are all implemented with either: +// IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...) #ifdef OPENSSL_NO_FP_API -#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ -#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ -#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ -#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ -#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ +#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) // +#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) // +#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) // +#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) // +#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) // #else @@ -228,133 +227,163 @@ extern "C" { } #define IMPLEMENT_PEM_write(name, type, str, asn1) \ - IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ - IMPLEMENT_PEM_write_fp(name, type, str, asn1) + IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp(name, type, str, asn1) #define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ - IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ - IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) + IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) #define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ - IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ - IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) + IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) #define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ - IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ - IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) + IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) #define IMPLEMENT_PEM_read(name, type, str, asn1) \ - IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ - IMPLEMENT_PEM_read_fp(name, type, str, asn1) + IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_read_fp(name, type, str, asn1) #define IMPLEMENT_PEM_rw(name, type, str, asn1) \ - IMPLEMENT_PEM_read(name, type, str, asn1) \ - IMPLEMENT_PEM_write(name, type, str, asn1) + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write(name, type, str, asn1) #define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ - IMPLEMENT_PEM_read(name, type, str, asn1) \ - IMPLEMENT_PEM_write_const(name, type, str, asn1) + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_const(name, type, str, asn1) #define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ - IMPLEMENT_PEM_read(name, type, str, asn1) \ - IMPLEMENT_PEM_write_cb(name, type, str, asn1) + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb(name, type, str, asn1) -/* These are the same except they are for the declarations */ +// These are the same except they are for the declarations #if defined(OPENSSL_NO_FP_API) -#define DECLARE_PEM_read_fp(name, type) /**/ -#define DECLARE_PEM_write_fp(name, type) /**/ -#define DECLARE_PEM_write_cb_fp(name, type) /**/ +#define DECLARE_PEM_read_fp(name, type) // +#define DECLARE_PEM_write_fp(name, type) // +#define DECLARE_PEM_write_cb_fp(name, type) // #else -#define DECLARE_PEM_read_fp(name, type) \ - OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); +#define DECLARE_PEM_read_fp(name, type) \ + OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x, \ + pem_password_cb *cb, void *u); #define DECLARE_PEM_write_fp(name, type) \ - OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x); + OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x); #define DECLARE_PEM_write_fp_const(name, type) \ - OPENSSL_EXPORT int PEM_write_##name(FILE *fp, const type *x); + OPENSSL_EXPORT int PEM_write_##name(FILE *fp, const type *x); -#define DECLARE_PEM_write_cb_fp(name, type) \ - OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ - unsigned char *kstr, int klen, pem_password_cb *cb, void *u); +#define DECLARE_PEM_write_cb_fp(name, type) \ + OPENSSL_EXPORT int PEM_write_##name( \ + FILE *fp, type *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, \ + pem_password_cb *cb, void *u); #endif -#define DECLARE_PEM_read_bio(name, type) \ - OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); +#define DECLARE_PEM_read_bio(name, type) \ + OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x, \ + pem_password_cb *cb, void *u); #define DECLARE_PEM_write_bio(name, type) \ - OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x); + OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x); #define DECLARE_PEM_write_bio_const(name, type) \ - OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, const type *x); + OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, const type *x); -#define DECLARE_PEM_write_cb_bio(name, type) \ - OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ - unsigned char *kstr, int klen, pem_password_cb *cb, void *u); +#define DECLARE_PEM_write_cb_bio(name, type) \ + OPENSSL_EXPORT int PEM_write_bio_##name( \ + BIO *bp, type *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, \ + pem_password_cb *cb, void *u); #define DECLARE_PEM_write(name, type) \ - DECLARE_PEM_write_bio(name, type) \ - DECLARE_PEM_write_fp(name, type) + DECLARE_PEM_write_bio(name, type) \ + DECLARE_PEM_write_fp(name, type) #define DECLARE_PEM_write_const(name, type) \ - DECLARE_PEM_write_bio_const(name, type) \ - DECLARE_PEM_write_fp_const(name, type) + DECLARE_PEM_write_bio_const(name, type) \ + DECLARE_PEM_write_fp_const(name, type) #define DECLARE_PEM_write_cb(name, type) \ - DECLARE_PEM_write_cb_bio(name, type) \ - DECLARE_PEM_write_cb_fp(name, type) + DECLARE_PEM_write_cb_bio(name, type) \ + DECLARE_PEM_write_cb_fp(name, type) #define DECLARE_PEM_read(name, type) \ - DECLARE_PEM_read_bio(name, type) \ - DECLARE_PEM_read_fp(name, type) + DECLARE_PEM_read_bio(name, type) \ + DECLARE_PEM_read_fp(name, type) #define DECLARE_PEM_rw(name, type) \ - DECLARE_PEM_read(name, type) \ - DECLARE_PEM_write(name, type) + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write(name, type) #define DECLARE_PEM_rw_const(name, type) \ - DECLARE_PEM_read(name, type) \ - DECLARE_PEM_write_const(name, type) + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_const(name, type) #define DECLARE_PEM_rw_cb(name, type) \ - DECLARE_PEM_read(name, type) \ - DECLARE_PEM_write_cb(name, type) + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_cb(name, type) -/* "userdata": new with OpenSSL 0.9.4 */ +// "userdata": new with OpenSSL 0.9.4 typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); -OPENSSL_EXPORT int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); -OPENSSL_EXPORT int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, pem_password_cb *callback,void *u); - -OPENSSL_EXPORT int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,long *len); -OPENSSL_EXPORT int PEM_write_bio(BIO *bp,const char *name, const char *hdr, const unsigned char *data, long len); -OPENSSL_EXPORT int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, pem_password_cb *cb, void *u); -OPENSSL_EXPORT void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, pem_password_cb *cb, void *u); -OPENSSL_EXPORT int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp, void *x, const EVP_CIPHER *enc,unsigned char *kstr,int klen, pem_password_cb *cb, void *u); - -OPENSSL_EXPORT STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); -OPENSSL_EXPORT int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cd, void *u); - -OPENSSL_EXPORT int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,long *len); -OPENSSL_EXPORT int PEM_write(FILE *fp, const char *name, const char *hdr, const unsigned char *data, long len); -OPENSSL_EXPORT void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, pem_password_cb *cb, void *u); -OPENSSL_EXPORT int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp, void *x,const EVP_CIPHER *enc,unsigned char *kstr, int klen,pem_password_cb *callback, void *u); -OPENSSL_EXPORT STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); - -/* PEM_def_callback treats |userdata| as a string and copies it into |buf|, - * assuming its |size| is sufficient. Returns the length of the string, or 0 - * if there is not enough room. If either |buf| or |userdata| is NULL, 0 is - * returned. Note that this is different from OpenSSL, which prompts for a - * password. */ -OPENSSL_EXPORT int PEM_def_callback(char *buf, int size, int rwflag, void *userdata); -OPENSSL_EXPORT void PEM_proc_type(char *buf, int type); -OPENSSL_EXPORT void PEM_dek_info(char *buf, const char *type, int len, char *str); +OPENSSL_EXPORT int PEM_get_EVP_CIPHER_INFO(char *header, + EVP_CIPHER_INFO *cipher); +OPENSSL_EXPORT int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, + long *len, pem_password_cb *callback, void *u); + +OPENSSL_EXPORT int PEM_read_bio(BIO *bp, char **name, char **header, + unsigned char **data, long *len); +OPENSSL_EXPORT int PEM_write_bio(BIO *bp, const char *name, const char *hdr, + const unsigned char *data, long len); +OPENSSL_EXPORT int PEM_bytes_read_bio(unsigned char **pdata, long *plen, + char **pnm, const char *name, BIO *bp, + pem_password_cb *cb, void *u); +OPENSSL_EXPORT void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, + BIO *bp, void **x, pem_password_cb *cb, + void *u); +OPENSSL_EXPORT int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, + BIO *bp, void *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio( + BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); +OPENSSL_EXPORT int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, + EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *cd, + void *u); + +OPENSSL_EXPORT int PEM_read(FILE *fp, char **name, char **header, + unsigned char **data, long *len); +OPENSSL_EXPORT int PEM_write(FILE *fp, const char *name, const char *hdr, + const unsigned char *data, long len); +OPENSSL_EXPORT void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, + void **x, pem_password_cb *cb, void *u); +OPENSSL_EXPORT int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, + void *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *callback, void *u); +OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, + STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, + void *u); + +// PEM_def_callback treats |userdata| as a string and copies it into |buf|, +// assuming its |size| is sufficient. Returns the length of the string, or 0 +// if there is not enough room. If either |buf| or |userdata| is NULL, 0 is +// returned. Note that this is different from OpenSSL, which prompts for a +// password. +OPENSSL_EXPORT int PEM_def_callback(char *buf, int size, int rwflag, + void *userdata); +OPENSSL_EXPORT void PEM_proc_type(char *buf, int type); +OPENSSL_EXPORT void PEM_dek_info(char *buf, const char *type, int len, + char *str); DECLARE_PEM_rw(X509, X509) @@ -397,22 +426,46 @@ DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) DECLARE_PEM_rw(PUBKEY, EVP_PKEY) -OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, char *kstr, int klen, pem_password_cb *cb, void *u); -OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, char *, int, pem_password_cb *, void *); -OPENSSL_EXPORT int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u); -OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, char *kstr, int klen, pem_password_cb *cb, void *u); -OPENSSL_EXPORT EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); - -OPENSSL_EXPORT int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u); -OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, char *kstr, int klen, pem_password_cb *cb, void *u); -OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, char *kstr, int klen, pem_password_cb *cb, void *u); - -OPENSSL_EXPORT EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); - -OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, char *kstr,int klen, pem_password_cb *cd, void *u); - - -#ifdef __cplusplus +OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, + int nid, char *kstr, + int klen, + pem_password_cb *cb, + void *u); +OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, + const EVP_CIPHER *, char *, + int, pem_password_cb *, + void *); +OPENSSL_EXPORT int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, + const EVP_CIPHER *enc, char *kstr, + int klen, pem_password_cb *cb, + void *u); +OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +OPENSSL_EXPORT EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, + pem_password_cb *cb, void *u); + +OPENSSL_EXPORT int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, + const EVP_CIPHER *enc, char *kstr, + int klen, pem_password_cb *cb, + void *u); +OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); + +OPENSSL_EXPORT EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, + pem_password_cb *cb, void *u); + +OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, + const EVP_CIPHER *enc, char *kstr, + int klen, pem_password_cb *cd, + void *u); + + +#ifdef __cplusplus } #endif @@ -432,4 +485,4 @@ OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPH #define PEM_R_UNSUPPORTED_CIPHER 113 #define PEM_R_UNSUPPORTED_ENCRYPTION 114 -#endif /* OPENSSL_HEADER_PEM_H */ +#endif // OPENSSL_HEADER_PEM_H From 6d904d5b8aa3b30f1b632b0e4713260543df5d42 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 9 Oct 2020 16:27:23 -0400 Subject: [PATCH 131/399] Document low-level PEM read/write functions. Change-Id: I1ab6d0eeafcae0186234f87d817c8f8bf0ee1388 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43426 Reviewed-by: Adam Langley --- include/openssl/pem.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/include/openssl/pem.h b/include/openssl/pem.h index 7ad1c3dadf..f39989e133 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -337,10 +337,25 @@ OPENSSL_EXPORT int PEM_get_EVP_CIPHER_INFO(char *header, OPENSSL_EXPORT int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, pem_password_cb *callback, void *u); +// PEM_read_bio reads from |bp|, until the next PEM block. If one is found, it +// returns one and sets |*name|, |*header|, and |*data| to newly-allocated +// buffers containing the PEM type, the header block, and the decoded data, +// respectively. |*name| and |*header| are NUL-terminated C strings, while +// |*data| has |*len| bytes. The caller must release each of |*name|, |*header|, +// and |*data| with |OPENSSL_free| when done. If no PEM block is found, this +// function returns zero and pushes |PEM_R_NO_START_LINE| to the error queue. If +// one is found, but there is an error decoding it, it returns zero and pushes +// some other error to the error queue. OPENSSL_EXPORT int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, long *len); + +// PEM_write_bio writes a PEM block to |bp|, containing |len| bytes from |data| +// as data. |name| and |hdr| are NUL-terminated C strings containing the PEM +// type and header block, respectively. This function returns zero on error and +// the number of bytes written on success. OPENSSL_EXPORT int PEM_write_bio(BIO *bp, const char *name, const char *hdr, const unsigned char *data, long len); + OPENSSL_EXPORT int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, pem_password_cb *cb, void *u); From 3989c99706bf30054798ff82f1cb010e50e385f5 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 9 Oct 2020 14:12:06 -0400 Subject: [PATCH 132/399] Fix crash when flushing an SSL BIO. OpenSSL synchronizes bio->next_bio and ssl->rbio with a variety of callbacks, so BIO_copy_next_retry worked. We do not, so attempting to flush the BIO crashed. The SSL BIO is a compatibility hack and intentionally much more limited, so start by just copying things from the right BIO directly. Add a basic unit test for SSL BIOs. If we need to, we can implement a more complex synchronization later. Additionally reject reconfiguring an SSL BIO because that will leak the object right now. Change-Id: I724c95ab6f1a3a1aa1889b0483c81ce3bdc534ae Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43424 Reviewed-by: Adam Langley --- crypto/bio/bio.c | 2 ++ include/openssl/bio.h | 4 +++ ssl/bio_ssl.cc | 23 +++++++++++++---- ssl/ssl_test.cc | 59 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 83 insertions(+), 5 deletions(-) diff --git a/crypto/bio/bio.c b/crypto/bio/bio.c index 7d97c3e717..3d36e28d43 100644 --- a/crypto/bio/bio.c +++ b/crypto/bio/bio.c @@ -262,6 +262,8 @@ int BIO_should_io_special(const BIO *bio) { int BIO_get_retry_reason(const BIO *bio) { return bio->retry_reason; } +void BIO_set_retry_reason(BIO *bio, int reason) { bio->retry_reason = reason; } + void BIO_clear_flags(BIO *bio, int flags) { bio->flags &= ~flags; } diff --git a/include/openssl/bio.h b/include/openssl/bio.h index da0dcdfe64..f25492aa16 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -199,6 +199,10 @@ OPENSSL_EXPORT int BIO_should_io_special(const BIO *bio); // retried. The return value is one of the |BIO_RR_*| values. OPENSSL_EXPORT int BIO_get_retry_reason(const BIO *bio); +// BIO_set_retry_reason sets the special I/O operation that needs to be retried +// to |reason|, which should be one of the |BIO_RR_*| values. +OPENSSL_EXPORT void BIO_set_retry_reason(BIO *bio, int reason); + // BIO_clear_flags ANDs |bio->flags| with the bitwise-complement of |flags|. OPENSSL_EXPORT void BIO_clear_flags(BIO *bio, int flags); diff --git a/ssl/bio_ssl.cc b/ssl/bio_ssl.cc index 61afee566b..a2498893fd 100644 --- a/ssl/bio_ssl.cc +++ b/ssl/bio_ssl.cc @@ -37,12 +37,12 @@ static int ssl_read(BIO *bio, char *out, int outl) { case SSL_ERROR_WANT_ACCEPT: BIO_set_retry_special(bio); - bio->retry_reason = BIO_RR_ACCEPT; + BIO_set_retry_reason(bio, BIO_RR_ACCEPT); break; case SSL_ERROR_WANT_CONNECT: BIO_set_retry_special(bio); - bio->retry_reason = BIO_RR_CONNECT; + BIO_set_retry_reason(bio, BIO_RR_CONNECT); break; case SSL_ERROR_NONE: @@ -77,7 +77,7 @@ static int ssl_write(BIO *bio, const char *out, int outl) { case SSL_ERROR_WANT_CONNECT: BIO_set_retry_special(bio); - bio->retry_reason = BIO_RR_CONNECT; + BIO_set_retry_reason(bio, BIO_RR_CONNECT); break; case SSL_ERROR_NONE: @@ -98,6 +98,17 @@ static long ssl_ctrl(BIO *bio, int cmd, long num, void *ptr) { switch (cmd) { case BIO_C_SET_SSL: + if (ssl != NULL) { + // OpenSSL allows reusing an SSL BIO with a different SSL object. We do + // not support this. + OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + + // Note this differs from upstream OpenSSL, which synchronizes + // |bio->next_bio| with |ssl|'s rbio here, and on |BIO_CTRL_PUSH|. We call + // into the corresponding |BIO| directly. (We can implement the upstream + // behavior if it ends up necessary.) bio->shutdown = num; bio->ptr = ptr; bio->init = 1; @@ -117,9 +128,11 @@ static long ssl_ctrl(BIO *bio, int cmd, long num, void *ptr) { return SSL_pending(ssl); case BIO_CTRL_FLUSH: { + BIO *wbio = SSL_get_wbio(ssl); BIO_clear_retry_flags(bio); - long ret = BIO_ctrl(SSL_get_wbio(ssl), cmd, num, ptr); - BIO_copy_next_retry(bio); + long ret = BIO_ctrl(wbio, cmd, num, ptr); + BIO_set_flags(bio, BIO_get_retry_flags(wbio)); + BIO_set_retry_reason(bio, BIO_get_retry_reason(wbio)); return ret; } diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 451b401cfc..6584686153 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -6529,5 +6529,64 @@ TEST(SSLTest, ProcessTLS13NewSessionTicket) { sizeof(kTicket))); } +TEST(SSLTest, BIO) { + bssl::UniquePtr client_ctx(SSL_CTX_new(TLS_method())); + bssl::UniquePtr server_ctx(SSL_CTX_new(TLS_method())); + ASSERT_TRUE(client_ctx); + ASSERT_TRUE(server_ctx); + + bssl::UniquePtr cert = GetTestCertificate(); + bssl::UniquePtr key = GetTestKey(); + ASSERT_TRUE(cert); + ASSERT_TRUE(key); + ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get())); + ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())); + + for (bool take_ownership : {true, false}) { + // For simplicity, get the handshake out of the way first. + bssl::UniquePtr client, server; + ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(), + server_ctx.get())); + + // Wrap |client| in an SSL BIO. + bssl::UniquePtr client_bio(BIO_new(BIO_f_ssl())); + ASSERT_TRUE(client_bio); + ASSERT_EQ(1, BIO_set_ssl(client_bio.get(), client.get(), take_ownership)); + if (take_ownership) { + client.release(); + } + + // Flushing the BIO should not crash. + EXPECT_EQ(1, BIO_flush(client_bio.get())); + + // Exchange some data. + EXPECT_EQ(5, BIO_write(client_bio.get(), "hello", 5)); + uint8_t buf[5]; + ASSERT_EQ(5, SSL_read(server.get(), buf, sizeof(buf))); + EXPECT_EQ(Bytes("hello"), Bytes(buf)); + + EXPECT_EQ(5, SSL_write(server.get(), "world", 5)); + ASSERT_EQ(5, BIO_read(client_bio.get(), buf, sizeof(buf))); + EXPECT_EQ(Bytes("world"), Bytes(buf)); + + // |BIO_should_read| should work. + EXPECT_EQ(-1, BIO_read(client_bio.get(), buf, sizeof(buf))); + EXPECT_TRUE(BIO_should_read(client_bio.get())); + + // Writing data should eventually exceed the buffer size and fail, reporting + // |BIO_should_write|. + int ret; + for (int i = 0; i < 1024; i++) { + std::vector buffer(1024); + ret = BIO_write(client_bio.get(), buffer.data(), buffer.size()); + if (ret <= 0) { + break; + } + } + EXPECT_EQ(-1, ret); + EXPECT_TRUE(BIO_should_write(client_bio.get())); + } +} + } // namespace BSSL_NAMESPACE_END From 3dbfb785a8214b60f2525813a47da0c99a9cd417 Mon Sep 17 00:00:00 2001 From: francescocarzaniga Date: Tue, 22 Sep 2020 22:45:44 +0200 Subject: [PATCH 133/399] Update Cargo.toml Add illumos support. --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index b1c29cf024..e8d081549c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -304,7 +304,7 @@ spin = { version = "0.5.2", default-features = false } [target.'cfg(any(target_os = "android", target_os = "linux"))'.dependencies] libc = { version = "0.2.69", default-features = false } -[target.'cfg(any(target_os = "android", target_os = "freebsd", target_os = "linux", target_os = "netbsd", target_os = "openbsd", target_os = "solaris"))'.dependencies] +[target.'cfg(any(target_os = "android", target_os = "freebsd", target_os = "linux", target_os = "netbsd", target_os = "openbsd", target_os = "solaris", target_os = "illumos"))'.dependencies] once_cell = { version = "1.3.1", default-features = false, features=["std"], optional = true } [target.'cfg(all(target_arch = "wasm32", target_vendor = "unknown", target_os = "unknown", target_env = ""))'.dependencies] From 020eb5422c4cd8b69bf1de98dbec0e148731f7b9 Mon Sep 17 00:00:00 2001 From: francescocarzaniga Date: Tue, 22 Sep 2020 22:47:01 +0200 Subject: [PATCH 134/399] Update rand.rs Add illumos support. --- src/rand.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/rand.rs b/src/rand.rs index fb395cdae8..17f9cd1d10 100644 --- a/src/rand.rs +++ b/src/rand.rs @@ -183,7 +183,8 @@ use self::sysrand_or_urandom::fill as fill_impl; target_os = "freebsd", target_os = "netbsd", target_os = "openbsd", - target_os = "solaris" + target_os = "solaris", + target_os = "illumos" ))] use self::urandom::fill as fill_impl; @@ -354,7 +355,8 @@ mod sysrand_or_urandom { target_os = "freebsd", target_os = "netbsd", target_os = "openbsd", - target_os = "solaris" + target_os = "solaris", + target_os = "illumos" ))] mod urandom { use crate::error; From ff0d3d78fcf06151f0cada9d883080ecf9c2e496 Mon Sep 17 00:00:00 2001 From: Joe Richey Date: Tue, 15 Sep 2020 02:26:26 -0700 Subject: [PATCH 135/399] Update doc links to use correct branch It looks like *ring* is using `main` now. Signed-off-by: Joe Richey --- README.md | 8 ++++---- src/ec/suite_b/curve.rs | 2 +- src/ec/suite_b/ecdh.rs | 2 +- src/hmac.rs | 4 ++-- src/signature.rs | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 50c8b77722..ea71adad0f 100644 --- a/README.md +++ b/README.md @@ -131,7 +131,7 @@ Users of *ring* should always use the latest released version, and users should upgrade to the latest released version as soon as it is released. *ring* has a linear release model that favors users of the latest released version. We have never backported fixes to earlier releases and we don't -maintain branches other than the master branch. Further, for some obscure +maintain branches other than the main branch. Further, for some obscure technical reasons it's currently not possible to link two different versions of *ring* into the same program; for policy reasons we don't bother to try to work around that. Thus it is important that libraries using *ring* update @@ -169,8 +169,8 @@ source libraries use. The idea behind *our* model is to encourage all users to work together to ensure that the latest version is good *as it is being developed*. In particular, because users know that correctness/security fixes (if any) aren't going to get backported, they have a strong incentive to help -review pull requests before they are merged and/or review commits on the master -branch after they've landed to ensure that code quality on the master branch +review pull requests before they are merged and/or review commits on the main +branch after they've landed to ensure that code quality on the main branch stays high. The more common model, where there are stable versions that have important @@ -228,7 +228,7 @@ the table below. The C compilers listed are used for compiling the C portions. Windows x86, x86_64 MSVC 2015 Update 3 (14.0) - Build Status + Build Status diff --git a/src/ec/suite_b/curve.rs b/src/ec/suite_b/curve.rs index 0788e10712..e0ff4f4617 100644 --- a/src/ec/suite_b/curve.rs +++ b/src/ec/suite_b/curve.rs @@ -31,7 +31,7 @@ macro_rules! suite_b_curve { /// [NIST Special Publication 800-56A, revision 2]: /// http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf /// [Suite B Implementer's Guide to NIST SP 800-56A]: - /// https://github.com/briansmith/ring/blob/master/doc/ecdh.pdf + /// https://github.com/briansmith/ring/blob/main/doc/ecdh.pdf pub static $NAME: ec::Curve = ec::Curve { public_key_len: 1 + (2 * (($bits + 7) / 8)), elem_scalar_seed_len: ($bits + 7) / 8, diff --git a/src/ec/suite_b/ecdh.rs b/src/ec/suite_b/ecdh.rs index f8680ccad6..f9dfa69b30 100644 --- a/src/ec/suite_b/ecdh.rs +++ b/src/ec/suite_b/ecdh.rs @@ -38,7 +38,7 @@ macro_rules! ecdh { /// [NIST Special Publication 800-56A, revision 2]: /// http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf /// [Suite B Implementer's Guide to NIST SP 800-56A]: - /// https://github.com/briansmith/ring/blob/master/doc/ecdh.pdf + /// https://github.com/briansmith/ring/blob/main/doc/ecdh.pdf pub static $NAME: agreement::Algorithm = agreement::Algorithm { curve: $curve, ecdh: $ecdh, diff --git a/src/hmac.rs b/src/hmac.rs index 1329058f66..210d44f9ff 100644 --- a/src/hmac.rs +++ b/src/hmac.rs @@ -105,9 +105,9 @@ //! //! [RFC 2104]: https://tools.ietf.org/html/rfc2104 //! [code for `ring::pbkdf2`]: -//! https://github.com/briansmith/ring/blob/master/src/pbkdf2.rs +//! https://github.com/briansmith/ring/blob/main/src/pbkdf2.rs //! [code for `ring::hkdf`]: -//! https://github.com/briansmith/ring/blob/master/src/hkdf.rs +//! https://github.com/briansmith/ring/blob/main/src/hkdf.rs use crate::{constant_time, digest, error, hkdf, rand}; diff --git a/src/signature.rs b/src/signature.rs index e325dc0a7a..fe80786406 100644 --- a/src/signature.rs +++ b/src/signature.rs @@ -111,7 +111,7 @@ //! [NIST Special Publication 800-56A, revision 2]: //! http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf //! [Suite B implementer's guide to FIPS 186-3]: -//! https://github.com/briansmith/ring/blob/master/doc/ecdsa.pdf +//! https://github.com/briansmith/ring/blob/main/doc/ecdsa.pdf //! [RFC 3279 Section 2.2.3]: //! https://tools.ietf.org/html/rfc3279#section-2.2.3 //! [RFC 3447 Section 8.2]: From e580e9ded3bff859a0d021ca383087b241b6df74 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 28 Sep 2020 14:32:09 -0400 Subject: [PATCH 136/399] Simplify 0-RTT tests. Add an earlyData and earlyDataRejected flag to configure the standard 0-RTT test options. It's too tedious otherwise. Along the way, I added an -expect-cipher flag to a few of the tests which could do with them. This does cause most 0-RTT tests to exchange a quick burst of data, so a few more fuzzer mode suppressions are needed. I think that's probably fine. Maybe we should mess with fuzzer mode so it's able to trial decrypt as this is getting a little tedious. Change-Id: Ib6490fe006d91294aab1a06d88f7793c6ae840c8 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43086 Reviewed-by: Steven Valdez Commit-Queue: David Benjamin --- ssl/test/bssl_shim.cc | 10 +- ssl/test/runner/fuzzer_mode.json | 4 +- ssl/test/runner/runner.go | 719 ++++++++++++------------------- ssl/test/test_config.cc | 1 + ssl/test/test_config.h | 1 + 5 files changed, 287 insertions(+), 448 deletions(-) diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index 55f9c38932..ebdfeaf357 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -613,8 +613,7 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume, } } - uint16_t cipher_id = - static_cast(SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))); + uint16_t cipher_id = SSL_CIPHER_get_protocol_id(SSL_get_current_cipher(ssl)); if (config->expect_cipher_aes != 0 && EVP_has_aes_hardware() && static_cast(config->expect_cipher_aes) != cipher_id) { @@ -631,6 +630,13 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume, return false; } + if (config->expect_cipher != 0 && + static_cast(config->expect_cipher) != cipher_id) { + fprintf(stderr, "Cipher ID was %04x, wanted %04x\n", cipher_id, + static_cast(config->expect_cipher)); + return false; + } + // The early data status is only applicable after the handshake is confirmed. if (!SSL_in_early_data(ssl)) { if ((config->expect_accept_early_data && !SSL_early_data_accepted(ssl)) || diff --git a/ssl/test/runner/fuzzer_mode.json b/ssl/test/runner/fuzzer_mode.json index 384b1db0ac..3e03a9b637 100644 --- a/ssl/test/runner/fuzzer_mode.json +++ b/ssl/test/runner/fuzzer_mode.json @@ -34,9 +34,10 @@ "SkipEarlyData*": "Trial decryption does not work with the NULL cipher.", "EarlyDataChannelID-OfferBoth-Server-*": "Trial decryption does not work with the NULL cipher.", + "EarlyDataChannelID-AcceptChannelID-Client-*": "Trial decryption does not work with the NULL cipher.", "EarlyData-NonZeroRTTSession-Server-*": "Trial decryption does not work with the NULL cipher.", "EarlyData-SkipEndOfEarlyData-*": "Trial decryption does not work with the NULL cipher.", - "EarlyData-ALPNMismatch-Server-*": "Trial decryption does not work with the NULL cipher.", + "EarlyData-ALPNMismatch-*": "Trial decryption does not work with the NULL cipher.", "EarlyData-ALPNOmitted1-Client-*": "Trial decryption does not work with the NULL cipher.", "EarlyData-ALPNOmitted2-Client-*": "Trial decryption does not work with the NULL cipher.", "EarlyData-ALPNOmitted1-Server-*": "Trial decryption does not work with the NULL cipher.", @@ -45,6 +46,7 @@ "EarlyData-Reject*-Client*": "Trial decryption does not work with the NULL cipher.", "CustomExtensions-Server-EarlyDataOffered": "Trial decryption does not work with the NULL cipher.", "*-TicketAgeSkew-*-Reject*": "Trial decryption does not work with the NULL cipher.", + "*EarlyDataRejected*": "Trial decryption does not work with the NULL cipher.", "Renegotiate-Client-BadExt*": "Fuzzer mode does not check renegotiation_info.", diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 4baf90113b..0f34287c6f 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -663,6 +663,18 @@ type testCase struct { // skipQUICALPNConfig, if true, will skip automatic configuration of // sending a fake ALPN when protocol == quic. skipQUICALPNConfig bool + // earlyData, if true, configures default settings for an early data test. + // expectEarlyDataRejected controls whether the test is for early data + // accept or reject. In a client test, the shim will be configured to send + // an initial write in early data which, on accept, the runner will enforce. + // In a server test, the runner will send some default message in early + // data, which the shim is expected to echo in half-RTT. + earlyData bool + // expectEarlyDataRejected, if earlyData is true, is whether early data is + // expected to be rejected. In a client test, this controls whether the shim + // should retry for early rejection. In a server test, this is whether the + // test expects the shim to reject early data. + expectEarlyDataRejected bool } var testCases []testCase @@ -1307,6 +1319,49 @@ func runTest(statusChan chan statusMsg, test *testCase, shimPath string, mallocN } } + if test.earlyData { + if !test.resumeSession { + panic("earlyData set without resumeSession in " + test.name) + } + + resumeConfig := test.resumeConfig + if resumeConfig == nil { + resumeConfig = &test.config + } + if test.expectEarlyDataRejected { + flags = append(flags, "-on-resume-expect-reject-early-data") + } else { + flags = append(flags, "-on-resume-expect-accept-early-data") + } + + flags = append(flags, "-enable-early-data") + if test.testType == clientTest { + // Configure the runner with default maximum early data. + flags = append(flags, "-expect-ticket-supports-early-data") + if test.config.MaxEarlyDataSize == 0 { + test.config.MaxEarlyDataSize = 16384 + } + if resumeConfig.MaxEarlyDataSize == 0 { + resumeConfig.MaxEarlyDataSize = 16384 + } + + // Configure the shim to send some data in early data. + flags = append(flags, "-on-resume-shim-writes-first") + if resumeConfig.Bugs.ExpectEarlyData == nil { + resumeConfig.Bugs.ExpectEarlyData = [][]byte{[]byte("hello")} + } + } else { + // By default, send some early data and expect half-RTT data response. + if resumeConfig.Bugs.SendEarlyData == nil { + resumeConfig.Bugs.SendEarlyData = [][]byte{{1, 2, 3, 4}} + } + if resumeConfig.Bugs.ExpectHalfRTTData == nil { + resumeConfig.Bugs.ExpectHalfRTTData = [][]byte{{254, 253, 252, 251}} + } + resumeConfig.Bugs.ExpectEarlyDataAccepted = !test.expectEarlyDataRejected + } + } + var resumeCount int if test.resumeSession { resumeCount++ @@ -4690,12 +4745,7 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { }, resumeShimPrefix: "llo", resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-on-resume-expect-accept-early-data", - "-on-resume-shim-writes-first", - }, + earlyData: true, }) } @@ -4707,26 +4757,16 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { testType: clientTest, name: "TLS13-EarlyData-UnfinishedWrite-Client", config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, Bugs: ProtocolBugs{ + ExpectEarlyData: [][]byte{}, ExpectLateEarlyData: [][]byte{{'h', 'e', 'l', 'l', 'o'}}, }, }, resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-on-resume-expect-accept-early-data", - "-on-resume-read-with-unfinished-write", - "-on-resume-shim-writes-first", - }, + earlyData: true, + flags: []string{"-on-resume-read-with-unfinished-write"}, }) // Rejected unfinished writes are discarded (from the @@ -4736,26 +4776,16 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { testType: clientTest, name: "TLS13-EarlyData-RejectUnfinishedWrite-Client", config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, Bugs: ProtocolBugs{ AlwaysRejectEarlyData: true, }, }, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - "-on-resume-read-with-unfinished-write", - "-on-resume-shim-writes-first", - }, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, + flags: []string{"-on-resume-read-with-unfinished-write"}, }) } @@ -4774,10 +4804,7 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { }, messageCount: 2, resumeSession: true, - flags: []string{ - "-enable-early-data", - "-on-resume-expect-accept-early-data", - }, + earlyData: true, shouldFail: true, expectedError: ":TOO_MUCH_READ_EARLY_DATA:", }) @@ -5287,102 +5314,80 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { testType: testType, name: "EarlyData-RejectTicket-Client-Reverify" + suffix, config: Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, + MaxVersion: vers.version, }, resumeConfig: &Config{ MaxVersion: vers.version, - MaxEarlyDataSize: 16384, SessionTicketsDisabled: true, }, - resumeSession: true, - expectResumeRejected: true, + resumeSession: true, + expectResumeRejected: true, + earlyData: true, + expectEarlyDataRejected: true, flags: append([]string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-reverify-on-resume", - "-on-resume-shim-writes-first", // Session tickets are disabled, so the runner will not send a ticket. "-on-retry-expect-no-session", - "-expect-reject-early-data", }, flags...), }) tests = append(tests, testCase{ testType: testType, name: "EarlyData-Reject0RTT-Client-Reverify" + suffix, config: Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, + MaxVersion: vers.version, Bugs: ProtocolBugs{ AlwaysRejectEarlyData: true, }, }, - resumeSession: true, - expectResumeRejected: false, + resumeSession: true, + expectResumeRejected: false, + earlyData: true, + expectEarlyDataRejected: true, flags: append([]string{ - "-enable-early-data", - "-expect-reject-early-data", - "-expect-ticket-supports-early-data", "-reverify-on-resume", - "-on-resume-shim-writes-first", }, flags...), }) tests = append(tests, testCase{ testType: testType, name: "EarlyData-RejectTicket-Client-ReverifyFails" + suffix, config: Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, + MaxVersion: vers.version, }, resumeConfig: &Config{ MaxVersion: vers.version, - MaxEarlyDataSize: 16384, SessionTicketsDisabled: true, }, - resumeSession: true, - expectResumeRejected: true, - shouldFail: true, - expectedError: ":CERTIFICATE_VERIFY_FAILED:", + resumeSession: true, + expectResumeRejected: true, + earlyData: true, + expectEarlyDataRejected: true, + shouldFail: true, + expectedError: ":CERTIFICATE_VERIFY_FAILED:", flags: append([]string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-reverify-on-resume", - "-on-resume-shim-writes-first", // Session tickets are disabled, so the runner will not send a ticket. "-on-retry-expect-no-session", "-on-retry-verify-fail", - "-expect-reject-early-data", }, flags...), }) tests = append(tests, testCase{ testType: testType, name: "EarlyData-Reject0RTT-Client-ReverifyFails" + suffix, config: Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, + MaxVersion: vers.version, Bugs: ProtocolBugs{ AlwaysRejectEarlyData: true, }, }, - resumeSession: true, - expectResumeRejected: false, - shouldFail: true, - expectedError: ":CERTIFICATE_VERIFY_FAILED:", - expectedLocalError: verifyFailLocalError, + resumeSession: true, + expectResumeRejected: false, + earlyData: true, + expectEarlyDataRejected: true, + shouldFail: true, + expectedError: ":CERTIFICATE_VERIFY_FAILED:", + expectedLocalError: verifyFailLocalError, flags: append([]string{ - "-enable-early-data", - "-expect-reject-early-data", - "-expect-ticket-supports-early-data", "-reverify-on-resume", - "-on-resume-shim-writes-first", "-on-retry-verify-fail", }, flags...), }) @@ -5391,50 +5396,29 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { testType: testType, name: "EarlyData-Accept0RTT-Client-Reverify" + suffix, config: Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, + MaxVersion: vers.version, }, - resumeConfig: &Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - ExpectEarlyData: [][]byte{[]byte("hello")}, - }, - }, - resumeSession: true, - expectResumeRejected: false, + resumeSession: true, + earlyData: true, flags: append([]string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-reverify-on-resume", - "-on-resume-shim-writes-first", }, flags...), }) tests = append(tests, testCase{ testType: testType, name: "EarlyData-Accept0RTT-Client-ReverifyFails" + suffix, config: Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - ExpectEarlyData: [][]byte{[]byte("hello")}, - }, + MaxVersion: vers.version, }, resumeSession: true, + earlyData: true, shouldFail: true, expectedError: ":CERTIFICATE_VERIFY_FAILED:", // We do not set expectedLocalError here because the shim rejects // the connection without an alert. flags: append([]string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-reverify-on-resume", "-on-resume-verify-fail", - "-on-resume-shim-writes-first", }, flags...), }) } @@ -7339,12 +7323,10 @@ func addExtensionTests() { TokenBindingParams: []byte{2}, TokenBindingVersion: maxTokenBindingVersion, ExpectTokenBindingParams: []byte{2, 1, 0}, - MaxEarlyDataSize: 16384, }, resumeSession: true, + earlyData: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), }, @@ -7359,19 +7341,17 @@ func addExtensionTests() { MaxVersion: ver.version, TokenBindingParams: []byte{0, 1, 2}, TokenBindingVersion: maxTokenBindingVersion, - MaxEarlyDataSize: 16384, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, expectations: connectionExpectations{ tokenBinding: true, tokenBindingParam: 2, }, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), - "-expect-reject-early-data", "-on-retry-expect-early-data-reason", "token_binding", }, }) @@ -10450,14 +10430,11 @@ func addExportKeyingMaterialTests() { testCases = append(testCases, testCase{ name: "NoEarlyKeyingMaterial-Client-InEarlyData-" + vers.name, config: Config{ - MaxVersion: vers.version, - MaxEarlyDataSize: 16384, + MaxVersion: vers.version, }, resumeSession: true, + earlyData: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-on-resume-expect-accept-early-data", "-on-resume-export-keying-material", "1024", "-on-resume-export-label", "label", "-on-resume-export-context", "context", @@ -10473,16 +10450,19 @@ func addExportKeyingMaterialTests() { config: Config{ MaxVersion: vers.version, Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{}, - ExpectEarlyDataAccepted: true, + // The shim writes exported data immediately after + // the handshake returns, so disable the built-in + // early data test. + SendEarlyData: [][]byte{}, + ExpectHalfRTTData: [][]byte{}, }, }, resumeSession: true, + earlyData: true, exportKeyingMaterial: 1024, exportLabel: "label", exportContext: "context", useExportContext: true, - flags: []string{"-enable-early-data"}, }) } } @@ -11500,20 +11480,14 @@ func addSessionTicketTests() { config: Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendTicketAge: 70 * time.Second, - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, + SendTicketAge: 70 * time.Second, }, }, resumeSession: true, + earlyData: true, flags: []string{ "-resumption-delay", "10", "-expect-ticket-age-skew", "60", - // 0-RTT is accepted. - "-enable-early-data", - "-on-resume-expect-accept-early-data", - "-on-resume-expect-early-data-reason", "accept", }, }) testCases = append(testCases, testCase{ @@ -11522,20 +11496,14 @@ func addSessionTicketTests() { config: Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendTicketAge: 10 * time.Second, - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, + SendTicketAge: 10 * time.Second, }, }, resumeSession: true, + earlyData: true, flags: []string{ "-resumption-delay", "70", "-expect-ticket-age-skew", "-60", - // 0-RTT is accepted. - "-enable-early-data", - "-on-resume-expect-accept-early-data", - "-on-resume-expect-early-data-reason", "accept", }, }) @@ -11546,18 +11514,15 @@ func addSessionTicketTests() { config: Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendTicketAge: 71 * time.Second, - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, + SendTicketAge: 71 * time.Second, }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ "-resumption-delay", "10", "-expect-ticket-age-skew", "61", - // 0-RTT is rejected. - "-enable-early-data", - "-expect-reject-early-data", "-on-resume-expect-early-data-reason", "ticket_age_skew", }, }) @@ -11567,18 +11532,15 @@ func addSessionTicketTests() { config: Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendTicketAge: 10 * time.Second, - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, + SendTicketAge: 10 * time.Second, }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ "-resumption-delay", "71", "-expect-ticket-age-skew", "-61", - // 0-RTT is rejected. - "-enable-early-data", - "-expect-reject-early-data", "-on-resume-expect-early-data-reason", "ticket_age_skew", }, }) @@ -11945,14 +11907,13 @@ func addChangeCipherSpecTests() { MaxVersion: VersionTLS13, }, resumeConfig: &Config{ + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ PartialEndOfEarlyDataWithClientHello: true, - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, }, }, resumeSession: true, - flags: []string{"-enable-early-data"}, + earlyData: true, shouldFail: true, expectedError: ":EXCESS_HANDSHAKE_DATA:", }) @@ -12529,15 +12490,8 @@ func makePerMessageTests() []perMessageTest { config: Config{ MaxVersion: VersionTLS13, }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - }, - }, resumeSession: true, - flags: []string{"-enable-early-data"}, + earlyData: true, }, }) } @@ -12774,26 +12728,14 @@ func addTLS13HandshakeTests() { testType: clientTest, name: "EarlyData-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - ExpectEarlyData: [][]byte{{'h', 'e', 'l', 'l', 'o'}}, - }, + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, }, resumeSession: true, + earlyData: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-on-initial-expect-early-data-reason", "no_session_offered", - "-on-resume-expect-accept-early-data", "-on-resume-expect-early-data-reason", "accept", - "-on-resume-shim-writes-first", }, }) @@ -12801,22 +12743,18 @@ func addTLS13HandshakeTests() { testType: clientTest, name: "EarlyData-Reject-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ AlwaysRejectEarlyData: true, }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - "-on-resume-shim-writes-first", "-on-retry-expect-early-data-reason", "peer_declined", }, }) @@ -12827,18 +12765,12 @@ func addTLS13HandshakeTests() { config: Config{ MaxVersion: VersionTLS13, MinVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, - }, }, messageCount: 2, resumeSession: true, + earlyData: true, flags: []string{ - "-enable-early-data", "-on-initial-expect-early-data-reason", "no_session_offered", - "-on-resume-expect-accept-early-data", "-on-resume-expect-early-data-reason", "accept", }, }) @@ -12852,17 +12784,13 @@ func addTLS13HandshakeTests() { MaxVersion: VersionTLS13, MinVersion: VersionTLS13, Bugs: ProtocolBugs{ - UseFirstSessionTicket: true, - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, + UseFirstSessionTicket: true, }, }, messageCount: 2, resumeSession: true, + earlyData: true, flags: []string{ - "-enable-early-data", - "-on-resume-expect-accept-early-data", "-on-resume-expect-early-data-reason", "accept", }, }) @@ -13458,28 +13386,25 @@ func addTLS13HandshakeTests() { }, }) - // Test the client handles 0-RTT being rejected by a full handshake. + // Test the client handles 0-RTT being rejected by a full handshake + // and correctly reports a certificate change. testCases = append(testCases, testCase{ testType: clientTest, name: "EarlyData-RejectTicket-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Certificates: []Certificate{rsaCertificate}, + MaxVersion: VersionTLS13, + Certificates: []Certificate{rsaCertificate}, }, resumeConfig: &Config{ MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, Certificates: []Certificate{ecdsaP256Certificate}, SessionTicketsDisabled: true, }, - resumeSession: true, - expectResumeRejected: true, + resumeSession: true, + expectResumeRejected: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - "-on-resume-shim-writes-first", "-on-retry-expect-early-data-reason", "session_not_resumed", // Test the peer certificate is reported correctly in each of the // three logical connections. @@ -13499,8 +13424,6 @@ func addTLS13HandshakeTests() { MaxVersion: VersionTLS13, MinVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, // Corrupt the ticket. FilterTicket: func(in []byte) ([]byte, error) { in[len(in)-1] ^= 1 @@ -13508,12 +13431,12 @@ func addTLS13HandshakeTests() { }, }, }, - messageCount: 2, - resumeSession: true, - expectResumeRejected: true, + messageCount: 2, + resumeSession: true, + expectResumeRejected: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-on-resume-expect-reject-early-data", "-on-resume-expect-early-data-reason", "session_not_resumed", }, }) @@ -13523,21 +13446,18 @@ func addTLS13HandshakeTests() { testType: clientTest, name: "EarlyData-HRR-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ SendHelloRetryRequestCookie: []byte{1, 2, 3, 4}, }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", "-on-retry-expect-early-data-reason", "hello_retry_request", }, }) @@ -13551,16 +13471,12 @@ func addTLS13HandshakeTests() { MinVersion: VersionTLS13, // Require a HelloRetryRequest for every curve. DefaultCurves: []CurveID{}, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, }, - messageCount: 2, - resumeSession: true, + messageCount: 2, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-on-resume-expect-reject-early-data", "-on-resume-expect-early-data-reason", "hello_retry_request", }, }) @@ -13571,25 +13487,22 @@ func addTLS13HandshakeTests() { testType: clientTest, name: "EarlyData-HRR-RejectTicket-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Certificates: []Certificate{rsaCertificate}, + MaxVersion: VersionTLS13, + Certificates: []Certificate{rsaCertificate}, }, resumeConfig: &Config{ MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, Certificates: []Certificate{ecdsaP256Certificate}, SessionTicketsDisabled: true, Bugs: ProtocolBugs{ SendHelloRetryRequestCookie: []byte{1, 2, 3, 4}, }, }, - resumeSession: true, - expectResumeRejected: true, + resumeSession: true, + expectResumeRejected: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", // The client sees HelloRetryRequest before the resumption result, // though neither value is inherently preferable. "-on-retry-expect-early-data-reason", "hello_retry_request", @@ -13613,8 +13526,6 @@ func addTLS13HandshakeTests() { // Require a HelloRetryRequest for every curve. DefaultCurves: []CurveID{}, Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, // Corrupt the ticket. FilterTicket: func(in []byte) ([]byte, error) { in[len(in)-1] ^= 1 @@ -13622,12 +13533,12 @@ func addTLS13HandshakeTests() { }, }, }, - messageCount: 2, - resumeSession: true, - expectResumeRejected: true, + messageCount: 2, + resumeSession: true, + expectResumeRejected: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-on-resume-expect-reject-early-data", // The server sees the missed resumption before HelloRetryRequest, // though neither value is inherently preferable. "-on-resume-expect-early-data-reason", "session_not_resumed", @@ -13651,10 +13562,7 @@ func addTLS13HandshakeTests() { }, }, resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - }, + earlyData: true, shouldFail: true, expectedError: ":UNEXPECTED_EXTENSION:", }) @@ -13665,17 +13573,13 @@ func addTLS13HandshakeTests() { testType: clientTest, name: "EarlyDataVersionDowngrade-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, resumeConfig: &Config{ MaxVersion: VersionTLS12, }, resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - }, + earlyData: true, shouldFail: true, expectedError: ":WRONG_VERSION_ON_EARLY_DATA:", }) @@ -13686,25 +13590,21 @@ func addTLS13HandshakeTests() { testType: clientTest, name: "ServerAcceptsEarlyDataOnHRR-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ SendHelloRetryRequestCookie: []byte{1, 2, 3, 4}, SendEarlyDataExtension: true, }, }, resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - }, - shouldFail: true, - expectedError: ":UNEXPECTED_EXTENSION:", + earlyData: true, + // The client will first process an early data reject from the HRR. + expectEarlyDataRejected: true, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION:", }) testCases = append(testCases, testCase{ @@ -13777,25 +13677,22 @@ func addTLS13HandshakeTests() { testType: clientTest, name: "EarlyData-ALPNMismatch-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ ALPNProtocol: &fooString, }, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ ALPNProtocol: &barString, }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ "-advertise-alpn", "\x03foo\x03bar", - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", // The client does not learn ALPN was the cause. "-on-retry-expect-early-data-reason", "peer_declined", // In the 0-RTT state, we surface the predicted ALPN. After @@ -13812,20 +13709,17 @@ func addTLS13HandshakeTests() { testType: clientTest, name: "EarlyData-ALPNOmitted1-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - NextProtos: []string{"foo"}, + MaxVersion: VersionTLS13, + NextProtos: []string{"foo"}, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ "-advertise-alpn", "\x03foo\x03bar", - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", // The client does not learn ALPN was the cause. "-on-retry-expect-early-data-reason", "peer_declined", // In the 0-RTT state, we surface the predicted ALPN. After @@ -13833,7 +13727,6 @@ func addTLS13HandshakeTests() { "-on-initial-expect-alpn", "", "-on-resume-expect-alpn", "", "-on-retry-expect-alpn", "foo", - "-on-resume-shim-writes-first", }, }) @@ -13843,20 +13736,17 @@ func addTLS13HandshakeTests() { testType: clientTest, name: "EarlyData-ALPNOmitted2-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - NextProtos: []string{"foo"}, + MaxVersion: VersionTLS13, + NextProtos: []string{"foo"}, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ "-advertise-alpn", "\x03foo\x03bar", - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", // The client does not learn ALPN was the cause. "-on-retry-expect-early-data-reason", "peer_declined", // In the 0-RTT state, we surface the predicted ALPN. After @@ -13864,7 +13754,6 @@ func addTLS13HandshakeTests() { "-on-initial-expect-alpn", "foo", "-on-resume-expect-alpn", "foo", "-on-retry-expect-alpn", "", - "-on-resume-shim-writes-first", }, }) @@ -13873,25 +13762,22 @@ func addTLS13HandshakeTests() { testType: clientTest, name: "EarlyData-BadALPNMismatch-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ ALPNProtocol: &fooString, }, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ AlwaysAcceptEarlyData: true, ALPNProtocol: &barString, }, }, resumeSession: true, + earlyData: true, flags: []string{ "-advertise-alpn", "\x03foo\x03bar", - "-enable-early-data", - "-expect-ticket-supports-early-data", "-on-initial-expect-alpn", "foo", "-on-resume-expect-alpn", "foo", "-on-retry-expect-alpn", "bar", @@ -13960,6 +13846,8 @@ func addTLS13HandshakeTests() { }, }, resumeSession: true, + // This test configures early data manually instead of the earlyData + // option, to customize the -enable-early-data flag. flags: []string{ "-on-resume-enable-early-data", "-expect-reject-early-data", @@ -13969,7 +13857,7 @@ func addTLS13HandshakeTests() { }) // Test that we reject early data where ALPN is omitted from the first - // connection. + // connection, but negotiated in the second. testCases = append(testCases, testCase{ testType: serverTest, name: "EarlyData-ALPNOmitted1-Server-TLS13", @@ -13980,14 +13868,11 @@ func addTLS13HandshakeTests() { resumeConfig: &Config{ MaxVersion: VersionTLS13, NextProtos: []string{"foo"}, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", "-on-initial-select-alpn", "", "-on-resume-select-alpn", "foo", "-on-resume-expect-early-data-reason", "alpn_mismatch", @@ -13995,7 +13880,7 @@ func addTLS13HandshakeTests() { }) // Test that we reject early data where ALPN is omitted from the second - // connection. + // connection, but negotiated in the first. testCases = append(testCases, testCase{ testType: serverTest, name: "EarlyData-ALPNOmitted2-Server-TLS13", @@ -14006,14 +13891,11 @@ func addTLS13HandshakeTests() { resumeConfig: &Config{ MaxVersion: VersionTLS13, NextProtos: []string{}, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", "-on-initial-select-alpn", "foo", "-on-resume-select-alpn", "", "-on-resume-expect-early-data-reason", "alpn_mismatch", @@ -14031,14 +13913,11 @@ func addTLS13HandshakeTests() { resumeConfig: &Config{ MaxVersion: VersionTLS13, NextProtos: []string{"bar"}, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", "-on-initial-select-alpn", "foo", "-on-resume-select-alpn", "bar", "-on-resume-expect-early-data-reason", "alpn_mismatch", @@ -14052,10 +13931,10 @@ func addTLS13HandshakeTests() { name: "EarlyDataChannelID-AcceptBoth-Client-TLS13", config: Config{ MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, RequestChannelID: true, }, resumeSession: true, + earlyData: true, expectations: connectionExpectations{ channelID: true, }, @@ -14063,8 +13942,6 @@ func addTLS13HandshakeTests() { expectedError: ":UNEXPECTED_EXTENSION_ON_EARLY_DATA:", expectedLocalError: "remote error: illegal parameter", flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), }, }) @@ -14076,21 +13953,19 @@ func addTLS13HandshakeTests() { name: "EarlyDataChannelID-AcceptChannelID-Client-TLS13", config: Config{ MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, RequestChannelID: true, Bugs: ProtocolBugs{ AlwaysRejectEarlyData: true, }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, expectations: connectionExpectations{ channelID: true, }, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), - "-expect-reject-early-data", // The client never learns the reason was Channel ID. "-on-retry-expect-early-data-reason", "peer_declined", }, @@ -14102,16 +13977,12 @@ func addTLS13HandshakeTests() { testType: clientTest, name: "EarlyDataChannelID-AcceptEarlyData-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, resumeSession: true, + earlyData: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), - "-on-resume-expect-accept-early-data", - "-on-resume-expect-early-data-reason", "accept", }, }) @@ -14123,18 +13994,14 @@ func addTLS13HandshakeTests() { config: Config{ MaxVersion: VersionTLS13, ChannelID: channelIDKey, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, }, - resumeSession: true, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, expectations: connectionExpectations{ channelID: true, }, flags: []string{ - "-enable-early-data", - "-expect-reject-early-data", "-expect-channel-id", base64.StdEncoding.EncodeToString(channelIDBytes), "-on-resume-expect-early-data-reason", "channel_id", @@ -14148,25 +14015,19 @@ func addTLS13HandshakeTests() { name: "EarlyDataChannelID-OfferEarlyData-Server-TLS13", config: Config{ MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, - }, }, resumeSession: true, + earlyData: true, expectations: connectionExpectations{ channelID: false, }, flags: []string{ - "-enable-early-data", - "-on-resume-expect-accept-early-data", "-enable-channel-id", "-on-resume-expect-early-data-reason", "accept", }, }) - // Test that the server rejects 0-RTT streams without end_of_early_data. + // Test that the server errors on 0-RTT streams without end_of_early_data. // The subsequent records should fail to decrypt. testCases = append(testCases, testCase{ testType: serverTest, @@ -14174,18 +14035,18 @@ func addTLS13HandshakeTests() { config: Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - SkipEndOfEarlyData: true, + SkipEndOfEarlyData: true, }, }, resumeSession: true, - flags: []string{"-enable-early-data"}, + earlyData: true, shouldFail: true, expectedLocalError: "remote error: bad record MAC", expectedError: ":BAD_DECRYPT:", }) + // Test that the server errors on 0-RTT streams with a stray handshake + // message in them. testCases = append(testCases, testCase{ testType: serverTest, name: "EarlyData-UnexpectedHandshake-Server-TLS13", @@ -14195,18 +14056,14 @@ func addTLS13HandshakeTests() { resumeConfig: &Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, SendStrayEarlyHandshake: true, - ExpectEarlyDataAccepted: true, }, }, resumeSession: true, + earlyData: true, shouldFail: true, expectedError: ":UNEXPECTED_MESSAGE:", expectedLocalError: "remote error: unexpected message", - flags: []string{ - "-enable-early-data", - }, }) // Test that the client reports TLS 1.3 as the version while sending @@ -14215,14 +14072,11 @@ func addTLS13HandshakeTests() { testType: clientTest, name: "EarlyData-Client-VersionAPI-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, resumeSession: true, + earlyData: true, flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-on-resume-expect-accept-early-data", "-expect-version", strconv.Itoa(VersionTLS13), }, }) @@ -14233,22 +14087,16 @@ func addTLS13HandshakeTests() { testType: clientTest, name: "EarlyData-Client-BadFinished-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ BadFinished: true, }, }, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-on-resume-expect-accept-early-data", - }, + resumeSession: true, + earlyData: true, shouldFail: true, expectedError: ":DIGEST_CHECK_FAILED:", expectedLocalError: "remote error: error decrypting message", @@ -14262,17 +14110,11 @@ func addTLS13HandshakeTests() { resumeConfig: &Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, - BadFinished: true, + BadFinished: true, }, }, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-on-resume-expect-accept-early-data", - }, + resumeSession: true, + earlyData: true, shouldFail: true, expectedError: ":DIGEST_CHECK_FAILED:", expectedLocalError: "remote error: error decrypting message", @@ -14287,17 +14129,11 @@ func addTLS13HandshakeTests() { resumeConfig: &Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - NonEmptyEndOfEarlyData: true, + NonEmptyEndOfEarlyData: true, }, }, resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-on-resume-expect-accept-early-data", - }, + earlyData: true, shouldFail: true, expectedError: ":DECODE_ERROR:", }) @@ -14400,36 +14236,36 @@ func addTLS13HandshakeTests() { testType: clientTest, name: "EarlyData-Reject0RTT-DifferentPRF-Client", config: Config{ - MaxVersion: VersionTLS13, - CipherSuites: []uint16{TLS_AES_128_GCM_SHA256}, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, + CipherSuites: []uint16{TLS_AES_128_GCM_SHA256}, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - CipherSuites: []uint16{TLS_AES_256_GCM_SHA384}, + MaxVersion: VersionTLS13, + CipherSuites: []uint16{TLS_AES_256_GCM_SHA384}, }, - resumeSession: true, - expectResumeRejected: true, + resumeSession: true, + expectResumeRejected: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-expect-reject-early-data", - "-expect-ticket-supports-early-data", - "-on-resume-shim-writes-first", + "-on-initial-expect-cipher", strconv.Itoa(int(TLS_AES_128_GCM_SHA256)), + // The client initially reports the old cipher suite while sending + // early data. After processing the 0-RTT reject, it reports the + // true cipher suite. + "-on-resume-expect-cipher", strconv.Itoa(int(TLS_AES_128_GCM_SHA256)), + "-on-retry-expect-cipher", strconv.Itoa(int(TLS_AES_256_GCM_SHA384)), }, }) testCases = append(testCases, testCase{ testType: clientTest, name: "EarlyData-Reject0RTT-DifferentPRF-HRR-Client", config: Config{ - MaxVersion: VersionTLS13, - CipherSuites: []uint16{TLS_AES_128_GCM_SHA256}, - MaxEarlyDataSize: 16384, + MaxVersion: VersionTLS13, + CipherSuites: []uint16{TLS_AES_128_GCM_SHA256}, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - CipherSuites: []uint16{TLS_AES_256_GCM_SHA384}, + MaxVersion: VersionTLS13, + CipherSuites: []uint16{TLS_AES_256_GCM_SHA384}, // P-384 requires a HelloRetryRequest against BoringSSL's default // configuration. Assert this with ExpectMissingKeyShare. CurvePreferences: []CurveID{CurveP384}, @@ -14437,13 +14273,17 @@ func addTLS13HandshakeTests() { ExpectMissingKeyShare: true, }, }, - resumeSession: true, - expectResumeRejected: true, + resumeSession: true, + expectResumeRejected: true, + earlyData: true, + expectEarlyDataRejected: true, flags: []string{ - "-enable-early-data", - "-expect-reject-early-data", - "-expect-ticket-supports-early-data", - "-on-resume-shim-writes-first", + "-on-initial-expect-cipher", strconv.Itoa(int(TLS_AES_128_GCM_SHA256)), + // The client initially reports the old cipher suite while sending + // early data. After processing the 0-RTT reject, it reports the + // true cipher suite. + "-on-resume-expect-cipher", strconv.Itoa(int(TLS_AES_128_GCM_SHA256)), + "-on-retry-expect-cipher", strconv.Itoa(int(TLS_AES_256_GCM_SHA384)), }, }) @@ -14452,23 +14292,18 @@ func addTLS13HandshakeTests() { testType: clientTest, name: "EarlyData-CipherMismatch-Client-TLS13", config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - CipherSuites: []uint16{TLS_AES_128_GCM_SHA256}, + MaxVersion: VersionTLS13, + CipherSuites: []uint16{TLS_AES_128_GCM_SHA256}, }, resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - CipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256}, + MaxVersion: VersionTLS13, + CipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256}, Bugs: ProtocolBugs{ AlwaysAcceptEarlyData: true, }, }, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - }, + resumeSession: true, + earlyData: true, shouldFail: true, expectedError: ":CIPHER_MISMATCH_ON_EARLY_DATA:", expectedLocalError: "remote error: illegal parameter", @@ -15211,18 +15046,12 @@ func addExtraHandshakeTests() { config: Config{ MaxVersion: VersionTLS13, MinVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, - }, }, messageCount: 2, resumeSession: true, + earlyData: true, flags: []string{ "-async", - "-enable-early-data", - "-on-resume-expect-accept-early-data", "-no-op-extra-handshake", }, }) diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc index 062a43a7e7..e015466746 100644 --- a/ssl/test/test_config.cc +++ b/ssl/test/test_config.cc @@ -217,6 +217,7 @@ const Flag kIntFlags[] = { {"-max-cert-list", &TestConfig::max_cert_list}, {"-expect-cipher-aes", &TestConfig::expect_cipher_aes}, {"-expect-cipher-no-aes", &TestConfig::expect_cipher_no_aes}, + {"-expect-cipher", &TestConfig::expect_cipher}, {"-resumption-delay", &TestConfig::resumption_delay}, {"-max-send-fragment", &TestConfig::max_send_fragment}, {"-read-size", &TestConfig::read_size}, diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h index f424f8b7f2..8fe439e520 100644 --- a/ssl/test/test_config.h +++ b/ssl/test/test_config.h @@ -137,6 +137,7 @@ struct TestConfig { bool use_exporter_between_reads = false; int expect_cipher_aes = 0; int expect_cipher_no_aes = 0; + int expect_cipher = 0; std::string expect_peer_cert_file; int resumption_delay = 0; bool retain_only_sha256_client_cert = false; From 51607f1fe11202f2876ec26486ffbef3cbbf0f35 Mon Sep 17 00:00:00 2001 From: Steven Valdez Date: Wed, 5 Aug 2020 10:46:05 -0400 Subject: [PATCH 137/399] Implement draft-vvv-tls-alps-01. (Original CL by svaldez, reworked by davidben.) Change-Id: I8570808fa5e96a1c9e6e03c4877039a22e73254f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42404 Reviewed-by: Steven Valdez Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- crypto/err/ssl.errordata | 2 + include/openssl/ssl.h | 51 ++- include/openssl/tls1.h | 4 + ssl/handoff.cc | 35 ++ ssl/internal.h | 37 +- ssl/ssl_asn1.cc | 43 ++- ssl/ssl_lib.cc | 30 ++ ssl/ssl_session.cc | 19 +- ssl/ssl_test.cc | 4 +- ssl/t1_lib.cc | 227 +++++++++++- ssl/test/bssl_shim.cc | 29 ++ ssl/test/runner/common.go | 69 +++- ssl/test/runner/conn.go | 59 +-- ssl/test/runner/fuzzer_mode.json | 1 + ssl/test/runner/handshake_client.go | 50 +++ ssl/test/runner/handshake_messages.go | 98 ++++- ssl/test/runner/handshake_server.go | 54 ++- ssl/test/runner/runner.go | 500 ++++++++++++++++++++++++++ ssl/test/runner/ticket.go | 72 ++-- ssl/test/test_config.cc | 62 +++- ssl/test/test_config.h | 3 + ssl/tls13_client.cc | 64 +++- ssl/tls13_server.cc | 163 +++++++-- 23 files changed, 1539 insertions(+), 137 deletions(-) diff --git a/crypto/err/ssl.errordata b/crypto/err/ssl.errordata index 3759c69f7f..cd6f87a4a7 100644 --- a/crypto/err/ssl.errordata +++ b/crypto/err/ssl.errordata @@ -1,4 +1,5 @@ SSL,277,ALPN_MISMATCH_ON_EARLY_DATA +SSL,309,ALPS_MISMATCH_ON_EARLY_DATA SSL,281,APPLICATION_DATA_INSTEAD_OF_HANDSHAKE SSL,291,APPLICATION_DATA_ON_SHUTDOWN SSL,100,APP_DATA_IN_HANDSHAKE @@ -94,6 +95,7 @@ SSL,166,MISSING_TMP_DH_KEY SSL,167,MISSING_TMP_ECDH_KEY SSL,168,MIXED_SPECIAL_OPERATOR_WITH_GROUPS SSL,169,MTU_TOO_SMALL +SSL,308,NEGOTIATED_ALPS_WITHOUT_ALPN SSL,170,NEGOTIATED_BOTH_NPN_AND_ALPN SSL,285,NEGOTIATED_TB_WITHOUT_EMS_OR_RI SSL,171,NESTED_GROUP diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 3e4b638cdf..4db6afcc47 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2776,6 +2776,51 @@ OPENSSL_EXPORT void SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX *ctx, int enabled); +// Application-layer protocol settings +// +// The ALPS extension (draft-vvv-tls-alps) allows exchanging application-layer +// settings in the TLS handshake for applications negotiated with ALPN. Note +// that, when ALPS is negotiated, the client and server each advertise their own +// settings, so there are functions to both configure setting to send and query +// received settings. + +// SSL_add_application_settings configures |ssl| to enable ALPS with ALPN +// protocol |proto|, sending an ALPS value of |settings|. It returns one on +// success and zero on error. If |proto| is negotiated via ALPN and the peer +// supports ALPS, |settings| will be sent to the peer. The peer's ALPS value can +// be retrieved with |SSL_get0_peer_application_settings|. +// +// On the client, this function should be called before the handshake, once for +// each supported ALPN protocol which uses ALPS. |proto| must be included in the +// client's ALPN configuration (see |SSL_CTX_set_alpn_protos| and +// |SSL_set_alpn_protos|). On the server, ALPS can be preconfigured for each +// protocol as in the client, or configuration can be deferred to the ALPN +// callback (see |SSL_CTX_set_alpn_select_cb|), in which case only the selected +// protocol needs to be configured. +// +// ALPS can be independently configured from 0-RTT, however changes in protocol +// settings will fallback to 1-RTT to negotiate the new value, so it is +// recommended for |settings| to be relatively stable. +OPENSSL_EXPORT int SSL_add_application_settings(SSL *ssl, const uint8_t *proto, + size_t proto_len, + const uint8_t *settings, + size_t settings_len); + +// SSL_get0_peer_application_settings sets |*out_data| and |*out_len| to a +// buffer containing the peer's ALPS value, or the empty string if ALPS was not +// negotiated. Note an empty string could also indicate the peer sent an empty +// settings value. Use |SSL_has_application_settings| to check if ALPS was +// negotiated. The output buffer is owned by |ssl| and is valid until the next +// time |ssl| is modified. +OPENSSL_EXPORT void SSL_get0_peer_application_settings(const SSL *ssl, + const uint8_t **out_data, + size_t *out_len); + +// SSL_has_application_settings returns one if ALPS was negotiated on this +// connection and zero otherwise. +OPENSSL_EXPORT int SSL_has_application_settings(const SSL *ssl); + + // Certificate compression. // // Certificates in TLS 1.3 can be compressed[1]. BoringSSL supports this as both @@ -3493,8 +3538,10 @@ enum ssl_early_data_reason_t BORINGSSL_ENUM_INT { ssl_early_data_ticket_age_skew = 12, // QUIC parameters differ between this connection and the original. ssl_early_data_quic_parameter_mismatch = 13, + // The application settings did not match the session. + ssl_early_data_alps_mismatch = 14, // The value of the largest entry. - ssl_early_data_reason_max_value = ssl_early_data_quic_parameter_mismatch, + ssl_early_data_reason_max_value = ssl_early_data_alps_mismatch, }; // SSL_get_early_data_reason returns details why 0-RTT was accepted or rejected @@ -5217,6 +5264,8 @@ BSSL_NAMESPACE_END #define SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED 305 #define SSL_R_UNEXPECTED_COMPATIBILITY_MODE 306 #define SSL_R_MISSING_ALPN 307 +#define SSL_R_NEGOTIATED_ALPS_WITHOUT_ALPN 308 +#define SSL_R_ALPS_MISMATCH_ON_EARLY_DATA 309 #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 13545dd254..1514eca866 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -235,6 +235,10 @@ extern "C" { // ExtensionType value from draft-ietf-tls-subcerts. #define TLSEXT_TYPE_delegated_credential 0x22 +// ExtensionType value from draft-vvv-tls-alps. This is not an IANA defined +// extension number. +#define TLSEXT_TYPE_application_settings 17513 + // ExtensionType value from RFC6962 #define TLSEXT_TYPE_certificate_timestamp 18 diff --git a/ssl/handoff.cc b/ssl/handoff.cc index 977fcc5e48..16cbdf7739 100644 --- a/ssl/handoff.cc +++ b/ssl/handoff.cc @@ -24,6 +24,8 @@ BSSL_NAMESPACE_BEGIN constexpr int kHandoffVersion = 0; constexpr int kHandbackVersion = 0; +static const unsigned kHandoffTagALPS = CBS_ASN1_CONTEXT_SPECIFIC | 0; + // early_data_t represents the state of early data in a more compact way than // the 3 bits used by the implementation. enum early_data_t { @@ -57,6 +59,16 @@ static bool serialize_features(CBB *out) { return false; } } + // ALPS is a draft protocol and may change over time. The handoff structure + // contains a [0] IMPLICIT OCTET STRING OPTIONAL, containing a list of u16 + // ALPS versions that the binary supports. For now we name them by codepoint. + // Once ALPS is finalized and past the support horizon, this field can be + // removed. + CBB alps; + if (!CBB_add_asn1(out, &alps, kHandoffTagALPS) || + !CBB_add_u16(&alps, TLSEXT_TYPE_application_settings)) { + return false; + } return CBB_flush(out); } @@ -189,6 +201,29 @@ static bool apply_remote_features(SSL *ssl, CBS *in) { new_configured_curves.Shrink(idx); ssl->config->supported_group_list = std::move(new_configured_curves); + CBS alps; + CBS_init(&alps, nullptr, 0); + if (!CBS_get_optional_asn1(in, &alps, /*out_present=*/nullptr, + kHandoffTagALPS)) { + return false; + } + bool supports_alps = false; + while (CBS_len(&alps) != 0) { + uint16_t id; + if (!CBS_get_u16(&alps, &id)) { + return false; + } + // For now, we only support one ALPS code point, so we only need to extract + // a boolean signal from the feature list. + if (id == TLSEXT_TYPE_application_settings) { + supports_alps = true; + break; + } + } + if (!supports_alps) { + ssl->config->alps_configs.clear(); + } + return true; } diff --git a/ssl/internal.h b/ssl/internal.h index 9dd206e374..7420f6564f 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -389,6 +389,11 @@ class GrowableArray { T *end() { return array_.data() + size_; } const T *cend() const { return array_.data() + size_; } + void clear() { + size_ = 0; + array_.Reset(); + } + // Push adds |elem| at the end of the internal array, growing if necessary. It // returns false when allocation fails. bool Push(T elem) { @@ -1482,6 +1487,7 @@ enum tls13_server_hs_state_t { state13_send_half_rtt_ticket, state13_read_second_client_flight, state13_process_end_of_early_data, + state13_read_client_encrypted_extensions, state13_read_client_certificate, state13_read_client_certificate_verify, state13_read_channel_id, @@ -1918,6 +1924,12 @@ bool ssl_is_alpn_protocol_allowed(const SSL_HANDSHAKE *hs, bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert, const SSL_CLIENT_HELLO *client_hello); +// ssl_negotiate_alps negotiates the ALPS extension, if applicable. It returns +// true on successful negotiation or if nothing was negotiated. It returns false +// and sets |*out_alert| to an alert on error. +bool ssl_negotiate_alps(SSL_HANDSHAKE *hs, uint8_t *out_alert, + const SSL_CLIENT_HELLO *client_hello); + struct SSL_EXTENSION_TYPE { uint16_t type; bool *out_present; @@ -2624,6 +2636,12 @@ struct DTLS1_STATE { unsigned timeout_duration_ms = 0; }; +// An ALPSConfig is a pair of ALPN protocol and settings value to use with ALPS. +struct ALPSConfig { + Array protocol; + Array settings; +}; + // SSL_CONFIG contains configuration bits that can be shed after the handshake // completes. Objects of this type are not shared; they are unique to a // particular |SSL|. @@ -2690,6 +2708,10 @@ struct SSL_CONFIG { // format. Array alpn_client_proto_list; + // alps_configs contains the list of supported protocols to use with ALPS, + // along with their corresponding ALPS values. + GrowableArray alps_configs; + // Contains a list of supported Token Binding key parameters. Array token_binding_params; @@ -3543,9 +3565,18 @@ struct ssl_session_st { // early_alpn is the ALPN protocol from the initial handshake. This is only // stored for TLS 1.3 and above in order to enforce ALPN matching for 0-RTT - // resumptions. + // resumptions. For the current connection's ALPN protocol, see + // |alpn_selected| on |SSL3_STATE|. bssl::Array early_alpn; + // local_application_settings, if |has_application_settings| is true, is the + // local ALPS value for this connection. + bssl::Array local_application_settings; + + // peer_application_settings, if |has_application_settings| is true, is the + // peer ALPS value for this connection. + bssl::Array peer_application_settings; + // extended_master_secret is whether the master secret in this session was // generated using EMS and thus isn't vulnerable to the Triple Handshake // attack. @@ -3566,6 +3597,10 @@ struct ssl_session_st { // is_quic indicates whether this session was created using QUIC. bool is_quic : 1; + // has_application_settings indicates whether ALPS was negotiated in this + // session. + bool has_application_settings : 1; + // quic_early_data_context is used to determine whether early data must be // rejected when performing a QUIC handshake. bssl::Array quic_early_data_context; diff --git a/ssl/ssl_asn1.cc b/ssl/ssl_asn1.cc index e6274f1bf9..0e913087c9 100644 --- a/ssl/ssl_asn1.cc +++ b/ssl/ssl_asn1.cc @@ -131,6 +131,10 @@ BSSL_NAMESPACE_BEGIN // earlyALPN [26] OCTET STRING OPTIONAL, // isQuic [27] BOOLEAN OPTIONAL, // quicEarlyDataHash [28] OCTET STRING OPTIONAL, +// localALPS [29] OCTET STRING OPTIONAL, +// peerALPS [30] OCTET STRING OPTIONAL, +// -- Either both or none of localALPS and peerALPS must be present. If both +// -- are present, earlyALPN must be present and non-empty. // } // // Note: historically this serialization has included other optional @@ -194,6 +198,10 @@ static const unsigned kIsQuicTag = CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 27; static const unsigned kQuicEarlyDataContextTag = CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 28; +static const unsigned kLocalALPSTag = + CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 29; +static const unsigned kPeerALPSTag = + CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 30; static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb, int for_ticket) { @@ -411,6 +419,19 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb, } } + if (in->has_application_settings) { + if (!CBB_add_asn1(&session, &child, kLocalALPSTag) || + !CBB_add_asn1_octet_string(&child, + in->local_application_settings.data(), + in->local_application_settings.size()) || + !CBB_add_asn1(&session, &child, kPeerALPSTag) || + !CBB_add_asn1_octet_string(&child, in->peer_application_settings.data(), + in->peer_application_settings.size())) { + OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); + return 0; + } + } + return CBB_flush(cbb); } @@ -753,13 +774,33 @@ UniquePtr SSL_SESSION_parse(CBS *cbs, !CBS_get_optional_asn1_bool(&session, &is_quic, kIsQuicTag, /*default_value=*/false) || !SSL_SESSION_parse_octet_string(&session, &ret->quic_early_data_context, - kQuicEarlyDataContextTag) || + kQuicEarlyDataContextTag)) { + OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION); + return nullptr; + } + + CBS settings; + int has_local_alps, has_peer_alps; + if (!CBS_get_optional_asn1_octet_string(&session, &settings, &has_local_alps, + kLocalALPSTag) || + !ret->local_application_settings.CopyFrom(settings) || + !CBS_get_optional_asn1_octet_string(&session, &settings, &has_peer_alps, + kPeerALPSTag) || + !ret->peer_application_settings.CopyFrom(settings) || CBS_len(&session) != 0) { OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION); return nullptr; } ret->is_quic = is_quic; + // The two ALPS values and ALPN must be consistent. + if (has_local_alps != has_peer_alps || + (has_local_alps && ret->early_alpn.empty())) { + OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION); + return nullptr; + } + ret->has_application_settings = has_local_alps; + if (!x509_method->session_cache_objects(ret.get())) { OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION); return nullptr; diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc index 10a97ea94b..33b9f2fb09 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc @@ -2241,6 +2241,36 @@ void SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX *ctx, int enabled) { ctx->allow_unknown_alpn_protos = !!enabled; } +int SSL_add_application_settings(SSL *ssl, const uint8_t *proto, + size_t proto_len, const uint8_t *settings, + size_t settings_len) { + if (!ssl->config) { + return 0; + } + ALPSConfig config; + if (!config.protocol.CopyFrom(MakeConstSpan(proto, proto_len)) || + !config.settings.CopyFrom(MakeConstSpan(settings, settings_len)) || + !ssl->config->alps_configs.Push(std::move(config))) { + return 0; + } + return 1; +} + +void SSL_get0_peer_application_settings(const SSL *ssl, + const uint8_t **out_data, + size_t *out_len) { + const SSL_SESSION *session = SSL_get_session(ssl); + Span settings = + session ? session->peer_application_settings : Span(); + *out_data = settings.data(); + *out_len = settings.size(); +} + +int SSL_has_application_settings(const SSL *ssl) { + const SSL_SESSION *session = SSL_get_session(ssl); + return session && session->has_application_settings; +} + int SSL_CTX_add_cert_compression_alg(SSL_CTX *ctx, uint16_t alg_id, ssl_cert_compression_func_t compress, ssl_cert_decompression_func_t decompress) { diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc index ef902f0d4c..7538a72b28 100644 --- a/ssl/ssl_session.cc +++ b/ssl/ssl_session.cc @@ -264,13 +264,15 @@ UniquePtr SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) { new_session->ticket_age_add = session->ticket_age_add; new_session->ticket_max_early_data = session->ticket_max_early_data; new_session->extended_master_secret = session->extended_master_secret; - - if (!new_session->early_alpn.CopyFrom(session->early_alpn)) { - return nullptr; - } - - if (!new_session->quic_early_data_context.CopyFrom( - session->quic_early_data_context)) { + new_session->has_application_settings = session->has_application_settings; + + if (!new_session->early_alpn.CopyFrom(session->early_alpn) || + !new_session->quic_early_data_context.CopyFrom( + session->quic_early_data_context) || + !new_session->local_application_settings.CopyFrom( + session->local_application_settings) || + !new_session->peer_application_settings.CopyFrom( + session->peer_application_settings)) { return nullptr; } } @@ -864,7 +866,8 @@ ssl_session_st::ssl_session_st(const SSL_X509_METHOD *method) not_resumable(false), ticket_age_add_valid(false), is_server(false), - is_quic(false) { + is_quic(false), + has_application_settings(false) { CRYPTO_new_ex_data(&ex_data); time = ::time(nullptr); } diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 6584686153..e62d6e2f27 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -754,7 +754,7 @@ static const char kBoringSSLSession[] = "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg=="; // kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing -// the final (optional) element of |kCustomSession| with tag number 30. +// the final (optional) element of |kCustomSession| with tag number 99. static const char kBadSessionExtraField[] = "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ" "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH" @@ -763,7 +763,7 @@ static const char kBadSessionExtraField[] = "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751" "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP" "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG" - "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF"; + "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBOMDBAEF"; // kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing // the version of |kCustomSession| with 2. diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc index 4a2bbcf868..e48f1a101f 100644 --- a/ssl/t1_lib.cc +++ b/ssl/t1_lib.cc @@ -125,13 +125,14 @@ #include #include -#include "internal.h" #include "../crypto/internal.h" +#include "internal.h" BSSL_NAMESPACE_BEGIN static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs); +static bool ssl_check_serverhello_tlsext(SSL_HANDSHAKE *hs); static int compare_uint16_t(const void *p1, const void *p2) { uint16_t u1 = *((const uint16_t *)p1); @@ -512,7 +513,7 @@ struct tls_extension { }; static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, - CBS *contents) { + CBS *contents) { if (contents != NULL) { // Servers MUST NOT send this extension. *out_alert = SSL_AD_UNSUPPORTED_EXTENSION; @@ -524,7 +525,7 @@ static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, } static bool ignore_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, - CBS *contents) { + CBS *contents) { // This extension from the client is handled elsewhere. return true; } @@ -1380,7 +1381,6 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS protocol_name_list_copy = protocol_name_list; while (CBS_len(&protocol_name_list_copy) > 0) { CBS protocol_name; - if (!CBS_get_u8_length_prefixed(&protocol_name_list_copy, &protocol_name) || // Empty protocol names are forbidden. CBS_len(&protocol_name) == 0) { @@ -1946,6 +1946,21 @@ static bool ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs, // // https://tools.ietf.org/html/rfc8446#section-4.2.10 +// ssl_get_local_application_settings looks up the configured ALPS value for +// |protocol|. If found, it sets |*out_settings| to the value and returns true. +// Otherwise, it returns false. +static bool ssl_get_local_application_settings( + const SSL_HANDSHAKE *hs, Span *out_settings, + Span protocol) { + for (const ALPSConfig &config : hs->config->alps_configs) { + if (protocol == config.protocol) { + *out_settings = config.settings; + return true; + } + } + return false; +} + static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { SSL *const ssl = hs->ssl; // The second ClientHello never offers early data, and we must have already @@ -1978,13 +1993,22 @@ static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { return true; } - // In case ALPN preferences changed since this session was established, avoid - // reporting a confusing value in |SSL_get0_alpn_selected| and sending early - // data we know will be rejected. - if (!ssl->session->early_alpn.empty() && - !ssl_is_alpn_protocol_allowed(hs, ssl->session->early_alpn)) { - ssl->s3->early_data_reason = ssl_early_data_alpn_mismatch; - return true; + if (!ssl->session->early_alpn.empty()) { + if (!ssl_is_alpn_protocol_allowed(hs, ssl->session->early_alpn)) { + // Avoid reporting a confusing value in |SSL_get0_alpn_selected|. + ssl->s3->early_data_reason = ssl_early_data_alpn_mismatch; + return true; + } + + Span settings; + bool has_alps = ssl_get_local_application_settings( + hs, &settings, ssl->session->early_alpn); + if (has_alps != ssl->session->has_application_settings || + settings != ssl->session->local_application_settings) { + // 0-RTT carries ALPS over, so we only offer it when the value matches. + ssl->s3->early_data_reason = ssl_early_data_alps_mismatch; + return true; + } } // |early_data_reason| will be filled in later when the server responds. @@ -2797,6 +2821,144 @@ static bool cert_compression_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { return true; } +// Application-level Protocol Settings +// +// https://tools.ietf.org/html/draft-vvv-tls-alps-01 + +static bool ext_alps_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { + SSL *const ssl = hs->ssl; + if (// ALPS requires TLS 1.3. + hs->max_version < TLS1_3_VERSION || + // Do not offer ALPS without ALPN. + hs->config->alpn_client_proto_list.empty() || + // Do not offer ALPS if not configured. + hs->config->alps_configs.empty() || + // Do not offer ALPS on renegotiation handshakes. + ssl->s3->initial_handshake_complete) { + return true; + } + + CBB contents, proto_list, proto; + if (!CBB_add_u16(out, TLSEXT_TYPE_application_settings) || + !CBB_add_u16_length_prefixed(out, &contents) || + !CBB_add_u16_length_prefixed(&contents, &proto_list)) { + return false; + } + + for (const ALPSConfig &config : hs->config->alps_configs) { + if (!CBB_add_u8_length_prefixed(&proto_list, &proto) || + !CBB_add_bytes(&proto, config.protocol.data(), + config.protocol.size())) { + return false; + } + } + + return CBB_flush(out); +} + +static bool ext_alps_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, + CBS *contents) { + SSL *const ssl = hs->ssl; + if (contents == nullptr) { + return true; + } + + assert(!ssl->s3->initial_handshake_complete); + assert(!hs->config->alpn_client_proto_list.empty()); + assert(!hs->config->alps_configs.empty()); + + // ALPS requires TLS 1.3. + if (ssl_protocol_version(ssl) < TLS1_3_VERSION) { + *out_alert = SSL_AD_UNSUPPORTED_EXTENSION; + OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION); + return false; + } + + // Note extension callbacks may run in any order, so we defer checking + // consistency with ALPN to |ssl_check_serverhello_tlsext|. + if (!hs->new_session->peer_application_settings.CopyFrom(*contents)) { + *out_alert = SSL_AD_INTERNAL_ERROR; + return false; + } + + hs->new_session->has_application_settings = true; + return true; +} + +static bool ext_alps_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { + SSL *const ssl = hs->ssl; + // If early data is accepted, we omit the ALPS extension. It is implicitly + // carried over from the previous connection. + if (hs->new_session == nullptr || + !hs->new_session->has_application_settings || + ssl->s3->early_data_accepted) { + return true; + } + + CBB contents; + if (!CBB_add_u16(out, TLSEXT_TYPE_application_settings) || + !CBB_add_u16_length_prefixed(out, &contents) || + !CBB_add_bytes(&contents, + hs->new_session->local_application_settings.data(), + hs->new_session->local_application_settings.size()) || + !CBB_flush(out)) { + return false; + } + + return true; +} + +bool ssl_negotiate_alps(SSL_HANDSHAKE *hs, uint8_t *out_alert, + const SSL_CLIENT_HELLO *client_hello) { + SSL *const ssl = hs->ssl; + if (ssl->s3->alpn_selected.empty()) { + return true; + } + + // If we negotiate ALPN over TLS 1.3, try to negotiate ALPS. + CBS alps_contents; + Span settings; + if (ssl_protocol_version(ssl) >= TLS1_3_VERSION && + ssl_get_local_application_settings(hs, &settings, + ssl->s3->alpn_selected) && + ssl_client_hello_get_extension(client_hello, &alps_contents, + TLSEXT_TYPE_application_settings)) { + // Check if the client supports ALPS with the selected ALPN. + bool found = false; + CBS alps_list; + if (!CBS_get_u16_length_prefixed(&alps_contents, &alps_list) || + CBS_len(&alps_contents) != 0 || + CBS_len(&alps_list) == 0) { + OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); + *out_alert = SSL_AD_DECODE_ERROR; + return false; + } + while (CBS_len(&alps_list) > 0) { + CBS protocol_name; + if (!CBS_get_u8_length_prefixed(&alps_list, &protocol_name) || + // Empty protocol names are forbidden. + CBS_len(&protocol_name) == 0) { + OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); + *out_alert = SSL_AD_DECODE_ERROR; + return false; + } + if (protocol_name == MakeConstSpan(ssl->s3->alpn_selected)) { + found = true; + } + } + + // Negotiate ALPS if both client also supports ALPS for this protocol. + if (found) { + hs->new_session->has_application_settings = true; + if (!hs->new_session->local_application_settings.CopyFrom(settings)) { + *out_alert = SSL_AD_INTERNAL_ERROR; + return false; + } + } + } + + return true; +} // kExtensions contains all the supported extensions. static const struct tls_extension kExtensions[] = { @@ -2978,6 +3140,15 @@ static const struct tls_extension kExtensions[] = { ext_delegated_credential_parse_clienthello, dont_add_serverhello, }, + { + TLSEXT_TYPE_application_settings, + NULL, + ext_alps_add_clienthello, + ext_alps_parse_serverhello, + // ALPS is negotiated late in |ssl_negotiate_alpn|. + ignore_parse_clienthello, + ext_alps_add_serverhello, + }, }; #define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension)) @@ -3370,6 +3541,36 @@ static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) { } } +static bool ssl_check_serverhello_tlsext(SSL_HANDSHAKE *hs) { + SSL *const ssl = hs->ssl; + // ALPS and ALPN have a dependency between each other, so we defer checking + // consistency to after the callbacks run. + if (hs->new_session != nullptr && hs->new_session->has_application_settings) { + // ALPN must be negotiated. + if (ssl->s3->alpn_selected.empty()) { + OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_ALPS_WITHOUT_ALPN); + ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + return false; + } + + // The negotiated protocol must be one of the ones we advertised for ALPS. + Span settings; + if (!ssl_get_local_application_settings(hs, &settings, + ssl->s3->alpn_selected)) { + OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL); + ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + return false; + } + + if (!hs->new_session->local_application_settings.CopyFrom(settings)) { + ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + return false; + } + } + + return true; +} + bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) { SSL *const ssl = hs->ssl; int alert = SSL_AD_DECODE_ERROR; @@ -3378,6 +3579,10 @@ bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) { return false; } + if (!ssl_check_serverhello_tlsext(hs)) { + return false; + } + return true; } diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index ebdfeaf357..3df861b4f8 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -397,6 +397,11 @@ static bool CheckAuthProperties(SSL *ssl, bool is_resume, } static const char *EarlyDataReasonToString(ssl_early_data_reason_t reason) { + if (reason > ssl_early_data_reason_max_value) { + fprintf(stderr, "ssl_early_data_reason_max_value is out of date.\n"); + abort(); + } + switch (reason) { case ssl_early_data_unknown: return "unknown"; @@ -426,8 +431,12 @@ static const char *EarlyDataReasonToString(ssl_early_data_reason_t reason) { return "ticket_age_skew"; case ssl_early_data_quic_parameter_mismatch: return "quic_parameter_mismatch"; + case ssl_early_data_alps_mismatch: + return "alps_mismatch"; } + fprintf(stderr, "Unknown ssl_early_data_reason_t value %d.\n", + static_cast(reason)); abort(); } @@ -538,6 +547,26 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume, return false; } + if (SSL_has_application_settings(ssl) != + (config->expect_peer_application_settings ? 1 : 0)) { + fprintf(stderr, + "connection %s application settings, but expected the opposite\n", + SSL_has_application_settings(ssl) ? "has" : "does not have"); + return false; + } + std::string expect_settings = config->expect_peer_application_settings + ? *config->expect_peer_application_settings + : ""; + const uint8_t *peer_settings; + size_t peer_settings_len; + SSL_get0_peer_application_settings(ssl, &peer_settings, &peer_settings_len); + if (expect_settings != + std::string(reinterpret_cast(peer_settings), + peer_settings_len)) { + fprintf(stderr, "peer application settings mismatch\n"); + return false; + } + if (!config->expect_quic_transport_params.empty() && expect_handshake_done) { const uint8_t *peer_params; size_t peer_params_len; diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go index b7517e71e6..8a934b31f6 100644 --- a/ssl/test/runner/common.go +++ b/ssl/test/runner/common.go @@ -121,6 +121,7 @@ const ( extensionKeyShare uint16 = 51 extensionCustom uint16 = 1234 // not IANA assigned extensionNextProtoNeg uint16 = 13172 // not IANA assigned + extensionApplicationSettings uint16 = 17513 // not IANA assigned extensionRenegotiationInfo uint16 = 0xff01 extensionQUICTransportParams uint16 = 0xffa5 // draft-ietf-quic-tls-13 extensionChannelID uint16 = 30032 // not IANA assigned @@ -260,6 +261,8 @@ type ConnectionState struct { PeerSignatureAlgorithm signatureAlgorithm // algorithm used by the peer in the handshake CurveID CurveID // the curve used in ECDHE QUICTransportParams []byte // the QUIC transport params received from the peer + HasApplicationSettings bool // whether ALPS was negotiated + PeerApplicationSettings []byte // application settings received from the peer } // ClientAuthType declares the policy the server will follow for @@ -277,22 +280,25 @@ const ( // ClientSessionState contains the state needed by clients to resume TLS // sessions. type ClientSessionState struct { - sessionId []uint8 // Session ID supplied by the server. nil if the session has a ticket. - sessionTicket []uint8 // Encrypted ticket used for session resumption with server - vers uint16 // SSL/TLS version negotiated for the session - wireVersion uint16 // Wire SSL/TLS version negotiated for the session - cipherSuite uint16 // Ciphersuite negotiated for the session - masterSecret []byte // MasterSecret generated by client on a full handshake - handshakeHash []byte // Handshake hash for Channel ID purposes. - serverCertificates []*x509.Certificate // Certificate chain presented by the server - extendedMasterSecret bool // Whether an extended master secret was used to generate the session - sctList []byte - ocspResponse []byte - earlyALPN string - ticketCreationTime time.Time - ticketExpiration time.Time - ticketAgeAdd uint32 - maxEarlyDataSize uint32 + sessionId []uint8 // Session ID supplied by the server. nil if the session has a ticket. + sessionTicket []uint8 // Encrypted ticket used for session resumption with server + vers uint16 // SSL/TLS version negotiated for the session + wireVersion uint16 // Wire SSL/TLS version negotiated for the session + cipherSuite uint16 // Ciphersuite negotiated for the session + masterSecret []byte // MasterSecret generated by client on a full handshake + handshakeHash []byte // Handshake hash for Channel ID purposes. + serverCertificates []*x509.Certificate // Certificate chain presented by the server + extendedMasterSecret bool // Whether an extended master secret was used to generate the session + sctList []byte + ocspResponse []byte + earlyALPN string + ticketCreationTime time.Time + ticketExpiration time.Time + ticketAgeAdd uint32 + maxEarlyDataSize uint32 + hasApplicationSettings bool + localApplicationSettings []byte + peerApplicationSettings []byte } // ClientSessionCache is a cache of ClientSessionState objects that can be used @@ -367,6 +373,10 @@ type Config struct { // NextProtos is a list of supported, application level protocols. NextProtos []string + // ApplicationSettings is a set of application settings to use which each + // application protocol. + ApplicationSettings map[string][]byte + // ServerName is used to verify the hostname on the returned // certificates unless InsecureSkipVerify is given. It is also included // in the client's handshake to support virtual hosting. @@ -792,6 +802,33 @@ type ProtocolBugs struct { // return. ALPNProtocol *string + // AlwaysNegotiateApplicationSettings, if true, causes the server to + // negotiate ALPS for a protocol even if the client did not support it or + // the version is wrong. + AlwaysNegotiateApplicationSettings bool + + // SendApplicationSettingsWithEarlyData, if true, causes the client and + // server to send the application_settings extension with early data, + // rather than letting them implicitly carry over. + SendApplicationSettingsWithEarlyData bool + + // AlwaysSendClientEncryptedExtension, if true, causes the client to always + // send a, possibly empty, client EncryptedExtensions message. + AlwaysSendClientEncryptedExtensions bool + + // OmitClientEncryptedExtensions, if true, causes the client to omit the + // client EncryptedExtensions message. + OmitClientEncryptedExtensions bool + + // OmitClientApplicationSettings, if true, causes the client to omit the + // application_settings extension but still send EncryptedExtensions. + OmitClientApplicationSettings bool + + // SendExtraClientEncryptedExtension, if true, causes the client to + // include an unsolicited extension in the client EncryptedExtensions + // message. + SendExtraClientEncryptedExtension bool + // AcceptAnySession causes the server to resume sessions regardless of // the version associated with the session or cipher suite. It also // causes the server to look in both TLS 1.2 and 1.3 extensions to diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go index 04fe16c9be..c0c91d29be 100644 --- a/ssl/test/runner/conn.go +++ b/ssl/test/runner/conn.go @@ -73,6 +73,9 @@ type Conn struct { clientProtocolFallback bool usedALPN bool + localApplicationSettings, peerApplicationSettings []byte + hasApplicationSettings bool + // verify_data values for the renegotiation extension. clientVerify []byte serverVerify []byte @@ -1390,7 +1393,11 @@ func (c *Conn) readHandshake() (interface{}, error) { isDTLS: c.isDTLS, } case typeEncryptedExtensions: - m = new(encryptedExtensionsMsg) + if c.isClient { + m = new(encryptedExtensionsMsg) + } else { + m = new(clientEncryptedExtensionsMsg) + } case typeCertificate: m = &certificateMsg{ hasRequestContext: c.vers >= VersionTLS13, @@ -1608,19 +1615,22 @@ func (c *Conn) processTLS13NewSessionTicket(newSessionTicket *newSessionTicketMs } session := &ClientSessionState{ - sessionTicket: newSessionTicket.ticket, - vers: c.vers, - wireVersion: c.wireVersion, - cipherSuite: cipherSuite.id, - masterSecret: c.resumptionSecret, - serverCertificates: c.peerCertificates, - sctList: c.sctList, - ocspResponse: c.ocspResponse, - ticketCreationTime: c.config.time(), - ticketExpiration: c.config.time().Add(time.Duration(newSessionTicket.ticketLifetime) * time.Second), - ticketAgeAdd: newSessionTicket.ticketAgeAdd, - maxEarlyDataSize: newSessionTicket.maxEarlyDataSize, - earlyALPN: c.clientProtocol, + sessionTicket: newSessionTicket.ticket, + vers: c.vers, + wireVersion: c.wireVersion, + cipherSuite: cipherSuite.id, + masterSecret: c.resumptionSecret, + serverCertificates: c.peerCertificates, + sctList: c.sctList, + ocspResponse: c.ocspResponse, + ticketCreationTime: c.config.time(), + ticketExpiration: c.config.time().Add(time.Duration(newSessionTicket.ticketLifetime) * time.Second), + ticketAgeAdd: newSessionTicket.ticketAgeAdd, + maxEarlyDataSize: newSessionTicket.maxEarlyDataSize, + earlyALPN: c.clientProtocol, + hasApplicationSettings: c.hasApplicationSettings, + localApplicationSettings: c.localApplicationSettings, + peerApplicationSettings: c.peerApplicationSettings, } session.masterSecret = deriveSessionPSK(cipherSuite, c.wireVersion, c.resumptionSecret, newSessionTicket.ticketNonce) @@ -1883,6 +1893,8 @@ func (c *Conn) ConnectionState() ConnectionState { state.PeerSignatureAlgorithm = c.peerSignatureAlgorithm state.CurveID = c.curveID state.QUICTransportParams = c.quicTransportParams + state.HasApplicationSettings = c.hasApplicationSettings + state.PeerApplicationSettings = c.peerApplicationSettings } return state @@ -2007,14 +2019,17 @@ func (c *Conn) SendNewSessionTicket(nonce []byte) error { } state := sessionState{ - vers: c.vers, - cipherSuite: c.cipherSuite.id, - masterSecret: deriveSessionPSK(c.cipherSuite, c.wireVersion, c.resumptionSecret, nonce), - certificates: peerCertificatesRaw, - ticketCreationTime: c.config.time(), - ticketExpiration: c.config.time().Add(time.Duration(m.ticketLifetime) * time.Second), - ticketAgeAdd: uint32(addBuffer[3])<<24 | uint32(addBuffer[2])<<16 | uint32(addBuffer[1])<<8 | uint32(addBuffer[0]), - earlyALPN: []byte(c.clientProtocol), + vers: c.vers, + cipherSuite: c.cipherSuite.id, + masterSecret: deriveSessionPSK(c.cipherSuite, c.wireVersion, c.resumptionSecret, nonce), + certificates: peerCertificatesRaw, + ticketCreationTime: c.config.time(), + ticketExpiration: c.config.time().Add(time.Duration(m.ticketLifetime) * time.Second), + ticketAgeAdd: uint32(addBuffer[3])<<24 | uint32(addBuffer[2])<<16 | uint32(addBuffer[1])<<8 | uint32(addBuffer[0]), + earlyALPN: []byte(c.clientProtocol), + hasApplicationSettings: c.hasApplicationSettings, + localApplicationSettings: c.localApplicationSettings, + peerApplicationSettings: c.peerApplicationSettings, } if !c.config.Bugs.SendEmptySessionTicket { diff --git a/ssl/test/runner/fuzzer_mode.json b/ssl/test/runner/fuzzer_mode.json index 3e03a9b637..f2dc3fdcb3 100644 --- a/ssl/test/runner/fuzzer_mode.json +++ b/ssl/test/runner/fuzzer_mode.json @@ -47,6 +47,7 @@ "CustomExtensions-Server-EarlyDataOffered": "Trial decryption does not work with the NULL cipher.", "*-TicketAgeSkew-*-Reject*": "Trial decryption does not work with the NULL cipher.", "*EarlyDataRejected*": "Trial decryption does not work with the NULL cipher.", + "ALPS-EarlyData-Mismatch-*": "Trial decryption does not work with the NULL cipher.", "Renegotiate-Client-BadExt*": "Fuzzer mode does not check renegotiation_info.", diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go index 241518fedb..3ebc0700df 100644 --- a/ssl/test/runner/handshake_client.go +++ b/ssl/test/runner/handshake_client.go @@ -207,6 +207,10 @@ func (c *Conn) clientHandshake() error { hello.secureRenegotiation = nil } + for protocol, _ := range c.config.ApplicationSettings { + hello.alpsProtocols = append(hello.alpsProtocols, protocol) + } + var keyShares map[CurveID]ecdhCurve if maxVersion >= VersionTLS13 { keyShares = make(map[CurveID]ecdhCurve) @@ -1127,6 +1131,26 @@ func (hs *clientHandshakeState) doTLS13Handshake() error { c.useOutTrafficSecret(c.wireVersion, hs.suite, clientHandshakeTrafficSecret) + // The client EncryptedExtensions message is sent if some extension uses it. + // (Currently only ALPS does.) + hasEncryptedExtensions := c.config.Bugs.AlwaysSendClientEncryptedExtensions + clientEncryptedExtensions := new(clientEncryptedExtensionsMsg) + if encryptedExtensions.extensions.hasApplicationSettings || (c.config.Bugs.SendApplicationSettingsWithEarlyData && c.hasApplicationSettings) { + hasEncryptedExtensions = true + if !c.config.Bugs.OmitClientApplicationSettings { + clientEncryptedExtensions.hasApplicationSettings = true + clientEncryptedExtensions.applicationSettings = c.localApplicationSettings + } + } + if c.config.Bugs.SendExtraClientEncryptedExtension { + hasEncryptedExtensions = true + clientEncryptedExtensions.customExtension = []byte{0} + } + if hasEncryptedExtensions && !c.config.Bugs.OmitClientEncryptedExtensions { + hs.writeClientHash(clientEncryptedExtensions.marshal()) + c.writeRecord(recordTypeHandshake, clientEncryptedExtensions.marshal()) + } + if certReq != nil && !c.config.Bugs.SkipClientCertificate { certMsg := &certificateMsg{ hasRequestContext: true, @@ -1695,6 +1719,8 @@ func (hs *clientHandshakeState) processServerExtensions(serverExtensions *server c.sendAlert(alertHandshakeFailure) return errors.New("tls: server accepted early data when not expected") } + } else if serverExtensions.hasEarlyData { + return errors.New("tls: server accepted early data when not resuming") } if len(serverExtensions.quicTransportParams) > 0 { @@ -1705,6 +1731,30 @@ func (hs *clientHandshakeState) processServerExtensions(serverExtensions *server c.quicTransportParams = serverExtensions.quicTransportParams } + if serverExtensions.hasApplicationSettings { + if c.vers < VersionTLS13 { + return errors.New("tls: server sent application settings at invalid version") + } + if serverExtensions.hasEarlyData { + return errors.New("tls: server sent application settings with 0-RTT") + } + if !serverHasALPN { + return errors.New("tls: server sent application settings without ALPN") + } + settings, ok := c.config.ApplicationSettings[serverExtensions.alpnProtocol] + if !ok { + return errors.New("tls: server sent application settings for invalid protocol") + } + c.hasApplicationSettings = true + c.localApplicationSettings = settings + c.peerApplicationSettings = serverExtensions.applicationSettings + } else if serverExtensions.hasEarlyData { + // 0-RTT connections inherit application settings from the session. + c.hasApplicationSettings = hs.session.hasApplicationSettings + c.localApplicationSettings = hs.session.localApplicationSettings + c.peerApplicationSettings = hs.session.peerApplicationSettings + } + return nil } diff --git a/ssl/test/runner/handshake_messages.go b/ssl/test/runner/handshake_messages.go index 4378e77fbd..9164819b7a 100644 --- a/ssl/test/runner/handshake_messages.go +++ b/ssl/test/runner/handshake_messages.go @@ -295,6 +295,7 @@ type clientHelloMsg struct { pad int compressedCertAlgs []uint16 delegatedCredentials bool + alpsProtocols []string prefixExtensions []uint16 } @@ -574,6 +575,17 @@ func (m *clientHelloMsg) marshal() []byte { body: body.finish(), }) } + if len(m.alpsProtocols) > 0 { + body := newByteBuilder() + protocolNameList := body.addU16LengthPrefixed() + for _, s := range m.alpsProtocols { + protocolNameList.addU8LengthPrefixed().addBytes([]byte(s)) + } + extensions = append(extensions, extension{ + id: extensionApplicationSettings, + body: body.finish(), + }) + } // The PSK extension must be last. See https://tools.ietf.org/html/rfc8446#section-4.2.11 if len(m.pskIdentities) > 0 { @@ -731,6 +743,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool { m.extendedMasterSecret = false m.customExtension = "" m.delegatedCredentials = false + m.alpsProtocols = nil if len(reader) == 0 { // ClientHello is optionally followed by extension data @@ -889,7 +902,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool { } for len(protocols) > 0 { var protocol []byte - if !protocols.readU8LengthPrefixedBytes(&protocol) { + if !protocols.readU8LengthPrefixedBytes(&protocol) || len(protocol) == 0 { return false } m.alpnProtocols = append(m.alpnProtocols, string(protocol)) @@ -966,6 +979,18 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool { return false } m.delegatedCredentials = true + case extensionApplicationSettings: + var protocols byteReader + if !body.readU16LengthPrefixed(&protocols) || len(body) != 0 { + return false + } + for len(protocols) > 0 { + var protocol []byte + if !protocols.readU8LengthPrefixedBytes(&protocol) || len(protocol) == 0 { + return false + } + m.alpsProtocols = append(m.alpsProtocols, string(protocol)) + } } if isGREASEValue(extension) { @@ -1233,6 +1258,8 @@ type serverExtensions struct { supportedCurves []CurveID quicTransportParams []byte serverNameAck bool + applicationSettings []byte + hasApplicationSettings bool } func (m *serverExtensions) marshal(extensions *byteBuilder) { @@ -1367,6 +1394,10 @@ func (m *serverExtensions) marshal(extensions *byteBuilder) { extensions.addU16(extensionServerName) extensions.addU16(0) // zero length } + if m.hasApplicationSettings { + extensions.addU16(extensionApplicationSettings) + extensions.addU16LengthPrefixed().addBytes(m.applicationSettings) + } } func (m *serverExtensions) unmarshal(data byteReader, version uint16) bool { @@ -1475,6 +1506,9 @@ func (m *serverExtensions) unmarshal(data byteReader, version uint16) bool { return false } m.hasEarlyData = true + case extensionApplicationSettings: + m.hasApplicationSettings = true + m.applicationSettings = body default: // Unknown extensions are illegal from the server. return false @@ -1484,6 +1518,68 @@ func (m *serverExtensions) unmarshal(data byteReader, version uint16) bool { return true } +type clientEncryptedExtensionsMsg struct { + raw []byte + applicationSettings []byte + hasApplicationSettings bool + customExtension []byte +} + +func (m *clientEncryptedExtensionsMsg) marshal() (x []byte) { + if m.raw != nil { + return m.raw + } + + builder := newByteBuilder() + builder.addU8(typeEncryptedExtensions) + body := builder.addU24LengthPrefixed() + extensions := body.addU16LengthPrefixed() + if m.hasApplicationSettings { + extensions.addU16(extensionApplicationSettings) + extensions.addU16LengthPrefixed().addBytes(m.applicationSettings) + } + if len(m.customExtension) > 0 { + extensions.addU16(extensionCustom) + extensions.addU16LengthPrefixed().addBytes(m.customExtension) + } + + m.raw = builder.finish() + return m.raw +} + +func (m *clientEncryptedExtensionsMsg) unmarshal(data []byte) bool { + m.raw = data + reader := byteReader(data[4:]) + + var extensions byteReader + if !reader.readU16LengthPrefixed(&extensions) || + len(reader) != 0 { + return false + } + + if !checkDuplicateExtensions(extensions) { + return false + } + + for len(extensions) > 0 { + var extension uint16 + var body byteReader + if !extensions.readU16(&extension) || + !extensions.readU16LengthPrefixed(&body) { + return false + } + switch extension { + case extensionApplicationSettings: + m.hasApplicationSettings = true + m.applicationSettings = body + default: + // Unknown extensions are illegal in EncryptedExtensions. + return false + } + } + return true +} + type helloRetryRequestMsg struct { raw []byte vers uint16 diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go index 88e186d5dc..1a4beefb83 100644 --- a/ssl/test/runner/handshake_server.go +++ b/ssl/test/runner/handshake_server.go @@ -718,7 +718,10 @@ ResendHelloRetryRequest: // Decide whether or not to accept early data. if !sendHelloRetryRequest && hs.clientHello.hasEarlyData { if !config.Bugs.AlwaysRejectEarlyData && hs.sessionState != nil { - if hs.sessionState.cipherSuite == hs.suite.id && c.clientProtocol == string(hs.sessionState.earlyALPN) { + if hs.sessionState.cipherSuite == hs.suite.id && + c.clientProtocol == string(hs.sessionState.earlyALPN) && + c.hasApplicationSettings == hs.sessionState.hasApplicationSettings && + bytes.Equal(c.localApplicationSettings, hs.sessionState.localApplicationSettings) { encryptedExtensions.extensions.hasEarlyData = true } if config.Bugs.AlwaysAcceptEarlyData { @@ -729,6 +732,12 @@ ResendHelloRetryRequest: earlyTrafficSecret := hs.finishedHash.deriveSecret(earlyTrafficLabel) c.earlyExporterSecret = hs.finishedHash.deriveSecret(earlyExporterLabel) + // Applications are implicit with early data. + if !config.Bugs.SendApplicationSettingsWithEarlyData { + encryptedExtensions.extensions.hasApplicationSettings = false + encryptedExtensions.extensions.applicationSettings = nil + } + sessionCipher := cipherSuiteFromID(hs.sessionState.cipherSuite) if err := c.useInTrafficSecret(c.wireVersion, sessionCipher, earlyTrafficSecret); err != nil { return err @@ -1050,6 +1059,29 @@ ResendHelloRetryRequest: return err } + // If we sent an ALPS extension, the client must respond with one. + if encryptedExtensions.extensions.hasApplicationSettings { + msg, err := c.readHandshake() + if err != nil { + return err + } + clientEncryptedExtensions, ok := msg.(*clientEncryptedExtensionsMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(clientEncryptedExtensions, msg) + } + hs.writeClientHash(clientEncryptedExtensions.marshal()) + + if !clientEncryptedExtensions.hasApplicationSettings { + c.sendAlert(alertMissingExtension) + return errors.New("tls: client didn't provide application settings") + } + c.peerApplicationSettings = clientEncryptedExtensions.applicationSettings + } else if encryptedExtensions.extensions.hasEarlyData { + // 0-RTT sessions carry application settings over. + c.peerApplicationSettings = hs.sessionState.peerApplicationSettings + } + // If we requested a client certificate, then the client must send a // certificate message, even if it's empty. if config.ClientAuth >= RequestClientCert { @@ -1367,6 +1399,26 @@ func (hs *serverHandshakeState) processClientExtensions(serverExtensions *server c.clientProtocol = selectedProto c.usedALPN = true } + + var alpsAllowed bool + if c.vers >= VersionTLS13 { + for _, proto := range hs.clientHello.alpsProtocols { + if proto == c.clientProtocol { + alpsAllowed = true + break + } + } + } + if c.config.Bugs.AlwaysNegotiateApplicationSettings { + alpsAllowed = true + } + if settings, ok := c.config.ApplicationSettings[c.clientProtocol]; ok && alpsAllowed { + c.hasApplicationSettings = true + c.localApplicationSettings = settings + // Note these fields may later be cleared we accept 0-RTT. + serverExtensions.hasApplicationSettings = true + serverExtensions.applicationSettings = settings + } } if len(c.config.Bugs.SendALPN) > 0 { diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 0f34287c6f..bb30e03b0a 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -533,6 +533,9 @@ type connectionExpectations struct { // quicTransportParams contains the QUIC transport parameters that are to be // sent by the peer. quicTransportParams []byte + // peerApplicationSettings are the expected application settings for the + // connection. If nil, no application settings are expected. + peerApplicationSettings []byte } type testCase struct { @@ -894,6 +897,17 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, tr } } + if expectations.peerApplicationSettings != nil { + if !connState.HasApplicationSettings { + return errors.New("application settings should have been negotiated") + } + if !bytes.Equal(connState.PeerApplicationSettings, expectations.peerApplicationSettings) { + return fmt.Errorf("peer application settings mismatch: got %q, wanted %q", connState.PeerApplicationSettings, expectations.peerApplicationSettings) + } + } else if connState.HasApplicationSettings { + return errors.New("application settings unexpectedly negotiated") + } + if p := connState.SRTPProtectionProfile; p != expectations.srtpProtectionProfile { return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, expectations.srtpProtectionProfile) } @@ -6973,6 +6987,492 @@ func addExtensionTests() { }) } + // Test ALPS. + if ver.version >= VersionTLS13 { + // Test that client and server can negotiate ALPS, including + // different values on resumption. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ALPS-Basic-Client-" + ver.name, + config: Config{ + MaxVersion: ver.version, + NextProtos: []string{"proto"}, + ApplicationSettings: map[string][]byte{"proto": []byte("runner1")}, + }, + resumeConfig: &Config{ + MaxVersion: ver.version, + NextProtos: []string{"proto"}, + ApplicationSettings: map[string][]byte{"proto": []byte("runner2")}, + }, + resumeSession: true, + expectations: connectionExpectations{ + peerApplicationSettings: []byte("shim1"), + }, + resumeExpectations: &connectionExpectations{ + peerApplicationSettings: []byte("shim2"), + }, + flags: []string{ + "-advertise-alpn", "\x05proto", + "-expect-alpn", "proto", + "-on-initial-application-settings", "proto,shim1", + "-on-initial-expect-peer-application-settings", "runner1", + "-on-resume-application-settings", "proto,shim2", + "-on-resume-expect-peer-application-settings", "runner2", + }, + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ALPS-Basic-Server-" + ver.name, + config: Config{ + MaxVersion: ver.version, + NextProtos: []string{"proto"}, + ApplicationSettings: map[string][]byte{"proto": []byte("runner1")}, + }, + resumeConfig: &Config{ + MaxVersion: ver.version, + NextProtos: []string{"proto"}, + ApplicationSettings: map[string][]byte{"proto": []byte("runner2")}, + }, + resumeSession: true, + expectations: connectionExpectations{ + peerApplicationSettings: []byte("shim1"), + }, + resumeExpectations: &connectionExpectations{ + peerApplicationSettings: []byte("shim2"), + }, + flags: []string{ + "-select-alpn", "proto", + "-on-initial-application-settings", "proto,shim1", + "-on-initial-expect-peer-application-settings", "runner1", + "-on-resume-application-settings", "proto,shim2", + "-on-resume-expect-peer-application-settings", "runner2", + }, + }) + + // Test the client and server correctly handle empty settings. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ALPS-Empty-Client-" + ver.name, + config: Config{ + MaxVersion: ver.version, + NextProtos: []string{"proto"}, + ApplicationSettings: map[string][]byte{"proto": []byte{}}, + }, + resumeSession: true, + expectations: connectionExpectations{ + peerApplicationSettings: []byte{}, + }, + flags: []string{ + "-advertise-alpn", "\x05proto", + "-expect-alpn", "proto", + "-application-settings", "proto,", + "-expect-peer-application-settings", "", + }, + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ALPS-Empty-Server-" + ver.name, + config: Config{ + MaxVersion: ver.version, + NextProtos: []string{"proto"}, + ApplicationSettings: map[string][]byte{"proto": []byte{}}, + }, + resumeSession: true, + expectations: connectionExpectations{ + peerApplicationSettings: []byte{}, + }, + flags: []string{ + "-select-alpn", "proto", + "-application-settings", "proto,", + "-expect-peer-application-settings", "", + }, + }) + + // Test the client rejects application settings from the server on + // protocols it doesn't have them. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ALPS-UnsupportedProtocol-Client-" + ver.name, + config: Config{ + MaxVersion: ver.version, + NextProtos: []string{"proto1"}, + ApplicationSettings: map[string][]byte{"proto1": []byte("runner")}, + Bugs: ProtocolBugs{ + AlwaysNegotiateApplicationSettings: true, + }, + }, + // The client supports ALPS with "proto2", but not "proto1". + flags: []string{ + "-advertise-alpn", "\x06proto1\x06proto2", + "-application-settings", "proto2,shim", + "-expect-alpn", "proto1", + }, + // The server sends ALPS with "proto1", which is invalid. + shouldFail: true, + expectedError: ":INVALID_ALPN_PROTOCOL:", + expectedLocalError: "remote error: illegal parameter", + }) + + // Test the server declines ALPS if it doesn't support it for the + // specified protocol. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ALPS-UnsupportedProtocol-Server-" + ver.name, + config: Config{ + MaxVersion: ver.version, + NextProtos: []string{"proto1"}, + ApplicationSettings: map[string][]byte{"proto1": []byte("runner")}, + }, + // The server supports ALPS with "proto2", but not "proto1". + flags: []string{ + "-select-alpn", "proto1", + "-application-settings", "proto2,shim", + }, + }) + + // Test that the server rejects a missing application_settings extension. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ALPS-OmitClientApplicationSettings-" + ver.name, + config: Config{ + MaxVersion: ver.version, + NextProtos: []string{"proto"}, + ApplicationSettings: map[string][]byte{"proto": []byte("runner")}, + Bugs: ProtocolBugs{ + OmitClientApplicationSettings: true, + }, + }, + flags: []string{ + "-select-alpn", "proto", + "-application-settings", "proto,shim", + }, + // The runner is a client, so it only processes the shim's alert + // after checking connection state. + expectations: connectionExpectations{ + peerApplicationSettings: []byte("shim"), + }, + shouldFail: true, + expectedError: ":MISSING_EXTENSION:", + expectedLocalError: "remote error: missing extension", + }) + + // Test that the server rejects a missing EncryptedExtensions message. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ALPS-OmitClientEncryptedExtensions-" + ver.name, + config: Config{ + MaxVersion: ver.version, + NextProtos: []string{"proto"}, + ApplicationSettings: map[string][]byte{"proto": []byte("runner")}, + Bugs: ProtocolBugs{ + OmitClientEncryptedExtensions: true, + }, + }, + flags: []string{ + "-select-alpn", "proto", + "-application-settings", "proto,shim", + }, + // The runner is a client, so it only processes the shim's alert + // after checking connection state. + expectations: connectionExpectations{ + peerApplicationSettings: []byte("shim"), + }, + shouldFail: true, + expectedError: ":UNEXPECTED_MESSAGE:", + expectedLocalError: "remote error: unexpected message", + }) + + // Test that the server rejects an unexpected EncryptedExtensions message. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "UnexpectedClientEncryptedExtensions-" + ver.name, + config: Config{ + MaxVersion: ver.version, + Bugs: ProtocolBugs{ + AlwaysSendClientEncryptedExtensions: true, + }, + }, + shouldFail: true, + expectedError: ":UNEXPECTED_MESSAGE:", + expectedLocalError: "remote error: unexpected message", + }) + + // Test that the server rejects an unexpected extension in an + // expected EncryptedExtensions message. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ExtraClientEncryptedExtension-" + ver.name, + config: Config{ + MaxVersion: ver.version, + NextProtos: []string{"proto"}, + ApplicationSettings: map[string][]byte{"proto": []byte("runner")}, + Bugs: ProtocolBugs{ + SendExtraClientEncryptedExtension: true, + }, + }, + flags: []string{ + "-select-alpn", "proto", + "-application-settings", "proto,shim", + }, + // The runner is a client, so it only processes the shim's alert + // after checking connection state. + expectations: connectionExpectations{ + peerApplicationSettings: []byte("shim"), + }, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION:", + expectedLocalError: "remote error: unsupported extension", + }) + + // Test that ALPS is carried over on 0-RTT. + for _, empty := range []bool{false, true} { + suffix := ver.name + runnerSettings := "runner" + shimSettings := "shim" + if empty { + suffix = "Empty-" + ver.name + runnerSettings = "" + shimSettings = "" + } + + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ALPS-EarlyData-Client-" + suffix, + config: Config{ + MaxVersion: ver.version, + NextProtos: []string{"proto"}, + ApplicationSettings: map[string][]byte{"proto": []byte(runnerSettings)}, + }, + resumeSession: true, + earlyData: true, + flags: []string{ + "-advertise-alpn", "\x05proto", + "-expect-alpn", "proto", + "-application-settings", "proto," + shimSettings, + "-expect-peer-application-settings", runnerSettings, + }, + expectations: connectionExpectations{ + peerApplicationSettings: []byte(shimSettings), + }, + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ALPS-EarlyData-Server-" + suffix, + config: Config{ + MaxVersion: ver.version, + NextProtos: []string{"proto"}, + ApplicationSettings: map[string][]byte{"proto": []byte(runnerSettings)}, + }, + resumeSession: true, + earlyData: true, + flags: []string{ + "-select-alpn", "proto", + "-application-settings", "proto," + shimSettings, + "-expect-peer-application-settings", runnerSettings, + }, + expectations: connectionExpectations{ + peerApplicationSettings: []byte(shimSettings), + }, + }) + + // Sending application settings in 0-RTT handshakes is forbidden. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ALPS-EarlyData-SendApplicationSettingsWithEarlyData-Client-" + suffix, + config: Config{ + MaxVersion: ver.version, + NextProtos: []string{"proto"}, + ApplicationSettings: map[string][]byte{"proto": []byte(runnerSettings)}, + Bugs: ProtocolBugs{ + SendApplicationSettingsWithEarlyData: true, + }, + }, + resumeSession: true, + earlyData: true, + flags: []string{ + "-advertise-alpn", "\x05proto", + "-expect-alpn", "proto", + "-application-settings", "proto," + shimSettings, + "-expect-peer-application-settings", runnerSettings, + }, + expectations: connectionExpectations{ + peerApplicationSettings: []byte(shimSettings), + }, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION_ON_EARLY_DATA:", + expectedLocalError: "remote error: illegal parameter", + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ALPS-EarlyData-SendApplicationSettingsWithEarlyData-Server-" + suffix, + config: Config{ + MaxVersion: ver.version, + NextProtos: []string{"proto"}, + ApplicationSettings: map[string][]byte{"proto": []byte(runnerSettings)}, + Bugs: ProtocolBugs{ + SendApplicationSettingsWithEarlyData: true, + }, + }, + resumeSession: true, + earlyData: true, + flags: []string{ + "-select-alpn", "proto", + "-application-settings", "proto," + shimSettings, + "-expect-peer-application-settings", runnerSettings, + }, + expectations: connectionExpectations{ + peerApplicationSettings: []byte(shimSettings), + }, + shouldFail: true, + expectedError: ":UNEXPECTED_MESSAGE:", + expectedLocalError: "remote error: unexpected message", + }) + } + + // Test that the client and server each decline early data if local + // ALPS preferences has changed for the current connection. + alpsMismatchTests := []struct { + name string + initialSettings, resumeSettings []byte + }{ + {"DifferentValues", []byte("settings1"), []byte("settings2")}, + {"OnOff", []byte("settings"), nil}, + {"OffOn", nil, []byte("settings")}, + // The empty settings value should not be mistaken for ALPS not + // being negotiated. + {"OnEmpty", []byte("settings"), []byte{}}, + {"EmptyOn", []byte{}, []byte("settings")}, + {"EmptyOff", []byte{}, nil}, + {"OffEmpty", nil, []byte{}}, + } + for _, test := range alpsMismatchTests { + flags := []string{"-on-resume-expect-early-data-reason", "alps_mismatch"} + if test.initialSettings != nil { + flags = append(flags, "-on-initial-application-settings", "proto,"+string(test.initialSettings)) + flags = append(flags, "-on-initial-expect-peer-application-settings", "runner") + } + if test.resumeSettings != nil { + flags = append(flags, "-on-resume-application-settings", "proto,"+string(test.resumeSettings)) + flags = append(flags, "-on-resume-expect-peer-application-settings", "runner") + } + + // The client should not offer early data. + testCases = append(testCases, testCase{ + testType: clientTest, + name: fmt.Sprintf("ALPS-EarlyData-Mismatch-%s-Client-%s", test.name, ver.name), + config: Config{ + MaxVersion: ver.version, + MaxEarlyDataSize: 16384, + NextProtos: []string{"proto"}, + ApplicationSettings: map[string][]byte{"proto": []byte("runner")}, + }, + resumeSession: true, + flags: append([]string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-no-offer-early-data", + "-advertise-alpn", "\x05proto", + "-expect-alpn", "proto", + }, flags...), + expectations: connectionExpectations{ + peerApplicationSettings: test.initialSettings, + }, + resumeExpectations: &connectionExpectations{ + peerApplicationSettings: test.resumeSettings, + }, + }) + + // The server should reject early data. + testCases = append(testCases, testCase{ + testType: serverTest, + name: fmt.Sprintf("ALPS-EarlyData-Mismatch-%s-Server-%s", test.name, ver.name), + config: Config{ + MaxVersion: ver.version, + NextProtos: []string{"proto"}, + ApplicationSettings: map[string][]byte{"proto": []byte("runner")}, + }, + resumeSession: true, + earlyData: true, + expectEarlyDataRejected: true, + flags: append([]string{ + "-select-alpn", "proto", + }, flags...), + expectations: connectionExpectations{ + peerApplicationSettings: test.initialSettings, + }, + resumeExpectations: &connectionExpectations{ + peerApplicationSettings: test.resumeSettings, + }, + }) + } + } else { + // Test the client rejects the ALPS extension if the server + // negotiated TLS 1.2 or below. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ALPS-Reject-Client-" + ver.name, + config: Config{ + MaxVersion: ver.version, + NextProtos: []string{"foo"}, + ApplicationSettings: map[string][]byte{"foo": []byte("runner")}, + Bugs: ProtocolBugs{ + AlwaysNegotiateApplicationSettings: true, + }, + }, + flags: []string{ + "-advertise-alpn", "\x03foo", + "-expect-alpn", "foo", + "-application-settings", "foo,shim", + }, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION:", + expectedLocalError: "remote error: unsupported extension", + }) + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ALPS-Reject-Client-Resume-" + ver.name, + config: Config{ + MaxVersion: ver.version, + }, + resumeConfig: &Config{ + MaxVersion: ver.version, + NextProtos: []string{"foo"}, + ApplicationSettings: map[string][]byte{"foo": []byte("runner")}, + Bugs: ProtocolBugs{ + AlwaysNegotiateApplicationSettings: true, + }, + }, + resumeSession: true, + flags: []string{ + "-on-resume-advertise-alpn", "\x03foo", + "-on-resume-expect-alpn", "foo", + "-on-resume-application-settings", "foo,shim", + }, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION:", + expectedLocalError: "remote error: unsupported extension", + }) + + // Test the server declines ALPS if it negotiates TLS 1.2 or below. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ALPS-Decline-Server-" + ver.name, + config: Config{ + MaxVersion: ver.version, + NextProtos: []string{"foo"}, + ApplicationSettings: map[string][]byte{"foo": []byte("runner")}, + }, + // Test both TLS 1.2 full and resumption handshakes. + resumeSession: true, + flags: []string{ + "-select-alpn", "foo", + "-application-settings", "foo,shim", + }, + // If not specified, runner and shim both implicitly expect ALPS + // is not negotiated. + }) + } + // Test Token Binding. const maxTokenBindingVersion = 16 diff --git a/ssl/test/runner/ticket.go b/ssl/test/runner/ticket.go index af8754734c..f5163e109d 100644 --- a/ssl/test/runner/ticket.go +++ b/ssl/test/runner/ticket.go @@ -18,17 +18,20 @@ import ( // sessionState contains the information that is serialized into a session // ticket in order to later resume a connection. type sessionState struct { - vers uint16 - cipherSuite uint16 - masterSecret []byte - handshakeHash []byte - certificates [][]byte - extendedMasterSecret bool - earlyALPN []byte - ticketCreationTime time.Time - ticketExpiration time.Time - ticketFlags uint32 - ticketAgeAdd uint32 + vers uint16 + cipherSuite uint16 + masterSecret []byte + handshakeHash []byte + certificates [][]byte + extendedMasterSecret bool + earlyALPN []byte + ticketCreationTime time.Time + ticketExpiration time.Time + ticketFlags uint32 + ticketAgeAdd uint32 + hasApplicationSettings bool + localApplicationSettings []byte + peerApplicationSettings []byte } func (s *sessionState) marshal() []byte { @@ -61,9 +64,33 @@ func (s *sessionState) marshal() []byte { earlyALPN := msg.addU16LengthPrefixed() earlyALPN.addBytes(s.earlyALPN) + if s.hasApplicationSettings { + msg.addU8(1) + msg.addU16LengthPrefixed().addBytes(s.localApplicationSettings) + msg.addU16LengthPrefixed().addBytes(s.peerApplicationSettings) + } else { + msg.addU8(0) + } + return msg.finish() } +func readBool(reader *byteReader, out *bool) bool { + var value uint8 + if !reader.readU8(&value) { + return false + } + if value == 0 { + *out = false + return true + } + if value == 1 { + *out = true + return true + } + return false +} + func (s *sessionState) unmarshal(data []byte) bool { reader := byteReader(data) var numCerts uint16 @@ -82,15 +109,7 @@ func (s *sessionState) unmarshal(data []byte) bool { } } - var extendedMasterSecret uint8 - if !reader.readU8(&extendedMasterSecret) { - return false - } - if extendedMasterSecret == 0 { - s.extendedMasterSecret = false - } else if extendedMasterSecret == 1 { - s.extendedMasterSecret = true - } else { + if !readBool(&reader, &s.extendedMasterSecret) { return false } @@ -107,7 +126,18 @@ func (s *sessionState) unmarshal(data []byte) bool { } if !reader.readU16LengthPrefixedBytes(&s.earlyALPN) || - len(reader) > 0 { + !readBool(&reader, &s.hasApplicationSettings) { + return false + } + + if s.hasApplicationSettings { + if !reader.readU16LengthPrefixedBytes(&s.localApplicationSettings) || + !reader.readU16LengthPrefixedBytes(&s.peerApplicationSettings) { + return false + } + } + + if len(reader) > 0 { return false } diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc index e015466746..ca87c448c4 100644 --- a/ssl/test/test_config.cc +++ b/ssl/test/test_config.cc @@ -185,6 +185,13 @@ const Flag kStringFlags[] = { {"-expect-early-data-reason", &TestConfig::expect_early_data_reason}, }; +// TODO(davidben): When we can depend on C++17 or Abseil, switch this to +// std::optional or absl::optional. +const Flag> kOptionalStringFlags[] = { + {"-expect-peer-application-settings", + &TestConfig::expect_peer_application_settings}, +}; + const Flag kBase64Flags[] = { {"-expect-certificate-types", &TestConfig::expect_certificate_types}, {"-expect-channel-id", &TestConfig::expect_channel_id}, @@ -231,6 +238,11 @@ const Flag> kIntVectorFlags[] = { {"-curves", &TestConfig::curves}, }; +const Flag>> + kStringPairVectorFlags[] = { + {"-application-settings", &TestConfig::application_settings}, +}; + bool ParseFlag(char *flag, int argc, char **argv, int *i, bool skip, TestConfig *out_config) { bool *bool_field = FindField(out_config, kBoolFlags, flag); @@ -254,6 +266,20 @@ bool ParseFlag(char *flag, int argc, char **argv, int *i, return true; } + std::unique_ptr *optional_string_field = + FindField(out_config, kOptionalStringFlags, flag); + if (optional_string_field != NULL) { + *i = *i + 1; + if (*i >= argc) { + fprintf(stderr, "Missing parameter.\n"); + return false; + } + if (!skip) { + optional_string_field->reset(new std::string(argv[*i])); + } + return true; + } + std::string *base64_field = FindField(out_config, kBase64Flags, flag); if (base64_field != NULL) { *i = *i + 1; @@ -309,6 +335,28 @@ bool ParseFlag(char *flag, int argc, char **argv, int *i, return true; } + std::vector> *string_pair_vector_field = + FindField(out_config, kStringPairVectorFlags, flag); + if (string_pair_vector_field) { + *i = *i + 1; + if (*i >= argc) { + fprintf(stderr, "Missing parameter.\n"); + return false; + } + const char *comma = strchr(argv[*i], ','); + if (!comma) { + fprintf(stderr, + "Parameter should be a pair of comma-separated strings.\n"); + return false; + } + // Each instance of the flag adds to the list. + if (!skip) { + string_pair_vector_field->push_back(std::make_pair( + std::string(argv[*i], comma - argv[*i]), std::string(comma + 1))); + } + return true; + } + fprintf(stderr, "Unknown argument: %s.\n", flag); return false; } @@ -1555,10 +1603,20 @@ bssl::UniquePtr TestConfig::NewSSL( return nullptr; } if (!advertise_alpn.empty() && - SSL_set_alpn_protos(ssl.get(), (const uint8_t *)advertise_alpn.data(), - advertise_alpn.size()) != 0) { + SSL_set_alpn_protos( + ssl.get(), reinterpret_cast(advertise_alpn.data()), + advertise_alpn.size()) != 0) { return nullptr; } + for (const auto &pair : application_settings) { + if (!SSL_add_application_settings( + ssl.get(), reinterpret_cast(pair.first.data()), + pair.first.size(), + reinterpret_cast(pair.second.data()), + pair.second.size())) { + return nullptr; + } + } if (!psk.empty()) { SSL_set_psk_client_callback(ssl.get(), PskClientCallback); SSL_set_psk_server_callback(ssl.get(), PskServerCallback); diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h index 8fe439e520..318c7335f1 100644 --- a/ssl/test/test_config.h +++ b/ssl/test/test_config.h @@ -16,6 +16,7 @@ #define HEADER_TEST_CONFIG #include +#include #include #include @@ -67,6 +68,8 @@ struct TestConfig { std::string select_alpn; bool decline_alpn = false; bool select_empty_alpn = false; + std::vector> application_settings; + std::unique_ptr expect_peer_application_settings; std::string quic_transport_params; std::string expect_quic_transport_params; bool expect_session_miss = false; diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc index 8cadd734ff..c77824f861 100644 --- a/ssl/tls13_client.cc +++ b/ssl/tls13_client.cc @@ -44,6 +44,7 @@ enum client_hs_state_t { state_server_certificate_reverify, state_read_server_finished, state_send_end_of_early_data, + state_send_client_encrypted_extensions, state_send_client_certificate, state_send_client_certificate_verify, state_complete_second_flight, @@ -487,12 +488,6 @@ static enum ssl_hs_wait_t do_read_encrypted_extensions(SSL_HANDSHAKE *hs) { return ssl_hs_error; } - // Store the negotiated ALPN in the session. - if (!hs->new_session->early_alpn.CopyFrom(ssl->s3->alpn_selected)) { - ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - return ssl_hs_error; - } - if (ssl->s3->early_data_accepted) { if (hs->early_session->cipher != hs->new_session->cipher) { OPENSSL_PUT_ERROR(SSL, SSL_R_CIPHER_MISMATCH_ON_EARLY_DATA); @@ -505,11 +500,29 @@ static enum ssl_hs_wait_t do_read_encrypted_extensions(SSL_HANDSHAKE *hs) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); return ssl_hs_error; } - if (ssl->s3->channel_id_valid || ssl->s3->token_binding_negotiated) { + // Channel ID and Token Binding are incompatible with 0-RTT. The ALPS + // extension should be negotiated implicitly. + if (ssl->s3->channel_id_valid || ssl->s3->token_binding_negotiated || + hs->new_session->has_application_settings) { OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION_ON_EARLY_DATA); ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); return ssl_hs_error; } + hs->new_session->has_application_settings = + hs->early_session->has_application_settings; + if (!hs->new_session->local_application_settings.CopyFrom( + hs->early_session->local_application_settings) || + !hs->new_session->peer_application_settings.CopyFrom( + hs->early_session->peer_application_settings)) { + ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + return ssl_hs_error; + } + } + + // Store the negotiated ALPN in the session. + if (!hs->new_session->early_alpn.CopyFrom(ssl->s3->alpn_selected)) { + ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + return ssl_hs_error; } if (!ssl_hash_message(hs, msg)) { @@ -626,8 +639,7 @@ static enum ssl_hs_wait_t do_read_server_certificate(SSL_HANDSHAKE *hs) { return ssl_hs_ok; } -static enum ssl_hs_wait_t do_read_server_certificate_verify( - SSL_HANDSHAKE *hs) { +static enum ssl_hs_wait_t do_read_server_certificate_verify(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; SSLMessage msg; if (!ssl->method->get_message(ssl, &msg)) { @@ -654,8 +666,7 @@ static enum ssl_hs_wait_t do_read_server_certificate_verify( return ssl_hs_ok; } -static enum ssl_hs_wait_t do_server_certificate_reverify( - SSL_HANDSHAKE *hs) { +static enum ssl_hs_wait_t do_server_certificate_reverify(SSL_HANDSHAKE *hs) { switch (ssl_reverify_peer_cert(hs, /*send_alert=*/true)) { case ssl_verify_ok: break; @@ -718,6 +729,32 @@ static enum ssl_hs_wait_t do_send_end_of_early_data(SSL_HANDSHAKE *hs) { } } + hs->tls13_state = state_send_client_encrypted_extensions; + return ssl_hs_ok; +} + +static enum ssl_hs_wait_t do_send_client_encrypted_extensions( + SSL_HANDSHAKE *hs) { + SSL *const ssl = hs->ssl; + // For now, only one extension uses client EncryptedExtensions. This function + // may be generalized if others use it in the future. + if (hs->new_session->has_application_settings && + !ssl->s3->early_data_accepted) { + ScopedCBB cbb; + CBB body, extensions, extension; + if (!ssl->method->init_message(ssl, cbb.get(), &body, + SSL3_MT_ENCRYPTED_EXTENSIONS) || + !CBB_add_u16_length_prefixed(&body, &extensions) || + !CBB_add_u16(&extensions, TLSEXT_TYPE_application_settings) || + !CBB_add_u16_length_prefixed(&extensions, &extension) || + !CBB_add_bytes(&extension, + hs->new_session->local_application_settings.data(), + hs->new_session->local_application_settings.size()) || + !ssl_add_message_cbb(ssl, cbb.get())) { + return ssl_hs_error; + } + } + hs->tls13_state = state_send_client_certificate; return ssl_hs_ok; } @@ -860,6 +897,9 @@ enum ssl_hs_wait_t tls13_client_handshake(SSL_HANDSHAKE *hs) { case state_send_client_certificate: ret = do_send_client_certificate(hs); break; + case state_send_client_encrypted_extensions: + ret = do_send_client_encrypted_extensions(hs); + break; case state_send_client_certificate_verify: ret = do_send_client_certificate_verify(hs); break; @@ -907,6 +947,8 @@ const char *tls13_client_handshake_state(SSL_HANDSHAKE *hs) { return "TLS 1.3 client read_server_finished"; case state_send_end_of_early_data: return "TLS 1.3 client send_end_of_early_data"; + case state_send_client_encrypted_extensions: + return "TLS 1.3 client send_client_encrypted_extensions"; case state_send_client_certificate: return "TLS 1.3 client send_client_certificate"; case state_send_client_certificate_verify: diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc index 716b7dc9ff..fefb074b8d 100644 --- a/ssl/tls13_server.cc +++ b/ssl/tls13_server.cc @@ -354,13 +354,6 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) { &offered_ticket, msg, &client_hello)) { case ssl_ticket_aead_ignore_ticket: assert(!session); - if (!ssl->enable_early_data) { - ssl->s3->early_data_reason = ssl_early_data_disabled; - } else if (!offered_ticket) { - ssl->s3->early_data_reason = ssl_early_data_no_session_offered; - } else { - ssl->s3->early_data_reason = ssl_early_data_session_not_resumed; - } if (!ssl_get_new_session(hs, 1 /* server */)) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); return ssl_hs_error; @@ -377,35 +370,6 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) { return ssl_hs_error; } - // |ssl_session_is_resumable| forbids cross-cipher resumptions even if the - // PRF hashes match. - assert(hs->new_cipher == session->cipher); - - if (!ssl->enable_early_data) { - ssl->s3->early_data_reason = ssl_early_data_disabled; - } else if (session->ticket_max_early_data == 0) { - ssl->s3->early_data_reason = ssl_early_data_unsupported_for_session; - } else if (!hs->early_data_offered) { - ssl->s3->early_data_reason = ssl_early_data_peer_declined; - } else if (ssl->s3->channel_id_valid) { - // Channel ID is incompatible with 0-RTT. - ssl->s3->early_data_reason = ssl_early_data_channel_id; - } else if (ssl->s3->token_binding_negotiated) { - // Token Binding is incompatible with 0-RTT. - ssl->s3->early_data_reason = ssl_early_data_token_binding; - } else if (MakeConstSpan(ssl->s3->alpn_selected) != session->early_alpn) { - // The negotiated ALPN must match the one in the ticket. - ssl->s3->early_data_reason = ssl_early_data_alpn_mismatch; - } else if (ssl->s3->ticket_age_skew < -kMaxTicketAgeSkewSeconds || - kMaxTicketAgeSkewSeconds < ssl->s3->ticket_age_skew) { - ssl->s3->early_data_reason = ssl_early_data_ticket_age_skew; - } else if (!quic_ticket_compatible(session.get(), hs->config)) { - ssl->s3->early_data_reason = ssl_early_data_quic_parameter_mismatch; - } else { - ssl->s3->early_data_reason = ssl_early_data_accepted; - ssl->s3->early_data_accepted = true; - } - ssl->s3->session_reused = true; // Resumption incorporates fresh key material, so refresh the timeout. @@ -422,15 +386,74 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) { return ssl_hs_pending_ticket; } + // Negotiate ALPS now, after ALPN is negotiated and |hs->new_session| is + // initialized. + if (!ssl_negotiate_alps(hs, &alert, &client_hello)) { + ssl_send_alert(ssl, SSL3_AL_FATAL, alert); + return ssl_hs_error; + } + + // Determine if we're negotiating 0-RTT. + if (!ssl->enable_early_data) { + ssl->s3->early_data_reason = ssl_early_data_disabled; + } else if (!offered_ticket) { + ssl->s3->early_data_reason = ssl_early_data_no_session_offered; + } else if (!session) { + ssl->s3->early_data_reason = ssl_early_data_session_not_resumed; + } else if (session->ticket_max_early_data == 0) { + ssl->s3->early_data_reason = ssl_early_data_unsupported_for_session; + } else if (!hs->early_data_offered) { + ssl->s3->early_data_reason = ssl_early_data_peer_declined; + } else if (ssl->s3->channel_id_valid) { + // Channel ID is incompatible with 0-RTT. + ssl->s3->early_data_reason = ssl_early_data_channel_id; + } else if (ssl->s3->token_binding_negotiated) { + // Token Binding is incompatible with 0-RTT. + ssl->s3->early_data_reason = ssl_early_data_token_binding; + } else if (MakeConstSpan(ssl->s3->alpn_selected) != session->early_alpn) { + // The negotiated ALPN must match the one in the ticket. + ssl->s3->early_data_reason = ssl_early_data_alpn_mismatch; + } else if (hs->new_session->has_application_settings != + session->has_application_settings || + MakeConstSpan(hs->new_session->local_application_settings) != + session->local_application_settings) { + ssl->s3->early_data_reason = ssl_early_data_alps_mismatch; + } else if (ssl->s3->ticket_age_skew < -kMaxTicketAgeSkewSeconds || + kMaxTicketAgeSkewSeconds < ssl->s3->ticket_age_skew) { + ssl->s3->early_data_reason = ssl_early_data_ticket_age_skew; + } else if (!quic_ticket_compatible(session.get(), hs->config)) { + ssl->s3->early_data_reason = ssl_early_data_quic_parameter_mismatch; + } else { + // |ssl_session_is_resumable| forbids cross-cipher resumptions even if the + // PRF hashes match. + assert(hs->new_cipher == session->cipher); + + ssl->s3->early_data_reason = ssl_early_data_accepted; + ssl->s3->early_data_accepted = true; + } + // Record connection properties in the new session. hs->new_session->cipher = hs->new_cipher; - // Store the initial negotiated ALPN in the session. + // Store the ALPN and ALPS values in the session for 0-RTT. Note the peer + // applications settings are not generally known until client + // EncryptedExtensions. if (!hs->new_session->early_alpn.CopyFrom(ssl->s3->alpn_selected)) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); return ssl_hs_error; } + // The peer applications settings are usually received later, in + // EncryptedExtensions. But, in 0-RTT handshakes, we carry over the + // values from |session|. Do this now, before |session| is discarded. + if (ssl->s3->early_data_accepted && + hs->new_session->has_application_settings && + !hs->new_session->peer_application_settings.CopyFrom( + session->peer_application_settings)) { + ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + return ssl_hs_error; + } + // Copy the QUIC early data context to the session. if (ssl->enable_early_data && ssl->quic_method) { if (!hs->new_session->quic_early_data_context.CopyFrom( @@ -854,6 +877,64 @@ static enum ssl_hs_wait_t do_process_end_of_early_data(SSL_HANDSHAKE *hs) { hs->client_handshake_secret())) { return ssl_hs_error; } + hs->tls13_state = state13_read_client_encrypted_extensions; + return ssl_hs_ok; +} + +static enum ssl_hs_wait_t do_read_client_encrypted_extensions( + SSL_HANDSHAKE *hs) { + SSL *const ssl = hs->ssl; + // For now, only one extension uses client EncryptedExtensions. This function + // may be generalized if others use it in the future. + if (hs->new_session->has_application_settings && + !ssl->s3->early_data_accepted) { + SSLMessage msg; + if (!ssl->method->get_message(ssl, &msg)) { + return ssl_hs_read_message; + } + if (!ssl_check_message_type(ssl, msg, SSL3_MT_ENCRYPTED_EXTENSIONS)) { + return ssl_hs_error; + } + + CBS body = msg.body, extensions; + if (!CBS_get_u16_length_prefixed(&body, &extensions) || + CBS_len(&body) != 0) { + OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); + ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + return ssl_hs_error; + } + + // Parse out the extensions. + bool have_application_settings = false; + CBS application_settings; + SSL_EXTENSION_TYPE ext_types[] = {{TLSEXT_TYPE_application_settings, + &have_application_settings, + &application_settings}}; + uint8_t alert = SSL_AD_DECODE_ERROR; + if (!ssl_parse_extensions(&extensions, &alert, ext_types, + /*ignore_unknown=*/false)) { + ssl_send_alert(ssl, SSL3_AL_FATAL, alert); + return ssl_hs_error; + } + + if (!have_application_settings) { + OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION); + ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION); + return ssl_hs_error; + } + + // Note that, if 0-RTT was accepted, these values will already have been + // initialized earlier. + if (!hs->new_session->peer_application_settings.CopyFrom( + application_settings) || + !ssl_hash_message(hs, msg)) { + ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + return ssl_hs_error; + } + + ssl->method->next_message(ssl); + } + hs->tls13_state = state13_read_client_certificate; return ssl_hs_ok; } @@ -892,8 +973,7 @@ static enum ssl_hs_wait_t do_read_client_certificate(SSL_HANDSHAKE *hs) { return ssl_hs_ok; } -static enum ssl_hs_wait_t do_read_client_certificate_verify( - SSL_HANDSHAKE *hs) { +static enum ssl_hs_wait_t do_read_client_certificate_verify(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; if (sk_CRYPTO_BUFFER_num(hs->new_session->certs.get()) == 0) { // Skip this state. @@ -1037,6 +1117,9 @@ enum ssl_hs_wait_t tls13_server_handshake(SSL_HANDSHAKE *hs) { case state13_process_end_of_early_data: ret = do_process_end_of_early_data(hs); break; + case state13_read_client_encrypted_extensions: + ret = do_read_client_encrypted_extensions(hs); + break; case state13_read_client_certificate: ret = do_read_client_certificate(hs); break; @@ -1093,6 +1176,8 @@ const char *tls13_server_handshake_state(SSL_HANDSHAKE *hs) { return "TLS 1.3 server read_second_client_flight"; case state13_process_end_of_early_data: return "TLS 1.3 server process_end_of_early_data"; + case state13_read_client_encrypted_extensions: + return "TLS 1.3 server read_client_encrypted_extensions"; case state13_read_client_certificate: return "TLS 1.3 server read_client_certificate"; case state13_read_client_certificate_verify: From 8c32f941ad6d9d29f7c4398011530afb9468a0aa Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 14 Oct 2020 22:16:46 -0400 Subject: [PATCH 138/399] Update clang. CopyDiaDllTo is no longer needed after https://chromium.googlesource.com/chromium/src/+/9f7781171ee82861d05eb653fb5ba3c54a11c1d8. As a bonus, this makes the script much easier to use outside of the bots. Change-Id: Ib59b7e6ff9276b860032134ad7eaa006492e76b9 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43464 Reviewed-by: Adam Langley --- util/bot/update_clang.py | 45 +++------------------------------------- 1 file changed, 3 insertions(+), 42 deletions(-) diff --git a/util/bot/update_clang.py b/util/bot/update_clang.py index ceeb265ca1..71c55db3a0 100644 --- a/util/bot/update_clang.py +++ b/util/bot/update_clang.py @@ -19,12 +19,10 @@ # CLANG_REVISION and CLANG_SUB_REVISION determine the build of clang # to use. These should be synced with tools/clang/scripts/update.py in # Chromium. -CLANG_REVISION = '4e0d9925d6a3561449bdd8def27fd3f3f1b3fb9f' -CLANG_SVN_REVISION = 'n346557' -CLANG_SUB_REVISION = 1 +CLANG_REVISION = 'llvmorg-12-init-5627-gf086e85e' +CLANG_SUB_REVISION = 2 -PACKAGE_VERSION = '%s-%s-%s' % (CLANG_SVN_REVISION, CLANG_REVISION[:8], - CLANG_SUB_REVISION) +PACKAGE_VERSION = '%s-%s' % (CLANG_REVISION, CLANG_SUB_REVISION) # Path constants. (All of these should be absolute paths.) THIS_DIR = os.path.abspath(os.path.dirname(__file__)) @@ -35,13 +33,6 @@ CDS_URL = os.environ.get('CDS_CLANG_BUCKET_OVERRIDE', 'https://commondatastorage.googleapis.com/chromium-browser-clang') -# Bump after VC updates. -DIA_DLL = { - '2013': 'msdia120.dll', - '2015': 'msdia140.dll', - '2017': 'msdia140.dll', -} - def DownloadUrl(url, output_file): """Download url into output_file.""" @@ -133,34 +124,6 @@ def CopyFile(src, dst): shutil.copy(src, dst) -vs_version = None -def GetVSVersion(): - global vs_version - if vs_version: - return vs_version - - # Try using the toolchain in depot_tools. - # This sets environment variables used by SelectVisualStudioVersion below. - sys.path.append(THIS_DIR) - import vs_toolchain - vs_toolchain.SetEnvironmentAndGetRuntimeDllDirs() - - # Use gyp to find the MSVS installation, either in depot_tools as per above, - # or a system-wide installation otherwise. - sys.path.append(os.path.join(THIS_DIR, 'gyp', 'pylib')) - import gyp.MSVSVersion - vs_version = gyp.MSVSVersion.SelectVisualStudioVersion( - vs_toolchain.GetVisualStudioVersion()) - return vs_version - - -def CopyDiaDllTo(target_dir): - # This script always wants to use the 64-bit msdia*.dll. - dia_path = os.path.join(GetVSVersion().Path(), 'DIA SDK', 'bin', 'amd64') - dia_dll = os.path.join(dia_path, DIA_DLL[GetVSVersion().ShortName()]) - CopyFile(dia_dll, target_dir) - - def UpdateClang(): cds_file = "clang-%s.tgz" % PACKAGE_VERSION if sys.platform == 'win32' or sys.platform == 'cygwin': @@ -185,8 +148,6 @@ def UpdateClang(): try: DownloadAndUnpack(cds_full_url, LLVM_BUILD_DIR) print 'clang %s unpacked' % PACKAGE_VERSION - if sys.platform == 'win32': - CopyDiaDllTo(os.path.join(LLVM_BUILD_DIR, 'bin')) WriteStampFile(PACKAGE_VERSION) return 0 except urllib2.URLError: From 9d1bca3dd2fbbf8c51c1c0d5e715e7eefe33b40f Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Fri, 16 Oct 2020 12:41:39 -0700 Subject: [PATCH 139/399] acvp: update subprocess_test.go A recent change broke this but I didn't notice. (Which suggests that the test isn't very useful, which is true, but I'm not ready to pull the trigger on deleting it just yet.) Change-Id: If120a553c095fa0be9f8e85fc05ee996a486621f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43484 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- util/fipstools/acvp/acvptool/subprocess/subprocess_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go b/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go index c8c08533cc..c2cd9aed86 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go @@ -438,7 +438,7 @@ func TestPrimitives(t *testing.T) { }, { algo: "ACVP-AES-ECB", - p: &blockCipher{"AES", 16, false}, + p: &blockCipher{"AES", 16, true, false, IterateAES}, validJSON: validACVPAESECB, invalidJSON: invalidACVPAESECB, expectedCalls: callsACVPAESECB, From fd83592b425446444525f30537a577ca2e069c20 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 20 Oct 2020 17:26:24 -0400 Subject: [PATCH 140/399] Silence some linter checks. Use empty() over size() == 0, and don't export the IterateAES* functions. (They return private types.) Change-Id: I8a8f33a64e28cc2eab789563c6ba91afa6df87f9 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43544 Commit-Queue: Adam Langley Reviewed-by: Adam Langley --- util/fipstools/acvp/acvptool/subprocess/block.go | 8 ++++---- util/fipstools/acvp/acvptool/subprocess/subprocess.go | 4 ++-- .../fipstools/acvp/acvptool/subprocess/subprocess_test.go | 2 +- util/fipstools/acvp/modulewrapper/modulewrapper.cc | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/util/fipstools/acvp/acvptool/subprocess/block.go b/util/fipstools/acvp/acvptool/subprocess/block.go index fa933c6613..365399e215 100644 --- a/util/fipstools/acvp/acvptool/subprocess/block.go +++ b/util/fipstools/acvp/acvptool/subprocess/block.go @@ -47,9 +47,9 @@ func aesKeyShuffle(key, result, prevResult []byte) { } } -// IterateAES implements the "AES Monte Carlo Test - ECB mode" from the ACVP +// iterateAES implements the "AES Monte Carlo Test - ECB mode" from the ACVP // specification. -func IterateAES(transact func(n int, args ...[]byte) ([][]byte, error), encrypt bool, key, input, iv []byte) (mctResults []blockCipherMCTResult) { +func iterateAES(transact func(n int, args ...[]byte) ([][]byte, error), encrypt bool, key, input, iv []byte) (mctResults []blockCipherMCTResult) { for i := 0; i < 100; i++ { var iteration blockCipherMCTResult iteration.KeyHex = hex.EncodeToString(key) @@ -83,9 +83,9 @@ func IterateAES(transact func(n int, args ...[]byte) ([][]byte, error), encrypt return mctResults } -// IterateAESCBC implements the "AES Monte Carlo Test - CBC mode" from the ACVP +// iterateAESCBC implements the "AES Monte Carlo Test - CBC mode" from the ACVP // specification. -func IterateAESCBC(transact func(n int, args ...[]byte) ([][]byte, error), encrypt bool, key, input, iv []byte) (mctResults []blockCipherMCTResult) { +func iterateAESCBC(transact func(n int, args ...[]byte) ([][]byte, error), encrypt bool, key, input, iv []byte) (mctResults []blockCipherMCTResult) { for i := 0; i < 100; i++ { var iteration blockCipherMCTResult iteration.KeyHex = hex.EncodeToString(key) diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index cfa300f45f..05d7fb5a9e 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -76,8 +76,8 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess "SHA2-256": &hashPrimitive{"SHA2-256", 32}, "SHA2-384": &hashPrimitive{"SHA2-384", 48}, "SHA2-512": &hashPrimitive{"SHA2-512", 64}, - "ACVP-AES-ECB": &blockCipher{"AES", 16, true, false, IterateAES}, - "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, true, true, IterateAESCBC}, + "ACVP-AES-ECB": &blockCipher{"AES", 16, true, false, iterateAES}, + "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, true, true, iterateAESCBC}, "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, false, true, nil}, "ACVP-AES-GCM": &aead{"AES-GCM", false}, "ACVP-AES-CCM": &aead{"AES-CCM", true}, diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go b/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go index c2cd9aed86..2249aa367e 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go @@ -438,7 +438,7 @@ func TestPrimitives(t *testing.T) { }, { algo: "ACVP-AES-ECB", - p: &blockCipher{"AES", 16, true, false, IterateAES}, + p: &blockCipher{"AES", 16, true, false, iterateAES}, validJSON: validACVPAESECB, invalidJSON: invalidACVPAESECB, expectedCalls: callsACVPAESECB, diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index ff5ef6cf3b..1ffb432ff0 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -84,7 +84,7 @@ static bool WriteReply(int fd, Args... args) { for (size_t i = 0; i < spans.size(); i++) { const auto &span = spans[i]; nums[i + 1] = span.size(); - if (span.size() == 0) { + if (span.empty()) { continue; } From c46b1736a14135cc5b337aad3f359c819963ac68 Mon Sep 17 00:00:00 2001 From: Tamas Petz Date: Tue, 20 Oct 2020 08:55:51 +0200 Subject: [PATCH 141/399] aarch64: Improve conditional compilation With -Wundef one could get warnings of undefined symbols. This patch tries to fix this issue. Furthermore, the case where there is BTI but no Pointer Authentication now uses GNU_PROPERTY_AARCH64_BTI in the check which should correctly reflect that feature's enabled state. Change-Id: I14902a64e5f403c2b6a117bc9f5fb1a4f4611ebf Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43524 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- include/openssl/arm_arch.h | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/include/openssl/arm_arch.h b/include/openssl/arm_arch.h index 1f16799afd..da69dbf6d1 100644 --- a/include/openssl/arm_arch.h +++ b/include/openssl/arm_arch.h @@ -126,7 +126,7 @@ // appropriate architecture-dependent feature bits set. // Read more: "ELF for the Arm® 64-bit Architecture" -#if (__ARM_FEATURE_BTI_DEFAULT == 1) +#if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1 #define GNU_PROPERTY_AARCH64_BTI (1 << 0) // Has Branch Target Identification #define AARCH64_VALID_CALL_TARGET hint #34 // BTI 'c' #else @@ -134,19 +134,21 @@ #define AARCH64_VALID_CALL_TARGET #endif -#if ((__ARM_FEATURE_PAC_DEFAULT & 1) == 1) // Signed with A-key +#if defined(__ARM_FEATURE_PAC_DEFAULT) && \ + (__ARM_FEATURE_PAC_DEFAULT & 1) == 1 // Signed with A-key #define GNU_PROPERTY_AARCH64_POINTER_AUTH \ (1 << 1) // Has Pointer Authentication #define AARCH64_SIGN_LINK_REGISTER hint #25 // PACIASP #define AARCH64_VALIDATE_LINK_REGISTER hint #29 // AUTIASP -#elif ((__ARM_FEATURE_PAC_DEFAULT & 2) == 2) // Signed with B-key +#elif defined(__ARM_FEATURE_PAC_DEFAULT) && \ + (__ARM_FEATURE_PAC_DEFAULT & 2) == 2 // Signed with B-key #define GNU_PROPERTY_AARCH64_POINTER_AUTH \ (1 << 1) // Has Pointer Authentication #define AARCH64_SIGN_LINK_REGISTER hint #27 // PACIBSP #define AARCH64_VALIDATE_LINK_REGISTER hint #31 // AUTIBSP #else #define GNU_PROPERTY_AARCH64_POINTER_AUTH 0 // No Pointer Authentication -#if defined(__ARM_FEATURE_BTI_DEFAULT) +#if GNU_PROPERTY_AARCH64_BTI != 0 #define AARCH64_SIGN_LINK_REGISTER AARCH64_VALID_CALL_TARGET #else #define AARCH64_SIGN_LINK_REGISTER @@ -154,7 +156,7 @@ #define AARCH64_VALIDATE_LINK_REGISTER #endif -#if (GNU_PROPERTY_AARCH64_POINTER_AUTH != 0) || (GNU_PROPERTY_AARCH64_BTI != 0) +#if GNU_PROPERTY_AARCH64_POINTER_AUTH != 0 || GNU_PROPERTY_AARCH64_BTI != 0 .pushsection note.gnu.property, "a"; .balign 8; .long 4; From 1e8e5635bd7ff77cf0541d91eaeaa79d3ef7b280 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 21 Oct 2020 19:37:04 -0400 Subject: [PATCH 142/399] clang-format and convert comments in x509v3.h. Change-Id: I9cb1ed08fff71d94c28f16efa4d356bdfdebeebe Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43564 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- include/openssl/x509v3.h | 817 ++++++++++++++++++++------------------- 1 file changed, 425 insertions(+), 392 deletions(-) diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 0fd44bcc70..95144534e0 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -8,7 +8,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,153 +57,152 @@ #include #include -#include #include +#include #ifdef __cplusplus extern "C" { #endif -/* Legacy X.509 library. - * - * This header is part of OpenSSL's X.509 implementation. It is retained for - * compatibility but otherwise underdocumented and not actively maintained. In - * the future, a replacement library will be available. Meanwhile, minimize - * dependencies on this header where possible. */ +// Legacy X.509 library. +// +// This header is part of OpenSSL's X.509 implementation. It is retained for +// compatibility but otherwise underdocumented and not actively maintained. In +// the future, a replacement library will be available. Meanwhile, minimize +// dependencies on this header where possible. -/* Forward reference */ +// Forward reference struct v3_ext_method; struct v3_ext_ctx; -/* Useful typedefs */ +// Useful typedefs -typedef void * (*X509V3_EXT_NEW)(void); +typedef void *(*X509V3_EXT_NEW)(void); typedef void (*X509V3_EXT_FREE)(void *); -typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long); +typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); typedef int (*X509V3_EXT_I2D)(void *, unsigned char **); -typedef STACK_OF(CONF_VALUE) * - (*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext, - STACK_OF(CONF_VALUE) *extlist); -typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method, - struct v3_ext_ctx *ctx, - STACK_OF(CONF_VALUE) *values); -typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext); -typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method, - struct v3_ext_ctx *ctx, const char *str); +typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V)( + const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); +typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); +typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext); +typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext, - BIO *out, int indent); -typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method, - struct v3_ext_ctx *ctx, const char *str); + BIO *out, int indent); +typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); -/* V3 extension structure */ +// V3 extension structure struct v3_ext_method { -int ext_nid; -int ext_flags; -/* If this is set the following four fields are ignored */ -ASN1_ITEM_EXP *it; -/* Old style ASN1 calls */ -X509V3_EXT_NEW ext_new; -X509V3_EXT_FREE ext_free; -X509V3_EXT_D2I d2i; -X509V3_EXT_I2D i2d; - -/* The following pair is used for string extensions */ -X509V3_EXT_I2S i2s; -X509V3_EXT_S2I s2i; - -/* The following pair is used for multi-valued extensions */ -X509V3_EXT_I2V i2v; -X509V3_EXT_V2I v2i; - -/* The following are used for raw extensions */ -X509V3_EXT_I2R i2r; -X509V3_EXT_R2I r2i; - -void *usr_data; /* Any extension specific data */ + int ext_nid; + int ext_flags; + // If this is set the following four fields are ignored + ASN1_ITEM_EXP *it; + // Old style ASN1 calls + X509V3_EXT_NEW ext_new; + X509V3_EXT_FREE ext_free; + X509V3_EXT_D2I d2i; + X509V3_EXT_I2D i2d; + + // The following pair is used for string extensions + X509V3_EXT_I2S i2s; + X509V3_EXT_S2I s2i; + + // The following pair is used for multi-valued extensions + X509V3_EXT_I2V i2v; + X509V3_EXT_V2I v2i; + + // The following are used for raw extensions + X509V3_EXT_I2R i2r; + X509V3_EXT_R2I r2i; + + void *usr_data; // Any extension specific data }; typedef struct X509V3_CONF_METHOD_st { -char * (*get_string)(void *db, const char *section, const char *value); -STACK_OF(CONF_VALUE) * (*get_section)(void *db, const char *section); -void (*free_string)(void *db, char * string); -void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); + char *(*get_string)(void *db, const char *section, const char *value); + STACK_OF(CONF_VALUE) *(*get_section)(void *db, const char *section); + void (*free_string)(void *db, char *string); + void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); } X509V3_CONF_METHOD; -/* Context specific info */ +// Context specific info struct v3_ext_ctx { #define CTX_TEST 0x1 -int flags; -X509 *issuer_cert; -X509 *subject_cert; -X509_REQ *subject_req; -X509_CRL *crl; -const X509V3_CONF_METHOD *db_meth; -void *db; -/* Maybe more here */ + int flags; + X509 *issuer_cert; + X509 *subject_cert; + X509_REQ *subject_req; + X509_CRL *crl; + const X509V3_CONF_METHOD *db_meth; + void *db; + // Maybe more here }; typedef struct v3_ext_method X509V3_EXT_METHOD; DEFINE_STACK_OF(X509V3_EXT_METHOD) -/* ext_flags values */ -#define X509V3_EXT_DYNAMIC 0x1 -#define X509V3_EXT_CTX_DEP 0x2 -#define X509V3_EXT_MULTILINE 0x4 +// ext_flags values +#define X509V3_EXT_DYNAMIC 0x1 +#define X509V3_EXT_CTX_DEP 0x2 +#define X509V3_EXT_MULTILINE 0x4 typedef BIT_STRING_BITNAME ENUMERATED_NAMES; struct BASIC_CONSTRAINTS_st { -int ca; -ASN1_INTEGER *pathlen; + int ca; + ASN1_INTEGER *pathlen; }; typedef struct otherName_st { -ASN1_OBJECT *type_id; -ASN1_TYPE *value; + ASN1_OBJECT *type_id; + ASN1_TYPE *value; } OTHERNAME; typedef struct EDIPartyName_st { - ASN1_STRING *nameAssigner; - ASN1_STRING *partyName; + ASN1_STRING *nameAssigner; + ASN1_STRING *partyName; } EDIPARTYNAME; typedef struct GENERAL_NAME_st { - -#define GEN_OTHERNAME 0 -#define GEN_EMAIL 1 -#define GEN_DNS 2 -#define GEN_X400 3 -#define GEN_DIRNAME 4 -#define GEN_EDIPARTY 5 -#define GEN_URI 6 -#define GEN_IPADD 7 -#define GEN_RID 8 - -int type; -union { - char *ptr; - OTHERNAME *otherName; /* otherName */ - ASN1_IA5STRING *rfc822Name; - ASN1_IA5STRING *dNSName; - ASN1_TYPE *x400Address; - X509_NAME *directoryName; - EDIPARTYNAME *ediPartyName; - ASN1_IA5STRING *uniformResourceIdentifier; - ASN1_OCTET_STRING *iPAddress; - ASN1_OBJECT *registeredID; - - /* Old names */ - ASN1_OCTET_STRING *ip; /* iPAddress */ - X509_NAME *dirn; /* dirn */ - ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */ - ASN1_OBJECT *rid; /* registeredID */ - ASN1_TYPE *other; /* x400Address */ -} d; +#define GEN_OTHERNAME 0 +#define GEN_EMAIL 1 +#define GEN_DNS 2 +#define GEN_X400 3 +#define GEN_DIRNAME 4 +#define GEN_EDIPARTY 5 +#define GEN_URI 6 +#define GEN_IPADD 7 +#define GEN_RID 8 + + int type; + union { + char *ptr; + OTHERNAME *otherName; // otherName + ASN1_IA5STRING *rfc822Name; + ASN1_IA5STRING *dNSName; + ASN1_TYPE *x400Address; + X509_NAME *directoryName; + EDIPARTYNAME *ediPartyName; + ASN1_IA5STRING *uniformResourceIdentifier; + ASN1_OCTET_STRING *iPAddress; + ASN1_OBJECT *registeredID; + + // Old names + ASN1_OCTET_STRING *ip; // iPAddress + X509_NAME *dirn; // dirn + ASN1_IA5STRING *ia5; // rfc822Name, dNSName, uniformResourceIdentifier + ASN1_OBJECT *rid; // registeredID + ASN1_TYPE *other; // x400Address + } d; } GENERAL_NAME; DEFINE_STACK_OF(GENERAL_NAME) @@ -214,8 +213,8 @@ typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; DEFINE_STACK_OF(GENERAL_NAMES) typedef struct ACCESS_DESCRIPTION_st { - ASN1_OBJECT *method; - GENERAL_NAME *location; + ASN1_OBJECT *method; + GENERAL_NAME *location; } ACCESS_DESCRIPTION; DEFINE_STACK_OF(ACCESS_DESCRIPTION) @@ -226,34 +225,34 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; typedef struct DIST_POINT_NAME_st { -int type; -union { - GENERAL_NAMES *fullname; - STACK_OF(X509_NAME_ENTRY) *relativename; -} name; -/* If relativename then this contains the full distribution point name */ -X509_NAME *dpname; + int type; + union { + GENERAL_NAMES *fullname; + STACK_OF(X509_NAME_ENTRY) *relativename; + } name; + // If relativename then this contains the full distribution point name + X509_NAME *dpname; } DIST_POINT_NAME; -/* All existing reasons */ -#define CRLDP_ALL_REASONS 0x807f - -#define CRL_REASON_NONE (-1) -#define CRL_REASON_UNSPECIFIED 0 -#define CRL_REASON_KEY_COMPROMISE 1 -#define CRL_REASON_CA_COMPROMISE 2 -#define CRL_REASON_AFFILIATION_CHANGED 3 -#define CRL_REASON_SUPERSEDED 4 -#define CRL_REASON_CESSATION_OF_OPERATION 5 -#define CRL_REASON_CERTIFICATE_HOLD 6 -#define CRL_REASON_REMOVE_FROM_CRL 8 -#define CRL_REASON_PRIVILEGE_WITHDRAWN 9 -#define CRL_REASON_AA_COMPROMISE 10 +// All existing reasons +#define CRLDP_ALL_REASONS 0x807f + +#define CRL_REASON_NONE (-1) +#define CRL_REASON_UNSPECIFIED 0 +#define CRL_REASON_KEY_COMPROMISE 1 +#define CRL_REASON_CA_COMPROMISE 2 +#define CRL_REASON_AFFILIATION_CHANGED 3 +#define CRL_REASON_SUPERSEDED 4 +#define CRL_REASON_CESSATION_OF_OPERATION 5 +#define CRL_REASON_CERTIFICATE_HOLD 6 +#define CRL_REASON_REMOVE_FROM_CRL 8 +#define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +#define CRL_REASON_AA_COMPROMISE 10 struct DIST_POINT_st { -DIST_POINT_NAME *distpoint; -ASN1_BIT_STRING *reasons; -GENERAL_NAMES *CRLissuer; -int dp_reasons; + DIST_POINT_NAME *distpoint; + ASN1_BIT_STRING *reasons; + GENERAL_NAMES *CRLissuer; + int dp_reasons; }; typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; @@ -262,36 +261,36 @@ DEFINE_STACK_OF(DIST_POINT) DECLARE_ASN1_SET_OF(DIST_POINT) struct AUTHORITY_KEYID_st { -ASN1_OCTET_STRING *keyid; -GENERAL_NAMES *issuer; -ASN1_INTEGER *serial; + ASN1_OCTET_STRING *keyid; + GENERAL_NAMES *issuer; + ASN1_INTEGER *serial; }; typedef struct NOTICEREF_st { - ASN1_STRING *organization; - STACK_OF(ASN1_INTEGER) *noticenos; + ASN1_STRING *organization; + STACK_OF(ASN1_INTEGER) *noticenos; } NOTICEREF; typedef struct USERNOTICE_st { - NOTICEREF *noticeref; - ASN1_STRING *exptext; + NOTICEREF *noticeref; + ASN1_STRING *exptext; } USERNOTICE; typedef struct POLICYQUALINFO_st { - ASN1_OBJECT *pqualid; - union { - ASN1_IA5STRING *cpsuri; - USERNOTICE *usernotice; - ASN1_TYPE *other; - } d; + ASN1_OBJECT *pqualid; + union { + ASN1_IA5STRING *cpsuri; + USERNOTICE *usernotice; + ASN1_TYPE *other; + } d; } POLICYQUALINFO; DEFINE_STACK_OF(POLICYQUALINFO) DECLARE_ASN1_SET_OF(POLICYQUALINFO) typedef struct POLICYINFO_st { - ASN1_OBJECT *policyid; - STACK_OF(POLICYQUALINFO) *qualifiers; + ASN1_OBJECT *policyid; + STACK_OF(POLICYQUALINFO) *qualifiers; } POLICYINFO; typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; @@ -300,8 +299,8 @@ DEFINE_STACK_OF(POLICYINFO) DECLARE_ASN1_SET_OF(POLICYINFO) typedef struct POLICY_MAPPING_st { - ASN1_OBJECT *issuerDomainPolicy; - ASN1_OBJECT *subjectDomainPolicy; + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; } POLICY_MAPPING; DEFINE_STACK_OF(POLICY_MAPPING) @@ -309,189 +308,186 @@ DEFINE_STACK_OF(POLICY_MAPPING) typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; typedef struct GENERAL_SUBTREE_st { - GENERAL_NAME *base; - ASN1_INTEGER *minimum; - ASN1_INTEGER *maximum; + GENERAL_NAME *base; + ASN1_INTEGER *minimum; + ASN1_INTEGER *maximum; } GENERAL_SUBTREE; DEFINE_STACK_OF(GENERAL_SUBTREE) struct NAME_CONSTRAINTS_st { - STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; - STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; }; typedef struct POLICY_CONSTRAINTS_st { - ASN1_INTEGER *requireExplicitPolicy; - ASN1_INTEGER *inhibitPolicyMapping; + ASN1_INTEGER *requireExplicitPolicy; + ASN1_INTEGER *inhibitPolicyMapping; } POLICY_CONSTRAINTS; -/* Proxy certificate structures, see RFC 3820 */ -typedef struct PROXY_POLICY_st - { - ASN1_OBJECT *policyLanguage; - ASN1_OCTET_STRING *policy; - } PROXY_POLICY; +// Proxy certificate structures, see RFC 3820 +typedef struct PROXY_POLICY_st { + ASN1_OBJECT *policyLanguage; + ASN1_OCTET_STRING *policy; +} PROXY_POLICY; -typedef struct PROXY_CERT_INFO_EXTENSION_st - { - ASN1_INTEGER *pcPathLengthConstraint; - PROXY_POLICY *proxyPolicy; - } PROXY_CERT_INFO_EXTENSION; +typedef struct PROXY_CERT_INFO_EXTENSION_st { + ASN1_INTEGER *pcPathLengthConstraint; + PROXY_POLICY *proxyPolicy; +} PROXY_CERT_INFO_EXTENSION; DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) -struct ISSUING_DIST_POINT_st - { - DIST_POINT_NAME *distpoint; - int onlyuser; - int onlyCA; - ASN1_BIT_STRING *onlysomereasons; - int indirectCRL; - int onlyattr; - }; - -/* Values in idp_flags field */ -/* IDP present */ -#define IDP_PRESENT 0x1 -/* IDP values inconsistent */ -#define IDP_INVALID 0x2 -/* onlyuser true */ -#define IDP_ONLYUSER 0x4 -/* onlyCA true */ -#define IDP_ONLYCA 0x8 -/* onlyattr true */ -#define IDP_ONLYATTR 0x10 -/* indirectCRL true */ -#define IDP_INDIRECT 0x20 -/* onlysomereasons present */ -#define IDP_REASONS 0x40 - -#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", (val)->section, \ -",name:", (val)->name, ",value:", (val)->value); +struct ISSUING_DIST_POINT_st { + DIST_POINT_NAME *distpoint; + int onlyuser; + int onlyCA; + ASN1_BIT_STRING *onlysomereasons; + int indirectCRL; + int onlyattr; +}; + +// Values in idp_flags field +// IDP present +#define IDP_PRESENT 0x1 +// IDP values inconsistent +#define IDP_INVALID 0x2 +// onlyuser true +#define IDP_ONLYUSER 0x4 +// onlyCA true +#define IDP_ONLYCA 0x8 +// onlyattr true +#define IDP_ONLYATTR 0x10 +// indirectCRL true +#define IDP_INDIRECT 0x20 +// onlysomereasons present +#define IDP_REASONS 0x40 + +#define X509V3_conf_err(val) \ + ERR_add_error_data(6, "section:", (val)->section, ",name:", (val)->name, \ + ",value:", (val)->value); #define X509V3_set_ctx_test(ctx) \ - X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) + X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) #define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; -#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ - 0,0,0,0, \ - 0,0, \ - (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ - (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ - NULL, NULL, \ - (void *)(table)} - -#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ - 0,0,0,0, \ - (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ - (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ - 0,0,0,0, \ - NULL} - -#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} - - -/* X509_PURPOSE stuff */ - -#define EXFLAG_BCONS 0x1 -#define EXFLAG_KUSAGE 0x2 -#define EXFLAG_XKUSAGE 0x4 -#define EXFLAG_NSCERT 0x8 - -#define EXFLAG_CA 0x10 -/* Really self issued not necessarily self signed */ -#define EXFLAG_SI 0x20 -#define EXFLAG_V1 0x40 -#define EXFLAG_INVALID 0x80 -#define EXFLAG_SET 0x100 -#define EXFLAG_CRITICAL 0x200 -#define EXFLAG_PROXY 0x400 - -#define EXFLAG_INVALID_POLICY 0x800 -#define EXFLAG_FRESHEST 0x1000 -/* Self signed */ -#define EXFLAG_SS 0x2000 - -#define KU_DIGITAL_SIGNATURE 0x0080 -#define KU_NON_REPUDIATION 0x0040 -#define KU_KEY_ENCIPHERMENT 0x0020 -#define KU_DATA_ENCIPHERMENT 0x0010 -#define KU_KEY_AGREEMENT 0x0008 -#define KU_KEY_CERT_SIGN 0x0004 -#define KU_CRL_SIGN 0x0002 -#define KU_ENCIPHER_ONLY 0x0001 -#define KU_DECIPHER_ONLY 0x8000 - -#define NS_SSL_CLIENT 0x80 -#define NS_SSL_SERVER 0x40 -#define NS_SMIME 0x20 -#define NS_OBJSIGN 0x10 -#define NS_SSL_CA 0x04 -#define NS_SMIME_CA 0x02 -#define NS_OBJSIGN_CA 0x01 -#define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) - -#define XKU_SSL_SERVER 0x1 -#define XKU_SSL_CLIENT 0x2 -#define XKU_SMIME 0x4 -#define XKU_CODE_SIGN 0x8 -#define XKU_SGC 0x10 -#define XKU_OCSP_SIGN 0x20 -#define XKU_TIMESTAMP 0x40 -#define XKU_DVCS 0x80 -#define XKU_ANYEKU 0x100 - -#define X509_PURPOSE_DYNAMIC 0x1 -#define X509_PURPOSE_DYNAMIC_NAME 0x2 +#define EXT_BITSTRING(nid, table) \ + { \ + nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), 0, 0, 0, 0, 0, 0, \ + (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ + (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, NULL, NULL, (void *)(table) \ + } + +#define EXT_IA5STRING(nid) \ + { \ + nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), 0, 0, 0, 0, \ + (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, 0, 0, 0, 0, NULL \ + } + +#define EXT_END \ + { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } + + +// X509_PURPOSE stuff + +#define EXFLAG_BCONS 0x1 +#define EXFLAG_KUSAGE 0x2 +#define EXFLAG_XKUSAGE 0x4 +#define EXFLAG_NSCERT 0x8 + +#define EXFLAG_CA 0x10 +// Really self issued not necessarily self signed +#define EXFLAG_SI 0x20 +#define EXFLAG_V1 0x40 +#define EXFLAG_INVALID 0x80 +#define EXFLAG_SET 0x100 +#define EXFLAG_CRITICAL 0x200 +#define EXFLAG_PROXY 0x400 + +#define EXFLAG_INVALID_POLICY 0x800 +#define EXFLAG_FRESHEST 0x1000 +// Self signed +#define EXFLAG_SS 0x2000 + +#define KU_DIGITAL_SIGNATURE 0x0080 +#define KU_NON_REPUDIATION 0x0040 +#define KU_KEY_ENCIPHERMENT 0x0020 +#define KU_DATA_ENCIPHERMENT 0x0010 +#define KU_KEY_AGREEMENT 0x0008 +#define KU_KEY_CERT_SIGN 0x0004 +#define KU_CRL_SIGN 0x0002 +#define KU_ENCIPHER_ONLY 0x0001 +#define KU_DECIPHER_ONLY 0x8000 + +#define NS_SSL_CLIENT 0x80 +#define NS_SSL_SERVER 0x40 +#define NS_SMIME 0x20 +#define NS_OBJSIGN 0x10 +#define NS_SSL_CA 0x04 +#define NS_SMIME_CA 0x02 +#define NS_OBJSIGN_CA 0x01 +#define NS_ANY_CA (NS_SSL_CA | NS_SMIME_CA | NS_OBJSIGN_CA) + +#define XKU_SSL_SERVER 0x1 +#define XKU_SSL_CLIENT 0x2 +#define XKU_SMIME 0x4 +#define XKU_CODE_SIGN 0x8 +#define XKU_SGC 0x10 +#define XKU_OCSP_SIGN 0x20 +#define XKU_TIMESTAMP 0x40 +#define XKU_DVCS 0x80 +#define XKU_ANYEKU 0x100 + +#define X509_PURPOSE_DYNAMIC 0x1 +#define X509_PURPOSE_DYNAMIC_NAME 0x2 typedef struct x509_purpose_st { - int purpose; - int trust; /* Default trust ID */ - int flags; - int (*check_purpose)(const struct x509_purpose_st *, - const X509 *, int); - char *name; - char *sname; - void *usr_data; + int purpose; + int trust; // Default trust ID + int flags; + int (*check_purpose)(const struct x509_purpose_st *, const X509 *, int); + char *name; + char *sname; + void *usr_data; } X509_PURPOSE; -#define X509_PURPOSE_SSL_CLIENT 1 -#define X509_PURPOSE_SSL_SERVER 2 -#define X509_PURPOSE_NS_SSL_SERVER 3 -#define X509_PURPOSE_SMIME_SIGN 4 -#define X509_PURPOSE_SMIME_ENCRYPT 5 -#define X509_PURPOSE_CRL_SIGN 6 -#define X509_PURPOSE_ANY 7 -#define X509_PURPOSE_OCSP_HELPER 8 -#define X509_PURPOSE_TIMESTAMP_SIGN 9 - -#define X509_PURPOSE_MIN 1 -#define X509_PURPOSE_MAX 9 - -/* Flags for X509V3_EXT_print() */ - -#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) -/* Return error for unknown extensions */ -#define X509V3_EXT_DEFAULT 0 -/* Print error for unknown extensions */ -#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) -/* ASN1 parse unknown extensions */ -#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) -/* BIO_dump unknown extensions */ -#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) - -/* Flags for X509V3_add1_i2d */ - -#define X509V3_ADD_OP_MASK 0xfL -#define X509V3_ADD_DEFAULT 0L -#define X509V3_ADD_APPEND 1L -#define X509V3_ADD_REPLACE 2L -#define X509V3_ADD_REPLACE_EXISTING 3L -#define X509V3_ADD_KEEP_EXISTING 4L -#define X509V3_ADD_DELETE 5L -#define X509V3_ADD_SILENT 0x10 +#define X509_PURPOSE_SSL_CLIENT 1 +#define X509_PURPOSE_SSL_SERVER 2 +#define X509_PURPOSE_NS_SSL_SERVER 3 +#define X509_PURPOSE_SMIME_SIGN 4 +#define X509_PURPOSE_SMIME_ENCRYPT 5 +#define X509_PURPOSE_CRL_SIGN 6 +#define X509_PURPOSE_ANY 7 +#define X509_PURPOSE_OCSP_HELPER 8 +#define X509_PURPOSE_TIMESTAMP_SIGN 9 + +#define X509_PURPOSE_MIN 1 +#define X509_PURPOSE_MAX 9 + +// Flags for X509V3_EXT_print() + +#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +// Return error for unknown extensions +#define X509V3_EXT_DEFAULT 0 +// Print error for unknown extensions +#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +// ASN1 parse unknown extensions +#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +// BIO_dump unknown extensions +#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + +// Flags for X509V3_add1_i2d + +#define X509V3_ADD_OP_MASK 0xfL +#define X509V3_ADD_DEFAULT 0L +#define X509V3_ADD_APPEND 1L +#define X509V3_ADD_REPLACE 2L +#define X509V3_ADD_REPLACE_EXISTING 3L +#define X509V3_ADD_KEEP_EXISTING 4L +#define X509V3_ADD_DELETE 5L +#define X509V3_ADD_SILENT 0x10 DEFINE_STACK_OF(X509_PURPOSE) @@ -506,36 +502,45 @@ OPENSSL_EXPORT int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); OPENSSL_EXPORT ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - ASN1_BIT_STRING *bits, - STACK_OF(CONF_VALUE) *extlist); - -OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret); + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); +OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING( + X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); + +OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME( + X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret); OPENSSL_EXPORT int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) -OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, - GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist); +OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES( + X509V3_EXT_METHOD *method, GENERAL_NAMES *gen, + STACK_OF(CONF_VALUE) *extlist); OPENSSL_EXPORT GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); DECLARE_ASN1_FUNCTIONS(OTHERNAME) DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) OPENSSL_EXPORT int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); -OPENSSL_EXPORT void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); +OPENSSL_EXPORT void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, + void *value); OPENSSL_EXPORT void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); OPENSSL_EXPORT int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, - ASN1_OBJECT *oid, ASN1_TYPE *value); -OPENSSL_EXPORT int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, - ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + ASN1_OBJECT *oid, + ASN1_TYPE *value); +OPENSSL_EXPORT int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, + ASN1_OBJECT **poid, + ASN1_TYPE **pvalue); -OPENSSL_EXPORT char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, const ASN1_OCTET_STRING *ia5); -OPENSSL_EXPORT ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); +OPENSSL_EXPORT char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + const ASN1_OCTET_STRING *ia5); +OPENSSL_EXPORT ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING( + X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) -OPENSSL_EXPORT int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION* a); +OPENSSL_EXPORT int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a); DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) DECLARE_ASN1_FUNCTIONS(POLICYINFO) @@ -548,7 +553,8 @@ DECLARE_ASN1_FUNCTIONS(DIST_POINT) DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) -OPENSSL_EXPORT int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); +OPENSSL_EXPORT int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, + X509_NAME *iname); OPENSSL_EXPORT int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); @@ -569,53 +575,71 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) OPENSSL_EXPORT GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, - const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - int gen_type, char *value, int is_nc); - -OPENSSL_EXPORT GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - CONF_VALUE *cnf); -OPENSSL_EXPORT GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, - const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, int gen_type, + char *value, int is_nc); + +OPENSSL_EXPORT GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf); +OPENSSL_EXPORT GENERAL_NAME *v2i_GENERAL_NAME_ex( + GENERAL_NAME *out, const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + CONF_VALUE *cnf, int is_nc); OPENSSL_EXPORT void X509V3_conf_free(CONF_VALUE *val); // X509V3_EXT_conf_nid contains the only exposed instance of an LHASH in our // public headers. The |conf| pointer must be NULL but cryptography.io wraps // this function so we cannot, yet, replace the type with a dummy struct. -OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid, char *value); - -OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); -OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value); -OPENSSL_EXPORT int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk); -OPENSSL_EXPORT int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert); -OPENSSL_EXPORT int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); -OPENSSL_EXPORT int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); +OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, + X509V3_CTX *ctx, int ext_nid, + char *value); + +OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, + int ext_nid, char *value); +OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, + char *name, char *value); +OPENSSL_EXPORT int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, + char *section, + STACK_OF(X509_EXTENSION) **sk); +OPENSSL_EXPORT int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, + char *section, X509 *cert); +OPENSSL_EXPORT int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, + char *section, X509_REQ *req); +OPENSSL_EXPORT int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, + char *section, X509_CRL *crl); OPENSSL_EXPORT int X509V3_add_value_bool_nf(char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); + STACK_OF(CONF_VALUE) **extlist); OPENSSL_EXPORT int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); OPENSSL_EXPORT int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); OPENSSL_EXPORT void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); -OPENSSL_EXPORT char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); -OPENSSL_EXPORT STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); +OPENSSL_EXPORT char *X509V3_get_string(X509V3_CTX *ctx, char *name, + char *section); +OPENSSL_EXPORT STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, + char *section); OPENSSL_EXPORT void X509V3_string_free(X509V3_CTX *ctx, char *str); -OPENSSL_EXPORT void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); +OPENSSL_EXPORT void X509V3_section_free(X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *section); OPENSSL_EXPORT void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, - X509_REQ *req, X509_CRL *crl, int flags); + X509_REQ *req, X509_CRL *crl, int flags); OPENSSL_EXPORT int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist); -OPENSSL_EXPORT int X509V3_add_value_uchar(const char *name, const unsigned char *value, - STACK_OF(CONF_VALUE) **extlist); + STACK_OF(CONF_VALUE) **extlist); +OPENSSL_EXPORT int X509V3_add_value_uchar(const char *name, + const unsigned char *value, + STACK_OF(CONF_VALUE) **extlist); OPENSSL_EXPORT int X509V3_add_value_bool(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); + STACK_OF(CONF_VALUE) **extlist); OPENSSL_EXPORT int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, - STACK_OF(CONF_VALUE) **extlist); -OPENSSL_EXPORT char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); -OPENSSL_EXPORT ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); -OPENSSL_EXPORT char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); -OPENSSL_EXPORT char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); + STACK_OF(CONF_VALUE) **extlist); +OPENSSL_EXPORT char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, + ASN1_INTEGER *aint); +OPENSSL_EXPORT ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, + char *value); +OPENSSL_EXPORT char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, + ASN1_ENUMERATED *aint); +OPENSSL_EXPORT char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, + ASN1_ENUMERATED *aint); OPENSSL_EXPORT int X509V3_EXT_add(X509V3_EXT_METHOD *ext); OPENSSL_EXPORT int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); OPENSSL_EXPORT int X509V3_EXT_add_alias(int nid_to, int nid_from); @@ -626,19 +650,26 @@ OPENSSL_EXPORT const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); OPENSSL_EXPORT int X509V3_add_standard_extensions(void); OPENSSL_EXPORT STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); OPENSSL_EXPORT void *X509V3_EXT_d2i(X509_EXTENSION *ext); -OPENSSL_EXPORT void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); +OPENSSL_EXPORT void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, + int *crit, int *idx); OPENSSL_EXPORT int X509V3_EXT_free(int nid, void *ext_data); -OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); -OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); +OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, + void *ext_struc); +OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, + void *value, int crit, unsigned long flags); -OPENSSL_EXPORT void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, - int ml); -OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); -OPENSSL_EXPORT int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); +OPENSSL_EXPORT void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, + int indent, int ml); +OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, + unsigned long flag, int indent); +OPENSSL_EXPORT int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, + int indent); -OPENSSL_EXPORT int X509V3_extensions_print(BIO *out, const char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); +OPENSSL_EXPORT int X509V3_extensions_print(BIO *out, const char *title, + STACK_OF(X509_EXTENSION) *exts, + unsigned long flag, int indent); OPENSSL_EXPORT int X509_check_ca(X509 *x); OPENSSL_EXPORT int X509_check_purpose(X509 *x, int id, int ca); @@ -694,12 +725,13 @@ OPENSSL_EXPORT const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x509); OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_authority_serial(X509 *x509); OPENSSL_EXPORT int X509_PURPOSE_get_count(void); -OPENSSL_EXPORT X509_PURPOSE * X509_PURPOSE_get0(int idx); +OPENSSL_EXPORT X509_PURPOSE *X509_PURPOSE_get0(int idx); OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(char *sname); OPENSSL_EXPORT int X509_PURPOSE_get_by_id(int id); OPENSSL_EXPORT int X509_PURPOSE_add(int id, int trust, int flags, - int (*ck)(const X509_PURPOSE *, const X509 *, int), - char *name, char *sname, void *arg); + int (*ck)(const X509_PURPOSE *, + const X509 *, int), + char *name, char *sname, void *arg); OPENSSL_EXPORT char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); OPENSSL_EXPORT char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); OPENSSL_EXPORT int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); @@ -710,51 +742,52 @@ OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); OPENSSL_EXPORT void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); -/* Flags for X509_check_* functions */ +// Flags for X509_check_* functions -/* Deprecated: this flag does nothing */ -#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0 -/* Disable wildcard matching for dnsName fields and common name. */ -#define X509_CHECK_FLAG_NO_WILDCARDS 0x2 -/* Wildcards must not match a partial label. */ +// Deprecated: this flag does nothing +#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0 +// Disable wildcard matching for dnsName fields and common name. +#define X509_CHECK_FLAG_NO_WILDCARDS 0x2 +// Wildcards must not match a partial label. #define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 -/* Allow (non-partial) wildcards to match multiple labels. */ +// Allow (non-partial) wildcards to match multiple labels. #define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 -/* Constraint verifier subdomain patterns to match a single labels. */ +// Constraint verifier subdomain patterns to match a single labels. #define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 -/* Skip the subject common name fallback if subjectAltNames is missing. */ +// Skip the subject common name fallback if subjectAltNames is missing. #define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 -/* - * Match reference identifiers starting with "." to any sub-domain. - * This is a non-public flag, turned on implicitly when the subject - * reference identity is a DNS name. - */ +// +// Match reference identifiers starting with "." to any sub-domain. +// This is a non-public flag, turned on implicitly when the subject +// reference identity is a DNS name. #define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 OPENSSL_EXPORT int X509_check_host(X509 *x, const char *chk, size_t chklen, - unsigned int flags, char **peername); + unsigned int flags, char **peername); OPENSSL_EXPORT int X509_check_email(X509 *x, const char *chk, size_t chklen, - unsigned int flags); -OPENSSL_EXPORT int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, - unsigned int flags); -OPENSSL_EXPORT int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); + unsigned int flags); +OPENSSL_EXPORT int X509_check_ip(X509 *x, const unsigned char *chk, + size_t chklen, unsigned int flags); +OPENSSL_EXPORT int X509_check_ip_asc(X509 *x, const char *ipasc, + unsigned int flags); OPENSSL_EXPORT ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); OPENSSL_EXPORT ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); OPENSSL_EXPORT int a2i_ipadd(unsigned char *ipout, const char *ipasc); -OPENSSL_EXPORT int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, - unsigned long chtype); +OPENSSL_EXPORT int X509V3_NAME_from_section(X509_NAME *nm, + STACK_OF(CONF_VALUE) *dn_sk, + unsigned long chtype); -OPENSSL_EXPORT void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +OPENSSL_EXPORT void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, + int indent); DEFINE_STACK_OF(X509_POLICY_NODE) -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ +// BEGIN ERROR CODES +// The following lines are auto generated by the script mkerr.pl. Any changes +// made after this point may be overwritten when the script is next run. -#ifdef __cplusplus +#ifdef __cplusplus } extern "C++" { @@ -770,7 +803,7 @@ BORINGSSL_MAKE_DELETER(POLICYINFO, POLICYINFO_free) BSSL_NAMESPACE_END -} /* extern C++ */ +} // extern C++ #endif #define X509V3_R_BAD_IP_ADDRESS 100 From e9fce74f2e88d74006d659eb079d4710eb017d86 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 21 Oct 2020 19:45:37 -0400 Subject: [PATCH 143/399] Const-correct X509V3_extensions_print. Change-Id: I1cb16d926a58de5345de462c857774775c865c2f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43565 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/x509v3/v3_prn.c | 2 +- include/openssl/x509v3.h | 34 +++++++++++++++++++++------------- 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index 2f5efcff07..b508eb3c58 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -156,7 +156,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, } int X509V3_extensions_print(BIO *bp, const char *title, - STACK_OF(X509_EXTENSION) *exts, + const STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent) { size_t i; diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 95144534e0..0a4e776cfc 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -466,18 +466,6 @@ typedef struct x509_purpose_st { #define X509_PURPOSE_MIN 1 #define X509_PURPOSE_MAX 9 -// Flags for X509V3_EXT_print() - -#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) -// Return error for unknown extensions -#define X509V3_EXT_DEFAULT 0 -// Print error for unknown extensions -#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) -// ASN1 parse unknown extensions -#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) -// BIO_dump unknown extensions -#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) - // Flags for X509V3_add1_i2d #define X509V3_ADD_OP_MASK 0xfL @@ -660,6 +648,21 @@ OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); +#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) + +// X509V3_EXT_DEFAULT causes unknown extensions or syntax errors to return +// failure. +#define X509V3_EXT_DEFAULT 0 +// X509V3_EXT_ERROR_UNKNOWN causes unknown extensions or syntax errors to print +// as "" or "", respectively. +#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +// X509V3_EXT_PARSE_UNKNOWN is deprecated and behaves like +// |X509V3_EXT_DUMP_UNKNOWN|. +#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +// X509V3_EXT_DUMP_UNKNOWN causes unknown extensions to be displayed as a +// hexdump. +#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + OPENSSL_EXPORT void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml); OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, @@ -667,8 +670,13 @@ OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, OPENSSL_EXPORT int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); +// X509V3_extensions_print prints |title|, followed by a human-readable +// representation of |exts| to |out|. It returns one on success and zero on +// error. The output is indented by |indent| spaces. |flag| is one of the +// |X509V3_EXT_*| constants and controls printing of unknown extensions and +// syntax errors. OPENSSL_EXPORT int X509V3_extensions_print(BIO *out, const char *title, - STACK_OF(X509_EXTENSION) *exts, + const STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); OPENSSL_EXPORT int X509_check_ca(X509 *x); From 043fba24112eddaa2d73c5bc36dc80014c8ef132 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 21 Oct 2020 11:14:59 -0400 Subject: [PATCH 144/399] Clear some reported gcc -Wshadow warnings. The constructor parameter vs. method name one is a little unfortunate given Google C++ style, but I think we've done this elsewhere in libssl, so let's run with it for now. Bug: 378 Change-Id: I31fb6b4b16e3248369dae6f47cc150de0e4f04fe Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43545 Reviewed-by: Steven Valdez Commit-Queue: David Benjamin --- crypto/trust_token/trust_token_test.cc | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/crypto/trust_token/trust_token_test.cc b/crypto/trust_token/trust_token_test.cc index 7f9b79ede5..b6d080f154 100644 --- a/crypto/trust_token/trust_token_test.cc +++ b/crypto/trust_token/trust_token_test.cc @@ -134,8 +134,8 @@ static std::vector AllMethods() { class TrustTokenProtocolTestBase : public ::testing::Test { public: - explicit TrustTokenProtocolTestBase(const TRUST_TOKEN_METHOD *method) - : method_(method) {} + explicit TrustTokenProtocolTestBase(const TRUST_TOKEN_METHOD *method_arg) + : method_(method_arg) {} // KeyID returns the key ID associated with key index |i|. static uint32_t KeyID(size_t i) { @@ -638,13 +638,13 @@ TEST_P(TrustTokenMetadataTest, TruncatedProof) { CBS real_response; CBS_init(&real_response, issue_resp, resp_len); uint16_t count; - uint32_t public_metadata; + uint32_t parsed_public_metadata; bssl::ScopedCBB bad_response; ASSERT_TRUE(CBB_init(bad_response.get(), 0)); ASSERT_TRUE(CBS_get_u16(&real_response, &count)); ASSERT_TRUE(CBB_add_u16(bad_response.get(), count)); - ASSERT_TRUE(CBS_get_u32(&real_response, &public_metadata)); - ASSERT_TRUE(CBB_add_u32(bad_response.get(), public_metadata)); + ASSERT_TRUE(CBS_get_u32(&real_response, &parsed_public_metadata)); + ASSERT_TRUE(CBB_add_u32(bad_response.get(), parsed_public_metadata)); const EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1); size_t token_length = @@ -701,13 +701,13 @@ TEST_P(TrustTokenMetadataTest, ExcessDataProof) { CBS real_response; CBS_init(&real_response, issue_resp, resp_len); uint16_t count; - uint32_t public_metadata; + uint32_t parsed_public_metadata; bssl::ScopedCBB bad_response; ASSERT_TRUE(CBB_init(bad_response.get(), 0)); ASSERT_TRUE(CBS_get_u16(&real_response, &count)); ASSERT_TRUE(CBB_add_u16(bad_response.get(), count)); - ASSERT_TRUE(CBS_get_u32(&real_response, &public_metadata)); - ASSERT_TRUE(CBB_add_u32(bad_response.get(), public_metadata)); + ASSERT_TRUE(CBS_get_u32(&real_response, &parsed_public_metadata)); + ASSERT_TRUE(CBB_add_u32(bad_response.get(), parsed_public_metadata)); const EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1); size_t token_length = From e796cc65025982ed1fb9ef41b3f74e8115092816 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 7 Oct 2020 14:48:48 -0700 Subject: [PATCH 145/399] acvp: add 3DES-ECB support Change-Id: I4ffa2572acce1fdccdf4d3c33680e6d0114bd42b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43405 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- .../acvp/acvptool/subprocess/block.go | 85 ++++++++++++++++++- .../acvp/acvptool/subprocess/subprocess.go | 1 + .../acvp/modulewrapper/modulewrapper.cc | 43 ++++++++++ 3 files changed, 128 insertions(+), 1 deletion(-) diff --git a/util/fipstools/acvp/acvptool/subprocess/block.go b/util/fipstools/acvp/acvptool/subprocess/block.go index 365399e215..35c2133e11 100644 --- a/util/fipstools/acvp/acvptool/subprocess/block.go +++ b/util/fipstools/acvp/acvptool/subprocess/block.go @@ -18,6 +18,7 @@ import ( "encoding/hex" "encoding/json" "fmt" + "math/bits" ) // aesKeyShuffle is the "AES Monte Carlo Key Shuffle" from the ACVP @@ -140,6 +141,68 @@ func iterateAESCBC(transact func(n int, args ...[]byte) ([][]byte, error), encry return mctResults } +// xorKeyWithOddParityLSB XORs value into key while setting the LSB of each bit +// to establish odd parity. This embedding of a parity check in a DES key is an +// old tradition and something that NIST's tests require (despite being +// undocumented). +func xorKeyWithOddParityLSB(key, value []byte) { + for i := range key { + v := key[i] ^ value[i] + // Use LSB to establish odd parity. + v ^= byte((bits.OnesCount8(v) & 1)) ^ 1 + key[i] = v + } +} + +// desKeyShuffle implements the manipulation of the Key arrays in the "TDES +// Monte Carlo Test - ECB mode" algorithm from the ACVP specification. +func keyShuffle3DES(key, result, prevResult, prevPrevResult []byte) { + xorKeyWithOddParityLSB(key[:8], result) + xorKeyWithOddParityLSB(key[8:16], prevResult) + xorKeyWithOddParityLSB(key[16:], prevPrevResult) +} + +// iterate3DES implements "TDES Monte Carlo Test - ECB mode" from the ACVP +// specification. +func iterate3DES(transact func(n int, args ...[]byte) ([][]byte, error), encrypt bool, key, input, iv []byte) (mctResults []blockCipherMCTResult) { + for i := 0; i < 400; i++ { + var iteration blockCipherMCTResult + keyHex := hex.EncodeToString(key) + iteration.Key1Hex = keyHex[:16] + iteration.Key2Hex = keyHex[16:32] + iteration.Key3Hex = keyHex[32:] + + if encrypt { + iteration.PlaintextHex = hex.EncodeToString(input) + } else { + iteration.CiphertextHex = hex.EncodeToString(input) + } + + var result, prevResult, prevPrevResult []byte + for j := 0; j < 10000; j++ { + prevPrevResult = prevResult + prevResult = input + result, err := transact(1, key, input) + if err != nil { + panic("block operation failed") + } + input = result[0] + } + result = input + + if encrypt { + iteration.CiphertextHex = hex.EncodeToString(result) + } else { + iteration.PlaintextHex = hex.EncodeToString(result) + } + + keyShuffle3DES(key, result, prevResult, prevPrevResult) + mctResults = append(mctResults, iteration) + } + + return mctResults +} + // blockCipher implements an ACVP algorithm by making requests to the subprocess // to encrypt and decrypt with a block cipher. type blockCipher struct { @@ -165,6 +228,11 @@ type blockCipherTestGroup struct { CiphertextHex string `json:"ct"` IVHex string `json:"iv"` KeyHex string `json:"key"` + + // 3DES tests serialise the key differently. + Key1Hex string `json:"key1"` + Key2Hex string `json:"key2"` + Key3Hex string `json:"key3"` } `json:"tests"` } @@ -181,10 +249,15 @@ type blockCipherTestResponse struct { } type blockCipherMCTResult struct { - KeyHex string `json:"key"` + KeyHex string `json:"key,omitempty"` PlaintextHex string `json:"pt"` CiphertextHex string `json:"ct"` IVHex string `json:"iv,omitempty"` + + // 3DES tests serialise the key differently. + Key1Hex string `json:"key1"` + Key2Hex string `json:"key2"` + Key3Hex string `json:"key3"` } func (b *blockCipher) Process(vectorSet []byte, m Transactable) (interface{}, error) { @@ -230,6 +303,11 @@ func (b *blockCipher) Process(vectorSet []byte, m Transactable) (interface{}, er return nil, fmt.Errorf("test group %d has unknown type %q", group.ID, group.Type) } + if group.KeyBits == 0 { + // 3DES tests fail to set this parameter. + group.KeyBits = 192 + } + if group.KeyBits%8 != 0 { return nil, fmt.Errorf("test group %d contains non-byte-multiple key length %d", group.ID, group.KeyBits) } @@ -240,6 +318,11 @@ func (b *blockCipher) Process(vectorSet []byte, m Transactable) (interface{}, er } for _, test := range group.Tests { + if len(test.KeyHex) == 0 && len(test.Key1Hex) > 0 { + // 3DES encodes the key differently. + test.KeyHex = test.Key1Hex + test.Key2Hex + test.Key3Hex + } + if len(test.KeyHex) != keyBytes*2 { return nil, fmt.Errorf("test case %d/%d contains key %q of length %d, but expected %d-bit key", group.ID, test.ID, test.KeyHex, len(test.KeyHex), group.KeyBits) } diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index 05d7fb5a9e..3c049819ac 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -79,6 +79,7 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess "ACVP-AES-ECB": &blockCipher{"AES", 16, true, false, iterateAES}, "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, true, true, iterateAESCBC}, "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, false, true, nil}, + "ACVP-TDES-ECB": &blockCipher{"3DES-ECB", 8, true, false, iterate3DES}, "ACVP-AES-GCM": &aead{"AES-GCM", false}, "ACVP-AES-CCM": &aead{"AES-CCM", true}, "ACVP-AES-KW": &aead{"AES-KW", false}, diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index 1ffb432ff0..d97ea91719 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -250,6 +251,13 @@ static bool GetConfig(const Span args[]) { "tagLen": [32], "aadLen": [{"min": 0, "max": 1024, "increment": 8}] }, + { + "algorithm": "ACVP-TDES-ECB", + "revision": "1.0", + "direction": ["encrypt", "decrypt"], + "keyLen": [192], + "keyingOption": [1] + }, { "algorithm": "HMAC-SHA-1", "revision": "1.0", @@ -720,6 +728,39 @@ static bool AESPaddedKeyWrapOpen(const Span args[]) { Span(out)); } +template +static bool TDES(const Span args[]) { + const EVP_CIPHER *cipher = EVP_des_ede3(); + + if (args[0].size() != 24) { + fprintf(stderr, "Bad key length %u for 3DES.\n", + static_cast(args[0].size())); + return false; + } + if (args[1].size() % 8) { + fprintf(stderr, "Bad input length %u for 3DES.\n", + static_cast(args[1].size())); + return false; + } + + std::vector out; + out.resize(args[1].size()); + + bssl::ScopedEVP_CIPHER_CTX ctx; + int out_len, out_len2; + if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, args[0].data(), nullptr, + Encrypt ? 1 : 0) || + !EVP_CIPHER_CTX_set_padding(ctx.get(), 0) || + !EVP_CipherUpdate(ctx.get(), out.data(), &out_len, args[1].data(), + args[1].size()) || + !EVP_CipherFinal_ex(ctx.get(), out.data() + out_len, &out_len2) || + (out_len + out_len2) != static_cast(out.size())) { + return false; + } + + return WriteReply(STDOUT_FILENO, Span(out)); +} + template static bool HMAC(const Span args[]) { const EVP_MD *const md = HashFunc(); @@ -975,6 +1016,8 @@ static constexpr struct { {"AES-KWP/open", 5, AESPaddedKeyWrapOpen}, {"AES-CCM/seal", 5, AEADSeal}, {"AES-CCM/open", 5, AEADOpen}, + {"3DES-ECB/encrypt", 2, TDES}, + {"3DES-ECB/decrypt", 2, TDES}, {"HMAC-SHA-1", 2, HMAC}, {"HMAC-SHA2-224", 2, HMAC}, {"HMAC-SHA2-256", 2, HMAC}, From 9c12f01de7f6646d5ad62a848e3a520b9677dcd0 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 7 Oct 2020 16:58:25 -0700 Subject: [PATCH 146/399] acvp: add 3DES-CBC support Change-Id: I2e6cc7367b5ca6631329be298fbed7424221a06b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43406 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- .../acvp/acvptool/subprocess/block.go | 59 +++++++++++++++++++ .../acvp/acvptool/subprocess/subprocess.go | 1 + .../acvp/modulewrapper/modulewrapper.cc | 26 ++++++-- 3 files changed, 80 insertions(+), 6 deletions(-) diff --git a/util/fipstools/acvp/acvptool/subprocess/block.go b/util/fipstools/acvp/acvptool/subprocess/block.go index 35c2133e11..3b468c8698 100644 --- a/util/fipstools/acvp/acvptool/subprocess/block.go +++ b/util/fipstools/acvp/acvptool/subprocess/block.go @@ -203,6 +203,65 @@ func iterate3DES(transact func(n int, args ...[]byte) ([][]byte, error), encrypt return mctResults } +// iterate3DESCBC implements "TDES Monte Carlo Test - CBC mode" from the ACVP +// specification. +func iterate3DESCBC(transact func(n int, args ...[]byte) ([][]byte, error), encrypt bool, key, input, iv []byte) (mctResults []blockCipherMCTResult) { + for i := 0; i < 400; i++ { + var iteration blockCipherMCTResult + keyHex := hex.EncodeToString(key) + iteration.Key1Hex = keyHex[:16] + iteration.Key2Hex = keyHex[16:32] + iteration.Key3Hex = keyHex[32:] + + if encrypt { + iteration.PlaintextHex = hex.EncodeToString(input) + } else { + iteration.CiphertextHex = hex.EncodeToString(input) + } + iteration.IVHex = hex.EncodeToString(iv) + + var result, prevResult, prevPrevResult []byte + for j := 0; j < 10000; j++ { + prevPrevResult = prevResult + prevResult = result + results, err := transact(1, key, input, iv) + if err != nil { + panic("block operation failed") + } + result = results[0] + + if encrypt { + if j == 0 { + input = iv + } else { + input = prevResult + } + iv = result + } else { + iv = input + input = result + } + } + + if encrypt { + iteration.CiphertextHex = hex.EncodeToString(result) + } else { + iteration.PlaintextHex = hex.EncodeToString(result) + } + + keyShuffle3DES(key, result, prevResult, prevPrevResult) + + if encrypt { + input = prevResult + iv = result + } + + mctResults = append(mctResults, iteration) + } + + return mctResults +} + // blockCipher implements an ACVP algorithm by making requests to the subprocess // to encrypt and decrypt with a block cipher. type blockCipher struct { diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index 3c049819ac..76442fad67 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -80,6 +80,7 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, true, true, iterateAESCBC}, "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, false, true, nil}, "ACVP-TDES-ECB": &blockCipher{"3DES-ECB", 8, true, false, iterate3DES}, + "ACVP-TDES-CBC": &blockCipher{"3DES-CBC", 8, true, true, iterate3DESCBC}, "ACVP-AES-GCM": &aead{"AES-GCM", false}, "ACVP-AES-CCM": &aead{"AES-CCM", true}, "ACVP-AES-KW": &aead{"AES-KW", false}, diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index d97ea91719..c782f67a77 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -258,6 +258,13 @@ static bool GetConfig(const Span args[]) { "keyLen": [192], "keyingOption": [1] }, + { + "algorithm": "ACVP-TDES-CBC", + "revision": "1.0", + "direction": ["encrypt", "decrypt"], + "keyLen": [192], + "keyingOption": [1] + }, { "algorithm": "HMAC-SHA-1", "revision": "1.0", @@ -728,9 +735,9 @@ static bool AESPaddedKeyWrapOpen(const Span args[]) { Span(out)); } -template +template static bool TDES(const Span args[]) { - const EVP_CIPHER *cipher = EVP_des_ede3(); + const EVP_CIPHER *cipher = cipher_func(); if (args[0].size() != 24) { fprintf(stderr, "Bad key length %u for 3DES.\n", @@ -742,14 +749,19 @@ static bool TDES(const Span args[]) { static_cast(args[1].size())); return false; } + if (HasIV && args[2].size() != EVP_CIPHER_iv_length(cipher)) { + fprintf(stderr, "Bad IV length %u for 3DES.\n", + static_cast(args[2].size())); + return false; + } std::vector out; out.resize(args[1].size()); bssl::ScopedEVP_CIPHER_CTX ctx; int out_len, out_len2; - if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, args[0].data(), nullptr, - Encrypt ? 1 : 0) || + if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, args[0].data(), + HasIV ? args[2].data() : nullptr, Encrypt ? 1 : 0) || !EVP_CIPHER_CTX_set_padding(ctx.get(), 0) || !EVP_CipherUpdate(ctx.get(), out.data(), &out_len, args[1].data(), args[1].size()) || @@ -1016,8 +1028,10 @@ static constexpr struct { {"AES-KWP/open", 5, AESPaddedKeyWrapOpen}, {"AES-CCM/seal", 5, AEADSeal}, {"AES-CCM/open", 5, AEADOpen}, - {"3DES-ECB/encrypt", 2, TDES}, - {"3DES-ECB/decrypt", 2, TDES}, + {"3DES-ECB/encrypt", 2, TDES}, + {"3DES-ECB/decrypt", 2, TDES}, + {"3DES-CBC/encrypt", 3, TDES}, + {"3DES-CBC/decrypt", 3, TDES}, {"HMAC-SHA-1", 2, HMAC}, {"HMAC-SHA2-224", 2, HMAC}, {"HMAC-SHA2-256", 2, HMAC}, From 40f49428d164b7e7145ce6e691956a023ea5cf99 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 23 Oct 2020 11:08:41 -0400 Subject: [PATCH 147/399] Reland "Check AlgorithmIdentifier parameters for RSA and ECDSA signatures."" This is a looser reland of https://boringssl-review.googlesource.com/c/boringssl/+/41804, which was reverted in https://boringssl-review.googlesource.com/c/boringssl/+/42804. Enforcing that the ECDSA parameters were omitted rather than NULL hit some compatibility issues, so instead allow either forms for now. To align with the Chromium verifier, we'll probably want to later be stricter with a quirks flag to allow the invalid form, and then add a similar flag to Chromium. For now, at least try to reject the completely invalid parameter values. Update-Note: Some invalid certificates will now be rejected at verification time. Parsing of certificates is unchanged. Bug: b/167375496,342 Change-Id: I1cba44fd164660e82a7a27e26368609e2bf59955 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43664 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/x509/algorithm.c | 10 ++++ crypto/x509/x509_test.cc | 120 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 130 insertions(+) diff --git a/crypto/x509/algorithm.c b/crypto/x509/algorithm.c index 8f53fff6db..c021dc4439 100644 --- a/crypto/x509/algorithm.c +++ b/crypto/x509/algorithm.c @@ -142,6 +142,16 @@ int x509_digest_verify_init(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, return 0; } + /* The parameter should be an explicit NULL for RSA and omitted for ECDSA. For + * compatibility, we allow either for both algorithms. See b/167375496. + * + * TODO(davidben): Chromium's verifier allows both forms for RSA, but enforces + * ECDSA more strictly. Align with Chromium and add a flag for b/167375496. */ + if (sigalg->parameter != NULL && sigalg->parameter->type != V_ASN1_NULL) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PARAMETER); + return 0; + } + /* Otherwise, initialize with the digest from the OID. */ const EVP_MD *digest = EVP_get_digestbynid(digest_nid); if (digest == NULL) { diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index 458f7469d0..77c87fc607 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -244,6 +244,14 @@ moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ== -----END RSA PRIVATE KEY----- )"; +static const char kP256Key[] = R"( +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ +TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N +Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB +-----END PRIVATE KEY----- +)"; + // kCRLTestRoot is a test root certificate. It has private key: // // -----BEGIN RSA PRIVATE KEY----- @@ -2545,3 +2553,115 @@ TEST(X509Test, BasicConstraints) { EXPECT_EQ(test.path_len, X509_get_pathlen(cert.get())); } } + +// The following strings are test certificates signed by kP256Key and kRSAKey, +// with missing, NULL, or invalid algorithm parameters. +static const char kP256NoParam[] = R"( +-----BEGIN CERTIFICATE----- +MIIBIDCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX +DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0 +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke +DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAqdIiF+bN9Cl44oUeICpy +aXd7HqhpVUaglYKw9ChmNUACIQCpMdL0fNkFNDbRww9dSl/y7kBdk/tp16HiqeSy +gGzFYg== +-----END CERTIFICATE----- +)"; +static const char kP256NullParam[] = R"( +-----BEGIN CERTIFICATE----- +MIIBJDCByKADAgECAgIE0jAMBggqhkjOPQQDAgUAMA8xDTALBgNVBAMTBFRlc3Qw +IBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMA8xDTALBgNVBAMTBFRl +c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2niv2Wfl74vHg2UikzVl2u3 +qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLBoxAw +DjAMBgNVHRMEBTADAQH/MAwGCCqGSM49BAMCBQADSQAwRgIhAKILHmyo+F3Cn/VX +UUeSXOQQKX5aLzsQitwwmNF3ZgH3AiEAsYHcrVj/ftmoQIORARkQ/+PrqntXev8r +t6uPxHrmpUY= +-----END CERTIFICATE----- +)"; +static const char kP256InvalidParam[] = R"( +-----BEGIN CERTIFICATE----- +MIIBMTCBz6ADAgECAgIE0jATBggqhkjOPQQDAgQHZ2FyYmFnZTAPMQ0wCwYDVQQD +EwRUZXN0MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYD +VQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4N +lIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1L +z3IiwaMQMA4wDAYDVR0TBAUwAwEB/zATBggqhkjOPQQDAgQHZ2FyYmFnZQNIADBF +AiAglpDf/YhN89LeJ2WAs/F0SJIrsuhS4uoInIz6WXUiuQIhAIu5Pwhp5E3Pbo8y +fLULTZnynuQUULQkRcF7S7T2WpIL +-----END CERTIFICATE----- +)"; +static const char kRSANoParam[] = R"( +-----BEGIN CERTIFICATE----- +MIIBWzCBx6ADAgECAgIE0jALBgkqhkiG9w0BAQswDzENMAsGA1UEAxMEVGVzdDAg +Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz +dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep +Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO +MAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4GBAC1f8W3W0Ao7CPfIBQYDSbPh +brZpbxdBU5x27JOS7iSa+Lc9pEH5VCX9vIypHVHXLPEfZ38yIt11eiyrmZB6w62N +l9kIeZ6FVPmC30d3sXx70Jjs+ZX9yt7kD1gLyNAQQfeYfa4rORAZT1n2YitD74NY +TWUH2ieFP3l+ecj1SeQR +-----END CERTIFICATE----- +)"; +static const char kRSANullParam[] = R"( +-----BEGIN CERTIFICATE----- +MIIBXzCByaADAgECAgIE0jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRUZXN0 +MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRU +ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdr +t6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQ +MA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAzVcfIv+Rq1KrMXqIL +fPq/cWZjgqFZA1RGaGElNaqp+rkJfamq5tDGzckWpebrK+jjRN7yIlcWDtPpy3Gy +seZfvtBDR0TwJm0S/pQl8prKB4wgALcwe3bmi56Rq85nzY5ZLNcP16LQxL+jAAua +SwmQUz4bRpckRBj+sIyp1We+pg== +-----END CERTIFICATE----- +)"; +static const char kRSAInvalidParam[] = R"( +-----BEGIN CERTIFICATE----- +MIIBbTCB0KADAgECAgIE0jAUBgkqhkiG9w0BAQsEB2dhcmJhZ2UwDzENMAsGA1UE +AxMEVGVzdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsG +A1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8e +DZSKTNWXa7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQt +S89yIsGjEDAOMAwGA1UdEwQFMAMBAf8wFAYJKoZIhvcNAQELBAdnYXJiYWdlA4GB +AHTJ6cWWjCNrZhqiWWVI3jdK+h5xpRG8jGMXxR4JnjtoYRRusJLOXhmapwCB6fA0 +4vc+66O27v36yDmQX+tIc/hDrTpKNJptU8q3n2VagREvoHhkOTYkcCeS8vmnMtn8 +5OMNZ/ajVwOssw61GcAlScRqEHkZFBoGp7e+QpgB2tf9 +-----END CERTIFICATE----- +)"; + +TEST(X509Test, AlgorithmParameters) { + // P-256 parameters should be omitted, but we accept NULL ones. + bssl::UniquePtr key = PrivateKeyFromPEM(kP256Key); + ASSERT_TRUE(key); + + bssl::UniquePtr cert = CertFromPEM(kP256NoParam); + ASSERT_TRUE(cert); + EXPECT_TRUE(X509_verify(cert.get(), key.get())); + + cert = CertFromPEM(kP256NullParam); + ASSERT_TRUE(cert); + EXPECT_TRUE(X509_verify(cert.get(), key.get())); + + cert = CertFromPEM(kP256InvalidParam); + ASSERT_TRUE(cert); + EXPECT_FALSE(X509_verify(cert.get(), key.get())); + uint32_t err = ERR_get_error(); + EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); + EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err)); + + // RSA parameters should be NULL, but we accept omitted ones. + key = PrivateKeyFromPEM(kRSAKey); + ASSERT_TRUE(key); + + cert = CertFromPEM(kRSANoParam); + ASSERT_TRUE(cert); + EXPECT_TRUE(X509_verify(cert.get(), key.get())); + + cert = CertFromPEM(kRSANullParam); + ASSERT_TRUE(cert); + EXPECT_TRUE(X509_verify(cert.get(), key.get())); + + cert = CertFromPEM(kRSAInvalidParam); + ASSERT_TRUE(cert); + EXPECT_FALSE(X509_verify(cert.get(), key.get())); + err = ERR_get_error(); + EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); + EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err)); +} From 80e3f957e46bf2af828d67065bc19d9471f368fd Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Thu, 22 Oct 2020 12:45:35 -0700 Subject: [PATCH 148/399] Support 4096-bit keys in FIPS mode. Change-Id: I9aa66109bd0f6acc0c30a505eef6d85b6972132d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43624 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- crypto/fipsmodule/rsa/rsa_impl.c | 53 +++++++++++++++++++++++++++----- crypto/rsa_extra/rsa_test.cc | 24 ++++++++------- 2 files changed, 59 insertions(+), 18 deletions(-) diff --git a/crypto/fipsmodule/rsa/rsa_impl.c b/crypto/fipsmodule/rsa/rsa_impl.c index 86ff2f389c..7343b75cec 100644 --- a/crypto/fipsmodule/rsa/rsa_impl.c +++ b/crypto/fipsmodule/rsa/rsa_impl.c @@ -933,20 +933,57 @@ static int ensure_bignum(BIGNUM **out) { return *out != NULL; } -// kBoringSSLRSASqrtTwo is the BIGNUM representation of ⌊2¹⁵³⁵×√2⌋. This is -// chosen to give enough precision for 3072-bit RSA, the largest key size FIPS +// kBoringSSLRSASqrtTwo is the BIGNUM representation of ⌊2²⁰⁴⁷×√2⌋. This is +// chosen to give enough precision for 4096-bit RSA, the largest key size FIPS // specifies. Key sizes beyond this will round up. // -// To verify this number, check that n² < 2³⁰⁷¹ < (n+1)², where n is value +// To calculate, use the following Haskell code: +// +// import Text.Printf (printf) +// import Data.List (intercalate) +// +// pow2 = 4095 +// target = 2^pow2 +// +// f x = x*x - (toRational target) +// +// fprime x = 2*x +// +// newtonIteration x = x - (f x) / (fprime x) +// +// converge x = +// let n = floor x in +// if n*n - target < 0 && (n+1)*(n+1) - target > 0 +// then n +// else converge (newtonIteration x) +// +// divrem bits x = (x `div` (2^bits), x `rem` (2^bits)) +// +// bnWords :: Integer -> [Integer] +// bnWords x = +// if x == 0 +// then [] +// else let (high, low) = divrem 64 x in low : bnWords high +// +// showWord x = let (high, low) = divrem 32 x in printf "TOBN(0x%08x, 0x%08x)" high low +// +// output :: String +// output = intercalate ", " $ map showWord $ bnWords $ converge (2 ^ (pow2 `div` 2)) +// +// To verify this number, check that n² < 2⁴⁰⁹⁵ < (n+1)², where n is value // represented here. Note the components are listed in little-endian order. Here // is some sample Python code to check: // // >>> TOBN = lambda a, b: a << 32 | b // >>> l = [ ] // >>> n = sum(a * 2**(64*i) for i, a in enumerate(l)) -// >>> n**2 < 2**3071 < (n+1)**2 +// >>> n**2 < 2**4095 < (n+1)**2 // True const BN_ULONG kBoringSSLRSASqrtTwo[] = { + TOBN(0x4d7c60a5, 0xe633e3e1), TOBN(0x5fcf8f7b, 0xca3ea33b), + TOBN(0xc246785e, 0x92957023), TOBN(0xf9acce41, 0x797f2805), + TOBN(0xfdfe170f, 0xd3b1f780), TOBN(0xd24f4a76, 0x3facb882), + TOBN(0x18838a2e, 0xaff5f3b2), TOBN(0xc1fcbdde, 0xa2f7dc33), TOBN(0xdea06241, 0xf7aa81c2), TOBN(0xf6a1be3f, 0xca221307), TOBN(0x332a5e9f, 0x7bda1ebf), TOBN(0x0104dc01, 0xfe32352f), TOBN(0xb8cf341b, 0x6f8236c7), TOBN(0x4264dabc, 0xd528b651), @@ -1167,13 +1204,13 @@ static int rsa_generate_key_impl(RSA *rsa, int bits, const BIGNUM *e_value, int sqrt2_bits = kBoringSSLRSASqrtTwoLen * BN_BITS2; assert(sqrt2_bits == (int)BN_num_bits(sqrt2)); if (sqrt2_bits > prime_bits) { - // For key sizes up to 3072 (prime_bits = 1536), this is exactly + // For key sizes up to 4096 (prime_bits = 2048), this is exactly // ⌊2^(prime_bits-1)×√2⌋. if (!BN_rshift(sqrt2, sqrt2, sqrt2_bits - prime_bits)) { goto bn_err; } } else if (prime_bits > sqrt2_bits) { - // For key sizes beyond 3072, this is approximate. We err towards retrying + // For key sizes beyond 4096, this is approximate. We err towards retrying // to ensure our key is the right size and round up. if (!BN_add_word(sqrt2, 1) || !BN_lshift(sqrt2, sqrt2, prime_bits - sqrt2_bits)) { @@ -1330,7 +1367,9 @@ int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e_value, int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb) { // FIPS 186-4 allows 2048-bit and 3072-bit RSA keys (1024-bit and 1536-bit // primes, respectively) with the prime generation method we use. - if (bits != 2048 && bits != 3072) { + // Subsequently, IG A.14 stated that larger modulus sizes can be used and ACVP + // testing supports 4096 bits. + if (bits != 2048 && bits != 3072 && bits != 4096) { OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_RSA_PARAMETERS); return 0; } diff --git a/crypto/rsa_extra/rsa_test.cc b/crypto/rsa_extra/rsa_test.cc index e9b68c9b97..883eb97f2d 100644 --- a/crypto/rsa_extra/rsa_test.cc +++ b/crypto/rsa_extra/rsa_test.cc @@ -496,24 +496,26 @@ TEST(RSATest, GenerateFIPS) { bssl::UniquePtr rsa(RSA_new()); ASSERT_TRUE(rsa); - // RSA_generate_key_fips may only be used for 2048-bit and 3072-bit keys. + // RSA_generate_key_fips may only be used for 2048-, 3072-, and 4096-bit + // keys. EXPECT_FALSE(RSA_generate_key_fips(rsa.get(), 512, nullptr)); EXPECT_FALSE(RSA_generate_key_fips(rsa.get(), 1024, nullptr)); EXPECT_FALSE(RSA_generate_key_fips(rsa.get(), 2047, nullptr)); EXPECT_FALSE(RSA_generate_key_fips(rsa.get(), 2049, nullptr)); EXPECT_FALSE(RSA_generate_key_fips(rsa.get(), 3071, nullptr)); EXPECT_FALSE(RSA_generate_key_fips(rsa.get(), 3073, nullptr)); - EXPECT_FALSE(RSA_generate_key_fips(rsa.get(), 4096, nullptr)); + EXPECT_FALSE(RSA_generate_key_fips(rsa.get(), 4095, nullptr)); + EXPECT_FALSE(RSA_generate_key_fips(rsa.get(), 4097, nullptr)); ERR_clear_error(); - // Test that we can generate 2048-bit and 3072-bit RSA keys. - ASSERT_TRUE(RSA_generate_key_fips(rsa.get(), 2048, nullptr)); - EXPECT_EQ(2048u, BN_num_bits(rsa->n)); + // Test that we can generate keys of the supported lengths: + for (const size_t bits : {2048, 3072, 4096}) { + SCOPED_TRACE(bits); - rsa.reset(RSA_new()); - ASSERT_TRUE(rsa); - ASSERT_TRUE(RSA_generate_key_fips(rsa.get(), 3072, nullptr)); - EXPECT_EQ(3072u, BN_num_bits(rsa->n)); + rsa.reset(RSA_new()); + ASSERT_TRUE(RSA_generate_key_fips(rsa.get(), bits, nullptr)); + EXPECT_EQ(bits, BN_num_bits(rsa->n)); + } } TEST(RSATest, BadKey) { @@ -1044,8 +1046,8 @@ TEST(RSATest, SqrtTwo) { ASSERT_TRUE(BN_sqr(sqrt.get(), sqrt.get(), ctx.get())); EXPECT_LT(BN_cmp(pow2.get(), sqrt.get()), 0); - // Check the kBoringSSLRSASqrtTwo is sized for a 3072-bit RSA key. - EXPECT_EQ(3072u / 2u, bits); + // Check the kBoringSSLRSASqrtTwo is sized for a 4096-bit RSA key. + EXPECT_EQ(4096u / 2u, bits); } #endif // !BORINGSSL_SHARED_LIBRARY From 2e22d1b3cb2415ffdf229d7039489f7fcd971546 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Thu, 22 Oct 2020 07:56:36 -0700 Subject: [PATCH 149/399] acvp: support RSA key generation tests. Change-Id: I40bbf6d10fcfd1e0fb506bef44f4cd6e9d2daac5 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43644 Reviewed-by: David Benjamin --- .../fipstools/acvp/acvptool/subprocess/rsa.go | 115 ++++++++++++++++++ .../acvp/acvptool/subprocess/subprocess.go | 1 + .../acvp/modulewrapper/modulewrapper.cc | 52 ++++++++ 3 files changed, 168 insertions(+) create mode 100644 util/fipstools/acvp/acvptool/subprocess/rsa.go diff --git a/util/fipstools/acvp/acvptool/subprocess/rsa.go b/util/fipstools/acvp/acvptool/subprocess/rsa.go new file mode 100644 index 0000000000..3133d915f8 --- /dev/null +++ b/util/fipstools/acvp/acvptool/subprocess/rsa.go @@ -0,0 +1,115 @@ +// Copyright (c) 2020, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +package subprocess + +import ( + "encoding/hex" + "encoding/json" + "fmt" +) + +// See https://usnistgov.github.io/ACVP/draft-celi-acvp-rsa.html#section-7.4 +// although, at the time of writing, that spec doesn't match what the NIST demo +// server actually produces. This code matches the server. + +type rsaTestVectorSet struct { + Mode string `json:"mode"` +} + +type rsaKeyGenTestVectorSet struct { + Groups []rsaKeyGenGroup `json:"testGroups"` +} + +type rsaKeyGenGroup struct { + ID uint64 `json:"tgId"` + Type string `json:"testType"` + ModulusBits uint32 `json:"modulo"` + Tests []rsaKeyGenTest `json:"tests"` +} + +type rsaKeyGenTest struct { + ID uint64 `json:"tcId"` +} + +type rsaKeyGenTestGroupResponse struct { + ID uint64 `json:"tgId"` + Tests []rsaKeyGenTestResponse `json:"tests"` +} + +type rsaKeyGenTestResponse struct { + ID uint64 `json:"tcId"` + E string `json:"e"` + P string `json:"p"` + Q string `json:"q"` + N string `json:"n"` + D string `json:"d"` +} + +func processKeyGen(vectorSet []byte, m Transactable) (interface{}, error) { + var parsed rsaKeyGenTestVectorSet + if err := json.Unmarshal(vectorSet, &parsed); err != nil { + return nil, err + } + + var ret []rsaKeyGenTestGroupResponse + + for _, group := range parsed.Groups { + // GDT means "Generated data test", i.e. "please generate an RSA key". + const expectedType = "GDT" + if group.Type != expectedType { + return nil, fmt.Errorf("RSA KeyGen test group has type %q, but only generation tests (%q) are supported", group.Type, expectedType) + } + + response := rsaKeyGenTestGroupResponse{ + ID: group.ID, + } + + for _, test := range group.Tests { + results, err := m.Transact("RSA/keyGen", 5, uint32le(group.ModulusBits)) + if err != nil { + return nil, err + } + + response.Tests = append(response.Tests, rsaKeyGenTestResponse{ + ID: test.ID, + E: hex.EncodeToString(results[0]), + P: hex.EncodeToString(results[1]), + Q: hex.EncodeToString(results[2]), + N: hex.EncodeToString(results[3]), + D: hex.EncodeToString(results[4]), + }) + } + + ret = append(ret, response) + } + + return ret, nil +} + +type rsa struct{} + +func (*rsa) Process(vectorSet []byte, m Transactable) (interface{}, error) { + var parsed rsaTestVectorSet + if err := json.Unmarshal(vectorSet, &parsed); err != nil { + return nil, err + } + + switch parsed.Mode { + case "keyGen": + return processKeyGen(vectorSet, m) + default: + return nil, fmt.Errorf("Unknown RSA mode %q", parsed.Mode) + } +} diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index 76442fad67..6f450d420c 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -94,6 +94,7 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess "hmacDRBG": &drbg{"hmacDRBG", map[string]bool{"SHA-1": true, "SHA2-224": true, "SHA2-256": true, "SHA2-384": true, "SHA2-512": true}}, "KDF": &kdfPrimitive{}, "CMAC-AES": &keyedMACPrimitive{"CMAC-AES"}, + "RSA": &rsa{}, } m.primitives["ECDSA"] = &ecdsa{"ECDSA", map[string]bool{"P-224": true, "P-256": true, "P-384": true, "P-521": true}, m.primitives} diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index c782f67a77..48b96da10e 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -34,6 +34,7 @@ #include #include #include +#include #include #include @@ -395,6 +396,34 @@ static bool GetConfig(const Span args[]) { ] }] }, + { + "algorithm": "RSA", + "mode": "keyGen", + "revision": "FIPS186-4", + "infoGeneratedByServer": true, + "pubExpMode": "fixed", + "fixedPubExp": "010001", + "keyFormat": "standard", + "capabilities": [{ + "randPQ": "B.3.3", + "properties": [{ + "modulo": 2048, + "primeTest": [ + "tblC2" + ] + },{ + "modulo": 3072, + "primeTest": [ + "tblC2" + ] + },{ + "modulo": 4096, + "primeTest": [ + "tblC2" + ] + }] + }] + }, { "algorithm": "CMAC-AES", "revision": "1.0", @@ -1003,6 +1032,28 @@ static bool CMAC_AES(const Span args[]) { return WriteReply(STDOUT_FILENO, Span(mac, mac_len)); } +static bool RSAKeyGen(const Span args[]) { + uint32_t bits; + if (args[0].size() != sizeof(bits)) { + return false; + } + memcpy(&bits, args[0].data(), sizeof(bits)); + + bssl::UniquePtr key(RSA_new()); + if (!RSA_generate_key_fips(key.get(), bits, nullptr)) { + fprintf(stderr, "RSA_generate_key_fips failed for modulus length %u.\n", + bits); + return false; + } + + const BIGNUM *n, *e, *d, *p, *q; + RSA_get0_key(key.get(), &n, &e, &d); + RSA_get0_factors(key.get(), &p, &q); + + return WriteReply(STDOUT_FILENO, BIGNUMBytes(e), BIGNUMBytes(p), + BIGNUMBytes(q), BIGNUMBytes(n), BIGNUMBytes(d)); +} + static constexpr struct { const char name[kMaxNameLength + 1]; uint8_t expected_args; @@ -1043,6 +1094,7 @@ static constexpr struct { {"ECDSA/sigGen", 4, ECDSASigGen}, {"ECDSA/sigVer", 7, ECDSASigVer}, {"CMAC-AES", 3, CMAC_AES}, + {"RSA/keyGen", 1, RSAKeyGen}, }; int main() { From e44d977c5eecfda6e3bbf97b6060d10ba88c463e Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Thu, 22 Oct 2020 16:21:09 -0700 Subject: [PATCH 150/399] acvp: RSA signature generation tests. Change-Id: Ibc794a66ea9b04e2d48c2124d52234a0bed10aff Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43625 Reviewed-by: David Benjamin Commit-Queue: Adam Langley --- .../fipstools/acvp/acvptool/subprocess/rsa.go | 83 ++++++++ .../acvp/modulewrapper/modulewrapper.cc | 198 +++++++++++++++++- 2 files changed, 279 insertions(+), 2 deletions(-) diff --git a/util/fipstools/acvp/acvptool/subprocess/rsa.go b/util/fipstools/acvp/acvptool/subprocess/rsa.go index 3133d915f8..0825c04b47 100644 --- a/util/fipstools/acvp/acvptool/subprocess/rsa.go +++ b/util/fipstools/acvp/acvptool/subprocess/rsa.go @@ -57,6 +57,36 @@ type rsaKeyGenTestResponse struct { D string `json:"d"` } +type rsaSigGenTestVectorSet struct { + Groups []rsaSigGenGroup `json:"testGroups"` +} + +type rsaSigGenGroup struct { + ID uint64 `json:"tgId"` + Type string `json:"testType"` + SigType string `json:"sigType"` + ModulusBits uint32 `json:"modulo"` + Hash string `json:"hashAlg"` + Tests []rsaSigGenTest `json:"tests"` +} + +type rsaSigGenTest struct { + ID uint64 `json:"tcId"` + MessageHex string `json:"message"` +} + +type rsaSigGenTestGroupResponse struct { + ID uint64 `json:"tgId"` + N string `json:"n"` + E string `json:"e"` + Tests []rsaSigGenTestResponse `json:"tests"` +} + +type rsaSigGenTestResponse struct { + ID uint64 `json:"tcId"` + Sig string `json:"signature"` +} + func processKeyGen(vectorSet []byte, m Transactable) (interface{}, error) { var parsed rsaKeyGenTestVectorSet if err := json.Unmarshal(vectorSet, &parsed); err != nil { @@ -98,6 +128,57 @@ func processKeyGen(vectorSet []byte, m Transactable) (interface{}, error) { return ret, nil } +func processSigGen(vectorSet []byte, m Transactable) (interface{}, error) { + var parsed rsaSigGenTestVectorSet + if err := json.Unmarshal(vectorSet, &parsed); err != nil { + return nil, err + } + + var ret []rsaSigGenTestGroupResponse + + for _, group := range parsed.Groups { + // GDT means "Generated data test", i.e. "please generate an RSA signature". + const expectedType = "GDT" + if group.Type != expectedType { + return nil, fmt.Errorf("RSA SigGen test group has type %q, but only generation tests (%q) are supported", group.Type, expectedType) + } + + response := rsaSigGenTestGroupResponse{ + ID: group.ID, + } + + operation := "RSA/sigGen/" + group.Hash + "/" + group.SigType + + for _, test := range group.Tests { + msg, err := hex.DecodeString(test.MessageHex) + if err != nil { + return nil, fmt.Errorf("test case %d/%d contains invalid hex: %s", group.ID, test.ID, err) + } + + results, err := m.Transact(operation, 3, uint32le(group.ModulusBits), msg) + if err != nil { + return nil, err + } + + if len(response.N) == 0 { + response.N = hex.EncodeToString(results[0]) + response.E = hex.EncodeToString(results[1]) + } else if response.N != hex.EncodeToString(results[0]) { + return nil, fmt.Errorf("module wrapper returned different RSA keys for the same SigGen configuration") + } + + response.Tests = append(response.Tests, rsaSigGenTestResponse{ + ID: test.ID, + Sig: hex.EncodeToString(results[2]), + }) + } + + ret = append(ret, response) + } + + return ret, nil +} + type rsa struct{} func (*rsa) Process(vectorSet []byte, m Transactable) (interface{}, error) { @@ -109,6 +190,8 @@ func (*rsa) Process(vectorSet []byte, m Transactable) (interface{}, error) { switch parsed.Mode { case "keyGen": return processKeyGen(vectorSet, m) + case "sigGen": + return processSigGen(vectorSet, m) default: return nil, fmt.Errorf("Unknown RSA mode %q", parsed.Mode) } diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index 48b96da10e..aad2a3cd65 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -12,6 +12,7 @@ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include #include #include @@ -424,6 +425,123 @@ static bool GetConfig(const Span args[]) { }] }] }, + { + "algorithm": "RSA", + "mode": "sigGen", + "revision": "FIPS186-4", + "capabilities": [{ + "sigType": "pkcs1v1.5", + "properties": [{ + "modulo": 2048, + "hashPair": [{ + "hashAlg": "SHA2-224" + }, { + "hashAlg": "SHA2-256" + }, { + "hashAlg": "SHA2-384" + }, { + "hashAlg": "SHA2-512" + }, { + "hashAlg": "SHA-1" + }] + }] + },{ + "sigType": "pkcs1v1.5", + "properties": [{ + "modulo": 3072, + "hashPair": [{ + "hashAlg": "SHA2-224" + }, { + "hashAlg": "SHA2-256" + }, { + "hashAlg": "SHA2-384" + }, { + "hashAlg": "SHA2-512" + }, { + "hashAlg": "SHA-1" + }] + }] + },{ + "sigType": "pkcs1v1.5", + "properties": [{ + "modulo": 4096, + "hashPair": [{ + "hashAlg": "SHA2-224" + }, { + "hashAlg": "SHA2-256" + }, { + "hashAlg": "SHA2-384" + }, { + "hashAlg": "SHA2-512" + }, { + "hashAlg": "SHA-1" + }] + }] + },{ + "sigType": "pss", + "properties": [{ + "modulo": 2048, + "hashPair": [{ + "hashAlg": "SHA2-224", + "saltLen": 28 + }, { + "hashAlg": "SHA2-256", + "saltLen": 32 + }, { + "hashAlg": "SHA2-384", + "saltLen": 48 + }, { + "hashAlg": "SHA2-512", + "saltLen": 64 + }, { + "hashAlg": "SHA-1", + "saltLen": 20 + }] + }] + },{ + "sigType": "pss", + "properties": [{ + "modulo": 3072, + "hashPair": [{ + "hashAlg": "SHA2-224", + "saltLen": 28 + }, { + "hashAlg": "SHA2-256", + "saltLen": 32 + }, { + "hashAlg": "SHA2-384", + "saltLen": 48 + }, { + "hashAlg": "SHA2-512", + "saltLen": 64 + }, { + "hashAlg": "SHA-1", + "saltLen": 20 + }] + }] + },{ + "sigType": "pss", + "properties": [{ + "modulo": 4096, + "hashPair": [{ + "hashAlg": "SHA2-224", + "saltLen": 28 + }, { + "hashAlg": "SHA2-256", + "saltLen": 32 + }, { + "hashAlg": "SHA2-384", + "saltLen": 48 + }, { + "hashAlg": "SHA2-512", + "saltLen": 64 + }, { + "hashAlg": "SHA-1", + "saltLen": 20 + }] + }] + }] + }, { "algorithm": "CMAC-AES", "revision": "1.0", @@ -1032,6 +1150,28 @@ static bool CMAC_AES(const Span args[]) { return WriteReply(STDOUT_FILENO, Span(mac, mac_len)); } +static std::map>& CachedRSAKeys() { + static std::map> keys; + return keys; +} + +static RSA* GetRSAKey(unsigned bits) { + auto it = CachedRSAKeys().find(bits); + if (it != CachedRSAKeys().end()) { + return it->second.get(); + } + + bssl::UniquePtr key(RSA_new()); + if (!RSA_generate_key_fips(key.get(), bits, nullptr)) { + abort(); + } + + RSA *const ret = key.get(); + CachedRSAKeys().emplace(static_cast(bits), std::move(key)); + + return ret; +} + static bool RSAKeyGen(const Span args[]) { uint32_t bits; if (args[0].size() != sizeof(bits)) { @@ -1050,8 +1190,52 @@ static bool RSAKeyGen(const Span args[]) { RSA_get0_key(key.get(), &n, &e, &d); RSA_get0_factors(key.get(), &p, &q); - return WriteReply(STDOUT_FILENO, BIGNUMBytes(e), BIGNUMBytes(p), - BIGNUMBytes(q), BIGNUMBytes(n), BIGNUMBytes(d)); + if (!WriteReply(STDOUT_FILENO, BIGNUMBytes(e), BIGNUMBytes(p), BIGNUMBytes(q), + BIGNUMBytes(n), BIGNUMBytes(d))) { + return false; + } + + CachedRSAKeys().emplace(static_cast(bits), std::move(key)); + return true; +} + +template +static bool RSASigGen(const Span args[]) { + uint32_t bits; + if (args[0].size() != sizeof(bits)) { + return false; + } + memcpy(&bits, args[0].data(), sizeof(bits)); + const Span msg = args[1]; + + RSA *const key = GetRSAKey(bits); + const EVP_MD *const md = MDFunc(); + uint8_t digest_buf[EVP_MAX_MD_SIZE]; + unsigned digest_len; + if (!EVP_Digest(msg.data(), msg.size(), digest_buf, &digest_len, md, NULL)) { + return false; + } + + std::vector sig(RSA_size(key)); + size_t sig_len; + if (UsePSS) { + if (!RSA_sign_pss_mgf1(key, &sig_len, sig.data(), sig.size(), digest_buf, + digest_len, md, md, -1)) { + return false; + } + } else { + unsigned sig_len_u; + if (!RSA_sign(EVP_MD_type(md), digest_buf, digest_len, sig.data(), + &sig_len_u, key)) { + return false; + } + sig_len = sig_len_u; + } + + sig.resize(sig_len); + + return WriteReply(STDOUT_FILENO, BIGNUMBytes(RSA_get0_n(key)), + BIGNUMBytes(RSA_get0_e(key)), sig); } static constexpr struct { @@ -1095,6 +1279,16 @@ static constexpr struct { {"ECDSA/sigVer", 7, ECDSASigVer}, {"CMAC-AES", 3, CMAC_AES}, {"RSA/keyGen", 1, RSAKeyGen}, + {"RSA/sigGen/SHA2-224/pkcs1v1.5", 2, RSASigGen}, + {"RSA/sigGen/SHA2-256/pkcs1v1.5", 2, RSASigGen}, + {"RSA/sigGen/SHA2-384/pkcs1v1.5", 2, RSASigGen}, + {"RSA/sigGen/SHA2-512/pkcs1v1.5", 2, RSASigGen}, + {"RSA/sigGen/SHA-1/pkcs1v1.5", 2, RSASigGen}, + {"RSA/sigGen/SHA2-224/pss", 2, RSASigGen}, + {"RSA/sigGen/SHA2-256/pss", 2, RSASigGen}, + {"RSA/sigGen/SHA2-384/pss", 2, RSASigGen}, + {"RSA/sigGen/SHA2-512/pss", 2, RSASigGen}, + {"RSA/sigGen/SHA-1/pss", 2, RSASigGen}, }; int main() { From 777e1ff3b1443788c5fdb982b3b822aac5448d9e Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Thu, 22 Oct 2020 16:57:56 -0700 Subject: [PATCH 151/399] acvp: RSA signature verification tests. Change-Id: I8697230d4feb3bc5308905aa8981087b0f080555 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43626 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- .../fipstools/acvp/acvptool/subprocess/rsa.go | 89 +++++++++ .../acvp/modulewrapper/modulewrapper.cc | 182 ++++++++++++++++++ 2 files changed, 271 insertions(+) diff --git a/util/fipstools/acvp/acvptool/subprocess/rsa.go b/util/fipstools/acvp/acvptool/subprocess/rsa.go index 0825c04b47..d2de73d633 100644 --- a/util/fipstools/acvp/acvptool/subprocess/rsa.go +++ b/util/fipstools/acvp/acvptool/subprocess/rsa.go @@ -87,6 +87,36 @@ type rsaSigGenTestResponse struct { Sig string `json:"signature"` } +type rsaSigVerTestVectorSet struct { + Groups []rsaSigVerGroup `json:"testGroups"` +} + +type rsaSigVerGroup struct { + ID uint64 `json:"tgId"` + Type string `json:"testType"` + SigType string `json:"sigType"` + Hash string `json:"hashAlg"` + N string `json:"n"` + E string `json:"e"` + Tests []rsaSigVerTest `json:"tests"` +} + +type rsaSigVerTest struct { + ID uint64 `json:"tcId"` + MessageHex string `json:"message"` + SignatureHex string `json:"signature"` +} + +type rsaSigVerTestGroupResponse struct { + ID uint64 `json:"tgId"` + Tests []rsaSigVerTestResponse `json:"tests"` +} + +type rsaSigVerTestResponse struct { + ID uint64 `json:"tcId"` + Passed bool `json:"testPassed"` +} + func processKeyGen(vectorSet []byte, m Transactable) (interface{}, error) { var parsed rsaKeyGenTestVectorSet if err := json.Unmarshal(vectorSet, &parsed); err != nil { @@ -179,6 +209,63 @@ func processSigGen(vectorSet []byte, m Transactable) (interface{}, error) { return ret, nil } +func processSigVer(vectorSet []byte, m Transactable) (interface{}, error) { + var parsed rsaSigVerTestVectorSet + if err := json.Unmarshal(vectorSet, &parsed); err != nil { + return nil, err + } + + var ret []rsaSigVerTestGroupResponse + + for _, group := range parsed.Groups { + // GDT means "Generated data test", which makes no sense in this context. + const expectedType = "GDT" + if group.Type != expectedType { + return nil, fmt.Errorf("RSA SigVer test group has type %q, but only 'generation' tests (%q) are supported", group.Type, expectedType) + } + + n, err := hex.DecodeString(group.N) + if err != nil { + return nil, fmt.Errorf("test group %d contains invalid hex: %s", group.ID, err) + } + e, err := hex.DecodeString(group.E) + if err != nil { + return nil, fmt.Errorf("test group %d contains invalid hex: %s", group.ID, err) + } + + response := rsaSigVerTestGroupResponse{ + ID: group.ID, + } + + operation := "RSA/sigVer/" + group.Hash + "/" + group.SigType + + for _, test := range group.Tests { + msg, err := hex.DecodeString(test.MessageHex) + if err != nil { + return nil, fmt.Errorf("test case %d/%d contains invalid hex: %s", group.ID, test.ID, err) + } + sig, err := hex.DecodeString(test.SignatureHex) + if err != nil { + return nil, fmt.Errorf("test case %d/%d contains invalid hex: %s", group.ID, test.ID, err) + } + + results, err := m.Transact(operation, 1, n, e, msg, sig) + if err != nil { + return nil, err + } + + response.Tests = append(response.Tests, rsaSigVerTestResponse{ + ID: test.ID, + Passed: len(results[0]) == 1 && results[0][0] == 1, + }) + } + + ret = append(ret, response) + } + + return ret, nil +} + type rsa struct{} func (*rsa) Process(vectorSet []byte, m Transactable) (interface{}, error) { @@ -192,6 +279,8 @@ func (*rsa) Process(vectorSet []byte, m Transactable) (interface{}, error) { return processKeyGen(vectorSet, m) case "sigGen": return processSigGen(vectorSet, m) + case "sigVer": + return processSigVer(vectorSet, m) default: return nil, fmt.Errorf("Unknown RSA mode %q", parsed.Mode) } diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index aad2a3cd65..8043497096 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -542,6 +543,141 @@ static bool GetConfig(const Span args[]) { }] }] }, + { + "algorithm": "RSA", + "mode": "sigVer", + "revision": "FIPS186-4", + "pubExpMode": "fixed", + "fixedPubExp": "010001", + "capabilities": [{ + "sigType": "pkcs1v1.5", + "properties": [{ + "modulo": 1024, + "hashPair": [{ + "hashAlg": "SHA2-224" + }, { + "hashAlg": "SHA2-256" + }, { + "hashAlg": "SHA2-384" + }, { + "hashAlg": "SHA2-512" + }, { + "hashAlg": "SHA-1" + }] + }] + },{ + "sigType": "pkcs1v1.5", + "properties": [{ + "modulo": 2048, + "hashPair": [{ + "hashAlg": "SHA2-224" + }, { + "hashAlg": "SHA2-256" + }, { + "hashAlg": "SHA2-384" + }, { + "hashAlg": "SHA2-512" + }, { + "hashAlg": "SHA-1" + }] + }] + },{ + "sigType": "pkcs1v1.5", + "properties": [{ + "modulo": 3072, + "hashPair": [{ + "hashAlg": "SHA2-224" + }, { + "hashAlg": "SHA2-256" + }, { + "hashAlg": "SHA2-384" + }, { + "hashAlg": "SHA2-512" + }, { + "hashAlg": "SHA-1" + }] + }] + },{ + "sigType": "pkcs1v1.5", + "properties": [{ + "modulo": 4096, + "hashPair": [{ + "hashAlg": "SHA2-224" + }, { + "hashAlg": "SHA2-256" + }, { + "hashAlg": "SHA2-384" + }, { + "hashAlg": "SHA2-512" + }, { + "hashAlg": "SHA-1" + }] + }] + },{ + "sigType": "pss", + "properties": [{ + "modulo": 2048, + "hashPair": [{ + "hashAlg": "SHA2-224", + "saltLen": 28 + }, { + "hashAlg": "SHA2-256", + "saltLen": 32 + }, { + "hashAlg": "SHA2-384", + "saltLen": 48 + }, { + "hashAlg": "SHA2-512", + "saltLen": 64 + }, { + "hashAlg": "SHA-1", + "saltLen": 20 + }] + }] + },{ + "sigType": "pss", + "properties": [{ + "modulo": 3072, + "hashPair": [{ + "hashAlg": "SHA2-224", + "saltLen": 28 + }, { + "hashAlg": "SHA2-256", + "saltLen": 32 + }, { + "hashAlg": "SHA2-384", + "saltLen": 48 + }, { + "hashAlg": "SHA2-512", + "saltLen": 64 + }, { + "hashAlg": "SHA-1", + "saltLen": 20 + }] + }] + },{ + "sigType": "pss", + "properties": [{ + "modulo": 4096, + "hashPair": [{ + "hashAlg": "SHA2-224", + "saltLen": 28 + }, { + "hashAlg": "SHA2-256", + "saltLen": 32 + }, { + "hashAlg": "SHA2-384", + "saltLen": 48 + }, { + "hashAlg": "SHA2-512", + "saltLen": 64 + }, { + "hashAlg": "SHA-1", + "saltLen": 20 + }] + }] + }] + }, { "algorithm": "CMAC-AES", "revision": "1.0", @@ -1238,6 +1374,42 @@ static bool RSASigGen(const Span args[]) { BIGNUMBytes(RSA_get0_e(key)), sig); } +template +static bool RSASigVer(const Span args[]) { + const Span n_bytes = args[0]; + const Span e_bytes = args[1]; + const Span msg = args[2]; + const Span sig = args[3]; + + BIGNUM *n = BN_new(); + BIGNUM *e = BN_new(); + bssl::UniquePtr key(RSA_new()); + if (!BN_bin2bn(n_bytes.data(), n_bytes.size(), n) || + !BN_bin2bn(e_bytes.data(), e_bytes.size(), e) || + !RSA_set0_key(key.get(), n, e, /*d=*/nullptr)) { + return false; + } + + const EVP_MD *const md = MDFunc(); + uint8_t digest_buf[EVP_MAX_MD_SIZE]; + unsigned digest_len; + if (!EVP_Digest(msg.data(), msg.size(), digest_buf, &digest_len, md, NULL)) { + return false; + } + + uint8_t ok; + if (UsePSS) { + ok = RSA_verify_pss_mgf1(key.get(), digest_buf, digest_len, md, md, -1, + sig.data(), sig.size()); + } else { + ok = RSA_verify(EVP_MD_type(md), digest_buf, digest_len, sig.data(), + sig.size(), key.get()); + } + ERR_clear_error(); + + return WriteReply(STDOUT_FILENO, Span(&ok, 1)); +} + static constexpr struct { const char name[kMaxNameLength + 1]; uint8_t expected_args; @@ -1289,6 +1461,16 @@ static constexpr struct { {"RSA/sigGen/SHA2-384/pss", 2, RSASigGen}, {"RSA/sigGen/SHA2-512/pss", 2, RSASigGen}, {"RSA/sigGen/SHA-1/pss", 2, RSASigGen}, + {"RSA/sigVer/SHA2-224/pkcs1v1.5", 4, RSASigVer}, + {"RSA/sigVer/SHA2-256/pkcs1v1.5", 4, RSASigVer}, + {"RSA/sigVer/SHA2-384/pkcs1v1.5", 4, RSASigVer}, + {"RSA/sigVer/SHA2-512/pkcs1v1.5", 4, RSASigVer}, + {"RSA/sigVer/SHA-1/pkcs1v1.5", 4, RSASigVer}, + {"RSA/sigVer/SHA2-224/pss", 4, RSASigVer}, + {"RSA/sigVer/SHA2-256/pss", 4, RSASigVer}, + {"RSA/sigVer/SHA2-384/pss", 4, RSASigVer}, + {"RSA/sigVer/SHA2-512/pss", 4, RSASigVer}, + {"RSA/sigVer/SHA-1/pss", 4, RSASigVer}, }; int main() { From c583dbea70bf113d30e47685307c162148556b4a Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Fri, 23 Oct 2020 12:47:27 -0700 Subject: [PATCH 152/399] Have fewer opaque booleans in aead_test.cc These booleans are a little hard to understand in context and adding any more makes things even more complicated. Thus make them flags so that the meaning is articulated locally. Change-Id: I8cdb7fd5657bb12f28a73d7c6818d400c987ad3b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43684 Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- crypto/cipher_extra/aead_test.cc | 142 +++++++++++++++++++++---------- 1 file changed, 96 insertions(+), 46 deletions(-) diff --git a/crypto/cipher_extra/aead_test.cc b/crypto/cipher_extra/aead_test.cc index fdf71b0566..02e0d99470 100644 --- a/crypto/cipher_extra/aead_test.cc +++ b/crypto/cipher_extra/aead_test.cc @@ -30,73 +30,119 @@ #include "../test/test_util.h" #include "../test/wycheproof_util.h" +// kLimitedImplementation indicates that tests that assume a generic AEAD +// interface should not be performed. For example, the key-wrap AEADs only +// handle inputs that are a multiple of eight bytes in length and the TLS CBC +// AEADs have the concept of “direction”. +constexpr uint32_t kLimitedImplementation = 1 << 0; +// kCanTruncateTags indicates that the AEAD supports truncatating tags to +// arbitrary lengths. +constexpr uint32_t kCanTruncateTags = 1 << 1; +// kVariableNonce indicates that the AEAD supports a variable-length nonce. +constexpr uint32_t kVariableNonce = 1 << 2; + +// RequiresADLength encodes an AD length requirement into flags. +constexpr uint32_t RequiresADLength(size_t length) { + // If we had a more recent C++ version we could assert that the length is + // sufficiently small with: + // + // if (length >= 16) { + // __builtin_unreachable(); + // } + return (length & 0xf) << 3; +} + +// RequiredADLength returns the AD length requirement encoded in |flags|, or +// zero if there isn't one. +constexpr size_t RequiredADLength(uint32_t flags) { + return (flags >> 3) & 0xf; +} struct KnownAEAD { const char name[40]; const EVP_AEAD *(*func)(void); const char *test_vectors; - // limited_implementation indicates that tests that assume a generic AEAD - // interface should not be performed. For example, the key-wrap AEADs only - // handle inputs that are a multiple of eight bytes in length and the TLS CBC - // AEADs have the concept of “direction”. - bool limited_implementation; - // truncated_tags is true if the AEAD supports truncating tags to arbitrary - // lengths. - bool truncated_tags; - // variable_nonce is true if the AEAD supports a variable nonce length. - bool variable_nonce; - // ad_len, if non-zero, is the required length of the AD. - size_t ad_len; + uint32_t flags; }; static const struct KnownAEAD kAEADs[] = { - {"AES_128_GCM", EVP_aead_aes_128_gcm, "aes_128_gcm_tests.txt", false, true, - true, 0}, + {"AES_128_GCM", EVP_aead_aes_128_gcm, "aes_128_gcm_tests.txt", + kCanTruncateTags | kVariableNonce}, + {"AES_128_GCM_NIST", EVP_aead_aes_128_gcm, "nist_cavp/aes_128_gcm.txt", - false, true, true, 0}, - {"AES_192_GCM", EVP_aead_aes_192_gcm, "aes_192_gcm_tests.txt", false, true, - true, 0}, - {"AES_256_GCM", EVP_aead_aes_256_gcm, "aes_256_gcm_tests.txt", false, true, - true, 0}, + kCanTruncateTags | kVariableNonce}, + + {"AES_192_GCM", EVP_aead_aes_192_gcm, "aes_192_gcm_tests.txt", + kCanTruncateTags | kVariableNonce}, + + {"AES_256_GCM", EVP_aead_aes_256_gcm, "aes_256_gcm_tests.txt", + kCanTruncateTags | kVariableNonce}, + {"AES_256_GCM_NIST", EVP_aead_aes_256_gcm, "nist_cavp/aes_256_gcm.txt", - false, true, true, 0}, + kCanTruncateTags | kVariableNonce}, + {"AES_128_GCM_SIV", EVP_aead_aes_128_gcm_siv, "aes_128_gcm_siv_tests.txt", - false, false, false, 0}, + 0}, + {"AES_256_GCM_SIV", EVP_aead_aes_256_gcm_siv, "aes_256_gcm_siv_tests.txt", - false, false, false, 0}, + 0}, + {"ChaCha20Poly1305", EVP_aead_chacha20_poly1305, - "chacha20_poly1305_tests.txt", false, true, false, 0}, + "chacha20_poly1305_tests.txt", kCanTruncateTags}, + {"XChaCha20Poly1305", EVP_aead_xchacha20_poly1305, - "xchacha20_poly1305_tests.txt", false, true, false, 0}, + "xchacha20_poly1305_tests.txt", kCanTruncateTags}, + {"AES_128_CBC_SHA1_TLS", EVP_aead_aes_128_cbc_sha1_tls, - "aes_128_cbc_sha1_tls_tests.txt", true, false, false, 11}, + "aes_128_cbc_sha1_tls_tests.txt", + kLimitedImplementation | RequiresADLength(11)}, + {"AES_128_CBC_SHA1_TLSImplicitIV", EVP_aead_aes_128_cbc_sha1_tls_implicit_iv, - "aes_128_cbc_sha1_tls_implicit_iv_tests.txt", true, false, false, 11}, + "aes_128_cbc_sha1_tls_implicit_iv_tests.txt", + kLimitedImplementation | RequiresADLength(11)}, + {"AES_128_CBC_SHA256_TLS", EVP_aead_aes_128_cbc_sha256_tls, - "aes_128_cbc_sha256_tls_tests.txt", true, false, false, 11}, + "aes_128_cbc_sha256_tls_tests.txt", + kLimitedImplementation | RequiresADLength(11)}, + {"AES_256_CBC_SHA1_TLS", EVP_aead_aes_256_cbc_sha1_tls, - "aes_256_cbc_sha1_tls_tests.txt", true, false, false, 11}, + "aes_256_cbc_sha1_tls_tests.txt", + kLimitedImplementation | RequiresADLength(11)}, + {"AES_256_CBC_SHA1_TLSImplicitIV", EVP_aead_aes_256_cbc_sha1_tls_implicit_iv, - "aes_256_cbc_sha1_tls_implicit_iv_tests.txt", true, false, false, 11}, + "aes_256_cbc_sha1_tls_implicit_iv_tests.txt", + kLimitedImplementation | RequiresADLength(11)}, + {"AES_256_CBC_SHA256_TLS", EVP_aead_aes_256_cbc_sha256_tls, - "aes_256_cbc_sha256_tls_tests.txt", true, false, false, 11}, + "aes_256_cbc_sha256_tls_tests.txt", + kLimitedImplementation | RequiresADLength(11)}, + {"AES_256_CBC_SHA384_TLS", EVP_aead_aes_256_cbc_sha384_tls, - "aes_256_cbc_sha384_tls_tests.txt", true, false, false, 11}, + "aes_256_cbc_sha384_tls_tests.txt", + kLimitedImplementation | RequiresADLength(11)}, + {"DES_EDE3_CBC_SHA1_TLS", EVP_aead_des_ede3_cbc_sha1_tls, - "des_ede3_cbc_sha1_tls_tests.txt", true, false, false, 11}, + "des_ede3_cbc_sha1_tls_tests.txt", + kLimitedImplementation | RequiresADLength(11)}, + {"DES_EDE3_CBC_SHA1_TLSImplicitIV", EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv, - "des_ede3_cbc_sha1_tls_implicit_iv_tests.txt", true, false, false, 11}, + "des_ede3_cbc_sha1_tls_implicit_iv_tests.txt", + kLimitedImplementation | RequiresADLength(11)}, + {"AES_128_CTR_HMAC_SHA256", EVP_aead_aes_128_ctr_hmac_sha256, - "aes_128_ctr_hmac_sha256.txt", false, true, false, 0}, + "aes_128_ctr_hmac_sha256.txt", kCanTruncateTags}, + {"AES_256_CTR_HMAC_SHA256", EVP_aead_aes_256_ctr_hmac_sha256, - "aes_256_ctr_hmac_sha256.txt", false, true, false, 0}, + "aes_256_ctr_hmac_sha256.txt", kCanTruncateTags}, + {"AES_128_CCM_BLUETOOTH", EVP_aead_aes_128_ccm_bluetooth, - "aes_128_ccm_bluetooth_tests.txt", false, false, false, 0}, + "aes_128_ccm_bluetooth_tests.txt", 0}, + {"AES_128_CCM_BLUETOOTH_8", EVP_aead_aes_128_ccm_bluetooth_8, - "aes_128_ccm_bluetooth_8_tests.txt", false, false, false, 0}, + "aes_128_ccm_bluetooth_8_tests.txt", 0}, }; class PerAEADTest : public testing::TestWithParam { @@ -409,7 +455,7 @@ TEST_P(PerAEADTest, CleanupAfterInitFailure) { } TEST_P(PerAEADTest, TruncatedTags) { - if (!GetParam().truncated_tags) { + if (!(GetParam().flags & kCanTruncateTags)) { return; } @@ -469,7 +515,7 @@ TEST_P(PerAEADTest, TruncatedTags) { } TEST_P(PerAEADTest, AliasedBuffers) { - if (GetParam().limited_implementation) { + if (GetParam().flags & kLimitedImplementation) { return; } @@ -555,8 +601,9 @@ TEST_P(PerAEADTest, UnalignedInput) { ASSERT_GE(sizeof(key) - 1, key_len); const size_t nonce_len = EVP_AEAD_nonce_length(aead()); ASSERT_GE(sizeof(nonce) - 1, nonce_len); - const size_t ad_len = - GetParam().ad_len != 0 ? GetParam().ad_len : sizeof(ad) - 1; + const size_t ad_len = RequiredADLength(GetParam().flags) != 0 + ? RequiredADLength(GetParam().flags) + : sizeof(ad) - 1; ASSERT_GE(sizeof(ad) - 1, ad_len); // Encrypt some input. @@ -619,7 +666,7 @@ TEST_P(PerAEADTest, InvalidNonceLength) { // variable-length nonces, it does not allow the empty nonce. nonce_lens.push_back(0); } - if (!GetParam().variable_nonce) { + if (!(GetParam().flags & kVariableNonce)) { nonce_lens.push_back(valid_nonce_len + 1); if (valid_nonce_len != 0) { nonce_lens.push_back(valid_nonce_len - 1); @@ -627,7 +674,9 @@ TEST_P(PerAEADTest, InvalidNonceLength) { } static const uint8_t kZeros[EVP_AEAD_MAX_KEY_LENGTH] = {0}; - const size_t ad_len = GetParam().ad_len != 0 ? GetParam().ad_len : 16; + const size_t ad_len = RequiredADLength(GetParam().flags) != 0 + ? RequiredADLength(GetParam().flags) + : 16; ASSERT_LE(ad_len, sizeof(kZeros)); for (size_t nonce_len : nonce_lens) { @@ -723,9 +772,10 @@ TEST_P(PerAEADTest, ABI) { alignas(2) uint8_t ad_buf[512]; OPENSSL_memset(ad_buf, 'A', sizeof(ad_buf)); const uint8_t *const ad = ad_buf + 1; - ASSERT_LE(GetParam().ad_len, sizeof(ad_buf) - 1); - const size_t ad_len = - GetParam().ad_len != 0 ? GetParam().ad_len : sizeof(ad_buf) - 1; + ASSERT_LE(RequiredADLength(GetParam().flags), sizeof(ad_buf) - 1); + const size_t ad_len = RequiredADLength(GetParam().flags) != 0 + ? RequiredADLength(GetParam().flags) + : sizeof(ad_buf) - 1; uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH]; const size_t nonce_len = EVP_AEAD_nonce_length(aead()); From 51a8ca10165fd2c425fa5cec513f60176d185354 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 26 Oct 2020 20:52:52 -0700 Subject: [PATCH 153/399] Fix Windows build. --- crypto/fipsmodule/ec/ecp_nistz.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/fipsmodule/ec/ecp_nistz.h b/crypto/fipsmodule/ec/ecp_nistz.h index 8aff18780d..2bcf4b5d4d 100644 --- a/crypto/fipsmodule/ec/ecp_nistz.h +++ b/crypto/fipsmodule/ec/ecp_nistz.h @@ -255,7 +255,7 @@ static inline void booth_recode(crypto_word *is_negative, crypto_word *digit, // but 'in' seen as (`w+1`)-bit value. crypto_word s = ~((in >> w) - 1); crypto_word d; - d = (1 << (w + 1)) - in - 1; + d = ((crypto_word)1u << (w + 1)) - in - 1; d = (d & s) | (in & ~s); d = (d >> 1) + (d & 1); From b67732a163c22da3e056de5cde7b02644ad724db Mon Sep 17 00:00:00 2001 From: Tamas Petz Date: Thu, 22 Oct 2020 13:20:29 +0200 Subject: [PATCH 154/399] aarch64: Remove some flavour conditionals This change is expected to be a non-functional change. Original request: https://boringssl-review.googlesource.com/c/boringssl/+/42084 Change-Id: Ifbf85eb6cafebabf0cf063b7dd147417d01c280c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43584 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- crypto/fipsmodule/aes/asm/aesv8-armx.pl | 4 ---- crypto/fipsmodule/modes/asm/ghashv8-armx.pl | 10 ---------- 2 files changed, 14 deletions(-) diff --git a/crypto/fipsmodule/aes/asm/aesv8-armx.pl b/crypto/fipsmodule/aes/asm/aesv8-armx.pl index 5fd9864245..a2825ceaf3 100644 --- a/crypto/fipsmodule/aes/asm/aesv8-armx.pl +++ b/crypto/fipsmodule/aes/asm/aesv8-armx.pl @@ -340,11 +340,7 @@ () .type ${prefix}_${dir}crypt,%function .align 5 ${prefix}_${dir}crypt: -___ -$code.=<<___ if ($flavour =~ /64/); AARCH64_VALID_CALL_TARGET -___ -$code.=<<___; ldr $rounds,[$key,#240] vld1.32 {$rndkey0},[$key],#16 vld1.8 {$inout},[$inp] diff --git a/crypto/fipsmodule/modes/asm/ghashv8-armx.pl b/crypto/fipsmodule/modes/asm/ghashv8-armx.pl index 82f76372c5..4afb6da33b 100644 --- a/crypto/fipsmodule/modes/asm/ghashv8-armx.pl +++ b/crypto/fipsmodule/modes/asm/ghashv8-armx.pl @@ -86,11 +86,7 @@ .type gcm_init_v8,%function .align 4 gcm_init_v8: -___ -$code.=<<___ if ($flavour =~ /64/); AARCH64_VALID_CALL_TARGET -___ -$code.=<<___; vld1.64 {$t1},[x1] @ load input H vmov.i8 $xC2,#0xe1 vshl.i64 $xC2,$xC2,#57 @ 0xc2.0 @@ -150,11 +146,7 @@ .type gcm_gmult_v8,%function .align 4 gcm_gmult_v8: -___ -$code.=<<___ if ($flavour =~ /64/); AARCH64_VALID_CALL_TARGET -___ -$code.=<<___; vld1.64 {$t1},[$Xi] @ load Xi vmov.i8 $xC2,#0xe1 vld1.64 {$H-$Hhl},[$Htbl] @ load twisted H, ... @@ -207,8 +199,6 @@ .type gcm_ghash_v8,%function .align 4 gcm_ghash_v8: -___ -$code.=<<___ if ($flavour =~ /64/); AARCH64_VALID_CALL_TARGET ___ $code.=<<___ if ($flavour !~ /64/); From 2464e96509eaf45e4172d4c9cdf3fe57a320f032 Mon Sep 17 00:00:00 2001 From: Aaron Griffin Date: Mon, 26 Oct 2020 12:10:44 -0700 Subject: [PATCH 155/399] Added musl targets --- .travis.yml | 102 ++++++++++++++++++++++++++++++++++++++++ mk/travis.sh | 6 +++ mk/update-travis-yml.py | 4 ++ 3 files changed, 112 insertions(+) diff --git a/.travis.yml b/.travis.yml index dbbe8ac24a..1c37381ec3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -109,6 +109,16 @@ matrix: sources: - ubuntu-toolchain-r-test + - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + rust: stable + os: linux + dist: trusty + + - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + rust: stable + os: linux + dist: trusty + - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux @@ -207,6 +217,30 @@ matrix: sources: - ubuntu-toolchain-r-test + - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + rust: stable + os: linux + dist: trusty + addons: + apt: + packages: + - gcc-multilib + - libc6-dev-i386 + sources: + - ubuntu-toolchain-r-test + + - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + rust: stable + os: linux + dist: trusty + addons: + apt: + packages: + - gcc-multilib + - libc6-dev-i386 + sources: + - ubuntu-toolchain-r-test + - env: TARGET_X=arm-unknown-linux-gnueabihf CC_X=arm-linux-gnueabihf-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux @@ -331,6 +365,16 @@ matrix: sources: - ubuntu-toolchain-r-test + - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + rust: nightly + os: linux + dist: trusty + + - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + rust: nightly + os: linux + dist: trusty + - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: linux @@ -438,6 +482,30 @@ matrix: sources: - ubuntu-toolchain-r-test + - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + rust: nightly + os: linux + dist: trusty + addons: + apt: + packages: + - gcc-multilib + - libc6-dev-i386 + sources: + - ubuntu-toolchain-r-test + + - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + rust: nightly + os: linux + dist: trusty + addons: + apt: + packages: + - gcc-multilib + - libc6-dev-i386 + sources: + - ubuntu-toolchain-r-test + - env: TARGET_X=arm-unknown-linux-gnueabihf CC_X=arm-linux-gnueabihf-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: linux @@ -556,6 +624,16 @@ matrix: sources: - ubuntu-toolchain-r-test + - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + rust: beta + os: linux + dist: trusty + + - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + rust: beta + os: linux + dist: trusty + - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux @@ -654,6 +732,30 @@ matrix: sources: - ubuntu-toolchain-r-test + - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + rust: beta + os: linux + dist: trusty + addons: + apt: + packages: + - gcc-multilib + - libc6-dev-i386 + sources: + - ubuntu-toolchain-r-test + + - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + rust: beta + os: linux + dist: trusty + addons: + apt: + packages: + - gcc-multilib + - libc6-dev-i386 + sources: + - ubuntu-toolchain-r-test + - env: TARGET_X=arm-unknown-linux-gnueabihf CC_X=arm-linux-gnueabihf-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux diff --git a/mk/travis.sh b/mk/travis.sh index 6938114c46..42a21423d9 100755 --- a/mk/travis.sh +++ b/mk/travis.sh @@ -73,6 +73,12 @@ if [[ ! "$TARGET_X" =~ "x86_64-" ]]; then fi fi +# This stanza is separate from the above because MUSL requires a target install, +# but does *not* require special linking / multilib. +if [[ "$TARGET_X" =~ .*"-unknown-linux-musl" ]]; then + rustup target add "$TARGET_X" +fi + if [[ ! -z "${CC_X-}" ]]; then export CC=$CC_X $CC --version diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index 4468484111..8c49bf9bc7 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -47,7 +47,9 @@ "armv7-linux-androideabi" : [ "armv7a-linux-androideabi18-clang" ], "arm-unknown-linux-gnueabihf" : [ "arm-linux-gnueabihf-gcc" ], "i686-unknown-linux-gnu" : linux_compilers, + "i686-unknown-linux-musl" : [clang], "x86_64-unknown-linux-gnu" : linux_compilers, + "x86_64-unknown-linux-musl" : [clang], "x86_64-apple-darwin" : osx_compilers, } @@ -75,8 +77,10 @@ "aarch64-linux-android", "armv7-linux-androideabi", "x86_64-unknown-linux-gnu", + "x86_64-unknown-linux-musl", "aarch64-unknown-linux-gnu", "i686-unknown-linux-gnu", + "i686-unknown-linux-musl", "arm-unknown-linux-gnueabihf", ], } From 164a632548974e282354570b365a68a64396a2ff Mon Sep 17 00:00:00 2001 From: Aaron Griffin Date: Tue, 27 Oct 2020 11:37:09 -0700 Subject: [PATCH 156/399] Unified rustup target addition --- mk/travis.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/mk/travis.sh b/mk/travis.sh index 42a21423d9..db19655437 100755 --- a/mk/travis.sh +++ b/mk/travis.sh @@ -59,8 +59,6 @@ if [[ "$TARGET_X" =~ ^(arm|aarch64) && ! "$TARGET_X" =~ android ]]; then fi if [[ ! "$TARGET_X" =~ "x86_64-" ]]; then - rustup target add "$TARGET_X" - # By default cargo/rustc seems to use cc for linking, We installed the # multilib support that corresponds to $CC_X but unless cc happens to match # $CC_X, that's not the right version. The symptom is a linker error @@ -73,9 +71,7 @@ if [[ ! "$TARGET_X" =~ "x86_64-" ]]; then fi fi -# This stanza is separate from the above because MUSL requires a target install, -# but does *not* require special linking / multilib. -if [[ "$TARGET_X" =~ .*"-unknown-linux-musl" ]]; then +if [[ "$TARGET_X" =~ .*"-unknown-linux-musl" || ! "$TARGET_X" =~ "x86_64" ]]; then rustup target add "$TARGET_X" fi From 68f27fd55417b34d0f4a81410a809dc0f662a2ef Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 27 Oct 2020 16:03:13 -0700 Subject: [PATCH 157/399] CI/CD: Upgrade Ubuntu 20.04 and use its kcov, clang, qemu packages. Upgrade to Ubuntu 20.04 (Focal Fossa) except for Android targets (see comment in travis.sh). The newer Ubuntu has a new-enough version of kcov; use it instead of building kcov from source. This eliminates CI/CD's dependency on a C++ compiler, CMake, OpenSSL(!), etc. Simplify things accordingly. Use Ubuntu's QEMU packages instead of the backport we were using before. The backport is no longer required with the new version of Ubuntu and also adding the PPA didn't work in the new version. Use Ubuntu's `clang` package instead of using the LLVM project's PPA. --- .travis.yml | 249 +++++++++++++------------------------- mk/travis-install-kcov.sh | 67 ---------- mk/travis.sh | 22 ---- mk/update-travis-yml.py | 65 +++------- 4 files changed, 101 insertions(+), 302 deletions(-) delete mode 100755 mk/travis-install-kcov.sh diff --git a/.travis.yml b/.travis.yml index 1c37381ec3..2ce34e8d6d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,8 +1,4 @@ language: rust -cache: - directories: - - $HOME/kcov-i686-unknown-linux-gnu - - $HOME/kcov-x86_64-unknown-linux-gnu matrix: fast_finish: true allow_failures: @@ -70,200 +66,180 @@ matrix: - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-7 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-7 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal addons: apt: packages: + - binfmt-support - gcc-aarch64-linux-gnu - libc6-dev-arm64-cross - sources: - - ubuntu-toolchain-r-test + - qemu-user-binfmt - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal addons: apt: packages: + - binfmt-support - gcc-aarch64-linux-gnu - libc6-dev-arm64-cross - sources: - - ubuntu-toolchain-r-test + - qemu-user-binfmt - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-7 - gcc-7-multilib - linux-libc-dev:i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-7 - gcc-7-multilib - linux-libc-dev:i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=arm-unknown-linux-gnueabihf CC_X=arm-linux-gnueabihf-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal addons: apt: packages: + - binfmt-support - gcc-arm-linux-gnueabihf - libc6-dev-armhf-cross - sources: - - ubuntu-toolchain-r-test + - qemu-user-binfmt - env: TARGET_X=arm-unknown-linux-gnueabihf CC_X=arm-linux-gnueabihf-gcc FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable rust: stable os: linux - dist: trusty + dist: focal addons: apt: packages: + - binfmt-support - gcc-arm-linux-gnueabihf - libc6-dev-armhf-cross - sources: - - ubuntu-toolchain-r-test + - qemu-user-binfmt - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly @@ -320,215 +296,182 @@ matrix: - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal addons: apt: packages: - - binutils-dev - - g++-7 - gcc-7 - - libcurl4-openssl-dev - - libdw-dev - - libelf-dev - - libiberty-dev - sources: - - ubuntu-toolchain-r-test + - kcov - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-7 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal addons: apt: packages: + - binfmt-support - gcc-aarch64-linux-gnu - libc6-dev-arm64-cross - sources: - - ubuntu-toolchain-r-test + - qemu-user-binfmt - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal addons: apt: packages: + - binfmt-support - gcc-aarch64-linux-gnu - libc6-dev-arm64-cross - sources: - - ubuntu-toolchain-r-test + - qemu-user-binfmt - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal addons: apt: packages: - - g++-7 - - g++-7-multilib - gcc-7 - gcc-7-multilib - - libcurl3:i386 - - libcurl4-openssl-dev:i386 - - libdw-dev:i386 - - libelf-dev:i386 - - libiberty-dev:i386 - - libkrb5-dev:i386 - - libssl-dev:i386 + - kcov - linux-libc-dev:i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-7 - gcc-7-multilib - linux-libc-dev:i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=arm-unknown-linux-gnueabihf CC_X=arm-linux-gnueabihf-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal addons: apt: packages: + - binfmt-support - gcc-arm-linux-gnueabihf - libc6-dev-armhf-cross - sources: - - ubuntu-toolchain-r-test + - qemu-user-binfmt - env: TARGET_X=arm-unknown-linux-gnueabihf CC_X=arm-linux-gnueabihf-gcc FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly os: linux - dist: trusty + dist: focal addons: apt: packages: + - binfmt-support - gcc-arm-linux-gnueabihf - libc6-dev-armhf-cross - sources: - - ubuntu-toolchain-r-test + - qemu-user-binfmt - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta @@ -585,200 +528,180 @@ matrix: - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-7 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-7 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal addons: apt: packages: + - binfmt-support - gcc-aarch64-linux-gnu - libc6-dev-arm64-cross - sources: - - ubuntu-toolchain-r-test + - qemu-user-binfmt - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal addons: apt: packages: + - binfmt-support - gcc-aarch64-linux-gnu - libc6-dev-arm64-cross - sources: - - ubuntu-toolchain-r-test + - qemu-user-binfmt - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-7 - gcc-7-multilib - linux-libc-dev:i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-7 - gcc-7-multilib - linux-libc-dev:i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal addons: apt: packages: - gcc-multilib - libc6-dev-i386 - sources: - - ubuntu-toolchain-r-test - env: TARGET_X=arm-unknown-linux-gnueabihf CC_X=arm-linux-gnueabihf-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal addons: apt: packages: + - binfmt-support - gcc-arm-linux-gnueabihf - libc6-dev-armhf-cross - sources: - - ubuntu-toolchain-r-test + - qemu-user-binfmt - env: TARGET_X=arm-unknown-linux-gnueabihf CC_X=arm-linux-gnueabihf-gcc FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta rust: beta os: linux - dist: trusty + dist: focal addons: apt: packages: + - binfmt-support - gcc-arm-linux-gnueabihf - libc6-dev-armhf-cross - sources: - - ubuntu-toolchain-r-test + - qemu-user-binfmt # END GENERATED diff --git a/mk/travis-install-kcov.sh b/mk/travis-install-kcov.sh deleted file mode 100755 index af1dcbf5e5..0000000000 --- a/mk/travis-install-kcov.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/env bash -# -# Copyright (c) 2016 Pietro Monteiro -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -set -ex - - -# kcov 26 or newer is needed when getting coverage information for Rust. -# kcov 31 is needed so `kcov --version` doesn't exit with status 1. -KCOV_VERSION=${KCOV_VERSION:-36} - -KCOV_INSTALL_PREFIX="${HOME}/kcov-${TARGET_X}" - -# Check if kcov has been cached on travis. -if [[ -f "$KCOV_INSTALL_PREFIX/bin/kcov" ]]; then - KCOV_INSTALLED_VERSION=`$KCOV_INSTALL_PREFIX/bin/kcov --version` - # Exit if we don't need to upgrade kcov. - if [[ "$KCOV_INSTALLED_VERSION" == "kcov $KCOV_VERSION" ]]; then - echo "Using cached kcov version: ${KCOV_VERSION}" - exit 0 - else - rm -rf "$KCOV_INSTALL_PREFIX" - fi -fi - -curl -L https://github.com/SimonKagstrom/kcov/archive/v$KCOV_VERSION.tar.gz | tar -zxf - - -pushd kcov-$KCOV_VERSION - -mkdir build - -pushd build - -if [[ "$TARGET_X" == "i686-unknown-linux-gnu" ]]; then - # set PKG_CONFIG_PATH so the kcov build system uses the 32 bit libraries we installed. - # otherwise kcov will be linked with 64 bit libraries and won't work with 32 bit executables. - PKG_CONFIG_PATH="/usr/lib/i386-linux-gnu/pkgconfig" CFLAGS="-m32" \ - CXXFLAGS="-m32" TARGET=$TARGET_X \ - cmake -DCMAKE_INSTALL_PREFIX:PATH="${KCOV_INSTALL_PREFIX}" .. -else - TARGET=$TARGET_X cmake -DCMAKE_INSTALL_PREFIX:PATH="${KCOV_INSTALL_PREFIX}" .. -fi - -make -make install - -$KCOV_INSTALL_PREFIX/bin/kcov --version - -popd -popd diff --git a/mk/travis.sh b/mk/travis.sh index db19655437..241216dff4 100755 --- a/mk/travis.sh +++ b/mk/travis.sh @@ -49,15 +49,6 @@ if [[ ! -z "${ANDROID_ABI-}" ]]; then rustup default fi -if [[ "$TARGET_X" =~ ^(arm|aarch64) && ! "$TARGET_X" =~ android ]]; then - # We need a newer QEMU than Travis has. - # sudo is needed until the PPA and its packages are whitelisted. - # See https://github.com/travis-ci/apt-source-whitelist/issues/271 - sudo add-apt-repository ppa:pietro-monteiro/qemu-backport -y - sudo apt-get update -qq - sudo apt-get install --no-install-recommends binfmt-support qemu-user-binfmt -y -fi - if [[ ! "$TARGET_X" =~ "x86_64-" ]]; then # By default cargo/rustc seems to use cc for linking, We installed the # multilib support that corresponds to $CC_X but unless cc happens to match @@ -82,18 +73,6 @@ else cc --version fi -# KCOV needs a C++ compiler. -if [[ "$KCOV" == "1" ]]; then - if [[ ! -z "${CC_X-}" ]]; then - CXX="${CC_X/clang/clang++}" - CXX="${CC_X/gcc/g++}" - export CXX=$CXX - $CXX --version - else - c++ --version - fi -fi - cargo version rustc --version @@ -157,7 +136,6 @@ if [[ "$KCOV" == "1" ]]; then RUSTDOCFLAGS="-Cpanic=abort" \ RUSTFLAGS="-Ccodegen-units=1 -Clink-dead-code -Coverflow-checks=on -Cpanic=abort -Zpanic_abort_tests -Zprofile" \ cargo test -vv --no-run -j2 ${mode-} ${FEATURES_X-} --target=$TARGET_X - mk/travis-install-kcov.sh for test_exe in `find target/$TARGET_X/debug -maxdepth 1 -executable -type f`; do ${HOME}/kcov-${TARGET_X}/bin/kcov \ --verify \ diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index 8c49bf9bc7..1565845bec 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -112,10 +112,6 @@ def format_entries(): packages: %(packages)s""" -entry_sources_template = """ - sources: - %(sources)s""" - def format_entry(os, target, compiler, rust, mode, features): target_words = target.split("-") arch = target_words[0] @@ -134,10 +130,14 @@ def format_entry(os, target, compiler, rust, mode, features): template = entry_template + linux_dist = "focal" + android_linux_dist = "trusty" + if sys == "darwin": abi = sys sys = "macos" elif sys == "androideabi": + linux_dist = android_linux_dist abi = sys sys = "linux" template += """ @@ -148,6 +148,7 @@ def format_entry(os, target, compiler, rust, mode, features): - build-tools-26.0.2 - sys-img-armeabi-v7a-android-18""" elif sys == "android": + linux_dist = android_linux_dist abi = sys sys = "linux" template += """ @@ -164,19 +165,14 @@ def prefix_all(prefix, xs): if sys == "linux": packages = sorted(get_linux_packages_to_install(target, compiler, arch, kcov)) - sources_with_dups = sum([get_sources_for_package(p) for p in packages],[]) - sources = sorted(list(set(sources_with_dups))) template += """ - dist: trusty""" + dist: %s""" % linux_dist if sys == "linux": if packages: template += entry_packages_template - if sources: - template += entry_sources_template else: packages = [] - sources = [] cc = compiler @@ -195,7 +191,6 @@ def prefix_all(prefix, xs): "kcov": "1" if kcov == True else "0", "packages" : "\n ".join(prefix_all("- ", packages)), "rust" : rust, - "sources" : "\n ".join(prefix_all("- ", sources)), "target" : target, "os" : os, } @@ -207,26 +202,24 @@ def get_linux_packages_to_install(target, compiler, arch, kcov): packages = [] if kcov: - packages += [replace_cc_with_cxx(compiler)] + packages += ["kcov"] + + qemu = False if target == "aarch64-unknown-linux-gnu": + qemu = True packages += ["gcc-aarch64-linux-gnu", "libc6-dev-arm64-cross"] if target == "arm-unknown-linux-gnueabihf": + qemu = True packages += ["gcc-arm-linux-gnueabihf", "libc6-dev-armhf-cross"] - if arch == "i686": - if kcov == True: - packages += [replace_cc_with_cxx(compiler) + "-multilib", - "libcurl3:i386", - "libcurl4-openssl-dev:i386", - "libdw-dev:i386", - "libelf-dev:i386", - "libiberty-dev:i386", - "libkrb5-dev:i386", - "libssl-dev:i386"] + if qemu: + packages += ["binfmt-support", + "qemu-user-binfmt"] + if arch == "i686": if compiler.startswith("clang") or compiler == "": packages += ["libc6-dev-i386", "gcc-multilib"] @@ -235,37 +228,9 @@ def get_linux_packages_to_install(target, compiler, arch, kcov): "linux-libc-dev:i386"] else: raise ValueError("unexpected compiler: %s" % compiler) - elif arch == "x86_64": - if kcov == True: - packages += ["libcurl4-openssl-dev", - "libelf-dev", - "libdw-dev", - "binutils-dev", - "libiberty-dev"] - elif arch not in ["aarch64", "arm", "armv7"]: - raise ValueError("unexpected arch: %s" % arch) return packages -def get_sources_for_package(package): - ubuntu_toolchain = "ubuntu-toolchain-r-test" - if package.startswith("clang-"): - _, version = package.split("-") - llvm_toolchain = "llvm-toolchain-trusty-%s" % version - - # Stuff in llvm-toolchain-trusty depends on stuff in the toolchain - # packages. - return [llvm_toolchain, ubuntu_toolchain] - elif package.startswith("gcc-"): - return [ubuntu_toolchain] - else: - return [] - -def replace_cc_with_cxx(compiler): - return compiler \ - .replace("gcc", "g++") \ - .replace("clang", "clang++") - def main(): # Make a backup of the file we are about to update. shutil.copyfile(".travis.yml", ".travis.yml~") From d69c73a118b62dd7baa9b75388c80b790380247a Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 27 Oct 2020 20:57:33 -0700 Subject: [PATCH 158/399] CI/CD: Split dependency installation from the build/test phase. --- .travis.yml | 1 + mk/install-build-tools.sh | 26 +++++++++++ mk/travis.sh | 90 +++++++++++++++++---------------------- 3 files changed, 65 insertions(+), 52 deletions(-) create mode 100755 mk/install-build-tools.sh diff --git a/.travis.yml b/.travis.yml index 2ce34e8d6d..e6008ede0b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -705,4 +705,5 @@ matrix: # END GENERATED +install: mk/install-build-tools.sh script: if [[ "$TARGET_X" =~ ^a*.*linux-.* && "$MODE_X" == "RELWITHDEBINFO" ]]; then travis_wait 60 mk/travis.sh; else mk/travis.sh; fi diff --git a/mk/install-build-tools.sh b/mk/install-build-tools.sh new file mode 100755 index 0000000000..b84f7efcfb --- /dev/null +++ b/mk/install-build-tools.sh @@ -0,0 +1,26 @@ +case $TARGET_X in +aarch64-linux-android) + export ANDROID_ABI=aarch64 + ;; +armv7-linux-androideabi) + # XXX: Tests are built but not run because we couldn't get the emulator to work; see + # https://github.com/briansmith/ring/issues/838 + # export ANDROID_SYSTEM_IMAGE="system-images;android-18;default;armeabi-v7a" + export ANDROID_ABI=armeabi-v7a + ;; +esac + +if [[ ! -z "${ANDROID_ABI-}" ]]; then + # install the android sdk/ndk + mkdir "$ANDROID_HOME/licenses" || true + echo "24333f8a63b6825ea9c5514f83c2829b004d1fee" > "$ANDROID_HOME/licenses/android-sdk-license" + sdkmanager ndk-bundle + + if [[ ! -z "${ANDROID_SYSTEM_IMAGE-}" ]]; then + sdkmanager tools + echo no | avdmanager create avd --force --name $TARGET_X -k $ANDROID_SYSTEM_IMAGE --abi $ANDROID_ABI + avdmanager list avd + fi + + curl -sSf https://build.travis-ci.org/files/rustup-init.sh | sh -s -- --default-toolchain=$RUST_X -y +fi diff --git a/mk/travis.sh b/mk/travis.sh index 241216dff4..e35def97e1 100755 --- a/mk/travis.sh +++ b/mk/travis.sh @@ -17,7 +17,9 @@ set -eux -o pipefail IFS=$'\n\t' -printenv +source $HOME/.cargo/env + +run_tests_on_host=1 case $TARGET_X in aarch64-unknown-linux-gnu) @@ -26,28 +28,13 @@ aarch64-unknown-linux-gnu) arm-unknown-linux-gnueabihf) export QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf ;; -aarch64-linux-android) - # XXX: Tests are built but not run because we couldn't get the emulator to work; see - # https://github.com/briansmith/ring/issues/838 - export ANDROID_ABI=aarch64 - ;; -armv7-linux-androideabi) - # XXX: Tests are built but not run because we couldn't get the emulator to work; see - # https://github.com/briansmith/ring/issues/838 - # export ANDROID_SYSTEM_IMAGE="system-images;android-18;default;armeabi-v7a" - export ANDROID_ABI=armeabi-v7a +aarch64-linux-android|armv7-linux-androideabi) + run_tests_on_host= + PATH=$HOME/.cargo/bin:$ANDROID_HOME/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/bin:$PATH ;; esac -if [[ ! -z "${ANDROID_ABI-}" ]]; then - # install the android sdk/ndk - mkdir "$ANDROID_HOME/licenses" || true - echo "24333f8a63b6825ea9c5514f83c2829b004d1fee" > "$ANDROID_HOME/licenses/android-sdk-license" - sdkmanager ndk-bundle - curl -sSf https://build.travis-ci.org/files/rustup-init.sh | sh -s -- --default-toolchain=$RUST_X -y - export PATH=$HOME/.cargo/bin:$ANDROID_HOME/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/bin:$PATH - rustup default -fi +printenv if [[ ! "$TARGET_X" =~ "x86_64-" ]]; then # By default cargo/rustc seems to use cc for linking, We installed the @@ -83,38 +70,37 @@ else target_dir=target/$TARGET_X/debug fi -if [[ -z "${ANDROID_ABI-}" ]]; then - cargo test -vv -j2 ${mode-} ${FEATURES_X-} --target=$TARGET_X -else - cargo test -vv -j2 --no-run ${mode-} ${FEATURES_X-} --target=$TARGET_X - - if [[ ! -z "${ANDROID_SYSTEM_IMAGE-}" ]]; then - # Building the AVD is slow. Do it here, after we build the code so that any - # build breakage is reported sooner, instead of being delayed by this. - sdkmanager tools - echo no | avdmanager create avd --force --name $ANDROID_ABI -k $ANDROID_SYSTEM_IMAGE --abi $ANDROID_ABI - avdmanager list avd - - $ANDROID_HOME/emulator/emulator @$ANDROID_ABI -memory 2048 -no-skin -no-boot-anim -no-window & - adb wait-for-device - - # Run the unit tests first. The file named ring- in $target_dir is - # the test executable. - - find $target_dir -maxdepth 1 -name ring-* ! -name "*.*" \ - -exec adb push {} /data/ring-test \; - adb shell "cd /data && ./ring-test" 2>&1 | tee /tmp/ring-test-log - grep "test result: ok" /tmp/ring-test-log - - for test_exe in `find $target_dir -maxdepth 1 -name "*test*" -type f ! -name "*.*" `; do - adb push $test_exe /data/`basename $test_exe` - adb shell "cd /data && ./`basename $test_exe`" 2>&1 | \ - tee /tmp/`basename $test_exe`-log - grep "test result: ok" /tmp/`basename $test_exe`-log - done - - adb emu kill - fi +no_run= +if [[ -z $run_tests_on_host ]]; then + no_run=--no-run +fi + +cargo test -vv -j2 ${mode-} ${no_run-} ${FEATURES_X-} --target=$TARGET_X + +# Android tests in emulator +# +# XXX: Tests are built but not run because we couldn't get the emulator to work; see +# https://github.com/briansmith/ring/issues/838 +if false; then + $ANDROID_HOME/emulator/emulator @$TARGET_X -memory 2048 -no-skin -no-boot-anim -no-window & + adb wait-for-device + + # Run the unit tests first. The file named ring- in $target_dir is + # the test executable. + + find $target_dir -maxdepth 1 -name ring-* ! -name "*.*" \ + -exec adb push {} /data/ring-test \; + adb shell "cd /data && ./ring-test" 2>&1 | tee /tmp/ring-test-log + grep "test result: ok" /tmp/ring-test-log + + for test_exe in `find $target_dir -maxdepth 1 -name "*test*" -type f ! -name "*.*" `; do + adb push $test_exe /data/`basename $test_exe` + adb shell "cd /data && ./`basename $test_exe`" 2>&1 | \ + tee /tmp/`basename $test_exe`-log + grep "test result: ok" /tmp/`basename $test_exe`-log + done + + adb emu kill fi if [[ "$KCOV" == "1" ]]; then From 91bc27386b944c8f9d53c0b45a289b14ce3c6cc0 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 26 Oct 2020 12:03:54 -0700 Subject: [PATCH 159/399] Use Xcode 12 in Travis CI. --- .travis.yml | 12 ++++++------ README.md | 2 +- mk/update-travis-yml.py | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.travis.yml b/.travis.yml index e6008ede0b..89ea427a6d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,12 +14,12 @@ matrix: - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: osx - osx_image: xcode10.1 + osx_image: xcode12 - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable rust: stable os: osx - osx_image: xcode10.1 + osx_image: xcode12 - env: TARGET_X=aarch64-linux-android CC_X=aarch64-linux-android21-clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable @@ -244,12 +244,12 @@ matrix: - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: osx - osx_image: xcode10.1 + osx_image: xcode12 - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly os: osx - osx_image: xcode10.1 + osx_image: xcode12 - env: TARGET_X=aarch64-linux-android CC_X=aarch64-linux-android21-clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly @@ -476,12 +476,12 @@ matrix: - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: osx - osx_image: xcode10.1 + osx_image: xcode12 - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta rust: beta os: osx - osx_image: xcode10.1 + osx_image: xcode12 - env: TARGET_X=aarch64-linux-android CC_X=aarch64-linux-android21-clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta diff --git a/README.md b/README.md index ea71adad0f..46e9470ffd 100644 --- a/README.md +++ b/README.md @@ -223,7 +223,7 @@ the table below. The C compilers listed are used for compiling the C portions. Mac OS X x64 - Apple LLVM version 9.0.0 (clang-900.0.39.2) from Xcode 9.3 + Xcode 12 with its associated version of Apple Clang Windows x86, x86_64 diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index 1565845bec..2e4a6efd24 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -177,7 +177,7 @@ def prefix_all(prefix, xs): cc = compiler if os == "osx": - os += "\n" + entry_indent + "osx_image: xcode10.1" + os += "\n" + entry_indent + "osx_image: xcode12" compilers = [] if cc != "": From b04c610f9ea4feb7c7815a2100dad0f1bab42850 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 26 Oct 2020 11:55:26 -0700 Subject: [PATCH 160/399] Fix aarch64-apple-ios build; add build-only/no-test jobs to CI/CD. --- .travis.yml | 30 ++++++++++++++++++++++++++++++ mk/travis.sh | 3 +++ mk/update-travis-yml.py | 9 +++++++-- src/cpu.rs | 5 ++++- 4 files changed, 44 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 89ea427a6d..ca3fc41511 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,6 +11,16 @@ matrix: # # BEGIN GENERATED + - env: TARGET_X=aarch64-apple-ios FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + rust: stable + os: osx + osx_image: xcode12 + + - env: TARGET_X=aarch64-apple-ios FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + rust: stable + os: osx + osx_image: xcode12 + - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: osx @@ -241,6 +251,16 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt + - env: TARGET_X=aarch64-apple-ios FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + rust: nightly + os: osx + osx_image: xcode12 + + - env: TARGET_X=aarch64-apple-ios FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + rust: nightly + os: osx + osx_image: xcode12 + - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: osx @@ -473,6 +493,16 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt + - env: TARGET_X=aarch64-apple-ios FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + rust: beta + os: osx + osx_image: xcode12 + + - env: TARGET_X=aarch64-apple-ios FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + rust: beta + os: osx + osx_image: xcode12 + - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: osx diff --git a/mk/travis.sh b/mk/travis.sh index e35def97e1..692a0967a8 100755 --- a/mk/travis.sh +++ b/mk/travis.sh @@ -22,6 +22,9 @@ source $HOME/.cargo/env run_tests_on_host=1 case $TARGET_X in +aarch64-apple-ios) + run_tests_on_host= + ;; aarch64-unknown-linux-gnu) export QEMU_LD_PREFIX=/usr/aarch64-linux-gnu ;; diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index 2e4a6efd24..92ef447fb9 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -37,11 +37,12 @@ gcc, ] -osx_compilers = [ +apple_compilers = [ "", # Don't set CC.' ] compilers = { + "aarch64-apple-ios" : apple_compilers, "aarch64-unknown-linux-gnu" : [ "aarch64-linux-gnu-gcc" ], "aarch64-linux-android" : [ "aarch64-linux-android21-clang" ], "armv7-linux-androideabi" : [ "armv7a-linux-androideabi18-clang" ], @@ -50,7 +51,7 @@ "i686-unknown-linux-musl" : [clang], "x86_64-unknown-linux-gnu" : linux_compilers, "x86_64-unknown-linux-musl" : [clang], - "x86_64-apple-darwin" : osx_compilers, + "x86_64-apple-darwin" : apple_compilers, } feature_sets = [ @@ -71,6 +72,7 @@ targets = { "osx" : [ + "aarch64-apple-ios", "x86_64-apple-darwin", ], "linux" : [ @@ -136,6 +138,9 @@ def format_entry(os, target, compiler, rust, mode, features): if sys == "darwin": abi = sys sys = "macos" + elif sys == "ios": + abi = sys + sys = "ios" elif sys == "androideabi": linux_dist = android_linux_dist abi = sys diff --git a/src/cpu.rs b/src/cpu.rs index 4492da3916..420271a9e1 100644 --- a/src/cpu.rs +++ b/src/cpu.rs @@ -208,7 +208,10 @@ pub(crate) mod arm { } // Keep in sync with `ARMV7_NEON`. - #[cfg(any(target_arch = "aarch64", target_arch = "arm"))] + #[cfg(all( + any(target_arch = "aarch64", target_arch = "arm"), + not(target_os = "ios") + ))] pub(crate) const NEON: Feature = Feature { mask: 1 << 0, ios: true, From 8677f26f14a6274b890954e8ba9d2372d233a46e Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 27 Oct 2020 16:31:43 -0700 Subject: [PATCH 161/399] CI/CD: Upgrade Clang to Clang 9. --- .travis.yml | 108 +++++++++++++++++++++++++++++++--------- README.md | 2 +- mk/update-travis-yml.py | 3 +- 3 files changed, 86 insertions(+), 27 deletions(-) diff --git a/.travis.yml b/.travis.yml index ca3fc41511..4c2e5f2d32 100644 --- a/.travis.yml +++ b/.travis.yml @@ -83,15 +83,23 @@ matrix: os: linux dist: focal - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux dist: focal + addons: + apt: + packages: + - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable rust: stable os: linux dist: focal + addons: + apt: + packages: + - clang-10 - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable @@ -111,15 +119,23 @@ matrix: packages: - gcc-7 - - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux dist: focal + addons: + apt: + packages: + - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable rust: stable os: linux dist: focal + addons: + apt: + packages: + - clang-10 - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable @@ -165,23 +181,25 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux dist: focal addons: apt: packages: + - clang-10 - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable rust: stable os: linux dist: focal addons: apt: packages: + - clang-10 - gcc-multilib - libc6-dev-i386 @@ -207,23 +225,25 @@ matrix: - gcc-7-multilib - linux-libc-dev:i386 - - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux dist: focal addons: apt: packages: + - clang-10 - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable rust: stable os: linux dist: focal addons: apt: packages: + - clang-10 - gcc-multilib - libc6-dev-i386 @@ -323,15 +343,23 @@ matrix: os: linux dist: focal - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: linux dist: focal + addons: + apt: + packages: + - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly os: linux dist: focal + addons: + apt: + packages: + - clang-10 - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly rust: nightly @@ -352,15 +380,23 @@ matrix: packages: - gcc-7 - - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: linux dist: focal + addons: + apt: + packages: + - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly os: linux dist: focal + addons: + apt: + packages: + - clang-10 - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly @@ -406,23 +442,25 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: linux dist: focal addons: apt: packages: + - clang-10 - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly os: linux dist: focal addons: apt: packages: + - clang-10 - gcc-multilib - libc6-dev-i386 @@ -449,23 +487,25 @@ matrix: - gcc-7-multilib - linux-libc-dev:i386 - - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: linux dist: focal addons: apt: packages: + - clang-10 - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly os: linux dist: focal addons: apt: packages: + - clang-10 - gcc-multilib - libc6-dev-i386 @@ -565,15 +605,23 @@ matrix: os: linux dist: focal - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux dist: focal + addons: + apt: + packages: + - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta rust: beta os: linux dist: focal + addons: + apt: + packages: + - clang-10 - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta @@ -593,15 +641,23 @@ matrix: packages: - gcc-7 - - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux dist: focal + addons: + apt: + packages: + - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta rust: beta os: linux dist: focal + addons: + apt: + packages: + - clang-10 - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta @@ -647,23 +703,25 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux dist: focal addons: apt: packages: + - clang-10 - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta rust: beta os: linux dist: focal addons: apt: packages: + - clang-10 - gcc-multilib - libc6-dev-i386 @@ -689,23 +747,25 @@ matrix: - gcc-7-multilib - linux-libc-dev:i386 - - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux dist: focal addons: apt: packages: + - clang-10 - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl CC_X=clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta rust: beta os: linux dist: focal addons: apt: packages: + - clang-10 - gcc-multilib - libc6-dev-i386 diff --git a/README.md b/README.md index 46e9470ffd..aba48e77d8 100644 --- a/README.md +++ b/README.md @@ -207,7 +207,7 @@ the table below. The C compilers listed are used for compiling the C portions. OSArch.CompilersStatus Linux x86, x86_64 - GCC 4.8, GCC 7, Clang 5 + GCC 4.8, GCC 7, Clang 10 Build Status 32‑bit ARM, AAarch64 diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index 92ef447fb9..e0d7a953b6 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -24,8 +24,7 @@ ] gcc = "gcc-7" -#Clang 5.0 is the default compiler on Travis CI for Ubuntu 14.04. -clang = "clang" +clang = "clang-10" linux_compilers = [ # Assume the default compiler is GCC. From e5bbb0949e721dbd625fd2f87ba5497265f4f27d Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 29 Oct 2020 11:48:53 -0700 Subject: [PATCH 162/399] CI/CD: Add `cargo fmt -- --check`. --- .travis.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.travis.yml b/.travis.yml index 4c2e5f2d32..dbd62c9fb8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,6 +4,12 @@ matrix: allow_failures: - rust: nightly include: + - rust: stable + os: linux + dist: focal + install: rustup component add rustfmt + script: cargo fmt -- --check + # The lines from "# BEGIN GENERATED" through "# END GENERATED" are # generated by running |python mk/update-travis-yml.py|. Any changes # made to those lines will be overwritten while other lines will be left From 60ab8df4b6ea53c76e7485b10924c197bf4d1c17 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 29 Oct 2020 12:54:46 -0700 Subject: [PATCH 163/399] CI/CD: Change how GCC compatibility is tested. Speed up the build by having fewer GCC-based configurations. By default, test with GCC 9 (the default in Ubuntu Focal) when configured to use GCC. This improves our coverage of GCC by testing a newer version of GCC than we were ever testing before. Add a couple of configurations for minimal GCC 4.8 compatibility testing. This restores GCC 4.8 compatibility testing we had lost earlier. --- .travis.yml | 145 ++++++---------------------------------- README.md | 2 +- mk/update-travis-yml.py | 7 +- 3 files changed, 22 insertions(+), 132 deletions(-) diff --git a/.travis.yml b/.travis.yml index dbd62c9fb8..5ba6bf8374 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,6 +10,17 @@ matrix: install: rustup component add rustfmt script: cargo fmt -- --check + # Verify that we build on Trusty, which has GCC 4.8 as the default GCC + # version. GCC 4.8 is the minimum version of GCC we support. + + - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + rust: stable + dist: trusty + + - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + rust: stable + dist: trusty + # The lines from "# BEGIN GENERATED" through "# END GENERATED" are # generated by running |python mk/update-travis-yml.py|. Any changes # made to those lines will be overwritten while other lines will be left @@ -107,24 +118,6 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - gcc-7 - - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - gcc-7 - - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux @@ -209,28 +202,6 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - gcc-7 - - gcc-7-multilib - - linux-libc-dev:i386 - - - env: TARGET_X=i686-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - gcc-7 - - gcc-7-multilib - - linux-libc-dev:i386 - - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux @@ -349,7 +320,7 @@ matrix: os: linux dist: focal - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly rust: nightly os: linux dist: focal @@ -357,6 +328,7 @@ matrix: apt: packages: - clang-10 + - kcov - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly @@ -367,26 +339,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - gcc-7 - - kcov - - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - gcc-7 - - - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly rust: nightly os: linux dist: focal @@ -394,6 +347,7 @@ matrix: apt: packages: - clang-10 + - kcov - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly @@ -448,7 +402,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly rust: nightly os: linux dist: focal @@ -457,6 +411,7 @@ matrix: packages: - clang-10 - gcc-multilib + - kcov - libc6-dev-i386 - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly @@ -470,30 +425,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - gcc-7 - - gcc-7-multilib - - kcov - - linux-libc-dev:i386 - - - env: TARGET_X=i686-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - gcc-7 - - gcc-7-multilib - - linux-libc-dev:i386 - - - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly rust: nightly os: linux dist: focal @@ -502,6 +434,7 @@ matrix: packages: - clang-10 - gcc-multilib + - kcov - libc6-dev-i386 - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly @@ -629,24 +562,6 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - gcc-7 - - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - gcc-7 - - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux @@ -731,28 +646,6 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - gcc-7 - - gcc-7-multilib - - linux-libc-dev:i386 - - - env: TARGET_X=i686-unknown-linux-gnu CC_X=gcc-7 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - gcc-7 - - gcc-7-multilib - - linux-libc-dev:i386 - - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux diff --git a/README.md b/README.md index aba48e77d8..83eca33c1a 100644 --- a/README.md +++ b/README.md @@ -207,7 +207,7 @@ the table below. The C compilers listed are used for compiling the C portions. OSArch.CompilersStatus Linux x86, x86_64 - GCC 4.8, GCC 7, Clang 10 + GCC 9, Clang 10 Build Status 32‑bit ARM, AAarch64 diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index e0d7a953b6..d76a9abb3f 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -23,17 +23,14 @@ "beta", ] -gcc = "gcc-7" clang = "clang-10" linux_compilers = [ # Assume the default compiler is GCC. - # GCC 4.8 is the default compiler on Travis CI for Ubuntu 14.04. + # GCC 9 is the default compiler on Travis CI for Ubuntu Focal. "", clang, - - gcc, ] apple_compilers = [ @@ -126,7 +123,7 @@ def format_entry(os, target, compiler, rust, mode, features): # # DEBUG mode is needed because debug symbols are needed for coverage # tracking. - kcov = (os == "linux" and compiler == gcc and rust == "nightly" and + kcov = (os == "linux" and compiler == clang and rust == "nightly" and mode == "DEBUG") template = entry_template From 1352951ba40003c34fe269eb5ba233bcba0c2bba Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 29 Oct 2020 22:19:27 -0700 Subject: [PATCH 164/399] CI/CD: Further reduce number of GCC-based configurations. Travis CI is taking too long so we need to cut more. --- .travis.yml | 122 +++++++++++----------------------------- mk/update-travis-yml.py | 6 +- 2 files changed, 34 insertions(+), 94 deletions(-) diff --git a/.travis.yml b/.travis.yml index 5ba6bf8374..5570161db6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -21,6 +21,38 @@ matrix: rust: stable dist: trusty + - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + rust: stable + os: linux + dist: trusty + addons: + apt: + packages: + - gcc-multilib + - libc6-dev-i386 + + # Verify that we build with GCC 9, the default compiler on Focal. + + - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + rust: stable + os: linux + dist: focal + + - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + rust: stable + os: linux + dist: focal + + - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + rust: stable + os: linux + dist: focal + addons: + apt: + packages: + - gcc-multilib + - libc6-dev-i386 + # The lines from "# BEGIN GENERATED" through "# END GENERATED" are # generated by running |python mk/update-travis-yml.py|. Any changes # made to those lines will be overwritten while other lines will be left @@ -90,16 +122,6 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable - rust: stable - os: linux - dist: focal - - - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable - rust: stable - os: linux - dist: focal - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux @@ -160,26 +182,6 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - gcc-multilib - - libc6-dev-i386 - - - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - gcc-multilib - - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable rust: stable os: linux @@ -310,16 +312,6 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly - rust: nightly - os: linux - dist: focal - - - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly - rust: nightly - os: linux - dist: focal - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly rust: nightly os: linux @@ -382,26 +374,6 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - gcc-multilib - - libc6-dev-i386 - - - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - gcc-multilib - - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly rust: nightly os: linux @@ -534,16 +506,6 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta - rust: beta - os: linux - dist: focal - - - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta - rust: beta - os: linux - dist: focal - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux @@ -604,26 +566,6 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - gcc-multilib - - libc6-dev-i386 - - - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - gcc-multilib - - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta rust: beta os: linux diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index d76a9abb3f..9af4656af1 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -25,11 +25,9 @@ clang = "clang-10" +# GCC 4.8 and GCC 9 are tested in less thoroughly in configurations hard-coded +# in .travis.yml. linux_compilers = [ - # Assume the default compiler is GCC. - # GCC 9 is the default compiler on Travis CI for Ubuntu Focal. - "", - clang, ] From 781f2f34ca2832f7982780907cadd7bd453994a3 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 29 Oct 2020 15:21:23 -0700 Subject: [PATCH 165/399] CI/CD: Avoid duplicating the OS and compiler lists. `oss` is equivalent to `target.keys()` so eliminate `oss` in favor of using `target.keys()`. Similarly, `compilers` duplicates the list of targets. Fold it into `targets` to eliminate the duplication. This is a no-op change; `python mk/update-travis-yml.py` generates the same `.travis.yml` as it did before. --- mk/update-travis-yml.py | 44 ++++++++++++----------------------------- 1 file changed, 13 insertions(+), 31 deletions(-) diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index 9af4656af1..3f3bb689c5 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -35,19 +35,6 @@ "", # Don't set CC.' ] -compilers = { - "aarch64-apple-ios" : apple_compilers, - "aarch64-unknown-linux-gnu" : [ "aarch64-linux-gnu-gcc" ], - "aarch64-linux-android" : [ "aarch64-linux-android21-clang" ], - "armv7-linux-androideabi" : [ "armv7a-linux-androideabi18-clang" ], - "arm-unknown-linux-gnueabihf" : [ "arm-linux-gnueabihf-gcc" ], - "i686-unknown-linux-gnu" : linux_compilers, - "i686-unknown-linux-musl" : [clang], - "x86_64-unknown-linux-gnu" : linux_compilers, - "x86_64-unknown-linux-musl" : [clang], - "x86_64-apple-darwin" : apple_compilers, -} - feature_sets = [ "", ] @@ -59,34 +46,29 @@ # Mac OS X is first because we don't want to have to wait until all the Linux # configurations have been built to find out that there is a failure on Mac. -oss = [ - "osx", - "linux", -] - targets = { "osx" : [ - "aarch64-apple-ios", - "x86_64-apple-darwin", + ("aarch64-apple-ios", apple_compilers), + ("x86_64-apple-darwin", apple_compilers), ], "linux" : [ - "aarch64-linux-android", - "armv7-linux-androideabi", - "x86_64-unknown-linux-gnu", - "x86_64-unknown-linux-musl", - "aarch64-unknown-linux-gnu", - "i686-unknown-linux-gnu", - "i686-unknown-linux-musl", - "arm-unknown-linux-gnueabihf", + ("aarch64-linux-android", [ "aarch64-linux-android21-clang" ]), + ("armv7-linux-androideabi", [ "armv7a-linux-androideabi18-clang" ]), + ("x86_64-unknown-linux-gnu", linux_compilers), + ("x86_64-unknown-linux-musl", [clang]), + ("aarch64-unknown-linux-gnu", [ "aarch64-linux-gnu-gcc" ]), + ("i686-unknown-linux-gnu", linux_compilers), + ("i686-unknown-linux-musl", [clang]), + ("arm-unknown-linux-gnueabihf", [ "arm-linux-gnueabihf-gcc" ]), ], } def format_entries(): return "\n".join([format_entry(os, target, compiler, rust, mode, features) for rust in rusts - for os in oss - for target in targets[os] - for compiler in compilers[target] + for os in targets.keys() + for (target, compilers) in targets[os] + for compiler in compilers for mode in modes for features in feature_sets]) From 07827156c9ef185d3777e0f72e1afc44fa9cc2e0 Mon Sep 17 00:00:00 2001 From: Steven Valdez Date: Tue, 13 Oct 2020 11:04:33 -0400 Subject: [PATCH 166/399] Add raw redeem API. Change-Id: I70225ad7f95fa1dbaeecb830b17e4cde34d1bd0a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43444 Commit-Queue: Steven Valdez Reviewed-by: David Benjamin --- crypto/trust_token/trust_token.c | 87 +++++++++++++++++++++++-- crypto/trust_token/trust_token_test.cc | 90 ++++++++++++++++++++++---- include/openssl/trust_token.h | 38 +++++++---- 3 files changed, 188 insertions(+), 27 deletions(-) diff --git a/crypto/trust_token/trust_token.c b/crypto/trust_token/trust_token.c index a4891d8117..3334fba877 100644 --- a/crypto/trust_token/trust_token.c +++ b/crypto/trust_token/trust_token.c @@ -303,7 +303,7 @@ int TRUST_TOKEN_CLIENT_begin_redemption(TRUST_TOKEN_CLIENT *ctx, uint8_t **out, !CBB_add_bytes(&token_inner, token->data, token->len) || !CBB_add_u16_length_prefixed(&request, &inner) || !CBB_add_bytes(&inner, data, data_len) || - !CBB_add_u64(&request, time) || + (ctx->method->has_srr && !CBB_add_u64(&request, time)) || !CBB_finish(&request, out, out_len)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); CBB_cleanup(&request); @@ -518,6 +518,72 @@ int TRUST_TOKEN_ISSUER_issue(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, return ret; } + +int TRUST_TOKEN_ISSUER_redeem_raw(const TRUST_TOKEN_ISSUER *ctx, + uint32_t *out_public, uint8_t *out_private, + TRUST_TOKEN **out_token, + uint8_t **out_client_data, + size_t *out_client_data_len, + const uint8_t *request, size_t request_len) { + CBS request_cbs, token_cbs; + CBS_init(&request_cbs, request, request_len); + if (!CBS_get_u16_length_prefixed(&request_cbs, &token_cbs)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_ERROR); + return 0; + } + + uint32_t public_metadata = 0; + uint8_t private_metadata = 0; + + // Parse the token. If there is an error, treat it as an invalid token. + if (!CBS_get_u32(&token_cbs, &public_metadata)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN); + return 0; + } + + const struct trust_token_issuer_key_st *key = + trust_token_issuer_get_key(ctx, public_metadata); + uint8_t nonce[TRUST_TOKEN_NONCE_SIZE]; + if (key == NULL || + !ctx->method->read(&key->key, nonce, &private_metadata, + CBS_data(&token_cbs), CBS_len(&token_cbs))) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN); + return 0; + } + + CBS client_data; + if (!CBS_get_u16_length_prefixed(&request_cbs, &client_data) || + (ctx->method->has_srr && !CBS_skip(&request_cbs, 8)) || + CBS_len(&request_cbs) != 0) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_ERROR); + return 0; + } + + uint8_t *client_data_buf = NULL; + size_t client_data_len = 0; + if (!CBS_stow(&client_data, &client_data_buf, &client_data_len)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + goto err; + } + + TRUST_TOKEN *token = TRUST_TOKEN_new(nonce, TRUST_TOKEN_NONCE_SIZE); + if (token == NULL) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); + goto err; + } + *out_public = public_metadata; + *out_private = private_metadata; + *out_token = token; + *out_client_data = client_data_buf; + *out_client_data_len = client_data_len; + + return 1; + +err: + OPENSSL_free(client_data_buf); + return 0; +} + // https://tools.ietf.org/html/rfc7049#section-2.1 static int add_cbor_int_with_type(CBB *cbb, uint8_t major_type, uint64_t value) { @@ -622,9 +688,9 @@ int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, } CBS client_data; - uint64_t redemption_time; + uint64_t redemption_time = 0; if (!CBS_get_u16_length_prefixed(&request_cbs, &client_data) || - !CBS_get_u64(&request_cbs, &redemption_time)) { + (ctx->method->has_srr && !CBS_get_u64(&request_cbs, &redemption_time))) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_ERROR); goto err; } @@ -643,6 +709,19 @@ int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, // The SRR is constructed as per the format described in // https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit#heading=h.7mkzvhpqb8l5 + // The V2 protocol is intended to be used with + // |TRUST_TOKEN_ISSUER_redeem_raw|. However, we temporarily support it with + // |TRUST_TOKEN_ISSUER_redeem| to ease the transition for existing issuer + // callers. Those callers' consumers currently expect an expiry-timestamp + // field, so we fill in a placeholder value. + // + // TODO(svaldez): After the existing issues have migrated to + // |TRUST_TOKEN_ISSUER_redeem_raw| remove this logic. + uint64_t expiry_time = 0; + if (ctx->method->has_srr) { + expiry_time = redemption_time + lifetime; + } + static const char kClientDataLabel[] = "client-data"; static const char kExpiryTimestampLabel[] = "expiry-timestamp"; static const char kMetadataLabel[] = "metadata"; @@ -673,7 +752,7 @@ int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, !CBB_add_bytes(&srr, CBS_data(&client_data), CBS_len(&client_data)) || !add_cbor_text(&srr, kExpiryTimestampLabel, strlen(kExpiryTimestampLabel)) || - !add_cbor_int(&srr, redemption_time + lifetime) || + !add_cbor_int(&srr, expiry_time) || !CBB_finish(&srr, &srr_buf, &srr_len)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/trust_token/trust_token_test.cc b/crypto/trust_token/trust_token_test.cc index b6d080f154..f9f183d941 100644 --- a/crypto/trust_token/trust_token_test.cc +++ b/crypto/trust_token/trust_token_test.cc @@ -325,7 +325,7 @@ TEST_P(TrustTokenProtocolTest, TruncatedRedemptionRequest) { for (TRUST_TOKEN *token : tokens.get()) { const uint8_t kClientData[] = "\x70TEST CLIENT DATA"; - uint64_t kRedemptionTime = 13374242; + uint64_t kRedemptionTime = (method()->has_srr ? 13374242 : 0); uint8_t *redeem_msg = NULL, *redeem_resp = NULL; ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_redemption( @@ -366,7 +366,7 @@ TEST_P(TrustTokenProtocolTest, TruncatedRedemptionResponse) { for (TRUST_TOKEN *token : tokens.get()) { const uint8_t kClientData[] = "\x70TEST CLIENT DATA"; - uint64_t kRedemptionTime = 13374242; + uint64_t kRedemptionTime = 0; uint8_t *redeem_msg = NULL, *redeem_resp = NULL; ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_redemption( @@ -499,9 +499,9 @@ TEST_P(TrustTokenMetadataTest, SetAndGetMetadata) { for (TRUST_TOKEN *token : tokens.get()) { const uint8_t kClientData[] = "\x70TEST CLIENT DATA"; - uint64_t kRedemptionTime = 13374242; + uint64_t kRedemptionTime = (method()->has_srr ? 13374242 : 0); - const uint8_t kExpectedSRR[] = + const uint8_t kExpectedSRRV1[] = "\xa4\x68\x6d\x65\x74\x61\x64\x61\x74\x61\xa2\x66\x70\x75\x62\x6c\x69" "\x63\x00\x67\x70\x72\x69\x76\x61\x74\x65\x00\x6a\x74\x6f\x6b\x65\x6e" "\x2d\x68\x61\x73\x68\x58\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" @@ -511,6 +511,23 @@ TEST_P(TrustTokenMetadataTest, SetAndGetMetadata) { "\x70\x65\x78\x70\x69\x72\x79\x2d\x74\x69\x6d\x65\x73\x74\x61\x6d\x70" "\x1a\x00\xcc\x15\x7a"; + const uint8_t kExpectedSRRV2[] = + "\xa4\x68\x6d\x65\x74\x61\x64\x61\x74\x61\xa2\x66\x70\x75\x62\x6c\x69" + "\x63\x00\x67\x70\x72\x69\x76\x61\x74\x65\x00\x6a\x74\x6f\x6b\x65\x6e" + "\x2d\x68\x61\x73\x68\x58\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x6b\x63\x6c\x69\x65\x6e\x74\x2d\x64\x61\x74\x61" + "\x70\x54\x45\x53\x54\x20\x43\x4c\x49\x45\x4e\x54\x20\x44\x41\x54\x41" + "\x70\x65\x78\x70\x69\x72\x79\x2d\x74\x69\x6d\x65\x73\x74\x61\x6d\x70" + "\x00"; + + const uint8_t *expected_srr = kExpectedSRRV1; + size_t expected_srr_len = sizeof(kExpectedSRRV1) - 1; + if (!method()->has_srr) { + expected_srr = kExpectedSRRV2; + expected_srr_len = sizeof(kExpectedSRRV2) - 1; + } + uint8_t *redeem_msg = NULL, *redeem_resp = NULL; ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_redemption( client.get(), &redeem_msg, &msg_len, token, kClientData, @@ -540,22 +557,21 @@ TEST_P(TrustTokenMetadataTest, SetAndGetMetadata) { if (!method()->has_srr) { size_t b64_len; - ASSERT_TRUE(EVP_EncodedLength(&b64_len, sizeof(kExpectedSRR) - 1)); + ASSERT_TRUE(EVP_EncodedLength(&b64_len, expected_srr_len)); b64_len -= 1; - const char kSRRHeader[] = "body=:"; ASSERT_LT(sizeof(kSRRHeader) - 1 + b64_len, srr_len); ASSERT_EQ(Bytes(kSRRHeader, sizeof(kSRRHeader) - 1), Bytes(srr, sizeof(kSRRHeader) - 1)); uint8_t *decoded_srr = - (uint8_t *)OPENSSL_malloc(sizeof(kExpectedSRR) + 1); + (uint8_t *)OPENSSL_malloc(expected_srr_len + 2); ASSERT_TRUE(decoded_srr); - ASSERT_LT( - int(sizeof(kExpectedSRR) - 1), + ASSERT_LE( + int(expected_srr_len), EVP_DecodeBlock(decoded_srr, srr + sizeof(kSRRHeader) - 1, b64_len)); srr = decoded_srr; - srr_len = sizeof(kExpectedSRR) - 1; + srr_len = expected_srr_len; free_srr.reset(srr); } @@ -584,11 +600,63 @@ TEST_P(TrustTokenMetadataTest, SetAndGetMetadata) { // Clear out the token hash. OPENSSL_memset(srr + 41, 0, sizeof(token_hash)); - ASSERT_EQ(Bytes(kExpectedSRR, sizeof(kExpectedSRR) - 1), + ASSERT_EQ(Bytes(expected_srr, expected_srr_len), Bytes(srr, srr_len)); } } +TEST_P(TrustTokenMetadataTest, RawSetAndGetMetadata) { + ASSERT_NO_FATAL_FAILURE(SetupContexts()); + + uint8_t *issue_msg = NULL, *issue_resp = NULL; + size_t msg_len, resp_len; + ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg, + &msg_len, 10)); + bssl::UniquePtr free_issue_msg(issue_msg); + size_t tokens_issued; + bool result = TRUST_TOKEN_ISSUER_issue( + issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len, + public_metadata(), private_metadata(), /*max_issuance=*/1); + if (!method()->has_private_metadata && private_metadata()) { + ASSERT_FALSE(result); + return; + } + ASSERT_TRUE(result); + bssl::UniquePtr free_msg(issue_resp); + size_t key_index; + bssl::UniquePtr tokens( + TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp, + resp_len)); + ASSERT_TRUE(tokens); + EXPECT_EQ(1u, sk_TRUST_TOKEN_num(tokens.get())); + + for (TRUST_TOKEN *token : tokens.get()) { + const uint8_t kClientData[] = "\x70TEST CLIENT DATA"; + uint64_t kRedemptionTime = (method()->has_srr ? 13374242 : 0); + + uint8_t *redeem_msg = NULL; + ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_redemption( + client.get(), &redeem_msg, &msg_len, token, kClientData, + sizeof(kClientData) - 1, kRedemptionTime)); + bssl::UniquePtr free_redeem_msg(redeem_msg); + uint32_t public_value; + uint8_t private_value; + TRUST_TOKEN *rtoken; + uint8_t *client_data; + size_t client_data_len; + ASSERT_TRUE(TRUST_TOKEN_ISSUER_redeem_raw( + issuer.get(), &public_value, &private_value, &rtoken, + &client_data, &client_data_len, redeem_msg, msg_len)); + bssl::UniquePtr free_client_data(client_data); + bssl::UniquePtr free_rtoken(rtoken); + + ASSERT_EQ(Bytes(kClientData, sizeof(kClientData) - 1), + Bytes(client_data, client_data_len)); + ASSERT_EQ(public_value, static_cast(public_metadata())); + ASSERT_EQ(private_value, private_metadata()); + } +} + TEST_P(TrustTokenMetadataTest, TooManyRequests) { if (!method()->has_private_metadata && private_metadata()) { return; diff --git a/include/openssl/trust_token.h b/include/openssl/trust_token.h index 7146995eab..d9247f79f6 100644 --- a/include/openssl/trust_token.h +++ b/include/openssl/trust_token.h @@ -42,14 +42,10 @@ OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void); // TRUST_TOKEN_experiment_v2_voprf is an experimental Trust Tokens protocol // using VOPRFs and P-384 with up to 6 keys, without RR verification. -// -// This version is incomplete and should not be used. OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_voprf(void); // TRUST_TOKEN_experiment_v2_pmb is an experimental Trust Tokens protocol using // PMBTokens and P-384 with up to 3 keys, without RR verification. -// -// This version is incomplete and should not be used. OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_pmb(void); // trust_token_st represents a single-use token for the Trust Token protocol. @@ -150,9 +146,9 @@ OPENSSL_EXPORT STACK_OF(TRUST_TOKEN) * // |token| and receive a signature over |data| and serializes the request into // a newly-allocated buffer, setting |*out| to that buffer and |*out_len| to // its length. |time| is the number of seconds since the UNIX epoch and used to -// verify the validity of the issuer's response. The caller takes ownership of -// the buffer and must call |OPENSSL_free| when done. It returns one on success -// or zero on error. +// verify the validity of the issuer's response in TrustTokenV1 and ignored in +// other versions. The caller takes ownership of the buffer and must call +// |OPENSSL_free| when done. It returns one on success or zero on error. OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_begin_redemption( TRUST_TOKEN_CLIENT *ctx, uint8_t **out, size_t *out_len, const TRUST_TOKEN *token, const uint8_t *data, size_t data_len, @@ -228,16 +224,16 @@ OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_issue( uint32_t public_metadata, uint8_t private_metadata, size_t max_issuance); // TRUST_TOKEN_ISSUER_redeem ingests a |request| for token redemption and -// verifies the token. If the token is valid, a SRR is produced with a lifetime +// verifies the token. If the token is valid, a RR is produced with a lifetime // of |lifetime| (in seconds), signing over the requested data from the request // and the value of the token, storing the result into a newly-allocated buffer // and setting |*out| to that buffer and |*out_len| to its length. The extracted // |TRUST_TOKEN| is stored into a newly-allocated buffer and stored in // |*out_token|. The extracted client data is stored into a newly-allocated -// buffer and stored in |*out_client_data|. The extracted redemption time is -// stored in |*out_redemption_time|. The caller takes ownership of each output -// buffer and must call |OPENSSL_free| when done. It returns one on success or -// zero on error. +// buffer and stored in |*out_client_data|. In TrustTokenV1, the extracted +// redemption time is stored in |*out_redemption_time|. The caller takes +// ownership of each output buffer and must call |OPENSSL_free| when done. It +// returns one on success or zero on error. // // The caller must keep track of all values of |*out_token| seen globally before // returning the SRR to the client. If the value has been reused, the caller @@ -249,6 +245,24 @@ OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_redeem( size_t *out_client_data_len, uint64_t *out_redemption_time, const uint8_t *request, size_t request_len, uint64_t lifetime); +// TRUST_TOKEN_ISSUER_redeem_raw ingests a |request| for token redemption and +// verifies the token. The public metadata is stored in |*out_public|. The +// private metadata (if any) is stored in |*out_private|. The extracted +// |TRUST_TOKEN| is stored into a newly-allocated buffer and stored in +// |*out_token|. The extracted client data is stored into a newly-allocated +// buffer and stored in |*out_client_data|. The caller takes ownership of each +// output buffer and must call |OPENSSL_free| when done. It returns one on +// success or zero on error. +// +// The caller must keep track of all values of |*out_token| seen globally before +// returning a response to the client. If the value has been reused, the caller +// must report an error to the client. Returning a response with replayed values +// allows an attacker to double-spend tokens. +OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_redeem_raw( + const TRUST_TOKEN_ISSUER *ctx, uint32_t *out_public, uint8_t *out_private, + TRUST_TOKEN **out_token, uint8_t **out_client_data, + size_t *out_client_data_len, const uint8_t *request, size_t request_len); + // TRUST_TOKEN_decode_private_metadata decodes |encrypted_bit| using the // private metadata key specified by a |key| buffer of length |key_len| and the // nonce by a |nonce| buffer of length |nonce_len|. The nonce in From fa9796ece4942091e651c7c8b8fe036409b43c38 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 2 Nov 2020 13:01:04 -0500 Subject: [PATCH 167/399] Add SSL_early_data_reason_string. QUICHE has a switch-case converting ssl_early_data_reason_t to a string for logging. This causes a lot of churn when we add a new value. Instead, add a function for this. Bump BORINGSSL_API_VERSION so we can easily land a CL in QUICHE to start using the function without coordinating repositories. Change-Id: I176ca07b4f75a3ea7153a387219459665062aad9 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43724 Reviewed-by: Nick Harper Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- include/openssl/base.h | 2 +- include/openssl/ssl.h | 5 +++++ ssl/ssl_lib.cc | 37 +++++++++++++++++++++++++++++++++ ssl/test/bssl_shim.cc | 46 +----------------------------------------- 4 files changed, 44 insertions(+), 46 deletions(-) diff --git a/include/openssl/base.h b/include/openssl/base.h index 0bdb1db4dc..474bb8bc72 100644 --- a/include/openssl/base.h +++ b/include/openssl/base.h @@ -187,7 +187,7 @@ extern "C" { // A consumer may use this symbol in the preprocessor to temporarily build // against multiple revisions of BoringSSL at the same time. It is not // recommended to do so for longer than is necessary. -#define BORINGSSL_API_VERSION 11 +#define BORINGSSL_API_VERSION 12 #if defined(BORINGSSL_SHARED_LIBRARY) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 4db6afcc47..c12aa0e17b 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -3549,6 +3549,11 @@ enum ssl_early_data_reason_t BORINGSSL_ENUM_INT { OPENSSL_EXPORT enum ssl_early_data_reason_t SSL_get_early_data_reason( const SSL *ssl); +// SSL_early_data_reason_string returns a string representation for |reason|, or +// NULL if |reason| is unknown. This function may be used for logging. +OPENSSL_EXPORT const char *SSL_early_data_reason_string( + enum ssl_early_data_reason_t reason); + // Alerts. // diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc index 33b9f2fb09..a52f1fa4f5 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc @@ -1294,6 +1294,43 @@ enum ssl_early_data_reason_t SSL_get_early_data_reason(const SSL *ssl) { return ssl->s3->early_data_reason; } +const char *SSL_early_data_reason_string(enum ssl_early_data_reason_t reason) { + switch (reason) { + case ssl_early_data_unknown: + return "unknown"; + case ssl_early_data_disabled: + return "disabled"; + case ssl_early_data_accepted: + return "accepted"; + case ssl_early_data_protocol_version: + return "protocol_version"; + case ssl_early_data_peer_declined: + return "peer_declined"; + case ssl_early_data_no_session_offered: + return "no_session_offered"; + case ssl_early_data_session_not_resumed: + return "session_not_resumed"; + case ssl_early_data_unsupported_for_session: + return "unsupported_for_session"; + case ssl_early_data_hello_retry_request: + return "hello_retry_request"; + case ssl_early_data_alpn_mismatch: + return "alpn_mismatch"; + case ssl_early_data_channel_id: + return "channel_id"; + case ssl_early_data_token_binding: + return "token_binding"; + case ssl_early_data_ticket_age_skew: + return "ticket_age_skew"; + case ssl_early_data_quic_parameter_mismatch: + return "quic_parameter_mismatch"; + case ssl_early_data_alps_mismatch: + return "alps_mismatch"; + } + + return nullptr; +} + static int bio_retry_reason_to_error(int reason) { switch (reason) { case BIO_RR_CONNECT: diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index 3df861b4f8..b04f0892ac 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -396,50 +396,6 @@ static bool CheckAuthProperties(SSL *ssl, bool is_resume, return true; } -static const char *EarlyDataReasonToString(ssl_early_data_reason_t reason) { - if (reason > ssl_early_data_reason_max_value) { - fprintf(stderr, "ssl_early_data_reason_max_value is out of date.\n"); - abort(); - } - - switch (reason) { - case ssl_early_data_unknown: - return "unknown"; - case ssl_early_data_disabled: - return "disabled"; - case ssl_early_data_accepted: - return "accepted"; - case ssl_early_data_protocol_version: - return "protocol_version"; - case ssl_early_data_peer_declined: - return "peer_declined"; - case ssl_early_data_no_session_offered: - return "no_session_offered"; - case ssl_early_data_session_not_resumed: - return "session_not_resumed"; - case ssl_early_data_unsupported_for_session: - return "unsupported_for_session"; - case ssl_early_data_hello_retry_request: - return "hello_retry_request"; - case ssl_early_data_alpn_mismatch: - return "alpn_mismatch"; - case ssl_early_data_channel_id: - return "channel_id"; - case ssl_early_data_token_binding: - return "token_binding"; - case ssl_early_data_ticket_age_skew: - return "ticket_age_skew"; - case ssl_early_data_quic_parameter_mismatch: - return "quic_parameter_mismatch"; - case ssl_early_data_alps_mismatch: - return "alps_mismatch"; - } - - fprintf(stderr, "Unknown ssl_early_data_reason_t value %d.\n", - static_cast(reason)); - abort(); -} - // CheckHandshakeProperties checks, immediately after |ssl| completes its // initial handshake (or False Starts), whether all the properties are // consistent with the test configuration and invariants. @@ -677,7 +633,7 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume, } const char *early_data_reason = - EarlyDataReasonToString(SSL_get_early_data_reason(ssl)); + SSL_early_data_reason_string(SSL_get_early_data_reason(ssl)); if (!config->expect_early_data_reason.empty() && config->expect_early_data_reason != early_data_reason) { fprintf(stderr, "Early data reason was \"%s\", expected \"%s\"\n", From 1a751eefc1109c0116fb934c5e91bf2d330ebb3c Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Fri, 30 Oct 2020 16:29:02 -0700 Subject: [PATCH 168/399] Add test for X25519-containing certificate. We already support this, but there wasn't a test for it. Change-Id: I14304b99b312fcf729703cf175ec41e3e60db363 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43704 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- crypto/x509/x509_test.cc | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index 77c87fc607..b170b76a72 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -472,6 +472,20 @@ recgVPpVS7B+d9g4EwtZXIh4lodTBDHBBw== -----END CERTIFICATE----- )"; +// kX25519 is the example X25519 certificate from +// https://tools.ietf.org/html/rfc8410#section-10.2 +static const char kX25519Cert[] = R"( +-----BEGIN CERTIFICATE----- +MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBUZX +N0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYDVQQD +DA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oNvzoNJj +ga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQEAwIDCDAg +BgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EAryMB/t3J5v +/BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3OGhhlxXrCe1Cg +w1AH9efZBw== +-----END CERTIFICATE----- +)"; + // kSANTypesLeaf is a leaf certificate (signed by |kSANTypesRoot|) which // contains SANS for example.com, test@example.com, 127.0.0.1, and // https://example.com/. (The latter is useless for now since crypto/x509 @@ -1474,6 +1488,28 @@ TEST(X509Test, TestEd25519BadParameters) { ERR_clear_error(); } +TEST(X509Test, TestX25519) { + bssl::UniquePtr cert(CertFromPEM(kX25519Cert)); + ASSERT_TRUE(cert); + + bssl::UniquePtr pkey(X509_get_pubkey(cert.get())); + ASSERT_TRUE(pkey); + + EXPECT_EQ(EVP_PKEY_id(pkey.get()), EVP_PKEY_X25519); + + constexpr uint8_t kExpectedPublicValue[] = { + 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, + 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, + 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a, + }; + uint8_t public_value[sizeof(kExpectedPublicValue)]; + size_t public_value_size = sizeof(public_value); + ASSERT_TRUE(EVP_PKEY_get_raw_public_key(pkey.get(), public_value, + &public_value_size)); + EXPECT_EQ(Bytes(kExpectedPublicValue), + Bytes(public_value, public_value_size)); +} + static bool SignatureRoundTrips(EVP_MD_CTX *md_ctx, EVP_PKEY *pkey) { // Make a certificate like signed with |md_ctx|'s settings.' bssl::UniquePtr cert(CertFromPEM(kLeafPEM)); From d5b2b177280c9a343de1f2890ad745bdd198da5d Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Fri, 23 Oct 2020 12:48:18 -0700 Subject: [PATCH 169/399] Define a constant for the standard GCM nonce length. We use this constant a lot in e_aes.c, but we write it out every time. Change-Id: Iaa92efb391def6640349940c682d9f70ddaa23d5 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43685 Reviewed-by: David Benjamin --- crypto/fipsmodule/cipher/e_aes.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/crypto/fipsmodule/cipher/e_aes.c b/crypto/fipsmodule/cipher/e_aes.c index 8f4907f3a4..6d9b40db9f 100644 --- a/crypto/fipsmodule/cipher/e_aes.c +++ b/crypto/fipsmodule/cipher/e_aes.c @@ -68,6 +68,8 @@ OPENSSL_MSVC_PRAGMA(warning(push)) OPENSSL_MSVC_PRAGMA(warning(disable: 4702)) // Unreachable code. +#define AES_GCM_NONCE_LENGTH 12 + #if defined(BSAES) static void vpaes_ctr32_encrypt_blocks_with_bsaes(const uint8_t *in, uint8_t *out, size_t blocks, @@ -630,7 +632,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_128_gcm_generic) { out->nid = NID_aes_128_gcm; out->block_size = 1; out->key_len = 16; - out->iv_len = 12; + out->iv_len = AES_GCM_NONCE_LENGTH; out->ctx_size = sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING; out->flags = EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | @@ -698,7 +700,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_192_gcm_generic) { out->nid = NID_aes_192_gcm; out->block_size = 1; out->key_len = 24; - out->iv_len = 12; + out->iv_len = AES_GCM_NONCE_LENGTH; out->ctx_size = sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING; out->flags = EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | @@ -766,7 +768,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_256_gcm_generic) { out->nid = NID_aes_256_gcm; out->block_size = 1; out->key_len = 32; - out->iv_len = 12; + out->iv_len = AES_GCM_NONCE_LENGTH; out->ctx_size = sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING; out->flags = EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | @@ -1048,7 +1050,7 @@ DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm) { memset(out, 0, sizeof(EVP_AEAD)); out->key_len = 16; - out->nonce_len = 12; + out->nonce_len = AES_GCM_NONCE_LENGTH; out->overhead = EVP_AEAD_AES_GCM_TAG_LEN; out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN; out->seal_scatter_supports_extra_in = 1; @@ -1063,7 +1065,7 @@ DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_192_gcm) { memset(out, 0, sizeof(EVP_AEAD)); out->key_len = 24; - out->nonce_len = 12; + out->nonce_len = AES_GCM_NONCE_LENGTH; out->overhead = EVP_AEAD_AES_GCM_TAG_LEN; out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN; out->seal_scatter_supports_extra_in = 1; @@ -1078,7 +1080,7 @@ DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm) { memset(out, 0, sizeof(EVP_AEAD)); out->key_len = 32; - out->nonce_len = 12; + out->nonce_len = AES_GCM_NONCE_LENGTH; out->overhead = EVP_AEAD_AES_GCM_TAG_LEN; out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN; out->seal_scatter_supports_extra_in = 1; @@ -1128,7 +1130,7 @@ static int aead_aes_gcm_tls12_seal_scatter( struct aead_aes_gcm_tls12_ctx *gcm_ctx = (struct aead_aes_gcm_tls12_ctx *) &ctx->state; - if (nonce_len != 12) { + if (nonce_len != AES_GCM_NONCE_LENGTH) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } @@ -1155,7 +1157,7 @@ DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm_tls12) { memset(out, 0, sizeof(EVP_AEAD)); out->key_len = 16; - out->nonce_len = 12; + out->nonce_len = AES_GCM_NONCE_LENGTH; out->overhead = EVP_AEAD_AES_GCM_TAG_LEN; out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN; out->seal_scatter_supports_extra_in = 1; @@ -1170,7 +1172,7 @@ DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm_tls12) { memset(out, 0, sizeof(EVP_AEAD)); out->key_len = 32; - out->nonce_len = 12; + out->nonce_len = AES_GCM_NONCE_LENGTH; out->overhead = EVP_AEAD_AES_GCM_TAG_LEN; out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN; out->seal_scatter_supports_extra_in = 1; @@ -1223,7 +1225,7 @@ static int aead_aes_gcm_tls13_seal_scatter( struct aead_aes_gcm_tls13_ctx *gcm_ctx = (struct aead_aes_gcm_tls13_ctx *) &ctx->state; - if (nonce_len != 12) { + if (nonce_len != AES_GCM_NONCE_LENGTH) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } @@ -1261,7 +1263,7 @@ DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm_tls13) { memset(out, 0, sizeof(EVP_AEAD)); out->key_len = 16; - out->nonce_len = 12; + out->nonce_len = AES_GCM_NONCE_LENGTH; out->overhead = EVP_AEAD_AES_GCM_TAG_LEN; out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN; out->seal_scatter_supports_extra_in = 1; @@ -1276,7 +1278,7 @@ DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm_tls13) { memset(out, 0, sizeof(EVP_AEAD)); out->key_len = 32; - out->nonce_len = 12; + out->nonce_len = AES_GCM_NONCE_LENGTH; out->overhead = EVP_AEAD_AES_GCM_TAG_LEN; out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN; out->seal_scatter_supports_extra_in = 1; From 83a3f462cf2e014bf92dfb1ae2bbffb3616b3687 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Fri, 23 Oct 2020 14:04:10 -0700 Subject: [PATCH 170/399] Add AES-GCM AEADs with internal nonce generation. For FIPS reasons, one might wish to ensure that a random AES-GCM nonce was generated entirely within the FIPS module. If so, then these are the AEADs for you. Change-Id: Ic2b7864b089f446401f700d7d55bfa6336c61e23 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43686 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- crypto/cipher_extra/aead_test.cc | 43 ++++- .../test/aes_128_gcm_randnonce_tests.txt | 30 +++ .../test/aes_256_gcm_randnonce_tests.txt | 30 +++ crypto/fipsmodule/cipher/e_aes.c | 182 +++++++++++++++--- include/openssl/aead.h | 24 +++ sources.cmake | 2 + 6 files changed, 281 insertions(+), 30 deletions(-) create mode 100644 crypto/cipher_extra/test/aes_128_gcm_randnonce_tests.txt create mode 100644 crypto/cipher_extra/test/aes_256_gcm_randnonce_tests.txt diff --git a/crypto/cipher_extra/aead_test.cc b/crypto/cipher_extra/aead_test.cc index 02e0d99470..d0c266aacf 100644 --- a/crypto/cipher_extra/aead_test.cc +++ b/crypto/cipher_extra/aead_test.cc @@ -40,6 +40,10 @@ constexpr uint32_t kLimitedImplementation = 1 << 0; constexpr uint32_t kCanTruncateTags = 1 << 1; // kVariableNonce indicates that the AEAD supports a variable-length nonce. constexpr uint32_t kVariableNonce = 1 << 2; +// kNondeterministic indicates that the AEAD performs randomised encryption thus +// one cannot assume that encrypting the same data will result in the same +// ciphertext. +constexpr uint32_t kNondeterministic = 1 << 7; // RequiresADLength encodes an AD length requirement into flags. constexpr uint32_t RequiresADLength(size_t length) { @@ -58,6 +62,16 @@ constexpr size_t RequiredADLength(uint32_t flags) { return (flags >> 3) & 0xf; } +constexpr uint32_t RequiresMinimumTagLength(size_t length) { + // See above for statically checking the size at compile time with future C++ + // versions. + return (length & 0xf) << 8; +} + +constexpr size_t MinimumTagLength(uint32_t flags) { + return ((flags >> 8) & 0xf) == 0 ? 1 : ((flags >> 8) & 0xf); +} + struct KnownAEAD { const char name[40]; const EVP_AEAD *(*func)(void); @@ -87,6 +101,14 @@ static const struct KnownAEAD kAEADs[] = { {"AES_256_GCM_SIV", EVP_aead_aes_256_gcm_siv, "aes_256_gcm_siv_tests.txt", 0}, + {"AES_128_GCM_RandomNonce", EVP_aead_aes_128_gcm_randnonce, + "aes_128_gcm_randnonce_tests.txt", + kNondeterministic | kCanTruncateTags | RequiresMinimumTagLength(13)}, + + {"AES_256_GCM_RandomNonce", EVP_aead_aes_256_gcm_randnonce, + "aes_256_gcm_randnonce_tests.txt", + kNondeterministic | kCanTruncateTags | RequiresMinimumTagLength(13)}, + {"ChaCha20Poly1305", EVP_aead_chacha20_poly1305, "chacha20_poly1305_tests.txt", kCanTruncateTags}, @@ -189,7 +211,8 @@ TEST_P(PerAEADTest, TestVector) { ctx.get(), aead(), key.data(), key.size(), tag_len, evp_aead_seal)); std::vector out(in.size() + EVP_AEAD_max_overhead(aead())); - if (!t->HasAttribute("NO_SEAL")) { + if (!t->HasAttribute("NO_SEAL") && + !(GetParam().flags & kNondeterministic)) { size_t out_len; ASSERT_TRUE(EVP_AEAD_CTX_seal(ctx.get(), out.data(), &out_len, out.size(), nonce.data(), nonce.size(), in.data(), @@ -269,7 +292,8 @@ TEST_P(PerAEADTest, TestExtraInput) { "crypto/cipher_extra/test/" + std::string(aead_config.test_vectors); FileTestGTest(test_vectors.c_str(), [&](FileTest *t) { if (t->HasAttribute("NO_SEAL") || - t->HasAttribute("FAILS")) { + t->HasAttribute("FAILS") || + (aead_config.flags & kNondeterministic)) { t->SkipCurrent(); return; } @@ -337,7 +361,8 @@ TEST_P(PerAEADTest, TestVectorScatterGather) { std::vector out(in.size()); std::vector out_tag(EVP_AEAD_max_overhead(aead())); - if (!t->HasAttribute("NO_SEAL")) { + if (!t->HasAttribute("NO_SEAL") && + !(aead_config.flags & kNondeterministic)) { size_t out_tag_len; ASSERT_TRUE(EVP_AEAD_CTX_seal_scatter( ctx.get(), out.data(), out_tag.data(), &out_tag_len, out_tag.size(), @@ -469,9 +494,10 @@ TEST_P(PerAEADTest, TruncatedTags) { const size_t nonce_len = EVP_AEAD_nonce_length(aead()); ASSERT_GE(sizeof(nonce), nonce_len); + const size_t tag_len = MinimumTagLength(GetParam().flags); bssl::ScopedEVP_AEAD_CTX ctx; ASSERT_TRUE(EVP_AEAD_CTX_init(ctx.get(), aead(), key, key_len, - 1 /* one byte tag */, NULL /* ENGINE */)); + tag_len, NULL /* ENGINE */)); const uint8_t plaintext[1] = {'A'}; @@ -492,7 +518,7 @@ TEST_P(PerAEADTest, TruncatedTags) { const size_t overhead_used = ciphertext_len - sizeof(plaintext); const size_t expected_overhead = - 1 + EVP_AEAD_max_overhead(aead()) - EVP_AEAD_max_tag_len(aead()); + tag_len + EVP_AEAD_max_overhead(aead()) - EVP_AEAD_max_tag_len(aead()); EXPECT_EQ(overhead_used, expected_overhead) << "AEAD is probably ignoring request to truncate tags."; @@ -578,8 +604,11 @@ TEST_P(PerAEADTest, AliasedBuffers) { ASSERT_TRUE(EVP_AEAD_CTX_seal(ctx.get(), in, &out_len, sizeof(kPlaintext) + max_overhead, nonce.data(), nonce_len, in, sizeof(kPlaintext), nullptr, 0)); - EXPECT_EQ(Bytes(valid_encryption.data(), valid_encryption_len), - Bytes(in, out_len)); + + if (!(GetParam().flags & kNondeterministic)) { + EXPECT_EQ(Bytes(valid_encryption.data(), valid_encryption_len), + Bytes(in, out_len)); + } OPENSSL_memcpy(in, valid_encryption.data(), valid_encryption_len); ASSERT_TRUE(EVP_AEAD_CTX_open(ctx.get(), in, &out_len, valid_encryption_len, diff --git a/crypto/cipher_extra/test/aes_128_gcm_randnonce_tests.txt b/crypto/cipher_extra/test/aes_128_gcm_randnonce_tests.txt new file mode 100644 index 0000000000..e28fdb622a --- /dev/null +++ b/crypto/cipher_extra/test/aes_128_gcm_randnonce_tests.txt @@ -0,0 +1,30 @@ +# These tests are versions of the tests from the corresponding AES-GCM test +# file, but with the nonce appended to the tag. + +KEY: d480429666d48b400633921c5407d1d1 +NONCE: +IN: +AD: +CT: +TAG: 7d7daf44850921a34e636b01adeb104f3388c676dc754acfa66e172a + +KEY: 3881e7be1bb3bbcaff20bdb78e5d1b67 +NONCE: +IN: 0a2714aa7d +AD: c60c64bbf7 +CT: 5626f96ecb +TAG: ff4c4f1d92b0abb1d0820833d9eb83c7dcf5b7ae2d7552e2297fcfa9 + +KEY: ea4f6f3c2fed2b9dd9708c2e721ae00f +NONCE: +IN: 8d6c08446cb10d9a2075 +AD: 5c65d4f261d2c54ffe6a +CT: 0f51f7a83c5b5aa796b9 +TAG: 70259cddfe8f9a15a5c5eb485af578fbf975809ddb5172382745634f + +KEY: 31d93fd51c2d6450cf35d9edd71413f4 +NONCE: +IN: e78eba6c58f93cc2374932fc21e54f695f2daeda3bd1e0121a77d178e3bf5c0e824a99042e8f2522df829d014e4d35a756780e8c07f53ca8fb78db6fb76754ad461665051c4572b2514804d0a9cbae1a1a013b796565eee13a7832ab8834b8406b1185332552d38754dde2344ff4f6e4823390964ba2dc43de136f2235b1d919e0f4ad60813d30f0ac1dad35abe3bee9479337c7b430841d2c722f12aeaf931cedd8a82053f697fff8d07f0af6013da7da58a5dfcf45561943e7ccdfd8d11fbe96a68a5a27982e47346500c0284caf8e6b63c6621e80503a7365d6693dc9a249093dc45221cfd88562e25910034c2c123e44e3b09d8a8a15547285d2596b98c7a0ee9d10b2cdb032d08a6caee1212420b6854181a583c15e046aa202dd +AD: a4fdd42aad5475ffc1b122170024486406033c8640233cd9b23c286fdd40c5b69eee39cfbf965f7a10c73663f9804e6821c4f62980f8362a580bab446325b009a004b60b1dbd12566b55b42e58d8037d86c1050cd6ecaaac2fb0ef616a15bc5bcd8252fd459165795c500bbb2fb1476e5cfef9549db733be65bde391c810d099e3745a2cc7a94debe1f4ff6653b338123ef7d2f9a602bc9a4bbe757a63f932a802014f2f06c6688faf14332a355b1025f33687124399f55b6a5adb4864727ec6c5334c41d78d1463400925f6c29c0f611f35c9640045a740dad5b4f0dcb632e7f9a3478b526aa9f97cd9f8d3ad094b7922890e7b6d9c67fcc4f747d04ddcd115fba0a8f0433c6fb1bf6011a9cd153f866c76b26d427a25aebc60d10540 +CT: 8d668fb50efda82552aeb5d075ff3977c37929d73f6639289e7c6da8c89c664df80b2387e788d12398d62d3c0ed2f9f918010d41021c464d54f016c4e10e85e29ba3a45793df2ebd6cdf30045363434387bb0d20439f4986e6eb7ae9fd85fe776f7b8035025624c2413ca8491cc6e79fe901b9c40ff3a0e37a7c7e88b56de4fee65861865162821e046846d253982e4ecd17bd26214b0923a4297d4ed9423395d856940829ca5ee74488c3b4d8aa3c5ceade17d8a3f2e45d3ba91360ac1c76d6a29f8243bf49c1d75aa41ba239fa6f3b123e198ba799e3b70c674607c5371894800954eda0264b3b82606433f71371dabc5f1fb3d703232533662920a241f613c38d16b0bad24f4aa3b336af89cdcd2f371e1bed7aaa47c56d17100a01 +TAG: 594ee5c93636cfb5fde940e3d561440a28f6f0c288c9f92e80252e1e diff --git a/crypto/cipher_extra/test/aes_256_gcm_randnonce_tests.txt b/crypto/cipher_extra/test/aes_256_gcm_randnonce_tests.txt new file mode 100644 index 0000000000..caabc423c2 --- /dev/null +++ b/crypto/cipher_extra/test/aes_256_gcm_randnonce_tests.txt @@ -0,0 +1,30 @@ +# These tests are versions of the tests from the corresponding AES-GCM test +# file, but with the nonce appended to the tag. + +KEY: e5ac4a32c67e425ac4b143c83c6f161312a97d88d634afdf9f4da5bd35223f01 +NONCE: +IN: +AD: +CT: +TAG: d7cba289d6d19a5af45dc13857016bac5bf11a0951f0bfc7ea5c9e58 + +KEY: 73ad7bbbbc640c845a150f67d058b279849370cd2c1f3c67c4dd6c869213e13a +NONCE: +IN: f0535fe211 +AD: e91428be04 +CT: e9b8a896da +TAG: 9115ed79f26a030c14947b3e454db9e7a330a184fc245812f4820caa + +KEY: 80e2e561886eb2a953cf923aaac1653ed2db0111ee62e09cb20d9e2652bd3476 +NONCE: +IN: 96669d2d3542a4d49c7c +AD: e51e5bce7cbceb660399 +CT: 4521953e7d39497e4563 +TAG: 2083e3c0d84d663066bbe2961b08dcf75daf201589654da8884c3c68 + +KEY: 31dbefe589b661af00a6fbad426e013f30f448c763f957bbcbaf9c09764f4a95 +NONCE: +IN: 908bd801b70d85085dd480e1207a4a4b7ef179dac495a9befb16afe5adf7cb6f6d734882e6e96f587d38bfc080341dc8d5428a5fe3498b9d5faa497f60646bcb1155d2342f6b26381795daeb261d4ab1415f35c6c8ac9c8e90ea34823122df25c6ddae365cc66d92fc2fe2941f60895e00233b2e5968b01e2811c8c6f7a0a229f1c301a72715bd5c35234c1be81ef7d5cc2779e146314d3783a7aa72d87a8f107654b93cb66e3648c26fc9e4a2f0378fa178c586d096092f6a80e2e03708da72d6e4d7316c2384a522459a4ad369c82d192f6f695b0d90fcc47c6f86b8bbc6f2f4ea303aa64f5ce8b8710da62482147bcc29c8238116549256a7a011fd9c78bbb8c40e278740dc156c2cc99c3591fec2918cdeb5240fb428 +AD: 5a32d7044f003b2ffefffe5896933f4d8d64909fa03e321a1bdf063099b9f89752d72e877291d8da12340c5dd570d7d42984ffab5177824fc5483b4faf488504e6822e371dca9af541c6a97312b9cbf341b4198b0902cd2985ac10a8b5b5fe9691bb29a88344f863c980e4e871a72a8b74f92eef68c176e9d2ef037898ff567298e186af52ec62eb7429a8004ac46b945678b82859396d36d388ec3d67653aec35cf1da2684bbc6c78a5f9e3ce1b355af3b207f64e0fa73501c5d48a14638d0906c87eaa876debcf1a532c1475d80ed3d4b96458d2236eb9f67988863bc6d5c16b96b93d898683d248d7bc601b5035fc365481b89465e37a8f7dd64635e19a0282639cecde72c6b1638e0aa6e56f9c00d031cdadc59ce37e +CT: aeab9db30a579ca54195e54a9e6c787f40100c6d12ceee35643f36ae45f618cc9bb66aa4c0fae0ec2686cb4101a5b23a46877460c7e020b38b0d8d1f533ecfa99df03d346bc854a578276d7d5685ad1fb03655683a64aae4159c9efa6781f053057e0811226c7c533967a94587f4025353b28cc3a2ce5763783b4c31e7818b8ad9195bc03be8f294f9f6ceac578f9d30b22b1f5a68d647d46cf6db4a9c3a8a5c06fa97c9efb4578f501ea96db1f40942e3f24c44a7e4070a6b931c39947d9692930b67767357015de51a39e46fff94b6019e4bc1ad9d216a571ba0dc88859c49d2c487ca657384e49b4d382d86a60c8d5195320909c4e82fc077a3b22bd4eccf0f067e66ec78eed642b2d16f0f304f60f1d9ba69e205c982 +TAG: 17ca09e3084504fc22e914ee28312c8e147fe99bba0f606c57242314 diff --git a/crypto/fipsmodule/cipher/e_aes.c b/crypto/fipsmodule/cipher/e_aes.c index 6d9b40db9f..6df2b7b1ce 100644 --- a/crypto/fipsmodule/cipher/e_aes.c +++ b/crypto/fipsmodule/cipher/e_aes.c @@ -933,21 +933,19 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, static void aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx) {} -static int aead_aes_gcm_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out, - uint8_t *out_tag, size_t *out_tag_len, - size_t max_out_tag_len, - const uint8_t *nonce, size_t nonce_len, - const uint8_t *in, size_t in_len, - const uint8_t *extra_in, - size_t extra_in_len, - const uint8_t *ad, size_t ad_len) { - struct aead_aes_gcm_ctx *gcm_ctx = (struct aead_aes_gcm_ctx *) &ctx->state; - - if (extra_in_len + ctx->tag_len < ctx->tag_len) { +static int aead_aes_gcm_seal_scatter_impl( + const struct aead_aes_gcm_ctx *gcm_ctx, + uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len, + const uint8_t *nonce, size_t nonce_len, + const uint8_t *in, size_t in_len, + const uint8_t *extra_in, size_t extra_in_len, + const uint8_t *ad, size_t ad_len, + size_t tag_len) { + if (extra_in_len + tag_len < tag_len) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } - if (max_out_tag_len < extra_in_len + ctx->tag_len) { + if (max_out_tag_len < extra_in_len + tag_len) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } @@ -991,18 +989,35 @@ static int aead_aes_gcm_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out, } } - CRYPTO_gcm128_tag(&gcm, out_tag + extra_in_len, ctx->tag_len); - *out_tag_len = ctx->tag_len + extra_in_len; + CRYPTO_gcm128_tag(&gcm, out_tag + extra_in_len, tag_len); + *out_tag_len = tag_len + extra_in_len; return 1; } -static int aead_aes_gcm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out, - const uint8_t *nonce, size_t nonce_len, - const uint8_t *in, size_t in_len, - const uint8_t *in_tag, size_t in_tag_len, - const uint8_t *ad, size_t ad_len) { - struct aead_aes_gcm_ctx *gcm_ctx = (struct aead_aes_gcm_ctx *) &ctx->state; +static int aead_aes_gcm_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out, + uint8_t *out_tag, size_t *out_tag_len, + size_t max_out_tag_len, + const uint8_t *nonce, size_t nonce_len, + const uint8_t *in, size_t in_len, + const uint8_t *extra_in, + size_t extra_in_len, + const uint8_t *ad, size_t ad_len) { + const struct aead_aes_gcm_ctx *gcm_ctx = + (const struct aead_aes_gcm_ctx *)&ctx->state; + return aead_aes_gcm_seal_scatter_impl( + gcm_ctx, out, out_tag, out_tag_len, max_out_tag_len, nonce, nonce_len, in, + in_len, extra_in, extra_in_len, ad, ad_len, ctx->tag_len); +} + +static int aead_aes_gcm_open_gather_impl(const struct aead_aes_gcm_ctx *gcm_ctx, + uint8_t *out, + const uint8_t *nonce, size_t nonce_len, + const uint8_t *in, size_t in_len, + const uint8_t *in_tag, + size_t in_tag_len, + const uint8_t *ad, size_t ad_len, + size_t tag_len) { uint8_t tag[EVP_AEAD_AES_GCM_TAG_LEN]; if (nonce_len == 0) { @@ -1010,7 +1025,7 @@ static int aead_aes_gcm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out, return 0; } - if (in_tag_len != ctx->tag_len) { + if (in_tag_len != tag_len) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } @@ -1037,8 +1052,8 @@ static int aead_aes_gcm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out, } } - CRYPTO_gcm128_tag(&gcm, tag, ctx->tag_len); - if (CRYPTO_memcmp(tag, in_tag, ctx->tag_len) != 0) { + CRYPTO_gcm128_tag(&gcm, tag, tag_len); + if (CRYPTO_memcmp(tag, in_tag, tag_len) != 0) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } @@ -1046,6 +1061,17 @@ static int aead_aes_gcm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out, return 1; } +static int aead_aes_gcm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out, + const uint8_t *nonce, size_t nonce_len, + const uint8_t *in, size_t in_len, + const uint8_t *in_tag, size_t in_tag_len, + const uint8_t *ad, size_t ad_len) { + struct aead_aes_gcm_ctx *gcm_ctx = (struct aead_aes_gcm_ctx *)&ctx->state; + return aead_aes_gcm_open_gather_impl(gcm_ctx, out, nonce, nonce_len, in, + in_len, in_tag, in_tag_len, ad, ad_len, + ctx->tag_len); +} + DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm) { memset(out, 0, sizeof(EVP_AEAD)); @@ -1091,6 +1117,116 @@ DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm) { out->open_gather = aead_aes_gcm_open_gather; } +static int aead_aes_gcm_init_randnonce(EVP_AEAD_CTX *ctx, const uint8_t *key, + size_t key_len, + size_t requested_tag_len) { + if (requested_tag_len != EVP_AEAD_DEFAULT_TAG_LENGTH) { + if (requested_tag_len < AES_GCM_NONCE_LENGTH) { + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + return 0; + } + requested_tag_len -= AES_GCM_NONCE_LENGTH; + } + + if (!aead_aes_gcm_init(ctx, key, key_len, requested_tag_len)) { + return 0; + } + + ctx->tag_len += AES_GCM_NONCE_LENGTH; + return 1; +} + +static int aead_aes_gcm_seal_scatter_randnonce( + const EVP_AEAD_CTX *ctx, + uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len, + const uint8_t *external_nonce, size_t external_nonce_len, + const uint8_t *in, size_t in_len, + const uint8_t *extra_in, size_t extra_in_len, + const uint8_t *ad, size_t ad_len) { + if (external_nonce_len != 0) { + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE); + return 0; + } + + uint8_t nonce[AES_GCM_NONCE_LENGTH]; + if (max_out_tag_len < sizeof(nonce)) { + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + return 0; + } + + RAND_bytes(nonce, sizeof(nonce)); + const struct aead_aes_gcm_ctx *gcm_ctx = + (const struct aead_aes_gcm_ctx *)&ctx->state; + if (!aead_aes_gcm_seal_scatter_impl(gcm_ctx, out, out_tag, out_tag_len, + max_out_tag_len - AES_GCM_NONCE_LENGTH, + nonce, sizeof(nonce), in, in_len, + extra_in, extra_in_len, ad, ad_len, + ctx->tag_len - AES_GCM_NONCE_LENGTH)) { + return 0; + } + + assert(*out_tag_len + sizeof(nonce) <= max_out_tag_len); + memcpy(out_tag + *out_tag_len, nonce, sizeof(nonce)); + *out_tag_len += sizeof(nonce); + + return 1; +} + +static int aead_aes_gcm_open_gather_randnonce( + const EVP_AEAD_CTX *ctx, uint8_t *out, + const uint8_t *external_nonce, size_t external_nonce_len, + const uint8_t *in, size_t in_len, + const uint8_t *in_tag, size_t in_tag_len, + const uint8_t *ad, size_t ad_len) { + if (external_nonce_len != 0) { + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE); + return 0; + } + + if (in_tag_len < AES_GCM_NONCE_LENGTH) { + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + return 0; + } + const uint8_t *nonce = in_tag + in_tag_len - AES_GCM_NONCE_LENGTH; + + const struct aead_aes_gcm_ctx *gcm_ctx = + (const struct aead_aes_gcm_ctx *)&ctx->state; + return aead_aes_gcm_open_gather_impl( + gcm_ctx, out, nonce, AES_GCM_NONCE_LENGTH, in, in_len, in_tag, + in_tag_len - AES_GCM_NONCE_LENGTH, ad, ad_len, + ctx->tag_len - AES_GCM_NONCE_LENGTH); +} + +DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm_randnonce) { + memset(out, 0, sizeof(EVP_AEAD)); + + out->key_len = 16; + out->nonce_len = 0; + out->overhead = EVP_AEAD_AES_GCM_TAG_LEN + AES_GCM_NONCE_LENGTH; + out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN + AES_GCM_NONCE_LENGTH; + out->seal_scatter_supports_extra_in = 1; + + out->init = aead_aes_gcm_init_randnonce; + out->cleanup = aead_aes_gcm_cleanup; + out->seal_scatter = aead_aes_gcm_seal_scatter_randnonce; + out->open_gather = aead_aes_gcm_open_gather_randnonce; +} + +DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm_randnonce) { + memset(out, 0, sizeof(EVP_AEAD)); + + out->key_len = 32; + out->nonce_len = 0; + out->overhead = EVP_AEAD_AES_GCM_TAG_LEN + AES_GCM_NONCE_LENGTH; + out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN + AES_GCM_NONCE_LENGTH; + out->seal_scatter_supports_extra_in = 1; + + out->init = aead_aes_gcm_init_randnonce; + out->cleanup = aead_aes_gcm_cleanup; + out->seal_scatter = aead_aes_gcm_seal_scatter_randnonce; + out->open_gather = aead_aes_gcm_open_gather_randnonce; +} + struct aead_aes_gcm_tls12_ctx { struct aead_aes_gcm_ctx gcm_ctx; uint64_t min_next_nonce; diff --git a/include/openssl/aead.h b/include/openssl/aead.h index 6d78db27d2..3bc74e79c3 100644 --- a/include/openssl/aead.h +++ b/include/openssl/aead.h @@ -146,6 +146,30 @@ OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_siv(void); // https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-02 OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void); +// EVP_aead_aes_128_gcm_randnonce is AES-128 in Galois Counter Mode with +// internal nonce generation. The 12-byte nonce is appended to the tag +// and is generated internally. The "tag", for the purpurses of the API, is thus +// 12 bytes larger. The nonce parameter when using this AEAD must be +// zero-length. Since the nonce is random, a single key should not be used for +// more than 2^32 seal operations. +// +// Warning: this is for use for FIPS compliance only. It is probably not +// suitable for other uses. Using standard AES-GCM AEADs allows one to achieve +// the same effect, but gives more control over nonce storage. +OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_randnonce(void); + +// EVP_aead_aes_256_gcm_randnonce is AES-256 in Galois Counter Mode with +// internal nonce generation. The 12-byte nonce is appended to the tag +// and is generated internally. The "tag", for the purpurses of the API, is thus +// 12 bytes larger. The nonce parameter when using this AEAD must be +// zero-length. Since the nonce is random, a single key should not be used for +// more than 2^32 seal operations. +// +// Warning: this is for use for FIPS compliance only. It is probably not +// suitable for other uses. Using standard AES-GCM AEADs allows one to achieve +// the same effect, but gives more control over nonce storage. +OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_randnonce(void); + // EVP_aead_aes_128_ccm_bluetooth is AES-128-CCM with M=4 and L=2 (4-byte tags // and 13-byte nonces), as decribed in the Bluetooth Core Specification v5.0, // Volume 6, Part E, Section 1. diff --git a/sources.cmake b/sources.cmake index 7daa7e2188..d7b527bdf8 100644 --- a/sources.cmake +++ b/sources.cmake @@ -12,6 +12,7 @@ set( crypto/cipher_extra/test/aes_128_ccm_bluetooth_tests.txt crypto/cipher_extra/test/aes_128_ccm_bluetooth_8_tests.txt crypto/cipher_extra/test/aes_128_ctr_hmac_sha256.txt + crypto/cipher_extra/test/aes_128_gcm_randnonce_tests.txt crypto/cipher_extra/test/aes_128_gcm_siv_tests.txt crypto/cipher_extra/test/aes_128_gcm_tests.txt crypto/cipher_extra/test/aes_192_gcm_tests.txt @@ -20,6 +21,7 @@ set( crypto/cipher_extra/test/aes_256_cbc_sha256_tls_tests.txt crypto/cipher_extra/test/aes_256_cbc_sha384_tls_tests.txt crypto/cipher_extra/test/aes_256_ctr_hmac_sha256.txt + crypto/cipher_extra/test/aes_256_gcm_randnonce_tests.txt crypto/cipher_extra/test/aes_256_gcm_siv_tests.txt crypto/cipher_extra/test/aes_256_gcm_tests.txt crypto/cipher_extra/test/chacha20_poly1305_tests.txt From 7c4a3f7d3e2a5bcccb942f51bd004479da66c351 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Fri, 23 Oct 2020 14:25:17 -0700 Subject: [PATCH 171/399] Add ECDSA verify KAT to FIPS self-tests. Change-Id: Ib67cd8c10df837687da7864a3f65456b2611d0f9 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43687 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- crypto/fipsmodule/self_check/self_check.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/crypto/fipsmodule/self_check/self_check.c b/crypto/fipsmodule/self_check/self_check.c index 4b954b77d4..91ec8cad0c 100644 --- a/crypto/fipsmodule/self_check/self_check.c +++ b/crypto/fipsmodule/self_check/self_check.c @@ -611,7 +611,7 @@ int boringssl_fips_self_test( goto err; } - // ECDSA Sign/Verify PWCT + // ECDSA Sign/Verify KAT // The 'k' value for ECDSA is fixed to avoid an entropy draw. ec_key->fixed_k = BN_new(); @@ -632,7 +632,13 @@ int boringssl_fips_self_test( !BN_bn2bin(sig->s, ecdsa_s_bytes) || !check_test(kECDSASigR, ecdsa_r_bytes, sizeof(kECDSASigR), "ECDSA R") || !check_test(kECDSASigS, ecdsa_s_bytes, sizeof(kECDSASigS), "ECDSA S")) { - fprintf(stderr, "ECDSA KAT failed.\n"); + fprintf(stderr, "ECDSA signature KAT failed.\n"); + goto err; + } + + if (!ECDSA_do_verify(kPlaintextSHA256, sizeof(kPlaintextSHA256), sig, + ec_key)) { + fprintf(stderr, "ECDSA verification KAT failed.\n"); goto err; } From 73b69308acd6257f4056bd2f1e91e9cf6b259a26 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 19 Oct 2020 22:05:49 -0400 Subject: [PATCH 172/399] Rework vs_toolchain.py and vs_env.py. Chromium's VS toolchains now maintain JSON files with the expected environment, so we don't need to pull in gyp to figure out the batch file to run. This drops a long obsolete dependency and will make it possible to handle other VS architectures. (gyp internally only handled x86 and x64.) Also trim away the logic in vs_toolchain.py to account for non-depot_tools toolchains. Unlike Chromium, we don't use these scripts outside of CI/CQ. Change-Id: I2c9fddac52eef7b4895731d78c637fdcf9c85033 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43504 Reviewed-by: Adam Langley --- .gitignore | 1 - util/bot/DEPS | 3 -- util/bot/vs_env.py | 13 +---- util/bot/vs_toolchain.py | 113 +++++++++++++++++---------------------- 4 files changed, 51 insertions(+), 79 deletions(-) diff --git a/.gitignore b/.gitignore index 8ce23d1ca0..83a64740d4 100644 --- a/.gitignore +++ b/.gitignore @@ -17,7 +17,6 @@ util/bot/cmake-mac.tar.gz util/bot/cmake-win32 util/bot/cmake-win32.zip util/bot/golang -util/bot/gyp util/bot/libcxx util/bot/libcxxabi util/bot/llvm-build diff --git a/util/bot/DEPS b/util/bot/DEPS index 8fe7b35971..8544fe9c3a 100644 --- a/util/bot/DEPS +++ b/util/bot/DEPS @@ -40,9 +40,6 @@ deps = { 'dep_type': 'cipd', }, - 'boringssl/util/bot/gyp': - Var('chromium_git') + '/external/gyp.git' + '@' + 'd61a9397e668fa9843c4aa7da9e79460fe590bfb', - 'boringssl/util/bot/libFuzzer': { 'url': Var('chromium_git') + '/chromium/llvm-project/compiler-rt/lib/fuzzer.git' +'@' + 'debe7d2d1982e540fbd6bd78604bf001753f9e74', 'condition': 'checkout_fuzzer', diff --git a/util/bot/vs_env.py b/util/bot/vs_env.py index 184750063f..13217caddc 100644 --- a/util/bot/vs_env.py +++ b/util/bot/vs_env.py @@ -16,8 +16,6 @@ import sys import vs_toolchain -# vs_toolchain adds gyp to sys.path. -import gyp.MSVSVersion if len(sys.argv) < 2: print >>sys.stderr, "Usage: vs_env.py TARGET_ARCH CMD..." @@ -26,12 +24,5 @@ target_arch = sys.argv[1] cmd = sys.argv[2:] -vs_toolchain.SetEnvironmentAndGetRuntimeDllDirs() -vs_version = gyp.MSVSVersion.SelectVisualStudioVersion() - -# Using shell=True is somewhat ugly, but the alternative is to pull in a copy -# of the Chromium GN build's setup_toolchain.py which runs the setup script, -# then 'set', and then parses the environment variables out. (GYP internally -# does the same thing.) -sys.exit(subprocess.call(vs_version.SetupScript(target_arch) + ["&&"] + cmd, - shell=True)) +vs_toolchain.SetEnvironmentForCPU(target_arch) +sys.exit(subprocess.call(cmd)) diff --git a/util/bot/vs_toolchain.py b/util/bot/vs_toolchain.py index eb3e04973d..6e94df3517 100644 --- a/util/bot/vs_toolchain.py +++ b/util/bot/vs_toolchain.py @@ -4,65 +4,54 @@ import json import os -import pipes -import shutil +import os.path import subprocess import sys script_dir = os.path.dirname(os.path.realpath(__file__)) -sys.path.insert(0, os.path.join(script_dir, 'gyp', 'pylib')) json_data_file = os.path.join(script_dir, 'win_toolchain.json') -import gyp - - # Use MSVS2015 as the default toolchain. CURRENT_DEFAULT_TOOLCHAIN_VERSION = '2015' -def SetEnvironmentAndGetRuntimeDllDirs(): - """Sets up os.environ to use the depot_tools VS toolchain with gyp, and - returns the location of the VS runtime DLLs so they can be copied into - the output directory after gyp generation. - """ - vs_runtime_dll_dirs = None - depot_tools_win_toolchain = \ - bool(int(os.environ.get('DEPOT_TOOLS_WIN_TOOLCHAIN', '1'))) - if sys.platform in ('win32', 'cygwin') and depot_tools_win_toolchain: - if not os.path.exists(json_data_file): - Update() - with open(json_data_file, 'r') as tempf: - toolchain_data = json.load(tempf) - - toolchain = toolchain_data['path'] - version = toolchain_data['version'] - win_sdk = toolchain_data.get('win_sdk') - if not win_sdk: - win_sdk = toolchain_data['win8sdk'] - wdk = toolchain_data['wdk'] - # TODO(scottmg): The order unfortunately matters in these. They should be - # split into separate keys for x86 and x64. (See CopyVsRuntimeDlls call - # below). http://crbug.com/345992 - vs_runtime_dll_dirs = toolchain_data['runtime_dirs'] - - os.environ['GYP_MSVS_OVERRIDE_PATH'] = toolchain - os.environ['GYP_MSVS_VERSION'] = version - # We need to make sure windows_sdk_path is set to the automated - # toolchain values in GYP_DEFINES, but don't want to override any - # otheroptions.express - # values there. - gyp_defines_dict = gyp.NameValueListToDict(gyp.ShlexEnv('GYP_DEFINES')) - gyp_defines_dict['windows_sdk_path'] = win_sdk - os.environ['GYP_DEFINES'] = ' '.join('%s=%s' % (k, pipes.quote(str(v))) - for k, v in gyp_defines_dict.iteritems()) - os.environ['WINDOWSSDKDIR'] = win_sdk - os.environ['WDK_DIR'] = wdk - # Include the VS runtime in the PATH in case it's not machine-installed. - runtime_path = ';'.join(vs_runtime_dll_dirs) - os.environ['PATH'] = runtime_path + ';' + os.environ['PATH'] - return vs_runtime_dll_dirs +def SetEnvironmentForCPU(cpu): + """Sets the environment to build with the selected toolchain for |cpu|.""" + with open(json_data_file, 'r') as tempf: + toolchain_data = json.load(tempf) + sdk_dir = toolchain_data['win_sdk'] + os.environ['WINDOWSSDKDIR'] = sdk_dir + os.environ['WDK_DIR'] = toolchain_data['wdk'] + # Include the VS runtime in the PATH in case it's not machine-installed. + vs_runtime_dll_dirs = toolchain_data['runtime_dirs'] + runtime_path = os.pathsep.join(vs_runtime_dll_dirs) + os.environ['PATH'] = runtime_path + os.pathsep + os.environ['PATH'] + + # Set up the architecture-specific environment from the SetEnv files. See + # _LoadToolchainEnv() from setup_toolchain.py in Chromium. + assert cpu in ('x86', 'x64', 'arm', 'arm64') + with open(os.path.join(sdk_dir, 'bin', 'SetEnv.%s.json' % cpu)) as f: + env = json.load(f)['env'] + if env['VSINSTALLDIR'] == [["..", "..\\"]]: + # Old-style paths were relative to the win_sdk\bin directory. + json_relative_dir = os.path.join(sdk_dir, 'bin') + else: + # New-style paths are relative to the toolchain directory, which is the + # parent of the SDK directory. + json_relative_dir = os.path.split(sdk_dir)[0] + for k in env: + entries = [os.path.join(*([json_relative_dir] + e)) for e in env[k]] + # clang-cl wants INCLUDE to be ;-separated even on non-Windows, + # lld-link wants LIB to be ;-separated even on non-Windows. Path gets :. + sep = os.pathsep if k == 'PATH' else ';' + env[k] = sep.join(entries) + # PATH is a bit of a special case, it's in addition to the current PATH. + env['PATH'] = env['PATH'] + os.pathsep + os.environ['PATH'] + + for k, v in env.items(): + os.environ[k] = v def FindDepotTools(): @@ -76,6 +65,8 @@ def FindDepotTools(): def GetVisualStudioVersion(): """Return GYP_MSVS_VERSION of Visual Studio. """ + # TODO(davidben): Replace this with a command-line argument. The depot_tools + # script no longer needs this environment variable. return os.environ.get('GYP_MSVS_VERSION', CURRENT_DEFAULT_TOOLCHAIN_VERSION) @@ -97,24 +88,18 @@ def _GetDesiredVsToolchainHashes(): def Update(): """Requests an update of the toolchain to the specific hashes we have at this revision. The update outputs a .json of the various configuration - information required to pass to gyp which we use in |GetToolchainDir()|. + information required to pass to vs_env.py which we use in + |SetEnvironmentForCPU()|. """ - depot_tools_win_toolchain = \ - bool(int(os.environ.get('DEPOT_TOOLS_WIN_TOOLCHAIN', '1'))) - if sys.platform in ('win32', 'cygwin') and depot_tools_win_toolchain: - depot_tools_path = FindDepotTools() - # Necessary so that get_toolchain_if_necessary.py will put the VS toolkit - # in the correct directory. - os.environ['GYP_MSVS_VERSION'] = GetVisualStudioVersion() - get_toolchain_args = [ - sys.executable, - os.path.join(depot_tools_path, - 'win_toolchain', - 'get_toolchain_if_necessary.py'), - '--output-json', json_data_file, - ] + _GetDesiredVsToolchainHashes() - subprocess.check_call(get_toolchain_args) - + depot_tools_path = FindDepotTools() + get_toolchain_args = [ + sys.executable, + os.path.join(depot_tools_path, + 'win_toolchain', + 'get_toolchain_if_necessary.py'), + '--output-json', json_data_file, + ] + _GetDesiredVsToolchainHashes() + subprocess.check_call(get_toolchain_args) return 0 From 5709ccbd7d068e65b3050db347cbb54035d15fe4 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 19 Oct 2020 22:19:21 -0400 Subject: [PATCH 173/399] Update Go on the bots. Change-Id: Id49fb3e73e6ada87feaa621c555924efbaf672f2 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43505 Reviewed-by: Adam Langley --- util/bot/go/bootstrap.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/bot/go/bootstrap.py b/util/bot/go/bootstrap.py index 06ab4c835e..c58504cd93 100755 --- a/util/bot/go/bootstrap.py +++ b/util/bot/go/bootstrap.py @@ -45,7 +45,7 @@ EXE_SFX = '.exe' if sys.platform == 'win32' else '' # Pinned version of Go toolset to download. -TOOLSET_VERSION = 'go1.14.1' +TOOLSET_VERSION = 'go1.15.3' # Platform dependent portion of a download URL. See http://golang.org/dl/. TOOLSET_VARIANTS = { From f18638cca14d0b02617785e848a5afaa2715f71a Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 2 Nov 2020 16:24:47 -0500 Subject: [PATCH 174/399] Remove ASN1_STRING_length_set prototype. This was removed in https://boringssl-review.googlesource.com/c/boringssl/+/42724 but I missed the prototype. Change-Id: I345f0e9ea114c35cbf35d2b97b228bfa1ba9e188 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43764 Reviewed-by: Adam Langley --- include/openssl/asn1.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index d50879f9b7..0cffd571f2 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -646,7 +646,6 @@ OPENSSL_EXPORT int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) OPENSSL_EXPORT int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); OPENSSL_EXPORT void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); OPENSSL_EXPORT int ASN1_STRING_length(const ASN1_STRING *x); -OPENSSL_EXPORT void ASN1_STRING_length_set(ASN1_STRING *x, int n); OPENSSL_EXPORT int ASN1_STRING_type(const ASN1_STRING *x); OPENSSL_EXPORT unsigned char * ASN1_STRING_data(ASN1_STRING *x); OPENSSL_EXPORT const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); From 6dcce800371dd5f3cb35a16a18b99fcfadf213ab Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 2 Nov 2020 18:16:14 -0500 Subject: [PATCH 175/399] Add functions for manipulating X.509 TBS structures. When generating a signature with some external signing process, the caller needs to fill in the TBSCertificate (including the signature algorithms), serialize the TBSCertificate, and then fill in the signature. We have i2d_re_X509_tbs (originally from CT I believe), but there are no setters for the signature algorithms or the signature. Add X509_set1_signature_algo, which mirrors upstream's X509_REQ_set1_signature_algo, and X509_set1_signature_value, which is new. Upstream has X509_REQ_set0_signature, but that requires the caller manually assemble an ASN1_BIT_STRING. Taking the byte string seems less error-prone. Additionally, add i2d_X509_tbs and i2d_X509_CRL_tbs, for the non-"re" variants of those APIs. Conscrypt needs to extract the TBS portion of a certificate and a CRL, to implement X509Certificate.getTBSCertificate() and X509CRL.getTBSCertList(). There, the aim is to get the data to verify on an existing immutable certificate. OpenSSL has avoided exporting the X509_CINF type, which I think is correct, so instead this mirrors i2d_re_X509_tbs. (This does mean mirroring the confusing i2d calling convention though.) These new functions should unblock getting rid of a bunch of direct struct accesses. Later on, we should reorganize this header into immutable APIs for verification and mutable APIs for generation. Even though we're stuck the mistake of a common type for both use cases, I think splitting up them up will let us rationalize the caches in the X509 objects a bit. Change-Id: I96e6ab5cee3608e07b2ed7465c449a72ca10a393 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43784 Commit-Queue: Adam Langley Reviewed-by: Adam Langley --- crypto/x509/x509_test.cc | 98 +++++++++++++++++++++++++++++++++++++++- crypto/x509/x509cset.c | 9 +++- crypto/x509/x_x509.c | 41 +++++++++++++++-- include/openssl/x509.h | 76 ++++++++++++++++++++++++++++++- 4 files changed, 216 insertions(+), 8 deletions(-) diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index b170b76a72..7c0eeaced3 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -1510,6 +1510,18 @@ TEST(X509Test, TestX25519) { Bytes(public_value, public_value_size)); } +static bssl::UniquePtr ReencodeCertificate(X509 *cert) { + uint8_t *der = nullptr; + int len = i2d_X509(cert, &der); + bssl::UniquePtr free_der(der); + if (len <= 0) { + return nullptr; + } + + const uint8_t *inp = der; + return bssl::UniquePtr(d2i_X509(nullptr, &inp, len)); +} + static bool SignatureRoundTrips(EVP_MD_CTX *md_ctx, EVP_PKEY *pkey) { // Make a certificate like signed with |md_ctx|'s settings.' bssl::UniquePtr cert(CertFromPEM(kLeafPEM)); @@ -1519,7 +1531,14 @@ static bool SignatureRoundTrips(EVP_MD_CTX *md_ctx, EVP_PKEY *pkey) { // Ensure that |pkey| may still be used to verify the resulting signature. All // settings in |md_ctx| must have been serialized appropriately. - return !!X509_verify(cert.get(), pkey); + if (!X509_verify(cert.get(), pkey)) { + return false; + } + + // Re-encode the certificate. X509 objects contain a cached TBSCertificate + // encoding and |X509_sign_ctx| should have refreshed that cache. + bssl::UniquePtr copy = ReencodeCertificate(cert.get()); + return copy && X509_verify(copy.get(), pkey); } TEST(X509Test, RSASign) { @@ -1541,6 +1560,83 @@ TEST(X509Test, RSASign) { ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get())); } +// Test the APIs for manually signing a certificate. +TEST(X509Test, RSASignManual) { + const int kSignatureNID = NID_sha384WithRSAEncryption; + const EVP_MD *kSignatureHash = EVP_sha384(); + + bssl::UniquePtr pkey(PrivateKeyFromPEM(kRSAKey)); + ASSERT_TRUE(pkey); + bssl::UniquePtr algor(X509_ALGOR_new()); + ASSERT_TRUE(algor); + ASSERT_TRUE(X509_ALGOR_set0(algor.get(), OBJ_nid2obj(kSignatureNID), + V_ASN1_NULL, nullptr)); + + // Test certificates made both from other certificates and |X509_new|, in case + // there are bugs in filling in fields from different states. (Parsed + // certificate contain a TBSCertificate cache, and |X509_new| initializes + // fields based on complex ASN.1 template logic.) + for (bool new_cert : {true, false}) { + SCOPED_TRACE(new_cert); + + bssl::UniquePtr cert; + if (new_cert) { + cert.reset(X509_new()); + // Fill in some fields for the certificate arbitrarily. + EXPECT_TRUE(X509_set_version(cert.get(), 2 /* X.509v3 */)); + EXPECT_TRUE(ASN1_INTEGER_set(X509_get_serialNumber(cert.get()), 1)); + EXPECT_TRUE(X509_gmtime_adj(X509_getm_notBefore(cert.get()), 0)); + EXPECT_TRUE( + X509_gmtime_adj(X509_getm_notAfter(cert.get()), 60 * 60 * 24)); + X509_NAME *subject = X509_get_subject_name(cert.get()); + X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC, + reinterpret_cast("Test"), -1, + -1, 0); + EXPECT_TRUE(X509_set_issuer_name(cert.get(), subject)); + EXPECT_TRUE(X509_set_pubkey(cert.get(), pkey.get())); + } else { + // Extract fields from a parsed certificate. + cert = CertFromPEM(kLeafPEM); + ASSERT_TRUE(cert); + + // We should test with a different algorithm from what is already in the + // certificate. + EXPECT_NE(kSignatureNID, X509_get_signature_nid(cert.get())); + } + + // Fill in the signature algorithm. + ASSERT_TRUE(X509_set1_signature_algo(cert.get(), algor.get())); + + // Extract the TBSCertificiate. + uint8_t *tbs_cert = nullptr; + int tbs_cert_len = i2d_re_X509_tbs(cert.get(), &tbs_cert); + bssl::UniquePtr free_tbs_cert(tbs_cert); + ASSERT_GT(tbs_cert_len, 0); + + // Generate a signature externally and fill it in. + bssl::ScopedEVP_MD_CTX md_ctx; + ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash, + nullptr, pkey.get())); + size_t sig_len; + ASSERT_TRUE(EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs_cert, + tbs_cert_len)); + std::vector sig(sig_len); + ASSERT_TRUE(EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs_cert, + tbs_cert_len)); + sig.resize(sig_len); + ASSERT_TRUE(X509_set1_signature_value(cert.get(), sig.data(), sig.size())); + + // Check the signature. + EXPECT_TRUE(X509_verify(cert.get(), pkey.get())); + + // Re-encode the certificate. X509 objects contain a cached TBSCertificate + // encoding and |i2d_re_X509_tbs| should have refreshed that cache. + bssl::UniquePtr copy = ReencodeCertificate(cert.get()); + ASSERT_TRUE(copy); + EXPECT_TRUE(X509_verify(copy.get(), pkey.get())); + } +} + TEST(X509Test, Ed25519Sign) { uint8_t pub_bytes[32], priv_bytes[64]; ED25519_keypair(pub_bytes, priv_bytes); diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index b07ff27318..a5cb3a3d6e 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -239,8 +239,13 @@ const STACK_OF(X509_EXTENSION) * return r->extensions; } -int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) +int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp) { crl->crl->enc.modified = 1; - return i2d_X509_CRL_INFO(crl->crl, pp); + return i2d_X509_CRL_INFO(crl->crl, outp); +} + +int i2d_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp) +{ + return i2d_X509_CRL_INFO(crl->crl, outp); } diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index ab246515e9..397230cd58 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -337,10 +337,45 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp) return length; } -int i2d_re_X509_tbs(X509 *x, unsigned char **pp) +int i2d_re_X509_tbs(X509 *x509, unsigned char **outp) { - x->cert_info->enc.modified = 1; - return i2d_X509_CINF(x->cert_info, pp); + x509->cert_info->enc.modified = 1; + return i2d_X509_CINF(x509->cert_info, outp); +} + +int i2d_X509_tbs(X509 *x509, unsigned char **outp) +{ + return i2d_X509_CINF(x509->cert_info, outp); +} + +int X509_set1_signature_algo(X509 *x509, const X509_ALGOR *algo) +{ + /* TODO(davidben): Const-correct generated ASN.1 dup functions. + * Alternatively, when the types are hidden and we can embed required fields + * directly in structs, import |X509_ALGOR_copy| from upstream. */ + X509_ALGOR *copy1 = X509_ALGOR_dup((X509_ALGOR *)algo); + X509_ALGOR *copy2 = X509_ALGOR_dup((X509_ALGOR *)algo); + if (copy1 == NULL || copy2 == NULL) { + X509_ALGOR_free(copy1); + X509_ALGOR_free(copy2); + return 0; + } + + X509_ALGOR_free(x509->sig_alg); + x509->sig_alg = copy1; + X509_ALGOR_free(x509->cert_info->signature); + x509->cert_info->signature = copy2; + return 1; +} + +int X509_set1_signature_value(X509 *x509, const uint8_t *sig, size_t sig_len) +{ + if (!ASN1_STRING_set(x509->signature, sig, sig_len)) { + return 0; + } + x509->signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + x509->signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; + return 1; } void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 38a42197ca..580c591a57 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -899,7 +899,51 @@ OPENSSL_EXPORT int i2d_X509_AUX(X509 *a, unsigned char **pp); OPENSSL_EXPORT X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); -OPENSSL_EXPORT int i2d_re_X509_tbs(X509 *x, unsigned char **pp); +// i2d_re_X509_tbs serializes the TBSCertificate portion of |x509|. If |outp| is +// NULL, nothing is written. Otherwise, if |*outp| is not NULL, the result is +// written to |*outp|, which must have enough space available, and |*outp| is +// advanced just past the output. If |outp| is non-NULL and |*outp| is NULL, it +// sets |*outp| to a newly-allocated buffer containing the result. The caller is +// responsible for releasing the buffer with |OPENSSL_free|. In all cases, this +// function returns the number of bytes in the result, whether written or not, +// or a negative value on error. +// +// This function re-encodes the TBSCertificate and may not reflect |x509|'s +// original encoding. It may be used to manually generate a signature for a new +// certificate. To verify certificates, use |i2d_X509_tbs| instead. +OPENSSL_EXPORT int i2d_re_X509_tbs(X509 *x509, unsigned char **outp); + +// i2d_X509_tbs serializes the TBSCertificate portion of |x509|. If |outp| is +// NULL, nothing is written. Otherwise, if |*outp| is not NULL, the result is +// written to |*outp|, which must have enough space available, and |*outp| is +// advanced just past the output. If |outp| is non-NULL and |*outp| is NULL, it +// sets |*outp| to a newly-allocated buffer containing the result. The caller is +// responsible for releasing the buffer with |OPENSSL_free|. In all cases, this +// function returns the number of bytes in the result, whether written or not, +// or a negative value on error. +// +// This function preserves the original encoding of the TBSCertificate and may +// not reflect modifications made to |x509|. It may be used to manually verify +// the signature of an existing certificate. To generate certificates, use +// |i2d_re_X509_tbs| instead. +OPENSSL_EXPORT int i2d_X509_tbs(X509 *x509, unsigned char **outp); + +// X509_set1_signature_algo sets |x509|'s signature algorithm to |algo| and +// returns one on success or zero on error. It updates both the signature field +// of the TBSCertificate structure, and the signatureAlgorithm field of the +// Certificate. +OPENSSL_EXPORT int X509_set1_signature_algo(X509 *x509, const X509_ALGOR *algo); + +// X509_set1_signature_value sets |x509|'s signature to a copy of the |sig_len| +// bytes pointed by |sig|. It returns one on success and zero on error. +// +// Due to a specification error, X.509 certificates store signatures in ASN.1 +// BIT STRINGs, but signature algorithms return byte strings rather than bit +// strings. This function creates a BIT STRING containing a whole number of +// bytes, with the bit order matching the DER encoding. This matches the +// encoding used by all X.509 signature algorithms. +OPENSSL_EXPORT int X509_set1_signature_value(X509 *x509, const uint8_t *sig, + size_t sig_len); OPENSSL_EXPORT void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); @@ -1020,7 +1064,35 @@ OPENSSL_EXPORT void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg); OPENSSL_EXPORT int X509_CRL_get_signature_nid(const X509_CRL *crl); -OPENSSL_EXPORT int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); + +// i2d_re_X509_CRL_tbs serializes the TBSCertList portion of |crl|. If |outp| is +// NULL, nothing is written. Otherwise, if |*outp| is not NULL, the result is +// written to |*outp|, which must have enough space available, and |*outp| is +// advanced just past the output. If |outp| is non-NULL and |*outp| is NULL, it +// sets |*outp| to a newly-allocated buffer containing the result. The caller is +// responsible for releasing the buffer with |OPENSSL_free|. In all cases, this +// function returns the number of bytes in the result, whether written or not, +// or a negative value on error. +// +// This function re-encodes the TBSCertList and may not reflect |crl|'s original +// encoding. It may be used to manually generate a signature for a new CRL. To +// verify CRLs, use |i2d_X509_CRL_tbs| instead. +OPENSSL_EXPORT int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp); + +// i2d_X509_CRL_tbs serializes the TBSCertList portion of |crl|. If |outp| is +// NULL, nothing is written. Otherwise, if |*outp| is not NULL, the result is +// written to |*outp|, which must have enough space available, and |*outp| is +// advanced just past the output. If |outp| is non-NULL and |*outp| is NULL, it +// sets |*outp| to a newly-allocated buffer containing the result. The caller is +// responsible for releasing the buffer with |OPENSSL_free|. In all cases, this +// function returns the number of bytes in the result, whether written or not, +// or a negative value on error. +// +// This function preserves the original encoding of the TBSCertList and may not +// reflect modifications made to |crl|. It may be used to manually verify the +// signature of an existing CRL. To generate CRLs, use |i2d_re_X509_CRL_tbs| +// instead. +OPENSSL_EXPORT int i2d_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp); OPENSSL_EXPORT const ASN1_INTEGER *X509_REVOKED_get0_serialNumber( const X509_REVOKED *x); From aec1b62b07a4465c3b6747a09ad69c614bc5766b Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 4 Nov 2020 10:09:00 -0800 Subject: [PATCH 176/399] runner: add -skip In order to skip groups of tests in the cross-version testing (like ALPS-*), it's useful to be able to match them by pattern. Change-Id: Ic7e40c04a33b4bcbb08494fa04deb5e862f09d8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43864 Commit-Queue: Adam Langley Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- ssl/test/runner/runner.go | 48 +++++++++++++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 9 deletions(-) diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index bb30e03b0a..631756f0c7 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -59,7 +59,8 @@ var ( mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.") jsonOutput = flag.String("json-output", "", "The file to output JSON results to.") pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.") - testToRun = flag.String("test", "", "The pattern to filter tests to run, or empty to run all tests") + testToRun = flag.String("test", "", "Semicolon-separated patterns of tests to run, or empty to run all tests") + skipTest = flag.String("skip", "", "Semicolon-separated patterns of tests to skip") numWorkersFlag = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.") shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.") handshakerPath = flag.String("handshaker-path", "../../../build/ssl/test/handshaker", "The location of the handshaker binary.") @@ -16286,6 +16287,31 @@ func statusPrinter(doneChan chan *testresult.Results, statusChan chan statusMsg, doneChan <- testOutput } +func match(oneOfPatternIfAny []string, noneOfPattern []string, candidate string) (matched bool, err error) { + matched = len(oneOfPatternIfAny) == 0 + + var didMatch bool + for _, pattern := range oneOfPatternIfAny { + didMatch, err = filepath.Match(pattern, candidate) + if err != nil { + return false, err + } + + matched = didMatch || matched + } + + for _, pattern := range noneOfPattern { + didMatch, err = filepath.Match(pattern, candidate) + if err != nil { + return false, err + } + + matched = !didMatch && matched + } + + return matched, nil +} + func main() { flag.Parse() *resourceDir = path.Clean(*resourceDir) @@ -16367,16 +16393,20 @@ func main() { go worker(statusChan, testChan, *shimPath, &wg) } + var oneOfPatternIfAny, noneOfPattern []string + if len(*testToRun) > 0 { + oneOfPatternIfAny = strings.Split(*testToRun, ";") + } + if len(*skipTest) > 0 { + noneOfPattern = strings.Split(*skipTest, ";") + } + var foundTest bool for i := range testCases { - matched := true - if len(*testToRun) != 0 { - var err error - matched, err = filepath.Match(*testToRun, testCases[i].name) - if err != nil { - fmt.Fprintf(os.Stderr, "Error matching pattern: %s\n", err) - os.Exit(1) - } + matched, err := match(oneOfPatternIfAny, noneOfPattern, testCases[i].name) + if err != nil { + fmt.Fprintf(os.Stderr, "Error matching pattern: %s\n", err) + os.Exit(1) } if !*includeDisabled { From d83dcf58c0e28f1837aaeb55ddc2c54c9a1a20ac Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 4 Nov 2020 11:02:37 -0800 Subject: [PATCH 177/399] runner: explicitly signal error from handshaker. When the handshaker fails to parse a config it currently exits. This causes the two pipes to signal EOF to the shim, but the control channel is a datagram socket in order to be atomic, thus doesn't signal an error. In the shim, EOF on the wfd pipe causes a short loop and thus a hang forever. Catching the EOF and returning an error doesn't work because some tests will close the pipe but still return information over the control channel. We can start a timeout once wfd is closed, but that seems like it might be flakey. Thus this change makes the handshaker send an explicit error over the control channel. It doesn't catch crashes, but it will catch config errors, which are much more common in cross-version tests. Change-Id: I4b1afed17694c57e4713d1b0fa4e9ecb12f09ec5 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43865 Reviewed-by: David Benjamin --- ssl/test/handshaker.cc | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/ssl/test/handshaker.cc b/ssl/test/handshaker.cc index a6bf6432f4..72d6b2fdec 100644 --- a/ssl/test/handshaker.cc +++ b/ssl/test/handshaker.cc @@ -127,13 +127,21 @@ ssize_t write_eintr(int fd, const void *in, size_t len) { return ret; } +int SignalError() { + const char msg = kControlMsgError; + if (write_eintr(kFdControl, &msg, 1) != 1) { + return 2; + } + return 1; +} + } // namespace int main(int argc, char **argv) { TestConfig initial_config, resume_config, retry_config; if (!ParseConfig(argc - 1, argv + 1, &initial_config, &resume_config, &retry_config)) { - return 2; + return SignalError(); } const TestConfig *config = initial_config.handshaker_resume ? &resume_config : &initial_config; @@ -160,11 +168,7 @@ int main(int argc, char **argv) { Span handoff(buf.get(), len); if (!Handshaker(config, kFdProxyToHandshaker, kFdHandshakerToProxy, handoff, kFdControl)) { - char msg = kControlMsgError; - if (write_eintr(kFdControl, &msg, 1) != 1) { - return 3; - } - return 1; + return SignalError(); } return 0; } From 8591d539b5d7d3605e78750ffbe256de00f47f46 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 3 Nov 2020 13:49:28 -0500 Subject: [PATCH 178/399] Document the X509V3_get_d2i family of functions. These are a bit of a mess. Callers almost never handle the error correctly. Change-Id: I85ea6d4c03cca685f0be579459efb66fea996c9b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43804 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/x509/x509_ext.c | 17 ++++++----- crypto/x509v3/v3_lib.c | 61 ++++++++++++++++------------------------ include/openssl/x509.h | 33 ++++++++++++++++++---- include/openssl/x509v3.h | 48 ++++++++++++++++++++++++++++--- 4 files changed, 107 insertions(+), 52 deletions(-) diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c index a8f0ab684e..f6da54a4fe 100644 --- a/crypto/x509/x509_ext.c +++ b/crypto/x509/x509_ext.c @@ -93,9 +93,10 @@ X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) return (X509v3_delete_ext(x->crl->extensions, loc)); } -void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx) +void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *out_critical, + int *out_idx) { - return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); + return X509V3_get_d2i(crl->crl->extensions, nid, out_critical, out_idx); } int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, @@ -145,9 +146,11 @@ int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL); } -void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx) +void *X509_get_ext_d2i(const X509 *x509, int nid, int *out_critical, + int *out_idx) { - return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); + return X509V3_get_d2i(x509->cert_info->extensions, nid, out_critical, + out_idx); } int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, @@ -194,10 +197,10 @@ int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL); } -void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, - int *idx) +void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *revoked, int nid, + int *out_critical, int *out_idx) { - return X509V3_get_d2i(x->extensions, nid, crit, idx); + return X509V3_get_d2i(revoked->extensions, nid, out_critical, out_idx); } int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index d5eda3dd3c..d89733fdae 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -122,7 +122,7 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) return sk_X509V3_EXT_METHOD_value(ext_list, idx); } -const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) +const X509V3_EXT_METHOD *X509V3_EXT_get(const X509_EXTENSION *ext) { int nid; if ((nid = OBJ_obj2nid(ext->object)) == NID_undef) @@ -203,7 +203,7 @@ int X509V3_add_standard_extensions(void) /* Return an extension internal structure */ -void *X509V3_EXT_d2i(X509_EXTENSION *ext) +void *X509V3_EXT_d2i(const X509_EXTENSION *ext) { const X509V3_EXT_METHOD *method; const unsigned char *p; @@ -217,49 +217,38 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) return method->d2i(NULL, &p, ext->value->length); } -/* - * Get critical flag and decoded version of extension from a NID. The "idx" - * variable returns the last found extension and can be used to retrieve - * multiple extensions of the same NID. However multiple extensions with the - * same NID is usually due to a badly encoded certificate so if idx is NULL - * we choke if multiple extensions exist. The "crit" variable is set to the - * critical value. The return value is the decoded extension or NULL on - * error. The actual error can have several different causes, the value of - * *crit reflects the cause: >= 0, extension found but not decoded (reflects - * critical value). -1 extension not found. -2 extension occurs more than - * once. - */ - -void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, - int *idx) +void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *extensions, int nid, + int *out_critical, int *out_idx) { int lastpos; size_t i; X509_EXTENSION *ex, *found_ex = NULL; - if (!x) { - if (idx) - *idx = -1; - if (crit) - *crit = -1; + if (!extensions) { + if (out_idx) + *out_idx = -1; + if (out_critical) + *out_critical = -1; return NULL; } - if (idx) - lastpos = *idx + 1; + if (out_idx) + lastpos = *out_idx + 1; else lastpos = 0; if (lastpos < 0) lastpos = 0; - for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) { - ex = sk_X509_EXTENSION_value(x, i); + for (i = lastpos; i < sk_X509_EXTENSION_num(extensions); i++) { + ex = sk_X509_EXTENSION_value(extensions, i); if (OBJ_obj2nid(ex->object) == nid) { - if (idx) { - *idx = i; + if (out_idx) { + /* TODO(https://crbug.com/boringssl/379): Consistently reject + * duplicate extensions. */ + *out_idx = i; found_ex = ex; break; } else if (found_ex) { /* Found more than one */ - if (crit) - *crit = -2; + if (out_critical) + *out_critical = -2; return NULL; } found_ex = ex; @@ -267,16 +256,16 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, } if (found_ex) { /* Found it */ - if (crit) - *crit = X509_EXTENSION_get_critical(found_ex); + if (out_critical) + *out_critical = X509_EXTENSION_get_critical(found_ex); return X509V3_EXT_d2i(found_ex); } /* Extension not found */ - if (idx) - *idx = -1; - if (crit) - *crit = -1; + if (out_idx) + *out_idx = -1; + if (out_critical) + *out_critical = -1; return NULL; } diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 580c591a57..aa32f0fd03 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1238,7 +1238,15 @@ OPENSSL_EXPORT int X509_get_ext_by_critical(const X509 *x, int crit, OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(const X509 *x, int loc); OPENSSL_EXPORT X509_EXTENSION *X509_delete_ext(X509 *x, int loc); OPENSSL_EXPORT int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); -OPENSSL_EXPORT void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); + +// X509_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the extension in +// |x509|'s extension list. +// +// WARNING: This function is difficult to use correctly. See the documentation +// for |X509V3_get_d2i| for details. +OPENSSL_EXPORT void *X509_get_ext_d2i(const X509 *x509, int nid, + int *out_critical, int *out_idx); + OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, unsigned long flags); @@ -1251,8 +1259,15 @@ OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); OPENSSL_EXPORT X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); OPENSSL_EXPORT int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); -OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, - int *idx); + +// X509_CRL_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the +// extension in |crl|'s extension list. +// +// WARNING: This function is difficult to use correctly. See the documentation +// for |X509V3_get_d2i| for details. +OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, + int *out_critical, int *out_idx); + OPENSSL_EXPORT int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, unsigned long flags); @@ -1270,8 +1285,16 @@ OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); -OPENSSL_EXPORT void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, - int *crit, int *idx); + +// X509_REVOKED_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the +// extension in |revoked|'s extension list. +// +// WARNING: This function is difficult to use correctly. See the documentation +// for |X509V3_get_d2i| for details. +OPENSSL_EXPORT void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *revoked, + int nid, int *out_critical, + int *out_idx); + OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, unsigned long flags); diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 0a4e776cfc..14d5e95399 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -633,13 +633,53 @@ OPENSSL_EXPORT int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); OPENSSL_EXPORT int X509V3_EXT_add_alias(int nid_to, int nid_from); OPENSSL_EXPORT void X509V3_EXT_cleanup(void); -OPENSSL_EXPORT const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +OPENSSL_EXPORT const X509V3_EXT_METHOD *X509V3_EXT_get( + const X509_EXTENSION *ext); OPENSSL_EXPORT const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); OPENSSL_EXPORT int X509V3_add_standard_extensions(void); OPENSSL_EXPORT STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); -OPENSSL_EXPORT void *X509V3_EXT_d2i(X509_EXTENSION *ext); -OPENSSL_EXPORT void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, - int *crit, int *idx); + +// X509V3_EXT_d2i decodes |ext| and returns a pointer to a newly-allocated +// structure, with type dependent on the type of the extension. It returns NULL +// if |ext| is an unsupported extension or if there was a syntax error in the +// extension. The caller should cast the return value to the expected type and +// free the structure when done. +// +// WARNING: Casting the return value to the wrong type is a potentially +// exploitable memory error, so callers must not use this function before +// checking |ext| is of a known type. +OPENSSL_EXPORT void *X509V3_EXT_d2i(const X509_EXTENSION *ext); + +// X509V3_get_d2i finds and decodes the extension in |extensions| of type |nid|. +// If found, it decodes it and returns a newly-allocated structure, with type +// dependent on |nid|. If the extension is not found or on error, it returns +// NULL. The caller may distinguish these cases using the |out_critical| value. +// +// If |out_critical| is not NULL, this function sets |*out_critical| to one if +// the extension is found and critical, zero if it is found and not critical, -1 +// if it is not found, and -2 if there is an invalid duplicate extension. Note +// this function may set |*out_critical| to one or zero and still return NULL if +// the extension is found but has a syntax error. +// +// If |out_idx| is not NULL, this function looks for the first occurrence of the +// extension after |*out_idx|. It then sets |*out_idx| to the index of the +// extension, or -1 if not found. If |out_idx| is non-NULL, duplicate extensions +// are not treated as an error. Callers, however, should not rely on this +// behavior as it may be removed in the future. Duplicate extensions are +// forbidden in RFC5280. +// +// WARNING: This function is difficult to use correctly. Callers should pass a +// non-NULL |out_critical| and check both the return value and |*out_critical| +// to handle errors. If the return value is NULL and |*out_critical| is not -1, +// there was an error. Otherwise, the function succeeded and but may return NULL +// for a missing extension. Callers should pass NULL to |out_idx| so that +// duplicate extensions are handled correctly. +// +// Additionally, casting the return value to the wrong type is a potentially +// exploitable memory error, so callers must ensure the cast and |nid| match. +OPENSSL_EXPORT void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *extensions, + int nid, int *out_critical, int *out_idx); + OPENSSL_EXPORT int X509V3_EXT_free(int nid, void *ext_data); From 17e530c43c70967c31b511329aa26220866ffe46 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 3 Nov 2020 16:37:25 -0500 Subject: [PATCH 179/399] Fix x509_rsa_ctx_to_pss when saltlen is md_size. x509_rsa_ctx_to_pss returns an error when trying to make an X509_ALGOR for an arbitrary RSA-PSS salt length. This dates to the initial commit and isn't in OpenSSL, so I imagine this was an attempt to ratchet down on RSA-PSS parameter proliferation. If the caller explicitly passes in md_size, rather than using the -1 convenience value, we currently fail. Allow those too and add an error to the error queue so it is easier to diagnose. Change-Id: Ia738142e48930ef5a916cad5326f15f64d766ba5 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43824 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/x509/rsa_pss.c | 6 +++++- crypto/x509/x509_test.cc | 16 ++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/crypto/x509/rsa_pss.c b/crypto/x509/rsa_pss.c index 9230934303..39637b9aee 100644 --- a/crypto/x509/rsa_pss.c +++ b/crypto/x509/rsa_pss.c @@ -199,11 +199,15 @@ int x509_rsa_ctx_to_pss(EVP_MD_CTX *ctx, X509_ALGOR *algor) { if (saltlen == -1) { saltlen = EVP_MD_size(sigmd); } else if (saltlen == -2) { + // TODO(davidben): Forbid this mode. The world has largely standardized on + // salt length matching hash length. saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) { saltlen--; } - } else { + } else if (saltlen != (int)EVP_MD_size(sigmd)) { + // We only allow salt length matching hash length and, for now, the -2 case. + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); return 0; } diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index 7c0eeaced3..56d800cbc2 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -1558,6 +1558,22 @@ TEST(X509Test, RSASign) { ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING)); ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, EVP_sha512())); ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get())); + + // RSA-PSS with salt length matching hash length should work when passing in + // -1 or the value explicitly. + md_ctx.Reset(); + ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL, + pkey.get())); + ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING)); + ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1)); + ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get())); + + md_ctx.Reset(); + ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL, + pkey.get())); + ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING)); + ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, 32)); + ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get())); } // Test the APIs for manually signing a certificate. From 1607f54fed72c6589d560254626909a64124f091 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 3 Nov 2020 15:34:57 -0800 Subject: [PATCH 180/399] acvp: move inner MCT loops into subprocess. The ACVP MCT tests involve a double loop where the inner loop iterates 1000 (AES) or 10000 (3DES) times. This change moves that inner loop into the subprocess. This significantly reduces the amount of IPC traffic at the cost of making the subprocesses more complex. The traffic volume is unimportant when talking over a local pipe, but it's significant when channels like serial links are used. Change-Id: Ia9d51335f06b743791f7885d366c8fd2f0f7eaf6 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43844 Commit-Queue: Adam Langley Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- .../acvp/acvptool/subprocess/block.go | 110 ++++----- .../acvp/acvptool/subprocess/subprocess.go | 10 +- .../acvp/modulewrapper/modulewrapper.cc | 208 +++++++++++++++--- 3 files changed, 216 insertions(+), 112 deletions(-) diff --git a/util/fipstools/acvp/acvptool/subprocess/block.go b/util/fipstools/acvp/acvptool/subprocess/block.go index 3b468c8698..376547305c 100644 --- a/util/fipstools/acvp/acvptool/subprocess/block.go +++ b/util/fipstools/acvp/acvptool/subprocess/block.go @@ -60,24 +60,20 @@ func iterateAES(transact func(n int, args ...[]byte) ([][]byte, error), encrypt iteration.CiphertextHex = hex.EncodeToString(input) } - var result, prevResult []byte - for j := 0; j < 1000; j++ { - prevResult = input - result, err := transact(1, key, input) - if err != nil { - panic("block operation failed") - } - input = result[0] + results, err := transact(2, key, input, uint32le(1000)) + if err != nil { + panic(err) } - result = input + input = results[0] + prevResult := results[1] if encrypt { - iteration.CiphertextHex = hex.EncodeToString(result) + iteration.CiphertextHex = hex.EncodeToString(input) } else { - iteration.PlaintextHex = hex.EncodeToString(result) + iteration.PlaintextHex = hex.EncodeToString(input) } - aesKeyShuffle(key, result, prevResult) + aesKeyShuffle(key, input, prevResult) mctResults = append(mctResults, iteration) } @@ -96,34 +92,16 @@ func iterateAESCBC(transact func(n int, args ...[]byte) ([][]byte, error), encry iteration.CiphertextHex = hex.EncodeToString(input) } - var result, prevResult []byte iteration.IVHex = hex.EncodeToString(iv) - var prevInput []byte - for j := 0; j < 1000; j++ { - prevResult = result - if j > 0 { - if encrypt { - iv = result - } else { - iv = prevInput - } - } - - results, err := transact(1, key, input, iv) - if err != nil { - panic("block operation failed") - } - result = results[0] - - prevInput = input - if j == 0 { - input = iv - } else { - input = prevResult - } + results, err := transact(2, key, input, iv, uint32le(1000)) + if err != nil { + panic("block operation failed") } + result := results[0] + prevResult := results[1] + if encrypt { iteration.CiphertextHex = hex.EncodeToString(result) } else { @@ -178,17 +156,13 @@ func iterate3DES(transact func(n int, args ...[]byte) ([][]byte, error), encrypt iteration.CiphertextHex = hex.EncodeToString(input) } - var result, prevResult, prevPrevResult []byte - for j := 0; j < 10000; j++ { - prevPrevResult = prevResult - prevResult = input - result, err := transact(1, key, input) - if err != nil { - panic("block operation failed") - } - input = result[0] + results, err := transact(3, key, input, uint32le(10000)) + if err != nil { + panic("block operation failed") } - result = input + result := results[0] + prevResult := results[1] + prevPrevResult := results[2] if encrypt { iteration.CiphertextHex = hex.EncodeToString(result) @@ -198,6 +172,7 @@ func iterate3DES(transact func(n int, args ...[]byte) ([][]byte, error), encrypt keyShuffle3DES(key, result, prevResult, prevPrevResult) mctResults = append(mctResults, iteration) + input = result } return mctResults @@ -220,29 +195,15 @@ func iterate3DESCBC(transact func(n int, args ...[]byte) ([][]byte, error), encr } iteration.IVHex = hex.EncodeToString(iv) - var result, prevResult, prevPrevResult []byte - for j := 0; j < 10000; j++ { - prevPrevResult = prevResult - prevResult = result - results, err := transact(1, key, input, iv) - if err != nil { - panic("block operation failed") - } - result = results[0] - - if encrypt { - if j == 0 { - input = iv - } else { - input = prevResult - } - iv = result - } else { - iv = input - input = result - } + results, err := transact(3, key, input, iv, uint32le(10000)) + if err != nil { + panic("block operation failed") } + result := results[0] + prevResult := results[1] + prevPrevResult := results[2] + if encrypt { iteration.CiphertextHex = hex.EncodeToString(result) } else { @@ -254,6 +215,9 @@ func iterate3DESCBC(transact func(n int, args ...[]byte) ([][]byte, error), encr if encrypt { input = prevResult iv = result + } else { + iv = prevResult + input = result } mctResults = append(mctResults, iteration) @@ -265,8 +229,12 @@ func iterate3DESCBC(transact func(n int, args ...[]byte) ([][]byte, error), encr // blockCipher implements an ACVP algorithm by making requests to the subprocess // to encrypt and decrypt with a block cipher. type blockCipher struct { - algo string - blockSize int + algo string + blockSize int + // numResults is the number of values returned by the wrapper. The one-shot + // tests always take the first value as the result, but the mctFunc may use + // them all. + numResults int inputsAreBlockMultiples bool hasIV bool mctFunc func(transact func(n int, args ...[]byte) ([][]byte, error), encrypt bool, key, input, iv []byte) (result []blockCipherMCTResult) @@ -423,9 +391,9 @@ func (b *blockCipher) Process(vectorSet []byte, m Transactable) (interface{}, er var err error if b.hasIV { - result, err = m.Transact(op, 1, key, input, iv) + result, err = m.Transact(op, b.numResults, key, input, iv, uint32le(1)) } else { - result, err = m.Transact(op, 1, key, input) + result, err = m.Transact(op, b.numResults, key, input, uint32le(1)) } if err != nil { panic("block operation failed: " + err.Error()) diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index 6f450d420c..84b54b14cf 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -76,11 +76,11 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess "SHA2-256": &hashPrimitive{"SHA2-256", 32}, "SHA2-384": &hashPrimitive{"SHA2-384", 48}, "SHA2-512": &hashPrimitive{"SHA2-512", 64}, - "ACVP-AES-ECB": &blockCipher{"AES", 16, true, false, iterateAES}, - "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, true, true, iterateAESCBC}, - "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, false, true, nil}, - "ACVP-TDES-ECB": &blockCipher{"3DES-ECB", 8, true, false, iterate3DES}, - "ACVP-TDES-CBC": &blockCipher{"3DES-CBC", 8, true, true, iterate3DESCBC}, + "ACVP-AES-ECB": &blockCipher{"AES", 16, 2, true, false, iterateAES}, + "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, 2, true, true, iterateAESCBC}, + "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, 1, false, true, nil}, + "ACVP-TDES-ECB": &blockCipher{"3DES-ECB", 8, 3, true, false, iterate3DES}, + "ACVP-TDES-CBC": &blockCipher{"3DES-CBC", 8, 3, true, true, iterate3DESCBC}, "ACVP-AES-GCM": &aead{"AES-GCM", false}, "ACVP-AES-CCM": &aead{"AES-CCM", true}, "ACVP-AES-KW": &aead{"AES-KW", false}, diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index 8043497096..b1e1dd77c5 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -711,6 +711,27 @@ static bool Hash(const Span args[]) { return WriteReply(STDOUT_FILENO, Span(digest)); } +static uint32_t GetIterations(const Span iterations_bytes) { + uint32_t iterations; + if (iterations_bytes.size() != sizeof(iterations)) { + fprintf(stderr, + "Expected %u-byte input for number of iterations, but found %u " + "bytes.\n", + static_cast(sizeof(iterations)), + static_cast(iterations_bytes.size())); + abort(); + } + + memcpy(&iterations, iterations_bytes.data(), sizeof(iterations)); + if (iterations == 0 || iterations == UINT32_MAX) { + fprintf(stderr, "Invalid number of iterations: %x.\n", + static_cast(iterations)); + abort(); + } + + return iterations; +} + template static bool AES(const Span args[]) { @@ -721,13 +742,22 @@ static bool AES(const Span args[]) { if (args[1].size() % AES_BLOCK_SIZE != 0) { return false; } + std::vector result(args[1].begin(), args[1].end()); + const uint32_t iterations = GetIterations(args[2]); - std::vector out; - out.resize(args[1].size()); - for (size_t i = 0; i < args[1].size(); i += AES_BLOCK_SIZE) { - Block(args[1].data() + i, &out[i], &key); + std::vector prev_result; + for (uint32_t j = 0; j < iterations; j++) { + if (j == iterations - 1) { + prev_result = result; + } + + for (size_t i = 0; i < args[1].size(); i += AES_BLOCK_SIZE) { + Block(result.data() + i, result.data() + i, &key); + } } - return WriteReply(STDOUT_FILENO, Span(out)); + + return WriteReply(STDOUT_FILENO, Span(result), + Span(prev_result)); } template args[]) { if (SetKey(args[0].data(), args[0].size() * 8, &key) != 0) { return false; } - if (args[1].size() % AES_BLOCK_SIZE != 0 || + if (args[1].size() % AES_BLOCK_SIZE != 0 || args[1].empty() || args[2].size() != AES_BLOCK_SIZE) { return false; } - uint8_t iv[AES_BLOCK_SIZE]; - memcpy(iv, args[2].data(), AES_BLOCK_SIZE); + std::vector input(args[1].begin(), args[1].end()); + std::vector iv(args[2].begin(), args[2].end()); + const uint32_t iterations = GetIterations(args[3]); - std::vector out; - out.resize(args[1].size()); - AES_cbc_encrypt(args[1].data(), out.data(), args[1].size(), &key, iv, - Direction); - return WriteReply(STDOUT_FILENO, Span(out)); + std::vector result(input.size()); + std::vector prev_result, prev_input; + + for (uint32_t j = 0; j < iterations; j++) { + prev_result = result; + if (j > 0) { + if (Direction == AES_ENCRYPT) { + iv = result; + } else { + iv = prev_input; + } + } + + // AES_cbc_encrypt will mutate the given IV, but we need it later. + uint8_t iv_copy[AES_BLOCK_SIZE]; + memcpy(iv_copy, iv.data(), sizeof(iv_copy)); + AES_cbc_encrypt(input.data(), result.data(), input.size(), &key, iv_copy, + Direction); + + if (Direction == AES_DECRYPT) { + prev_input = input; + } + + if (j == 0) { + input = iv; + } else { + input = prev_result; + } + } + + return WriteReply(STDOUT_FILENO, Span(result), + Span(prev_result)); } static bool AES_CTR(const Span args[]) { @@ -761,6 +819,10 @@ static bool AES_CTR(const Span args[]) { } uint8_t iv[AES_BLOCK_SIZE]; memcpy(iv, args[2].data(), AES_BLOCK_SIZE); + if (GetIterations(args[3]) != 1) { + fprintf(stderr, "Multiple iterations of AES-CTR is not supported.\n"); + return false; + } std::vector out; out.resize(args[1].size()); @@ -1018,42 +1080,116 @@ static bool AESPaddedKeyWrapOpen(const Span args[]) { Span(out)); } -template +template static bool TDES(const Span args[]) { - const EVP_CIPHER *cipher = cipher_func(); + const EVP_CIPHER *cipher = EVP_des_ede3(); if (args[0].size() != 24) { fprintf(stderr, "Bad key length %u for 3DES.\n", static_cast(args[0].size())); return false; } + bssl::ScopedEVP_CIPHER_CTX ctx; + if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, args[0].data(), nullptr, + Encrypt ? 1 : 0) || + !EVP_CIPHER_CTX_set_padding(ctx.get(), 0)) { + return false; + } + if (args[1].size() % 8) { fprintf(stderr, "Bad input length %u for 3DES.\n", static_cast(args[1].size())); return false; } - if (HasIV && args[2].size() != EVP_CIPHER_iv_length(cipher)) { + std::vector result(args[1].begin(), args[1].end()); + + const uint32_t iterations = GetIterations(args[2]); + std::vector prev_result, prev_prev_result; + + for (uint32_t j = 0; j < iterations; j++) { + if (j == iterations - 1) { + prev_result = result; + } else if (iterations >= 2 && j == iterations - 2) { + prev_prev_result = result; + } + + int out_len; + if (!EVP_CipherUpdate(ctx.get(), result.data(), &out_len, result.data(), + result.size()) || + out_len != static_cast(result.size())) { + return false; + } + } + + return WriteReply(STDOUT_FILENO, Span(result), + Span(prev_result), + Span(prev_prev_result)); +} + +template +static bool TDES_CBC(const Span args[]) { + const EVP_CIPHER *cipher = EVP_des_ede3_cbc(); + + if (args[0].size() != 24) { + fprintf(stderr, "Bad key length %u for 3DES.\n", + static_cast(args[0].size())); + return false; + } + + if (args[1].size() % 8 || args[1].size() == 0) { + fprintf(stderr, "Bad input length %u for 3DES.\n", + static_cast(args[1].size())); + return false; + } + std::vector input(args[1].begin(), args[1].end()); + + if (args[2].size() != EVP_CIPHER_iv_length(cipher)) { fprintf(stderr, "Bad IV length %u for 3DES.\n", static_cast(args[2].size())); return false; } + std::vector iv(args[2].begin(), args[2].end()); + const uint32_t iterations = GetIterations(args[3]); - std::vector out; - out.resize(args[1].size()); - + std::vector result(input.size()); + std::vector prev_result, prev_prev_result; bssl::ScopedEVP_CIPHER_CTX ctx; - int out_len, out_len2; - if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, args[0].data(), - HasIV ? args[2].data() : nullptr, Encrypt ? 1 : 0) || - !EVP_CIPHER_CTX_set_padding(ctx.get(), 0) || - !EVP_CipherUpdate(ctx.get(), out.data(), &out_len, args[1].data(), - args[1].size()) || - !EVP_CipherFinal_ex(ctx.get(), out.data() + out_len, &out_len2) || - (out_len + out_len2) != static_cast(out.size())) { + if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, args[0].data(), iv.data(), + Encrypt ? 1 : 0) || + !EVP_CIPHER_CTX_set_padding(ctx.get(), 0)) { return false; } - return WriteReply(STDOUT_FILENO, Span(out)); + for (uint32_t j = 0; j < iterations; j++) { + prev_prev_result = prev_result; + prev_result = result; + + int out_len, out_len2; + if (!EVP_CipherInit_ex(ctx.get(), nullptr, nullptr, nullptr, iv.data(), + -1) || + !EVP_CipherUpdate(ctx.get(), result.data(), &out_len, input.data(), + input.size()) || + !EVP_CipherFinal_ex(ctx.get(), result.data() + out_len, &out_len2) || + (out_len + out_len2) != static_cast(result.size())) { + return false; + } + + if (Encrypt) { + if (j == 0) { + input = iv; + } else { + input = prev_result; + } + iv = result; + } else { + iv = input; + input = result; + } + } + + return WriteReply(STDOUT_FILENO, Span(result), + Span(prev_result), + Span(prev_prev_result)); } template @@ -1421,10 +1557,10 @@ static constexpr struct { {"SHA2-256", 1, Hash}, {"SHA2-384", 1, Hash}, {"SHA2-512", 1, Hash}, - {"AES/encrypt", 2, AES}, - {"AES/decrypt", 2, AES}, - {"AES-CBC/encrypt", 3, AES_CBC}, - {"AES-CBC/decrypt", 3, AES_CBC}, + {"AES/encrypt", 3, AES}, + {"AES/decrypt", 3, AES}, + {"AES-CBC/encrypt", 4, AES_CBC}, + {"AES-CBC/decrypt", 4, AES_CBC}, {"AES-CTR/encrypt", 3, AES_CTR}, {"AES-CTR/decrypt", 3, AES_CTR}, {"AES-GCM/seal", 5, AEADSeal}, @@ -1435,10 +1571,10 @@ static constexpr struct { {"AES-KWP/open", 5, AESPaddedKeyWrapOpen}, {"AES-CCM/seal", 5, AEADSeal}, {"AES-CCM/open", 5, AEADOpen}, - {"3DES-ECB/encrypt", 2, TDES}, - {"3DES-ECB/decrypt", 2, TDES}, - {"3DES-CBC/encrypt", 3, TDES}, - {"3DES-CBC/decrypt", 3, TDES}, + {"3DES-ECB/encrypt", 3, TDES}, + {"3DES-ECB/decrypt", 3, TDES}, + {"3DES-CBC/encrypt", 4, TDES_CBC}, + {"3DES-CBC/decrypt", 4, TDES_CBC}, {"HMAC-SHA-1", 2, HMAC}, {"HMAC-SHA2-224", 2, HMAC}, {"HMAC-SHA2-256", 2, HMAC}, From c462c91152d79d95e73a607ec521935989e2529b Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 5 Nov 2020 15:36:51 -0800 Subject: [PATCH 181/399] CI/CD: Add .coveralls.yml. Tell Coveralls to use travis-ci.com IDs. --- .coveralls.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 .coveralls.yml diff --git a/.coveralls.yml b/.coveralls.yml new file mode 100644 index 0000000000..cf27a37024 --- /dev/null +++ b/.coveralls.yml @@ -0,0 +1 @@ +service_name: travis-pro From 81ea97743c12585dd976acd87fe97cf40cc13f5d Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 3 Nov 2020 13:08:12 -0800 Subject: [PATCH 182/399] CI/CD: Split code coverage measurement into separate jobs. --- .travis.yml | 26 ++++++++++++++++++++++---- mk/travis.sh | 35 +++++++++++++++++------------------ mk/update-travis-yml.py | 25 +++++++++++-------------- 3 files changed, 50 insertions(+), 36 deletions(-) diff --git a/.travis.yml b/.travis.yml index 5570161db6..73777579a9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -312,6 +312,15 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty + - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + rust: nightly + os: linux + dist: focal + addons: + apt: + packages: + - clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly rust: nightly os: linux @@ -331,7 +340,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly + - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: linux dist: focal @@ -339,7 +348,6 @@ matrix: apt: packages: - clang-10 - - kcov - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly rust: nightly @@ -374,6 +382,17 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt + - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + rust: nightly + os: linux + dist: focal + addons: + apt: + packages: + - clang-10 + - gcc-multilib + - libc6-dev-i386 + - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly rust: nightly os: linux @@ -397,7 +416,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly + - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly rust: nightly os: linux dist: focal @@ -406,7 +425,6 @@ matrix: packages: - clang-10 - gcc-multilib - - kcov - libc6-dev-i386 - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly diff --git a/mk/travis.sh b/mk/travis.sh index 692a0967a8..e13c6f9b2c 100755 --- a/mk/travis.sh +++ b/mk/travis.sh @@ -73,6 +73,23 @@ else target_dir=target/$TARGET_X/debug fi +if [[ "$KCOV" == "1" ]]; then + # kcov reports coverage as a percentage of code *linked into the executable* + # (more accurately, code that has debug info linked into the executable), not + # as a percentage of source code. Any code that gets discarded by the linker + # due to lack of usage isn't counted at all. Thus, we have to link with + # "-C link-dead-code" to get accurate code coverage reports. + # + # panic=abort is used to get accurate coverage. See + # https://github.com/rust-lang/rust/issues/43410 and + # https://github.com/mozilla/grcov/issues/427#issuecomment-623995594 and + # https://github.com/rust-lang/rust/issues/55352. + CARGO_INCREMENTAL=0 + RUSTDOCFLAGS="-Cpanic=abort" + RUSTFLAGS="-Ccodegen-units=1 -Clink-dead-code -Coverflow-checks=on -Cpanic=abort -Zpanic_abort_tests -Zprofile" + run_tests_on_host= +fi + no_run= if [[ -z $run_tests_on_host ]]; then no_run=--no-run @@ -107,24 +124,6 @@ if false; then fi if [[ "$KCOV" == "1" ]]; then - # kcov reports coverage as a percentage of code *linked into the executable* - # (more accurately, code that has debug info linked into the executable), not - # as a percentage of source code. Thus, any code that gets discarded by the - # linker due to lack of usage isn't counted at all. Thus, we have to re-link - # with "-C link-dead-code" to get accurate code coverage reports. - # Alternatively, we could link pass "-C link-dead-code" in the "cargo test" - # step above, but then "cargo test" we wouldn't be testing the configuration - # we expect people to use in production. - # - # panic=abort is used to get accurate coverage. See - # https://github.com/rust-lang/rust/issues/43410 and - # https://github.com/mozilla/grcov/issues/427#issuecomment-623995594 and - # https://github.com/rust-lang/rust/issues/55352. - cargo clean - CARGO_INCREMENTAL=0 \ - RUSTDOCFLAGS="-Cpanic=abort" \ - RUSTFLAGS="-Ccodegen-units=1 -Clink-dead-code -Coverflow-checks=on -Cpanic=abort -Zpanic_abort_tests -Zprofile" \ - cargo test -vv --no-run -j2 ${mode-} ${FEATURES_X-} --target=$TARGET_X for test_exe in `find target/$TARGET_X/debug -maxdepth 1 -executable -type f`; do ${HOME}/kcov-${TARGET_X}/bin/kcov \ --verify \ diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index 3f3bb689c5..bd7d14fca8 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -63,14 +63,21 @@ ], } +def kcovs(target, rust, mode): + # DEBUG mode is needed because debug symbols are needed for coverage tracking. + # Nightly Rust is needed for `-Zpanic_abort_tests -Zprofile`. + kcov_targets = ["x86_64-unknown-linux-gnu", "i686-unknown-linux-gnu"] + return [False, True] if target in kcov_targets and rust == "nightly" and mode == "DEBUG" else [False] + def format_entries(): - return "\n".join([format_entry(os, target, compiler, rust, mode, features) + return "\n".join([format_entry(os, target, compiler, rust, mode, features, kcov) for rust in rusts for os in targets.keys() for (target, compilers) in targets[os] for compiler in compilers for mode in modes - for features in feature_sets]) + for features in feature_sets + for kcov in kcovs(target, rust, mode)]) # We use alternative names (the "_X" suffix) so that, in mk/travis.sh, we can # ensure that we set the specific variables we want and that no relevant @@ -90,22 +97,12 @@ def format_entries(): packages: %(packages)s""" -def format_entry(os, target, compiler, rust, mode, features): +def format_entry(os, target, compiler, rust, mode, features, kcov): target_words = target.split("-") arch = target_words[0] vendor = target_words[1] sys = target_words[2] - # Currently kcov only runs on Linux. - # - # GCC 7 was picked arbitrarily to restrict coverage report to one build for - # efficiency reasons. - # - # DEBUG mode is needed because debug symbols are needed for coverage - # tracking. - kcov = (os == "linux" and compiler == clang and rust == "nightly" and - mode == "DEBUG") - template = entry_template linux_dist = "focal" @@ -169,7 +166,7 @@ def prefix_all(prefix, xs): "compilers": " ".join(compilers), "features" : features, "mode" : mode, - "kcov": "1" if kcov == True else "0", + "kcov": "1" if kcov else "0", "packages" : "\n ".join(prefix_all("- ", packages)), "rust" : rust, "target" : target, From 67a1c39c9d9de1f61655ec084f3309a40f5efd97 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 4 Nov 2020 14:05:08 -0800 Subject: [PATCH 183/399] CI/CD: Automate the production of special-case build configurations too. --- .travis.yml | 83 ++++++++++++++++++++--------------------- mk/update-travis-yml.py | 31 ++++++++++----- 2 files changed, 61 insertions(+), 53 deletions(-) diff --git a/.travis.yml b/.travis.yml index 73777579a9..2fb161f1f2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,49 +10,6 @@ matrix: install: rustup component add rustfmt script: cargo fmt -- --check - # Verify that we build on Trusty, which has GCC 4.8 as the default GCC - # version. GCC 4.8 is the minimum version of GCC we support. - - - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable - rust: stable - dist: trusty - - - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable - rust: stable - dist: trusty - - - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable - rust: stable - os: linux - dist: trusty - addons: - apt: - packages: - - gcc-multilib - - libc6-dev-i386 - - # Verify that we build with GCC 9, the default compiler on Focal. - - - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable - rust: stable - os: linux - dist: focal - - - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable - rust: stable - os: linux - dist: focal - - - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - gcc-multilib - - libc6-dev-i386 - # The lines from "# BEGIN GENERATED" through "# END GENERATED" are # generated by running |python mk/update-travis-yml.py|. Any changes # made to those lines will be overwritten while other lines will be left @@ -652,6 +609,46 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt + - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + rust: stable + os: linux + dist: focal + + - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + rust: stable + os: linux + dist: trusty + + - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + rust: stable + os: linux + dist: focal + + - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + rust: stable + os: linux + dist: trusty + + - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + rust: stable + os: linux + dist: focal + addons: + apt: + packages: + - gcc-multilib + - libc6-dev-i386 + + - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + rust: stable + os: linux + dist: trusty + addons: + apt: + packages: + - gcc-multilib + - libc6-dev-i386 + # END GENERATED install: mk/install-build-tools.sh diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index bd7d14fca8..525e895740 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -70,14 +70,26 @@ def kcovs(target, rust, mode): return [False, True] if target in kcov_targets and rust == "nightly" and mode == "DEBUG" else [False] def format_entries(): - return "\n".join([format_entry(os, target, compiler, rust, mode, features, kcov) - for rust in rusts - for os in targets.keys() - for (target, compilers) in targets[os] - for compiler in compilers - for mode in modes - for features in feature_sets - for kcov in kcovs(target, rust, mode)]) + entries = [format_entry(os, "focal", target, compiler, rust, mode, features, kcov) + for rust in rusts + for os in targets.keys() + for (target, compilers) in targets[os] + for compiler in compilers + for mode in modes + for features in feature_sets + for kcov in kcovs(target, rust, mode)] + + # Verify that we build on Trusty, which has GCC 4.8 as the default GCC + # version. GCC 4.8 is the minimum version of GCC we support. Verify that we + # build with GCC 9, the default compiler on Focal. + special_dists = ["focal", "trusty"] + entries += [ format_entry("linux", dist, "x86_64-unknown-linux-gnu", "", "stable", mode, "", False) + for mode in modes + for dist in special_dists] + entries += [ format_entry("linux", dist, "i686-unknown-linux-gnu", "", "stable", "DEBUG", "", False) + for dist in special_dists] + + return "\n".join(entries) # We use alternative names (the "_X" suffix) so that, in mk/travis.sh, we can # ensure that we set the specific variables we want and that no relevant @@ -97,7 +109,7 @@ def format_entries(): packages: %(packages)s""" -def format_entry(os, target, compiler, rust, mode, features, kcov): +def format_entry(os, linux_dist, target, compiler, rust, mode, features, kcov): target_words = target.split("-") arch = target_words[0] vendor = target_words[1] @@ -105,7 +117,6 @@ def format_entry(os, target, compiler, rust, mode, features, kcov): template = entry_template - linux_dist = "focal" android_linux_dist = "trusty" if sys == "darwin": From a5dab4a9704479d5d1e20c2749732d5ccfa8b972 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 4 Nov 2020 12:40:13 -0800 Subject: [PATCH 184/399] CI/CD: Reorder environment variables in .travis.yml. Reorder the environment variables in .travis.yml in preparation for refactoring how they are produced. --- .travis.yml | 136 ++++++++++++++++++++-------------------- mk/update-travis-yml.py | 9 ++- 2 files changed, 74 insertions(+), 71 deletions(-) diff --git a/.travis.yml b/.travis.yml index 2fb161f1f2..5b865738d4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,27 +17,27 @@ matrix: # # BEGIN GENERATED - - env: TARGET_X=aarch64-apple-ios FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=aarch64-apple-ios RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 rust: stable os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-apple-ios FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + - env: TARGET_X=aarch64-apple-ios RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 rust: stable os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=x86_64-apple-darwin RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 rust: stable os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + - env: TARGET_X=x86_64-apple-darwin RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 rust: stable os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android CC_X=aarch64-linux-android21-clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=aarch64-linux-android21-clang rust: stable os: linux language: android @@ -47,7 +47,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=aarch64-linux-android CC_X=aarch64-linux-android21-clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=aarch64-linux-android21-clang rust: stable os: linux language: android @@ -57,7 +57,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=armv7-linux-androideabi CC_X=armv7a-linux-androideabi18-clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=armv7-linux-androideabi RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=armv7a-linux-androideabi18-clang rust: stable os: linux language: android @@ -68,7 +68,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=armv7-linux-androideabi CC_X=armv7a-linux-androideabi18-clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + - env: TARGET_X=armv7-linux-androideabi RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=armv7a-linux-androideabi18-clang rust: stable os: linux language: android @@ -79,7 +79,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 rust: stable os: linux dist: focal @@ -88,7 +88,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 rust: stable os: linux dist: focal @@ -97,7 +97,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 rust: stable os: linux dist: focal @@ -106,7 +106,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 rust: stable os: linux dist: focal @@ -115,7 +115,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=aarch64-linux-gnu-gcc rust: stable os: linux dist: focal @@ -127,7 +127,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=aarch64-linux-gnu-gcc rust: stable os: linux dist: focal @@ -139,7 +139,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 rust: stable os: linux dist: focal @@ -150,7 +150,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 rust: stable os: linux dist: focal @@ -161,7 +161,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=i686-unknown-linux-musl RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 rust: stable os: linux dist: focal @@ -172,7 +172,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + - env: TARGET_X=i686-unknown-linux-musl RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 rust: stable os: linux dist: focal @@ -183,7 +183,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=arm-unknown-linux-gnueabihf CC_X=arm-linux-gnueabihf-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=arm-linux-gnueabihf-gcc rust: stable os: linux dist: focal @@ -195,7 +195,7 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=arm-unknown-linux-gnueabihf CC_X=arm-linux-gnueabihf-gcc FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=arm-linux-gnueabihf-gcc rust: stable os: linux dist: focal @@ -207,27 +207,27 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-apple-ios FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=aarch64-apple-ios RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 rust: nightly os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-apple-ios FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + - env: TARGET_X=aarch64-apple-ios RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 rust: nightly os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=x86_64-apple-darwin RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 rust: nightly os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + - env: TARGET_X=x86_64-apple-darwin RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 rust: nightly os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android CC_X=aarch64-linux-android21-clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=aarch64-linux-android21-clang rust: nightly os: linux language: android @@ -237,7 +237,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=aarch64-linux-android CC_X=aarch64-linux-android21-clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=aarch64-linux-android21-clang rust: nightly os: linux language: android @@ -247,7 +247,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=armv7-linux-androideabi CC_X=armv7a-linux-androideabi18-clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=armv7-linux-androideabi RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=armv7a-linux-androideabi18-clang rust: nightly os: linux language: android @@ -258,7 +258,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=armv7-linux-androideabi CC_X=armv7a-linux-androideabi18-clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + - env: TARGET_X=armv7-linux-androideabi RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=armv7a-linux-androideabi18-clang rust: nightly os: linux language: android @@ -269,7 +269,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 rust: nightly os: linux dist: focal @@ -278,7 +278,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=1 CC_X=clang-10 rust: nightly os: linux dist: focal @@ -288,7 +288,7 @@ matrix: - clang-10 - kcov - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 rust: nightly os: linux dist: focal @@ -297,7 +297,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 rust: nightly os: linux dist: focal @@ -306,7 +306,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 rust: nightly os: linux dist: focal @@ -315,7 +315,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=aarch64-linux-gnu-gcc rust: nightly os: linux dist: focal @@ -327,7 +327,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=aarch64-linux-gnu-gcc rust: nightly os: linux dist: focal @@ -339,7 +339,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 rust: nightly os: linux dist: focal @@ -350,7 +350,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=1 RUST_X=nightly + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=1 CC_X=clang-10 rust: nightly os: linux dist: focal @@ -362,7 +362,7 @@ matrix: - kcov - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 rust: nightly os: linux dist: focal @@ -373,7 +373,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=i686-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 rust: nightly os: linux dist: focal @@ -384,7 +384,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + - env: TARGET_X=i686-unknown-linux-musl RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 rust: nightly os: linux dist: focal @@ -395,7 +395,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=arm-unknown-linux-gnueabihf CC_X=arm-linux-gnueabihf-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=nightly + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=arm-linux-gnueabihf-gcc rust: nightly os: linux dist: focal @@ -407,7 +407,7 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=arm-unknown-linux-gnueabihf CC_X=arm-linux-gnueabihf-gcc FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=nightly + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=arm-linux-gnueabihf-gcc rust: nightly os: linux dist: focal @@ -419,27 +419,27 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-apple-ios FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + - env: TARGET_X=aarch64-apple-ios RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 rust: beta os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-apple-ios FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + - env: TARGET_X=aarch64-apple-ios RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 rust: beta os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + - env: TARGET_X=x86_64-apple-darwin RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 rust: beta os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + - env: TARGET_X=x86_64-apple-darwin RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 rust: beta os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android CC_X=aarch64-linux-android21-clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=aarch64-linux-android21-clang rust: beta os: linux language: android @@ -449,7 +449,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=aarch64-linux-android CC_X=aarch64-linux-android21-clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=aarch64-linux-android21-clang rust: beta os: linux language: android @@ -459,7 +459,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=armv7-linux-androideabi CC_X=armv7a-linux-androideabi18-clang FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + - env: TARGET_X=armv7-linux-androideabi RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=armv7a-linux-androideabi18-clang rust: beta os: linux language: android @@ -470,7 +470,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=armv7-linux-androideabi CC_X=armv7a-linux-androideabi18-clang FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + - env: TARGET_X=armv7-linux-androideabi RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=armv7a-linux-androideabi18-clang rust: beta os: linux language: android @@ -481,7 +481,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 rust: beta os: linux dist: focal @@ -490,7 +490,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 rust: beta os: linux dist: focal @@ -499,7 +499,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 rust: beta os: linux dist: focal @@ -508,7 +508,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 rust: beta os: linux dist: focal @@ -517,7 +517,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=aarch64-linux-gnu-gcc rust: beta os: linux dist: focal @@ -529,7 +529,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-unknown-linux-gnu CC_X=aarch64-linux-gnu-gcc FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=aarch64-linux-gnu-gcc rust: beta os: linux dist: focal @@ -541,7 +541,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 rust: beta os: linux dist: focal @@ -552,7 +552,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 rust: beta os: linux dist: focal @@ -563,7 +563,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + - env: TARGET_X=i686-unknown-linux-musl RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 rust: beta os: linux dist: focal @@ -574,7 +574,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl CC_X=clang-10 FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + - env: TARGET_X=i686-unknown-linux-musl RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 rust: beta os: linux dist: focal @@ -585,7 +585,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=arm-unknown-linux-gnueabihf CC_X=arm-linux-gnueabihf-gcc FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=beta + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=arm-linux-gnueabihf-gcc rust: beta os: linux dist: focal @@ -597,7 +597,7 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=arm-unknown-linux-gnueabihf CC_X=arm-linux-gnueabihf-gcc FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=beta + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=arm-linux-gnueabihf-gcc rust: beta os: linux dist: focal @@ -609,27 +609,27 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 rust: stable os: linux dist: focal - - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 rust: stable os: linux dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 rust: stable os: linux dist: focal - - env: TARGET_X=x86_64-unknown-linux-gnu FEATURES_X= MODE_X=RELWITHDEBINFO KCOV=0 RUST_X=stable + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 rust: stable os: linux dist: trusty - - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 rust: stable os: linux dist: focal @@ -639,7 +639,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu FEATURES_X= MODE_X=DEBUG KCOV=0 RUST_X=stable + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 rust: stable os: linux dist: trusty diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index 525e895740..7c9d669661 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -96,8 +96,9 @@ def format_entries(): # variables are unintentially inherited into the build process. Also, we have # to set |CC_X| instead of |CC| since Travis sets |CC| to its Travis CI default # value *after* processing the |env:| directive here. + entry_template = """ - - env: TARGET_X=%(target)s %(compilers)s FEATURES_X=%(features)s MODE_X=%(mode)s KCOV=%(kcov)s RUST_X=%(rust)s + - env: TARGET_X=%(target)s RUST_X=%(rust)s MODE_X=%(mode)s FEATURES_X=%(features)s KCOV=%(kcov)s%(compilers)s rust: %(rust)s os: %(os)s""" @@ -171,10 +172,12 @@ def prefix_all(prefix, xs): compilers = [] if cc != "": compilers += ["CC_X=" + cc] - compilers += "" + compilers = " ".join(compilers) + if compilers != "": + compilers = " " + compilers return template % { - "compilers": " ".join(compilers), + "compilers": compilers, "features" : features, "mode" : mode, "kcov": "1" if kcov else "0", From 084f257fe8d01e361b92d0ccc2ad0dbcac2d9e75 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 3 Nov 2020 18:13:15 -0800 Subject: [PATCH 185/399] CI/CD: Prepare for making Travis CI environment variable setting more flexibile. The use of string interopolation makes it difficult to support optional environment variables. Use a more flexible approach to make future changes easier. --- mk/update-travis-yml.py | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index 7c9d669661..acbe178994 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -98,7 +98,7 @@ def format_entries(): # value *after* processing the |env:| directive here. entry_template = """ - - env: TARGET_X=%(target)s RUST_X=%(rust)s MODE_X=%(mode)s FEATURES_X=%(features)s KCOV=%(kcov)s%(compilers)s + - env: %(env)s rust: %(rust)s os: %(os)s""" @@ -111,6 +111,13 @@ def format_entries(): %(packages)s""" def format_entry(os, linux_dist, target, compiler, rust, mode, features, kcov): + env = [] + + env.append(("TARGET_X", target)) + env.append(("RUST_X", rust)) + env.append(("MODE_X", mode)) + env.append(("FEATURES_X", features)) + env.append(("KCOV", "1" if kcov else "0")) target_words = target.split("-") arch = target_words[0] vendor = target_words[1] @@ -169,21 +176,13 @@ def prefix_all(prefix, xs): if os == "osx": os += "\n" + entry_indent + "osx_image: xcode12" - compilers = [] if cc != "": - compilers += ["CC_X=" + cc] - compilers = " ".join(compilers) - if compilers != "": - compilers = " " + compilers + env.append(("CC_X", cc)) return template % { - "compilers": compilers, - "features" : features, - "mode" : mode, - "kcov": "1" if kcov else "0", - "packages" : "\n ".join(prefix_all("- ", packages)), + "env" : " ".join(["%s=%s" % (name, value) for (name, value) in env]), "rust" : rust, - "target" : target, + "packages" : "\n ".join(prefix_all("- ", packages)), "os" : os, } From ca41dae591af0f80641119e6570dd647285bf435 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 4 Nov 2020 13:24:26 -0800 Subject: [PATCH 186/399] CI/CD: Only set KCOV for KCOV builds. --- .travis.yml | 132 ++++++++++++++++++++-------------------- mk/travis.sh | 4 +- mk/update-travis-yml.py | 4 +- 3 files changed, 71 insertions(+), 69 deletions(-) diff --git a/.travis.yml b/.travis.yml index 5b865738d4..29dcdcbd8f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,27 +17,27 @@ matrix: # # BEGIN GENERATED - - env: TARGET_X=aarch64-apple-ios RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 + - env: TARGET_X=aarch64-apple-ios RUST_X=stable MODE_X=DEBUG FEATURES_X= rust: stable os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-apple-ios RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 + - env: TARGET_X=aarch64-apple-ios RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= rust: stable os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 + - env: TARGET_X=x86_64-apple-darwin RUST_X=stable MODE_X=DEBUG FEATURES_X= rust: stable os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 + - env: TARGET_X=x86_64-apple-darwin RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= rust: stable os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=DEBUG FEATURES_X= CC_X=aarch64-linux-android21-clang rust: stable os: linux language: android @@ -47,7 +47,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=aarch64-linux-android21-clang rust: stable os: linux language: android @@ -57,7 +57,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=stable MODE_X=DEBUG FEATURES_X= CC_X=armv7a-linux-androideabi18-clang rust: stable os: linux language: android @@ -68,7 +68,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=armv7a-linux-androideabi18-clang rust: stable os: linux language: android @@ -79,7 +79,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= CC_X=clang-10 rust: stable os: linux dist: focal @@ -88,7 +88,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 rust: stable os: linux dist: focal @@ -97,7 +97,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=DEBUG FEATURES_X= CC_X=clang-10 rust: stable os: linux dist: focal @@ -106,7 +106,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 rust: stable os: linux dist: focal @@ -115,7 +115,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= CC_X=aarch64-linux-gnu-gcc rust: stable os: linux dist: focal @@ -127,7 +127,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=aarch64-linux-gnu-gcc rust: stable os: linux dist: focal @@ -139,7 +139,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= CC_X=clang-10 rust: stable os: linux dist: focal @@ -150,7 +150,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 rust: stable os: linux dist: focal @@ -161,7 +161,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=stable MODE_X=DEBUG FEATURES_X= CC_X=clang-10 rust: stable os: linux dist: focal @@ -172,7 +172,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 rust: stable os: linux dist: focal @@ -183,7 +183,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=DEBUG FEATURES_X= CC_X=arm-linux-gnueabihf-gcc rust: stable os: linux dist: focal @@ -195,7 +195,7 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=arm-linux-gnueabihf-gcc rust: stable os: linux dist: focal @@ -207,27 +207,27 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-apple-ios RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 + - env: TARGET_X=aarch64-apple-ios RUST_X=nightly MODE_X=DEBUG FEATURES_X= rust: nightly os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-apple-ios RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 + - env: TARGET_X=aarch64-apple-ios RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= rust: nightly os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 + - env: TARGET_X=x86_64-apple-darwin RUST_X=nightly MODE_X=DEBUG FEATURES_X= rust: nightly os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 + - env: TARGET_X=x86_64-apple-darwin RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= rust: nightly os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=DEBUG FEATURES_X= CC_X=aarch64-linux-android21-clang rust: nightly os: linux language: android @@ -237,7 +237,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=aarch64-linux-android21-clang rust: nightly os: linux language: android @@ -247,7 +247,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=nightly MODE_X=DEBUG FEATURES_X= CC_X=armv7a-linux-androideabi18-clang rust: nightly os: linux language: android @@ -258,7 +258,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=armv7a-linux-androideabi18-clang rust: nightly os: linux language: android @@ -269,7 +269,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG FEATURES_X= CC_X=clang-10 rust: nightly os: linux dist: focal @@ -288,7 +288,7 @@ matrix: - clang-10 - kcov - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 rust: nightly os: linux dist: focal @@ -297,7 +297,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG FEATURES_X= CC_X=clang-10 rust: nightly os: linux dist: focal @@ -306,7 +306,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 rust: nightly os: linux dist: focal @@ -315,7 +315,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG FEATURES_X= CC_X=aarch64-linux-gnu-gcc rust: nightly os: linux dist: focal @@ -327,7 +327,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=aarch64-linux-gnu-gcc rust: nightly os: linux dist: focal @@ -339,7 +339,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG FEATURES_X= CC_X=clang-10 rust: nightly os: linux dist: focal @@ -362,7 +362,7 @@ matrix: - kcov - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 rust: nightly os: linux dist: focal @@ -373,7 +373,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG FEATURES_X= CC_X=clang-10 rust: nightly os: linux dist: focal @@ -384,7 +384,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 rust: nightly os: linux dist: focal @@ -395,7 +395,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=DEBUG FEATURES_X= CC_X=arm-linux-gnueabihf-gcc rust: nightly os: linux dist: focal @@ -407,7 +407,7 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=arm-linux-gnueabihf-gcc rust: nightly os: linux dist: focal @@ -419,27 +419,27 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-apple-ios RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 + - env: TARGET_X=aarch64-apple-ios RUST_X=beta MODE_X=DEBUG FEATURES_X= rust: beta os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-apple-ios RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 + - env: TARGET_X=aarch64-apple-ios RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= rust: beta os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 + - env: TARGET_X=x86_64-apple-darwin RUST_X=beta MODE_X=DEBUG FEATURES_X= rust: beta os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 + - env: TARGET_X=x86_64-apple-darwin RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= rust: beta os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=DEBUG FEATURES_X= CC_X=aarch64-linux-android21-clang rust: beta os: linux language: android @@ -449,7 +449,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=aarch64-linux-android21-clang rust: beta os: linux language: android @@ -459,7 +459,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=beta MODE_X=DEBUG FEATURES_X= CC_X=armv7a-linux-androideabi18-clang rust: beta os: linux language: android @@ -470,7 +470,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=armv7a-linux-androideabi18-clang rust: beta os: linux language: android @@ -481,7 +481,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG FEATURES_X= CC_X=clang-10 rust: beta os: linux dist: focal @@ -490,7 +490,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 rust: beta os: linux dist: focal @@ -499,7 +499,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=DEBUG FEATURES_X= CC_X=clang-10 rust: beta os: linux dist: focal @@ -508,7 +508,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 rust: beta os: linux dist: focal @@ -517,7 +517,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG FEATURES_X= CC_X=aarch64-linux-gnu-gcc rust: beta os: linux dist: focal @@ -529,7 +529,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=aarch64-linux-gnu-gcc rust: beta os: linux dist: focal @@ -541,7 +541,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG FEATURES_X= CC_X=clang-10 rust: beta os: linux dist: focal @@ -552,7 +552,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 rust: beta os: linux dist: focal @@ -563,7 +563,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=beta MODE_X=DEBUG FEATURES_X= CC_X=clang-10 rust: beta os: linux dist: focal @@ -574,7 +574,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 rust: beta os: linux dist: focal @@ -585,7 +585,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=DEBUG FEATURES_X= KCOV=0 CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=DEBUG FEATURES_X= CC_X=arm-linux-gnueabihf-gcc rust: beta os: linux dist: focal @@ -597,7 +597,7 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=arm-linux-gnueabihf-gcc rust: beta os: linux dist: focal @@ -609,27 +609,27 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= rust: stable os: linux dist: focal - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= rust: stable os: linux dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= rust: stable os: linux dist: focal - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= KCOV=0 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= rust: stable os: linux dist: trusty - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= rust: stable os: linux dist: focal @@ -639,7 +639,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= KCOV=0 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= rust: stable os: linux dist: trusty diff --git a/mk/travis.sh b/mk/travis.sh index e13c6f9b2c..939152dad9 100755 --- a/mk/travis.sh +++ b/mk/travis.sh @@ -73,7 +73,7 @@ else target_dir=target/$TARGET_X/debug fi -if [[ "$KCOV" == "1" ]]; then +if [ -n "$KCOV" ]; then # kcov reports coverage as a percentage of code *linked into the executable* # (more accurately, code that has debug info linked into the executable), not # as a percentage of source code. Any code that gets discarded by the linker @@ -123,7 +123,7 @@ if false; then adb emu kill fi -if [[ "$KCOV" == "1" ]]; then +if [ -n "$KCOV" ]; then for test_exe in `find target/$TARGET_X/debug -maxdepth 1 -executable -type f`; do ${HOME}/kcov-${TARGET_X}/bin/kcov \ --verify \ diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index acbe178994..5bcc723584 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -117,7 +117,9 @@ def format_entry(os, linux_dist, target, compiler, rust, mode, features, kcov): env.append(("RUST_X", rust)) env.append(("MODE_X", mode)) env.append(("FEATURES_X", features)) - env.append(("KCOV", "1" if kcov else "0")) + if kcov: + env.append(("KCOV", "1")) + target_words = target.split("-") arch = target_words[0] vendor = target_words[1] From 2bf38f36e01ef3e4ca16fed35e8e73dc15e2f162 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 4 Nov 2020 13:25:42 -0800 Subject: [PATCH 187/399] CI/CD: Only set $FEATURES_X when it isn't empty (currently never). --- .travis.yml | 136 ++++++++++++++++++++-------------------- mk/update-travis-yml.py | 3 +- 2 files changed, 70 insertions(+), 69 deletions(-) diff --git a/.travis.yml b/.travis.yml index 29dcdcbd8f..61aef540cd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,27 +17,27 @@ matrix: # # BEGIN GENERATED - - env: TARGET_X=aarch64-apple-ios RUST_X=stable MODE_X=DEBUG FEATURES_X= + - env: TARGET_X=aarch64-apple-ios RUST_X=stable MODE_X=DEBUG rust: stable os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-apple-ios RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= + - env: TARGET_X=aarch64-apple-ios RUST_X=stable MODE_X=RELWITHDEBINFO rust: stable os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin RUST_X=stable MODE_X=DEBUG FEATURES_X= + - env: TARGET_X=x86_64-apple-darwin RUST_X=stable MODE_X=DEBUG rust: stable os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= + - env: TARGET_X=x86_64-apple-darwin RUST_X=stable MODE_X=RELWITHDEBINFO rust: stable os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=DEBUG FEATURES_X= CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=DEBUG CC_X=aarch64-linux-android21-clang rust: stable os: linux language: android @@ -47,7 +47,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=RELWITHDEBINFO CC_X=aarch64-linux-android21-clang rust: stable os: linux language: android @@ -57,7 +57,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=stable MODE_X=DEBUG FEATURES_X= CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=stable MODE_X=DEBUG CC_X=armv7a-linux-androideabi18-clang rust: stable os: linux language: android @@ -68,7 +68,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=stable MODE_X=RELWITHDEBINFO CC_X=armv7a-linux-androideabi18-clang rust: stable os: linux language: android @@ -79,7 +79,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG CC_X=clang-10 rust: stable os: linux dist: focal @@ -88,7 +88,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO CC_X=clang-10 rust: stable os: linux dist: focal @@ -97,7 +97,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=DEBUG FEATURES_X= CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=DEBUG CC_X=clang-10 rust: stable os: linux dist: focal @@ -106,7 +106,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=RELWITHDEBINFO CC_X=clang-10 rust: stable os: linux dist: focal @@ -115,7 +115,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG CC_X=aarch64-linux-gnu-gcc rust: stable os: linux dist: focal @@ -127,7 +127,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO CC_X=aarch64-linux-gnu-gcc rust: stable os: linux dist: focal @@ -139,7 +139,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG CC_X=clang-10 rust: stable os: linux dist: focal @@ -150,7 +150,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO CC_X=clang-10 rust: stable os: linux dist: focal @@ -161,7 +161,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=stable MODE_X=DEBUG FEATURES_X= CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=stable MODE_X=DEBUG CC_X=clang-10 rust: stable os: linux dist: focal @@ -172,7 +172,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=stable MODE_X=RELWITHDEBINFO CC_X=clang-10 rust: stable os: linux dist: focal @@ -183,7 +183,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=DEBUG FEATURES_X= CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=DEBUG CC_X=arm-linux-gnueabihf-gcc rust: stable os: linux dist: focal @@ -195,7 +195,7 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=RELWITHDEBINFO CC_X=arm-linux-gnueabihf-gcc rust: stable os: linux dist: focal @@ -207,27 +207,27 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-apple-ios RUST_X=nightly MODE_X=DEBUG FEATURES_X= + - env: TARGET_X=aarch64-apple-ios RUST_X=nightly MODE_X=DEBUG rust: nightly os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-apple-ios RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= + - env: TARGET_X=aarch64-apple-ios RUST_X=nightly MODE_X=RELWITHDEBINFO rust: nightly os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin RUST_X=nightly MODE_X=DEBUG FEATURES_X= + - env: TARGET_X=x86_64-apple-darwin RUST_X=nightly MODE_X=DEBUG rust: nightly os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= + - env: TARGET_X=x86_64-apple-darwin RUST_X=nightly MODE_X=RELWITHDEBINFO rust: nightly os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=DEBUG FEATURES_X= CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=DEBUG CC_X=aarch64-linux-android21-clang rust: nightly os: linux language: android @@ -237,7 +237,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=RELWITHDEBINFO CC_X=aarch64-linux-android21-clang rust: nightly os: linux language: android @@ -247,7 +247,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=nightly MODE_X=DEBUG FEATURES_X= CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=nightly MODE_X=DEBUG CC_X=armv7a-linux-androideabi18-clang rust: nightly os: linux language: android @@ -258,7 +258,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=nightly MODE_X=RELWITHDEBINFO CC_X=armv7a-linux-androideabi18-clang rust: nightly os: linux language: android @@ -269,7 +269,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG FEATURES_X= CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CC_X=clang-10 rust: nightly os: linux dist: focal @@ -278,7 +278,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=1 CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG KCOV=1 CC_X=clang-10 rust: nightly os: linux dist: focal @@ -288,7 +288,7 @@ matrix: - clang-10 - kcov - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO CC_X=clang-10 rust: nightly os: linux dist: focal @@ -297,7 +297,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG FEATURES_X= CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG CC_X=clang-10 rust: nightly os: linux dist: focal @@ -306,7 +306,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=RELWITHDEBINFO CC_X=clang-10 rust: nightly os: linux dist: focal @@ -315,7 +315,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG FEATURES_X= CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CC_X=aarch64-linux-gnu-gcc rust: nightly os: linux dist: focal @@ -327,7 +327,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO CC_X=aarch64-linux-gnu-gcc rust: nightly os: linux dist: focal @@ -339,7 +339,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG FEATURES_X= CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CC_X=clang-10 rust: nightly os: linux dist: focal @@ -350,7 +350,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG FEATURES_X= KCOV=1 CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG KCOV=1 CC_X=clang-10 rust: nightly os: linux dist: focal @@ -362,7 +362,7 @@ matrix: - kcov - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO CC_X=clang-10 rust: nightly os: linux dist: focal @@ -373,7 +373,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG FEATURES_X= CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG CC_X=clang-10 rust: nightly os: linux dist: focal @@ -384,7 +384,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=nightly MODE_X=RELWITHDEBINFO CC_X=clang-10 rust: nightly os: linux dist: focal @@ -395,7 +395,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=DEBUG FEATURES_X= CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=DEBUG CC_X=arm-linux-gnueabihf-gcc rust: nightly os: linux dist: focal @@ -407,7 +407,7 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=RELWITHDEBINFO CC_X=arm-linux-gnueabihf-gcc rust: nightly os: linux dist: focal @@ -419,27 +419,27 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-apple-ios RUST_X=beta MODE_X=DEBUG FEATURES_X= + - env: TARGET_X=aarch64-apple-ios RUST_X=beta MODE_X=DEBUG rust: beta os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-apple-ios RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= + - env: TARGET_X=aarch64-apple-ios RUST_X=beta MODE_X=RELWITHDEBINFO rust: beta os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin RUST_X=beta MODE_X=DEBUG FEATURES_X= + - env: TARGET_X=x86_64-apple-darwin RUST_X=beta MODE_X=DEBUG rust: beta os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= + - env: TARGET_X=x86_64-apple-darwin RUST_X=beta MODE_X=RELWITHDEBINFO rust: beta os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=DEBUG FEATURES_X= CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=DEBUG CC_X=aarch64-linux-android21-clang rust: beta os: linux language: android @@ -449,7 +449,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=RELWITHDEBINFO CC_X=aarch64-linux-android21-clang rust: beta os: linux language: android @@ -459,7 +459,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=beta MODE_X=DEBUG FEATURES_X= CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=beta MODE_X=DEBUG CC_X=armv7a-linux-androideabi18-clang rust: beta os: linux language: android @@ -470,7 +470,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=beta MODE_X=RELWITHDEBINFO CC_X=armv7a-linux-androideabi18-clang rust: beta os: linux language: android @@ -481,7 +481,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG FEATURES_X= CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG CC_X=clang-10 rust: beta os: linux dist: focal @@ -490,7 +490,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO CC_X=clang-10 rust: beta os: linux dist: focal @@ -499,7 +499,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=DEBUG FEATURES_X= CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=DEBUG CC_X=clang-10 rust: beta os: linux dist: focal @@ -508,7 +508,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=RELWITHDEBINFO CC_X=clang-10 rust: beta os: linux dist: focal @@ -517,7 +517,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG FEATURES_X= CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG CC_X=aarch64-linux-gnu-gcc rust: beta os: linux dist: focal @@ -529,7 +529,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO CC_X=aarch64-linux-gnu-gcc rust: beta os: linux dist: focal @@ -541,7 +541,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG FEATURES_X= CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG CC_X=clang-10 rust: beta os: linux dist: focal @@ -552,7 +552,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO CC_X=clang-10 rust: beta os: linux dist: focal @@ -563,7 +563,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=beta MODE_X=DEBUG FEATURES_X= CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=beta MODE_X=DEBUG CC_X=clang-10 rust: beta os: linux dist: focal @@ -574,7 +574,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=beta MODE_X=RELWITHDEBINFO CC_X=clang-10 rust: beta os: linux dist: focal @@ -585,7 +585,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=DEBUG FEATURES_X= CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=DEBUG CC_X=arm-linux-gnueabihf-gcc rust: beta os: linux dist: focal @@ -597,7 +597,7 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=RELWITHDEBINFO FEATURES_X= CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=RELWITHDEBINFO CC_X=arm-linux-gnueabihf-gcc rust: beta os: linux dist: focal @@ -609,27 +609,27 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG rust: stable os: linux dist: focal - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG rust: stable os: linux dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO rust: stable os: linux dist: focal - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO FEATURES_X= + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO rust: stable os: linux dist: trusty - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG rust: stable os: linux dist: focal @@ -639,7 +639,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG FEATURES_X= + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG rust: stable os: linux dist: trusty diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index 5bcc723584..1dfea5108c 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -116,7 +116,8 @@ def format_entry(os, linux_dist, target, compiler, rust, mode, features, kcov): env.append(("TARGET_X", target)) env.append(("RUST_X", rust)) env.append(("MODE_X", mode)) - env.append(("FEATURES_X", features)) + if features != "": + env.append(("FEATURES_X", features)) if kcov: env.append(("KCOV", "1")) From 279fb7ce12f795a4aa0be835e17535890337eeb0 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 4 Nov 2020 13:30:02 -0800 Subject: [PATCH 188/399] CI/CD: Fix typo in comment in mk/update-travis-yml.py. --- mk/update-travis-yml.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index 1dfea5108c..97aeee9958 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -93,7 +93,7 @@ def format_entries(): # We use alternative names (the "_X" suffix) so that, in mk/travis.sh, we can # ensure that we set the specific variables we want and that no relevant -# variables are unintentially inherited into the build process. Also, we have +# variables are unintentionally inherited into the build process. Also, we have # to set |CC_X| instead of |CC| since Travis sets |CC| to its Travis CI default # value *after* processing the |env:| directive here. From e37b37519de4825a2640ca7238225f9d4e4a5b88 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 5 Nov 2020 12:48:15 -0800 Subject: [PATCH 189/399] CI/CD: Don't print out tool versions in mk/travis.sh. The build system is moving to a point where we know exactly what versions of each thing are installed already, so they don't need to be logged in travis.sh. Further, the logging would make future refactorings difficult. --- mk/travis.sh | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/mk/travis.sh b/mk/travis.sh index 939152dad9..2c6cde5062 100755 --- a/mk/travis.sh +++ b/mk/travis.sh @@ -56,16 +56,6 @@ if [[ "$TARGET_X" =~ .*"-unknown-linux-musl" || ! "$TARGET_X" =~ "x86_64" ]]; th rustup target add "$TARGET_X" fi -if [[ ! -z "${CC_X-}" ]]; then - export CC=$CC_X - $CC --version -else - cc --version -fi - -cargo version -rustc --version - if [[ "$MODE_X" == "RELWITHDEBINFO" ]]; then mode=--release target_dir=target/$TARGET_X/release From ecba7405bca7c5bc86605c8d3f5a23e9dad43d74 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 3 Nov 2020 17:43:29 -0800 Subject: [PATCH 190/399] CI/CD: Use `$CC_` and `$CARGO_TARGET__LINKER`. Currently a .cargo/config file is written during the build when the linker needs to be overridden. Instead, override the linker using the relatively new environment variable. For symmetry, replace the use of `$TARGET_CC` with `$CC_` to demonstrate an easier-to-maintain way of setting the compiler. --- .travis.yml | 100 ++++++++++++++++++++-------------------- mk/travis.sh | 13 ------ mk/update-travis-yml.py | 9 ++-- 3 files changed, 55 insertions(+), 67 deletions(-) diff --git a/.travis.yml b/.travis.yml index 61aef540cd..e4b37996c0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -37,7 +37,7 @@ matrix: os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=DEBUG CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=DEBUG CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang rust: stable os: linux language: android @@ -47,7 +47,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=RELWITHDEBINFO CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=RELWITHDEBINFO CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang rust: stable os: linux language: android @@ -57,7 +57,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=stable MODE_X=DEBUG CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=stable MODE_X=DEBUG CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang rust: stable os: linux language: android @@ -68,7 +68,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=stable MODE_X=RELWITHDEBINFO CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=stable MODE_X=RELWITHDEBINFO CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang rust: stable os: linux language: android @@ -79,7 +79,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG CC_x86_64_unknown_linux_gnu=clang-10 rust: stable os: linux dist: focal @@ -88,7 +88,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO CC_x86_64_unknown_linux_gnu=clang-10 rust: stable os: linux dist: focal @@ -97,7 +97,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=DEBUG CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=DEBUG CC_x86_64_unknown_linux_musl=clang-10 rust: stable os: linux dist: focal @@ -106,7 +106,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=RELWITHDEBINFO CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=RELWITHDEBINFO CC_x86_64_unknown_linux_musl=clang-10 rust: stable os: linux dist: focal @@ -115,7 +115,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc rust: stable os: linux dist: focal @@ -127,7 +127,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc rust: stable os: linux dist: focal @@ -139,7 +139,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG CC_i686_unknown_linux_gnu=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 rust: stable os: linux dist: focal @@ -150,7 +150,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO CC_i686_unknown_linux_gnu=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 rust: stable os: linux dist: focal @@ -161,7 +161,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=stable MODE_X=DEBUG CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=stable MODE_X=DEBUG CC_i686_unknown_linux_musl=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-10 rust: stable os: linux dist: focal @@ -172,7 +172,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=stable MODE_X=RELWITHDEBINFO CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=stable MODE_X=RELWITHDEBINFO CC_i686_unknown_linux_musl=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-10 rust: stable os: linux dist: focal @@ -183,7 +183,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=DEBUG CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=DEBUG CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc rust: stable os: linux dist: focal @@ -195,7 +195,7 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=RELWITHDEBINFO CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=RELWITHDEBINFO CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc rust: stable os: linux dist: focal @@ -227,7 +227,7 @@ matrix: os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=DEBUG CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=DEBUG CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang rust: nightly os: linux language: android @@ -237,7 +237,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=RELWITHDEBINFO CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=RELWITHDEBINFO CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang rust: nightly os: linux language: android @@ -247,7 +247,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=nightly MODE_X=DEBUG CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=nightly MODE_X=DEBUG CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang rust: nightly os: linux language: android @@ -258,7 +258,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=nightly MODE_X=RELWITHDEBINFO CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=nightly MODE_X=RELWITHDEBINFO CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang rust: nightly os: linux language: android @@ -269,7 +269,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CC_x86_64_unknown_linux_gnu=clang-10 rust: nightly os: linux dist: focal @@ -278,7 +278,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG KCOV=1 CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG KCOV=1 CC_x86_64_unknown_linux_gnu=clang-10 rust: nightly os: linux dist: focal @@ -288,7 +288,7 @@ matrix: - clang-10 - kcov - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO CC_x86_64_unknown_linux_gnu=clang-10 rust: nightly os: linux dist: focal @@ -297,7 +297,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG CC_x86_64_unknown_linux_musl=clang-10 rust: nightly os: linux dist: focal @@ -306,7 +306,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=RELWITHDEBINFO CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=RELWITHDEBINFO CC_x86_64_unknown_linux_musl=clang-10 rust: nightly os: linux dist: focal @@ -315,7 +315,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc rust: nightly os: linux dist: focal @@ -327,7 +327,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc rust: nightly os: linux dist: focal @@ -339,7 +339,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CC_i686_unknown_linux_gnu=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 rust: nightly os: linux dist: focal @@ -350,7 +350,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG KCOV=1 CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG KCOV=1 CC_i686_unknown_linux_gnu=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 rust: nightly os: linux dist: focal @@ -362,7 +362,7 @@ matrix: - kcov - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO CC_i686_unknown_linux_gnu=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 rust: nightly os: linux dist: focal @@ -373,7 +373,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG CC_i686_unknown_linux_musl=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-10 rust: nightly os: linux dist: focal @@ -384,7 +384,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=nightly MODE_X=RELWITHDEBINFO CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=nightly MODE_X=RELWITHDEBINFO CC_i686_unknown_linux_musl=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-10 rust: nightly os: linux dist: focal @@ -395,7 +395,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=DEBUG CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=DEBUG CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc rust: nightly os: linux dist: focal @@ -407,7 +407,7 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=RELWITHDEBINFO CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=RELWITHDEBINFO CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc rust: nightly os: linux dist: focal @@ -439,7 +439,7 @@ matrix: os: osx osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=DEBUG CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=DEBUG CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang rust: beta os: linux language: android @@ -449,7 +449,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=RELWITHDEBINFO CC_X=aarch64-linux-android21-clang + - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=RELWITHDEBINFO CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang rust: beta os: linux language: android @@ -459,7 +459,7 @@ matrix: - build-tools-26.0.2 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=beta MODE_X=DEBUG CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=beta MODE_X=DEBUG CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang rust: beta os: linux language: android @@ -470,7 +470,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=armv7-linux-androideabi RUST_X=beta MODE_X=RELWITHDEBINFO CC_X=armv7a-linux-androideabi18-clang + - env: TARGET_X=armv7-linux-androideabi RUST_X=beta MODE_X=RELWITHDEBINFO CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang rust: beta os: linux language: android @@ -481,7 +481,7 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG CC_x86_64_unknown_linux_gnu=clang-10 rust: beta os: linux dist: focal @@ -490,7 +490,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO CC_x86_64_unknown_linux_gnu=clang-10 rust: beta os: linux dist: focal @@ -499,7 +499,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=DEBUG CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=DEBUG CC_x86_64_unknown_linux_musl=clang-10 rust: beta os: linux dist: focal @@ -508,7 +508,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=RELWITHDEBINFO CC_X=clang-10 + - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=RELWITHDEBINFO CC_x86_64_unknown_linux_musl=clang-10 rust: beta os: linux dist: focal @@ -517,7 +517,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc rust: beta os: linux dist: focal @@ -529,7 +529,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO CC_X=aarch64-linux-gnu-gcc + - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc rust: beta os: linux dist: focal @@ -541,7 +541,7 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG CC_i686_unknown_linux_gnu=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 rust: beta os: linux dist: focal @@ -552,7 +552,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO CC_i686_unknown_linux_gnu=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 rust: beta os: linux dist: focal @@ -563,7 +563,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=beta MODE_X=DEBUG CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=beta MODE_X=DEBUG CC_i686_unknown_linux_musl=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-10 rust: beta os: linux dist: focal @@ -574,7 +574,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-musl RUST_X=beta MODE_X=RELWITHDEBINFO CC_X=clang-10 + - env: TARGET_X=i686-unknown-linux-musl RUST_X=beta MODE_X=RELWITHDEBINFO CC_i686_unknown_linux_musl=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-10 rust: beta os: linux dist: focal @@ -585,7 +585,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=DEBUG CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=DEBUG CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc rust: beta os: linux dist: focal @@ -597,7 +597,7 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=RELWITHDEBINFO CC_X=arm-linux-gnueabihf-gcc + - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=RELWITHDEBINFO CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc rust: beta os: linux dist: focal diff --git a/mk/travis.sh b/mk/travis.sh index 2c6cde5062..3b1500614e 100755 --- a/mk/travis.sh +++ b/mk/travis.sh @@ -39,19 +39,6 @@ esac printenv -if [[ ! "$TARGET_X" =~ "x86_64-" ]]; then - # By default cargo/rustc seems to use cc for linking, We installed the - # multilib support that corresponds to $CC_X but unless cc happens to match - # $CC_X, that's not the right version. The symptom is a linker error - # where it fails to find -lgcc_s. - if [[ ! -z "${CC_X-}" ]]; then - mkdir .cargo - echo "[target.$TARGET_X]" > .cargo/config - echo "linker= \"$CC_X\"" >> .cargo/config - cat .cargo/config - fi -fi - if [[ "$TARGET_X" =~ .*"-unknown-linux-musl" || ! "$TARGET_X" =~ "x86_64" ]]; then rustup target add "$TARGET_X" fi diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index 97aeee9958..3513f2999d 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -93,9 +93,7 @@ def format_entries(): # We use alternative names (the "_X" suffix) so that, in mk/travis.sh, we can # ensure that we set the specific variables we want and that no relevant -# variables are unintentionally inherited into the build process. Also, we have -# to set |CC_X| instead of |CC| since Travis sets |CC| to its Travis CI default -# value *after* processing the |env:| directive here. +# variables are unintentionally inherited into the build process. entry_template = """ - env: %(env)s @@ -179,8 +177,11 @@ def prefix_all(prefix, xs): if os == "osx": os += "\n" + entry_indent + "osx_image: xcode12" + target_with_underscores = target.replace("-", "_") if cc != "": - env.append(("CC_X", cc)) + env.append(("CC_" + target_with_underscores, cc)) + if arch != "x86_64": + env.append(("CARGO_TARGET_%s_LINKER" % target_with_underscores.upper(), cc)) return template % { "env" : " ".join(["%s=%s" % (name, value) for (name, value) in env]), From a1837f84199bcf8172686761f044553499ba22f5 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 5 Nov 2020 12:56:23 -0800 Subject: [PATCH 191/399] CI/CD: Use Cargo's "runner" feature for kcov. --- .travis.yml | 7 ++----- mk/kcov.sh | 13 +++++++++++++ mk/travis.sh | 37 ++++++++----------------------------- mk/update-travis-yml.py | 18 ++++++++++++++++++ 4 files changed, 41 insertions(+), 34 deletions(-) create mode 100755 mk/kcov.sh diff --git a/.travis.yml b/.travis.yml index e4b37996c0..ed04abd5ff 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,8 +1,5 @@ language: rust matrix: - fast_finish: true - allow_failures: - - rust: nightly include: - rust: stable os: linux @@ -278,7 +275,7 @@ matrix: packages: - clang-10 - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG KCOV=1 CC_x86_64_unknown_linux_gnu=clang-10 + - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CARGO_INCREMENTAL=0 RUSTDOCFLAGS="-Cpanic=abort" RUSTFLAGS="-Ccodegen-units=1 -Clink-dead-code -Coverflow-checks=on -Cpanic=abort -Zpanic_abort_tests -Zprofile" KCOV=1 CC_x86_64_unknown_linux_gnu=clang-10 CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER=mk/kcov.sh rust: nightly os: linux dist: focal @@ -350,7 +347,7 @@ matrix: - gcc-multilib - libc6-dev-i386 - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG KCOV=1 CC_i686_unknown_linux_gnu=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 + - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CARGO_INCREMENTAL=0 RUSTDOCFLAGS="-Cpanic=abort" RUSTFLAGS="-Ccodegen-units=1 -Clink-dead-code -Coverflow-checks=on -Cpanic=abort -Zpanic_abort_tests -Zprofile" KCOV=1 CC_i686_unknown_linux_gnu=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_RUNNER=mk/kcov.sh rust: nightly os: linux dist: focal diff --git a/mk/kcov.sh b/mk/kcov.sh new file mode 100755 index 0000000000..b3a66f43fd --- /dev/null +++ b/mk/kcov.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash +set -eux -o pipefail +IFS=$'\n\t' + +output=target/kcov/unmerged/$(basename $1) +echo $output +kcov \ + --collect-only \ + --exclude-path=/usr/include \ + --include-pattern=ring/crypto,ring/src,ring/tests \ + --verify \ + $output \ + $1 diff --git a/mk/travis.sh b/mk/travis.sh index 3b1500614e..82c6ba3c9a 100755 --- a/mk/travis.sh +++ b/mk/travis.sh @@ -50,30 +50,21 @@ else target_dir=target/$TARGET_X/debug fi -if [ -n "$KCOV" ]; then - # kcov reports coverage as a percentage of code *linked into the executable* - # (more accurately, code that has debug info linked into the executable), not - # as a percentage of source code. Any code that gets discarded by the linker - # due to lack of usage isn't counted at all. Thus, we have to link with - # "-C link-dead-code" to get accurate code coverage reports. - # - # panic=abort is used to get accurate coverage. See - # https://github.com/rust-lang/rust/issues/43410 and - # https://github.com/mozilla/grcov/issues/427#issuecomment-623995594 and - # https://github.com/rust-lang/rust/issues/55352. - CARGO_INCREMENTAL=0 - RUSTDOCFLAGS="-Cpanic=abort" - RUSTFLAGS="-Ccodegen-units=1 -Clink-dead-code -Coverflow-checks=on -Cpanic=abort -Zpanic_abort_tests -Zprofile" - run_tests_on_host= -fi - no_run= if [[ -z $run_tests_on_host ]]; then no_run=--no-run fi +if [ -n "${KCOV-}" ]; then + mkdir -p target/kcov/unmerged +fi + cargo test -vv -j2 ${mode-} ${no_run-} ${FEATURES_X-} --target=$TARGET_X +if [ -n "${KCOV-}" ]; then + kcov --merge --coveralls-id=$TRAVIS_JOB_ID target/kcov/merged target/kcov/unmerged/* +fi + # Android tests in emulator # # XXX: Tests are built but not run because we couldn't get the emulator to work; see @@ -100,16 +91,4 @@ if false; then adb emu kill fi -if [ -n "$KCOV" ]; then - for test_exe in `find target/$TARGET_X/debug -maxdepth 1 -executable -type f`; do - ${HOME}/kcov-${TARGET_X}/bin/kcov \ - --verify \ - --coveralls-id=$TRAVIS_JOB_ID \ - --exclude-path=/usr/include \ - --include-pattern="ring/crypto,ring/src,ring/tests" \ - target/kcov \ - $test_exe - done -fi - echo end of mk/travis.sh diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index 3513f2999d..06b6074d43 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -110,14 +110,30 @@ def format_entries(): def format_entry(os, linux_dist, target, compiler, rust, mode, features, kcov): env = [] + runner = None env.append(("TARGET_X", target)) env.append(("RUST_X", rust)) env.append(("MODE_X", mode)) if features != "": env.append(("FEATURES_X", features)) + if kcov: + # kcov reports coverage as a percentage of code *linked into the executable* + # (more accurately, code that has debug info linked into the executable), not + # as a percentage of source code. Any code that gets discarded by the linker + # due to lack of usage isn't counted at all. Thus, we have to link with + # "-C link-dead-code" to get accurate code coverage reports. + # + # panic=abort is used to get accurate coverage. See + # https://github.com/rust-lang/rust/issues/43410 and + # https://github.com/mozilla/grcov/issues/427#issuecomment-623995594 and + # https://github.com/rust-lang/rust/issues/55352. + env.append(("CARGO_INCREMENTAL", 0)) + env.append(("RUSTDOCFLAGS", '"-Cpanic=abort"')) + env.append(("RUSTFLAGS", '"-Ccodegen-units=1 -Clink-dead-code -Coverflow-checks=on -Cpanic=abort -Zpanic_abort_tests -Zprofile"')) env.append(("KCOV", "1")) + runner = 'mk/kcov.sh' target_words = target.split("-") arch = target_words[0] @@ -182,6 +198,8 @@ def prefix_all(prefix, xs): env.append(("CC_" + target_with_underscores, cc)) if arch != "x86_64": env.append(("CARGO_TARGET_%s_LINKER" % target_with_underscores.upper(), cc)) + if runner: + env.append(("CARGO_TARGET_%s_RUNNER" % target_with_underscores.upper(), runner)) return template % { "env" : " ".join(["%s=%s" % (name, value) for (name, value) in env]), From 352351b5c04b44ef67a4cd1e473a51fcc97010c6 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 4 Sep 2020 16:26:32 -0400 Subject: [PATCH 192/399] Remove sk_new_null call. This entire function is assuming all the STACK_OF(T) types are secretly the same type, but best to consistently use the sk_ASN1_VALUE_* wrappers. The raw sk_foo functions are an implementation detail of the macros and we probably should rename them to be better prefixed (as upstream did). Change-Id: I62d910b93ca6be5e1c83ae269c7df6a437ffb316 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43884 Reviewed-by: Adam Langley --- crypto/asn1/tasn_dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 32aba0bda2..8b3d22da7d 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -649,7 +649,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } else if (ret == -1) return -1; if (!*val) - *val = (ASN1_VALUE *)sk_new_null(); + *val = (ASN1_VALUE *)sk_ASN1_VALUE_new_null(); else { /* * We've got a valid STACK: free up any items present From 5eb8c877c89014f563f6f1dafe1f23eae6e6957a Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 4 Sep 2020 12:26:21 -0400 Subject: [PATCH 193/399] Document the next few functions in x509.h Change-Id: I587a58b87674d4b07312ac143b2a458eb3cb8877 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43885 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- include/openssl/x509.h | 104 ++++++++++++++++++++++++++++++++++------- 1 file changed, 87 insertions(+), 17 deletions(-) diff --git a/include/openssl/x509.h b/include/openssl/x509.h index aa32f0fd03..90243255aa 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -718,25 +718,95 @@ OPENSSL_EXPORT int X509_signature_dump(BIO *bio, const ASN1_STRING *sig, OPENSSL_EXPORT int X509_signature_print(BIO *bio, const X509_ALGOR *alg, const ASN1_STRING *sig); -OPENSSL_EXPORT int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); -OPENSSL_EXPORT int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); -OPENSSL_EXPORT int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); -OPENSSL_EXPORT int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); -OPENSSL_EXPORT int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); -OPENSSL_EXPORT int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); -OPENSSL_EXPORT int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, +// X509_sign signs |x509| with |pkey| and replaces the signature algorithm and +// signature fields. It returns one on success and zero on error. This function +// uses digest algorithm |md|, or |pkey|'s default if NULL. Other signing +// parameters use |pkey|'s defaults. To customize them, use |X509_sign_ctx|. +OPENSSL_EXPORT int X509_sign(X509 *x509, EVP_PKEY *pkey, const EVP_MD *md); + +// X509_sign_ctx signs |x509| with |ctx| and replaces the signature algorithm +// and signature fields. It returns one on success and zero on error. The +// signature algorithm and parameters come from |ctx|, which must have been +// initialized with |EVP_DigestSignInit|. The caller should configure the +// corresponding |EVP_PKEY_CTX| before calling this function. +OPENSSL_EXPORT int X509_sign_ctx(X509 *x509, EVP_MD_CTX *ctx); + +// X509_REQ_sign signs |req| with |pkey| and replaces the signature algorithm +// and signature fields. It returns one on success and zero on error. This +// function uses digest algorithm |md|, or |pkey|'s default if NULL. Other +// signing parameters use |pkey|'s defaults. To customize them, use +// |X509_REQ_sign_ctx|. +OPENSSL_EXPORT int X509_REQ_sign(X509_REQ *req, EVP_PKEY *pkey, + const EVP_MD *md); + +// X509_REQ_sign_ctx signs |req| with |ctx| and replaces the signature algorithm +// and signature fields. It returns one on success and zero on error. The +// signature algorithm and parameters come from |ctx|, which must have been +// initialized with |EVP_DigestSignInit|. The caller should configure the +// corresponding |EVP_PKEY_CTX| before calling this function. +OPENSSL_EXPORT int X509_REQ_sign_ctx(X509_REQ *req, EVP_MD_CTX *ctx); + +// X509_CRL_sign signs |crl| with |pkey| and replaces the signature algorithm +// and signature fields. It returns one on success and zero on error. This +// function uses digest algorithm |md|, or |pkey|'s default if NULL. Other +// signing parameters use |pkey|'s defaults. To customize them, use +// |X509_CRL_sign_ctx|. +OPENSSL_EXPORT int X509_CRL_sign(X509_CRL *crl, EVP_PKEY *pkey, + const EVP_MD *md); + +// X509_CRL_sign_ctx signs |crl| with |ctx| and replaces the signature algorithm +// and signature fields. It returns one on success and zero on error. The +// signature algorithm and parameters come from |ctx|, which must have been +// initialized with |EVP_DigestSignInit|. The caller should configure the +// corresponding |EVP_PKEY_CTX| before calling this function. +OPENSSL_EXPORT int X509_CRL_sign_ctx(X509_CRL *crl, EVP_MD_CTX *ctx); + +// NETSCAPE_SPKI_sign signs |spki| with |pkey| and replaces the signature +// algorithm and signature fields. It returns one on success and zero on error. +// This function uses digest algorithm |md|, or |pkey|'s default if NULL. Other +// signing parameters use |pkey|'s defaults. +OPENSSL_EXPORT int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *spki, EVP_PKEY *pkey, const EVP_MD *md); -OPENSSL_EXPORT int X509_pubkey_digest(const X509 *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); -OPENSSL_EXPORT int X509_digest(const X509 *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); -OPENSSL_EXPORT int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); -OPENSSL_EXPORT int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); -OPENSSL_EXPORT int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, - unsigned char *md, unsigned int *len); +// X509_pubkey_digest hashes the DER encoding of |x509|'s subjectPublicKeyInfo +// field with |md| and writes the result to |out|. |EVP_MD_CTX_size| bytes are +// written, which is at most |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, +// |*out_len| is set to the number of bytes written. This function returns one +// on success and zero on error. +OPENSSL_EXPORT int X509_pubkey_digest(const X509 *x509, const EVP_MD *md, + uint8_t *out, unsigned *out_len); + +// X509_digest hashes |x509|'s DER encoding with |md| and writes the result to +// |out|. |EVP_MD_CTX_size| bytes are written, which is at most +// |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number +// of bytes written. This function returns one on success and zero on error. +// Note this digest covers the entire certificate, not just the signed portion. +OPENSSL_EXPORT int X509_digest(const X509 *x509, const EVP_MD *md, uint8_t *out, + unsigned *out_len); + +// X509_CRL_digest hashes |crl|'s DER encoding with |md| and writes the result +// to |out|. |EVP_MD_CTX_size| bytes are written, which is at most +// |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number +// of bytes written. This function returns one on success and zero on error. +// Note this digest covers the entire CRL, not just the signed portion. +OPENSSL_EXPORT int X509_CRL_digest(const X509_CRL *crl, const EVP_MD *md, + uint8_t *out, unsigned *out_len); + +// X509_REQ_digest hashes |req|'s DER encoding with |md| and writes the result +// to |out|. |EVP_MD_CTX_size| bytes are written, which is at most +// |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number +// of bytes written. This function returns one on success and zero on error. +// Note this digest covers the entire certificate request, not just the signed +// portion. +OPENSSL_EXPORT int X509_REQ_digest(const X509_REQ *req, const EVP_MD *md, + uint8_t *out, unsigned *out_len); + +// X509_NAME_digest hashes |name|'s DER encoding with |md| and writes the result +// to |out|. |EVP_MD_CTX_size| bytes are written, which is at most +// |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number +// of bytes written. This function returns one on success and zero on error. +OPENSSL_EXPORT int X509_NAME_digest(const X509_NAME *name, const EVP_MD *md, + uint8_t *out, unsigned *out_len); // X509_parse_from_buffer parses an X.509 structure from |buf| and returns a // fresh X509 or NULL on error. There must not be any trailing data in |buf|. From a93545c2e07e6aa6ecb113a92e71caf591ae3a46 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 5 Nov 2020 12:52:28 -0500 Subject: [PATCH 194/399] Const-correct various X509 string parameters. Change-Id: Iceaed077d072a51b67b8cda8f363d2d8f8d1762d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43886 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/x509/x_x509a.c | 4 ++-- crypto/x509v3/v3_alt.c | 15 +++++++------ crypto/x509v3/v3_conf.c | 42 +++++++++++++++++------------------ crypto/x509v3/v3_enum.c | 3 ++- crypto/x509v3/v3_skey.c | 2 +- crypto/x509v3/v3_utl.c | 12 +++++----- decrepit/x509/x509_decrepit.c | 2 +- include/openssl/x509.h | 4 ++-- include/openssl/x509v3.h | 42 +++++++++++++++++++---------------- 9 files changed, 66 insertions(+), 60 deletions(-) diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c index dccc46aed7..823fa5cd62 100644 --- a/crypto/x509/x_x509a.c +++ b/crypto/x509/x_x509a.c @@ -89,7 +89,7 @@ static X509_CERT_AUX *aux_get(X509 *x) return x->aux; } -int X509_alias_set1(X509 *x, unsigned char *name, int len) +int X509_alias_set1(X509 *x, const unsigned char *name, int len) { X509_CERT_AUX *aux; if (!name) { @@ -106,7 +106,7 @@ int X509_alias_set1(X509 *x, unsigned char *name, int len) return ASN1_STRING_set(aux->alias, name, len); } -int X509_keyid_set1(X509 *x, unsigned char *id, int len) +int X509_keyid_set1(X509 *x, const unsigned char *id, int len) { X509_CERT_AUX *aux; if (!id) { diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index 7a6e3e0fbd..a142e0e76a 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -75,8 +75,8 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, STACK_OF(CONF_VALUE) *nval); static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); -static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); -static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); +static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); +static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); const X509V3_EXT_METHOD v3_alt[] = { {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), @@ -446,8 +446,8 @@ GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, int gen_type, char *value, - int is_nc) + X509V3_CTX *ctx, int gen_type, + const char *value, int is_nc) { char is_string = 0; GENERAL_NAME *gen = NULL; @@ -575,9 +575,10 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, } -static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) +static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) { - char *objtmp = NULL, *p; + char *objtmp = NULL; + const char *p; int objlen; if (!(p = strchr(value, ';'))) return 0; @@ -602,7 +603,7 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) return 1; } -static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) +static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) { int ret = 0; STACK_OF(CONF_VALUE) *sk = NULL; diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index b3deb7f521..ba02873da9 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -71,22 +71,22 @@ #include "../internal.h" #include "internal.h" -static int v3_check_critical(char **value); -static int v3_check_generic(char **value); +static int v3_check_critical(const char **value); +static int v3_check_generic(const char **value); static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, char *value); -static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, + int crit, const char *value); +static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, int crit, int type, X509V3_CTX *ctx); static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc); -static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, +static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, long *ext_len); /* CONF *conf: Config file */ /* char *name: Name */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, - char *value) +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, + const char *value) { int crit; int ext_type; @@ -105,7 +105,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, /* CONF *conf: Config file */ /* char *value: Value */ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, - char *value) + const char *value) { int crit; int ext_type; @@ -119,7 +119,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, /* CONF *conf: Config file */ /* char *value: Value */ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, char *value) + int crit, const char *value) { const X509V3_EXT_METHOD *method; X509_EXTENSION *ext; @@ -230,9 +230,9 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) } /* Check the extension string for critical flag */ -static int v3_check_critical(char **value) +static int v3_check_critical(const char **value) { - char *p = *value; + const char *p = *value; if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; p += 9; @@ -243,10 +243,10 @@ static int v3_check_critical(char **value) } /* Check extension string for generic extension and return the type */ -static int v3_check_generic(char **value) +static int v3_check_generic(const char **value) { int gen_type = 0; - char *p = *value; + const char *p = *value; if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { p += 4; gen_type = 1; @@ -263,7 +263,7 @@ static int v3_check_generic(char **value) } /* Create a generic extension: for now just handle DER type */ -static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, +static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, int crit, int gen_type, X509V3_CTX *ctx) { @@ -309,7 +309,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, } -static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, +static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, long *ext_len) { ASN1_TYPE *typ; @@ -327,7 +327,7 @@ static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, * file section to an extension STACK. */ -int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, STACK_OF(X509_EXTENSION) **sk) { X509_EXTENSION *ext; @@ -351,7 +351,7 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, * Convenience functions to add extensions to a certificate, CRL and request */ -int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, X509 *cert) { STACK_OF(X509_EXTENSION) **sk = NULL; @@ -362,7 +362,7 @@ int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, /* Same as above but for a CRL */ -int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, X509_CRL *crl) { STACK_OF(X509_EXTENSION) **sk = NULL; @@ -373,7 +373,7 @@ int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, /* Add extensions to certificate request */ -int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, X509_REQ *req) { STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; @@ -390,7 +390,7 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, /* Config database functions */ -char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) +char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) { if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { OPENSSL_PUT_ERROR(X509V3, X509V3_R_OPERATION_NOT_DEFINED); @@ -401,7 +401,7 @@ char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) return NULL; } -STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section) +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section) { if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { OPENSSL_PUT_ERROR(X509V3, X509V3_R_OPERATION_NOT_DEFINED); diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c index eff77e875f..3a9d4d64e2 100644 --- a/crypto/x509v3/v3_enum.c +++ b/crypto/x509v3/v3_enum.c @@ -87,7 +87,8 @@ const X509V3_EXT_METHOD v3_crl_reason = { (void *)crl_reasons }; -char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *e) +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, + const ASN1_ENUMERATED *e) { const ENUMERATED_NAMES *enam; long strval; diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index 8c628ecf24..eb5ba55e97 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c @@ -83,7 +83,7 @@ char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, const ASN1_OCTET_STRING * } ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str) + X509V3_CTX *ctx, const char *str) { ASN1_OCTET_STRING *oct; long length; diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 9138ef7598..c0952c008a 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -147,7 +147,7 @@ int X509V3_add_value_bool(const char *name, int asn1_bool, return X509V3_add_value(name, "FALSE", extlist); } -int X509V3_add_value_bool_nf(char *name, int asn1_bool, +int X509V3_add_value_bool_nf(const char *name, int asn1_bool, STACK_OF(CONF_VALUE) **extlist) { if (asn1_bool) @@ -194,7 +194,7 @@ static char *bignum_to_string(const BIGNUM *bn) return ret; } -char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a) +char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a) { BIGNUM *bntmp = NULL; char *strtmp = NULL; @@ -207,7 +207,7 @@ char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a) return strtmp; } -char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a) +char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a) { BIGNUM *bntmp = NULL; char *strtmp = NULL; @@ -220,7 +220,7 @@ char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a) return strtmp; } -ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) +ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) { BIGNUM *bn = NULL; ASN1_INTEGER *aint; @@ -282,7 +282,7 @@ int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, return ret; } -int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) +int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) { char *btmp; if (!(btmp = value->value)) @@ -304,7 +304,7 @@ int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) return 0; } -int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) +int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint) { ASN1_INTEGER *itmp; if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { diff --git a/decrepit/x509/x509_decrepit.c b/decrepit/x509/x509_decrepit.c index 523775400e..3abab06a3a 100644 --- a/decrepit/x509/x509_decrepit.c +++ b/decrepit/x509/x509_decrepit.c @@ -20,7 +20,7 @@ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - int ext_nid, char *value) { + int ext_nid, const char *value) { assert(conf == NULL); return X509V3_EXT_nconf_nid(NULL, ctx, ext_nid, value); } diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 90243255aa..ceb3396e0f 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1019,8 +1019,8 @@ OPENSSL_EXPORT void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); OPENSSL_EXPORT int X509_get_signature_nid(const X509 *x); -OPENSSL_EXPORT int X509_alias_set1(X509 *x, unsigned char *name, int len); -OPENSSL_EXPORT int X509_keyid_set1(X509 *x, unsigned char *id, int len); +OPENSSL_EXPORT int X509_alias_set1(X509 *x, const unsigned char *name, int len); +OPENSSL_EXPORT int X509_keyid_set1(X509 *x, const unsigned char *id, int len); OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x, int *len); OPENSSL_EXPORT unsigned char *X509_keyid_get0(X509 *x, int *len); OPENSSL_EXPORT int (*X509_TRUST_set_default(int (*trust)(int, X509 *, diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 14d5e95399..d6827bbd93 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -525,7 +525,7 @@ OPENSSL_EXPORT int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, OPENSSL_EXPORT char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, const ASN1_OCTET_STRING *ia5); OPENSSL_EXPORT ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING( - X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); + X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str); DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) OPENSSL_EXPORT int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a); @@ -565,7 +565,7 @@ DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) OPENSSL_EXPORT GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, int gen_type, - char *value, int is_nc); + const char *value, int is_nc); OPENSSL_EXPORT GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); @@ -579,32 +579,36 @@ OPENSSL_EXPORT void X509V3_conf_free(CONF_VALUE *val); // this function so we cannot, yet, replace the type with a dummy struct. OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid, - char *value); + const char *value); OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, - int ext_nid, char *value); + int ext_nid, + const char *value); OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, - char *name, char *value); + const char *name, + const char *value); OPENSSL_EXPORT int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, - char *section, + const char *section, STACK_OF(X509_EXTENSION) **sk); OPENSSL_EXPORT int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, - char *section, X509 *cert); + const char *section, X509 *cert); OPENSSL_EXPORT int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, - char *section, X509_REQ *req); + const char *section, X509_REQ *req); OPENSSL_EXPORT int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, - char *section, X509_CRL *crl); + const char *section, X509_CRL *crl); -OPENSSL_EXPORT int X509V3_add_value_bool_nf(char *name, int asn1_bool, +OPENSSL_EXPORT int X509V3_add_value_bool_nf(const char *name, int asn1_bool, STACK_OF(CONF_VALUE) **extlist); -OPENSSL_EXPORT int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); -OPENSSL_EXPORT int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); +OPENSSL_EXPORT int X509V3_get_value_bool(const CONF_VALUE *value, + int *asn1_bool); +OPENSSL_EXPORT int X509V3_get_value_int(const CONF_VALUE *value, + ASN1_INTEGER **aint); OPENSSL_EXPORT void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); -OPENSSL_EXPORT char *X509V3_get_string(X509V3_CTX *ctx, char *name, - char *section); +OPENSSL_EXPORT char *X509V3_get_string(X509V3_CTX *ctx, const char *name, + const char *section); OPENSSL_EXPORT STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, - char *section); + const char *section); OPENSSL_EXPORT void X509V3_string_free(X509V3_CTX *ctx, char *str); OPENSSL_EXPORT void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); @@ -621,13 +625,13 @@ OPENSSL_EXPORT int X509V3_add_value_bool(const char *name, int asn1_bool, OPENSSL_EXPORT int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, STACK_OF(CONF_VALUE) **extlist); OPENSSL_EXPORT char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, - ASN1_INTEGER *aint); + const ASN1_INTEGER *aint); OPENSSL_EXPORT ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, - char *value); + const char *value); OPENSSL_EXPORT char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, - ASN1_ENUMERATED *aint); + const ASN1_ENUMERATED *aint); OPENSSL_EXPORT char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, - ASN1_ENUMERATED *aint); + const ASN1_ENUMERATED *aint); OPENSSL_EXPORT int X509V3_EXT_add(X509V3_EXT_METHOD *ext); OPENSSL_EXPORT int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); OPENSSL_EXPORT int X509V3_EXT_add_alias(int nid_to, int nid_from); From cf1c925ddb6fe35f81d614ca0e492a84d8c1c99e Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 20 Jun 2020 02:32:25 -0400 Subject: [PATCH 195/399] Unwind ASN1_AFLG_BROKEN. This is never used. Remove the logic so we can gradually simply the legacy ASN.1 code. Update-Note: Types using ASN1_BROKEN_SEQUENCE from openssl/asn1t.h will fail to compile. This CL should not affect certificate parsing. Change-Id: I06b61ae2656a657aed81cd467051a494155b0963 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43887 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/asn1/tasn_dec.c | 9 +-------- include/openssl/asn1t.h | 8 -------- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 8b3d22da7d..42fee27306 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -174,7 +174,6 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, unsigned char *wp = NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */ unsigned char imphack = 0, oclass; char seq_eoc, seq_nolen, cst, isopt; - long tmplen; int i; int otag; int ret = 0; @@ -373,7 +372,6 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, case ASN1_ITYPE_NDEF_SEQUENCE: case ASN1_ITYPE_SEQUENCE: p = *in; - tmplen = len; /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ if (tag == -1) { @@ -388,13 +386,8 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, goto err; } else if (ret == -1) return -1; - if (aux && (aux->flags & ASN1_AFLG_BROKEN)) { - len = tmplen - (p - *in); - seq_nolen = 1; - } /* If indefinite we don't do a length check */ - else - seq_nolen = seq_eoc; + seq_nolen = seq_eoc; if (!cst) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_NOT_CONSTRUCTED); goto err; diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h index 7bd77017a1..ea864ec431 100644 --- a/include/openssl/asn1t.h +++ b/include/openssl/asn1t.h @@ -151,10 +151,6 @@ extern "C" { static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \ ASN1_SEQUENCE(tname) -#define ASN1_BROKEN_SEQUENCE(tname) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0}; \ - ASN1_SEQUENCE(tname) - #define ASN1_SEQUENCE_ref(tname, cb) \ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), cb, 0}; \ ASN1_SEQUENCE(tname) @@ -175,8 +171,6 @@ extern "C" { #tname \ ASN1_ITEM_end(tname) -#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) - #define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) #define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) @@ -699,8 +693,6 @@ typedef struct ASN1_STREAM_ARG_st { #define ASN1_AFLG_REFCOUNT 1 /* Save the encoding of structure (useful for signatures) */ #define ASN1_AFLG_ENCODING 2 -/* The Sequence length is invalid */ -#define ASN1_AFLG_BROKEN 4 /* operation values for asn1_cb */ From 75a05d1594c5f05475f2765a6772d2fb9b47c8bd Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 20 Jun 2020 02:43:01 -0400 Subject: [PATCH 196/399] Unwind ASN1_ITYPE_COMPAT. This is a remnant of an older incarnation of OpenSSL's ASN.1 code. Update-Note: Types using IMPLEMENT_COMPAT_ASN1 from openssl/asn1t.h will fail to compile. This CL should not affect certificate parsing. Change-Id: I59e04f7ec219ae478119b77ce3f851a16b6c038f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43888 Reviewed-by: Adam Langley --- crypto/asn1/tasn_dec.c | 66 ++--------------------------------------- crypto/asn1/tasn_enc.c | 16 ---------- crypto/asn1/tasn_fre.c | 7 ----- crypto/asn1/tasn_new.c | 11 ------- include/openssl/asn1t.h | 34 --------------------- 5 files changed, 2 insertions(+), 132 deletions(-) diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 42fee27306..375d103562 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -166,18 +166,16 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, char opt, ASN1_TLC *ctx, int depth) { const ASN1_TEMPLATE *tt, *errtt = NULL; - const ASN1_COMPAT_FUNCS *cf; const ASN1_EXTERN_FUNCS *ef; const ASN1_AUX *aux = it->funcs; ASN1_aux_cb *asn1_cb; const unsigned char *p = NULL, *q; - unsigned char *wp = NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */ - unsigned char imphack = 0, oclass; + unsigned char oclass; char seq_eoc, seq_nolen, cst, isopt; int i; int otag; int ret = 0; - ASN1_VALUE **pchptr, *ptmpval; + ASN1_VALUE **pchptr; int combine = aclass & ASN1_TFLG_COMBINE; aclass &= ~ASN1_TFLG_COMBINE; if (!pval) @@ -254,66 +252,6 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, ef = it->funcs; return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); - case ASN1_ITYPE_COMPAT: - /* we must resort to old style evil hackery */ - cf = it->funcs; - - /* If OPTIONAL see if it is there */ - if (opt) { - int exptag; - p = *in; - if (tag == -1) - exptag = it->utype; - else - exptag = tag; - /* - * Don't care about anything other than presence of expected tag - */ - - ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, - &p, len, exptag, aclass, 1, ctx); - if (!ret) { - OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); - goto err; - } - if (ret == -1) - return -1; - } - - /* - * This is the old style evil hack IMPLICIT handling: since the - * underlying code is expecting a tag and class other than the one - * present we change the buffer temporarily then change it back - * afterwards. This doesn't and never did work for tags > 30. Yes - * this is *horrible* but it is only needed for old style d2i which - * will hopefully not be around for much longer. FIXME: should copy - * the buffer then modify it so the input buffer can be const: we - * should *always* copy because the old style d2i might modify the - * buffer. - */ - - if (tag != -1) { - wp = *(unsigned char **)in; - imphack = *wp; - if (p == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); - goto err; - } - *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED) - | it->utype); - } - - ptmpval = cf->asn1_d2i(pval, in, len); - - if (tag != -1) - *wp = imphack; - - if (ptmpval) - return 1; - - OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); - goto err; - case ASN1_ITYPE_CHOICE: if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index 3722a5191e..74878337c8 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -128,9 +128,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass) { const ASN1_TEMPLATE *tt = NULL; - unsigned char *p = NULL; int i, seqcontlen, seqlen, ndef = 1; - const ASN1_COMPAT_FUNCS *cf; const ASN1_EXTERN_FUNCS *ef; const ASN1_AUX *aux = it->funcs; ASN1_aux_cb *asn1_cb = 0; @@ -174,20 +172,6 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, ef = it->funcs; return ef->asn1_ex_i2d(pval, out, it, tag, aclass); - case ASN1_ITYPE_COMPAT: - /* old style hackery... */ - cf = it->funcs; - if (out) - p = *out; - i = cf->asn1_i2d(*pval, out); - /* - * Fixup for IMPLICIT tag: note this messes up for tags > 30, but so - * did the old code. Tags > 30 are very rare anyway. - */ - if (out && (tag != -1)) - *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED); - return i; - case ASN1_ITYPE_NDEF_SEQUENCE: /* Use indefinite length constructed if requested */ if (aclass & ASN1_TFLG_NDEF) diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c index eabc0fb564..82431d7b0c 100644 --- a/crypto/asn1/tasn_fre.c +++ b/crypto/asn1/tasn_fre.c @@ -77,7 +77,6 @@ void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) { const ASN1_TEMPLATE *tt = NULL, *seqtt; const ASN1_EXTERN_FUNCS *ef; - const ASN1_COMPAT_FUNCS *cf; const ASN1_AUX *aux = it->funcs; ASN1_aux_cb *asn1_cb; int i; @@ -124,12 +123,6 @@ void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) } break; - case ASN1_ITYPE_COMPAT: - cf = it->funcs; - if (cf && cf->asn1_free) - cf->asn1_free(*pval); - break; - case ASN1_ITYPE_EXTERN: ef = it->funcs; if (ef && ef->asn1_ex_free) diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index 5db38bef76..5f7f94e992 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -92,7 +92,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) { const ASN1_TEMPLATE *tt = NULL; - const ASN1_COMPAT_FUNCS *cf; const ASN1_EXTERN_FUNCS *ef; const ASN1_AUX *aux = it->funcs; ASN1_aux_cb *asn1_cb; @@ -118,15 +117,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, } break; - case ASN1_ITYPE_COMPAT: - cf = it->funcs; - if (cf && cf->asn1_new) { - *pval = cf->asn1_new(); - if (!*pval) - goto memerr; - } - break; - case ASN1_ITYPE_PRIMITIVE: if (it->templates) { if (!ASN1_template_new(pval, it->templates)) @@ -248,7 +238,6 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) asn1_primitive_clear(pval, it); break; - case ASN1_ITYPE_COMPAT: case ASN1_ITYPE_CHOICE: case ASN1_ITYPE_SEQUENCE: case ASN1_ITYPE_NDEF_SEQUENCE: diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h index ea864ec431..540ca06f9f 100644 --- a/include/openssl/asn1t.h +++ b/include/openssl/asn1t.h @@ -541,10 +541,6 @@ const char *sname; /* Structure name */ * The 'funcs' field is used for application * specific functions. * - * For COMPAT types the funcs field gives a - * set of functions that handle this type, this - * supports the old d2i, i2d convention. - * * The EXTERN type uses a new style d2i/i2d. * The new style should be used where possible * because it avoids things like the d2i IMPLICIT @@ -569,8 +565,6 @@ const char *sname; /* Structure name */ #define ASN1_ITYPE_CHOICE 0x2 -#define ASN1_ITYPE_COMPAT 0x3 - #define ASN1_ITYPE_EXTERN 0x4 #define ASN1_ITYPE_MSTRING 0x5 @@ -613,13 +607,6 @@ typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *puty typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx); -typedef struct ASN1_COMPAT_FUNCS_st { - ASN1_new_func *asn1_new; - ASN1_free_func *asn1_free; - ASN1_d2i_func *asn1_d2i; - ASN1_i2d_func *asn1_i2d; -} ASN1_COMPAT_FUNCS; - typedef struct ASN1_EXTERN_FUNCS_st { void *app_data; ASN1_ex_new_func *asn1_ex_new; @@ -724,27 +711,6 @@ typedef struct ASN1_STREAM_ARG_st { ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ ASN1_ITEM_end(itname) -/* Macro to implement an ASN1_ITEM in terms of old style funcs */ - -#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE) - -#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \ - static const ASN1_COMPAT_FUNCS sname##_ff = { \ - (ASN1_new_func *)sname##_new, \ - (ASN1_free_func *)sname##_free, \ - (ASN1_d2i_func *)d2i_##sname, \ - (ASN1_i2d_func *)i2d_##sname, \ - }; \ - ASN1_ITEM_start(sname) \ - ASN1_ITYPE_COMPAT, \ - tag, \ - NULL, \ - 0, \ - &sname##_ff, \ - 0, \ - #sname \ - ASN1_ITEM_end(sname) - #define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ ASN1_ITEM_start(sname) \ ASN1_ITYPE_EXTERN, \ From 45858ae2a485141232fb92c4998b5f5634affb8f Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 20 Jun 2020 02:56:15 -0400 Subject: [PATCH 197/399] Unwind ASN1_TFLG_NDEF. Sadly we need to keep ASN1_put_eoc. Ruby uses it. OpenSSL's PKCS#7 implementation generated an "ndef" variant of the encoding functions, to request indefinite-length encoding. Remove the support code for this. Update-Note: Types that use one of the NDEF macros in asn1t.h will fail to compile. This CL should not affect certificate parsing. Change-Id: I6e03f6927ea4b7a6acd73ac58bf49512b39baab8 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43889 Reviewed-by: Adam Langley --- crypto/asn1/asn1_lib.c | 2 ++ crypto/asn1/tasn_dec.c | 1 - crypto/asn1/tasn_enc.c | 77 ++++++++--------------------------------- crypto/asn1/tasn_fre.c | 1 - crypto/asn1/tasn_new.c | 2 -- crypto/asn1/tasn_typ.c | 2 -- crypto/asn1/tasn_utl.c | 3 +- include/openssl/asn1.h | 6 ---- include/openssl/asn1t.h | 57 ------------------------------ 9 files changed, 17 insertions(+), 134 deletions(-) diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 128d28f6f2..481a4d752f 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -251,6 +251,8 @@ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, int ASN1_put_eoc(unsigned char **pp) { + /* This function is no longer used in the library, but some external code + * uses it. */ unsigned char *p = *pp; *p++ = 0; *p++ = 0; diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 375d103562..1512bfcb46 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -307,7 +307,6 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, *in = p; return 1; - case ASN1_ITYPE_NDEF_SEQUENCE: case ASN1_ITYPE_SEQUENCE: p = *in; diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index 74878337c8..c02f3c551f 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -76,16 +76,9 @@ static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it, int flags); /* - * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use - * indefinite length constructed encoding, where appropriate + * Top level i2d equivalents */ -int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, - const ASN1_ITEM *it) -{ - return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF); -} - int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) { return asn1_item_flags_i2d(val, out, it, 0); @@ -128,7 +121,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass) { const ASN1_TEMPLATE *tt = NULL; - int i, seqcontlen, seqlen, ndef = 1; + int i, seqcontlen, seqlen; const ASN1_EXTERN_FUNCS *ef; const ASN1_AUX *aux = it->funcs; ASN1_aux_cb *asn1_cb = 0; @@ -172,12 +165,6 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, ef = it->funcs; return ef->asn1_ex_i2d(pval, out, it, tag, aclass); - case ASN1_ITYPE_NDEF_SEQUENCE: - /* Use indefinite length constructed if requested */ - if (aclass & ASN1_TFLG_NDEF) - ndef = 2; - OPENSSL_FALLTHROUGH; - case ASN1_ITYPE_SEQUENCE: i = asn1_enc_restore(&seqcontlen, out, pval, it); /* An error occurred */ @@ -212,11 +199,11 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, seqcontlen += tmplen; } - seqlen = ASN1_object_size(ndef, seqcontlen, tag); + seqlen = ASN1_object_size(/*constructed=*/1, seqcontlen, tag); if (!out || seqlen == -1) return seqlen; /* Output SEQUENCE header */ - ASN1_put_object(out, ndef, seqcontlen, tag, aclass); + ASN1_put_object(out, /*constructed=*/1, seqcontlen, tag, aclass); for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { const ASN1_TEMPLATE *seqtt; ASN1_VALUE **pseqval; @@ -227,8 +214,6 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, /* FIXME: check for errors in enhanced version */ asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass); } - if (ndef == 2) - ASN1_put_eoc(out); if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL)) return 0; return seqlen; @@ -243,7 +228,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt, int tag, int iclass) { - int i, ret, flags, ttag, tclass, ndef; + int i, ret, flags, ttag, tclass; size_t j; flags = tt->flags; /* @@ -279,12 +264,6 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, * class and iclass is any flags passed to this function. */ - /* if template and arguments require ndef, use it */ - if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF)) - ndef = 2; - else - ndef = 1; - if (flags & ASN1_TFLG_SK_MASK) { /* SET OF, SEQUENCE OF */ STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; @@ -329,12 +308,12 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, return -1; skcontlen += tmplen; } - sklen = ASN1_object_size(ndef, skcontlen, sktag); + sklen = ASN1_object_size(/*constructed=*/1, skcontlen, sktag); if (sklen == -1) return -1; /* If EXPLICIT need length of surrounding tag */ if (flags & ASN1_TFLG_EXPTAG) - ret = ASN1_object_size(ndef, sklen, ttag); + ret = ASN1_object_size(/*constructed=*/1, sklen, ttag); else ret = sklen; @@ -344,18 +323,12 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, /* Now encode this lot... */ /* EXPLICIT tag */ if (flags & ASN1_TFLG_EXPTAG) - ASN1_put_object(out, ndef, sklen, ttag, tclass); + ASN1_put_object(out, /*constructed=*/1, sklen, ttag, tclass); /* SET or SEQUENCE and IMPLICIT tag */ - ASN1_put_object(out, ndef, skcontlen, sktag, skaclass); + ASN1_put_object(out, /*constructed=*/1, skcontlen, sktag, skaclass); /* And the stuff itself */ asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), isset, iclass); - if (ndef == 2) { - ASN1_put_eoc(out); - if (flags & ASN1_TFLG_EXPTAG) - ASN1_put_eoc(out); - } - return ret; } @@ -366,13 +339,11 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, if (!i) return 0; /* Find length of EXPLICIT tag */ - ret = ASN1_object_size(ndef, i, ttag); + ret = ASN1_object_size(/*constructed=*/1, i, ttag); if (out && ret != -1) { /* Output tag and item */ - ASN1_put_object(out, ndef, i, ttag, tclass); + ASN1_put_object(out, /*constructed=*/1, i, ttag, tclass); ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass); - if (ndef == 2) - ASN1_put_eoc(out); } return ret; } @@ -471,7 +442,6 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, int len; int utype; int usetag; - int ndef = 0; utype = it->utype; @@ -497,12 +467,6 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, if (len == -1) return 0; - /* -2 return is special meaning use ndef */ - if (len == -2) { - ndef = 2; - len = 0; - } - /* If not implicitly tagged get tag from underlying type */ if (tag == -1) tag = utype; @@ -510,16 +474,13 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, /* Output tag+length followed by content octets */ if (out) { if (usetag) - ASN1_put_object(out, ndef, len, tag, aclass); + ASN1_put_object(out, /*constructed=*/0, len, tag, aclass); asn1_ex_i2c(pval, *out, &utype, it); - if (ndef) - ASN1_put_eoc(out); - else - *out += len; + *out += len; } if (usetag) - return ASN1_object_size(ndef, len, tag); + return ASN1_object_size(/*constructed=*/0, len, tag); return len; } @@ -626,16 +587,6 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, default: /* All based on ASN1_STRING and handled the same */ strtmp = (ASN1_STRING *)*pval; - /* Special handling for NDEF */ - if ((it->size == ASN1_TFLG_NDEF) - && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) { - if (cout) { - strtmp->data = cout; - strtmp->length = 0; - } - /* Special return code */ - return -2; - } cont = strtmp->data; len = strtmp->length; diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c index 82431d7b0c..78d6626aff 100644 --- a/crypto/asn1/tasn_fre.c +++ b/crypto/asn1/tasn_fre.c @@ -129,7 +129,6 @@ void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) ef->asn1_ex_free(pval, it); break; - case ASN1_ITYPE_NDEF_SEQUENCE: case ASN1_ITYPE_SEQUENCE: if (!asn1_refcount_dec_and_test_zero(pval, it)) return; diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index 5f7f94e992..139a0445bc 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -154,7 +154,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, goto auxerr2; break; - case ASN1_ITYPE_NDEF_SEQUENCE: case ASN1_ITYPE_SEQUENCE: if (asn1_cb) { i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL); @@ -240,7 +239,6 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) case ASN1_ITYPE_CHOICE: case ASN1_ITYPE_SEQUENCE: - case ASN1_ITYPE_NDEF_SEQUENCE: *pval = NULL; break; } diff --git a/crypto/asn1/tasn_typ.c b/crypto/asn1/tasn_typ.c index 7c5bfd5ec9..44399ea1e7 100644 --- a/crypto/asn1/tasn_typ.c +++ b/crypto/asn1/tasn_typ.c @@ -117,8 +117,6 @@ IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0) /* Special, OCTET STRING with indefinite length constructed support */ -IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF) - ASN1_ITEM_TEMPLATE(ASN1_SEQUENCE_ANY) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, ASN1_SEQUENCE_ANY, ASN1_ANY) ASN1_ITEM_TEMPLATE_END(ASN1_SEQUENCE_ANY) diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c index a7516f6ebf..91e084240e 100644 --- a/crypto/asn1/tasn_utl.c +++ b/crypto/asn1/tasn_utl.c @@ -91,8 +91,7 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value, static CRYPTO_refcount_t *asn1_get_references(ASN1_VALUE **pval, const ASN1_ITEM *it) { - if (it->itype != ASN1_ITYPE_SEQUENCE && - it->itype != ASN1_ITYPE_NDEF_SEQUENCE) { + if (it->itype != ASN1_ITYPE_SEQUENCE) { return NULL; } const ASN1_AUX *aux = it->funcs; diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 0cffd571f2..b6d1441b37 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -280,9 +280,6 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; OPENSSL_EXPORT int i2d_##name(const type *a, unsigned char **out); \ DECLARE_ASN1_ITEM(name) -#define DECLARE_ASN1_NDEF_FUNCTION(name) \ - OPENSSL_EXPORT int i2d_##name##_NDEF(name *a, unsigned char **out); - #define DECLARE_ASN1_FUNCTIONS_const(name) \ DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) @@ -707,8 +704,6 @@ DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) DECLARE_ASN1_FUNCTIONS(ASN1_TIME) -DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) - OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t); OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s,time_t t, int offset_day, long offset_sec); OPENSSL_EXPORT int ASN1_TIME_check(const ASN1_TIME *t); @@ -789,7 +784,6 @@ OPENSSL_EXPORT ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); OPENSSL_EXPORT void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); OPENSSL_EXPORT ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it); OPENSSL_EXPORT int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); -OPENSSL_EXPORT int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h index 540ca06f9f..7e55ecd383 100644 --- a/include/openssl/asn1t.h +++ b/include/openssl/asn1t.h @@ -141,12 +141,6 @@ extern "C" { #stname \ ASN1_ITEM_end(tname) -#define ASN1_NDEF_SEQUENCE(tname) \ - ASN1_SEQUENCE(tname) - -#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ - ASN1_SEQUENCE_cb(tname, cb) - #define ASN1_SEQUENCE_cb(tname, cb) \ static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \ ASN1_SEQUENCE(tname) @@ -159,18 +153,6 @@ extern "C" { static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, cb, offsetof(tname, enc)}; \ ASN1_SEQUENCE(tname) -#define ASN1_NDEF_SEQUENCE_END(tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_NDEF_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(tname),\ - #tname \ - ASN1_ITEM_end(tname) - #define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) #define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) @@ -187,18 +169,6 @@ extern "C" { #stname \ ASN1_ITEM_end(tname) -#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_NDEF_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - &tname##_aux,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) - /* This pair helps declare a CHOICE type. We can do: * @@ -347,14 +317,6 @@ extern "C" { #define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) -/* EXPLICIT using indefinite length constructed form */ -#define ASN1_NDEF_EXP(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) - -/* EXPLICIT OPTIONAL using indefinite length constructed form */ -#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) - /* Macros for the ASN1_ADB structure */ #define ASN1_ADB(name) \ @@ -498,13 +460,6 @@ struct ASN1_ADB_TABLE_st { #define ASN1_TFLG_COMBINE (0x1<<10) -/* This flag when present in a SEQUENCE OF, SET OF - * or EXPLICIT causes indefinite length constructed - * encoding to be used if required. - */ - -#define ASN1_TFLG_NDEF (0x1<<11) - /* This is the actual ASN1 item itself */ struct ASN1_ITEM_st { @@ -553,10 +508,6 @@ const char *sname; /* Structure name */ * has a special meaning, it is used as a mask * of acceptable types using the B_ASN1 constants. * - * NDEF_SEQUENCE is the same as SEQUENCE except - * that it will use indefinite length constructed - * encoding if requested. - * */ #define ASN1_ITYPE_PRIMITIVE 0x0 @@ -569,8 +520,6 @@ const char *sname; /* Structure name */ #define ASN1_ITYPE_MSTRING 0x5 -#define ASN1_ITYPE_NDEF_SEQUENCE 0x6 - /* Cache for ASN1 tag and length, so we * don't keep re-reading it for things * like CHOICE @@ -771,12 +720,6 @@ typedef struct ASN1_STREAM_ARG_st { return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ } -#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ - int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ - { \ - return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ - } - /* This includes evil casts to remove const: they will go away when full * ASN1 constification is done. */ From 2c8445c5f7515f8125f41aa1e3da2501b8b040d1 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 20 Jun 2020 02:57:58 -0400 Subject: [PATCH 198/399] Remove some unused types from asn1t.h. Change-Id: Id4a93f4cd6f9d3d959ec096bbd4357cac329ba20 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43890 Reviewed-by: Adam Langley --- include/openssl/asn1t.h | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h index 7e55ecd383..0af11952ad 100644 --- a/include/openssl/asn1t.h +++ b/include/openssl/asn1t.h @@ -606,23 +606,6 @@ typedef struct ASN1_AUX_st { int enc_offset; /* Offset of ASN1_ENCODING structure */ } ASN1_AUX; -/* For print related callbacks exarg points to this structure */ -typedef struct ASN1_PRINT_ARG_st { - BIO *out; - int indent; - const ASN1_PCTX *pctx; -} ASN1_PRINT_ARG; - -/* For streaming related callbacks exarg points to this structure */ -typedef struct ASN1_STREAM_ARG_st { - /* BIO to stream through */ - BIO *out; - /* BIO with filters appended */ - BIO *ndef_bio; - /* Streaming I/O boundary */ - unsigned char **boundary; -} ASN1_STREAM_ARG; - /* Flags in ASN1_AUX */ /* Use a reference count */ From 3de5949ba723292e01c7392b1dd9a849eb5ae17d Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 20 Jun 2020 03:05:47 -0400 Subject: [PATCH 199/399] Unwind ASN1_PRIMITIVE_FUNCS. This was used to register custom primitive types, namely some INTEGER variations. We have since removed them all. Change-Id: Id3f5b15058bc3be1cef5e0f989d2e7e6db392712 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43891 Reviewed-by: Adam Langley --- crypto/asn1/tasn_dec.c | 8 ++++---- crypto/asn1/tasn_enc.c | 8 ++++---- crypto/asn1/tasn_fre.c | 13 +++++-------- crypto/asn1/tasn_new.c | 19 ++++++------------- include/openssl/asn1t.h | 15 --------------- 5 files changed, 19 insertions(+), 44 deletions(-) diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 1512bfcb46..ecedd3b237 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -797,12 +797,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, ASN1_STRING *stmp; ASN1_TYPE *typ = NULL; int ret = 0; - const ASN1_PRIMITIVE_FUNCS *pf; ASN1_INTEGER **tint; - pf = it->funcs; - if (pf && pf->prim_c2i) - return pf->prim_c2i(pval, cont, len, utype, free_cont, it); + /* Historically, |it->funcs| for primitive types contained an + * |ASN1_PRIMITIVE_FUNCS| table of callbacks. */ + assert(it->funcs == NULL); + /* If ANY type clear type and set pointer to internal value */ if (it->utype == V_ASN1_ANY) { if (!*pval) { diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index c02f3c551f..5ef1828ec5 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -496,10 +496,10 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const unsigned char *cont; unsigned char c; int len; - const ASN1_PRIMITIVE_FUNCS *pf; - pf = it->funcs; - if (pf && pf->prim_i2c) - return pf->prim_i2c(pval, cout, putype, it); + + /* Historically, |it->funcs| for primitive types contained an + * |ASN1_PRIMITIVE_FUNCS| table of callbacks. */ + assert(it->funcs == NULL); /* Should type be omitted? */ if ((it->itype != ASN1_ITYPE_PRIMITIVE) diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c index 78d6626aff..a1e7315dd9 100644 --- a/crypto/asn1/tasn_fre.c +++ b/crypto/asn1/tasn_fre.c @@ -56,6 +56,8 @@ #include +#include + #include #include @@ -182,14 +184,9 @@ void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { int utype; - if (it) { - const ASN1_PRIMITIVE_FUNCS *pf; - pf = it->funcs; - if (pf && pf->prim_free) { - pf->prim_free(pval, it); - return; - } - } + /* Historically, |it->funcs| for primitive types contained an + * |ASN1_PRIMITIVE_FUNCS| table of calbacks. */ + assert(it == NULL || it->funcs == NULL); /* Special case: if 'it' is NULL free contents of ASN1_TYPE */ if (!it) { ASN1_TYPE *typ = (ASN1_TYPE *)*pval; diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index 139a0445bc..3e8beb70a1 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -308,11 +308,9 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) if (!it) return 0; - if (it->funcs) { - const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; - if (pf->prim_new) - return pf->prim_new(pval, it); - } + /* Historically, |it->funcs| for primitive types contained an + * |ASN1_PRIMITIVE_FUNCS| table of calbacks. */ + assert(it->funcs == NULL); if (it->itype == ASN1_ITYPE_MSTRING) utype = -1; @@ -355,14 +353,9 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) { int utype; - if (it && it->funcs) { - const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; - if (pf->prim_clear) - pf->prim_clear(pval, it); - else - *pval = NULL; - return; - } + /* Historically, |it->funcs| for primitive types contained an + * |ASN1_PRIMITIVE_FUNCS| table of calbacks. */ + assert(it == NULL || it->funcs == NULL); if (!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1; else diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h index 0af11952ad..deea9ecae4 100644 --- a/include/openssl/asn1t.h +++ b/include/openssl/asn1t.h @@ -552,10 +552,6 @@ typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, int indent, const char *fname, const ASN1_PCTX *pctx); -typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); -typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); -typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx); - typedef struct ASN1_EXTERN_FUNCS_st { void *app_data; ASN1_ex_new_func *asn1_ex_new; @@ -567,17 +563,6 @@ typedef struct ASN1_EXTERN_FUNCS_st { ASN1_ex_print_func *asn1_ex_print; } ASN1_EXTERN_FUNCS; -typedef struct ASN1_PRIMITIVE_FUNCS_st { - void *app_data; - unsigned long flags; - ASN1_ex_new_func *prim_new; - ASN1_ex_free_func *prim_free; - ASN1_ex_free_func *prim_clear; - ASN1_primitive_c2i *prim_c2i; - ASN1_primitive_i2c *prim_i2c; - ASN1_primitive_print *prim_print; -} ASN1_PRIMITIVE_FUNCS; - /* This is the ASN1_AUX structure: it handles various * miscellaneous requirements. For example the use of * reference counts and an informational callback. From 9e282c9a78d20937ef028ef63fcc62ac24efc88b Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 20 Jun 2020 10:49:17 -0400 Subject: [PATCH 200/399] Unwind some old ASN.1 ifdefs. Change-Id: I27826ffb9e2f84ce2de3bf13b8d009cce791a5f0 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43892 Reviewed-by: Adam Langley --- crypto/asn1/a_object.c | 13 +++---------- crypto/asn1/tasn_dec.c | 4 +--- crypto/asn1/tasn_new.c | 33 --------------------------------- include/openssl/asn1t.h | 4 ---- 4 files changed, 4 insertions(+), 50 deletions(-) diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index aa98453ef0..bf386dd022 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -250,19 +250,12 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a) if (a == NULL) return; if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) { -#ifndef CONST_STRICT /* disable purely for compile-time strict - * const checking. Doing this on a "real" - * compile will cause memory leaks */ - if (a->sn != NULL) - OPENSSL_free((void *)a->sn); - if (a->ln != NULL) - OPENSSL_free((void *)a->ln); -#endif + OPENSSL_free((void *)a->sn); + OPENSSL_free((void *)a->ln); a->sn = a->ln = NULL; } if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) { - if (a->data != NULL) - OPENSSL_free((void *)a->data); + OPENSSL_free((void *)a->data); a->data = NULL; a->length = 0; } diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index ecedd3b237..9f4656e52e 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -985,15 +985,13 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) * constructed type and 'inf' should be set if it is indefinite length. */ -#ifndef ASN1_MAX_STRING_NEST /* * This determines how many levels of recursion are permitted in ASN1 string * types. If it is not limited stack overflows can occur. If set to zero no * recursion is allowed at all. Although zero should be adequate examples * exist that require a value of 1. So 5 should be more than enough. */ -# define ASN1_MAX_STRING_NEST 5 -#endif +#define ASN1_MAX_STRING_NEST 5 static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, char inf, int tag, int aclass, int depth) diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index 3e8beb70a1..b99ed0acdd 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -102,11 +102,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, else asn1_cb = 0; -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_push_info(it->sname); -#endif - switch (it->itype) { case ASN1_ITYPE_EXTERN: @@ -136,10 +131,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, if (!i) goto auxerr; if (i == 2) { -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif return 1; } } @@ -160,10 +151,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, if (!i) goto auxerr; if (i == 2) { -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif return 1; } } @@ -184,30 +171,18 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, goto auxerr2; break; } -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif return 1; memerr2: asn1_item_combine_free(pval, it, combine); memerr: OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif return 0; auxerr2: asn1_item_combine_free(pval, it, combine); auxerr: OPENSSL_PUT_ERROR(ASN1, ASN1_R_AUX_ERROR); -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif return 0; } @@ -258,10 +233,6 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) *pval = NULL; return 1; } -#ifdef CRYPTO_MDEBUG - if (tt->field_name) - CRYPTO_push_info(tt->field_name); -#endif /* If SET OF or SEQUENCE OF, its a STACK */ if (tt->flags & ASN1_TFLG_SK_MASK) { STACK_OF(ASN1_VALUE) *skval; @@ -278,10 +249,6 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) /* Otherwise pass it back to the item routine */ ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE); done: -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif return ret; } diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h index deea9ecae4..8fa593c667 100644 --- a/include/openssl/asn1t.h +++ b/include/openssl/asn1t.h @@ -349,9 +349,7 @@ struct ASN1_TEMPLATE_st { unsigned long flags; /* Various flags */ long tag; /* tag, not used if no tagging */ unsigned long offset; /* Offset of this field in structure */ -#ifndef NO_ASN1_FIELD_NAMES const char *field_name; /* Field name */ -#endif ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ }; @@ -469,9 +467,7 @@ const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the conte long tcount; /* Number of templates if SEQUENCE or CHOICE */ const void *funcs; /* functions that handle this type */ long size; /* Structure size (usually)*/ -#ifndef NO_ASN1_FIELD_NAMES const char *sname; /* Structure name */ -#endif }; /* These are values for the itype field and From e4da107b6dd8996daa73688745c03ea7f7c6965c Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 20 Jun 2020 10:55:13 -0400 Subject: [PATCH 201/399] Unexport internal crypto/asn1 functions. A few can be made static. Move the rest of asn1_locl.h. Update-Note: Code search says these are unused. If someone's using them, we can reexport them. Change-Id: Ib41fd15792b59e7a1a41fa6b7ef5297dc19f3021 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43893 Reviewed-by: Adam Langley --- crypto/asn1/a_type.c | 3 +++ crypto/asn1/asn1_locl.h | 30 ++++++++++++++++++++++++++++++ crypto/asn1/tasn_dec.c | 7 +++++-- crypto/asn1/tasn_enc.c | 7 +++++-- crypto/asn1/tasn_new.c | 6 ++++-- crypto/asn1/tasn_utl.c | 1 + include/openssl/asn1t.h | 32 -------------------------------- 7 files changed, 48 insertions(+), 38 deletions(-) diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index c12edfafc1..cf5da204f6 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -61,6 +61,9 @@ #include #include +#include "asn1_locl.h" + + int ASN1_TYPE_get(const ASN1_TYPE *a) { if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) diff --git a/crypto/asn1/asn1_locl.h b/crypto/asn1/asn1_locl.h index 8cef2463a4..bf90ea2769 100644 --- a/crypto/asn1/asn1_locl.h +++ b/crypto/asn1/asn1_locl.h @@ -96,6 +96,36 @@ void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int UTF8_getc(const unsigned char *str, int len, uint32_t *val); int UTF8_putc(unsigned char *str, int len, uint32_t value); +int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); +void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); + +void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); +void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it); + +int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); +int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it); + +ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); + +const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, + int nullerr); + +void asn1_refcount_set_one(ASN1_VALUE **pval, const ASN1_ITEM *it); +int asn1_refcount_dec_and_test_zero(ASN1_VALUE **pval, const ASN1_ITEM *it); + +void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); +void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); +int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, + const ASN1_ITEM *it); +int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, + const ASN1_ITEM *it); + #if defined(__cplusplus) } /* extern C */ diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 9f4656e52e..531bc66f7e 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -65,6 +65,7 @@ #include #include "../internal.h" +#include "asn1_locl.h" /* * Constructed types with a recursive definition (such as can be found in PKCS7) @@ -95,6 +96,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx, int depth); +static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + int utype, char *free_cont, const ASN1_ITEM *it); static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, @@ -790,8 +793,8 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, /* Translate ASN1 content octets into a structure */ -int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it) +static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + int utype, char *free_cont, const ASN1_ITEM *it) { ASN1_VALUE **opval = NULL; ASN1_STRING *stmp; diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index 5ef1828ec5..d0aa0c5daf 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -63,10 +63,13 @@ #include #include "../internal.h" +#include "asn1_locl.h" static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); +static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it); static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int do_sort, int iclass); @@ -486,8 +489,8 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, /* Produce content octets from a structure */ -int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, - const ASN1_ITEM *it) +static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, + const ASN1_ITEM *it) { ASN1_BOOLEAN *tbool = NULL; ASN1_STRING *strtmp; diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index b99ed0acdd..dc864dabf3 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -70,7 +70,9 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine); static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); +static int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); +static int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it); static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it) @@ -219,7 +221,7 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) } } -int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) +static int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) { const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item); int ret; @@ -266,7 +268,7 @@ static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) * all the old functions. */ -int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) +static int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { ASN1_TYPE *typ; ASN1_STRING *str; diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c index 91e084240e..f0288b48f6 100644 --- a/crypto/asn1/tasn_utl.c +++ b/crypto/asn1/tasn_utl.c @@ -66,6 +66,7 @@ #include #include "../internal.h" +#include "asn1_locl.h" /* Utility functions for manipulating fields and offsets */ diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h index 8fa593c667..c5e2685e53 100644 --- a/include/openssl/asn1t.h +++ b/include/openssl/asn1t.h @@ -719,38 +719,6 @@ DECLARE_ASN1_ITEM(ASN1_SEQUENCE) DEFINE_STACK_OF(ASN1_VALUE) -/* Functions used internally by the ASN1 code */ - -int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); -void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it); - -void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx); - -int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); -void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it); - -int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); -int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); - -int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it); - -ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); - -const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr); - -void asn1_refcount_set_one(ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_refcount_dec_and_test_zero(ASN1_VALUE **pval, const ASN1_ITEM *it); - -void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); -void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it); - #ifdef __cplusplus } #endif From 9bdec296adba5e3891151ab4bcb8f7ebfcd1fc37 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 8 Sep 2020 15:47:27 -0400 Subject: [PATCH 202/399] Remove ASN1_STRING_FLAG_NDEF. This is a remnant of OpenSSL's streaming PKCS#7 encoder. Change-Id: I1fb8ac404e12c43945b27efb8d00643758baaf1e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43894 Reviewed-by: Adam Langley --- crypto/asn1/asn1_lib.c | 3 +-- include/openssl/asn1.h | 5 ----- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 481a4d752f..93957ba8d6 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -401,8 +401,7 @@ void ASN1_STRING_free(ASN1_STRING *a) { if (a == NULL) return; - if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) - OPENSSL_free(a->data); + OPENSSL_free(a->data); OPENSSL_free(a); } diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index b6d1441b37..439641fc45 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -179,11 +179,6 @@ struct asn1_object_st DEFINE_STACK_OF(ASN1_OBJECT) #define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ -/* This indicates that the ASN1_STRING is not a real value but just a place - * holder for the location where indefinite length constructed data should - * be inserted in the memory buffer - */ -#define ASN1_STRING_FLAG_NDEF 0x010 /* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING * type. From df00df6035c97cf31b7d0cb289f5ab050626b800 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 9 Nov 2020 14:24:59 -0500 Subject: [PATCH 203/399] Document X509V3_add1_i2d and friends. Change-Id: I77e08b88afa8a1f4e28449bf728eccc2c2f6f372 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43944 Commit-Queue: David Benjamin Commit-Queue: Adam Langley Reviewed-by: Adam Langley --- include/openssl/x509.h | 18 ++++++++++ include/openssl/x509v3.h | 78 +++++++++++++++++++++++++++++++++------- 2 files changed, 84 insertions(+), 12 deletions(-) diff --git a/include/openssl/x509.h b/include/openssl/x509.h index ceb3396e0f..4ee1e7b2b1 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1317,6 +1317,12 @@ OPENSSL_EXPORT int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); OPENSSL_EXPORT void *X509_get_ext_d2i(const X509 *x509, int nid, int *out_critical, int *out_idx); +// X509_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the extension to +// |x|'s extension list. +// +// WARNING: This function may return zero or -1 on error. The caller must also +// ensure |value|'s type matches |nid|. See the documentation for +// |X509V3_add1_i2d| for details. OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, unsigned long flags); @@ -1338,6 +1344,12 @@ OPENSSL_EXPORT int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *out_critical, int *out_idx); +// X509_CRL_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the extension +// to |x|'s extension list. +// +// WARNING: This function may return zero or -1 on error. The caller must also +// ensure |value|'s type matches |nid|. See the documentation for +// |X509V3_add1_i2d| for details. OPENSSL_EXPORT int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, unsigned long flags); @@ -1365,6 +1377,12 @@ OPENSSL_EXPORT void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *revoked, int nid, int *out_critical, int *out_idx); +// X509_REVOKED_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the +// extension to |x|'s extension list. +// +// WARNING: This function may return zero or -1 on error. The caller must also +// ensure |value|'s type matches |nid|. See the documentation for +// |X509V3_add1_i2d| for details. OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, unsigned long flags); diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index d6827bbd93..a0b6bd839c 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -466,17 +466,6 @@ typedef struct x509_purpose_st { #define X509_PURPOSE_MIN 1 #define X509_PURPOSE_MAX 9 -// Flags for X509V3_add1_i2d - -#define X509V3_ADD_OP_MASK 0xfL -#define X509V3_ADD_DEFAULT 0L -#define X509V3_ADD_APPEND 1L -#define X509V3_ADD_REPLACE 2L -#define X509V3_ADD_REPLACE_EXISTING 3L -#define X509V3_ADD_KEEP_EXISTING 4L -#define X509V3_ADD_DELETE 5L -#define X509V3_ADD_SILENT 0x10 - DEFINE_STACK_OF(X509_PURPOSE) DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) @@ -684,11 +673,76 @@ OPENSSL_EXPORT void *X509V3_EXT_d2i(const X509_EXTENSION *ext); OPENSSL_EXPORT void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *extensions, int nid, int *out_critical, int *out_idx); +// X509V3_EXT_free casts |ext_data| into the type that corresponds to |nid| and +// releases memory associated with it. It returns one on success and zero if +// |nid| is not a known extension. +// +// WARNING: Casting |ext_data| to the wrong type is a potentially exploitable +// memory error, so callers must ensure |ext_data|'s type matches |nid|. +// +// TODO(davidben): OpenSSL upstream no longer exposes this function. Remove it? OPENSSL_EXPORT int X509V3_EXT_free(int nid, void *ext_data); - +// X509V3_EXT_i2d casts |ext_struc| into the type that corresponds to +// |ext_nid|, serializes it, and returns a newly-allocated |X509_EXTENSION| +// object containing the serialization, or NULL on error. The |X509_EXTENSION| +// has OID |ext_nid| and is critical if |crit| is one. +// +// WARNING: Casting |ext_struc| to the wrong type is a potentially exploitable +// memory error, so callers must ensure |ext_struct|'s type matches |ext_nid|. OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); + +// The following constants control the behavior of |X509V3_add1_i2d| and related +// functions. + +// X509V3_ADD_OP_MASK can be ANDed with the flags to determine how duplicate +// extensions are processed. +#define X509V3_ADD_OP_MASK 0xfL + +// X509V3_ADD_DEFAULT causes the function to fail if the extension was already +// present. +#define X509V3_ADD_DEFAULT 0L + +// X509V3_ADD_APPEND causes the function to unconditionally appended the new +// extension to to the extensions list, even if there is a duplicate. +#define X509V3_ADD_APPEND 1L + +// X509V3_ADD_REPLACE causes the function to replace the existing extension, or +// append if it is not present. +#define X509V3_ADD_REPLACE 2L + +// X509V3_ADD_REPLACE causes the function to replace the existing extension and +// fail if it is not present. +#define X509V3_ADD_REPLACE_EXISTING 3L + +// X509V3_ADD_KEEP_EXISTING causes the function to succeed without replacing the +// extension if already present. +#define X509V3_ADD_KEEP_EXISTING 4L + +// X509V3_ADD_DELETE causes the function to remove the matching extension. No +// new extension is added. If there is no matching extension, the function +// fails. The |value| parameter is ignored in this mode. +#define X509V3_ADD_DELETE 5L + +// X509V3_ADD_SILENT may be ORed into one of the values above to indicate the +// function should not add to the error queue on duplicate or missing extension. +// The function will continue to return zero in those cases, and it will +// continue to return -1 and add to the error queue on other errors. +#define X509V3_ADD_SILENT 0x10 + +// X509V3_add1_i2d casts |value| to the type that corresponds to |nid|, +// serializes it, and appends it to the extension list in |*x|. If |*x| is NULL, +// it will set |*x| to a newly-allocated |STACK_OF(X509_EXTENSION)| as needed. +// The |crit| parameter determines whether the new extension is critical. +// |flags| may be some combination of the |X509V3_ADD_*| constants to control +// the function's behavior on duplicate extension. +// +// This function returns one on success, zero if the operation failed due to a +// missing or duplicate extension, and -1 on other errors. +// +// WARNING: Casting |value| to the wrong type is a potentially exploitable +// memory error, so callers must ensure |value|'s type matches |nid|. OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); From 7be158d18bc96753a3a750b44ed7063310fa22c4 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 9 Nov 2020 14:54:29 -0500 Subject: [PATCH 204/399] Re-reformat x509.h. At the time, we hadn't taught clang-format how to handle STACK_OF correctly. Change-Id: Ia90c3bf443846a07eddaea5044b724027552ed30 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43964 Reviewed-by: Adam Langley --- include/openssl/x509.h | 122 ++++++++++++++++++++--------------------- 1 file changed, 59 insertions(+), 63 deletions(-) diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 4ee1e7b2b1..1f3131279c 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -143,7 +143,7 @@ DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) // we always keep X509_NAMEs in 2 forms. struct X509_name_st { - STACK_OF(X509_NAME_ENTRY) * entries; + STACK_OF(X509_NAME_ENTRY) *entries; int modified; // true if 'bytes' needs to be built BUF_MEM *bytes; // unsigned long hash; Keep the hash around for lookups @@ -170,7 +170,7 @@ struct x509_attributes_st { int single; // 0 for a set, 1 for a single item (which is wrong) union { char *ptr; - /* 0 */ STACK_OF(ASN1_TYPE) * set; + /* 0 */ STACK_OF(ASN1_TYPE) *set; /* 1 */ ASN1_TYPE *single; } value; } /* X509_ATTRIBUTE */; @@ -185,7 +185,7 @@ struct X509_req_info_st { X509_NAME *subject; X509_PUBKEY *pubkey; // d=2 hl=2 l= 0 cons: cont: 00 - STACK_OF(X509_ATTRIBUTE) * attributes; // [ 0 ] + STACK_OF(X509_ATTRIBUTE) *attributes; // [ 0 ] } /* X509_REQ_INFO */; struct X509_req_st { @@ -203,9 +203,9 @@ struct x509_cinf_st { X509_VAL *validity; X509_NAME *subject; X509_PUBKEY *key; - ASN1_BIT_STRING *issuerUID; // [ 1 ] optional in v2 - ASN1_BIT_STRING *subjectUID; // [ 2 ] optional in v2 - STACK_OF(X509_EXTENSION) * extensions; // [ 3 ] optional in v3 + ASN1_BIT_STRING *issuerUID; // [ 1 ] optional in v2 + ASN1_BIT_STRING *subjectUID; // [ 2 ] optional in v2 + STACK_OF(X509_EXTENSION) *extensions; // [ 3 ] optional in v3 ASN1_ENCODING enc; } /* X509_CINF */; @@ -215,11 +215,11 @@ struct x509_cinf_st { // the end of the certificate itself struct x509_cert_aux_st { - STACK_OF(ASN1_OBJECT) * trust; // trusted uses - STACK_OF(ASN1_OBJECT) * reject; // rejected uses - ASN1_UTF8STRING *alias; // "friendly name" - ASN1_OCTET_STRING *keyid; // key id of private key - STACK_OF(X509_ALGOR) * other; // other unspecified info + STACK_OF(ASN1_OBJECT) *trust; // trusted uses + STACK_OF(ASN1_OBJECT) *reject; // rejected uses + ASN1_UTF8STRING *alias; // "friendly name" + ASN1_OCTET_STRING *keyid; // key id of private key + STACK_OF(X509_ALGOR) *other; // other unspecified info } /* X509_CERT_AUX */; DECLARE_STACK_OF(DIST_POINT) @@ -241,8 +241,8 @@ struct x509_st { ASN1_OCTET_STRING *skid; AUTHORITY_KEYID *akid; X509_POLICY_CACHE *policy_cache; - STACK_OF(DIST_POINT) * crldp; - STACK_OF(GENERAL_NAME) * altname; + STACK_OF(DIST_POINT) *crldp; + STACK_OF(GENERAL_NAME) *altname; NAME_CONSTRAINTS *nc; unsigned char sha1_hash[SHA_DIGEST_LENGTH]; X509_CERT_AUX *aux; @@ -364,9 +364,9 @@ DEFINE_STACK_OF(X509_TRUST) struct x509_revoked_st { ASN1_INTEGER *serialNumber; ASN1_TIME *revocationDate; - STACK_OF(X509_EXTENSION) /* optional */ * extensions; + STACK_OF(X509_EXTENSION) /* optional */ *extensions; // Set up if indirect CRL - STACK_OF(GENERAL_NAME) * issuer; + STACK_OF(GENERAL_NAME) *issuer; // Revocation reason int reason; int sequence; // load sequence @@ -381,8 +381,8 @@ struct X509_crl_info_st { X509_NAME *issuer; ASN1_TIME *lastUpdate; ASN1_TIME *nextUpdate; - STACK_OF(X509_REVOKED) * revoked; - STACK_OF(X509_EXTENSION) /* [0] */ * extensions; + STACK_OF(X509_REVOKED) *revoked; + STACK_OF(X509_EXTENSION) /* [0] */ *extensions; ASN1_ENCODING enc; } /* X509_CRL_INFO */; @@ -405,7 +405,7 @@ struct X509_crl_st { ASN1_INTEGER *crl_number; ASN1_INTEGER *base_crl_number; unsigned char sha1_hash[SHA_DIGEST_LENGTH]; - STACK_OF(GENERAL_NAMES) * issuers; + STACK_OF(GENERAL_NAMES) *issuers; const X509_CRL_METHOD *meth; void *meth_data; } /* X509_CRL */; @@ -610,8 +610,8 @@ OPENSSL_EXPORT X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); OPENSSL_EXPORT STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); // X509_CRL_get0_extensions returns |crl|'s extension list. -OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) * - X509_CRL_get0_extensions(const X509_CRL *crl); +OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions( + const X509_CRL *crl); // X509_CINF_set_modified marks |cinf| as modified so that changes will be // reflected in serializing the structure. @@ -1082,8 +1082,8 @@ OPENSSL_EXPORT X509_NAME *X509_get_subject_name(const X509 *a); OPENSSL_EXPORT int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x); OPENSSL_EXPORT ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); -OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) * - X509_get0_extensions(const X509 *x); +OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_get0_extensions( + const X509 *x); OPENSSL_EXPORT const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); OPENSSL_EXPORT int X509_REQ_set_version(X509_REQ *x, long version); @@ -1098,13 +1098,12 @@ OPENSSL_EXPORT EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); OPENSSL_EXPORT int X509_REQ_extension_nid(int nid); OPENSSL_EXPORT const int *X509_REQ_get_extension_nids(void); OPENSSL_EXPORT void X509_REQ_set_extension_nids(const int *nids); -OPENSSL_EXPORT STACK_OF(X509_EXTENSION) * - X509_REQ_get_extensions(X509_REQ *req); +OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); OPENSSL_EXPORT int X509_REQ_add_extensions_nid(X509_REQ *req, - STACK_OF(X509_EXTENSION) * exts, + STACK_OF(X509_EXTENSION) *exts, int nid); OPENSSL_EXPORT int X509_REQ_add_extensions(X509_REQ *req, - STACK_OF(X509_EXTENSION) * exts); + STACK_OF(X509_EXTENSION) *exts); OPENSSL_EXPORT int X509_REQ_get_attr_count(const X509_REQ *req); OPENSSL_EXPORT int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); @@ -1174,8 +1173,8 @@ OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); // X509_REVOKED_get0_extensions returns |r|'s extensions. -OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) * - X509_REVOKED_get0_extensions(const X509_REVOKED *r); +OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions( + const X509_REVOKED *r); OPENSSL_EXPORT X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, EVP_PKEY *skey, const EVP_MD *md, @@ -1185,11 +1184,11 @@ OPENSSL_EXPORT int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); OPENSSL_EXPORT int X509_check_private_key(X509 *x509, const EVP_PKEY *pkey); OPENSSL_EXPORT int X509_chain_check_suiteb(int *perror_depth, X509 *x, - STACK_OF(X509) * chain, + STACK_OF(X509) *chain, unsigned long flags); OPENSSL_EXPORT int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); -OPENSSL_EXPORT STACK_OF(X509) * X509_chain_up_ref(STACK_OF(X509) * chain); +OPENSSL_EXPORT STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); OPENSSL_EXPORT int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); OPENSSL_EXPORT unsigned long X509_issuer_and_serial_hash(X509 *a); @@ -1283,21 +1282,19 @@ OPENSSL_EXPORT ASN1_OBJECT *X509_NAME_ENTRY_get_object( const X509_NAME_ENTRY *ne); OPENSSL_EXPORT ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); -OPENSSL_EXPORT int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) * x); -OPENSSL_EXPORT int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) * x, +OPENSSL_EXPORT int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +OPENSSL_EXPORT int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, int lastpos); -OPENSSL_EXPORT int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) * x, +OPENSSL_EXPORT int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, const ASN1_OBJECT *obj, int lastpos); -OPENSSL_EXPORT int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) * - x, +OPENSSL_EXPORT int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, int crit, int lastpos); -OPENSSL_EXPORT X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) * - x, +OPENSSL_EXPORT X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); -OPENSSL_EXPORT X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) * x, +OPENSSL_EXPORT X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); -OPENSSL_EXPORT STACK_OF(X509_EXTENSION) * - X509v3_add_ext(STACK_OF(X509_EXTENSION) * *x, X509_EXTENSION *ex, int loc); +OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509v3_add_ext( + STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc); OPENSSL_EXPORT int X509_get_ext_count(const X509 *x); OPENSSL_EXPORT int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); @@ -1327,7 +1324,8 @@ OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, unsigned long flags); OPENSSL_EXPORT int X509_CRL_get_ext_count(const X509_CRL *x); -OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, + int lastpos); OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos); OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, @@ -1401,29 +1399,27 @@ OPENSSL_EXPORT ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); OPENSSL_EXPORT ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); OPENSSL_EXPORT int X509_EXTENSION_get_critical(X509_EXTENSION *ex); -OPENSSL_EXPORT int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) * x); -OPENSSL_EXPORT int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) * x, +OPENSSL_EXPORT int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); +OPENSSL_EXPORT int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, int lastpos); -OPENSSL_EXPORT int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) * sk, +OPENSSL_EXPORT int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, const ASN1_OBJECT *obj, int lastpos); -OPENSSL_EXPORT X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) * - x, - int loc); -OPENSSL_EXPORT X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) * x, +OPENSSL_EXPORT X509_ATTRIBUTE *X509at_get_attr( + const STACK_OF(X509_ATTRIBUTE) *x, int loc); +OPENSSL_EXPORT X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); -OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) * - X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) * *x, X509_ATTRIBUTE *attr); -OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) * - X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) * *x, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len); -OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) * - X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) * *x, int nid, int type, - const unsigned char *bytes, int len); -OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) * - X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) * *x, const char *attrname, - int type, const unsigned char *bytes, int len); -OPENSSL_EXPORT void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) * x, +OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr( + STACK_OF(X509_ATTRIBUTE) **x, X509_ATTRIBUTE *attr); +OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ( + STACK_OF(X509_ATTRIBUTE) **x, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID( + STACK_OF(X509_ATTRIBUTE) **x, int nid, int type, const unsigned char *bytes, + int len); +OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt( + STACK_OF(X509_ATTRIBUTE) **x, const char *attrname, int type, + const unsigned char *bytes, int len); +OPENSSL_EXPORT void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, ASN1_OBJECT *obj, int lastpos, int type); OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID( @@ -1448,10 +1444,10 @@ OPENSSL_EXPORT ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, OPENSSL_EXPORT int X509_verify_cert(X509_STORE_CTX *ctx); // lookup a cert from a X509 STACK -OPENSSL_EXPORT X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) * sk, +OPENSSL_EXPORT X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, ASN1_INTEGER *serial); -OPENSSL_EXPORT X509 *X509_find_by_subject(STACK_OF(X509) * sk, X509_NAME *name); +OPENSSL_EXPORT X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name); // PKCS#8 utilities From 18ced9d490cbc8ef0ba33516dd93f62fd6b9fc4b Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 6 Nov 2020 15:08:23 -0800 Subject: [PATCH 205/399] CI/CD: Move some jobs from Travis CI to Github Actions. --- .github/workflows/ci.yml | 76 +++++++++++++++++++++++++++++ .travis.yml | 100 --------------------------------------- mk/update-travis-yml.py | 2 - 3 files changed, 76 insertions(+), 102 deletions(-) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000000..8920de1f4d --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,76 @@ +name: ci +on: + pull_request: + push: +jobs: + rustfmt: + runs-on: ubuntu-18.04 + steps: + - uses: actions/checkout@v2 + - uses: actions-rs/toolchain@v1 + with: + toolchain: stable + profile: minimal + components: rustfmt + - run: cargo fmt --all -- --check + + test-target-is-host: + runs-on: ${{ matrix.host_os }} + strategy: + matrix: + host_os: + - ubuntu-18.04 + - macos-latest + mode: + - # debug + - --release + rust_channel: + - stable + - beta + - nightly + + steps: + - uses: actions/checkout@v2 + - uses: actions-rs/toolchain@v1 + with: + override: true + toolchain: ${{ matrix.rust_channel }} + - run: cargo test -vv ${{ matrix.mode }} + + # Verify that the default configuration and the "wasm32_c" configuration build. + build-cross-wasm: + runs-on: ${{ matrix.host_os }} + strategy: + matrix: + features: + - # Default + - --features=wasm32_c + host_os: + - ubuntu-18.04 + mode: + - # debug + - --release + rust_channel: + - stable + - beta + - nightly + target: + - wasm32-unknown-unknown + steps: + - uses: actions/checkout@v2 + - uses: actions-rs/toolchain@v1 + with: + override: true + target: ${{ matrix.target }} + toolchain: ${{ matrix.rust_channel }} + # "wasm_c" has only been tested with clang-10 and llvm-ar-10. The build + # will fail when using some older versions. + - if: ${{ matrix.features == '--features=wasm32_c' }} + run: sudo apt-get -yq --no-install-suggests --no-install-recommends install clang-10 llvm-10 + - env: + # These are only needed for the "wasm_c" feature currently. + CC_wasm32_unknown_unknown: clang-10 + AR_wasm32_unknown_unknown: llvm-ar-10 + # TODO: Collect the resultant artifacts and/or run the tests. + run: | + cargo test --no-run -vv ${{ matrix.features }} ${{ matrix.mode }} --target=${{ matrix.target }} diff --git a/.travis.yml b/.travis.yml index ed04abd5ff..84b004a6fa 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,12 +1,6 @@ language: rust matrix: include: - - rust: stable - os: linux - dist: focal - install: rustup component add rustfmt - script: cargo fmt -- --check - # The lines from "# BEGIN GENERATED" through "# END GENERATED" are # generated by running |python mk/update-travis-yml.py|. Any changes # made to those lines will be overwritten while other lines will be left @@ -24,16 +18,6 @@ matrix: os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin RUST_X=stable MODE_X=DEBUG - rust: stable - os: osx - osx_image: xcode12 - - - env: TARGET_X=x86_64-apple-darwin RUST_X=stable MODE_X=RELWITHDEBINFO - rust: stable - os: osx - osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=DEBUG CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang rust: stable os: linux @@ -76,24 +60,6 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG CC_x86_64_unknown_linux_gnu=clang-10 - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO CC_x86_64_unknown_linux_gnu=clang-10 - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=DEBUG CC_x86_64_unknown_linux_musl=clang-10 rust: stable os: linux @@ -214,16 +180,6 @@ matrix: os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin RUST_X=nightly MODE_X=DEBUG - rust: nightly - os: osx - osx_image: xcode12 - - - env: TARGET_X=x86_64-apple-darwin RUST_X=nightly MODE_X=RELWITHDEBINFO - rust: nightly - os: osx - osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=DEBUG CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang rust: nightly os: linux @@ -266,34 +222,6 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CC_x86_64_unknown_linux_gnu=clang-10 - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CARGO_INCREMENTAL=0 RUSTDOCFLAGS="-Cpanic=abort" RUSTFLAGS="-Ccodegen-units=1 -Clink-dead-code -Coverflow-checks=on -Cpanic=abort -Zpanic_abort_tests -Zprofile" KCOV=1 CC_x86_64_unknown_linux_gnu=clang-10 CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER=mk/kcov.sh - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - kcov - - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO CC_x86_64_unknown_linux_gnu=clang-10 - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG CC_x86_64_unknown_linux_musl=clang-10 rust: nightly os: linux @@ -426,16 +354,6 @@ matrix: os: osx osx_image: xcode12 - - env: TARGET_X=x86_64-apple-darwin RUST_X=beta MODE_X=DEBUG - rust: beta - os: osx - osx_image: xcode12 - - - env: TARGET_X=x86_64-apple-darwin RUST_X=beta MODE_X=RELWITHDEBINFO - rust: beta - os: osx - osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=DEBUG CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang rust: beta os: linux @@ -478,24 +396,6 @@ matrix: - sys-img-armeabi-v7a-android-18 dist: trusty - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG CC_x86_64_unknown_linux_gnu=clang-10 - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO CC_x86_64_unknown_linux_gnu=clang-10 - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=DEBUG CC_x86_64_unknown_linux_musl=clang-10 rust: beta os: linux diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index 06b6074d43..ba340eadaf 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -49,12 +49,10 @@ targets = { "osx" : [ ("aarch64-apple-ios", apple_compilers), - ("x86_64-apple-darwin", apple_compilers), ], "linux" : [ ("aarch64-linux-android", [ "aarch64-linux-android21-clang" ]), ("armv7-linux-androideabi", [ "armv7a-linux-androideabi18-clang" ]), - ("x86_64-unknown-linux-gnu", linux_compilers), ("x86_64-unknown-linux-musl", [clang]), ("aarch64-unknown-linux-gnu", [ "aarch64-linux-gnu-gcc" ]), ("i686-unknown-linux-gnu", linux_compilers), From 95307afefac61957fbca683234daa99c1bd99cdb Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 6 Nov 2020 17:24:47 -0800 Subject: [PATCH 206/399] CI/CD: Move building of aarch64-apple-ios to GitHub Actions. --- .github/workflows/ci.yml | 26 ++++++++++++++++++++++++++ .travis.yml | 30 ------------------------------ mk/update-travis-yml.py | 3 --- 3 files changed, 26 insertions(+), 33 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8920de1f4d..34f35f5b16 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -74,3 +74,29 @@ jobs: # TODO: Collect the resultant artifacts and/or run the tests. run: | cargo test --no-run -vv ${{ matrix.features }} ${{ matrix.mode }} --target=${{ matrix.target }} + + build-cross-apple: + runs-on: ${{ matrix.host_os }} + strategy: + matrix: + host_os: + - macos-latest + mode: + - # debug + - --release + rust_channel: + - stable + - beta + - nightly + target: + - aarch64-apple-ios + steps: + - uses: actions/checkout@v2 + - uses: actions-rs/toolchain@v1 + with: + override: true + target: ${{ matrix.target }} + toolchain: ${{ matrix.rust_channel }} + # TODO: Collect the resultant artifacts and/or run the tests. + - run: | + cargo test --no-run -vv ${{ matrix.features }} ${{ matrix.mode }} --target=${{ matrix.target }} diff --git a/.travis.yml b/.travis.yml index 84b004a6fa..4578bdb97c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,16 +8,6 @@ matrix: # # BEGIN GENERATED - - env: TARGET_X=aarch64-apple-ios RUST_X=stable MODE_X=DEBUG - rust: stable - os: osx - osx_image: xcode12 - - - env: TARGET_X=aarch64-apple-ios RUST_X=stable MODE_X=RELWITHDEBINFO - rust: stable - os: osx - osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=DEBUG CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang rust: stable os: linux @@ -170,16 +160,6 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-apple-ios RUST_X=nightly MODE_X=DEBUG - rust: nightly - os: osx - osx_image: xcode12 - - - env: TARGET_X=aarch64-apple-ios RUST_X=nightly MODE_X=RELWITHDEBINFO - rust: nightly - os: osx - osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=DEBUG CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang rust: nightly os: linux @@ -344,16 +324,6 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-apple-ios RUST_X=beta MODE_X=DEBUG - rust: beta - os: osx - osx_image: xcode12 - - - env: TARGET_X=aarch64-apple-ios RUST_X=beta MODE_X=RELWITHDEBINFO - rust: beta - os: osx - osx_image: xcode12 - - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=DEBUG CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang rust: beta os: linux diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index ba340eadaf..a4e86f6909 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -47,9 +47,6 @@ # Mac OS X is first because we don't want to have to wait until all the Linux # configurations have been built to find out that there is a failure on Mac. targets = { - "osx" : [ - ("aarch64-apple-ios", apple_compilers), - ], "linux" : [ ("aarch64-linux-android", [ "aarch64-linux-android21-clang" ]), ("armv7-linux-androideabi", [ "armv7a-linux-androideabi18-clang" ]), From fe4aeee8bab809bd32a2c063a7b94f5fac7c957a Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 9 Nov 2020 12:57:44 -0800 Subject: [PATCH 207/399] CI/CD: Move Android target build to GitHub Actions. --- .github/workflows/ci.yml | 57 +++++++++++++++-- .travis.yml | 127 -------------------------------------- mk/install-build-tools.sh | 26 -------- mk/travis.sh | 26 -------- mk/update-travis-yml.py | 2 - 5 files changed, 51 insertions(+), 187 deletions(-) delete mode 100755 mk/install-build-tools.sh diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 34f35f5b16..e3c7c08504 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -37,14 +37,13 @@ jobs: toolchain: ${{ matrix.rust_channel }} - run: cargo test -vv ${{ matrix.mode }} - # Verify that the default configuration and the "wasm32_c" configuration build. - build-cross-wasm: + # Verify cross-compiling with the default feature set works. + build-cross-linux: runs-on: ${{ matrix.host_os }} strategy: matrix: features: - # Default - - --features=wasm32_c host_os: - ubuntu-18.04 mode: @@ -56,6 +55,8 @@ jobs: - nightly target: - wasm32-unknown-unknown + - aarch64-linux-android + - armv7-linux-androideabi steps: - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 @@ -63,12 +64,56 @@ jobs: override: true target: ${{ matrix.target }} toolchain: ${{ matrix.rust_channel }} + + - if: ${{ contains(matrix.target, 'android') }} + run: | + mkdir -p "${ANDROID_SDK_ROOT}/licenses" && \ + echo "24333f8a63b6825ea9c5514f83c2829b004d1fee" > "${ANDROID_SDK_ROOT}/licenses/android-sdk-license" && \ + sudo "${ANDROID_SDK_ROOT}/tools/bin/sdkmanager" ndk-bundle + + # wasm32-*: When the "wasm32_c" feature isn't enabled, we don't need to set anything. + # TODO: Collect the resultant artifacts and/or run the tests. + - run: | + PATH=${ANDROID_SDK_ROOT}/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/bin:$PATH \ + CC_aarch64_linux_android=aarch64-linux-android21-clang \ + CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang \ + CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang \ + CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang \ + cargo test --no-run -vv ${{ matrix.features }} ${{ matrix.mode }} --target=${{ matrix.target }} + + # Verify that the the "wasm32_c" configuration builds. + build-cross-wasm32-c: + runs-on: ${{ matrix.host_os }} + strategy: + matrix: + features: + - --features="wasm32_c" + host_os: + - ubuntu-18.04 + mode: + - # debug + - --release + rust_channel: + - stable + - beta + - nightly + target: + - wasm32-unknown-unknown + + steps: + - uses: actions/checkout@v2 + - uses: actions-rs/toolchain@v1 + with: + override: true + target: ${{ matrix.target }} + toolchain: ${{ matrix.rust_channel }} + # "wasm_c" has only been tested with clang-10 and llvm-ar-10. The build # will fail when using some older versions. - - if: ${{ matrix.features == '--features=wasm32_c' }} - run: sudo apt-get -yq --no-install-suggests --no-install-recommends install clang-10 llvm-10 + - run: sudo apt-get -yq --no-install-suggests --no-install-recommends install clang-10 llvm-10 - env: - # These are only needed for the "wasm_c" feature currently. + # These are only needed for for wasm32 targets only, only when the "wasm_c" + # feature is enabled. CC_wasm32_unknown_unknown: clang-10 AR_wasm32_unknown_unknown: llvm-ar-10 # TODO: Collect the resultant artifacts and/or run the tests. diff --git a/.travis.yml b/.travis.yml index 4578bdb97c..8117b3fc52 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,48 +8,6 @@ matrix: # # BEGIN GENERATED - - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=DEBUG CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang - rust: stable - os: linux - language: android - android: - components: - - android-21 - - build-tools-26.0.2 - dist: trusty - - - env: TARGET_X=aarch64-linux-android RUST_X=stable MODE_X=RELWITHDEBINFO CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang - rust: stable - os: linux - language: android - android: - components: - - android-21 - - build-tools-26.0.2 - dist: trusty - - - env: TARGET_X=armv7-linux-androideabi RUST_X=stable MODE_X=DEBUG CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang - rust: stable - os: linux - language: android - android: - components: - - android-18 - - build-tools-26.0.2 - - sys-img-armeabi-v7a-android-18 - dist: trusty - - - env: TARGET_X=armv7-linux-androideabi RUST_X=stable MODE_X=RELWITHDEBINFO CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang - rust: stable - os: linux - language: android - android: - components: - - android-18 - - build-tools-26.0.2 - - sys-img-armeabi-v7a-android-18 - dist: trusty - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=DEBUG CC_x86_64_unknown_linux_musl=clang-10 rust: stable os: linux @@ -160,48 +118,6 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=DEBUG CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang - rust: nightly - os: linux - language: android - android: - components: - - android-21 - - build-tools-26.0.2 - dist: trusty - - - env: TARGET_X=aarch64-linux-android RUST_X=nightly MODE_X=RELWITHDEBINFO CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang - rust: nightly - os: linux - language: android - android: - components: - - android-21 - - build-tools-26.0.2 - dist: trusty - - - env: TARGET_X=armv7-linux-androideabi RUST_X=nightly MODE_X=DEBUG CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang - rust: nightly - os: linux - language: android - android: - components: - - android-18 - - build-tools-26.0.2 - - sys-img-armeabi-v7a-android-18 - dist: trusty - - - env: TARGET_X=armv7-linux-androideabi RUST_X=nightly MODE_X=RELWITHDEBINFO CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang - rust: nightly - os: linux - language: android - android: - components: - - android-18 - - build-tools-26.0.2 - - sys-img-armeabi-v7a-android-18 - dist: trusty - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG CC_x86_64_unknown_linux_musl=clang-10 rust: nightly os: linux @@ -324,48 +240,6 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=DEBUG CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang - rust: beta - os: linux - language: android - android: - components: - - android-21 - - build-tools-26.0.2 - dist: trusty - - - env: TARGET_X=aarch64-linux-android RUST_X=beta MODE_X=RELWITHDEBINFO CC_aarch64_linux_android=aarch64-linux-android21-clang CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang - rust: beta - os: linux - language: android - android: - components: - - android-21 - - build-tools-26.0.2 - dist: trusty - - - env: TARGET_X=armv7-linux-androideabi RUST_X=beta MODE_X=DEBUG CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang - rust: beta - os: linux - language: android - android: - components: - - android-18 - - build-tools-26.0.2 - - sys-img-armeabi-v7a-android-18 - dist: trusty - - - env: TARGET_X=armv7-linux-androideabi RUST_X=beta MODE_X=RELWITHDEBINFO CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang - rust: beta - os: linux - language: android - android: - components: - - android-18 - - build-tools-26.0.2 - - sys-img-armeabi-v7a-android-18 - dist: trusty - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=DEBUG CC_x86_64_unknown_linux_musl=clang-10 rust: beta os: linux @@ -518,5 +392,4 @@ matrix: # END GENERATED -install: mk/install-build-tools.sh script: if [[ "$TARGET_X" =~ ^a*.*linux-.* && "$MODE_X" == "RELWITHDEBINFO" ]]; then travis_wait 60 mk/travis.sh; else mk/travis.sh; fi diff --git a/mk/install-build-tools.sh b/mk/install-build-tools.sh deleted file mode 100755 index b84f7efcfb..0000000000 --- a/mk/install-build-tools.sh +++ /dev/null @@ -1,26 +0,0 @@ -case $TARGET_X in -aarch64-linux-android) - export ANDROID_ABI=aarch64 - ;; -armv7-linux-androideabi) - # XXX: Tests are built but not run because we couldn't get the emulator to work; see - # https://github.com/briansmith/ring/issues/838 - # export ANDROID_SYSTEM_IMAGE="system-images;android-18;default;armeabi-v7a" - export ANDROID_ABI=armeabi-v7a - ;; -esac - -if [[ ! -z "${ANDROID_ABI-}" ]]; then - # install the android sdk/ndk - mkdir "$ANDROID_HOME/licenses" || true - echo "24333f8a63b6825ea9c5514f83c2829b004d1fee" > "$ANDROID_HOME/licenses/android-sdk-license" - sdkmanager ndk-bundle - - if [[ ! -z "${ANDROID_SYSTEM_IMAGE-}" ]]; then - sdkmanager tools - echo no | avdmanager create avd --force --name $TARGET_X -k $ANDROID_SYSTEM_IMAGE --abi $ANDROID_ABI - avdmanager list avd - fi - - curl -sSf https://build.travis-ci.org/files/rustup-init.sh | sh -s -- --default-toolchain=$RUST_X -y -fi diff --git a/mk/travis.sh b/mk/travis.sh index 82c6ba3c9a..90ac7999b7 100755 --- a/mk/travis.sh +++ b/mk/travis.sh @@ -65,30 +65,4 @@ if [ -n "${KCOV-}" ]; then kcov --merge --coveralls-id=$TRAVIS_JOB_ID target/kcov/merged target/kcov/unmerged/* fi -# Android tests in emulator -# -# XXX: Tests are built but not run because we couldn't get the emulator to work; see -# https://github.com/briansmith/ring/issues/838 -if false; then - $ANDROID_HOME/emulator/emulator @$TARGET_X -memory 2048 -no-skin -no-boot-anim -no-window & - adb wait-for-device - - # Run the unit tests first. The file named ring- in $target_dir is - # the test executable. - - find $target_dir -maxdepth 1 -name ring-* ! -name "*.*" \ - -exec adb push {} /data/ring-test \; - adb shell "cd /data && ./ring-test" 2>&1 | tee /tmp/ring-test-log - grep "test result: ok" /tmp/ring-test-log - - for test_exe in `find $target_dir -maxdepth 1 -name "*test*" -type f ! -name "*.*" `; do - adb push $test_exe /data/`basename $test_exe` - adb shell "cd /data && ./`basename $test_exe`" 2>&1 | \ - tee /tmp/`basename $test_exe`-log - grep "test result: ok" /tmp/`basename $test_exe`-log - done - - adb emu kill -fi - echo end of mk/travis.sh diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index a4e86f6909..1496c1d9e9 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -48,8 +48,6 @@ # configurations have been built to find out that there is a failure on Mac. targets = { "linux" : [ - ("aarch64-linux-android", [ "aarch64-linux-android21-clang" ]), - ("armv7-linux-androideabi", [ "armv7a-linux-androideabi18-clang" ]), ("x86_64-unknown-linux-musl", [clang]), ("aarch64-unknown-linux-gnu", [ "aarch64-linux-gnu-gcc" ]), ("i686-unknown-linux-gnu", linux_compilers), From 68db0d317df7f1e84acd2cf59990f29c06c9bfe0 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 9 Nov 2020 13:57:20 -0800 Subject: [PATCH 208/399] CI/CD: Move remaining {i686,x86_64}-unknown-linux-{gnu,musl} targets to GitHub Actions. --- .github/workflows/ci.yml | 40 ++++++++ .travis.yml | 198 --------------------------------------- mk/update-travis-yml.py | 3 - 3 files changed, 40 insertions(+), 201 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e3c7c08504..0724c6611d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -37,6 +37,46 @@ jobs: toolchain: ${{ matrix.rust_channel }} - run: cargo test -vv ${{ matrix.mode }} + test-cross-linux-linux: + runs-on: ${{ matrix.host_os }} + strategy: + matrix: + host_os: + - ubuntu-18.04 + mode: + - # debug + - --release + rust_channel: + - stable + - beta + - nightly + target: + - i686-unknown-linux-gnu + - i686-unknown-linux-musl + - x86_64-unknown-linux-musl + steps: + - uses: actions/checkout@v2 + - uses: actions-rs/toolchain@v1 + with: + override: true + toolchain: ${{ matrix.rust_channel }} + + # TODO: musl i686 shouldn't be using gcc-multilib or libc6-dev-i386. + - if: ${{ contains(matrix.target, 'i686') }} + run: | + sudo apt-get -yq --no-install-suggests --no-install-recommends install \ + gcc-multilib \ + libc6-dev-i386 + + - run: | + CC_i686_unknown_linux_gnu=clang \ + CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang \ + CC_i686_unknown_linux_musl=clang \ + CARGO_TARGET_i686_UNKNOWN_LINUX_MUSL_LINKER=clang \ + CC_x86_64_unknown_linux_musl=clang \ + CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang \ + cargo test -vv ${{ matrix.mode }} + # Verify cross-compiling with the default feature set works. build-cross-linux: runs-on: ${{ matrix.host_os }} diff --git a/.travis.yml b/.travis.yml index 8117b3fc52..dcc1c3a8bd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,24 +8,6 @@ matrix: # # BEGIN GENERATED - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=DEBUG CC_x86_64_unknown_linux_musl=clang-10 - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=stable MODE_X=RELWITHDEBINFO CC_x86_64_unknown_linux_musl=clang-10 - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc rust: stable os: linux @@ -50,50 +32,6 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG CC_i686_unknown_linux_gnu=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - gcc-multilib - - libc6-dev-i386 - - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO CC_i686_unknown_linux_gnu=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - gcc-multilib - - libc6-dev-i386 - - - env: TARGET_X=i686-unknown-linux-musl RUST_X=stable MODE_X=DEBUG CC_i686_unknown_linux_musl=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-10 - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - gcc-multilib - - libc6-dev-i386 - - - env: TARGET_X=i686-unknown-linux-musl RUST_X=stable MODE_X=RELWITHDEBINFO CC_i686_unknown_linux_musl=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-10 - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - gcc-multilib - - libc6-dev-i386 - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=DEBUG CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc rust: stable os: linux @@ -118,24 +56,6 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG CC_x86_64_unknown_linux_musl=clang-10 - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=nightly MODE_X=RELWITHDEBINFO CC_x86_64_unknown_linux_musl=clang-10 - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc rust: nightly os: linux @@ -160,62 +80,6 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CC_i686_unknown_linux_gnu=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - gcc-multilib - - libc6-dev-i386 - - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CARGO_INCREMENTAL=0 RUSTDOCFLAGS="-Cpanic=abort" RUSTFLAGS="-Ccodegen-units=1 -Clink-dead-code -Coverflow-checks=on -Cpanic=abort -Zpanic_abort_tests -Zprofile" KCOV=1 CC_i686_unknown_linux_gnu=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_RUNNER=mk/kcov.sh - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - gcc-multilib - - kcov - - libc6-dev-i386 - - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO CC_i686_unknown_linux_gnu=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - gcc-multilib - - libc6-dev-i386 - - - env: TARGET_X=i686-unknown-linux-musl RUST_X=nightly MODE_X=DEBUG CC_i686_unknown_linux_musl=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-10 - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - gcc-multilib - - libc6-dev-i386 - - - env: TARGET_X=i686-unknown-linux-musl RUST_X=nightly MODE_X=RELWITHDEBINFO CC_i686_unknown_linux_musl=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-10 - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - gcc-multilib - - libc6-dev-i386 - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=DEBUG CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc rust: nightly os: linux @@ -240,24 +104,6 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=DEBUG CC_x86_64_unknown_linux_musl=clang-10 - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - - env: TARGET_X=x86_64-unknown-linux-musl RUST_X=beta MODE_X=RELWITHDEBINFO CC_x86_64_unknown_linux_musl=clang-10 - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc rust: beta os: linux @@ -282,50 +128,6 @@ matrix: - libc6-dev-arm64-cross - qemu-user-binfmt - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG CC_i686_unknown_linux_gnu=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - gcc-multilib - - libc6-dev-i386 - - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO CC_i686_unknown_linux_gnu=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - gcc-multilib - - libc6-dev-i386 - - - env: TARGET_X=i686-unknown-linux-musl RUST_X=beta MODE_X=DEBUG CC_i686_unknown_linux_musl=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-10 - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - gcc-multilib - - libc6-dev-i386 - - - env: TARGET_X=i686-unknown-linux-musl RUST_X=beta MODE_X=RELWITHDEBINFO CC_i686_unknown_linux_musl=clang-10 CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-10 - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - gcc-multilib - - libc6-dev-i386 - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=DEBUG CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc rust: beta os: linux diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index 1496c1d9e9..2b1a1e1919 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -48,10 +48,7 @@ # configurations have been built to find out that there is a failure on Mac. targets = { "linux" : [ - ("x86_64-unknown-linux-musl", [clang]), ("aarch64-unknown-linux-gnu", [ "aarch64-linux-gnu-gcc" ]), - ("i686-unknown-linux-gnu", linux_compilers), - ("i686-unknown-linux-musl", [clang]), ("arm-unknown-linux-gnueabihf", [ "arm-linux-gnueabihf-gcc" ]), ], } From cf88b2b710a6506fcd303a2ca0fcdb56a6e60092 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 9 Nov 2020 14:26:08 -0800 Subject: [PATCH 209/399] CI/CD: Reorder steps in GitHub Actions. Reorder the steps to: 1. Install whatever non-Rust software needs to be installed. 2. Install the Rust toolchain. 3. Checkout the source code. 3. Run `cargo`. --- .github/workflows/ci.yml | 48 ++++++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 21 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0724c6611d..6e893a28cf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,12 +6,12 @@ jobs: rustfmt: runs-on: ubuntu-18.04 steps: - - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 with: toolchain: stable profile: minimal components: rustfmt + - uses: actions/checkout@v2 - run: cargo fmt --all -- --check test-target-is-host: @@ -30,11 +30,11 @@ jobs: - nightly steps: - - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 with: override: true toolchain: ${{ matrix.rust_channel }} + - uses: actions/checkout@v2 - run: cargo test -vv ${{ matrix.mode }} test-cross-linux-linux: @@ -55,12 +55,6 @@ jobs: - i686-unknown-linux-musl - x86_64-unknown-linux-musl steps: - - uses: actions/checkout@v2 - - uses: actions-rs/toolchain@v1 - with: - override: true - toolchain: ${{ matrix.rust_channel }} - # TODO: musl i686 shouldn't be using gcc-multilib or libc6-dev-i386. - if: ${{ contains(matrix.target, 'i686') }} run: | @@ -68,6 +62,13 @@ jobs: gcc-multilib \ libc6-dev-i386 + - uses: actions-rs/toolchain@v1 + with: + override: true + toolchain: ${{ matrix.rust_channel }} + + - uses: actions/checkout@v2 + - run: | CC_i686_unknown_linux_gnu=clang \ CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang \ @@ -98,21 +99,22 @@ jobs: - aarch64-linux-android - armv7-linux-androideabi steps: - - uses: actions/checkout@v2 + - if: ${{ contains(matrix.target, 'android') }} + run: | + mkdir -p "${ANDROID_SDK_ROOT}/licenses" && \ + echo "24333f8a63b6825ea9c5514f83c2829b004d1fee" > "${ANDROID_SDK_ROOT}/licenses/android-sdk-license" && \ + sudo "${ANDROID_SDK_ROOT}/tools/bin/sdkmanager" ndk-bundle + - uses: actions-rs/toolchain@v1 with: override: true target: ${{ matrix.target }} toolchain: ${{ matrix.rust_channel }} - - if: ${{ contains(matrix.target, 'android') }} - run: | - mkdir -p "${ANDROID_SDK_ROOT}/licenses" && \ - echo "24333f8a63b6825ea9c5514f83c2829b004d1fee" > "${ANDROID_SDK_ROOT}/licenses/android-sdk-license" && \ - sudo "${ANDROID_SDK_ROOT}/tools/bin/sdkmanager" ndk-bundle + - uses: actions/checkout@v2 - # wasm32-*: When the "wasm32_c" feature isn't enabled, we don't need to set anything. - # TODO: Collect the resultant artifacts and/or run the tests. + # wasm32-*: When the "wasm32_c" feature isn't enabled, we don't need to set anything. + # TODO: Collect the resultant artifacts and/or run the tests. - run: | PATH=${ANDROID_SDK_ROOT}/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/bin:$PATH \ CC_aarch64_linux_android=aarch64-linux-android21-clang \ @@ -141,16 +143,18 @@ jobs: - wasm32-unknown-unknown steps: - - uses: actions/checkout@v2 + # "wasm_c" has only been tested with clang-10 and llvm-ar-10. The build + # will fail when using some older versions. + - run: sudo apt-get -yq --no-install-suggests --no-install-recommends install clang-10 llvm-10 + - uses: actions-rs/toolchain@v1 with: override: true target: ${{ matrix.target }} toolchain: ${{ matrix.rust_channel }} - # "wasm_c" has only been tested with clang-10 and llvm-ar-10. The build - # will fail when using some older versions. - - run: sudo apt-get -yq --no-install-suggests --no-install-recommends install clang-10 llvm-10 + - uses: actions/checkout@v2 + - env: # These are only needed for for wasm32 targets only, only when the "wasm_c" # feature is enabled. @@ -176,12 +180,14 @@ jobs: target: - aarch64-apple-ios steps: - - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 with: override: true target: ${{ matrix.target }} toolchain: ${{ matrix.rust_channel }} + + - uses: actions/checkout@v2 + # TODO: Collect the resultant artifacts and/or run the tests. - run: | cargo test --no-run -vv ${{ matrix.features }} ${{ matrix.mode }} --target=${{ matrix.target }} From 09488e45c610fcbfc99b2aec1006e3239dd20171 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 9 Nov 2020 14:42:23 -0800 Subject: [PATCH 210/399] CI/CD: Move aarch64-unknown-linux-gnu to GitHub Actions. --- .github/workflows/ci.yml | 13 ++++++++ .travis.yml | 72 ---------------------------------------- mk/update-travis-yml.py | 1 - 3 files changed, 13 insertions(+), 73 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6e893a28cf..c95d594f0d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -51,10 +51,20 @@ jobs: - beta - nightly target: + - aarch64-unknown-linux-gnu - i686-unknown-linux-gnu - i686-unknown-linux-musl - x86_64-unknown-linux-musl steps: + # qemu-user is needed only to run the tests, not for `cargo build` or + # `cargo test --no-run`. + - if: ${{ matrix.target == 'aarch64-unknown-linux-gnu' }} + run: | + sudo apt-get -yq --no-install-suggests --no-install-recommends install \ + gcc-aarch64-linux-gnu \ + libc6-dev-arm64-cross \ + qemu-user + # TODO: musl i686 shouldn't be using gcc-multilib or libc6-dev-i386. - if: ${{ contains(matrix.target, 'i686') }} run: | @@ -70,6 +80,9 @@ jobs: - uses: actions/checkout@v2 - run: | + CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc \ + CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc \ + CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="qemu-aarch64 -L /usr/aarch64-linux-gnu" \ CC_i686_unknown_linux_gnu=clang \ CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang \ CC_i686_unknown_linux_musl=clang \ diff --git a/.travis.yml b/.travis.yml index dcc1c3a8bd..46042ef404 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,30 +8,6 @@ matrix: # # BEGIN GENERATED - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - binfmt-support - - gcc-aarch64-linux-gnu - - libc6-dev-arm64-cross - - qemu-user-binfmt - - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - binfmt-support - - gcc-aarch64-linux-gnu - - libc6-dev-arm64-cross - - qemu-user-binfmt - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=DEBUG CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc rust: stable os: linux @@ -56,30 +32,6 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=DEBUG CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - binfmt-support - - gcc-aarch64-linux-gnu - - libc6-dev-arm64-cross - - qemu-user-binfmt - - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=nightly MODE_X=RELWITHDEBINFO CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - binfmt-support - - gcc-aarch64-linux-gnu - - libc6-dev-arm64-cross - - qemu-user-binfmt - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=DEBUG CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc rust: nightly os: linux @@ -104,30 +56,6 @@ matrix: - libc6-dev-armhf-cross - qemu-user-binfmt - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=DEBUG CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - binfmt-support - - gcc-aarch64-linux-gnu - - libc6-dev-arm64-cross - - qemu-user-binfmt - - - env: TARGET_X=aarch64-unknown-linux-gnu RUST_X=beta MODE_X=RELWITHDEBINFO CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - binfmt-support - - gcc-aarch64-linux-gnu - - libc6-dev-arm64-cross - - qemu-user-binfmt - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=DEBUG CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc rust: beta os: linux diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py index 2b1a1e1919..8eea7aa1e5 100755 --- a/mk/update-travis-yml.py +++ b/mk/update-travis-yml.py @@ -48,7 +48,6 @@ # configurations have been built to find out that there is a failure on Mac. targets = { "linux" : [ - ("aarch64-unknown-linux-gnu", [ "aarch64-linux-gnu-gcc" ]), ("arm-unknown-linux-gnueabihf", [ "arm-linux-gnueabihf-gcc" ]), ], } From 9ab293a61c42c118cea0db1a333059e276694ea1 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 9 Nov 2020 14:48:59 -0800 Subject: [PATCH 211/399] CI/CD: Move arm-unknown-linux-gnueabihf to GitHub actions. --- .github/workflows/ci.yml | 13 ++ .travis.yml | 125 ------------------- mk/update-travis-yml.py | 256 --------------------------------------- 3 files changed, 13 insertions(+), 381 deletions(-) delete mode 100644 .travis.yml delete mode 100755 mk/update-travis-yml.py diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c95d594f0d..4c3476790b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -52,6 +52,7 @@ jobs: - nightly target: - aarch64-unknown-linux-gnu + - arm-unknown-linux-gnueabihf - i686-unknown-linux-gnu - i686-unknown-linux-musl - x86_64-unknown-linux-musl @@ -65,6 +66,15 @@ jobs: libc6-dev-arm64-cross \ qemu-user + # qemu-user is needed only to run the tests, not for `cargo build` or + # `cargo test --no-run`. + - if: ${{ matrix.target == 'arm-unknown-linux-gnueabihf' }} + run: | + sudo apt-get -yq --no-install-suggests --no-install-recommends install \ + gcc-arm-linux-gnueabihf \ + libc6-dev-armhf-cross \ + qemu-user + # TODO: musl i686 shouldn't be using gcc-multilib or libc6-dev-i386. - if: ${{ contains(matrix.target, 'i686') }} run: | @@ -83,6 +93,9 @@ jobs: CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc \ CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc \ CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="qemu-aarch64 -L /usr/aarch64-linux-gnu" \ + CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc \ + CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc \ + CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER="qemu-arm -L /usr/arm-linux-gnueabihf" \ CC_i686_unknown_linux_gnu=clang \ CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang \ CC_i686_unknown_linux_musl=clang \ diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 46042ef404..0000000000 --- a/.travis.yml +++ /dev/null @@ -1,125 +0,0 @@ -language: rust -matrix: - include: - # The lines from "# BEGIN GENERATED" through "# END GENERATED" are - # generated by running |python mk/update-travis-yml.py|. Any changes - # made to those lines will be overwritten while other lines will be left - # untouched. - # - # BEGIN GENERATED - - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=DEBUG CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - binfmt-support - - gcc-arm-linux-gnueabihf - - libc6-dev-armhf-cross - - qemu-user-binfmt - - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=stable MODE_X=RELWITHDEBINFO CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - binfmt-support - - gcc-arm-linux-gnueabihf - - libc6-dev-armhf-cross - - qemu-user-binfmt - - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=DEBUG CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - binfmt-support - - gcc-arm-linux-gnueabihf - - libc6-dev-armhf-cross - - qemu-user-binfmt - - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=nightly MODE_X=RELWITHDEBINFO CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc - rust: nightly - os: linux - dist: focal - addons: - apt: - packages: - - binfmt-support - - gcc-arm-linux-gnueabihf - - libc6-dev-armhf-cross - - qemu-user-binfmt - - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=DEBUG CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - binfmt-support - - gcc-arm-linux-gnueabihf - - libc6-dev-armhf-cross - - qemu-user-binfmt - - - env: TARGET_X=arm-unknown-linux-gnueabihf RUST_X=beta MODE_X=RELWITHDEBINFO CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc - rust: beta - os: linux - dist: focal - addons: - apt: - packages: - - binfmt-support - - gcc-arm-linux-gnueabihf - - libc6-dev-armhf-cross - - qemu-user-binfmt - - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG - rust: stable - os: linux - dist: focal - - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG - rust: stable - os: linux - dist: trusty - - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO - rust: stable - os: linux - dist: focal - - - env: TARGET_X=x86_64-unknown-linux-gnu RUST_X=stable MODE_X=RELWITHDEBINFO - rust: stable - os: linux - dist: trusty - - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG - rust: stable - os: linux - dist: focal - addons: - apt: - packages: - - gcc-multilib - - libc6-dev-i386 - - - env: TARGET_X=i686-unknown-linux-gnu RUST_X=stable MODE_X=DEBUG - rust: stable - os: linux - dist: trusty - addons: - apt: - packages: - - gcc-multilib - - libc6-dev-i386 - - # END GENERATED - -script: if [[ "$TARGET_X" =~ ^a*.*linux-.* && "$MODE_X" == "RELWITHDEBINFO" ]]; then travis_wait 60 mk/travis.sh; else mk/travis.sh; fi diff --git a/mk/update-travis-yml.py b/mk/update-travis-yml.py deleted file mode 100755 index 8eea7aa1e5..0000000000 --- a/mk/update-travis-yml.py +++ /dev/null @@ -1,256 +0,0 @@ -# Run this as "python mk/update-travis-yml.py" - -# Copyright 2015 Brian Smith. -# -# Permission to use, copy, modify, and/or distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND BRIAN SMITH AND THE AUTHORS DISCLAIM -# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL BRIAN SMITH OR THE AUTHORS -# BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY -# DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN -# AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -import re -import shutil - -rusts = [ - "stable", - "nightly", - "beta", -] - -clang = "clang-10" - -# GCC 4.8 and GCC 9 are tested in less thoroughly in configurations hard-coded -# in .travis.yml. -linux_compilers = [ - clang, -] - -apple_compilers = [ - "", # Don't set CC.' -] - -feature_sets = [ - "", -] - -modes = [ - "DEBUG", - "RELWITHDEBINFO" -] - -# Mac OS X is first because we don't want to have to wait until all the Linux -# configurations have been built to find out that there is a failure on Mac. -targets = { - "linux" : [ - ("arm-unknown-linux-gnueabihf", [ "arm-linux-gnueabihf-gcc" ]), - ], -} - -def kcovs(target, rust, mode): - # DEBUG mode is needed because debug symbols are needed for coverage tracking. - # Nightly Rust is needed for `-Zpanic_abort_tests -Zprofile`. - kcov_targets = ["x86_64-unknown-linux-gnu", "i686-unknown-linux-gnu"] - return [False, True] if target in kcov_targets and rust == "nightly" and mode == "DEBUG" else [False] - -def format_entries(): - entries = [format_entry(os, "focal", target, compiler, rust, mode, features, kcov) - for rust in rusts - for os in targets.keys() - for (target, compilers) in targets[os] - for compiler in compilers - for mode in modes - for features in feature_sets - for kcov in kcovs(target, rust, mode)] - - # Verify that we build on Trusty, which has GCC 4.8 as the default GCC - # version. GCC 4.8 is the minimum version of GCC we support. Verify that we - # build with GCC 9, the default compiler on Focal. - special_dists = ["focal", "trusty"] - entries += [ format_entry("linux", dist, "x86_64-unknown-linux-gnu", "", "stable", mode, "", False) - for mode in modes - for dist in special_dists] - entries += [ format_entry("linux", dist, "i686-unknown-linux-gnu", "", "stable", "DEBUG", "", False) - for dist in special_dists] - - return "\n".join(entries) - -# We use alternative names (the "_X" suffix) so that, in mk/travis.sh, we can -# ensure that we set the specific variables we want and that no relevant -# variables are unintentionally inherited into the build process. - -entry_template = """ - - env: %(env)s - rust: %(rust)s - os: %(os)s""" - -entry_indent = " " - -entry_packages_template = """ - addons: - apt: - packages: - %(packages)s""" - -def format_entry(os, linux_dist, target, compiler, rust, mode, features, kcov): - env = [] - runner = None - - env.append(("TARGET_X", target)) - env.append(("RUST_X", rust)) - env.append(("MODE_X", mode)) - if features != "": - env.append(("FEATURES_X", features)) - - if kcov: - # kcov reports coverage as a percentage of code *linked into the executable* - # (more accurately, code that has debug info linked into the executable), not - # as a percentage of source code. Any code that gets discarded by the linker - # due to lack of usage isn't counted at all. Thus, we have to link with - # "-C link-dead-code" to get accurate code coverage reports. - # - # panic=abort is used to get accurate coverage. See - # https://github.com/rust-lang/rust/issues/43410 and - # https://github.com/mozilla/grcov/issues/427#issuecomment-623995594 and - # https://github.com/rust-lang/rust/issues/55352. - env.append(("CARGO_INCREMENTAL", 0)) - env.append(("RUSTDOCFLAGS", '"-Cpanic=abort"')) - env.append(("RUSTFLAGS", '"-Ccodegen-units=1 -Clink-dead-code -Coverflow-checks=on -Cpanic=abort -Zpanic_abort_tests -Zprofile"')) - env.append(("KCOV", "1")) - runner = 'mk/kcov.sh' - - target_words = target.split("-") - arch = target_words[0] - vendor = target_words[1] - sys = target_words[2] - - template = entry_template - - android_linux_dist = "trusty" - - if sys == "darwin": - abi = sys - sys = "macos" - elif sys == "ios": - abi = sys - sys = "ios" - elif sys == "androideabi": - linux_dist = android_linux_dist - abi = sys - sys = "linux" - template += """ - language: android - android: - components: - - android-18 - - build-tools-26.0.2 - - sys-img-armeabi-v7a-android-18""" - elif sys == "android": - linux_dist = android_linux_dist - abi = sys - sys = "linux" - template += """ - language: android - android: - components: - - android-21 - - build-tools-26.0.2""" - else: - abi = target_words[3] - - def prefix_all(prefix, xs): - return [prefix + x for x in xs] - - if sys == "linux": - packages = sorted(get_linux_packages_to_install(target, compiler, arch, kcov)) - template += """ - dist: %s""" % linux_dist - - if sys == "linux": - if packages: - template += entry_packages_template - else: - packages = [] - - cc = compiler - - if os == "osx": - os += "\n" + entry_indent + "osx_image: xcode12" - - target_with_underscores = target.replace("-", "_") - if cc != "": - env.append(("CC_" + target_with_underscores, cc)) - if arch != "x86_64": - env.append(("CARGO_TARGET_%s_LINKER" % target_with_underscores.upper(), cc)) - if runner: - env.append(("CARGO_TARGET_%s_RUNNER" % target_with_underscores.upper(), runner)) - - return template % { - "env" : " ".join(["%s=%s" % (name, value) for (name, value) in env]), - "rust" : rust, - "packages" : "\n ".join(prefix_all("- ", packages)), - "os" : os, - } - -def get_linux_packages_to_install(target, compiler, arch, kcov): - if compiler.startswith("clang-") or compiler.startswith("gcc-"): - packages = [compiler] - else: - packages = [] - - if kcov: - packages += ["kcov"] - - qemu = False - - if target == "aarch64-unknown-linux-gnu": - qemu = True - packages += ["gcc-aarch64-linux-gnu", - "libc6-dev-arm64-cross"] - if target == "arm-unknown-linux-gnueabihf": - qemu = True - packages += ["gcc-arm-linux-gnueabihf", - "libc6-dev-armhf-cross"] - - if qemu: - packages += ["binfmt-support", - "qemu-user-binfmt"] - - if arch == "i686": - if compiler.startswith("clang") or compiler == "": - packages += ["libc6-dev-i386", - "gcc-multilib"] - elif compiler.startswith("gcc-"): - packages += [compiler + "-multilib", - "linux-libc-dev:i386"] - else: - raise ValueError("unexpected compiler: %s" % compiler) - - return packages - -def main(): - # Make a backup of the file we are about to update. - shutil.copyfile(".travis.yml", ".travis.yml~") - with open(".travis.yml", "r+b") as file: - begin = " # BEGIN GENERATED\n" - end = " # END GENERATED\n" - old_contents = file.read() - new_contents = re.sub("%s(.*?)\n[ ]*%s" % (begin, end), - "".join([begin, format_entries(), "\n\n", end]), - old_contents, flags=re.S) - if old_contents == new_contents: - print "No changes" - return - - file.seek(0) - file.write(new_contents) - file.truncate() - print new_contents - -if __name__ == '__main__': - main() From 9e0df33deab879e0cb86e74b247ba01afbcd5d84 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 9 Nov 2020 15:56:01 -0800 Subject: [PATCH 212/399] CI/CD: Restore mk/install-build-tools.sh. --- .github/workflows/ci.yml | 69 ++++++++++++++----------------------- mk/install-build-tools.sh | 72 +++++++++++++++++++++++++++++++++++++++ mk/package.sh | 1 - 3 files changed, 97 insertions(+), 45 deletions(-) create mode 100755 mk/install-build-tools.sh diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4c3476790b..6b68d66091 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,6 +18,8 @@ jobs: runs-on: ${{ matrix.host_os }} strategy: matrix: + features: + - # Default host_os: - ubuntu-18.04 - macos-latest @@ -34,13 +36,18 @@ jobs: with: override: true toolchain: ${{ matrix.rust_channel }} + - uses: actions/checkout@v2 - - run: cargo test -vv ${{ matrix.mode }} + + - run: | + cargo test -vv ${{ matrix.features }} ${{ matrix.mode }} test-cross-linux-linux: runs-on: ${{ matrix.host_os }} strategy: matrix: + features: + - # Default host_os: - ubuntu-18.04 mode: @@ -57,38 +64,16 @@ jobs: - i686-unknown-linux-musl - x86_64-unknown-linux-musl steps: - # qemu-user is needed only to run the tests, not for `cargo build` or - # `cargo test --no-run`. - - if: ${{ matrix.target == 'aarch64-unknown-linux-gnu' }} - run: | - sudo apt-get -yq --no-install-suggests --no-install-recommends install \ - gcc-aarch64-linux-gnu \ - libc6-dev-arm64-cross \ - qemu-user - - # qemu-user is needed only to run the tests, not for `cargo build` or - # `cargo test --no-run`. - - if: ${{ matrix.target == 'arm-unknown-linux-gnueabihf' }} - run: | - sudo apt-get -yq --no-install-suggests --no-install-recommends install \ - gcc-arm-linux-gnueabihf \ - libc6-dev-armhf-cross \ - qemu-user + - uses: actions/checkout@v2 - # TODO: musl i686 shouldn't be using gcc-multilib or libc6-dev-i386. - - if: ${{ contains(matrix.target, 'i686') }} - run: | - sudo apt-get -yq --no-install-suggests --no-install-recommends install \ - gcc-multilib \ - libc6-dev-i386 + - run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }} - uses: actions-rs/toolchain@v1 with: override: true + target: ${{ matrix.target }} toolchain: ${{ matrix.rust_channel }} - - uses: actions/checkout@v2 - - run: | CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc \ CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc \ @@ -102,7 +87,7 @@ jobs: CARGO_TARGET_i686_UNKNOWN_LINUX_MUSL_LINKER=clang \ CC_x86_64_unknown_linux_musl=clang \ CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang \ - cargo test -vv ${{ matrix.mode }} + cargo test -vv --target=${{ matrix.target }} ${{ matrix.features }} ${{ matrix.mode }} # Verify cross-compiling with the default feature set works. build-cross-linux: @@ -125,11 +110,9 @@ jobs: - aarch64-linux-android - armv7-linux-androideabi steps: - - if: ${{ contains(matrix.target, 'android') }} - run: | - mkdir -p "${ANDROID_SDK_ROOT}/licenses" && \ - echo "24333f8a63b6825ea9c5514f83c2829b004d1fee" > "${ANDROID_SDK_ROOT}/licenses/android-sdk-license" && \ - sudo "${ANDROID_SDK_ROOT}/tools/bin/sdkmanager" ndk-bundle + - uses: actions/checkout@v2 + + - run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }} - uses: actions-rs/toolchain@v1 with: @@ -137,8 +120,6 @@ jobs: target: ${{ matrix.target }} toolchain: ${{ matrix.rust_channel }} - - uses: actions/checkout@v2 - # wasm32-*: When the "wasm32_c" feature isn't enabled, we don't need to set anything. # TODO: Collect the resultant artifacts and/or run the tests. - run: | @@ -147,7 +128,7 @@ jobs: CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang \ CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang \ CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang \ - cargo test --no-run -vv ${{ matrix.features }} ${{ matrix.mode }} --target=${{ matrix.target }} + cargo test -vv --no-run --target=${{ matrix.target }} ${{ matrix.features }} ${{ matrix.mode }} # Verify that the the "wasm32_c" configuration builds. build-cross-wasm32-c: @@ -155,7 +136,7 @@ jobs: strategy: matrix: features: - - --features="wasm32_c" + - --features=wasm32_c host_os: - ubuntu-18.04 mode: @@ -169,9 +150,9 @@ jobs: - wasm32-unknown-unknown steps: - # "wasm_c" has only been tested with clang-10 and llvm-ar-10. The build - # will fail when using some older versions. - - run: sudo apt-get -yq --no-install-suggests --no-install-recommends install clang-10 llvm-10 + - uses: actions/checkout@v2 + + - run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }} - uses: actions-rs/toolchain@v1 with: @@ -179,8 +160,6 @@ jobs: target: ${{ matrix.target }} toolchain: ${{ matrix.rust_channel }} - - uses: actions/checkout@v2 - - env: # These are only needed for for wasm32 targets only, only when the "wasm_c" # feature is enabled. @@ -188,7 +167,7 @@ jobs: AR_wasm32_unknown_unknown: llvm-ar-10 # TODO: Collect the resultant artifacts and/or run the tests. run: | - cargo test --no-run -vv ${{ matrix.features }} ${{ matrix.mode }} --target=${{ matrix.target }} + cargo test -vv --no-run --target=${{ matrix.target }} ${{ matrix.features }} ${{ matrix.mode }} build-cross-apple: runs-on: ${{ matrix.host_os }} @@ -206,14 +185,16 @@ jobs: target: - aarch64-apple-ios steps: + - uses: actions/checkout@v2 + + - run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }} + - uses: actions-rs/toolchain@v1 with: override: true target: ${{ matrix.target }} toolchain: ${{ matrix.rust_channel }} - - uses: actions/checkout@v2 - # TODO: Collect the resultant artifacts and/or run the tests. - run: | cargo test --no-run -vv ${{ matrix.features }} ${{ matrix.mode }} --target=${{ matrix.target }} diff --git a/mk/install-build-tools.sh b/mk/install-build-tools.sh new file mode 100755 index 0000000000..b0b77ca2d9 --- /dev/null +++ b/mk/install-build-tools.sh @@ -0,0 +1,72 @@ +#!/usr/bin/env bash +# +# Copyright 2020 Brian Smith. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +set -eux -o pipefail +IFS=$'\n\t' + +target=$1 +features=${2-} + +function install_packages { + sudo apt-get -yq --no-install-suggests --no-install-recommends install "$@" +} + +case $target in +--target*android*) + mkdir -p "${ANDROID_SDK_ROOT}/licenses" + android_license_file="${ANDROID_SDK_ROOT}/licenses/android-sdk-license" + accept_android_license=24333f8a63b6825ea9c5514f83c2829b004d1fee + grep --quiet --no-messages "$accept_android_license" "$android_license_file" \ + || echo $accept_android_license >> "$android_license_file" + sudo "${ANDROID_SDK_ROOT}/tools/bin/sdkmanager" ndk-bundle + ;; +esac + +case $target in +--target=aarch64-unknown-linux-gnu) + install_packages \ + qemu-user \ + gcc-aarch64-linux-gnu \ + libc6-dev-arm64-cross + ;; +--target=arm-unknown-linux-gnueabihf) + install_packages \ + qemu-user \ + gcc-arm-linux-gnueabihf \ + libc6-dev-armhf-cross + ;; +--target=i686-unknown-linux-gnu|--target=i686-unknown-linux-musl) + # TODO: musl i686 shouldn't be using gcc-multilib or libc6-dev-i386. + install_packages \ + gcc-multilib \ + libc6-dev-i386 + ;; +--target=wasm32-unknown-unknown) + case ${features-} in + *wasm32_c*) + # "wasm_c" has only been tested with clang-10 and llvm-ar-10. The build + # will fail when using some older versions. + install_packages \ + clang-10 \ + llvm-10 + ;; + *) + ;; + esac + ;; +--target=*) + ;; +esac diff --git a/mk/package.sh b/mk/package.sh index 43b9851272..7def4b623e 100644 --- a/mk/package.sh +++ b/mk/package.sh @@ -1,4 +1,3 @@ - # This only works on Windows, using MinGW. set -eux -o pipefail IFS=$'\n\t' From f21a4a338b77479ed32148a9318f1801b2d67048 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 10 Nov 2020 09:58:01 -0800 Subject: [PATCH 213/399] Update README.md for latest CI changes. --- README.md | 53 +++++++++++++++++++---------------------------------- 1 file changed, 19 insertions(+), 34 deletions(-) diff --git a/README.md b/README.md index 83eca33c1a..14e0e6cbe5 100644 --- a/README.md +++ b/README.md @@ -198,40 +198,25 @@ any security vulnerability in this code privately to anybody.** Online Automated Testing ------------------------ -Travis CI is used for Android, Linux, and macOS. Appveyor is used for Windows. -The tests are run in debug and release configurations, for the current release -of each Rust channel (Stable, Beta, Nightly), for each configuration listed in -the table below. The C compilers listed are used for compiling the C portions. - - - - - - - - - - - - - - - - - - - - - - - - -
OSArch.CompilersStatus
Linuxx86, x86_64GCC 9, Clang 10Build Status
32‑bit ARM, AAarch64GCC (Ubuntu/Linaro 4.8.4-2ubuntu1~14.04.1), tested using - qemu-user-arm.
AndroidARMv7, Aarch64*ring* for ARMv7 Android is built in CI using SDK version 26 targeting - API level 18 (Android 4.3+); it is tested in the emulator using the - corresponding system image. *ring* for AArch64 Android is built in CI - using SDK version 26 targeting API level 21 (Android 5.0).
Mac OS Xx64Xcode 12 with its associated version of Apple Clang
Windowsx86, x86_64MSVC 2015 Update 3 (14.0)Build Status
- +Appveyor is currently used for testing Windows hosts and targets. All other +platforms are tested in GitHub Actions. The tests are run in debug and release +configurations, for the current release of each Rust channel (Stable, Beta, +Nightly). A C compiler is currently required to compile some parts of *ring*; +*ring* should be compatible with GCC 4.8+, Clang 10+, and MSVC 2019+, at least. + +| Target | Notes | +| -----------------------------| ----- | +| aarch64-apple-ios | Build-only (GitHub Actions doesn't have a way to run the tests) +| aarch64-unknown-linux-gnu | Tested on 64-bit Linux using QEMU user emulation +| aarch64-linux-android | API level 21 (Android 5.0+); [Build-only; issue 486](https://github.com/briansmith/ring/issues/486) +| arm-unknown-linux-gnueabihf | Tested on 64-bit Linux using QEMU user emulation +| armv7-linux-androideabi | API level 18 (Android 4.3+); [Build-only; issue 838](https://github.com/briansmith/ring/issues/838) +| i686-unknown-linux-gnu | Tested on 64-bit Linux using multilib support +| i686-unknown-linux-musl | [Needs more work; issue 713](https://github.com/briansmith/ring/issues/713) +| x86_64-unknown-linux-gnu | +| x86_64-unknown-linux-musl | [Needs more work; issue 713](https://github.com/briansmith/ring/issues/713) +| x86_64-apple-darwin | +| wasm32-unknown-unknown | [Build-only; issue 1082](https://github.com/briansmith/ring/issues/1082) License From 3ac3e8b020eb260b6eb5f092fc27fc938ed0b016 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 10 Nov 2020 10:24:39 -0800 Subject: [PATCH 214/399] CI/CD: Test wasm32-unknown-unknown in GitHub Actions. Bump the wasm-bindgen-test dependency version to be compatible with the latest wasm-bindgen-cli version. --- .github/workflows/ci.yml | 13 ++++++++----- Cargo.toml | 2 +- mk/install-build-tools.sh | 1 + 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6b68d66091..1d18fb1a2f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -63,6 +63,7 @@ jobs: - i686-unknown-linux-gnu - i686-unknown-linux-musl - x86_64-unknown-linux-musl + steps: - uses: actions/checkout@v2 @@ -106,7 +107,6 @@ jobs: - beta - nightly target: - - wasm32-unknown-unknown - aarch64-linux-android - armv7-linux-androideabi steps: @@ -130,12 +130,12 @@ jobs: CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang \ cargo test -vv --no-run --target=${{ matrix.target }} ${{ matrix.features }} ${{ matrix.mode }} - # Verify that the the "wasm32_c" configuration builds. - build-cross-wasm32-c: + test-cross-wasm32-c: runs-on: ${{ matrix.host_os }} strategy: matrix: features: + - # Default - --features=wasm32_c host_os: - ubuntu-18.04 @@ -148,7 +148,9 @@ jobs: - nightly target: - wasm32-unknown-unknown - + webdriver: + - GECKODRIVER=geckodriver + - CHROMEDRIVER=chromedriver steps: - uses: actions/checkout@v2 @@ -165,9 +167,10 @@ jobs: # feature is enabled. CC_wasm32_unknown_unknown: clang-10 AR_wasm32_unknown_unknown: llvm-ar-10 + CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_RUNNER: wasm-bindgen-test-runner # TODO: Collect the resultant artifacts and/or run the tests. run: | - cargo test -vv --no-run --target=${{ matrix.target }} ${{ matrix.features }} ${{ matrix.mode }} + ${{ matrix.webdriver }} cargo test -vv --target=${{ matrix.target }} ${{ matrix.features }} ${{ matrix.mode }} build-cross-apple: runs-on: ${{ matrix.host_os }} diff --git a/Cargo.toml b/Cargo.toml index e8d081549c..1fe5854e66 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -314,7 +314,7 @@ web-sys = { version = "0.3.37", default-features = false, features = ["Crypto", winapi = { version = "0.3.8", default-features = false, features = ["ntsecapi", "wtypesbase"] } [target.'cfg(target_arch = "wasm32")'.dev-dependencies] -wasm-bindgen-test = { version = "0.3.10", default-features = false } +wasm-bindgen-test = { version = "0.3.18", default-features = false } [target.'cfg(any(unix, windows))'.dev-dependencies] libc = { version = "0.2.69", default-features = false } diff --git a/mk/install-build-tools.sh b/mk/install-build-tools.sh index b0b77ca2d9..ca4a794487 100755 --- a/mk/install-build-tools.sh +++ b/mk/install-build-tools.sh @@ -55,6 +55,7 @@ case $target in libc6-dev-i386 ;; --target=wasm32-unknown-unknown) + cargo install wasm-bindgen-cli --vers "0.2.68" --bin wasm-bindgen-test-runner case ${features-} in *wasm32_c*) # "wasm_c" has only been tested with clang-10 and llvm-ar-10. The build From 5f3eaff3c58e369de5509492c9d9acfe6e4b51b7 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 10 Nov 2020 14:38:35 -0800 Subject: [PATCH 215/399] CI/CD: Move Windows testing to GitHub Actions. --- .github/workflows/ci.yml | 32 ++++++++++++++++++++ appveyor.yml | 20 ------------- mk/appveyor.bat | 60 -------------------------------------- mk/install-build-tools.ps1 | 30 +++++++++++++++++++ 4 files changed, 62 insertions(+), 80 deletions(-) delete mode 100644 appveyor.yml delete mode 100644 mk/appveyor.bat create mode 100644 mk/install-build-tools.ps1 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1d18fb1a2f..781a8af5a7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,6 +42,38 @@ jobs: - run: | cargo test -vv ${{ matrix.features }} ${{ matrix.mode }} + test-windows-msvc: + runs-on: windows-latest + strategy: + matrix: + features: + - # Default + mode: + - # debug + - --release + rust_channel: + - stable + - beta + - nightly + target: + - x86_64-pc-windows-msvc + - i686-pc-windows-msvc + steps: + - uses: actions/checkout@v2 + + - run: > + (powershell -ExecutionPolicy Bypass ./mk/install-build-tools.ps1) -and + ("$pwd\target\tools" >> $env:GITHUB_PATH) + + - uses: actions-rs/toolchain@v1 + with: + override: true + target: ${{ matrix.target }} + toolchain: ${{ matrix.rust_channel }} + + - run: | + cargo test -vv --target=${{ matrix.target }} ${{ matrix.features }} ${{ matrix.mode }} + test-cross-linux-linux: runs-on: ${{ matrix.host_os }} strategy: diff --git a/appveyor.yml b/appveyor.yml deleted file mode 100644 index 97988f1f17..0000000000 --- a/appveyor.yml +++ /dev/null @@ -1,20 +0,0 @@ -version: 1.0.{build} -os: - - Visual Studio 2019 -clone_depth: 1 -configuration: - - Debug - - Release -platform: - - Win32 - - x64 -environment: - matrix: - - TOOLCHAIN_VERSION: 14.0 - RUST: stable - - TOOLCHAIN_VERSION: 14.0 - RUST: beta - - TOOLCHAIN_VERSION: 14.0 - RUST: nightly - -build_script: mk/appveyor.bat diff --git a/mk/appveyor.bat b/mk/appveyor.bat deleted file mode 100644 index ac7c2b713f..0000000000 --- a/mk/appveyor.bat +++ /dev/null @@ -1,60 +0,0 @@ -echo on -SetLocal EnableDelayedExpansion - -set VCVARSALL="C:\Program Files (x86)\Microsoft Visual Studio %TOOLCHAIN_VERSION%\VC\vcvarsall.bat" - -if [%Platform%] NEQ [x64] goto win32 -set TARGET_ARCH=x86_64 -goto download - -:win32 -echo on -if [%Platform%] NEQ [Win32] exit 1 -set TARGET_ARCH=i686 -goto download - -:download -REM vcvarsall turns echo off -echo on - -mkdir windows_build_tools -mkdir windows_build_tools\ -echo Downloading Yasm... -powershell -Command "(New-Object Net.WebClient).DownloadFile('https://www.tortall.net/projects/yasm/releases/yasm-1.3.0-win64.exe', 'windows_build_tools\yasm.exe')" -if %ERRORLEVEL% NEQ 0 ( - echo ...downloading Yasm failed. - exit 1 -) - -mkdir build -set RUSTUP_URL=https://win.rustup.rs/%TARGET_ARCH% -set RUSTUP_EXE=build\rustup-init-%TARGET_ARCH%.exe -echo Downloading %RUSTUP_URL%... -powershell -Command "(New-Object Net.WebClient).DownloadFile('%RUSTUP_URL%', '%RUSTUP_EXE%')" -if %ERRORLEVEL% NEQ 0 ( - echo ...downloading rustup failed. - exit 1 -) - -set TARGET=%TARGET_ARCH%-pc-windows-msvc -%RUSTUP_EXE% -y --default-host %TARGET% --default-toolchain %RUST% -if %ERRORLEVEL% NEQ 0 exit 1 - -set PATH=%USERPROFILE%\.cargo\bin;%cd%\windows_build_tools;%PATH% - -if [%Configuration%] == [Release] set CARGO_MODE=--release - -set - -link /? -cl /? -rustc --version -cargo --version - -cargo test -vv %CARGO_MODE% -if %ERRORLEVEL% NEQ 0 exit 1 - -REM Verify that `cargo build`, independent from `cargo test`, works; i.e. -REM verify that non-test builds aren't trying to use test-only features. -cargo build -vv %CARGO_MODE% -if %ERRORLEVEL% NEQ 0 exit 1 diff --git a/mk/install-build-tools.ps1 b/mk/install-build-tools.ps1 new file mode 100644 index 0000000000..4d35925497 --- /dev/null +++ b/mk/install-build-tools.ps1 @@ -0,0 +1,30 @@ +function Download-File { + param ( + [Parameter(Mandatory)] + [string]$Url, + [Parameter(Mandatory)] + [string]$ExpectedDigest, + [Parameter(Mandatory)] + [string]$OutFile + ) + $TmpFile = New-TemporaryFile + Invoke-WebRequest -Uri $Url -OutFile $TmpFile.FullName + $ActualDigest = ( Get-FileHash -Algorithm SHA256 $TmpFile ).Hash + if ( $ActualDigest -eq $ExpectedDigest ) + { + Move-Item -Force $TmpFile $OutFile + return + } + + echo "Digest verification failed for $Url; actual $ActualDigest, expected $ExpectedDigest" + rm $TmpFile + exit 1 +} + +$tools_dir = "target/tools" +mkdir -Force $tools_dir + +Download-File ` + -Url 'https://www.tortall.net/projects/yasm/releases/yasm-1.3.0-win64.exe' ` + -ExpectedDigest D160B1D97266F3F28A71B4420A0AD2CD088A7977C2DD3B25AF155652D8D8D91F ` + -OutFile $tools_dir/yasm.exe From 236a330e257386102ec4e7d237df41b87fd51989 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 10 Nov 2020 16:01:13 -0800 Subject: [PATCH 216/399] CI/CD: Combine non-wasm32 GitHub Action matrices together. --- .github/workflows/ci.yml | 203 ++++++++++++++------------------------- 1 file changed, 70 insertions(+), 133 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 781a8af5a7..99c0b76d6e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,92 +14,89 @@ jobs: - uses: actions/checkout@v2 - run: cargo fmt --all -- --check - test-target-is-host: + test: runs-on: ${{ matrix.host_os }} strategy: matrix: features: - # Default - host_os: - - ubuntu-18.04 - - macos-latest + + target: + - aarch64-apple-ios + - aarch64-linux-android + - aarch64-unknown-linux-gnu + - arm-unknown-linux-gnueabihf + - armv7-linux-androideabi + - i686-pc-windows-msvc + - i686-unknown-linux-gnu + - i686-unknown-linux-musl + - x86_64-pc-windows-msvc + - x86_64-apple-darwin + - x86_64-unknown-linux-musl + - x86_64-unknown-linux-gnu + mode: - # debug - --release + rust_channel: - stable - beta - nightly - steps: - - uses: actions-rs/toolchain@v1 - with: - override: true - toolchain: ${{ matrix.rust_channel }} + include: + - target: aarch64-apple-ios + host_os: macos-latest + # GitHub Actions doesn't have a way to run aarch64-apple-ios. + cargo_options: --no-run - - uses: actions/checkout@v2 + - target: aarch64-linux-android + host_os: ubuntu-18.04 + # TODO: https://github.com/briansmith/ring/issues/486 + cargo_options: --no-run - - run: | - cargo test -vv ${{ matrix.features }} ${{ matrix.mode }} + - target: aarch64-unknown-linux-gnu + host_os: ubuntu-18.04 - test-windows-msvc: - runs-on: windows-latest - strategy: - matrix: - features: - - # Default - mode: - - # debug - - --release - rust_channel: - - stable - - beta - - nightly - target: - - x86_64-pc-windows-msvc - - i686-pc-windows-msvc - steps: - - uses: actions/checkout@v2 + - target: arm-unknown-linux-gnueabihf + host_os: ubuntu-18.04 - - run: > - (powershell -ExecutionPolicy Bypass ./mk/install-build-tools.ps1) -and - ("$pwd\target\tools" >> $env:GITHUB_PATH) + - target: armv7-linux-androideabi + host_os: ubuntu-18.04 + # TODO: https://github.com/briansmith/ring/issues/838 + cargo_options: --no-run - - uses: actions-rs/toolchain@v1 - with: - override: true - target: ${{ matrix.target }} - toolchain: ${{ matrix.rust_channel }} + - target: i686-pc-windows-msvc + host_os: windows-latest - - run: | - cargo test -vv --target=${{ matrix.target }} ${{ matrix.features }} ${{ matrix.mode }} + - target: i686-unknown-linux-gnu + host_os: ubuntu-18.04 - test-cross-linux-linux: - runs-on: ${{ matrix.host_os }} - strategy: - matrix: - features: - - # Default - host_os: - - ubuntu-18.04 - mode: - - # debug - - --release - rust_channel: - - stable - - beta - - nightly - target: - - aarch64-unknown-linux-gnu - - arm-unknown-linux-gnueabihf - - i686-unknown-linux-gnu - - i686-unknown-linux-musl - - x86_64-unknown-linux-musl + - target: i686-unknown-linux-musl + host_os: ubuntu-18.04 + + - target: x86_64-pc-windows-msvc + host_os: windows-latest + + - target: x86_64-apple-darwin + host_os: macos-latest + + - target: x86_64-unknown-linux-musl + host_os: ubuntu-18.04 + + - target: x86_64-unknown-linux-gnu + host_os: ubuntu-18.04 steps: - uses: actions/checkout@v2 - - run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }} + - if: ${{ !contains(matrix.host_os, 'windows') }} + run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }} + + - if: ${{ contains(matrix.host_os, 'windows') }} + run: > + (powershell -ExecutionPolicy Bypass ./mk/install-build-tools.ps1) -and + ("$pwd\target\tools" >> $env:GITHUB_PATH) - uses: actions-rs/toolchain@v1 with: @@ -107,60 +104,30 @@ jobs: target: ${{ matrix.target }} toolchain: ${{ matrix.rust_channel }} - - run: | + - if: ${{ !contains(matrix.host_os, 'windows') }} + run: | + PATH=${ANDROID_SDK_ROOT}/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/bin:$PATH \ + CC_aarch64_linux_android=aarch64-linux-android21-clang \ + CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang \ CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc \ CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc \ CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="qemu-aarch64 -L /usr/aarch64-linux-gnu" \ CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc \ CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc \ CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER="qemu-arm -L /usr/arm-linux-gnueabihf" \ + CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang \ + CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang \ CC_i686_unknown_linux_gnu=clang \ CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang \ CC_i686_unknown_linux_musl=clang \ CARGO_TARGET_i686_UNKNOWN_LINUX_MUSL_LINKER=clang \ CC_x86_64_unknown_linux_musl=clang \ CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang \ - cargo test -vv --target=${{ matrix.target }} ${{ matrix.features }} ${{ matrix.mode }} + cargo test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }} - # Verify cross-compiling with the default feature set works. - build-cross-linux: - runs-on: ${{ matrix.host_os }} - strategy: - matrix: - features: - - # Default - host_os: - - ubuntu-18.04 - mode: - - # debug - - --release - rust_channel: - - stable - - beta - - nightly - target: - - aarch64-linux-android - - armv7-linux-androideabi - steps: - - uses: actions/checkout@v2 - - - run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }} - - - uses: actions-rs/toolchain@v1 - with: - override: true - target: ${{ matrix.target }} - toolchain: ${{ matrix.rust_channel }} - - # wasm32-*: When the "wasm32_c" feature isn't enabled, we don't need to set anything. - # TODO: Collect the resultant artifacts and/or run the tests. - - run: | - PATH=${ANDROID_SDK_ROOT}/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/bin:$PATH \ - CC_aarch64_linux_android=aarch64-linux-android21-clang \ - CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang \ - CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang \ - CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang \ - cargo test -vv --no-run --target=${{ matrix.target }} ${{ matrix.features }} ${{ matrix.mode }} + - if: ${{ contains(matrix.host_os, 'windows') }} + run: | + cargo test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }} test-cross-wasm32-c: runs-on: ${{ matrix.host_os }} @@ -203,33 +170,3 @@ jobs: # TODO: Collect the resultant artifacts and/or run the tests. run: | ${{ matrix.webdriver }} cargo test -vv --target=${{ matrix.target }} ${{ matrix.features }} ${{ matrix.mode }} - - build-cross-apple: - runs-on: ${{ matrix.host_os }} - strategy: - matrix: - host_os: - - macos-latest - mode: - - # debug - - --release - rust_channel: - - stable - - beta - - nightly - target: - - aarch64-apple-ios - steps: - - uses: actions/checkout@v2 - - - run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }} - - - uses: actions-rs/toolchain@v1 - with: - override: true - target: ${{ matrix.target }} - toolchain: ${{ matrix.rust_channel }} - - # TODO: Collect the resultant artifacts and/or run the tests. - - run: | - cargo test --no-run -vv ${{ matrix.features }} ${{ matrix.mode }} --target=${{ matrix.target }} From 9be622e4f4ffb33fffaff1176737284ca41a3f43 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 10 Nov 2020 16:38:51 -0800 Subject: [PATCH 217/399] CI/CD: Clarify the wasm32-unknown-unknown GitHub Actions matrix. --- .github/workflows/ci.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 99c0b76d6e..9f3c5662b3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -129,7 +129,9 @@ jobs: run: | cargo test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }} - test-cross-wasm32-c: + # The wasm32-unknown-unknown targets have a different set of feature sets and + # an additional `webdriver` dimension. + test-wasm32: runs-on: ${{ matrix.host_os }} strategy: matrix: @@ -162,8 +164,8 @@ jobs: toolchain: ${{ matrix.rust_channel }} - env: - # These are only needed for for wasm32 targets only, only when the "wasm_c" - # feature is enabled. + # The first two are only needed for for wasm32 targets only, only + # when the "wasm_c" feature is enabled. CC_wasm32_unknown_unknown: clang-10 AR_wasm32_unknown_unknown: llvm-ar-10 CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_RUNNER: wasm-bindgen-test-runner From f3ce5328085ba2281ccc168d2d524f97518bfcd8 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 10 Nov 2020 17:25:41 -0800 Subject: [PATCH 218/399] CI/CD: Don't run duplicate jobs for the repository owners PRs. --- .github/workflows/ci.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9f3c5662b3..1bee0217c7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,7 +4,11 @@ on: push: jobs: rustfmt: + # Don't run duplicate `push` jobs for the repo owner's PRs. + if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository + runs-on: ubuntu-18.04 + steps: - uses: actions-rs/toolchain@v1 with: @@ -15,7 +19,11 @@ jobs: - run: cargo fmt --all -- --check test: + # Don't run duplicate `push` jobs for the repo owner's PRs. + if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository + runs-on: ${{ matrix.host_os }} + strategy: matrix: features: @@ -132,7 +140,11 @@ jobs: # The wasm32-unknown-unknown targets have a different set of feature sets and # an additional `webdriver` dimension. test-wasm32: + # Don't run duplicate `push` jobs for the repo owner's PRs. + if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository + runs-on: ${{ matrix.host_os }} + strategy: matrix: features: @@ -152,6 +164,7 @@ jobs: webdriver: - GECKODRIVER=geckodriver - CHROMEDRIVER=chromedriver + steps: - uses: actions/checkout@v2 From da43d82fd62bc8ee3a35ad14a165c6b5452b0733 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 10 Nov 2020 17:44:55 -0800 Subject: [PATCH 219/399] Update README.md to bring the "Online Automated Testing" up to date. --- README.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 14e0e6cbe5..6ea662c116 100644 --- a/README.md +++ b/README.md @@ -198,11 +198,11 @@ any security vulnerability in this code privately to anybody.** Online Automated Testing ------------------------ -Appveyor is currently used for testing Windows hosts and targets. All other -platforms are tested in GitHub Actions. The tests are run in debug and release -configurations, for the current release of each Rust channel (Stable, Beta, -Nightly). A C compiler is currently required to compile some parts of *ring*; -*ring* should be compatible with GCC 4.8+, Clang 10+, and MSVC 2019+, at least. +The following targets are tested in GitHub Actions. The tests are run in debug +and release configurations, for the current release of each Rust channel +(Stable, Beta, Nightly). A C compiler is currently required to compile some +parts of *ring*; *ring* should be compatible with GCC 4.8+, Clang 10+, and MSVC +2019+, at least. | Target | Notes | | -----------------------------| ----- | @@ -211,12 +211,14 @@ Nightly). A C compiler is currently required to compile some parts of *ring*; | aarch64-linux-android | API level 21 (Android 5.0+); [Build-only; issue 486](https://github.com/briansmith/ring/issues/486) | arm-unknown-linux-gnueabihf | Tested on 64-bit Linux using QEMU user emulation | armv7-linux-androideabi | API level 18 (Android 4.3+); [Build-only; issue 838](https://github.com/briansmith/ring/issues/838) +| i686-pc-windows-msvc | Tested on 64-bit Windows Server 2019 Datacenter | i686-unknown-linux-gnu | Tested on 64-bit Linux using multilib support | i686-unknown-linux-musl | [Needs more work; issue 713](https://github.com/briansmith/ring/issues/713) +| x86_64-pc-windows-msvc | Tested on 64-bit Windows Server 2019 Datacenter | x86_64-unknown-linux-gnu | | x86_64-unknown-linux-musl | [Needs more work; issue 713](https://github.com/briansmith/ring/issues/713) | x86_64-apple-darwin | -| wasm32-unknown-unknown | [Build-only; issue 1082](https://github.com/briansmith/ring/issues/1082) +| wasm32-unknown-unknown | Tested using wasm-bindgen-test-runner on Linux in Chrome and Firefox. License From eb1fad6ad2921c98da60a787240f37f01b2e322d Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 10 Nov 2020 18:45:26 -0800 Subject: [PATCH 220/399] Delete unused util/* inherited from BoringSSL. --- .gitignore | 23 --- util/ar/ar.go | 154 --------------- util/ar/ar_test.go | 118 ----------- util/ar/testdata/linux/bar.cc.o | Bin 1616 -> 0 bytes util/ar/testdata/linux/foo.c.o | Bin 1464 -> 0 bytes util/ar/testdata/linux/libsample.a | Bin 3328 -> 0 bytes util/ar/testdata/mac/bar.cc.o | Bin 860 -> 0 bytes util/ar/testdata/mac/foo.c.o | Bin 684 -> 0 bytes util/ar/testdata/mac/libsample.a | Bin 1864 -> 0 bytes util/ar/testdata/sample/CMakeLists.txt | 3 - util/ar/testdata/sample/bar.cc | 15 -- util/ar/testdata/sample/foo.c | 7 - util/ar/testdata/windows/bar.cc.obj | Bin 3299 -> 0 bytes util/ar/testdata/windows/foo.c.obj | Bin 1910 -> 0 bytes util/ar/testdata/windows/sample.lib | Bin 5710 -> 0 bytes util/generate-asm-lcov.py | 152 -------------- util/generate-coverage.sh | 60 ------ util/make_prefix_headers.go | 232 ---------------------- util/read_symbols.go | 262 ------------------------- 19 files changed, 1026 deletions(-) delete mode 100644 util/ar/ar.go delete mode 100644 util/ar/ar_test.go delete mode 100644 util/ar/testdata/linux/bar.cc.o delete mode 100644 util/ar/testdata/linux/foo.c.o delete mode 100644 util/ar/testdata/linux/libsample.a delete mode 100644 util/ar/testdata/mac/bar.cc.o delete mode 100644 util/ar/testdata/mac/foo.c.o delete mode 100644 util/ar/testdata/mac/libsample.a delete mode 100644 util/ar/testdata/sample/CMakeLists.txt delete mode 100644 util/ar/testdata/sample/bar.cc delete mode 100644 util/ar/testdata/sample/foo.c delete mode 100644 util/ar/testdata/windows/bar.cc.obj delete mode 100644 util/ar/testdata/windows/foo.c.obj delete mode 100644 util/ar/testdata/windows/sample.lib delete mode 100755 util/generate-asm-lcov.py delete mode 100755 util/generate-coverage.sh delete mode 100644 util/make_prefix_headers.go delete mode 100644 util/read_symbols.go diff --git a/.gitignore b/.gitignore index 7219d6bd38..3b63d5972c 100644 --- a/.gitignore +++ b/.gitignore @@ -7,29 +7,6 @@ ssl/test/runner/runner doc/*.html doc/doc.css -util/bot/android_ndk -util/bot/android_tools -util/bot/cmake-linux64 -util/bot/cmake-linux64.tar.gz -util/bot/cmake-mac -util/bot/cmake-mac.tar.gz -util/bot/cmake-win32 -util/bot/cmake-win32.zip -util/bot/golang -util/bot/gyp -util/bot/libcxx -util/bot/libcxxabi -util/bot/llvm-build -util/bot/nasm-win32.exe -util/bot/perl-win32 -util/bot/perl-win32.zip -util/bot/sde-linux64 -util/bot/sde-linux64.tar.bz2 -util/bot/sde-win32 -util/bot/sde-win32.tar.bz2 -util/bot/win_toolchain.json -util/bot/yasm-win32.exe - *.bk *.orig *~ diff --git a/util/ar/ar.go b/util/ar/ar.go deleted file mode 100644 index 756caf53d8..0000000000 --- a/util/ar/ar.go +++ /dev/null @@ -1,154 +0,0 @@ -// Copyright (c) 2017, Google Inc. -// -// Permission to use, copy, modify, and/or distribute this software for any -// purpose with or without fee is hereby granted, provided that the above -// copyright notice and this permission notice appear in all copies. -// -// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -// ar.go contains functions for parsing .a archive files. - -package ar - -import ( - "bytes" - "errors" - "fmt" - "io" - "strconv" - "strings" -) - -// ParseAR parses an archive file from r and returns a map from filename to -// contents, or else an error. -func ParseAR(r io.Reader) (map[string][]byte, error) { - // See https://en.wikipedia.org/wiki/Ar_(Unix)#File_format_details - const expectedMagic = "!\n" - var magic [len(expectedMagic)]byte - if _, err := io.ReadFull(r, magic[:]); err != nil { - return nil, err - } - if string(magic[:]) != expectedMagic { - return nil, errors.New("ar: not an archive file") - } - - const filenameTableName = "//" - const symbolTableName = "/" - var longFilenameTable []byte - ret := make(map[string][]byte) - - for { - var header [60]byte - if _, err := io.ReadFull(r, header[:]); err != nil { - if err == io.EOF { - break - } - return nil, errors.New("ar: error reading file header: " + err.Error()) - } - - name := strings.TrimRight(string(header[:16]), " ") - sizeStr := strings.TrimRight(string(header[48:58]), "\x00 ") - size, err := strconv.ParseUint(sizeStr, 10, 64) - if err != nil { - return nil, errors.New("ar: failed to parse file size: " + err.Error()) - } - - // File contents are padded to a multiple of two bytes - storedSize := size - if storedSize%2 == 1 { - storedSize++ - } - - contents := make([]byte, storedSize) - if _, err := io.ReadFull(r, contents); err != nil { - return nil, errors.New("ar: error reading file contents: " + err.Error()) - } - contents = contents[:size] - - switch { - case name == filenameTableName: - if longFilenameTable != nil { - return nil, errors.New("ar: two filename tables found") - } - longFilenameTable = contents - continue - - case name == symbolTableName: - continue - - case len(name) > 1 && name[0] == '/': - if longFilenameTable == nil { - return nil, errors.New("ar: long filename reference found before filename table") - } - - // A long filename is stored as "/" followed by a - // base-10 offset in the filename table. - offset, err := strconv.ParseUint(name[1:], 10, 64) - if err != nil { - return nil, errors.New("ar: failed to parse filename offset: " + err.Error()) - } - if offset > uint64((^uint(0))>>1) { - return nil, errors.New("ar: filename offset overflow") - } - - if int(offset) > len(longFilenameTable) { - return nil, errors.New("ar: filename offset out of bounds") - } - - filename := longFilenameTable[offset:] - // Windows terminates filenames with NUL characters, - // while sysv/GNU uses /. - if i := bytes.IndexAny(filename, "/\x00"); i < 0 { - return nil, errors.New("ar: unterminated filename in table") - } else { - filename = filename[:i] - } - - name = string(filename) - - default: - name = strings.TrimRight(name, "/") - } - - // Post-processing for BSD: - // https://en.wikipedia.org/wiki/Ar_(Unix)#BSD_variant - // - // If the name is of the form #1/XXX, XXX identifies the length of the - // name, and the name itself is stored as a prefix of the data, possibly - // null-padded. - - var namelen uint - n, err := fmt.Sscanf(name, "#1/%d", &namelen) - if err == nil && n == 1 && len(contents) >= int(namelen) { - name = string(contents[:namelen]) - contents = contents[namelen:] - - // Names can be null padded; find the first null (if any). Note that - // this also handles the case of a null followed by non-null - // characters. It's not clear whether those can ever show up in - // practice, but we might as well handle them in case they can show - // up. - var null int - for ; null < len(name); null++ { - if name[null] == 0 { - break - } - } - name = name[:null] - } - - if name == "__.SYMDEF" || name == "__.SYMDEF SORTED" { - continue - } - - ret[name] = contents - } - - return ret, nil -} diff --git a/util/ar/ar_test.go b/util/ar/ar_test.go deleted file mode 100644 index ef37d795d2..0000000000 --- a/util/ar/ar_test.go +++ /dev/null @@ -1,118 +0,0 @@ -// Copyright (c) 2018, Google Inc. -// -// Permission to use, copy, modify, and/or distribute this software for any -// purpose with or without fee is hereby granted, provided that the above -// copyright notice and this permission notice appear in all copies. -// -// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -package ar - -import ( - "bytes" - "flag" - "io/ioutil" - "os" - "path/filepath" - "testing" -) - -var testDataDir = flag.String("testdata", "testdata", "The path to the test data directory.") - -type arTest struct { - name string - in string - out map[string]string - // allowPadding is true if the contents may have trailing newlines at end. - // On macOS, ar calls ranlib which pads all inputs up to eight bytes with - // newlines. Unlike ar's native padding up to two bytes, this padding is - // included in the size field, so it is not removed when decoding. - allowPadding bool -} - -func (test *arTest) Path(file string) string { - return filepath.Join(*testDataDir, test.name, file) -} - -func removeTrailingNewlines(in []byte) []byte { - for len(in) > 0 && in[len(in)-1] == '\n' { - in = in[:len(in)-1] - } - return in -} - -var arTests = []arTest{ - { - "linux", - "libsample.a", - map[string]string{ - "foo.c.o": "foo.c.o", - "bar.cc.o": "bar.cc.o", - }, - false, - }, - { - "mac", - "libsample.a", - map[string]string{ - "foo.c.o": "foo.c.o", - "bar.cc.o": "bar.cc.o", - }, - true, - }, - { - "windows", - "sample.lib", - map[string]string{ - "CMakeFiles\\sample.dir\\foo.c.obj": "foo.c.obj", - "CMakeFiles\\sample.dir\\bar.cc.obj": "bar.cc.obj", - }, - false, - }, -} - -func TestAR(t *testing.T) { - for _, test := range arTests { - t.Run(test.name, func(t *testing.T) { - in, err := os.Open(test.Path(test.in)) - if err != nil { - t.Fatalf("opening input failed: %s", err) - } - defer in.Close() - - ret, err := ParseAR(in) - if err != nil { - t.Fatalf("reading input failed: %s", err) - } - - for file, contentsPath := range test.out { - expected, err := ioutil.ReadFile(test.Path(contentsPath)) - if err != nil { - t.Fatalf("error reading %s: %s", contentsPath, err) - } - got, ok := ret[file] - if test.allowPadding { - got = removeTrailingNewlines(got) - expected = removeTrailingNewlines(got) - } - if !ok { - t.Errorf("file %s missing from output", file) - } else if !bytes.Equal(got, expected) { - t.Errorf("contents for file %s did not match", file) - } - } - - for file, _ := range ret { - if _, ok := test.out[file]; !ok { - t.Errorf("output contained unexpected file %q", file) - } - } - }) - } -} diff --git a/util/ar/testdata/linux/bar.cc.o b/util/ar/testdata/linux/bar.cc.o deleted file mode 100644 index 92e83a9a1108df10391db6c58497cd9bf06cdd2d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1616 zcmbtTL2DC16n>l4R&A6h9t!o4lPKCTn+h#OWRtLo%F>8!Km}Pg>z0b$UD-?|deDO) zddp7|{3Bijk9rsCd%N?}WjbE;3p4L~-@Nx`=4JN1=l5%t1q=)B!m-CHz(f0(y9ITj z4l6La_xbz$*;g_@NG>K6V9@JrH?NJx(^O8In_@$>*4vxY!gby`TcUOQdMOvh;Bsle zdiw~hS;JbZFQ1v?L9U=qgRo3f=R)ISt#^K@ivj4;+8xpn7ir>kzg#ED1iIrX_;qAj zvyB}9u<>Vtjg?HWVaX(8mEtBR)@(R^LZdrgs+@;2>q=+8xI1dMa5Qk}@K7-6_y3~9 zILt*9k%8dpjG?TFy?2OhYGK^k=D8l1|U_ZyU@V@_R zn^=I}rv7qV)CjAkS2Y8!RZx`?K9foq09%L)EEpJ$9(_Rl63EpA_SB@B;Ub{Rc=) z{r_UcHoaQ?8y*|Eu16lwegAmE=^Q-=DrSQ~pnt|D=*j HRL}ndEL4Ek diff --git a/util/ar/testdata/linux/foo.c.o b/util/ar/testdata/linux/foo.c.o deleted file mode 100644 index 6423c1d49bc09ac51932452bb8e306243fc83141..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1464 zcmb_bL2DCH5S~r6Ra+$$4?;bx7g4m2L@O;l$fhBQ$YM|%(1R?yaZAA@3!4p85%nZ^ z>(A-kKj9w`ym}Yvd~e^-=j-Moe#?6^^X<&Md9$;hx?!*8c_i@Y5uIAX5*^o0^+2lu zttkzMH8<~+w9ax(??m4F z=j0tWy!F-P3rAeQ4d$_cHEiuGjW4y%<)x4vU@rh_KS#e#s$SPCZ$?z-rwVn>RE0V% zRneSfc>#a^3=hw%Rz3QT%&qWhobe{Qxqxpi;Aub0)CfC8{cy0`4x>S@_oBNO?X`Eq zZba!}k>=BQ9L?TMl59*#oa0!j6gR)b>-R|s=m2=sD7?=)fbp z%hPeJ3NC=uo4ANcC9@f+Q8t;RQ|6{wk*faF;l`|pM{h}K_w*pz&*Mp|5Bm?B&p9wF z?w1Uh1LS*@R_QA`kKMNLe2 zeYULfp2BJ`0OWCO0d&VS)}jdNUK89$3-%Z?Zs;|F)^pDf?9rvD5meiuA3u%4$_oJ0 z6~2h}w%>D$`|CTFOC=eRT`DJxwc7i(Qmc05a=3LuIhclhiBW)^u6^E-tONbf2g|oU ze)~?coVFi-hWWX@80wBicg`1goPyKE#;(8xSLAiuw zO25KcrW_&~!I9Q8DjE3g44irZCe=~DJJS1#>^L1CEu%&HXsM{4qkp_$EOag+v$yd1 z2q&GxdX9rSMDz;L;CuSldlAY5S>#o;zx3Yf{Nf3wht5VIadQnHI@B7;mVOcN(AM`XMe1XT z_v;=n{4LzSL&4w2Cc6MUPpiz^g0&{w+W#symoA?Qt-dob2_1=SS#6UgRA6yi@bAGa^M7KRLGT^3muoq1oUZX6n% zL2?9$qe?nJyhhtFCczUZ%=2r)0Xi^>?m+lf2gk+ltfXf5-J0@o`N#N6dFh#rpz7rs fp;z+L^w1_nlE1|R{%EI_;i#83cYAdm!N3lJX%D1eIJfU1GtHx zttf%8A^Z^6h!6xH#u9)sK<0tm;=#ng07M{81Bilw`1s`f+=9g9lK9fR^31%H_;?=| zm>h_PnWF#|d;v5M-zEF9?J5kP1RQI-kA( zX#x|mhhh4m;Q|c;m?#5-2$acK6~w?;A;2iW!_F}Qs7eJW4szdy{}2ERR|ZEufi@;* zUN)#ckPm^%byfM4@@wrMR|!i M@x_(7N%=Vp0FaM5A^-pY diff --git a/util/ar/testdata/mac/libsample.a b/util/ar/testdata/mac/libsample.a deleted file mode 100644 index b7d8eb5ce0ff38cd7f9f1c5758ef4904865c4889..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1864 zcmbtVJ#Q015FH0dA_IvFkN_dE2pS5TJAcG35DLPMQt%lY6i}kIbDZT!@m=IN5U5fh zB)a^Bl$0qckwpWL5URON{k_Nvw>^qIK8b z=tk?vuT|!2ec!H9vS2)}Wp;!JKXx|RSkc-G+h|Z%uLp0IgI8KVFnzY?7Dvg(9`Lx9 zd4Nf&2G+)F?YDHZgSJOITJNvVk-%xO*k$6B#g^0soYA8 zw7YY&-^|YJ?#+(+>Uuc6@y0X9)&sPFO;OcgidAIJCv+flTyVdfu^|Xim8A;l$hbRm zu@2y4#JzEsEm?Z9gHiLphJr0%W?PO4ug|n`S0au(V7< zHWC&yE!vKRDQEK;L=?1)nux{aSvH_$nCZx)s%9iovJq93sGfQbMA#n^rU1Ty%@Bko zP4LFJrWm@ZPg~&~V{PHlyrpHe1za>7)3bTBXuu|jgp$dkl9VmW&{73-0k)uQhGp{1 z@Js7aDq9(#5#7XLf(@-B0BReoC62|EYiNy57Dz`{cR{~!q$wfv9w&7^P)JeXW2j@ zr&yYv<9>w^UV+N}>h>XM9U}5?C+7h03N6yw8*sc2$GdUle&9&{?m@?Q!Me~e`nBd9 zM3EI)&Ptkk!BAL_dp@ui;eA!ZMNzkpoh2D`p=$4Ks9MMJr1m(fNtM+8bxTCCxH~Cl zEK)3aJb?Q9?p$9K9X}}Y?kepROgZgyp%+ys~$Fuo1 z6ugzT<4VCwidkJP_#+{g>Z$;Gmf;%yKlENu9taBGztes0N@Lr}*58Lu@B8)rF9EKi zyayX7Vxmx5^A5BrJ1=Qjn?q2%ha=GvcS8+6KBK8)mHq(32Gd4#vbkvwFeRL1h^zoFZ)^H$I1u`6=cOCp zwe6DMZGC-pDbl@nPXF=j!GQ;sfY!t!srnU2vmkq#3k|tl=IiiKsxo2&TdbgtF81R>cR00MBI(_11Uwa-; z!lea=;TX=pf<5i5ZHGjkVx#+MV|an+6p~cm1_VNvZjrq^0OwIk#4+G6D+&K!T9>(w z?Lh#dz9N%q%YZQG%$J6GT>1&BJ^JS@X5{3ITZ2et^@$`M={bD(s13a}Bsn$_OAh5U zt5-G|@UQWif~D$nIfxW;b6QS~(4C0z(%WVoF?ZzF)*Y=XkY#>&+g|36x2^vGM(W+{ diff --git a/util/ar/testdata/windows/foo.c.obj b/util/ar/testdata/windows/foo.c.obj deleted file mode 100644 index 9b4aad7a4294ae0b4a2e242c96c55a574441869e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1910 zcmcIlO>7fK6n>ixp(Lf)5LdJmy0}IZiEg8$Ko#Y%#DO@%Cg3=r!lHQX-N2T$*VS8=B<8m2~4;Cv;S!$z#8yH)*YkhjTn3gZD@=N!HDbT2*|oos2)rV1Yc&6 za~Yc@`UtuN1tQ&?mkW5KXiRcWfH9tD9Q6{Va)7NvBZ5vgkt37_Y!d9s%SUz1(-_3M z53uj!oB&mzO_3{M-iP>cH}Vc}E``8&j#o_dW%dPg$={F28RtCQ5-1Txk%^ZJ^UfgW z{M)?Zp~LRxZvuCaLhDz~se#S77fJfMXWRCzgXvtlue&pz8Q7D|=6d2`v_IXmb8BYX zKwKghFR}fG%>W@vzLK5lpldj;s%s;rUNFjP($)>NU^`~{pzB&{)iW(sb5zf8Jvt86 z)k+l$8CBEL)nrCHY-~3z!{xZFn~pkc+j3F13*SR0bVVT#@Bmgo1SU+OrZZ;Iv0Z!E zlfKMukoqg0Su&5|no`m(RnVd1$C|+yH$X3omEt9#dyQfHoCXo7g;_$Z0h-zyDmY*lOqygFHj!<~x5({shGAEerD)N0EXYS_ z3UFdw?CuUR`h0q_UCig_zKZQzb#wL0?dS zgO%4)KeZeSbl^`ZVphtgK4CTrZ{AQu%CMn%a$DOu0mgi!zU)yfqCkZ&EcGRi%8@9{ zA~pQB>&qRL7*U{t7Z$m$)X{8Fpd==bzh9Vny}(`YEaBIJhOeq7gwUG_q!9=qX$_zn z5)UDX^v;d|pcR^+zNAu`i2~gdN#5>w=v&kWC&D;TUtsZp;VepT+H<@0^L12Qy0~T> zU}cn-TYQduEjn>u{5=5l@-gH1vv~2P*!&3JoppfEVjPg`O7RjlE5*MrC>Krq@fc27 zvxeLsN(I}3p=>TW)K@mWZp}6P(ZHdqr`t!$kf@fAm}NadXP;od7-oj1)b_~GU~26L F@*khFPow|< diff --git a/util/ar/testdata/windows/sample.lib b/util/ar/testdata/windows/sample.lib deleted file mode 100644 index efeebb24e5427b0bccc5d1ad7755d3dd964f15ea..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5710 zcmcIoZ){sv6+bUd!{(ATX&VG|tX^>21y;vSnl$mM@shM@swOK-(rxWL+0XWC@~Goy zJwK;^RzX<>`!GR}XvT*Xp=lru!T2K~L_|MK>V$^I2M~OKfeO-!Hlzx+b(Mf3jq|(r zKKni6QYX-3-FNRh?|1J1d+zV}-aUqsn}0Ce8wpBcU{`-)D6wmJD5#IC*MVVAp9vFD zh)6pl(_I%nHDfQBaF^%+Y5Z%URkdC>>|2f6-}=~;aoilY3T8P~HWo?+GnTiU6b~$x%f;;MXQ(lN zM;(*j!@b^Qsv*hN&UES+Rk&FX#|unX6vopDoNJzR zqYFh(H^7AqSF((XSg=kJ`gA6CGHDweKfkRoo>r&09xDZLALfrMjQf?sw(+~b zIc_d`VCtx6i_h&mA6=Xv7`on}>oMSFgSf4X*-?+n%^xoh?h>|mOmIplOjXIdotLY3 z@4oSo!;`a<2S$_KQ!|f@P0#M_4r&ig?tN%vYTrzEq?L`|;q*4AW2AMWuCZk5aM^Uq zsl2gh<+ElnHD>3{RMvK^;#|30NL5^`kTRTUKM8sR@EZSbr`A0ebAm^eVoTI2H13T6{hZ~63iZCGrf`7f9#TEaxsxM3N8$5 zJsxNK2i9(%Osalhu?Qz;vBzAlWiY5$r`lSxq(Ps1m;j(DRw+4vB>iSy$%VXAOFY3=V`_5ZjB=MLy_evyvX*<7y4YtxJ`N?jLOIiz)vJx*yR|~cEp(LFl za){?3QRX>hCW&Fo5}JZD4~e?q_Cw-}Ea3~5n!Tk@mxbe}4UG zFZb%xb9_z4to)L-PJ91-w5}gB4L25#e?_CSQsXCLSgep1_spxgpM>EO3~8WY7;#Pf z1Pr4Lfn(Q6%tyX3b0H1%3pGCX=j+Q745nR^2!F*r>q#p?1A)C1Pt(h(D;cU51RXoZ;;d3*Pf6iJUvD!FyyC&pnxF_tB=z0r=R4N z@Z_{A2#hFyfuERJSr1e{;Dr4tF@hi}A_;yQ(tyUwNs+Td^tyT%81mCf;BRL2wz3i! ziup(;xMfJ2P~U4=8#gV&n0+T*(5@VL@alWm~ zrXoK2hQi=o$o~)@y}%Wiw=+Jf#oh>yD6_WkNZk94Vj8Tg7gGqYDJDex&w-dGB46vD zqk)*_R6sm5JDa9hit6*d?6}a-XYD|LuFzKf2uh(zU*OUp=$`=aT#AXnxJy zM@(RV_pE2n{adaQdvHDdL6ySHy*%A!RSFZfN+Ui4w|raT;Q*g$g1>x-J0khZ7A}Fx zF@N##7A&wQU=@<9$Py0gMxpZ%$U*aP%xWU}iN{7(&i92fnaex7j&Aw!$KE-zH2u%> z&c%-`Pi@HVzq0$KO)sXVpW5-|%g!4f3-NNVz8V{8{Xer2IKAN6UK<<1oWa5U^tp@I zygMBf`R4XhI+WB30?mhi+?0Krxa zHDDUp-f*jZg=c@rnUXy!Umc6sudG(bB0O4z{&Np~uJ~pwqRdGCV@?o=botam)-K4K R{}wy|Y*F3lD6Zzp{x|0|mFNHf diff --git a/util/generate-asm-lcov.py b/util/generate-asm-lcov.py deleted file mode 100755 index 257ae841c3..0000000000 --- a/util/generate-asm-lcov.py +++ /dev/null @@ -1,152 +0,0 @@ -#!/usr/bin/python -# Copyright (c) 2016, Google Inc. -# -# Permission to use, copy, modify, and/or distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -import os -import os.path -import subprocess -import sys - -# The LCOV output format for each source file is: -# -# SF: -# DA:, -# ... -# end_of_record -# -# The can either be 0 for an unexecuted instruction or a -# value representing the number of executions. The DA line should be omitted -# for lines not representing an instruction. - -SECTION_SEPERATOR = '-' * 80 - -def is_asm(l): - """Returns whether a line should be considered to be an instruction.""" - l = l.strip() - # Empty lines - if l == '': - return False - # Comments - if l.startswith('#'): - return False - # Assembly Macros - if l.startswith('.'): - return False - # Label - if l.endswith(':'): - return False - return True - -def merge(callgrind_files, srcs): - """Calls callgrind_annotate over the set of callgrind output - |callgrind_files| using the sources |srcs| and merges the results - together.""" - out = '' - for file in callgrind_files: - data = subprocess.check_output(['callgrind_annotate', file] + srcs) - out += '%s\n%s\n' % (data, SECTION_SEPERATOR) - return out - -def parse(filename, data, current): - """Parses an annotated execution flow |data| from callgrind_annotate for - source |filename| and updates the current execution counts from |current|.""" - with open(filename) as f: - source = f.read().split('\n') - - out = current - if out == None: - out = [0 if is_asm(l) else None for l in source] - - # Lines are of the following formats: - # -- line: Indicates that analysis continues from a different place. - # Ir : Indicates the start of a file. - # => : Indicates a call/jump in the control flow. - # : Indicates that the line has been executed that many times. - line = None - for l in data: - l = l.strip() + ' ' - if l.startswith('-- line'): - line = int(l.split(' ')[2]) - 1 - elif l.strip() == 'Ir': - line = 0 - elif line != None and l.strip() and '=>' not in l and 'unidentified lines' not in l: - count = l.split(' ')[0].replace(',', '').replace('.', '0') - instruction = l.split(' ', 1)[1].strip() - if count != '0' or is_asm(instruction): - if out[line] == None: - out[line] = 0 - out[line] += int(count) - line += 1 - - return out - - -def generate(data): - """Parses the merged callgrind_annotate output |data| and generates execution - counts for all annotated files.""" - out = {} - data = [p.strip() for p in data.split(SECTION_SEPERATOR)] - - - # Most sections are ignored, but a section with: - # User-annotated source: - # precedes a listing of execution count for that . - for i in range(len(data)): - if 'User-annotated source' in data[i] and i < len(data) - 1: - filename = data[i].split(':', 1)[1].strip() - res = data[i + 1] - if filename not in out: - out[filename] = None - if 'No information' in res: - res = [] - else: - res = res.split('\n') - out[filename] = parse(filename, res, out[filename]) - return out - -def output(data): - """Takes a dictionary |data| of filenames and execution counts and generates - a LCOV coverage output.""" - out = '' - for filename, counts in data.iteritems(): - out += 'SF:%s\n' % (os.path.abspath(filename)) - for line, count in enumerate(counts): - if count != None: - out += 'DA:%d,%s\n' % (line + 1, count) - out += 'end_of_record\n' - return out - -if __name__ == '__main__': - if len(sys.argv) != 3: - print '%s ' % (__file__) - sys.exit() - - cg_folder = sys.argv[1] - build_folder = sys.argv[2] - - cg_files = [] - for (cwd, _, files) in os.walk(cg_folder): - for f in files: - if f.startswith('callgrind.out'): - cg_files.append(os.path.abspath(os.path.join(cwd, f))) - - srcs = [] - for (cwd, _, files) in os.walk(build_folder): - for f in files: - fn = os.path.join(cwd, f) - if fn.endswith('.S'): - srcs.append(fn) - - annotated = merge(cg_files, srcs) - lcov = generate(annotated) - print output(lcov) diff --git a/util/generate-coverage.sh b/util/generate-coverage.sh deleted file mode 100755 index 2fbe6b8378..0000000000 --- a/util/generate-coverage.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/sh -# Copyright (c) 2016, Google Inc. -# -# Permission to use, copy, modify, and/or distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -set -xe - -SRC=$PWD - -BUILD=$(mktemp -d '/tmp/boringssl.XXXXXX') -BUILD_SRC=$(mktemp -d '/tmp/boringssl-src.XXXXXX') -LCOV=$(mktemp -d '/tmp/boringssl-lcov.XXXXXX') - -if [ -n "$1" ]; then - LCOV=$(readlink -f "$1") - mkdir -p "$LCOV" -fi - -cd "$BUILD" -cmake "$SRC" -GNinja -DCMAKE_C_FLAGS='-fprofile-arcs -ftest-coverage' \ - -DCMAKE_CXX_FLAGS='-fprofile-arcs -ftest-coverage' -DCMAKE_ASM_FLAGS='-Wa,-g' -ninja - -cp -r "$SRC/crypto" "$SRC/decrepit" "$SRC/include" "$SRC/ssl" "$SRC/tool" \ - "$BUILD_SRC" -cp -r "$BUILD"/* "$BUILD_SRC" -mkdir "$BUILD/callgrind/" - -cd "$SRC" -go run "$SRC/util/all_tests.go" -build-dir "$BUILD" -callgrind -num-workers 16 -util/generate-asm-lcov.py "$BUILD/callgrind" "$BUILD" > "$BUILD/asm.info" - -go run "util/all_tests.go" -build-dir "$BUILD" - -cd "$SRC/ssl/test/runner" -go test -shim-path "$BUILD/ssl/test/bssl_shim" -num-workers 1 - -cd "$LCOV" -lcov -c -d "$BUILD" -b "$BUILD" -o "$BUILD/lcov.info" -lcov -r "$BUILD/lcov.info" "*_test.c" -o "$BUILD/lcov-1.info" -lcov -r "$BUILD/lcov-1.info" "*_test.cc" -o "$BUILD/lcov-2.info" -cat "$BUILD/lcov-2.info" "$BUILD/asm.info" > "$BUILD/final.info" -sed -i "s;$BUILD;$BUILD_SRC;g" "$BUILD/final.info" -sed -i "s;$SRC;$BUILD_SRC;g" "$BUILD/final.info" -genhtml -p "$BUILD_SRC" "$BUILD/final.info" - -rm -rf "$BUILD" -rm -rf "$BUILD_SRC" - -xdg-open index.html diff --git a/util/make_prefix_headers.go b/util/make_prefix_headers.go deleted file mode 100644 index b536f14cea..0000000000 --- a/util/make_prefix_headers.go +++ /dev/null @@ -1,232 +0,0 @@ -// Copyright (c) 2018, Google Inc. -// -// Permission to use, copy, modify, and/or distribute this software for any -// purpose with or without fee is hereby granted, provided that the above -// copyright notice and this permission notice appear in all copies. -// -// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -// This program takes a file containing newline-separated symbols, and generates -// boringssl_prefix_symbols.h, boringssl_prefix_symbols_asm.h, and -// boringssl_prefix_symbols_nasm.inc. These header files can be used to build -// BoringSSL with a prefix for all symbols in order to avoid symbol name -// conflicts when linking a project with multiple copies of BoringSSL; see -// BUILDING.md for more details. - -// TODO(joshlf): For platforms which support it, use '#pragma redefine_extname' -// instead of a custom macro. This avoids the need for a custom macro, but also -// ensures that our renaming won't conflict with symbols defined and used by our -// consumers (the "HMAC" problem). An example of this approach can be seen in -// IllumOS' fork of OpenSSL: -// https://github.com/joyent/illumos-extra/blob/master/openssl1x/sunw_prefix.h - -package main - -import ( - "bufio" - "flag" - "fmt" - "os" - "path/filepath" - "strings" -) - -var out = flag.String("out", ".", "Path to a directory where the outputs will be written") - -// Read newline-separated symbols from a file, ignoring any comments started -// with '#'. -func readSymbols(path string) ([]string, error) { - f, err := os.Open(path) - if err != nil { - return nil, err - } - defer f.Close() - scanner := bufio.NewScanner(f) - var ret []string - for scanner.Scan() { - line := scanner.Text() - if idx := strings.IndexByte(line, '#'); idx >= 0 { - line = line[:idx] - } - line = strings.TrimSpace(line) - if len(line) == 0 { - continue - } - ret = append(ret, line) - } - if err := scanner.Err(); err != nil { - return nil, err - } - return ret, nil -} - -func writeCHeader(symbols []string, path string) error { - f, err := os.Create(path) - if err != nil { - return err - } - defer f.Close() - - if _, err := f.WriteString(`// Copyright (c) 2018, Google Inc. -// -// Permission to use, copy, modify, and/or distribute this software for any -// purpose with or without fee is hereby granted, provided that the above -// copyright notice and this permission notice appear in all copies. -// -// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -// BORINGSSL_ADD_PREFIX pastes two identifiers into one. It performs one -// iteration of macro expansion on its arguments before pasting. -#define BORINGSSL_ADD_PREFIX(a, b) BORINGSSL_ADD_PREFIX_INNER(a, b) -#define BORINGSSL_ADD_PREFIX_INNER(a, b) a ## _ ## b - -`); err != nil { - return err - } - - for _, symbol := range symbols { - if _, err := fmt.Fprintf(f, "#define %s BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, %s)\n", symbol, symbol); err != nil { - return err - } - } - - return nil -} - -func writeASMHeader(symbols []string, path string) error { - f, err := os.Create(path) - if err != nil { - return err - } - defer f.Close() - - if _, err := f.WriteString(`// Copyright (c) 2018, Google Inc. -// -// Permission to use, copy, modify, and/or distribute this software for any -// purpose with or without fee is hereby granted, provided that the above -// copyright notice and this permission notice appear in all copies. -// -// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -#if !defined(__APPLE__) -#include -#else -// On iOS and macOS, we need to treat assembly symbols differently from other -// symbols. The linker expects symbols to be prefixed with an underscore. -// Perlasm thus generates symbol with this underscore applied. Our macros must, -// in turn, incorporate it. -#define BORINGSSL_ADD_PREFIX_MAC_ASM(a, b) BORINGSSL_ADD_PREFIX_INNER_MAC_ASM(a, b) -#define BORINGSSL_ADD_PREFIX_INNER_MAC_ASM(a, b) _ ## a ## _ ## b - -`); err != nil { - return err - } - - for _, symbol := range symbols { - if _, err := fmt.Fprintf(f, "#define _%s BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, %s)\n", symbol, symbol); err != nil { - return err - } - } - - _, err = fmt.Fprintf(f, "#endif\n") - return nil -} - -func writeNASMHeader(symbols []string, path string) error { - f, err := os.Create(path) - if err != nil { - return err - } - defer f.Close() - - // NASM uses a different syntax from the C preprocessor. - if _, err := f.WriteString(`; Copyright (c) 2018, Google Inc. -; -; Permission to use, copy, modify, and/or distribute this software for any -; purpose with or without fee is hereby granted, provided that the above -; copyright notice and this permission notice appear in all copies. -; -; THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -; WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -; MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -; SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -; WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -; OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -; CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -; 32-bit Windows adds underscores to C functions, while 64-bit Windows does not. -%ifidn __OUTPUT_FORMAT__, win32 -`); err != nil { - return err - } - - for _, symbol := range symbols { - if _, err := fmt.Fprintf(f, "%%xdefine _%s _ %%+ BORINGSSL_PREFIX %%+ _%s\n", symbol, symbol); err != nil { - return err - } - } - - if _, err := fmt.Fprintf(f, "%%else\n"); err != nil { - return err - } - - for _, symbol := range symbols { - if _, err := fmt.Fprintf(f, "%%xdefine %s BORINGSSL_PREFIX %%+ _%s\n", symbol, symbol); err != nil { - return err - } - } - - if _, err := fmt.Fprintf(f, "%%endif\n"); err != nil { - return err - } - - return nil -} - -func main() { - flag.Parse() - if flag.NArg() != 1 { - fmt.Fprintf(os.Stderr, "Usage: %s [-out OUT] SYMBOLS\n", os.Args[0]) - os.Exit(1) - } - - symbols, err := readSymbols(flag.Arg(0)) - if err != nil { - fmt.Fprintf(os.Stderr, "Error reading symbols: %s\n", err) - os.Exit(1) - } - - if err := writeCHeader(symbols, filepath.Join(*out, "boringssl_prefix_symbols.h")); err != nil { - fmt.Fprintf(os.Stderr, "Error writing boringssl_prefix_symbols.h: %s\n", err) - os.Exit(1) - } - - if err := writeASMHeader(symbols, filepath.Join(*out, "boringssl_prefix_symbols_asm.h")); err != nil { - fmt.Fprintf(os.Stderr, "Error writing boringssl_prefix_symbols_asm.h: %s\n", err) - os.Exit(1) - } - - if err := writeNASMHeader(symbols, filepath.Join(*out, "boringssl_prefix_symbols_nasm.inc")); err != nil { - fmt.Fprintf(os.Stderr, "Error writing boringssl_prefix_symbols_nasm.inc: %s\n", err) - os.Exit(1) - } - -} diff --git a/util/read_symbols.go b/util/read_symbols.go deleted file mode 100644 index 791ea5d126..0000000000 --- a/util/read_symbols.go +++ /dev/null @@ -1,262 +0,0 @@ -// Copyright (c) 2018, Google Inc. -// -// Permission to use, copy, modify, and/or distribute this software for any -// purpose with or without fee is hereby granted, provided that the above -// copyright notice and this permission notice appear in all copies. -// -// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -// read_symbols scans one or more .a files and, for each object contained in -// the .a files, reads the list of symbols in that object file. -package main - -import ( - "bytes" - "debug/elf" - "debug/macho" - "debug/pe" - "flag" - "fmt" - "os" - "runtime" - "sort" - "strings" - - "boringssl.googlesource.com/boringssl/util/ar" -) - -const ( - ObjFileFormatELF = "elf" - ObjFileFormatMachO = "macho" - ObjFileFormatPE = "pe" -) - -var ( - outFlag = flag.String("out", "-", "File to write output symbols") - objFileFormat = flag.String("obj-file-format", defaultObjFileFormat(runtime.GOOS), "Object file format to expect (options are elf, macho, pe)") -) - -func defaultObjFileFormat(goos string) string { - switch goos { - case "linux": - return ObjFileFormatELF - case "darwin": - return ObjFileFormatMachO - case "windows": - return ObjFileFormatPE - default: - // By returning a value here rather than panicking, the user can still - // cross-compile from an unsupported platform to a supported platform by - // overriding this default with a flag. If the user doesn't provide the - // flag, we will panic during flag parsing. - return "unsupported" - } -} - -func printAndExit(format string, args ...interface{}) { - s := fmt.Sprintf(format, args...) - fmt.Fprintln(os.Stderr, s) - os.Exit(1) -} - -func main() { - flag.Parse() - if flag.NArg() < 1 { - printAndExit("Usage: %s [-out OUT] [-obj-file-format FORMAT] ARCHIVE_FILE [ARCHIVE_FILE [...]]", os.Args[0]) - } - archiveFiles := flag.Args() - - out := os.Stdout - if *outFlag != "-" { - var err error - out, err = os.Create(*outFlag) - if err != nil { - printAndExit("Error opening %q: %s", *outFlag, err) - } - defer out.Close() - } - - var symbols []string - // Only add first instance of any symbol; keep track of them in this map. - added := make(map[string]struct{}) - for _, archive := range archiveFiles { - f, err := os.Open(archive) - if err != nil { - printAndExit("Error opening %s: %s", archive, err) - } - objectFiles, err := ar.ParseAR(f) - f.Close() - if err != nil { - printAndExit("Error parsing %s: %s", archive, err) - } - - for name, contents := range objectFiles { - syms, err := listSymbols(contents) - if err != nil { - printAndExit("Error listing symbols from %q in %q: %s", name, archive, err) - } - for _, s := range syms { - if _, ok := added[s]; !ok { - added[s] = struct{}{} - symbols = append(symbols, s) - } - } - } - } - - sort.Strings(symbols) - for _, s := range symbols { - var skipSymbols = []string{ - // Inline functions, etc., from the compiler or language - // runtime will naturally end up in the library, to be - // deduplicated against other object files. Such symbols - // should not be prefixed. It is a limitation of this - // symbol-prefixing strategy that we cannot distinguish - // our own inline symbols (which should be prefixed) - // from the system's (which should not), so we blacklist - // known system symbols. - "__local_stdio_printf_options", - "__local_stdio_scanf_options", - "_vscprintf", - "_vscprintf_l", - "_vsscanf_l", - "_xmm", - "sscanf", - "vsnprintf", - // sdallocx is a weak symbol and intended to merge with - // the real one, if present. - "sdallocx", - } - var skip bool - for _, sym := range skipSymbols { - if sym == s { - skip = true - break - } - } - if skip || isCXXSymbol(s) || strings.HasPrefix(s, "__real@") || strings.HasPrefix(s, "__x86.get_pc_thunk.") { - continue - } - if _, err := fmt.Fprintln(out, s); err != nil { - printAndExit("Error writing to %s: %s", *outFlag, err) - } - } -} - -func isCXXSymbol(s string) bool { - if *objFileFormat == ObjFileFormatPE { - return strings.HasPrefix(s, "?") - } - return strings.HasPrefix(s, "_Z") -} - -// listSymbols lists the exported symbols from an object file. -func listSymbols(contents []byte) ([]string, error) { - switch *objFileFormat { - case ObjFileFormatELF: - return listSymbolsELF(contents) - case ObjFileFormatMachO: - return listSymbolsMachO(contents) - case ObjFileFormatPE: - return listSymbolsPE(contents) - default: - return nil, fmt.Errorf("unsupported object file format %q", *objFileFormat) - } -} - -func listSymbolsELF(contents []byte) ([]string, error) { - f, err := elf.NewFile(bytes.NewReader(contents)) - if err != nil { - return nil, err - } - syms, err := f.Symbols() - if err != nil { - return nil, err - } - - var names []string - for _, sym := range syms { - // Only include exported, defined symbols - if elf.ST_BIND(sym.Info) != elf.STB_LOCAL && sym.Section != elf.SHN_UNDEF { - names = append(names, sym.Name) - } - } - return names, nil -} - -func listSymbolsMachO(contents []byte) ([]string, error) { - f, err := macho.NewFile(bytes.NewReader(contents)) - if err != nil { - return nil, err - } - if f.Symtab == nil { - return nil, nil - } - var names []string - for _, sym := range f.Symtab.Syms { - // Source: https://opensource.apple.com/source/xnu/xnu-3789.51.2/EXTERNAL_HEADERS/mach-o/nlist.h.auto.html - const ( - N_PEXT uint8 = 0x10 // Private external symbol bit - N_EXT uint8 = 0x01 // External symbol bit, set for external symbols - N_TYPE uint8 = 0x0e // mask for the type bits - - N_UNDF uint8 = 0x0 // undefined, n_sect == NO_SECT - N_ABS uint8 = 0x2 // absolute, n_sect == NO_SECT - N_SECT uint8 = 0xe // defined in section number n_sect - N_PBUD uint8 = 0xc // prebound undefined (defined in a dylib) - N_INDR uint8 = 0xa // indirect - ) - - // Only include exported, defined symbols. - if sym.Type&N_EXT != 0 && sym.Type&N_TYPE != N_UNDF { - if len(sym.Name) == 0 || sym.Name[0] != '_' { - return nil, fmt.Errorf("unexpected symbol without underscore prefix: %q", sym.Name) - } - names = append(names, sym.Name[1:]) - } - } - return names, nil -} - -func listSymbolsPE(contents []byte) ([]string, error) { - f, err := pe.NewFile(bytes.NewReader(contents)) - if err != nil { - return nil, err - } - var ret []string - for _, sym := range f.Symbols { - const ( - // https://docs.microsoft.com/en-us/windows/desktop/debug/pe-format#section-number-values - IMAGE_SYM_UNDEFINED = 0 - // https://docs.microsoft.com/en-us/windows/desktop/debug/pe-format#storage-class - IMAGE_SYM_CLASS_EXTERNAL = 2 - ) - if sym.SectionNumber != IMAGE_SYM_UNDEFINED && sym.StorageClass == IMAGE_SYM_CLASS_EXTERNAL { - name := sym.Name - if f.Machine == pe.IMAGE_FILE_MACHINE_I386 { - // On 32-bit Windows, C symbols are decorated by calling - // convention. - // https://msdn.microsoft.com/en-us/library/56h2zst2.aspx#FormatC - if strings.HasPrefix(name, "_") || strings.HasPrefix(name, "@") { - // __cdecl, __stdcall, or __fastcall. Remove the prefix and - // suffix, if present. - name = name[1:] - if idx := strings.LastIndex(name, "@"); idx >= 0 { - name = name[:idx] - } - } else if idx := strings.LastIndex(name, "@@"); idx >= 0 { - // __vectorcall. Remove the suffix. - name = name[:idx] - } - } - ret = append(ret, name) - } - } - return ret, nil -} From 391e323c6244d9fd760390a79680f815e1cb3972 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 10 Nov 2020 19:21:33 -0800 Subject: [PATCH 221/399] CI/CD: Add x86_64-pc-windows-gnu to GitHub Actions. --- .github/workflows/ci.yml | 4 ++++ README.md | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1bee0217c7..c0bd893dd4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -38,6 +38,7 @@ jobs: - i686-pc-windows-msvc - i686-unknown-linux-gnu - i686-unknown-linux-musl + - x86_64-pc-windows-gnu - x86_64-pc-windows-msvc - x86_64-apple-darwin - x86_64-unknown-linux-musl @@ -83,6 +84,9 @@ jobs: - target: i686-unknown-linux-musl host_os: ubuntu-18.04 + - target: x86_64-pc-windows-gnu + host_os: windows-latest + - target: x86_64-pc-windows-msvc host_os: windows-latest diff --git a/README.md b/README.md index 6ea662c116..dfaecd38c5 100644 --- a/README.md +++ b/README.md @@ -214,10 +214,11 @@ parts of *ring*; *ring* should be compatible with GCC 4.8+, Clang 10+, and MSVC | i686-pc-windows-msvc | Tested on 64-bit Windows Server 2019 Datacenter | i686-unknown-linux-gnu | Tested on 64-bit Linux using multilib support | i686-unknown-linux-musl | [Needs more work; issue 713](https://github.com/briansmith/ring/issues/713) +| x86_64-apple-darwin | +| x86_64-pc-windows-gnu | | x86_64-pc-windows-msvc | Tested on 64-bit Windows Server 2019 Datacenter | x86_64-unknown-linux-gnu | | x86_64-unknown-linux-musl | [Needs more work; issue 713](https://github.com/briansmith/ring/issues/713) -| x86_64-apple-darwin | | wasm32-unknown-unknown | Tested using wasm-bindgen-test-runner on Linux in Chrome and Firefox. From b50b1fb202a51ee3515c5e56fa8dfd267d2a61c3 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 10 Nov 2020 19:29:40 -0800 Subject: [PATCH 222/399] Clean up and fix .gitattributes files. GitHub is reporting some include files as C++ instead of C, and it is reporting some .pl files as Perl instead of Assembly. Attempt to fix that. Remove superfluous entries in ./.gitattributes and consolidate some of the .gitattributes files into ./.gitattributes. --- .gitattributes | 11 ++++------- crypto/.gitattributes | 1 - crypto/fipsmodule/.gitattributes | 1 - crypto/perlasm/.gitattributes | 2 -- include/GFp/.gitattributes | 1 - 5 files changed, 4 insertions(+), 12 deletions(-) delete mode 100644 crypto/.gitattributes delete mode 100644 crypto/fipsmodule/.gitattributes delete mode 100644 crypto/perlasm/.gitattributes delete mode 100644 include/GFp/.gitattributes diff --git a/.gitattributes b/.gitattributes index bf4e88576e..0271bc950c 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,10 +1,7 @@ * text=auto !eol -*.sln eol=crlf -*.vcxproj eol=crlf -*.vcxproj.filters eol=crlf -*.props eol=crlf -*.bat eol=crlf -*.rc eol=crlf -*.pl linguist-language=Assembly +crypto/**/*.pl linguist-language=Assembly +crypto/perlasm/*.pl linguist-language=Perl *.bin binary *.der binary +**/*.h linguist-language=C +**/*.inl linguist-language=C diff --git a/crypto/.gitattributes b/crypto/.gitattributes deleted file mode 100644 index 15a5c58091..0000000000 --- a/crypto/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -*.h linguist-language=C diff --git a/crypto/fipsmodule/.gitattributes b/crypto/fipsmodule/.gitattributes deleted file mode 100644 index 80928d6041..0000000000 --- a/crypto/fipsmodule/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -*.inl linguist-language=C diff --git a/crypto/perlasm/.gitattributes b/crypto/perlasm/.gitattributes deleted file mode 100644 index d77060900d..0000000000 --- a/crypto/perlasm/.gitattributes +++ /dev/null @@ -1,2 +0,0 @@ -*.pl linguist-language=Perl - diff --git a/include/GFp/.gitattributes b/include/GFp/.gitattributes deleted file mode 100644 index 15a5c58091..0000000000 --- a/include/GFp/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -*.h linguist-language=C From 25f9d7a9f0e26ccdeecaf9ed6927c6266d2898ed Mon Sep 17 00:00:00 2001 From: Tamas Petz Date: Wed, 11 Nov 2020 10:27:44 +0100 Subject: [PATCH 223/399] aarch64: Fix name of gnu property note section During the upstream review process a leading dot got removed by accident. Missing this single character renders BoringSSL Armv8.5-A BTI incompatible. Also added two semicolons, just to be consistent. Change-Id: I6c432d1c852129e9c273f6469a8b60e3983671ec Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44024 Reviewed-by: Adam Langley Commit-Queue: Adam Langley --- include/openssl/arm_arch.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/openssl/arm_arch.h b/include/openssl/arm_arch.h index da69dbf6d1..31ff8a66c5 100644 --- a/include/openssl/arm_arch.h +++ b/include/openssl/arm_arch.h @@ -157,7 +157,7 @@ #endif #if GNU_PROPERTY_AARCH64_POINTER_AUTH != 0 || GNU_PROPERTY_AARCH64_BTI != 0 -.pushsection note.gnu.property, "a"; +.pushsection .note.gnu.property, "a"; .balign 8; .long 4; .long 0x10; @@ -166,8 +166,8 @@ .long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */ .long 4; .long (GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI); -.long 0 -.popsection +.long 0; +.popsection; #endif #endif /* defined __ASSEMBLER__ */ From 574a66e559136f69a21f013cbbd77bbba8ebe1d1 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 10:48:18 -0800 Subject: [PATCH 224/399] Fix clippy warning about redundant `use untrusted;`. --- src/agreement.rs | 1 - src/arithmetic/bigint.rs | 2 -- src/ec/curve25519/ed25519/signing.rs | 1 - src/ec/curve25519/ed25519/verification.rs | 1 - src/ec/curve25519/x25519.rs | 1 - src/ec/suite_b.rs | 1 - src/ec/suite_b/ecdh.rs | 1 - src/ec/suite_b/ecdsa/digest_scalar.rs | 2 -- src/ec/suite_b/ecdsa/signing.rs | 2 -- src/ec/suite_b/ecdsa/verification.rs | 1 - src/ec/suite_b/ops.rs | 2 -- src/ec/suite_b/private_key.rs | 1 - src/ec/suite_b/public_key.rs | 2 -- src/error.rs | 2 -- src/io/der.rs | 2 -- src/limb.rs | 2 -- src/pkcs8.rs | 1 - src/rsa.rs | 1 - src/rsa/padding.rs | 2 -- src/rsa/signing.rs | 1 - src/rsa/verification.rs | 2 -- src/signature.rs | 1 - 22 files changed, 32 deletions(-) diff --git a/src/agreement.rs b/src/agreement.rs index 4c1e803430..d116c8faab 100644 --- a/src/agreement.rs +++ b/src/agreement.rs @@ -63,7 +63,6 @@ // Model." use crate::{cpu, debug, ec, error, rand}; -use untrusted; pub use crate::ec::{ curve25519::x25519::X25519, diff --git a/src/arithmetic/bigint.rs b/src/arithmetic/bigint.rs index f563b66c51..91708be56b 100644 --- a/src/arithmetic/bigint.rs +++ b/src/arithmetic/bigint.rs @@ -46,7 +46,6 @@ use core::{ marker::PhantomData, ops::{Deref, DerefMut}, }; -use untrusted; pub unsafe trait Prime {} @@ -1397,7 +1396,6 @@ mod tests { use super::*; use crate::test; use alloc::format; - use untrusted; // Type-level representation of an arbitrary modulus. struct M {} diff --git a/src/ec/curve25519/ed25519/signing.rs b/src/ec/curve25519/ed25519/signing.rs index b89e0db66a..dab8d5652c 100644 --- a/src/ec/curve25519/ed25519/signing.rs +++ b/src/ec/curve25519/ed25519/signing.rs @@ -22,7 +22,6 @@ use crate::{ signature::{self, KeyPair as SigningKeyPair}, }; use core::convert::TryInto; -use untrusted; /// An Ed25519 key pair, for signing. pub struct Ed25519KeyPair { diff --git a/src/ec/curve25519/ed25519/verification.rs b/src/ec/curve25519/ed25519/verification.rs index 6d082e093f..e0c1b652fa 100644 --- a/src/ec/curve25519/ed25519/verification.rs +++ b/src/ec/curve25519/ed25519/verification.rs @@ -17,7 +17,6 @@ use super::{super::ops::*, eddsa_digest}; use crate::{error, sealed, signature}; use core::convert::TryInto; -use untrusted; /// Parameters for EdDSA signing and verification. pub struct EdDSAParameters; diff --git a/src/ec/curve25519/x25519.rs b/src/ec/curve25519/x25519.rs index 44ee17f4a9..53a2a5cf84 100644 --- a/src/ec/curve25519/x25519.rs +++ b/src/ec/curve25519/x25519.rs @@ -17,7 +17,6 @@ use super::{ops, scalar::SCALAR_LEN}; use crate::{agreement, constant_time, cpu, ec, error, rand}; use core::convert::TryInto; -use untrusted; static CURVE25519: ec::Curve = ec::Curve { public_key_len: PUBLIC_KEY_LEN, diff --git a/src/ec/suite_b.rs b/src/ec/suite_b.rs index caa5b3f1df..9e363563b8 100644 --- a/src/ec/suite_b.rs +++ b/src/ec/suite_b.rs @@ -16,7 +16,6 @@ use self::ops::*; use crate::{arithmetic::montgomery::*, cpu, ec, error, io::der, limb::LimbMask, pkcs8}; -use untrusted; // NIST SP 800-56A Step 3: "If q is an odd prime p, verify that // yQ**2 = xQ**3 + axQ + b in GF(p), where the arithmetic is performed modulo diff --git a/src/ec/suite_b/ecdh.rs b/src/ec/suite_b/ecdh.rs index f9dfa69b30..aae31d2369 100644 --- a/src/ec/suite_b/ecdh.rs +++ b/src/ec/suite_b/ecdh.rs @@ -16,7 +16,6 @@ use super::{ops::*, private_key::*, public_key::*}; use crate::{agreement, ec, error}; -use untrusted; /// A key agreement algorithm. macro_rules! ecdh { diff --git a/src/ec/suite_b/ecdsa/digest_scalar.rs b/src/ec/suite_b/ecdsa/digest_scalar.rs index 1f885c1a92..133e7da5df 100644 --- a/src/ec/suite_b/ecdsa/digest_scalar.rs +++ b/src/ec/suite_b/ecdsa/digest_scalar.rs @@ -19,7 +19,6 @@ use crate::{ ec::suite_b::ops::*, limb::{self, LIMB_BYTES}, }; -use untrusted; /// Calculate the digest of `msg` using the digest algorithm `digest_alg`. Then /// convert the digest to a scalar in the range [0, n) as described in @@ -84,7 +83,6 @@ mod tests { limb::{self, LIMB_BYTES}, test, }; - use untrusted; #[test] fn test() { diff --git a/src/ec/suite_b/ecdsa/signing.rs b/src/ec/suite_b/ecdsa/signing.rs index ca2bb39b05..5422e06b16 100644 --- a/src/ec/suite_b/ecdsa/signing.rs +++ b/src/ec/suite_b/ecdsa/signing.rs @@ -26,8 +26,6 @@ use crate::{ io::der, limb, pkcs8, rand, sealed, signature, }; -use untrusted; - /// An ECDSA signing algorithm. pub struct EcdsaSigningAlgorithm { curve: &'static ec::Curve, diff --git a/src/ec/suite_b/ecdsa/verification.rs b/src/ec/suite_b/ecdsa/verification.rs index 2b4ccbed69..be551e695d 100644 --- a/src/ec/suite_b/ecdsa/verification.rs +++ b/src/ec/suite_b/ecdsa/verification.rs @@ -23,7 +23,6 @@ use crate::{ io::der, limb, sealed, signature, }; -use untrusted; /// An ECDSA verification algorithm. pub struct EcdsaVerificationAlgorithm { diff --git a/src/ec/suite_b/ops.rs b/src/ec/suite_b/ops.rs index 6bcb8a4bb5..a9fbc07bf6 100644 --- a/src/ec/suite_b/ops.rs +++ b/src/ec/suite_b/ops.rs @@ -14,7 +14,6 @@ use crate::{arithmetic::montgomery::*, c, error, limb::*}; use core::marker::PhantomData; -use untrusted; pub use self::elem::*; @@ -441,7 +440,6 @@ mod tests { use super::*; use crate::test; use alloc::{format, vec, vec::Vec}; - use untrusted; const ZERO_SCALAR: Scalar = Scalar { limbs: [0; MAX_LIMBS], diff --git a/src/ec/suite_b/private_key.rs b/src/ec/suite_b/private_key.rs index fb16b245e9..31c35664f6 100644 --- a/src/ec/suite_b/private_key.rs +++ b/src/ec/suite_b/private_key.rs @@ -22,7 +22,6 @@ use crate::{ limb::{self, LIMB_BYTES}, rand, }; -use untrusted; /// Generates a random scalar in the range [1, n). pub fn random_scalar( diff --git a/src/ec/suite_b/public_key.rs b/src/ec/suite_b/public_key.rs index 4521af339e..5bafa36039 100644 --- a/src/ec/suite_b/public_key.rs +++ b/src/ec/suite_b/public_key.rs @@ -17,7 +17,6 @@ use super::{ops::*, verify_affine_point_is_on_the_curve}; use crate::{arithmetic::montgomery::*, error}; -use untrusted; /// Parses a public key encoded in uncompressed form. The key is validated /// using the ECC Partial Public-Key Validation Routine from @@ -69,7 +68,6 @@ pub fn parse_uncompressed_point( mod tests { use super::{super::ops, *}; use crate::test; - use untrusted; #[test] fn parse_uncompressed_point_test() { diff --git a/src/error.rs b/src/error.rs index 65d3df0489..f1c33e78e5 100644 --- a/src/error.rs +++ b/src/error.rs @@ -14,8 +14,6 @@ //! Error reporting. -use untrusted; - #[cfg(feature = "std")] extern crate std; diff --git a/src/io/der.rs b/src/io/der.rs index 325d6f0d8b..1a00d85999 100644 --- a/src/io/der.rs +++ b/src/io/der.rs @@ -18,7 +18,6 @@ use super::Positive; use crate::error; -use untrusted; pub const CONSTRUCTED: u8 = 1 << 5; pub const CONTEXT_SPECIFIC: u8 = 2 << 6; @@ -212,7 +211,6 @@ pub fn positive_integer<'a>( mod tests { use super::*; use crate::error; - use untrusted; fn with_good_i(value: &[u8], f: F) where diff --git a/src/limb.rs b/src/limb.rs index 65fdae5ca7..64fb536c8c 100644 --- a/src/limb.rs +++ b/src/limb.rs @@ -19,7 +19,6 @@ //! limbs use the native endianness. use crate::{c, error}; -use untrusted; #[cfg(feature = "alloc")] use crate::bits; @@ -350,7 +349,6 @@ extern "C" { #[cfg(test)] mod tests { use super::*; - use untrusted; const MAX: Limb = LimbMask::True as Limb; diff --git a/src/pkcs8.rs b/src/pkcs8.rs index 53bec5ae81..c3ca49918a 100644 --- a/src/pkcs8.rs +++ b/src/pkcs8.rs @@ -17,7 +17,6 @@ //! [RFC 5958]: https://tools.ietf.org/html/rfc5958. use crate::{ec, error, io::der}; -use untrusted; pub(crate) enum Version { V1Only, diff --git a/src/rsa.rs b/src/rsa.rs index 04a3bf87bd..9adb3285dd 100644 --- a/src/rsa.rs +++ b/src/rsa.rs @@ -24,7 +24,6 @@ use crate::{ io::{self, der}, limb, }; -use untrusted; mod padding; diff --git a/src/rsa/padding.rs b/src/rsa/padding.rs index 3ba00e10f0..82f5b99c2e 100644 --- a/src/rsa/padding.rs +++ b/src/rsa/padding.rs @@ -14,7 +14,6 @@ use super::PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN; use crate::{bits, digest, error, io::der}; -use untrusted; #[cfg(feature = "alloc")] use crate::rand; @@ -522,7 +521,6 @@ mod test { use super::*; use crate::{digest, error, test}; use alloc::vec; - use untrusted; #[test] fn test_pss_padding_verify() { diff --git a/src/rsa/signing.rs b/src/rsa/signing.rs index 9ae904e4b2..4275facb6b 100644 --- a/src/rsa/signing.rs +++ b/src/rsa/signing.rs @@ -25,7 +25,6 @@ use crate::{ pkcs8, rand, signature, }; use alloc::boxed::Box; -use untrusted; /// An RSA key pair, used for signing. pub struct RsaKeyPair { diff --git a/src/rsa/verification.rs b/src/rsa/verification.rs index cedf64f783..f898f211a6 100644 --- a/src/rsa/verification.rs +++ b/src/rsa/verification.rs @@ -22,8 +22,6 @@ use crate::{ sealed, signature, }; -use untrusted; - #[derive(Debug)] pub struct Key { pub n: bigint::Modulus, diff --git a/src/signature.rs b/src/signature.rs index fe80786406..c99c8e62bb 100644 --- a/src/signature.rs +++ b/src/signature.rs @@ -257,7 +257,6 @@ //! ``` use crate::{cpu, ec, error, sealed}; -use untrusted; pub use crate::ec::{ curve25519::ed25519::{ From 89bcf8ed3043dc6de81aec60ca749ed8cd07ffff Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 10:49:48 -0800 Subject: [PATCH 225/399] build.rs: Apply Clippy's advice regarding `rustfmt::skip`. --- build.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build.rs b/build.rs index d7c8466b22..1fd1173485 100644 --- a/build.rs +++ b/build.rs @@ -52,7 +52,7 @@ const X86_64: &str = "x86_64"; const AARCH64: &str = "aarch64"; const ARM: &str = "arm"; -#[cfg_attr(rustfmt, rustfmt_skip)] +#[rustfmt::skip] const RING_SRCS: &[(&[&str], &str)] = &[ (&[], "crypto/fipsmodule/aes/aes_nohw.c"), (&[], "crypto/fipsmodule/bn/montgomery.c"), @@ -119,7 +119,7 @@ const SHA512_ARMV8: &str = "crypto/fipsmodule/sha/asm/sha512-armv8.pl"; const RING_TEST_SRCS: &[&str] = &[("crypto/constant_time_test.c")]; -#[cfg_attr(rustfmt, rustfmt_skip)] +#[rustfmt::skip] const RING_INCLUDES: &[&str] = &[ "crypto/curve25519/curve25519_tables.h", @@ -145,7 +145,7 @@ const RING_INCLUDES: &[&str] = "third_party/fiat/curve25519_64.h", ]; -#[cfg_attr(rustfmt, rustfmt_skip)] +#[rustfmt::skip] const RING_PERL_INCLUDES: &[&str] = &["crypto/perlasm/arm-xlate.pl", "crypto/perlasm/x86gas.pl", From 5c6abfdec45ef377ce65fd48d7259b2bcd9c9018 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 11:25:18 -0800 Subject: [PATCH 226/399] Turn off some Clippy warnings. --- src/lib.rs | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/lib.rs b/src/lib.rs index b54c5f11a3..e018b304af 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -49,6 +49,21 @@ #![doc(html_root_url = "https://briansmith.org/rustdoc/")] #![allow( + clippy::collapsible_if, + clippy::identity_conversion, + clippy::identity_op, + clippy::len_without_is_empty, + clippy::len_zero, + clippy::let_unit_value, + clippy::many_single_char_names, + clippy::needless_range_loop, + clippy::new_without_default, + clippy::neg_cmp_op_on_partial_ord, + clippy::range_plus_one, + clippy::too_many_arguments, + clippy::trivially_copy_pass_by_ref, + clippy::type_complexity, + clippy::unreadable_literal, missing_copy_implementations, missing_debug_implementations, non_camel_case_types, From 2befd3268ed9f51ac796f203437dc955dc95cc35 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 14:53:18 -0800 Subject: [PATCH 227/399] build.rs: Take Clippy's advice about removing unneeded `&`s. --- build.rs | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/build.rs b/build.rs index 1fd1173485..95fddc70a0 100644 --- a/build.rs +++ b/build.rs @@ -373,7 +373,7 @@ fn build_c_code(target: &Target, pregenerated: PathBuf, out_dir: &Path) { .iter() .find(|entry| { let &(entry_arch, entry_os, _) = *entry; - entry_arch == &target.arch && is_none_or_equals(entry_os, &target.os) + entry_arch == target.arch && is_none_or_equals(entry_os, &target.os) }) .unwrap(); @@ -404,7 +404,7 @@ fn build_c_code(target: &Target, pregenerated: PathBuf, out_dir: &Path) { // For Windows we also pregenerate the object files for non-Git builds so // the user doesn't need to install the assembler. On other platforms we // assume the C compiler also assembles. - if use_pregenerated && &target.os == WINDOWS { + if use_pregenerated && target.os == WINDOWS { // The pregenerated object files always use ".obj" as the extension, // even when the C/C++ compiler outputs files with the ".o" extension. asm_srcs = asm_srcs @@ -520,10 +520,10 @@ fn compile( if ext == "obj" { p.to_str().expect("Invalid path").into() } else { - let mut out_path = out_dir.clone().join(p.file_name().unwrap()); + let mut out_path = out_dir.join(p.file_name().unwrap()); assert!(out_path.set_extension(target.obj_ext)); if need_run(&p, &out_path, includes_modified) { - let cmd = if &target.os != WINDOWS || ext != "asm" { + let cmd = if target.os != WINDOWS || ext != "asm" { cc(p, ext, target, warnings_are_errors, &out_path) } else { yasm(p, &target.arch, &out_path) @@ -536,7 +536,7 @@ fn compile( } fn obj_path(out_dir: &Path, src: &Path, obj_ext: &str) -> PathBuf { - let mut out_path = out_dir.clone().join(src.file_name().unwrap()); + let mut out_path = out_dir.join(src.file_name().unwrap()); assert!(out_path.set_extension(obj_ext)); out_path } @@ -562,9 +562,9 @@ fn cc( for f in cpp_flags(target) { let _ = c.flag(&f); } - if &target.os != "none" - && &target.os != "redox" - && &target.os != "windows" + if target.os != "none" + && target.os != "redox" + && target.os != "windows" && target.arch != "wasm32" { let _ = c.flag("-fstack-protector"); From b7ff765577bfb62d26bb2a62d8dca31e4afe28b2 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 10:55:02 -0800 Subject: [PATCH 228/399] build.rs: Take Clippy's advice about useless conversions. --- build.rs | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/build.rs b/build.rs index 95fddc70a0..60939cea72 100644 --- a/build.rs +++ b/build.rs @@ -323,9 +323,8 @@ fn pregenerate_asm_main() { if target_os == Some(WINDOWS) { let srcs = asm_srcs(perlasm_src_dsts); for src in srcs { - let src_path = PathBuf::from(src); - let obj_path = obj_path(&pregenerated, &src_path, MSVC_OBJ_EXT); - run_command(yasm(&src_path, target_arch, &obj_path)); + let obj_path = obj_path(&pregenerated, &src, MSVC_OBJ_EXT); + run_command(yasm(&src, target_arch, &obj_path)); } } } @@ -486,7 +485,7 @@ fn build_library( let _ = c.flag("-Wl,-dead_strip"); } _ => { - let _ = c.flag("-Wl,--gc-sections".into()); + let _ = c.flag("-Wl,--gc-sections"); } } for o in objs { From d05e9b19dc76425966a1acb11db29b3ce6b6fbda Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 10:57:57 -0800 Subject: [PATCH 229/399] build.rs: Take clippy's advice about into_iter(). --- build.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.rs b/build.rs index 60939cea72..d3019bb7fb 100644 --- a/build.rs +++ b/build.rs @@ -460,8 +460,8 @@ fn build_library( ) { // Compile all the (dirty) source files into object files. let objs = additional_srcs - .into_iter() - .chain(srcs.into_iter()) + .iter() + .chain(srcs.iter()) .filter(|f| &target.env != "msvc" || f.extension().unwrap().to_str().unwrap() != "S") .map(|f| compile(f, target, warnings_are_errors, out_dir, includes_modified)) .collect::>(); From e19b16e9f8ce69a724b2a44f5052013b35786631 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 10:58:51 -0800 Subject: [PATCH 230/399] build.rs: Take clippy's advice about unwrap_or_else. --- build.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.rs b/build.rs index d3019bb7fb..b0388b4b80 100644 --- a/build.rs +++ b/build.rs @@ -779,7 +779,7 @@ fn file_modified(path: &Path) -> SystemTime { } fn get_command(var: &str, default: &str) -> String { - std::env::var(var).unwrap_or(default.into()) + std::env::var(var).unwrap_or_else(|_| default.into()) } fn check_all_files_tracked() { From c5db36a6ae6de89c8f965184476ef4b2a3462c6e Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 11:10:34 -0800 Subject: [PATCH 231/399] Take Clippy's advice about unneeded return values. --- src/aead/gcm.rs | 2 +- src/arithmetic/bigint.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/aead/gcm.rs b/src/aead/gcm.rs index 0873e0e0f4..6696f776dd 100644 --- a/src/aead/gcm.rs +++ b/src/aead/gcm.rs @@ -336,5 +336,5 @@ fn detect_implementation(cpu_features: cpu::Features) -> Implementation { #[cfg(target_arch = "x86_64")] fn has_avx_movbe(cpu_features: cpu::Features) -> bool { - return cpu::intel::AVX.available(cpu_features) && cpu::intel::MOVBE.available(cpu_features); + cpu::intel::AVX.available(cpu_features) && cpu::intel::MOVBE.available(cpu_features) } diff --git a/src/arithmetic/bigint.rs b/src/arithmetic/bigint.rs index 91708be56b..dfeeb8bfdf 100644 --- a/src/arithmetic/bigint.rs +++ b/src/arithmetic/bigint.rs @@ -1168,7 +1168,7 @@ impl Nonnegative { return Err(error::Unspecified); } } - return Ok(()); + Ok(()) } } From 0e97327753f6be0dffdc5fbf828a2e8d62105c88 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 11:12:59 -0800 Subject: [PATCH 232/399] Silence clippy "needless_return" lint in `Feature::available()`. --- src/cpu.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/cpu.rs b/src/cpu.rs index 420271a9e1..5f0b49d813 100644 --- a/src/cpu.rs +++ b/src/cpu.rs @@ -185,6 +185,7 @@ pub(crate) mod arm { #[cfg(not(target_arch = "wasm32"))] impl Feature { + #[allow(clippy::needless_return)] #[inline(always)] pub fn available(&self, _: super::Features) -> bool { #[cfg(all(target_os = "ios", any(target_arch = "arm", target_arch = "aarch64")))] @@ -261,6 +262,7 @@ pub(crate) mod intel { } impl Feature { + #[allow(clippy::needless_return)] #[inline(always)] pub fn available(&self, _: super::Features) -> bool { #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] From d8d800b7bff2a4e7a5deec7673df4c8ce77e101a Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 11:32:50 -0800 Subject: [PATCH 233/399] Address `clippy::needless_doctest_main`. --- src/signature.rs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/signature.rs b/src/signature.rs index c99c8e62bb..bef92dc4b8 100644 --- a/src/signature.rs +++ b/src/signature.rs @@ -132,7 +132,7 @@ //! signature::{self, KeyPair}, //! }; //! -//! # fn sign_and_verify_ed25519() -> Result<(), ring::error::Unspecified> { +//! # fn main() -> Result<(), ring::error::Unspecified> { //! // Generate a key pair in PKCS#8 (v2) format. //! let rng = rand::SystemRandom::new(); //! let pkcs8_bytes = signature::Ed25519KeyPair::generate_pkcs8(&rng)?; @@ -160,8 +160,6 @@ //! //! # Ok(()) //! # } -//! -//! # fn main() { sign_and_verify_ed25519().unwrap() } //! ``` //! //! ## Signing and verifying with RSA (PKCS#1 1.5 padding) From 08f7f0d424d2ea5207e3f599a552e4ee8cac3359 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 11:39:42 -0800 Subject: [PATCH 234/399] RSA: Take Clippy's advice about `into_iter()`. --- src/rsa/padding.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rsa/padding.rs b/src/rsa/padding.rs index 82f5b99c2e..e88d6ed6bd 100644 --- a/src/rsa/padding.rs +++ b/src/rsa/padding.rs @@ -278,7 +278,7 @@ impl RsaEncoding for PSS { { // Steps 7. - let masked_db = masked_db.into_iter(); + let masked_db = masked_db.iter_mut(); // `PS` is all zero bytes, so skipping `ps_len` bytes is equivalent // to XORing `PS` onto `db`. let mut masked_db = masked_db.skip(metrics.ps_len); From c96ff34d3e1b301298311034da6398fb87127bec Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 11:42:34 -0800 Subject: [PATCH 235/399] RSA: Take Clippy's advice about needless `as_ref()`. --- src/rsa/padding.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rsa/padding.rs b/src/rsa/padding.rs index e88d6ed6bd..f6b4cf6c74 100644 --- a/src/rsa/padding.rs +++ b/src/rsa/padding.rs @@ -99,7 +99,7 @@ impl Verification for PKCS1 { let mut calculated = [0u8; PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN]; let calculated = &mut calculated[..mod_bits.as_usize_bytes_rounded_up()]; pkcs1_encode(&self, m_hash, calculated); - if m.read_bytes_to_end() != *calculated.as_ref() { + if m.read_bytes_to_end() != *calculated { return Err(error::Unspecified); } Ok(()) From cc5e4d39fafe5552f4c0bce952183c0a5a850ab2 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 11:44:27 -0800 Subject: [PATCH 236/399] Arithmetic: Remove useless clones of `Copy` types. --- src/arithmetic/bigint.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/arithmetic/bigint.rs b/src/arithmetic/bigint.rs index dfeeb8bfdf..2f59a133fa 100644 --- a/src/arithmetic/bigint.rs +++ b/src/arithmetic/bigint.rs @@ -85,7 +85,7 @@ impl Clone for BoxedLimbs { fn clone(&self) -> Self { Self { limbs: self.limbs.clone(), - m: self.m.clone(), + m: self.m, } } } @@ -388,7 +388,7 @@ impl Clone for Elem { fn clone(&self) -> Self { Self { limbs: self.limbs.clone(), - encoding: self.encoding.clone(), + encoding: self.encoding, } } } From bfadec5966b8547e63bc92205c460e6d967da817 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 11:49:49 -0800 Subject: [PATCH 237/399] Arithmetic: Remove redundant `to_owned()`. --- src/arithmetic/bigint.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/arithmetic/bigint.rs b/src/arithmetic/bigint.rs index 2f59a133fa..5fdf11e3c2 100644 --- a/src/arithmetic/bigint.rs +++ b/src/arithmetic/bigint.rs @@ -136,7 +136,7 @@ impl BoxedLimbs { fn zero(width: Width) -> Self { Self { - limbs: vec![0; width.num_limbs].to_owned().into_boxed_slice(), + limbs: vec![0; width.num_limbs].into_boxed_slice(), m: PhantomData, } } From ad3a361595bb28651a81e58ed916fff980072871 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 11:53:05 -0800 Subject: [PATCH 238/399] Endian: Address Clippy `declare_interior_mutable_const` warning. --- src/endian.rs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/endian.rs b/src/endian.rs index 77ecd91e2d..bb956dcd80 100644 --- a/src/endian.rs +++ b/src/endian.rs @@ -2,7 +2,12 @@ use core::{convert::TryInto, num::Wrapping}; /// An `Encoding` of a type `T` can be converted to/from its byte /// representation without any byte swapping or other computation. -pub trait Encoding: From + Into { +/// +/// The `Self: Copy` constraint addresses `clippy::declare_interior_mutable_const`. +pub trait Encoding: From + Into +where + Self: Copy, +{ const ZERO: Self; } From b11899b006224783682827242e1d3e0eae71df25 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 12:09:35 -0800 Subject: [PATCH 239/399] RSA tests: Remove redundant `'static` lifetime annotation. --- src/rsa/signing.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/rsa/signing.rs b/src/rsa/signing.rs index 4275facb6b..52d857d302 100644 --- a/src/rsa/signing.rs +++ b/src/rsa/signing.rs @@ -620,8 +620,7 @@ mod tests { const MESSAGE: &[u8] = b"hello, world"; let rng = rand::SystemRandom::new(); - const PRIVATE_KEY_DER: &'static [u8] = - include_bytes!("signature_rsa_example_private_key.der"); + const PRIVATE_KEY_DER: &[u8] = include_bytes!("signature_rsa_example_private_key.der"); let key_pair = signature::RsaKeyPair::from_der(PRIVATE_KEY_DER).unwrap(); // The output buffer is one byte too short. From bd39a3c1c2343fe649f1b611451f537b6c638a8f Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 12:11:00 -0800 Subject: [PATCH 240/399] ECC tests: Remove redundant clones. --- src/ec/suite_b/ops.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ec/suite_b/ops.rs b/src/ec/suite_b/ops.rs index a9fbc07bf6..b0d1da7aa0 100644 --- a/src/ec/suite_b/ops.rs +++ b/src/ec/suite_b/ops.rs @@ -489,11 +489,11 @@ mod tests { let b = consume_elem(cops, test_case, "b"); let expected_sum = consume_elem(cops, test_case, "r"); - let mut actual_sum = a.clone(); + let mut actual_sum = a; ops.public_key_ops.common.elem_add(&mut actual_sum, &b); assert_limbs_are_equal(cops, &actual_sum.limbs, &expected_sum.limbs); - let mut actual_sum = b.clone(); + let mut actual_sum = b; ops.public_key_ops.common.elem_add(&mut actual_sum, &a); assert_limbs_are_equal(cops, &actual_sum.limbs, &expected_sum.limbs); From 1f11e13c96d18fc8c62eba4036bb3882143f8876 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 12:12:15 -0800 Subject: [PATCH 241/399] Arithmetic tests: Remove redundant `vec!`. --- src/arithmetic/bigint.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/arithmetic/bigint.rs b/src/arithmetic/bigint.rs index 5fdf11e3c2..d5e4b4d84c 100644 --- a/src/arithmetic/bigint.rs +++ b/src/arithmetic/bigint.rs @@ -1528,7 +1528,7 @@ mod tests { #[test] fn test_modulus_debug() { let (modulus, _) = Modulus::::from_be_bytes_with_bit_length(untrusted::Input::from( - &vec![0xff; LIMB_BYTES * MODULUS_MIN_LIMBS], + &[0xff; LIMB_BYTES * MODULUS_MIN_LIMBS], )) .unwrap(); assert_eq!("Modulus", format!("{:?}", modulus)); From bc2d01adfbd6c2a96e5d7c4ba6552e338ba360fb Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 12:13:20 -0800 Subject: [PATCH 242/399] Agreement tests: Address `clippy::needless_return`. --- tests/agreement_tests.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/agreement_tests.rs b/tests/agreement_tests.rs index 7e4152d139..99d4a5e7e8 100644 --- a/tests/agreement_tests.rs +++ b/tests/agreement_tests.rs @@ -134,7 +134,7 @@ fn agreement_agree_ephemeral() { } } - return Ok(()); + Ok(()) }); } From 9e95efe33a96706612b53f5e5f0ec2471c31db8e Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 12:27:31 -0800 Subject: [PATCH 243/399] Endian: Remove redundant lifetime annotations. --- src/endian.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/endian.rs b/src/endian.rs index bb956dcd80..01f75db2f6 100644 --- a/src/endian.rs +++ b/src/endian.rs @@ -54,7 +54,7 @@ macro_rules! impl_as_ref { impl ArrayEncoding<[u8; $elems * core::mem::size_of::<$base>()]> for [$endian<$base>; $elems] { - fn as_byte_array<'a>(&'a self) -> &'a [u8; $elems * core::mem::size_of::<$base>()] { + fn as_byte_array(&self) -> &[u8; $elems * core::mem::size_of::<$base>()] { as_byte_slice(self).try_into().unwrap() } } From 94ac46c5360faed25ca228542e21bc851b09fbc2 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 12:29:20 -0800 Subject: [PATCH 244/399] ECC tests: Take Clippy's `ptr_arg` advice. --- src/ec/suite_b/ops.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ec/suite_b/ops.rs b/src/ec/suite_b/ops.rs index b0d1da7aa0..176d89e2de 100644 --- a/src/ec/suite_b/ops.rs +++ b/src/ec/suite_b/ops.rs @@ -1070,7 +1070,7 @@ mod tests { p } - fn consume_point_elem(ops: &CommonOps, limbs_out: &mut [Limb], elems: &Vec<&str>, i: usize) { + fn consume_point_elem(ops: &CommonOps, limbs_out: &mut [Limb], elems: &[&str], i: usize) { let bytes = test::from_hex(elems[i]).unwrap(); let bytes = untrusted::Input::from(&bytes); let r: Elem = elem_parse_big_endian_fixed_consttime(ops, bytes).unwrap(); @@ -1085,7 +1085,7 @@ mod tests { } fn consume_point(ops: &PrivateKeyOps, test_case: &mut test::TestCase, name: &str) -> TestPoint { - fn consume_point_elem(ops: &CommonOps, elems: &Vec<&str>, i: usize) -> Elem { + fn consume_point_elem(ops: &CommonOps, elems: &[&str], i: usize) -> Elem { let bytes = test::from_hex(elems[i]).unwrap(); let bytes = untrusted::Input::from(&bytes); let unencoded: Elem = From deb6bd9fb9fc7ebe4d94bdb336e49d077acaac5f Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 12:36:51 -0800 Subject: [PATCH 245/399] Tests: Take Clippy's about unused mut. --- src/ec/suite_b/ops.rs | 4 ++-- src/hmac.rs | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/ec/suite_b/ops.rs b/src/ec/suite_b/ops.rs index 176d89e2de..c616aca39d 100644 --- a/src/ec/suite_b/ops.rs +++ b/src/ec/suite_b/ops.rs @@ -690,10 +690,10 @@ mod tests { test::run(test_file, |section, test_case| { assert_eq!(section, ""); let cops = ops.common; - let mut a = consume_scalar(cops, test_case, "a"); + let a = consume_scalar(cops, test_case, "a"); let b = consume_scalar_mont(cops, test_case, "b"); let expected_result = consume_scalar(cops, test_case, "r"); - let actual_result = ops.scalar_product(&mut a, &b); + let actual_result = ops.scalar_product(&a, &b); assert_limbs_are_equal(cops, &actual_result.limbs, &expected_result.limbs); Ok(()) diff --git a/src/hmac.rs b/src/hmac.rs index 210d44f9ff..a13679f7f4 100644 --- a/src/hmac.rs +++ b/src/hmac.rs @@ -363,7 +363,7 @@ mod tests { // completely wacky. #[test] pub fn hmac_signing_key_coverage() { - let mut rng = rand::SystemRandom::new(); + let rng = rand::SystemRandom::new(); const HELLO_WORLD_GOOD: &[u8] = b"hello, world"; const HELLO_WORLD_BAD: &[u8] = b"hello, worle"; @@ -374,7 +374,7 @@ mod tests { hmac::HMAC_SHA384, hmac::HMAC_SHA512, ] { - let key = hmac::Key::generate(*algorithm, &mut rng).unwrap(); + let key = hmac::Key::generate(*algorithm, &rng).unwrap(); let tag = hmac::sign(&key, HELLO_WORLD_GOOD); assert!(hmac::verify(&key, HELLO_WORLD_GOOD, tag.as_ref()).is_ok()); assert!(hmac::verify(&key, HELLO_WORLD_BAD, tag.as_ref()).is_err()) From 26ed1b7adcced0eb0d4e24030777045fc6bd1d9d Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 12:38:00 -0800 Subject: [PATCH 246/399] AEAD: Silence`clippy::large_enum_variant`. --- src/aead.rs | 2 +- src/aead/quic.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/aead.rs b/src/aead.rs index 989b0b9479..4d6bdb7904 100644 --- a/src/aead.rs +++ b/src/aead.rs @@ -398,7 +398,7 @@ impl core::fmt::Debug for UnboundKey { } } -#[allow(variant_size_differences)] +#[allow(clippy::large_enum_variant, variant_size_differences)] enum KeyInner { AesGcm(aes_gcm::Key), ChaCha20Poly1305(chacha20_poly1305::Key), diff --git a/src/aead/quic.rs b/src/aead/quic.rs index e83e076c77..ac667aeda1 100644 --- a/src/aead/quic.rs +++ b/src/aead/quic.rs @@ -28,7 +28,7 @@ pub struct HeaderProtectionKey { algorithm: &'static Algorithm, } -#[allow(variant_size_differences)] +#[allow(clippy::large_enum_variant, variant_size_differences)] enum KeyInner { Aes(aes::Key), ChaCha20(chacha::Key), From 898a93f63223367030382a3f14ad0f8991984356 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 12:46:57 -0800 Subject: [PATCH 247/399] Tests: Silence some Clippy warnings. --- src/aead/poly1305.rs | 1 + tests/aead_tests.rs | 4 ++++ tests/agreement_tests.rs | 1 + tests/quic_tests.rs | 1 + 4 files changed, 7 insertions(+) diff --git a/src/aead/poly1305.rs b/src/aead/poly1305.rs index b903a6af12..1d62749fea 100644 --- a/src/aead/poly1305.rs +++ b/src/aead/poly1305.rs @@ -101,6 +101,7 @@ impl Context { #[cfg(test)] pub fn check_state_layout() { + #[allow(clippy::if_same_then_else)] let required_state_size = if cfg!(target_arch = "x86") { // See comment above `_poly1305_init_sse2` in poly1305-x86.pl. Some(4 * (5 + 1 + 4 + 2 + 4 * 9)) diff --git a/tests/aead_tests.rs b/tests/aead_tests.rs index 0fc7ff18e8..cf34ab858f 100644 --- a/tests/aead_tests.rs +++ b/tests/aead_tests.rs @@ -212,6 +212,7 @@ fn test_aead( if cfg!(debug_assertions) { in_prefix_lengths = &MINIMAL_IN_PREFIX_LENS[..]; } else { + #[allow(clippy::needless_range_loop)] for b in 0..more_comprehensive_in_prefix_lengths.len() { more_comprehensive_in_prefix_lengths[b] = b; } @@ -300,6 +301,7 @@ fn open_with_less_safe_key<'a>( key.open_within(nonce, aad, in_out, ciphertext_and_tag) } +#[allow(clippy::range_plus_one)] fn test_aead_key_sizes(aead_alg: &'static aead::Algorithm) { let key_len = aead_alg.key_len(); let key_data = vec![0u8; key_len * 2]; @@ -327,6 +329,7 @@ fn test_aead_key_sizes(aead_alg: &'static aead::Algorithm) { } // Test that we reject non-standard nonce sizes. +#[allow(clippy::range_plus_one)] #[test] fn test_aead_nonce_sizes() -> Result<(), error::Unspecified> { let nonce_len = aead::NONCE_LEN; @@ -350,6 +353,7 @@ fn test_aead_nonce_sizes() -> Result<(), error::Unspecified> { target_arch = "x86_64", target_arch = "x86" ))] +#[allow(clippy::range_plus_one)] #[test] fn aead_chacha20_poly1305_openssh() { // TODO: test_aead_key_sizes(...); diff --git a/tests/agreement_tests.rs b/tests/agreement_tests.rs index 99d4a5e7e8..43f62d291d 100644 --- a/tests/agreement_tests.rs +++ b/tests/agreement_tests.rs @@ -77,6 +77,7 @@ fn agreement_traits<'a>() { ); } +#[allow(clippy::block_in_if_condition_stmt)] #[test] fn agreement_agree_ephemeral() { let rng = rand::SystemRandom::new(); diff --git a/tests/quic_tests.rs b/tests/quic_tests.rs index 472938f87d..3e9689cd59 100644 --- a/tests/quic_tests.rs +++ b/tests/quic_tests.rs @@ -64,6 +64,7 @@ fn test_quic(alg: &'static quic::Algorithm, test_file: test::File) { }); } +#[allow(clippy::range_plus_one)] fn test_sample_len(alg: &'static quic::Algorithm) { let key_len = alg.key_len(); let key_data = vec![0u8; key_len]; From ded14f067e789047d76073c11891c7a71738b165 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 12:49:26 -0800 Subject: [PATCH 248/399] Agreement Tests: Remove unneeded lifetime annotations. --- tests/agreement_tests.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/agreement_tests.rs b/tests/agreement_tests.rs index 43f62d291d..0cd06f3a37 100644 --- a/tests/agreement_tests.rs +++ b/tests/agreement_tests.rs @@ -35,7 +35,7 @@ extern crate alloc; use ring::{agreement, error, rand, test, test_file}; #[test] -fn agreement_traits<'a>() { +fn agreement_traits() { use alloc::vec::Vec; let rng = rand::SystemRandom::new(); @@ -61,9 +61,9 @@ fn agreement_traits<'a>() { // TODO: Test the actual output. let _: &dyn core::fmt::Debug = &public_key; - test::compile_time_assert_clone::>(); - test::compile_time_assert_copy::>(); - test::compile_time_assert_sync::>(); + test::compile_time_assert_clone::>(); + test::compile_time_assert_copy::>(); + test::compile_time_assert_sync::>(); test::compile_time_assert_clone::>>(); test::compile_time_assert_sync::>>(); From 5fe025b16ed0e4c3c772334b4088dc43faba55bc Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 12:50:07 -0800 Subject: [PATCH 249/399] AEAD tests: Remove useless `let () =`. --- tests/aead_tests.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/aead_tests.rs b/tests/aead_tests.rs index cf34ab858f..d0a8b2336f 100644 --- a/tests/aead_tests.rs +++ b/tests/aead_tests.rs @@ -384,7 +384,7 @@ fn aead_chacha20_poly1305_openssh() { let mut tag = [0u8; aead::chacha20_poly1305_openssh::TAG_LEN]; let mut s_in_out = plaintext.clone(); let s_key = aead::chacha20_poly1305_openssh::SealingKey::new(&key_bytes); - let () = s_key.seal_in_place(sequence_num, &mut s_in_out[..], &mut tag); + s_key.seal_in_place(sequence_num, &mut s_in_out[..], &mut tag); assert_eq!(&ct, &s_in_out); assert_eq!(&expected_tag, &tag); let o_key = aead::chacha20_poly1305_openssh::OpeningKey::new(&key_bytes); From 3de43630d9a59aed3d6bbf95b4a17f339c8f9d08 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 12:51:17 -0800 Subject: [PATCH 250/399] ED25519 tests: Remove useless static lifetime annotation. --- tests/ed25519_tests.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ed25519_tests.rs b/tests/ed25519_tests.rs index 0289362162..29dfb71e37 100644 --- a/tests/ed25519_tests.rs +++ b/tests/ed25519_tests.rs @@ -155,7 +155,7 @@ fn test_ed25519_from_pkcs8() { fn ed25519_test_public_key_coverage() { const PRIVATE_KEY: &[u8] = include_bytes!("ed25519_test_private_key.p8"); const PUBLIC_KEY: &[u8] = include_bytes!("ed25519_test_public_key.der"); - const PUBLIC_KEY_DEBUG: &'static str = + const PUBLIC_KEY_DEBUG: &str = "PublicKey(\"5809e9fef6dcec58f0f2e3b0d67e9880a11957e083ace85835c3b6c8fbaf6b7d\")"; let key_pair = signature::Ed25519KeyPair::from_pkcs8(PRIVATE_KEY).unwrap(); From aa7a962f9fcc6a6bce7a46cfb62c5d4333a79d0c Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 12:52:28 -0800 Subject: [PATCH 251/399] Constant-time tests: Remove useless clone. --- tests/constant_time_tests.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/constant_time_tests.rs b/tests/constant_time_tests.rs index 37bcebd93b..8ffd2e57ac 100644 --- a/tests/constant_time_tests.rs +++ b/tests/constant_time_tests.rs @@ -28,7 +28,7 @@ fn test_verify_slices_are_equal() { let initial: [u8; 256] = rand::generate(&rand::SystemRandom::new()).unwrap().expose(); { - let copy = initial.clone(); + let copy = initial; for len in 0..copy.len() { // Not equal because the lengths do not match. assert_eq!( From bd7f4ca82d681c92483e69ba541dab4c9bb17263 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 12:58:35 -0800 Subject: [PATCH 252/399] AEAD tests: Take Clippy's advice regarding `op_ref`. --- tests/aead_tests.rs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tests/aead_tests.rs b/tests/aead_tests.rs index d0a8b2336f..7289ec70db 100644 --- a/tests/aead_tests.rs +++ b/tests/aead_tests.rs @@ -208,16 +208,15 @@ fn test_aead( ]; let mut more_comprehensive_in_prefix_lengths = [0; 4096]; - let in_prefix_lengths; - if cfg!(debug_assertions) { - in_prefix_lengths = &MINIMAL_IN_PREFIX_LENS[..]; + let in_prefix_lengths = if cfg!(debug_assertions) { + &MINIMAL_IN_PREFIX_LENS[..] } else { #[allow(clippy::needless_range_loop)] for b in 0..more_comprehensive_in_prefix_lengths.len() { more_comprehensive_in_prefix_lengths[b] = b; } - in_prefix_lengths = &more_comprehensive_in_prefix_lengths[..]; - } + &more_comprehensive_in_prefix_lengths[..] + }; let mut o_in_out = vec![123u8; 4096]; for in_prefix_len in in_prefix_lengths.iter() { From 524c37bacece0dfa6ac918c6d9cab912603481f8 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 13:04:39 -0800 Subject: [PATCH 253/399] ECDSA/ED25519 tests: Improve Copy/Clone tests based on Clippy's feedback. --- tests/ecdsa_tests.rs | 8 +++++--- tests/ed25519_tests.rs | 6 +++++- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/tests/ecdsa_tests.rs b/tests/ecdsa_tests.rs index d0d728d043..4e47aadb73 100644 --- a/tests/ecdsa_tests.rs +++ b/tests/ecdsa_tests.rs @@ -209,9 +209,11 @@ fn ecdsa_test_public_key_coverage() { assert_eq!(key_pair.public_key().as_ref(), PUBLIC_KEY); // Test `Clone`. - { - let _ = key_pair.public_key().clone(); - } + #[allow(clippy::clone_on_copy)] + let _: ::PublicKey = key_pair.public_key().clone(); + + // Test `Copy`. + let _: ::PublicKey = *key_pair.public_key(); // Test `Debug`. assert_eq!(PUBLIC_KEY_DEBUG, format!("{:?}", key_pair.public_key())); diff --git a/tests/ed25519_tests.rs b/tests/ed25519_tests.rs index 29dfb71e37..9d177c1418 100644 --- a/tests/ed25519_tests.rs +++ b/tests/ed25519_tests.rs @@ -164,7 +164,11 @@ fn ed25519_test_public_key_coverage() { assert_eq!(key_pair.public_key().as_ref(), PUBLIC_KEY); // Test `Clone`. - let _ = key_pair.public_key().clone(); + #[allow(clippy::clone_on_copy)] + let _: ::PublicKey = key_pair.public_key().clone(); + + // Test `Copy`. + let _: ::PublicKey = *key_pair.public_key(); // Test `Debug`. assert_eq!(PUBLIC_KEY_DEBUG, format!("{:?}", key_pair.public_key())); From 8015140fa6f1e7db3c7f68a35eb5b7ce72492445 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 13:08:37 -0800 Subject: [PATCH 254/399] Constant-time tests: Replace clone with copy. --- tests/constant_time_tests.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/constant_time_tests.rs b/tests/constant_time_tests.rs index 8ffd2e57ac..7390d5ac6f 100644 --- a/tests/constant_time_tests.rs +++ b/tests/constant_time_tests.rs @@ -50,7 +50,7 @@ fn test_verify_slices_are_equal() { for i in 0..initial.len() { for bit in 0..8 { - let mut copy = initial.clone(); + let mut copy = initial; copy[i] ^= 1u8 << bit; for len in 0..=initial.len() { From cb45bf0ddcf575b176e026fb951479b1bf383c23 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 13:09:36 -0800 Subject: [PATCH 255/399] Constant-time tests: Take Clippy's `op_ref` advice. --- tests/constant_time_tests.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/constant_time_tests.rs b/tests/constant_time_tests.rs index 7390d5ac6f..422ab2c8b9 100644 --- a/tests/constant_time_tests.rs +++ b/tests/constant_time_tests.rs @@ -67,7 +67,7 @@ fn test_verify_slices_are_equal() { // The flipped bit is outside of `b` so `a` and `b` are equal. Ok(()) }; - assert_eq!((&a == &b), expected_result.is_ok()); // Sanity check. + assert_eq!(a == b, expected_result.is_ok()); // Sanity check. assert_eq!( constant_time::verify_slices_are_equal(&a, &b), expected_result From 3b1ece45ef9166a3a3329624b3dbcfe195248a48 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 14:52:03 -0800 Subject: [PATCH 256/399] Add clippy job to GitHub Actions. --- .github/workflows/ci.yml | 18 ++++++++++++++++++ src/aead/block.rs | 1 + 2 files changed, 19 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c0bd893dd4..b61580e4e0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,6 +18,24 @@ jobs: - uses: actions/checkout@v2 - run: cargo fmt --all -- --check + clippy: + # Don't run duplicate `push` jobs for the repo owner's PRs. + if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository + + runs-on: ubuntu-18.04 + + steps: + - uses: actions-rs/toolchain@v1 + with: + toolchain: 1.37.0 + profile: minimal + components: clippy + + - uses: actions/checkout@v2 + + # TODO: Add `--all-features`: + - run: cargo +1.37.0 clippy ---all-targets -- --deny warnings + test: # Don't run duplicate `push` jobs for the repo owner's PRs. if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository diff --git a/src/aead/block.rs b/src/aead/block.rs index 658ac22d44..157f8ad842 100644 --- a/src/aead/block.rs +++ b/src/aead/block.rs @@ -87,6 +87,7 @@ impl From<&'_ [u8; BLOCK_LEN]> for Block { } impl AsRef<[u8; BLOCK_LEN]> for Block { + #[allow(clippy::transmute_ptr_to_ptr)] #[inline] fn as_ref(&self) -> &[u8; BLOCK_LEN] { unsafe { core::mem::transmute(self) } From 72dab40d97790706dfb681d2ecbef1eeed5c3115 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 11 Nov 2020 17:09:28 -0800 Subject: [PATCH 257/399] CI/CD: Add cargo deny job to GitHub Actions. --- .github/workflows/ci.yml | 18 ++++++++++++++++++ deny.toml | 28 ++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 deny.toml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b61580e4e0..f78cb53eba 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,6 +36,24 @@ jobs: # TODO: Add `--all-features`: - run: cargo +1.37.0 clippy ---all-targets -- --deny warnings + deny: + # Don't run duplicate `push` jobs for the repo owner's PRs. + if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository + + runs-on: ubuntu-18.04 + + steps: + - uses: actions-rs/toolchain@v1 + with: + toolchain: stable + profile: minimal + + - run: cargo install cargo-deny + + - uses: actions/checkout@v2 + + - run: cargo deny check + test: # Don't run duplicate `push` jobs for the repo owner's PRs. if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository diff --git a/deny.toml b/deny.toml new file mode 100644 index 0000000000..b2199ba87a --- /dev/null +++ b/deny.toml @@ -0,0 +1,28 @@ +[advisories] +unmaintained = "deny" +yanked = "deny" +notice = "deny" + +[licenses] +allow = [ + "Apache-2.0", + "ISC", + "LicenseRef-ring", + "MIT", +] +confidence-threshold = 1.0 + +[[licenses.clarify]] +name = "ring" +expression = "LicenseRef-ring" +license-files = [ + { path = "LICENSE", hash = 0xbd0eed23 }, +] + +[bans] +multiple-versions = "deny" +wildcards = "deny" + +[sources] +unknown-registry = "deny" +unknown-git = "deny" From 7a26f97c9f296e587ee325348a62c1d5ba24a60a Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 10 Nov 2020 00:56:04 -0500 Subject: [PATCH 258/399] Reformat and convert comments in asn1.h. Some of the X509 functions are hard to document without first documenting the ASN.1 types themselves. (ASN1_TYPE's goofy representation is leaked everywhere.) Change-Id: I0adcf055414925f9e39c8293cbd42d29f0db3143 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44044 Reviewed-by: Adam Langley --- .clang-format | 10 + include/openssl/asn1.h | 1055 ++++++++++++++++++++-------------------- 2 files changed, 544 insertions(+), 521 deletions(-) diff --git a/.clang-format b/.clang-format index 55644fa327..eee2a9ca94 100644 --- a/.clang-format +++ b/.clang-format @@ -10,6 +10,16 @@ PointerAlignment: Right IncludeBlocks: Preserve TypenameMacros: ['LHASH_OF', 'STACK_OF'] StatementMacros: + - "DECLARE_ASN1_ALLOC_FUNCTIONS" + - "DECLARE_ASN1_ALLOC_FUNCTIONS_name" + - "DECLARE_ASN1_ENCODE_FUNCTIONS" + - "DECLARE_ASN1_ENCODE_FUNCTIONS_const" + - "DECLARE_ASN1_FUNCTIONS" + - "DECLARE_ASN1_FUNCTIONS_const" + - "DECLARE_ASN1_FUNCTIONS_fname" + - "DECLARE_ASN1_FUNCTIONS_name" + - "DECLARE_ASN1_PRINT_FUNCTION" + - "DECLARE_ASN1_PRINT_FUNCTION_fname" - "DECLARE_PEM_read" - "DECLARE_PEM_read_bio" - "DECLARE_PEM_read_fp" diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 439641fc45..289717175c 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -4,21 +4,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -33,10 +33,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -48,7 +48,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -67,392 +67,376 @@ #include -#ifdef __cplusplus +#ifdef __cplusplus extern "C" { #endif -/* Legacy ASN.1 library. - * - * This header is part of OpenSSL's ASN.1 implementation. It is retained for - * compatibility but otherwise underdocumented and not actively maintained. Use - * the new |CBS| and |CBB| library in instead. */ - - -#define V_ASN1_UNIVERSAL 0x00 -#define V_ASN1_APPLICATION 0x40 -#define V_ASN1_CONTEXT_SPECIFIC 0x80 -#define V_ASN1_PRIVATE 0xc0 - -#define V_ASN1_CONSTRUCTED 0x20 -#define V_ASN1_PRIMITIVE_TAG 0x1f - -#define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */ -#define V_ASN1_OTHER -3 /* used in ASN1_TYPE */ -#define V_ASN1_ANY -4 /* used in ASN1 template code */ - -#define V_ASN1_NEG 0x100 /* negative flag */ -/* No supported universal tags may exceed this value, to avoid ambiguity with - * V_ASN1_NEG. */ -#define V_ASN1_MAX_UNIVERSAL 0xff - -#define V_ASN1_UNDEF -1 -#define V_ASN1_EOC 0 -#define V_ASN1_BOOLEAN 1 /**/ -#define V_ASN1_INTEGER 2 -#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) -#define V_ASN1_BIT_STRING 3 -#define V_ASN1_OCTET_STRING 4 -#define V_ASN1_NULL 5 -#define V_ASN1_OBJECT 6 -#define V_ASN1_OBJECT_DESCRIPTOR 7 -#define V_ASN1_EXTERNAL 8 -#define V_ASN1_REAL 9 -#define V_ASN1_ENUMERATED 10 -#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) -#define V_ASN1_UTF8STRING 12 -#define V_ASN1_SEQUENCE 16 -#define V_ASN1_SET 17 -#define V_ASN1_NUMERICSTRING 18 /**/ -#define V_ASN1_PRINTABLESTRING 19 -#define V_ASN1_T61STRING 20 -#define V_ASN1_TELETEXSTRING 20 /* alias */ -#define V_ASN1_VIDEOTEXSTRING 21 /**/ -#define V_ASN1_IA5STRING 22 -#define V_ASN1_UTCTIME 23 -#define V_ASN1_GENERALIZEDTIME 24 /**/ -#define V_ASN1_GRAPHICSTRING 25 /**/ -#define V_ASN1_ISO64STRING 26 /**/ -#define V_ASN1_VISIBLESTRING 26 /* alias */ -#define V_ASN1_GENERALSTRING 27 /**/ -#define V_ASN1_UNIVERSALSTRING 28 /**/ -#define V_ASN1_BMPSTRING 30 - -/* For use with d2i_ASN1_type_bytes() */ -#define B_ASN1_NUMERICSTRING 0x0001 -#define B_ASN1_PRINTABLESTRING 0x0002 -#define B_ASN1_T61STRING 0x0004 -#define B_ASN1_TELETEXSTRING 0x0004 -#define B_ASN1_VIDEOTEXSTRING 0x0008 -#define B_ASN1_IA5STRING 0x0010 -#define B_ASN1_GRAPHICSTRING 0x0020 -#define B_ASN1_ISO64STRING 0x0040 -#define B_ASN1_VISIBLESTRING 0x0040 -#define B_ASN1_GENERALSTRING 0x0080 -#define B_ASN1_UNIVERSALSTRING 0x0100 -#define B_ASN1_OCTET_STRING 0x0200 -#define B_ASN1_BIT_STRING 0x0400 -#define B_ASN1_BMPSTRING 0x0800 -#define B_ASN1_UNKNOWN 0x1000 -#define B_ASN1_UTF8STRING 0x2000 -#define B_ASN1_UTCTIME 0x4000 -#define B_ASN1_GENERALIZEDTIME 0x8000 -#define B_ASN1_SEQUENCE 0x10000 - -/* For use with ASN1_mbstring_copy() */ -#define MBSTRING_FLAG 0x1000 -#define MBSTRING_UTF8 (MBSTRING_FLAG) -/* |MBSTRING_ASC| refers to Latin-1, not ASCII. It is used with TeletexString - * which, in turn, is treated as Latin-1 rather than T.61 by OpenSSL and most - * other software. */ -#define MBSTRING_ASC (MBSTRING_FLAG|1) -#define MBSTRING_BMP (MBSTRING_FLAG|2) -#define MBSTRING_UNIV (MBSTRING_FLAG|4) - -#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */ -#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */ - -/* These are used internally in the ASN1_OBJECT to keep track of - * whether the names and data need to be free()ed */ -#define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */ -#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 /* internal use */ -#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */ -struct asn1_object_st - { - const char *sn,*ln; - int nid; - int length; - const unsigned char *data; /* data remains const after init */ - int flags; /* Should we free this one */ - }; +// Legacy ASN.1 library. +// +// This header is part of OpenSSL's ASN.1 implementation. It is retained for +// compatibility but otherwise underdocumented and not actively maintained. Use +// the new |CBS| and |CBB| library in instead. + + +#define V_ASN1_UNIVERSAL 0x00 +#define V_ASN1_APPLICATION 0x40 +#define V_ASN1_CONTEXT_SPECIFIC 0x80 +#define V_ASN1_PRIVATE 0xc0 + +#define V_ASN1_CONSTRUCTED 0x20 +#define V_ASN1_PRIMITIVE_TAG 0x1f + +#define V_ASN1_APP_CHOOSE -2 // let the recipient choose +#define V_ASN1_OTHER -3 // used in ASN1_TYPE +#define V_ASN1_ANY -4 // used in ASN1 template code + +#define V_ASN1_NEG 0x100 // negative flag +// No supported universal tags may exceed this value, to avoid ambiguity with +// V_ASN1_NEG. +#define V_ASN1_MAX_UNIVERSAL 0xff + +#define V_ASN1_UNDEF -1 +#define V_ASN1_EOC 0 +#define V_ASN1_BOOLEAN 1 // +#define V_ASN1_INTEGER 2 +#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +#define V_ASN1_BIT_STRING 3 +#define V_ASN1_OCTET_STRING 4 +#define V_ASN1_NULL 5 +#define V_ASN1_OBJECT 6 +#define V_ASN1_OBJECT_DESCRIPTOR 7 +#define V_ASN1_EXTERNAL 8 +#define V_ASN1_REAL 9 +#define V_ASN1_ENUMERATED 10 +#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) +#define V_ASN1_UTF8STRING 12 +#define V_ASN1_SEQUENCE 16 +#define V_ASN1_SET 17 +#define V_ASN1_NUMERICSTRING 18 // +#define V_ASN1_PRINTABLESTRING 19 +#define V_ASN1_T61STRING 20 +#define V_ASN1_TELETEXSTRING 20 // alias +#define V_ASN1_VIDEOTEXSTRING 21 // +#define V_ASN1_IA5STRING 22 +#define V_ASN1_UTCTIME 23 +#define V_ASN1_GENERALIZEDTIME 24 // +#define V_ASN1_GRAPHICSTRING 25 // +#define V_ASN1_ISO64STRING 26 // +#define V_ASN1_VISIBLESTRING 26 // alias +#define V_ASN1_GENERALSTRING 27 // +#define V_ASN1_UNIVERSALSTRING 28 // +#define V_ASN1_BMPSTRING 30 + +// For use with d2i_ASN1_type_bytes() +#define B_ASN1_NUMERICSTRING 0x0001 +#define B_ASN1_PRINTABLESTRING 0x0002 +#define B_ASN1_T61STRING 0x0004 +#define B_ASN1_TELETEXSTRING 0x0004 +#define B_ASN1_VIDEOTEXSTRING 0x0008 +#define B_ASN1_IA5STRING 0x0010 +#define B_ASN1_GRAPHICSTRING 0x0020 +#define B_ASN1_ISO64STRING 0x0040 +#define B_ASN1_VISIBLESTRING 0x0040 +#define B_ASN1_GENERALSTRING 0x0080 +#define B_ASN1_UNIVERSALSTRING 0x0100 +#define B_ASN1_OCTET_STRING 0x0200 +#define B_ASN1_BIT_STRING 0x0400 +#define B_ASN1_BMPSTRING 0x0800 +#define B_ASN1_UNKNOWN 0x1000 +#define B_ASN1_UTF8STRING 0x2000 +#define B_ASN1_UTCTIME 0x4000 +#define B_ASN1_GENERALIZEDTIME 0x8000 +#define B_ASN1_SEQUENCE 0x10000 + +// For use with ASN1_mbstring_copy() +#define MBSTRING_FLAG 0x1000 +#define MBSTRING_UTF8 (MBSTRING_FLAG) +// |MBSTRING_ASC| refers to Latin-1, not ASCII. It is used with TeletexString +// which, in turn, is treated as Latin-1 rather than T.61 by OpenSSL and most +// other software. +#define MBSTRING_ASC (MBSTRING_FLAG | 1) +#define MBSTRING_BMP (MBSTRING_FLAG | 2) +#define MBSTRING_UNIV (MBSTRING_FLAG | 4) + +#define DECLARE_ASN1_SET_OF(type) // filled in by mkstack.pl +#define IMPLEMENT_ASN1_SET_OF(type) // nothing, no longer needed + +// These are used internally in the ASN1_OBJECT to keep track of +// whether the names and data need to be free()ed +#define ASN1_OBJECT_FLAG_DYNAMIC 0x01 // internal use +#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 // internal use +#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 // internal use +struct asn1_object_st { + const char *sn, *ln; + int nid; + int length; + const unsigned char *data; // data remains const after init + int flags; // Should we free this one +}; DEFINE_STACK_OF(ASN1_OBJECT) -#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ - -/* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING - * type. - */ -#define ASN1_STRING_FLAG_MSTRING 0x040 -/* This is the base type that holds just about everything :-) */ -struct asn1_string_st - { - int length; - int type; - unsigned char *data; - /* The value of the following field depends on the type being - * held. It is mostly being used for BIT_STRING so if the - * input data has a non-zero 'unused bits' value, it will be - * handled correctly */ - long flags; - }; - -/* ASN1_ENCODING structure: this is used to save the received - * encoding of an ASN1 type. This is useful to get round - * problems with invalid encodings which can break signatures. - */ - -typedef struct ASN1_ENCODING_st - { - unsigned char *enc; /* DER encoding */ - long len; /* Length of encoding */ - int modified; /* set to 1 if 'enc' is invalid */ - /* alias_only is zero if |enc| owns the buffer that it points to - * (although |enc| may still be NULL). If one, |enc| points into a - * buffer that is owned elsewhere. */ - unsigned alias_only:1; - /* alias_only_on_next_parse is one iff the next parsing operation - * should avoid taking a copy of the input and rather set - * |alias_only|. */ - unsigned alias_only_on_next_parse:1; - } ASN1_ENCODING; - -#define STABLE_FLAGS_MALLOC 0x01 -#define STABLE_NO_MASK 0x02 -#define DIRSTRING_TYPE \ - (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) -#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) +#define ASN1_STRING_FLAG_BITS_LEFT 0x08 // Set if 0x07 has bits left value + +// This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING +// type. +#define ASN1_STRING_FLAG_MSTRING 0x040 +// This is the base type that holds just about everything :-) +struct asn1_string_st { + int length; + int type; + unsigned char *data; + // The value of the following field depends on the type being + // held. It is mostly being used for BIT_STRING so if the + // input data has a non-zero 'unused bits' value, it will be + // handled correctly + long flags; +}; + +// ASN1_ENCODING structure: this is used to save the received +// encoding of an ASN1 type. This is useful to get round +// problems with invalid encodings which can break signatures. + +typedef struct ASN1_ENCODING_st { + unsigned char *enc; // DER encoding + long len; // Length of encoding + int modified; // set to 1 if 'enc' is invalid + // alias_only is zero if |enc| owns the buffer that it points to + // (although |enc| may still be NULL). If one, |enc| points into a + // buffer that is owned elsewhere. + unsigned alias_only : 1; + // alias_only_on_next_parse is one iff the next parsing operation + // should avoid taking a copy of the input and rather set + // |alias_only|. + unsigned alias_only_on_next_parse : 1; +} ASN1_ENCODING; + +#define STABLE_FLAGS_MALLOC 0x01 +#define STABLE_NO_MASK 0x02 +#define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_BMPSTRING | \ + B_ASN1_UTF8STRING) +#define PKCS9STRING_TYPE (DIRSTRING_TYPE | B_ASN1_IA5STRING) typedef struct asn1_string_table_st { - int nid; - long minsize; - long maxsize; - unsigned long mask; - unsigned long flags; + int nid; + long minsize; + long maxsize; + unsigned long mask; + unsigned long flags; } ASN1_STRING_TABLE; -/* size limits: this stuff is taken straight from RFC2459 */ +// size limits: this stuff is taken straight from RFC2459 -#define ub_name 32768 -#define ub_common_name 64 -#define ub_locality_name 128 -#define ub_state_name 128 -#define ub_organization_name 64 -#define ub_organization_unit_name 64 -#define ub_title 64 -#define ub_email_address 128 +#define ub_name 32768 +#define ub_common_name 64 +#define ub_locality_name 128 +#define ub_state_name 128 +#define ub_organization_name 64 +#define ub_organization_unit_name 64 +#define ub_title 64 +#define ub_email_address 128 -/* Declarations for template structures: for full definitions - * see asn1t.h - */ +// Declarations for template structures: for full definitions +// see asn1t.h typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; typedef struct ASN1_TLC_st ASN1_TLC; -/* This is just an opaque pointer */ +// This is just an opaque pointer typedef struct ASN1_VALUE_st ASN1_VALUE; -/* Declare ASN1 functions: the implement macro in in asn1t.h */ +// Declare ASN1 functions: the implement macro in in asn1t.h #define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) #define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ - DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) #define DECLARE_ASN1_FUNCTIONS_name(type, name) \ - DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ - DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) #define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ - DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ - DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) -#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ - OPENSSL_EXPORT type *d2i_##name(type **a, const unsigned char **in, long len); \ - OPENSSL_EXPORT int i2d_##name(type *a, unsigned char **out); \ - DECLARE_ASN1_ITEM(itname) +#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ + OPENSSL_EXPORT type *d2i_##name(type **a, const unsigned char **in, \ + long len); \ + OPENSSL_EXPORT int i2d_##name(type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(itname) -#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ - OPENSSL_EXPORT type *d2i_##name(type **a, const unsigned char **in, long len); \ - OPENSSL_EXPORT int i2d_##name(const type *a, unsigned char **out); \ - DECLARE_ASN1_ITEM(name) +#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ + OPENSSL_EXPORT type *d2i_##name(type **a, const unsigned char **in, \ + long len); \ + OPENSSL_EXPORT int i2d_##name(const type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(name) #define DECLARE_ASN1_FUNCTIONS_const(name) \ - DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ - DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) + DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) #define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ - OPENSSL_EXPORT type *name##_new(void); \ - OPENSSL_EXPORT void name##_free(type *a); + OPENSSL_EXPORT type *name##_new(void); \ + OPENSSL_EXPORT void name##_free(type *a); #define DECLARE_ASN1_PRINT_FUNCTION(stname) \ - DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) + DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) -#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ - OPENSSL_EXPORT int fname##_print_ctx(BIO *out, stname *x, int indent, \ - const ASN1_PCTX *pctx); +#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ + OPENSSL_EXPORT int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx); typedef void *d2i_of_void(void **, const unsigned char **, long); typedef int i2d_of_void(const void *, unsigned char **); -/* The following macros and typedefs allow an ASN1_ITEM - * to be embedded in a structure and referenced. Since - * the ASN1_ITEM pointers need to be globally accessible - * (possibly from shared libraries) they may exist in - * different forms. On platforms that support it the - * ASN1_ITEM structure itself will be globally exported. - * Other platforms will export a function that returns - * an ASN1_ITEM pointer. - * - * To handle both cases transparently the macros below - * should be used instead of hard coding an ASN1_ITEM - * pointer in a structure. - * - * The structure will look like this: - * - * typedef struct SOMETHING_st { - * ... - * ASN1_ITEM_EXP *iptr; - * ... - * } SOMETHING; - * - * It would be initialised as e.g.: - * - * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...}; - * - * and the actual pointer extracted with: - * - * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr); - * - * Finally an ASN1_ITEM pointer can be extracted from an - * appropriate reference with: ASN1_ITEM_rptr(X509). This - * would be used when a function takes an ASN1_ITEM * argument. - * - */ - -/* ASN1_ITEM pointer exported type */ +// The following macros and typedefs allow an ASN1_ITEM +// to be embedded in a structure and referenced. Since +// the ASN1_ITEM pointers need to be globally accessible +// (possibly from shared libraries) they may exist in +// different forms. On platforms that support it the +// ASN1_ITEM structure itself will be globally exported. +// Other platforms will export a function that returns +// an ASN1_ITEM pointer. +// +// To handle both cases transparently the macros below +// should be used instead of hard coding an ASN1_ITEM +// pointer in a structure. +// +// The structure will look like this: +// +// typedef struct SOMETHING_st { +// ... +// ASN1_ITEM_EXP *iptr; +// ... +// } SOMETHING; +// +// It would be initialised as e.g.: +// +// SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...}; +// +// and the actual pointer extracted with: +// +// const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr); +// +// Finally an ASN1_ITEM pointer can be extracted from an +// appropriate reference with: ASN1_ITEM_rptr(X509). This +// would be used when a function takes an ASN1_ITEM * argument. +// + +// ASN1_ITEM pointer exported type typedef const ASN1_ITEM ASN1_ITEM_EXP; -/* Macro to obtain ASN1_ITEM pointer from exported type */ +// Macro to obtain ASN1_ITEM pointer from exported type #define ASN1_ITEM_ptr(iptr) (iptr) -/* Macro to include ASN1_ITEM pointer from base type */ +// Macro to include ASN1_ITEM pointer from base type #define ASN1_ITEM_ref(iptr) (&(iptr##_it)) #define ASN1_ITEM_rptr(ref) (&(ref##_it)) -#define DECLARE_ASN1_ITEM(name) \ - extern OPENSSL_EXPORT const ASN1_ITEM name##_it; +#define DECLARE_ASN1_ITEM(name) extern OPENSSL_EXPORT const ASN1_ITEM name##_it; -/* Parameters used by ASN1_STRING_print_ex() */ +// Parameters used by ASN1_STRING_print_ex() -/* These determine which characters to escape: - * RFC2253 special characters, control characters and - * MSB set characters - */ +// These determine which characters to escape: +// RFC2253 special characters, control characters and +// MSB set characters -#define ASN1_STRFLGS_ESC_2253 1 -#define ASN1_STRFLGS_ESC_CTRL 2 -#define ASN1_STRFLGS_ESC_MSB 4 +#define ASN1_STRFLGS_ESC_2253 1 +#define ASN1_STRFLGS_ESC_CTRL 2 +#define ASN1_STRFLGS_ESC_MSB 4 -/* This flag determines how we do escaping: normally - * RC2253 backslash only, set this to use backslash and - * quote. - */ +// This flag determines how we do escaping: normally +// RC2253 backslash only, set this to use backslash and +// quote. -#define ASN1_STRFLGS_ESC_QUOTE 8 +#define ASN1_STRFLGS_ESC_QUOTE 8 -/* These three flags are internal use only. */ +// These three flags are internal use only. -/* Character is a valid PrintableString character */ -#define CHARTYPE_PRINTABLESTRING 0x10 -/* Character needs escaping if it is the first character */ -#define CHARTYPE_FIRST_ESC_2253 0x20 -/* Character needs escaping if it is the last character */ -#define CHARTYPE_LAST_ESC_2253 0x40 +// Character is a valid PrintableString character +#define CHARTYPE_PRINTABLESTRING 0x10 +// Character needs escaping if it is the first character +#define CHARTYPE_FIRST_ESC_2253 0x20 +// Character needs escaping if it is the last character +#define CHARTYPE_LAST_ESC_2253 0x40 -/* NB the internal flags are safely reused below by flags - * handled at the top level. - */ +// NB the internal flags are safely reused below by flags +// handled at the top level. -/* If this is set we convert all character strings - * to UTF8 first - */ +// If this is set we convert all character strings +// to UTF8 first -#define ASN1_STRFLGS_UTF8_CONVERT 0x10 +#define ASN1_STRFLGS_UTF8_CONVERT 0x10 -/* If this is set we don't attempt to interpret content: - * just assume all strings are 1 byte per character. This - * will produce some pretty odd looking output! - */ +// If this is set we don't attempt to interpret content: +// just assume all strings are 1 byte per character. This +// will produce some pretty odd looking output! -#define ASN1_STRFLGS_IGNORE_TYPE 0x20 +#define ASN1_STRFLGS_IGNORE_TYPE 0x20 -/* If this is set we include the string type in the output */ -#define ASN1_STRFLGS_SHOW_TYPE 0x40 +// If this is set we include the string type in the output +#define ASN1_STRFLGS_SHOW_TYPE 0x40 -/* This determines which strings to display and which to - * 'dump' (hex dump of content octets or DER encoding). We can - * only dump non character strings or everything. If we - * don't dump 'unknown' they are interpreted as character - * strings with 1 octet per character and are subject to - * the usual escaping options. - */ +// This determines which strings to display and which to +// 'dump' (hex dump of content octets or DER encoding). We can +// only dump non character strings or everything. If we +// don't dump 'unknown' they are interpreted as character +// strings with 1 octet per character and are subject to +// the usual escaping options. -#define ASN1_STRFLGS_DUMP_ALL 0x80 -#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 +#define ASN1_STRFLGS_DUMP_ALL 0x80 +#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 -/* These determine what 'dumping' does, we can dump the - * content octets or the DER encoding: both use the - * RFC2253 #XXXXX notation. - */ +// These determine what 'dumping' does, we can dump the +// content octets or the DER encoding: both use the +// RFC2253 #XXXXX notation. -#define ASN1_STRFLGS_DUMP_DER 0x200 +#define ASN1_STRFLGS_DUMP_DER 0x200 -/* All the string flags consistent with RFC2253, - * escaping control characters isn't essential in - * RFC2253 but it is advisable anyway. - */ +// All the string flags consistent with RFC2253, +// escaping control characters isn't essential in +// RFC2253 but it is advisable anyway. -#define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ - ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB | \ - ASN1_STRFLGS_UTF8_CONVERT | \ - ASN1_STRFLGS_DUMP_UNKNOWN | \ - ASN1_STRFLGS_DUMP_DER) +#define ASN1_STRFLGS_RFC2253 \ + (ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | \ + ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) DEFINE_STACK_OF(ASN1_INTEGER) DECLARE_ASN1_SET_OF(ASN1_INTEGER) -struct asn1_type_st - { - int type; - union { - char *ptr; - ASN1_BOOLEAN boolean; - ASN1_STRING * asn1_string; - ASN1_OBJECT * object; - ASN1_INTEGER * integer; - ASN1_ENUMERATED * enumerated; - ASN1_BIT_STRING * bit_string; - ASN1_OCTET_STRING * octet_string; - ASN1_PRINTABLESTRING * printablestring; - ASN1_T61STRING * t61string; - ASN1_IA5STRING * ia5string; - ASN1_GENERALSTRING * generalstring; - ASN1_BMPSTRING * bmpstring; - ASN1_UNIVERSALSTRING * universalstring; - ASN1_UTCTIME * utctime; - ASN1_GENERALIZEDTIME * generalizedtime; - ASN1_VISIBLESTRING * visiblestring; - ASN1_UTF8STRING * utf8string; - /* set and sequence are left complete and still - * contain the set or sequence bytes */ - ASN1_STRING * set; - ASN1_STRING * sequence; - ASN1_VALUE * asn1_value; - } value; - }; +struct asn1_type_st { + int type; + union { + char *ptr; + ASN1_BOOLEAN boolean; + ASN1_STRING *asn1_string; + ASN1_OBJECT *object; + ASN1_INTEGER *integer; + ASN1_ENUMERATED *enumerated; + ASN1_BIT_STRING *bit_string; + ASN1_OCTET_STRING *octet_string; + ASN1_PRINTABLESTRING *printablestring; + ASN1_T61STRING *t61string; + ASN1_IA5STRING *ia5string; + ASN1_GENERALSTRING *generalstring; + ASN1_BMPSTRING *bmpstring; + ASN1_UNIVERSALSTRING *universalstring; + ASN1_UTCTIME *utctime; + ASN1_GENERALIZEDTIME *generalizedtime; + ASN1_VISIBLESTRING *visiblestring; + ASN1_UTF8STRING *utf8string; + // set and sequence are left complete and still + // contain the set or sequence bytes + ASN1_STRING *set; + ASN1_STRING *sequence; + ASN1_VALUE *asn1_value; + } value; +}; DEFINE_STACK_OF(ASN1_TYPE) DECLARE_ASN1_SET_OF(ASN1_TYPE) @@ -462,151 +446,133 @@ typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) -struct X509_algor_st - { - ASN1_OBJECT *algorithm; - ASN1_TYPE *parameter; - } /* X509_ALGOR */; +struct X509_algor_st { + ASN1_OBJECT *algorithm; + ASN1_TYPE *parameter; +} /* X509_ALGOR */; DECLARE_ASN1_FUNCTIONS(X509_ALGOR) -/* This is used to contain a list of bit names */ +// This is used to contain a list of bit names typedef struct BIT_STRING_BITNAME_st { - int bitnum; - const char *lname; - const char *sname; + int bitnum; + const char *lname; + const char *sname; } BIT_STRING_BITNAME; -#define M_ASN1_STRING_length(x) ((x)->length) -#define M_ASN1_STRING_type(x) ((x)->type) -#define M_ASN1_STRING_data(x) ((x)->data) - -/* Macros for string operations */ -#define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\ - ASN1_STRING_type_new(V_ASN1_BIT_STRING) -#define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ - ASN1_STRING_dup((const ASN1_STRING *)a) -#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ - (const ASN1_STRING *)a,(const ASN1_STRING *)b) -#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) - -#define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ - ASN1_STRING_type_new(V_ASN1_INTEGER) -#define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\ - ASN1_STRING_dup((const ASN1_STRING *)a) -#define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ - (const ASN1_STRING *)a,(const ASN1_STRING *)b) - -#define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ - ASN1_STRING_type_new(V_ASN1_ENUMERATED) -#define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\ - ASN1_STRING_dup((const ASN1_STRING *)a) -#define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ - (const ASN1_STRING *)a,(const ASN1_STRING *)b) - -#define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ - ASN1_STRING_type_new(V_ASN1_OCTET_STRING) -#define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ - ASN1_STRING_dup((const ASN1_STRING *)a) -#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ - (const ASN1_STRING *)a,(const ASN1_STRING *)b) -#define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) -#define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) - -#define B_ASN1_TIME \ - B_ASN1_UTCTIME | \ - B_ASN1_GENERALIZEDTIME - -#define B_ASN1_PRINTABLE \ - B_ASN1_NUMERICSTRING| \ - B_ASN1_PRINTABLESTRING| \ - B_ASN1_T61STRING| \ - B_ASN1_IA5STRING| \ - B_ASN1_BIT_STRING| \ - B_ASN1_UNIVERSALSTRING|\ - B_ASN1_BMPSTRING|\ - B_ASN1_UTF8STRING|\ - B_ASN1_SEQUENCE|\ - B_ASN1_UNKNOWN - -#define B_ASN1_DIRECTORYSTRING \ - B_ASN1_PRINTABLESTRING| \ - B_ASN1_TELETEXSTRING|\ - B_ASN1_BMPSTRING|\ - B_ASN1_UNIVERSALSTRING|\ - B_ASN1_UTF8STRING +#define M_ASN1_STRING_length(x) ((x)->length) +#define M_ASN1_STRING_type(x) ((x)->type) +#define M_ASN1_STRING_data(x) ((x)->data) + +// Macros for string operations +#define M_ASN1_BIT_STRING_new() \ + (ASN1_BIT_STRING *)ASN1_STRING_type_new(V_ASN1_BIT_STRING) +#define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_BIT_STRING_dup(a) \ + (ASN1_BIT_STRING *)ASN1_STRING_dup((const ASN1_STRING *)a) +#define M_ASN1_BIT_STRING_cmp(a, b) \ + ASN1_STRING_cmp((const ASN1_STRING *)a, (const ASN1_STRING *)b) +#define M_ASN1_BIT_STRING_set(a, b, c) ASN1_STRING_set((ASN1_STRING *)a, b, c) + +#define M_ASN1_INTEGER_new() \ + (ASN1_INTEGER *)ASN1_STRING_type_new(V_ASN1_INTEGER) +#define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_INTEGER_dup(a) \ + (ASN1_INTEGER *)ASN1_STRING_dup((const ASN1_STRING *)a) +#define M_ASN1_INTEGER_cmp(a, b) \ + ASN1_STRING_cmp((const ASN1_STRING *)a, (const ASN1_STRING *)b) + +#define M_ASN1_ENUMERATED_new() \ + (ASN1_ENUMERATED *)ASN1_STRING_type_new(V_ASN1_ENUMERATED) +#define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_ENUMERATED_dup(a) \ + (ASN1_ENUMERATED *)ASN1_STRING_dup((const ASN1_STRING *)a) +#define M_ASN1_ENUMERATED_cmp(a, b) \ + ASN1_STRING_cmp((const ASN1_STRING *)a, (const ASN1_STRING *)b) + +#define M_ASN1_OCTET_STRING_new() \ + (ASN1_OCTET_STRING *)ASN1_STRING_type_new(V_ASN1_OCTET_STRING) +#define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_OCTET_STRING_dup(a) \ + (ASN1_OCTET_STRING *)ASN1_STRING_dup((const ASN1_STRING *)a) +#define M_ASN1_OCTET_STRING_cmp(a, b) \ + ASN1_STRING_cmp((const ASN1_STRING *)a, (const ASN1_STRING *)b) +#define M_ASN1_OCTET_STRING_set(a, b, c) ASN1_STRING_set((ASN1_STRING *)a, b, c) +#define M_ASN1_OCTET_STRING_print(a, b) ASN1_STRING_print(a, (ASN1_STRING *)b) + +#define B_ASN1_TIME B_ASN1_UTCTIME | B_ASN1_GENERALIZEDTIME + +#define B_ASN1_PRINTABLE \ + B_ASN1_NUMERICSTRING | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | \ + B_ASN1_IA5STRING | B_ASN1_BIT_STRING | B_ASN1_UNIVERSALSTRING | \ + B_ASN1_BMPSTRING | B_ASN1_UTF8STRING | B_ASN1_SEQUENCE | B_ASN1_UNKNOWN + +#define B_ASN1_DIRECTORYSTRING \ + B_ASN1_PRINTABLESTRING | B_ASN1_TELETEXSTRING | B_ASN1_BMPSTRING | \ + B_ASN1_UNIVERSALSTRING | B_ASN1_UTF8STRING #define B_ASN1_DISPLAYTEXT \ - B_ASN1_IA5STRING| \ - B_ASN1_VISIBLESTRING| \ - B_ASN1_BMPSTRING|\ - B_ASN1_UTF8STRING + B_ASN1_IA5STRING | B_ASN1_VISIBLESTRING | B_ASN1_BMPSTRING | B_ASN1_UTF8STRING -#define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) -#define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) +#define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) #define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) -#define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) #define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) #define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\ - ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) -#define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) - -#define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\ - ASN1_STRING_type_new(V_ASN1_T61STRING) -#define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) - -#define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\ - ASN1_STRING_type_new(V_ASN1_IA5STRING) -#define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_IA5STRING_dup(a) \ - (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a) - -#define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ - ASN1_STRING_type_new(V_ASN1_UTCTIME) -#define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\ - ASN1_STRING_dup((const ASN1_STRING *)a) - -#define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ - ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) -#define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ - (const ASN1_STRING *)a) - -#define M_ASN1_TIME_new() (ASN1_TIME *)\ - ASN1_STRING_type_new(V_ASN1_UTCTIME) -#define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_TIME_dup(a) (ASN1_TIME *)\ - ASN1_STRING_dup((const ASN1_STRING *)a) - -#define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ - ASN1_STRING_type_new(V_ASN1_GENERALSTRING) -#define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) - -#define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\ - ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) -#define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) - -#define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\ - ASN1_STRING_type_new(V_ASN1_BMPSTRING) -#define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) - -#define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\ - ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) -#define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) - -#define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\ - ASN1_STRING_type_new(V_ASN1_UTF8STRING) -#define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_PRINTABLESTRING_new() \ + (ASN1_PRINTABLESTRING *)ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) +#define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) + +#define M_ASN1_T61STRING_new() \ + (ASN1_T61STRING *)ASN1_STRING_type_new(V_ASN1_T61STRING) +#define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) + +#define M_ASN1_IA5STRING_new() \ + (ASN1_IA5STRING *)ASN1_STRING_type_new(V_ASN1_IA5STRING) +#define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_IA5STRING_dup(a) \ + (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a) + +#define M_ASN1_UTCTIME_new() \ + (ASN1_UTCTIME *)ASN1_STRING_type_new(V_ASN1_UTCTIME) +#define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_UTCTIME_dup(a) \ + (ASN1_UTCTIME *)ASN1_STRING_dup((const ASN1_STRING *)a) + +#define M_ASN1_GENERALIZEDTIME_new() \ + (ASN1_GENERALIZEDTIME *)ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) +#define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_GENERALIZEDTIME_dup(a) \ + (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup((const ASN1_STRING *)a) + +#define M_ASN1_TIME_new() (ASN1_TIME *)ASN1_STRING_type_new(V_ASN1_UTCTIME) +#define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((const ASN1_STRING *)a) + +#define M_ASN1_GENERALSTRING_new() \ + (ASN1_GENERALSTRING *)ASN1_STRING_type_new(V_ASN1_GENERALSTRING) +#define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) + +#define M_ASN1_UNIVERSALSTRING_new() \ + (ASN1_UNIVERSALSTRING *)ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) +#define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) + +#define M_ASN1_BMPSTRING_new() \ + (ASN1_BMPSTRING *)ASN1_STRING_type_new(V_ASN1_BMPSTRING) +#define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) + +#define M_ASN1_VISIBLESTRING_new() \ + (ASN1_VISIBLESTRING *)ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) +#define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) + +#define M_ASN1_UTF8STRING_new() \ + (ASN1_UTF8STRING *)ASN1_STRING_type_new(V_ASN1_UTF8STRING) +#define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) @@ -615,55 +581,68 @@ OPENSSL_EXPORT void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); OPENSSL_EXPORT int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); OPENSSL_EXPORT int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); -OPENSSL_EXPORT ASN1_OBJECT * ASN1_OBJECT_new(void ); -OPENSSL_EXPORT void ASN1_OBJECT_free(ASN1_OBJECT *a); -OPENSSL_EXPORT int i2d_ASN1_OBJECT(const ASN1_OBJECT *a,unsigned char **pp); -OPENSSL_EXPORT ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp, - long length); -OPENSSL_EXPORT ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp, - long length); +OPENSSL_EXPORT ASN1_OBJECT *ASN1_OBJECT_new(void); +OPENSSL_EXPORT void ASN1_OBJECT_free(ASN1_OBJECT *a); +OPENSSL_EXPORT int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp); +OPENSSL_EXPORT ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, + const unsigned char **pp, + long length); +OPENSSL_EXPORT ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, + const unsigned char **pp, + long length); DECLARE_ASN1_ITEM(ASN1_OBJECT) DECLARE_ASN1_SET_OF(ASN1_OBJECT) -OPENSSL_EXPORT ASN1_STRING * ASN1_STRING_new(void); -OPENSSL_EXPORT void ASN1_STRING_free(ASN1_STRING *a); -OPENSSL_EXPORT int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); -OPENSSL_EXPORT ASN1_STRING * ASN1_STRING_dup(const ASN1_STRING *a); -OPENSSL_EXPORT ASN1_STRING * ASN1_STRING_type_new(int type ); -OPENSSL_EXPORT int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); - /* Since this is used to store all sorts of things, via macros, for now, make - its data void * */ -OPENSSL_EXPORT int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); -OPENSSL_EXPORT void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); +OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_new(void); +OPENSSL_EXPORT void ASN1_STRING_free(ASN1_STRING *a); +OPENSSL_EXPORT int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); +OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); +OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_type_new(int type); +OPENSSL_EXPORT int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); +/* Since this is used to store all sorts of things, via macros, for now, make + its data void * */ +OPENSSL_EXPORT int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +OPENSSL_EXPORT void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); OPENSSL_EXPORT int ASN1_STRING_length(const ASN1_STRING *x); OPENSSL_EXPORT int ASN1_STRING_type(const ASN1_STRING *x); -OPENSSL_EXPORT unsigned char * ASN1_STRING_data(ASN1_STRING *x); +OPENSSL_EXPORT unsigned char *ASN1_STRING_data(ASN1_STRING *x); OPENSSL_EXPORT const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) -OPENSSL_EXPORT int i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *a,unsigned char **pp); -OPENSSL_EXPORT ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp, long length); -OPENSSL_EXPORT int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length ); -OPENSSL_EXPORT int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); -OPENSSL_EXPORT int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); -OPENSSL_EXPORT int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, unsigned char *flags, int flags_len); - -OPENSSL_EXPORT int i2d_ASN1_BOOLEAN(int a,unsigned char **pp); -OPENSSL_EXPORT int d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length); +OPENSSL_EXPORT int i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *a, + unsigned char **pp); +OPENSSL_EXPORT ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, + const unsigned char **pp, + long length); +OPENSSL_EXPORT int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, + int length); +OPENSSL_EXPORT int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, + int value); +OPENSSL_EXPORT int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); +OPENSSL_EXPORT int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, + unsigned char *flags, int flags_len); + +OPENSSL_EXPORT int i2d_ASN1_BOOLEAN(int a, unsigned char **pp); +OPENSSL_EXPORT int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, + long length); DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) -OPENSSL_EXPORT int i2c_ASN1_INTEGER(const ASN1_INTEGER *a,unsigned char **pp); -OPENSSL_EXPORT ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp, long length); -OPENSSL_EXPORT ASN1_INTEGER * ASN1_INTEGER_dup(const ASN1_INTEGER *x); -OPENSSL_EXPORT int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); +OPENSSL_EXPORT int i2c_ASN1_INTEGER(const ASN1_INTEGER *a, unsigned char **pp); +OPENSSL_EXPORT ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, + const unsigned char **pp, + long length); +OPENSSL_EXPORT ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x); +OPENSSL_EXPORT int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, + const ASN1_INTEGER *y); DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) OPENSSL_EXPORT int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); -OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t); -OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec); +OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); OPENSSL_EXPORT int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); OPENSSL_EXPORT int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); #if 0 @@ -671,15 +650,22 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); #endif OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); -OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t); -OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day, long offset_sec); -OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); -OPENSSL_EXPORT int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, const ASN1_TIME *to); +OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set( + ASN1_GENERALIZEDTIME *s, time_t t); +OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj( + ASN1_GENERALIZEDTIME *s, time_t t, int offset_day, long offset_sec); +OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, + const char *str); +OPENSSL_EXPORT int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, + const ASN1_TIME *to); DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) -OPENSSL_EXPORT ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a); -OPENSSL_EXPORT int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b); -OPENSSL_EXPORT int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len); +OPENSSL_EXPORT ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup( + const ASN1_OCTET_STRING *a); +OPENSSL_EXPORT int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, + const ASN1_OCTET_STRING *b); +OPENSSL_EXPORT int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, + const unsigned char *data, int len); DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) @@ -699,40 +685,50 @@ DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) DECLARE_ASN1_FUNCTIONS(ASN1_TIME) -OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t); -OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s,time_t t, int offset_day, long offset_sec); +OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, + long offset_sec); OPENSSL_EXPORT int ASN1_TIME_check(const ASN1_TIME *t); -OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); +OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime( + const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); OPENSSL_EXPORT int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); OPENSSL_EXPORT int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); OPENSSL_EXPORT int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a); OPENSSL_EXPORT int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a); OPENSSL_EXPORT int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type); -OPENSSL_EXPORT int i2t_ASN1_OBJECT(char *buf,int buf_len, const ASN1_OBJECT *a); +OPENSSL_EXPORT int i2t_ASN1_OBJECT(char *buf, int buf_len, + const ASN1_OBJECT *a); -OPENSSL_EXPORT ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len, const char *sn, const char *ln); +OPENSSL_EXPORT ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, + int len, const char *sn, + const char *ln); OPENSSL_EXPORT int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); OPENSSL_EXPORT int ASN1_INTEGER_set_uint64(ASN1_INTEGER *out, uint64_t v); OPENSSL_EXPORT long ASN1_INTEGER_get(const ASN1_INTEGER *a); -OPENSSL_EXPORT ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); -OPENSSL_EXPORT BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai,BIGNUM *bn); +OPENSSL_EXPORT ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, + ASN1_INTEGER *ai); +OPENSSL_EXPORT BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); OPENSSL_EXPORT int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); OPENSSL_EXPORT long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); -OPENSSL_EXPORT ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); -OPENSSL_EXPORT BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai,BIGNUM *bn); +OPENSSL_EXPORT ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, + ASN1_ENUMERATED *ai); +OPENSSL_EXPORT BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, + BIGNUM *bn); -/* General */ -/* given a string, return the correct type, max is the maximum length */ +// General +// given a string, return the correct type, max is the maximum length OPENSSL_EXPORT int ASN1_PRINTABLE_type(const unsigned char *s, int max); OPENSSL_EXPORT unsigned long ASN1_tag2bit(int tag); -/* SPECIALS */ -OPENSSL_EXPORT int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, int *pclass, long omax); -OPENSSL_EXPORT void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, int xclass); +// SPECIALS +OPENSSL_EXPORT int ASN1_get_object(const unsigned char **pp, long *plength, + int *ptag, int *pclass, long omax); +OPENSSL_EXPORT void ASN1_put_object(unsigned char **pp, int constructed, + int length, int tag, int xclass); OPENSSL_EXPORT int ASN1_put_eoc(unsigned char **pp); OPENSSL_EXPORT int ASN1_object_size(int constructed, int length, int tag); @@ -741,7 +737,8 @@ OPENSSL_EXPORT void *ASN1_item_dup(const ASN1_ITEM *it, void *x); #ifndef OPENSSL_NO_FP_API OPENSSL_EXPORT void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); OPENSSL_EXPORT int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); -OPENSSL_EXPORT int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); +OPENSSL_EXPORT int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, + unsigned long flags); #endif OPENSSL_EXPORT int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); @@ -749,42 +746,58 @@ OPENSSL_EXPORT int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); OPENSSL_EXPORT void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); OPENSSL_EXPORT int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); OPENSSL_EXPORT int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); -OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); +OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_print(BIO *fp, + const ASN1_GENERALIZEDTIME *a); OPENSSL_EXPORT int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); OPENSSL_EXPORT int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); -OPENSSL_EXPORT int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +OPENSSL_EXPORT int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, + unsigned long flags); OPENSSL_EXPORT const char *ASN1_tag2str(int tag); -/* Used to load and write netscape format cert */ +// Used to load and write netscape format cert -OPENSSL_EXPORT void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); +OPENSSL_EXPORT void *ASN1_item_unpack(const ASN1_STRING *oct, + const ASN1_ITEM *it); -OPENSSL_EXPORT ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); +OPENSSL_EXPORT ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, + ASN1_OCTET_STRING **oct); OPENSSL_EXPORT void ASN1_STRING_set_default_mask(unsigned long mask); OPENSSL_EXPORT int ASN1_STRING_set_default_mask_asc(const char *p); OPENSSL_EXPORT unsigned long ASN1_STRING_get_default_mask(void); -OPENSSL_EXPORT int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, int inform, unsigned long mask); -OPENSSL_EXPORT int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, int inform, unsigned long mask, long minsize, long maxsize); - -OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen, int inform, int nid); +OPENSSL_EXPORT int ASN1_mbstring_copy(ASN1_STRING **out, + const unsigned char *in, int len, + int inform, unsigned long mask); +OPENSSL_EXPORT int ASN1_mbstring_ncopy(ASN1_STRING **out, + const unsigned char *in, int len, + int inform, unsigned long mask, + long minsize, long maxsize); + +OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + const unsigned char *in, + int inlen, int inform, + int nid); OPENSSL_EXPORT ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); -OPENSSL_EXPORT int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); +OPENSSL_EXPORT int ASN1_STRING_TABLE_add(int, long, long, unsigned long, + unsigned long); OPENSSL_EXPORT void ASN1_STRING_TABLE_cleanup(void); -/* ASN1 template functions */ +// ASN1 template functions -/* Old API compatible functions */ +// Old API compatible functions OPENSSL_EXPORT ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); OPENSSL_EXPORT void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); -OPENSSL_EXPORT ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it); -OPENSSL_EXPORT int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); +OPENSSL_EXPORT ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, + const unsigned char **in, long len, + const ASN1_ITEM *it); +OPENSSL_EXPORT int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, + const ASN1_ITEM *it); OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); -#ifdef __cplusplus +#ifdef __cplusplus } extern "C++" { @@ -797,7 +810,7 @@ BORINGSSL_MAKE_DELETER(ASN1_TYPE, ASN1_TYPE_free) BSSL_NAMESPACE_END -} /* extern C++ */ +} // extern C++ #endif From c6ffcde8cdfd46bf0b16b5e6ceca2be0d4c6ea72 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 10 Nov 2020 01:49:10 -0500 Subject: [PATCH 259/399] Unwind M_ASN1_* macros for primitive types. At one point in the SSLeay days, all the ASN1_STRING typedefs were separate structs (but only in debug builds) and the M_ASN1_* macros included type casts to handle this. This is long gone, but we still have the M_ASN1_* macros. Remove the casts and switch code within the library to call the macros. Some subtleties: - The "MSTRING" types (what OpenSSL calls its built-in CHOICEs containing some set of string types) are weird because the M_FOO_new() macro and the tasn_new.c FOO_new() function behave differently. I've split those into a separate CL. - ASN1_STRING_type, etc., call into the macro, which accesses the field directly. This CL inverts the dependency. - ASN1_INTEGER_new and ASN1_INTEGER_free, etc., are generated via IMPLEMENT_ASN1_STRING_FUNCTIONS in tasn_typ.c. I've pointed M_ASN1_INTEGER_new and M_ASN1_INTEGER_free to these fields. (The free function is a no-op, but consistent.) - The other macros like M_ASN1_BIT_STRING_dup largely do not have corresponding functions. I've aligned with OpenSSL in just using the generic ASN1_STRING_dup function. But some others, like M_ASN1_OCTET_STRING_dup have a corresponding ASN1_OCTET_STRING_dup function. OpenSSL retained these, so I have too. Update-Note: Some external code uses the M_ASN1_* macros. This should remain compatible, but some type errors may have gotten through unnoticed. This CL restores type-checking. Change-Id: I8656abc7d0f179192e05a852c97483c021ad9b20 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44045 Reviewed-by: Adam Langley --- crypto/asn1/a_bitstr.c | 6 +- crypto/asn1/a_enum.c | 4 +- crypto/asn1/a_int.c | 10 +-- crypto/asn1/a_octet.c | 6 +- crypto/asn1/a_utctm.c | 4 +- crypto/asn1/asn1_lib.c | 6 +- crypto/asn1/asn1_test.cc | 6 +- crypto/x509/x509_cmp.c | 2 +- crypto/x509/x509_r2x.c | 2 +- crypto/x509/x509_set.c | 8 +-- crypto/x509/x509cset.c | 6 +- crypto/x509/x_pkey.c | 4 +- crypto/x509v3/v3_akey.c | 6 +- crypto/x509v3/v3_alt.c | 6 +- crypto/x509v3/v3_bitst.c | 6 +- crypto/x509v3/v3_conf.c | 8 +-- crypto/x509v3/v3_cpols.c | 4 +- crypto/x509v3/v3_ia5.c | 7 +-- crypto/x509v3/v3_prn.c | 2 +- crypto/x509v3/v3_skey.c | 10 +-- include/openssl/asn1.h | 133 ++++++++++++++------------------------- 21 files changed, 103 insertions(+), 143 deletions(-) diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index 4024ed2b24..b945cb188e 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -67,7 +67,7 @@ int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) { - return M_ASN1_BIT_STRING_set(x, d, len); + return ASN1_STRING_set(x, d, len); } int i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *a, unsigned char **pp) @@ -146,7 +146,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, } if ((a == NULL) || ((*a) == NULL)) { - if ((ret = M_ASN1_BIT_STRING_new()) == NULL) + if ((ret = ASN1_BIT_STRING_new()) == NULL) return (NULL); } else ret = (*a); @@ -188,7 +188,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, return (ret); err: if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_BIT_STRING_free(ret); + ASN1_BIT_STRING_free(ret); return (NULL); } diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c index b99663b224..d7a7357f8f 100644 --- a/crypto/asn1/a_enum.c +++ b/crypto/asn1/a_enum.c @@ -153,7 +153,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai) int len, j; if (ai == NULL) - ret = M_ASN1_ENUMERATED_new(); + ret = ASN1_ENUMERATED_new(); else ret = ai; if (ret == NULL) { @@ -179,7 +179,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai) return (ret); err: if (ret != ai) - M_ASN1_ENUMERATED_free(ret); + ASN1_ENUMERATED_free(ret); return (NULL); } diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 2eda6c08dc..1695fd07eb 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -67,7 +67,7 @@ ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x) { - return M_ASN1_INTEGER_dup(x); + return ASN1_STRING_dup(x); } int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) @@ -206,7 +206,7 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, } if ((a == NULL) || ((*a) == NULL)) { - if ((ret = M_ASN1_INTEGER_new()) == NULL) + if ((ret = ASN1_INTEGER_new()) == NULL) return (NULL); ret->type = V_ASN1_INTEGER; } else @@ -282,7 +282,7 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, err: OPENSSL_PUT_ERROR(ASN1, i); if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_INTEGER_free(ret); + ASN1_INTEGER_free(ret); return (NULL); } @@ -374,7 +374,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) int len, j; if (ai == NULL) - ret = M_ASN1_INTEGER_new(); + ret = ASN1_INTEGER_new(); else ret = ai; if (ret == NULL) { @@ -404,7 +404,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) return (ret); err: if (ret != ai) - M_ASN1_INTEGER_free(ret); + ASN1_INTEGER_free(ret); return (NULL); } diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.c index 2e74d6bfdf..312993b9b0 100644 --- a/crypto/asn1/a_octet.c +++ b/crypto/asn1/a_octet.c @@ -61,17 +61,17 @@ ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x) { - return M_ASN1_OCTET_STRING_dup(x); + return ASN1_STRING_dup(x); } int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b) { - return M_ASN1_OCTET_STRING_cmp(a, b); + return ASN1_STRING_cmp(a, b); } int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len) { - return M_ASN1_OCTET_STRING_set(x, d, len); + return ASN1_STRING_set(x, d, len); } diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index f7519df782..d5bd0e435f 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -197,7 +197,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, if (s == NULL) { free_s = 1; - s = M_ASN1_UTCTIME_new(); + s = ASN1_UTCTIME_new(); } if (s == NULL) goto err; @@ -234,7 +234,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, return (s); err: if (free_s && s) - M_ASN1_UTCTIME_free(s); + ASN1_UTCTIME_free(s); return NULL; } diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 93957ba8d6..5fdbd5bcee 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -422,17 +422,17 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) int ASN1_STRING_length(const ASN1_STRING *x) { - return M_ASN1_STRING_length(x); + return x->length; } int ASN1_STRING_type(const ASN1_STRING *x) { - return M_ASN1_STRING_type(x); + return x->type; } unsigned char *ASN1_STRING_data(ASN1_STRING *x) { - return M_ASN1_STRING_data(x); + return x->data; } const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) diff --git a/crypto/asn1/asn1_test.cc b/crypto/asn1/asn1_test.cc index 7f71c8c87e..54d6ee8d1a 100644 --- a/crypto/asn1/asn1_test.cc +++ b/crypto/asn1/asn1_test.cc @@ -70,9 +70,9 @@ TEST(ASN1Test, LargeTags) { } TEST(ASN1Test, IntegerSetting) { - bssl::UniquePtr by_bn(M_ASN1_INTEGER_new()); - bssl::UniquePtr by_long(M_ASN1_INTEGER_new()); - bssl::UniquePtr by_uint64(M_ASN1_INTEGER_new()); + bssl::UniquePtr by_bn(ASN1_INTEGER_new()); + bssl::UniquePtr by_long(ASN1_INTEGER_new()); + bssl::UniquePtr by_uint64(ASN1_INTEGER_new()); bssl::UniquePtr bn(BN_new()); const std::vector kValues = { diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 92ed8715a2..cf0a941527 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -77,7 +77,7 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) ai = a->cert_info; bi = b->cert_info; - i = M_ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber); + i = ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber); if (i) return (i); return (X509_NAME_cmp(ai->issuer, bi->issuer)); diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c index 723bd49555..a44b172fa5 100644 --- a/crypto/x509/x509_r2x.c +++ b/crypto/x509/x509_r2x.c @@ -79,7 +79,7 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) xi = ret->cert_info; if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) { - if ((xi->version = M_ASN1_INTEGER_new()) == NULL) + if ((xi->version = ASN1_INTEGER_new()) == NULL) goto err; if (!ASN1_INTEGER_set(xi->version, 2)) goto err; diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 470bf70a06..6141af0d9d 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -75,12 +75,12 @@ int X509_set_version(X509 *x, long version) if (x == NULL) return (0); if (version == 0) { - M_ASN1_INTEGER_free(x->cert_info->version); + ASN1_INTEGER_free(x->cert_info->version); x->cert_info->version = NULL; return (1); } if (x->cert_info->version == NULL) { - if ((x->cert_info->version = M_ASN1_INTEGER_new()) == NULL) + if ((x->cert_info->version = ASN1_INTEGER_new()) == NULL) return (0); } return (ASN1_INTEGER_set(x->cert_info->version, version)); @@ -94,9 +94,9 @@ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) return (0); in = x->cert_info->serialNumber; if (in != serial) { - in = M_ASN1_INTEGER_dup(serial); + in = ASN1_INTEGER_dup(serial); if (in != NULL) { - M_ASN1_INTEGER_free(x->cert_info->serialNumber); + ASN1_INTEGER_free(x->cert_info->serialNumber); x->cert_info->serialNumber = in; } } diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index a5cb3a3d6e..04f1f87eb2 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -66,7 +66,7 @@ int X509_CRL_set_version(X509_CRL *x, long version) if (x == NULL) return (0); if (x->crl->version == NULL) { - if ((x->crl->version = M_ASN1_INTEGER_new()) == NULL) + if ((x->crl->version = ASN1_INTEGER_new()) == NULL) return (0); } return (ASN1_INTEGER_set(x->crl->version, version)); @@ -224,9 +224,9 @@ int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) return (0); in = x->serialNumber; if (in != serial) { - in = M_ASN1_INTEGER_dup(serial); + in = ASN1_INTEGER_dup(serial); if (in != NULL) { - M_ASN1_INTEGER_free(x->serialNumber); + ASN1_INTEGER_free(x->serialNumber); x->serialNumber = in; } } diff --git a/crypto/x509/x_pkey.c b/crypto/x509/x_pkey.c index 8231a24b3c..e562d7309e 100644 --- a/crypto/x509/x_pkey.c +++ b/crypto/x509/x_pkey.c @@ -78,7 +78,7 @@ X509_PKEY *X509_PKEY_new(void) ret->enc_algor = X509_ALGOR_new(); if (ret->enc_algor == NULL) goto err; - ret->enc_pkey = M_ASN1_OCTET_STRING_new(); + ret->enc_pkey = ASN1_OCTET_STRING_new(); if (ret->enc_pkey == NULL) goto err; return ret; @@ -97,7 +97,7 @@ void X509_PKEY_free(X509_PKEY *x) if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor); if (x->enc_pkey != NULL) - M_ASN1_OCTET_STRING_free(x->enc_pkey); + ASN1_OCTET_STRING_free(x->enc_pkey); if (x->dec_pkey != NULL) EVP_PKEY_free(x->dec_pkey); if ((x->key_data != NULL) && (x->key_free)) diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c index 30c02e2c26..10376737a9 100644 --- a/crypto/x509v3/v3_akey.c +++ b/crypto/x509v3/v3_akey.c @@ -172,7 +172,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, if ((issuer && !ikeyid) || (issuer == 2)) { isname = X509_NAME_dup(X509_get_issuer_name(cert)); - serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); + serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert)); if (!isname || !serial) { OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); goto err; @@ -201,7 +201,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, err: X509_NAME_free(isname); - M_ASN1_INTEGER_free(serial); - M_ASN1_OCTET_STRING_free(ikeyid); + ASN1_INTEGER_free(serial); + ASN1_OCTET_STRING_free(ikeyid); return NULL; } diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index a142e0e76a..4d540754c9 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -386,7 +386,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) while ((i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i)) >= 0) { ne = X509_NAME_get_entry(nm, i); - email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); + email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne)); if (move_p) { X509_NAME_delete_entry(nm, i); X509_NAME_ENTRY_free(ne); @@ -410,7 +410,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) err: GENERAL_NAME_free(gen); - M_ASN1_IA5STRING_free(email); + ASN1_IA5STRING_free(email); return 0; } @@ -517,7 +517,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, } if (is_string) { - if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || + if (!(gen->d.ia5 = ASN1_IA5STRING_new()) || !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, strlen(value))) { OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c index 86a8c3615b..402f830fb2 100644 --- a/crypto/x509v3/v3_bitst.c +++ b/crypto/x509v3/v3_bitst.c @@ -113,7 +113,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bs; size_t i; const BIT_STRING_BITNAME *bnam; - if (!(bs = M_ASN1_BIT_STRING_new())) { + if (!(bs = ASN1_BIT_STRING_new())) { OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } @@ -124,7 +124,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, !strcmp(bnam->lname, val->name)) { if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); - M_ASN1_BIT_STRING_free(bs); + ASN1_BIT_STRING_free(bs); return NULL; } break; @@ -133,7 +133,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, if (!bnam->lname) { OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); X509V3_conf_err(val); - M_ASN1_BIT_STRING_free(bs); + ASN1_BIT_STRING_free(bs); return NULL; } } diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index ba02873da9..158f8df18d 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -199,7 +199,7 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, p = ext_der; method->i2d(ext_struc, &p); } - if (!(ext_oct = M_ASN1_OCTET_STRING_new())) + if (!(ext_oct = ASN1_OCTET_STRING_new())) goto merr; ext_oct->data = ext_der; ext_oct->length = ext_len; @@ -207,7 +207,7 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); if (!ext) goto merr; - M_ASN1_OCTET_STRING_free(ext_oct); + ASN1_OCTET_STRING_free(ext_oct); return ext; @@ -289,7 +289,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, goto err; } - if (!(oct = M_ASN1_OCTET_STRING_new())) { + if (!(oct = ASN1_OCTET_STRING_new())) { OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); goto err; } @@ -302,7 +302,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, err: ASN1_OBJECT_free(obj); - M_ASN1_OCTET_STRING_free(oct); + ASN1_OCTET_STRING_free(oct); if (ext_der) OPENSSL_free(ext_der); return extension; diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 18d260b56f..216e7aea37 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -245,7 +245,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, OPENSSL_PUT_ERROR(X509V3, ERR_R_INTERNAL_ERROR); goto err; } - qual->d.cpsuri = M_ASN1_IA5STRING_new(); + qual->d.cpsuri = ASN1_IA5STRING_new(); if (qual->d.cpsuri == NULL) { goto err; } @@ -319,7 +319,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); if (!strcmp(cnf->name, "explicitText")) { - not->exptext = M_ASN1_VISIBLESTRING_new(); + not->exptext = ASN1_VISIBLESTRING_new(); if (not->exptext == NULL) goto merr; if (!ASN1_STRING_set(not->exptext, cnf->value, diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c index 6b2056dcb4..700200c52c 100644 --- a/crypto/x509v3/v3_ia5.c +++ b/crypto/x509v3/v3_ia5.c @@ -108,11 +108,10 @@ static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_ARGUMENT); return NULL; } - if (!(ia5 = M_ASN1_IA5STRING_new())) + if (!(ia5 = ASN1_IA5STRING_new())) goto err; - if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char *)str, - strlen(str))) { - M_ASN1_IA5STRING_free(ia5); + if (!ASN1_STRING_set(ia5, str, strlen(str))) { + ASN1_IA5STRING_free(ia5); goto err; } return ia5; diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index b508eb3c58..f6f341a222 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -183,7 +183,7 @@ int X509V3_extensions_print(BIO *bp, const char *title, return 0; if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) { BIO_printf(bp, "%*s", indent + 4, ""); - M_ASN1_OCTET_STRING_print(bp, ex->value); + ASN1_STRING_print(bp, ex->value); } if (BIO_write(bp, "\n", 1) <= 0) return 0; diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index eb5ba55e97..140356d7af 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c @@ -88,13 +88,13 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct; long length; - if (!(oct = M_ASN1_OCTET_STRING_new())) { + if (!(oct = ASN1_OCTET_STRING_new())) { OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } if (!(oct->data = x509v3_hex_to_bytes(str, &length))) { - M_ASN1_OCTET_STRING_free(oct); + ASN1_OCTET_STRING_free(oct); return NULL; } @@ -115,7 +115,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, if (strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); - if (!(oct = M_ASN1_OCTET_STRING_new())) { + if (!(oct = ASN1_OCTET_STRING_new())) { OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } @@ -142,7 +142,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, (pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL)) goto err; - if (!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { + if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); goto err; } @@ -150,6 +150,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, return oct; err: - M_ASN1_OCTET_STRING_free(oct); + ASN1_OCTET_STRING_free(oct); return NULL; } diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 289717175c..27753033ec 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -460,46 +460,53 @@ typedef struct BIT_STRING_BITNAME_st { const char *sname; } BIT_STRING_BITNAME; - -#define M_ASN1_STRING_length(x) ((x)->length) -#define M_ASN1_STRING_type(x) ((x)->type) -#define M_ASN1_STRING_data(x) ((x)->data) - -// Macros for string operations -#define M_ASN1_BIT_STRING_new() \ - (ASN1_BIT_STRING *)ASN1_STRING_type_new(V_ASN1_BIT_STRING) -#define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_BIT_STRING_dup(a) \ - (ASN1_BIT_STRING *)ASN1_STRING_dup((const ASN1_STRING *)a) -#define M_ASN1_BIT_STRING_cmp(a, b) \ - ASN1_STRING_cmp((const ASN1_STRING *)a, (const ASN1_STRING *)b) -#define M_ASN1_BIT_STRING_set(a, b, c) ASN1_STRING_set((ASN1_STRING *)a, b, c) - -#define M_ASN1_INTEGER_new() \ - (ASN1_INTEGER *)ASN1_STRING_type_new(V_ASN1_INTEGER) -#define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_INTEGER_dup(a) \ - (ASN1_INTEGER *)ASN1_STRING_dup((const ASN1_STRING *)a) -#define M_ASN1_INTEGER_cmp(a, b) \ - ASN1_STRING_cmp((const ASN1_STRING *)a, (const ASN1_STRING *)b) - -#define M_ASN1_ENUMERATED_new() \ - (ASN1_ENUMERATED *)ASN1_STRING_type_new(V_ASN1_ENUMERATED) -#define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_ENUMERATED_dup(a) \ - (ASN1_ENUMERATED *)ASN1_STRING_dup((const ASN1_STRING *)a) -#define M_ASN1_ENUMERATED_cmp(a, b) \ - ASN1_STRING_cmp((const ASN1_STRING *)a, (const ASN1_STRING *)b) - -#define M_ASN1_OCTET_STRING_new() \ - (ASN1_OCTET_STRING *)ASN1_STRING_type_new(V_ASN1_OCTET_STRING) -#define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_OCTET_STRING_dup(a) \ - (ASN1_OCTET_STRING *)ASN1_STRING_dup((const ASN1_STRING *)a) -#define M_ASN1_OCTET_STRING_cmp(a, b) \ - ASN1_STRING_cmp((const ASN1_STRING *)a, (const ASN1_STRING *)b) -#define M_ASN1_OCTET_STRING_set(a, b, c) ASN1_STRING_set((ASN1_STRING *)a, b, c) -#define M_ASN1_OCTET_STRING_print(a, b) ASN1_STRING_print(a, (ASN1_STRING *)b) +// M_ASN1_* are legacy aliases for various |ASN1_STRING| functions. Use the +// functions themselves. +#define M_ASN1_STRING_length(x) ASN1_STRING_length(x) +#define M_ASN1_STRING_type(x) ASN1_STRING_type(x) +#define M_ASN1_STRING_data(x) ASN1_STRING_data(x) +#define M_ASN1_BIT_STRING_new() ASN1_BIT_STRING_new() +#define M_ASN1_BIT_STRING_free(a) ASN1_BIT_STRING_free(a) +#define M_ASN1_BIT_STRING_dup(a) ASN1_STRING_dup(a) +#define M_ASN1_BIT_STRING_cmp(a, b) ASN1_STRING_cmp(a, b) +#define M_ASN1_BIT_STRING_set(a, b, c) ASN1_BIT_STRING_set(a, b, c) +#define M_ASN1_INTEGER_new() ASN1_INTEGER_new() +#define M_ASN1_INTEGER_free(a) ASN1_INTEGER_free(a) +#define M_ASN1_INTEGER_dup(a) ASN1_INTEGER_dup(a) +#define M_ASN1_INTEGER_cmp(a, b) ASN1_INTEGER_cmp(a, b) +#define M_ASN1_ENUMERATED_new() ASN1_ENUMERATED_new() +#define M_ASN1_ENUMERATED_free(a) ASN1_ENUMERATED_free(a) +#define M_ASN1_ENUMERATED_dup(a) ASN1_STRING_dup(a) +#define M_ASN1_ENUMERATED_cmp(a, b) ASN1_STRING_cmp(a, b) +#define M_ASN1_OCTET_STRING_new() ASN1_OCTET_STRING_new() +#define M_ASN1_OCTET_STRING_free(a) ASN1_OCTET_STRING_free() +#define M_ASN1_OCTET_STRING_dup(a) ASN1_OCTET_STRING_dup(a) +#define M_ASN1_OCTET_STRING_cmp(a, b) ASN1_OCTET_STRING_cmp(a, b) +#define M_ASN1_OCTET_STRING_set(a, b, c) ASN1_OCTET_STRING_set(a, b, c) +#define M_ASN1_OCTET_STRING_print(a, b) ASN1_STRING_print(a, b) +#define M_ASN1_PRINTABLESTRING_new() ASN1_PRINTABLESTRING_new() +#define M_ASN1_PRINTABLESTRING_free(a) ASN1_PRINTABLESTRING_free(a) +#define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new() +#define M_ASN1_IA5STRING_free(a) ASN1_IA5STRING_free(a) +#define M_ASN1_IA5STRING_dup(a) ASN1_STRING_dup(a) +#define M_ASN1_UTCTIME_new() ASN1_UTCTIME_new() +#define M_ASN1_UTCTIME_free(a) ASN1_UTCTIME_free(a) +#define M_ASN1_UTCTIME_dup(a) ASN1_STRING_dup(a) +#define M_ASN1_T61STRING_new() ASN1_T61STRING_new() +#define M_ASN1_T61STRING_free(a) ASN1_T61STRING_free(a) +#define M_ASN1_GENERALIZEDTIME_new() ASN1_GENERALIZEDTIME_new() +#define M_ASN1_GENERALIZEDTIME_free(a) ASN1_GENERALIZEDTIME_free(a) +#define M_ASN1_GENERALIZEDTIME_dup(a) ASN1_STRING_dup(a) +#define M_ASN1_GENERALSTRING_new() ASN1_GENERALSTRING_new() +#define M_ASN1_GENERALSTRING_free(a) ASN1_GENERALSTRING_free(a) +#define M_ASN1_UNIVERSALSTRING_new() ASN1_UNIVERSALSTRING_new() +#define M_ASN1_UNIVERSALSTRING_free(a) ASN1_UNIVERSALSTRING_free(a) +#define M_ASN1_BMPSTRING_new() ASN1_BMPSTRING_new() +#define M_ASN1_BMPSTRING_free(a) ASN1_BMPSTRING_free(a) +#define M_ASN1_VISIBLESTRING_new() ASN1_VISIBLESTRING_new() +#define M_ASN1_VISIBLESTRING_free(a) ASN1_VISIBLESTRING_free(a) +#define M_ASN1_UTF8STRING_new() ASN1_UTF8STRING_new() +#define M_ASN1_UTF8STRING_free(a) ASN1_UTF8STRING_free(a) #define B_ASN1_TIME B_ASN1_UTCTIME | B_ASN1_GENERALIZEDTIME @@ -524,56 +531,10 @@ typedef struct BIT_STRING_BITNAME_st { #define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) #define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_PRINTABLESTRING_new() \ - (ASN1_PRINTABLESTRING *)ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) -#define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) - -#define M_ASN1_T61STRING_new() \ - (ASN1_T61STRING *)ASN1_STRING_type_new(V_ASN1_T61STRING) -#define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) - -#define M_ASN1_IA5STRING_new() \ - (ASN1_IA5STRING *)ASN1_STRING_type_new(V_ASN1_IA5STRING) -#define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_IA5STRING_dup(a) \ - (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a) - -#define M_ASN1_UTCTIME_new() \ - (ASN1_UTCTIME *)ASN1_STRING_type_new(V_ASN1_UTCTIME) -#define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_UTCTIME_dup(a) \ - (ASN1_UTCTIME *)ASN1_STRING_dup((const ASN1_STRING *)a) - -#define M_ASN1_GENERALIZEDTIME_new() \ - (ASN1_GENERALIZEDTIME *)ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) -#define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_GENERALIZEDTIME_dup(a) \ - (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup((const ASN1_STRING *)a) - #define M_ASN1_TIME_new() (ASN1_TIME *)ASN1_STRING_type_new(V_ASN1_UTCTIME) #define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) #define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((const ASN1_STRING *)a) -#define M_ASN1_GENERALSTRING_new() \ - (ASN1_GENERALSTRING *)ASN1_STRING_type_new(V_ASN1_GENERALSTRING) -#define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) - -#define M_ASN1_UNIVERSALSTRING_new() \ - (ASN1_UNIVERSALSTRING *)ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) -#define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) - -#define M_ASN1_BMPSTRING_new() \ - (ASN1_BMPSTRING *)ASN1_STRING_type_new(V_ASN1_BMPSTRING) -#define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) - -#define M_ASN1_VISIBLESTRING_new() \ - (ASN1_VISIBLESTRING *)ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) -#define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) - -#define M_ASN1_UTF8STRING_new() \ - (ASN1_UTF8STRING *)ASN1_STRING_type_new(V_ASN1_UTF8STRING) -#define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) - DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) OPENSSL_EXPORT int ASN1_TYPE_get(const ASN1_TYPE *a); From c509ee3fa27d191b23da353d363c396ef7bdecdb Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 10 Nov 2020 02:24:09 -0500 Subject: [PATCH 260/399] Switch M_ASN1_TIME macros within the library. There is no ASN1_TIME_dup, so switch M_ASN1_TIME_dup to ASN1_STRING_dup as upstream does. Switch M_ASN1_TIME_free to ASN1_TIME_free, also matching upstream. This is a no-op, but less obviously so: ASN1_TIME is an MSTRING defined in a_time.c. This defines an MSTRING ASN1_ITEM. The new/free functions are then generated with IMPLEMENT_ASN1_FUNCTIONS, which walks the ASN1_ITEM. ASN1_TIME_free then goes through table-based free function, eventually running ASN1_primitive_free, which calls ASN1_STRING_free on MSTRINGs. Change-Id: I1765848a5301ecceeb74f91457351c969b741bb1 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44046 Reviewed-by: Adam Langley --- crypto/x509/x509_set.c | 8 ++++---- crypto/x509/x509cset.c | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 6141af0d9d..5f17851981 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -125,9 +125,9 @@ int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm) return (0); in = x->cert_info->validity->notBefore; if (in != tm) { - in = M_ASN1_TIME_dup(tm); + in = ASN1_STRING_dup(tm); if (in != NULL) { - M_ASN1_TIME_free(x->cert_info->validity->notBefore); + ASN1_TIME_free(x->cert_info->validity->notBefore); x->cert_info->validity->notBefore = in; } } @@ -168,9 +168,9 @@ int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm) return (0); in = x->cert_info->validity->notAfter; if (in != tm) { - in = M_ASN1_TIME_dup(tm); + in = ASN1_STRING_dup(tm); if (in != NULL) { - M_ASN1_TIME_free(x->cert_info->validity->notAfter); + ASN1_TIME_free(x->cert_info->validity->notAfter); x->cert_info->validity->notAfter = in; } } diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index 04f1f87eb2..f207a25c69 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -87,9 +87,9 @@ int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) return (0); in = x->crl->lastUpdate; if (in != tm) { - in = M_ASN1_TIME_dup(tm); + in = ASN1_STRING_dup(tm); if (in != NULL) { - M_ASN1_TIME_free(x->crl->lastUpdate); + ASN1_TIME_free(x->crl->lastUpdate); x->crl->lastUpdate = in; } } @@ -104,9 +104,9 @@ int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) return (0); in = x->crl->nextUpdate; if (in != tm) { - in = M_ASN1_TIME_dup(tm); + in = ASN1_STRING_dup(tm); if (in != NULL) { - M_ASN1_TIME_free(x->crl->nextUpdate); + ASN1_TIME_free(x->crl->nextUpdate); x->crl->nextUpdate = in; } } @@ -202,9 +202,9 @@ int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) return (0); in = x->revocationDate; if (in != tm) { - in = M_ASN1_TIME_dup(tm); + in = ASN1_STRING_dup(tm); if (in != NULL) { - M_ASN1_TIME_free(x->revocationDate); + ASN1_TIME_free(x->revocationDate); x->revocationDate = in; } } From a4954e5ace867ed88633c1380a61ca72f62a2bab Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 11 Nov 2020 15:11:45 -0500 Subject: [PATCH 261/399] Remove the legacy MSTRING M_ASN1 macros. The free and dup macros are fine and can be replaced with their function counterparts, but the new macros call ASN1_STRING_type_new with a representative type in the CHOICE. This does not match what the corresponding functions (e.g. ASN1_TIME_new) do. The functions go through tasn_new.c and end up at ASN1_primitive_new. That ends up creating an ASN1_STRING with type -1 and the ASN1_STRING_FLAG_MSTRING flag set. X509_time_adj_ex uses the flag to determine whether to trigger X.509's UTCTime vs GeneralizedTime switching. Confusingly, ASN1_TIME_adj, ASN1_UTCTIME_adj, and ASN1_GENERALIZEDTIME_adj trigger this behavior based on the function itself. That seems more robust (X509_set1_notBefore might accidentally lose the flag), so maybe we can remove this flag. In the meantime, at least remove the old macros so we don't create the wrong type. Update-Note: Some M_ASN1 macros were removed. Code search says there were no uses, and OpenSSL upstream removed all of them. Change-Id: Iffa63f2624c38e64679207720c5ebd5241da644c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44047 Reviewed-by: Adam Langley --- include/openssl/asn1.h | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 27753033ec..c2eddf885f 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -522,19 +522,6 @@ typedef struct BIT_STRING_BITNAME_st { #define B_ASN1_DISPLAYTEXT \ B_ASN1_IA5STRING | B_ASN1_VISIBLESTRING | B_ASN1_BMPSTRING | B_ASN1_UTF8STRING -#define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) -#define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) - -#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) -#define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) - -#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) -#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a) - -#define M_ASN1_TIME_new() (ASN1_TIME *)ASN1_STRING_type_new(V_ASN1_UTCTIME) -#define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((const ASN1_STRING *)a) - DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) OPENSSL_EXPORT int ASN1_TYPE_get(const ASN1_TYPE *a); From 2e5f38a1d871305ffeb0c932d421b01fd43a4168 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 10 Nov 2020 22:05:27 -0500 Subject: [PATCH 262/399] Rearrange ASN1_STRING_copy slightly. Not especially important, but leaving the input unchanged on malloc failure is a little tidier. Change-Id: Ia001260edcc8d75865d0d75ac0fe596205f83c48 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44048 Reviewed-by: Adam Langley --- crypto/asn1/asn1_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 5fdbd5bcee..06fd9d7fc2 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -313,9 +313,9 @@ int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str) { if (str == NULL) return 0; - dst->type = str->type; if (!ASN1_STRING_set(dst, str->data, str->length)) return 0; + dst->type = str->type; dst->flags = str->flags; return 1; } From 6fcbd8905ef73acf9900755cf07bc328cb633b5d Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 12 Nov 2020 15:47:00 -0800 Subject: [PATCH 263/399] build.rs: Remove printing of environment variables. Avoid any potential for leaking sensitive environment variables that would be irrelevant to the build. --- build.rs | 4 ---- 1 file changed, 4 deletions(-) diff --git a/build.rs b/build.rs index b0388b4b80..138bd64572 100644 --- a/build.rs +++ b/build.rs @@ -263,10 +263,6 @@ fn main() { fn ring_build_rs_main() { use std::env; - for (key, value) in env::vars() { - eprintln!("ENV {}={}", key, value); - } - let out_dir = env::var("OUT_DIR").unwrap(); let out_dir = PathBuf::from(out_dir); From b2b38d5e203fabda5a1538800e5f72dd6491bbd1 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 13 Nov 2020 12:07:19 -0800 Subject: [PATCH 264/399] Remove dead AVX-512 ChaCha20 assembly code. --- crypto/chacha/asm/chacha-x86_64.pl | 752 +---------------------------- 1 file changed, 1 insertion(+), 751 deletions(-) diff --git a/crypto/chacha/asm/chacha-x86_64.pl b/crypto/chacha/asm/chacha-x86_64.pl index 98b4ae7106..c85bfa89cf 100755 --- a/crypto/chacha/asm/chacha-x86_64.pl +++ b/crypto/chacha/asm/chacha-x86_64.pl @@ -233,10 +233,6 @@ sub ROUND { # critical path is 24 cycles per round je .Lno_data mov GFp_ia32cap_P+4(%rip),%r10 ___ -$code.=<<___ if ($avx>2); - bt \$48,%r10 # check for AVX512F - jc .LChaCha20_avx512 -___ $code.=<<___; test \$`1<<(41-32)`,%r10d jnz .LChaCha20_ssse3 @@ -1807,733 +1803,7 @@ sub AVX2_lane_ROUND { } ######################################################################## -# AVX512 code paths -if ($avx>2) { -# This one handles shorter inputs... - -my ($a,$b,$c,$d, $a_,$b_,$c_,$d_,$fourz) = map("%zmm$_",(0..3,16..20)); -my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7)); - -sub AVX512ROUND { # critical path is 14 "SIMD ticks" per round - &vpaddd ($a,$a,$b); - &vpxord ($d,$d,$a); - &vprold ($d,$d,16); - - &vpaddd ($c,$c,$d); - &vpxord ($b,$b,$c); - &vprold ($b,$b,12); - - &vpaddd ($a,$a,$b); - &vpxord ($d,$d,$a); - &vprold ($d,$d,8); - - &vpaddd ($c,$c,$d); - &vpxord ($b,$b,$c); - &vprold ($b,$b,7); -} - -my $xframe = $win64 ? 32+8 : 8; - -$code.=<<___; -.type ChaCha20_avx512,\@function,5 -.align 32 -ChaCha20_avx512: -.LChaCha20_avx512: -.cfi_startproc - mov %rsp,%r9 # frame pointer -.cfi_def_cfa_register r9 - cmp \$512,$len - ja .LChaCha20_16x - - sub \$64+$xframe,%rsp -___ -$code.=<<___ if ($win64); - movaps %xmm6,-0x28(%r9) - movaps %xmm7,-0x18(%r9) -.Lavx512_body: -___ -$code.=<<___; - vbroadcasti32x4 .Lsigma(%rip),$a - vbroadcasti32x4 ($key),$b - vbroadcasti32x4 16($key),$c - vbroadcasti32x4 ($counter),$d - - vmovdqa32 $a,$a_ - vmovdqa32 $b,$b_ - vmovdqa32 $c,$c_ - vpaddd .Lzeroz(%rip),$d,$d - vmovdqa32 .Lfourz(%rip),$fourz - mov \$10,$counter # reuse $counter - vmovdqa32 $d,$d_ - jmp .Loop_avx512 - -.align 16 -.Loop_outer_avx512: - vmovdqa32 $a_,$a - vmovdqa32 $b_,$b - vmovdqa32 $c_,$c - vpaddd $fourz,$d_,$d - mov \$10,$counter - vmovdqa32 $d,$d_ - jmp .Loop_avx512 - -.align 32 -.Loop_avx512: -___ - &AVX512ROUND(); - &vpshufd ($c,$c,0b01001110); - &vpshufd ($b,$b,0b00111001); - &vpshufd ($d,$d,0b10010011); - - &AVX512ROUND(); - &vpshufd ($c,$c,0b01001110); - &vpshufd ($b,$b,0b10010011); - &vpshufd ($d,$d,0b00111001); - - &dec ($counter); - &jnz (".Loop_avx512"); - -$code.=<<___; - vpaddd $a_,$a,$a - vpaddd $b_,$b,$b - vpaddd $c_,$c,$c - vpaddd $d_,$d,$d - - sub \$64,$len - jb .Ltail64_avx512 - - vpxor 0x00($inp),%x#$a,$t0 # xor with input - vpxor 0x10($inp),%x#$b,$t1 - vpxor 0x20($inp),%x#$c,$t2 - vpxor 0x30($inp),%x#$d,$t3 - lea 0x40($inp),$inp # inp+=64 - - vmovdqu $t0,0x00($out) # write output - vmovdqu $t1,0x10($out) - vmovdqu $t2,0x20($out) - vmovdqu $t3,0x30($out) - lea 0x40($out),$out # out+=64 - - jz .Ldone_avx512 - - vextracti32x4 \$1,$a,$t0 - vextracti32x4 \$1,$b,$t1 - vextracti32x4 \$1,$c,$t2 - vextracti32x4 \$1,$d,$t3 - - sub \$64,$len - jb .Ltail_avx512 - - vpxor 0x00($inp),$t0,$t0 # xor with input - vpxor 0x10($inp),$t1,$t1 - vpxor 0x20($inp),$t2,$t2 - vpxor 0x30($inp),$t3,$t3 - lea 0x40($inp),$inp # inp+=64 - - vmovdqu $t0,0x00($out) # write output - vmovdqu $t1,0x10($out) - vmovdqu $t2,0x20($out) - vmovdqu $t3,0x30($out) - lea 0x40($out),$out # out+=64 - - jz .Ldone_avx512 - - vextracti32x4 \$2,$a,$t0 - vextracti32x4 \$2,$b,$t1 - vextracti32x4 \$2,$c,$t2 - vextracti32x4 \$2,$d,$t3 - - sub \$64,$len - jb .Ltail_avx512 - - vpxor 0x00($inp),$t0,$t0 # xor with input - vpxor 0x10($inp),$t1,$t1 - vpxor 0x20($inp),$t2,$t2 - vpxor 0x30($inp),$t3,$t3 - lea 0x40($inp),$inp # inp+=64 - - vmovdqu $t0,0x00($out) # write output - vmovdqu $t1,0x10($out) - vmovdqu $t2,0x20($out) - vmovdqu $t3,0x30($out) - lea 0x40($out),$out # out+=64 - - jz .Ldone_avx512 - - vextracti32x4 \$3,$a,$t0 - vextracti32x4 \$3,$b,$t1 - vextracti32x4 \$3,$c,$t2 - vextracti32x4 \$3,$d,$t3 - - sub \$64,$len - jb .Ltail_avx512 - - vpxor 0x00($inp),$t0,$t0 # xor with input - vpxor 0x10($inp),$t1,$t1 - vpxor 0x20($inp),$t2,$t2 - vpxor 0x30($inp),$t3,$t3 - lea 0x40($inp),$inp # inp+=64 - - vmovdqu $t0,0x00($out) # write output - vmovdqu $t1,0x10($out) - vmovdqu $t2,0x20($out) - vmovdqu $t3,0x30($out) - lea 0x40($out),$out # out+=64 - - jnz .Loop_outer_avx512 - - jmp .Ldone_avx512 - -.align 16 -.Ltail64_avx512: - vmovdqa %x#$a,0x00(%rsp) - vmovdqa %x#$b,0x10(%rsp) - vmovdqa %x#$c,0x20(%rsp) - vmovdqa %x#$d,0x30(%rsp) - add \$64,$len - jmp .Loop_tail_avx512 - -.align 16 -.Ltail_avx512: - vmovdqa $t0,0x00(%rsp) - vmovdqa $t1,0x10(%rsp) - vmovdqa $t2,0x20(%rsp) - vmovdqa $t3,0x30(%rsp) - add \$64,$len - -.Loop_tail_avx512: - movzb ($inp,$counter),%eax - movzb (%rsp,$counter),%ecx - lea 1($counter),$counter - xor %ecx,%eax - mov %al,-1($out,$counter) - dec $len - jnz .Loop_tail_avx512 - - vmovdqa32 $a_,0x00(%rsp) - -.Ldone_avx512: - vzeroall -___ -$code.=<<___ if ($win64); - movaps -0x28(%r9),%xmm6 - movaps -0x18(%r9),%xmm7 -___ -$code.=<<___; - lea (%r9),%rsp -.cfi_def_cfa_register rsp -.Lavx512_epilogue: - ret -.cfi_endproc -.size ChaCha20_avx512,.-ChaCha20_avx512 -___ -} -if ($avx>2) { -# This one handles longer inputs... - -my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, - $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3)=map("%zmm$_",(0..15)); -my @xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, - $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3); -my @key=map("%zmm$_",(16..31)); -my ($xt0,$xt1,$xt2,$xt3)=@key[0..3]; - -sub AVX512_lane_ROUND { -my ($a0,$b0,$c0,$d0)=@_; -my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -my @x=map("\"$_\"",@xx); - - ( - "&vpaddd (@x[$a0],@x[$a0],@x[$b0])", # Q1 - "&vpaddd (@x[$a1],@x[$a1],@x[$b1])", # Q2 - "&vpaddd (@x[$a2],@x[$a2],@x[$b2])", # Q3 - "&vpaddd (@x[$a3],@x[$a3],@x[$b3])", # Q4 - "&vpxord (@x[$d0],@x[$d0],@x[$a0])", - "&vpxord (@x[$d1],@x[$d1],@x[$a1])", - "&vpxord (@x[$d2],@x[$d2],@x[$a2])", - "&vpxord (@x[$d3],@x[$d3],@x[$a3])", - "&vprold (@x[$d0],@x[$d0],16)", - "&vprold (@x[$d1],@x[$d1],16)", - "&vprold (@x[$d2],@x[$d2],16)", - "&vprold (@x[$d3],@x[$d3],16)", - - "&vpaddd (@x[$c0],@x[$c0],@x[$d0])", - "&vpaddd (@x[$c1],@x[$c1],@x[$d1])", - "&vpaddd (@x[$c2],@x[$c2],@x[$d2])", - "&vpaddd (@x[$c3],@x[$c3],@x[$d3])", - "&vpxord (@x[$b0],@x[$b0],@x[$c0])", - "&vpxord (@x[$b1],@x[$b1],@x[$c1])", - "&vpxord (@x[$b2],@x[$b2],@x[$c2])", - "&vpxord (@x[$b3],@x[$b3],@x[$c3])", - "&vprold (@x[$b0],@x[$b0],12)", - "&vprold (@x[$b1],@x[$b1],12)", - "&vprold (@x[$b2],@x[$b2],12)", - "&vprold (@x[$b3],@x[$b3],12)", - - "&vpaddd (@x[$a0],@x[$a0],@x[$b0])", - "&vpaddd (@x[$a1],@x[$a1],@x[$b1])", - "&vpaddd (@x[$a2],@x[$a2],@x[$b2])", - "&vpaddd (@x[$a3],@x[$a3],@x[$b3])", - "&vpxord (@x[$d0],@x[$d0],@x[$a0])", - "&vpxord (@x[$d1],@x[$d1],@x[$a1])", - "&vpxord (@x[$d2],@x[$d2],@x[$a2])", - "&vpxord (@x[$d3],@x[$d3],@x[$a3])", - "&vprold (@x[$d0],@x[$d0],8)", - "&vprold (@x[$d1],@x[$d1],8)", - "&vprold (@x[$d2],@x[$d2],8)", - "&vprold (@x[$d3],@x[$d3],8)", - - "&vpaddd (@x[$c0],@x[$c0],@x[$d0])", - "&vpaddd (@x[$c1],@x[$c1],@x[$d1])", - "&vpaddd (@x[$c2],@x[$c2],@x[$d2])", - "&vpaddd (@x[$c3],@x[$c3],@x[$d3])", - "&vpxord (@x[$b0],@x[$b0],@x[$c0])", - "&vpxord (@x[$b1],@x[$b1],@x[$c1])", - "&vpxord (@x[$b2],@x[$b2],@x[$c2])", - "&vpxord (@x[$b3],@x[$b3],@x[$c3])", - "&vprold (@x[$b0],@x[$b0],7)", - "&vprold (@x[$b1],@x[$b1],7)", - "&vprold (@x[$b2],@x[$b2],7)", - "&vprold (@x[$b3],@x[$b3],7)" - ); -} - -my $xframe = $win64 ? 0xa8 : 8; - -$code.=<<___; -.type ChaCha20_16x,\@function,5 -.align 32 -ChaCha20_16x: -.LChaCha20_16x: -.cfi_startproc - mov %rsp,%r9 # frame register -.cfi_def_cfa_register r9 - sub \$64+$xframe,%rsp - and \$-64,%rsp -___ -$code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%r9) - movaps %xmm7,-0x98(%r9) - movaps %xmm8,-0x88(%r9) - movaps %xmm9,-0x78(%r9) - movaps %xmm10,-0x68(%r9) - movaps %xmm11,-0x58(%r9) - movaps %xmm12,-0x48(%r9) - movaps %xmm13,-0x38(%r9) - movaps %xmm14,-0x28(%r9) - movaps %xmm15,-0x18(%r9) -.L16x_body: -___ -$code.=<<___; - vzeroupper - - lea .Lsigma(%rip),%r10 - vbroadcasti32x4 (%r10),$xa3 # key[0] - vbroadcasti32x4 ($key),$xb3 # key[1] - vbroadcasti32x4 16($key),$xc3 # key[2] - vbroadcasti32x4 ($counter),$xd3 # key[3] - - vpshufd \$0x00,$xa3,$xa0 # smash key by lanes... - vpshufd \$0x55,$xa3,$xa1 - vpshufd \$0xaa,$xa3,$xa2 - vpshufd \$0xff,$xa3,$xa3 - vmovdqa64 $xa0,@key[0] - vmovdqa64 $xa1,@key[1] - vmovdqa64 $xa2,@key[2] - vmovdqa64 $xa3,@key[3] - - vpshufd \$0x00,$xb3,$xb0 - vpshufd \$0x55,$xb3,$xb1 - vpshufd \$0xaa,$xb3,$xb2 - vpshufd \$0xff,$xb3,$xb3 - vmovdqa64 $xb0,@key[4] - vmovdqa64 $xb1,@key[5] - vmovdqa64 $xb2,@key[6] - vmovdqa64 $xb3,@key[7] - - vpshufd \$0x00,$xc3,$xc0 - vpshufd \$0x55,$xc3,$xc1 - vpshufd \$0xaa,$xc3,$xc2 - vpshufd \$0xff,$xc3,$xc3 - vmovdqa64 $xc0,@key[8] - vmovdqa64 $xc1,@key[9] - vmovdqa64 $xc2,@key[10] - vmovdqa64 $xc3,@key[11] - - vpshufd \$0x00,$xd3,$xd0 - vpshufd \$0x55,$xd3,$xd1 - vpshufd \$0xaa,$xd3,$xd2 - vpshufd \$0xff,$xd3,$xd3 - vpaddd .Lincz(%rip),$xd0,$xd0 # don't save counters yet - vmovdqa64 $xd0,@key[12] - vmovdqa64 $xd1,@key[13] - vmovdqa64 $xd2,@key[14] - vmovdqa64 $xd3,@key[15] - - mov \$10,%eax - jmp .Loop16x - -.align 32 -.Loop_outer16x: - vpbroadcastd 0(%r10),$xa0 # reload key - vpbroadcastd 4(%r10),$xa1 - vpbroadcastd 8(%r10),$xa2 - vpbroadcastd 12(%r10),$xa3 - vpaddd .Lsixteen(%rip),@key[12],@key[12] # next SIMD counters - vmovdqa64 @key[4],$xb0 - vmovdqa64 @key[5],$xb1 - vmovdqa64 @key[6],$xb2 - vmovdqa64 @key[7],$xb3 - vmovdqa64 @key[8],$xc0 - vmovdqa64 @key[9],$xc1 - vmovdqa64 @key[10],$xc2 - vmovdqa64 @key[11],$xc3 - vmovdqa64 @key[12],$xd0 - vmovdqa64 @key[13],$xd1 - vmovdqa64 @key[14],$xd2 - vmovdqa64 @key[15],$xd3 - - vmovdqa64 $xa0,@key[0] - vmovdqa64 $xa1,@key[1] - vmovdqa64 $xa2,@key[2] - vmovdqa64 $xa3,@key[3] - - mov \$10,%eax - jmp .Loop16x - -.align 32 -.Loop16x: -___ - foreach (&AVX512_lane_ROUND(0, 4, 8,12)) { eval; } - foreach (&AVX512_lane_ROUND(0, 5,10,15)) { eval; } -$code.=<<___; - dec %eax - jnz .Loop16x - - vpaddd @key[0],$xa0,$xa0 # accumulate key - vpaddd @key[1],$xa1,$xa1 - vpaddd @key[2],$xa2,$xa2 - vpaddd @key[3],$xa3,$xa3 - - vpunpckldq $xa1,$xa0,$xt2 # "de-interlace" data - vpunpckldq $xa3,$xa2,$xt3 - vpunpckhdq $xa1,$xa0,$xa0 - vpunpckhdq $xa3,$xa2,$xa2 - vpunpcklqdq $xt3,$xt2,$xa1 # "a0" - vpunpckhqdq $xt3,$xt2,$xt2 # "a1" - vpunpcklqdq $xa2,$xa0,$xa3 # "a2" - vpunpckhqdq $xa2,$xa0,$xa0 # "a3" -___ - ($xa0,$xa1,$xa2,$xa3,$xt2)=($xa1,$xt2,$xa3,$xa0,$xa2); -$code.=<<___; - vpaddd @key[4],$xb0,$xb0 - vpaddd @key[5],$xb1,$xb1 - vpaddd @key[6],$xb2,$xb2 - vpaddd @key[7],$xb3,$xb3 - - vpunpckldq $xb1,$xb0,$xt2 - vpunpckldq $xb3,$xb2,$xt3 - vpunpckhdq $xb1,$xb0,$xb0 - vpunpckhdq $xb3,$xb2,$xb2 - vpunpcklqdq $xt3,$xt2,$xb1 # "b0" - vpunpckhqdq $xt3,$xt2,$xt2 # "b1" - vpunpcklqdq $xb2,$xb0,$xb3 # "b2" - vpunpckhqdq $xb2,$xb0,$xb0 # "b3" -___ - ($xb0,$xb1,$xb2,$xb3,$xt2)=($xb1,$xt2,$xb3,$xb0,$xb2); -$code.=<<___; - vshufi32x4 \$0x44,$xb0,$xa0,$xt3 # "de-interlace" further - vshufi32x4 \$0xee,$xb0,$xa0,$xb0 - vshufi32x4 \$0x44,$xb1,$xa1,$xa0 - vshufi32x4 \$0xee,$xb1,$xa1,$xb1 - vshufi32x4 \$0x44,$xb2,$xa2,$xa1 - vshufi32x4 \$0xee,$xb2,$xa2,$xb2 - vshufi32x4 \$0x44,$xb3,$xa3,$xa2 - vshufi32x4 \$0xee,$xb3,$xa3,$xb3 -___ - ($xa0,$xa1,$xa2,$xa3,$xt3)=($xt3,$xa0,$xa1,$xa2,$xa3); -$code.=<<___; - vpaddd @key[8],$xc0,$xc0 - vpaddd @key[9],$xc1,$xc1 - vpaddd @key[10],$xc2,$xc2 - vpaddd @key[11],$xc3,$xc3 - - vpunpckldq $xc1,$xc0,$xt2 - vpunpckldq $xc3,$xc2,$xt3 - vpunpckhdq $xc1,$xc0,$xc0 - vpunpckhdq $xc3,$xc2,$xc2 - vpunpcklqdq $xt3,$xt2,$xc1 # "c0" - vpunpckhqdq $xt3,$xt2,$xt2 # "c1" - vpunpcklqdq $xc2,$xc0,$xc3 # "c2" - vpunpckhqdq $xc2,$xc0,$xc0 # "c3" -___ - ($xc0,$xc1,$xc2,$xc3,$xt2)=($xc1,$xt2,$xc3,$xc0,$xc2); -$code.=<<___; - vpaddd @key[12],$xd0,$xd0 - vpaddd @key[13],$xd1,$xd1 - vpaddd @key[14],$xd2,$xd2 - vpaddd @key[15],$xd3,$xd3 - - vpunpckldq $xd1,$xd0,$xt2 - vpunpckldq $xd3,$xd2,$xt3 - vpunpckhdq $xd1,$xd0,$xd0 - vpunpckhdq $xd3,$xd2,$xd2 - vpunpcklqdq $xt3,$xt2,$xd1 # "d0" - vpunpckhqdq $xt3,$xt2,$xt2 # "d1" - vpunpcklqdq $xd2,$xd0,$xd3 # "d2" - vpunpckhqdq $xd2,$xd0,$xd0 # "d3" -___ - ($xd0,$xd1,$xd2,$xd3,$xt2)=($xd1,$xt2,$xd3,$xd0,$xd2); -$code.=<<___; - vshufi32x4 \$0x44,$xd0,$xc0,$xt3 # "de-interlace" further - vshufi32x4 \$0xee,$xd0,$xc0,$xd0 - vshufi32x4 \$0x44,$xd1,$xc1,$xc0 - vshufi32x4 \$0xee,$xd1,$xc1,$xd1 - vshufi32x4 \$0x44,$xd2,$xc2,$xc1 - vshufi32x4 \$0xee,$xd2,$xc2,$xd2 - vshufi32x4 \$0x44,$xd3,$xc3,$xc2 - vshufi32x4 \$0xee,$xd3,$xc3,$xd3 -___ - ($xc0,$xc1,$xc2,$xc3,$xt3)=($xt3,$xc0,$xc1,$xc2,$xc3); -$code.=<<___; - vshufi32x4 \$0x88,$xc0,$xa0,$xt0 # "de-interlace" further - vshufi32x4 \$0xdd,$xc0,$xa0,$xa0 - vshufi32x4 \$0x88,$xd0,$xb0,$xc0 - vshufi32x4 \$0xdd,$xd0,$xb0,$xd0 - vshufi32x4 \$0x88,$xc1,$xa1,$xt1 - vshufi32x4 \$0xdd,$xc1,$xa1,$xa1 - vshufi32x4 \$0x88,$xd1,$xb1,$xc1 - vshufi32x4 \$0xdd,$xd1,$xb1,$xd1 - vshufi32x4 \$0x88,$xc2,$xa2,$xt2 - vshufi32x4 \$0xdd,$xc2,$xa2,$xa2 - vshufi32x4 \$0x88,$xd2,$xb2,$xc2 - vshufi32x4 \$0xdd,$xd2,$xb2,$xd2 - vshufi32x4 \$0x88,$xc3,$xa3,$xt3 - vshufi32x4 \$0xdd,$xc3,$xa3,$xa3 - vshufi32x4 \$0x88,$xd3,$xb3,$xc3 - vshufi32x4 \$0xdd,$xd3,$xb3,$xd3 -___ - ($xa0,$xa1,$xa2,$xa3,$xb0,$xb1,$xb2,$xb3)= - ($xt0,$xt1,$xt2,$xt3,$xa0,$xa1,$xa2,$xa3); - - ($xa0,$xb0,$xc0,$xd0, $xa1,$xb1,$xc1,$xd1, - $xa2,$xb2,$xc2,$xd2, $xa3,$xb3,$xc3,$xd3) = - ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, - $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3); -$code.=<<___; - cmp \$64*16,$len - jb .Ltail16x - - vpxord 0x00($inp),$xa0,$xa0 # xor with input - vpxord 0x40($inp),$xb0,$xb0 - vpxord 0x80($inp),$xc0,$xc0 - vpxord 0xc0($inp),$xd0,$xd0 - vmovdqu32 $xa0,0x00($out) - vmovdqu32 $xb0,0x40($out) - vmovdqu32 $xc0,0x80($out) - vmovdqu32 $xd0,0xc0($out) - - vpxord 0x100($inp),$xa1,$xa1 - vpxord 0x140($inp),$xb1,$xb1 - vpxord 0x180($inp),$xc1,$xc1 - vpxord 0x1c0($inp),$xd1,$xd1 - vmovdqu32 $xa1,0x100($out) - vmovdqu32 $xb1,0x140($out) - vmovdqu32 $xc1,0x180($out) - vmovdqu32 $xd1,0x1c0($out) - - vpxord 0x200($inp),$xa2,$xa2 - vpxord 0x240($inp),$xb2,$xb2 - vpxord 0x280($inp),$xc2,$xc2 - vpxord 0x2c0($inp),$xd2,$xd2 - vmovdqu32 $xa2,0x200($out) - vmovdqu32 $xb2,0x240($out) - vmovdqu32 $xc2,0x280($out) - vmovdqu32 $xd2,0x2c0($out) - - vpxord 0x300($inp),$xa3,$xa3 - vpxord 0x340($inp),$xb3,$xb3 - vpxord 0x380($inp),$xc3,$xc3 - vpxord 0x3c0($inp),$xd3,$xd3 - lea 0x400($inp),$inp - vmovdqu32 $xa3,0x300($out) - vmovdqu32 $xb3,0x340($out) - vmovdqu32 $xc3,0x380($out) - vmovdqu32 $xd3,0x3c0($out) - lea 0x400($out),$out - - sub \$64*16,$len - jnz .Loop_outer16x - - jmp .Ldone16x - -.align 32 -.Ltail16x: - xor %r10,%r10 - sub $inp,$out - cmp \$64*1,$len - jb .Less_than_64_16x - vpxord ($inp),$xa0,$xa0 # xor with input - vmovdqu32 $xa0,($out,$inp) - je .Ldone16x - vmovdqa32 $xb0,$xa0 - lea 64($inp),$inp - - cmp \$64*2,$len - jb .Less_than_64_16x - vpxord ($inp),$xb0,$xb0 - vmovdqu32 $xb0,($out,$inp) - je .Ldone16x - vmovdqa32 $xc0,$xa0 - lea 64($inp),$inp - - cmp \$64*3,$len - jb .Less_than_64_16x - vpxord ($inp),$xc0,$xc0 - vmovdqu32 $xc0,($out,$inp) - je .Ldone16x - vmovdqa32 $xd0,$xa0 - lea 64($inp),$inp - - cmp \$64*4,$len - jb .Less_than_64_16x - vpxord ($inp),$xd0,$xd0 - vmovdqu32 $xd0,($out,$inp) - je .Ldone16x - vmovdqa32 $xa1,$xa0 - lea 64($inp),$inp - - cmp \$64*5,$len - jb .Less_than_64_16x - vpxord ($inp),$xa1,$xa1 - vmovdqu32 $xa1,($out,$inp) - je .Ldone16x - vmovdqa32 $xb1,$xa0 - lea 64($inp),$inp - - cmp \$64*6,$len - jb .Less_than_64_16x - vpxord ($inp),$xb1,$xb1 - vmovdqu32 $xb1,($out,$inp) - je .Ldone16x - vmovdqa32 $xc1,$xa0 - lea 64($inp),$inp - - cmp \$64*7,$len - jb .Less_than_64_16x - vpxord ($inp),$xc1,$xc1 - vmovdqu32 $xc1,($out,$inp) - je .Ldone16x - vmovdqa32 $xd1,$xa0 - lea 64($inp),$inp - - cmp \$64*8,$len - jb .Less_than_64_16x - vpxord ($inp),$xd1,$xd1 - vmovdqu32 $xd1,($out,$inp) - je .Ldone16x - vmovdqa32 $xa2,$xa0 - lea 64($inp),$inp - - cmp \$64*9,$len - jb .Less_than_64_16x - vpxord ($inp),$xa2,$xa2 - vmovdqu32 $xa2,($out,$inp) - je .Ldone16x - vmovdqa32 $xb2,$xa0 - lea 64($inp),$inp - - cmp \$64*10,$len - jb .Less_than_64_16x - vpxord ($inp),$xb2,$xb2 - vmovdqu32 $xb2,($out,$inp) - je .Ldone16x - vmovdqa32 $xc2,$xa0 - lea 64($inp),$inp - - cmp \$64*11,$len - jb .Less_than_64_16x - vpxord ($inp),$xc2,$xc2 - vmovdqu32 $xc2,($out,$inp) - je .Ldone16x - vmovdqa32 $xd2,$xa0 - lea 64($inp),$inp - - cmp \$64*12,$len - jb .Less_than_64_16x - vpxord ($inp),$xd2,$xd2 - vmovdqu32 $xd2,($out,$inp) - je .Ldone16x - vmovdqa32 $xa3,$xa0 - lea 64($inp),$inp - - cmp \$64*13,$len - jb .Less_than_64_16x - vpxord ($inp),$xa3,$xa3 - vmovdqu32 $xa3,($out,$inp) - je .Ldone16x - vmovdqa32 $xb3,$xa0 - lea 64($inp),$inp - - cmp \$64*14,$len - jb .Less_than_64_16x - vpxord ($inp),$xb3,$xb3 - vmovdqu32 $xb3,($out,$inp) - je .Ldone16x - vmovdqa32 $xc3,$xa0 - lea 64($inp),$inp - - cmp \$64*15,$len - jb .Less_than_64_16x - vpxord ($inp),$xc3,$xc3 - vmovdqu32 $xc3,($out,$inp) - je .Ldone16x - vmovdqa32 $xd3,$xa0 - lea 64($inp),$inp - -.Less_than_64_16x: - vmovdqa32 $xa0,0x00(%rsp) - lea ($out,$inp),$out - and \$63,$len - -.Loop_tail16x: - movzb ($inp,%r10),%eax - movzb (%rsp,%r10),%ecx - lea 1(%r10),%r10 - xor %ecx,%eax - mov %al,-1($out,%r10) - dec $len - jnz .Loop_tail16x - - vpxord $xa0,$xa0,$xa0 - vmovdqa32 $xa0,0(%rsp) - -.Ldone16x: - vzeroall -___ -$code.=<<___ if ($win64); - movaps -0xa8(%r9),%xmm6 - movaps -0x98(%r9),%xmm7 - movaps -0x88(%r9),%xmm8 - movaps -0x78(%r9),%xmm9 - movaps -0x68(%r9),%xmm10 - movaps -0x58(%r9),%xmm11 - movaps -0x48(%r9),%xmm12 - movaps -0x38(%r9),%xmm13 - movaps -0x28(%r9),%xmm14 - movaps -0x18(%r9),%xmm15 -___ -$code.=<<___; - lea (%r9),%rsp -.cfi_def_cfa_register rsp -.L16x_epilogue: - ret -.cfi_endproc -.size ChaCha20_16x,.-ChaCha20_16x -___ -} +# AVX512 code paths were removed # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, # CONTEXT *context,DISPATCHER_CONTEXT *disp) @@ -2729,15 +1999,6 @@ sub AVX512_lane_ROUND { .rva .LSEH_end_ChaCha20_8x .rva .LSEH_info_ChaCha20_8x ___ -$code.=<<___ if ($avx>2); - .rva .LSEH_begin_ChaCha20_avx512 - .rva .LSEH_end_ChaCha20_avx512 - .rva .LSEH_info_ChaCha20_avx512 - - .rva .LSEH_begin_ChaCha20_16x - .rva .LSEH_end_ChaCha20_16x - .rva .LSEH_info_ChaCha20_16x -___ $code.=<<___; .section .xdata .align 8 @@ -2761,17 +2022,6 @@ sub AVX512_lane_ROUND { .rva full_handler .rva .L8x_body,.L8x_epilogue # HandlerData[] ___ -$code.=<<___ if ($avx>2); -.LSEH_info_ChaCha20_avx512: - .byte 9,0,0,0 - .rva ssse3_handler - .rva .Lavx512_body,.Lavx512_epilogue # HandlerData[] - -.LSEH_info_ChaCha20_16x: - .byte 9,0,0,0 - .rva full_handler - .rva .L16x_body,.L16x_epilogue # HandlerData[] -___ } foreach (split("\n",$code)) { From fbe6562c2273c0c12379a41e1e3d0302f496ba10 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 12 Nov 2020 16:29:28 -0800 Subject: [PATCH 265/399] Build: Make it easier to run the same configuration locally that is used in CI. --- .github/workflows/ci.yml | 19 +---------------- mk/cargo.sh | 46 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 18 deletions(-) create mode 100755 mk/cargo.sh diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f78cb53eba..84d0ba3473 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -154,24 +154,7 @@ jobs: - if: ${{ !contains(matrix.host_os, 'windows') }} run: | - PATH=${ANDROID_SDK_ROOT}/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/bin:$PATH \ - CC_aarch64_linux_android=aarch64-linux-android21-clang \ - CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang \ - CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc \ - CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc \ - CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="qemu-aarch64 -L /usr/aarch64-linux-gnu" \ - CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc \ - CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc \ - CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER="qemu-arm -L /usr/arm-linux-gnueabihf" \ - CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang \ - CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang \ - CC_i686_unknown_linux_gnu=clang \ - CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang \ - CC_i686_unknown_linux_musl=clang \ - CARGO_TARGET_i686_UNKNOWN_LINUX_MUSL_LINKER=clang \ - CC_x86_64_unknown_linux_musl=clang \ - CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang \ - cargo test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }} + mk/cargo.sh test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }} - if: ${{ contains(matrix.host_os, 'windows') }} run: | diff --git a/mk/cargo.sh b/mk/cargo.sh new file mode 100755 index 0000000000..cdbd676982 --- /dev/null +++ b/mk/cargo.sh @@ -0,0 +1,46 @@ +#!/usr/bin/env bash +# +# Copyright 2020 Brian Smith. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +set -eux -o pipefail +IFS=$'\n\t' + +if [ -n "${ANDROID_SDK_ROOT-}" ]; then + export PATH=${ANDROID_SDK_ROOT}/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/bin:$PATH +fi + +export CC_aarch64_linux_android=aarch64-linux-android21-clang +export CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang +export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc + +export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc +export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="qemu-aarch64 -L /usr/aarch64-linux-gnu" +export CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc + +export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc +export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER="qemu-arm -L /usr/arm-linux-gnueabihf" +export CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang + +export CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang +export CC_i686_unknown_linux_gnu=clang +export CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang + +export CC_i686_unknown_linux_musl=clang +export CARGO_TARGET_i686_UNKNOWN_LINUX_MUSL_LINKER=clang + +export CC_x86_64_unknown_linux_musl=clang +export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang + +cargo "$@" From fb00ee314e651169bd658f87a6c1efebe2e87b6a Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 12 Nov 2020 16:32:52 -0800 Subject: [PATCH 266/399] Build: Remove leftover Travis CI scripts. --- mk/kcov.sh | 13 ---------- mk/travis.sh | 68 ---------------------------------------------------- 2 files changed, 81 deletions(-) delete mode 100755 mk/kcov.sh delete mode 100755 mk/travis.sh diff --git a/mk/kcov.sh b/mk/kcov.sh deleted file mode 100755 index b3a66f43fd..0000000000 --- a/mk/kcov.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash -set -eux -o pipefail -IFS=$'\n\t' - -output=target/kcov/unmerged/$(basename $1) -echo $output -kcov \ - --collect-only \ - --exclude-path=/usr/include \ - --include-pattern=ring/crypto,ring/src,ring/tests \ - --verify \ - $output \ - $1 diff --git a/mk/travis.sh b/mk/travis.sh deleted file mode 100755 index 90ac7999b7..0000000000 --- a/mk/travis.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/env bash -# -# Copyright 2015 Brian Smith. -# -# Permission to use, copy, modify, and/or distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY -# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -set -eux -o pipefail -IFS=$'\n\t' - -source $HOME/.cargo/env - -run_tests_on_host=1 - -case $TARGET_X in -aarch64-apple-ios) - run_tests_on_host= - ;; -aarch64-unknown-linux-gnu) - export QEMU_LD_PREFIX=/usr/aarch64-linux-gnu - ;; -arm-unknown-linux-gnueabihf) - export QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf - ;; -aarch64-linux-android|armv7-linux-androideabi) - run_tests_on_host= - PATH=$HOME/.cargo/bin:$ANDROID_HOME/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/bin:$PATH - ;; -esac - -printenv - -if [[ "$TARGET_X" =~ .*"-unknown-linux-musl" || ! "$TARGET_X" =~ "x86_64" ]]; then - rustup target add "$TARGET_X" -fi - -if [[ "$MODE_X" == "RELWITHDEBINFO" ]]; then - mode=--release - target_dir=target/$TARGET_X/release -else - target_dir=target/$TARGET_X/debug -fi - -no_run= -if [[ -z $run_tests_on_host ]]; then - no_run=--no-run -fi - -if [ -n "${KCOV-}" ]; then - mkdir -p target/kcov/unmerged -fi - -cargo test -vv -j2 ${mode-} ${no_run-} ${FEATURES_X-} --target=$TARGET_X - -if [ -n "${KCOV-}" ]; then - kcov --merge --coveralls-id=$TRAVIS_JOB_ID target/kcov/merged target/kcov/unmerged/* -fi - -echo end of mk/travis.sh From 4076ee04ebef4b2170feaef613d95803c39d0b8a Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 17 Nov 2020 00:05:31 -0800 Subject: [PATCH 267/399] CI/CD: Add a `package` job to GitHub Actions. --- .github/workflows/ci.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 84d0ba3473..1781d62f9d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -54,6 +54,27 @@ jobs: - run: cargo deny check + package: + # Don't run duplicate `push` jobs for the repo owner's PRs. + if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository + + runs-on: windows-latest + + steps: + - uses: actions/checkout@v2 + + - run: > + (powershell -ExecutionPolicy Bypass ./mk/install-build-tools.ps1) -and + ("$pwd\target\tools" >> $env:GITHUB_PATH) + + - uses: actions-rs/toolchain@v1 + with: + toolchain: stable + profile: minimal + + - run: sh mk/package.sh + shell: bash + test: # Don't run duplicate `push` jobs for the repo owner's PRs. if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository From d12e36fec571eb2930c8abfd0b41bd48463582a7 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 16 Nov 2020 23:18:45 -0800 Subject: [PATCH 268/399] Move wasm32-unknown-unknown support to cargo.sh. Make it easier to build and test the wasm32-unknown-unknown target locally. --- .github/workflows/ci.yml | 11 ++--------- mk/cargo.sh | 5 +++++ 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1781d62f9d..06b104985d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -220,12 +220,5 @@ jobs: target: ${{ matrix.target }} toolchain: ${{ matrix.rust_channel }} - - env: - # The first two are only needed for for wasm32 targets only, only - # when the "wasm_c" feature is enabled. - CC_wasm32_unknown_unknown: clang-10 - AR_wasm32_unknown_unknown: llvm-ar-10 - CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_RUNNER: wasm-bindgen-test-runner - # TODO: Collect the resultant artifacts and/or run the tests. - run: | - ${{ matrix.webdriver }} cargo test -vv --target=${{ matrix.target }} ${{ matrix.features }} ${{ matrix.mode }} + - run: | + ${{ matrix.webdriver }} mk/cargo.sh test -vv --target=${{ matrix.target }} ${{ matrix.features }} ${{ matrix.mode }} diff --git a/mk/cargo.sh b/mk/cargo.sh index cdbd676982..c55083f03e 100755 --- a/mk/cargo.sh +++ b/mk/cargo.sh @@ -43,4 +43,9 @@ export CARGO_TARGET_i686_UNKNOWN_LINUX_MUSL_LINKER=clang export CC_x86_64_unknown_linux_musl=clang export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang +# The first two are only needed for when the "wasm_c" feature is enabled. +export CC_wasm32_unknown_unknown=clang-10 +export AR_wasm32_unknown_unknown=llvm-ar-10 +export CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_RUNNER=wasm-bindgen-test-runner + cargo "$@" From 46d39428cb174985ef3b7b1af044d4faaac829f8 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 16 Nov 2020 22:34:29 -0800 Subject: [PATCH 269/399] Clean up memcpy/memset patterns. Define `GFp_memcpy` and `GFp_memset` with fallback implementations. Sync up some code that diverged from BoringSSL due to the lack of these functions. --- crypto/curve25519/curve25519.c | 14 ++++----- crypto/curve25519/internal.h | 6 ---- crypto/fipsmodule/aes/aes_nohw.c | 49 ++++++++++++++------------------ crypto/internal.h | 45 +++++++++++++++++++++++++++-- 4 files changed, 70 insertions(+), 44 deletions(-) diff --git a/crypto/curve25519/curve25519.c b/crypto/curve25519/curve25519.c index b4198996e8..30afff0eda 100644 --- a/crypto/curve25519/curve25519.c +++ b/crypto/curve25519/curve25519.c @@ -159,7 +159,7 @@ static void fe_frombytes_strict(fe *h, const uint8_t s[32]) { static void fe_frombytes(fe *h, const uint8_t s[32]) { uint8_t s_copy[32]; - bytes_copy(s_copy, s, 32); + GFp_memcpy(s_copy, s, 32); s_copy[31] &= 0x7f; fe_frombytes_strict(h, s_copy); } @@ -171,21 +171,21 @@ static void fe_tobytes(uint8_t s[32], const fe *f) { // h = 0 static void fe_0(fe *h) { - fe_limbs_zero(h->v); + GFp_memset(h, 0, sizeof(fe)); } static void fe_loose_0(fe_loose *h) { - fe_limbs_zero(h->v); + GFp_memset(h, 0, sizeof(fe_loose)); } // h = 1 static void fe_1(fe *h) { - fe_0(h); + GFp_memset(h, 0, sizeof(fe)); h->v[0] = 1; } static void fe_loose_1(fe_loose *h) { - fe_loose_0(h); + GFp_memset(h, 0, sizeof(fe_loose)); h->v[0] = 1; } @@ -1782,7 +1782,7 @@ void GFp_x25519_scalar_mult_generic_masked(uint8_t out[32], fe_loose x2l, z2l, x3l, tmp0l, tmp1l; uint8_t e[32]; - bytes_copy(e, scalar_masked, 32); + GFp_memcpy(e, scalar_masked, 32); // The following implementation was transcribed to Coq and proven to // correspond to unary scalar multiplication in affine coordinates given that // x1 != 0 is the x coordinate of some point on the curve. It was also checked @@ -1856,7 +1856,7 @@ void GFp_x25519_scalar_mult_generic_masked(uint8_t out[32], void GFp_x25519_public_from_private_generic_masked(uint8_t out_public_value[32], const uint8_t private_key_masked[32]) { uint8_t e[32]; - bytes_copy(e, private_key_masked, 32); + GFp_memcpy(e, private_key_masked, 32); ge_p3 A; GFp_x25519_ge_scalarmult_base(&A, e); diff --git a/crypto/curve25519/internal.h b/crypto/curve25519/internal.h index 5f87f92003..60f2f615b4 100644 --- a/crypto/curve25519/internal.h +++ b/crypto/curve25519/internal.h @@ -65,12 +65,6 @@ static inline void fe_limbs_copy(fe_limb_t r[], const fe_limb_t a[]) { } } -static inline void fe_limbs_zero(fe_limb_t r[]) { - for (size_t i = 0; i < FE_NUM_LIMBS; ++i) { - r[i] = 0; - } -} - // ge means group element. // // Here the group is the set of pairs (x,y) of field elements (see fe.h) diff --git a/crypto/fipsmodule/aes/aes_nohw.c b/crypto/fipsmodule/aes/aes_nohw.c index 656f051a6c..19b019e73f 100644 --- a/crypto/fipsmodule/aes/aes_nohw.c +++ b/crypto/fipsmodule/aes/aes_nohw.c @@ -14,13 +14,6 @@ #include -#if !defined(__wasm__) -#include -#else -void *memcpy(void *, const void*, size_t); -void *memset(void *, int, size_t); -#endif - #include "../../internal.h" #if defined(OPENSSL_SSE2) @@ -353,7 +346,7 @@ static inline uint8_t lo(uint32_t a) { static inline void aes_nohw_compact_block(aes_word_t out[AES_NOHW_BLOCK_WORDS], const uint8_t in[16]) { - memcpy(out, in, 16); + GFp_memcpy(out, in, 16); #if defined(OPENSSL_SSE2) // No conversions needed. #elif defined(OPENSSL_64_BIT) @@ -381,7 +374,7 @@ static inline void aes_nohw_compact_block(aes_word_t out[AES_NOHW_BLOCK_WORDS], static inline void aes_nohw_uncompact_block( uint8_t out[16], const aes_word_t in[AES_NOHW_BLOCK_WORDS]) { #if defined(OPENSSL_SSE2) - memcpy(out, in, 16); // No conversions needed. + GFp_memcpy(out, in, 16); // No conversions needed. #elif defined(OPENSSL_64_BIT) uint64_t a0 = in[0]; uint64_t a1 = in[1]; @@ -389,8 +382,8 @@ static inline void aes_nohw_uncompact_block( aes_nohw_uncompact_word((a0 & UINT64_C(0x00000000ffffffff)) | (a1 << 32)); uint64_t b1 = aes_nohw_uncompact_word((a1 & UINT64_C(0xffffffff00000000)) | (a0 >> 32)); - memcpy(out, &b0, 8); - memcpy(out + 8, &b1, 8); + GFp_memcpy(out, &b0, 8); + GFp_memcpy(out + 8, &b1, 8); #else uint32_t a0 = in[0]; uint32_t a1 = in[1]; @@ -411,10 +404,10 @@ static inline void aes_nohw_uncompact_block( b1 = aes_nohw_uncompact_word(b1); b2 = aes_nohw_uncompact_word(b2); b3 = aes_nohw_uncompact_word(b3); - memcpy(out, &b0, 4); - memcpy(out + 4, &b1, 4); - memcpy(out + 8, &b2, 4); - memcpy(out + 12, &b3, 4); + GFp_memcpy(out, &b0, 4); + GFp_memcpy(out + 4, &b1, 4); + GFp_memcpy(out + 8, &b2, 4); + GFp_memcpy(out + 12, &b3, 4); #endif } @@ -482,7 +475,7 @@ static void aes_nohw_transpose(AES_NOHW_BATCH *batch) { static void aes_nohw_to_batch(AES_NOHW_BATCH *out, const uint8_t *in, size_t num_blocks) { // Don't leave unused blocks uninitialized. - memset(out, 0, sizeof(AES_NOHW_BATCH)); + GFp_memset(out, 0, sizeof(AES_NOHW_BATCH)); debug_assert_nonsecret(num_blocks <= AES_NOHW_BATCH_SIZE); for (size_t i = 0; i < num_blocks; i++) { aes_word_t block[AES_NOHW_BLOCK_WORDS]; @@ -777,7 +770,7 @@ static void aes_nohw_expand_round_keys(AES_NOHW_SCHEDULE *out, // Copy the round key into each block in the batch. for (size_t j = 0; j < AES_NOHW_BATCH_SIZE; j++) { aes_word_t tmp[AES_NOHW_BLOCK_WORDS]; - memcpy(tmp, key->rd_key + 4 * i, 16); + GFp_memcpy(tmp, key->rd_key + 4 * i, 16); aes_nohw_batch_set(&out->keys[i], tmp, j); } aes_nohw_transpose(&out->keys[i]); @@ -801,7 +794,7 @@ static inline aes_word_t aes_nohw_rcon_slice(uint8_t rcon, size_t i) { static void aes_nohw_sub_block(aes_word_t out[AES_NOHW_BLOCK_WORDS], const aes_word_t in[AES_NOHW_BLOCK_WORDS]) { AES_NOHW_BATCH batch; - memset(&batch, 0, sizeof(batch)); + GFp_memset(&batch, 0, sizeof(batch)); aes_nohw_batch_set(&batch, in, 0); aes_nohw_transpose(&batch); aes_nohw_sub_bytes(&batch); @@ -814,7 +807,7 @@ static void aes_nohw_setup_key_128(AES_KEY *key, const uint8_t in[16]) { aes_word_t block[AES_NOHW_BLOCK_WORDS]; aes_nohw_compact_block(block, in); - memcpy(key->rd_key, block, 16); + GFp_memcpy(key->rd_key, block, 16); for (size_t i = 1; i <= 10; i++) { aes_word_t sub[AES_NOHW_BLOCK_WORDS]; @@ -833,7 +826,7 @@ static void aes_nohw_setup_key_128(AES_KEY *key, const uint8_t in[16]) { block[j] = aes_nohw_xor(block[j], aes_nohw_shift_left(v, 8)); block[j] = aes_nohw_xor(block[j], aes_nohw_shift_left(v, 12)); } - memcpy(key->rd_key + 4 * i, block, 16); + GFp_memcpy(key->rd_key + 4 * i, block, 16); } } @@ -843,10 +836,10 @@ static void aes_nohw_setup_key_256(AES_KEY *key, const uint8_t in[32]) { // Each key schedule iteration produces two round keys. aes_word_t block1[AES_NOHW_BLOCK_WORDS], block2[AES_NOHW_BLOCK_WORDS]; aes_nohw_compact_block(block1, in); - memcpy(key->rd_key, block1, 16); + GFp_memcpy(key->rd_key, block1, 16); aes_nohw_compact_block(block2, in + 16); - memcpy(key->rd_key + 4, block2, 16); + GFp_memcpy(key->rd_key + 4, block2, 16); for (size_t i = 2; i <= 14; i += 2) { aes_word_t sub[AES_NOHW_BLOCK_WORDS]; @@ -864,7 +857,7 @@ static void aes_nohw_setup_key_256(AES_KEY *key, const uint8_t in[32]) { block1[j] = aes_nohw_xor(block1[j], aes_nohw_shift_left(v, 8)); block1[j] = aes_nohw_xor(block1[j], aes_nohw_shift_left(v, 12)); } - memcpy(key->rd_key + 4 * i, block1, 16); + GFp_memcpy(key->rd_key + 4 * i, block1, 16); if (i == 14) { break; @@ -880,7 +873,7 @@ static void aes_nohw_setup_key_256(AES_KEY *key, const uint8_t in[32]) { block2[j] = aes_nohw_xor(block2[j], aes_nohw_shift_left(v, 8)); block2[j] = aes_nohw_xor(block2[j], aes_nohw_shift_left(v, 12)); } - memcpy(key->rd_key + 4 * (i + 1), block2, 16); + GFp_memcpy(key->rd_key + 4 * (i + 1), block2, 16); } } @@ -913,10 +906,10 @@ static inline void aes_nohw_xor_block(uint8_t out[16], const uint8_t a[16], const uint8_t b[16]) { for (size_t i = 0; i < 16; i += sizeof(aes_word_t)) { aes_word_t x, y; - memcpy(&x, a + i, sizeof(aes_word_t)); - memcpy(&y, b + i, sizeof(aes_word_t)); + GFp_memcpy(&x, a + i, sizeof(aes_word_t)); + GFp_memcpy(&y, b + i, sizeof(aes_word_t)); x = aes_nohw_xor(x, y); - memcpy(out + i, &x, sizeof(aes_word_t)); + GFp_memcpy(out + i, &x, sizeof(aes_word_t)); } } @@ -936,7 +929,7 @@ void GFp_aes_nohw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, uint8_t u8[AES_NOHW_BATCH_SIZE * 16]; } ivs, enc_ivs; for (size_t i = 0; i < AES_NOHW_BATCH_SIZE; i++) { - memcpy(ivs.u8 + 16 * i, ivec, 16); + GFp_memcpy(ivs.u8 + 16 * i, ivec, 16); } uint32_t ctr = CRYPTO_bswap4(ivs.u32[3]); diff --git a/crypto/internal.h b/crypto/internal.h index 57607bfc38..8f3ea09730 100644 --- a/crypto/internal.h +++ b/crypto/internal.h @@ -259,10 +259,49 @@ static inline uint32_t CRYPTO_bswap4(uint32_t x) { } #endif -static inline void bytes_copy(uint8_t out[], const uint8_t in[], size_t len) { - for (size_t i = 0; i < len; ++i) { - out[i] = in[i]; +// Assume we have unless we can detect otherwise. The +// targets that don't have string.h do have `__has_include`. +#define GFp_HAS_STRING_H + +#if defined(__has_include) +# if !__has_include() +# undef GFp_HAS_STRING_H +# endif +#endif + +#if defined(GFp_HAS_STRING_H) +#include +#endif + +static inline void *GFp_memcpy(void *dst, const void *src, size_t n) { +#if defined(GFp_HAS_STRING_H) + if (n == 0) { + return dst; + } + return memcpy(dst, src, n); +#else + unsigned char *d = dst; + const unsigned char *s = src; + for (size_t i = 0; i < n; ++i) { + d[i] = s[i]; } + return dst; +#endif +} + +static inline void *GFp_memset(void *dst, int c, size_t n) { +#if defined(GFp_HAS_STRING_H) + if (n == 0) { + return dst; + } + return memset(dst, c, n); +#else + unsigned char *d = dst; + for (size_t i = 0; i < n; ++i) { + d[i] = (unsigned char)c; + } + return dst; +#endif } #endif // OPENSSL_HEADER_CRYPTO_INTERNAL_H From 72abf717109fecfb788e7754c1227c2fc32cc7cd Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 17 Nov 2020 09:49:19 -0800 Subject: [PATCH 270/399] build.rs: Sort header files alphabetically --- build.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.rs b/build.rs index 138bd64572..b4c18458b6 100644 --- a/build.rs +++ b/build.rs @@ -130,10 +130,10 @@ const RING_INCLUDES: &[&str] = "crypto/fipsmodule/ec/ecp_nistz.h", "crypto/fipsmodule/ec/ecp_nistz384.h", "crypto/fipsmodule/ec/ecp_nistz256.h", + "crypto/fipsmodule/modes/internal.h", "crypto/internal.h", "crypto/limbs/limbs.h", "crypto/limbs/limbs.inl", - "crypto/fipsmodule/modes/internal.h", "include/GFp/aes.h", "include/GFp/arm_arch.h", "include/GFp/base.h", From bbf935c17ba6f5eb5c9949a88fa98be254a8e17b Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 13 Nov 2020 14:12:45 -0800 Subject: [PATCH 271/399] Switch Poly1305 implementation to the BoringSSL implementation. Previously the OpenSSL implementation was being used. Switch to the BoringSSL version. Switching to the BoringSSL implementation will make it easier to refactor the CPU feature detection, which is important for upcoming ports. This switch will also implicitly add support for BTI and pointer authentication for Poly1305. This is based on BoringSSL 63d06626d3a104868eee622e8e56d9f2dd643366. --- Cargo.toml | 10 +- build.rs | 10 +- crypto/poly1305/asm/poly1305-armv4.pl | 1246 ------------- crypto/poly1305/asm/poly1305-armv8.pl | 931 ---------- crypto/poly1305/asm/poly1305-x86.pl | 1223 ------------- crypto/poly1305/asm/poly1305-x86_64.pl | 2243 ------------------------ crypto/poly1305/poly1305.c | 302 ++++ crypto/poly1305/poly1305_arm.c | 309 ++++ crypto/poly1305/poly1305_arm_asm.S | 2031 +++++++++++++++++++++ crypto/poly1305/poly1305_vec.c | 864 +++++++++ include/GFp/poly1305.h | 23 + src/aead/chacha20_poly1305.rs | 22 +- src/aead/chacha20_poly1305_openssh.rs | 16 +- src/aead/poly1305.rs | 216 +-- 14 files changed, 3640 insertions(+), 5806 deletions(-) delete mode 100755 crypto/poly1305/asm/poly1305-armv4.pl delete mode 100755 crypto/poly1305/asm/poly1305-armv8.pl delete mode 100755 crypto/poly1305/asm/poly1305-x86.pl delete mode 100755 crypto/poly1305/asm/poly1305-x86_64.pl create mode 100644 crypto/poly1305/poly1305.c create mode 100644 crypto/poly1305/poly1305_arm.c create mode 100644 crypto/poly1305/poly1305_arm_asm.S create mode 100644 crypto/poly1305/poly1305_vec.c create mode 100644 include/GFp/poly1305.h diff --git a/Cargo.toml b/Cargo.toml index 1fe5854e66..1ad971059b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -87,10 +87,11 @@ include = [ "crypto/perlasm/x86gas.pl", "crypto/perlasm/x86nasm.pl", "crypto/perlasm/x86_64-xlate.pl", - "crypto/poly1305/asm/poly1305-armv4.pl", - "crypto/poly1305/asm/poly1305-armv8.pl", - "crypto/poly1305/asm/poly1305-x86.pl", - "crypto/poly1305/asm/poly1305-x86_64.pl", + "crypto/poly1305/internal.h", + "crypto/poly1305/poly1305.c", + "crypto/poly1305/poly1305_arm.c", + "crypto/poly1305/poly1305_arm_asm.S", + "crypto/poly1305/poly1305_vec.c", "doc/link-to-readme.md", "examples/checkdigest.rs", "include/GFp/aes.h", @@ -99,6 +100,7 @@ include = [ "include/GFp/check.h", "include/GFp/cpu.h", "include/GFp/mem.h", + "include/GFp/poly1305.h", "include/GFp/type_check.h", "src/aead.rs", "src/aead/aes.rs", diff --git a/build.rs b/build.rs index b4c18458b6..14cd073b04 100644 --- a/build.rs +++ b/build.rs @@ -59,6 +59,7 @@ const RING_SRCS: &[(&[&str], &str)] = &[ (&[], "crypto/fipsmodule/bn/montgomery_inv.c"), (&[], "crypto/limbs/limbs.c"), (&[], "crypto/mem.c"), + (&[], "crypto/poly1305/poly1305.c"), (&[AARCH64, ARM, X86_64, X86], "crypto/crypto.c"), (&[AARCH64, ARM, X86_64, X86], "crypto/curve25519/curve25519.c"), @@ -75,7 +76,6 @@ const RING_SRCS: &[(&[&str], &str)] = &[ (&[X86], "crypto/chacha/asm/chacha-x86.pl"), (&[X86], "crypto/fipsmodule/ec/asm/ecp_nistz256-x86.pl"), (&[X86], "crypto/fipsmodule/modes/asm/ghash-x86.pl"), - (&[X86], "crypto/poly1305/asm/poly1305-x86.pl"), (&[X86_64], "crypto/fipsmodule/aes/asm/aesni-x86_64.pl"), (&[X86_64], "crypto/fipsmodule/aes/asm/vpaes-x86_64.pl"), @@ -85,7 +85,7 @@ const RING_SRCS: &[(&[&str], &str)] = &[ (&[X86_64], "crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl"), (&[X86_64], "crypto/fipsmodule/modes/asm/aesni-gcm-x86_64.pl"), (&[X86_64], "crypto/fipsmodule/modes/asm/ghash-x86_64.pl"), - (&[X86_64], "crypto/poly1305/asm/poly1305-x86_64.pl"), + (&[X86_64], "crypto/poly1305/poly1305_vec.c"), (&[X86_64], SHA512_X86_64), (&[AARCH64, ARM], "crypto/fipsmodule/aes/asm/aesv8-armx.pl"), @@ -98,7 +98,8 @@ const RING_SRCS: &[(&[&str], &str)] = &[ (&[ARM], "crypto/curve25519/asm/x25519-asm-arm.S"), (&[ARM], "crypto/fipsmodule/ec/asm/ecp_nistz256-armv4.pl"), (&[ARM], "crypto/fipsmodule/modes/asm/ghash-armv4.pl"), - (&[ARM], "crypto/poly1305/asm/poly1305-armv4.pl"), + (&[ARM], "crypto/poly1305/poly1305_arm.c"), + (&[ARM], "crypto/poly1305/poly1305_arm_asm.S"), (&[ARM], "crypto/fipsmodule/sha/asm/sha256-armv4.pl"), (&[ARM], "crypto/fipsmodule/sha/asm/sha512-armv4.pl"), @@ -107,7 +108,6 @@ const RING_SRCS: &[(&[&str], &str)] = &[ (&[AARCH64], "crypto/chacha/asm/chacha-armv8.pl"), (&[AARCH64], "crypto/fipsmodule/ec/asm/ecp_nistz256-armv8.pl"), (&[AARCH64], "crypto/fipsmodule/modes/asm/ghash-neon-armv8.pl"), - (&[AARCH64], "crypto/poly1305/asm/poly1305-armv8.pl"), (&[AARCH64], SHA512_ARMV8), ]; @@ -134,12 +134,14 @@ const RING_INCLUDES: &[&str] = "crypto/internal.h", "crypto/limbs/limbs.h", "crypto/limbs/limbs.inl", + "crypto/poly1305/internal.h", "include/GFp/aes.h", "include/GFp/arm_arch.h", "include/GFp/base.h", "include/GFp/check.h", "include/GFp/cpu.h", "include/GFp/mem.h", + "include/GFp/poly1305.h", "include/GFp/type_check.h", "third_party/fiat/curve25519_32.h", "third_party/fiat/curve25519_64.h", diff --git a/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/poly1305/asm/poly1305-armv4.pl deleted file mode 100755 index 1265676bbb..0000000000 --- a/crypto/poly1305/asm/poly1305-armv4.pl +++ /dev/null @@ -1,1246 +0,0 @@ -#!/usr/bin/env perl -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# IALU(*)/gcc-4.4 NEON -# -# ARM11xx(ARMv6) 7.78/+100% - -# Cortex-A5 6.35/+130% 3.00 -# Cortex-A8 6.25/+115% 2.36 -# Cortex-A9 5.10/+95% 2.55 -# Cortex-A15 3.85/+85% 1.25(**) -# Snapdragon S4 5.70/+100% 1.48(**) -# -# (*) this is for -march=armv6, i.e. with bunch of ldrb loading data; -# (**) these are trade-off results, they can be improved by ~8% but at -# the cost of 15/12% regression on Cortex-A5/A7, it's even possible -# to improve Cortex-A9 result, but then A5/A7 loose more than 20%; - -$flavour = shift; -if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } -else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} } - -if ($flavour && $flavour ne "void") { - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - - open STDOUT,"| \"$^X\" $xlate $flavour $output"; -} else { - open STDOUT,">$output"; -} - -($ctx,$inp,$len,$padbit)=map("r$_",(0..3)); - -$code.=<<___; -#include - -.text -#if defined(__thumb2__) -.syntax unified -.thumb -#else -.code 32 -#endif - -.globl GFp_poly1305_emit -.globl GFp_poly1305_blocks -.globl GFp_poly1305_init_asm - -.type GFp_poly1305_init_asm,%function -.align 5 -GFp_poly1305_init_asm: -.Lpoly1305_init: - stmdb sp!,{r4-r11} - - eor r3,r3,r3 - cmp $inp,#0 - str r3,[$ctx,#0] @ zero hash value - str r3,[$ctx,#4] - str r3,[$ctx,#8] - str r3,[$ctx,#12] - str r3,[$ctx,#16] - str r3,[$ctx,#36] @ is_base2_26 - add $ctx,$ctx,#20 - -#ifdef __thumb2__ - it eq -#endif - moveq r0,#0 - beq .Lno_key - -#if __ARM_MAX_ARCH__>=7 - adr r11,.Lpoly1305_init - ldr r12,.LOPENSSL_armcap -#endif - ldrb r4,[$inp,#0] - mov r10,#0x0fffffff - ldrb r5,[$inp,#1] - and r3,r10,#-4 @ 0x0ffffffc - ldrb r6,[$inp,#2] - ldrb r7,[$inp,#3] - orr r4,r4,r5,lsl#8 - ldrb r5,[$inp,#4] - orr r4,r4,r6,lsl#16 - ldrb r6,[$inp,#5] - orr r4,r4,r7,lsl#24 - ldrb r7,[$inp,#6] - and r4,r4,r10 - -#if __ARM_MAX_ARCH__>=7 - ldr r12,[r11,r12] @ GFp_armcap_P -# ifdef __APPLE__ - ldr r12,[r12] -# endif -#endif - ldrb r8,[$inp,#7] - orr r5,r5,r6,lsl#8 - ldrb r6,[$inp,#8] - orr r5,r5,r7,lsl#16 - ldrb r7,[$inp,#9] - orr r5,r5,r8,lsl#24 - ldrb r8,[$inp,#10] - and r5,r5,r3 - -#if __ARM_MAX_ARCH__>=7 - tst r12,#ARMV7_NEON @ check for NEON -# ifdef __APPLE__ - adr r9,poly1305_blocks_neon - adr r11,GFp_poly1305_blocks -# ifdef __thumb2__ - it ne -# endif - movne r11,r9 - adr r12,GFp_poly1305_emit - adr r10,poly1305_emit_neon -# ifdef __thumb2__ - it ne -# endif - movne r12,r10 -# else -# ifdef __thumb2__ - itete eq -# endif - addeq r12,r11,#(GFp_poly1305_emit-.Lpoly1305_init) - addne r12,r11,#(poly1305_emit_neon-.Lpoly1305_init) - addeq r11,r11,#(GFp_poly1305_blocks-.Lpoly1305_init) - addne r11,r11,#(poly1305_blocks_neon-.Lpoly1305_init) -# endif -# ifdef __thumb2__ - orr r12,r12,#1 @ thumb-ify address - orr r11,r11,#1 -# endif -#endif - ldrb r9,[$inp,#11] - orr r6,r6,r7,lsl#8 - ldrb r7,[$inp,#12] - orr r6,r6,r8,lsl#16 - ldrb r8,[$inp,#13] - orr r6,r6,r9,lsl#24 - ldrb r9,[$inp,#14] - and r6,r6,r3 - - ldrb r10,[$inp,#15] - orr r7,r7,r8,lsl#8 - str r4,[$ctx,#0] - orr r7,r7,r9,lsl#16 - str r5,[$ctx,#4] - orr r7,r7,r10,lsl#24 - str r6,[$ctx,#8] - and r7,r7,r3 - str r7,[$ctx,#12] -#if __ARM_MAX_ARCH__>=7 - stmia r2,{r11,r12} @ fill functions table - mov r0,#1 -#else - mov r0,#0 -#endif -.Lno_key: - ldmia sp!,{r4-r11} -#if __ARM_ARCH__>=5 - ret @ bx lr -#else - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size GFp_poly1305_init_asm,.-GFp_poly1305_init_asm -___ -{ -my ($h0,$h1,$h2,$h3,$h4,$r0,$r1,$r2,$r3)=map("r$_",(4..12)); -my ($s1,$s2,$s3)=($r1,$r2,$r3); - -$code.=<<___; -.type GFp_poly1305_blocks,%function -.align 5 -GFp_poly1305_blocks: - stmdb sp!,{r3-r11,lr} - - ands $len,$len,#-16 - beq .Lno_data - - cmp $padbit,#0 - add $len,$len,$inp @ end pointer - sub sp,sp,#32 - - ldmia $ctx,{$h0-$r3} @ load context - - str $ctx,[sp,#12] @ offload stuff - mov lr,$inp - str $len,[sp,#16] - str $r1,[sp,#20] - str $r2,[sp,#24] - str $r3,[sp,#28] - b .Loop - -.Loop: -#if __ARM_ARCH__<7 - ldrb r0,[lr],#16 @ load input -# ifdef __thumb2__ - it hi -# endif - addhi $h4,$h4,#1 @ 1<<128 - ldrb r1,[lr,#-15] - ldrb r2,[lr,#-14] - ldrb r3,[lr,#-13] - orr r1,r0,r1,lsl#8 - ldrb r0,[lr,#-12] - orr r2,r1,r2,lsl#16 - ldrb r1,[lr,#-11] - orr r3,r2,r3,lsl#24 - ldrb r2,[lr,#-10] - adds $h0,$h0,r3 @ accumulate input - - ldrb r3,[lr,#-9] - orr r1,r0,r1,lsl#8 - ldrb r0,[lr,#-8] - orr r2,r1,r2,lsl#16 - ldrb r1,[lr,#-7] - orr r3,r2,r3,lsl#24 - ldrb r2,[lr,#-6] - adcs $h1,$h1,r3 - - ldrb r3,[lr,#-5] - orr r1,r0,r1,lsl#8 - ldrb r0,[lr,#-4] - orr r2,r1,r2,lsl#16 - ldrb r1,[lr,#-3] - orr r3,r2,r3,lsl#24 - ldrb r2,[lr,#-2] - adcs $h2,$h2,r3 - - ldrb r3,[lr,#-1] - orr r1,r0,r1,lsl#8 - str lr,[sp,#8] @ offload input pointer - orr r2,r1,r2,lsl#16 - add $s1,$r1,$r1,lsr#2 - orr r3,r2,r3,lsl#24 -#else - ldr r0,[lr],#16 @ load input -# ifdef __thumb2__ - it hi -# endif - addhi $h4,$h4,#1 @ padbit - ldr r1,[lr,#-12] - ldr r2,[lr,#-8] - ldr r3,[lr,#-4] -# ifdef __ARMEB__ - rev r0,r0 - rev r1,r1 - rev r2,r2 - rev r3,r3 -# endif - adds $h0,$h0,r0 @ accumulate input - str lr,[sp,#8] @ offload input pointer - adcs $h1,$h1,r1 - add $s1,$r1,$r1,lsr#2 - adcs $h2,$h2,r2 -#endif - add $s2,$r2,$r2,lsr#2 - adcs $h3,$h3,r3 - add $s3,$r3,$r3,lsr#2 - - umull r2,r3,$h1,$r0 - adc $h4,$h4,#0 - umull r0,r1,$h0,$r0 - umlal r2,r3,$h4,$s1 - umlal r0,r1,$h3,$s1 - ldr $r1,[sp,#20] @ reload $r1 - umlal r2,r3,$h2,$s3 - umlal r0,r1,$h1,$s3 - umlal r2,r3,$h3,$s2 - umlal r0,r1,$h2,$s2 - umlal r2,r3,$h0,$r1 - str r0,[sp,#0] @ future $h0 - mul r0,$s2,$h4 - ldr $r2,[sp,#24] @ reload $r2 - adds r2,r2,r1 @ d1+=d0>>32 - eor r1,r1,r1 - adc lr,r3,#0 @ future $h2 - str r2,[sp,#4] @ future $h1 - - mul r2,$s3,$h4 - eor r3,r3,r3 - umlal r0,r1,$h3,$s3 - ldr $r3,[sp,#28] @ reload $r3 - umlal r2,r3,$h3,$r0 - umlal r0,r1,$h2,$r0 - umlal r2,r3,$h2,$r1 - umlal r0,r1,$h1,$r1 - umlal r2,r3,$h1,$r2 - umlal r0,r1,$h0,$r2 - umlal r2,r3,$h0,$r3 - ldr $h0,[sp,#0] - mul $h4,$r0,$h4 - ldr $h1,[sp,#4] - - adds $h2,lr,r0 @ d2+=d1>>32 - ldr lr,[sp,#8] @ reload input pointer - adc r1,r1,#0 - adds $h3,r2,r1 @ d3+=d2>>32 - ldr r0,[sp,#16] @ reload end pointer - adc r3,r3,#0 - add $h4,$h4,r3 @ h4+=d3>>32 - - and r1,$h4,#-4 - and $h4,$h4,#3 - add r1,r1,r1,lsr#2 @ *=5 - adds $h0,$h0,r1 - adcs $h1,$h1,#0 - adcs $h2,$h2,#0 - adcs $h3,$h3,#0 - adc $h4,$h4,#0 - - cmp r0,lr @ done yet? - bhi .Loop - - ldr $ctx,[sp,#12] - add sp,sp,#32 - stmia $ctx,{$h0-$h4} @ store the result - -.Lno_data: -#if __ARM_ARCH__>=5 - ldmia sp!,{r3-r11,pc} -#else - ldmia sp!,{r3-r11,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size GFp_poly1305_blocks,.-GFp_poly1305_blocks -___ -} -{ -my ($ctx,$mac,$nonce)=map("r$_",(0..2)); -my ($h0,$h1,$h2,$h3,$h4,$g0,$g1,$g2,$g3)=map("r$_",(3..11)); -my $g4=$h4; - -$code.=<<___; -.type GFp_poly1305_emit,%function -.align 5 -GFp_poly1305_emit: - stmdb sp!,{r4-r11} -.Lpoly1305_emit_enter: - - ldmia $ctx,{$h0-$h4} - adds $g0,$h0,#5 @ compare to modulus - adcs $g1,$h1,#0 - adcs $g2,$h2,#0 - adcs $g3,$h3,#0 - adc $g4,$h4,#0 - tst $g4,#4 @ did it carry/borrow? - -#ifdef __thumb2__ - it ne -#endif - movne $h0,$g0 - ldr $g0,[$nonce,#0] -#ifdef __thumb2__ - it ne -#endif - movne $h1,$g1 - ldr $g1,[$nonce,#4] -#ifdef __thumb2__ - it ne -#endif - movne $h2,$g2 - ldr $g2,[$nonce,#8] -#ifdef __thumb2__ - it ne -#endif - movne $h3,$g3 - ldr $g3,[$nonce,#12] - - adds $h0,$h0,$g0 - adcs $h1,$h1,$g1 - adcs $h2,$h2,$g2 - adc $h3,$h3,$g3 - -#if __ARM_ARCH__>=7 -# ifdef __ARMEB__ - rev $h0,$h0 - rev $h1,$h1 - rev $h2,$h2 - rev $h3,$h3 -# endif - str $h0,[$mac,#0] - str $h1,[$mac,#4] - str $h2,[$mac,#8] - str $h3,[$mac,#12] -#else - strb $h0,[$mac,#0] - mov $h0,$h0,lsr#8 - strb $h1,[$mac,#4] - mov $h1,$h1,lsr#8 - strb $h2,[$mac,#8] - mov $h2,$h2,lsr#8 - strb $h3,[$mac,#12] - mov $h3,$h3,lsr#8 - - strb $h0,[$mac,#1] - mov $h0,$h0,lsr#8 - strb $h1,[$mac,#5] - mov $h1,$h1,lsr#8 - strb $h2,[$mac,#9] - mov $h2,$h2,lsr#8 - strb $h3,[$mac,#13] - mov $h3,$h3,lsr#8 - - strb $h0,[$mac,#2] - mov $h0,$h0,lsr#8 - strb $h1,[$mac,#6] - mov $h1,$h1,lsr#8 - strb $h2,[$mac,#10] - mov $h2,$h2,lsr#8 - strb $h3,[$mac,#14] - mov $h3,$h3,lsr#8 - - strb $h0,[$mac,#3] - strb $h1,[$mac,#7] - strb $h2,[$mac,#11] - strb $h3,[$mac,#15] -#endif - ldmia sp!,{r4-r11} -#if __ARM_ARCH__>=5 - ret @ bx lr -#else - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size GFp_poly1305_emit,.-GFp_poly1305_emit -___ -{ -my ($R0,$R1,$S1,$R2,$S2,$R3,$S3,$R4,$S4) = map("d$_",(0..9)); -my ($D0,$D1,$D2,$D3,$D4, $H0,$H1,$H2,$H3,$H4) = map("q$_",(5..14)); -my ($T0,$T1,$MASK) = map("q$_",(15,4,0)); - -my ($in2,$zeros,$tbl0,$tbl1) = map("r$_",(4..7)); - -$code.=<<___; -#if __ARM_MAX_ARCH__>=7 -.fpu neon - -.type poly1305_init_neon,%function -.align 5 -poly1305_init_neon: - ldr r4,[$ctx,#20] @ load key base 2^32 - ldr r5,[$ctx,#24] - ldr r6,[$ctx,#28] - ldr r7,[$ctx,#32] - - and r2,r4,#0x03ffffff @ base 2^32 -> base 2^26 - mov r3,r4,lsr#26 - mov r4,r5,lsr#20 - orr r3,r3,r5,lsl#6 - mov r5,r6,lsr#14 - orr r4,r4,r6,lsl#12 - mov r6,r7,lsr#8 - orr r5,r5,r7,lsl#18 - and r3,r3,#0x03ffffff - and r4,r4,#0x03ffffff - and r5,r5,#0x03ffffff - - vdup.32 $R0,r2 @ r^1 in both lanes - add r2,r3,r3,lsl#2 @ *5 - vdup.32 $R1,r3 - add r3,r4,r4,lsl#2 - vdup.32 $S1,r2 - vdup.32 $R2,r4 - add r4,r5,r5,lsl#2 - vdup.32 $S2,r3 - vdup.32 $R3,r5 - add r5,r6,r6,lsl#2 - vdup.32 $S3,r4 - vdup.32 $R4,r6 - vdup.32 $S4,r5 - - mov $zeros,#2 @ counter - -.Lsquare_neon: - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 - @ d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 - @ d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - @ d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 - @ d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 - - vmull.u32 $D0,$R0,${R0}[1] - vmull.u32 $D1,$R1,${R0}[1] - vmull.u32 $D2,$R2,${R0}[1] - vmull.u32 $D3,$R3,${R0}[1] - vmull.u32 $D4,$R4,${R0}[1] - - vmlal.u32 $D0,$R4,${S1}[1] - vmlal.u32 $D1,$R0,${R1}[1] - vmlal.u32 $D2,$R1,${R1}[1] - vmlal.u32 $D3,$R2,${R1}[1] - vmlal.u32 $D4,$R3,${R1}[1] - - vmlal.u32 $D0,$R3,${S2}[1] - vmlal.u32 $D1,$R4,${S2}[1] - vmlal.u32 $D3,$R1,${R2}[1] - vmlal.u32 $D2,$R0,${R2}[1] - vmlal.u32 $D4,$R2,${R2}[1] - - vmlal.u32 $D0,$R2,${S3}[1] - vmlal.u32 $D3,$R0,${R3}[1] - vmlal.u32 $D1,$R3,${S3}[1] - vmlal.u32 $D2,$R4,${S3}[1] - vmlal.u32 $D4,$R1,${R3}[1] - - vmlal.u32 $D3,$R4,${S4}[1] - vmlal.u32 $D0,$R1,${S4}[1] - vmlal.u32 $D1,$R2,${S4}[1] - vmlal.u32 $D2,$R3,${S4}[1] - vmlal.u32 $D4,$R0,${R4}[1] - - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ lazy reduction as discussed in "NEON crypto" by D.J. Bernstein - @ and P. Schwabe - @ - @ H0>>+H1>>+H2>>+H3>>+H4 - @ H3>>+H4>>*5+H0>>+H1 - @ - @ Trivia. - @ - @ Result of multiplication of n-bit number by m-bit number is - @ n+m bits wide. However! Even though 2^n is a n+1-bit number, - @ m-bit number multiplied by 2^n is still n+m bits wide. - @ - @ Sum of two n-bit numbers is n+1 bits wide, sum of three - n+2, - @ and so is sum of four. Sum of 2^m n-m-bit numbers and n-bit - @ one is n+1 bits wide. - @ - @ >>+ denotes Hnext += Hn>>26, Hn &= 0x3ffffff. This means that - @ H0, H2, H3 are guaranteed to be 26 bits wide, while H1 and H4 - @ can be 27. However! In cases when their width exceeds 26 bits - @ they are limited by 2^26+2^6. This in turn means that *sum* - @ of the products with these values can still be viewed as sum - @ of 52-bit numbers as long as the amount of addends is not a - @ power of 2. For example, - @ - @ H4 = H4*R0 + H3*R1 + H2*R2 + H1*R3 + H0 * R4, - @ - @ which can't be larger than 5 * (2^26 + 2^6) * (2^26 + 2^6), or - @ 5 * (2^52 + 2*2^32 + 2^12), which in turn is smaller than - @ 8 * (2^52) or 2^55. However, the value is then multiplied by - @ by 5, so we should be looking at 5 * 5 * (2^52 + 2^33 + 2^12), - @ which is less than 32 * (2^52) or 2^57. And when processing - @ data we are looking at triple as many addends... - @ - @ In key setup procedure pre-reduced H0 is limited by 5*4+1 and - @ 5*H4 - by 5*5 52-bit addends, or 57 bits. But when hashing the - @ input H0 is limited by (5*4+1)*3 addends, or 58 bits, while - @ 5*H4 by 5*5*3, or 59[!] bits. How is this relevant? vmlal.u32 - @ instruction accepts 2x32-bit input and writes 2x64-bit result. - @ This means that result of reduction have to be compressed upon - @ loop wrap-around. This can be done in the process of reduction - @ to minimize amount of instructions [as well as amount of - @ 128-bit instructions, which benefits low-end processors], but - @ one has to watch for H2 (which is narrower than H0) and 5*H4 - @ not being wider than 58 bits, so that result of right shift - @ by 26 bits fits in 32 bits. This is also useful on x86, - @ because it allows to use paddd in place for paddq, which - @ benefits Atom, where paddq is ridiculously slow. - - vshr.u64 $T0,$D3,#26 - vmovn.i64 $D3#lo,$D3 - vshr.u64 $T1,$D0,#26 - vmovn.i64 $D0#lo,$D0 - vadd.i64 $D4,$D4,$T0 @ h3 -> h4 - vbic.i32 $D3#lo,#0xfc000000 @ &=0x03ffffff - vadd.i64 $D1,$D1,$T1 @ h0 -> h1 - vbic.i32 $D0#lo,#0xfc000000 - - vshrn.u64 $T0#lo,$D4,#26 - vmovn.i64 $D4#lo,$D4 - vshr.u64 $T1,$D1,#26 - vmovn.i64 $D1#lo,$D1 - vadd.i64 $D2,$D2,$T1 @ h1 -> h2 - vbic.i32 $D4#lo,#0xfc000000 - vbic.i32 $D1#lo,#0xfc000000 - - vadd.i32 $D0#lo,$D0#lo,$T0#lo - vshl.u32 $T0#lo,$T0#lo,#2 - vshrn.u64 $T1#lo,$D2,#26 - vmovn.i64 $D2#lo,$D2 - vadd.i32 $D0#lo,$D0#lo,$T0#lo @ h4 -> h0 - vadd.i32 $D3#lo,$D3#lo,$T1#lo @ h2 -> h3 - vbic.i32 $D2#lo,#0xfc000000 - - vshr.u32 $T0#lo,$D0#lo,#26 - vbic.i32 $D0#lo,#0xfc000000 - vshr.u32 $T1#lo,$D3#lo,#26 - vbic.i32 $D3#lo,#0xfc000000 - vadd.i32 $D1#lo,$D1#lo,$T0#lo @ h0 -> h1 - vadd.i32 $D4#lo,$D4#lo,$T1#lo @ h3 -> h4 - - subs $zeros,$zeros,#1 - beq .Lsquare_break_neon - - add $tbl0,$ctx,#(48+0*9*4) - add $tbl1,$ctx,#(48+1*9*4) - - vtrn.32 $R0,$D0#lo @ r^2:r^1 - vtrn.32 $R2,$D2#lo - vtrn.32 $R3,$D3#lo - vtrn.32 $R1,$D1#lo - vtrn.32 $R4,$D4#lo - - vshl.u32 $S2,$R2,#2 @ *5 - vshl.u32 $S3,$R3,#2 - vshl.u32 $S1,$R1,#2 - vshl.u32 $S4,$R4,#2 - vadd.i32 $S2,$S2,$R2 - vadd.i32 $S1,$S1,$R1 - vadd.i32 $S3,$S3,$R3 - vadd.i32 $S4,$S4,$R4 - - vst4.32 {${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]! - vst4.32 {${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]! - vst4.32 {${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]! - vst4.32 {${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]! - vst1.32 {${S4}[0]},[$tbl0,:32] - vst1.32 {${S4}[1]},[$tbl1,:32] - - b .Lsquare_neon - -.align 4 -.Lsquare_break_neon: - add $tbl0,$ctx,#(48+2*4*9) - add $tbl1,$ctx,#(48+3*4*9) - - vmov $R0,$D0#lo @ r^4:r^3 - vshl.u32 $S1,$D1#lo,#2 @ *5 - vmov $R1,$D1#lo - vshl.u32 $S2,$D2#lo,#2 - vmov $R2,$D2#lo - vshl.u32 $S3,$D3#lo,#2 - vmov $R3,$D3#lo - vshl.u32 $S4,$D4#lo,#2 - vmov $R4,$D4#lo - vadd.i32 $S1,$S1,$D1#lo - vadd.i32 $S2,$S2,$D2#lo - vadd.i32 $S3,$S3,$D3#lo - vadd.i32 $S4,$S4,$D4#lo - - vst4.32 {${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]! - vst4.32 {${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]! - vst4.32 {${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]! - vst4.32 {${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]! - vst1.32 {${S4}[0]},[$tbl0] - vst1.32 {${S4}[1]},[$tbl1] - - ret @ bx lr -.size poly1305_init_neon,.-poly1305_init_neon - -.type poly1305_blocks_neon,%function -.align 5 -poly1305_blocks_neon: - ldr ip,[$ctx,#36] @ is_base2_26 - ands $len,$len,#-16 - beq .Lno_data_neon - - cmp $len,#64 - bhs .Lenter_neon - tst ip,ip @ is_base2_26? - beq GFp_poly1305_blocks - -.Lenter_neon: - stmdb sp!,{r4-r7} - vstmdb sp!,{d8-d15} @ ABI specification says so - - tst ip,ip @ is_base2_26? - bne .Lbase2_26_neon - - stmdb sp!,{r1-r3,lr} - bl poly1305_init_neon - - ldr r4,[$ctx,#0] @ load hash value base 2^32 - ldr r5,[$ctx,#4] - ldr r6,[$ctx,#8] - ldr r7,[$ctx,#12] - ldr ip,[$ctx,#16] - - and r2,r4,#0x03ffffff @ base 2^32 -> base 2^26 - mov r3,r4,lsr#26 - veor $D0#lo,$D0#lo,$D0#lo - mov r4,r5,lsr#20 - orr r3,r3,r5,lsl#6 - veor $D1#lo,$D1#lo,$D1#lo - mov r5,r6,lsr#14 - orr r4,r4,r6,lsl#12 - veor $D2#lo,$D2#lo,$D2#lo - mov r6,r7,lsr#8 - orr r5,r5,r7,lsl#18 - veor $D3#lo,$D3#lo,$D3#lo - and r3,r3,#0x03ffffff - orr r6,r6,ip,lsl#24 - veor $D4#lo,$D4#lo,$D4#lo - and r4,r4,#0x03ffffff - mov r1,#1 - and r5,r5,#0x03ffffff - str r1,[$ctx,#36] @ is_base2_26 - - vmov.32 $D0#lo[0],r2 - vmov.32 $D1#lo[0],r3 - vmov.32 $D2#lo[0],r4 - vmov.32 $D3#lo[0],r5 - vmov.32 $D4#lo[0],r6 - adr $zeros,.Lzeros - - ldmia sp!,{r1-r3,lr} - b .Lbase2_32_neon - -.align 4 -.Lbase2_26_neon: - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ load hash value - - veor $D0#lo,$D0#lo,$D0#lo - veor $D1#lo,$D1#lo,$D1#lo - veor $D2#lo,$D2#lo,$D2#lo - veor $D3#lo,$D3#lo,$D3#lo - veor $D4#lo,$D4#lo,$D4#lo - vld4.32 {$D0#lo[0],$D1#lo[0],$D2#lo[0],$D3#lo[0]},[$ctx]! - adr $zeros,.Lzeros - vld1.32 {$D4#lo[0]},[$ctx] - sub $ctx,$ctx,#16 @ rewind - -.Lbase2_32_neon: - add $in2,$inp,#32 - mov $padbit,$padbit,lsl#24 - tst $len,#31 - beq .Leven - - vld4.32 {$H0#lo[0],$H1#lo[0],$H2#lo[0],$H3#lo[0]},[$inp]! - vmov.32 $H4#lo[0],$padbit - sub $len,$len,#16 - add $in2,$inp,#32 - -# ifdef __ARMEB__ - vrev32.8 $H0,$H0 - vrev32.8 $H3,$H3 - vrev32.8 $H1,$H1 - vrev32.8 $H2,$H2 -# endif - vsri.u32 $H4#lo,$H3#lo,#8 @ base 2^32 -> base 2^26 - vshl.u32 $H3#lo,$H3#lo,#18 - - vsri.u32 $H3#lo,$H2#lo,#14 - vshl.u32 $H2#lo,$H2#lo,#12 - vadd.i32 $H4#hi,$H4#lo,$D4#lo @ add hash value and move to #hi - - vbic.i32 $H3#lo,#0xfc000000 - vsri.u32 $H2#lo,$H1#lo,#20 - vshl.u32 $H1#lo,$H1#lo,#6 - - vbic.i32 $H2#lo,#0xfc000000 - vsri.u32 $H1#lo,$H0#lo,#26 - vadd.i32 $H3#hi,$H3#lo,$D3#lo - - vbic.i32 $H0#lo,#0xfc000000 - vbic.i32 $H1#lo,#0xfc000000 - vadd.i32 $H2#hi,$H2#lo,$D2#lo - - vadd.i32 $H0#hi,$H0#lo,$D0#lo - vadd.i32 $H1#hi,$H1#lo,$D1#lo - - mov $tbl1,$zeros - add $tbl0,$ctx,#48 - - cmp $len,$len - b .Long_tail - -.align 4 -.Leven: - subs $len,$len,#64 - it lo - movlo $in2,$zeros - - vmov.i32 $H4,#1<<24 @ padbit, yes, always - vld4.32 {$H0#lo,$H1#lo,$H2#lo,$H3#lo},[$inp] @ inp[0:1] - add $inp,$inp,#64 - vld4.32 {$H0#hi,$H1#hi,$H2#hi,$H3#hi},[$in2] @ inp[2:3] (or 0) - add $in2,$in2,#64 - itt hi - addhi $tbl1,$ctx,#(48+1*9*4) - addhi $tbl0,$ctx,#(48+3*9*4) - -# ifdef __ARMEB__ - vrev32.8 $H0,$H0 - vrev32.8 $H3,$H3 - vrev32.8 $H1,$H1 - vrev32.8 $H2,$H2 -# endif - vsri.u32 $H4,$H3,#8 @ base 2^32 -> base 2^26 - vshl.u32 $H3,$H3,#18 - - vsri.u32 $H3,$H2,#14 - vshl.u32 $H2,$H2,#12 - - vbic.i32 $H3,#0xfc000000 - vsri.u32 $H2,$H1,#20 - vshl.u32 $H1,$H1,#6 - - vbic.i32 $H2,#0xfc000000 - vsri.u32 $H1,$H0,#26 - - vbic.i32 $H0,#0xfc000000 - vbic.i32 $H1,#0xfc000000 - - bls .Lskip_loop - - vld4.32 {${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]! @ load r^2 - vld4.32 {${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]! @ load r^4 - vld4.32 {${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]! - vld4.32 {${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]! - b .Loop_neon - -.align 5 -.Loop_neon: - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2 - @ ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r - @ \___________________/ - @ ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2+inp[8])*r^2 - @ ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^4+inp[7]*r^2+inp[9])*r - @ \___________________/ \____________________/ - @ - @ Note that we start with inp[2:3]*r^2. This is because it - @ doesn't depend on reduction in previous iteration. - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 - @ d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 - @ d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - @ d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 - @ d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 - - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ inp[2:3]*r^2 - - vadd.i32 $H2#lo,$H2#lo,$D2#lo @ accumulate inp[0:1] - vmull.u32 $D2,$H2#hi,${R0}[1] - vadd.i32 $H0#lo,$H0#lo,$D0#lo - vmull.u32 $D0,$H0#hi,${R0}[1] - vadd.i32 $H3#lo,$H3#lo,$D3#lo - vmull.u32 $D3,$H3#hi,${R0}[1] - vmlal.u32 $D2,$H1#hi,${R1}[1] - vadd.i32 $H1#lo,$H1#lo,$D1#lo - vmull.u32 $D1,$H1#hi,${R0}[1] - - vadd.i32 $H4#lo,$H4#lo,$D4#lo - vmull.u32 $D4,$H4#hi,${R0}[1] - subs $len,$len,#64 - vmlal.u32 $D0,$H4#hi,${S1}[1] - it lo - movlo $in2,$zeros - vmlal.u32 $D3,$H2#hi,${R1}[1] - vld1.32 ${S4}[1],[$tbl1,:32] - vmlal.u32 $D1,$H0#hi,${R1}[1] - vmlal.u32 $D4,$H3#hi,${R1}[1] - - vmlal.u32 $D0,$H3#hi,${S2}[1] - vmlal.u32 $D3,$H1#hi,${R2}[1] - vmlal.u32 $D4,$H2#hi,${R2}[1] - vmlal.u32 $D1,$H4#hi,${S2}[1] - vmlal.u32 $D2,$H0#hi,${R2}[1] - - vmlal.u32 $D3,$H0#hi,${R3}[1] - vmlal.u32 $D0,$H2#hi,${S3}[1] - vmlal.u32 $D4,$H1#hi,${R3}[1] - vmlal.u32 $D1,$H3#hi,${S3}[1] - vmlal.u32 $D2,$H4#hi,${S3}[1] - - vmlal.u32 $D3,$H4#hi,${S4}[1] - vmlal.u32 $D0,$H1#hi,${S4}[1] - vmlal.u32 $D4,$H0#hi,${R4}[1] - vmlal.u32 $D1,$H2#hi,${S4}[1] - vmlal.u32 $D2,$H3#hi,${S4}[1] - - vld4.32 {$H0#hi,$H1#hi,$H2#hi,$H3#hi},[$in2] @ inp[2:3] (or 0) - add $in2,$in2,#64 - - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ (hash+inp[0:1])*r^4 and accumulate - - vmlal.u32 $D3,$H3#lo,${R0}[0] - vmlal.u32 $D0,$H0#lo,${R0}[0] - vmlal.u32 $D4,$H4#lo,${R0}[0] - vmlal.u32 $D1,$H1#lo,${R0}[0] - vmlal.u32 $D2,$H2#lo,${R0}[0] - vld1.32 ${S4}[0],[$tbl0,:32] - - vmlal.u32 $D3,$H2#lo,${R1}[0] - vmlal.u32 $D0,$H4#lo,${S1}[0] - vmlal.u32 $D4,$H3#lo,${R1}[0] - vmlal.u32 $D1,$H0#lo,${R1}[0] - vmlal.u32 $D2,$H1#lo,${R1}[0] - - vmlal.u32 $D3,$H1#lo,${R2}[0] - vmlal.u32 $D0,$H3#lo,${S2}[0] - vmlal.u32 $D4,$H2#lo,${R2}[0] - vmlal.u32 $D1,$H4#lo,${S2}[0] - vmlal.u32 $D2,$H0#lo,${R2}[0] - - vmlal.u32 $D3,$H0#lo,${R3}[0] - vmlal.u32 $D0,$H2#lo,${S3}[0] - vmlal.u32 $D4,$H1#lo,${R3}[0] - vmlal.u32 $D1,$H3#lo,${S3}[0] - vmlal.u32 $D3,$H4#lo,${S4}[0] - - vmlal.u32 $D2,$H4#lo,${S3}[0] - vmlal.u32 $D0,$H1#lo,${S4}[0] - vmlal.u32 $D4,$H0#lo,${R4}[0] - vmov.i32 $H4,#1<<24 @ padbit, yes, always - vmlal.u32 $D1,$H2#lo,${S4}[0] - vmlal.u32 $D2,$H3#lo,${S4}[0] - - vld4.32 {$H0#lo,$H1#lo,$H2#lo,$H3#lo},[$inp] @ inp[0:1] - add $inp,$inp,#64 -# ifdef __ARMEB__ - vrev32.8 $H0,$H0 - vrev32.8 $H1,$H1 - vrev32.8 $H2,$H2 - vrev32.8 $H3,$H3 -# endif - - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ lazy reduction interleaved with base 2^32 -> base 2^26 of - @ inp[0:3] previously loaded to $H0-$H3 and smashed to $H0-$H4. - - vshr.u64 $T0,$D3,#26 - vmovn.i64 $D3#lo,$D3 - vshr.u64 $T1,$D0,#26 - vmovn.i64 $D0#lo,$D0 - vadd.i64 $D4,$D4,$T0 @ h3 -> h4 - vbic.i32 $D3#lo,#0xfc000000 - vsri.u32 $H4,$H3,#8 @ base 2^32 -> base 2^26 - vadd.i64 $D1,$D1,$T1 @ h0 -> h1 - vshl.u32 $H3,$H3,#18 - vbic.i32 $D0#lo,#0xfc000000 - - vshrn.u64 $T0#lo,$D4,#26 - vmovn.i64 $D4#lo,$D4 - vshr.u64 $T1,$D1,#26 - vmovn.i64 $D1#lo,$D1 - vadd.i64 $D2,$D2,$T1 @ h1 -> h2 - vsri.u32 $H3,$H2,#14 - vbic.i32 $D4#lo,#0xfc000000 - vshl.u32 $H2,$H2,#12 - vbic.i32 $D1#lo,#0xfc000000 - - vadd.i32 $D0#lo,$D0#lo,$T0#lo - vshl.u32 $T0#lo,$T0#lo,#2 - vbic.i32 $H3,#0xfc000000 - vshrn.u64 $T1#lo,$D2,#26 - vmovn.i64 $D2#lo,$D2 - vaddl.u32 $D0,$D0#lo,$T0#lo @ h4 -> h0 [widen for a sec] - vsri.u32 $H2,$H1,#20 - vadd.i32 $D3#lo,$D3#lo,$T1#lo @ h2 -> h3 - vshl.u32 $H1,$H1,#6 - vbic.i32 $D2#lo,#0xfc000000 - vbic.i32 $H2,#0xfc000000 - - vshrn.u64 $T0#lo,$D0,#26 @ re-narrow - vmovn.i64 $D0#lo,$D0 - vsri.u32 $H1,$H0,#26 - vbic.i32 $H0,#0xfc000000 - vshr.u32 $T1#lo,$D3#lo,#26 - vbic.i32 $D3#lo,#0xfc000000 - vbic.i32 $D0#lo,#0xfc000000 - vadd.i32 $D1#lo,$D1#lo,$T0#lo @ h0 -> h1 - vadd.i32 $D4#lo,$D4#lo,$T1#lo @ h3 -> h4 - vbic.i32 $H1,#0xfc000000 - - bhi .Loop_neon - -.Lskip_loop: - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1 - - add $tbl1,$ctx,#(48+0*9*4) - add $tbl0,$ctx,#(48+1*9*4) - adds $len,$len,#32 - it ne - movne $len,#0 - bne .Long_tail - - vadd.i32 $H2#hi,$H2#lo,$D2#lo @ add hash value and move to #hi - vadd.i32 $H0#hi,$H0#lo,$D0#lo - vadd.i32 $H3#hi,$H3#lo,$D3#lo - vadd.i32 $H1#hi,$H1#lo,$D1#lo - vadd.i32 $H4#hi,$H4#lo,$D4#lo - -.Long_tail: - vld4.32 {${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]! @ load r^1 - vld4.32 {${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]! @ load r^2 - - vadd.i32 $H2#lo,$H2#lo,$D2#lo @ can be redundant - vmull.u32 $D2,$H2#hi,$R0 - vadd.i32 $H0#lo,$H0#lo,$D0#lo - vmull.u32 $D0,$H0#hi,$R0 - vadd.i32 $H3#lo,$H3#lo,$D3#lo - vmull.u32 $D3,$H3#hi,$R0 - vadd.i32 $H1#lo,$H1#lo,$D1#lo - vmull.u32 $D1,$H1#hi,$R0 - vadd.i32 $H4#lo,$H4#lo,$D4#lo - vmull.u32 $D4,$H4#hi,$R0 - - vmlal.u32 $D0,$H4#hi,$S1 - vld4.32 {${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]! - vmlal.u32 $D3,$H2#hi,$R1 - vld4.32 {${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]! - vmlal.u32 $D1,$H0#hi,$R1 - vmlal.u32 $D4,$H3#hi,$R1 - vmlal.u32 $D2,$H1#hi,$R1 - - vmlal.u32 $D3,$H1#hi,$R2 - vld1.32 ${S4}[1],[$tbl1,:32] - vmlal.u32 $D0,$H3#hi,$S2 - vld1.32 ${S4}[0],[$tbl0,:32] - vmlal.u32 $D4,$H2#hi,$R2 - vmlal.u32 $D1,$H4#hi,$S2 - vmlal.u32 $D2,$H0#hi,$R2 - - vmlal.u32 $D3,$H0#hi,$R3 - it ne - addne $tbl1,$ctx,#(48+2*9*4) - vmlal.u32 $D0,$H2#hi,$S3 - it ne - addne $tbl0,$ctx,#(48+3*9*4) - vmlal.u32 $D4,$H1#hi,$R3 - vmlal.u32 $D1,$H3#hi,$S3 - vmlal.u32 $D2,$H4#hi,$S3 - - vmlal.u32 $D3,$H4#hi,$S4 - vorn $MASK,$MASK,$MASK @ all-ones, can be redundant - vmlal.u32 $D0,$H1#hi,$S4 - vshr.u64 $MASK,$MASK,#38 - vmlal.u32 $D4,$H0#hi,$R4 - vmlal.u32 $D1,$H2#hi,$S4 - vmlal.u32 $D2,$H3#hi,$S4 - - beq .Lshort_tail - - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ (hash+inp[0:1])*r^4:r^3 and accumulate - - vld4.32 {${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]! @ load r^3 - vld4.32 {${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]! @ load r^4 - - vmlal.u32 $D2,$H2#lo,$R0 - vmlal.u32 $D0,$H0#lo,$R0 - vmlal.u32 $D3,$H3#lo,$R0 - vmlal.u32 $D1,$H1#lo,$R0 - vmlal.u32 $D4,$H4#lo,$R0 - - vmlal.u32 $D0,$H4#lo,$S1 - vld4.32 {${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]! - vmlal.u32 $D3,$H2#lo,$R1 - vld4.32 {${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]! - vmlal.u32 $D1,$H0#lo,$R1 - vmlal.u32 $D4,$H3#lo,$R1 - vmlal.u32 $D2,$H1#lo,$R1 - - vmlal.u32 $D3,$H1#lo,$R2 - vld1.32 ${S4}[1],[$tbl1,:32] - vmlal.u32 $D0,$H3#lo,$S2 - vld1.32 ${S4}[0],[$tbl0,:32] - vmlal.u32 $D4,$H2#lo,$R2 - vmlal.u32 $D1,$H4#lo,$S2 - vmlal.u32 $D2,$H0#lo,$R2 - - vmlal.u32 $D3,$H0#lo,$R3 - vmlal.u32 $D0,$H2#lo,$S3 - vmlal.u32 $D4,$H1#lo,$R3 - vmlal.u32 $D1,$H3#lo,$S3 - vmlal.u32 $D2,$H4#lo,$S3 - - vmlal.u32 $D3,$H4#lo,$S4 - vorn $MASK,$MASK,$MASK @ all-ones - vmlal.u32 $D0,$H1#lo,$S4 - vshr.u64 $MASK,$MASK,#38 - vmlal.u32 $D4,$H0#lo,$R4 - vmlal.u32 $D1,$H2#lo,$S4 - vmlal.u32 $D2,$H3#lo,$S4 - -.Lshort_tail: - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ horizontal addition - - vadd.i64 $D3#lo,$D3#lo,$D3#hi - vadd.i64 $D0#lo,$D0#lo,$D0#hi - vadd.i64 $D4#lo,$D4#lo,$D4#hi - vadd.i64 $D1#lo,$D1#lo,$D1#hi - vadd.i64 $D2#lo,$D2#lo,$D2#hi - - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ lazy reduction, but without narrowing - - vshr.u64 $T0,$D3,#26 - vand.i64 $D3,$D3,$MASK - vshr.u64 $T1,$D0,#26 - vand.i64 $D0,$D0,$MASK - vadd.i64 $D4,$D4,$T0 @ h3 -> h4 - vadd.i64 $D1,$D1,$T1 @ h0 -> h1 - - vshr.u64 $T0,$D4,#26 - vand.i64 $D4,$D4,$MASK - vshr.u64 $T1,$D1,#26 - vand.i64 $D1,$D1,$MASK - vadd.i64 $D2,$D2,$T1 @ h1 -> h2 - - vadd.i64 $D0,$D0,$T0 - vshl.u64 $T0,$T0,#2 - vshr.u64 $T1,$D2,#26 - vand.i64 $D2,$D2,$MASK - vadd.i64 $D0,$D0,$T0 @ h4 -> h0 - vadd.i64 $D3,$D3,$T1 @ h2 -> h3 - - vshr.u64 $T0,$D0,#26 - vand.i64 $D0,$D0,$MASK - vshr.u64 $T1,$D3,#26 - vand.i64 $D3,$D3,$MASK - vadd.i64 $D1,$D1,$T0 @ h0 -> h1 - vadd.i64 $D4,$D4,$T1 @ h3 -> h4 - - cmp $len,#0 - bne .Leven - - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ store hash value - - vst4.32 {$D0#lo[0],$D1#lo[0],$D2#lo[0],$D3#lo[0]},[$ctx]! - vst1.32 {$D4#lo[0]},[$ctx] - - vldmia sp!,{d8-d15} @ epilogue - ldmia sp!,{r4-r7} -.Lno_data_neon: - ret @ bx lr -.size poly1305_blocks_neon,.-poly1305_blocks_neon - -.type poly1305_emit_neon,%function -.align 5 -poly1305_emit_neon: - ldr ip,[$ctx,#36] @ is_base2_26 - - stmdb sp!,{r4-r11} - - tst ip,ip - beq .Lpoly1305_emit_enter - - ldmia $ctx,{$h0-$h4} - eor $g0,$g0,$g0 - - adds $h0,$h0,$h1,lsl#26 @ base 2^26 -> base 2^32 - mov $h1,$h1,lsr#6 - adcs $h1,$h1,$h2,lsl#20 - mov $h2,$h2,lsr#12 - adcs $h2,$h2,$h3,lsl#14 - mov $h3,$h3,lsr#18 - adcs $h3,$h3,$h4,lsl#8 - adc $h4,$g0,$h4,lsr#24 @ can be partially reduced ... - - and $g0,$h4,#-4 @ ... so reduce - and $h4,$h3,#3 - add $g0,$g0,$g0,lsr#2 @ *= 5 - adds $h0,$h0,$g0 - adcs $h1,$h1,#0 - adcs $h2,$h2,#0 - adcs $h3,$h3,#0 - adc $h4,$h4,#0 - - adds $g0,$h0,#5 @ compare to modulus - adcs $g1,$h1,#0 - adcs $g2,$h2,#0 - adcs $g3,$h3,#0 - adc $g4,$h4,#0 - tst $g4,#4 @ did it carry/borrow? - - it ne - movne $h0,$g0 - ldr $g0,[$nonce,#0] - it ne - movne $h1,$g1 - ldr $g1,[$nonce,#4] - it ne - movne $h2,$g2 - ldr $g2,[$nonce,#8] - it ne - movne $h3,$g3 - ldr $g3,[$nonce,#12] - - adds $h0,$h0,$g0 @ accumulate nonce - adcs $h1,$h1,$g1 - adcs $h2,$h2,$g2 - adc $h3,$h3,$g3 - -# ifdef __ARMEB__ - rev $h0,$h0 - rev $h1,$h1 - rev $h2,$h2 - rev $h3,$h3 -# endif - str $h0,[$mac,#0] @ store the result - str $h1,[$mac,#4] - str $h2,[$mac,#8] - str $h3,[$mac,#12] - - ldmia sp!,{r4-r11} - ret @ bx lr -.size poly1305_emit_neon,.-poly1305_emit_neon - -.align 5 -.Lzeros: -.long 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 -.LOPENSSL_armcap: -.word GFp_armcap_P-.Lpoly1305_init -#endif -___ -} } -$code.=<<___; -.asciz "Poly1305 for ARMv4/NEON, CRYPTOGAMS by " -.align 2 -#if __ARM_MAX_ARCH__>=7 -.comm GFp_armcap_P,4,4 -#endif -___ - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/geo; - - s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo or - s/\bret\b/bx lr/go or - s/\bbx\s+lr\b/.word\t0xe12fff1e/go; # make it possible to compile with -march=armv4 - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT"; diff --git a/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/poly1305/asm/poly1305-armv8.pl deleted file mode 100755 index 82aee20c11..0000000000 --- a/crypto/poly1305/asm/poly1305-armv8.pl +++ /dev/null @@ -1,931 +0,0 @@ -#!/usr/bin/env perl -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# This module implements Poly1305 hash for ARMv8. -# -# June 2015 -# -# Numbers are cycles per processed byte with GFp_poly1305_blocks alone. -# -# IALU/gcc-4.9 NEON -# -# Apple A7 1.86/+5% 0.72 -# Cortex-A53 2.69/+58% 1.47 -# Cortex-A57 2.70/+7% 1.14 -# Denver 1.64/+50% 1.18(*) -# X-Gene 2.13/+68% 2.27 -# -# (*) estimate based on resources availability is less than 1.0, -# i.e. measured result is worse than expected, presumably binary -# translator is not almighty; - -$flavour=shift; -$output=shift; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or -die "can't locate arm-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; - -my ($ctx,$inp,$len,$padbit) = map("x$_",(0..3)); -my ($mac,$nonce)=($inp,$len); - -my ($h0,$h1,$h2,$r0,$r1,$s1,$t0,$t1,$d0,$d1,$d2) = map("x$_",(4..14)); - -$code.=<<___; -#include - -.text - -// forward "declarations" are required for Apple -.extern GFp_armcap_P -.globl GFp_poly1305_blocks -.globl GFp_poly1305_emit -.globl GFp_poly1305_init_asm - -.type GFp_poly1305_init_asm,%function -.align 5 -GFp_poly1305_init_asm: - cmp $inp,xzr - stp xzr,xzr,[$ctx] // zero hash value - stp xzr,xzr,[$ctx,#16] // [along with is_base2_26] - - csel x0,xzr,x0,eq - b.eq .Lno_key - -#ifdef __ILP32__ - ldrsw $t1,.LGFp_armcap_P -#else - ldr $t1,.LGFp_armcap_P -#endif - adr $t0,.LGFp_armcap_P - - ldp $r0,$r1,[$inp] // load key - mov $s1,#0xfffffffc0fffffff - movk $s1,#0x0fff,lsl#48 - ldr w17,[$t0,$t1] -#ifdef __ARMEB__ - rev $r0,$r0 // flip bytes - rev $r1,$r1 -#endif - and $r0,$r0,$s1 // &=0ffffffc0fffffff - and $s1,$s1,#-4 - and $r1,$r1,$s1 // &=0ffffffc0ffffffc - stp $r0,$r1,[$ctx,#32] // save key value - - tst w17,#ARMV7_NEON - - adr $d0,GFp_poly1305_blocks - adr $r0,poly1305_blocks_neon - adr $d1,GFp_poly1305_emit - adr $r1,poly1305_emit_neon - - csel $d0,$d0,$r0,eq - csel $d1,$d1,$r1,eq - - stp $d0,$d1,[$len] - - mov x0,#1 -.Lno_key: - ret -.size GFp_poly1305_init_asm,.-GFp_poly1305_init_asm - -.type GFp_poly1305_blocks,%function -.align 5 -GFp_poly1305_blocks: - ands $len,$len,#-16 - b.eq .Lno_data - - ldp $h0,$h1,[$ctx] // load hash value - ldp $r0,$r1,[$ctx,#32] // load key value - ldr $h2,[$ctx,#16] - add $s1,$r1,$r1,lsr#2 // s1 = r1 + (r1 >> 2) - b .Loop - -.align 5 -.Loop: - ldp $t0,$t1,[$inp],#16 // load input - sub $len,$len,#16 -#ifdef __ARMEB__ - rev $t0,$t0 - rev $t1,$t1 -#endif - adds $h0,$h0,$t0 // accumulate input - adcs $h1,$h1,$t1 - - mul $d0,$h0,$r0 // h0*r0 - adc $h2,$h2,$padbit - umulh $d1,$h0,$r0 - - mul $t0,$h1,$s1 // h1*5*r1 - umulh $t1,$h1,$s1 - - adds $d0,$d0,$t0 - mul $t0,$h0,$r1 // h0*r1 - adc $d1,$d1,$t1 - umulh $d2,$h0,$r1 - - adds $d1,$d1,$t0 - mul $t0,$h1,$r0 // h1*r0 - adc $d2,$d2,xzr - umulh $t1,$h1,$r0 - - adds $d1,$d1,$t0 - mul $t0,$h2,$s1 // h2*5*r1 - adc $d2,$d2,$t1 - mul $t1,$h2,$r0 // h2*r0 - - adds $d1,$d1,$t0 - adc $d2,$d2,$t1 - - and $t0,$d2,#-4 // final reduction - and $h2,$d2,#3 - add $t0,$t0,$d2,lsr#2 - adds $h0,$d0,$t0 - adcs $h1,$d1,xzr - adc $h2,$h2,xzr - - cbnz $len,.Loop - - stp $h0,$h1,[$ctx] // store hash value - str $h2,[$ctx,#16] - -.Lno_data: - ret -.size GFp_poly1305_blocks,.-GFp_poly1305_blocks - -.type GFp_poly1305_emit,%function -.align 5 -GFp_poly1305_emit: - ldp $h0,$h1,[$ctx] // load hash base 2^64 - ldr $h2,[$ctx,#16] - ldp $t0,$t1,[$nonce] // load nonce - - adds $d0,$h0,#5 // compare to modulus - adcs $d1,$h1,xzr - adc $d2,$h2,xzr - - tst $d2,#-4 // see if it's carried/borrowed - - csel $h0,$h0,$d0,eq - csel $h1,$h1,$d1,eq - -#ifdef __ARMEB__ - ror $t0,$t0,#32 // flip nonce words - ror $t1,$t1,#32 -#endif - adds $h0,$h0,$t0 // accumulate nonce - adc $h1,$h1,$t1 -#ifdef __ARMEB__ - rev $h0,$h0 // flip output bytes - rev $h1,$h1 -#endif - stp $h0,$h1,[$mac] // write result - - ret -.size GFp_poly1305_emit,.-GFp_poly1305_emit -___ -my ($R0,$R1,$S1,$R2,$S2,$R3,$S3,$R4,$S4) = map("v$_.4s",(0..8)); -my ($IN01_0,$IN01_1,$IN01_2,$IN01_3,$IN01_4) = map("v$_.2s",(9..13)); -my ($IN23_0,$IN23_1,$IN23_2,$IN23_3,$IN23_4) = map("v$_.2s",(14..18)); -my ($ACC0,$ACC1,$ACC2,$ACC3,$ACC4) = map("v$_.2d",(19..23)); -my ($H0,$H1,$H2,$H3,$H4) = map("v$_.2s",(24..28)); -my ($T0,$T1,$MASK) = map("v$_",(29..31)); - -my ($in2,$zeros)=("x16","x17"); -my $is_base2_26 = $zeros; # borrow - -$code.=<<___; -.type poly1305_mult,%function -.align 5 -poly1305_mult: - mul $d0,$h0,$r0 // h0*r0 - umulh $d1,$h0,$r0 - - mul $t0,$h1,$s1 // h1*5*r1 - umulh $t1,$h1,$s1 - - adds $d0,$d0,$t0 - mul $t0,$h0,$r1 // h0*r1 - adc $d1,$d1,$t1 - umulh $d2,$h0,$r1 - - adds $d1,$d1,$t0 - mul $t0,$h1,$r0 // h1*r0 - adc $d2,$d2,xzr - umulh $t1,$h1,$r0 - - adds $d1,$d1,$t0 - mul $t0,$h2,$s1 // h2*5*r1 - adc $d2,$d2,$t1 - mul $t1,$h2,$r0 // h2*r0 - - adds $d1,$d1,$t0 - adc $d2,$d2,$t1 - - and $t0,$d2,#-4 // final reduction - and $h2,$d2,#3 - add $t0,$t0,$d2,lsr#2 - adds $h0,$d0,$t0 - adcs $h1,$d1,xzr - adc $h2,$h2,xzr - - ret -.size poly1305_mult,.-poly1305_mult - -.type poly1305_splat,%function -.align 5 -poly1305_splat: - and x12,$h0,#0x03ffffff // base 2^64 -> base 2^26 - ubfx x13,$h0,#26,#26 - extr x14,$h1,$h0,#52 - and x14,x14,#0x03ffffff - ubfx x15,$h1,#14,#26 - extr x16,$h2,$h1,#40 - - str w12,[$ctx,#16*0] // r0 - add w12,w13,w13,lsl#2 // r1*5 - str w13,[$ctx,#16*1] // r1 - add w13,w14,w14,lsl#2 // r2*5 - str w12,[$ctx,#16*2] // s1 - str w14,[$ctx,#16*3] // r2 - add w14,w15,w15,lsl#2 // r3*5 - str w13,[$ctx,#16*4] // s2 - str w15,[$ctx,#16*5] // r3 - add w15,w16,w16,lsl#2 // r4*5 - str w14,[$ctx,#16*6] // s3 - str w16,[$ctx,#16*7] // r4 - str w15,[$ctx,#16*8] // s4 - - ret -.size poly1305_splat,.-poly1305_splat - -.type poly1305_blocks_neon,%function -.align 5 -poly1305_blocks_neon: - ldr $is_base2_26,[$ctx,#24] - cmp $len,#128 - b.hs .Lblocks_neon - cbz $is_base2_26,GFp_poly1305_blocks - -.Lblocks_neon: - stp x29,x30,[sp,#-80]! - add x29,sp,#0 - - ands $len,$len,#-16 - b.eq .Lno_data_neon - - cbz $is_base2_26,.Lbase2_64_neon - - ldp w10,w11,[$ctx] // load hash value base 2^26 - ldp w12,w13,[$ctx,#8] - ldr w14,[$ctx,#16] - - tst $len,#31 - b.eq .Leven_neon - - ldp $r0,$r1,[$ctx,#32] // load key value - - add $h0,x10,x11,lsl#26 // base 2^26 -> base 2^64 - lsr $h1,x12,#12 - adds $h0,$h0,x12,lsl#52 - add $h1,$h1,x13,lsl#14 - adc $h1,$h1,xzr - lsr $h2,x14,#24 - adds $h1,$h1,x14,lsl#40 - adc $d2,$h2,xzr // can be partially reduced... - - ldp $d0,$d1,[$inp],#16 // load input - sub $len,$len,#16 - add $s1,$r1,$r1,lsr#2 // s1 = r1 + (r1 >> 2) - - and $t0,$d2,#-4 // ... so reduce - and $h2,$d2,#3 - add $t0,$t0,$d2,lsr#2 - adds $h0,$h0,$t0 - adcs $h1,$h1,xzr - adc $h2,$h2,xzr - -#ifdef __ARMEB__ - rev $d0,$d0 - rev $d1,$d1 -#endif - adds $h0,$h0,$d0 // accumulate input - adcs $h1,$h1,$d1 - adc $h2,$h2,$padbit - - bl poly1305_mult - ldr x30,[sp,#8] - - cbz $padbit,.Lstore_base2_64_neon - - and x10,$h0,#0x03ffffff // base 2^64 -> base 2^26 - ubfx x11,$h0,#26,#26 - extr x12,$h1,$h0,#52 - and x12,x12,#0x03ffffff - ubfx x13,$h1,#14,#26 - extr x14,$h2,$h1,#40 - - cbnz $len,.Leven_neon - - stp w10,w11,[$ctx] // store hash value base 2^26 - stp w12,w13,[$ctx,#8] - str w14,[$ctx,#16] - b .Lno_data_neon - -.align 4 -.Lstore_base2_64_neon: - stp $h0,$h1,[$ctx] // store hash value base 2^64 - stp $h2,xzr,[$ctx,#16] // note that is_base2_26 is zeroed - b .Lno_data_neon - -.align 4 -.Lbase2_64_neon: - ldp $r0,$r1,[$ctx,#32] // load key value - - ldp $h0,$h1,[$ctx] // load hash value base 2^64 - ldr $h2,[$ctx,#16] - - tst $len,#31 - b.eq .Linit_neon - - ldp $d0,$d1,[$inp],#16 // load input - sub $len,$len,#16 - add $s1,$r1,$r1,lsr#2 // s1 = r1 + (r1 >> 2) -#ifdef __ARMEB__ - rev $d0,$d0 - rev $d1,$d1 -#endif - adds $h0,$h0,$d0 // accumulate input - adcs $h1,$h1,$d1 - adc $h2,$h2,$padbit - - bl poly1305_mult - -.Linit_neon: - and x10,$h0,#0x03ffffff // base 2^64 -> base 2^26 - ubfx x11,$h0,#26,#26 - extr x12,$h1,$h0,#52 - and x12,x12,#0x03ffffff - ubfx x13,$h1,#14,#26 - extr x14,$h2,$h1,#40 - - stp d8,d9,[sp,#16] // meet ABI requirements - stp d10,d11,[sp,#32] - stp d12,d13,[sp,#48] - stp d14,d15,[sp,#64] - - fmov ${H0},x10 - fmov ${H1},x11 - fmov ${H2},x12 - fmov ${H3},x13 - fmov ${H4},x14 - - ////////////////////////////////// initialize r^n table - mov $h0,$r0 // r^1 - add $s1,$r1,$r1,lsr#2 // s1 = r1 + (r1 >> 2) - mov $h1,$r1 - mov $h2,xzr - add $ctx,$ctx,#48+12 - bl poly1305_splat - - bl poly1305_mult // r^2 - sub $ctx,$ctx,#4 - bl poly1305_splat - - bl poly1305_mult // r^3 - sub $ctx,$ctx,#4 - bl poly1305_splat - - bl poly1305_mult // r^4 - sub $ctx,$ctx,#4 - bl poly1305_splat - ldr x30,[sp,#8] - - add $in2,$inp,#32 - adr $zeros,.Lzeros - subs $len,$len,#64 - csel $in2,$zeros,$in2,lo - - mov x4,#1 - str x4,[$ctx,#-24] // set is_base2_26 - sub $ctx,$ctx,#48 // restore original $ctx - b .Ldo_neon - -.align 4 -.Leven_neon: - add $in2,$inp,#32 - adr $zeros,.Lzeros - subs $len,$len,#64 - csel $in2,$zeros,$in2,lo - - stp d8,d9,[sp,#16] // meet ABI requirements - stp d10,d11,[sp,#32] - stp d12,d13,[sp,#48] - stp d14,d15,[sp,#64] - - fmov ${H0},x10 - fmov ${H1},x11 - fmov ${H2},x12 - fmov ${H3},x13 - fmov ${H4},x14 - -.Ldo_neon: - ldp x8,x12,[$in2],#16 // inp[2:3] (or zero) - ldp x9,x13,[$in2],#48 - - lsl $padbit,$padbit,#24 - add x15,$ctx,#48 - -#ifdef __ARMEB__ - rev x8,x8 - rev x12,x12 - rev x9,x9 - rev x13,x13 -#endif - and x4,x8,#0x03ffffff // base 2^64 -> base 2^26 - and x5,x9,#0x03ffffff - ubfx x6,x8,#26,#26 - ubfx x7,x9,#26,#26 - add x4,x4,x5,lsl#32 // bfi x4,x5,#32,#32 - extr x8,x12,x8,#52 - extr x9,x13,x9,#52 - add x6,x6,x7,lsl#32 // bfi x6,x7,#32,#32 - fmov $IN23_0,x4 - and x8,x8,#0x03ffffff - and x9,x9,#0x03ffffff - ubfx x10,x12,#14,#26 - ubfx x11,x13,#14,#26 - add x12,$padbit,x12,lsr#40 - add x13,$padbit,x13,lsr#40 - add x8,x8,x9,lsl#32 // bfi x8,x9,#32,#32 - fmov $IN23_1,x6 - add x10,x10,x11,lsl#32 // bfi x10,x11,#32,#32 - add x12,x12,x13,lsl#32 // bfi x12,x13,#32,#32 - fmov $IN23_2,x8 - fmov $IN23_3,x10 - fmov $IN23_4,x12 - - ldp x8,x12,[$inp],#16 // inp[0:1] - ldp x9,x13,[$inp],#48 - - ld1 {$R0,$R1,$S1,$R2},[x15],#64 - ld1 {$S2,$R3,$S3,$R4},[x15],#64 - ld1 {$S4},[x15] - -#ifdef __ARMEB__ - rev x8,x8 - rev x12,x12 - rev x9,x9 - rev x13,x13 -#endif - and x4,x8,#0x03ffffff // base 2^64 -> base 2^26 - and x5,x9,#0x03ffffff - ubfx x6,x8,#26,#26 - ubfx x7,x9,#26,#26 - add x4,x4,x5,lsl#32 // bfi x4,x5,#32,#32 - extr x8,x12,x8,#52 - extr x9,x13,x9,#52 - add x6,x6,x7,lsl#32 // bfi x6,x7,#32,#32 - fmov $IN01_0,x4 - and x8,x8,#0x03ffffff - and x9,x9,#0x03ffffff - ubfx x10,x12,#14,#26 - ubfx x11,x13,#14,#26 - add x12,$padbit,x12,lsr#40 - add x13,$padbit,x13,lsr#40 - add x8,x8,x9,lsl#32 // bfi x8,x9,#32,#32 - fmov $IN01_1,x6 - add x10,x10,x11,lsl#32 // bfi x10,x11,#32,#32 - add x12,x12,x13,lsl#32 // bfi x12,x13,#32,#32 - movi $MASK.2d,#-1 - fmov $IN01_2,x8 - fmov $IN01_3,x10 - fmov $IN01_4,x12 - ushr $MASK.2d,$MASK.2d,#38 - - b.ls .Lskip_loop - -.align 4 -.Loop_neon: - //////////////////////////////////////////////////////////////// - // ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2 - // ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r - // \___________________/ - // ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2+inp[8])*r^2 - // ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^4+inp[7]*r^2+inp[9])*r - // \___________________/ \____________________/ - // - // Note that we start with inp[2:3]*r^2. This is because it - // doesn't depend on reduction in previous iteration. - //////////////////////////////////////////////////////////////// - // d4 = h0*r4 + h1*r3 + h2*r2 + h3*r1 + h4*r0 - // d3 = h0*r3 + h1*r2 + h2*r1 + h3*r0 + h4*5*r4 - // d2 = h0*r2 + h1*r1 + h2*r0 + h3*5*r4 + h4*5*r3 - // d1 = h0*r1 + h1*r0 + h2*5*r4 + h3*5*r3 + h4*5*r2 - // d0 = h0*r0 + h1*5*r4 + h2*5*r3 + h3*5*r2 + h4*5*r1 - - subs $len,$len,#64 - umull $ACC4,$IN23_0,${R4}[2] - csel $in2,$zeros,$in2,lo - umull $ACC3,$IN23_0,${R3}[2] - umull $ACC2,$IN23_0,${R2}[2] - ldp x8,x12,[$in2],#16 // inp[2:3] (or zero) - umull $ACC1,$IN23_0,${R1}[2] - ldp x9,x13,[$in2],#48 - umull $ACC0,$IN23_0,${R0}[2] -#ifdef __ARMEB__ - rev x8,x8 - rev x12,x12 - rev x9,x9 - rev x13,x13 -#endif - - umlal $ACC4,$IN23_1,${R3}[2] - and x4,x8,#0x03ffffff // base 2^64 -> base 2^26 - umlal $ACC3,$IN23_1,${R2}[2] - and x5,x9,#0x03ffffff - umlal $ACC2,$IN23_1,${R1}[2] - ubfx x6,x8,#26,#26 - umlal $ACC1,$IN23_1,${R0}[2] - ubfx x7,x9,#26,#26 - umlal $ACC0,$IN23_1,${S4}[2] - add x4,x4,x5,lsl#32 // bfi x4,x5,#32,#32 - - umlal $ACC4,$IN23_2,${R2}[2] - extr x8,x12,x8,#52 - umlal $ACC3,$IN23_2,${R1}[2] - extr x9,x13,x9,#52 - umlal $ACC2,$IN23_2,${R0}[2] - add x6,x6,x7,lsl#32 // bfi x6,x7,#32,#32 - umlal $ACC1,$IN23_2,${S4}[2] - fmov $IN23_0,x4 - umlal $ACC0,$IN23_2,${S3}[2] - and x8,x8,#0x03ffffff - - umlal $ACC4,$IN23_3,${R1}[2] - and x9,x9,#0x03ffffff - umlal $ACC3,$IN23_3,${R0}[2] - ubfx x10,x12,#14,#26 - umlal $ACC2,$IN23_3,${S4}[2] - ubfx x11,x13,#14,#26 - umlal $ACC1,$IN23_3,${S3}[2] - add x8,x8,x9,lsl#32 // bfi x8,x9,#32,#32 - umlal $ACC0,$IN23_3,${S2}[2] - fmov $IN23_1,x6 - - add $IN01_2,$IN01_2,$H2 - add x12,$padbit,x12,lsr#40 - umlal $ACC4,$IN23_4,${R0}[2] - add x13,$padbit,x13,lsr#40 - umlal $ACC3,$IN23_4,${S4}[2] - add x10,x10,x11,lsl#32 // bfi x10,x11,#32,#32 - umlal $ACC2,$IN23_4,${S3}[2] - add x12,x12,x13,lsl#32 // bfi x12,x13,#32,#32 - umlal $ACC1,$IN23_4,${S2}[2] - fmov $IN23_2,x8 - umlal $ACC0,$IN23_4,${S1}[2] - fmov $IN23_3,x10 - - //////////////////////////////////////////////////////////////// - // (hash+inp[0:1])*r^4 and accumulate - - add $IN01_0,$IN01_0,$H0 - fmov $IN23_4,x12 - umlal $ACC3,$IN01_2,${R1}[0] - ldp x8,x12,[$inp],#16 // inp[0:1] - umlal $ACC0,$IN01_2,${S3}[0] - ldp x9,x13,[$inp],#48 - umlal $ACC4,$IN01_2,${R2}[0] - umlal $ACC1,$IN01_2,${S4}[0] - umlal $ACC2,$IN01_2,${R0}[0] -#ifdef __ARMEB__ - rev x8,x8 - rev x12,x12 - rev x9,x9 - rev x13,x13 -#endif - - add $IN01_1,$IN01_1,$H1 - umlal $ACC3,$IN01_0,${R3}[0] - umlal $ACC4,$IN01_0,${R4}[0] - and x4,x8,#0x03ffffff // base 2^64 -> base 2^26 - umlal $ACC2,$IN01_0,${R2}[0] - and x5,x9,#0x03ffffff - umlal $ACC0,$IN01_0,${R0}[0] - ubfx x6,x8,#26,#26 - umlal $ACC1,$IN01_0,${R1}[0] - ubfx x7,x9,#26,#26 - - add $IN01_3,$IN01_3,$H3 - add x4,x4,x5,lsl#32 // bfi x4,x5,#32,#32 - umlal $ACC3,$IN01_1,${R2}[0] - extr x8,x12,x8,#52 - umlal $ACC4,$IN01_1,${R3}[0] - extr x9,x13,x9,#52 - umlal $ACC0,$IN01_1,${S4}[0] - add x6,x6,x7,lsl#32 // bfi x6,x7,#32,#32 - umlal $ACC2,$IN01_1,${R1}[0] - fmov $IN01_0,x4 - umlal $ACC1,$IN01_1,${R0}[0] - and x8,x8,#0x03ffffff - - add $IN01_4,$IN01_4,$H4 - and x9,x9,#0x03ffffff - umlal $ACC3,$IN01_3,${R0}[0] - ubfx x10,x12,#14,#26 - umlal $ACC0,$IN01_3,${S2}[0] - ubfx x11,x13,#14,#26 - umlal $ACC4,$IN01_3,${R1}[0] - add x8,x8,x9,lsl#32 // bfi x8,x9,#32,#32 - umlal $ACC1,$IN01_3,${S3}[0] - fmov $IN01_1,x6 - umlal $ACC2,$IN01_3,${S4}[0] - add x12,$padbit,x12,lsr#40 - - umlal $ACC3,$IN01_4,${S4}[0] - add x13,$padbit,x13,lsr#40 - umlal $ACC0,$IN01_4,${S1}[0] - add x10,x10,x11,lsl#32 // bfi x10,x11,#32,#32 - umlal $ACC4,$IN01_4,${R0}[0] - add x12,x12,x13,lsl#32 // bfi x12,x13,#32,#32 - umlal $ACC1,$IN01_4,${S2}[0] - fmov $IN01_2,x8 - umlal $ACC2,$IN01_4,${S3}[0] - fmov $IN01_3,x10 - fmov $IN01_4,x12 - - ///////////////////////////////////////////////////////////////// - // lazy reduction as discussed in "NEON crypto" by D.J. Bernstein - // and P. Schwabe - // - // [see discussion in poly1305-armv4 module] - - ushr $T0.2d,$ACC3,#26 - xtn $H3,$ACC3 - ushr $T1.2d,$ACC0,#26 - and $ACC0,$ACC0,$MASK.2d - add $ACC4,$ACC4,$T0.2d // h3 -> h4 - bic $H3,#0xfc,lsl#24 // &=0x03ffffff - add $ACC1,$ACC1,$T1.2d // h0 -> h1 - - ushr $T0.2d,$ACC4,#26 - xtn $H4,$ACC4 - ushr $T1.2d,$ACC1,#26 - xtn $H1,$ACC1 - bic $H4,#0xfc,lsl#24 - add $ACC2,$ACC2,$T1.2d // h1 -> h2 - - add $ACC0,$ACC0,$T0.2d - shl $T0.2d,$T0.2d,#2 - shrn $T1.2s,$ACC2,#26 - xtn $H2,$ACC2 - add $ACC0,$ACC0,$T0.2d // h4 -> h0 - bic $H1,#0xfc,lsl#24 - add $H3,$H3,$T1.2s // h2 -> h3 - bic $H2,#0xfc,lsl#24 - - shrn $T0.2s,$ACC0,#26 - xtn $H0,$ACC0 - ushr $T1.2s,$H3,#26 - bic $H3,#0xfc,lsl#24 - bic $H0,#0xfc,lsl#24 - add $H1,$H1,$T0.2s // h0 -> h1 - add $H4,$H4,$T1.2s // h3 -> h4 - - b.hi .Loop_neon - -.Lskip_loop: - dup $IN23_2,${IN23_2}[0] - add $IN01_2,$IN01_2,$H2 - - //////////////////////////////////////////////////////////////// - // multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1 - - adds $len,$len,#32 - b.ne .Long_tail - - dup $IN23_2,${IN01_2}[0] - add $IN23_0,$IN01_0,$H0 - add $IN23_3,$IN01_3,$H3 - add $IN23_1,$IN01_1,$H1 - add $IN23_4,$IN01_4,$H4 - -.Long_tail: - dup $IN23_0,${IN23_0}[0] - umull2 $ACC0,$IN23_2,${S3} - umull2 $ACC3,$IN23_2,${R1} - umull2 $ACC4,$IN23_2,${R2} - umull2 $ACC2,$IN23_2,${R0} - umull2 $ACC1,$IN23_2,${S4} - - dup $IN23_1,${IN23_1}[0] - umlal2 $ACC0,$IN23_0,${R0} - umlal2 $ACC2,$IN23_0,${R2} - umlal2 $ACC3,$IN23_0,${R3} - umlal2 $ACC4,$IN23_0,${R4} - umlal2 $ACC1,$IN23_0,${R1} - - dup $IN23_3,${IN23_3}[0] - umlal2 $ACC0,$IN23_1,${S4} - umlal2 $ACC3,$IN23_1,${R2} - umlal2 $ACC2,$IN23_1,${R1} - umlal2 $ACC4,$IN23_1,${R3} - umlal2 $ACC1,$IN23_1,${R0} - - dup $IN23_4,${IN23_4}[0] - umlal2 $ACC3,$IN23_3,${R0} - umlal2 $ACC4,$IN23_3,${R1} - umlal2 $ACC0,$IN23_3,${S2} - umlal2 $ACC1,$IN23_3,${S3} - umlal2 $ACC2,$IN23_3,${S4} - - umlal2 $ACC3,$IN23_4,${S4} - umlal2 $ACC0,$IN23_4,${S1} - umlal2 $ACC4,$IN23_4,${R0} - umlal2 $ACC1,$IN23_4,${S2} - umlal2 $ACC2,$IN23_4,${S3} - - b.eq .Lshort_tail - - //////////////////////////////////////////////////////////////// - // (hash+inp[0:1])*r^4:r^3 and accumulate - - add $IN01_0,$IN01_0,$H0 - umlal $ACC3,$IN01_2,${R1} - umlal $ACC0,$IN01_2,${S3} - umlal $ACC4,$IN01_2,${R2} - umlal $ACC1,$IN01_2,${S4} - umlal $ACC2,$IN01_2,${R0} - - add $IN01_1,$IN01_1,$H1 - umlal $ACC3,$IN01_0,${R3} - umlal $ACC0,$IN01_0,${R0} - umlal $ACC4,$IN01_0,${R4} - umlal $ACC1,$IN01_0,${R1} - umlal $ACC2,$IN01_0,${R2} - - add $IN01_3,$IN01_3,$H3 - umlal $ACC3,$IN01_1,${R2} - umlal $ACC0,$IN01_1,${S4} - umlal $ACC4,$IN01_1,${R3} - umlal $ACC1,$IN01_1,${R0} - umlal $ACC2,$IN01_1,${R1} - - add $IN01_4,$IN01_4,$H4 - umlal $ACC3,$IN01_3,${R0} - umlal $ACC0,$IN01_3,${S2} - umlal $ACC4,$IN01_3,${R1} - umlal $ACC1,$IN01_3,${S3} - umlal $ACC2,$IN01_3,${S4} - - umlal $ACC3,$IN01_4,${S4} - umlal $ACC0,$IN01_4,${S1} - umlal $ACC4,$IN01_4,${R0} - umlal $ACC1,$IN01_4,${S2} - umlal $ACC2,$IN01_4,${S3} - -.Lshort_tail: - //////////////////////////////////////////////////////////////// - // horizontal add - - addp $ACC3,$ACC3,$ACC3 - ldp d8,d9,[sp,#16] // meet ABI requirements - addp $ACC0,$ACC0,$ACC0 - ldp d10,d11,[sp,#32] - addp $ACC4,$ACC4,$ACC4 - ldp d12,d13,[sp,#48] - addp $ACC1,$ACC1,$ACC1 - ldp d14,d15,[sp,#64] - addp $ACC2,$ACC2,$ACC2 - - //////////////////////////////////////////////////////////////// - // lazy reduction, but without narrowing - - ushr $T0.2d,$ACC3,#26 - and $ACC3,$ACC3,$MASK.2d - ushr $T1.2d,$ACC0,#26 - and $ACC0,$ACC0,$MASK.2d - - add $ACC4,$ACC4,$T0.2d // h3 -> h4 - add $ACC1,$ACC1,$T1.2d // h0 -> h1 - - ushr $T0.2d,$ACC4,#26 - and $ACC4,$ACC4,$MASK.2d - ushr $T1.2d,$ACC1,#26 - and $ACC1,$ACC1,$MASK.2d - add $ACC2,$ACC2,$T1.2d // h1 -> h2 - - add $ACC0,$ACC0,$T0.2d - shl $T0.2d,$T0.2d,#2 - ushr $T1.2d,$ACC2,#26 - and $ACC2,$ACC2,$MASK.2d - add $ACC0,$ACC0,$T0.2d // h4 -> h0 - add $ACC3,$ACC3,$T1.2d // h2 -> h3 - - ushr $T0.2d,$ACC0,#26 - and $ACC0,$ACC0,$MASK.2d - ushr $T1.2d,$ACC3,#26 - and $ACC3,$ACC3,$MASK.2d - add $ACC1,$ACC1,$T0.2d // h0 -> h1 - add $ACC4,$ACC4,$T1.2d // h3 -> h4 - - //////////////////////////////////////////////////////////////// - // write the result, can be partially reduced - - st4 {$ACC0,$ACC1,$ACC2,$ACC3}[0],[$ctx],#16 - st1 {$ACC4}[0],[$ctx] - -.Lno_data_neon: - ldr x29,[sp],#80 - ret -.size poly1305_blocks_neon,.-poly1305_blocks_neon - -.type poly1305_emit_neon,%function -.align 5 -poly1305_emit_neon: - ldr $is_base2_26,[$ctx,#24] - cbz $is_base2_26,GFp_poly1305_emit - - ldp w10,w11,[$ctx] // load hash value base 2^26 - ldp w12,w13,[$ctx,#8] - ldr w14,[$ctx,#16] - - add $h0,x10,x11,lsl#26 // base 2^26 -> base 2^64 - lsr $h1,x12,#12 - adds $h0,$h0,x12,lsl#52 - add $h1,$h1,x13,lsl#14 - adc $h1,$h1,xzr - lsr $h2,x14,#24 - adds $h1,$h1,x14,lsl#40 - adc $h2,$h2,xzr // can be partially reduced... - - ldp $t0,$t1,[$nonce] // load nonce - - and $d0,$h2,#-4 // ... so reduce - add $d0,$d0,$h2,lsr#2 - and $h2,$h2,#3 - adds $h0,$h0,$d0 - adcs $h1,$h1,xzr - adc $h2,$h2,xzr - - adds $d0,$h0,#5 // compare to modulus - adcs $d1,$h1,xzr - adc $d2,$h2,xzr - - tst $d2,#-4 // see if it's carried/borrowed - - csel $h0,$h0,$d0,eq - csel $h1,$h1,$d1,eq - -#ifdef __ARMEB__ - ror $t0,$t0,#32 // flip nonce words - ror $t1,$t1,#32 -#endif - adds $h0,$h0,$t0 // accumulate nonce - adc $h1,$h1,$t1 -#ifdef __ARMEB__ - rev $h0,$h0 // flip output bytes - rev $h1,$h1 -#endif - stp $h0,$h1,[$mac] // write result - - ret -.size poly1305_emit_neon,.-poly1305_emit_neon - -.align 5 -.Lzeros: -.long 0,0,0,0,0,0,0,0 -.LGFp_armcap_P: -#ifdef __ILP32__ -.long GFp_armcap_P-. -#else -.quad GFp_armcap_P-. -#endif -.asciz "Poly1305 for ARMv8, CRYPTOGAMS by " -.align 2 -___ - -foreach (split("\n",$code)) { - s/\b(shrn\s+v[0-9]+)\.[24]d/$1.2s/ or - s/\b(fmov\s+)v([0-9]+)[^,]*,\s*x([0-9]+)/$1d$2,x$3/ or - (m/\bdup\b/ and (s/\.[24]s/.2d/g or 1)) or - (m/\b(eor|and)/ and (s/\.[248][sdh]/.16b/g or 1)) or - (m/\bum(ul|la)l\b/ and (s/\.4s/.2s/g or 1)) or - (m/\bum(ul|la)l2\b/ and (s/\.2s/.4s/g or 1)) or - (m/\bst[1-4]\s+{[^}]+}\[/ and (s/\.[24]d/.s/g or 1)); - - s/\.[124]([sd])\[/.$1\[/; - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT"; diff --git a/crypto/poly1305/asm/poly1305-x86.pl b/crypto/poly1305/asm/poly1305-x86.pl deleted file mode 100755 index 3f0e4c416b..0000000000 --- a/crypto/poly1305/asm/poly1305-x86.pl +++ /dev/null @@ -1,1223 +0,0 @@ -#!/usr/bin/env perl -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# This module implements Poly1305 hash for x86. -# -# April 2015 -# -# Numbers are cycles per processed byte with poly1305_blocks alone, -# measured with rdtsc at fixed clock frequency. -# -# IALU/gcc-3.4(*) SSE2(**) AVX2 -# Pentium 15.7/+80% - -# PIII 6.21/+90% - -# P4 19.8/+40% 3.24 -# Core 2 4.85/+90% 1.80 -# Westmere 4.58/+100% 1.43 -# Sandy Bridge 3.90/+100% 1.36 -# Haswell 3.88/+70% 1.18 0.72 -# Silvermont 11.0/+40% 4.80 -# VIA Nano 6.71/+90% 2.47 -# Sledgehammer 3.51/+180% 4.27 -# Bulldozer 4.53/+140% 1.31 -# -# (*) gcc 4.8 for some reason generated worse code; -# (**) besides SSE2 there are floating-point and AVX options; FP -# is deemed unnecessary, because pre-SSE2 processor are too -# old to care about, while it's not the fastest option on -# SSE2-capable ones; AVX is omitted, because it doesn't give -# a lot of improvement, 5-10% depending on processor; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output=pop; -open STDOUT,">$output"; - -&asm_init($ARGV[0],"poly1305-x86.pl",$ARGV[$#ARGV] eq "386"); - -$sse2=$avx=0; -for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -if ($sse2) { - &static_label("const_sse2"); - &static_label("enter_blocks"); - &static_label("enter_emit"); - &external_label("GFp_ia32cap_P"); - - # This may be set to 2, but valgrind can't do AVX2 on 32-bit. Without a - # way to verify test coverage, keep it disabled. - # The AVX2 code was removed. - $avx = 0; -} - -######################################################################## -# Layout of opaque area is following. -# -# unsigned __int32 h[5]; # current hash value base 2^32 -# unsigned __int32 pad; # is_base2_26 in vector context -# unsigned __int32 r[4]; # key value base 2^32 - -&align(64); -&function_begin("GFp_poly1305_init_asm"); - &mov ("edi",&wparam(0)); # context - &mov ("esi",&wparam(1)); # key - &mov ("ebp",&wparam(2)); # function table - - &xor ("eax","eax"); - &mov (&DWP(4*0,"edi"),"eax"); # zero hash value - &mov (&DWP(4*1,"edi"),"eax"); - &mov (&DWP(4*2,"edi"),"eax"); - &mov (&DWP(4*3,"edi"),"eax"); - &mov (&DWP(4*4,"edi"),"eax"); - &mov (&DWP(4*5,"edi"),"eax"); # is_base2_26 - - &cmp ("esi",0); - &je (&label("nokey")); - - if ($sse2) { - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop("ebx"); - - &lea ("eax",&DWP("GFp_poly1305_blocks-".&label("pic_point"),"ebx")); - &lea ("edx",&DWP("GFp_poly1305_emit-".&label("pic_point"),"ebx")); - - &picmeup("edi","GFp_ia32cap_P","ebx",&label("pic_point")); - &mov ("ecx",&DWP(0,"edi")); - &and ("ecx",1<<26|1<<24); - &cmp ("ecx",1<<26|1<<24); # SSE2 and XMM? - # The non-SSE2 code was removed. - - &lea ("eax",&DWP("_poly1305_blocks_sse2-".&label("pic_point"),"ebx")); - &lea ("edx",&DWP("_poly1305_emit_sse2-".&label("pic_point"),"ebx")); - - # AVX2 code removed. - - # The non-SSE2 code was removed. - - &mov ("edi",&wparam(0)); # reload context - &mov (&DWP(0,"ebp"),"eax"); # fill function table - &mov (&DWP(4,"ebp"),"edx"); - } - - &mov ("eax",&DWP(4*0,"esi")); # load input key - &mov ("ebx",&DWP(4*1,"esi")); - &mov ("ecx",&DWP(4*2,"esi")); - &mov ("edx",&DWP(4*3,"esi")); - &and ("eax",0x0fffffff); - &and ("ebx",0x0ffffffc); - &and ("ecx",0x0ffffffc); - &and ("edx",0x0ffffffc); - &mov (&DWP(4*6,"edi"),"eax"); - &mov (&DWP(4*7,"edi"),"ebx"); - &mov (&DWP(4*8,"edi"),"ecx"); - &mov (&DWP(4*9,"edi"),"edx"); - - &mov ("eax",$sse2); -&set_label("nokey"); -&function_end("GFp_poly1305_init_asm"); - -($h0,$h1,$h2,$h3,$h4, - $d0,$d1,$d2,$d3, - $r0,$r1,$r2,$r3, - $s1,$s2,$s3)=map(4*$_,(0..15)); - -&function_begin("GFp_poly1305_blocks"); - &mov ("edi",&wparam(0)); # ctx - &mov ("esi",&wparam(1)); # inp - &mov ("ecx",&wparam(2)); # len -&set_label("enter_blocks"); - &and ("ecx",-15); - &jz (&label("nodata")); - - &stack_push(16); - &mov ("eax",&DWP(4*6,"edi")); # r0 - &mov ("ebx",&DWP(4*7,"edi")); # r1 - &lea ("ebp",&DWP(0,"esi","ecx")); # end of input - &mov ("ecx",&DWP(4*8,"edi")); # r2 - &mov ("edx",&DWP(4*9,"edi")); # r3 - - &mov (&wparam(2),"ebp"); - &mov ("ebp","esi"); - - &mov (&DWP($r0,"esp"),"eax"); # r0 - &mov ("eax","ebx"); - &shr ("eax",2); - &mov (&DWP($r1,"esp"),"ebx"); # r1 - &add ("eax","ebx"); # s1 - &mov ("ebx","ecx"); - &shr ("ebx",2); - &mov (&DWP($r2,"esp"),"ecx"); # r2 - &add ("ebx","ecx"); # s2 - &mov ("ecx","edx"); - &shr ("ecx",2); - &mov (&DWP($r3,"esp"),"edx"); # r3 - &add ("ecx","edx"); # s3 - &mov (&DWP($s1,"esp"),"eax"); # s1 - &mov (&DWP($s2,"esp"),"ebx"); # s2 - &mov (&DWP($s3,"esp"),"ecx"); # s3 - - &mov ("eax",&DWP(4*0,"edi")); # load hash value - &mov ("ebx",&DWP(4*1,"edi")); - &mov ("ecx",&DWP(4*2,"edi")); - &mov ("esi",&DWP(4*3,"edi")); - &mov ("edi",&DWP(4*4,"edi")); - &jmp (&label("loop")); - -&set_label("loop",32); - &add ("eax",&DWP(4*0,"ebp")); # accumulate input - &adc ("ebx",&DWP(4*1,"ebp")); - &adc ("ecx",&DWP(4*2,"ebp")); - &adc ("esi",&DWP(4*3,"ebp")); - &lea ("ebp",&DWP(4*4,"ebp")); - &adc ("edi",&wparam(3)); # padbit - - &mov (&DWP($h0,"esp"),"eax"); # put aside hash[+inp] - &mov (&DWP($h3,"esp"),"esi"); - - &mul (&DWP($r0,"esp")); # h0*r0 - &mov (&DWP($h4,"esp"),"edi"); - &mov ("edi","eax"); - &mov ("eax","ebx"); # h1 - &mov ("esi","edx"); - &mul (&DWP($s3,"esp")); # h1*s3 - &add ("edi","eax"); - &mov ("eax","ecx"); # h2 - &adc ("esi","edx"); - &mul (&DWP($s2,"esp")); # h2*s2 - &add ("edi","eax"); - &mov ("eax",&DWP($h3,"esp")); - &adc ("esi","edx"); - &mul (&DWP($s1,"esp")); # h3*s1 - &add ("edi","eax"); - &mov ("eax",&DWP($h0,"esp")); - &adc ("esi","edx"); - - &mul (&DWP($r1,"esp")); # h0*r1 - &mov (&DWP($d0,"esp"),"edi"); - &xor ("edi","edi"); - &add ("esi","eax"); - &mov ("eax","ebx"); # h1 - &adc ("edi","edx"); - &mul (&DWP($r0,"esp")); # h1*r0 - &add ("esi","eax"); - &mov ("eax","ecx"); # h2 - &adc ("edi","edx"); - &mul (&DWP($s3,"esp")); # h2*s3 - &add ("esi","eax"); - &mov ("eax",&DWP($h3,"esp")); - &adc ("edi","edx"); - &mul (&DWP($s2,"esp")); # h3*s2 - &add ("esi","eax"); - &mov ("eax",&DWP($h4,"esp")); - &adc ("edi","edx"); - &imul ("eax",&DWP($s1,"esp")); # h4*s1 - &add ("esi","eax"); - &mov ("eax",&DWP($h0,"esp")); - &adc ("edi",0); - - &mul (&DWP($r2,"esp")); # h0*r2 - &mov (&DWP($d1,"esp"),"esi"); - &xor ("esi","esi"); - &add ("edi","eax"); - &mov ("eax","ebx"); # h1 - &adc ("esi","edx"); - &mul (&DWP($r1,"esp")); # h1*r1 - &add ("edi","eax"); - &mov ("eax","ecx"); # h2 - &adc ("esi","edx"); - &mul (&DWP($r0,"esp")); # h2*r0 - &add ("edi","eax"); - &mov ("eax",&DWP($h3,"esp")); - &adc ("esi","edx"); - &mul (&DWP($s3,"esp")); # h3*s3 - &add ("edi","eax"); - &mov ("eax",&DWP($h4,"esp")); - &adc ("esi","edx"); - &imul ("eax",&DWP($s2,"esp")); # h4*s2 - &add ("edi","eax"); - &mov ("eax",&DWP($h0,"esp")); - &adc ("esi",0); - - &mul (&DWP($r3,"esp")); # h0*r3 - &mov (&DWP($d2,"esp"),"edi"); - &xor ("edi","edi"); - &add ("esi","eax"); - &mov ("eax","ebx"); # h1 - &adc ("edi","edx"); - &mul (&DWP($r2,"esp")); # h1*r2 - &add ("esi","eax"); - &mov ("eax","ecx"); # h2 - &adc ("edi","edx"); - &mul (&DWP($r1,"esp")); # h2*r1 - &add ("esi","eax"); - &mov ("eax",&DWP($h3,"esp")); - &adc ("edi","edx"); - &mul (&DWP($r0,"esp")); # h3*r0 - &add ("esi","eax"); - &mov ("ecx",&DWP($h4,"esp")); - &adc ("edi","edx"); - - &mov ("edx","ecx"); - &imul ("ecx",&DWP($s3,"esp")); # h4*s3 - &add ("esi","ecx"); - &mov ("eax",&DWP($d0,"esp")); - &adc ("edi",0); - - &imul ("edx",&DWP($r0,"esp")); # h4*r0 - &add ("edx","edi"); - - &mov ("ebx",&DWP($d1,"esp")); - &mov ("ecx",&DWP($d2,"esp")); - - &mov ("edi","edx"); # last reduction step - &shr ("edx",2); - &and ("edi",3); - &lea ("edx",&DWP(0,"edx","edx",4)); # *5 - &add ("eax","edx"); - &adc ("ebx",0); - &adc ("ecx",0); - &adc ("esi",0); - &adc ("edi",0); - - &cmp ("ebp",&wparam(2)); # done yet? - &jne (&label("loop")); - - &mov ("edx",&wparam(0)); # ctx - &stack_pop(16); - &mov (&DWP(4*0,"edx"),"eax"); # store hash value - &mov (&DWP(4*1,"edx"),"ebx"); - &mov (&DWP(4*2,"edx"),"ecx"); - &mov (&DWP(4*3,"edx"),"esi"); - &mov (&DWP(4*4,"edx"),"edi"); -&set_label("nodata"); -&function_end("GFp_poly1305_blocks"); - -&function_begin("GFp_poly1305_emit"); - &mov ("ebp",&wparam(0)); # context -&set_label("enter_emit"); - &mov ("edi",&wparam(1)); # output - &mov ("eax",&DWP(4*0,"ebp")); # load hash value - &mov ("ebx",&DWP(4*1,"ebp")); - &mov ("ecx",&DWP(4*2,"ebp")); - &mov ("edx",&DWP(4*3,"ebp")); - &mov ("esi",&DWP(4*4,"ebp")); - - &add ("eax",5); # compare to modulus - &adc ("ebx",0); - &adc ("ecx",0); - &adc ("edx",0); - &adc ("esi",0); - &shr ("esi",2); # did it carry/borrow? - &neg ("esi"); # do we choose hash-modulus? - - &and ("eax","esi"); - &and ("ebx","esi"); - &and ("ecx","esi"); - &and ("edx","esi"); - &mov (&DWP(4*0,"edi"),"eax"); - &mov (&DWP(4*1,"edi"),"ebx"); - &mov (&DWP(4*2,"edi"),"ecx"); - &mov (&DWP(4*3,"edi"),"edx"); - - ¬ ("esi"); # or original hash value? - &mov ("eax",&DWP(4*0,"ebp")); - &mov ("ebx",&DWP(4*1,"ebp")); - &mov ("ecx",&DWP(4*2,"ebp")); - &mov ("edx",&DWP(4*3,"ebp")); - &mov ("ebp",&wparam(2)); - &and ("eax","esi"); - &and ("ebx","esi"); - &and ("ecx","esi"); - &and ("edx","esi"); - &or ("eax",&DWP(4*0,"edi")); - &or ("ebx",&DWP(4*1,"edi")); - &or ("ecx",&DWP(4*2,"edi")); - &or ("edx",&DWP(4*3,"edi")); - - &add ("eax",&DWP(4*0,"ebp")); # accumulate key - &adc ("ebx",&DWP(4*1,"ebp")); - &adc ("ecx",&DWP(4*2,"ebp")); - &adc ("edx",&DWP(4*3,"ebp")); - - &mov (&DWP(4*0,"edi"),"eax"); - &mov (&DWP(4*1,"edi"),"ebx"); - &mov (&DWP(4*2,"edi"),"ecx"); - &mov (&DWP(4*3,"edi"),"edx"); -&function_end("GFp_poly1305_emit"); - -if ($sse2) { -######################################################################## -# Layout of opaque area is following. -# -# unsigned __int32 h[5]; # current hash value base 2^26 -# unsigned __int32 is_base2_26; -# unsigned __int32 r[4]; # key value base 2^32 -# unsigned __int32 pad[2]; -# struct { unsigned __int32 r^4, r^3, r^2, r^1; } r[9]; -# -# where r^n are base 2^26 digits of degrees of multiplier key. There are -# 5 digits, but last four are interleaved with multiples of 5, totalling -# in 9 elements: r0, r1, 5*r1, r2, 5*r2, r3, 5*r3, r4, 5*r4. - -my ($D0,$D1,$D2,$D3,$D4,$T0,$T1,$T2)=map("xmm$_",(0..7)); -my $MASK=$T2; # borrow and keep in mind - -&align (32); -&function_begin_B("_poly1305_init_sse2"); - &movdqu ($D4,&QWP(4*6,"edi")); # key base 2^32 - &lea ("edi",&DWP(16*3,"edi")); # size optimization - &mov ("ebp","esp"); - &sub ("esp",16*(9+5)); - &and ("esp",-16); - - #&pand ($D4,&QWP(96,"ebx")); # magic mask - &movq ($MASK,&QWP(64,"ebx")); - - &movdqa ($D0,$D4); - &movdqa ($D1,$D4); - &movdqa ($D2,$D4); - - &pand ($D0,$MASK); # -> base 2^26 - &psrlq ($D1,26); - &psrldq ($D2,6); - &pand ($D1,$MASK); - &movdqa ($D3,$D2); - &psrlq ($D2,4) - &psrlq ($D3,30); - &pand ($D2,$MASK); - &pand ($D3,$MASK); - &psrldq ($D4,13); - - &lea ("edx",&DWP(16*9,"esp")); # size optimization - &mov ("ecx",2); -&set_label("square"); - &movdqa (&QWP(16*0,"esp"),$D0); - &movdqa (&QWP(16*1,"esp"),$D1); - &movdqa (&QWP(16*2,"esp"),$D2); - &movdqa (&QWP(16*3,"esp"),$D3); - &movdqa (&QWP(16*4,"esp"),$D4); - - &movdqa ($T1,$D1); - &movdqa ($T0,$D2); - &pslld ($T1,2); - &pslld ($T0,2); - &paddd ($T1,$D1); # *5 - &paddd ($T0,$D2); # *5 - &movdqa (&QWP(16*5,"esp"),$T1); - &movdqa (&QWP(16*6,"esp"),$T0); - &movdqa ($T1,$D3); - &movdqa ($T0,$D4); - &pslld ($T1,2); - &pslld ($T0,2); - &paddd ($T1,$D3); # *5 - &paddd ($T0,$D4); # *5 - &movdqa (&QWP(16*7,"esp"),$T1); - &movdqa (&QWP(16*8,"esp"),$T0); - - &pshufd ($T1,$D0,0b01000100); - &movdqa ($T0,$D1); - &pshufd ($D1,$D1,0b01000100); - &pshufd ($D2,$D2,0b01000100); - &pshufd ($D3,$D3,0b01000100); - &pshufd ($D4,$D4,0b01000100); - &movdqa (&QWP(16*0,"edx"),$T1); - &movdqa (&QWP(16*1,"edx"),$D1); - &movdqa (&QWP(16*2,"edx"),$D2); - &movdqa (&QWP(16*3,"edx"),$D3); - &movdqa (&QWP(16*4,"edx"),$D4); - - ################################################################ - # d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 - # d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 - # d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - # d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 - # d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 - - &pmuludq ($D4,$D0); # h4*r0 - &pmuludq ($D3,$D0); # h3*r0 - &pmuludq ($D2,$D0); # h2*r0 - &pmuludq ($D1,$D0); # h1*r0 - &pmuludq ($D0,$T1); # h0*r0 - -sub pmuladd { -my $load = shift; -my $base = shift; $base = "esp" if (!defined($base)); - - ################################################################ - # As for choice to "rotate" $T0-$T2 in order to move paddq - # past next multiplication. While it makes code harder to read - # and doesn't have significant effect on most processors, it - # makes a lot of difference on Atom, up to 30% improvement. - - &movdqa ($T1,$T0); - &pmuludq ($T0,&QWP(16*3,$base)); # r1*h3 - &movdqa ($T2,$T1); - &pmuludq ($T1,&QWP(16*2,$base)); # r1*h2 - &paddq ($D4,$T0); - &movdqa ($T0,$T2); - &pmuludq ($T2,&QWP(16*1,$base)); # r1*h1 - &paddq ($D3,$T1); - &$load ($T1,5); # s1 - &pmuludq ($T0,&QWP(16*0,$base)); # r1*h0 - &paddq ($D2,$T2); - &pmuludq ($T1,&QWP(16*4,$base)); # s1*h4 - &$load ($T2,2); # r2^n - &paddq ($D1,$T0); - - &movdqa ($T0,$T2); - &pmuludq ($T2,&QWP(16*2,$base)); # r2*h2 - &paddq ($D0,$T1); - &movdqa ($T1,$T0); - &pmuludq ($T0,&QWP(16*1,$base)); # r2*h1 - &paddq ($D4,$T2); - &$load ($T2,6); # s2^n - &pmuludq ($T1,&QWP(16*0,$base)); # r2*h0 - &paddq ($D3,$T0); - &movdqa ($T0,$T2); - &pmuludq ($T2,&QWP(16*4,$base)); # s2*h4 - &paddq ($D2,$T1); - &pmuludq ($T0,&QWP(16*3,$base)); # s2*h3 - &$load ($T1,3); # r3^n - &paddq ($D1,$T2); - - &movdqa ($T2,$T1); - &pmuludq ($T1,&QWP(16*1,$base)); # r3*h1 - &paddq ($D0,$T0); - &$load ($T0,7); # s3^n - &pmuludq ($T2,&QWP(16*0,$base)); # r3*h0 - &paddq ($D4,$T1); - &movdqa ($T1,$T0); - &pmuludq ($T0,&QWP(16*4,$base)); # s3*h4 - &paddq ($D3,$T2); - &movdqa ($T2,$T1); - &pmuludq ($T1,&QWP(16*3,$base)); # s3*h3 - &paddq ($D2,$T0); - &pmuludq ($T2,&QWP(16*2,$base)); # s3*h2 - &$load ($T0,4); # r4^n - &paddq ($D1,$T1); - - &$load ($T1,8); # s4^n - &pmuludq ($T0,&QWP(16*0,$base)); # r4*h0 - &paddq ($D0,$T2); - &movdqa ($T2,$T1); - &pmuludq ($T1,&QWP(16*4,$base)); # s4*h4 - &paddq ($D4,$T0); - &movdqa ($T0,$T2); - &pmuludq ($T2,&QWP(16*1,$base)); # s4*h1 - &paddq ($D3,$T1); - &movdqa ($T1,$T0); - &pmuludq ($T0,&QWP(16*2,$base)); # s4*h2 - &paddq ($D0,$T2); - &pmuludq ($T1,&QWP(16*3,$base)); # s4*h3 - &movdqa ($MASK,&QWP(64,"ebx")); - &paddq ($D1,$T0); - &paddq ($D2,$T1); -} - &pmuladd (sub { my ($reg,$i)=@_; - &movdqa ($reg,&QWP(16*$i,"esp")); - },"edx"); - -sub lazy_reduction { -my $extra = shift; - - ################################################################ - # lazy reduction as discussed in "NEON crypto" by D.J. Bernstein - # and P. Schwabe - # - # [(*) see discussion in poly1305-armv4 module] - - &movdqa ($T0,$D3); - &pand ($D3,$MASK); - &psrlq ($T0,26); - &$extra () if (defined($extra)); - &paddq ($T0,$D4); # h3 -> h4 - &movdqa ($T1,$D0); - &pand ($D0,$MASK); - &psrlq ($T1,26); - &movdqa ($D4,$T0); - &paddq ($T1,$D1); # h0 -> h1 - &psrlq ($T0,26); - &pand ($D4,$MASK); - &movdqa ($D1,$T1); - &psrlq ($T1,26); - &paddd ($D0,$T0); # favour paddd when - # possible, because - # paddq is "broken" - # on Atom - &psllq ($T0,2); - &paddq ($T1,$D2); # h1 -> h2 - &paddq ($T0,$D0); # h4 -> h0 (*) - &pand ($D1,$MASK); - &movdqa ($D2,$T1); - &psrlq ($T1,26); - &pand ($D2,$MASK); - &paddd ($T1,$D3); # h2 -> h3 - &movdqa ($D0,$T0); - &psrlq ($T0,26); - &movdqa ($D3,$T1); - &psrlq ($T1,26); - &pand ($D0,$MASK); - &paddd ($D1,$T0); # h0 -> h1 - &pand ($D3,$MASK); - &paddd ($D4,$T1); # h3 -> h4 -} - &lazy_reduction (); - - &dec ("ecx"); - &jz (&label("square_break")); - - &punpcklqdq ($D0,&QWP(16*0,"esp")); # 0:r^1:0:r^2 - &punpcklqdq ($D1,&QWP(16*1,"esp")); - &punpcklqdq ($D2,&QWP(16*2,"esp")); - &punpcklqdq ($D3,&QWP(16*3,"esp")); - &punpcklqdq ($D4,&QWP(16*4,"esp")); - &jmp (&label("square")); - -&set_label("square_break"); - &psllq ($D0,32); # -> r^3:0:r^4:0 - &psllq ($D1,32); - &psllq ($D2,32); - &psllq ($D3,32); - &psllq ($D4,32); - &por ($D0,&QWP(16*0,"esp")); # r^3:r^1:r^4:r^2 - &por ($D1,&QWP(16*1,"esp")); - &por ($D2,&QWP(16*2,"esp")); - &por ($D3,&QWP(16*3,"esp")); - &por ($D4,&QWP(16*4,"esp")); - - &pshufd ($D0,$D0,0b10001101); # -> r^1:r^2:r^3:r^4 - &pshufd ($D1,$D1,0b10001101); - &pshufd ($D2,$D2,0b10001101); - &pshufd ($D3,$D3,0b10001101); - &pshufd ($D4,$D4,0b10001101); - - &movdqu (&QWP(16*0,"edi"),$D0); # save the table - &movdqu (&QWP(16*1,"edi"),$D1); - &movdqu (&QWP(16*2,"edi"),$D2); - &movdqu (&QWP(16*3,"edi"),$D3); - &movdqu (&QWP(16*4,"edi"),$D4); - - &movdqa ($T1,$D1); - &movdqa ($T0,$D2); - &pslld ($T1,2); - &pslld ($T0,2); - &paddd ($T1,$D1); # *5 - &paddd ($T0,$D2); # *5 - &movdqu (&QWP(16*5,"edi"),$T1); - &movdqu (&QWP(16*6,"edi"),$T0); - &movdqa ($T1,$D3); - &movdqa ($T0,$D4); - &pslld ($T1,2); - &pslld ($T0,2); - &paddd ($T1,$D3); # *5 - &paddd ($T0,$D4); # *5 - &movdqu (&QWP(16*7,"edi"),$T1); - &movdqu (&QWP(16*8,"edi"),$T0); - - &mov ("esp","ebp"); - &lea ("edi",&DWP(-16*3,"edi")); # size de-optimization - &ret (); -&function_end_B("_poly1305_init_sse2"); - -&align (32); -&function_begin("_poly1305_blocks_sse2"); - &mov ("edi",&wparam(0)); # ctx - &mov ("esi",&wparam(1)); # inp - &mov ("ecx",&wparam(2)); # len - - &mov ("eax",&DWP(4*5,"edi")); # is_base2_26 - &and ("ecx",-16); - &jz (&label("nodata")); - &cmp ("ecx",64); - &jae (&label("enter_sse2")); - &test ("eax","eax"); # is_base2_26? - &jz (&label("enter_blocks")); - -&set_label("enter_sse2",16); - &call (&label("pic_point")); -&set_label("pic_point"); - &blindpop("ebx"); - &lea ("ebx",&DWP(&label("const_sse2")."-".&label("pic_point"),"ebx")); - - &test ("eax","eax"); # is_base2_26? - &jnz (&label("base2_26")); - - &call ("_poly1305_init_sse2"); - - ################################################# base 2^32 -> base 2^26 - &mov ("eax",&DWP(0,"edi")); - &mov ("ecx",&DWP(3,"edi")); - &mov ("edx",&DWP(6,"edi")); - &mov ("esi",&DWP(9,"edi")); - &mov ("ebp",&DWP(13,"edi")); - &mov (&DWP(4*5,"edi"),1); # is_base2_26 - - &shr ("ecx",2); - &and ("eax",0x3ffffff); - &shr ("edx",4); - &and ("ecx",0x3ffffff); - &shr ("esi",6); - &and ("edx",0x3ffffff); - - &movd ($D0,"eax"); - &movd ($D1,"ecx"); - &movd ($D2,"edx"); - &movd ($D3,"esi"); - &movd ($D4,"ebp"); - - &mov ("esi",&wparam(1)); # [reload] inp - &mov ("ecx",&wparam(2)); # [reload] len - &jmp (&label("base2_32")); - -&set_label("base2_26",16); - &movd ($D0,&DWP(4*0,"edi")); # load hash value - &movd ($D1,&DWP(4*1,"edi")); - &movd ($D2,&DWP(4*2,"edi")); - &movd ($D3,&DWP(4*3,"edi")); - &movd ($D4,&DWP(4*4,"edi")); - &movdqa ($MASK,&QWP(64,"ebx")); - -&set_label("base2_32"); - &mov ("eax",&wparam(3)); # padbit - &mov ("ebp","esp"); - - &sub ("esp",16*(5+5+5+9+9)); - &and ("esp",-16); - - &lea ("edi",&DWP(16*3,"edi")); # size optimization - &shl ("eax",24); # padbit - - &test ("ecx",31); - &jz (&label("even")); - - ################################################################ - # process single block, with SSE2, because it's still faster - # even though half of result is discarded - - &movdqu ($T1,&QWP(0,"esi")); # input - &lea ("esi",&DWP(16,"esi")); - - &movdqa ($T0,$T1); # -> base 2^26 ... - &pand ($T1,$MASK); - &paddd ($D0,$T1); # ... and accumuate - - &movdqa ($T1,$T0); - &psrlq ($T0,26); - &psrldq ($T1,6); - &pand ($T0,$MASK); - &paddd ($D1,$T0); - - &movdqa ($T0,$T1); - &psrlq ($T1,4); - &pand ($T1,$MASK); - &paddd ($D2,$T1); - - &movdqa ($T1,$T0); - &psrlq ($T0,30); - &pand ($T0,$MASK); - &psrldq ($T1,7); - &paddd ($D3,$T0); - - &movd ($T0,"eax"); # padbit - &paddd ($D4,$T1); - &movd ($T1,&DWP(16*0+12,"edi")); # r0 - &paddd ($D4,$T0); - - &movdqa (&QWP(16*0,"esp"),$D0); - &movdqa (&QWP(16*1,"esp"),$D1); - &movdqa (&QWP(16*2,"esp"),$D2); - &movdqa (&QWP(16*3,"esp"),$D3); - &movdqa (&QWP(16*4,"esp"),$D4); - - ################################################################ - # d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 - # d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 - # d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - # d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 - # d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 - - &pmuludq ($D0,$T1); # h4*r0 - &pmuludq ($D1,$T1); # h3*r0 - &pmuludq ($D2,$T1); # h2*r0 - &movd ($T0,&DWP(16*1+12,"edi")); # r1 - &pmuludq ($D3,$T1); # h1*r0 - &pmuludq ($D4,$T1); # h0*r0 - - &pmuladd (sub { my ($reg,$i)=@_; - &movd ($reg,&DWP(16*$i+12,"edi")); - }); - - &lazy_reduction (); - - &sub ("ecx",16); - &jz (&label("done")); - -&set_label("even"); - &lea ("edx",&DWP(16*(5+5+5+9),"esp"));# size optimization - &lea ("eax",&DWP(-16*2,"esi")); - &sub ("ecx",64); - - ################################################################ - # expand and copy pre-calculated table to stack - - &movdqu ($T0,&QWP(16*0,"edi")); # r^1:r^2:r^3:r^4 - &pshufd ($T1,$T0,0b01000100); # duplicate r^3:r^4 - &cmovb ("esi","eax"); - &pshufd ($T0,$T0,0b11101110); # duplicate r^1:r^2 - &movdqa (&QWP(16*0,"edx"),$T1); - &lea ("eax",&DWP(16*10,"esp")); - &movdqu ($T1,&QWP(16*1,"edi")); - &movdqa (&QWP(16*(0-9),"edx"),$T0); - &pshufd ($T0,$T1,0b01000100); - &pshufd ($T1,$T1,0b11101110); - &movdqa (&QWP(16*1,"edx"),$T0); - &movdqu ($T0,&QWP(16*2,"edi")); - &movdqa (&QWP(16*(1-9),"edx"),$T1); - &pshufd ($T1,$T0,0b01000100); - &pshufd ($T0,$T0,0b11101110); - &movdqa (&QWP(16*2,"edx"),$T1); - &movdqu ($T1,&QWP(16*3,"edi")); - &movdqa (&QWP(16*(2-9),"edx"),$T0); - &pshufd ($T0,$T1,0b01000100); - &pshufd ($T1,$T1,0b11101110); - &movdqa (&QWP(16*3,"edx"),$T0); - &movdqu ($T0,&QWP(16*4,"edi")); - &movdqa (&QWP(16*(3-9),"edx"),$T1); - &pshufd ($T1,$T0,0b01000100); - &pshufd ($T0,$T0,0b11101110); - &movdqa (&QWP(16*4,"edx"),$T1); - &movdqu ($T1,&QWP(16*5,"edi")); - &movdqa (&QWP(16*(4-9),"edx"),$T0); - &pshufd ($T0,$T1,0b01000100); - &pshufd ($T1,$T1,0b11101110); - &movdqa (&QWP(16*5,"edx"),$T0); - &movdqu ($T0,&QWP(16*6,"edi")); - &movdqa (&QWP(16*(5-9),"edx"),$T1); - &pshufd ($T1,$T0,0b01000100); - &pshufd ($T0,$T0,0b11101110); - &movdqa (&QWP(16*6,"edx"),$T1); - &movdqu ($T1,&QWP(16*7,"edi")); - &movdqa (&QWP(16*(6-9),"edx"),$T0); - &pshufd ($T0,$T1,0b01000100); - &pshufd ($T1,$T1,0b11101110); - &movdqa (&QWP(16*7,"edx"),$T0); - &movdqu ($T0,&QWP(16*8,"edi")); - &movdqa (&QWP(16*(7-9),"edx"),$T1); - &pshufd ($T1,$T0,0b01000100); - &pshufd ($T0,$T0,0b11101110); - &movdqa (&QWP(16*8,"edx"),$T1); - &movdqa (&QWP(16*(8-9),"edx"),$T0); - -sub load_input { -my ($inpbase,$offbase)=@_; - - &movdqu ($T0,&QWP($inpbase+0,"esi")); # load input - &movdqu ($T1,&QWP($inpbase+16,"esi")); - &lea ("esi",&DWP(16*2,"esi")); - - &movdqa (&QWP($offbase+16*2,"esp"),$D2); - &movdqa (&QWP($offbase+16*3,"esp"),$D3); - &movdqa (&QWP($offbase+16*4,"esp"),$D4); - - &movdqa ($D2,$T0); # splat input - &movdqa ($D3,$T1); - &psrldq ($D2,6); - &psrldq ($D3,6); - &movdqa ($D4,$T0); - &punpcklqdq ($D2,$D3); # 2:3 - &punpckhqdq ($D4,$T1); # 4 - &punpcklqdq ($T0,$T1); # 0:1 - - &movdqa ($D3,$D2); - &psrlq ($D2,4); - &psrlq ($D3,30); - &movdqa ($T1,$T0); - &psrlq ($D4,40); # 4 - &psrlq ($T1,26); - &pand ($T0,$MASK); # 0 - &pand ($T1,$MASK); # 1 - &pand ($D2,$MASK); # 2 - &pand ($D3,$MASK); # 3 - &por ($D4,&QWP(0,"ebx")); # padbit, yes, always - - &movdqa (&QWP($offbase+16*0,"esp"),$D0) if ($offbase); - &movdqa (&QWP($offbase+16*1,"esp"),$D1) if ($offbase); -} - &load_input (16*2,16*5); - - &jbe (&label("skip_loop")); - &jmp (&label("loop")); - -&set_label("loop",32); - ################################################################ - # ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2 - # ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r - # \___________________/ - # ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2+inp[8])*r^2 - # ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^4+inp[7]*r^2+inp[9])*r - # \___________________/ \____________________/ - ################################################################ - - &movdqa ($T2,&QWP(16*(0-9),"edx")); # r0^2 - &movdqa (&QWP(16*1,"eax"),$T1); - &movdqa (&QWP(16*2,"eax"),$D2); - &movdqa (&QWP(16*3,"eax"),$D3); - &movdqa (&QWP(16*4,"eax"),$D4); - - ################################################################ - # d4 = h4*r0 + h0*r4 + h1*r3 + h2*r2 + h3*r1 - # d3 = h3*r0 + h0*r3 + h1*r2 + h2*r1 + h4*5*r4 - # d2 = h2*r0 + h0*r2 + h1*r1 + h3*5*r4 + h4*5*r3 - # d1 = h1*r0 + h0*r1 + h2*5*r4 + h3*5*r3 + h4*5*r2 - # d0 = h0*r0 + h1*5*r4 + h2*5*r3 + h3*5*r2 + h4*5*r1 - - &movdqa ($D1,$T0); - &pmuludq ($T0,$T2); # h0*r0 - &movdqa ($D0,$T1); - &pmuludq ($T1,$T2); # h1*r0 - &pmuludq ($D2,$T2); # h2*r0 - &pmuludq ($D3,$T2); # h3*r0 - &pmuludq ($D4,$T2); # h4*r0 - -sub pmuladd_alt { -my $addr = shift; - - &pmuludq ($D0,&$addr(8)); # h1*s4 - &movdqa ($T2,$D1); - &pmuludq ($D1,&$addr(1)); # h0*r1 - &paddq ($D0,$T0); - &movdqa ($T0,$T2); - &pmuludq ($T2,&$addr(2)); # h0*r2 - &paddq ($D1,$T1); - &movdqa ($T1,$T0); - &pmuludq ($T0,&$addr(3)); # h0*r3 - &paddq ($D2,$T2); - &movdqa ($T2,&QWP(16*1,"eax")); # pull h1 - &pmuludq ($T1,&$addr(4)); # h0*r4 - &paddq ($D3,$T0); - - &movdqa ($T0,$T2); - &pmuludq ($T2,&$addr(1)); # h1*r1 - &paddq ($D4,$T1); - &movdqa ($T1,$T0); - &pmuludq ($T0,&$addr(2)); # h1*r2 - &paddq ($D2,$T2); - &movdqa ($T2,&QWP(16*2,"eax")); # pull h2 - &pmuludq ($T1,&$addr(3)); # h1*r3 - &paddq ($D3,$T0); - &movdqa ($T0,$T2); - &pmuludq ($T2,&$addr(7)); # h2*s3 - &paddq ($D4,$T1); - &movdqa ($T1,$T0); - &pmuludq ($T0,&$addr(8)); # h2*s4 - &paddq ($D0,$T2); - - &movdqa ($T2,$T1); - &pmuludq ($T1,&$addr(1)); # h2*r1 - &paddq ($D1,$T0); - &movdqa ($T0,&QWP(16*3,"eax")); # pull h3 - &pmuludq ($T2,&$addr(2)); # h2*r2 - &paddq ($D3,$T1); - &movdqa ($T1,$T0); - &pmuludq ($T0,&$addr(6)); # h3*s2 - &paddq ($D4,$T2); - &movdqa ($T2,$T1); - &pmuludq ($T1,&$addr(7)); # h3*s3 - &paddq ($D0,$T0); - &movdqa ($T0,$T2); - &pmuludq ($T2,&$addr(8)); # h3*s4 - &paddq ($D1,$T1); - - &movdqa ($T1,&QWP(16*4,"eax")); # pull h4 - &pmuludq ($T0,&$addr(1)); # h3*r1 - &paddq ($D2,$T2); - &movdqa ($T2,$T1); - &pmuludq ($T1,&$addr(8)); # h4*s4 - &paddq ($D4,$T0); - &movdqa ($T0,$T2); - &pmuludq ($T2,&$addr(5)); # h4*s1 - &paddq ($D3,$T1); - &movdqa ($T1,$T0); - &pmuludq ($T0,&$addr(6)); # h4*s2 - &paddq ($D0,$T2); - &movdqa ($MASK,&QWP(64,"ebx")); - &pmuludq ($T1,&$addr(7)); # h4*s3 - &paddq ($D1,$T0); - &paddq ($D2,$T1); -} - &pmuladd_alt (sub { my $i=shift; &QWP(16*($i-9),"edx"); }); - - &load_input (-16*2,0); - &lea ("eax",&DWP(-16*2,"esi")); - &sub ("ecx",64); - - &paddd ($T0,&QWP(16*(5+0),"esp")); # add hash value - &paddd ($T1,&QWP(16*(5+1),"esp")); - &paddd ($D2,&QWP(16*(5+2),"esp")); - &paddd ($D3,&QWP(16*(5+3),"esp")); - &paddd ($D4,&QWP(16*(5+4),"esp")); - - &cmovb ("esi","eax"); - &lea ("eax",&DWP(16*10,"esp")); - - &movdqa ($T2,&QWP(16*0,"edx")); # r0^4 - &movdqa (&QWP(16*1,"esp"),$D1); - &movdqa (&QWP(16*1,"eax"),$T1); - &movdqa (&QWP(16*2,"eax"),$D2); - &movdqa (&QWP(16*3,"eax"),$D3); - &movdqa (&QWP(16*4,"eax"),$D4); - - ################################################################ - # d4 += h4*r0 + h0*r4 + h1*r3 + h2*r2 + h3*r1 - # d3 += h3*r0 + h0*r3 + h1*r2 + h2*r1 + h4*5*r4 - # d2 += h2*r0 + h0*r2 + h1*r1 + h3*5*r4 + h4*5*r3 - # d1 += h1*r0 + h0*r1 + h2*5*r4 + h3*5*r3 + h4*5*r2 - # d0 += h0*r0 + h1*5*r4 + h2*5*r3 + h3*5*r2 + h4*5*r1 - - &movdqa ($D1,$T0); - &pmuludq ($T0,$T2); # h0*r0 - &paddq ($T0,$D0); - &movdqa ($D0,$T1); - &pmuludq ($T1,$T2); # h1*r0 - &pmuludq ($D2,$T2); # h2*r0 - &pmuludq ($D3,$T2); # h3*r0 - &pmuludq ($D4,$T2); # h4*r0 - - &paddq ($T1,&QWP(16*1,"esp")); - &paddq ($D2,&QWP(16*2,"esp")); - &paddq ($D3,&QWP(16*3,"esp")); - &paddq ($D4,&QWP(16*4,"esp")); - - &pmuladd_alt (sub { my $i=shift; &QWP(16*$i,"edx"); }); - - &lazy_reduction (); - - &load_input (16*2,16*5); - - &ja (&label("loop")); - -&set_label("skip_loop"); - ################################################################ - # multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1 - - &pshufd ($T2,&QWP(16*(0-9),"edx"),0x10);# r0^n - &add ("ecx",32); - &jnz (&label("long_tail")); - - &paddd ($T0,$D0); # add hash value - &paddd ($T1,$D1); - &paddd ($D2,&QWP(16*7,"esp")); - &paddd ($D3,&QWP(16*8,"esp")); - &paddd ($D4,&QWP(16*9,"esp")); - -&set_label("long_tail"); - - &movdqa (&QWP(16*0,"eax"),$T0); - &movdqa (&QWP(16*1,"eax"),$T1); - &movdqa (&QWP(16*2,"eax"),$D2); - &movdqa (&QWP(16*3,"eax"),$D3); - &movdqa (&QWP(16*4,"eax"),$D4); - - ################################################################ - # d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 - # d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 - # d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - # d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 - # d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 - - &pmuludq ($T0,$T2); # h0*r0 - &pmuludq ($T1,$T2); # h1*r0 - &pmuludq ($D2,$T2); # h2*r0 - &movdqa ($D0,$T0); - &pshufd ($T0,&QWP(16*(1-9),"edx"),0x10);# r1^n - &pmuludq ($D3,$T2); # h3*r0 - &movdqa ($D1,$T1); - &pmuludq ($D4,$T2); # h4*r0 - - &pmuladd (sub { my ($reg,$i)=@_; - &pshufd ($reg,&QWP(16*($i-9),"edx"),0x10); - },"eax"); - - &jz (&label("short_tail")); - - &load_input (-16*2,0); - - &pshufd ($T2,&QWP(16*0,"edx"),0x10); # r0^n - &paddd ($T0,&QWP(16*5,"esp")); # add hash value - &paddd ($T1,&QWP(16*6,"esp")); - &paddd ($D2,&QWP(16*7,"esp")); - &paddd ($D3,&QWP(16*8,"esp")); - &paddd ($D4,&QWP(16*9,"esp")); - - ################################################################ - # multiply inp[0:1] by r^4:r^3 and accumulate - - &movdqa (&QWP(16*0,"esp"),$T0); - &pmuludq ($T0,$T2); # h0*r0 - &movdqa (&QWP(16*1,"esp"),$T1); - &pmuludq ($T1,$T2); # h1*r0 - &paddq ($D0,$T0); - &movdqa ($T0,$D2); - &pmuludq ($D2,$T2); # h2*r0 - &paddq ($D1,$T1); - &movdqa ($T1,$D3); - &pmuludq ($D3,$T2); # h3*r0 - &paddq ($D2,&QWP(16*2,"esp")); - &movdqa (&QWP(16*2,"esp"),$T0); - &pshufd ($T0,&QWP(16*1,"edx"),0x10); # r1^n - &paddq ($D3,&QWP(16*3,"esp")); - &movdqa (&QWP(16*3,"esp"),$T1); - &movdqa ($T1,$D4); - &pmuludq ($D4,$T2); # h4*r0 - &paddq ($D4,&QWP(16*4,"esp")); - &movdqa (&QWP(16*4,"esp"),$T1); - - &pmuladd (sub { my ($reg,$i)=@_; - &pshufd ($reg,&QWP(16*$i,"edx"),0x10); - }); - -&set_label("short_tail"); - - ################################################################ - # horizontal addition - - &pshufd ($T1,$D4,0b01001110); - &pshufd ($T0,$D3,0b01001110); - &paddq ($D4,$T1); - &paddq ($D3,$T0); - &pshufd ($T1,$D0,0b01001110); - &pshufd ($T0,$D1,0b01001110); - &paddq ($D0,$T1); - &paddq ($D1,$T0); - &pshufd ($T1,$D2,0b01001110); - #&paddq ($D2,$T1); - - &lazy_reduction (sub { &paddq ($D2,$T1) }); - -&set_label("done"); - &movd (&DWP(-16*3+4*0,"edi"),$D0); # store hash value - &movd (&DWP(-16*3+4*1,"edi"),$D1); - &movd (&DWP(-16*3+4*2,"edi"),$D2); - &movd (&DWP(-16*3+4*3,"edi"),$D3); - &movd (&DWP(-16*3+4*4,"edi"),$D4); - &mov ("esp","ebp"); -&set_label("nodata"); -&function_end("_poly1305_blocks_sse2"); - -&align (32); -&function_begin("_poly1305_emit_sse2"); - &mov ("ebp",&wparam(0)); # context - - &cmp (&DWP(4*5,"ebp"),0); # is_base2_26? - &je (&label("enter_emit")); - - &mov ("eax",&DWP(4*0,"ebp")); # load hash value - &mov ("edi",&DWP(4*1,"ebp")); - &mov ("ecx",&DWP(4*2,"ebp")); - &mov ("edx",&DWP(4*3,"ebp")); - &mov ("esi",&DWP(4*4,"ebp")); - - &mov ("ebx","edi"); # base 2^26 -> base 2^32 - &shl ("edi",26); - &shr ("ebx",6); - &add ("eax","edi"); - &mov ("edi","ecx"); - &adc ("ebx",0); - - &shl ("edi",20); - &shr ("ecx",12); - &add ("ebx","edi"); - &mov ("edi","edx"); - &adc ("ecx",0); - - &shl ("edi",14); - &shr ("edx",18); - &add ("ecx","edi"); - &mov ("edi","esi"); - &adc ("edx",0); - - &shl ("edi",8); - &shr ("esi",24); - &add ("edx","edi"); - &adc ("esi",0); # can be partially reduced - - &mov ("edi","esi"); # final reduction - &and ("esi",3); - &shr ("edi",2); - &lea ("ebp",&DWP(0,"edi","edi",4)); # *5 - &mov ("edi",&wparam(1)); # output - &add ("eax","ebp"); - &mov ("ebp",&wparam(2)); # key - &adc ("ebx",0); - &adc ("ecx",0); - &adc ("edx",0); - &adc ("esi",0); - - &movd ($D0,"eax"); # offload original hash value - &add ("eax",5); # compare to modulus - &movd ($D1,"ebx"); - &adc ("ebx",0); - &movd ($D2,"ecx"); - &adc ("ecx",0); - &movd ($D3,"edx"); - &adc ("edx",0); - &adc ("esi",0); - &shr ("esi",2); # did it carry/borrow? - - &neg ("esi"); # do we choose (hash-modulus) ... - &and ("eax","esi"); - &and ("ebx","esi"); - &and ("ecx","esi"); - &and ("edx","esi"); - &mov (&DWP(4*0,"edi"),"eax"); - &movd ("eax",$D0); - &mov (&DWP(4*1,"edi"),"ebx"); - &movd ("ebx",$D1); - &mov (&DWP(4*2,"edi"),"ecx"); - &movd ("ecx",$D2); - &mov (&DWP(4*3,"edi"),"edx"); - &movd ("edx",$D3); - - ¬ ("esi"); # ... or original hash value? - &and ("eax","esi"); - &and ("ebx","esi"); - &or ("eax",&DWP(4*0,"edi")); - &and ("ecx","esi"); - &or ("ebx",&DWP(4*1,"edi")); - &and ("edx","esi"); - &or ("ecx",&DWP(4*2,"edi")); - &or ("edx",&DWP(4*3,"edi")); - - &add ("eax",&DWP(4*0,"ebp")); # accumulate key - &adc ("ebx",&DWP(4*1,"ebp")); - &mov (&DWP(4*0,"edi"),"eax"); - &adc ("ecx",&DWP(4*2,"ebp")); - &mov (&DWP(4*1,"edi"),"ebx"); - &adc ("edx",&DWP(4*3,"ebp")); - &mov (&DWP(4*2,"edi"),"ecx"); - &mov (&DWP(4*3,"edi"),"edx"); -&function_end("_poly1305_emit_sse2"); - -# The AVX2 code was removed. - -&set_label("const_sse2",64); - &data_word(1<<24,0, 1<<24,0, 1<<24,0, 1<<24,0); - &data_word(0,0, 0,0, 0,0, 0,0); - &data_word(0x03ffffff,0,0x03ffffff,0, 0x03ffffff,0, 0x03ffffff,0); - &data_word(0x0fffffff,0x0ffffffc,0x0ffffffc,0x0ffffffc); -} -&asciz ("Poly1305 for x86, CRYPTOGAMS by "); -&align (4); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT"; diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl deleted file mode 100755 index d1b547084a..0000000000 --- a/crypto/poly1305/asm/poly1305-x86_64.pl +++ /dev/null @@ -1,2243 +0,0 @@ -#!/usr/bin/env perl -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# This module implements Poly1305 hash for x86_64. -# -# March 2015 -# -# Numbers are cycles per processed byte with poly1305_blocks alone, -# measured with rdtsc at fixed clock frequency. -# -# IALU/gcc-4.8(*) AVX(**) AVX2 -# P4 4.46/+120% - -# Core 2 2.41/+90% - -# Westmere 1.88/+120% - -# Sandy Bridge 1.39/+140% 1.10 -# Haswell 1.14/+175% 1.11 0.65 -# Skylake 1.13/+120% 0.96 0.51 -# Silvermont 2.83/+95% - -# VIA Nano 1.82/+150% - -# Sledgehammer 1.38/+160% - -# Bulldozer 2.30/+130% 0.97 -# -# (*) improvement coefficients relative to clang are more modest and -# are ~50% on most processors, in both cases we are comparing to -# __int128 code; -# (**) SSE2 implementation was attempted, but among non-AVX processors -# it was faster than integer-only code only on older Intel P4 and -# Core processors, 50-30%, less newer processor is, but slower on -# contemporary ones, for example almost 2x slower on Atom, and as -# former are naturally disappearing, SSE2 is deemed unnecessary; - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -$avx = 2; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; -*STDOUT=*OUT; - -my ($ctx,$inp,$len,$padbit)=("%rdi","%rsi","%rdx","%rcx"); -my ($mac,$nonce)=($inp,$len); # *_emit arguments -my ($d1,$d2,$d3, $r0,$r1,$s1)=map("%r$_",(8..13)); -my ($h0,$h1,$h2)=("%r14","%rbx","%rbp"); - -sub poly1305_iteration { -# input: copy of $r1 in %rax, $h0-$h2, $r0-$r1 -# output: $h0-$h2 *= $r0-$r1 -$code.=<<___; - mulq $h0 # h0*r1 - mov %rax,$d2 - mov $r0,%rax - mov %rdx,$d3 - - mulq $h0 # h0*r0 - mov %rax,$h0 # future $h0 - mov $r0,%rax - mov %rdx,$d1 - - mulq $h1 # h1*r0 - add %rax,$d2 - mov $s1,%rax - adc %rdx,$d3 - - mulq $h1 # h1*s1 - mov $h2,$h1 # borrow $h1 - add %rax,$h0 - adc %rdx,$d1 - - imulq $s1,$h1 # h2*s1 - add $h1,$d2 - mov $d1,$h1 - adc \$0,$d3 - - imulq $r0,$h2 # h2*r0 - add $d2,$h1 - mov \$-4,%rax # mask value - adc $h2,$d3 - - and $d3,%rax # last reduction step - mov $d3,$h2 - shr \$2,$d3 - and \$3,$h2 - add $d3,%rax - add %rax,$h0 - adc \$0,$h1 - adc \$0,$h2 -___ -} - -######################################################################## -# Layout of opaque area is following. -# -# unsigned __int64 h[3]; # current hash value base 2^64 -# unsigned __int64 r[2]; # key value base 2^64 - -$code.=<<___; -.text - -.extern GFp_ia32cap_P - -.globl GFp_poly1305_init_asm -.hidden GFp_poly1305_init_asm -.globl GFp_poly1305_blocks -.hidden GFp_poly1305_blocks -.globl GFp_poly1305_emit -.hidden GFp_poly1305_emit - -.type GFp_poly1305_init_asm,\@function,3 -.align 32 -GFp_poly1305_init_asm: - xor %rax,%rax - mov %rax,0($ctx) # initialize hash value - mov %rax,8($ctx) - mov %rax,16($ctx) - - cmp \$0,$inp - je .Lno_key - - lea GFp_poly1305_blocks(%rip),%r10 - lea GFp_poly1305_emit(%rip),%r11 -___ -$code.=<<___ if ($avx); - mov GFp_ia32cap_P+4(%rip),%r9 - lea poly1305_blocks_avx(%rip),%rax - lea poly1305_emit_avx(%rip),%rcx - bt \$`60-32`,%r9 # AVX? - cmovc %rax,%r10 - cmovc %rcx,%r11 -___ -$code.=<<___ if ($avx>1); - lea poly1305_blocks_avx2(%rip),%rax - bt \$`5+32`,%r9 # AVX2? - cmovc %rax,%r10 -___ -$code.=<<___; - mov \$0x0ffffffc0fffffff,%rax - mov \$0x0ffffffc0ffffffc,%rcx - and 0($inp),%rax - and 8($inp),%rcx - mov %rax,24($ctx) - mov %rcx,32($ctx) -___ -$code.=<<___ if ($flavour !~ /elf32/); - mov %r10,0(%rdx) - mov %r11,8(%rdx) -___ -$code.=<<___ if ($flavour =~ /elf32/); - mov %r10d,0(%rdx) - mov %r11d,4(%rdx) -___ -$code.=<<___; - mov \$1,%eax -.Lno_key: - ret -.size GFp_poly1305_init_asm,.-GFp_poly1305_init_asm - -.type GFp_poly1305_blocks,\@function,4 -.align 32 -GFp_poly1305_blocks: -.Lblocks: - shr \$4,$len - jz .Lno_data # too short - - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 -.Lblocks_body: - - mov $len,%r15 # reassign $len - - mov 24($ctx),$r0 # load r - mov 32($ctx),$s1 - - mov 0($ctx),$h0 # load hash value - mov 8($ctx),$h1 - mov 16($ctx),$h2 - - mov $s1,$r1 - shr \$2,$s1 - mov $r1,%rax - add $r1,$s1 # s1 = r1 + (r1 >> 2) - jmp .Loop - -.align 32 -.Loop: - add 0($inp),$h0 # accumulate input - adc 8($inp),$h1 - lea 16($inp),$inp - adc $padbit,$h2 -___ - &poly1305_iteration(); -$code.=<<___; - mov $r1,%rax - dec %r15 # len-=16 - jnz .Loop - - mov $h0,0($ctx) # store hash value - mov $h1,8($ctx) - mov $h2,16($ctx) - - mov 0(%rsp),%r15 - mov 8(%rsp),%r14 - mov 16(%rsp),%r13 - mov 24(%rsp),%r12 - mov 32(%rsp),%rbp - mov 40(%rsp),%rbx - lea 48(%rsp),%rsp -.Lno_data: -.Lblocks_epilogue: - ret -.size GFp_poly1305_blocks,.-GFp_poly1305_blocks - -.type GFp_poly1305_emit,\@function,3 -.align 32 -GFp_poly1305_emit: -.Lemit: - mov 0($ctx),%r8 # load hash value - mov 8($ctx),%r9 - mov 16($ctx),%r10 - - mov %r8,%rax - add \$5,%r8 # compare to modulus - mov %r9,%rcx - adc \$0,%r9 - adc \$0,%r10 - shr \$2,%r10 # did 130-bit value overfow? - cmovnz %r8,%rax - cmovnz %r9,%rcx - - add 0($nonce),%rax # accumulate nonce - adc 8($nonce),%rcx - mov %rax,0($mac) # write result - mov %rcx,8($mac) - - ret -.size GFp_poly1305_emit,.-GFp_poly1305_emit -___ -if ($avx) { - -######################################################################## -# Layout of opaque area is following. -# -# unsigned __int32 h[5]; # current hash value base 2^26 -# unsigned __int32 is_base2_26; -# unsigned __int64 r[2]; # key value base 2^64 -# unsigned __int64 pad; -# struct { unsigned __int32 r^2, r^1, r^4, r^3; } r[9]; -# -# where r^n are base 2^26 digits of degrees of multiplier key. There are -# 5 digits, but last four are interleaved with multiples of 5, totalling -# in 9 elements: r0, r1, 5*r1, r2, 5*r2, r3, 5*r3, r4, 5*r4. - -my ($H0,$H1,$H2,$H3,$H4, $T0,$T1,$T2,$T3,$T4, $D0,$D1,$D2,$D3,$D4, $MASK) = - map("%xmm$_",(0..15)); - -$code.=<<___; -.type __poly1305_block,\@abi-omnipotent -.align 32 -__poly1305_block: -___ - &poly1305_iteration(); -$code.=<<___; - ret -.size __poly1305_block,.-__poly1305_block - -.type __poly1305_init_avx,\@abi-omnipotent -.align 32 -__poly1305_init_avx: - mov $r0,$h0 - mov $r1,$h1 - xor $h2,$h2 - - lea 48+64($ctx),$ctx # size optimization - - mov $r1,%rax - call __poly1305_block # r^2 - - mov \$0x3ffffff,%eax # save interleaved r^2 and r base 2^26 - mov \$0x3ffffff,%edx - mov $h0,$d1 - and $h0#d,%eax - mov $r0,$d2 - and $r0#d,%edx - mov %eax,`16*0+0-64`($ctx) - shr \$26,$d1 - mov %edx,`16*0+4-64`($ctx) - shr \$26,$d2 - - mov \$0x3ffffff,%eax - mov \$0x3ffffff,%edx - and $d1#d,%eax - and $d2#d,%edx - mov %eax,`16*1+0-64`($ctx) - lea (%rax,%rax,4),%eax # *5 - mov %edx,`16*1+4-64`($ctx) - lea (%rdx,%rdx,4),%edx # *5 - mov %eax,`16*2+0-64`($ctx) - shr \$26,$d1 - mov %edx,`16*2+4-64`($ctx) - shr \$26,$d2 - - mov $h1,%rax - mov $r1,%rdx - shl \$12,%rax - shl \$12,%rdx - or $d1,%rax - or $d2,%rdx - and \$0x3ffffff,%eax - and \$0x3ffffff,%edx - mov %eax,`16*3+0-64`($ctx) - lea (%rax,%rax,4),%eax # *5 - mov %edx,`16*3+4-64`($ctx) - lea (%rdx,%rdx,4),%edx # *5 - mov %eax,`16*4+0-64`($ctx) - mov $h1,$d1 - mov %edx,`16*4+4-64`($ctx) - mov $r1,$d2 - - mov \$0x3ffffff,%eax - mov \$0x3ffffff,%edx - shr \$14,$d1 - shr \$14,$d2 - and $d1#d,%eax - and $d2#d,%edx - mov %eax,`16*5+0-64`($ctx) - lea (%rax,%rax,4),%eax # *5 - mov %edx,`16*5+4-64`($ctx) - lea (%rdx,%rdx,4),%edx # *5 - mov %eax,`16*6+0-64`($ctx) - shr \$26,$d1 - mov %edx,`16*6+4-64`($ctx) - shr \$26,$d2 - - mov $h2,%rax - shl \$24,%rax - or %rax,$d1 - mov $d1#d,`16*7+0-64`($ctx) - lea ($d1,$d1,4),$d1 # *5 - mov $d2#d,`16*7+4-64`($ctx) - lea ($d2,$d2,4),$d2 # *5 - mov $d1#d,`16*8+0-64`($ctx) - mov $d2#d,`16*8+4-64`($ctx) - - mov $r1,%rax - call __poly1305_block # r^3 - - mov \$0x3ffffff,%eax # save r^3 base 2^26 - mov $h0,$d1 - and $h0#d,%eax - shr \$26,$d1 - mov %eax,`16*0+12-64`($ctx) - - mov \$0x3ffffff,%edx - and $d1#d,%edx - mov %edx,`16*1+12-64`($ctx) - lea (%rdx,%rdx,4),%edx # *5 - shr \$26,$d1 - mov %edx,`16*2+12-64`($ctx) - - mov $h1,%rax - shl \$12,%rax - or $d1,%rax - and \$0x3ffffff,%eax - mov %eax,`16*3+12-64`($ctx) - lea (%rax,%rax,4),%eax # *5 - mov $h1,$d1 - mov %eax,`16*4+12-64`($ctx) - - mov \$0x3ffffff,%edx - shr \$14,$d1 - and $d1#d,%edx - mov %edx,`16*5+12-64`($ctx) - lea (%rdx,%rdx,4),%edx # *5 - shr \$26,$d1 - mov %edx,`16*6+12-64`($ctx) - - mov $h2,%rax - shl \$24,%rax - or %rax,$d1 - mov $d1#d,`16*7+12-64`($ctx) - lea ($d1,$d1,4),$d1 # *5 - mov $d1#d,`16*8+12-64`($ctx) - - mov $r1,%rax - call __poly1305_block # r^4 - - mov \$0x3ffffff,%eax # save r^4 base 2^26 - mov $h0,$d1 - and $h0#d,%eax - shr \$26,$d1 - mov %eax,`16*0+8-64`($ctx) - - mov \$0x3ffffff,%edx - and $d1#d,%edx - mov %edx,`16*1+8-64`($ctx) - lea (%rdx,%rdx,4),%edx # *5 - shr \$26,$d1 - mov %edx,`16*2+8-64`($ctx) - - mov $h1,%rax - shl \$12,%rax - or $d1,%rax - and \$0x3ffffff,%eax - mov %eax,`16*3+8-64`($ctx) - lea (%rax,%rax,4),%eax # *5 - mov $h1,$d1 - mov %eax,`16*4+8-64`($ctx) - - mov \$0x3ffffff,%edx - shr \$14,$d1 - and $d1#d,%edx - mov %edx,`16*5+8-64`($ctx) - lea (%rdx,%rdx,4),%edx # *5 - shr \$26,$d1 - mov %edx,`16*6+8-64`($ctx) - - mov $h2,%rax - shl \$24,%rax - or %rax,$d1 - mov $d1#d,`16*7+8-64`($ctx) - lea ($d1,$d1,4),$d1 # *5 - mov $d1#d,`16*8+8-64`($ctx) - - lea -48-64($ctx),$ctx # size [de-]optimization - ret -.size __poly1305_init_avx,.-__poly1305_init_avx - -.type poly1305_blocks_avx,\@function,4 -.align 32 -poly1305_blocks_avx: - mov 20($ctx),%r8d # is_base2_26 - cmp \$128,$len - jae .Lblocks_avx - test %r8d,%r8d - jz .Lblocks - -.Lblocks_avx: - and \$-16,$len - jz .Lno_data_avx - - vzeroupper - - test %r8d,%r8d - jz .Lbase2_64_avx - - test \$31,$len - jz .Leven_avx - - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 -.Lblocks_avx_body: - - mov $len,%r15 # reassign $len - - mov 0($ctx),$d1 # load hash value - mov 8($ctx),$d2 - mov 16($ctx),$h2#d - - mov 24($ctx),$r0 # load r - mov 32($ctx),$s1 - - ################################# base 2^26 -> base 2^64 - mov $d1#d,$h0#d - and \$`-1*(1<<31)`,$d1 - mov $d2,$r1 # borrow $r1 - mov $d2#d,$h1#d - and \$`-1*(1<<31)`,$d2 - - shr \$6,$d1 - shl \$52,$r1 - add $d1,$h0 - shr \$12,$h1 - shr \$18,$d2 - add $r1,$h0 - adc $d2,$h1 - - mov $h2,$d1 - shl \$40,$d1 - shr \$24,$h2 - add $d1,$h1 - adc \$0,$h2 # can be partially reduced... - - mov \$-4,$d2 # ... so reduce - mov $h2,$d1 - and $h2,$d2 - shr \$2,$d1 - and \$3,$h2 - add $d2,$d1 # =*5 - add $d1,$h0 - adc \$0,$h1 - adc \$0,$h2 - - mov $s1,$r1 - mov $s1,%rax - shr \$2,$s1 - add $r1,$s1 # s1 = r1 + (r1 >> 2) - - add 0($inp),$h0 # accumulate input - adc 8($inp),$h1 - lea 16($inp),$inp - adc $padbit,$h2 - - call __poly1305_block - - test $padbit,$padbit # if $padbit is zero, - jz .Lstore_base2_64_avx # store hash in base 2^64 format - - ################################# base 2^64 -> base 2^26 - mov $h0,%rax - mov $h0,%rdx - shr \$52,$h0 - mov $h1,$r0 - mov $h1,$r1 - shr \$26,%rdx - and \$0x3ffffff,%rax # h[0] - shl \$12,$r0 - and \$0x3ffffff,%rdx # h[1] - shr \$14,$h1 - or $r0,$h0 - shl \$24,$h2 - and \$0x3ffffff,$h0 # h[2] - shr \$40,$r1 - and \$0x3ffffff,$h1 # h[3] - or $r1,$h2 # h[4] - - sub \$16,%r15 - jz .Lstore_base2_26_avx - - vmovd %rax#d,$H0 - vmovd %rdx#d,$H1 - vmovd $h0#d,$H2 - vmovd $h1#d,$H3 - vmovd $h2#d,$H4 - jmp .Lproceed_avx - -.align 32 -.Lstore_base2_64_avx: - mov $h0,0($ctx) - mov $h1,8($ctx) - mov $h2,16($ctx) # note that is_base2_26 is zeroed - jmp .Ldone_avx - -.align 16 -.Lstore_base2_26_avx: - mov %rax#d,0($ctx) # store hash value base 2^26 - mov %rdx#d,4($ctx) - mov $h0#d,8($ctx) - mov $h1#d,12($ctx) - mov $h2#d,16($ctx) -.align 16 -.Ldone_avx: - mov 0(%rsp),%r15 - mov 8(%rsp),%r14 - mov 16(%rsp),%r13 - mov 24(%rsp),%r12 - mov 32(%rsp),%rbp - mov 40(%rsp),%rbx - lea 48(%rsp),%rsp -.Lno_data_avx: -.Lblocks_avx_epilogue: - ret - -.align 32 -.Lbase2_64_avx: - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 -.Lbase2_64_avx_body: - - mov $len,%r15 # reassign $len - - mov 24($ctx),$r0 # load r - mov 32($ctx),$s1 - - mov 0($ctx),$h0 # load hash value - mov 8($ctx),$h1 - mov 16($ctx),$h2#d - - mov $s1,$r1 - mov $s1,%rax - shr \$2,$s1 - add $r1,$s1 # s1 = r1 + (r1 >> 2) - - test \$31,$len - jz .Linit_avx - - add 0($inp),$h0 # accumulate input - adc 8($inp),$h1 - lea 16($inp),$inp - adc $padbit,$h2 - sub \$16,%r15 - - call __poly1305_block - -.Linit_avx: - ################################# base 2^64 -> base 2^26 - mov $h0,%rax - mov $h0,%rdx - shr \$52,$h0 - mov $h1,$d1 - mov $h1,$d2 - shr \$26,%rdx - and \$0x3ffffff,%rax # h[0] - shl \$12,$d1 - and \$0x3ffffff,%rdx # h[1] - shr \$14,$h1 - or $d1,$h0 - shl \$24,$h2 - and \$0x3ffffff,$h0 # h[2] - shr \$40,$d2 - and \$0x3ffffff,$h1 # h[3] - or $d2,$h2 # h[4] - - vmovd %rax#d,$H0 - vmovd %rdx#d,$H1 - vmovd $h0#d,$H2 - vmovd $h1#d,$H3 - vmovd $h2#d,$H4 - movl \$1,20($ctx) # set is_base2_26 - - call __poly1305_init_avx - -.Lproceed_avx: - mov %r15,$len - - mov 0(%rsp),%r15 - mov 8(%rsp),%r14 - mov 16(%rsp),%r13 - mov 24(%rsp),%r12 - mov 32(%rsp),%rbp - mov 40(%rsp),%rbx - lea 48(%rsp),%rax - lea 48(%rsp),%rsp -.Lbase2_64_avx_epilogue: - jmp .Ldo_avx - -.align 32 -.Leven_avx: - vmovd 4*0($ctx),$H0 # load hash value - vmovd 4*1($ctx),$H1 - vmovd 4*2($ctx),$H2 - vmovd 4*3($ctx),$H3 - vmovd 4*4($ctx),$H4 - -.Ldo_avx: -___ -$code.=<<___ if (!$win64); - lea -0x58(%rsp),%r11 - sub \$0x178,%rsp -___ -$code.=<<___ if ($win64); - lea -0xf8(%rsp),%r11 - sub \$0x218,%rsp - vmovdqa %xmm6,0x50(%r11) - vmovdqa %xmm7,0x60(%r11) - vmovdqa %xmm8,0x70(%r11) - vmovdqa %xmm9,0x80(%r11) - vmovdqa %xmm10,0x90(%r11) - vmovdqa %xmm11,0xa0(%r11) - vmovdqa %xmm12,0xb0(%r11) - vmovdqa %xmm13,0xc0(%r11) - vmovdqa %xmm14,0xd0(%r11) - vmovdqa %xmm15,0xe0(%r11) -.Ldo_avx_body: -___ -$code.=<<___; - sub \$64,$len - lea -32($inp),%rax - cmovc %rax,$inp - - vmovdqu `16*3`($ctx),$D4 # preload r0^2 - lea `16*3+64`($ctx),$ctx # size optimization - lea .Lconst(%rip),%rcx - - ################################################################ - # load input - vmovdqu 16*2($inp),$T0 - vmovdqu 16*3($inp),$T1 - vmovdqa 64(%rcx),$MASK # .Lmask26 - - vpsrldq \$6,$T0,$T2 # splat input - vpsrldq \$6,$T1,$T3 - vpunpckhqdq $T1,$T0,$T4 # 4 - vpunpcklqdq $T1,$T0,$T0 # 0:1 - vpunpcklqdq $T3,$T2,$T3 # 2:3 - - vpsrlq \$40,$T4,$T4 # 4 - vpsrlq \$26,$T0,$T1 - vpand $MASK,$T0,$T0 # 0 - vpsrlq \$4,$T3,$T2 - vpand $MASK,$T1,$T1 # 1 - vpsrlq \$30,$T3,$T3 - vpand $MASK,$T2,$T2 # 2 - vpand $MASK,$T3,$T3 # 3 - vpor 32(%rcx),$T4,$T4 # padbit, yes, always - - jbe .Lskip_loop_avx - - # expand and copy pre-calculated table to stack - vmovdqu `16*1-64`($ctx),$D1 - vmovdqu `16*2-64`($ctx),$D2 - vpshufd \$0xEE,$D4,$D3 # 34xx -> 3434 - vpshufd \$0x44,$D4,$D0 # xx12 -> 1212 - vmovdqa $D3,-0x90(%r11) - vmovdqa $D0,0x00(%rsp) - vpshufd \$0xEE,$D1,$D4 - vmovdqu `16*3-64`($ctx),$D0 - vpshufd \$0x44,$D1,$D1 - vmovdqa $D4,-0x80(%r11) - vmovdqa $D1,0x10(%rsp) - vpshufd \$0xEE,$D2,$D3 - vmovdqu `16*4-64`($ctx),$D1 - vpshufd \$0x44,$D2,$D2 - vmovdqa $D3,-0x70(%r11) - vmovdqa $D2,0x20(%rsp) - vpshufd \$0xEE,$D0,$D4 - vmovdqu `16*5-64`($ctx),$D2 - vpshufd \$0x44,$D0,$D0 - vmovdqa $D4,-0x60(%r11) - vmovdqa $D0,0x30(%rsp) - vpshufd \$0xEE,$D1,$D3 - vmovdqu `16*6-64`($ctx),$D0 - vpshufd \$0x44,$D1,$D1 - vmovdqa $D3,-0x50(%r11) - vmovdqa $D1,0x40(%rsp) - vpshufd \$0xEE,$D2,$D4 - vmovdqu `16*7-64`($ctx),$D1 - vpshufd \$0x44,$D2,$D2 - vmovdqa $D4,-0x40(%r11) - vmovdqa $D2,0x50(%rsp) - vpshufd \$0xEE,$D0,$D3 - vmovdqu `16*8-64`($ctx),$D2 - vpshufd \$0x44,$D0,$D0 - vmovdqa $D3,-0x30(%r11) - vmovdqa $D0,0x60(%rsp) - vpshufd \$0xEE,$D1,$D4 - vpshufd \$0x44,$D1,$D1 - vmovdqa $D4,-0x20(%r11) - vmovdqa $D1,0x70(%rsp) - vpshufd \$0xEE,$D2,$D3 - vmovdqa 0x00(%rsp),$D4 # preload r0^2 - vpshufd \$0x44,$D2,$D2 - vmovdqa $D3,-0x10(%r11) - vmovdqa $D2,0x80(%rsp) - - jmp .Loop_avx - -.align 32 -.Loop_avx: - ################################################################ - # ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2 - # ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r - # \___________________/ - # ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2+inp[8])*r^2 - # ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^4+inp[7]*r^2+inp[9])*r - # \___________________/ \____________________/ - # - # Note that we start with inp[2:3]*r^2. This is because it - # doesn't depend on reduction in previous iteration. - ################################################################ - # d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 - # d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 - # d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - # d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 - # d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 - # - # though note that $Tx and $Hx are "reversed" in this section, - # and $D4 is preloaded with r0^2... - - vpmuludq $T0,$D4,$D0 # d0 = h0*r0 - vpmuludq $T1,$D4,$D1 # d1 = h1*r0 - vmovdqa $H2,0x20(%r11) # offload hash - vpmuludq $T2,$D4,$D2 # d3 = h2*r0 - vmovdqa 0x10(%rsp),$H2 # r1^2 - vpmuludq $T3,$D4,$D3 # d3 = h3*r0 - vpmuludq $T4,$D4,$D4 # d4 = h4*r0 - - vmovdqa $H0,0x00(%r11) # - vpmuludq 0x20(%rsp),$T4,$H0 # h4*s1 - vmovdqa $H1,0x10(%r11) # - vpmuludq $T3,$H2,$H1 # h3*r1 - vpaddq $H0,$D0,$D0 # d0 += h4*s1 - vpaddq $H1,$D4,$D4 # d4 += h3*r1 - vmovdqa $H3,0x30(%r11) # - vpmuludq $T2,$H2,$H0 # h2*r1 - vpmuludq $T1,$H2,$H1 # h1*r1 - vpaddq $H0,$D3,$D3 # d3 += h2*r1 - vmovdqa 0x30(%rsp),$H3 # r2^2 - vpaddq $H1,$D2,$D2 # d2 += h1*r1 - vmovdqa $H4,0x40(%r11) # - vpmuludq $T0,$H2,$H2 # h0*r1 - vpmuludq $T2,$H3,$H0 # h2*r2 - vpaddq $H2,$D1,$D1 # d1 += h0*r1 - - vmovdqa 0x40(%rsp),$H4 # s2^2 - vpaddq $H0,$D4,$D4 # d4 += h2*r2 - vpmuludq $T1,$H3,$H1 # h1*r2 - vpmuludq $T0,$H3,$H3 # h0*r2 - vpaddq $H1,$D3,$D3 # d3 += h1*r2 - vmovdqa 0x50(%rsp),$H2 # r3^2 - vpaddq $H3,$D2,$D2 # d2 += h0*r2 - vpmuludq $T4,$H4,$H0 # h4*s2 - vpmuludq $T3,$H4,$H4 # h3*s2 - vpaddq $H0,$D1,$D1 # d1 += h4*s2 - vmovdqa 0x60(%rsp),$H3 # s3^2 - vpaddq $H4,$D0,$D0 # d0 += h3*s2 - - vmovdqa 0x80(%rsp),$H4 # s4^2 - vpmuludq $T1,$H2,$H1 # h1*r3 - vpmuludq $T0,$H2,$H2 # h0*r3 - vpaddq $H1,$D4,$D4 # d4 += h1*r3 - vpaddq $H2,$D3,$D3 # d3 += h0*r3 - vpmuludq $T4,$H3,$H0 # h4*s3 - vpmuludq $T3,$H3,$H1 # h3*s3 - vpaddq $H0,$D2,$D2 # d2 += h4*s3 - vmovdqu 16*0($inp),$H0 # load input - vpaddq $H1,$D1,$D1 # d1 += h3*s3 - vpmuludq $T2,$H3,$H3 # h2*s3 - vpmuludq $T2,$H4,$T2 # h2*s4 - vpaddq $H3,$D0,$D0 # d0 += h2*s3 - - vmovdqu 16*1($inp),$H1 # - vpaddq $T2,$D1,$D1 # d1 += h2*s4 - vpmuludq $T3,$H4,$T3 # h3*s4 - vpmuludq $T4,$H4,$T4 # h4*s4 - vpsrldq \$6,$H0,$H2 # splat input - vpaddq $T3,$D2,$D2 # d2 += h3*s4 - vpaddq $T4,$D3,$D3 # d3 += h4*s4 - vpsrldq \$6,$H1,$H3 # - vpmuludq 0x70(%rsp),$T0,$T4 # h0*r4 - vpmuludq $T1,$H4,$T0 # h1*s4 - vpunpckhqdq $H1,$H0,$H4 # 4 - vpaddq $T4,$D4,$D4 # d4 += h0*r4 - vmovdqa -0x90(%r11),$T4 # r0^4 - vpaddq $T0,$D0,$D0 # d0 += h1*s4 - - vpunpcklqdq $H1,$H0,$H0 # 0:1 - vpunpcklqdq $H3,$H2,$H3 # 2:3 - - #vpsrlq \$40,$H4,$H4 # 4 - vpsrldq \$`40/8`,$H4,$H4 # 4 - vpsrlq \$26,$H0,$H1 - vpand $MASK,$H0,$H0 # 0 - vpsrlq \$4,$H3,$H2 - vpand $MASK,$H1,$H1 # 1 - vpand 0(%rcx),$H4,$H4 # .Lmask24 - vpsrlq \$30,$H3,$H3 - vpand $MASK,$H2,$H2 # 2 - vpand $MASK,$H3,$H3 # 3 - vpor 32(%rcx),$H4,$H4 # padbit, yes, always - - vpaddq 0x00(%r11),$H0,$H0 # add hash value - vpaddq 0x10(%r11),$H1,$H1 - vpaddq 0x20(%r11),$H2,$H2 - vpaddq 0x30(%r11),$H3,$H3 - vpaddq 0x40(%r11),$H4,$H4 - - lea 16*2($inp),%rax - lea 16*4($inp),$inp - sub \$64,$len - cmovc %rax,$inp - - ################################################################ - # Now we accumulate (inp[0:1]+hash)*r^4 - ################################################################ - # d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 - # d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 - # d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - # d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 - # d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 - - vpmuludq $H0,$T4,$T0 # h0*r0 - vpmuludq $H1,$T4,$T1 # h1*r0 - vpaddq $T0,$D0,$D0 - vpaddq $T1,$D1,$D1 - vmovdqa -0x80(%r11),$T2 # r1^4 - vpmuludq $H2,$T4,$T0 # h2*r0 - vpmuludq $H3,$T4,$T1 # h3*r0 - vpaddq $T0,$D2,$D2 - vpaddq $T1,$D3,$D3 - vpmuludq $H4,$T4,$T4 # h4*r0 - vpmuludq -0x70(%r11),$H4,$T0 # h4*s1 - vpaddq $T4,$D4,$D4 - - vpaddq $T0,$D0,$D0 # d0 += h4*s1 - vpmuludq $H2,$T2,$T1 # h2*r1 - vpmuludq $H3,$T2,$T0 # h3*r1 - vpaddq $T1,$D3,$D3 # d3 += h2*r1 - vmovdqa -0x60(%r11),$T3 # r2^4 - vpaddq $T0,$D4,$D4 # d4 += h3*r1 - vpmuludq $H1,$T2,$T1 # h1*r1 - vpmuludq $H0,$T2,$T2 # h0*r1 - vpaddq $T1,$D2,$D2 # d2 += h1*r1 - vpaddq $T2,$D1,$D1 # d1 += h0*r1 - - vmovdqa -0x50(%r11),$T4 # s2^4 - vpmuludq $H2,$T3,$T0 # h2*r2 - vpmuludq $H1,$T3,$T1 # h1*r2 - vpaddq $T0,$D4,$D4 # d4 += h2*r2 - vpaddq $T1,$D3,$D3 # d3 += h1*r2 - vmovdqa -0x40(%r11),$T2 # r3^4 - vpmuludq $H0,$T3,$T3 # h0*r2 - vpmuludq $H4,$T4,$T0 # h4*s2 - vpaddq $T3,$D2,$D2 # d2 += h0*r2 - vpaddq $T0,$D1,$D1 # d1 += h4*s2 - vmovdqa -0x30(%r11),$T3 # s3^4 - vpmuludq $H3,$T4,$T4 # h3*s2 - vpmuludq $H1,$T2,$T1 # h1*r3 - vpaddq $T4,$D0,$D0 # d0 += h3*s2 - - vmovdqa -0x10(%r11),$T4 # s4^4 - vpaddq $T1,$D4,$D4 # d4 += h1*r3 - vpmuludq $H0,$T2,$T2 # h0*r3 - vpmuludq $H4,$T3,$T0 # h4*s3 - vpaddq $T2,$D3,$D3 # d3 += h0*r3 - vpaddq $T0,$D2,$D2 # d2 += h4*s3 - vmovdqu 16*2($inp),$T0 # load input - vpmuludq $H3,$T3,$T2 # h3*s3 - vpmuludq $H2,$T3,$T3 # h2*s3 - vpaddq $T2,$D1,$D1 # d1 += h3*s3 - vmovdqu 16*3($inp),$T1 # - vpaddq $T3,$D0,$D0 # d0 += h2*s3 - - vpmuludq $H2,$T4,$H2 # h2*s4 - vpmuludq $H3,$T4,$H3 # h3*s4 - vpsrldq \$6,$T0,$T2 # splat input - vpaddq $H2,$D1,$D1 # d1 += h2*s4 - vpmuludq $H4,$T4,$H4 # h4*s4 - vpsrldq \$6,$T1,$T3 # - vpaddq $H3,$D2,$H2 # h2 = d2 + h3*s4 - vpaddq $H4,$D3,$H3 # h3 = d3 + h4*s4 - vpmuludq -0x20(%r11),$H0,$H4 # h0*r4 - vpmuludq $H1,$T4,$H0 - vpunpckhqdq $T1,$T0,$T4 # 4 - vpaddq $H4,$D4,$H4 # h4 = d4 + h0*r4 - vpaddq $H0,$D0,$H0 # h0 = d0 + h1*s4 - - vpunpcklqdq $T1,$T0,$T0 # 0:1 - vpunpcklqdq $T3,$T2,$T3 # 2:3 - - #vpsrlq \$40,$T4,$T4 # 4 - vpsrldq \$`40/8`,$T4,$T4 # 4 - vpsrlq \$26,$T0,$T1 - vmovdqa 0x00(%rsp),$D4 # preload r0^2 - vpand $MASK,$T0,$T0 # 0 - vpsrlq \$4,$T3,$T2 - vpand $MASK,$T1,$T1 # 1 - vpand 0(%rcx),$T4,$T4 # .Lmask24 - vpsrlq \$30,$T3,$T3 - vpand $MASK,$T2,$T2 # 2 - vpand $MASK,$T3,$T3 # 3 - vpor 32(%rcx),$T4,$T4 # padbit, yes, always - - ################################################################ - # lazy reduction as discussed in "NEON crypto" by D.J. Bernstein - # and P. Schwabe - - vpsrlq \$26,$H3,$D3 - vpand $MASK,$H3,$H3 - vpaddq $D3,$H4,$H4 # h3 -> h4 - - vpsrlq \$26,$H0,$D0 - vpand $MASK,$H0,$H0 - vpaddq $D0,$D1,$H1 # h0 -> h1 - - vpsrlq \$26,$H4,$D0 - vpand $MASK,$H4,$H4 - - vpsrlq \$26,$H1,$D1 - vpand $MASK,$H1,$H1 - vpaddq $D1,$H2,$H2 # h1 -> h2 - - vpaddq $D0,$H0,$H0 - vpsllq \$2,$D0,$D0 - vpaddq $D0,$H0,$H0 # h4 -> h0 - - vpsrlq \$26,$H2,$D2 - vpand $MASK,$H2,$H2 - vpaddq $D2,$H3,$H3 # h2 -> h3 - - vpsrlq \$26,$H0,$D0 - vpand $MASK,$H0,$H0 - vpaddq $D0,$H1,$H1 # h0 -> h1 - - vpsrlq \$26,$H3,$D3 - vpand $MASK,$H3,$H3 - vpaddq $D3,$H4,$H4 # h3 -> h4 - - ja .Loop_avx - -.Lskip_loop_avx: - ################################################################ - # multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1 - - vpshufd \$0x10,$D4,$D4 # r0^n, xx12 -> x1x2 - add \$32,$len - jnz .Long_tail_avx - - vpaddq $H2,$T2,$T2 - vpaddq $H0,$T0,$T0 - vpaddq $H1,$T1,$T1 - vpaddq $H3,$T3,$T3 - vpaddq $H4,$T4,$T4 - -.Long_tail_avx: - vmovdqa $H2,0x20(%r11) - vmovdqa $H0,0x00(%r11) - vmovdqa $H1,0x10(%r11) - vmovdqa $H3,0x30(%r11) - vmovdqa $H4,0x40(%r11) - - # d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 - # d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 - # d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - # d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 - # d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 - - vpmuludq $T2,$D4,$D2 # d2 = h2*r0 - vpmuludq $T0,$D4,$D0 # d0 = h0*r0 - vpshufd \$0x10,`16*1-64`($ctx),$H2 # r1^n - vpmuludq $T1,$D4,$D1 # d1 = h1*r0 - vpmuludq $T3,$D4,$D3 # d3 = h3*r0 - vpmuludq $T4,$D4,$D4 # d4 = h4*r0 - - vpmuludq $T3,$H2,$H0 # h3*r1 - vpaddq $H0,$D4,$D4 # d4 += h3*r1 - vpshufd \$0x10,`16*2-64`($ctx),$H3 # s1^n - vpmuludq $T2,$H2,$H1 # h2*r1 - vpaddq $H1,$D3,$D3 # d3 += h2*r1 - vpshufd \$0x10,`16*3-64`($ctx),$H4 # r2^n - vpmuludq $T1,$H2,$H0 # h1*r1 - vpaddq $H0,$D2,$D2 # d2 += h1*r1 - vpmuludq $T0,$H2,$H2 # h0*r1 - vpaddq $H2,$D1,$D1 # d1 += h0*r1 - vpmuludq $T4,$H3,$H3 # h4*s1 - vpaddq $H3,$D0,$D0 # d0 += h4*s1 - - vpshufd \$0x10,`16*4-64`($ctx),$H2 # s2^n - vpmuludq $T2,$H4,$H1 # h2*r2 - vpaddq $H1,$D4,$D4 # d4 += h2*r2 - vpmuludq $T1,$H4,$H0 # h1*r2 - vpaddq $H0,$D3,$D3 # d3 += h1*r2 - vpshufd \$0x10,`16*5-64`($ctx),$H3 # r3^n - vpmuludq $T0,$H4,$H4 # h0*r2 - vpaddq $H4,$D2,$D2 # d2 += h0*r2 - vpmuludq $T4,$H2,$H1 # h4*s2 - vpaddq $H1,$D1,$D1 # d1 += h4*s2 - vpshufd \$0x10,`16*6-64`($ctx),$H4 # s3^n - vpmuludq $T3,$H2,$H2 # h3*s2 - vpaddq $H2,$D0,$D0 # d0 += h3*s2 - - vpmuludq $T1,$H3,$H0 # h1*r3 - vpaddq $H0,$D4,$D4 # d4 += h1*r3 - vpmuludq $T0,$H3,$H3 # h0*r3 - vpaddq $H3,$D3,$D3 # d3 += h0*r3 - vpshufd \$0x10,`16*7-64`($ctx),$H2 # r4^n - vpmuludq $T4,$H4,$H1 # h4*s3 - vpaddq $H1,$D2,$D2 # d2 += h4*s3 - vpshufd \$0x10,`16*8-64`($ctx),$H3 # s4^n - vpmuludq $T3,$H4,$H0 # h3*s3 - vpaddq $H0,$D1,$D1 # d1 += h3*s3 - vpmuludq $T2,$H4,$H4 # h2*s3 - vpaddq $H4,$D0,$D0 # d0 += h2*s3 - - vpmuludq $T0,$H2,$H2 # h0*r4 - vpaddq $H2,$D4,$D4 # h4 = d4 + h0*r4 - vpmuludq $T4,$H3,$H1 # h4*s4 - vpaddq $H1,$D3,$D3 # h3 = d3 + h4*s4 - vpmuludq $T3,$H3,$H0 # h3*s4 - vpaddq $H0,$D2,$D2 # h2 = d2 + h3*s4 - vpmuludq $T2,$H3,$H1 # h2*s4 - vpaddq $H1,$D1,$D1 # h1 = d1 + h2*s4 - vpmuludq $T1,$H3,$H3 # h1*s4 - vpaddq $H3,$D0,$D0 # h0 = d0 + h1*s4 - - jz .Lshort_tail_avx - - vmovdqu 16*0($inp),$H0 # load input - vmovdqu 16*1($inp),$H1 - - vpsrldq \$6,$H0,$H2 # splat input - vpsrldq \$6,$H1,$H3 - vpunpckhqdq $H1,$H0,$H4 # 4 - vpunpcklqdq $H1,$H0,$H0 # 0:1 - vpunpcklqdq $H3,$H2,$H3 # 2:3 - - vpsrlq \$40,$H4,$H4 # 4 - vpsrlq \$26,$H0,$H1 - vpand $MASK,$H0,$H0 # 0 - vpsrlq \$4,$H3,$H2 - vpand $MASK,$H1,$H1 # 1 - vpsrlq \$30,$H3,$H3 - vpand $MASK,$H2,$H2 # 2 - vpand $MASK,$H3,$H3 # 3 - vpor 32(%rcx),$H4,$H4 # padbit, yes, always - - vpshufd \$0x32,`16*0-64`($ctx),$T4 # r0^n, 34xx -> x3x4 - vpaddq 0x00(%r11),$H0,$H0 - vpaddq 0x10(%r11),$H1,$H1 - vpaddq 0x20(%r11),$H2,$H2 - vpaddq 0x30(%r11),$H3,$H3 - vpaddq 0x40(%r11),$H4,$H4 - - ################################################################ - # multiply (inp[0:1]+hash) by r^4:r^3 and accumulate - - vpmuludq $H0,$T4,$T0 # h0*r0 - vpaddq $T0,$D0,$D0 # d0 += h0*r0 - vpmuludq $H1,$T4,$T1 # h1*r0 - vpaddq $T1,$D1,$D1 # d1 += h1*r0 - vpmuludq $H2,$T4,$T0 # h2*r0 - vpaddq $T0,$D2,$D2 # d2 += h2*r0 - vpshufd \$0x32,`16*1-64`($ctx),$T2 # r1^n - vpmuludq $H3,$T4,$T1 # h3*r0 - vpaddq $T1,$D3,$D3 # d3 += h3*r0 - vpmuludq $H4,$T4,$T4 # h4*r0 - vpaddq $T4,$D4,$D4 # d4 += h4*r0 - - vpmuludq $H3,$T2,$T0 # h3*r1 - vpaddq $T0,$D4,$D4 # d4 += h3*r1 - vpshufd \$0x32,`16*2-64`($ctx),$T3 # s1 - vpmuludq $H2,$T2,$T1 # h2*r1 - vpaddq $T1,$D3,$D3 # d3 += h2*r1 - vpshufd \$0x32,`16*3-64`($ctx),$T4 # r2 - vpmuludq $H1,$T2,$T0 # h1*r1 - vpaddq $T0,$D2,$D2 # d2 += h1*r1 - vpmuludq $H0,$T2,$T2 # h0*r1 - vpaddq $T2,$D1,$D1 # d1 += h0*r1 - vpmuludq $H4,$T3,$T3 # h4*s1 - vpaddq $T3,$D0,$D0 # d0 += h4*s1 - - vpshufd \$0x32,`16*4-64`($ctx),$T2 # s2 - vpmuludq $H2,$T4,$T1 # h2*r2 - vpaddq $T1,$D4,$D4 # d4 += h2*r2 - vpmuludq $H1,$T4,$T0 # h1*r2 - vpaddq $T0,$D3,$D3 # d3 += h1*r2 - vpshufd \$0x32,`16*5-64`($ctx),$T3 # r3 - vpmuludq $H0,$T4,$T4 # h0*r2 - vpaddq $T4,$D2,$D2 # d2 += h0*r2 - vpmuludq $H4,$T2,$T1 # h4*s2 - vpaddq $T1,$D1,$D1 # d1 += h4*s2 - vpshufd \$0x32,`16*6-64`($ctx),$T4 # s3 - vpmuludq $H3,$T2,$T2 # h3*s2 - vpaddq $T2,$D0,$D0 # d0 += h3*s2 - - vpmuludq $H1,$T3,$T0 # h1*r3 - vpaddq $T0,$D4,$D4 # d4 += h1*r3 - vpmuludq $H0,$T3,$T3 # h0*r3 - vpaddq $T3,$D3,$D3 # d3 += h0*r3 - vpshufd \$0x32,`16*7-64`($ctx),$T2 # r4 - vpmuludq $H4,$T4,$T1 # h4*s3 - vpaddq $T1,$D2,$D2 # d2 += h4*s3 - vpshufd \$0x32,`16*8-64`($ctx),$T3 # s4 - vpmuludq $H3,$T4,$T0 # h3*s3 - vpaddq $T0,$D1,$D1 # d1 += h3*s3 - vpmuludq $H2,$T4,$T4 # h2*s3 - vpaddq $T4,$D0,$D0 # d0 += h2*s3 - - vpmuludq $H0,$T2,$T2 # h0*r4 - vpaddq $T2,$D4,$D4 # d4 += h0*r4 - vpmuludq $H4,$T3,$T1 # h4*s4 - vpaddq $T1,$D3,$D3 # d3 += h4*s4 - vpmuludq $H3,$T3,$T0 # h3*s4 - vpaddq $T0,$D2,$D2 # d2 += h3*s4 - vpmuludq $H2,$T3,$T1 # h2*s4 - vpaddq $T1,$D1,$D1 # d1 += h2*s4 - vpmuludq $H1,$T3,$T3 # h1*s4 - vpaddq $T3,$D0,$D0 # d0 += h1*s4 - -.Lshort_tail_avx: - ################################################################ - # horizontal addition - - vpsrldq \$8,$D4,$T4 - vpsrldq \$8,$D3,$T3 - vpsrldq \$8,$D1,$T1 - vpsrldq \$8,$D0,$T0 - vpsrldq \$8,$D2,$T2 - vpaddq $T3,$D3,$D3 - vpaddq $T4,$D4,$D4 - vpaddq $T0,$D0,$D0 - vpaddq $T1,$D1,$D1 - vpaddq $T2,$D2,$D2 - - ################################################################ - # lazy reduction - - vpsrlq \$26,$D3,$H3 - vpand $MASK,$D3,$D3 - vpaddq $H3,$D4,$D4 # h3 -> h4 - - vpsrlq \$26,$D0,$H0 - vpand $MASK,$D0,$D0 - vpaddq $H0,$D1,$D1 # h0 -> h1 - - vpsrlq \$26,$D4,$H4 - vpand $MASK,$D4,$D4 - - vpsrlq \$26,$D1,$H1 - vpand $MASK,$D1,$D1 - vpaddq $H1,$D2,$D2 # h1 -> h2 - - vpaddq $H4,$D0,$D0 - vpsllq \$2,$H4,$H4 - vpaddq $H4,$D0,$D0 # h4 -> h0 - - vpsrlq \$26,$D2,$H2 - vpand $MASK,$D2,$D2 - vpaddq $H2,$D3,$D3 # h2 -> h3 - - vpsrlq \$26,$D0,$H0 - vpand $MASK,$D0,$D0 - vpaddq $H0,$D1,$D1 # h0 -> h1 - - vpsrlq \$26,$D3,$H3 - vpand $MASK,$D3,$D3 - vpaddq $H3,$D4,$D4 # h3 -> h4 - - vmovd $D0,`4*0-48-64`($ctx) # save partially reduced - vmovd $D1,`4*1-48-64`($ctx) - vmovd $D2,`4*2-48-64`($ctx) - vmovd $D3,`4*3-48-64`($ctx) - vmovd $D4,`4*4-48-64`($ctx) -___ -$code.=<<___ if ($win64); - vmovdqa 0x50(%r11),%xmm6 - vmovdqa 0x60(%r11),%xmm7 - vmovdqa 0x70(%r11),%xmm8 - vmovdqa 0x80(%r11),%xmm9 - vmovdqa 0x90(%r11),%xmm10 - vmovdqa 0xa0(%r11),%xmm11 - vmovdqa 0xb0(%r11),%xmm12 - vmovdqa 0xc0(%r11),%xmm13 - vmovdqa 0xd0(%r11),%xmm14 - vmovdqa 0xe0(%r11),%xmm15 - lea 0xf8(%r11),%rsp -.Ldo_avx_epilogue: -___ -$code.=<<___ if (!$win64); - lea 0x58(%r11),%rsp -___ -$code.=<<___; - vzeroupper - ret -.size poly1305_blocks_avx,.-poly1305_blocks_avx - -.type poly1305_emit_avx,\@function,3 -.align 32 -poly1305_emit_avx: - cmpl \$0,20($ctx) # is_base2_26? - je .Lemit - - mov 0($ctx),%eax # load hash value base 2^26 - mov 4($ctx),%ecx - mov 8($ctx),%r8d - mov 12($ctx),%r11d - mov 16($ctx),%r10d - - shl \$26,%rcx # base 2^26 -> base 2^64 - mov %r8,%r9 - shl \$52,%r8 - add %rcx,%rax - shr \$12,%r9 - add %rax,%r8 # h0 - adc \$0,%r9 - - shl \$14,%r11 - mov %r10,%rax - shr \$24,%r10 - add %r11,%r9 - shl \$40,%rax - add %rax,%r9 # h1 - adc \$0,%r10 # h2 - - mov %r10,%rax # could be partially reduced, so reduce - mov %r10,%rcx - and \$3,%r10 - shr \$2,%rax - and \$-4,%rcx - add %rcx,%rax - add %rax,%r8 - adc \$0,%r9 - adc \$0,%r10 - - mov %r8,%rax - add \$5,%r8 # compare to modulus - mov %r9,%rcx - adc \$0,%r9 - adc \$0,%r10 - shr \$2,%r10 # did 130-bit value overfow? - cmovnz %r8,%rax - cmovnz %r9,%rcx - - add 0($nonce),%rax # accumulate nonce - adc 8($nonce),%rcx - mov %rax,0($mac) # write result - mov %rcx,8($mac) - - ret -.size poly1305_emit_avx,.-poly1305_emit_avx -___ - -if ($avx>1) { -my ($H0,$H1,$H2,$H3,$H4, $MASK, $T4,$T0,$T1,$T2,$T3, $D0,$D1,$D2,$D3,$D4) = - map("%ymm$_",(0..15)); -my $S4=$MASK; - -$code.=<<___; -.type poly1305_blocks_avx2,\@function,4 -.align 32 -poly1305_blocks_avx2: - mov 20($ctx),%r8d # is_base2_26 - cmp \$128,$len - jae .Lblocks_avx2 - test %r8d,%r8d - jz .Lblocks - -.Lblocks_avx2: - and \$-16,$len - jz .Lno_data_avx2 - - vzeroupper - - test %r8d,%r8d - jz .Lbase2_64_avx2 - - test \$63,$len - jz .Leven_avx2 - - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 -.Lblocks_avx2_body: - - mov $len,%r15 # reassign $len - - mov 0($ctx),$d1 # load hash value - mov 8($ctx),$d2 - mov 16($ctx),$h2#d - - mov 24($ctx),$r0 # load r - mov 32($ctx),$s1 - - ################################# base 2^26 -> base 2^64 - mov $d1#d,$h0#d - and \$`-1*(1<<31)`,$d1 - mov $d2,$r1 # borrow $r1 - mov $d2#d,$h1#d - and \$`-1*(1<<31)`,$d2 - - shr \$6,$d1 - shl \$52,$r1 - add $d1,$h0 - shr \$12,$h1 - shr \$18,$d2 - add $r1,$h0 - adc $d2,$h1 - - mov $h2,$d1 - shl \$40,$d1 - shr \$24,$h2 - add $d1,$h1 - adc \$0,$h2 # can be partially reduced... - - mov \$-4,$d2 # ... so reduce - mov $h2,$d1 - and $h2,$d2 - shr \$2,$d1 - and \$3,$h2 - add $d2,$d1 # =*5 - add $d1,$h0 - adc \$0,$h1 - adc \$0,$h2 - - mov $s1,$r1 - mov $s1,%rax - shr \$2,$s1 - add $r1,$s1 # s1 = r1 + (r1 >> 2) - -.Lbase2_26_pre_avx2: - add 0($inp),$h0 # accumulate input - adc 8($inp),$h1 - lea 16($inp),$inp - adc $padbit,$h2 - sub \$16,%r15 - - call __poly1305_block - mov $r1,%rax - - test \$63,%r15 - jnz .Lbase2_26_pre_avx2 - - test $padbit,$padbit # if $padbit is zero, - jz .Lstore_base2_64_avx2 # store hash in base 2^64 format - - ################################# base 2^64 -> base 2^26 - mov $h0,%rax - mov $h0,%rdx - shr \$52,$h0 - mov $h1,$r0 - mov $h1,$r1 - shr \$26,%rdx - and \$0x3ffffff,%rax # h[0] - shl \$12,$r0 - and \$0x3ffffff,%rdx # h[1] - shr \$14,$h1 - or $r0,$h0 - shl \$24,$h2 - and \$0x3ffffff,$h0 # h[2] - shr \$40,$r1 - and \$0x3ffffff,$h1 # h[3] - or $r1,$h2 # h[4] - - test %r15,%r15 - jz .Lstore_base2_26_avx2 - - vmovd %rax#d,%x#$H0 - vmovd %rdx#d,%x#$H1 - vmovd $h0#d,%x#$H2 - vmovd $h1#d,%x#$H3 - vmovd $h2#d,%x#$H4 - jmp .Lproceed_avx2 - -.align 32 -.Lstore_base2_64_avx2: - mov $h0,0($ctx) - mov $h1,8($ctx) - mov $h2,16($ctx) # note that is_base2_26 is zeroed - jmp .Ldone_avx2 - -.align 16 -.Lstore_base2_26_avx2: - mov %rax#d,0($ctx) # store hash value base 2^26 - mov %rdx#d,4($ctx) - mov $h0#d,8($ctx) - mov $h1#d,12($ctx) - mov $h2#d,16($ctx) -.align 16 -.Ldone_avx2: - mov 0(%rsp),%r15 - mov 8(%rsp),%r14 - mov 16(%rsp),%r13 - mov 24(%rsp),%r12 - mov 32(%rsp),%rbp - mov 40(%rsp),%rbx - lea 48(%rsp),%rsp -.Lno_data_avx2: -.Lblocks_avx2_epilogue: - ret - -.align 32 -.Lbase2_64_avx2: - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 -.Lbase2_64_avx2_body: - - mov $len,%r15 # reassign $len - - mov 24($ctx),$r0 # load r - mov 32($ctx),$s1 - - mov 0($ctx),$h0 # load hash value - mov 8($ctx),$h1 - mov 16($ctx),$h2#d - - mov $s1,$r1 - mov $s1,%rax - shr \$2,$s1 - add $r1,$s1 # s1 = r1 + (r1 >> 2) - - test \$63,$len - jz .Linit_avx2 - -.Lbase2_64_pre_avx2: - add 0($inp),$h0 # accumulate input - adc 8($inp),$h1 - lea 16($inp),$inp - adc $padbit,$h2 - sub \$16,%r15 - - call __poly1305_block - mov $r1,%rax - - test \$63,%r15 - jnz .Lbase2_64_pre_avx2 - -.Linit_avx2: - ################################# base 2^64 -> base 2^26 - mov $h0,%rax - mov $h0,%rdx - shr \$52,$h0 - mov $h1,$d1 - mov $h1,$d2 - shr \$26,%rdx - and \$0x3ffffff,%rax # h[0] - shl \$12,$d1 - and \$0x3ffffff,%rdx # h[1] - shr \$14,$h1 - or $d1,$h0 - shl \$24,$h2 - and \$0x3ffffff,$h0 # h[2] - shr \$40,$d2 - and \$0x3ffffff,$h1 # h[3] - or $d2,$h2 # h[4] - - vmovd %rax#d,%x#$H0 - vmovd %rdx#d,%x#$H1 - vmovd $h0#d,%x#$H2 - vmovd $h1#d,%x#$H3 - vmovd $h2#d,%x#$H4 - movl \$1,20($ctx) # set is_base2_26 - - call __poly1305_init_avx - -.Lproceed_avx2: - mov %r15,$len - - mov 0(%rsp),%r15 - mov 8(%rsp),%r14 - mov 16(%rsp),%r13 - mov 24(%rsp),%r12 - mov 32(%rsp),%rbp - mov 40(%rsp),%rbx - lea 48(%rsp),%rax - lea 48(%rsp),%rsp -.Lbase2_64_avx2_epilogue: - jmp .Ldo_avx2 - -.align 32 -.Leven_avx2: - vmovd 4*0($ctx),%x#$H0 # load hash value base 2^26 - vmovd 4*1($ctx),%x#$H1 - vmovd 4*2($ctx),%x#$H2 - vmovd 4*3($ctx),%x#$H3 - vmovd 4*4($ctx),%x#$H4 - -.Ldo_avx2: -___ -$code.=<<___ if (!$win64); - lea -8(%rsp),%r11 - sub \$0x128,%rsp -___ -$code.=<<___ if ($win64); - lea -0xf8(%rsp),%r11 - sub \$0x1c8,%rsp - vmovdqa %xmm6,0x50(%r11) - vmovdqa %xmm7,0x60(%r11) - vmovdqa %xmm8,0x70(%r11) - vmovdqa %xmm9,0x80(%r11) - vmovdqa %xmm10,0x90(%r11) - vmovdqa %xmm11,0xa0(%r11) - vmovdqa %xmm12,0xb0(%r11) - vmovdqa %xmm13,0xc0(%r11) - vmovdqa %xmm14,0xd0(%r11) - vmovdqa %xmm15,0xe0(%r11) -.Ldo_avx2_body: -___ -$code.=<<___; - lea 48+64($ctx),$ctx # size optimization - lea .Lconst(%rip),%rcx - - # expand and copy pre-calculated table to stack - vmovdqu `16*0-64`($ctx),%x#$T2 - and \$-512,%rsp - vmovdqu `16*1-64`($ctx),%x#$T3 - vmovdqu `16*2-64`($ctx),%x#$T4 - vmovdqu `16*3-64`($ctx),%x#$D0 - vmovdqu `16*4-64`($ctx),%x#$D1 - vmovdqu `16*5-64`($ctx),%x#$D2 - vmovdqu `16*6-64`($ctx),%x#$D3 - vpermq \$0x15,$T2,$T2 # 00003412 -> 12343434 - vmovdqu `16*7-64`($ctx),%x#$D4 - vpermq \$0x15,$T3,$T3 - vpshufd \$0xc8,$T2,$T2 # 12343434 -> 14243444 - vmovdqu `16*8-64`($ctx),%x#$MASK - vpermq \$0x15,$T4,$T4 - vpshufd \$0xc8,$T3,$T3 - vmovdqa $T2,0x00(%rsp) - vpermq \$0x15,$D0,$D0 - vpshufd \$0xc8,$T4,$T4 - vmovdqa $T3,0x20(%rsp) - vpermq \$0x15,$D1,$D1 - vpshufd \$0xc8,$D0,$D0 - vmovdqa $T4,0x40(%rsp) - vpermq \$0x15,$D2,$D2 - vpshufd \$0xc8,$D1,$D1 - vmovdqa $D0,0x60(%rsp) - vpermq \$0x15,$D3,$D3 - vpshufd \$0xc8,$D2,$D2 - vmovdqa $D1,0x80(%rsp) - vpermq \$0x15,$D4,$D4 - vpshufd \$0xc8,$D3,$D3 - vmovdqa $D2,0xa0(%rsp) - vpermq \$0x15,$MASK,$MASK - vpshufd \$0xc8,$D4,$D4 - vmovdqa $D3,0xc0(%rsp) - vpshufd \$0xc8,$MASK,$MASK - vmovdqa $D4,0xe0(%rsp) - vmovdqa $MASK,0x100(%rsp) - vmovdqa 64(%rcx),$MASK # .Lmask26 - - ################################################################ - # load input - vmovdqu 16*0($inp),%x#$T0 - vmovdqu 16*1($inp),%x#$T1 - vinserti128 \$1,16*2($inp),$T0,$T0 - vinserti128 \$1,16*3($inp),$T1,$T1 - lea 16*4($inp),$inp - - vpsrldq \$6,$T0,$T2 # splat input - vpsrldq \$6,$T1,$T3 - vpunpckhqdq $T1,$T0,$T4 # 4 - vpunpcklqdq $T3,$T2,$T2 # 2:3 - vpunpcklqdq $T1,$T0,$T0 # 0:1 - - vpsrlq \$30,$T2,$T3 - vpsrlq \$4,$T2,$T2 - vpsrlq \$26,$T0,$T1 - vpsrlq \$40,$T4,$T4 # 4 - vpand $MASK,$T2,$T2 # 2 - vpand $MASK,$T0,$T0 # 0 - vpand $MASK,$T1,$T1 # 1 - vpand $MASK,$T3,$T3 # 3 - vpor 32(%rcx),$T4,$T4 # padbit, yes, always - - lea 0x90(%rsp),%rax # size optimization - vpaddq $H2,$T2,$H2 # accumulate input - sub \$64,$len - jz .Ltail_avx2 - jmp .Loop_avx2 - -.align 32 -.Loop_avx2: - ################################################################ - # ((inp[0]*r^4+r[4])*r^4+r[8])*r^4 - # ((inp[1]*r^4+r[5])*r^4+r[9])*r^3 - # ((inp[2]*r^4+r[6])*r^4+r[10])*r^2 - # ((inp[3]*r^4+r[7])*r^4+r[11])*r^1 - # \________/\________/ - ################################################################ - #vpaddq $H2,$T2,$H2 # accumulate input - vpaddq $H0,$T0,$H0 - vmovdqa `32*0`(%rsp),$T0 # r0^4 - vpaddq $H1,$T1,$H1 - vmovdqa `32*1`(%rsp),$T1 # r1^4 - vpaddq $H3,$T3,$H3 - vmovdqa `32*3`(%rsp),$T2 # r2^4 - vpaddq $H4,$T4,$H4 - vmovdqa `32*6-0x90`(%rax),$T3 # s3^4 - vmovdqa `32*8-0x90`(%rax),$S4 # s4^4 - - # d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 - # d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 - # d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - # d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 - # d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 - # - # however, as h2 is "chronologically" first one available pull - # corresponding operations up, so it's - # - # d4 = h2*r2 + h4*r0 + h3*r1 + h1*r3 + h0*r4 - # d3 = h2*r1 + h3*r0 + h1*r2 + h0*r3 + h4*5*r4 - # d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - # d1 = h2*5*r4 + h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 - # d0 = h2*5*r3 + h0*r0 + h4*5*r1 + h3*5*r2 + h1*5*r4 - - vpmuludq $H2,$T0,$D2 # d2 = h2*r0 - vpmuludq $H2,$T1,$D3 # d3 = h2*r1 - vpmuludq $H2,$T2,$D4 # d4 = h2*r2 - vpmuludq $H2,$T3,$D0 # d0 = h2*s3 - vpmuludq $H2,$S4,$D1 # d1 = h2*s4 - - vpmuludq $H0,$T1,$T4 # h0*r1 - vpmuludq $H1,$T1,$H2 # h1*r1, borrow $H2 as temp - vpaddq $T4,$D1,$D1 # d1 += h0*r1 - vpaddq $H2,$D2,$D2 # d2 += h1*r1 - vpmuludq $H3,$T1,$T4 # h3*r1 - vpmuludq `32*2`(%rsp),$H4,$H2 # h4*s1 - vpaddq $T4,$D4,$D4 # d4 += h3*r1 - vpaddq $H2,$D0,$D0 # d0 += h4*s1 - vmovdqa `32*4-0x90`(%rax),$T1 # s2 - - vpmuludq $H0,$T0,$T4 # h0*r0 - vpmuludq $H1,$T0,$H2 # h1*r0 - vpaddq $T4,$D0,$D0 # d0 += h0*r0 - vpaddq $H2,$D1,$D1 # d1 += h1*r0 - vpmuludq $H3,$T0,$T4 # h3*r0 - vpmuludq $H4,$T0,$H2 # h4*r0 - vmovdqu 16*0($inp),%x#$T0 # load input - vpaddq $T4,$D3,$D3 # d3 += h3*r0 - vpaddq $H2,$D4,$D4 # d4 += h4*r0 - vinserti128 \$1,16*2($inp),$T0,$T0 - - vpmuludq $H3,$T1,$T4 # h3*s2 - vpmuludq $H4,$T1,$H2 # h4*s2 - vmovdqu 16*1($inp),%x#$T1 - vpaddq $T4,$D0,$D0 # d0 += h3*s2 - vpaddq $H2,$D1,$D1 # d1 += h4*s2 - vmovdqa `32*5-0x90`(%rax),$H2 # r3 - vpmuludq $H1,$T2,$T4 # h1*r2 - vpmuludq $H0,$T2,$T2 # h0*r2 - vpaddq $T4,$D3,$D3 # d3 += h1*r2 - vpaddq $T2,$D2,$D2 # d2 += h0*r2 - vinserti128 \$1,16*3($inp),$T1,$T1 - lea 16*4($inp),$inp - - vpmuludq $H1,$H2,$T4 # h1*r3 - vpmuludq $H0,$H2,$H2 # h0*r3 - vpsrldq \$6,$T0,$T2 # splat input - vpaddq $T4,$D4,$D4 # d4 += h1*r3 - vpaddq $H2,$D3,$D3 # d3 += h0*r3 - vpmuludq $H3,$T3,$T4 # h3*s3 - vpmuludq $H4,$T3,$H2 # h4*s3 - vpsrldq \$6,$T1,$T3 - vpaddq $T4,$D1,$D1 # d1 += h3*s3 - vpaddq $H2,$D2,$D2 # d2 += h4*s3 - vpunpckhqdq $T1,$T0,$T4 # 4 - - vpmuludq $H3,$S4,$H3 # h3*s4 - vpmuludq $H4,$S4,$H4 # h4*s4 - vpunpcklqdq $T1,$T0,$T0 # 0:1 - vpaddq $H3,$D2,$H2 # h2 = d2 + h3*r4 - vpaddq $H4,$D3,$H3 # h3 = d3 + h4*r4 - vpunpcklqdq $T3,$T2,$T3 # 2:3 - vpmuludq `32*7-0x90`(%rax),$H0,$H4 # h0*r4 - vpmuludq $H1,$S4,$H0 # h1*s4 - vmovdqa 64(%rcx),$MASK # .Lmask26 - vpaddq $H4,$D4,$H4 # h4 = d4 + h0*r4 - vpaddq $H0,$D0,$H0 # h0 = d0 + h1*s4 - - ################################################################ - # lazy reduction (interleaved with tail of input splat) - - vpsrlq \$26,$H3,$D3 - vpand $MASK,$H3,$H3 - vpaddq $D3,$H4,$H4 # h3 -> h4 - - vpsrlq \$26,$H0,$D0 - vpand $MASK,$H0,$H0 - vpaddq $D0,$D1,$H1 # h0 -> h1 - - vpsrlq \$26,$H4,$D4 - vpand $MASK,$H4,$H4 - - vpsrlq \$4,$T3,$T2 - - vpsrlq \$26,$H1,$D1 - vpand $MASK,$H1,$H1 - vpaddq $D1,$H2,$H2 # h1 -> h2 - - vpaddq $D4,$H0,$H0 - vpsllq \$2,$D4,$D4 - vpaddq $D4,$H0,$H0 # h4 -> h0 - - vpand $MASK,$T2,$T2 # 2 - vpsrlq \$26,$T0,$T1 - - vpsrlq \$26,$H2,$D2 - vpand $MASK,$H2,$H2 - vpaddq $D2,$H3,$H3 # h2 -> h3 - - vpaddq $T2,$H2,$H2 # modulo-scheduled - vpsrlq \$30,$T3,$T3 - - vpsrlq \$26,$H0,$D0 - vpand $MASK,$H0,$H0 - vpaddq $D0,$H1,$H1 # h0 -> h1 - - vpsrlq \$40,$T4,$T4 # 4 - - vpsrlq \$26,$H3,$D3 - vpand $MASK,$H3,$H3 - vpaddq $D3,$H4,$H4 # h3 -> h4 - - vpand $MASK,$T0,$T0 # 0 - vpand $MASK,$T1,$T1 # 1 - vpand $MASK,$T3,$T3 # 3 - vpor 32(%rcx),$T4,$T4 # padbit, yes, always - - sub \$64,$len - jnz .Loop_avx2 - - .byte 0x66,0x90 -.Ltail_avx2: - ################################################################ - # while above multiplications were by r^4 in all lanes, in last - # iteration we multiply least significant lane by r^4 and most - # significant one by r, so copy of above except that references - # to the precomputed table are displaced by 4... - - #vpaddq $H2,$T2,$H2 # accumulate input - vpaddq $H0,$T0,$H0 - vmovdqu `32*0+4`(%rsp),$T0 # r0^4 - vpaddq $H1,$T1,$H1 - vmovdqu `32*1+4`(%rsp),$T1 # r1^4 - vpaddq $H3,$T3,$H3 - vmovdqu `32*3+4`(%rsp),$T2 # r2^4 - vpaddq $H4,$T4,$H4 - vmovdqu `32*6+4-0x90`(%rax),$T3 # s3^4 - vmovdqu `32*8+4-0x90`(%rax),$S4 # s4^4 - - vpmuludq $H2,$T0,$D2 # d2 = h2*r0 - vpmuludq $H2,$T1,$D3 # d3 = h2*r1 - vpmuludq $H2,$T2,$D4 # d4 = h2*r2 - vpmuludq $H2,$T3,$D0 # d0 = h2*s3 - vpmuludq $H2,$S4,$D1 # d1 = h2*s4 - - vpmuludq $H0,$T1,$T4 # h0*r1 - vpmuludq $H1,$T1,$H2 # h1*r1 - vpaddq $T4,$D1,$D1 # d1 += h0*r1 - vpaddq $H2,$D2,$D2 # d2 += h1*r1 - vpmuludq $H3,$T1,$T4 # h3*r1 - vpmuludq `32*2+4`(%rsp),$H4,$H2 # h4*s1 - vpaddq $T4,$D4,$D4 # d4 += h3*r1 - vpaddq $H2,$D0,$D0 # d0 += h4*s1 - - vpmuludq $H0,$T0,$T4 # h0*r0 - vpmuludq $H1,$T0,$H2 # h1*r0 - vpaddq $T4,$D0,$D0 # d0 += h0*r0 - vmovdqu `32*4+4-0x90`(%rax),$T1 # s2 - vpaddq $H2,$D1,$D1 # d1 += h1*r0 - vpmuludq $H3,$T0,$T4 # h3*r0 - vpmuludq $H4,$T0,$H2 # h4*r0 - vpaddq $T4,$D3,$D3 # d3 += h3*r0 - vpaddq $H2,$D4,$D4 # d4 += h4*r0 - - vpmuludq $H3,$T1,$T4 # h3*s2 - vpmuludq $H4,$T1,$H2 # h4*s2 - vpaddq $T4,$D0,$D0 # d0 += h3*s2 - vpaddq $H2,$D1,$D1 # d1 += h4*s2 - vmovdqu `32*5+4-0x90`(%rax),$H2 # r3 - vpmuludq $H1,$T2,$T4 # h1*r2 - vpmuludq $H0,$T2,$T2 # h0*r2 - vpaddq $T4,$D3,$D3 # d3 += h1*r2 - vpaddq $T2,$D2,$D2 # d2 += h0*r2 - - vpmuludq $H1,$H2,$T4 # h1*r3 - vpmuludq $H0,$H2,$H2 # h0*r3 - vpaddq $T4,$D4,$D4 # d4 += h1*r3 - vpaddq $H2,$D3,$D3 # d3 += h0*r3 - vpmuludq $H3,$T3,$T4 # h3*s3 - vpmuludq $H4,$T3,$H2 # h4*s3 - vpaddq $T4,$D1,$D1 # d1 += h3*s3 - vpaddq $H2,$D2,$D2 # d2 += h4*s3 - - vpmuludq $H3,$S4,$H3 # h3*s4 - vpmuludq $H4,$S4,$H4 # h4*s4 - vpaddq $H3,$D2,$H2 # h2 = d2 + h3*r4 - vpaddq $H4,$D3,$H3 # h3 = d3 + h4*r4 - vpmuludq `32*7+4-0x90`(%rax),$H0,$H4 # h0*r4 - vpmuludq $H1,$S4,$H0 # h1*s4 - vmovdqa 64(%rcx),$MASK # .Lmask26 - vpaddq $H4,$D4,$H4 # h4 = d4 + h0*r4 - vpaddq $H0,$D0,$H0 # h0 = d0 + h1*s4 - - ################################################################ - # horizontal addition - - vpsrldq \$8,$D1,$T1 - vpsrldq \$8,$H2,$T2 - vpsrldq \$8,$H3,$T3 - vpsrldq \$8,$H4,$T4 - vpsrldq \$8,$H0,$T0 - vpaddq $T1,$D1,$D1 - vpaddq $T2,$H2,$H2 - vpaddq $T3,$H3,$H3 - vpaddq $T4,$H4,$H4 - vpaddq $T0,$H0,$H0 - - vpermq \$0x2,$H3,$T3 - vpermq \$0x2,$H4,$T4 - vpermq \$0x2,$H0,$T0 - vpermq \$0x2,$D1,$T1 - vpermq \$0x2,$H2,$T2 - vpaddq $T3,$H3,$H3 - vpaddq $T4,$H4,$H4 - vpaddq $T0,$H0,$H0 - vpaddq $T1,$D1,$D1 - vpaddq $T2,$H2,$H2 - - ################################################################ - # lazy reduction - - vpsrlq \$26,$H3,$D3 - vpand $MASK,$H3,$H3 - vpaddq $D3,$H4,$H4 # h3 -> h4 - - vpsrlq \$26,$H0,$D0 - vpand $MASK,$H0,$H0 - vpaddq $D0,$D1,$H1 # h0 -> h1 - - vpsrlq \$26,$H4,$D4 - vpand $MASK,$H4,$H4 - - vpsrlq \$26,$H1,$D1 - vpand $MASK,$H1,$H1 - vpaddq $D1,$H2,$H2 # h1 -> h2 - - vpaddq $D4,$H0,$H0 - vpsllq \$2,$D4,$D4 - vpaddq $D4,$H0,$H0 # h4 -> h0 - - vpsrlq \$26,$H2,$D2 - vpand $MASK,$H2,$H2 - vpaddq $D2,$H3,$H3 # h2 -> h3 - - vpsrlq \$26,$H0,$D0 - vpand $MASK,$H0,$H0 - vpaddq $D0,$H1,$H1 # h0 -> h1 - - vpsrlq \$26,$H3,$D3 - vpand $MASK,$H3,$H3 - vpaddq $D3,$H4,$H4 # h3 -> h4 - - vmovd %x#$H0,`4*0-48-64`($ctx)# save partially reduced - vmovd %x#$H1,`4*1-48-64`($ctx) - vmovd %x#$H2,`4*2-48-64`($ctx) - vmovd %x#$H3,`4*3-48-64`($ctx) - vmovd %x#$H4,`4*4-48-64`($ctx) -___ -$code.=<<___ if ($win64); - vmovdqa 0x50(%r11),%xmm6 - vmovdqa 0x60(%r11),%xmm7 - vmovdqa 0x70(%r11),%xmm8 - vmovdqa 0x80(%r11),%xmm9 - vmovdqa 0x90(%r11),%xmm10 - vmovdqa 0xa0(%r11),%xmm11 - vmovdqa 0xb0(%r11),%xmm12 - vmovdqa 0xc0(%r11),%xmm13 - vmovdqa 0xd0(%r11),%xmm14 - vmovdqa 0xe0(%r11),%xmm15 - lea 0xf8(%r11),%rsp -.Ldo_avx2_epilogue: -___ -$code.=<<___ if (!$win64); - lea 8(%r11),%rsp -___ -$code.=<<___; - vzeroupper - ret -.size poly1305_blocks_avx2,.-poly1305_blocks_avx2 -___ -} -$code.=<<___; -.align 64 -.Lconst: -.Lmask24: -.long 0x0ffffff,0,0x0ffffff,0,0x0ffffff,0,0x0ffffff,0 -.L129: -.long `1<<24`,0,`1<<24`,0,`1<<24`,0,`1<<24`,0 -.Lmask26: -.long 0x3ffffff,0,0x3ffffff,0,0x3ffffff,0,0x3ffffff,0 -.Lfive: -.long 5,0,5,0,5,0,5,0 -___ -} - -$code.=<<___; -.asciz "Poly1305 for x86_64, CRYPTOGAMS by " -.align 16 -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->Rip<.Lprologue - jb .Lcommon_seh_tail - - mov 152($context),%rax # pull context->Rsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=.Lepilogue - jae .Lcommon_seh_tail - - lea 48(%rax),%rax - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R14 - - jmp .Lcommon_seh_tail -.size se_handler,.-se_handler - -.type avx_handler,\@abi-omnipotent -.align 16 -avx_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lcommon_seh_tail - - mov 208($context),%rax # pull context->R11 - - lea 0x50(%rax),%rsi - lea 0xf8(%rax),%rax - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx - .long 0xa548f3fc # cld; rep movsq - -.Lcommon_seh_tail: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size avx_handler,.-avx_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_GFp_poly1305_init_asm - .rva .LSEH_end_GFp_poly1305_init_asm - .rva .LSEH_info_GFp_poly1305_init_asm - - .rva .LSEH_begin_GFp_poly1305_blocks - .rva .LSEH_end_GFp_poly1305_blocks - .rva .LSEH_info_GFp_poly1305_blocks - - .rva .LSEH_begin_GFp_poly1305_emit - .rva .LSEH_end_GFp_poly1305_emit - .rva .LSEH_info_GFp_poly1305_emit -___ -$code.=<<___ if ($avx); - .rva .LSEH_begin_poly1305_blocks_avx - .rva .Lbase2_64_avx - .rva .LSEH_info_poly1305_blocks_avx_1 - - .rva .Lbase2_64_avx - .rva .Leven_avx - .rva .LSEH_info_poly1305_blocks_avx_2 - - .rva .Leven_avx - .rva .LSEH_end_poly1305_blocks_avx - .rva .LSEH_info_poly1305_blocks_avx_3 - - .rva .LSEH_begin_poly1305_emit_avx - .rva .LSEH_end_poly1305_emit_avx - .rva .LSEH_info_poly1305_emit_avx -___ -$code.=<<___ if ($avx>1); - .rva .LSEH_begin_poly1305_blocks_avx2 - .rva .Lbase2_64_avx2 - .rva .LSEH_info_poly1305_blocks_avx2_1 - - .rva .Lbase2_64_avx2 - .rva .Leven_avx2 - .rva .LSEH_info_poly1305_blocks_avx2_2 - - .rva .Leven_avx2 - .rva .LSEH_end_poly1305_blocks_avx2 - .rva .LSEH_info_poly1305_blocks_avx2_3 -___ -$code.=<<___; -.section .xdata -.align 8 -.LSEH_info_GFp_poly1305_init_asm: - .byte 9,0,0,0 - .rva se_handler - .rva .LSEH_begin_GFp_poly1305_init_asm,.LSEH_begin_GFp_poly1305_init_asm - -.LSEH_info_GFp_poly1305_blocks: - .byte 9,0,0,0 - .rva se_handler - .rva .Lblocks_body,.Lblocks_epilogue - -.LSEH_info_GFp_poly1305_emit: - .byte 9,0,0,0 - .rva se_handler - .rva .LSEH_begin_GFp_poly1305_emit,.LSEH_begin_GFp_poly1305_emit -___ -$code.=<<___ if ($avx); -.LSEH_info_poly1305_blocks_avx_1: - .byte 9,0,0,0 - .rva se_handler - .rva .Lblocks_avx_body,.Lblocks_avx_epilogue # HandlerData[] - -.LSEH_info_poly1305_blocks_avx_2: - .byte 9,0,0,0 - .rva se_handler - .rva .Lbase2_64_avx_body,.Lbase2_64_avx_epilogue # HandlerData[] - -.LSEH_info_poly1305_blocks_avx_3: - .byte 9,0,0,0 - .rva avx_handler - .rva .Ldo_avx_body,.Ldo_avx_epilogue # HandlerData[] - -.LSEH_info_poly1305_emit_avx: - .byte 9,0,0,0 - .rva se_handler - .rva .LSEH_begin_poly1305_emit_avx,.LSEH_begin_poly1305_emit_avx -___ -$code.=<<___ if ($avx>1); -.LSEH_info_poly1305_blocks_avx2_1: - .byte 9,0,0,0 - .rva se_handler - .rva .Lblocks_avx2_body,.Lblocks_avx2_epilogue # HandlerData[] - -.LSEH_info_poly1305_blocks_avx2_2: - .byte 9,0,0,0 - .rva se_handler - .rva .Lbase2_64_avx2_body,.Lbase2_64_avx2_epilogue # HandlerData[] - -.LSEH_info_poly1305_blocks_avx2_3: - .byte 9,0,0,0 - .rva avx_handler - .rva .Ldo_avx2_body,.Ldo_avx2_epilogue # HandlerData[] -___ -} - -foreach (split('\n',$code)) { - s/\`([^\`]*)\`/eval($1)/ge; - s/%r([a-z]+)#d/%e$1/g; - s/%r([0-9]+)#d/%r$1d/g; - s/%x#%y/%x/g; - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT"; diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c new file mode 100644 index 0000000000..145a53b887 --- /dev/null +++ b/crypto/poly1305/poly1305.c @@ -0,0 +1,302 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +// This implementation of poly1305 is by Andrew Moon +// (https://github.com/floodyberry/poly1305-donna) and released as public +// domain. + +#include + +#include "internal.h" +#include "../internal.h" + + +#if !defined(BORINGSSL_HAS_UINT128) || !defined(OPENSSL_X86_64) + +#if defined(__GNUC__) +#pragma GCC diagnostic ignored "-Wsign-conversion" +#pragma GCC diagnostic ignored "-Wconversion" +#endif + +// We can assume little-endian. +static uint32_t U8TO32_LE(const uint8_t *m) { + uint32_t r; + GFp_memcpy(&r, m, sizeof(r)); + return r; +} + +static void U32TO8_LE(uint8_t *m, uint32_t v) { + GFp_memcpy(m, &v, sizeof(v)); +} + +static uint64_t mul32x32_64(uint32_t a, uint32_t b) { return (uint64_t)a * b; } + +struct poly1305_state_st { + uint32_t r0, r1, r2, r3, r4; + uint32_t s1, s2, s3, s4; + uint32_t h0, h1, h2, h3, h4; + uint8_t buf[16]; + unsigned int buf_used; + uint8_t key[16]; +}; + +OPENSSL_STATIC_ASSERT(sizeof(struct poly1305_state_st) <= sizeof(poly1305_state), + "poly1305_state isn't large enough to hold aligned poly1305_state_st"); + +static inline struct poly1305_state_st *poly1305_aligned_state( + poly1305_state *state) { + dev_assert_secret(((uintptr_t)state & 63) == 0); + return (struct poly1305_state_st *)(((uintptr_t)state + 63) & ~63); +} + +// poly1305_blocks updates |state| given some amount of input data. This +// function may only be called with a |len| that is not a multiple of 16 at the +// end of the data. Otherwise the input must be buffered into 16 byte blocks. +static void poly1305_update(struct poly1305_state_st *state, const uint8_t *in, + size_t len) { + uint32_t t0, t1, t2, t3; + uint64_t t[5]; + uint32_t b; + uint64_t c; + size_t j; + uint8_t mp[16]; + + if (len < 16) { + goto poly1305_donna_atmost15bytes; + } + +poly1305_donna_16bytes: + t0 = U8TO32_LE(in); + t1 = U8TO32_LE(in + 4); + t2 = U8TO32_LE(in + 8); + t3 = U8TO32_LE(in + 12); + + in += 16; + len -= 16; + + state->h0 += t0 & 0x3ffffff; + state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; + state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; + state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; + state->h4 += (t3 >> 8) | (1 << 24); + +poly1305_donna_mul: + t[0] = mul32x32_64(state->h0, state->r0) + mul32x32_64(state->h1, state->s4) + + mul32x32_64(state->h2, state->s3) + mul32x32_64(state->h3, state->s2) + + mul32x32_64(state->h4, state->s1); + t[1] = mul32x32_64(state->h0, state->r1) + mul32x32_64(state->h1, state->r0) + + mul32x32_64(state->h2, state->s4) + mul32x32_64(state->h3, state->s3) + + mul32x32_64(state->h4, state->s2); + t[2] = mul32x32_64(state->h0, state->r2) + mul32x32_64(state->h1, state->r1) + + mul32x32_64(state->h2, state->r0) + mul32x32_64(state->h3, state->s4) + + mul32x32_64(state->h4, state->s3); + t[3] = mul32x32_64(state->h0, state->r3) + mul32x32_64(state->h1, state->r2) + + mul32x32_64(state->h2, state->r1) + mul32x32_64(state->h3, state->r0) + + mul32x32_64(state->h4, state->s4); + t[4] = mul32x32_64(state->h0, state->r4) + mul32x32_64(state->h1, state->r3) + + mul32x32_64(state->h2, state->r2) + mul32x32_64(state->h3, state->r1) + + mul32x32_64(state->h4, state->r0); + + state->h0 = (uint32_t)t[0] & 0x3ffffff; + c = (t[0] >> 26); + t[1] += c; + state->h1 = (uint32_t)t[1] & 0x3ffffff; + b = (uint32_t)(t[1] >> 26); + t[2] += b; + state->h2 = (uint32_t)t[2] & 0x3ffffff; + b = (uint32_t)(t[2] >> 26); + t[3] += b; + state->h3 = (uint32_t)t[3] & 0x3ffffff; + b = (uint32_t)(t[3] >> 26); + t[4] += b; + state->h4 = (uint32_t)t[4] & 0x3ffffff; + b = (uint32_t)(t[4] >> 26); + state->h0 += b * 5; + + if (len >= 16) { + goto poly1305_donna_16bytes; + } + +// final bytes +poly1305_donna_atmost15bytes: + if (!len) { + return; + } + + for (j = 0; j < len; j++) { + mp[j] = in[j]; + } + mp[j++] = 1; + for (; j < 16; j++) { + mp[j] = 0; + } + len = 0; + + t0 = U8TO32_LE(mp + 0); + t1 = U8TO32_LE(mp + 4); + t2 = U8TO32_LE(mp + 8); + t3 = U8TO32_LE(mp + 12); + + state->h0 += t0 & 0x3ffffff; + state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; + state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; + state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; + state->h4 += (t3 >> 8); + + goto poly1305_donna_mul; +} + +void GFp_poly1305_init(poly1305_state *statep, const uint8_t key[32]) { + struct poly1305_state_st *state = poly1305_aligned_state(statep); + uint32_t t0, t1, t2, t3; + + t0 = U8TO32_LE(key + 0); + t1 = U8TO32_LE(key + 4); + t2 = U8TO32_LE(key + 8); + t3 = U8TO32_LE(key + 12); + + // precompute multipliers + state->r0 = t0 & 0x3ffffff; + t0 >>= 26; + t0 |= t1 << 6; + state->r1 = t0 & 0x3ffff03; + t1 >>= 20; + t1 |= t2 << 12; + state->r2 = t1 & 0x3ffc0ff; + t2 >>= 14; + t2 |= t3 << 18; + state->r3 = t2 & 0x3f03fff; + t3 >>= 8; + state->r4 = t3 & 0x00fffff; + + state->s1 = state->r1 * 5; + state->s2 = state->r2 * 5; + state->s3 = state->r3 * 5; + state->s4 = state->r4 * 5; + + // init state + state->h0 = 0; + state->h1 = 0; + state->h2 = 0; + state->h3 = 0; + state->h4 = 0; + + state->buf_used = 0; + GFp_memcpy(state->key, key + 16, sizeof(state->key)); +} + +void GFp_poly1305_update(poly1305_state *statep, const uint8_t *in, + size_t in_len) { + unsigned int i; + struct poly1305_state_st *state = poly1305_aligned_state(statep); + + if (state->buf_used) { + unsigned todo = 16 - state->buf_used; + if (todo > in_len) { + todo = (unsigned)in_len; + } + for (i = 0; i < todo; i++) { + state->buf[state->buf_used + i] = in[i]; + } + state->buf_used += todo; + in_len -= todo; + in += todo; + + if (state->buf_used == 16) { + poly1305_update(state, state->buf, 16); + state->buf_used = 0; + } + } + + if (in_len >= 16) { + size_t todo = in_len & ~0xf; + poly1305_update(state, in, todo); + in += todo; + in_len &= 0xf; + } + + if (in_len) { + for (i = 0; i < in_len; i++) { + state->buf[i] = in[i]; + } + state->buf_used = (unsigned)in_len; + } +} + +void GFp_poly1305_finish(poly1305_state *statep, uint8_t mac[16]) { + struct poly1305_state_st *state = poly1305_aligned_state(statep); + uint64_t f0, f1, f2, f3; + uint32_t g0, g1, g2, g3, g4; + uint32_t b, nb; + + if (state->buf_used) { + poly1305_update(state, state->buf, state->buf_used); + } + + b = state->h0 >> 26; + state->h0 = state->h0 & 0x3ffffff; + state->h1 += b; + b = state->h1 >> 26; + state->h1 = state->h1 & 0x3ffffff; + state->h2 += b; + b = state->h2 >> 26; + state->h2 = state->h2 & 0x3ffffff; + state->h3 += b; + b = state->h3 >> 26; + state->h3 = state->h3 & 0x3ffffff; + state->h4 += b; + b = state->h4 >> 26; + state->h4 = state->h4 & 0x3ffffff; + state->h0 += b * 5; + + g0 = state->h0 + 5; + b = g0 >> 26; + g0 &= 0x3ffffff; + g1 = state->h1 + b; + b = g1 >> 26; + g1 &= 0x3ffffff; + g2 = state->h2 + b; + b = g2 >> 26; + g2 &= 0x3ffffff; + g3 = state->h3 + b; + b = g3 >> 26; + g3 &= 0x3ffffff; + g4 = state->h4 + b - (1 << 26); + + b = (g4 >> 31) - 1; + nb = ~b; + state->h0 = (state->h0 & nb) | (g0 & b); + state->h1 = (state->h1 & nb) | (g1 & b); + state->h2 = (state->h2 & nb) | (g2 & b); + state->h3 = (state->h3 & nb) | (g3 & b); + state->h4 = (state->h4 & nb) | (g4 & b); + + f0 = ((state->h0) | (state->h1 << 26)) + (uint64_t)U8TO32_LE(&state->key[0]); + f1 = ((state->h1 >> 6) | (state->h2 << 20)) + + (uint64_t)U8TO32_LE(&state->key[4]); + f2 = ((state->h2 >> 12) | (state->h3 << 14)) + + (uint64_t)U8TO32_LE(&state->key[8]); + f3 = ((state->h3 >> 18) | (state->h4 << 8)) + + (uint64_t)U8TO32_LE(&state->key[12]); + + U32TO8_LE(&mac[0], (uint32_t)f0); + f1 += (f0 >> 32); + U32TO8_LE(&mac[4], (uint32_t)f1); + f2 += (f1 >> 32); + U32TO8_LE(&mac[8], (uint32_t)f2); + f3 += (f2 >> 32); + U32TO8_LE(&mac[12], (uint32_t)f3); +} + +#endif // !BORINGSSL_HAS_UINT128 || !OPENSSL_X86_64 diff --git a/crypto/poly1305/poly1305_arm.c b/crypto/poly1305/poly1305_arm.c new file mode 100644 index 0000000000..8f093b3332 --- /dev/null +++ b/crypto/poly1305/poly1305_arm.c @@ -0,0 +1,309 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +// This implementation was taken from the public domain, neon2 version in +// SUPERCOP by D. J. Bernstein and Peter Schwabe. + +#include + +#include "internal.h" +#include "../internal.h" + + +#if defined(OPENSSL_POLY1305_NEON) + +#pragma GCC diagnostic ignored "-Wsign-conversion" +#pragma GCC diagnostic ignored "-Wcast-align" + +typedef struct { + uint32_t v[12]; // for alignment; only using 10 +} fe1305x2; + +#define addmulmod GFp_poly1305_neon2_addmulmod +#define blocks GFp_poly1305_neon2_blocks + +extern void addmulmod(fe1305x2 *r, const fe1305x2 *x, const fe1305x2 *y, + const fe1305x2 *c); + +extern int blocks(fe1305x2 *h, const fe1305x2 *precomp, const uint8_t *in, + unsigned int inlen); + +static void freeze(fe1305x2 *r) { + int i; + + uint32_t x0 = r->v[0]; + uint32_t x1 = r->v[2]; + uint32_t x2 = r->v[4]; + uint32_t x3 = r->v[6]; + uint32_t x4 = r->v[8]; + uint32_t y0; + uint32_t y1; + uint32_t y2; + uint32_t y3; + uint32_t y4; + uint32_t swap; + + for (i = 0; i < 3; ++i) { + x1 += x0 >> 26; + x0 &= 0x3ffffff; + x2 += x1 >> 26; + x1 &= 0x3ffffff; + x3 += x2 >> 26; + x2 &= 0x3ffffff; + x4 += x3 >> 26; + x3 &= 0x3ffffff; + x0 += 5 * (x4 >> 26); + x4 &= 0x3ffffff; + } + + y0 = x0 + 5; + y1 = x1 + (y0 >> 26); + y0 &= 0x3ffffff; + y2 = x2 + (y1 >> 26); + y1 &= 0x3ffffff; + y3 = x3 + (y2 >> 26); + y2 &= 0x3ffffff; + y4 = x4 + (y3 >> 26); + y3 &= 0x3ffffff; + swap = -(y4 >> 26); + y4 &= 0x3ffffff; + + y0 ^= x0; + y1 ^= x1; + y2 ^= x2; + y3 ^= x3; + y4 ^= x4; + + y0 &= swap; + y1 &= swap; + y2 &= swap; + y3 &= swap; + y4 &= swap; + + y0 ^= x0; + y1 ^= x1; + y2 ^= x2; + y3 ^= x3; + y4 ^= x4; + + r->v[0] = y0; + r->v[2] = y1; + r->v[4] = y2; + r->v[6] = y3; + r->v[8] = y4; +} + +static void store32(uint8_t out[4], uint32_t v) { GFp_memcpy(out, &v, 4); } + +// load32 exists to avoid breaking strict aliasing rules in +// fe1305x2_frombytearray. +static uint32_t load32(const uint8_t t[4]) { + uint32_t tmp; + GFp_memcpy(&tmp, t, sizeof(tmp)); + return tmp; +} + +static void fe1305x2_tobytearray(uint8_t r[16], fe1305x2 *x) { + uint32_t x0 = x->v[0]; + uint32_t x1 = x->v[2]; + uint32_t x2 = x->v[4]; + uint32_t x3 = x->v[6]; + uint32_t x4 = x->v[8]; + + x1 += x0 >> 26; + x0 &= 0x3ffffff; + x2 += x1 >> 26; + x1 &= 0x3ffffff; + x3 += x2 >> 26; + x2 &= 0x3ffffff; + x4 += x3 >> 26; + x3 &= 0x3ffffff; + + store32(r, x0 + (x1 << 26)); + store32(r + 4, (x1 >> 6) + (x2 << 20)); + store32(r + 8, (x2 >> 12) + (x3 << 14)); + store32(r + 12, (x3 >> 18) + (x4 << 8)); +} + +static void fe1305x2_frombytearray(fe1305x2 *r, const uint8_t *x, size_t xlen) { + unsigned i; + uint8_t t[17]; + + for (i = 0; (i < 16) && (i < xlen); i++) { + t[i] = x[i]; + } + xlen -= i; + x += i; + t[i++] = 1; + for (; i < 17; i++) { + t[i] = 0; + } + + r->v[0] = 0x3ffffff & load32(t); + r->v[2] = 0x3ffffff & (load32(t + 3) >> 2); + r->v[4] = 0x3ffffff & (load32(t + 6) >> 4); + r->v[6] = 0x3ffffff & (load32(t + 9) >> 6); + r->v[8] = load32(t + 13); + + if (xlen) { + for (i = 0; (i < 16) && (i < xlen); i++) { + t[i] = x[i]; + } + t[i++] = 1; + for (; i < 17; i++) { + t[i] = 0; + } + + r->v[1] = 0x3ffffff & load32(t); + r->v[3] = 0x3ffffff & (load32(t + 3) >> 2); + r->v[5] = 0x3ffffff & (load32(t + 6) >> 4); + r->v[7] = 0x3ffffff & (load32(t + 9) >> 6); + r->v[9] = load32(t + 13); + } else { + r->v[1] = r->v[3] = r->v[5] = r->v[7] = r->v[9] = 0; + } +} + +static const alignas(16) fe1305x2 zero; + +struct poly1305_state_st { + uint8_t data[sizeof(fe1305x2[5]) + 128]; + uint8_t buf[32]; + unsigned int buf_used; + uint8_t key[16]; +}; + +OPENSSL_STATIC_ASSERT(sizeof(struct poly1305_state_st) <= sizeof(poly1305_state), + "poly1305_state isn't large enough to hold aligned poly1305_state_st"); + +void GFp_poly1305_init_neon(poly1305_state *state, const uint8_t key[32]) { + struct poly1305_state_st *st = (struct poly1305_state_st *)(state); + fe1305x2 *const r = (fe1305x2 *)(st->data + (15 & (-(int)st->data))); + fe1305x2 *const h = r + 1; + fe1305x2 *const c = h + 1; + fe1305x2 *const precomp = c + 1; + unsigned int j; + + r->v[1] = r->v[0] = 0x3ffffff & load32(key); + r->v[3] = r->v[2] = 0x3ffff03 & (load32(key + 3) >> 2); + r->v[5] = r->v[4] = 0x3ffc0ff & (load32(key + 6) >> 4); + r->v[7] = r->v[6] = 0x3f03fff & (load32(key + 9) >> 6); + r->v[9] = r->v[8] = 0x00fffff & (load32(key + 12) >> 8); + + for (j = 0; j < 10; j++) { + h->v[j] = 0; // XXX: should fast-forward a bit + } + + addmulmod(precomp, r, r, &zero); // precompute r^2 + addmulmod(precomp + 1, precomp, precomp, &zero); // precompute r^4 + + GFp_memcpy(st->key, key + 16, 16); + st->buf_used = 0; +} + +void GFp_poly1305_update_neon(poly1305_state *state, const uint8_t *in, + size_t in_len) { + struct poly1305_state_st *st = (struct poly1305_state_st *)(state); + fe1305x2 *const r = (fe1305x2 *)(st->data + (15 & (-(int)st->data))); + fe1305x2 *const h = r + 1; + fe1305x2 *const c = h + 1; + fe1305x2 *const precomp = c + 1; + unsigned int i; + + if (st->buf_used) { + unsigned int todo = 32 - st->buf_used; + if (todo > in_len) { + todo = in_len; + } + for (i = 0; i < todo; i++) { + st->buf[st->buf_used + i] = in[i]; + } + st->buf_used += todo; + in_len -= todo; + in += todo; + + if (st->buf_used == sizeof(st->buf) && in_len) { + addmulmod(h, h, precomp, &zero); + fe1305x2_frombytearray(c, st->buf, sizeof(st->buf)); + for (i = 0; i < 10; i++) { + h->v[i] += c->v[i]; + } + st->buf_used = 0; + } + } + + while (in_len > 32) { + unsigned int tlen = 1048576; + if (in_len < tlen) { + tlen = in_len; + } + tlen -= blocks(h, precomp, in, tlen); + in_len -= tlen; + in += tlen; + } + + if (in_len) { + for (i = 0; i < in_len; i++) { + st->buf[i] = in[i]; + } + st->buf_used = in_len; + } +} + +void GFp_poly1305_finish_neon(poly1305_state *state, uint8_t mac[16]) { + struct poly1305_state_st *st = (struct poly1305_state_st *)(state); + fe1305x2 *const r = (fe1305x2 *)(st->data + (15 & (-(int)st->data))); + fe1305x2 *const h = r + 1; + fe1305x2 *const c = h + 1; + fe1305x2 *const precomp = c + 1; + + addmulmod(h, h, precomp, &zero); + + if (st->buf_used > 16) { + fe1305x2_frombytearray(c, st->buf, st->buf_used); + precomp->v[1] = r->v[1]; + precomp->v[3] = r->v[3]; + precomp->v[5] = r->v[5]; + precomp->v[7] = r->v[7]; + precomp->v[9] = r->v[9]; + addmulmod(h, h, precomp, c); + } else if (st->buf_used > 0) { + fe1305x2_frombytearray(c, st->buf, st->buf_used); + r->v[1] = 1; + r->v[3] = 0; + r->v[5] = 0; + r->v[7] = 0; + r->v[9] = 0; + addmulmod(h, h, r, c); + } + + h->v[0] += h->v[1]; + h->v[2] += h->v[3]; + h->v[4] += h->v[5]; + h->v[6] += h->v[7]; + h->v[8] += h->v[9]; + freeze(h); + + fe1305x2_frombytearray(c, st->key, 16); + c->v[8] ^= (1 << 24); + + h->v[0] += c->v[0]; + h->v[2] += c->v[2]; + h->v[4] += c->v[4]; + h->v[6] += c->v[6]; + h->v[8] += c->v[8]; + fe1305x2_tobytearray(mac, h); +} + +#endif // OPENSSL_POLY1305_NEON diff --git a/crypto/poly1305/poly1305_arm_asm.S b/crypto/poly1305/poly1305_arm_asm.S new file mode 100644 index 0000000000..24ae435fdd --- /dev/null +++ b/crypto/poly1305/poly1305_arm_asm.S @@ -0,0 +1,2031 @@ +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM +#endif +#endif + +#if defined(__arm__) && !defined(OPENSSL_NO_ASM) && !defined(__APPLE__) + +#pragma GCC diagnostic ignored "-Wlanguage-extension-token" + +#if defined(BORINGSSL_PREFIX) +#include +#endif + +# This implementation was taken from the public domain, neon2 version in +# SUPERCOP by D. J. Bernstein and Peter Schwabe. + +# qhasm: int32 input_0 + +# qhasm: int32 input_1 + +# qhasm: int32 input_2 + +# qhasm: int32 input_3 + +# qhasm: stack32 input_4 + +# qhasm: stack32 input_5 + +# qhasm: stack32 input_6 + +# qhasm: stack32 input_7 + +# qhasm: int32 caller_r4 + +# qhasm: int32 caller_r5 + +# qhasm: int32 caller_r6 + +# qhasm: int32 caller_r7 + +# qhasm: int32 caller_r8 + +# qhasm: int32 caller_r9 + +# qhasm: int32 caller_r10 + +# qhasm: int32 caller_r11 + +# qhasm: int32 caller_r12 + +# qhasm: int32 caller_r14 + +# qhasm: reg128 caller_q4 + +# qhasm: reg128 caller_q5 + +# qhasm: reg128 caller_q6 + +# qhasm: reg128 caller_q7 + +# qhasm: startcode +.fpu neon +.text + +# qhasm: reg128 r0 + +# qhasm: reg128 r1 + +# qhasm: reg128 r2 + +# qhasm: reg128 r3 + +# qhasm: reg128 r4 + +# qhasm: reg128 x01 + +# qhasm: reg128 x23 + +# qhasm: reg128 x4 + +# qhasm: reg128 y0 + +# qhasm: reg128 y12 + +# qhasm: reg128 y34 + +# qhasm: reg128 5y12 + +# qhasm: reg128 5y34 + +# qhasm: stack128 y0_stack + +# qhasm: stack128 y12_stack + +# qhasm: stack128 y34_stack + +# qhasm: stack128 5y12_stack + +# qhasm: stack128 5y34_stack + +# qhasm: reg128 z0 + +# qhasm: reg128 z12 + +# qhasm: reg128 z34 + +# qhasm: reg128 5z12 + +# qhasm: reg128 5z34 + +# qhasm: stack128 z0_stack + +# qhasm: stack128 z12_stack + +# qhasm: stack128 z34_stack + +# qhasm: stack128 5z12_stack + +# qhasm: stack128 5z34_stack + +# qhasm: stack128 two24 + +# qhasm: int32 ptr + +# qhasm: reg128 c01 + +# qhasm: reg128 c23 + +# qhasm: reg128 d01 + +# qhasm: reg128 d23 + +# qhasm: reg128 t0 + +# qhasm: reg128 t1 + +# qhasm: reg128 t2 + +# qhasm: reg128 t3 + +# qhasm: reg128 t4 + +# qhasm: reg128 mask + +# qhasm: reg128 u0 + +# qhasm: reg128 u1 + +# qhasm: reg128 u2 + +# qhasm: reg128 u3 + +# qhasm: reg128 u4 + +# qhasm: reg128 v01 + +# qhasm: reg128 mid + +# qhasm: reg128 v23 + +# qhasm: reg128 v4 + +# qhasm: int32 len + +# qhasm: qpushenter crypto_onetimeauth_poly1305_neon2_blocks +.align 4 +.global GFp_poly1305_neon2_blocks +.hidden GFp_poly1305_neon2_blocks +.type GFp_poly1305_neon2_blocks STT_FUNC +GFp_poly1305_neon2_blocks: +vpush {q4,q5,q6,q7} +mov r12,sp +sub sp,sp,#192 +bic sp,sp,#31 + +# qhasm: len = input_3 +# asm 1: mov >len=int32#4,len=r3,y12=reg128#2%bot->y12=reg128#2%top},[y12=d2->y12=d3},[y34=reg128#3%bot->y34=reg128#3%top},[y34=d4->y34=d5},[input_1=int32#2,input_1=r1,z12=reg128#5%bot->z12=reg128#5%top},[z12=d8->z12=d9},[z34=reg128#6%bot->z34=reg128#6%top},[z34=d10->z34=d11},[mask=reg128#7,#0xffffffff +# asm 2: vmov.i64 >mask=q6,#0xffffffff +vmov.i64 q6,#0xffffffff + +# qhasm: 2x u4 = 0xff +# asm 1: vmov.i64 >u4=reg128#8,#0xff +# asm 2: vmov.i64 >u4=q7,#0xff +vmov.i64 q7,#0xff + +# qhasm: x01 aligned= mem128[input_0];input_0+=16 +# asm 1: vld1.8 {>x01=reg128#9%bot->x01=reg128#9%top},[x01=d16->x01=d17},[x23=reg128#10%bot->x23=reg128#10%top},[x23=d18->x23=d19},[input_0=int32#1,input_0=r0,>=6 +# asm 1: vshr.u64 >mask=reg128#7,mask=q6,>= 7 +# asm 1: vshr.u64 >u4=reg128#8,u4=q7,5y12=reg128#12,5y12=q11,5y34=reg128#13,5y34=q12,5y12=reg128#12,<5y12=reg128#12,5y12=q11,<5y12=q11,5y34=reg128#13,<5y34=reg128#13,5y34=q12,<5y34=q12,u4=reg128#8,u4=q7,5z12=reg128#14,5z12=q13,5z34=reg128#15,5z34=q14,5z12=reg128#14,<5z12=reg128#14,5z12=q13,<5z12=q13,5z34=reg128#15,<5z34=reg128#15,5z34=q14,<5z34=q14,ptr=int32#2,ptr=r1,r4=reg128#16,r4=q15,r0=reg128#8,r0=q7,ptr=int32#2,ptr=r1,ptr=int32#2,ptr=r1,ptr=int32#2,ptr=r1,ptr=int32#2,ptr=r1,ptr=int32#2,ptr=r1,ptr=int32#2,ptr=r1,ptr=int32#2,<5y12_stack=stack128#5 +# asm 2: lea >ptr=r1,<5y12_stack=[sp,#64] +add r1,sp,#64 + +# qhasm: mem128[ptr] aligned= 5y12 +# asm 1: vst1.8 {<5y12=reg128#12%bot-<5y12=reg128#12%top},[ptr=int32#2,<5y34_stack=stack128#6 +# asm 2: lea >ptr=r1,<5y34_stack=[sp,#80] +add r1,sp,#80 + +# qhasm: mem128[ptr] aligned= 5y34 +# asm 1: vst1.8 {<5y34=reg128#13%bot-<5y34=reg128#13%top},[ptr=int32#2,<5z12_stack=stack128#10 +# asm 2: lea >ptr=r1,<5z12_stack=[sp,#144] +add r1,sp,#144 + +# qhasm: mem128[ptr] aligned= 5z12 +# asm 1: vst1.8 {<5z12=reg128#14%bot-<5z12=reg128#14%top},[ptr=int32#2,<5z34_stack=stack128#11 +# asm 2: lea >ptr=r1,<5z34_stack=[sp,#160] +add r1,sp,#160 + +# qhasm: mem128[ptr] aligned= 5z34 +# asm 1: vst1.8 {<5z34=reg128#15%bot-<5z34=reg128#15%top},[? len - 64 +# asm 1: cmp +bls ._below64bytes + +# qhasm: input_2 += 32 +# asm 1: add >input_2=int32#2,input_2=r1,c01=reg128#1%bot->c01=reg128#1%top},[c01=d0->c01=d1},[c23=reg128#2%bot->c23=reg128#2%top},[c23=d2->c23=d3},[ptr=int32#3,ptr=r2,z12=reg128#3%bot->z12=reg128#3%top},[z12=d4->z12=d5},[ptr=int32#3,ptr=r2,z0=reg128#4%bot->z0=reg128#4%top},[z0=d6->z0=d7},[r3=reg128#5,r3=q4,input_2=int32#2,input_2=r1,ptr=int32#3,<5z34_stack=stack128#11 +# asm 2: lea >ptr=r2,<5z34_stack=[sp,#160] +add r2,sp,#160 + +# qhasm: 5z34 aligned= mem128[ptr] +# asm 1: vld1.8 {>5z34=reg128#6%bot->5z34=reg128#6%top},[5z34=d10->5z34=d11},[r0=reg128#8,r0=q7,r2=reg128#14,r2=q13,d01=reg128#12%bot->d01=reg128#12%top},[d01=d22->d01=d23},[r1=reg128#15,r1=q14,ptr=int32#3,<5z12_stack=stack128#10 +# asm 2: lea >ptr=r2,<5z12_stack=[sp,#144] +add r2,sp,#144 + +# qhasm: 5z12 aligned= mem128[ptr] +# asm 1: vld1.8 {>5z12=reg128#1%bot->5z12=reg128#1%top},[5z12=d0->5z12=d1},[d23=reg128#2%bot->d23=reg128#2%top},[d23=d2->d23=d3},[input_2=int32#2,input_2=r1,> 40 +# asm 1: vshr.u64 >v4=reg128#4,v4=q3,> 14; v23[3] = d23[2,3] unsigned>> 14 +# asm 1: vshrn.u64 > 26; v01[3] = d01[2,3] unsigned>> 26 +# asm 1: vshrn.u64 > 20; v23[1] = mid[2,3] unsigned>> 20 +# asm 1: vshrn.u64 ptr=int32#3,ptr=r2,y34=reg128#3%bot->y34=reg128#3%top},[y34=d4->y34=d5},[ptr=int32#3,ptr=r2,y12=reg128#2%bot->y12=reg128#2%top},[y12=d2->y12=d3},[ptr=int32#3,ptr=r2,y0=reg128#1%bot->y0=reg128#1%top},[y0=d0->y0=d1},[ptr=int32#3,<5y34_stack=stack128#6 +# asm 2: lea >ptr=r2,<5y34_stack=[sp,#80] +add r2,sp,#80 + +# qhasm: 5y34 aligned= mem128[ptr] +# asm 1: vld1.8 {>5y34=reg128#13%bot->5y34=reg128#13%top},[5y34=d24->5y34=d25},[ptr=int32#3,<5y12_stack=stack128#5 +# asm 2: lea >ptr=r2,<5y12_stack=[sp,#64] +add r2,sp,#64 + +# qhasm: 5y12 aligned= mem128[ptr] +# asm 1: vld1.8 {>5y12=reg128#12%bot->5y12=reg128#12%top},[5y12=d22->5y12=d23},[ptr=int32#3,ptr=r2,> 26 +# asm 1: vshr.u64 >t1=reg128#4,t1=q3,len=int32#4,len=r3,r0=reg128#6,r0=q5,r1=reg128#4,r1=q3,> 26 +# asm 1: vshr.u64 >t4=reg128#8,t4=q7,r3=reg128#5,r3=q4,x4=reg128#8,x4=q7,r4=reg128#16%bot->r4=reg128#16%top},[r4=d30->r4=d31},[> 26 +# asm 1: vshr.u64 >t2=reg128#9,t2=q8,r1=reg128#4,r1=q3,> 26 +# asm 1: vshr.u64 >t0=reg128#10,t0=q9,r2=reg128#9,r2=q8,x4=reg128#11,x4=q10,x01=reg128#6,x01=q5,r0=reg128#8%bot->r0=reg128#8%top},[r0=d14->r0=d15},[ptr=int32#3,ptr=r2,t0=reg128#10,t0=q9,> 26 +# asm 1: vshr.u64 >t3=reg128#14,t3=q13,x01=reg128#15,x01=q14,z34=reg128#6%bot->z34=reg128#6%top},[z34=d10->z34=d11},[x23=reg128#10,x23=q9,r3=reg128#5,r3=q4,input_2=int32#2,input_2=r1,> 26 +# asm 1: vshr.u64 >t1=reg128#14,t1=q13,x01=reg128#9,x01=q8,r1=reg128#4,r1=q3,> 26 +# asm 1: vshr.u64 >t4=reg128#14,t4=q13,r3=reg128#5,r3=q4,x4=reg128#11,x4=q10,? len - 64 +# asm 1: cmp +bhi ._mainloop2 + +# qhasm: input_2 -= 32 +# asm 1: sub >input_2=int32#3,input_2=r2,? len - 32 +# asm 1: cmp +bls ._end + +# qhasm: mainloop: +._mainloop: + +# qhasm: new r0 + +# qhasm: ptr = &two24 +# asm 1: lea >ptr=int32#2,ptr=r1,r4=reg128#5%bot->r4=reg128#5%top},[r4=d8->r4=d9},[u4=reg128#6%bot->u4=reg128#6%top},[u4=d10->u4=d11},[c01=reg128#8%bot->c01=reg128#8%top},[c01=d14->c01=d15},[c23=reg128#14%bot->c23=reg128#14%top},[c23=d26->c23=d27},[r0=reg128#4,r0=q3,r3=reg128#6,r3=q5,r1=reg128#14,r1=q13,r2=reg128#8,r2=q7,> 26 +# asm 1: vshr.u64 >t1=reg128#9,t1=q8,r0=reg128#4,r0=q3,r1=reg128#9,r1=q8,> 26 +# asm 1: vshr.u64 >t4=reg128#10,t4=q9,r3=reg128#6,r3=q5,r4=reg128#5,r4=q4,> 26 +# asm 1: vshr.u64 >t2=reg128#10,t2=q9,r1=reg128#11,r1=q10,> 26 +# asm 1: vshr.u64 >t0=reg128#9,t0=q8,r2=reg128#8,r2=q7,r4=reg128#5,r4=q4,r0=reg128#4,r0=q3,t0=reg128#9,t0=q8,> 26 +# asm 1: vshr.u64 >t3=reg128#14,t3=q13,r0=reg128#4,r0=q3,x23=reg128#10,x23=q9,r3=reg128#6,r3=q5,> 26 +# asm 1: vshr.u64 >t1=reg128#8,t1=q7,x01=reg128#9,x01=q8,r1=reg128#4,r1=q3,> 26 +# asm 1: vshr.u64 >t4=reg128#8,t4=q7,r3=reg128#6,r3=q5,x4=reg128#11,x4=q10,len=int32#4,len=r3,? len - 32 +# asm 1: cmp +bhi ._mainloop + +# qhasm: end: +._end: + +# qhasm: mem128[input_0] = x01;input_0+=16 +# asm 1: vst1.8 {len=int32#1,len=r0,mask=reg128#1,#0xffffffff +# asm 2: vmov.i64 >mask=q0,#0xffffffff +vmov.i64 q0,#0xffffffff + +# qhasm: y01 aligned= mem128[input_2];input_2+=16 +# asm 1: vld1.8 {>y01=reg128#2%bot->y01=reg128#2%top},[y01=d2->y01=d3},[_5y01=reg128#3,_5y01=q2,y23=reg128#4%bot->y23=reg128#4%top},[y23=d6->y23=d7},[_5y23=reg128#9,_5y23=q8,_5y4=reg128#11,_5y4=q10,x01=reg128#12%bot->x01=reg128#12%top},[x01=d22->x01=d23},[_5y01=reg128#3,<_5y01=reg128#3,_5y01=q2,<_5y01=q2,x23=reg128#13%bot->x23=reg128#13%top},[x23=d24->x23=d25},[_5y23=reg128#9,<_5y23=reg128#9,_5y23=q8,<_5y23=q8,_5y4=reg128#11,<_5y4=reg128#11,_5y4=q10,<_5y4=q10,c01=reg128#14%bot->c01=reg128#14%top},[c01=d26->c01=d27},[x01=reg128#12,x01=q11,c23=reg128#14%bot->c23=reg128#14%top},[c23=d26->c23=d27},[x23=reg128#13,x23=q12,>=6 +# asm 1: vshr.u64 >mask=reg128#1,mask=q0,x4=reg128#14,x4=q13,r0=reg128#15,r0=q14,r1=reg128#3,r1=q2,r2=reg128#16,r2=q15,r3=reg128#9,r3=q8,r4=reg128#10,r4=q9,> 26 +# asm 1: vshr.u64 >t1=reg128#2,t1=q1,r0=reg128#4,r0=q3,r1=reg128#2,r1=q1,> 26 +# asm 1: vshr.u64 >t4=reg128#3,t4=q2,r3=reg128#9,r3=q8,r4=reg128#3,r4=q2,> 26 +# asm 1: vshr.u64 >t2=reg128#10,t2=q9,r1=reg128#2,r1=q1,> 26 +# asm 1: vshr.u64 >t0=reg128#11,t0=q10,r2=reg128#10,r2=q9,r4=reg128#3,r4=q2,r0=reg128#4,r0=q3,t0=reg128#11,t0=q10,> 26 +# asm 1: vshr.u64 >t3=reg128#12,t3=q11,r0=reg128#4,r0=q3,x23=reg128#10,x23=q9,r3=reg128#9,r3=q8,> 26 +# asm 1: vshr.u64 >t1=reg128#11,t1=q10,x01=reg128#4,x01=q3,r1=reg128#2,r1=q1,> 26 +# asm 1: vshr.u64 >t4=reg128#11,t4=q10,r3=reg128#1,r3=q0,x4=reg128#3,x4=q2, + +#include "internal.h" +#include "../internal.h" + + +#if defined(BORINGSSL_HAS_UINT128) && defined(OPENSSL_X86_64) + +#pragma GCC diagnostic ignored "-Wcast-align" +#pragma GCC diagnostic ignored "-Wsign-conversion" + +#include + +static uint32_t load_u32_le(const uint8_t in[4]) { + uint32_t ret; + GFp_memcpy(&ret, in, 4); + return ret; +} + +static uint64_t load_u64_le(const uint8_t in[8]) { + uint64_t ret; + GFp_memcpy(&ret, in, 8); + return ret; +} + +static void store_u64_le(uint8_t out[8], uint64_t v) { + GFp_memcpy(out, &v, 8); +} + +typedef __m128i xmmi; + +static const alignas(16) uint32_t poly1305_x64_sse2_message_mask[4] = { + (1 << 26) - 1, 0, (1 << 26) - 1, 0}; +static const alignas(16) uint32_t poly1305_x64_sse2_5[4] = {5, 0, 5, 0}; +static const alignas(16) uint32_t poly1305_x64_sse2_1shl128[4] = { + (1 << 24), 0, (1 << 24), 0}; + +static inline uint128_t add128(uint128_t a, uint128_t b) { return a + b; } + +static inline uint128_t add128_64(uint128_t a, uint64_t b) { return a + b; } + +static inline uint128_t mul64x64_128(uint64_t a, uint64_t b) { + return (uint128_t)a * b; +} + +static inline uint64_t lo128(uint128_t a) { return (uint64_t)a; } + +static inline uint64_t shr128(uint128_t v, const int shift) { + return (uint64_t)(v >> shift); +} + +static inline uint64_t shr128_pair(uint64_t hi, uint64_t lo, const int shift) { + return (uint64_t)((((uint128_t)hi << 64) | lo) >> shift); +} + +typedef struct poly1305_power_t { + union { + xmmi v; + uint64_t u[2]; + uint32_t d[4]; + } R20, R21, R22, R23, R24, S21, S22, S23, S24; +} poly1305_power; + +typedef struct poly1305_state_internal_t { + poly1305_power P[2]; /* 288 bytes, top 32 bit halves unused = 144 + bytes of free storage */ + union { + xmmi H[5]; // 80 bytes + uint64_t HH[10]; + }; + // uint64_t r0,r1,r2; [24 bytes] + // uint64_t pad0,pad1; [16 bytes] + uint64_t started; // 8 bytes + uint64_t leftover; // 8 bytes + uint8_t buffer[64]; // 64 bytes +} poly1305_state_internal; /* 448 bytes total + 63 bytes for + alignment = 511 bytes raw */ + +OPENSSL_STATIC_ASSERT(sizeof(poly1305_state_internal) <= sizeof(poly1305_state), + "poly1305_state isn't large enough to hold aligned poly1305_state_internal"); + +static inline poly1305_state_internal *poly1305_aligned_state( + poly1305_state *state) { + dev_assert_secret(((uintptr_t)state & 63) == 0); + return (poly1305_state_internal *)(((uint64_t)state + 63) & ~63); +} + +static inline size_t poly1305_min(size_t a, size_t b) { + return (a < b) ? a : b; +} + +void GFp_poly1305_init(poly1305_state *state, const uint8_t key[32]) { + poly1305_state_internal *st = poly1305_aligned_state(state); + poly1305_power *p; + uint64_t r0, r1, r2; + uint64_t t0, t1; + + // clamp key + t0 = load_u64_le(key + 0); + t1 = load_u64_le(key + 8); + r0 = t0 & 0xffc0fffffff; + t0 >>= 44; + t0 |= t1 << 20; + r1 = t0 & 0xfffffc0ffff; + t1 >>= 24; + r2 = t1 & 0x00ffffffc0f; + + // store r in un-used space of st->P[1] + p = &st->P[1]; + p->R20.d[1] = (uint32_t)(r0); + p->R20.d[3] = (uint32_t)(r0 >> 32); + p->R21.d[1] = (uint32_t)(r1); + p->R21.d[3] = (uint32_t)(r1 >> 32); + p->R22.d[1] = (uint32_t)(r2); + p->R22.d[3] = (uint32_t)(r2 >> 32); + + // store pad + p->R23.d[1] = load_u32_le(key + 16); + p->R23.d[3] = load_u32_le(key + 20); + p->R24.d[1] = load_u32_le(key + 24); + p->R24.d[3] = load_u32_le(key + 28); + + // H = 0 + st->H[0] = _mm_setzero_si128(); + st->H[1] = _mm_setzero_si128(); + st->H[2] = _mm_setzero_si128(); + st->H[3] = _mm_setzero_si128(); + st->H[4] = _mm_setzero_si128(); + + st->started = 0; + st->leftover = 0; +} + +static void poly1305_first_block(poly1305_state_internal *st, + const uint8_t *m) { + const xmmi MMASK = _mm_load_si128((const xmmi *)poly1305_x64_sse2_message_mask); + const xmmi FIVE = _mm_load_si128((const xmmi *)poly1305_x64_sse2_5); + const xmmi HIBIT = _mm_load_si128((const xmmi *)poly1305_x64_sse2_1shl128); + xmmi T5, T6; + poly1305_power *p; + uint128_t d[3]; + uint64_t r0, r1, r2; + uint64_t r20, r21, r22, s22; + uint64_t pad0, pad1; + uint64_t c; + uint64_t i; + + // pull out stored info + p = &st->P[1]; + + r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1]; + r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1]; + r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1]; + pad0 = ((uint64_t)p->R23.d[3] << 32) | (uint64_t)p->R23.d[1]; + pad1 = ((uint64_t)p->R24.d[3] << 32) | (uint64_t)p->R24.d[1]; + + // compute powers r^2,r^4 + r20 = r0; + r21 = r1; + r22 = r2; + for (i = 0; i < 2; i++) { + s22 = r22 * (5 << 2); + + d[0] = add128(mul64x64_128(r20, r20), mul64x64_128(r21 * 2, s22)); + d[1] = add128(mul64x64_128(r22, s22), mul64x64_128(r20 * 2, r21)); + d[2] = add128(mul64x64_128(r21, r21), mul64x64_128(r22 * 2, r20)); + + r20 = lo128(d[0]) & 0xfffffffffff; + c = shr128(d[0], 44); + d[1] = add128_64(d[1], c); + r21 = lo128(d[1]) & 0xfffffffffff; + c = shr128(d[1], 44); + d[2] = add128_64(d[2], c); + r22 = lo128(d[2]) & 0x3ffffffffff; + c = shr128(d[2], 42); + r20 += c * 5; + c = (r20 >> 44); + r20 = r20 & 0xfffffffffff; + r21 += c; + + p->R20.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)(r20)&0x3ffffff), + _MM_SHUFFLE(1, 0, 1, 0)); + p->R21.v = _mm_shuffle_epi32( + _mm_cvtsi32_si128((uint32_t)((r20 >> 26) | (r21 << 18)) & 0x3ffffff), + _MM_SHUFFLE(1, 0, 1, 0)); + p->R22.v = + _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r21 >> 8)) & 0x3ffffff), + _MM_SHUFFLE(1, 0, 1, 0)); + p->R23.v = _mm_shuffle_epi32( + _mm_cvtsi32_si128((uint32_t)((r21 >> 34) | (r22 << 10)) & 0x3ffffff), + _MM_SHUFFLE(1, 0, 1, 0)); + p->R24.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r22 >> 16))), + _MM_SHUFFLE(1, 0, 1, 0)); + p->S21.v = _mm_mul_epu32(p->R21.v, FIVE); + p->S22.v = _mm_mul_epu32(p->R22.v, FIVE); + p->S23.v = _mm_mul_epu32(p->R23.v, FIVE); + p->S24.v = _mm_mul_epu32(p->R24.v, FIVE); + p--; + } + + // put saved info back + p = &st->P[1]; + p->R20.d[1] = (uint32_t)(r0); + p->R20.d[3] = (uint32_t)(r0 >> 32); + p->R21.d[1] = (uint32_t)(r1); + p->R21.d[3] = (uint32_t)(r1 >> 32); + p->R22.d[1] = (uint32_t)(r2); + p->R22.d[3] = (uint32_t)(r2 >> 32); + p->R23.d[1] = (uint32_t)(pad0); + p->R23.d[3] = (uint32_t)(pad0 >> 32); + p->R24.d[1] = (uint32_t)(pad1); + p->R24.d[3] = (uint32_t)(pad1 >> 32); + + // H = [Mx,My] + T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((const xmmi *)(m + 0)), + _mm_loadl_epi64((const xmmi *)(m + 16))); + T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((const xmmi *)(m + 8)), + _mm_loadl_epi64((const xmmi *)(m + 24))); + st->H[0] = _mm_and_si128(MMASK, T5); + st->H[1] = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); + st->H[2] = _mm_and_si128(MMASK, T5); + st->H[3] = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + st->H[4] = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); +} + +static void poly1305_blocks(poly1305_state_internal *st, const uint8_t *m, + size_t bytes) { + const xmmi MMASK = _mm_load_si128((const xmmi *)poly1305_x64_sse2_message_mask); + const xmmi FIVE = _mm_load_si128((const xmmi *)poly1305_x64_sse2_5); + const xmmi HIBIT = _mm_load_si128((const xmmi *)poly1305_x64_sse2_1shl128); + + poly1305_power *p; + xmmi H0, H1, H2, H3, H4; + xmmi T0, T1, T2, T3, T4, T5, T6; + xmmi M0, M1, M2, M3, M4; + xmmi C1, C2; + + H0 = st->H[0]; + H1 = st->H[1]; + H2 = st->H[2]; + H3 = st->H[3]; + H4 = st->H[4]; + + while (bytes >= 64) { + // H *= [r^4,r^4] + p = &st->P[0]; + T0 = _mm_mul_epu32(H0, p->R20.v); + T1 = _mm_mul_epu32(H0, p->R21.v); + T2 = _mm_mul_epu32(H0, p->R22.v); + T3 = _mm_mul_epu32(H0, p->R23.v); + T4 = _mm_mul_epu32(H0, p->R24.v); + T5 = _mm_mul_epu32(H1, p->S24.v); + T6 = _mm_mul_epu32(H1, p->R20.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H2, p->S23.v); + T6 = _mm_mul_epu32(H2, p->S24.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H3, p->S22.v); + T6 = _mm_mul_epu32(H3, p->S23.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H4, p->S21.v); + T6 = _mm_mul_epu32(H4, p->S22.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H1, p->R21.v); + T6 = _mm_mul_epu32(H1, p->R22.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H2, p->R20.v); + T6 = _mm_mul_epu32(H2, p->R21.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H3, p->S24.v); + T6 = _mm_mul_epu32(H3, p->R20.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H4, p->S23.v); + T6 = _mm_mul_epu32(H4, p->S24.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H1, p->R23.v); + T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H2, p->R22.v); + T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H3, p->R21.v); + T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H4, p->R20.v); + T4 = _mm_add_epi64(T4, T5); + + // H += [Mx,My]*[r^2,r^2] + T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((const xmmi *)(m + 0)), + _mm_loadl_epi64((const xmmi *)(m + 16))); + T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((const xmmi *)(m + 8)), + _mm_loadl_epi64((const xmmi *)(m + 24))); + M0 = _mm_and_si128(MMASK, T5); + M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); + M2 = _mm_and_si128(MMASK, T5); + M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); + + p = &st->P[1]; + T5 = _mm_mul_epu32(M0, p->R20.v); + T6 = _mm_mul_epu32(M0, p->R21.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(M1, p->S24.v); + T6 = _mm_mul_epu32(M1, p->R20.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(M2, p->S23.v); + T6 = _mm_mul_epu32(M2, p->S24.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(M3, p->S22.v); + T6 = _mm_mul_epu32(M3, p->S23.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(M4, p->S21.v); + T6 = _mm_mul_epu32(M4, p->S22.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(M0, p->R22.v); + T6 = _mm_mul_epu32(M0, p->R23.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(M1, p->R21.v); + T6 = _mm_mul_epu32(M1, p->R22.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(M2, p->R20.v); + T6 = _mm_mul_epu32(M2, p->R21.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(M3, p->S24.v); + T6 = _mm_mul_epu32(M3, p->R20.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(M4, p->S23.v); + T6 = _mm_mul_epu32(M4, p->S24.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(M0, p->R24.v); + T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(M1, p->R23.v); + T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(M2, p->R22.v); + T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(M3, p->R21.v); + T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(M4, p->R20.v); + T4 = _mm_add_epi64(T4, T5); + + // H += [Mx,My] + T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((const xmmi *)(m + 32)), + _mm_loadl_epi64((const xmmi *)(m + 48))); + T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((const xmmi *)(m + 40)), + _mm_loadl_epi64((const xmmi *)(m + 56))); + M0 = _mm_and_si128(MMASK, T5); + M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); + M2 = _mm_and_si128(MMASK, T5); + M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); + + T0 = _mm_add_epi64(T0, M0); + T1 = _mm_add_epi64(T1, M1); + T2 = _mm_add_epi64(T2, M2); + T3 = _mm_add_epi64(T3, M3); + T4 = _mm_add_epi64(T4, M4); + + // reduce + C1 = _mm_srli_epi64(T0, 26); + C2 = _mm_srli_epi64(T3, 26); + T0 = _mm_and_si128(T0, MMASK); + T3 = _mm_and_si128(T3, MMASK); + T1 = _mm_add_epi64(T1, C1); + T4 = _mm_add_epi64(T4, C2); + C1 = _mm_srli_epi64(T1, 26); + C2 = _mm_srli_epi64(T4, 26); + T1 = _mm_and_si128(T1, MMASK); + T4 = _mm_and_si128(T4, MMASK); + T2 = _mm_add_epi64(T2, C1); + T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE)); + C1 = _mm_srli_epi64(T2, 26); + C2 = _mm_srli_epi64(T0, 26); + T2 = _mm_and_si128(T2, MMASK); + T0 = _mm_and_si128(T0, MMASK); + T3 = _mm_add_epi64(T3, C1); + T1 = _mm_add_epi64(T1, C2); + C1 = _mm_srli_epi64(T3, 26); + T3 = _mm_and_si128(T3, MMASK); + T4 = _mm_add_epi64(T4, C1); + + // H = (H*[r^4,r^4] + [Mx,My]*[r^2,r^2] + [Mx,My]) + H0 = T0; + H1 = T1; + H2 = T2; + H3 = T3; + H4 = T4; + + m += 64; + bytes -= 64; + } + + st->H[0] = H0; + st->H[1] = H1; + st->H[2] = H2; + st->H[3] = H3; + st->H[4] = H4; +} + +static size_t poly1305_combine(poly1305_state_internal *st, const uint8_t *m, + size_t bytes) { + const xmmi MMASK = _mm_load_si128((const xmmi *)poly1305_x64_sse2_message_mask); + const xmmi HIBIT = _mm_load_si128((const xmmi *)poly1305_x64_sse2_1shl128); + const xmmi FIVE = _mm_load_si128((const xmmi *)poly1305_x64_sse2_5); + + poly1305_power *p; + xmmi H0, H1, H2, H3, H4; + xmmi M0, M1, M2, M3, M4; + xmmi T0, T1, T2, T3, T4, T5, T6; + xmmi C1, C2; + + uint64_t r0, r1, r2; + uint64_t t0, t1, t2, t3, t4; + uint64_t c; + size_t consumed = 0; + + H0 = st->H[0]; + H1 = st->H[1]; + H2 = st->H[2]; + H3 = st->H[3]; + H4 = st->H[4]; + + // p = [r^2,r^2] + p = &st->P[1]; + + if (bytes >= 32) { + // H *= [r^2,r^2] + T0 = _mm_mul_epu32(H0, p->R20.v); + T1 = _mm_mul_epu32(H0, p->R21.v); + T2 = _mm_mul_epu32(H0, p->R22.v); + T3 = _mm_mul_epu32(H0, p->R23.v); + T4 = _mm_mul_epu32(H0, p->R24.v); + T5 = _mm_mul_epu32(H1, p->S24.v); + T6 = _mm_mul_epu32(H1, p->R20.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H2, p->S23.v); + T6 = _mm_mul_epu32(H2, p->S24.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H3, p->S22.v); + T6 = _mm_mul_epu32(H3, p->S23.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H4, p->S21.v); + T6 = _mm_mul_epu32(H4, p->S22.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H1, p->R21.v); + T6 = _mm_mul_epu32(H1, p->R22.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H2, p->R20.v); + T6 = _mm_mul_epu32(H2, p->R21.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H3, p->S24.v); + T6 = _mm_mul_epu32(H3, p->R20.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H4, p->S23.v); + T6 = _mm_mul_epu32(H4, p->S24.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H1, p->R23.v); + T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H2, p->R22.v); + T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H3, p->R21.v); + T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H4, p->R20.v); + T4 = _mm_add_epi64(T4, T5); + + // H += [Mx,My] + T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((const xmmi *)(m + 0)), + _mm_loadl_epi64((const xmmi *)(m + 16))); + T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((const xmmi *)(m + 8)), + _mm_loadl_epi64((const xmmi *)(m + 24))); + M0 = _mm_and_si128(MMASK, T5); + M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); + M2 = _mm_and_si128(MMASK, T5); + M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); + + T0 = _mm_add_epi64(T0, M0); + T1 = _mm_add_epi64(T1, M1); + T2 = _mm_add_epi64(T2, M2); + T3 = _mm_add_epi64(T3, M3); + T4 = _mm_add_epi64(T4, M4); + + // reduce + C1 = _mm_srli_epi64(T0, 26); + C2 = _mm_srli_epi64(T3, 26); + T0 = _mm_and_si128(T0, MMASK); + T3 = _mm_and_si128(T3, MMASK); + T1 = _mm_add_epi64(T1, C1); + T4 = _mm_add_epi64(T4, C2); + C1 = _mm_srli_epi64(T1, 26); + C2 = _mm_srli_epi64(T4, 26); + T1 = _mm_and_si128(T1, MMASK); + T4 = _mm_and_si128(T4, MMASK); + T2 = _mm_add_epi64(T2, C1); + T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE)); + C1 = _mm_srli_epi64(T2, 26); + C2 = _mm_srli_epi64(T0, 26); + T2 = _mm_and_si128(T2, MMASK); + T0 = _mm_and_si128(T0, MMASK); + T3 = _mm_add_epi64(T3, C1); + T1 = _mm_add_epi64(T1, C2); + C1 = _mm_srli_epi64(T3, 26); + T3 = _mm_and_si128(T3, MMASK); + T4 = _mm_add_epi64(T4, C1); + + // H = (H*[r^2,r^2] + [Mx,My]) + H0 = T0; + H1 = T1; + H2 = T2; + H3 = T3; + H4 = T4; + + consumed = 32; + } + + // finalize, H *= [r^2,r] + r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1]; + r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1]; + r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1]; + + p->R20.d[2] = (uint32_t)(r0)&0x3ffffff; + p->R21.d[2] = (uint32_t)((r0 >> 26) | (r1 << 18)) & 0x3ffffff; + p->R22.d[2] = (uint32_t)((r1 >> 8)) & 0x3ffffff; + p->R23.d[2] = (uint32_t)((r1 >> 34) | (r2 << 10)) & 0x3ffffff; + p->R24.d[2] = (uint32_t)((r2 >> 16)); + p->S21.d[2] = p->R21.d[2] * 5; + p->S22.d[2] = p->R22.d[2] * 5; + p->S23.d[2] = p->R23.d[2] * 5; + p->S24.d[2] = p->R24.d[2] * 5; + + // H *= [r^2,r] + T0 = _mm_mul_epu32(H0, p->R20.v); + T1 = _mm_mul_epu32(H0, p->R21.v); + T2 = _mm_mul_epu32(H0, p->R22.v); + T3 = _mm_mul_epu32(H0, p->R23.v); + T4 = _mm_mul_epu32(H0, p->R24.v); + T5 = _mm_mul_epu32(H1, p->S24.v); + T6 = _mm_mul_epu32(H1, p->R20.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H2, p->S23.v); + T6 = _mm_mul_epu32(H2, p->S24.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H3, p->S22.v); + T6 = _mm_mul_epu32(H3, p->S23.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H4, p->S21.v); + T6 = _mm_mul_epu32(H4, p->S22.v); + T0 = _mm_add_epi64(T0, T5); + T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H1, p->R21.v); + T6 = _mm_mul_epu32(H1, p->R22.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H2, p->R20.v); + T6 = _mm_mul_epu32(H2, p->R21.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H3, p->S24.v); + T6 = _mm_mul_epu32(H3, p->R20.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H4, p->S23.v); + T6 = _mm_mul_epu32(H4, p->S24.v); + T2 = _mm_add_epi64(T2, T5); + T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H1, p->R23.v); + T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H2, p->R22.v); + T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H3, p->R21.v); + T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H4, p->R20.v); + T4 = _mm_add_epi64(T4, T5); + + C1 = _mm_srli_epi64(T0, 26); + C2 = _mm_srli_epi64(T3, 26); + T0 = _mm_and_si128(T0, MMASK); + T3 = _mm_and_si128(T3, MMASK); + T1 = _mm_add_epi64(T1, C1); + T4 = _mm_add_epi64(T4, C2); + C1 = _mm_srli_epi64(T1, 26); + C2 = _mm_srli_epi64(T4, 26); + T1 = _mm_and_si128(T1, MMASK); + T4 = _mm_and_si128(T4, MMASK); + T2 = _mm_add_epi64(T2, C1); + T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE)); + C1 = _mm_srli_epi64(T2, 26); + C2 = _mm_srli_epi64(T0, 26); + T2 = _mm_and_si128(T2, MMASK); + T0 = _mm_and_si128(T0, MMASK); + T3 = _mm_add_epi64(T3, C1); + T1 = _mm_add_epi64(T1, C2); + C1 = _mm_srli_epi64(T3, 26); + T3 = _mm_and_si128(T3, MMASK); + T4 = _mm_add_epi64(T4, C1); + + // H = H[0]+H[1] + H0 = _mm_add_epi64(T0, _mm_srli_si128(T0, 8)); + H1 = _mm_add_epi64(T1, _mm_srli_si128(T1, 8)); + H2 = _mm_add_epi64(T2, _mm_srli_si128(T2, 8)); + H3 = _mm_add_epi64(T3, _mm_srli_si128(T3, 8)); + H4 = _mm_add_epi64(T4, _mm_srli_si128(T4, 8)); + + t0 = _mm_cvtsi128_si32(H0); + c = (t0 >> 26); + t0 &= 0x3ffffff; + t1 = _mm_cvtsi128_si32(H1) + c; + c = (t1 >> 26); + t1 &= 0x3ffffff; + t2 = _mm_cvtsi128_si32(H2) + c; + c = (t2 >> 26); + t2 &= 0x3ffffff; + t3 = _mm_cvtsi128_si32(H3) + c; + c = (t3 >> 26); + t3 &= 0x3ffffff; + t4 = _mm_cvtsi128_si32(H4) + c; + c = (t4 >> 26); + t4 &= 0x3ffffff; + t0 = t0 + (c * 5); + c = (t0 >> 26); + t0 &= 0x3ffffff; + t1 = t1 + c; + + st->HH[0] = ((t0) | (t1 << 26)) & UINT64_C(0xfffffffffff); + st->HH[1] = ((t1 >> 18) | (t2 << 8) | (t3 << 34)) & UINT64_C(0xfffffffffff); + st->HH[2] = ((t3 >> 10) | (t4 << 16)) & UINT64_C(0x3ffffffffff); + + return consumed; +} + +void GFp_poly1305_update(poly1305_state *state, const uint8_t *m, + size_t bytes) { + poly1305_state_internal *st = poly1305_aligned_state(state); + size_t want; + + // Work around a C language bug. See https://crbug.com/1019588. + if (bytes == 0) { + return; + } + + // need at least 32 initial bytes to start the accelerated branch + if (!st->started) { + if ((st->leftover == 0) && (bytes > 32)) { + poly1305_first_block(st, m); + m += 32; + bytes -= 32; + } else { + want = poly1305_min(32 - st->leftover, bytes); + GFp_memcpy(st->buffer + st->leftover, m, want); + bytes -= want; + m += want; + st->leftover += want; + if ((st->leftover < 32) || (bytes == 0)) { + return; + } + poly1305_first_block(st, st->buffer); + st->leftover = 0; + } + st->started = 1; + } + + // handle leftover + if (st->leftover) { + want = poly1305_min(64 - st->leftover, bytes); + GFp_memcpy(st->buffer + st->leftover, m, want); + bytes -= want; + m += want; + st->leftover += want; + if (st->leftover < 64) { + return; + } + poly1305_blocks(st, st->buffer, 64); + st->leftover = 0; + } + + // process 64 byte blocks + if (bytes >= 64) { + want = (bytes & ~63); + poly1305_blocks(st, m, want); + m += want; + bytes -= want; + } + + if (bytes) { + GFp_memcpy(st->buffer + st->leftover, m, bytes); + st->leftover += bytes; + } +} + +void GFp_poly1305_finish(poly1305_state *state, uint8_t mac[16]) { + poly1305_state_internal *st = poly1305_aligned_state(state); + size_t leftover = st->leftover; + uint8_t *m = st->buffer; + uint128_t d[3]; + uint64_t h0, h1, h2; + uint64_t t0, t1; + uint64_t g0, g1, g2, c, nc; + uint64_t r0, r1, r2, s1, s2; + poly1305_power *p; + + if (st->started) { + size_t consumed = poly1305_combine(st, m, leftover); + leftover -= consumed; + m += consumed; + } + + // st->HH will either be 0 or have the combined result + h0 = st->HH[0]; + h1 = st->HH[1]; + h2 = st->HH[2]; + + p = &st->P[1]; + r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1]; + r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1]; + r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1]; + s1 = r1 * (5 << 2); + s2 = r2 * (5 << 2); + + if (leftover < 16) { + goto poly1305_donna_atmost15bytes; + } + +poly1305_donna_atleast16bytes: + t0 = load_u64_le(m + 0); + t1 = load_u64_le(m + 8); + h0 += t0 & 0xfffffffffff; + t0 = shr128_pair(t1, t0, 44); + h1 += t0 & 0xfffffffffff; + h2 += (t1 >> 24) | ((uint64_t)1 << 40); + +poly1305_donna_mul: + d[0] = add128(add128(mul64x64_128(h0, r0), mul64x64_128(h1, s2)), + mul64x64_128(h2, s1)); + d[1] = add128(add128(mul64x64_128(h0, r1), mul64x64_128(h1, r0)), + mul64x64_128(h2, s2)); + d[2] = add128(add128(mul64x64_128(h0, r2), mul64x64_128(h1, r1)), + mul64x64_128(h2, r0)); + h0 = lo128(d[0]) & 0xfffffffffff; + c = shr128(d[0], 44); + d[1] = add128_64(d[1], c); + h1 = lo128(d[1]) & 0xfffffffffff; + c = shr128(d[1], 44); + d[2] = add128_64(d[2], c); + h2 = lo128(d[2]) & 0x3ffffffffff; + c = shr128(d[2], 42); + h0 += c * 5; + + m += 16; + leftover -= 16; + if (leftover >= 16) { + goto poly1305_donna_atleast16bytes; + } + +// final bytes +poly1305_donna_atmost15bytes: + if (!leftover) { + goto poly1305_donna_finish; + } + + m[leftover++] = 1; + GFp_memset(m + leftover, 0, 16 - leftover); + leftover = 16; + + t0 = load_u64_le(m + 0); + t1 = load_u64_le(m + 8); + h0 += t0 & 0xfffffffffff; + t0 = shr128_pair(t1, t0, 44); + h1 += t0 & 0xfffffffffff; + h2 += (t1 >> 24); + + goto poly1305_donna_mul; + +poly1305_donna_finish: + c = (h0 >> 44); + h0 &= 0xfffffffffff; + h1 += c; + c = (h1 >> 44); + h1 &= 0xfffffffffff; + h2 += c; + c = (h2 >> 42); + h2 &= 0x3ffffffffff; + h0 += c * 5; + + g0 = h0 + 5; + c = (g0 >> 44); + g0 &= 0xfffffffffff; + g1 = h1 + c; + c = (g1 >> 44); + g1 &= 0xfffffffffff; + g2 = h2 + c - ((uint64_t)1 << 42); + + c = (g2 >> 63) - 1; + nc = ~c; + h0 = (h0 & nc) | (g0 & c); + h1 = (h1 & nc) | (g1 & c); + h2 = (h2 & nc) | (g2 & c); + + // pad + t0 = ((uint64_t)p->R23.d[3] << 32) | (uint64_t)p->R23.d[1]; + t1 = ((uint64_t)p->R24.d[3] << 32) | (uint64_t)p->R24.d[1]; + h0 += (t0 & 0xfffffffffff); + c = (h0 >> 44); + h0 &= 0xfffffffffff; + t0 = shr128_pair(t1, t0, 44); + h1 += (t0 & 0xfffffffffff) + c; + c = (h1 >> 44); + h1 &= 0xfffffffffff; + t1 = (t1 >> 24); + h2 += (t1)+c; + + store_u64_le(mac + 0, ((h0) | (h1 << 44))); + store_u64_le(mac + 8, ((h1 >> 20) | (h2 << 24))); +} + +#endif // BORINGSSL_HAS_UINT128 && OPENSSL_X86_64 diff --git a/include/GFp/poly1305.h b/include/GFp/poly1305.h new file mode 100644 index 0000000000..53c4036c86 --- /dev/null +++ b/include/GFp/poly1305.h @@ -0,0 +1,23 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_POLY1305_H +#define OPENSSL_HEADER_POLY1305_H + +#include + +// Keep in sync with `poly1305_state` in poly1305.rs. +typedef uint8_t poly1305_state[512]; + +#endif // OPENSSL_HEADER_POLY1305_H diff --git a/src/aead/chacha20_poly1305.rs b/src/aead/chacha20_poly1305.rs index 26d3315b27..1890648449 100644 --- a/src/aead/chacha20_poly1305.rs +++ b/src/aead/chacha20_poly1305.rs @@ -80,7 +80,7 @@ fn aead( Aad(aad): Aad<&[u8]>, in_out: &mut [u8], direction: Direction, - _todo: cpu::Features, + cpu_features: cpu::Features, ) -> Tag { let chacha20_key = match key { aead::KeyInner::ChaCha20Poly1305(key) => key, @@ -89,7 +89,7 @@ fn aead( let mut counter = Counter::zero(nonce); let mut ctx = { - let key = derive_poly1305_key(chacha20_key, counter.increment()); + let key = derive_poly1305_key(chacha20_key, counter.increment(), cpu_features); poly1305::Context::from_key(key) }; @@ -108,12 +108,12 @@ fn aead( } }; - ctx.update_block( + ctx.update( Block::from_u64_le( LittleEndian::from(polyfill::u64_from_usize(aad.len())), LittleEndian::from(polyfill::u64_from_usize(in_out_len)), - ), - poly1305::Pad::Pad, + ) + .as_ref(), ); ctx.finish() } @@ -123,20 +123,24 @@ fn poly1305_update_padded_16(ctx: &mut poly1305::Context, input: &[u8]) { let remainder_len = input.len() % BLOCK_LEN; let whole_len = input.len() - remainder_len; if whole_len > 0 { - ctx.update_blocks(&input[..whole_len]); + ctx.update(&input[..whole_len]); } if remainder_len > 0 { let mut block = Block::zero(); block.overwrite_part_at(0, &input[whole_len..]); - ctx.update_block(block, poly1305::Pad::Pad) + ctx.update(block.as_ref()) } } // Also used by chacha20_poly1305_openssh. -pub(super) fn derive_poly1305_key(chacha_key: &chacha::Key, iv: Iv) -> poly1305::Key { +pub(super) fn derive_poly1305_key( + chacha_key: &chacha::Key, + iv: Iv, + cpu_features: cpu::Features, +) -> poly1305::Key { let mut key_bytes = [0u8; 2 * BLOCK_LEN]; chacha_key.encrypt_iv_xor_blocks_in_place(iv, &mut key_bytes); - poly1305::Key::from(key_bytes) + poly1305::Key::new(key_bytes, cpu_features) } #[cfg(test)] diff --git a/src/aead/chacha20_poly1305_openssh.rs b/src/aead/chacha20_poly1305_openssh.rs index 656ca3bf4d..cb6f6913e4 100644 --- a/src/aead/chacha20_poly1305_openssh.rs +++ b/src/aead/chacha20_poly1305_openssh.rs @@ -32,7 +32,7 @@ use super::{ chacha::{self, *}, chacha20_poly1305::derive_poly1305_key, - poly1305, Nonce, Tag, + cpu, poly1305, Nonce, Tag, }; use crate::{constant_time, endian::*, error}; use core::convert::TryInto; @@ -46,7 +46,7 @@ impl SealingKey { /// Constructs a new `SealingKey`. pub fn new(key_material: &[u8; KEY_LEN]) -> SealingKey { SealingKey { - key: Key::new(key_material), + key: Key::new(key_material, cpu::features()), } } @@ -64,7 +64,8 @@ impl SealingKey { tag_out: &mut [u8; TAG_LEN], ) { let mut counter = make_counter(sequence_number); - let poly_key = derive_poly1305_key(&self.key.k_2, counter.increment()); + let poly_key = + derive_poly1305_key(&self.key.k_2, counter.increment(), self.key.cpu_features); { let (len_in_out, data_and_padding_in_out) = @@ -92,7 +93,7 @@ impl OpeningKey { /// Constructs a new `OpeningKey`. pub fn new(key_material: &[u8; KEY_LEN]) -> OpeningKey { OpeningKey { - key: Key::new(key_material), + key: Key::new(key_material, cpu::features()), } } @@ -131,7 +132,8 @@ impl OpeningKey { // We must verify the tag before decrypting so that // `ciphertext_in_plaintext_out` is unmodified if verification fails. // This is beyond what we guarantee. - let poly_key = derive_poly1305_key(&self.key.k_2, counter.increment()); + let poly_key = + derive_poly1305_key(&self.key.k_2, counter.increment(), self.key.cpu_features); verify(poly_key, ciphertext_in_plaintext_out, tag)?; let plaintext_in_ciphertext_out = &mut ciphertext_in_plaintext_out[PACKET_LENGTH_LEN..]; @@ -146,10 +148,11 @@ impl OpeningKey { struct Key { k_1: chacha::Key, k_2: chacha::Key, + cpu_features: cpu::Features, } impl Key { - fn new(key_material: &[u8; KEY_LEN]) -> Key { + fn new(key_material: &[u8; KEY_LEN], cpu_features: cpu::Features) -> Key { // The first half becomes K_2 and the second half becomes K_1. let (k_2, k_1) = key_material.split_at(chacha::KEY_LEN); let k_1: [u8; chacha::KEY_LEN] = k_1.try_into().unwrap(); @@ -157,6 +160,7 @@ impl Key { Key { k_1: chacha::Key::from(k_1), k_2: chacha::Key::from(k_2), + cpu_features, } } } diff --git a/src/aead/poly1305.rs b/src/aead/poly1305.rs index 1d62749fea..a87f709a4d 100644 --- a/src/aead/poly1305.rs +++ b/src/aead/poly1305.rs @@ -15,156 +15,105 @@ // TODO: enforce maximum input length. -use super::{ - block::{Block, BLOCK_LEN}, - Tag, TAG_LEN, -}; -use crate::{bssl, c, error}; -use core::convert::TryInto; +use super::{block::BLOCK_LEN, Tag, TAG_LEN}; +use crate::{c, cpu}; /// A Poly1305 key. -pub struct Key([u8; KEY_LEN]); +pub(super) struct Key { + key_and_nonce: [u8; KEY_LEN], + cpu_features: cpu::Features, +} const KEY_LEN: usize = 2 * BLOCK_LEN; -impl From<[u8; KEY_LEN]> for Key { +impl Key { #[inline] - fn from(value: [u8; KEY_LEN]) -> Self { - Self(value) + pub(super) fn new(key_and_nonce: [u8; KEY_LEN], cpu_features: cpu::Features) -> Self { + Self { + key_and_nonce, + cpu_features, + } } } pub struct Context { - opaque: Opaque, - nonce: Nonce, - func: Funcs, + state: poly1305_state, + #[allow(dead_code)] + cpu_features: cpu::Features, } -/// The memory manipulated by the assembly. -#[repr(C, align(8))] -struct Opaque([u8; OPAQUE_LEN]); -const OPAQUE_LEN: usize = 192; +// Keep in sync with `poly1305_state` in GFp/poly1305.h. +// +// The C code, in particular the way the `poly1305_aligned_state` functions +// are used, is only correct when the state buffer is 64-byte aligned. +#[repr(C, align(64))] +struct poly1305_state([u8; OPAQUE_LEN]); +const OPAQUE_LEN: usize = 512; + +// Abstracts the dispatching logic that chooses the NEON implementation if and +// only if it would work. +macro_rules! dispatch { + ( $features:expr => + ( $f:ident | $neon_f:ident ) + ( $( $p:ident : $t:ty ),+ ) + ( $( $a:expr ),+ ) ) => { + match () { + // Apple's 32-bit ARM ABI is incompatible with the assembly code. + #[cfg(all(target_arch = "arm", not(target_vendor = "apple")))] + () if cpu::arm::NEON.available($features) => { + extern "C" { + fn $neon_f( $( $p : $t ),+ ); + } + unsafe { $neon_f( $( $a ),+ ) } + } + () => { + extern "C" { + fn $f( $( $p : $t ),+ ); + } + unsafe { $f( $( $a ),+ ) } + } + } + } +} impl Context { #[inline] - pub fn from_key(Key(key_and_nonce): Key) -> Self { - extern "C" { - fn GFp_poly1305_blocks( - state: &mut Opaque, - input: *const u8, - len: c::size_t, - should_pad: Pad, - ); - fn GFp_poly1305_emit(state: &mut Opaque, tag: &mut Tag, nonce: &Nonce); - } - - let (key, nonce) = key_and_nonce.split_at(BLOCK_LEN); - let key: [u8; BLOCK_LEN] = key.try_into().unwrap(); - let nonce: [u8; BLOCK_LEN] = nonce.try_into().unwrap(); - - let key = DerivedKey(key); - let nonce = Nonce(nonce); - + pub(super) fn from_key( + Key { + key_and_nonce, + cpu_features, + }: Key, + ) -> Self { let mut ctx = Self { - opaque: Opaque([0u8; OPAQUE_LEN]), - nonce, - func: Funcs { - blocks_fn: GFp_poly1305_blocks, - emit_fn: GFp_poly1305_emit, - }, + state: poly1305_state([0u8; OPAQUE_LEN]), + cpu_features, }; - // On some platforms `init()` doesn't initialize `funcs`. The - // return value of `init()` indicates whether it did or not. Since - // we already gave `func` a default value above, we can ignore the - // return value assuming `init()` doesn't change `func` if it chose - // not to initialize it. Note that this is different than what - // BoringSSL does. - let _ = init(&mut ctx.opaque, key, &mut ctx.func); + dispatch!( + cpu_features => + (GFp_poly1305_init | GFp_poly1305_init_neon) + (statep: &mut poly1305_state, key: &[u8; KEY_LEN]) + (&mut ctx.state, &key_and_nonce)); ctx } - pub fn update_block(&mut self, block: Block, pad: Pad) { - self.func.blocks(&mut self.opaque, block.as_ref(), pad); - } - - pub fn update_blocks(&mut self, input: &[u8]) { - debug_assert_eq!(input.len() % BLOCK_LEN, 0); - self.func.blocks(&mut self.opaque, input, Pad::Pad); + #[inline(always)] + pub fn update(&mut self, input: &[u8]) { + dispatch!( + self.cpu_features => + (GFp_poly1305_update | GFp_poly1305_update_neon) + (statep: &mut poly1305_state, input: *const u8, in_len: c::size_t) + (&mut self.state, input.as_ptr(), input.len())); } pub(super) fn finish(mut self) -> Tag { - self.func.emit(&mut self.opaque, &self.nonce) - } -} - -#[cfg(test)] -pub fn check_state_layout() { - #[allow(clippy::if_same_then_else)] - let required_state_size = if cfg!(target_arch = "x86") { - // See comment above `_poly1305_init_sse2` in poly1305-x86.pl. - Some(4 * (5 + 1 + 4 + 2 + 4 * 9)) - } else if cfg!(target_arch = "x86_64") { - // See comment above `__poly1305_block` in poly1305-x86_64.pl. - Some(4 * (5 + 1 + 2 * 2 + 2 + 4 * 9)) - } else { - // TODO(davidben): Figure out the layout of the struct. For now, - // `OPAQUE_LEN` is taken from OpenSSL. - None - }; - - if let Some(required_state_size) = required_state_size { - assert!(core::mem::size_of::() >= required_state_size); - } -} - -#[repr(C)] -struct DerivedKey([u8; BLOCK_LEN]); - -/// This is *not* an "AEAD nonce"; it's a Poly1305-specific nonce. -#[repr(C)] -struct Nonce([u8; BLOCK_LEN]); - -#[repr(C)] -struct Funcs { - blocks_fn: - unsafe extern "C" fn(&mut Opaque, input: *const u8, input_len: c::size_t, should_pad: Pad), - emit_fn: unsafe extern "C" fn(&mut Opaque, &mut Tag, nonce: &Nonce), -} - -#[inline] -fn init(state: &mut Opaque, key: DerivedKey, func: &mut Funcs) -> Result<(), error::Unspecified> { - extern "C" { - fn GFp_poly1305_init_asm( - state: &mut Opaque, - key: &DerivedKey, - out_func: &mut Funcs, - ) -> bssl::Result; - } - Result::from(unsafe { GFp_poly1305_init_asm(state, &key, func) }) -} - -#[repr(u32)] -pub enum Pad { - AlreadyPadded = 0, - Pad = 1, -} - -impl Funcs { - #[inline] - fn blocks(&self, state: &mut Opaque, data: &[u8], should_pad: Pad) { - unsafe { - (self.blocks_fn)(state, data.as_ptr(), data.len(), should_pad); - } - } - - #[inline] - fn emit(&self, state: &mut Opaque, nonce: &Nonce) -> Tag { let mut tag = Tag([0u8; TAG_LEN]); - unsafe { - (self.emit_fn)(state, &mut tag, nonce); - } + dispatch!( + self.cpu_features => + (GFp_poly1305_finish | GFp_poly1305_finish_neon) + (statep: &mut poly1305_state, mac: &mut [u8; TAG_LEN]) + (&mut self.state, &mut tag.0)); tag } } @@ -175,16 +124,7 @@ impl Funcs { /// poly1305 test vectors. pub(super) fn sign(key: Key, input: &[u8]) -> Tag { let mut ctx = Context::from_key(key); - let remainder_len = input.len() % BLOCK_LEN; - let full_blocks_len = input.len() - remainder_len; - let (full_blocks, remainder) = input.split_at(full_blocks_len); - ctx.update_blocks(full_blocks); - if remainder_len > 0 { - let mut bytes = [0; BLOCK_LEN]; - bytes[..remainder_len].copy_from_slice(remainder); - bytes[remainder_len] = 1; - ctx.update_block(Block::from(&bytes), Pad::AlreadyPadded); - } + ctx.update(input); ctx.finish() } @@ -194,21 +134,17 @@ mod tests { use crate::test; use core::convert::TryInto; - #[test] - pub fn test_state_layout() { - check_state_layout(); - } - // Adapted from BoringSSL's crypto/poly1305/poly1305_test.cc. #[test] pub fn test_poly1305() { + let cpu_features = cpu::features(); test::run(test_file!("poly1305_test.txt"), |section, test_case| { assert_eq!(section, ""); let key = test_case.consume_bytes("Key"); let key: &[u8; BLOCK_LEN * 2] = key.as_slice().try_into().unwrap(); let input = test_case.consume_bytes("Input"); let expected_mac = test_case.consume_bytes("MAC"); - let key = Key::from(*key); + let key = Key::new(*key, cpu_features); let Tag(actual_mac) = sign(key, &input); assert_eq!(expected_mac, actual_mac.as_ref()); From 4a0e2ffe42590d3ad6a34d66e0a3ab3d07f0c267 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 17 Nov 2020 08:42:18 -0800 Subject: [PATCH 272/399] Poly1305: Use `size_t` consistently. --- crypto/poly1305/internal.h | 25 +++++++++++++++++++++++++ crypto/poly1305/poly1305.c | 13 ++++++------- crypto/poly1305/poly1305_arm.c | 20 +++++++++----------- 3 files changed, 40 insertions(+), 18 deletions(-) create mode 100644 crypto/poly1305/internal.h diff --git a/crypto/poly1305/internal.h b/crypto/poly1305/internal.h new file mode 100644 index 0000000000..98e7a482d1 --- /dev/null +++ b/crypto/poly1305/internal.h @@ -0,0 +1,25 @@ +/* Copyright (c) 2016, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_POLY1305_INTERNAL_H +#define OPENSSL_HEADER_POLY1305_INTERNAL_H + +#include +#include + +#if defined(OPENSSL_ARM) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_APPLE) +#define OPENSSL_POLY1305_NEON +#endif + +#endif // OPENSSL_HEADER_POLY1305_INTERNAL_H diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c index 145a53b887..66620580ae 100644 --- a/crypto/poly1305/poly1305.c +++ b/crypto/poly1305/poly1305.c @@ -47,7 +47,7 @@ struct poly1305_state_st { uint32_t s1, s2, s3, s4; uint32_t h0, h1, h2, h3, h4; uint8_t buf[16]; - unsigned int buf_used; + size_t buf_used; uint8_t key[16]; }; @@ -198,15 +198,14 @@ void GFp_poly1305_init(poly1305_state *statep, const uint8_t key[32]) { void GFp_poly1305_update(poly1305_state *statep, const uint8_t *in, size_t in_len) { - unsigned int i; struct poly1305_state_st *state = poly1305_aligned_state(statep); if (state->buf_used) { - unsigned todo = 16 - state->buf_used; + size_t todo = 16 - state->buf_used; if (todo > in_len) { - todo = (unsigned)in_len; + todo = in_len; } - for (i = 0; i < todo; i++) { + for (size_t i = 0; i < todo; i++) { state->buf[state->buf_used + i] = in[i]; } state->buf_used += todo; @@ -227,10 +226,10 @@ void GFp_poly1305_update(poly1305_state *statep, const uint8_t *in, } if (in_len) { - for (i = 0; i < in_len; i++) { + for (size_t i = 0; i < in_len; i++) { state->buf[i] = in[i]; } - state->buf_used = (unsigned)in_len; + state->buf_used = in_len; } } diff --git a/crypto/poly1305/poly1305_arm.c b/crypto/poly1305/poly1305_arm.c index 8f093b3332..3b00a9f2f3 100644 --- a/crypto/poly1305/poly1305_arm.c +++ b/crypto/poly1305/poly1305_arm.c @@ -37,7 +37,7 @@ extern void addmulmod(fe1305x2 *r, const fe1305x2 *x, const fe1305x2 *y, const fe1305x2 *c); extern int blocks(fe1305x2 *h, const fe1305x2 *precomp, const uint8_t *in, - unsigned int inlen); + size_t inlen); static void freeze(fe1305x2 *r) { int i; @@ -137,7 +137,7 @@ static void fe1305x2_tobytearray(uint8_t r[16], fe1305x2 *x) { } static void fe1305x2_frombytearray(fe1305x2 *r, const uint8_t *x, size_t xlen) { - unsigned i; + size_t i; uint8_t t[17]; for (i = 0; (i < 16) && (i < xlen); i++) { @@ -180,7 +180,7 @@ static const alignas(16) fe1305x2 zero; struct poly1305_state_st { uint8_t data[sizeof(fe1305x2[5]) + 128]; uint8_t buf[32]; - unsigned int buf_used; + size_t buf_used; uint8_t key[16]; }; @@ -193,7 +193,6 @@ void GFp_poly1305_init_neon(poly1305_state *state, const uint8_t key[32]) { fe1305x2 *const h = r + 1; fe1305x2 *const c = h + 1; fe1305x2 *const precomp = c + 1; - unsigned int j; r->v[1] = r->v[0] = 0x3ffffff & load32(key); r->v[3] = r->v[2] = 0x3ffff03 & (load32(key + 3) >> 2); @@ -201,7 +200,7 @@ void GFp_poly1305_init_neon(poly1305_state *state, const uint8_t key[32]) { r->v[7] = r->v[6] = 0x3f03fff & (load32(key + 9) >> 6); r->v[9] = r->v[8] = 0x00fffff & (load32(key + 12) >> 8); - for (j = 0; j < 10; j++) { + for (size_t j = 0; j < 10; j++) { h->v[j] = 0; // XXX: should fast-forward a bit } @@ -219,14 +218,13 @@ void GFp_poly1305_update_neon(poly1305_state *state, const uint8_t *in, fe1305x2 *const h = r + 1; fe1305x2 *const c = h + 1; fe1305x2 *const precomp = c + 1; - unsigned int i; if (st->buf_used) { - unsigned int todo = 32 - st->buf_used; + size_t todo = 32 - st->buf_used; if (todo > in_len) { todo = in_len; } - for (i = 0; i < todo; i++) { + for (size_t i = 0; i < todo; i++) { st->buf[st->buf_used + i] = in[i]; } st->buf_used += todo; @@ -236,7 +234,7 @@ void GFp_poly1305_update_neon(poly1305_state *state, const uint8_t *in, if (st->buf_used == sizeof(st->buf) && in_len) { addmulmod(h, h, precomp, &zero); fe1305x2_frombytearray(c, st->buf, sizeof(st->buf)); - for (i = 0; i < 10; i++) { + for (size_t i = 0; i < 10; i++) { h->v[i] += c->v[i]; } st->buf_used = 0; @@ -244,7 +242,7 @@ void GFp_poly1305_update_neon(poly1305_state *state, const uint8_t *in, } while (in_len > 32) { - unsigned int tlen = 1048576; + size_t tlen = 1048576; if (in_len < tlen) { tlen = in_len; } @@ -254,7 +252,7 @@ void GFp_poly1305_update_neon(poly1305_state *state, const uint8_t *in, } if (in_len) { - for (i = 0; i < in_len; i++) { + for (size_t i = 0; i < in_len; i++) { st->buf[i] = in[i]; } st->buf_used = in_len; From 7b55015dc9c0897bfebc843ad5d3ca1756b0987f Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 4 Aug 2020 09:44:12 -0700 Subject: [PATCH 273/399] Fix alignment of ChaCha20 keys. --- src/aead/chacha.rs | 6 +++--- src/endian.rs | 31 ++++++++++++++++++++++++++----- 2 files changed, 29 insertions(+), 8 deletions(-) diff --git a/src/aead/chacha.rs b/src/aead/chacha.rs index cb43fb00e3..5e015083b1 100644 --- a/src/aead/chacha.rs +++ b/src/aead/chacha.rs @@ -16,13 +16,13 @@ use super::{counter, iv::Iv, quic::Sample, BLOCK_LEN}; use crate::{c, endian::*}; -#[repr(C)] -pub struct Key([u8; KEY_LEN]); +#[repr(transparent)] +pub struct Key([LittleEndian; KEY_LEN / 4]); impl From<[u8; KEY_LEN]> for Key { #[inline] fn from(value: [u8; KEY_LEN]) -> Self { - Self(value) + Self(FromByteArray::from_byte_array(&value)) } } diff --git a/src/endian.rs b/src/endian.rs index 01f75db2f6..962397c561 100644 --- a/src/endian.rs +++ b/src/endian.rs @@ -24,6 +24,12 @@ pub trait ArrayEncoding { fn as_byte_array(&self) -> &T; } +/// Work around the inability to implement `from` for arrays of `Encoding`s +/// due to the coherence rules. +pub trait FromByteArray { + fn from_byte_array(a: &T) -> Self; +} + macro_rules! define_endian { ($endian:ident) => { #[repr(transparent)] @@ -49,7 +55,19 @@ macro_rules! define_endian { }; } -macro_rules! impl_as_ref { +macro_rules! impl_from_byte_array { + ($endian:ident, $base:ident, $elems:expr) => { + impl FromByteArray<[u8; $elems * core::mem::size_of::<$base>()]> + for [$endian<$base>; $elems] + { + fn from_byte_array(a: &[u8; $elems * core::mem::size_of::<$base>()]) -> Self { + unsafe { core::mem::transmute_copy(a) } + } + } + }; +} + +macro_rules! impl_array_encoding { ($endian:ident, $base:ident, $elems:expr) => { impl ArrayEncoding<[u8; $elems * core::mem::size_of::<$base>()]> for [$endian<$base>; $elems] @@ -58,6 +76,8 @@ macro_rules! impl_as_ref { as_byte_slice(self).try_into().unwrap() } } + + impl_from_byte_array!($endian, $base, $elems); }; } @@ -102,10 +122,11 @@ macro_rules! impl_endian { } } - impl_as_ref!($endian, $base, 1); - impl_as_ref!($endian, $base, 2); - impl_as_ref!($endian, $base, 3); - impl_as_ref!($endian, $base, 4); + impl_array_encoding!($endian, $base, 1); + impl_array_encoding!($endian, $base, 2); + impl_array_encoding!($endian, $base, 3); + impl_array_encoding!($endian, $base, 4); + impl_from_byte_array!($endian, $base, 8); }; } From b16bd3313466850ca10b01cf5abd33ada2a8afb1 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 9 Nov 2020 19:17:22 -0500 Subject: [PATCH 274/399] Document some defaults for the EVP RSA interface. Change-Id: I443949e82dc182cb0e827bb0dfe6fd1098832840 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43984 Reviewed-by: Adam Langley --- include/openssl/evp.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/include/openssl/evp.h b/include/openssl/evp.h index da114d4f6a..071079268a 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -716,7 +716,8 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, // RSA specific control functions. // EVP_PKEY_CTX_set_rsa_padding sets the padding type to use. It should be one -// of the |RSA_*_PADDING| values. Returns one on success or zero on error. +// of the |RSA_*_PADDING| values. Returns one on success or zero on error. By +// default, the padding is |RSA_PKCS1_PADDING|. OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int padding); // EVP_PKEY_CTX_get_rsa_padding sets |*out_padding| to the current padding @@ -734,6 +735,8 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, // If unsure, use -1. // // Returns one on success or zero on error. +// +// TODO(davidben): The default is currently -2. Switch it to -1. OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int salt_len); @@ -758,7 +761,10 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *e); // EVP_PKEY_CTX_set_rsa_oaep_md sets |md| as the digest used in OAEP padding. -// Returns one on success or zero on error. +// Returns one on success or zero on error. If unset, the default is SHA-1. +// Callers are recommended to overwrite this default. +// +// TODO(davidben): Remove the default and require callers specify this. OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); @@ -769,6 +775,10 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, // EVP_PKEY_CTX_set_rsa_mgf1_md sets |md| as the digest used in MGF1. Returns // one on success or zero on error. +// +// If unset, the default is the signing hash for |RSA_PKCS1_PSS_PADDING| and the +// OAEP hash for |RSA_PKCS1_OAEP_PADDING|. Callers are recommended to use this +// default and not call this function. OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); From 2361677677f91f4f8aa029f6e479121e420638cd Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 10 Nov 2020 22:26:23 -0500 Subject: [PATCH 275/399] Document the basic ASN1_STRING functions. This still needs some overall documentation describing ASN1_STRING's relationship to all the other types, but start with the easy bits. Change-Id: I968d4b1b3d57a9b543b3db489d14cf0789e30eb3 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44049 Reviewed-by: Adam Langley --- crypto/asn1/asn1_lib.c | 24 +++++++++--------- include/openssl/asn1.h | 55 ++++++++++++++++++++++++++++++++++++------ 2 files changed, 59 insertions(+), 20 deletions(-) diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 06fd9d7fc2..db8afac09f 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -397,12 +397,12 @@ ASN1_STRING *ASN1_STRING_type_new(int type) return (ret); } -void ASN1_STRING_free(ASN1_STRING *a) +void ASN1_STRING_free(ASN1_STRING *str) { - if (a == NULL) + if (str == NULL) return; - OPENSSL_free(a->data); - OPENSSL_free(a); + OPENSSL_free(str->data); + OPENSSL_free(str); } int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) @@ -420,22 +420,22 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) return (i); } -int ASN1_STRING_length(const ASN1_STRING *x) +int ASN1_STRING_length(const ASN1_STRING *str) { - return x->length; + return str->length; } -int ASN1_STRING_type(const ASN1_STRING *x) +int ASN1_STRING_type(const ASN1_STRING *str) { - return x->type; + return str->type; } -unsigned char *ASN1_STRING_data(ASN1_STRING *x) +unsigned char *ASN1_STRING_data(ASN1_STRING *str) { - return x->data; + return str->data; } -const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *str) { - return x->data; + return str->data; } diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index c2eddf885f..3c37096894 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -543,20 +543,59 @@ DECLARE_ASN1_ITEM(ASN1_OBJECT) DECLARE_ASN1_SET_OF(ASN1_OBJECT) +// ASN1_STRING_new returns a newly-allocated empty |ASN1_STRING| object with an +// arbitrary type. Prefer one of the type-specific constructors, such as +// |ASN1_OCTET_STRING_new|. OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_new(void); -OPENSSL_EXPORT void ASN1_STRING_free(ASN1_STRING *a); + +// ASN1_STRING_free releases memory associated with |str|. +OPENSSL_EXPORT void ASN1_STRING_free(ASN1_STRING *str); + +// ASN1_STRING_copy sets |dst| to a copy of |str|. It returns one on success and +// zero on error. OPENSSL_EXPORT int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); -OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); + +// ASN1_STRING_dup returns a newly-allocated copy of |str|, or NULL on error. +OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str); + +// ASN1_STRING_type_new returns a newly-allocated empty |ASN1_STRING| object of +// type |type|, or NULL on error. OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_type_new(int type); + +// ASN1_STRING_cmp compares |a| and |b|'s type and contents. It returns an +// integer equal to, less than, or greater than zero if |a| is equal to, less +// than, or greater than |b|, respectively. The comparison is suitable for +// sorting, but callers should not rely on the particular comparison. +// +// Note if |a| or |b| are BIT STRINGs, this function does not compare the +// |ASN1_STRING_FLAG_BITS_LEFT| flags. +// +// TODO(davidben): The BIT STRING comparison seems like a bug. Fix it? OPENSSL_EXPORT int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); -/* Since this is used to store all sorts of things, via macros, for now, make - its data void * */ + +// ASN1_STRING_set sets the contents of |str| to a copy of |len| bytes from +// |data|. It returns one on success and zero on error. OPENSSL_EXPORT int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); + +// ASN1_STRING_set0 sets the contents of |str| to |len| bytes from |data|. It +// takes ownership of |data|, which must have been allocated with +// |OPENSSL_malloc|. OPENSSL_EXPORT void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); -OPENSSL_EXPORT int ASN1_STRING_length(const ASN1_STRING *x); -OPENSSL_EXPORT int ASN1_STRING_type(const ASN1_STRING *x); -OPENSSL_EXPORT unsigned char *ASN1_STRING_data(ASN1_STRING *x); -OPENSSL_EXPORT const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); + +// ASN1_STRING_length returns the length of |str|, in bytes. +OPENSSL_EXPORT int ASN1_STRING_length(const ASN1_STRING *str); + +// ASN1_STRING_type returns the type of |str|. This value will be one of the +// |V_ASN1_*| constants. +OPENSSL_EXPORT int ASN1_STRING_type(const ASN1_STRING *str); + +// ASN1_STRING_data returns a mutable pointer to |str|'s contents. Prefer +// |ASN1_STRING_get0_data|. +OPENSSL_EXPORT unsigned char *ASN1_STRING_data(ASN1_STRING *str); + +// ASN1_STRING_get0_data returns a pointer to |str|'s contents. +OPENSSL_EXPORT const unsigned char *ASN1_STRING_get0_data( + const ASN1_STRING *str); DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) OPENSSL_EXPORT int i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *a, From 43f375699f01873f0804836380a9db4ea31647ae Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 10 Nov 2020 22:30:44 -0500 Subject: [PATCH 276/399] Remove some unnecessary pointer casts. Change-Id: I855e5c3811832eaddac4307fc40ca5bdeca15a98 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44050 Reviewed-by: Adam Langley --- crypto/asn1/a_type.c | 3 +-- crypto/x509/x_crl.c | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index cf5da204f6..f320e498b2 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -145,8 +145,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) case V_ASN1_UTF8STRING: case V_ASN1_OTHER: default: - result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr, - (ASN1_STRING *)b->value.ptr); + result = ASN1_STRING_cmp(a->value.asn1_string, b->value.asn1_string); break; } diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c index b1c485aa09..3b9f137ac2 100644 --- a/crypto/x509/x_crl.c +++ b/crypto/x509/x_crl.c @@ -393,8 +393,7 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) static int X509_REVOKED_cmp(const X509_REVOKED **a, const X509_REVOKED **b) { - return (ASN1_STRING_cmp((ASN1_STRING *)(*a)->serialNumber, - (ASN1_STRING *)(*b)->serialNumber)); + return ASN1_STRING_cmp((*a)->serialNumber, (*b)->serialNumber); } int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) From 354e1e998dac943b413a88c6ac6e11cc2a2c33b4 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 4 Sep 2020 19:01:50 -0400 Subject: [PATCH 277/399] Add APIs for checking ASN.1 INTEGERs. We have several implementations of this internally, so consolidate them. Chromium also has a copy in net/der/parse_values.cc which could call into this. (I'm also hoping we can make c2i_ASN1_INTEGER call this and further tighten up crypto/asn1's parser, but I see Chromium still has an allow_invalid_serial_numbers option, so perhaps not quite yet.) Update-Note: This CL does not change behavior, but I'm leaving a note to myself to make net/der/parse_values.cc call the new functions. Change-Id: If2aae6574ba6a30e343e1308da6af543616156ec Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44051 Reviewed-by: Adam Langley --- crypto/bn_extra/bn_asn1.c | 13 +--- crypto/bytestring/bytestring_test.cc | 92 +++++++++++++++++++--------- crypto/bytestring/cbs.c | 61 +++++++++--------- crypto/ec_extra/ec_asn1.c | 19 +----- crypto/x509/x509_v3.c | 2 +- include/openssl/bytestring.h | 17 ++++- 6 files changed, 112 insertions(+), 92 deletions(-) diff --git a/crypto/bn_extra/bn_asn1.c b/crypto/bn_extra/bn_asn1.c index 0d96573a31..a8333d419b 100644 --- a/crypto/bn_extra/bn_asn1.c +++ b/crypto/bn_extra/bn_asn1.c @@ -20,25 +20,18 @@ int BN_parse_asn1_unsigned(CBS *cbs, BIGNUM *ret) { CBS child; + int is_negative; if (!CBS_get_asn1(cbs, &child, CBS_ASN1_INTEGER) || - CBS_len(&child) == 0) { + !CBS_is_valid_asn1_integer(&child, &is_negative)) { OPENSSL_PUT_ERROR(BN, BN_R_BAD_ENCODING); return 0; } - if (CBS_data(&child)[0] & 0x80) { + if (is_negative) { OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER); return 0; } - // INTEGERs must be minimal. - if (CBS_data(&child)[0] == 0x00 && - CBS_len(&child) > 1 && - !(CBS_data(&child)[1] & 0x80)) { - OPENSSL_PUT_ERROR(BN, BN_R_BAD_ENCODING); - return 0; - } - return BN_bin2bn(CBS_data(&child), CBS_len(&child), ret) != NULL; } diff --git a/crypto/bytestring/bytestring_test.cc b/crypto/bytestring/bytestring_test.cc index 93593e96d5..6445842335 100644 --- a/crypto/bytestring/bytestring_test.cc +++ b/crypto/bytestring/bytestring_test.cc @@ -720,50 +720,65 @@ static const ASN1Uint64Test kASN1Uint64Tests[] = { struct ASN1InvalidUint64Test { const char *encoding; size_t encoding_len; + bool overflow; }; static const ASN1InvalidUint64Test kASN1InvalidUint64Tests[] = { // Bad tag. - {"\x03\x01\x00", 3}, + {"\x03\x01\x00", 3, false}, // Empty contents. - {"\x02\x00", 2}, + {"\x02\x00", 2, false}, // Negative number. - {"\x02\x01\x80", 3}, + {"\x02\x01\x80", 3, false}, // Overflow. - {"\x02\x09\x01\x00\x00\x00\x00\x00\x00\x00\x00", 11}, + {"\x02\x09\x01\x00\x00\x00\x00\x00\x00\x00\x00", 11, true}, // Leading zeros. - {"\x02\x02\x00\x01", 4}, + {"\x02\x02\x00\x01", 4, false}, }; TEST(CBSTest, ASN1Uint64) { - for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kASN1Uint64Tests); i++) { - SCOPED_TRACE(i); - const ASN1Uint64Test *test = &kASN1Uint64Tests[i]; + for (const ASN1Uint64Test &test : kASN1Uint64Tests) { + SCOPED_TRACE(Bytes(test.encoding, test.encoding_len)); + SCOPED_TRACE(test.value); CBS cbs; uint64_t value; uint8_t *out; size_t len; - CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len); + CBS_init(&cbs, (const uint8_t *)test.encoding, test.encoding_len); ASSERT_TRUE(CBS_get_asn1_uint64(&cbs, &value)); EXPECT_EQ(0u, CBS_len(&cbs)); - EXPECT_EQ(test->value, value); + EXPECT_EQ(test.value, value); + + CBS child; + int is_negative; + CBS_init(&cbs, (const uint8_t *)test.encoding, test.encoding_len); + ASSERT_TRUE(CBS_get_asn1(&cbs, &child, CBS_ASN1_INTEGER)); + EXPECT_TRUE(CBS_is_valid_asn1_integer(&child, &is_negative)); + EXPECT_EQ(0, is_negative); + EXPECT_TRUE(CBS_is_unsigned_asn1_integer(&child)); bssl::ScopedCBB cbb; ASSERT_TRUE(CBB_init(cbb.get(), 0)); - ASSERT_TRUE(CBB_add_asn1_uint64(cbb.get(), test->value)); + ASSERT_TRUE(CBB_add_asn1_uint64(cbb.get(), test.value)); ASSERT_TRUE(CBB_finish(cbb.get(), &out, &len)); bssl::UniquePtr scoper(out); - EXPECT_EQ(Bytes(test->encoding, test->encoding_len), Bytes(out, len)); + EXPECT_EQ(Bytes(test.encoding, test.encoding_len), Bytes(out, len)); } - for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kASN1InvalidUint64Tests); i++) { - const ASN1InvalidUint64Test *test = &kASN1InvalidUint64Tests[i]; + for (const ASN1InvalidUint64Test &test : kASN1InvalidUint64Tests) { + SCOPED_TRACE(Bytes(test.encoding, test.encoding_len)); CBS cbs; uint64_t value; - CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len); + CBS_init(&cbs, (const uint8_t *)test.encoding, test.encoding_len); EXPECT_FALSE(CBS_get_asn1_uint64(&cbs, &value)); + + CBS_init(&cbs, (const uint8_t *)test.encoding, test.encoding_len); + CBS child; + if (CBS_get_asn1(&cbs, &child, CBS_ASN1_INTEGER)) { + EXPECT_EQ(test.overflow, !!CBS_is_unsigned_asn1_integer(&child)); + } } } @@ -793,50 +808,67 @@ static const ASN1Int64Test kASN1Int64Tests[] = { struct ASN1InvalidInt64Test { const char *encoding; size_t encoding_len; + bool overflow; }; static const ASN1InvalidInt64Test kASN1InvalidInt64Tests[] = { // Bad tag. - {"\x03\x01\x00", 3}, + {"\x03\x01\x00", 3, false}, // Empty contents. - {"\x02\x00", 2}, + {"\x02\x00", 2, false}, // Overflow. - {"\x02\x09\x01\x00\x00\x00\x00\x00\x00\x00\x00", 11}, + {"\x02\x09\x01\x00\x00\x00\x00\x00\x00\x00\x00", 11, true}, + // Underflow. + {"\x02\x09\x08\xff\xff\xff\xff\xff\xff\xff\xff", 11, true}, // Leading zeros. - {"\x02\x02\x00\x01", 4}, + {"\x02\x02\x00\x01", 4, false}, // Leading 0xff. - {"\x02\x02\xff\xff", 4}, + {"\x02\x02\xff\xff", 4, false}, }; TEST(CBSTest, ASN1Int64) { - for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kASN1Int64Tests); i++) { - SCOPED_TRACE(i); - const ASN1Int64Test *test = &kASN1Int64Tests[i]; + for (const ASN1Int64Test &test : kASN1Int64Tests) { + SCOPED_TRACE(Bytes(test.encoding, test.encoding_len)); + SCOPED_TRACE(test.value); CBS cbs; int64_t value; uint8_t *out; size_t len; - CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len); + CBS_init(&cbs, (const uint8_t *)test.encoding, test.encoding_len); ASSERT_TRUE(CBS_get_asn1_int64(&cbs, &value)); EXPECT_EQ(0u, CBS_len(&cbs)); - EXPECT_EQ(test->value, value); + EXPECT_EQ(test.value, value); + + CBS child; + int is_negative; + CBS_init(&cbs, (const uint8_t *)test.encoding, test.encoding_len); + ASSERT_TRUE(CBS_get_asn1(&cbs, &child, CBS_ASN1_INTEGER)); + EXPECT_TRUE(CBS_is_valid_asn1_integer(&child, &is_negative)); + EXPECT_EQ(test.value < 0, !!is_negative); + EXPECT_EQ(test.value >= 0, !!CBS_is_unsigned_asn1_integer(&child)); bssl::ScopedCBB cbb; ASSERT_TRUE(CBB_init(cbb.get(), 0)); - ASSERT_TRUE(CBB_add_asn1_int64(cbb.get(), test->value)); + ASSERT_TRUE(CBB_add_asn1_int64(cbb.get(), test.value)); ASSERT_TRUE(CBB_finish(cbb.get(), &out, &len)); bssl::UniquePtr scoper(out); - EXPECT_EQ(Bytes(test->encoding, test->encoding_len), Bytes(out, len)); + EXPECT_EQ(Bytes(test.encoding, test.encoding_len), Bytes(out, len)); } - for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kASN1InvalidInt64Tests); i++) { - const ASN1InvalidInt64Test *test = &kASN1InvalidInt64Tests[i]; + for (const ASN1InvalidInt64Test &test : kASN1InvalidInt64Tests) { + SCOPED_TRACE(Bytes(test.encoding, test.encoding_len)); CBS cbs; int64_t value; - CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len); + CBS_init(&cbs, (const uint8_t *)test.encoding, test.encoding_len); EXPECT_FALSE(CBS_get_asn1_int64(&cbs, &value)); + + CBS_init(&cbs, (const uint8_t *)test.encoding, test.encoding_len); + CBS child; + if (CBS_get_asn1(&cbs, &child, CBS_ASN1_INTEGER)) { + EXPECT_EQ(test.overflow, !!CBS_is_valid_asn1_integer(&child, NULL)); + } } } diff --git a/crypto/bytestring/cbs.c b/crypto/bytestring/cbs.c index 49d700366f..d7b2af7972 100644 --- a/crypto/bytestring/cbs.c +++ b/crypto/bytestring/cbs.c @@ -426,29 +426,14 @@ int CBS_peek_asn1_tag(const CBS *cbs, unsigned tag_value) { int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) { CBS bytes; - if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER)) { + if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER) || + !CBS_is_unsigned_asn1_integer(&bytes)) { return 0; } *out = 0; const uint8_t *data = CBS_data(&bytes); size_t len = CBS_len(&bytes); - - if (len == 0) { - // An INTEGER is encoded with at least one octet. - return 0; - } - - if ((data[0] & 0x80) != 0) { - // Negative number. - return 0; - } - - if (data[0] == 0 && len > 1 && (data[1] & 0x80) == 0) { - // Extra leading zeros. - return 0; - } - for (size_t i = 0; i < len; i++) { if ((*out >> 56) != 0) { // Too large to represent as a uint64_t. @@ -462,31 +447,21 @@ int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) { } int CBS_get_asn1_int64(CBS *cbs, int64_t *out) { + int is_negative; CBS bytes; - if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER)) { + if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER) || + !CBS_is_valid_asn1_integer(&bytes, &is_negative)) { return 0; } const uint8_t *data = CBS_data(&bytes); const size_t len = CBS_len(&bytes); - - if (len == 0 || len > sizeof(int64_t)) { - // An INTEGER is encoded with at least one octet. + if (len > sizeof(int64_t)) { return 0; } - if (len > 1) { - if (data[0] == 0 && (data[1] & 0x80) == 0) { - return 0; // Extra leading zeros. - } - if (data[0] == 0xff && (data[1] & 0x80) != 0) { - return 0; // Extra leading 0xff. - } - } - union { int64_t i; uint8_t bytes[sizeof(int64_t)]; } u; - const int is_negative = (data[0] & 0x80); memset(u.bytes, is_negative ? 0xff : 0, sizeof(u.bytes)); // Sign-extend. for (size_t i = 0; i < len; i++) { u.bytes[i] = data[len - i - 1]; @@ -635,6 +610,30 @@ int CBS_asn1_bitstring_has_bit(const CBS *cbs, unsigned bit) { (CBS_data(cbs)[byte_num] & (1 << bit_num)) != 0; } +int CBS_is_valid_asn1_integer(const CBS *cbs, int *out_is_negative) { + CBS copy = *cbs; + uint8_t first_byte, second_byte; + if (!CBS_get_u8(©, &first_byte)) { + return 0; // INTEGERs may not be empty. + } + if (out_is_negative != NULL) { + *out_is_negative = (first_byte & 0x80) != 0; + } + if (!CBS_get_u8(©, &second_byte)) { + return 1; // One byte INTEGERs are always minimal. + } + if ((first_byte == 0x00 && (second_byte & 0x80) == 0) || + (first_byte == 0xff && (second_byte & 0x80) != 0)) { + return 0; // The value is minimal iff the first 9 bits are not all equal. + } + return 1; +} + +int CBS_is_unsigned_asn1_integer(const CBS *cbs) { + int is_negative; + return CBS_is_valid_asn1_integer(cbs, &is_negative) && !is_negative; +} + static int add_decimal(CBB *out, uint64_t v) { char buf[DECIMAL_SIZE(uint64_t) + 1]; BIO_snprintf(buf, sizeof(buf), "%" PRIu64, v); diff --git a/crypto/ec_extra/ec_asn1.c b/crypto/ec_extra/ec_asn1.c index 9769d014e4..56cbbed160 100644 --- a/crypto/ec_extra/ec_asn1.c +++ b/crypto/ec_extra/ec_asn1.c @@ -241,21 +241,6 @@ int EC_KEY_marshal_private_key(CBB *cbb, const EC_KEY *key, return 1; } -// is_unsigned_integer returns one if |cbs| is a valid unsigned DER INTEGER and -// zero otherwise. -static int is_unsigned_integer(const CBS *cbs) { - if (CBS_len(cbs) == 0) { - return 0; - } - uint8_t byte = CBS_data(cbs)[0]; - if ((byte & 0x80) || - (byte == 0 && CBS_len(cbs) > 1 && (CBS_data(cbs)[1] & 0x80) == 0)) { - // Negative or not minimally-encoded. - return 0; - } - return 1; -} - // kPrimeFieldOID is the encoding of 1.2.840.10045.1.1. static const uint8_t kPrimeField[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01}; @@ -276,7 +261,7 @@ static int parse_explicit_prime_curve(CBS *in, CBS *out_prime, CBS *out_a, OPENSSL_memcmp(CBS_data(&field_type), kPrimeField, sizeof(kPrimeField)) != 0 || !CBS_get_asn1(&field_id, out_prime, CBS_ASN1_INTEGER) || - !is_unsigned_integer(out_prime) || + !CBS_is_unsigned_asn1_integer(out_prime) || CBS_len(&field_id) != 0 || !CBS_get_asn1(¶ms, &curve, CBS_ASN1_SEQUENCE) || !CBS_get_asn1(&curve, out_a, CBS_ASN1_OCTETSTRING) || @@ -286,7 +271,7 @@ static int parse_explicit_prime_curve(CBS *in, CBS *out_prime, CBS *out_a, CBS_len(&curve) != 0 || !CBS_get_asn1(¶ms, &base, CBS_ASN1_OCTETSTRING) || !CBS_get_asn1(¶ms, out_order, CBS_ASN1_INTEGER) || - !is_unsigned_integer(out_order) || + !CBS_is_unsigned_asn1_integer(out_order) || !CBS_get_optional_asn1(¶ms, &cofactor, &has_cofactor, CBS_ASN1_INTEGER) || CBS_len(¶ms) != 0) { diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index 7cfd6e9352..91bf024ca3 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -248,7 +248,7 @@ int X509_EXTENSION_set_data(X509_EXTENSION *ex, const ASN1_OCTET_STRING *data) if (ex == NULL) return (0); - i = M_ASN1_OCTET_STRING_set(ex->value, data->data, data->length); + i = ASN1_OCTET_STRING_set(ex->value, data->data, data->length); if (!i) return (0); return (1); diff --git a/include/openssl/bytestring.h b/include/openssl/bytestring.h index 1f9c87908e..a4c4724d64 100644 --- a/include/openssl/bytestring.h +++ b/include/openssl/bytestring.h @@ -310,14 +310,25 @@ OPENSSL_EXPORT int CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned tag, int default_value); // CBS_is_valid_asn1_bitstring returns one if |cbs| is a valid ASN.1 BIT STRING -// and zero otherwise. +// body and zero otherwise. OPENSSL_EXPORT int CBS_is_valid_asn1_bitstring(const CBS *cbs); // CBS_asn1_bitstring_has_bit returns one if |cbs| is a valid ASN.1 BIT STRING -// and the specified bit is present and set. Otherwise, it returns zero. |bit| -// is indexed starting from zero. +// body and the specified bit is present and set. Otherwise, it returns zero. +// |bit| is indexed starting from zero. OPENSSL_EXPORT int CBS_asn1_bitstring_has_bit(const CBS *cbs, unsigned bit); +// CBS_is_valid_asn1_integer returns one if |cbs| is a valid ASN.1 INTEGER, +// body and zero otherwise. On success, if |out_is_negative| is non-NULL, +// |*out_is_negative| will be set to one if |cbs| is negative and zero +// otherwise. +OPENSSL_EXPORT int CBS_is_valid_asn1_integer(const CBS *cbs, + int *out_is_negative); + +// CBS_is_unsigned_asn1_integer returns one if |cbs| is a valid non-negative +// ASN.1 INTEGER body and zero otherwise. +OPENSSL_EXPORT int CBS_is_unsigned_asn1_integer(const CBS *cbs); + // CBS_asn1_oid_to_text interprets |cbs| as DER-encoded ASN.1 OBJECT IDENTIFIER // contents (not including the element framing) and returns the ASCII // representation (e.g., "1.2.840.113554.4.1.72585") in a newly-allocated From 53bbb1803640d51b25036fa5406d8a9f8252f618 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 11 Nov 2020 15:22:29 -0500 Subject: [PATCH 278/399] Const-correct and document more X509 functions. Change-Id: I89f9ee74cf7ba8080d29e8637cd94fbd587dee34 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44052 Reviewed-by: Adam Langley --- crypto/x509/x509cset.c | 29 +++++++++++++++-------------- include/openssl/x509.h | 23 +++++++++++++++++------ 2 files changed, 32 insertions(+), 20 deletions(-) diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index f207a25c69..cc27acbd7d 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -189,45 +189,46 @@ int X509_CRL_get_signature_nid(const X509_CRL *crl) return OBJ_obj2nid(crl->sig_alg->algorithm); } -const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x) +const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *revoked) { - return x->revocationDate; + return revoked->revocationDate; } -int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) +int X509_REVOKED_set_revocationDate(X509_REVOKED *revoked, const ASN1_TIME *tm) { ASN1_TIME *in; - if (x == NULL) + if (revoked == NULL) return (0); - in = x->revocationDate; + in = revoked->revocationDate; if (in != tm) { in = ASN1_STRING_dup(tm); if (in != NULL) { - ASN1_TIME_free(x->revocationDate); - x->revocationDate = in; + ASN1_TIME_free(revoked->revocationDate); + revoked->revocationDate = in; } } return (in != NULL); } -const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x) +const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *revoked) { - return x->serialNumber; + return revoked->serialNumber; } -int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) +int X509_REVOKED_set_serialNumber(X509_REVOKED *revoked, + const ASN1_INTEGER *serial) { ASN1_INTEGER *in; - if (x == NULL) + if (revoked == NULL) return (0); - in = x->serialNumber; + in = revoked->serialNumber; if (in != serial) { in = ASN1_INTEGER_dup(serial); if (in != NULL) { - ASN1_INTEGER_free(x->serialNumber); - x->serialNumber = in; + ASN1_INTEGER_free(revoked->serialNumber); + revoked->serialNumber = in; } } return (in != NULL); diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 1f3131279c..7fd3a27f1f 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1163,14 +1163,25 @@ OPENSSL_EXPORT int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp); // instead. OPENSSL_EXPORT int i2d_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp); +// X509_REVOKED_get0_serialNumber returns the serial number of the certificate +// revoked by |revoked|. OPENSSL_EXPORT const ASN1_INTEGER *X509_REVOKED_get0_serialNumber( - const X509_REVOKED *x); -OPENSSL_EXPORT int X509_REVOKED_set_serialNumber(X509_REVOKED *x, - ASN1_INTEGER *serial); + const X509_REVOKED *revoked); + +// X509_REVOKED_set_serialNumber sets |revoked|'s serial number to |serial|. It +// returns one on success or zero on error. +OPENSSL_EXPORT int X509_REVOKED_set_serialNumber(X509_REVOKED *revoked, + const ASN1_INTEGER *serial); + +// X509_REVOKED_get0_revocationDate returns the revocation time of the +// certificate revoked by |revoked|. OPENSSL_EXPORT const ASN1_TIME *X509_REVOKED_get0_revocationDate( - const X509_REVOKED *x); -OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *r, - ASN1_TIME *tm); + const X509_REVOKED *revoked); + +// X509_REVOKED_set_revocationDate sets |revoked|'s revocation time to |tm|. It +// returns one on success or zero on error. +OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *revoked, + const ASN1_TIME *tm); // X509_REVOKED_get0_extensions returns |r|'s extensions. OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions( From 5656fec512a8dfd2833fbf47b6aaa76364c26fad Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 13 Nov 2020 18:04:27 -0500 Subject: [PATCH 279/399] Fix NETSCAPE_SPKI_get_pubkey documentation. I got that wrong. It passes ownership to the caller. It calls X509_PUBKEY_get which bumps the refcount. Change-Id: I46b7eabcf56f68bb1f745bc2f64091640e97c0bf Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44084 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- include/openssl/x509.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 7fd3a27f1f..a75442ff48 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -697,9 +697,8 @@ OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki); // NETSCAPE_SPKI_get_pubkey decodes and returns the public key in |spki| as an -// |EVP_PKEY|, or NULL on error. The resulting pointer is non-owning and valid -// until |spki| is released or mutated. The caller should take a reference with -// |EVP_PKEY_up_ref| to extend the lifetime. +// |EVP_PKEY|, or NULL on error. The caller takes ownership of the resulting +// pointer and must call |EVP_PKEY_free| when done. OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *spki); // NETSCAPE_SPKI_set_pubkey sets |spki|'s public key to |pkey|. It returns one From 49065e846e9a2b6e75f2b928960f94f7c195793f Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 17 Nov 2020 16:09:09 -0800 Subject: [PATCH 280/399] cpu.rs: Clarify conditions under which runtime CPU feature detection is done. Clarify that, on ARM/Aarch64, runtime feature detection is done only for Linux (including Android) and Fuchsia. Reduce some of the duplication between Linux and Fuchsia; probably we should do more later. --- Cargo.toml | 2 +- src/cpu.rs | 41 ++++++++++++++++++----------------------- 2 files changed, 19 insertions(+), 24 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 1ad971059b..5eb405122c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -300,7 +300,7 @@ name = "ring" [dependencies] untrusted = { version = "0.7.1" } -[target.'cfg(all(any(target_arch = "aarch64", target_arch = "arm", target_arch = "x86", target_arch = "x86_64"), not(target_os = "ios")))'.dependencies] +[target.'cfg(any(target_arch = "x86",target_arch = "x86_64", all(any(target_arch = "aarch64", target_arch = "arm"), any(target_os = "android", target_os = "fuchsia", target_os = "linux"))))'.dependencies] spin = { version = "0.5.2", default-features = false } [target.'cfg(any(target_os = "android", target_os = "linux"))'.dependencies] diff --git a/src/cpu.rs b/src/cpu.rs index 5f0b49d813..71e66e1706 100644 --- a/src/cpu.rs +++ b/src/cpu.rs @@ -24,16 +24,16 @@ pub(crate) struct Features(()); #[inline(always)] pub(crate) fn features() -> Features { - // We don't do runtime feature detection on iOS. instead some features are - // assumed to be present; see `arm::Feature`. - #[cfg(all( - any( - target_arch = "aarch64", - target_arch = "arm", - target_arch = "x86", - target_arch = "x86_64" - ), - not(target_os = "ios") + // We don't do runtime feature detection on aarch64-apple-ios as all + // AAarch64 features we use are available on every device since the first + // device. + #[cfg(any( + target_arch = "x86", + target_arch = "x86_64", + all( + any(target_arch = "aarch64", target_arch = "arm"), + any(target_os = "android", target_os = "fuchsia", target_os = "linux") + ) ))] { static INIT: spin::Once<()> = spin::Once::new(); @@ -49,16 +49,11 @@ pub(crate) fn features() -> Features { } #[cfg(all( - any(target_os = "android", target_os = "linux"), - any(target_arch = "aarch64", target_arch = "arm") + any(target_arch = "aarch64", target_arch = "arm"), + any(target_os = "android", target_os = "fuchsia", target_os = "linux") ))] { - arm::linux_setup(); - } - - #[cfg(all(target_os = "fuchsia", any(target_arch = "aarch64")))] - { - arm::fuchsia_setup(); + arm::setup(); } }); } @@ -71,7 +66,7 @@ pub(crate) mod arm { any(target_os = "android", target_os = "linux"), any(target_arch = "aarch64", target_arch = "arm") ))] - pub fn linux_setup() { + pub fn setup() { use libc::c_ulong; // XXX: The `libc` crate doesn't provide `libc::getauxval` consistently @@ -130,8 +125,8 @@ pub(crate) mod arm { } } - #[cfg(all(target_os = "fuchsia", any(target_arch = "aarch64")))] - pub fn fuchsia_setup() { + #[cfg(all(target_os = "fuchsia", target_arch = "aarch64"))] + pub fn setup() { type zx_status_t = i32; #[link(name = "zircon")] @@ -194,7 +189,7 @@ pub(crate) mod arm { } #[cfg(all( - any(target_os = "android", target_os = "linux", target_os = "fuchsia"), + any(target_os = "android", target_os = "fuchsia", target_os = "linux"), any(target_arch = "arm", target_arch = "aarch64") ))] { @@ -243,7 +238,7 @@ pub(crate) mod arm { }; #[cfg(all( - any(target_os = "android", target_os = "linux", target_os = "fuchsia"), + any(target_os = "android", target_os = "fuchsia", target_os = "linux"), any(target_arch = "arm", target_arch = "aarch64") ))] extern "C" { From 8a90093cccf60bd2aaf582fe7e56c0b0eff9b002 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 12 Nov 2020 15:45:52 -0800 Subject: [PATCH 281/399] cpu.rs: Refactor and Fix ARM/Aarch64 CPU features handling. Presently on aarch64-apple-* `GFp_armcap_P` is always zero. That's wrong; the assembly language code needs it to be set correctly, or else the most optimized code paths (NEON and/or SHA-2 extensions) will never be chosen. Refactor the code so that `GFp_armcap_P` is set correctly, and to make it easier to understand and maintain. This will enable more optimized implementations on aarch64-apple-* targets, whereas before the lowest common denominator implementations were being used for any features that did the feature detection in assembly language code instead of Rust. Move the definition of `GFp_armcap_P` to Rust so wouldn't have to keep C and Rust code for it in sync. Remove the fallback definitions of `GFp_armcap_P` that use the ".comm"; they would always be set to zero if they were ever used, which wouldn't (necessarily) match the static feature set. Removing them makes it clearer that those definitions aren't used. --- crypto/chacha/asm/chacha-armv4.pl | 1 - crypto/crypto.c | 6 - crypto/fipsmodule/bn/asm/armv4-mont.pl | 5 - crypto/fipsmodule/sha/asm/sha256-armv4.pl | 5 - crypto/fipsmodule/sha/asm/sha512-armv4.pl | 5 - crypto/fipsmodule/sha/asm/sha512-armv8.pl | 7 - src/cpu.rs | 172 ++++++++++++++-------- 7 files changed, 111 insertions(+), 90 deletions(-) diff --git a/crypto/chacha/asm/chacha-armv4.pl b/crypto/chacha/asm/chacha-armv4.pl index 1d6f60aa69..f8a0a99c6c 100755 --- a/crypto/chacha/asm/chacha-armv4.pl +++ b/crypto/chacha/asm/chacha-armv4.pl @@ -1151,7 +1151,6 @@ sub NEONROUND { add sp,sp,#4*(16+3) ldmia sp!,{r4-r11,pc} .size ChaCha20_neon,.-ChaCha20_neon -.comm GFp_armcap_P,4,4 #endif ___ }}} diff --git a/crypto/crypto.c b/crypto/crypto.c index 06000a856a..8a3d06675b 100644 --- a/crypto/crypto.c +++ b/crypto/crypto.c @@ -35,10 +35,4 @@ // initialising it to zero, it becomes a "data symbol", which isn't so // affected. HIDDEN uint32_t GFp_ia32cap_P[4] = {0}; -#elif defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) - -#include - -HIDDEN uint32_t GFp_armcap_P = 0; - #endif diff --git a/crypto/fipsmodule/bn/asm/armv4-mont.pl b/crypto/fipsmodule/bn/asm/armv4-mont.pl index 038006dc6b..3d709f29ef 100644 --- a/crypto/fipsmodule/bn/asm/armv4-mont.pl +++ b/crypto/fipsmodule/bn/asm/armv4-mont.pl @@ -744,11 +744,6 @@ } $code.=<<___; .asciz "Montgomery multiplication for ARMv4/NEON, CRYPTOGAMS by " -.align 2 -#if __ARM_MAX_ARCH__>=7 -.comm GFp_armcap_P,4,4 -.hidden GFp_armcap_P -#endif ___ foreach (split("\n",$code)) { diff --git a/crypto/fipsmodule/sha/asm/sha256-armv4.pl b/crypto/fipsmodule/sha/asm/sha256-armv4.pl index d71fc82e22..4a962e645d 100644 --- a/crypto/fipsmodule/sha/asm/sha256-armv4.pl +++ b/crypto/fipsmodule/sha/asm/sha256-armv4.pl @@ -687,11 +687,6 @@ () }}} $code.=<<___; .asciz "SHA256 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by " -.align 2 -#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) -.comm GFp_armcap_P,4,4 -.hidden GFp_armcap_P -#endif ___ open SELF,$0; diff --git a/crypto/fipsmodule/sha/asm/sha512-armv4.pl b/crypto/fipsmodule/sha/asm/sha512-armv4.pl index 4543f4566c..e44ed4fb31 100644 --- a/crypto/fipsmodule/sha/asm/sha512-armv4.pl +++ b/crypto/fipsmodule/sha/asm/sha512-armv4.pl @@ -651,11 +651,6 @@ () } $code.=<<___; .asciz "SHA512 block transform for ARMv4/NEON, CRYPTOGAMS by " -.align 2 -#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) -.comm GFp_armcap_P,4,4 -.hidden GFp_armcap_P -#endif ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; diff --git a/crypto/fipsmodule/sha/asm/sha512-armv8.pl b/crypto/fipsmodule/sha/asm/sha512-armv8.pl index dbe39393a4..f604ffa1de 100644 --- a/crypto/fipsmodule/sha/asm/sha512-armv8.pl +++ b/crypto/fipsmodule/sha/asm/sha512-armv8.pl @@ -423,13 +423,6 @@ sub BODY_00_xx { ___ } -$code.=<<___; -#ifndef __KERNEL__ -.comm GFp_armcap_P,4,4 -.hidden GFp_armcap_P -#endif -___ - { my %opcode = ( "sha256h" => 0x5e004000, "sha256h2" => 0x5e005000, "sha256su0" => 0x5e282800, "sha256su1" => 0x5e006000 ); diff --git a/src/cpu.rs b/src/cpu.rs index 71e66e1706..0b99deb556 100644 --- a/src/cpu.rs +++ b/src/cpu.rs @@ -118,7 +118,7 @@ pub(crate) mod arm { features |= PMULL.mask; } if caps & HWCAP_SHA2 == HWCAP_SHA2 { - features |= 1 << 4; + features |= SHA256.mask; } unsafe { GFp_armcap_P = features }; @@ -163,29 +163,78 @@ pub(crate) mod arm { } } - #[cfg(not(target_arch = "wasm32"))] + macro_rules! features { + { + $( + $name:ident { + mask: $mask:expr, + + /// Should we assume that the feature is always available + /// for aarch64-apple-ios targets? The first AArch64 iOS + /// device used the Apple A7 chip. + // TODO: When we can use `if` in const expressions: + // ``` + // aarch64_ios: $aarch64_ios, + // ``` + aarch64_ios: true, + } + ),+ + , // trailing comma is required. + } => { + $( + #[allow(dead_code)] + pub(crate) const $name: Feature = Feature { + mask: $mask, + }; + )+ + + // TODO: When we can use `if` in const expressions, do this: + // ``` + // const ARMCAP_STATIC: u32 = 0 + // $( + // | ( if $aarch64_ios && + // cfg!(all(target_arch = "aarch64", + // target_os = "ios")) { + // $name.mask + // } else { + // 0 + // } + // ) + // )+; + // ``` + // + // TODO: Add static feature detection to other targets. + // TODO: Combine static feature detection with runtime feature + // detection. + #[cfg(all(target_arch = "aarch64", target_os = "ios"))] + const ARMCAP_STATIC: u32 = 0 + $( | $name.mask + )+; + #[cfg(not(all(target_arch = "aarch64", target_os = "ios")))] + const ARMCAP_STATIC: u32 = 0; + + #[cfg(all(target_arch = "aarch64", target_os = "ios"))] + #[test] + fn test_armcap_static_available() { + let features = crate::cpu::features(); + $( + assert!($name.available(features)); + )+ + } + } + } + + #[allow(dead_code)] pub(crate) struct Feature { - #[cfg_attr( - any( - target_os = "ios", - not(any(target_arch = "arm", target_arch = "aarch64")) - ), - allow(dead_code) - )] mask: u32, - - #[cfg_attr(not(target_os = "ios"), allow(dead_code))] - ios: bool, } - #[cfg(not(target_arch = "wasm32"))] impl Feature { - #[allow(clippy::needless_return)] + #[allow(dead_code)] #[inline(always)] pub fn available(&self, _: super::Features) -> bool { - #[cfg(all(target_os = "ios", any(target_arch = "arm", target_arch = "aarch64")))] - { - return self.ios; + if self.mask == self.mask & ARMCAP_STATIC { + return true; } #[cfg(all( @@ -193,56 +242,57 @@ pub(crate) mod arm { any(target_arch = "arm", target_arch = "aarch64") ))] { - return self.mask == self.mask & unsafe { GFp_armcap_P }; + if self.mask == self.mask & unsafe { GFp_armcap_P } { + return true; + } } - #[cfg(not(any(target_arch = "arm", target_arch = "aarch64")))] - { - return false; - } + false } } - // Keep in sync with `ARMV7_NEON`. - #[cfg(all( - any(target_arch = "aarch64", target_arch = "arm"), - not(target_os = "ios") - ))] - pub(crate) const NEON: Feature = Feature { - mask: 1 << 0, - ios: true, - }; - - // Keep in sync with `ARMV8_AES`. - #[cfg(any( - target_arch = "aarch64", - target_arch = "arm", - target_arch = "x86", - target_arch = "x86_64" - ))] - pub(crate) const AES: Feature = Feature { - mask: 1 << 2, - ios: true, - }; - - // Keep in sync with `ARMV8_PMULL`. - #[cfg(any( - target_arch = "aarch64", - target_arch = "arm", - target_arch = "x86", - target_arch = "x86_64" - ))] - pub(crate) const PMULL: Feature = Feature { - mask: 1 << 5, - ios: true, - }; + features! { + // Keep in sync with `ARMV7_NEON`. + NEON { + mask: 1 << 0, + aarch64_ios: true, + }, + + // Keep in sync with `ARMV8_AES`. + AES { + mask: 1 << 2, + aarch64_ios: true, + }, + + // Keep in sync with `ARMV8_SHA256`. + SHA256 { + mask: 1 << 4, + aarch64_ios: true, + }, + + // Keep in sync with `ARMV8_PMULL`. + PMULL { + mask: 1 << 5, + aarch64_ios: true, + }, + } - #[cfg(all( - any(target_os = "android", target_os = "fuchsia", target_os = "linux"), - any(target_arch = "arm", target_arch = "aarch64") - ))] - extern "C" { - static mut GFp_armcap_P: u32; + // Some non-Rust code still checks this even when it is statically known + // the given feature is available, so we have to ensure that this is + // initialized properly. Keep this in sync with the initialization in + // BoringSSL's crypto.c. + // + // TODO: This should have "hidden" visibility but we don't have a way of + // controlling that yet: https://github.com/rust-lang/rust/issues/73958. + #[cfg(any(target_arch = "arm", target_arch = "aarch64"))] + #[no_mangle] + static mut GFp_armcap_P: u32 = ARMCAP_STATIC; + + #[cfg(all(any(target_arch = "arm", target_arch = "aarch64"), target_os = "ios"))] + #[test] + fn test_armcap_static_matches_armcap_dynamic() { + assert_eq!(ARMCAP_STATIC, 1 | 4 | 16 | 32); + assert_eq!(ARMCAP_STATIC, unsafe { GFp_armcap_P }); } } From f19c4f626b48ddac7adaf4e0d24c00f493fd925f Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 17 Nov 2020 23:30:12 -0800 Subject: [PATCH 282/399] Remove dead crypto/fipsmodule/modes/internal.h. --- Cargo.toml | 1 - build.rs | 1 - crypto/fipsmodule/modes/internal.h | 57 ------------------------------ 3 files changed, 59 deletions(-) delete mode 100644 crypto/fipsmodule/modes/internal.h diff --git a/Cargo.toml b/Cargo.toml index 5eb405122c..8879517022 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -72,7 +72,6 @@ include = [ "crypto/fipsmodule/modes/asm/ghash-x86.pl", "crypto/fipsmodule/modes/asm/ghash-x86_64.pl", "crypto/fipsmodule/modes/asm/ghashv8-armx.pl", - "crypto/fipsmodule/modes/internal.h", "crypto/fipsmodule/sha/asm/sha256-armv4.pl", "crypto/fipsmodule/sha/asm/sha512-armv4.pl", "crypto/fipsmodule/sha/asm/sha512-armv8.pl", diff --git a/build.rs b/build.rs index 14cd073b04..72428f8ec4 100644 --- a/build.rs +++ b/build.rs @@ -130,7 +130,6 @@ const RING_INCLUDES: &[&str] = "crypto/fipsmodule/ec/ecp_nistz.h", "crypto/fipsmodule/ec/ecp_nistz384.h", "crypto/fipsmodule/ec/ecp_nistz256.h", - "crypto/fipsmodule/modes/internal.h", "crypto/internal.h", "crypto/limbs/limbs.h", "crypto/limbs/limbs.inl", diff --git a/crypto/fipsmodule/modes/internal.h b/crypto/fipsmodule/modes/internal.h deleted file mode 100644 index efccd24cd6..0000000000 --- a/crypto/fipsmodule/modes/internal.h +++ /dev/null @@ -1,57 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== */ - -#ifndef OPENSSL_HEADER_MODES_INTERNAL_H -#define OPENSSL_HEADER_MODES_INTERNAL_H - -#include "../../internal.h" - -// GCM definitions -typedef struct { uint64_t hi,lo; } u128; - -#endif // OPENSSL_HEADER_MODES_INTERNAL_H From f26bae0a6a7ea3e83facc0e874ffd21a9a1fe18e Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 17 Nov 2020 15:46:35 -0800 Subject: [PATCH 283/399] Add support for aarch64-apple-darwin. Change the static CPU feature detection logic to assume all aarch64-apple-* targets have the same capabilities as far as the features we use are concerned. Use the "ios64" PerlAsm flavour for aarch64-apple-darwin, like OpenSSL upstream does. Add (build-only) cross-compilation jobs to GitHub Actions. --- .github/workflows/ci.yml | 21 ++++++++++++++++++++- build.rs | 1 + src/cpu.rs | 34 ++++++++++++++++++---------------- 3 files changed, 39 insertions(+), 17 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 06b104985d..865072e1b3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -88,6 +88,7 @@ jobs: target: - aarch64-apple-ios + - aarch64-apple-darwin - aarch64-linux-android - aarch64-unknown-linux-gnu - arm-unknown-linux-gnueabihf @@ -110,10 +111,25 @@ jobs: - beta - nightly + exclude: + # The stable channel doesn't have aarch64-apple-darwin support yet. + - target: aarch64-apple-darwin + rust_channel: stable + + # The beta channel doesn't have aarch64-apple-darwin support yet. + - target: aarch64-apple-darwin + rust_channel: beta + include: + - target: aarch64-apple-darwin + # macos-latest didn't work. + host_os: macos-11.0 + # GitHub Actions doesn't have a way to run this target yet. + cargo_options: --no-run + - target: aarch64-apple-ios host_os: macos-latest - # GitHub Actions doesn't have a way to run aarch64-apple-ios. + # GitHub Actions doesn't have a way to run this target yet. cargo_options: --no-run - target: aarch64-linux-android @@ -173,6 +189,9 @@ jobs: target: ${{ matrix.target }} toolchain: ${{ matrix.rust_channel }} + - if: ${{ matrix.target == 'aarch64-apple-darwin' }} + run: echo "DEVELOPER_DIR=/Applications/Xcode_12.2.app/Contents/Developer" >> $GITHUB_ENV + - if: ${{ !contains(matrix.host_os, 'windows') }} run: | mk/cargo.sh test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }} diff --git a/build.rs b/build.rs index 72428f8ec4..5a5e8047d0 100644 --- a/build.rs +++ b/build.rs @@ -236,6 +236,7 @@ const ASM_TARGETS: &[(&str, Option<&str>, Option<&str>)] = &[ ("x86_64", Some(WINDOWS), Some("nasm")), ("x86_64", None, Some("elf")), ("aarch64", Some("ios"), Some("ios64")), + ("aarch64", Some("macos"), Some("ios64")), ("aarch64", None, Some("linux64")), ("x86", Some(WINDOWS), Some("win32n")), ("x86", Some("ios"), Some("macosx")), diff --git a/src/cpu.rs b/src/cpu.rs index 0b99deb556..691b78be1a 100644 --- a/src/cpu.rs +++ b/src/cpu.rs @@ -24,9 +24,8 @@ pub(crate) struct Features(()); #[inline(always)] pub(crate) fn features() -> Features { - // We don't do runtime feature detection on aarch64-apple-ios as all - // AAarch64 features we use are available on every device since the first - // device. + // We don't do runtime feature detection on aarch64-apple-* as all AAarch64 + // features we use are available on every device since the first devices. #[cfg(any( target_arch = "x86", target_arch = "x86_64", @@ -170,13 +169,13 @@ pub(crate) mod arm { mask: $mask:expr, /// Should we assume that the feature is always available - /// for aarch64-apple-ios targets? The first AArch64 iOS + /// for aarch64-apple-* targets? The first AArch64 iOS /// device used the Apple A7 chip. // TODO: When we can use `if` in const expressions: // ``` - // aarch64_ios: $aarch64_ios, + // aarch64_apple: $aarch64_apple, // ``` - aarch64_ios: true, + aarch64_apple: true, } ),+ , // trailing comma is required. @@ -192,9 +191,9 @@ pub(crate) mod arm { // ``` // const ARMCAP_STATIC: u32 = 0 // $( - // | ( if $aarch64_ios && + // | ( if $aarch64_apple && // cfg!(all(target_arch = "aarch64", - // target_os = "ios")) { + // target_vendor = "apple")) { // $name.mask // } else { // 0 @@ -206,14 +205,14 @@ pub(crate) mod arm { // TODO: Add static feature detection to other targets. // TODO: Combine static feature detection with runtime feature // detection. - #[cfg(all(target_arch = "aarch64", target_os = "ios"))] + #[cfg(all(target_arch = "aarch64", target_vendor = "apple"))] const ARMCAP_STATIC: u32 = 0 $( | $name.mask )+; - #[cfg(not(all(target_arch = "aarch64", target_os = "ios")))] + #[cfg(not(all(target_arch = "aarch64", target_vendor = "apple")))] const ARMCAP_STATIC: u32 = 0; - #[cfg(all(target_arch = "aarch64", target_os = "ios"))] + #[cfg(all(target_arch = "aarch64", target_vendor = "apple"))] #[test] fn test_armcap_static_available() { let features = crate::cpu::features(); @@ -255,25 +254,25 @@ pub(crate) mod arm { // Keep in sync with `ARMV7_NEON`. NEON { mask: 1 << 0, - aarch64_ios: true, + aarch64_apple: true, }, // Keep in sync with `ARMV8_AES`. AES { mask: 1 << 2, - aarch64_ios: true, + aarch64_apple: true, }, // Keep in sync with `ARMV8_SHA256`. SHA256 { mask: 1 << 4, - aarch64_ios: true, + aarch64_apple: true, }, // Keep in sync with `ARMV8_PMULL`. PMULL { mask: 1 << 5, - aarch64_ios: true, + aarch64_apple: true, }, } @@ -288,7 +287,10 @@ pub(crate) mod arm { #[no_mangle] static mut GFp_armcap_P: u32 = ARMCAP_STATIC; - #[cfg(all(any(target_arch = "arm", target_arch = "aarch64"), target_os = "ios"))] + #[cfg(all( + any(target_arch = "arm", target_arch = "aarch64"), + target_vendor = "apple" + ))] #[test] fn test_armcap_static_matches_armcap_dynamic() { assert_eq!(ARMCAP_STATIC, 1 | 4 | 16 | 32); From 9d0f731ca9f1a50560d906adcdd37902d403790f Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 18 Nov 2020 00:33:30 -0800 Subject: [PATCH 284/399] 0.16.16-alpha.1 --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 8879517022..4331718986 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,7 @@ license-file = "LICENSE" name = "ring" readme = "doc/link-to-readme.md" repository = "https://github.com/briansmith/ring" -version = "0.16.15" +version = "0.16.16-alpha.1" # Prevent multiple versions of *ring* from being linked into the same program. links = "ring-asm" From 415b56b8b2e3341581d457d49c3f078b81334250 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 18 Nov 2020 00:38:59 -0800 Subject: [PATCH 285/399] README.md: Add `aarch64-apple-darwin`. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index dfaecd38c5..ba68194d11 100644 --- a/README.md +++ b/README.md @@ -206,6 +206,7 @@ parts of *ring*; *ring* should be compatible with GCC 4.8+, Clang 10+, and MSVC | Target | Notes | | -----------------------------| ----- | +| aarch64-apple-darwin | Build-only (GitHub Actions doesn't have a way to run the tests) | aarch64-apple-ios | Build-only (GitHub Actions doesn't have a way to run the tests) | aarch64-unknown-linux-gnu | Tested on 64-bit Linux using QEMU user emulation | aarch64-linux-android | API level 21 (Android 5.0+); [Build-only; issue 486](https://github.com/briansmith/ring/issues/486) From 4ad0b814ef7c0814842b0fba57397c73ea424cb5 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 18 Nov 2020 00:40:55 -0800 Subject: [PATCH 286/399] 0.16.16. --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 4331718986..ebc8d6376a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,7 @@ license-file = "LICENSE" name = "ring" readme = "doc/link-to-readme.md" repository = "https://github.com/briansmith/ring" -version = "0.16.16-alpha.1" +version = "0.16.16" # Prevent multiple versions of *ring* from being linked into the same program. links = "ring-asm" From 3cb597782bee9a6b6d506be5f1e35866cde7b1aa Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 18 Nov 2020 10:59:01 -0800 Subject: [PATCH 287/399] Update the `cc` dependency to 1.0.62. Apparently 1.0.60 has changes specifically to support aarch64-apple-darwin. --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index ebc8d6376a..87aea9572d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -322,7 +322,7 @@ libc = { version = "0.2.69", default-features = false } # Keep this in sync with `[dependencies]` in pregenerate_asm/Cargo.toml. [build-dependencies] -cc = { version = "1.0.52", default-features = false } +cc = { version = "1.0.62", default-features = false } [features] # These features are documented in the top-level module's documentation. From 1ea08f264642d97d3b811dd6fe7748b17cb8bf85 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 18 Nov 2020 11:06:15 -0800 Subject: [PATCH 288/399] Require once_cell 1.5.2 or later. This is the version I used to test *ring* 0.16.16. --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 87aea9572d..65e6ad9ef2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -306,7 +306,7 @@ spin = { version = "0.5.2", default-features = false } libc = { version = "0.2.69", default-features = false } [target.'cfg(any(target_os = "android", target_os = "freebsd", target_os = "linux", target_os = "netbsd", target_os = "openbsd", target_os = "solaris", target_os = "illumos"))'.dependencies] -once_cell = { version = "1.3.1", default-features = false, features=["std"], optional = true } +once_cell = { version = "1.5.2", default-features = false, features=["std"], optional = true } [target.'cfg(all(target_arch = "wasm32", target_vendor = "unknown", target_os = "unknown", target_env = ""))'.dependencies] web-sys = { version = "0.3.37", default-features = false, features = ["Crypto", "Window"] } From 8888f95e2140b3e41f3e42c82aa423298639b3a2 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 18 Nov 2020 11:06:38 -0800 Subject: [PATCH 289/399] Require libc 0.2.80 or later. 0.2.80 is the version I used to test *ring* 0.16.16. Rumors are that libc 0.2.73 had changes to support aarch64-apple-darwin. --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 65e6ad9ef2..9a1d790826 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -318,7 +318,7 @@ winapi = { version = "0.3.8", default-features = false, features = ["ntsecapi", wasm-bindgen-test = { version = "0.3.18", default-features = false } [target.'cfg(any(unix, windows))'.dev-dependencies] -libc = { version = "0.2.69", default-features = false } +libc = { version = "0.2.80", default-features = false } # Keep this in sync with `[dependencies]` in pregenerate_asm/Cargo.toml. [build-dependencies] From 0a6bfa36c932fbf6bf8d8cc8611d499a6f2d9b5d Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 18 Nov 2020 14:30:49 -0500 Subject: [PATCH 290/399] Always check the TLS 1.3 downgrade signal. These APIs were used by Chromium to control the carve-out for the TLS 1.3 downgrade signal. As of https://chromium-review.googlesource.com/c/chromium/src/+/2324170, Chromium no longer uses them. Update-Note: SSL_CTX_set_ignore_tls13_downgrade, SSL_set_ignore_tls13_downgrade, and SSL_is_tls13_downgrade now do nothing. Calls sites should be removed. (There are some copies of older Chromium lying around, so I haven't removed the functions yet.) The enforcement was already on by default, so this CL does not affect callers that don't use those functions. Change-Id: I016af8291cd92051472d239c4650602fe2a68f5b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44124 Reviewed-by: Adam Langley --- include/openssl/ssl.h | 25 +++++++++++------------ ssl/handshake_client.cc | 21 ++++++------------- ssl/internal.h | 11 ---------- ssl/s3_lib.cc | 1 - ssl/ssl_lib.cc | 16 +++------------ ssl/test/bssl_shim.cc | 6 ------ ssl/test/runner/runner.go | 43 --------------------------------------- ssl/test/test_config.cc | 6 ------ ssl/test/test_config.h | 2 -- 9 files changed, 21 insertions(+), 110 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index c12aa0e17b..933c04a756 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -4087,19 +4087,6 @@ OPENSSL_EXPORT size_t SSL_max_seal_overhead(const SSL *ssl); OPENSSL_EXPORT void SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX *ctx, int allowed); -// SSL_CTX_set_ignore_tls13_downgrade configures whether connections on |ctx| -// ignore the downgrade signal in the server's random value. -OPENSSL_EXPORT void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx, - int ignore); - -// SSL_set_ignore_tls13_downgrade configures whether |ssl| ignores the downgrade -// signal in the server's random value. -OPENSSL_EXPORT void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore); - -// SSL_is_tls13_downgrade returns one if the TLS 1.3 anti-downgrade -// mechanism would have aborted |ssl|'s handshake and zero otherwise. -OPENSSL_EXPORT int SSL_is_tls13_downgrade(const SSL *ssl); - // SSL_used_hello_retry_request returns one if the TLS 1.3 HelloRetryRequest // message has been either sent by the server or received by the client. It // returns zero otherwise. @@ -4776,6 +4763,18 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); // name and remove this one. OPENSSL_EXPORT uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher); +// SSL_CTX_set_ignore_tls13_downgrade does nothing. +OPENSSL_EXPORT void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx, + int ignore); + +// SSL_set_ignore_tls13_downgrade does nothing. +OPENSSL_EXPORT void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore); + +// SSL_is_tls13_downgrade returns zero. Historically, this function returned +// whether the TLS 1.3 downgrade signal would have been enforced if not +// disabled. The TLS 1.3 downgrade signal is now always enforced. +OPENSSL_EXPORT int SSL_is_tls13_downgrade(const SSL *ssl); + // Nodejs compatibility section (hidden). // diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc index 5c800fb5f5..c36b192a19 100644 --- a/ssl/handshake_client.cc +++ b/ssl/handshake_client.cc @@ -636,12 +636,9 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) { .subspan(SSL3_RANDOM_SIZE - sizeof(kTLS13DowngradeRandom)); if (suffix == kTLS12DowngradeRandom || suffix == kTLS13DowngradeRandom || suffix == kJDK11DowngradeRandom) { - ssl->s3->tls13_downgrade = true; - if (!hs->config->ignore_tls13_downgrade) { - OPENSSL_PUT_ERROR(SSL, SSL_R_TLS13_DOWNGRADE); - ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); - return ssl_hs_error; - } + OPENSSL_PUT_ERROR(SSL, SSL_R_TLS13_DOWNGRADE); + ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + return ssl_hs_error; } } @@ -1550,18 +1547,12 @@ static bool can_false_start(const SSL_HANDSHAKE *hs) { // // Now that TLS 1.3 exists, we would like to avoid similar attacks between // TLS 1.2 and TLS 1.3, but there are too many TLS 1.2 deployments to - // sacrifice False Start on them. TLS 1.3's downgrade signal fixes this, but - // |SSL_CTX_set_ignore_tls13_downgrade| can disable it due to compatibility - // issues. - // - // |SSL_CTX_set_ignore_tls13_downgrade| normally still retains Finished-based - // downgrade protection, but False Start bypasses that. Thus, we disable False - // Start based on the TLS 1.3 downgrade signal, even if otherwise unenforced. + // sacrifice False Start on them. Instead, we rely on the ServerHello.random + // downgrade signal, which we unconditionally enforce. if (SSL_is_dtls(ssl) || SSL_version(ssl) != TLS1_2_VERSION || hs->new_cipher->algorithm_mkey != SSL_kECDHE || - hs->new_cipher->algorithm_mac != SSL_AEAD || - ssl->s3->tls13_downgrade) { + hs->new_cipher->algorithm_mac != SSL_AEAD) { return false; } diff --git a/ssl/internal.h b/ssl/internal.h index 7420f6564f..1e54c98dc7 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -2413,9 +2413,6 @@ struct SSL3_STATE { // early_data_accepted is true if early data was accepted by the server. bool early_data_accepted : 1; - // tls13_downgrade is whether the TLS 1.3 anti-downgrade logic fired. - bool tls13_downgrade : 1; - // token_binding_negotiated is set if Token Binding was negotiated. bool token_binding_negotiated : 1; @@ -2764,10 +2761,6 @@ struct SSL_CONFIG { // should be freed after the handshake completes. bool shed_handshake_config : 1; - // ignore_tls13_downgrade is whether the connection should continue when the - // server random signals a downgrade. - bool ignore_tls13_downgrade : 1; - // jdk11_workaround is whether to disable TLS 1.3 for JDK 11 clients, as a // workaround for https://bugs.openjdk.java.net/browse/JDK-8211806. bool jdk11_workaround : 1; @@ -3353,10 +3346,6 @@ struct ssl_ctx_st { // |SSL_MODE_ENABLE_FALSE_START| is enabled) is allowed without ALPN. bool false_start_allowed_without_alpn : 1; - // ignore_tls13_downgrade is whether a connection should continue when the - // server random signals a downgrade. - bool ignore_tls13_downgrade:1; - // handoff indicates that a server should stop after receiving the // ClientHello and pause the handshake in such a way that |SSL_get_error| // returns |SSL_ERROR_HANDOFF|. diff --git a/ssl/s3_lib.cc b/ssl/s3_lib.cc index ee35604058..3e12492209 100644 --- a/ssl/s3_lib.cc +++ b/ssl/s3_lib.cc @@ -177,7 +177,6 @@ SSL3_STATE::SSL3_STATE() key_update_pending(false), wpend_pending(false), early_data_accepted(false), - tls13_downgrade(false), token_binding_negotiated(false), alert_dispatch(false), renegotiate_pending(false), diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc index a52f1fa4f5..79eaacbb38 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc @@ -565,7 +565,6 @@ ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method) grease_enabled(false), allow_unknown_alpn_protos(false), false_start_allowed_without_alpn(false), - ignore_tls13_downgrade(false), handoff(false), enable_early_data(false) { CRYPTO_MUTEX_init(&lock); @@ -711,7 +710,6 @@ SSL *SSL_new(SSL_CTX *ctx) { ctx->signed_cert_timestamps_enabled; ssl->config->ocsp_stapling_enabled = ctx->ocsp_stapling_enabled; ssl->config->handoff = ctx->handoff; - ssl->config->ignore_tls13_downgrade = ctx->ignore_tls13_downgrade; ssl->quic_method = ctx->quic_method; if (!ssl->method->ssl_new(ssl.get()) || @@ -731,7 +729,6 @@ SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg) retain_only_sha256_of_client_certs(false), handoff(false), shed_handshake_config(false), - ignore_tls13_downgrade(false), jdk11_workaround(false) { assert(ssl); } @@ -2929,22 +2926,15 @@ void SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX *ctx, int allowed) { ctx->false_start_allowed_without_alpn = !!allowed; } -int SSL_is_tls13_downgrade(const SSL *ssl) { return ssl->s3->tls13_downgrade; } +int SSL_is_tls13_downgrade(const SSL *ssl) { return 0; } int SSL_used_hello_retry_request(const SSL *ssl) { return ssl->s3->used_hello_retry_request; } -void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx, int ignore) { - ctx->ignore_tls13_downgrade = !!ignore; -} +void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx, int ignore) {} -void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore) { - if (!ssl->config) { - return; - } - ssl->config->ignore_tls13_downgrade = !!ignore; -} +void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore) {} void SSL_set_shed_handshake_config(SSL *ssl, int enable) { if (!ssl->config) { diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index b04f0892ac..08482fb694 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -661,12 +661,6 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume, return false; } - if (config->expect_tls13_downgrade != !!SSL_is_tls13_downgrade(ssl)) { - fprintf(stderr, "Got %s downgrade signal, but wanted the opposite.\n", - SSL_is_tls13_downgrade(ssl) ? "" : "no "); - return false; - } - if (config->expect_delegated_credential_used != !!SSL_delegated_credential_used(ssl)) { fprintf(stderr, diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 631756f0c7..1bbec86415 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -6377,24 +6377,6 @@ func addVersionNegotiationTests() { expectedLocalError: "remote error: illegal parameter", }) - // The client should ignore the downgrade sentinel if - // configured. - testCases = append(testCases, testCase{ - name: "Downgrade-" + test.name + "-Client-Ignore", - config: Config{ - Bugs: ProtocolBugs{ - NegotiateVersion: test.version, - }, - }, - expectations: connectionExpectations{ - version: test.version, - }, - flags: []string{ - "-ignore-tls13-downgrade", - "-expect-tls13-downgrade", - }, - }) - // The server should emit the downgrade signal. testCases = append(testCases, testCase{ testType: serverTest, @@ -6412,31 +6394,6 @@ func addVersionNegotiationTests() { }) } - // Test that False Start is disabled when the downgrade logic triggers. - testCases = append(testCases, testCase{ - name: "Downgrade-FalseStart", - config: Config{ - NextProtos: []string{"foo"}, - Bugs: ProtocolBugs{ - NegotiateVersion: VersionTLS12, - ExpectFalseStart: true, - AlertBeforeFalseStartTest: alertAccessDenied, - }, - }, - expectations: connectionExpectations{ - version: VersionTLS12, - }, - flags: []string{ - "-false-start", - "-advertise-alpn", "\x03foo", - "-ignore-tls13-downgrade", - }, - shimWritesFirst: true, - shouldFail: true, - expectedError: ":TLSV1_ALERT_ACCESS_DENIED:", - expectedLocalError: "tls: peer did not false start: EOF", - }) - // SSL 3.0 support has been removed. Test that the shim does not // support it. testCases = append(testCases, testCase{ diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc index ca87c448c4..3c49b94464 100644 --- a/ssl/test/test_config.cc +++ b/ssl/test/test_config.cc @@ -131,8 +131,6 @@ const Flag kBoolFlags[] = { {"-use-custom-verify-callback", &TestConfig::use_custom_verify_callback}, {"-allow-false-start-without-alpn", &TestConfig::allow_false_start_without_alpn}, - {"-ignore-tls13-downgrade", &TestConfig::ignore_tls13_downgrade}, - {"-expect-tls13-downgrade", &TestConfig::expect_tls13_downgrade}, {"-handoff", &TestConfig::handoff}, {"-use-ocsp-callback", &TestConfig::use_ocsp_callback}, {"-set-ocsp-in-callback", &TestConfig::set_ocsp_in_callback}, @@ -1328,10 +1326,6 @@ bssl::UniquePtr TestConfig::SetupCtx(SSL_CTX *old_ctx) const { SSL_CTX_set_false_start_allowed_without_alpn(ssl_ctx.get(), 1); } - if (ignore_tls13_downgrade) { - SSL_CTX_set_ignore_tls13_downgrade(ssl_ctx.get(), 1); - } - if (use_ocsp_callback) { SSL_CTX_set_tlsext_status_cb(ssl_ctx.get(), LegacyOCSPCallback); } diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h index 318c7335f1..35007b68d1 100644 --- a/ssl/test/test_config.h +++ b/ssl/test/test_config.h @@ -159,8 +159,6 @@ struct TestConfig { bool use_custom_verify_callback = false; std::string expect_msg_callback; bool allow_false_start_without_alpn = false; - bool ignore_tls13_downgrade = false; - bool expect_tls13_downgrade = false; bool handoff = false; bool use_ocsp_callback = false; bool set_ocsp_in_callback = false; From 4be97e91e2db883f1d650384e30064cf6e82d7be Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 18 Nov 2020 14:11:18 -0800 Subject: [PATCH 291/399] Revert "Remove definitions of deprecated `Error::description()` ..." This reverts commit f06811a150fcded1555911678bbca6dcb5440cda because it changed the pulic API in a non-backward-compatible way. --- src/error.rs | 44 ++++++++++++++++++++++++++++++++++-------- tests/ed25519_tests.rs | 4 ++-- 2 files changed, 38 insertions(+), 10 deletions(-) diff --git a/src/error.rs b/src/error.rs index f1c33e78e5..23e2ab32a9 100644 --- a/src/error.rs +++ b/src/error.rs @@ -76,15 +76,30 @@ extern crate std; #[derive(Clone, Copy, Debug, PartialEq)] pub struct Unspecified; +impl Unspecified { + fn description_() -> &'static str { + "ring::error::Unspecified" + } +} + // This is required for the implementation of `std::error::Error`. impl core::fmt::Display for Unspecified { fn fmt(&self, f: &mut core::fmt::Formatter) -> core::fmt::Result { - f.write_str("ring::error::Unspecified") + f.write_str(Self::description_()) } } #[cfg(feature = "std")] -impl std::error::Error for Unspecified {} +impl std::error::Error for Unspecified { + #[inline] + fn cause(&self) -> Option<&dyn std::error::Error> { + None + } + + fn description(&self) -> &str { + Self::description_() + } +} impl From for Unspecified { fn from(_: untrusted::EndOfInput) -> Self { @@ -100,10 +115,10 @@ impl From for Unspecified { /// An error parsing or validating a key. /// -/// The `Display` implementation will return a string that will help you better -/// understand why a key was rejected change which errors are reported in which -/// situations while minimizing the likelihood that any applications will be -/// broken. +/// The `Display` implementation and `::description()` +/// will return a string that will help you better understand why a key was +/// rejected change which errors are reported in which situations while +/// minimizing the likelihood that any applications will be broken. /// /// Here is an incomplete list of reasons a key may be unsupported: /// @@ -132,6 +147,11 @@ impl From for Unspecified { pub struct KeyRejected(&'static str); impl KeyRejected { + /// The value returned from ::description() + pub fn description_(&self) -> &'static str { + self.0 + } + pub(crate) fn inconsistent_components() -> Self { KeyRejected("InconsistentComponents") } @@ -183,11 +203,19 @@ impl KeyRejected { } #[cfg(feature = "std")] -impl std::error::Error for KeyRejected {} +impl std::error::Error for KeyRejected { + fn cause(&self) -> Option<&dyn std::error::Error> { + None + } + + fn description(&self) -> &str { + self.description_() + } +} impl core::fmt::Display for KeyRejected { fn fmt(&self, f: &mut core::fmt::Formatter) -> core::fmt::Result { - f.write_str(self.0) + f.write_str(self.description_()) } } diff --git a/tests/ed25519_tests.rs b/tests/ed25519_tests.rs index 9d177c1418..8e0b31ba4e 100644 --- a/tests/ed25519_tests.rs +++ b/tests/ed25519_tests.rs @@ -121,7 +121,7 @@ fn test_ed25519_from_pkcs8_unchecked() { (Ok(_), None) => (), (Err(e), None) => panic!("Failed with error \"{}\", but expected to succeed", e), (Ok(_), Some(e)) => panic!("Succeeded, but expected error \"{}\"", e), - (Err(actual), Some(expected)) => assert_eq!(format!("{}", actual), expected), + (Err(actual), Some(expected)) => assert_eq!(actual.description_(), expected), }; Ok(()) @@ -143,7 +143,7 @@ fn test_ed25519_from_pkcs8() { (Ok(_), None) => (), (Err(e), None) => panic!("Failed with error \"{}\", but expected to succeed", e), (Ok(_), Some(e)) => panic!("Succeeded, but expected error \"{}\"", e), - (Err(actual), Some(expected)) => assert_eq!(format!("{}", actual), expected), + (Err(actual), Some(expected)) => assert_eq!(actual.description_(), expected), }; Ok(()) From 5351c8bf3865b85eae085c86338db31ff16dd8c7 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 19 Nov 2020 00:25:29 -0500 Subject: [PATCH 292/399] Rename the master_key field in SSL_SESSION to secret. It's not even accurate. The term "master key" dates to SSL 2, which we do not implement. (Starting SSL 3, "key" was replaced with "secret".) The field stores, at various points, the TLS 1.2 master secret, the TLS 1.3 resumption master secret, and the TLS 1.3 resumption PSK. Simply rename the field to 'secret', which is as descriptive of a name as we can get at this point. I've left SSL_SESSION_get_master_key alone for now, as it's there for OpenSSL compatibility, as well as references to the various TLS secrets since those refer to concepts in the spec. (When the dust settles a bit on rfc8446bis, we can fix those.) Change-Id: I3c1007eb7982788789cc5db851de8724c7f35baf Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44144 Reviewed-by: Adam Langley --- include/openssl/ssl.h | 6 +++--- ssl/handshake.cc | 5 ++--- ssl/handshake_client.cc | 10 +++++----- ssl/handshake_server.cc | 9 ++++----- ssl/internal.h | 10 ++++++---- ssl/ssl_asn1.cc | 15 +++++++-------- ssl/ssl_session.cc | 15 +++++++-------- ssl/ssl_transcript.cc | 4 ++-- ssl/t1_enc.cc | 12 +++++------- ssl/tls13_client.cc | 4 ++-- ssl/tls13_enc.cc | 27 ++++++++++++--------------- ssl/tls13_server.cc | 4 ++-- 12 files changed, 57 insertions(+), 64 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 933c04a756..68d0b08715 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1738,9 +1738,9 @@ OPENSSL_EXPORT void SSL_SESSION_get0_ocsp_response(const SSL_SESSION *session, // SSL_MAX_MASTER_KEY_LENGTH is the maximum length of a master secret. #define SSL_MAX_MASTER_KEY_LENGTH 48 -// SSL_SESSION_get_master_key writes up to |max_out| bytes of |session|'s master -// secret to |out| and returns the number of bytes written. If |max_out| is -// zero, it returns the size of the master secret. +// SSL_SESSION_get_master_key writes up to |max_out| bytes of |session|'s secret +// to |out| and returns the number of bytes written. If |max_out| is zero, it +// returns the size of the secret. OPENSSL_EXPORT size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, uint8_t *out, size_t max_out); diff --git a/ssl/handshake.cc b/ssl/handshake.cc index 66d108e79f..eb630a5b2d 100644 --- a/ssl/handshake.cc +++ b/ssl/handshake.cc @@ -494,9 +494,8 @@ bool ssl_send_finished(SSL_HANDSHAKE *hs) { } // Log the master secret, if logging is enabled. - if (!ssl_log_secret( - ssl, "CLIENT_RANDOM", - MakeConstSpan(session->master_key, session->master_key_length))) { + if (!ssl_log_secret(ssl, "CLIENT_RANDOM", + MakeConstSpan(session->secret, session->secret_length))) { return 0; } diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc index c36b192a19..59ef6ec5f3 100644 --- a/ssl/handshake_client.cc +++ b/ssl/handshake_client.cc @@ -459,8 +459,8 @@ static enum ssl_hs_wait_t do_enter_early_data(SSL_HANDSHAKE *hs) { } if (!tls13_init_early_key_schedule( - hs, MakeConstSpan(ssl->session->master_key, - ssl->session->master_key_length)) || + hs, + MakeConstSpan(ssl->session->secret, ssl->session->secret_length)) || !tls13_derive_early_secret(hs)) { return ssl_hs_error; } @@ -1407,9 +1407,9 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) { return ssl_hs_error; } - hs->new_session->master_key_length = - tls1_generate_master_secret(hs, hs->new_session->master_key, pms); - if (hs->new_session->master_key_length == 0) { + hs->new_session->secret_length = + tls1_generate_master_secret(hs, hs->new_session->secret, pms); + if (hs->new_session->secret_length == 0) { return ssl_hs_error; } hs->new_session->extended_master_secret = hs->extended_master_secret; diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc index 26227d3417..22fa6a1d28 100644 --- a/ssl/handshake_server.cc +++ b/ssl/handshake_server.cc @@ -1402,14 +1402,13 @@ static enum ssl_hs_wait_t do_read_client_key_exchange(SSL_HANDSHAKE *hs) { } // Compute the master secret. - hs->new_session->master_key_length = tls1_generate_master_secret( - hs, hs->new_session->master_key, premaster_secret); - if (hs->new_session->master_key_length == 0) { + hs->new_session->secret_length = tls1_generate_master_secret( + hs, hs->new_session->secret, premaster_secret); + if (hs->new_session->secret_length == 0) { return ssl_hs_error; } hs->new_session->extended_master_secret = hs->extended_master_secret; - CONSTTIME_DECLASSIFY(hs->new_session->master_key, - hs->new_session->master_key_length); + CONSTTIME_DECLASSIFY(hs->new_session->secret, hs->new_session->secret_length); ssl->method->next_message(ssl); hs->state = state12_read_client_certificate_verify; diff --git a/ssl/internal.h b/ssl/internal.h index 1e54c98dc7..61cbefe843 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -3466,10 +3466,12 @@ struct ssl_session_st { // the peer, or zero if not applicable or unknown. uint16_t peer_signature_algorithm = 0; - // master_key, in TLS 1.2 and below, is the master secret associated with the - // session. In TLS 1.3 and up, it is the resumption secret. - int master_key_length = 0; - uint8_t master_key[SSL_MAX_MASTER_KEY_LENGTH] = {0}; + // secret, in TLS 1.2 and below, is the master secret associated with the + // session. In TLS 1.3 and up, it is the resumption PSK for sessions handed to + // the caller, but it stores the resumption secret when stored on |SSL| + // objects. + int secret_length = 0; + uint8_t secret[SSL_MAX_MASTER_KEY_LENGTH] = {0}; // session_id - valid? unsigned session_id_length = 0; diff --git a/ssl/ssl_asn1.cc b/ssl/ssl_asn1.cc index 0e913087c9..27bc3103de 100644 --- a/ssl/ssl_asn1.cc +++ b/ssl/ssl_asn1.cc @@ -105,7 +105,7 @@ BSSL_NAMESPACE_BEGIN // sslVersion INTEGER, -- protocol version number // cipher OCTET STRING, -- two bytes long // sessionID OCTET STRING, -// masterKey OCTET STRING, +// secret OCTET STRING, // time [1] INTEGER, -- seconds since UNIX epoch // timeout [2] INTEGER, -- in seconds // peer [3] Certificate OPTIONAL, @@ -218,8 +218,7 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb, // The session ID is irrelevant for a session ticket. !CBB_add_asn1_octet_string(&session, in->session_id, for_ticket ? 0 : in->session_id_length) || - !CBB_add_asn1_octet_string(&session, in->master_key, - in->master_key_length) || + !CBB_add_asn1_octet_string(&session, in->secret, in->secret_length) || !CBB_add_asn1(&session, &child, kTimeTag) || !CBB_add_asn1_uint64(&child, in->time) || !CBB_add_asn1(&session, &child, kTimeoutTag) || @@ -593,18 +592,18 @@ UniquePtr SSL_SESSION_parse(CBS *cbs, return nullptr; } - CBS session_id, master_key; + CBS session_id, secret; if (!CBS_get_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING) || CBS_len(&session_id) > SSL3_MAX_SSL_SESSION_ID_LENGTH || - !CBS_get_asn1(&session, &master_key, CBS_ASN1_OCTETSTRING) || - CBS_len(&master_key) > SSL_MAX_MASTER_KEY_LENGTH) { + !CBS_get_asn1(&session, &secret, CBS_ASN1_OCTETSTRING) || + CBS_len(&secret) > SSL_MAX_MASTER_KEY_LENGTH) { OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION); return nullptr; } OPENSSL_memcpy(ret->session_id, CBS_data(&session_id), CBS_len(&session_id)); ret->session_id_length = CBS_len(&session_id); - OPENSSL_memcpy(ret->master_key, CBS_data(&master_key), CBS_len(&master_key)); - ret->master_key_length = CBS_len(&master_key); + OPENSSL_memcpy(ret->secret, CBS_data(&secret), CBS_len(&secret)); + ret->secret_length = CBS_len(&secret); CBS child; uint64_t timeout; diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc index 7538a72b28..91b2fff560 100644 --- a/ssl/ssl_session.cc +++ b/ssl/ssl_session.cc @@ -202,9 +202,8 @@ UniquePtr SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) { OPENSSL_memcpy(new_session->sid_ctx, session->sid_ctx, session->sid_ctx_length); // Copy the key material. - new_session->master_key_length = session->master_key_length; - OPENSSL_memcpy(new_session->master_key, session->master_key, - session->master_key_length); + new_session->secret_length = session->secret_length; + OPENSSL_memcpy(new_session->secret, session->secret, session->secret_length); new_session->cipher = session->cipher; // Copy authentication state. @@ -963,14 +962,14 @@ void SSL_SESSION_get0_ocsp_response(const SSL_SESSION *session, size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, uint8_t *out, size_t max_out) { - // TODO(davidben): Fix master_key_length's type and remove these casts. + // TODO(davidben): Fix secret_length's type and remove these casts. if (max_out == 0) { - return (size_t)session->master_key_length; + return (size_t)session->secret_length; } - if (max_out > (size_t)session->master_key_length) { - max_out = (size_t)session->master_key_length; + if (max_out > (size_t)session->secret_length) { + max_out = (size_t)session->secret_length; } - OPENSSL_memcpy(out, session->master_key, max_out); + OPENSSL_memcpy(out, session->secret, max_out); return max_out; } diff --git a/ssl/ssl_transcript.cc b/ssl/ssl_transcript.cc index c1cef2bb12..0bc13b9c2d 100644 --- a/ssl/ssl_transcript.cc +++ b/ssl/ssl_transcript.cc @@ -265,8 +265,8 @@ bool SSLTranscript::GetFinishedMAC(uint8_t *out, size_t *out_len, static const size_t kFinishedLen = 12; if (!tls1_prf(Digest(), MakeSpan(out, kFinishedLen), - MakeConstSpan(session->master_key, session->master_key_length), - label, MakeConstSpan(digest, digest_len), {})) { + MakeConstSpan(session->secret, session->secret_length), label, + MakeConstSpan(digest, digest_len), {})) { return false; } diff --git a/ssl/t1_enc.cc b/ssl/t1_enc.cc index d8b6ea2b4d..c8db457f1c 100644 --- a/ssl/t1_enc.cc +++ b/ssl/t1_enc.cc @@ -191,15 +191,14 @@ static bool get_key_block_lengths(const SSL *ssl, size_t *out_mac_secret_len, static bool generate_key_block(const SSL *ssl, Span out, const SSL_SESSION *session) { - auto master_key = - MakeConstSpan(session->master_key, session->master_key_length); + auto secret = MakeConstSpan(session->secret, session->secret_length); static const char kLabel[] = "key expansion"; auto label = MakeConstSpan(kLabel, sizeof(kLabel) - 1); const EVP_MD *digest = ssl_session_get_digest(session); // Note this function assumes that |session|'s key material corresponds to // |ssl->s3->client_random| and |ssl->s3->server_random|. - return tls1_prf(digest, out, master_key, label, ssl->s3->server_random, + return tls1_prf(digest, out, secret, label, ssl->s3->server_random, ssl->s3->client_random); } @@ -379,8 +378,7 @@ int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len, const SSL_SESSION *session = SSL_get_session(ssl); const EVP_MD *digest = ssl_session_get_digest(session); - return tls1_prf( - digest, MakeSpan(out, out_len), - MakeConstSpan(session->master_key, session->master_key_length), - MakeConstSpan(label, label_len), seed, {}); + return tls1_prf(digest, MakeSpan(out, out_len), + MakeConstSpan(session->secret, session->secret_length), + MakeConstSpan(label, label_len), seed, {}); } diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc index c77824f861..496ae019f6 100644 --- a/ssl/tls13_client.cc +++ b/ssl/tls13_client.cc @@ -414,8 +414,8 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) { // Set up the key schedule and incorporate the PSK into the running secret. if (ssl->s3->session_reused) { if (!tls13_init_key_schedule( - hs, MakeConstSpan(hs->new_session->master_key, - hs->new_session->master_key_length))) { + hs, MakeConstSpan(hs->new_session->secret, + hs->new_session->secret_length))) { return ssl_hs_error; } } else if (!tls13_init_key_schedule(hs, MakeConstSpan(kZeroes, hash_len))) { diff --git a/ssl/tls13_enc.cc b/ssl/tls13_enc.cc index 69a55788cc..198adb6128 100644 --- a/ssl/tls13_enc.cc +++ b/ssl/tls13_enc.cc @@ -303,10 +303,9 @@ bool tls13_derive_resumption_secret(SSL_HANDSHAKE *hs) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); return false; } - hs->new_session->master_key_length = hs->transcript.DigestLen(); + hs->new_session->secret_length = hs->transcript.DigestLen(); return derive_secret( - hs, - MakeSpan(hs->new_session->master_key, hs->new_session->master_key_length), + hs, MakeSpan(hs->new_session->secret, hs->new_session->secret_length), label_to_span(kTLS13LabelResumption)); } @@ -354,8 +353,8 @@ bool tls13_derive_session_psk(SSL_SESSION *session, Span nonce) { const EVP_MD *digest = ssl_session_get_digest(session); // The session initially stores the resumption_master_secret, which we // override with the PSK. - auto session_key = MakeSpan(session->master_key, session->master_key_length); - return hkdf_expand_label(session_key, digest, session_key, + auto session_secret = MakeSpan(session->secret, session->secret_length); + return hkdf_expand_label(session_secret, digest, session_secret, label_to_span(kTLS13LabelResumptionPSK), nonce); } @@ -460,11 +459,10 @@ bool tls13_write_psk_binder(SSL_HANDSHAKE *hs, Span msg) { if (!hash_transcript_and_truncated_client_hello( hs, context, &context_len, digest, msg, 1 /* length prefix */ + hash_len) || - !tls13_psk_binder(verify_data, &verify_data_len, - ssl->session->ssl_version, digest, - MakeConstSpan(ssl->session->master_key, - ssl->session->master_key_length), - MakeConstSpan(context, context_len)) || + !tls13_psk_binder( + verify_data, &verify_data_len, ssl->session->ssl_version, digest, + MakeConstSpan(ssl->session->secret, ssl->session->secret_length), + MakeConstSpan(context, context_len)) || verify_data_len != hash_len) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); return false; @@ -485,11 +483,10 @@ bool tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session, if (!hash_transcript_and_truncated_client_hello(hs, context, &context_len, hs->transcript.Digest(), msg.raw, CBS_len(binders)) || - !tls13_psk_binder( - verify_data, &verify_data_len, hs->ssl->version, - hs->transcript.Digest(), - MakeConstSpan(session->master_key, session->master_key_length), - MakeConstSpan(context, context_len)) || + !tls13_psk_binder(verify_data, &verify_data_len, hs->ssl->version, + hs->transcript.Digest(), + MakeConstSpan(session->secret, session->secret_length), + MakeConstSpan(context, context_len)) || // We only consider the first PSK, so compare against the first binder. !CBS_get_u8_length_prefixed(binders, &binder)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc index fefb074b8d..9dfe32536c 100644 --- a/ssl/tls13_server.cc +++ b/ssl/tls13_server.cc @@ -477,8 +477,8 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) { // Set up the key schedule and incorporate the PSK into the running secret. if (ssl->s3->session_reused) { if (!tls13_init_key_schedule( - hs, MakeConstSpan(hs->new_session->master_key, - hs->new_session->master_key_length))) { + hs, MakeConstSpan(hs->new_session->secret, + hs->new_session->secret_length))) { return ssl_hs_error; } } else if (!tls13_init_key_schedule(hs, MakeConstSpan(kZeroes, hash_len))) { From 88465337449ef6d91eeaacb22b413de68bbf4d7c Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Thu, 19 Nov 2020 09:56:11 -0800 Subject: [PATCH 293/399] Add FIPS self test for the TLS KDF. Change-Id: I08cc198f326f02b3f38234b938208ea49a13fab6 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44164 Commit-Queue: Adam Langley Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- crypto/fipsmodule/self_check/self_check.c | 36 +++++++++++++++++++++++ util/fipstools/break-tests-android.sh | 2 +- util/fipstools/break-tests.sh | 2 +- 3 files changed, 38 insertions(+), 2 deletions(-) diff --git a/crypto/fipsmodule/self_check/self_check.c b/crypto/fipsmodule/self_check/self_check.c index 91ec8cad0c..192a0079ad 100644 --- a/crypto/fipsmodule/self_check/self_check.c +++ b/crypto/fipsmodule/self_check/self_check.c @@ -31,6 +31,7 @@ #include "../../internal.h" #include "../ec/internal.h" #include "../rand/internal.h" +#include "../tls/internal.h" // MSVC wants to put a NUL byte at the end of non-char arrays and so cannot @@ -460,6 +461,30 @@ int boringssl_fips_self_test( 0x00, #endif }; + const uint8_t kTLSOutput[32] = { + 0x67, 0x85, 0xde, 0x60, 0xfc, 0x0a, 0x83, 0xe9, 0xa2, 0x2a, 0xb3, + 0xf0, 0x27, 0x0c, 0xba, 0xf7, 0xfa, 0x82, 0x3d, 0x14, 0x77, 0x1d, + 0x86, 0x29, 0x79, 0x39, 0x77, 0x8a, 0xd5, 0x0e, 0x9d, +#if !defined(BORINGSSL_FIPS_BREAK_TLS_KDF) + 0x32, +#else + 0x00, +#endif + }; + const uint8_t kTLSSecret[32] = { + 0xbf, 0xe4, 0xb7, 0xe0, 0x26, 0x55, 0x5f, 0x6a, 0xdf, 0x5d, 0x27, + 0xd6, 0x89, 0x99, 0x2a, 0xd6, 0xf7, 0x65, 0x66, 0x07, 0x4b, 0x55, + 0x5f, 0x64, 0x55, 0xcd, 0xd5, 0x77, 0xa4, 0xc7, 0x09, 0x61, + }; + const char kTLSLabel[] = "FIPS self test"; + const uint8_t kTLSSeed1[16] = { + 0x8f, 0x0d, 0xe8, 0xb6, 0x90, 0x8f, 0xb1, 0xd2, + 0x6d, 0x51, 0xf4, 0x79, 0x18, 0x63, 0x51, 0x65, + }; + const uint8_t kTLSSeed2[16] = { + 0x7d, 0x24, 0x1a, 0x9d, 0x3c, 0x59, 0xbf, 0x3c, + 0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81, + }; EVP_AEAD_CTX aead_ctx; EVP_AEAD_CTX_zero(&aead_ctx); @@ -690,6 +715,17 @@ int boringssl_fips_self_test( goto err; } + // TLS KDF KAT + uint8_t tls_output[sizeof(kTLSOutput)]; + if (!CRYPTO_tls1_prf(EVP_sha256(), tls_output, sizeof(tls_output), kTLSSecret, + sizeof(kTLSSecret), kTLSLabel, sizeof(kTLSLabel), + kTLSSeed1, sizeof(kTLSSeed1), kTLSSeed2, + sizeof(kTLSSeed2)) || + !check_test(kTLSOutput, tls_output, sizeof(kTLSOutput), "TLS KDF KAT")) { + fprintf(stderr, "TLS KDF failed.\n"); + goto err; + } + ret = 1; #if defined(BORINGSSL_FIPS_SELF_TEST_FLAG_FILE) diff --git a/util/fipstools/break-tests-android.sh b/util/fipstools/break-tests-android.sh index a5289cf221..61b2b4f2a5 100644 --- a/util/fipstools/break-tests-android.sh +++ b/util/fipstools/break-tests-android.sh @@ -42,7 +42,7 @@ fi . build/envsetup.sh -TESTS="NONE ECDSA_PWCT CRNG RSA_PWCT AES_CBC AES_GCM DES SHA_1 SHA_256 SHA_512 RSA_SIG DRBG ECDSA_SIG Z_COMPUTATION" +TESTS="NONE ECDSA_PWCT CRNG RSA_PWCT AES_CBC AES_GCM DES SHA_1 SHA_256 SHA_512 RSA_SIG DRBG ECDSA_SIG Z_COMPUTATION TLS_KDF" if [ "x$1" = "x32" ]; then lib="lib" diff --git a/util/fipstools/break-tests.sh b/util/fipstools/break-tests.sh index 670c4feff9..2f698bee25 100644 --- a/util/fipstools/break-tests.sh +++ b/util/fipstools/break-tests.sh @@ -22,7 +22,7 @@ set -x -TESTS="NONE ECDSA_PWCT CRNG RSA_PWCT AES_CBC AES_GCM DES SHA_1 SHA_256 SHA_512 RSA_SIG DRBG ECDSA_SIG Z_COMPUTATION" +TESTS="NONE ECDSA_PWCT CRNG RSA_PWCT AES_CBC AES_GCM DES SHA_1 SHA_256 SHA_512 RSA_SIG DRBG ECDSA_SIG Z_COMPUTATION TLS_KDF" if [ "x$1" = "xbuild" ]; then for test in $TESTS; do From 806c505b7e8034f212181d3bd2fab0af0026aaf1 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Thu, 19 Nov 2020 10:18:19 -0800 Subject: [PATCH 294/399] acvp: add SHA-512/256 support. Change-Id: Ib5d69d82c4cfc8cc172bdb5d9a739af53f9d2899 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44165 Reviewed-by: David Benjamin Commit-Queue: Adam Langley --- util/fipstools/acvp/acvptool/subprocess/subprocess.go | 1 + util/fipstools/acvp/modulewrapper/modulewrapper.cc | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index 84b54b14cf..c297c8eab0 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -76,6 +76,7 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess "SHA2-256": &hashPrimitive{"SHA2-256", 32}, "SHA2-384": &hashPrimitive{"SHA2-384", 48}, "SHA2-512": &hashPrimitive{"SHA2-512", 64}, + "SHA2-512/256": &hashPrimitive{"SHA2-512/256", 32}, "ACVP-AES-ECB": &blockCipher{"AES", 16, 2, true, false, iterateAES}, "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, 2, true, true, iterateAESCBC}, "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, 1, false, true, nil}, diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index b1e1dd77c5..ac791c0f98 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -163,6 +163,13 @@ static bool GetConfig(const Span args[]) { "min": 0, "max": 65528, "increment": 8 }] }, + { + "algorithm": "SHA2-512/256", + "revision": "1.0", + "messageLength": [{ + "min": 0, "max": 65528, "increment": 8 + }] + }, { "algorithm": "SHA-1", "revision": "1.0", @@ -1557,6 +1564,7 @@ static constexpr struct { {"SHA2-256", 1, Hash}, {"SHA2-384", 1, Hash}, {"SHA2-512", 1, Hash}, + {"SHA2-512/256", 1, Hash}, {"AES/encrypt", 3, AES}, {"AES/decrypt", 3, AES}, {"AES-CBC/encrypt", 4, AES_CBC}, From 4a265be4d931e35f0d108040c94d37bb49827948 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 19 Nov 2020 02:20:01 -0500 Subject: [PATCH 295/399] Document ASN1_STRING. Almost everything in uses ASN1_STRING, and there are a lot of unspoken assumptions in the library about the type field, so it needs quite a bit of text. Change-Id: Ied56c9428069477da8ecb17a174da4320e573fa1 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44184 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- include/openssl/asn1.h | 300 ++++++++++++++++++++++++++++------------- 1 file changed, 209 insertions(+), 91 deletions(-) diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 3c37096894..70a23c5717 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -79,28 +79,52 @@ extern "C" { // the new |CBS| and |CBB| library in instead. +// Tag constants. +// +// These constants are used in various APIs to specify ASN.1 types and tag +// components. See the specific API's documentation for details on which values +// are used and how. + +// The following constants are tag classes. #define V_ASN1_UNIVERSAL 0x00 #define V_ASN1_APPLICATION 0x40 #define V_ASN1_CONTEXT_SPECIFIC 0x80 #define V_ASN1_PRIVATE 0xc0 +// V_ASN1_CONSTRUCTED indicates an element is constructed, rather than +// primitive. #define V_ASN1_CONSTRUCTED 0x20 -#define V_ASN1_PRIMITIVE_TAG 0x1f -#define V_ASN1_APP_CHOOSE -2 // let the recipient choose -#define V_ASN1_OTHER -3 // used in ASN1_TYPE -#define V_ASN1_ANY -4 // used in ASN1 template code +// V_ASN1_PRIMITIVE_TAG is the highest tag number which can be encoded in a +// single byte. Note this is unrelated to whether an element is constructed or +// primitive. +// +// TODO(davidben): Make this private. +#define V_ASN1_PRIMITIVE_TAG 0x1f -#define V_ASN1_NEG 0x100 // negative flag -// No supported universal tags may exceed this value, to avoid ambiguity with -// V_ASN1_NEG. +// V_ASN1_MAX_UNIVERSAL is the highest supported universal tag number. It is +// necessary to avoid ambiguity with |V_ASN1_NEG|. +// +// TODO(davidben): Make this private. #define V_ASN1_MAX_UNIVERSAL 0xff -#define V_ASN1_UNDEF -1 +// V_ASN1_UNDEF is used in some APIs to indicate an ASN.1 element is omitted. +#define V_ASN1_UNDEF (-1) + +// V_ASN1_APP_CHOOSE is used in some APIs to specify a default ASN.1 type based +// on the context. +#define V_ASN1_APP_CHOOSE (-2) + +// V_ASN1_OTHER is used in |ASN1_TYPE| to indicate a non-universal ASN.1 type. +#define V_ASN1_OTHER (-3) + +// V_ASN1_ANY is used by the ASN.1 templates to indicate an ANY type. +#define V_ASN1_ANY (-4) + +// The following constants are tag numbers for universal types. #define V_ASN1_EOC 0 -#define V_ASN1_BOOLEAN 1 // +#define V_ASN1_BOOLEAN 1 #define V_ASN1_INTEGER 2 -#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) #define V_ASN1_BIT_STRING 3 #define V_ASN1_OCTET_STRING 4 #define V_ASN1_NULL 5 @@ -109,25 +133,190 @@ extern "C" { #define V_ASN1_EXTERNAL 8 #define V_ASN1_REAL 9 #define V_ASN1_ENUMERATED 10 -#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) #define V_ASN1_UTF8STRING 12 #define V_ASN1_SEQUENCE 16 #define V_ASN1_SET 17 -#define V_ASN1_NUMERICSTRING 18 // +#define V_ASN1_NUMERICSTRING 18 #define V_ASN1_PRINTABLESTRING 19 #define V_ASN1_T61STRING 20 -#define V_ASN1_TELETEXSTRING 20 // alias -#define V_ASN1_VIDEOTEXSTRING 21 // +#define V_ASN1_TELETEXSTRING 20 +#define V_ASN1_VIDEOTEXSTRING 21 #define V_ASN1_IA5STRING 22 #define V_ASN1_UTCTIME 23 -#define V_ASN1_GENERALIZEDTIME 24 // -#define V_ASN1_GRAPHICSTRING 25 // -#define V_ASN1_ISO64STRING 26 // -#define V_ASN1_VISIBLESTRING 26 // alias -#define V_ASN1_GENERALSTRING 27 // -#define V_ASN1_UNIVERSALSTRING 28 // +#define V_ASN1_GENERALIZEDTIME 24 +#define V_ASN1_GRAPHICSTRING 25 +#define V_ASN1_ISO64STRING 26 +#define V_ASN1_VISIBLESTRING 26 +#define V_ASN1_GENERALSTRING 27 +#define V_ASN1_UNIVERSALSTRING 28 #define V_ASN1_BMPSTRING 30 +// The following constants are used for |ASN1_STRING| values that represent +// negative INTEGER and ENUMERATED values. See |ASN1_STRING| for more details. +#define V_ASN1_NEG 0x100 +#define V_ASN1_NEG_INTEGER (V_ASN1_INTEGER | V_ASN1_NEG) +#define V_ASN1_NEG_ENUMERATED (V_ASN1_ENUMERATED | V_ASN1_NEG) + + +// Strings. +// +// ASN.1 contains a myriad of string types, as well as types that contain data +// that may be encoded into a string. This library uses a single type, +// |ASN1_STRING|, to represent most values. + +// An asn1_string_st (aka |ASN1_STRING|) represents a value of a string-like +// ASN.1 type. It contains a type field, and a byte string data field with a +// type-specific representation. +// +// When representing a string value, the type field is one of +// |V_ASN1_OCTET_STRING|, |V_ASN1_UTF8STRING|, |V_ASN1_NUMERICSTRING|, +// |V_ASN1_PRINTABLESTRING|, |V_ASN1_T61STRING|, |V_ASN1_VIDEOTEXSTRING|, +// |V_ASN1_IA5STRING|, |V_ASN1_GRAPHICSTRING|, |V_ASN1_ISO64STRING|, +// |V_ASN1_VISIBLESTRING|, |V_ASN1_GENERALSTRING|, |V_ASN1_UNIVERSALSTRING|, or +// |V_ASN1_BMPSTRING|. The data contains the byte representation of of the +// string. +// +// When representing a BIT STRING value, the type field is |V_ASN1_BIT_STRING|. +// The data contains the encoded form of the BIT STRING, including any padding +// bits added to round to a whole number of bytes, but excluding the leading +// byte containing the number of padding bits. The number of padding bits is +// encoded in the flags field. See |ASN1_STRING_FLAG_BITS_LEFT| for details. For +// example, DER encodes the BIT STRING {1, 0} as {0x06, 0x80 = 0b10_000000}. The +// |ASN1_STRING| representation has data of {0x80} and flags of +// ASN1_STRING_FLAG_BITS_LEFT | 6. +// +// When representing an INTEGER or ENUMERATED value, the data contains the +// big-endian encoding of the absolute value of the integer. The sign bit is +// encoded in the type: non-negative values have a type of |V_ASN1_INTEGER| or +// |V_ASN1_ENUMERATED|, while negative values have a type of +// |V_ASN1_NEG_INTEGER| or |V_ASN1_NEG_ENUMERATED|. Note this differs from DER's +// two's complement representation. +// +// When representing a GeneralizedTime or UTCTime value, the type field is +// |V_ASN1_GENERALIZEDTIME| or |V_ASN1_UTCTIME|, respectively. The data contains +// the DER encoding of the value. For example, the UNIX epoch would be +// "19700101000000Z" for a GeneralizedTime and "700101000000Z" for a UTCTime. +// +// TODO(davidben): |ASN1_TYPE| additionally uses |ASN1_STRING| to represent +// various other odd cases. It also likes to assume unknown universal tags are +// string types. Make a note here when documenting |ASN1_TYPE|. +// +// |ASN1_STRING| additionally has the following typedefs: |ASN1_BIT_STRING|, +// |ASN1_BMPSTRING|, |ASN1_ENUMERATED|, |ASN1_GENERALIZEDTIME|, +// |ASN1_GENERALSTRING|, |ASN1_IA5STRING|, |ASN1_INTEGER|, |ASN1_OCTET_STRING|, +// |ASN1_PRINTABLESTRING|, |ASN1_T61STRING|, |ASN1_TIME|, +// |ASN1_UNIVERSALSTRING|, |ASN1_UTCTIME|, |ASN1_UTF8STRING|, and +// |ASN1_VISIBLESTRING|. Other than |ASN1_TIME|, these correspond to universal +// ASN.1 types. |ASN1_TIME| represents a CHOICE of UTCTime and GeneralizedTime, +// with a cutoff of 2049, as used in Section 4.1.2.5 of RFC 5280. +// +// For clarity, callers are encouraged to use the appropriate typedef when +// available. They are the same type as |ASN1_STRING|, so a caller may freely +// pass them into functions expecting |ASN1_STRING|, such as +// |ASN1_STRING_length|. +// +// If a function returns an |ASN1_STRING| where the typedef or ASN.1 structure +// implies constraints on the type field, callers may assume that the type field +// is correct. However, if a function takes an |ASN1_STRING| as input, callers +// must ensure the type field matches. These invariants are not captured by the +// C type system and may not be checked at runtime. For example, callers may +// assume the output of |X509_get0_serialNumber| has type |V_ASN1_INTEGER| or +// |V_ASN1_NEG_INTEGER|. Callers must not pass a string of type +// |V_ASN1_OCTET_STRING| to |X509_set_serialNumber|. Doing so may break +// invariants on the |X509| object and break the |X509_get0_serialNumber| +// invariant. +// +// TODO(davidben): This is very unfriendly. Getting the type field wrong should +// not cause memory errors, but it may do strange things. We should add runtime +// checks to anything that consumes |ASN1_STRING|s from the caller. +struct asn1_string_st { + int length; + int type; + unsigned char *data; + long flags; +}; + +// ASN1_STRING_FLAG_BITS_LEFT indicates, in a BIT STRING |ASN1_STRING|, that +// flags & 0x7 contains the number of padding bits added to the BIT STRING +// value. When not set, all trailing zero bits in the last byte are implicitly +// treated as padding. This behavior is deprecated and should not be used. +#define ASN1_STRING_FLAG_BITS_LEFT 0x08 + +// ASN1_STRING_FLAG_MSTRING indicates that the |ASN1_STRING| is an MSTRING type, +// which is how this library refers to a CHOICE type of several string types. +// For example, DirectoryString as defined in RFC5280. +// +// TODO(davidben): This is only used in one place within the library and is easy +// to accidentally drop. Can it be removed? +#define ASN1_STRING_FLAG_MSTRING 0x040 + +// ASN1_STRING_type_new returns a newly-allocated empty |ASN1_STRING| object of +// type |type|, or NULL on error. +OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_type_new(int type); + +// ASN1_STRING_new returns a newly-allocated empty |ASN1_STRING| object with an +// arbitrary type. Prefer one of the type-specific constructors, such as +// |ASN1_OCTET_STRING_new|, or |ASN1_STRING_type_new|. +OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_new(void); + +// ASN1_STRING_free releases memory associated with |str|. +OPENSSL_EXPORT void ASN1_STRING_free(ASN1_STRING *str); + +// ASN1_STRING_copy sets |dst| to a copy of |str|. It returns one on success and +// zero on error. +OPENSSL_EXPORT int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); + +// ASN1_STRING_dup returns a newly-allocated copy of |str|, or NULL on error. +OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str); + +// ASN1_STRING_type returns the type of |str|. This value will be one of the +// |V_ASN1_*| constants. +OPENSSL_EXPORT int ASN1_STRING_type(const ASN1_STRING *str); + +// ASN1_STRING_get0_data returns a pointer to |str|'s contents. Callers should +// use |ASN1_STRING_length| to determine the length of the string. The string +// may have embedded NUL bytes and may not be NUL-terminated. +OPENSSL_EXPORT const unsigned char *ASN1_STRING_get0_data( + const ASN1_STRING *str); + +// ASN1_STRING_data returns a mutable pointer to |str|'s contents. Callers +// should use |ASN1_STRING_length| to determine the length of the string. The +// string may have embedded NUL bytes and may not be NUL-terminated. +// +// Prefer |ASN1_STRING_get0_data|. +OPENSSL_EXPORT unsigned char *ASN1_STRING_data(ASN1_STRING *str); + +// ASN1_STRING_length returns the length of |str|, in bytes. +OPENSSL_EXPORT int ASN1_STRING_length(const ASN1_STRING *str); + +// ASN1_STRING_cmp compares |a| and |b|'s type and contents. It returns an +// integer equal to, less than, or greater than zero if |a| is equal to, less +// than, or greater than |b|, respectively. The comparison is suitable for +// sorting, but callers should not rely on the particular comparison. +// +// Note if |a| or |b| are BIT STRINGs, this function does not compare the +// |ASN1_STRING_FLAG_BITS_LEFT| flags. +// +// TODO(davidben): The BIT STRING comparison seems like a bug. Fix it? +OPENSSL_EXPORT int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); + +// ASN1_STRING_set sets the contents of |str| to a copy of |len| bytes from +// |data|. It returns one on success and zero on error. +OPENSSL_EXPORT int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); + +// ASN1_STRING_set0 sets the contents of |str| to |len| bytes from |data|. It +// takes ownership of |data|, which must have been allocated with +// |OPENSSL_malloc|. +OPENSSL_EXPORT void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); + +// TODO(davidben): Pull up and document functions specific to individual string +// types. + + +// Underdocumented functions. +// +// The following functions are not yet documented and organized. + // For use with d2i_ASN1_type_bytes() #define B_ASN1_NUMERICSTRING 0x0001 #define B_ASN1_PRINTABLESTRING 0x0002 @@ -177,23 +366,6 @@ struct asn1_object_st { DEFINE_STACK_OF(ASN1_OBJECT) -#define ASN1_STRING_FLAG_BITS_LEFT 0x08 // Set if 0x07 has bits left value - -// This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING -// type. -#define ASN1_STRING_FLAG_MSTRING 0x040 -// This is the base type that holds just about everything :-) -struct asn1_string_st { - int length; - int type; - unsigned char *data; - // The value of the following field depends on the type being - // held. It is mostly being used for BIT_STRING so if the - // input data has a non-zero 'unused bits' value, it will be - // handled correctly - long flags; -}; - // ASN1_ENCODING structure: this is used to save the received // encoding of an ASN1 type. This is useful to get round // problems with invalid encodings which can break signatures. @@ -543,60 +715,6 @@ DECLARE_ASN1_ITEM(ASN1_OBJECT) DECLARE_ASN1_SET_OF(ASN1_OBJECT) -// ASN1_STRING_new returns a newly-allocated empty |ASN1_STRING| object with an -// arbitrary type. Prefer one of the type-specific constructors, such as -// |ASN1_OCTET_STRING_new|. -OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_new(void); - -// ASN1_STRING_free releases memory associated with |str|. -OPENSSL_EXPORT void ASN1_STRING_free(ASN1_STRING *str); - -// ASN1_STRING_copy sets |dst| to a copy of |str|. It returns one on success and -// zero on error. -OPENSSL_EXPORT int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); - -// ASN1_STRING_dup returns a newly-allocated copy of |str|, or NULL on error. -OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str); - -// ASN1_STRING_type_new returns a newly-allocated empty |ASN1_STRING| object of -// type |type|, or NULL on error. -OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_type_new(int type); - -// ASN1_STRING_cmp compares |a| and |b|'s type and contents. It returns an -// integer equal to, less than, or greater than zero if |a| is equal to, less -// than, or greater than |b|, respectively. The comparison is suitable for -// sorting, but callers should not rely on the particular comparison. -// -// Note if |a| or |b| are BIT STRINGs, this function does not compare the -// |ASN1_STRING_FLAG_BITS_LEFT| flags. -// -// TODO(davidben): The BIT STRING comparison seems like a bug. Fix it? -OPENSSL_EXPORT int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); - -// ASN1_STRING_set sets the contents of |str| to a copy of |len| bytes from -// |data|. It returns one on success and zero on error. -OPENSSL_EXPORT int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); - -// ASN1_STRING_set0 sets the contents of |str| to |len| bytes from |data|. It -// takes ownership of |data|, which must have been allocated with -// |OPENSSL_malloc|. -OPENSSL_EXPORT void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); - -// ASN1_STRING_length returns the length of |str|, in bytes. -OPENSSL_EXPORT int ASN1_STRING_length(const ASN1_STRING *str); - -// ASN1_STRING_type returns the type of |str|. This value will be one of the -// |V_ASN1_*| constants. -OPENSSL_EXPORT int ASN1_STRING_type(const ASN1_STRING *str); - -// ASN1_STRING_data returns a mutable pointer to |str|'s contents. Prefer -// |ASN1_STRING_get0_data|. -OPENSSL_EXPORT unsigned char *ASN1_STRING_data(ASN1_STRING *str); - -// ASN1_STRING_get0_data returns a pointer to |str|'s contents. -OPENSSL_EXPORT const unsigned char *ASN1_STRING_get0_data( - const ASN1_STRING *str); - DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) OPENSSL_EXPORT int i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *a, unsigned char **pp); From 635ba28bc2bcf2ea7f86c525bc8fd266d62a7758 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 23 Nov 2020 13:30:27 -0800 Subject: [PATCH 296/399] Fix linker errors when *ring* is incorporated into a (32-bit Android) ARM shared library. commit 8a90093cccf60bd2aaf582fe7e56c0b0eff9b002 regressed the ability to incorporate *ring* into a 32-bit ARM shared library, on 32-bit Android at least. The symbol needs to be declared `.protected`. Not all assemblers (notably, Apple's) understand `.protected`, so use `.hidden`, which implies `.protected`. Additionally explicitly declare them as `.extern` even though this isn't required by the assembler. --- crypto/chacha/asm/chacha-armv4.pl | 2 ++ crypto/fipsmodule/bn/asm/armv4-mont.pl | 2 ++ crypto/fipsmodule/sha/asm/sha256-armv4.pl | 2 ++ crypto/fipsmodule/sha/asm/sha512-armv4.pl | 2 ++ crypto/fipsmodule/sha/asm/sha512-armv8.pl | 1 + 5 files changed, 9 insertions(+) diff --git a/crypto/chacha/asm/chacha-armv4.pl b/crypto/chacha/asm/chacha-armv4.pl index f8a0a99c6c..90fa2c777b 100755 --- a/crypto/chacha/asm/chacha-armv4.pl +++ b/crypto/chacha/asm/chacha-armv4.pl @@ -197,6 +197,8 @@ sub ROUND { .Lone: .long 1,0,0,0 #if __ARM_MAX_ARCH__>=7 +.extern GFp_armcap_P +.hidden GFp_armcap_P .LOPENSSL_armcap: .word GFp_armcap_P-.LChaCha20_ctr32 #else diff --git a/crypto/fipsmodule/bn/asm/armv4-mont.pl b/crypto/fipsmodule/bn/asm/armv4-mont.pl index 3d709f29ef..dbc28b51d4 100644 --- a/crypto/fipsmodule/bn/asm/armv4-mont.pl +++ b/crypto/fipsmodule/bn/asm/armv4-mont.pl @@ -112,6 +112,8 @@ #endif #if __ARM_MAX_ARCH__>=7 +.extern GFp_armcap_P +.hidden GFp_armcap_P .align 5 .LOPENSSL_armcap: .word GFp_armcap_P-.Lbn_mul_mont diff --git a/crypto/fipsmodule/sha/asm/sha256-armv4.pl b/crypto/fipsmodule/sha/asm/sha256-armv4.pl index 4a962e645d..d8661a0911 100644 --- a/crypto/fipsmodule/sha/asm/sha256-armv4.pl +++ b/crypto/fipsmodule/sha/asm/sha256-armv4.pl @@ -218,6 +218,8 @@ sub BODY_16_XX { .size K256,.-K256 .word 0 @ terminator #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) +.extern GFp_armcap_P +.hidden GFp_armcap_P .LOPENSSL_armcap: .word GFp_armcap_P-.Lsha256_block_data_order #endif diff --git a/crypto/fipsmodule/sha/asm/sha512-armv4.pl b/crypto/fipsmodule/sha/asm/sha512-armv4.pl index e44ed4fb31..21c7ebddba 100644 --- a/crypto/fipsmodule/sha/asm/sha512-armv4.pl +++ b/crypto/fipsmodule/sha/asm/sha512-armv4.pl @@ -278,6 +278,8 @@ () WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817) .size K512,.-K512 #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) +.extern GFp_armcap_P +.hidden GFp_armcap_P .LOPENSSL_armcap: .word GFp_armcap_P-.Lsha512_block_data_order .skip 32-4 diff --git a/crypto/fipsmodule/sha/asm/sha512-armv8.pl b/crypto/fipsmodule/sha/asm/sha512-armv8.pl index f604ffa1de..bb80b7c96b 100644 --- a/crypto/fipsmodule/sha/asm/sha512-armv8.pl +++ b/crypto/fipsmodule/sha/asm/sha512-armv8.pl @@ -179,6 +179,7 @@ sub BODY_00_xx { .text .extern GFp_armcap_P +.hidden GFp_armcap_P .globl $func .type $func,%function .align 6 From 6c0346954bdf52a2327cecde0c23c2fd3c5bd737 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 23 Nov 2020 14:23:13 -0800 Subject: [PATCH 297/399] 0.16.17. --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 9a1d790826..4c262e694c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,7 @@ license-file = "LICENSE" name = "ring" readme = "doc/link-to-readme.md" repository = "https://github.com/briansmith/ring" -version = "0.16.16" +version = "0.16.17" # Prevent multiple versions of *ring* from being linked into the same program. links = "ring-asm" From 9ddb7667b3fb54341d99640bb1404f91434f7961 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 23 Nov 2020 15:43:21 -0800 Subject: [PATCH 298/399] CI/CD: Group entries in mk/cargo.sh correctly. The blank lines were not in the right place to group the related variables sensibly. Fix that. --- mk/cargo.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/mk/cargo.sh b/mk/cargo.sh index c55083f03e..51786e37fb 100755 --- a/mk/cargo.sh +++ b/mk/cargo.sh @@ -23,17 +23,18 @@ fi export CC_aarch64_linux_android=aarch64-linux-android21-clang export CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang -export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc +export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="qemu-aarch64 -L /usr/aarch64-linux-gnu" -export CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc +export CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER="qemu-arm -L /usr/arm-linux-gnueabihf" -export CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang +export CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang export CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang + export CC_i686_unknown_linux_gnu=clang export CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang From 617cb54caa4efb314b3c0f556d649d55ffdd951d Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 23 Nov 2020 18:31:08 -0800 Subject: [PATCH 299/399] CI/CD: Fix typo in i686-unknown-linux-musl linker setting. The linker wasn't getting overridden but things still worked because the system linker works fine in this case. --- mk/cargo.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mk/cargo.sh b/mk/cargo.sh index 51786e37fb..a5faee9765 100755 --- a/mk/cargo.sh +++ b/mk/cargo.sh @@ -39,7 +39,7 @@ export CC_i686_unknown_linux_gnu=clang export CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang export CC_i686_unknown_linux_musl=clang -export CARGO_TARGET_i686_UNKNOWN_LINUX_MUSL_LINKER=clang +export CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang export CC_x86_64_unknown_linux_musl=clang export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang From ab27f3fe1c868d6579600d11aeb1093e3ddd4152 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 23 Nov 2020 18:36:18 -0800 Subject: [PATCH 300/399] CI/CD: use the correct `ar` for each target. --- mk/cargo.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/mk/cargo.sh b/mk/cargo.sh index a5faee9765..03c36644bd 100755 --- a/mk/cargo.sh +++ b/mk/cargo.sh @@ -22,26 +22,33 @@ if [ -n "${ANDROID_SDK_ROOT-}" ]; then fi export CC_aarch64_linux_android=aarch64-linux-android21-clang +export AR_aarch64_linux_android=aarch64-linux-android-ar export CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc +export AR_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc-ar export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="qemu-aarch64 -L /usr/aarch64-linux-gnu" export CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc +export AR_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc-ar export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER="qemu-arm -L /usr/arm-linux-gnueabihf" export CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang +export AR_armv7_linux_androideabi=arm-linux-androideabi-ar export CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang export CC_i686_unknown_linux_gnu=clang +export AR_i686_unknown_linux_gnu=llvm-ar export CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang export CC_i686_unknown_linux_musl=clang +export AR_i686_unknown_linux_musl=llvm-ar export CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang export CC_x86_64_unknown_linux_musl=clang +export AR_x86_64_unknown_linux_musl=llvm-ar export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang # The first two are only needed for when the "wasm_c" feature is enabled. From 09b6052a1c55131858846b1d7daff19facc07e49 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 23 Nov 2020 20:45:21 -0800 Subject: [PATCH 301/399] CI/CD: Don't put Android's tools in `$PATH` for non-Android targets. Android has its own `clang`, `llvm-ar`, etc., and if they are in `$PATH` then they might accidentally get used when it isn't intended for them to be used. As part of this, reduce the environment variables that are set to (almost) only the ones needed for the given target. An exception is wasm32-unknown-unknown, which has its variables set even regardless of whether "wasm32_c" is used. --- mk/cargo.sh | 88 +++++++++++++++++++++++---------------- mk/install-build-tools.sh | 1 + 2 files changed, 54 insertions(+), 35 deletions(-) diff --git a/mk/cargo.sh b/mk/cargo.sh index 03c36644bd..802bf50e56 100755 --- a/mk/cargo.sh +++ b/mk/cargo.sh @@ -17,43 +17,61 @@ set -eux -o pipefail IFS=$'\n\t' +# Avoid putting the Android tools in `$PATH` because there are tools in this +# directory like `clang` that would conflict with the same-named tools that may +# be needed to compile the build script, or to compile for other targets. if [ -n "${ANDROID_SDK_ROOT-}" ]; then - export PATH=${ANDROID_SDK_ROOT}/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/bin:$PATH + android_tools=$ANDROID_SDK_ROOT/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/bin fi -export CC_aarch64_linux_android=aarch64-linux-android21-clang -export AR_aarch64_linux_android=aarch64-linux-android-ar -export CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang - -export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc -export AR_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc-ar -export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc -export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="qemu-aarch64 -L /usr/aarch64-linux-gnu" - -export CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc -export AR_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc-ar -export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc -export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER="qemu-arm -L /usr/arm-linux-gnueabihf" - -export CC_armv7_linux_androideabi=armv7a-linux-androideabi18-clang -export AR_armv7_linux_androideabi=arm-linux-androideabi-ar -export CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=armv7a-linux-androideabi18-clang - -export CC_i686_unknown_linux_gnu=clang -export AR_i686_unknown_linux_gnu=llvm-ar -export CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang - -export CC_i686_unknown_linux_musl=clang -export AR_i686_unknown_linux_musl=llvm-ar -export CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang - -export CC_x86_64_unknown_linux_musl=clang -export AR_x86_64_unknown_linux_musl=llvm-ar -export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang - -# The first two are only needed for when the "wasm_c" feature is enabled. -export CC_wasm32_unknown_unknown=clang-10 -export AR_wasm32_unknown_unknown=llvm-ar-10 -export CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_RUNNER=wasm-bindgen-test-runner +for arg in $*; do + case $arg in + --target=aarch64-linux-android) + export CC_aarch64_linux_android=$android_tools/aarch64-linux-android21-clang + export AR_aarch64_linux_android=$android_tools/aarch64-linux-android-ar + export CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=$android_tools/aarch64-linux-android21-clang + ;; + --target=aarch64-unknown-linux-gnu) + export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc + export AR_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc-ar + export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc + export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="qemu-aarch64 -L /usr/aarch64-linux-gnu" + ;; + --target=arm-unknown-linux-gnueabihf) + export CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc + export AR_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc-ar + export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc + export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER="qemu-arm -L /usr/arm-linux-gnueabihf" + ;; + --target=armv7-linux-androideabi) + export CC_armv7_linux_androideabi=$android_tools/armv7a-linux-androideabi18-clang + export AR_armv7_linux_androideabi=$android_tools/arm-linux-androideabi-ar + export CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=$android_tools/armv7a-linux-androideabi18-clang + ;; + --target=i686-unknown-linux-gnu) + export CC_i686_unknown_linux_gnu=clang + export AR_i686_unknown_linux_gnu=llvm-ar + export CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang + ;; + --target=i686-unknown-linux-musl) + export CC_i686_unknown_linux_musl=clang + export AR_i686_unknown_linux_musl=llvm-ar + export CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang + ;; + --target=x86_64-unknown-linux-musl) + export CC_x86_64_unknown_linux_musl=clang + export AR_x86_64_unknown_linux_musl=llvm-ar + export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang + ;; + --target=wasm32-unknown-unknown) + # The first two are only needed for when the "wasm_c" feature is enabled. + export CC_wasm32_unknown_unknown=clang + export AR_wasm32_unknown_unknown=llvm-ar + export CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_RUNNER=wasm-bindgen-test-runner + ;; + *) + ;; + esac +done cargo "$@" diff --git a/mk/install-build-tools.sh b/mk/install-build-tools.sh index ca4a794487..2481241d38 100755 --- a/mk/install-build-tools.sh +++ b/mk/install-build-tools.sh @@ -55,6 +55,7 @@ case $target in libc6-dev-i386 ;; --target=wasm32-unknown-unknown) + # The "wasm_c" feature requires clang and llvm packages. cargo install wasm-bindgen-cli --vers "0.2.68" --bin wasm-bindgen-test-runner case ${features-} in *wasm32_c*) From 0b3cf2df06d6b8e18384f655dbbe9084cd05db6a Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 23 Nov 2020 21:25:20 -0800 Subject: [PATCH 302/399] CI/CD: When using Clang for non-Android targets, always use Clang 10. It seems that on GitHub Actions Clang 6.0 is the default. --- mk/cargo.sh | 22 +++++++++++----------- mk/install-build-tools.sh | 16 ++++++++++------ 2 files changed, 21 insertions(+), 17 deletions(-) diff --git a/mk/cargo.sh b/mk/cargo.sh index 802bf50e56..c200d052d9 100755 --- a/mk/cargo.sh +++ b/mk/cargo.sh @@ -49,24 +49,24 @@ for arg in $*; do export CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=$android_tools/armv7a-linux-androideabi18-clang ;; --target=i686-unknown-linux-gnu) - export CC_i686_unknown_linux_gnu=clang - export AR_i686_unknown_linux_gnu=llvm-ar - export CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang + export CC_i686_unknown_linux_gnu=clang-10 + export AR_i686_unknown_linux_gnu=llvm-ar-10 + export CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 ;; --target=i686-unknown-linux-musl) - export CC_i686_unknown_linux_musl=clang - export AR_i686_unknown_linux_musl=llvm-ar - export CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang + export CC_i686_unknown_linux_musl=clang-10 + export AR_i686_unknown_linux_musl=llvm-ar-10 + export CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-10 ;; --target=x86_64-unknown-linux-musl) - export CC_x86_64_unknown_linux_musl=clang - export AR_x86_64_unknown_linux_musl=llvm-ar - export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang + export CC_x86_64_unknown_linux_musl=clang-10 + export AR_x86_64_unknown_linux_musl=llvm-ar-10 + export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang-10 ;; --target=wasm32-unknown-unknown) # The first two are only needed for when the "wasm_c" feature is enabled. - export CC_wasm32_unknown_unknown=clang - export AR_wasm32_unknown_unknown=llvm-ar + export CC_wasm32_unknown_unknown=clang-10 + export AR_wasm32_unknown_unknown=llvm-ar-10 export CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_RUNNER=wasm-bindgen-test-runner ;; *) diff --git a/mk/install-build-tools.sh b/mk/install-build-tools.sh index 2481241d38..da464feacf 100755 --- a/mk/install-build-tools.sh +++ b/mk/install-build-tools.sh @@ -24,6 +24,7 @@ function install_packages { sudo apt-get -yq --no-install-suggests --no-install-recommends install "$@" } +use_clang= case $target in --target*android*) mkdir -p "${ANDROID_SDK_ROOT}/licenses" @@ -50,20 +51,19 @@ case $target in ;; --target=i686-unknown-linux-gnu|--target=i686-unknown-linux-musl) # TODO: musl i686 shouldn't be using gcc-multilib or libc6-dev-i386. + use_clang=1 install_packages \ gcc-multilib \ libc6-dev-i386 ;; +--target=x86_64-unknown-linux-musl) + use_clang=1 + ;; --target=wasm32-unknown-unknown) - # The "wasm_c" feature requires clang and llvm packages. cargo install wasm-bindgen-cli --vers "0.2.68" --bin wasm-bindgen-test-runner case ${features-} in *wasm32_c*) - # "wasm_c" has only been tested with clang-10 and llvm-ar-10. The build - # will fail when using some older versions. - install_packages \ - clang-10 \ - llvm-10 + use_clang=1 ;; *) ;; @@ -72,3 +72,7 @@ case $target in --target=*) ;; esac + +if [ -n "$use_clang" ]; then + install_packages clang-10 llvm-10 +fi From 5efd675f51df5dbb3f2c04ceb0830d532252b179 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 24 Nov 2020 00:29:10 -0800 Subject: [PATCH 303/399] Fix BSD `--no-default-features` build. `once_cell` is a required, not optional, dependency, on these platforms. --- Cargo.toml | 5 +++-- src/rand.rs | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 4c262e694c..be20e41a7e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -304,10 +304,11 @@ spin = { version = "0.5.2", default-features = false } [target.'cfg(any(target_os = "android", target_os = "linux"))'.dependencies] libc = { version = "0.2.69", default-features = false } - -[target.'cfg(any(target_os = "android", target_os = "freebsd", target_os = "linux", target_os = "netbsd", target_os = "openbsd", target_os = "solaris", target_os = "illumos"))'.dependencies] once_cell = { version = "1.5.2", default-features = false, features=["std"], optional = true } +[target.'cfg(any(target_os = "freebsd", target_os = "illumos", target_os = "netbsd", target_os = "openbsd", target_os = "solaris"))'.dependencies] +once_cell = { version = "1.5.2", default-features = false, features=["std"] } + [target.'cfg(all(target_arch = "wasm32", target_vendor = "unknown", target_os = "unknown", target_env = ""))'.dependencies] web-sys = { version = "0.3.37", default-features = false, features = ["Crypto", "Window"] } diff --git a/src/rand.rs b/src/rand.rs index 17f9cd1d10..6957952db0 100644 --- a/src/rand.rs +++ b/src/rand.rs @@ -181,10 +181,10 @@ use self::sysrand_or_urandom::fill as fill_impl; #[cfg(any( target_os = "freebsd", + target_os = "illumos", target_os = "netbsd", target_os = "openbsd", target_os = "solaris", - target_os = "illumos" ))] use self::urandom::fill as fill_impl; From 7bac7256793ff90154c3ab0fe230e9c866d0a2c3 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 23 Nov 2020 15:42:28 -0800 Subject: [PATCH 304/399] Allow cross-compiling to *-linux-musl (except x86_64) w/o a sysroot. Avoid requiring a sysroot for *-linux-musl targets when using Clang. Add one AAarch64 and one 32-bit ARM MUSL target to GitHub Actions. Use Rust 1.48's `-Clink-self-contained=yes` in CI for musl targets. Support the non-default variants of the *-musl targets. --- .github/workflows/ci.yml | 10 ++++++++++ README.md | 37 +++++++++++++++++++------------------ build.rs | 18 +++++++++++++++--- include/GFp/check.h | 14 +++++++++++--- mk/cargo.sh | 16 ++++++++++++++++ mk/install-build-tools.sh | 10 +++++++--- 6 files changed, 78 insertions(+), 27 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 865072e1b3..d5f9e346a6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -91,8 +91,10 @@ jobs: - aarch64-apple-darwin - aarch64-linux-android - aarch64-unknown-linux-gnu + - aarch64-unknown-linux-musl - arm-unknown-linux-gnueabihf - armv7-linux-androideabi + - armv7-unknown-linux-musleabihf - i686-pc-windows-msvc - i686-unknown-linux-gnu - i686-unknown-linux-musl @@ -140,6 +142,9 @@ jobs: - target: aarch64-unknown-linux-gnu host_os: ubuntu-18.04 + - target: aarch64-unknown-linux-musl + host_os: ubuntu-18.04 + - target: arm-unknown-linux-gnueabihf host_os: ubuntu-18.04 @@ -148,6 +153,11 @@ jobs: # TODO: https://github.com/briansmith/ring/issues/838 cargo_options: --no-run + - target: armv7-unknown-linux-musleabihf + host_os: ubuntu-18.04 + # TODO: https://github.com/briansmith/ring/issues/1115 + cargo_options: --no-run + - target: i686-pc-windows-msvc host_os: windows-latest diff --git a/README.md b/README.md index ba68194d11..47ae07be03 100644 --- a/README.md +++ b/README.md @@ -204,24 +204,25 @@ and release configurations, for the current release of each Rust channel parts of *ring*; *ring* should be compatible with GCC 4.8+, Clang 10+, and MSVC 2019+, at least. -| Target | Notes | -| -----------------------------| ----- | -| aarch64-apple-darwin | Build-only (GitHub Actions doesn't have a way to run the tests) -| aarch64-apple-ios | Build-only (GitHub Actions doesn't have a way to run the tests) -| aarch64-unknown-linux-gnu | Tested on 64-bit Linux using QEMU user emulation -| aarch64-linux-android | API level 21 (Android 5.0+); [Build-only; issue 486](https://github.com/briansmith/ring/issues/486) -| arm-unknown-linux-gnueabihf | Tested on 64-bit Linux using QEMU user emulation -| armv7-linux-androideabi | API level 18 (Android 4.3+); [Build-only; issue 838](https://github.com/briansmith/ring/issues/838) -| i686-pc-windows-msvc | Tested on 64-bit Windows Server 2019 Datacenter -| i686-unknown-linux-gnu | Tested on 64-bit Linux using multilib support -| i686-unknown-linux-musl | [Needs more work; issue 713](https://github.com/briansmith/ring/issues/713) -| x86_64-apple-darwin | -| x86_64-pc-windows-gnu | -| x86_64-pc-windows-msvc | Tested on 64-bit Windows Server 2019 Datacenter -| x86_64-unknown-linux-gnu | -| x86_64-unknown-linux-musl | [Needs more work; issue 713](https://github.com/briansmith/ring/issues/713) -| wasm32-unknown-unknown | Tested using wasm-bindgen-test-runner on Linux in Chrome and Firefox. - +| Target | Notes | +| -------------------------------| ----- | +| aarch64-apple-darwin | Build-only (GitHub Actions doesn't have a way to run the tests) +| aarch64-apple-ios | Build-only (GitHub Actions doesn't have a way to run the tests) +| aarch64-unknown-linux-gnu | Tested on 64-bit Linux using QEMU user emulation +| aarch64-unknown-linux-musl | Tested on 64-bit Linux using QEMU user emulation. [Needs more work; issue 713](https://github.com/briansmith/ring/issues/713) +| aarch64-linux-android | API level 21 (Android 5.0+); [Build-only; issue 486](https://github.com/briansmith/ring/issues/486) +| arm-unknown-linux-gnueabihf | Tested on 64-bit Linux using QEMU user emulation +| armv7-linux-androideabi | API level 18 (Android 4.3+); [Build-only; issue 838](https://github.com/briansmith/ring/issues/838) +| armv7-unknown-linux-musleabihf | Tested on 64-bit Linux using QEMU user emulation. [Needs more work; issue 713](https://github.com/briansmith/ring/issues/713) +| i686-pc-windows-msvc | Tested on 64-bit Windows Server 2019 Datacenter +| i686-unknown-linux-gnu | Tested on 64-bit Linux using multilib support +| i686-unknown-linux-musl | Tested on 64-bit Linux using multilib support. [Needs more work; issue 713](https://github.com/briansmith/ring/issues/713) +| x86_64-apple-darwin | +| x86_64-pc-windows-gnu | +| x86_64-pc-windows-msvc | Tested on 64-bit Windows Server 2019 Datacenter +| x86_64-unknown-linux-gnu | +| x86_64-unknown-linux-musl | [Needs more work; issue 713](https://github.com/briansmith/ring/issues/713) +| wasm32-unknown-unknown | Tested using wasm-bindgen-test-runner on Linux in Chrome and Firefox. License ------- diff --git a/build.rs b/build.rs index 5a5e8047d0..3488138dd2 100644 --- a/build.rs +++ b/build.rs @@ -545,6 +545,8 @@ fn cc( warnings_are_errors: bool, out_dir: &Path, ) -> Command { + let is_musl = target.env.starts_with("musl"); + let mut c = cc::Build::new(); let _ = c.include("include"); match ext { @@ -591,8 +593,18 @@ fn cc( } } - if (target.arch.as_str(), target.os.as_str()) == ("wasm32", "unknown") { - let _ = c.flag("--no-standard-libraries"); + // Allow cross-compiling without a target sysroot for these targets. + // + // poly1305_vec.c requires which requires . + if (target.arch == "wasm32" && target.os == "unknown") + || (target.os == "linux" && is_musl && target.arch != "x86_64") + { + if let Ok(compiler) = c.try_get_compiler() { + // TODO: Expand this to non-clang compilers in 0.17.0 if practical. + if compiler.is_like_clang() { + let _ = c.flag("-nostdlibinc"); + } + } } if warnings_are_errors { @@ -603,7 +615,7 @@ fn cc( }; let _ = c.flag(flag); } - if &target.env == "musl" { + if is_musl { // Some platforms enable _FORTIFY_SOURCE by default, but musl // libc doesn't support it yet. See // http://wiki.musl-libc.org/wiki/Future_Ideas#Fortify diff --git a/include/GFp/check.h b/include/GFp/check.h index cf44db834d..7f389dd9eb 100644 --- a/include/GFp/check.h +++ b/include/GFp/check.h @@ -17,12 +17,20 @@ // |debug_assert_nonsecret| is like |assert| and should be used (only) when the // assertion does not have any potential to leak a secret. |NDEBUG| controls this -// exactly like |assert|. It is emulated for WebAssembly so that is -// not required for it. +// exactly like |assert|. It is emulated when there is no assert.h to make +// cross-building easier. // // When reviewing uses of |debug_assert_nonsecret|, verify that the check // really does not have potential to leak a secret. -#if !defined(__wasm__) +#define GFp_HAS_ASSERT_H + +#if defined(__has_include) +# if !__has_include() +# undef GFp_HAS_ASSERT_H +# endif +#endif + +#if defined(GFp_HAS_ASSERT_H) # include # define debug_assert_nonsecret(x) assert(x) #else diff --git a/mk/cargo.sh b/mk/cargo.sh index c200d052d9..5df41ca292 100755 --- a/mk/cargo.sh +++ b/mk/cargo.sh @@ -17,6 +17,10 @@ set -eux -o pipefail IFS=$'\n\t' +rustflags_self_contained="-Clink-self-contained=yes -Clinker=rust-lld" +qemu_aarch64="qemu-aarch64 -L /usr/aarch64-linux-gnu" +qemu_arm="qemu-arm -L /usr/arm-linux-gnueabihf" + # Avoid putting the Android tools in `$PATH` because there are tools in this # directory like `clang` that would conflict with the same-named tools that may # be needed to compile the build script, or to compile for other targets. @@ -37,6 +41,12 @@ for arg in $*; do export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="qemu-aarch64 -L /usr/aarch64-linux-gnu" ;; + --target=aarch64-unknown-linux-musl) + export CC_aarch64_unknown_linux_musl=clang-10 + export AR_aarch64_unknown_linux_musl=llvm-ar-10 + export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUSTFLAGS="$rustflags_self_contained" + export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUNNER="$qemu_aarch64" + ;; --target=arm-unknown-linux-gnueabihf) export CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc export AR_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc-ar @@ -48,6 +58,12 @@ for arg in $*; do export AR_armv7_linux_androideabi=$android_tools/arm-linux-androideabi-ar export CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=$android_tools/armv7a-linux-androideabi18-clang ;; + --target=armv7-unknown-linux-musleabihf) + export CC_armv7_unknown_linux_musleabihf=clang-10 + export AR_armv7_unknown_linux_musleabihf=llvm-ar-10 + export CARGO_TARGET_ARMV7_UNKNOWN_LINUX_MUSLEABIHF_RUSTFLAGS="$rustflags_self_contained" + export CARGO_TARGET_ARMV7_UNKNOWN_LINUX_MUSLEABIHF_RUNNER="$qemu_arm" + ;; --target=i686-unknown-linux-gnu) export CC_i686_unknown_linux_gnu=clang-10 export AR_i686_unknown_linux_gnu=llvm-ar-10 diff --git a/mk/install-build-tools.sh b/mk/install-build-tools.sh index da464feacf..d6164abb61 100755 --- a/mk/install-build-tools.sh +++ b/mk/install-build-tools.sh @@ -43,20 +43,24 @@ case $target in gcc-aarch64-linux-gnu \ libc6-dev-arm64-cross ;; +--target=aarch64-unknown-linux-musl|--target=armv7-unknown-linux-musleabihf) + use_clang=1 + install_packages \ + qemu-user + ;; --target=arm-unknown-linux-gnueabihf) install_packages \ qemu-user \ gcc-arm-linux-gnueabihf \ libc6-dev-armhf-cross ;; ---target=i686-unknown-linux-gnu|--target=i686-unknown-linux-musl) - # TODO: musl i686 shouldn't be using gcc-multilib or libc6-dev-i386. +--target=i686-unknown-linux-gnu) use_clang=1 install_packages \ gcc-multilib \ libc6-dev-i386 ;; ---target=x86_64-unknown-linux-musl) +--target=i686-unknown-linux-musl|--target=x86_64-unknown-linux-musl) use_clang=1 ;; --target=wasm32-unknown-unknown) From 034bfe71437c3844ac2fefee46d5c76e2cc2a045 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 23 Nov 2020 21:20:47 -0800 Subject: [PATCH 305/399] Avoid opportunistically including system header files. Don't use the presence of a header to determine whether to include it. Instead, communicate from build.rs whether system header files should be used. --- build.rs | 1 + crypto/internal.h | 16 +++------------- include/GFp/check.h | 9 +-------- 3 files changed, 5 insertions(+), 21 deletions(-) diff --git a/build.rs b/build.rs index 3488138dd2..e62feb1a7f 100644 --- a/build.rs +++ b/build.rs @@ -603,6 +603,7 @@ fn cc( // TODO: Expand this to non-clang compilers in 0.17.0 if practical. if compiler.is_like_clang() { let _ = c.flag("-nostdlibinc"); + let _ = c.define("GFp_NOSTDLIBINC", "1"); } } } diff --git a/crypto/internal.h b/crypto/internal.h index 8f3ea09730..1877bec7f6 100644 --- a/crypto/internal.h +++ b/crypto/internal.h @@ -259,22 +259,12 @@ static inline uint32_t CRYPTO_bswap4(uint32_t x) { } #endif -// Assume we have unless we can detect otherwise. The -// targets that don't have string.h do have `__has_include`. -#define GFp_HAS_STRING_H - -#if defined(__has_include) -# if !__has_include() -# undef GFp_HAS_STRING_H -# endif -#endif - -#if defined(GFp_HAS_STRING_H) +#if !defined(GFp_NOSTDLIBINC) #include #endif static inline void *GFp_memcpy(void *dst, const void *src, size_t n) { -#if defined(GFp_HAS_STRING_H) +#if !defined(GFp_NOSTDLIBINC) if (n == 0) { return dst; } @@ -290,7 +280,7 @@ static inline void *GFp_memcpy(void *dst, const void *src, size_t n) { } static inline void *GFp_memset(void *dst, int c, size_t n) { -#if defined(GFp_HAS_STRING_H) +#if !defined(GFp_NOSTDLIBINC) if (n == 0) { return dst; } diff --git a/include/GFp/check.h b/include/GFp/check.h index 7f389dd9eb..4bd257ca35 100644 --- a/include/GFp/check.h +++ b/include/GFp/check.h @@ -22,15 +22,8 @@ // // When reviewing uses of |debug_assert_nonsecret|, verify that the check // really does not have potential to leak a secret. -#define GFp_HAS_ASSERT_H -#if defined(__has_include) -# if !__has_include() -# undef GFp_HAS_ASSERT_H -# endif -#endif - -#if defined(GFp_HAS_ASSERT_H) +#if !defined(GFp_NOSTDLIBINC) # include # define debug_assert_nonsecret(x) assert(x) #else From db664fad58125b8ec9eb615bbc2d3cdbe0c14fe6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Linus=20Unneb=C3=A4ck?= Date: Tue, 24 Nov 2020 18:57:20 +0100 Subject: [PATCH 306/399] CI/CD: Use qemu_* variables consistently in mk/cargo.sh. --- mk/cargo.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mk/cargo.sh b/mk/cargo.sh index 5df41ca292..48fddff605 100755 --- a/mk/cargo.sh +++ b/mk/cargo.sh @@ -39,7 +39,7 @@ for arg in $*; do export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc export AR_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc-ar export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc - export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="qemu-aarch64 -L /usr/aarch64-linux-gnu" + export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="$qemu_aarch64" ;; --target=aarch64-unknown-linux-musl) export CC_aarch64_unknown_linux_musl=clang-10 @@ -51,7 +51,7 @@ for arg in $*; do export CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc export AR_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc-ar export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc - export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER="qemu-arm -L /usr/arm-linux-gnueabihf" + export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER="$qemu_arm" ;; --target=armv7-linux-androideabi) export CC_armv7_linux_androideabi=$android_tools/armv7a-linux-androideabi18-clang From 6314cc7fff83f8e3e8e927c194bedaf7c3670277 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 24 Nov 2020 23:07:36 -0800 Subject: [PATCH 307/399] CI/CD: Gather code coverage. Gather code review data to help guide the code review process. This is currently limited to i686 and x86_64 Linux because these are the targets I could get working. More investigation is needed to figure out how to collect coverage data for ARM targets. --- .github/workflows/ci.yml | 58 +++++++++++++++ mk/cargo.sh | 150 +++++++++++++++++++++++++-------------- mk/runner | 9 +++ 3 files changed, 163 insertions(+), 54 deletions(-) create mode 100755 mk/runner diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d5f9e346a6..32a1a288cd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -251,3 +251,61 @@ jobs: - run: | ${{ matrix.webdriver }} mk/cargo.sh test -vv --target=${{ matrix.target }} ${{ matrix.features }} ${{ matrix.mode }} + + coverage: + # Don't run duplicate `push` jobs for the repo owner's PRs. + if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository + + runs-on: ${{ matrix.host_os }} + + strategy: + matrix: + features: + - # Default + + # TODO: targets + target: + - i686-unknown-linux-gnu + - x86_64-unknown-linux-musl + + mode: + - # debug + + # Coverage collection is Nightly-only + rust_channel: + - nightly + + # TODO: targets + include: + - target: i686-unknown-linux-gnu + host_os: ubuntu-18.04 + + - target: x86_64-unknown-linux-musl + host_os: ubuntu-18.04 + + steps: + - uses: actions/checkout@v2 + + - if: ${{ !contains(matrix.host_os, 'windows') }} + run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }} + + - uses: actions-rs/toolchain@v1 + with: + override: true + target: ${{ matrix.target }} + toolchain: ${{ matrix.rust_channel }} + + - if: ${{ matrix.target == 'aarch64-apple-darwin' }} + run: echo "DEVELOPER_DIR=/Applications/Xcode_12.2.app/Contents/Developer" >> $GITHUB_ENV + + - if: ${{ !contains(matrix.host_os, 'windows') }} + env: + RING_COVERAGE: 1 + run: | + mk/cargo.sh +${{ matrix.rust_channel }} test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }} + + - uses: codecov/codecov-action@v1 + with: + file: ./target/${{ matrix.target }}/debug/coverage/coverage.txt + fail_ci_if_error: true + verbose: true diff --git a/mk/cargo.sh b/mk/cargo.sh index 48fddff605..7617aceff9 100755 --- a/mk/cargo.sh +++ b/mk/cargo.sh @@ -30,64 +30,106 @@ fi for arg in $*; do case $arg in - --target=aarch64-linux-android) - export CC_aarch64_linux_android=$android_tools/aarch64-linux-android21-clang - export AR_aarch64_linux_android=$android_tools/aarch64-linux-android-ar - export CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=$android_tools/aarch64-linux-android21-clang - ;; - --target=aarch64-unknown-linux-gnu) - export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc - export AR_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc-ar - export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc - export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="$qemu_aarch64" - ;; - --target=aarch64-unknown-linux-musl) - export CC_aarch64_unknown_linux_musl=clang-10 - export AR_aarch64_unknown_linux_musl=llvm-ar-10 - export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUSTFLAGS="$rustflags_self_contained" - export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUNNER="$qemu_aarch64" - ;; - --target=arm-unknown-linux-gnueabihf) - export CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc - export AR_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc-ar - export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc - export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER="$qemu_arm" - ;; - --target=armv7-linux-androideabi) - export CC_armv7_linux_androideabi=$android_tools/armv7a-linux-androideabi18-clang - export AR_armv7_linux_androideabi=$android_tools/arm-linux-androideabi-ar - export CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=$android_tools/armv7a-linux-androideabi18-clang - ;; - --target=armv7-unknown-linux-musleabihf) - export CC_armv7_unknown_linux_musleabihf=clang-10 - export AR_armv7_unknown_linux_musleabihf=llvm-ar-10 - export CARGO_TARGET_ARMV7_UNKNOWN_LINUX_MUSLEABIHF_RUSTFLAGS="$rustflags_self_contained" - export CARGO_TARGET_ARMV7_UNKNOWN_LINUX_MUSLEABIHF_RUNNER="$qemu_arm" - ;; - --target=i686-unknown-linux-gnu) - export CC_i686_unknown_linux_gnu=clang-10 - export AR_i686_unknown_linux_gnu=llvm-ar-10 - export CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 - ;; - --target=i686-unknown-linux-musl) - export CC_i686_unknown_linux_musl=clang-10 - export AR_i686_unknown_linux_musl=llvm-ar-10 - export CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-10 - ;; - --target=x86_64-unknown-linux-musl) - export CC_x86_64_unknown_linux_musl=clang-10 - export AR_x86_64_unknown_linux_musl=llvm-ar-10 - export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang-10 - ;; - --target=wasm32-unknown-unknown) - # The first two are only needed for when the "wasm_c" feature is enabled. - export CC_wasm32_unknown_unknown=clang-10 - export AR_wasm32_unknown_unknown=llvm-ar-10 - export CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_RUNNER=wasm-bindgen-test-runner + --target=*) + target=${arg#*=} ;; *) ;; esac done +case $target in + aarch64-linux-android) + export CC_aarch64_linux_android=$android_tools/aarch64-linux-android21-clang + export AR_aarch64_linux_android=$android_tools/aarch64-linux-android-ar + export CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=$android_tools/aarch64-linux-android21-clang + ;; + aarch64-unknown-linux-gnu) + export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc + export AR_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc-ar + export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc + export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="$qemu_aarch64" + ;; + aarch64-unknown-linux-musl) + export CC_aarch64_unknown_linux_musl=clang-10 + export AR_aarch64_unknown_linux_musl=llvm-ar-10 + export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUSTFLAGS="$rustflags_self_contained" + export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUNNER="$qemu_aarch64" + ;; + arm-unknown-linux-gnueabihf) + export CC_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc + export AR_arm_unknown_linux_gnueabihf=arm-linux-gnueabihf-gcc-ar + export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER=arm-linux-gnueabihf-gcc + export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER="$qemu_arm" + ;; + armv7-linux-androideabi) + export CC_armv7_linux_androideabi=$android_tools/armv7a-linux-androideabi18-clang + export AR_armv7_linux_androideabi=$android_tools/arm-linux-androideabi-ar + export CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=$android_tools/armv7a-linux-androideabi18-clang + ;; + armv7-unknown-linux-musleabihf) + export CC_armv7_unknown_linux_musleabihf=clang-10 + export AR_armv7_unknown_linux_musleabihf=llvm-ar-10 + export CARGO_TARGET_ARMV7_UNKNOWN_LINUX_MUSLEABIHF_RUSTFLAGS="$rustflags_self_contained" + export CARGO_TARGET_ARMV7_UNKNOWN_LINUX_MUSLEABIHF_RUNNER="$qemu_arm" + ;; + i686-unknown-linux-gnu) + export CC_i686_unknown_linux_gnu=clang-10 + export AR_i686_unknown_linux_gnu=llvm-ar-10 + export CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 + ;; + i686-unknown-linux-musl) + export CC_i686_unknown_linux_musl=clang-10 + export AR_i686_unknown_linux_musl=llvm-ar-10 + export CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-10 + ;; + x86_64-unknown-linux-musl) + export CC_x86_64_unknown_linux_musl=clang-10 + export AR_x86_64_unknown_linux_musl=llvm-ar-10 + export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang-10 + ;; + wasm32-unknown-unknown) + # The first two are only needed for when the "wasm_c" feature is enabled. + export CC_wasm32_unknown_unknown=clang-10 + export AR_wasm32_unknown_unknown=llvm-ar-10 + export CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_RUNNER=wasm-bindgen-test-runner + ;; + *) + ;; +esac + +if [ -n "${RING_COVERAGE-}" ]; then + # XXX: Collides between release and debug. + coverage_dir=$PWD/target/$target/debug/coverage + mkdir -p "$coverage_dir" + rm -f "$coverage_dir/*.profraw" + + export RING_BUILD_EXECUTABLE_LIST="$coverage_dir/executables" + truncate --size=0 "$RING_BUILD_EXECUTABLE_LIST" + + export LLVM_PROFILE_FILE="$coverage_dir/%m.profraw" + + # ${target} with hyphens replaced by underscores, lowercase and uppercase. + target_lower=${target//-/_} + target_upper=${target_lower^^} + + cflags_var=CFLAGS_${target_lower} + declare -x "${cflags_var}=-fprofile-instr-generate -fcoverage-mapping ${!cflags_var-}" + + runner_var=CARGO_TARGET_${target_upper}_RUNNER + declare -x "${runner_var}=mk/runner ${!runner_var-}" + + rustflags_var=CARGO_TARGET_${target_upper}_RUSTFLAGS + declare -x "${rustflags_var}=-Zinstrument-coverage ${!rustflags_var-}" +fi + cargo "$@" + +if [ -n "${RING_COVERAGE-}" ]; then + llvm-profdata-10 merge -sparse "$coverage_dir"/*.profraw -o "$coverage_dir"/merged.profdata + xargs --arg-file="$RING_BUILD_EXECUTABLE_LIST" \ + llvm-cov-10 export \ + --instr-profile "$coverage_dir"/merged.profdata \ + --format lcov \ + > "$coverage_dir"/coverage.txt +fi diff --git a/mk/runner b/mk/runner new file mode 100755 index 0000000000..709ed040e6 --- /dev/null +++ b/mk/runner @@ -0,0 +1,9 @@ +#!/bin/bash +set -eux -o pipefail +IFS=$'\n\t' + +if [ -n "$RING_BUILD_EXECUTABLE_LIST" ]; then + echo $1 >> "$RING_BUILD_EXECUTABLE_LIST" +fi + +$* From af08a2fff9042cca50ff0f9e85aedd1a66d31d26 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 25 Nov 2020 13:05:11 -0800 Subject: [PATCH 308/399] CI/CD: Add aarch64-unknown-linux-gnu test code coverage. aarch64-unknown-linux-musl doesn't have profiler_builtins enabled so use aarch64-unknown-linux-gnu instead. Work around an issue where the "%m" feature of the LLVM source-based code coverage doesn't work within QEMU. --- .github/workflows/ci.yml | 4 ++++ mk/cargo.sh | 9 ++++++--- mk/install-build-tools.sh | 2 ++ mk/runner | 14 +++++++++++++- 4 files changed, 25 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 32a1a288cd..891877f66a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -265,6 +265,7 @@ jobs: # TODO: targets target: + - aarch64-unknown-linux-gnu - i686-unknown-linux-gnu - x86_64-unknown-linux-musl @@ -277,6 +278,9 @@ jobs: # TODO: targets include: + - target: aarch64-unknown-linux-gnu + host_os: ubuntu-18.04 + - target: i686-unknown-linux-gnu host_os: ubuntu-18.04 diff --git a/mk/cargo.sh b/mk/cargo.sh index 7617aceff9..d34330452d 100755 --- a/mk/cargo.sh +++ b/mk/cargo.sh @@ -45,8 +45,9 @@ case $target in export CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=$android_tools/aarch64-linux-android21-clang ;; aarch64-unknown-linux-gnu) - export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc - export AR_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc-ar + export CC_aarch64_unknown_linux_gnu=clang-10 + export AR_aarch64_unknown_linux_gnu=llvm-ar-10 + export CFLAGS_aarch64_unknown_linux_gnu="--sysroot=/usr/aarch64-linux-gnu" export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="$qemu_aarch64" ;; @@ -107,7 +108,9 @@ if [ -n "${RING_COVERAGE-}" ]; then export RING_BUILD_EXECUTABLE_LIST="$coverage_dir/executables" truncate --size=0 "$RING_BUILD_EXECUTABLE_LIST" - export LLVM_PROFILE_FILE="$coverage_dir/%m.profraw" + # This doesn't work when profiling under QEMU. Instead mk/runner does + # something similar but different. + # export LLVM_PROFILE_FILE="$coverage_dir/%m.profraw" # ${target} with hyphens replaced by underscores, lowercase and uppercase. target_lower=${target//-/_} diff --git a/mk/install-build-tools.sh b/mk/install-build-tools.sh index d6164abb61..83971d9133 100755 --- a/mk/install-build-tools.sh +++ b/mk/install-build-tools.sh @@ -38,6 +38,8 @@ esac case $target in --target=aarch64-unknown-linux-gnu) + # Clang is needed for code coverage. + use_clang=1 install_packages \ qemu-user \ gcc-aarch64-linux-gnu \ diff --git a/mk/runner b/mk/runner index 709ed040e6..ffa1441084 100755 --- a/mk/runner +++ b/mk/runner @@ -2,8 +2,20 @@ set -eux -o pipefail IFS=$'\n\t' +for arg in $*; do + # There can be some arguments prefixed in front of the executable, e.g. + # when qemu-user is used. There can be arguments after the executable, + # e.g. `cargo test` arguments like `TESTNAME`. + if [[ $arg = */deps/* ]]; then + executable=$arg + break + fi +done + +export LLVM_PROFILE_FILE=$(dirname "$RING_BUILD_EXECUTABLE_LIST")/$(basename "$executable").profraw + if [ -n "$RING_BUILD_EXECUTABLE_LIST" ]; then - echo $1 >> "$RING_BUILD_EXECUTABLE_LIST" + echo "$executable" >> "$RING_BUILD_EXECUTABLE_LIST" fi $* From 08c5854363ddafaff2c1df7f6e2fe7928b8ad0ee Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 25 Nov 2020 15:19:10 -0800 Subject: [PATCH 309/399] CI/CD: Separate coverage reports per test executable. --- .github/workflows/ci.yml | 2 +- mk/cargo.sh | 12 ++++++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 891877f66a..1fb47f3d49 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -310,6 +310,6 @@ jobs: - uses: codecov/codecov-action@v1 with: - file: ./target/${{ matrix.target }}/debug/coverage/coverage.txt + directory: ./target/${{ matrix.target }}/debug/coverage/reports fail_ci_if_error: true verbose: true diff --git a/mk/cargo.sh b/mk/cargo.sh index d34330452d..c788caf567 100755 --- a/mk/cargo.sh +++ b/mk/cargo.sh @@ -129,10 +129,14 @@ fi cargo "$@" if [ -n "${RING_COVERAGE-}" ]; then - llvm-profdata-10 merge -sparse "$coverage_dir"/*.profraw -o "$coverage_dir"/merged.profdata - xargs --arg-file="$RING_BUILD_EXECUTABLE_LIST" \ + while read executable; do + basename=$(basename "$executable") + llvm-profdata-10 merge -sparse ""$coverage_dir"/$basename.profraw" -o "$coverage_dir"/$basename.profdata + mkdir -p "$coverage_dir"/reports llvm-cov-10 export \ - --instr-profile "$coverage_dir"/merged.profdata \ + --instr-profile "$coverage_dir"/$basename.profdata \ --format lcov \ - > "$coverage_dir"/coverage.txt + "$executable" \ + > "$coverage_dir"/reports/coverage-$basename.txt + done < "$RING_BUILD_EXECUTABLE_LIST" fi From 15c823a571b2d51c06b00a7a600e6d458513de34 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 24 Nov 2020 16:11:07 -0800 Subject: [PATCH 310/399] Build: Replace use of Yasm with use of Nasm for Windows assembly. Match BoringSSL. According to the Chromium discussion about nasm, it is also substantially faster. --- .github/workflows/ci.yml | 4 +-- BUILDING.md | 15 +++++---- build.rs | 23 +++++++------ mk/install-build-tools.ps1 | 67 +++++++++++++++++++++++++++++--------- 4 files changed, 72 insertions(+), 37 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1fb47f3d49..52dea860b9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -63,9 +63,7 @@ jobs: steps: - uses: actions/checkout@v2 - - run: > - (powershell -ExecutionPolicy Bypass ./mk/install-build-tools.ps1) -and - ("$pwd\target\tools" >> $env:GITHUB_PATH) + - run: powershell -ExecutionPolicy Bypass ./mk/install-build-tools.ps1 - uses: actions-rs/toolchain@v1 with: diff --git a/BUILDING.md b/BUILDING.md index ab6d89558c..834a5b4f5a 100644 --- a/BUILDING.md +++ b/BUILDING.md @@ -26,15 +26,16 @@ Builds directly from Git ------------------------ If you want to hack on *ring* then you need to build it directly from its Git -repository. In this case, you must also have Perl installed, because the -assembly language modules inherited from BoringSSL (inherited from OpenSSL) -use Perl as a macro assembly language. +repository. There are some additional requirements for doing this that do not +apply when building from crates.io: -When building from Git for Windows, directories containing yasm.exe and -perl.exe must be in `%PATH%`, where yasm.exe is -[Yasm](http://yasm.tortall.net/Download.html) 1.3 or later and where perl.exe -is recommended to be [Strawberry Perl](http://strawberryperl.com). +* For any target for which *ring* has assembly language implementations of + primitives (32- and 64- bit Intel, and 32- and 64-bit ARM), Perl must be + installed and in `$PATH`. +* For Windows targets, `target/tools/nasm[.exe]` is used as the assembler; + [mk/install-build-tools.ps1](mk/install-build-tools.ps1) downloads it for + Windows hosts. Cross Compiling --------------- diff --git a/build.rs b/build.rs index e62feb1a7f..9ca8d86699 100644 --- a/build.rs +++ b/build.rs @@ -322,7 +322,7 @@ fn pregenerate_asm_main() { let srcs = asm_srcs(perlasm_src_dsts); for src in srcs { let obj_path = obj_path(&pregenerated, &src, MSVC_OBJ_EXT); - run_command(yasm(&src, target_arch, &obj_path)); + run_command(nasm(&src, target_arch, &obj_path)); } } } @@ -523,7 +523,7 @@ fn compile( let cmd = if target.os != WINDOWS || ext != "asm" { cc(p, ext, target, warnings_are_errors, &out_path) } else { - yasm(p, &target.arch, &out_path) + nasm(p, &target.arch, &out_path) }; run_command(cmd); @@ -637,21 +637,20 @@ fn cc( c } -fn yasm(file: &Path, arch: &str, out_file: &Path) -> Command { - let (oformat, machine) = match arch { - "x86_64" => ("--oformat=win64", "--machine=amd64"), - "x86" => ("--oformat=win32", "--machine=x86"), +fn nasm(file: &Path, arch: &str, out_file: &Path) -> Command { + let oformat = match arch { + "x86_64" => ("win64"), + "x86" => ("win32"), _ => panic!("unsupported arch: {}", arch), }; - let mut c = Command::new("yasm.exe"); + let mut c = Command::new("./target/tools/nasm"); let _ = c - .arg("-X") - .arg("vc") - .arg("--dformat=cv8") - .arg(oformat) - .arg(machine) .arg("-o") .arg(out_file.to_str().expect("Invalid path")) + .arg("-f") + .arg(oformat) + .arg("-Xgnu") + .arg("-gcv8") .arg(file); c } diff --git a/mk/install-build-tools.ps1 b/mk/install-build-tools.ps1 index 4d35925497..f1d51b981a 100644 --- a/mk/install-build-tools.ps1 +++ b/mk/install-build-tools.ps1 @@ -1,30 +1,67 @@ -function Download-File { +function Verify-Or-Delete-File { param ( [Parameter(Mandatory)] - [string]$Url, + [string]$File, [Parameter(Mandatory)] - [string]$ExpectedDigest, - [Parameter(Mandatory)] - [string]$OutFile + [string]$ExpectedDigest ) - $TmpFile = New-TemporaryFile - Invoke-WebRequest -Uri $Url -OutFile $TmpFile.FullName - $ActualDigest = ( Get-FileHash -Algorithm SHA256 $TmpFile ).Hash + $ActualDigest = ( Get-FileHash -Algorithm SHA256 $File ).Hash if ( $ActualDigest -eq $ExpectedDigest ) { - Move-Item -Force $TmpFile $OutFile return } - + rm $File echo "Digest verification failed for $Url; actual $ActualDigest, expected $ExpectedDigest" - rm $TmpFile exit 1 } +function Download-Zip-and-Extract-File { + param ( + [Parameter(Mandatory)] + [string]$Uri, + [Parameter(Mandatory)] + [string]$ZipExpectedDigest, + [Parameter(Mandatory)] + [string]$PathWithinZip, + [Parameter(Mandatory)] + [string]$FileExpectedDigest, + [Parameter(Mandatory)] + [string]$OutFile + ) + $TmpZip = New-TemporaryFile + Invoke-WebRequest -Uri $Uri -OutFile $TmpZip.FullName + echo $TmpZip + Verify-Or-Delete-File -File $TmpZip.FullName -ExpectedDigest $ZipExpectedDigest + + Add-Type -AssemblyName System.IO.Compression.FileSystem + $zip = [System.IO.Compression.ZipFile]::OpenRead($TmpZip) + $zip.Entries | + Where-Object { $_.FullName -eq $PathWithinZip } | + ForEach-Object { + $TmpFile = New-TemporaryFile + # extract the selected items from the ZIP archive + # and copy them to the out folder + $FileName = $_.Name + [System.IO.Compression.ZipFileExtensions]::ExtractToFile($_, "$TmpFile", $true) + Verify-Or-Delete-File -File $TmpFile -ExpectedDigest $FileExpectedDigest + Move-Item -Force $TmpFile $OutFile + } + $zip.Dispose() +} + $tools_dir = "target/tools" mkdir -Force $tools_dir -Download-File ` - -Url 'https://www.tortall.net/projects/yasm/releases/yasm-1.3.0-win64.exe' ` - -ExpectedDigest D160B1D97266F3F28A71B4420A0AD2CD088A7977C2DD3B25AF155652D8D8D91F ` - -OutFile $tools_dir/yasm.exe +# This is the file BoringSSL refers to in +# https://boringssl.googlesource.com/boringssl/+/26f8297177ad8033cc39de84afe9c2000430a66d. +$nasm_version = "nasm-2.13.03" +$nasm_zip = "$nasm_version-win64.zip" +$nasm_zip_sha256 = "B3A1F896B53D07854884C2E0D6BE7DEFBA7EBD09B864BBB9E6D69ADA1C3E989F" +$nasm_exe = "nasm.exe" +$nasm_exe_sha256 = "D8A933BF5CC3597C56193135CB78B225AB225E1F611D2FDB51EF6E3F555B21E3" +Download-Zip-and-Extract-File ` + -Uri "https://www.nasm.us/pub/nasm/releasebuilds/2.13.03/win64/$nasm_zip" ` + -ZipExpectedDigest "$nasm_zip_sha256" ` + -PathWithinZip "$nasm_version/$nasm_exe" ` + -FileExpectedDigest "$nasm_exe_sha256" ` + -OutFile "$tools_dir/$nasm_exe" From b6726e3c7b924683b72d309c57cb117aeaaaf197 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 25 Nov 2020 23:26:04 -0800 Subject: [PATCH 311/399] Documentation: Remove `git clone ...` from crate-level doc comment. `cargo +nightly doc` fails without this. This doesn't make sense since *ring* has been published to crates.io. --- src/lib.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index e018b304af..6b4c612953 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -15,8 +15,6 @@ //! Safe, fast, small crypto using Rust with BoringSSL's cryptography //! primitives. //! -//! git clone https://github.com/briansmith/ring -//! //! # Feature Flags //! //! From bd90dcccb275b5ea6692633bc4b09b12d2e510c7 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 25 Nov 2020 23:34:39 -0800 Subject: [PATCH 312/399] Ed25519: Replace a link that rustdoc doesn't like. The final RFC was published so reference it like other published RFCs. This prevents rustdoc from complaining about the bare link. --- src/ec/curve25519/ed25519/signing.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/ec/curve25519/ed25519/signing.rs b/src/ec/curve25519/ed25519/signing.rs index dab8d5652c..3b522e8191 100644 --- a/src/ec/curve25519/ed25519/signing.rs +++ b/src/ec/curve25519/ed25519/signing.rs @@ -42,10 +42,11 @@ impl Ed25519KeyPair { /// PKCS#8 document. /// /// The PKCS#8 document will be a v2 `OneAsymmetricKey` with the public key, - /// as described in [RFC 5958 Section 2]. See also - /// https://tools.ietf.org/html/draft-ietf-curdle-pkix-04. + /// as described in [RFC 5958 Section 2]; see [RFC 8410 Section 10.3] for an + /// example. /// /// [RFC 5958 Section 2]: https://tools.ietf.org/html/rfc5958#section-2 + /// [RFC 8410 Section 10.3]: https://tools.ietf.org/html/rfc8410#section-10.3 pub fn generate_pkcs8( rng: &dyn rand::SecureRandom, ) -> Result { From 52638008dfb4e68822d19723b28104b3fea12684 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 25 Nov 2020 23:37:29 -0800 Subject: [PATCH 313/399] HMAC: Replace bare link in documentation with Markdown-style reference. rustdoc was complaining about it. --- src/hmac.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/hmac.rs b/src/hmac.rs index a13679f7f4..3e2d7e7b0f 100644 --- a/src/hmac.rs +++ b/src/hmac.rs @@ -182,7 +182,9 @@ impl Key { /// random value generated from `rng`. /// /// The key will be `digest_alg.output_len` bytes long, based on the - /// recommendation in https://tools.ietf.org/html/rfc2104#section-3. + /// recommendation in [RFC 2104 Section 3]. + /// + /// [RFC 2104 Section 3]: https://tools.ietf.org/html/rfc2104#section-3 pub fn generate( algorithm: Algorithm, rng: &dyn rand::SecureRandom, From 6b4df12c7f8de3de311ad2b395f42cc522a0d9ed Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 25 Nov 2020 23:44:55 -0800 Subject: [PATCH 314/399] CI/CD: Verify that `cargo doc` works on all channels. --- .github/workflows/ci.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 52dea860b9..273263652c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -54,6 +54,36 @@ jobs: - run: cargo deny check + # Verify that documentation builds. + rustdoc: + # Don't run duplicate `push` jobs for the repo owner's PRs. + if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository + + runs-on: ubuntu-18.04 + + strategy: + matrix: + rust_channel: + - stable + - beta + - nightly + + include: + - target: x86_64-unknown-linux-gnu + + steps: + - uses: actions-rs/toolchain@v1 + with: + override: true + target: ${{ matrix.target }} + toolchain: ${{ matrix.rust_channel }} + + - uses: actions/checkout@v2 + + - run: | + # TODO: We should use `--all-features` but we need to fix `internal-benches` first. + cargo doc --features=std + package: # Don't run duplicate `push` jobs for the repo owner's PRs. if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository From 7b44ced7711d02a8427cff677e851c59e63734e9 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 25 Nov 2020 23:48:17 -0800 Subject: [PATCH 315/399] Documentation: Fix minor formatting issue. --- src/lib.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 6b4c612953..ef2734cbf7 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -31,8 +31,8 @@ //! fallbacks will not occur. See the documentation for //! rand::SystemRandom for more details. //!
std -//! Enable features that use libstd, in particular `std::error::Error` -//! integration. +//! Enable features that use libstd, in particular +//! std::error::Error integration. //!
wasm32_c //! Enables features that require a C compiler on wasm32 targets, such as //! the constant_time module, HMAC verification, and PBKDF2 From 961437b2c7a168f643da06270588ebd847543e90 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 25 Nov 2020 23:48:47 -0800 Subject: [PATCH 316/399] Documentation: Clarify how to build with `--feature=wasm32_c`. Add the `TARGET_CC` setting. Suggest `clang-10` and `llvm-ar-10` to make it a little clearer that not any old version of Clang/LLVM will work. --- src/lib.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index ef2734cbf7..30c2bf8442 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -39,8 +39,8 @@ //! verification. Without this feature, only a subset of functionality //! is provided to wasm32 targets so that a C compiler isn't needed. A //! typical invocation would be: -//! TARGET_AR=llvm-ar cargo test --target=wasm32-unknown-unknown --features=wasm32_c -//! with llvm-ar and clang in $PATH. +//! TARGET_CC=clang-10 TARGET_AR=llvm-ar-10 cargo test --target=wasm32-unknown-unknown --features=wasm32_c +//! with llvm-ar-10 and clang-10 in $PATH. //! (Going forward more functionality should be enabled by default, without //! requiring these hacks, and without requiring a C compiler.) //!
From 0e687814ef4f54f45cc2acef051a8bd0e4520509 Mon Sep 17 00:00:00 2001 From: Jeff Vander Stoep Date: Thu, 26 Nov 2020 11:39:35 +0100 Subject: [PATCH 317/399] Fix another linker error for arm 32-bit Android Similar error and fix as https://github.com/briansmith/ring/pull/1109 but for chacha-armv8. Resolves error: = note: ld.lld: error: relocation R_AARCH64_ADR_PREL_PG_HI21 cannot be used against symbol GFp_armcap_P ; recompile with -fPIC chacha-armv8-linux64.o:(GFp_ChaCha20_ctr32) in archive libring-core/android_arm64_armv8-a_static/libring-core.a --- crypto/chacha/asm/chacha-armv8.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/chacha/asm/chacha-armv8.pl b/crypto/chacha/asm/chacha-armv8.pl index b261ec8d34..80ec882c57 100755 --- a/crypto/chacha/asm/chacha-armv8.pl +++ b/crypto/chacha/asm/chacha-armv8.pl @@ -123,6 +123,7 @@ sub ROUND { #include .extern GFp_armcap_P +.hidden GFp_armcap_P .section .rodata From b7af1591549abddb958eab1cd74ffa1fc67cd459 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 26 Nov 2020 11:37:50 -0800 Subject: [PATCH 318/399] 0.16.18. --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index be20e41a7e..88d7d81889 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,7 @@ license-file = "LICENSE" name = "ring" readme = "doc/link-to-readme.md" repository = "https://github.com/briansmith/ring" -version = "0.16.17" +version = "0.16.18" # Prevent multiple versions of *ring* from being linked into the same program. links = "ring-asm" From 7514f7a4170439527ac802f223fcd203593614c7 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 26 Nov 2020 11:52:10 -0800 Subject: [PATCH 319/399] Remove the `internal_benches` feature. The benchmarks need to be rewritten to use a new benchmark framework. Remove them in the interim. This makes `internal_benches` a no-op. This enables using `--all-features` on stable channels. Do so for some non-test things in CI. `--all-features` isn't added for tests because of the `slow_tests` feature. --- .github/workflows/ci.yml | 8 ++-- BUILDING.md | 5 --- src/ec/suite_b/ops.rs | 78 -------------------------------------- src/ec/suite_b/ops/p256.rs | 33 ---------------- src/ec/suite_b/ops/p384.rs | 37 ------------------ src/lib.rs | 9 +---- 6 files changed, 5 insertions(+), 165 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 273263652c..b7ad36bfb9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,8 +33,7 @@ jobs: - uses: actions/checkout@v2 - # TODO: Add `--all-features`: - - run: cargo +1.37.0 clippy ---all-targets -- --deny warnings + - run: cargo +1.37.0 clippy --all-features ---all-targets -- --deny warnings deny: # Don't run duplicate `push` jobs for the repo owner's PRs. @@ -81,8 +80,7 @@ jobs: - uses: actions/checkout@v2 - run: | - # TODO: We should use `--all-features` but we need to fix `internal-benches` first. - cargo doc --features=std + cargo doc --all-features package: # Don't run duplicate `push` jobs for the repo owner's PRs. @@ -289,7 +287,7 @@ jobs: strategy: matrix: features: - - # Default + - --all-features # TODO: targets target: diff --git a/BUILDING.md b/BUILDING.md index 834a5b4f5a..e5f6b7e548 100644 --- a/BUILDING.md +++ b/BUILDING.md @@ -80,11 +80,6 @@ e.g. export `CFLAGS=-D__ANDROID_API__=21`. Additional Features that are Useful for Development --------------------------------------------------- -The `internal_benches` feature enable benchmarks of internal functions. These -benchmarks are only useful for people hacking on the implementation of *ring*. -(The benchmarks for the *ring* API are in the -[crypto-bench](https://github.com/briansmith/crypto-bench) project.) - The `slow_tests` feature runs additional tests that are too slow to run during a normal edit-compile-test cycle. diff --git a/src/ec/suite_b/ops.rs b/src/ec/suite_b/ops.rs index c616aca39d..13d80c0d2e 100644 --- a/src/ec/suite_b/ops.rs +++ b/src/ec/suite_b/ops.rs @@ -1176,84 +1176,6 @@ mod tests { } } -#[cfg(feature = "internal_benches")] -mod internal_benches { - use super::{Limb, MAX_LIMBS}; - - pub const LIMBS_1: [Limb; MAX_LIMBS] = limbs![1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; - - pub const LIMBS_ALTERNATING_10: [Limb; MAX_LIMBS] = limbs![ - 0b10101010_10101010_10101010_10101010, - 0b10101010_10101010_10101010_10101010, - 0b10101010_10101010_10101010_10101010, - 0b10101010_10101010_10101010_10101010, - 0b10101010_10101010_10101010_10101010, - 0b10101010_10101010_10101010_10101010, - 0b10101010_10101010_10101010_10101010, - 0b10101010_10101010_10101010_10101010, - 0b10101010_10101010_10101010_10101010, - 0b10101010_10101010_10101010_10101010, - 0b10101010_10101010_10101010_10101010, - 0b10101010_10101010_10101010_10101010 - ]; -} - -#[cfg(feature = "internal_benches")] -macro_rules! bench_curve { - ( $vectors:expr ) => { - use super::super::{Elem, Scalar}; - extern crate test; - - #[bench] - fn elem_inverse_squared_bench(bench: &mut test::Bencher) { - // This benchmark assumes that `elem_inverse_squared()` is - // constant-time so inverting 1 mod q is as good of a choice as - // anything. - let mut a = Elem::zero(); - a.limbs[0] = 1; - bench.iter(|| { - let _ = PRIVATE_KEY_OPS.elem_inverse_squared(&a); - }); - } - - #[bench] - fn elem_product_bench(bench: &mut test::Bencher) { - // This benchmark assumes that the multiplication is constant-time - // so 0 * 0 is as good of a choice as anything. - let a: Elem = Elem::zero(); - let b: Elem = Elem::zero(); - bench.iter(|| { - let _ = COMMON_OPS.elem_product(&a, &b); - }); - } - - #[bench] - fn elem_squared_bench(bench: &mut test::Bencher) { - // This benchmark assumes that the squaring is constant-time so - // 0**2 * 0 is as good of a choice as anything. - let a = Elem::zero(); - bench.iter(|| { - let _ = COMMON_OPS.elem_squared(&a); - }); - } - - #[bench] - fn scalar_inv_to_mont_bench(bench: &mut test::Bencher) { - const VECTORS: &[Scalar] = $vectors; - let vectors_len = VECTORS.len(); - let mut i = 0; - bench.iter(|| { - let _ = SCALAR_OPS.scalar_inv_to_mont(&VECTORS[i]); - - i += 1; - if i == vectors_len { - i = 0; - } - }); - } - }; -} - mod elem; pub mod p256; pub mod p384; diff --git a/src/ec/suite_b/ops/p256.rs b/src/ec/suite_b/ops/p256.rs index 69c89eb893..4c54f5c00e 100644 --- a/src/ec/suite_b/ops/p256.rs +++ b/src/ec/suite_b/ops/p256.rs @@ -380,36 +380,3 @@ extern "C" { rep: Limb, ); } - -#[cfg(feature = "internal_benches")] -mod internal_benches { - use super::{super::internal_benches::*, *}; - - bench_curve!(&[ - Scalar { - limbs: LIMBS_1, - m: PhantomData, - encoding: PhantomData, - }, - Scalar { - limbs: LIMBS_ALTERNATING_10, - m: PhantomData, - encoding: PhantomData, - }, - Scalar { - // n - 1 - limbs: p256_limbs![ - 0xfc632551 - 1, - 0xf3b9cac2, - 0xa7179e84, - 0xbce6faad, - 0xffffffff, - 0xffffffff, - 0x00000000, - 0xffffffff - ], - m: PhantomData, - encoding: PhantomData, - }, - ]); -} diff --git a/src/ec/suite_b/ops/p384.rs b/src/ec/suite_b/ops/p384.rs index 4b2ecb8300..7ecba1f18f 100644 --- a/src/ec/suite_b/ops/p384.rs +++ b/src/ec/suite_b/ops/p384.rs @@ -368,40 +368,3 @@ extern "C" { b: *const Limb, // [COMMON_OPS.num_limbs] ); } - -#[cfg(feature = "internal_benches")] -mod internal_benches { - use super::{super::internal_benches::*, *}; - - bench_curve!(&[ - Scalar { - limbs: LIMBS_1, - encoding: PhantomData, - m: PhantomData - }, - Scalar { - limbs: LIMBS_ALTERNATING_10, - encoding: PhantomData, - m: PhantomData - }, - Scalar { - // n - 1 - limbs: p384_limbs![ - 0xccc52973 - 1, - 0xecec196a, - 0x48b0a77a, - 0x581a0db2, - 0xf4372ddf, - 0xc7634d81, - 0xffffffff, - 0xffffffff, - 0xffffffff, - 0xffffffff, - 0xffffffff, - 0xffffffff - ], - encoding: PhantomData, - m: PhantomData, - }, - ]); -} diff --git a/src/lib.rs b/src/lib.rs index 30c2bf8442..86a609960e 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -70,23 +70,18 @@ )] // `#[derive(...)]` uses `trivial_numeric_casts` and `unused_qualifications` // internally. -#![deny( - missing_docs, - unstable_features, // Used by `internal_benches` - unused_qualifications, - variant_size_differences, -)] +#![deny(missing_docs, unused_qualifications, variant_size_differences)] #![forbid( anonymous_parameters, trivial_casts, trivial_numeric_casts, + unstable_features, unused_extern_crates, unused_import_braces, unused_results, warnings )] #![no_std] -#![cfg_attr(feature = "internal_benches", allow(unstable_features), feature(test))] #[cfg(feature = "alloc")] extern crate alloc; From c4c6899cc57607f40505b3e9c7ee6295cf18fc80 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Sun, 29 Nov 2020 23:18:35 -0800 Subject: [PATCH 320/399] CI/CD: Use LLVM-11 for code coverage. --- .github/workflows/ci.yml | 6 ++--- mk/cargo.sh | 44 +++++++++++++++++-------------- mk/install-build-tools.sh | 11 +++++++- mk/llvm-snapshot.gpg.key | 54 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 91 insertions(+), 24 deletions(-) create mode 100644 mk/llvm-snapshot.gpg.key diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b7ad36bfb9..d9fa15a706 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -317,7 +317,7 @@ jobs: - uses: actions/checkout@v2 - if: ${{ !contains(matrix.host_os, 'windows') }} - run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }} + run: RING_COVERAGE=1 mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }} - uses: actions-rs/toolchain@v1 with: @@ -329,10 +329,8 @@ jobs: run: echo "DEVELOPER_DIR=/Applications/Xcode_12.2.app/Contents/Developer" >> $GITHUB_ENV - if: ${{ !contains(matrix.host_os, 'windows') }} - env: - RING_COVERAGE: 1 run: | - mk/cargo.sh +${{ matrix.rust_channel }} test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }} + RING_COVERAGE=1 mk/cargo.sh +${{ matrix.rust_channel }} test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }} - uses: codecov/codecov-action@v1 with: diff --git a/mk/cargo.sh b/mk/cargo.sh index c788caf567..f5ea075427 100755 --- a/mk/cargo.sh +++ b/mk/cargo.sh @@ -38,6 +38,12 @@ for arg in $*; do esac done +# See comments in install-build-tools.sh. +llvm_version=10 +if [ -n "${RING_COVERAGE-}" ]; then + llvm_version=11 +fi + case $target in aarch64-linux-android) export CC_aarch64_linux_android=$android_tools/aarch64-linux-android21-clang @@ -45,15 +51,15 @@ case $target in export CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=$android_tools/aarch64-linux-android21-clang ;; aarch64-unknown-linux-gnu) - export CC_aarch64_unknown_linux_gnu=clang-10 - export AR_aarch64_unknown_linux_gnu=llvm-ar-10 + export CC_aarch64_unknown_linux_gnu=clang-$llvm_version + export AR_aarch64_unknown_linux_gnu=llvm-ar-$llvm_version export CFLAGS_aarch64_unknown_linux_gnu="--sysroot=/usr/aarch64-linux-gnu" export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="$qemu_aarch64" ;; aarch64-unknown-linux-musl) - export CC_aarch64_unknown_linux_musl=clang-10 - export AR_aarch64_unknown_linux_musl=llvm-ar-10 + export CC_aarch64_unknown_linux_musl=clang-$llvm_version + export AR_aarch64_unknown_linux_musl=llvm-ar-$llvm_version export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUSTFLAGS="$rustflags_self_contained" export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUNNER="$qemu_aarch64" ;; @@ -69,30 +75,30 @@ case $target in export CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=$android_tools/armv7a-linux-androideabi18-clang ;; armv7-unknown-linux-musleabihf) - export CC_armv7_unknown_linux_musleabihf=clang-10 - export AR_armv7_unknown_linux_musleabihf=llvm-ar-10 + export CC_armv7_unknown_linux_musleabihf=clang-$llvm_version + export AR_armv7_unknown_linux_musleabihf=llvm-ar-$llvm_version export CARGO_TARGET_ARMV7_UNKNOWN_LINUX_MUSLEABIHF_RUSTFLAGS="$rustflags_self_contained" export CARGO_TARGET_ARMV7_UNKNOWN_LINUX_MUSLEABIHF_RUNNER="$qemu_arm" ;; i686-unknown-linux-gnu) - export CC_i686_unknown_linux_gnu=clang-10 - export AR_i686_unknown_linux_gnu=llvm-ar-10 - export CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-10 + export CC_i686_unknown_linux_gnu=clang-$llvm_version + export AR_i686_unknown_linux_gnu=llvm-ar-$llvm_version + export CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER=clang-$llvm_version ;; i686-unknown-linux-musl) - export CC_i686_unknown_linux_musl=clang-10 - export AR_i686_unknown_linux_musl=llvm-ar-10 - export CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-10 + export CC_i686_unknown_linux_musl=clang-$llvm_version + export AR_i686_unknown_linux_musl=llvm-ar-$llvm_version + export CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-$llvm_version ;; x86_64-unknown-linux-musl) - export CC_x86_64_unknown_linux_musl=clang-10 - export AR_x86_64_unknown_linux_musl=llvm-ar-10 - export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang-10 + export CC_x86_64_unknown_linux_musl=clang-$llvm_version + export AR_x86_64_unknown_linux_musl=llvm-ar-$llvm_version + export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang-$llvm_version ;; wasm32-unknown-unknown) # The first two are only needed for when the "wasm_c" feature is enabled. - export CC_wasm32_unknown_unknown=clang-10 - export AR_wasm32_unknown_unknown=llvm-ar-10 + export CC_wasm32_unknown_unknown=clang-$llvm_version + export AR_wasm32_unknown_unknown=llvm-ar-$llvm_version export CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_RUNNER=wasm-bindgen-test-runner ;; *) @@ -131,9 +137,9 @@ cargo "$@" if [ -n "${RING_COVERAGE-}" ]; then while read executable; do basename=$(basename "$executable") - llvm-profdata-10 merge -sparse ""$coverage_dir"/$basename.profraw" -o "$coverage_dir"/$basename.profdata + llvm-profdata-$llvm_version merge -sparse ""$coverage_dir"/$basename.profraw" -o "$coverage_dir"/$basename.profdata mkdir -p "$coverage_dir"/reports - llvm-cov-10 export \ + llvm-cov-$llvm_version export \ --instr-profile "$coverage_dir"/$basename.profdata \ --format lcov \ "$executable" \ diff --git a/mk/install-build-tools.sh b/mk/install-build-tools.sh index 83971d9133..cfbf695807 100755 --- a/mk/install-build-tools.sh +++ b/mk/install-build-tools.sh @@ -80,5 +80,14 @@ case $target in esac if [ -n "$use_clang" ]; then - install_packages clang-10 llvm-10 + llvm_version=10 + if [ -n "${RING_COVERAGE-}" ]; then + # https://github.com/rust-lang/rust/pull/79365 upgraded the coverage file + # format to one that only LLVM 11+ can use + llvm_version=11 + sudo apt-key add mk/llvm-snapshot.gpg.key + sudo add-apt-repository "deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-$llvm_version main" + sudo apt-get update + fi + install_packages clang-$llvm_version llvm-$llvm_version fi diff --git a/mk/llvm-snapshot.gpg.key b/mk/llvm-snapshot.gpg.key new file mode 100644 index 0000000000..87a01ff889 --- /dev/null +++ b/mk/llvm-snapshot.gpg.key @@ -0,0 +1,54 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) +Comment: See https://apt.llvm.org/. +Comment: Fingerprint: 6084 F3CF 814B 57C1 CF12 EFD5 15CF 4D18 AF4F 7421 + +mQINBFE9lCwBEADi0WUAApM/mgHJRU8lVkkw0CHsZNpqaQDNaHefD6Rw3S4LxNmM +EZaOTkhP200XZM8lVdbfUW9xSjA3oPldc1HG26NjbqqCmWpdo2fb+r7VmU2dq3NM +R18ZlKixiLDE6OUfaXWKamZsXb6ITTYmgTO6orQWYrnW6ckYHSeaAkW0wkDAryl2 +B5v8aoFnQ1rFiVEMo4NGzw4UX+MelF7rxaaregmKVTPiqCOSPJ1McC1dHFN533FY +Wh/RVLKWo6npu+owtwYFQW+zyQhKzSIMvNujFRzhIxzxR9Gn87MoLAyfgKEzrbbT +DhqqNXTxS4UMUKCQaO93TzetX/EBrRpJj+vP640yio80h4Dr5pAd7+LnKwgpTDk1 +G88bBXJAcPZnTSKu9I2c6KY4iRNbvRz4i+ZdwwZtdW4nSdl2792L7Sl7Nc44uLL/ +ZqkKDXEBF6lsX5XpABwyK89S/SbHOytXv9o4puv+65Ac5/UShspQTMSKGZgvDauU +cs8kE1U9dPOqVNCYq9Nfwinkf6RxV1k1+gwtclxQuY7UpKXP0hNAXjAiA5KS5Crq +7aaJg9q2F4bub0mNU6n7UI6vXguF2n4SEtzPRk6RP+4TiT3bZUsmr+1ktogyOJCc +Ha8G5VdL+NBIYQthOcieYCBnTeIH7D3Sp6FYQTYtVbKFzmMK+36ERreL/wARAQAB +tD1TeWx2ZXN0cmUgTGVkcnUgLSBEZWJpYW4gTExWTSBwYWNrYWdlcyA8c3lsdmVz +dHJlQGRlYmlhbi5vcmc+iQI4BBMBAgAiBQJRPZQsAhsDBgsJCAcDAgYVCAIJCgsE +FgIDAQIeAQIXgAAKCRAVz00Yr090Ibx+EADArS/hvkDF8juWMXxh17CgR0WZlHCC +9CTBWkg5a0bNN/3bb97cPQt/vIKWjQtkQpav6/5JTVCSx2riL4FHYhH0iuo4iAPR +udC7Cvg8g7bSPrKO6tenQZNvQm+tUmBHgFiMBJi92AjZ/Qn1Shg7p9ITivFxpLyX +wpmnF1OKyI2Kof2rm4BFwfSWuf8Fvh7kDMRLHv+MlnK/7j/BNpKdozXxLcwoFBmn +l0WjpAH3OFF7Pvm1LJdf1DjWKH0Dc3sc6zxtmBR/KHHg6kK4BGQNnFKujcP7TVdv +gMYv84kun14pnwjZcqOtN3UJtcx22880DOQzinoMs3Q4w4o05oIF+sSgHViFpc3W +R0v+RllnH05vKZo+LDzc83DQVrdwliV12eHxrMQ8UYg88zCbF/cHHnlzZWAJgftg +hB08v1BKPgYRUzwJ6VdVqXYcZWEaUJmQAPuAALyZESw94hSo28FAn0/gzEc5uOYx +K+xG/lFwgAGYNb3uGM5m0P6LVTfdg6vDwwOeTNIExVk3KVFXeSQef2ZMkhwA7wya +KJptkb62wBHFE+o9TUdtMCY6qONxMMdwioRE5BYNwAsS1PnRD2+jtlI0DzvKHt7B +MWd8hnoUKhMeZ9TNmo+8CpsAtXZcBho0zPGz/R8NlJhAWpdAZ1CmcPo83EW86Yq7 +BxQUKnNHcwj2ebkCDQRRPZQsARAA4jxYmbTHwmMjqSizlMJYNuGOpIidEdx9zQ5g +zOr431/VfWq4S+VhMDhs15j9lyml0y4ok215VRFwrAREDg6UPMr7ajLmBQGau0Fc +bvZJ90l4NjXp5p0NEE/qOb9UEHT7EGkEhaZ1ekkWFTWCgsy7rRXfZLxB6sk7pzLC +DshyW3zjIakWAnpQ5j5obiDy708pReAuGB94NSyb1HoW/xGsGgvvCw4r0w3xPStw +F1PhmScE6NTBIfLliea3pl8vhKPlCh54Hk7I8QGjo1ETlRP4Qll1ZxHJ8u25f/ta +RES2Aw8Hi7j0EVcZ6MT9JWTI83yUcnUlZPZS2HyeWcUj+8nUC8W4N8An+aNps9l/ +21inIl2TbGo3Yn1JQLnA1YCoGwC34g8QZTJhElEQBN0X29ayWW6OdFx8MDvllbBV +ymmKq2lK1U55mQTfDli7S3vfGz9Gp/oQwZ8bQpOeUkc5hbZszYwP4RX+68xDPfn+ +M9udl+qW9wu+LyePbW6HX90LmkhNkkY2ZzUPRPDHZANU5btaPXc2H7edX4y4maQa +xenqD0lGh9LGz/mps4HEZtCI5CY8o0uCMF3lT0XfXhuLksr7Pxv57yue8LLTItOJ +d9Hmzp9G97SRYYeqU+8lyNXtU2PdrLLq7QHkzrsloG78lCpQcalHGACJzrlUWVP/ +fN3Ht3kAEQEAAYkCHwQYAQIACQUCUT2ULAIbDAAKCRAVz00Yr090IbhWEADbr50X +OEXMIMGRLe+YMjeMX9NG4jxs0jZaWHc/WrGR+CCSUb9r6aPXeLo+45949uEfdSsB +pbaEdNWxF5Vr1CSjuO5siIlgDjmT655voXo67xVpEN4HhMrxugDJfCa6z97P0+ML +PdDxim57uNqkam9XIq9hKQaurxMAECDPmlEXI4QT3eu5qw5/knMzDMZj4Vi6hovL +wvvAeLHO/jsyfIdNmhBGU2RWCEZ9uo/MeerPHtRPfg74g+9PPfP6nyHD2Wes6yGd +oVQwtPNAQD6Cj7EaA2xdZYLJ7/jW6yiPu98FFWP74FN2dlyEA2uVziLsfBrgpS4l +tVOlrO2YzkkqUGrybzbLpj6eeHx+Cd7wcjI8CalsqtL6cG8cUEjtWQUHyTbQWAgG +5VPEgIAVhJ6RTZ26i/G+4J8neKyRs4vz+57UGwY6zI4AB1ZcWGEE3Bf+CDEDgmnP +LSwbnHefK9IljT9XU98PelSryUO/5UPw7leE0akXKB4DtekToO226px1VnGp3Bov +1GBGvpHvL2WizEwdk+nfk8LtrLzej+9FtIcq3uIrYnsac47Pf7p0otcFeTJTjSq3 +krCaoG4Hx0zGQG2ZFpHrSrZTVy6lxvIdfi0beMgY6h78p6M9eYZHQHc02DjFkQXN +bXb5c6gCHESH5PXwPU4jQEE7Ib9J6sbk7ZT2Mw== +=j+4q +-----END PGP PUBLIC KEY BLOCK----- From e775fedb53add926eca40ab499d5e7bbc97fe2f7 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Sun, 29 Nov 2020 23:19:26 -0800 Subject: [PATCH 321/399] CI/CD: Use self-contained linking for all -musl targets. --- mk/cargo.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mk/cargo.sh b/mk/cargo.sh index f5ea075427..fc1cec1409 100755 --- a/mk/cargo.sh +++ b/mk/cargo.sh @@ -88,12 +88,12 @@ case $target in i686-unknown-linux-musl) export CC_i686_unknown_linux_musl=clang-$llvm_version export AR_i686_unknown_linux_musl=llvm-ar-$llvm_version - export CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_LINKER=clang-$llvm_version + export CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_RUSTFLAGS="$rustflags_self_contained" ;; x86_64-unknown-linux-musl) export CC_x86_64_unknown_linux_musl=clang-$llvm_version export AR_x86_64_unknown_linux_musl=llvm-ar-$llvm_version - export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang-$llvm_version + export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_RUSTFLAGS="$rustflags_self_contained" ;; wasm32-unknown-unknown) # The first two are only needed for when the "wasm_c" feature is enabled. From ad612543ad751dc55c8ecb9008ed00e4c8aacf00 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 30 Nov 2020 01:50:46 -0800 Subject: [PATCH 322/399] CI/CD: Don't use self-contained linking during code coverage. Work around a bug in the Rust toolchain. --- .github/workflows/ci.yml | 11 +++++++++++ mk/cargo.sh | 7 ++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d9fa15a706..19e5c50931 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -304,15 +304,26 @@ jobs: # TODO: targets include: + # TODO: Use the -musl target after + # https://github.com/rust-lang/rust/issues/79556 and + # https://github.com/rust-lang/rust/issues/79555 are fixed. - target: aarch64-unknown-linux-gnu host_os: ubuntu-18.04 + # TODO: Use the -musl target after + # https://github.com/rust-lang/rust/issues/79556 and + # https://github.com/rust-lang/rust/issues/79555 are fixed. - target: i686-unknown-linux-gnu host_os: ubuntu-18.04 - target: x86_64-unknown-linux-musl host_os: ubuntu-18.04 + # TODO: Add an ARM target after + # https://github.com/rust-lang/rust/issues/79555 is fixed. This may + # require https://github.com/rust-lang/rust/issues/79555 to be fixed + # too. + steps: - uses: actions/checkout@v2 diff --git a/mk/cargo.sh b/mk/cargo.sh index fc1cec1409..a7b8154baf 100755 --- a/mk/cargo.sh +++ b/mk/cargo.sh @@ -93,7 +93,12 @@ case $target in x86_64-unknown-linux-musl) export CC_x86_64_unknown_linux_musl=clang-$llvm_version export AR_x86_64_unknown_linux_musl=llvm-ar-$llvm_version - export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_RUSTFLAGS="$rustflags_self_contained" + # XXX: Work around https://github.com/rust-lang/rust/issues/79555. + if [ -n "${RING_COVERAGE-}" ]; then + export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=clang-$llvm_version + else + export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_RUSTFLAGS="$rustflags_self_contained" + fi ;; wasm32-unknown-unknown) # The first two are only needed for when the "wasm_c" feature is enabled. From 23c99898cb09c3f1dd37a1666671221bc1e80a2f Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Sat, 28 Nov 2020 22:50:35 -0800 Subject: [PATCH 323/399] CI/CD: Enable building of aarch64-apple-darwin targets on Rust Beta. https://blog.rust-lang.org/2020/11/27/Rustup-1.23.0.html#support-for-apple-m1-devices says that the beta channel supports M1 targets now. --- .github/workflows/ci.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 19e5c50931..2245fb62c5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -144,10 +144,6 @@ jobs: - target: aarch64-apple-darwin rust_channel: stable - # The beta channel doesn't have aarch64-apple-darwin support yet. - - target: aarch64-apple-darwin - rust_channel: beta - include: - target: aarch64-apple-darwin # macos-latest didn't work. From b85171a3533e5101cc91870c79c543e84dafac33 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 30 Nov 2020 10:43:31 -0800 Subject: [PATCH 324/399] CI/CD: Allow multiple versions of dependencies in `deny` jobs. --- deny.toml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/deny.toml b/deny.toml index b2199ba87a..dcfb03439f 100644 --- a/deny.toml +++ b/deny.toml @@ -20,7 +20,9 @@ license-files = [ ] [bans] -multiple-versions = "deny" +# We don't maintain a fixed Cargo.lock so enforcing +# `multiple-versions = "deny"` is impractical. +multiple-versions = "allow" wildcards = "deny" [sources] From 432909280dfcb620bf23677f5d73286b345c3952 Mon Sep 17 00:00:00 2001 From: Michael Neumann Date: Mon, 30 Nov 2020 18:31:28 +0000 Subject: [PATCH 325/399] Fix compilation on DragonFly This superseeds issue #966. Tested-on: DragonFly 5.8.1 --- Cargo.toml | 2 +- src/rand.rs | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 88d7d81889..68a0714dd8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -306,7 +306,7 @@ spin = { version = "0.5.2", default-features = false } libc = { version = "0.2.69", default-features = false } once_cell = { version = "1.5.2", default-features = false, features=["std"], optional = true } -[target.'cfg(any(target_os = "freebsd", target_os = "illumos", target_os = "netbsd", target_os = "openbsd", target_os = "solaris"))'.dependencies] +[target.'cfg(any(target_os = "dragonfly", target_os = "freebsd", target_os = "illumos", target_os = "netbsd", target_os = "openbsd", target_os = "solaris"))'.dependencies] once_cell = { version = "1.5.2", default-features = false, features=["std"] } [target.'cfg(all(target_arch = "wasm32", target_vendor = "unknown", target_os = "unknown", target_env = ""))'.dependencies] diff --git a/src/rand.rs b/src/rand.rs index 6957952db0..9d1864fa14 100644 --- a/src/rand.rs +++ b/src/rand.rs @@ -180,6 +180,7 @@ use self::sysrand::fill as fill_impl; use self::sysrand_or_urandom::fill as fill_impl; #[cfg(any( + target_os = "dragonfly", target_os = "freebsd", target_os = "illumos", target_os = "netbsd", @@ -352,6 +353,7 @@ mod sysrand_or_urandom { any(target_os = "android", target_os = "linux"), feature = "dev_urandom_fallback" ), + target_os = "dragonfly", target_os = "freebsd", target_os = "netbsd", target_os = "openbsd", From 9dae0ac4f0ae18ebed988d36bfb4c4e4023fc574 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 30 Nov 2020 11:15:50 -0800 Subject: [PATCH 326/399] Add digest.h to self_check.c This covers the use of EVP_sha256() added in 8846533744. Change-Id: I8cd4c8e271de6a0b9a926e7186c7b24ffe849d67 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44224 Commit-Queue: Adam Langley Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- crypto/fipsmodule/self_check/self_check.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/fipsmodule/self_check/self_check.c b/crypto/fipsmodule/self_check/self_check.c index 192a0079ad..6d95193dd9 100644 --- a/crypto/fipsmodule/self_check/self_check.c +++ b/crypto/fipsmodule/self_check/self_check.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include #include From 749502e1fedfe197f9f1c5718c69a0dd49886414 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 30 Nov 2020 15:11:36 -0800 Subject: [PATCH 327/399] Sync `cc` dependency version in pregenerate_asm/Cargo.toml with ./Cargo.toml's. --- pregenerate_asm/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pregenerate_asm/Cargo.toml b/pregenerate_asm/Cargo.toml index a200e0a4c2..8a64273f8a 100644 --- a/pregenerate_asm/Cargo.toml +++ b/pregenerate_asm/Cargo.toml @@ -9,4 +9,4 @@ path = "../build.rs" # Keep this in sync with `[build-dependencies]` in ../Cargo.toml. [dependencies] -cc = "1.0.26" +cc = { version = "1.0.62", default-features = false } From 019a8747dde2e6cae7ee23ef50e695c34f77a759 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 30 Nov 2020 17:14:25 -0800 Subject: [PATCH 328/399] CI/CD: Use the same version of wasm-bindgen-cli as wasm-bindgen. --- .github/workflows/ci.yml | 1 + mk/install-build-tools.sh | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2245fb62c5..f41a242884 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -263,6 +263,7 @@ jobs: steps: - uses: actions/checkout@v2 + - run: cargo generate-lockfile - run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }} - uses: actions-rs/toolchain@v1 diff --git a/mk/install-build-tools.sh b/mk/install-build-tools.sh index cfbf695807..e997bbb40e 100755 --- a/mk/install-build-tools.sh +++ b/mk/install-build-tools.sh @@ -66,7 +66,9 @@ case $target in use_clang=1 ;; --target=wasm32-unknown-unknown) - cargo install wasm-bindgen-cli --vers "0.2.68" --bin wasm-bindgen-test-runner + # The version of wasm-bindgen-cli must match the wasm-bindgen version. + wasm_bindgen_version=$(cargo metadata --format-version 1 | jq -r '.packages | map(select( .name == "wasm-bindgen")) | map(.version) | .[0]') + cargo install wasm-bindgen-cli --vers "$wasm_bindgen_version" --bin wasm-bindgen-test-runner case ${features-} in *wasm32_c*) use_clang=1 From df8fbf41455b1bc5116f941aa98747e8868ba85b Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 30 Nov 2020 17:40:54 -0800 Subject: [PATCH 329/399] CI/CD: Cache the cargo-deny binary to speed up the `deny` job. `cargo install cargo-deny` takes 7 minutes, while running it takes 2 seconds. --- .github/workflows/ci.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f41a242884..db2b660c0e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -47,7 +47,12 @@ jobs: toolchain: stable profile: minimal - - run: cargo install cargo-deny + - uses: actions/cache@v2 + with: + path: ~/.cargo/bin/cargo-deny + key: ${{ runner.os }}-cargo-deny-0.8.4 + + - run: cargo install cargo-deny --vers "0.8.4" - uses: actions/checkout@v2 From 2114ed7f9d811bd2673dad1b9abb163655f9ba99 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 30 Nov 2020 19:14:12 -0800 Subject: [PATCH 330/399] CI/CD: Try again to cache cargo-deny. AFAICT, the previous attempt at caching didn't work because, AFAICT, ~/.cargo/{.crates.toml, .crates2.json} were not cached. --- .github/workflows/ci.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index db2b660c0e..c9e082f49f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,8 +49,11 @@ jobs: - uses: actions/cache@v2 with: - path: ~/.cargo/bin/cargo-deny - key: ${{ runner.os }}-cargo-deny-0.8.4 + path: | + ~/.cargo/bin/cargo-deny + ~/.cargo/.crates.toml + ~/.cargo/.crates2.json + key: ${{ runner.os }}-v2-cargo-deny-0.8.4 - run: cargo install cargo-deny --vers "0.8.4" From 64184d649fc75c5b6da551b41ff91a47aa846c53 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 30 Nov 2020 16:27:26 -0800 Subject: [PATCH 331/399] CI/CD: Add `cargo audit`. --- .github/workflows/ci.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c9e082f49f..d112f8eef0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,6 +35,34 @@ jobs: - run: cargo +1.37.0 clippy --all-features ---all-targets -- --deny warnings + audit: + # Don't run duplicate `push` jobs for the repo owner's PRs. + if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository + + runs-on: ubuntu-18.04 + + steps: + - uses: actions-rs/toolchain@v1 + with: + toolchain: stable + profile: minimal + + - uses: actions/cache@v2 + with: + path: | + ~/.cargo/bin/cargo-audit + ~/.cargo/.crates.toml + ~/.cargo/.crates2.json + key: ${{ runner.os }}-v2-cargo-audit-0.13.1 + + - run: cargo install cargo-audit --vers "0.13.1" + + - uses: actions/checkout@v2 + + - run: cargo generate-lockfile + + - run: cargo audit --deny warnings + deny: # Don't run duplicate `push` jobs for the repo owner's PRs. if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository From bb6f9c44b354c529f3cbfa71f4ace553a9537b0f Mon Sep 17 00:00:00 2001 From: Emmanuel T Odeke Date: Mon, 30 Nov 2020 21:53:54 -0800 Subject: [PATCH 332/399] util/fipstools/acvp/acvptool: buffer signal channel to avoid losing signal The docs at os/signal.Notify warn about this signal delivery loss bug at https://golang.org/pkg/os/signal/#Notify, which says: Package signal will not block sending to c: the caller must ensure that c has sufficient buffer space to keep up with the expected signal rate. For a channel used for notification of just one signal value, a buffer of size 1 is sufficient. Discovered by one of Orijtech, Inc's internal static analyzers that will eventually be donated to the Go project, and will then be included when one runs: go test Change-Id: I5713f7087a195ac706240d32b53d2e4855d93a1c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44264 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- util/fipstools/acvp/acvptool/interactive.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/fipstools/acvp/acvptool/interactive.go b/util/fipstools/acvp/acvptool/interactive.go index 703b41bd53..36d5e6cebb 100644 --- a/util/fipstools/acvp/acvptool/interactive.go +++ b/util/fipstools/acvp/acvptool/interactive.go @@ -563,7 +563,7 @@ func runInteractive(server *acvp.Server, config Config) { defer terminal.Restore(0, oldState) term := terminal.NewTerminal(os.Stdin, "> ") - resizeChan := make(chan os.Signal) + resizeChan := make(chan os.Signal, 1) go func() { for _ = range resizeChan { updateTerminalSize(term) From 1bec25297ce6315271b45a54cfbb46f4e5ad2108 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 30 Nov 2020 12:24:42 -0800 Subject: [PATCH 333/399] Poly1305: Use |size_t|; assert |poly1305_state| is large enough. Clarify that there are no truncation issues on targets where the range of |unsigned| is smaller than the range of |size_t|. Ensure that |poly1305_state| is (still) large enough. This is a good idea independently of this change, but is especially important because switching the fields to |size_t| might have enlarged the structures. Change-Id: I16e408229c28fcba6c3592603ddb9431cf1f142d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44244 Commit-Queue: Adam Langley Reviewed-by: Adam Langley --- crypto/poly1305/poly1305.c | 17 ++++++++++------- crypto/poly1305/poly1305_arm.c | 24 +++++++++++++----------- crypto/poly1305/poly1305_vec.c | 4 ++++ 3 files changed, 27 insertions(+), 18 deletions(-) diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c index a6dd14501f..31a567d76c 100644 --- a/crypto/poly1305/poly1305.c +++ b/crypto/poly1305/poly1305.c @@ -46,10 +46,14 @@ struct poly1305_state_st { uint32_t s1, s2, s3, s4; uint32_t h0, h1, h2, h3, h4; uint8_t buf[16]; - unsigned int buf_used; + size_t buf_used; uint8_t key[16]; }; +OPENSSL_STATIC_ASSERT( + sizeof(struct poly1305_state_st) + 63 <= sizeof(poly1305_state), + "poly1305_state isn't large enough to hold aligned poly1305_state_st"); + static inline struct poly1305_state_st *poly1305_aligned_state( poly1305_state *state) { return (struct poly1305_state_st *)(((uintptr_t)state + 63) & ~63); @@ -200,7 +204,6 @@ void CRYPTO_poly1305_init(poly1305_state *statep, const uint8_t key[32]) { void CRYPTO_poly1305_update(poly1305_state *statep, const uint8_t *in, size_t in_len) { - unsigned int i; struct poly1305_state_st *state = poly1305_aligned_state(statep); #if defined(OPENSSL_POLY1305_NEON) @@ -211,11 +214,11 @@ void CRYPTO_poly1305_update(poly1305_state *statep, const uint8_t *in, #endif if (state->buf_used) { - unsigned todo = 16 - state->buf_used; + size_t todo = 16 - state->buf_used; if (todo > in_len) { - todo = (unsigned)in_len; + todo = in_len; } - for (i = 0; i < todo; i++) { + for (size_t i = 0; i < todo; i++) { state->buf[state->buf_used + i] = in[i]; } state->buf_used += todo; @@ -236,10 +239,10 @@ void CRYPTO_poly1305_update(poly1305_state *statep, const uint8_t *in, } if (in_len) { - for (i = 0; i < in_len; i++) { + for (size_t i = 0; i < in_len; i++) { state->buf[i] = in[i]; } - state->buf_used = (unsigned)in_len; + state->buf_used = in_len; } } diff --git a/crypto/poly1305/poly1305_arm.c b/crypto/poly1305/poly1305_arm.c index 004221dedc..d6f034c657 100644 --- a/crypto/poly1305/poly1305_arm.c +++ b/crypto/poly1305/poly1305_arm.c @@ -36,7 +36,7 @@ extern void addmulmod(fe1305x2 *r, const fe1305x2 *x, const fe1305x2 *y, const fe1305x2 *c); extern int blocks(fe1305x2 *h, const fe1305x2 *precomp, const uint8_t *in, - unsigned int inlen); + size_t inlen); static void freeze(fe1305x2 *r) { int i; @@ -136,7 +136,7 @@ static void fe1305x2_tobytearray(uint8_t r[16], fe1305x2 *x) { } static void fe1305x2_frombytearray(fe1305x2 *r, const uint8_t *x, size_t xlen) { - unsigned i; + size_t i; uint8_t t[17]; for (i = 0; (i < 16) && (i < xlen); i++) { @@ -179,17 +179,20 @@ static const alignas(16) fe1305x2 zero; struct poly1305_state_st { uint8_t data[sizeof(fe1305x2[5]) + 128]; uint8_t buf[32]; - unsigned int buf_used; + size_t buf_used; uint8_t key[16]; }; +OPENSSL_STATIC_ASSERT( + sizeof(struct poly1305_state_st) + 63 <= sizeof(poly1305_state), + "poly1305_state isn't large enough to hold aligned poly1305_state_st."); + void CRYPTO_poly1305_init_neon(poly1305_state *state, const uint8_t key[32]) { struct poly1305_state_st *st = (struct poly1305_state_st *)(state); fe1305x2 *const r = (fe1305x2 *)(st->data + (15 & (-(int)st->data))); fe1305x2 *const h = r + 1; fe1305x2 *const c = h + 1; fe1305x2 *const precomp = c + 1; - unsigned int j; r->v[1] = r->v[0] = 0x3ffffff & load32(key); r->v[3] = r->v[2] = 0x3ffff03 & (load32(key + 3) >> 2); @@ -197,7 +200,7 @@ void CRYPTO_poly1305_init_neon(poly1305_state *state, const uint8_t key[32]) { r->v[7] = r->v[6] = 0x3f03fff & (load32(key + 9) >> 6); r->v[9] = r->v[8] = 0x00fffff & (load32(key + 12) >> 8); - for (j = 0; j < 10; j++) { + for (size_t j = 0; j < 10; j++) { h->v[j] = 0; // XXX: should fast-forward a bit } @@ -215,14 +218,13 @@ void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in, fe1305x2 *const h = r + 1; fe1305x2 *const c = h + 1; fe1305x2 *const precomp = c + 1; - unsigned int i; if (st->buf_used) { - unsigned int todo = 32 - st->buf_used; + size_t todo = 32 - st->buf_used; if (todo > in_len) { todo = in_len; } - for (i = 0; i < todo; i++) { + for (size_t i = 0; i < todo; i++) { st->buf[st->buf_used + i] = in[i]; } st->buf_used += todo; @@ -232,7 +234,7 @@ void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in, if (st->buf_used == sizeof(st->buf) && in_len) { addmulmod(h, h, precomp, &zero); fe1305x2_frombytearray(c, st->buf, sizeof(st->buf)); - for (i = 0; i < 10; i++) { + for (size_t i = 0; i < 10; i++) { h->v[i] += c->v[i]; } st->buf_used = 0; @@ -240,7 +242,7 @@ void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in, } while (in_len > 32) { - unsigned int tlen = 1048576; + size_t tlen = 1048576; if (in_len < tlen) { tlen = in_len; } @@ -250,7 +252,7 @@ void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in, } if (in_len) { - for (i = 0; i < in_len; i++) { + for (size_t i = 0; i < in_len; i++) { st->buf[i] = in[i]; } st->buf_used = in_len; diff --git a/crypto/poly1305/poly1305_vec.c b/crypto/poly1305/poly1305_vec.c index 29cd5c3f34..83f1efee34 100644 --- a/crypto/poly1305/poly1305_vec.c +++ b/crypto/poly1305/poly1305_vec.c @@ -92,6 +92,10 @@ typedef struct poly1305_state_internal_t { } poly1305_state_internal; /* 448 bytes total + 63 bytes for alignment = 511 bytes raw */ +OPENSSL_STATIC_ASSERT( + sizeof(struct poly1305_state_internal_t) + 63 <= sizeof(poly1305_state), + "poly1305_state isn't large enough to hold aligned poly1305_state_internal_t"); + static inline poly1305_state_internal *poly1305_aligned_state( poly1305_state *state) { return (poly1305_state_internal *)(((uint64_t)state + 63) & ~63); From f8047e2d47386b218204267de2ede43af2931875 Mon Sep 17 00:00:00 2001 From: Aaron zhang Date: Wed, 25 Nov 2020 18:26:25 +0800 Subject: [PATCH 334/399] Improve sk_dup. No need to use |sk_new|, which allocates a buffer that will immediately be realloced. Change-Id: If0a787beac19933d93c5f9a3a8b560edd027c16c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44205 Reviewed-by: Adam Langley --- crypto/stack/stack.c | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 599bd7b1be..6da6e3b232 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -57,7 +57,6 @@ #include #include -#include #include @@ -69,11 +68,9 @@ static const size_t kMinSize = 4; _STACK *sk_new(stack_cmp_func comp) { - _STACK *ret; - - ret = OPENSSL_malloc(sizeof(_STACK)); + _STACK *ret = OPENSSL_malloc(sizeof(_STACK)); if (ret == NULL) { - goto err; + return NULL; } OPENSSL_memset(ret, 0, sizeof(_STACK)); @@ -331,23 +328,20 @@ void *sk_pop(_STACK *sk) { } _STACK *sk_dup(const _STACK *sk) { - _STACK *ret; - void **s; - if (sk == NULL) { return NULL; } - ret = sk_new(sk->comp); + _STACK *ret = OPENSSL_malloc(sizeof(_STACK)); if (ret == NULL) { - goto err; + return NULL; } + OPENSSL_memset(ret, 0, sizeof(_STACK)); - s = (void **)OPENSSL_realloc(ret->data, sizeof(void *) * sk->num_alloc); - if (s == NULL) { + ret->data = OPENSSL_malloc(sizeof(void *) * sk->num_alloc); + if (ret->data == NULL) { goto err; } - ret->data = s; ret->num = sk->num; OPENSSL_memcpy(ret->data, sk->data, sizeof(void *) * sk->num); From eb57cc1e875d3137aa3cf723f3c525e253ddea9b Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 1 Dec 2020 11:14:41 -0500 Subject: [PATCH 335/399] aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode ARM Cortex-A57 and Cortex-A72 cores running in 32-bit mode are affected by silicon errata #1742098 [0] and #1655431 [1], respectively, where the second instruction of a AES instruction pair may execute twice if an interrupt is taken right after the first instruction consumes an input register of which a single 32-bit lane has been updated the last time it was modified. Shuffle the counter assignments around a bit so that the most recent updates when the AES instruction pair executes are 128-bit wide. [0] ARM-EPM-049219 v23 Cortex-A57 MPCore Software Developers Errata Notice [1] ARM-EPM-012079 v11.0 Cortex-A72 MPCore Software Developers Errata Notice (This is imported from upstream's 409c59e8f44ae56f2587cdd8a7ce611d0e3d91d9.) The change is applied to both 32-bit and 64-bit for simplicity, but there was no measurable performance difference, so leaving them aligned is easiest. Change-Id: Ic8e5f656f59ae8c2ecb2762a066c2c9064bb34c5 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44284 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/fipsmodule/aes/asm/aesv8-armx.pl | 45 +++++++++++++++++-------- 1 file changed, 31 insertions(+), 14 deletions(-) diff --git a/crypto/fipsmodule/aes/asm/aesv8-armx.pl b/crypto/fipsmodule/aes/asm/aesv8-armx.pl index a2825ceaf3..1a2c20b78f 100644 --- a/crypto/fipsmodule/aes/asm/aesv8-armx.pl +++ b/crypto/fipsmodule/aes/asm/aesv8-armx.pl @@ -748,20 +748,34 @@ () add $key_,$key,#32 mov $cnt,$rounds cclr $step,lo + + // ARM Cortex-A57 and Cortex-A72 cores running in 32-bit mode are + // affected by silicon errata #1742098 [0] and #1655431 [1], + // respectively, where the second instruction of an aese/aesmc + // instruction pair may execute twice if an interrupt is taken right + // after the first instruction consumes an input register of which a + // single 32-bit lane has been updated the last time it was modified. + // + // This function uses a counter in one 32-bit lane. The vmov.32 lines + // could write to $dat1 and $dat2 directly, but that trips this bugs. + // We write to $ivec and copy to the final register as a workaround. + // + // [0] ARM-EPM-049219 v23 Cortex-A57 MPCore Software Developers Errata Notice + // [1] ARM-EPM-012079 v11.0 Cortex-A72 MPCore Software Developers Errata Notice #ifndef __ARMEB__ rev $ctr, $ctr #endif - vorr $dat1,$dat0,$dat0 add $tctr1, $ctr, #1 - vorr $dat2,$dat0,$dat0 - add $ctr, $ctr, #2 vorr $ivec,$dat0,$dat0 rev $tctr1, $tctr1 - vmov.32 ${dat1}[3],$tctr1 + vmov.32 ${ivec}[3],$tctr1 + add $ctr, $ctr, #2 + vorr $dat1,$ivec,$ivec b.ls .Lctr32_tail rev $tctr2, $ctr + vmov.32 ${ivec}[3],$tctr2 sub $len,$len,#3 // bias - vmov.32 ${dat2}[3],$tctr2 + vorr $dat2,$ivec,$ivec b .Loop3x_ctr32 .align 4 @@ -788,11 +802,11 @@ () aese $dat1,q8 aesmc $tmp1,$dat1 vld1.8 {$in0},[$inp],#16 - vorr $dat0,$ivec,$ivec + add $tctr0,$ctr,#1 aese $dat2,q8 aesmc $dat2,$dat2 vld1.8 {$in1},[$inp],#16 - vorr $dat1,$ivec,$ivec + rev $tctr0,$tctr0 aese $tmp0,q9 aesmc $tmp0,$tmp0 aese $tmp1,q9 @@ -801,8 +815,6 @@ () mov $key_,$key aese $dat2,q9 aesmc $tmp2,$dat2 - vorr $dat2,$ivec,$ivec - add $tctr0,$ctr,#1 aese $tmp0,q12 aesmc $tmp0,$tmp0 aese $tmp1,q12 @@ -817,21 +829,26 @@ () aesmc $tmp0,$tmp0 aese $tmp1,q13 aesmc $tmp1,$tmp1 + // Note the logic to update $dat0, $dat1, and $dat1 is written to work + // around a bug in ARM Cortex-A57 and Cortex-A72 cores running in + // 32-bit mode. See the comment above. veor $in2,$in2,$rndlast - rev $tctr0,$tctr0 + vmov.32 ${ivec}[3], $tctr0 aese $tmp2,q13 aesmc $tmp2,$tmp2 - vmov.32 ${dat0}[3], $tctr0 + vorr $dat0,$ivec,$ivec rev $tctr1,$tctr1 aese $tmp0,q14 aesmc $tmp0,$tmp0 + vmov.32 ${ivec}[3], $tctr1 + rev $tctr2,$ctr aese $tmp1,q14 aesmc $tmp1,$tmp1 - vmov.32 ${dat1}[3], $tctr1 - rev $tctr2,$ctr + vorr $dat1,$ivec,$ivec + vmov.32 ${ivec}[3], $tctr2 aese $tmp2,q14 aesmc $tmp2,$tmp2 - vmov.32 ${dat2}[3], $tctr2 + vorr $dat2,$ivec,$ivec subs $len,$len,#3 aese $tmp0,q15 aese $tmp1,q15 From 9ad79a15c7f9496576cd5c75b3dd15103f174bac Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 1 Dec 2020 14:26:14 -0800 Subject: [PATCH 336/399] CI/CD: Run `sudo apt-get update` before using `apt-get`. See https://github.com/actions/virtual-environments/issues/2155. This fixes CI/CD jobs failing due to `apt-get` failing to download packages. --- .github/workflows/ci.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d112f8eef0..f3625508f4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -241,6 +241,9 @@ jobs: host_os: ubuntu-18.04 steps: + - if: ${{ contains(matrix.host_os, 'ubuntu') }} + run: sudo apt-get update -y + - uses: actions/checkout@v2 - if: ${{ !contains(matrix.host_os, 'windows') }} @@ -297,9 +300,13 @@ jobs: - CHROMEDRIVER=chromedriver steps: + - if: ${{ contains(matrix.host_os, 'ubuntu') }} + run: sudo apt-get update -y + - uses: actions/checkout@v2 - run: cargo generate-lockfile + - run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }} - uses: actions-rs/toolchain@v1 @@ -358,6 +365,9 @@ jobs: # too. steps: + - if: ${{ contains(matrix.host_os, 'ubuntu') }} + run: sudo apt-get update -y + - uses: actions/checkout@v2 - if: ${{ !contains(matrix.host_os, 'windows') }} From 1725cc295e19027937b3a0dc78cb170031d80791 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 1 Dec 2020 14:26:14 -0800 Subject: [PATCH 337/399] CI/CD: Run `sudo apt-get update` before using `apt-get`. See https://github.com/actions/virtual-environments/issues/2155. This fixes CI/CD jobs failing due to `apt-get` failing to download packages. --- .github/workflows/ci.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d112f8eef0..f3625508f4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -241,6 +241,9 @@ jobs: host_os: ubuntu-18.04 steps: + - if: ${{ contains(matrix.host_os, 'ubuntu') }} + run: sudo apt-get update -y + - uses: actions/checkout@v2 - if: ${{ !contains(matrix.host_os, 'windows') }} @@ -297,9 +300,13 @@ jobs: - CHROMEDRIVER=chromedriver steps: + - if: ${{ contains(matrix.host_os, 'ubuntu') }} + run: sudo apt-get update -y + - uses: actions/checkout@v2 - run: cargo generate-lockfile + - run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }} - uses: actions-rs/toolchain@v1 @@ -358,6 +365,9 @@ jobs: # too. steps: + - if: ${{ contains(matrix.host_os, 'ubuntu') }} + run: sudo apt-get update -y + - uses: actions/checkout@v2 - if: ${{ !contains(matrix.host_os, 'windows') }} From c3f4612d83f345ef0bb0024ce6086a6a773324ca Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 1 Dec 2020 17:47:57 -0500 Subject: [PATCH 338/399] Only accept little-endian ARM and MIPS variants in base.h. checks for a supported platform, but we don't check endianness of ARM and MIPS, which are bi-endian. See https://crbug.com/1153312#c7. Switch this around. Documentation on which define is "official" is hard to come by, so I mostly mimicked Chromium. Chromium detects little-endian ARM and MIPS with __ARMEL__ and __MIPSEL__ respectively, without looking at __arm__ or __mips__. It uses __aarch64__ instead of __AARCH64EL__, but I think that's an oversight. I can get Clang to output for aarch64_be and that defines __aarch64__ with __AARCH64EB__. (which we should simplify and align with base.h once this CL sticks) also normalizes to __ARMEL__ over __BYTE_ORDER__ and friends. Although, interestingly, arm_arch.h defines its own __ARMEL__ on GNUC aarch64, even though Clang does *not* define __ARMEL__ on aarch64. (I'm guessing this aligned for the benefit of the "armx" bi-arch asm files.) This value is based on __BYTE_ORDER__, not __ARMEL__, but it assumes GNUC arm always defines __ARMEL__, so I think it's reasonable to assume GNUC aarch64 always defines __AARCH64EL__. Given all this, probably the simplest thing that's most likely to work is to use __ARMEL__, __MIPSEL__, and __AARCH64EL__. Note this does not change the _M_* checks. _M_* are Windows's definitions, which I think we can reasonably assume come with an endianness opinion. (Windows' ARM and ARM64 ABIs mandate little-endian.) This aligns with Chromium. Update-Note: CPU processor defines are a mess. If a little-endian ARM or MIPS build breaks, some of the assumptions above may be wrong. In that case, the output $CC -dM -E - < /dev/null on the offending toolchain will be useful to fix it. If a big-endian ARM or MIPS build breaks, this is working as intended. Any resulting binaries weren't producing the right outputs. Change-Id: I2a9e662d09df119a71226e91716d84e7ac3792aa Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44324 Commit-Queue: Adam Langley Reviewed-by: Adam Langley --- include/openssl/base.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/openssl/base.h b/include/openssl/base.h index 474bb8bc72..8e8cc15a93 100644 --- a/include/openssl/base.h +++ b/include/openssl/base.h @@ -90,19 +90,19 @@ extern "C" { #elif defined(__x86) || defined(__i386) || defined(__i386__) || defined(_M_IX86) #define OPENSSL_32_BIT #define OPENSSL_X86 -#elif defined(__aarch64__) || defined(_M_ARM64) +#elif defined(__AARCH64EL__) || defined(_M_ARM64) #define OPENSSL_64_BIT #define OPENSSL_AARCH64 -#elif defined(__arm) || defined(__arm__) || defined(_M_ARM) +#elif defined(__ARMEL__) || defined(_M_ARM) #define OPENSSL_32_BIT #define OPENSSL_ARM #elif (defined(__PPC64__) || defined(__powerpc64__)) && defined(_LITTLE_ENDIAN) #define OPENSSL_64_BIT #define OPENSSL_PPC64LE -#elif defined(__mips__) && !defined(__LP64__) +#elif defined(__MIPSEL__) && !defined(__LP64__) #define OPENSSL_32_BIT #define OPENSSL_MIPS -#elif defined(__mips__) && defined(__LP64__) +#elif defined(__MIPSEL__) && defined(__LP64__) #define OPENSSL_64_BIT #define OPENSSL_MIPS64 #elif defined(__pnacl__) From 8a49b70789eae2193869029574f93243fede6f98 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 1 Dec 2020 16:40:40 -0800 Subject: [PATCH 339/399] 0.16.19 --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 68a0714dd8..e847097769 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,7 @@ license-file = "LICENSE" name = "ring" readme = "doc/link-to-readme.md" repository = "https://github.com/briansmith/ring" -version = "0.16.18" +version = "0.16.19" # Prevent multiple versions of *ring* from being linked into the same program. links = "ring-asm" From 5763899886061bf23c58f9a17805e343e51ca093 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 2 Dec 2020 09:21:39 -0800 Subject: [PATCH 340/399] Update FIPS.md to include latest FIPS certificate. Change-Id: Iba527924a79733b28b12b65d8e1f613d7819eb34 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44345 Commit-Queue: Adam Langley Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- crypto/fipsmodule/FIPS.md | 1 + ...rypto-Android-Security-Policy-20191020.docx | Bin 0 -> 157497 bytes 2 files changed, 1 insertion(+) create mode 100644 crypto/fipsmodule/policydocs/BoringCrypto-Android-Security-Policy-20191020.docx diff --git a/crypto/fipsmodule/FIPS.md b/crypto/fipsmodule/FIPS.md index 70f2531650..f967a2d604 100644 --- a/crypto/fipsmodule/FIPS.md +++ b/crypto/fipsmodule/FIPS.md @@ -11,6 +11,7 @@ BoringCrypto has undergone the following validations: 1. 2017-06-15: certificate [#2964](https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Certificate/2964), [security policy](/crypto/fipsmodule/policydocs/BoringCrypto-Security-Policy-20170615.docx) (in docx format). 1. 2018-07-30: certificate [#3318](https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Certificate/3318), [security policy](/crypto/fipsmodule/policydocs/BoringCrypto-Security-Policy-20180730.docx) (in docx format). 1. 2019-08-08: certificate [#3678](https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Certificate/3678), [security policy](/crypto/fipsmodule/policydocs/BoringCrypto-Security-Policy-20190808.docx) (in docx format). +1. 2019-10-20: certificate [#3753](https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Certificate/3753), [security policy](/crypto/fipsmodule/policydocs/BoringCrypto-Android-Security-Policy-20191020.docx) (in docx format). ## Running CAVP tests diff --git a/crypto/fipsmodule/policydocs/BoringCrypto-Android-Security-Policy-20191020.docx b/crypto/fipsmodule/policydocs/BoringCrypto-Android-Security-Policy-20191020.docx new file mode 100644 index 0000000000000000000000000000000000000000..e6f790e59fbf541e11749d069d687505f8c441a4 GIT binary patch literal 157497 zcmeFY^N%i0@TfVqZQJ(D8Qa!7wryKyY}>YN+dO02x}WbRo88U+3HSC7o$jQ%J6)+K zmFlWilmP`p1A+j80s;ae23jKj$1?^D1Y`^Y1cV9%1)?KjZ|7oa=c2Fb>0s&%VDPZD zAu0p|p~?pW`A`1;wEvAYFq|r zAdPjKZ$vA3W#si_{m>2*52M_r+5m3!HsqNITThZA5Kxq|DM1@=cbE-HoHv5^cJARb zTH+3cAd$|$?&1XAqKQLSyLaX&g0h{Bo+bx~txRv#%FBDqiGrf&Ns2&XY>En8i zwQe?~k?N?Gg2i8CM!%98r~L%w=;XCBTZW19M!r|qto&CeKvUbTtF4@xw{^Au(h%9!8kTXpzra9f0Ueq@ln%JwNF3U7<}`Z7p=4M(!z z@6W1zDIXC+3wr(ujk9;-AxJiW1cZAkAEJ@Y4<~+~=SeAf&Ce4jk}Yn%0}U(>KV0v6 zBdQsoh=lk{@dt@*l>bq|pY9LgD$%EXjQ0s*{crBOT$bOj!!P9c?T-H>Dl4c6l1()) zaeNq-MQwOrq;=LDNrlrlX=wqKpW)UPHbs?0!5U$^9NA^?E2Jl%a=x3%<8uVpHzW|y z?=L8j;{S(#f&`ql+y9JO{y)57|KnfZ$<)S~k>P*(|HJ+N#<2gtu3nuuU^T=9CwLqD z9lX$^v^juPB+qC(zlF5{38f3nv30HuU>moR&*I{bsnI(aeso+Oo`o(zuGLXVomfk=3ZNT2CPJ*E+T zIWB{>B%z*LHYRH-%5_v*drkLa&Cg(7S+$bX@rJDA7wZkf@0`WWwR1Jf3*S&DzRn%8D5*bPdT>u@)_~~P&i=zE=8g+vG zhvSx5t6BfR9yc2x^!T3_{QvV2Em*xeHUb0`VFv?*{GU?X?VU^*P3(WL?|Zba%`fEDVICl1Eg~Dnyjsy8Lt8 z*WbAxold1FSf!*)F2t1^>9({4wNMy6BO|^@SXfCO7=J&;*wk-^=;9WS!rk|keak{7 znDE6Wb`Wpj-~7{XeIMo~iI>%M6vNnj^^i{LELg?jRTXZtvhPg{0*+d

cP9^&i_r0XN`V!~8q{RCYSBEV-8TQZVWY1*Q67FpC9sVE{6?fJDu_q0=)#ENFg&oq`?&_*qqsmQ+%cKBp!t6mvX zZ<|W>({42gqd6Nnz8Uo$X&v_Y`z8m|7fIwEq}X&~?=1Hg&t@hH<39m8?RlforvzsC z#||413U*SHYJs+y`V0OzY4m#l5=9+{5cCG0B01DdR|ajC66N;Fc1%mFVQ_k26D1&B z+5otsRFWR5qGF0`MBgTLc>*_DaUHazKk^zP--d4P>CHaVi|;mS+Af-wdFsZ$ftCjd zrfSL>gwXGXe>-x(SYe=-4xY=p$Yz3sWOYPMB@2x59T4jKl4)UZU2X*wRSe@}2{uk+ zb_dp)h+qYj>_~_1=vKgQ-_&55!MiFoe$Q5{tx{upzwYGK0BL6wx_VASj!bdU&%B&1 zGTnn&G5*^aam==>&%Q{%cQ>h9tS(r925+r*$&)gvge8fvWIlN$iC{V-L|runUA54L zx#wDodAIr-ueyBNe&AXK*-La6aN{B2)>u6u4OI}Ap%*<74K}q$CgyQ#BqolFf)||j zAbJq`!i~BD+RR9NHTVDIT#PdM#exEeRYW+%&dV+**UBS?8VTR&u#{^QZov*oidBGs zR`mFb|L}G{I{-kX}LG;M(LD*wig=y61C zL-;X-q?)o}OS2hSAXU+0!vr9VCw>C3KaOmgmSX5nP2!qJ)T&LAOBTw(E%Pn6aFn$A za&6ad2>t?j0d?hiUtr`Wdj6DU>3|zNgV3}cIOK|r6gef0F5ESM!$uZdLTv=OTlF?Hgl59XT|Na!>wh~d5e)0B_gLJ>sb3BWg|gP}Ep{A;#9t2^1r|xz z0%dhM4K7ri(7`@3bs_HgYSQWI)6$!u8m<&hn`7ym@-4u@BQ*_pib9FoFtm+&R@(VQ zYt@?1dBPjgoPI<7I^aWgXMAa=>vE-1A$@3uh5-vFh2UU;ibxE2aEU_@R5(=QIt0Kc zoekxK8@qrIKlu#kiU_g;<_uEj2#`et8o4R*Ht#ADW-LaMDoYetv9|M}LIa856ah=F zb!C!QH9x0M0@(h@LIN>`guCCFqHtH})wJ@NF@t1?5|gKAcFOfZ6zYk$ei3Q>n$0yh zW1y6$c|&aS*hz0a271NTM|FDRzb=|tIBO>|3Hb&}M&VFkS=dEN5ze+QPS(mSW{Af1 zhL@#>)``rgqgVjf21GGbd6tt7Y>|3!wy|W=lWiwL^^-Wg6$SFz~=$L z@jnwKz+4zb|9>kXO#4Ms!?DOOXip=sB*|$RBuBG#-?PH%ymM85%*`1<(W?kBzO8*$ z>UUPX0f_?EomnBaw?b}|GtV&B?wnD_7;|tN(el;E5i}VmqBnO`v%_ zh$BuS+|+?bnh6QnvrtGz%)3BK@T@9TKqwYeEC1F5VwrRsNd8}F7cy5fGBpUDxU-ioRZwje#oqy-TkC%9CA84- zlTWJuVwVo*%s^oV{me-OlZ`L3bif30;Fh_m)Cl{t=WoIv5#}dO*fDW-yr1b#gTwHz z$}8mME+A7|$xab$k}ui|jXgSSgb&uz@@ebYW`pkIdVewTGs|LJ9Pv}gQVCghN4S1O zpFYN~VBVxX*Qpf2H%7AMwe4nCx z+FmprT^Q<%tE_%it^SJL9gq4*qdqre)c!}DBZq0;xd$CwLcqkfd|;P$k3f;vxpBHY z`b#KBa%*4{Tl;UeMvWHVAj8;1;i)O_o5n}pA5GNY4||GWmu%KWCE**a7FlDs=sxix zqldt_^^eet*TQ6{@|66+dq?OPINCHx9s?{rzS;CWh~ozk=Qe5@coIY}(Yq<)5F&iz zlYg(G7{hUf{ey7>W8?@}d@nX3Ab~GvU zbW=MP0u}^796B0RS%|qO85DZ&)z>Fck;F&24!9kI!y$c2p0mk_k9IaM-}fS$$3*G^ z^YY~a*HtlO#C0r#088a@s|A+f1MN_d-_baWLj<6rd{s{F;!TVD)) z&UmLUpBUt~G$vb@m&&h(NqAI!;ErtCFt|P3CD$M4ZCSS|Hn~*GFlrdR(`a+=-%(k8 zzO8m>R`q7no0An>iW3G!soJ<=lGw86_>iCs98FBdBt0}0UiPz8 zc*<_!T4=f)R9)EOsxkQ`7yk--?7e}s~nTo6F?%m4tHXD(nB| z5V;VFGDnN4EhfHab0Z!E#6BoON3pMsL#u^o;gRo^n+`IiWs>{2@f0itvl(*;H(^$z z2b9li+FGjSwsNouE;ZFx%weEM8mDDAakm_YEhBWwTC}9OpMS65N8`=b+4cRnuxIbi z)uwy=IC4{$HjJ;DBEBef5K7Ufg9!;_5(<7`LXpm#@wUU`T>p&dwDXy8`9l_c_d7lpd5)x=aB zSGz=^Z7HL~!CWrdP6m8hps{?{6}v?F6NVyAGZ~z*(*EU--3VlfyrIB!^dKBvhN12W z!#-Our#ufvLDw}+z6d}^8*X^W_yeEpBeWG(BeJIpexch6?XO5rqfddx7Z@O8v&WY4 zcTe1k6D+qz%9b|FuG|hY&b=qr2VW~i(4Q*hG_XZ3Sb{vl*^cdjnvor?-Hw6#Y0m#k zLTlzfQ1YfzkNO)Gmum7cI#N%Z5T845Y#R)FF|81@Y_G$#^=@#M3n7*}mE_^iEpW`d zk=+_j+9rzn#Y>IPNCIt^Mmgd_`N;#_B%V1^wKSH5P1mxOkXH?G-PNt@uO3p_*H?_5 z+n97l$>=nyFflQ_>Kpt3fGzBUCX|rlbxXyUYsDaF<}5ZiOGeD`Ev!3fLHZ3Jfj1q= zh1?)fj9m#j3OUb+DCj2M#O8=Fmltlt4O?~jn6Oi=o#Zr2_Re(+x2Hg1!5Wrgr(WeNsMKJ)yQhOPzkE_U&8r z2`fGwHoXA)+mmbz{)HN4;~@k|W>EiGVTZd3E^ z*)2)04vH^UVwTLnq_)@hSdkfOqxAuWw(^e+B=P6u%NS=}up$msU)dzDgV6KHE$Z>> zpOn4R?2;+YP?R>+yzm%zG5DH`sawRA*_L|TDM9l!WuK&$73JCu85IUXNboQzFz1+d(Hy@7zqk ztfLmCGzG|xOBa)GNDmv!&BZS!Eiz#mOSLV^&6sj9F9^rTe24sSx}oPR7<1l29wgA7 z;t5)zWqzcQ>z32N@^4;kl!{GK^km6r<#=g!TbXCkQ_C3swPu@0Rh{@Kh1WdDidH)) zsQ@cPMM;ol8DJ_nJfH-6I?oCS=7i|11$>lzE84g@2*s>4ZgQR$2}-(!^OAg2Hh3GI zFeDFo7Z3nkmb{=sh&&yVL!>yC2Cgn6Uatq+w#v|&Hln|Wxv3J8`xP3htiy(!U|vwW zEzyJS8My{nTp<-(1r^u;$!R4O)C02vzhN9WN)}h=+}cS=;aLGyJLVUxGMXYyl>F1C ziwB7NQR-v#k5#Z_3von-U#%7B#XK&r47qH*;|f z;q|qwiHngHOTQPm#6i?+AyOE-;T5(dyk*iQ$xIAe>N7Ib<1gqrY>Q7}7lu&fGD*;KP7Ma} z@I9RlA3nG-&_>3Ja`e+O2_^J4F9{7wg&5Dmr3_B^yZ1;YCMpK8KDo0g%u%YTVA6&0 zyC~u_u`z|%GjOJa?jOKs*R3n)kfR*4G~xNUa6F+Ic&O$9w1GLlVn-@HD|!{iFv#?C~;gy1bri1A&sC+&hp?bmr^f+H0Qjuz3el0 zBJr@ARwaungvf??!7rK8O~0q@k~n`GJ1P9J3PaXl)S6x^vF zi_qUYhVYJpUxruBUAe*6A$<|>!n04Nw1e*|I7WSqI}dzCWLE)_D-1pkbj^+)FsBZV zH1Imuc8y4Z7;Q8)%UsoJybg@4d3*xCRBTBCxCRI53XG=*#BDhfbcUGkq;2y4}Vcv z)!{^5&iIu__OFxl%RPBu4e^)rQAqb+FWbv!QBO>oAGbx_dF{nVSh~K*Bm10F2WyPz z=Z!_20t(X(@-?p+n%}p@-1KLhAqlDp8_fm6n`RhC9q`Xa>8(1l10P-PDLkIdn>@4* z%AGgRPb4C_E%+P0GjJb#e_sh6%#Cp5OV5IyI7uH-Gv#tGC%f7B8m6=E6vg~8urkWE zcm8+eoV#u43%&|hFMRWFpJA%Fzx3x1({S3rFeB7G`x*y-FtO@R^w?c|)ux2#SE{37 zNH@Z;zvaNNV2=;z$9@D@7yRM981hM|?)z;Wl?l*&W+B%Ws3)78vnmzv2n1N@WPCqdy=IQ%HMh!C(DP^*39>5sV-l%nj}z zO~`svlk+mX?brcRocS2BlJ$AzqwTcLT4l!M^c04rnqtUseNr4QK#=Y`%x0vCgM){C3U|qAMXyl?RK9?Fi{7DUC2f zJ<-om=28$4=K~vEm|oyQf5^RCLw=lMs!t2)Z+?KN`OO4(#oHq4?AAO)+xKbU?VU{h zJUyO$df7`tj~g7O6@kS|$ev*Zp#-d#WD1=UHz`B29oOZcaP?Uj*Mga#SO(I#k~`cl zyh{!G*{`P|k1;~NKs)gdHLRk9eIRfgAb(5m;augB9kugbO=T~DsHN8bvPYXadK`GQ zp}c#O_Q4VR360zH@-!3aWYnG}F2$elmaNbu^ilg?$N$0^M_@nn)wnD?-}ra5ycxxw zwm)UbBKjf?PFWnJ1>fN`yX>`s-^!hVLSF77&w+XC#5-4w;jlraR3qZ9)lVh1@Nyq$U2A;=5v;E=;@X- zr&<-E4pbYaQp7DOTh13CG3%3HGt~POhHu6@jxtKv3W9QhWdvQ8N6GPk9(=-9nN_CK zM64Jlv$rVi9N?Ef2SM|FUmgvXUu{QY|7OL(gd==1QJ+it*SbrH1aLq=SEMq539N?J zTdt9Jc4#wKxt4Vf$<*~r_D>QKiZ6gTbMzxEVXG&u5n`Xf$Iw`^${r>^=ME)J{-(6` zg=#gn>(P%K`!g^I>grim9OzjgTA)`S1w{|jwO7GU&NRj}+-@=;XA{@gS%Y23o$%J) zEFTrvfw13fFEgwh8P3prBxtiKIcdCH*bj~55Tma$Rk^HUI~hdR4>wcmpAi*5RxH4i zcjtr-aOw%(AF#HBzRk)oMGTduZcn4nhz`31#6O{Ygrt{GA1#hD?Tmq}X1ZKSxI0&7 zPR`mfDa|c{?1Y9~eq?`dlqFRNvY>x`=1ty;loZc&)xda4TxT^O5O{a!2Z67Nb*|1= z@~g*q{z1?GdL;bSH2oXe%w)76}JvLvwuq zC>IgA**DVmv%W^3=^DA=FBRtG9NL737gLytK89o~(;ivkvp5SjXJ?oRJ}O%d!UWqH zSEhMAVC^F|ptfsTPLX6ofb0^J&`XqTDXU3=wpWHaUykOLeeB~}+;OlvVss&XvL&SD zr=B91WX+()80+EOKyHPt_@lReA(DNJ-NvCge|!zr`a6g)4$4{_+S)N&fK5^EpN9Qc zBC$UsWFOnyGQEy2-;(c=k}H)v`|CfAzV%+xe`yo<(Q?e3>1HUyUcu>bg5KOjrCX_% zUfa+`xk=;7$csK5(yf@oA7YvKOU~-YRHMrD$xRbmS-KOaOiq=%C z%ykpzig1=#sB7q@iSul5;mvXC9$i!~Uq8R5K>ag5ND?B)xS*_&hT+EPE}#C~SP;6R z^%pQ3#0dwe!jr)rLJ-!HX^W6g<2{z^8*HS#$KGmLsgT3NxGn_eQ+Q-)!172j|mCC8df8qYC ztazRVKQ=e?z$HW1V^C_G{AF{{TzIC{Q4y;#Kbid1?df6FP?ho8L}~`Y(LCd5-cc_6z{McvuGH1ZTk5jF8ji}D-55T*U&q;p z$3|mG6=$Q0^^3o3xPmUvYBhTZPQBce8A(0(m@{GB*uSpLj}oZ&t>>_w6p8e%LKrNQ6@JPi2hYL-AY;Jr8F4=74XscR4cw_Z2YW z;JH*oVJfmODa}_;^)AM!-`aYd@%z6XD>;wbb=cNrumUGf)Q5a?mPA|N<5)^2EJfq5 zacko}#w5%#-t>>yTvY#do!4;z_;nATl7yV^4~#Q+M-IG?AI;6n^mJP)Oeb_?lXFsl z@R9mt$O*65iiB_fpX`-g9-Yc-;P>#iU~g=77;-}!p$bjB<9ZNiv`k45FOE)c)_ej= z%(<@G#QF&sJ_k&RMLg{YSuw}Ee|C3YYUzde;a8X+;Pdp)&!ac_q&rJ><)z}L9~26C z&H}F|&s>;`;!dbkI{3X~*ZYAH$J`kkuWFd?)or5zM`V~Z9y|+=hBCofTqMiX;-^J3 zrQWNQSY@grn`THon+{$xj0JZpkxN=^GfhOlZ5H7_+xR5)Bi~SVqWV1pUNX!Si z^oh;il<(RDCGuERyj@!47UrRIB78BrxUNAs-_iOUbx}kEgDzv$uL|KDo@($Q8-@+iZ9blh7i96h}@0-cdm0=7$ z=H;u)Y$Y89d`#XH)7S_~WCp^_@>(HWVpgT?X_4PUYDT|+7$K}p^)|-_wWa6lt5hLH zS9^_1;>CcLf6n$+8sf8qG~7y%;pZ+K<|h~Kg!b9DDOz}FhiqAkfw&k#X!i4LfDbmP z3RPWuJkb%NT7k-N$or3nCA~KlmctTh{-P!@55(t zR+u3IcNy~1m?c%~|BhpdV&ol`AX}yDRF?oR)~-uZhwp3^JNml&ab)Ll93#2Mb$gTg zKF;) z?P2g+;ev2wK`t1!=~L)Ebzi<3BXoVVb+(#6HJ$9$>4P5)@=rdEx`f!HhVcy&Z#XI= zJo1O>yP*UlQ;D`Vgj1)O!Ngn7hc5bhJvm^c+QHY1XNv5ieAZFvsbdNVb0{ zO!3j%?+!>=98PL}JZ6B3Oax`Xf{1h3a34vl9XCrEViR_JHewU-@c5eV06yk97?A`z z2GAZ%lYL`yNo6Vd+W=csmQEWyLsQ%Xxw?+KSO9(i@q?y?8UT46se?x==$JUlfcFrX zC2~rEp;`m}Y<`UAQD9>!r*x$|{GL7OJmc!z>|p@Z!IM|W6_W=8NgPE`6cWcmNO4ca zmtd<&T+srx5oGresTuaVlHD>DCUEnJbAiyXn&|k~M*!o)mb~I3z1Qk&@Cm^Zp`oE= z6ZKk1`J=j&{nRHs(Pc>-8FJLB=xppQtCSeDB7buTC8X0z8FO@-V!$RD+&!5VVi(_| zE0_=8%BGE`qZhQr(7IY*4NM=d@ZUNw(_T)13n4+FQQ@}c>g!fG{3li3O_@B>Jm1a< zrOOIECv0ZvF(c<$u4GPmSXe?le5Rr$X9UID5Mi~vk6O!4Ep4`}3EjZf@ni(%rMXYI2Ddf`u&&jyUO)U#Y zk(EjuUgL$!Zuzxkr*Y&0c=-3pWK8UXhysBI+)sO=^*{s(hf{h#8#cO8`5l)a2YIL!7 zL-dq2{O|_DCwx$+6A4e3Bxo-51~ADR_+G=z#5TN=os`ej3^1_DHTbVkhu+|vKJ|VU zb0jOcki64H*b&OrfLJcQQ&8oV%>>qSkvxj?Yq4RvXT1{rEeZ%-`&yMGmU~HrrDO89S+Lm(=L7vWa!H#8` zZ0EcksTpU^zBWoTsu8J)*ZkrzJ$w+6X!=W@`l8_Uy+>RNNu0f=z8r`L}Z2M)N9}6C2!_Id1j|>x<3k_ z)Nm>o3F?u!+HkIZ`2^)<^u}h*bY@IuFX#cqekAFTd1JQjdVb56Q>%p!CS3T7{5~L1 zclvP7ZOIPuNr3e_S1Ros!;Nk_DP_$y!?--Xd}d<|8>w0AHR-&u*W+CpeeLlI#U;Q= zgdISZZcLexTAnW4S{1c~lA1J1jVQgfn!_rbYbHOPO0)#sl7LuH#tRaj56yQqU>19i zL39|#?2mGp*~<*tj~nV_B3yn^m<5W@nyQog&+A9kj-#Bn_jYHjB;Q~031~CZ^S)iq z55niRKK)?Wl|^!%k!h*`3GS&cY^9S+`uKAsdXWCl~vu8C?L*L8sxCeRUlLlke=1WIfpYiO6^@O~= zkn__H=dHIqWy^W&tTMa7y_{9t<8LTFvlGB6j?o)bYM&E4k=%WQ1-7Ni$JfDhMfW?> zP3f3&r@r}7^@_+j`)FXAH8sCNVe?4}{`3A!BPe#}~)aJ;hn{F$wu zPL0kx+4N5DghpS_biyR5S@8^(?$Ls4Gn-LW^Ux)t>hj-0*)Vx2q!cU7@N0lNEZW8x z&4<9KaD=j!@Lx4KO%uxbo%t|Fmej)ak8PykM}NH0h4u{cc@R-| z8{#iakuwWX`^I7^~E88TQ9_-<6jq_ufbd)NB zD=g;8H^_yfY>shosrbsK8RCj4on(?s7Lv5&fO(f@$qmk7n_GIY|AO=VFs<2L6QX}e?AC}eJdIWzvs$COS)POFUy*)}j>RCAk%noM?} zW-UGy(Oxu#O;*N-^o*rUcbj)+3x zH?h2y9TL7DLY{i6x6pb$wVvyS$$70U4!uY#n1_wi58khpxSFSkY}OMVAw#_E=Z$6H&2bAshaR z;W{arC0FtQ?)CX5)7?8tCP) zHU;a6)2lXu>ye24wc^;v!{`CML0cQaMSI3Qd;bo!sa$GGaQ$eeadXd`Ll>4v-q5GR zwQT$0N|XOaWSx{9hD%O5!D0@7?y7f1tI&rIzU3ye>#Jk+it?hBWBLANE?mf@F{1G( z6@&}>zQKzG796FlHMp!qtx5H>C$qoWTk6~>s3Aw4{8HL~QB_dhqyD+gy<)|#me70N z%0}f1)qaUa8PRgw@ZTY3+!p>lf?}}*`Om&QG4~|U$~ctCo4YX)*tZ&c;Ftk9_3YDo zzDzrHo+3x=vr(ffd;SRX!}?L0W=C|;1{YLH9N>s6?&Hqw*jM_$9t?z;BSv@dMx{H0 zHdX6Q>I?+C-IkMG6?70vEtVfXr-Ad98TQELalyi{G;P2NYGaxDiOoSG6dgW>ADM(l zoow)Kb{_C=adPH<$;G-kseqK!-*cuN)vi{|^eR7oxf(bpYpfM((k zYwj=yDvamK##5SKF@OD;{6o*(HB|GVcr{PI#nRAe&VTi66b_*lj;}%6V2saew-_^P zyg}mK@giTwK2s8i2}Ha;iUE;X&&f!96oC|^1`4`kbFB7FGlO{69xL}E3g6=e^`1Ct z_>(K2*Z65M-pjmSf0CRpbuWC4xS|wjeqS_A?!kxbah7_s;Z~#G`E;ur$v5FcLT81)rIOfqO zRWJBo=0$V*==G%ENXBGFCKzsJwcODVRu6ssDbV(zKbR8)TfqVVv~{mbLb2h;8&IIt zd-4_=e}6CoEbdJH^nYiv+P4m6MBpRht%Pjyux0dDvcW(LFN|`N+k$b1@7VX2f1-Qr zcWm*bR(;S5F*Tp)uAFw0sz;~;rpc;se5+Jy&qoA~KBo~&fGRQTR=)Pd z#5p9vKyLk*L=z97OYuwMe;Q-3LS}$viow|cWJ2&+O6%U>lXt6#Ow5HvnIg6scHk_hQ z5?YSpXif?wO+x$(kSK^s-l&?fOC%NV}*!lB+||poo9uZL>*elb2FfIqHqBB_!EZfl#u$1 zanoqS0mbvAP_2D&-GH15WusL{#l<}+0yeX8b^C<&Le6-hGI_5%{PA;!wUCMID zJO`@uLU#i?{k%Vs6&9eU{tw&}tk^XIm*&Bh-Q*^hdO@UOn^$hbWfJ$5z}bPppFhf% z$`Uuc!;(I9s+tUB#=0g2Wg=~1#~13u#gsasl=og5xHn%18U*OyGCW+JLLd-pBMeye zd;>mk*WJ3RkM5zPUe+qRdsH_}bIy7e+S-xydvMkJkiikeV(hdsiWo?Em3B(z(MXhl zj@7r|V7;VTZAna1^bD@rI@t5ns(+V@M9zmA%fwnF+ihjj@{RX>Q|E=*yPZ9r|Ap-7H|00!vs-5RPy#FA zEQPZQzxI-jeFw9`O2~?cHUS;nz1+byEd>@fxbV8=Xy<8H%%D;2hSCAA-qAP4hId+I zby$|)g51|%EN%Dg2L=B$by8g2xYMM2i_R{%vrQl85iNiaT@7N+P&7^hM=<)@m3Hig zf2JG8d@v0?b2h&0o)W4vlNVdFu5w+(k*bTFEv~uCD`97UmQw@zP4Z-q`_0Fky|~84 zXSode*$>n6Ph+No^s)*;&q7Oc3VXG@*}p!^BRJMLb8z4({cdfqIW0u9=N>ue9>0bM z)5_802j#Q*Z+o_94CU;#h`meH3~@y96)y_E$k*$`lnemw?wU|1ym3NYteBuhN)Cc(;{NmanX1AQff zduip7?gN(w4gt*ow(rbjgy|qpWD`rV!h{ELeTnN8E4S=IOLic8M+(z!7Na)v->?Si z^^6^A6}8m(l%ynBIuWuO3v5LdQ^}qcIIC%CX^`Gb&Ib;Q16ix!((q}}ES>0M;}PHo z3yU@L)0i$gI6ChRu2s6mwk=pZ12v!!I=CJ*eK$oT&$$$hB0IXT!UOL==jTzb7jySp zCgqncJg*ZjFIqd_ypJ07UzcUa`kA5^rejf2J%+!QY|MORnoKrcgXgICzKMxz=zbA^ zL;09Jn#?M9_YZ#>kwMc7La~=0PJkl;ifezoDB$@n-z<}z?zZfw!o9Qohj>L%0Z$payM1Y|Jb^t+CO@KGd}g(sOTmAKCNQyQ`5I5q z(^lL1{nRSV>`1?u@tX@sX>VI)E6eW4eLuT(wv)BcKw_&)A zW!>K?sn|GX{3KB9Z}Q(jOlU$rJy%`!50C`ZgW1vM?gLrscdxz*dBRPRYz=EUwD*S2-X?5VhkoE-PQNo4^HHv4P z7XQJv#Qzkhp3hnccDg?Vw?#808V_iUir-ELrWcq&vR_PFG+qIBGXIadGQE|zV#Smn zGtWUJb1}qkTdOD0+v_~UB=hfzu!Aql@o#!>3+WI!5RayhcMq1Fp1739!e2!+bz>&9 zYhR@zIYxkPB0MF2z`M%#o^ArD#g8`)e#I;^j%7s@$1G>Tt@CjZnkyGH--Kl+Ub|L! zS70ONQzd{Gf43EP*{j;4WJv}TcXY5G6qgUSBR$WS1D8X~L?ZUXob;ko(AFp`^5!>r z!~MBPp_u1GR5z-^TE~oyXj_5;l8TagW@v9J-O_$jA#u(t<9V;w`{sMh;$eVL9@UqT zH?tCf|J=C*leQ*@7mw^!3g%fDTcC=paD3ITCNm<`D?;D-`NM%i;N8nN+L(Uuoj3F^ zF2twMK8U{K5DNe~ydO47rc(WiW^DRjMjHARXSpUUm^rPq_u*!#L0_%9p-=g-`qK43 zYnx@5*s2c5j^*65@A&oQ2(4v!6Wkk4%Jcy#O_ShdwgSBV2gMJ$101 zr_y-fBaVwvl^@NLL+?(HkFc@pSN=4>TPa0suJ{6)diECA>;oD{Pg_JgVy3I|v4qh+ zp!&=rRnn^zB_V{Aup&)X|u(wO{sdAS;7LmCOCeTAH@=0i8Z};S0+&0I=x_# zd#a7&f-Hk)6jjq@{~W#Uyr#u&JpnGdH_?pS5Pxo$xuQ8F_jyvL5FNr<#clv3ZE(KL zNjCBpI>@0R@83;^2jeIT%VVr9^nsY41$F2PE5pp3+p~y_Z4n!W62bULuR@07>f$Vi+9!7pWDJ@~>heF$uV?8+2 zG#Hk@+h#Adv8AK0vmWzV88+>{)U(o+qzvGq?eg%6X@aiT3N|iYFO}u>E~GgBRmoM| z=qMTHAt5q|Kk=ZcT^JDPsyJRjk1FQK)#sFMiav{HMv?4`_fFLK(`Q=orxzcFgbGdo zr(lMMEZWKiA{2E)DF#1%ud&dgg9Jiq=r5mIjlNzkgP$+2QB-m&>w`Is`=H8Q!O>@p zc3sfaK3*|bsTsKKb;1y1fo1n$jA9tQL$0YQDk454fm`cW)Cv>9S*lh|PRT5&Nw8EJ zpba9e=*Vt#6)KA)cdNtpViLzsT`VvAt)Lx`V}js~#s39+m7@8J zjsF{Qc+YrIz*%M>l=I>GQB)0vj%bQx*cA!x8hF_`oNQ|)(-tF{b-wDBB`LR=dh(6M zR-F<#X)fq)TKLka54J|O5|(vk*(cdGOrru!iC)T19_LG)0FcS>s?AglUa75c<)%uA z&*r)+=5}hUvb{!wi7l?!)8IKB4Yv+k^kCWkT8>HMixVb+&-r*LFB}J%?-;}(72VHnMpB}~=1xoUV@tS3{1w`EM0aBy)VFj?2FN)Uk)Mx2$LaxuR=%iz6@iUUcD!yoMx z3&mG|MnFwLOC$F)#;Gv$&To@6wGt-zmOpP|g~*?Yl7jZ~6ev1}qY5$@o>OjYy;QJ* z)vG`BUJ?TY|NByn!F?PD9&KP?D_N`l!&S^if6)HtxDOM!s_peY-l#Wu{ z0emxqEKXrFK+;TM@{}vv#{5Hs_cV&DQ+LCNZL`f`^pUs3-^rUWRMd4o*Z!Q)?4<>!KdBU3`3Q52JbT=o466i zlGItD*d!v0gH3&@lV|0xi})U&s)apsZAv8H@MHt`4fqeseau|UkXvWfvEzOl?k^|q zX{?MJZS*d;*0n%{(R+tQ1oN2dD`TpN2qrm2fh^XDZiom;pwE|uLe2*fhhzSa@wduo zU;~?DzoV)yvvH&DFK$1!YPzLo-U9~|D)v!bbb2d=s*zf$$ntEIJmlVM4%-_nzXs=tLZtE#{H@S^H(6VX5M5H-kezdb+4vq{o-;-N_pQ0COl zeZ2UyjbbXZtSUhXBPMyu+Wb-+({7&WbFxoRu6t|82IWSrb_P&A6IA-)?UnPn0KS|Y zX;!MKiG=uEq-c_i2l2H%-ZL4T3~yVAaj8XKDaM5OK>+P)my`&X5G(h#6XVxCP1(oP~eGx0DJqw(c;#f3cVZ^ zs#7Shoc)CjDlti^%Mj6RmO4y!nB0iT@XxqEpKVB8(I4rx%lBv$I>7;B9@w^L<1nEU zjDeKcHg7SHbg$Qad#PRM|CM;is*D13qmm%h8EpnZU(pX+Je z0+?A+c^;UZg5Cz#GttE#e)h%n?T5WB#8uk|I6yc;b!zK$_QC764>TsVBh^MFHu9sm zi-ZfKElVsNCOb?X(T@rhB7M~PQ5`0?Ve;U96v7bs9Owp8NB5(cDr;P}gE z*lPPqVRBtZ9x_9hlh79)Kglu^@M!>C zTLusXA`0+M`)ND(=n`zvPrc#&=-CO9ne#p##*@8nZmL8bgG@kZSHtNvZ>M?J04hFz z`iJ}!yl;WYW*!spLO~*GEi4f?h+G6$SZjevDgg&N)p)~*ND6G0=lka&K;T%e)bO$6OUut^e+<`$AjpfCcR zanfOO8zz6BB(wOYdi`uY;y^vdYqbjQpmktq6;y}*NO`)%TO||9TzG(305PmpC1l?& zJPUE;A=ffo5f4BJc(G@B=fb~06ZJNE9QJ1O$;Oh_Ili5(Nm^WwJs$#>$3@PW!0&FH zFYzRKD69Kj(`0J4&K*fa5C}J`zcLlnO<^xW2W^Pb*jRxf4;VEaJ+@&56O^w?mBUK$ zOox?A!pf)HvbB^onDCGwgspmtj08S`t6*9gOtx7y9d<4kJE4%J=-D=%H46nJ2B7dF z%c7=|Koas*D})vnHIrDZYK(N)yD+_VFDXri+H2rR59)n+1W6!=0O3poj_ zz!xDPA~2m$FBMpwQ&0;;4Ds4ge=qfq$L znl6ciB4SkQx-HXxwGGyx@N!Xjyshg&;705FGEnGp7Z%Hackp{P@Z07{W*F2T=`SXE zpaep>0CpInwC0z<5#-^P(8gih6v(46;L;BDNgBAmm4a-&PY&b7Go71qo@mx?ivKu? zW8M3?jYe(era&1|-|h@UQ3QMs7P}8$7_d6!Sr2ahtrH5-0%*-#73Ndm!_caP1bhjj zC@NZx9nfAP&_dzJ565*@5RH&@t<+283N^dS4stIaa>v^*t}7D*V0Vy0kO1TrqsSf7 zULw+Vb3tk+lk>pW$G5bSJy0^adUD8^25A1-!dDZ!(Xm_Jr%NWka6?h~B}d!{4g^u| zt;xn~xZ2w-?7j%RHAoz0E|$`*m2}c24!=aK)Jq&@ku(|RMVJsGf$P%Z4AvzMzaqc% z7>UD#Vj!3?@AKGm5kjFfOx~mQ)M4*(^wud7hk1a3Pt1Z@L))qY;{m`}O58I+=R#{(UAJ;{nZ#}pG6Z%JA%d!HPBif0UdvO_1tPiLiB`sUZ+wTz#8!}}V#h9L-j zV3)0erqG+&y08W2)w-s`%EeAtxAEZNdKOO)pUy!&Oeqhoo)(01PlRBjR@w$X$uOf! z0G|o`F3XC_NO&fo+*r7{dXj9G^bv9&AnC;1+< zufyavOr8n+c1yjlzt+exq5igf45&v|8V?Ie(-}ZLtFl?^$@4A#=$JE9A)HTD$`qJ>==$d zPDY~#3xcF3sW#lCVux3Vl$A6TlnMgWb`GzU%O5Enz!nz zq;GXnwcpm&%}&yXyt{HfjRx!2Z+Z#cv(@jbhfJMM$>Y<^{_z6nq0yol%u@=L<DjzS!6}FW)6CkJqPm~0rCAV=Y5)cGI9+TTfQNgaSPf7pDna`3z^4G?mZ4p5fgFQU4H+URP zlG)Sq)EOkxnR?-5nCS;^;{X70C2TT)cW(>#TOcf(NYqDm-Q8f_ba+2WjNqEnnK|TA zV5XFUIaHy7H zG?+gRbLSTa%q7Fohd{~S^4o9eH@Gm{a&N5PPyhL-KGi+a7etisbb!UfOnJ)dhan-j z?66DF>Vb>r6hojMMZmAL|8nvVTu6P7*{Mnp1!1(>!K0q=wR)&qgW72Aa8m17YTD{j5^U8AOP= zE)K1?EVG<9Q*KT56)!icFFRyLkq%~~{c>l%m^WKo6`6lBGW@kTiZZ)o`j^m#WbRmr z`Yav)VVktA(TnG#WSEFl%89h<6a2&569?V@)Kz^ANIAC z-YQtFmD{2D&V85ET4L#>z6}`GZP%K-*E85*d5@(h0v=iMI|>D$p0z);lld)d{?SfO zIXcp+U7;Iwe{uV90}Ay=dY9#(8(B!yg+4^w@{kB10p_d3!b%Hik2X;y*a74qlCBk` zIhvyD){@V1E&1E?b3B_QeJ39FC*Mps?dCpS{MkZnmzrvopkyov5Vox@?gJVTczCO; zTS2Lu9!{F<7~WP*C7O=}K^&%hJpEuRW}WYKFsVO!9uJbn`ziQX3XCk1`)?;p%MIS7gP#sI315BZQ24f zb1bO{LP??BpV}1?qiEIUuyZV5D%@U$W4YCCX_k_NL*X)F=cIPF^s5%6<7FQ)>H{V< z6Laum3<1VLr?L--w4xZlA`6)a40Rs94LLzMXUp*ONiAgPG8C$@7l+s_(!3_K`TcTv zriBu2Xg70?T`p~j5Q0fRxM+v0o9=7j?Nu(w0HtGH9{QG&^)QS$Dz-=HEZ=THrgI{z zClG*qAG`J*g3gKT7GzGiAOl5W_C=Xt%HBw3xg+cT<0qRfD9`^{7DhVnz^f z=!d3c))Hoos>Nl8DiL**YLF-`>Sb4hG{wCPr7EYOt{P-|i@MbyX-!gXxXGTXK^E!) zjwa^&H15wQ$?Tgmi3jl)Wl~fX3|z0YxGY>!R%ww!8Ms7iy}azmC?Lpe1Y3~+g&dfI zBWto#JahC)ixu!+m0#=)rlXC5APMw&D(N+!`L4XAI5(8YDKRW0sc z0HY7b)1{Gdo6X8K<}AQH$*Ap&QR%zBFN;3^3lX%#(SN5(rg}~}tW;q_nMeziy-L$@v{X-~jSnWK@qsfNRW;6C6Ci;@ z5+E%q`S>X1gs@b4J6&0m2M4IdTHCay2=U1Cwk*BWH?6&_zWzCw*5=zLl>x&r!ala< zdlIQ>0GRBVePTG*3Z)oTIviT7khQsG3qgTt;F^Ea>|k!xTLT9_^(K$8i5Wb`6K6Ee zvQbV^-Fhn!sPB2ux2*vjLK*_HZ)LU)gcB(DC=E14HrGcAuKBO)q>xnCAITV!$8p7($V11XJN zxQ}^{DeGk4GhHPh81f&4_HzX~oY8|LK7aa${1g-jlY#vu2F0J|9v9sVvts~yy?rd}wZG&bZu>}rI~ zD)MpcY9$o{i$EvR<;D&J&O8>b@)KH!28nP8ig^s3U0tP^Gh&^IwEP}FKKF*#qBl{f zbDq*_&Cb_k_OwgM+(yPJ<`Vi;SSuUQy)%YF$+4fCwJp zjVt2&M_DeJtFuy1gSn$wsQ^ge0=rcL;E)I0)DGXL%4@UxVozY~^xsK#U0~(`?jy@e z#i19to>*E4+nT`?v4>Nzxmnx7cN?l<@~_DaLsz-hBvJGPy!qJc;i=Dz*iaxc7(o;q2YV zr*G4w-y4)?OqL>PL8h|JIUKlkH)p({^J2fqn*yOLp`*o4Xq8Jzsza*2<@LA2&+hxTJrJT8d3l>3X1)dn?Fd}|2 z{O@r{O%taoS;;duyZ8*m$DTPG+@pLNT$9H%!AJ?4{V3}lAd$fyc3sW24&7)wMXplc z&8X!M?FY&IZWA?#;jW2J(G_#slaNOz18dMqAC-dP{X9^@Dex5qhaokTH5~a11;l_91Nc~&bcCsDr#(;%u#6B8noUqq_ za(c@Rme$)l&%L3V^{0+HuhV|jU+GMx%z*o;CP>d2j2`vuq$aV2;e4-uHjF24oE7E& z_0RvDI&<~ZbRtwpIBS9WV+gjQdf-nhfA3`p=TG_B4de=CdeRiT>bmq-?t{XCr;}%mp*_ zaxienJsgD=7?9@^1cG8vwi*lpLg6ZVun8D4pQIEFE1+x#!!GPLPT(55v$etoVpyR@ zmz&2nDe@e->dp^U7}*Yo#b(+v>k%l%Q@eEl2GEs^6oXm7Wh4zv*3b>gRdcib_j|D( zo0BUy(I?O2fsvdBMGG>B?~Dc~`r+fP0|~fBRgY`?iY-j5=5Muvb8m^b@-6(WH^qCz zGY(koP4Q>A?;VmwxW(S!o@q6EJ3KErjOZe~Ry<6Wv69N|@JkWQ%QnR{^gVm$J9b&f z(9+pU(&&_%aFxTgUe4E|95A|aSAViu)ue3)^Xxyk?Sqa$K9y8l+98w@8mVMa^IVKGA~ zfC#wORy7*BBEs&7{v%F&MvSFj&>5Hml5?m#{SoX6Z0&ZFcJ;#0$h760Sn7G=pzYY6;9^J<`KgYADQ4s;Tk?3(iL4ZI9 z9LLRV@>iS8CSzkA7K6~ku5`^Ft3u!@63UnB!ex}m;o{YIBi|HhS}m7gW2rR z2{4;hh3qg}6SHaL+2bX^wXp(_hZthkq9}qc1cX~5wad_N9ab7)<@TfF0&tDpvb<;; zEqWVh1oE<(t8 zx|OZ1MFlx>R}ueI<6tg8no50axNNB6(rFx9oZaMR27ny|l1%ca5IyX6Hr}gn-!@EksQvR9LayogFs7360XczD~WI zvq2LMP3C^gxy!vy2Z$q3crj6~zZ3MUg9roh1|k;mcKY zuSl>$Sc)o1EZtR5yxfRbcIX5mcA5RGGUA?z++AeMj|xO17Fzp_2#J`WVKG!<;k$$K ziU5P5n4`S=louJlr@ zTpV;exH1xCgy$}bHCm~f1j#=sWnVu_(#Cc&N>x}A;Q z0J^&_GUxbw4s*xvSI&>We{3U!r*xEo^j#U47O45fBOoR7SKCl8YX0biun}(KZ_e+E z2V+I~D^ttj@58Uz_i8ZfkMss*B3ZPmk%&lO+JU_imzXdvWoY;O0D+_!o5HtMG9}}I zJ{W|Mny%2DpWOM$XXqz0DqSzIYwQ9~cpw7Bl)=tVeu;C2_^oAYgcI(!fPzsPTC)&| z6qIpvk(llLn)x^>_i za0A~!vp5UiAm>L}jQM;m`p1CN(DIK9yp2Yq*>E(AKgAF6Bp&unslrpf<%2ySC#|Nl z5RLkxdPfwJXrD8NGZ)(f{w2EDh)IT_S@X)FS-DWq3#?w8mxkuENAB@J zT2U1|yuIGE+@$& zV3{9PNkHU6?n|410Qw&DtOSosBVbyV%w^YYU|4FuS5gsUP8s#BjfSNq@XmpXMZM9Y z=gDpIIPA^llQ=gAI%4!Z9u3u~(%h?$y=0O*edUz>D1Y>~c#=G1-M6lskMp}h(l>Yd ztv5*StLE7?Ku0tR0JApn5Km8-^s+U=$7_U$qKvlh^#^v%w*pae+%?*9waKsUQxx#q z$V-`xUMVlkg+elF*ZH87mW}p21?H6+i7sVf2(9H4 zMLCzlv{lE+jYI?jPjI_V5+R`vf|VV6rpgcpSZ5)mygZH#Ls$?+5L+xoo`-}RE?Ih! z!tkNpe(Po?3=tk9GPIl$>_*JPrg_h$n=qbxy|)l#B^9y69Qn{P1PNhb1WZTt%SK`4 zESZY^dWF1pP0?;Y_}6f~7~dI>)|eERG+u4{T+n!pk#=_DHAADY*eXzqR}Hn&$kKx% z^0+i{mwfn?crKz=^@FoMbP2Gdi2?Ko6B{#Gx?origftY=H*WkT1jCw8QAeZNhO|oPzHWm{ z0+1;L`O+x&Jp|g&M1Z(g4h9_ktp+_fhy?bbm6ZcUAOPd5m%l`M{4$!wZ%uS_n*0?z znmSH0bw%M}LY1GXVwBa;ey zj3B}7<(QDVlw19fFVv(0M=+@<20jbd+9rhvM=&hznL9tBZ5f?_%8**br7Fb;5MLh4frrfk@Cl|Q42O)dfnpB?ec}Plm)z}C?0GY9f zV@&Z;X7d+zd3Jeuur!`WvzQ_Aqr|K;K#4~@)gtt9XHlzILMPcbv9Vrk%*7d>%f^(9VQ)J7!oee( zWP^*|Z5B?l-d8!#v-3CR4do{)Tw@{TwyFG-_GA#ah-Sd%JeKNA`k@O`B%i4D!3H&N z#FNy;Z53!>dD)teP~$CQEpR2+vf%8dg`BnA{FFuvh*>Jyu+_P_ah2`(+}y=-Vs(h! zPBQ+5qnUHr7oY0<>!1H4myK3VT;BEgGn`9q;bgN0nylDz%x8cwqih4BZo;^$@;roE zY$=$})b@fmS`q!|jI)Wez*Dh78>t-!+lq9&sBBYxBtXP@6aD_liL%M;o%6rynr}sB zYQc?$^pCF3b3`euU*fbwgv1YZY<4|dC8CFD949Mv3j*we6xWei2Ll_3SU)3)Scx2J zGS&CqMLlUmE3xgSZ)1jyG-Gsz%~jDS1XB-Eonh0EF+;WezlNmE(=0a%c4BP=G4Rwj ziJRdd;*unwM*VgrG3q+I&E@B=yFVXIXOk;Vh!&DxCjaiJ0sZH{IqVAyKSpwBi~DvS z;xrRnF!^agO$JbUdVGh@5J*(RIm&06I1vPl|6G z)!6X1nB=p&`>9mn5&Qi@%BPAw8>_dC9ORc=*&swQ@BlK)B{V7o7P<^CH>i|qvv#l| zS@kngvh*RzuZET7ham;N=}d}rht#XrFApJ1(q=%eosn;hDGofP)f;8`L)IJQqg!bh zaB9x))kXR6+pxSuDpYyy<3dB1hQ#8A?VR&QSdarZVF6Wzf75jgHXIfYoN*%I?iX^0 zaNe)5(RzlFdw`o622t$$EHOMZh!Py4O0{b-`FindGfGug%IYkpFYb_+tGmp(F9vf? z*XevbE+(_7!;K^7rVukB_C$-t8MS7K-80yzE&05)$^Pm%&P(CEp3j_~p6}jLP-l0& znRDO!?p$Xor6nK95iNw84>xm)8>blS1*UfmdT^om_zz9o>tT(5*_abRAgW>$ep*|Z zk`l_ql;&f3`V%L1d9#a|yzC~QaII1ZuT}ghb&U9Hc`_=7^ZQZde0e}#GAcfV9GMn> z{jUC6SfZ7||2)YD;@4aLlRra^6=GL|LhUfuFVF*+tZa7 zm1jPgFVrJky+fa<-=L|`9h;M6TyWj?jt$2EH(I=_d2z(&aE@IO!dUCRG;zjOx}(Ad zrMa%*yZjzGSpJ27l?UMBNHnb5l9o5dMumzBA*&cv2bd#ZqlDhm z#KuyGw@VXpQ|KbYjt9g~LS`gMH1dVVTuhcJkQHgFUoNFdA6k{B3R`QFy2jRv_*9{Ku#SH#Zo5%`1*NyVfB<9r3rotS~r*|?uc%RMgiUB9Y?RQ5Q z-uWP#b_PSLGjhOzU1zh0EE{d|>PML<09JjVgHFRa2jJ)Ou}A(=Na(Zq((9aizTB(K z7R&z5bT-LGx3jx;uoFMjQ)>ecVuGTj_ug(kfCTw|>X|i=*P0Jcq$!c-BO1GAmJ&_e z7|CV6HB(?5tR{EV&OCyq)GyqFd4G*bJ7YYZ7Q|i}h8P&jRNR>H5RrRxo->X1Ajf~) zaU~(+MGxF@lMy4aOu|*ytl%^0e9QQ#xln_5u5KUFQ5>U1t|QFFa1*)4kg(YEjD#oa z7Q7_4z-3&J05idk`{slg^>rHgB4%Pkdy^p5FIOSlrQv=Au+u}?L%Kf4Uq0_rgZJog z=ixZQp)4X=U5*Y&3}d6$%>GnD7>1l7DpdNKW#iBMrShwu7s>uEuuyIcofXbB<7^``+Yr%(D z3-&jhs*Z;oYAsl=Fm17hhe{RHwCIatOjBemh7bmlB$X8)mY=B=djsd!&%ChJR{8C# ztF5v)NlBCqULv(hF*;iS(#}h+s9Y^;AQ!+P^HW(!y&BsKqktQ(b@k9ruGEDQZVieX zz^yOtV9UyqYj!^#7T?v1YnQ~tM3nPZ4?P!=na+y?>LREwE(TL)m``VF9aW)5(02Fg z7o5L!9ymGfoZcjJM#XZ$R@52b*0y+P&k@VROG1kE*>?{A%3NLYz%{wUzn;%#xt6Ox zU$5YDE|HHBE6w$%)CO8oxM5*eTN|FMn(rFc2EX8=6jx_A;wtehsZNY1P4e5j_VY@iR-R_AD<8tvbjlfQn28&v zfAOKnUzAMBr)axVI#*0RNt1ZTyRVDcthnF({*r@sx?NDFIuBc0+T#9_H{~4GGa?qV zT@eEy^Wu&3i&<#7za}R#cC;cWY8>*nCet6$DD*kM6gQ`x1x$&=AKnv}sDA7bwEN#IJkn{2K4FZ(1U~V==br_E&_l z6h|xw%(ZbEvBU?mkiv7oSc|I94|h7t2Z$f)I`Q%a2VvlXQ0Fl(H;xh*rtz9oCu=!c zRNKaKgb_gu8bM0D#;E-vM0>=aqhGrW#R~CX z;1{+;P~V7{Oux7v5A)t=w#%MPYe-ti6%lf-dJ*%)!>f=>K!Si*PaSE8-1?clAlHKI zvjo}A0cQ&v(oOxCD|UnTtPN=aZ4W^6!qCGwH1^Zb)TaT7mk9-r258oXeD3fjJ9Ao# z$^y_~00_G=3P5D+`vy^fqab)Ri>j6YWzDPSj6Y%*&oRs^oN#_~H`^a<%`1y;o1q&? zkc(Us-2#{bsLI1x^UA_o72Ym>`}BW)XP>M=Wg%zBRRK5kSr8{b)IGX5V8DGmkIouY zF9vazmD0DitHh6{#Cnnf5;9Zm(I_Mosm#Cy54I=PH{`2UaypNaSTFH&C9z(Yrcu*n z6YCF=Sl^nvYmB4gAqPsVuO)A9ldfH6kT#@iW5fc4n32+lW0(es+~ZT3FhnR^W^h;8 zU!7Te#I^WTr3}Ws+X@Mq$KYZb#3VKXdoc0i7|9rNWelyg5hIsiuo&=5%kY=_cO}DL zmclE!V}qB7)9qC>>*@ZYy2P)&5x+(hA6U;rvgBhk{fM8$UMS1TSLqj`G)nz?(~UT$ zBDb%Beht}4m6ZSb7QNlNn^boYY&4l2y9s0&Gv_)R77t>>tE$z|bEH1XW|`aoAojL* zVTT*y)UEBS-)%e>vN&oxq#yR{Ip65gj+Ylxwf(p2BP%kv;cL&Yzdz2GRQ5&ut@g%} z%XhA47f>XT$aHVkYFp5&LlWqtCEBLlV}1%MR^Enmjx+hz1h@fdDGGLSvaEYHW`p<6$I*D+)DB=BouzU; zE}dN#_>d7}y@?X+C8<|$(PH8GxB0A-km85BbTO3HiEFHMgSg|s%nDX+l2V*XKi=9u zwG&Tn|LoNR#lzU;cN@i}DD(kkK|Max$U#XA-Lx@o-XMB}xe@J%o6AVu1s|CVBIs#Y zS+E1rU{m395J;DP89vYc?Dc2r&SlV3tVF0|niBP(^p%*lpMJQ{N5$lW2tP~C(ZT7) zlQKx%c&0y9aCsWvoTUl!v{gkcl7aelddW-EPnGk|;5AZb6d7Y2q(- zFk83#G~8~?f{@Wv;7Qf(1_5x1w^*g##lUFT#BSYg3w|4e-v;~QyEyU$r=(?d{{@C2 zh)dl#HBBxkN}HQaVr{VR*`m&Ck-Lq83-6s0Ic@!d3b1*cXQHhq_y;%o!$w^hKwb3v+IG%I6P#vU)= zKvT@ZO&VQN5BUMytfP$$IK1?L1Bp{N!E&v!3VwuP7y0!r2aOzL9ISv}{fq=ZeaM2} zaZUfqG@qR5U&Fl#iyeEJ11HFCJin2B#4;Kmf*pi;T?yki`@-SPvT5^}-io z;h*q&VWoP{3v{PZ}fFwi!Xb3uDSQ*!N`Zd~4@F9wIg;zpKV4HAFm3h0y%@m-+2T zNQgNBuZ1Z@`KTRi&L<78fEY&+^Nq+g1VNa(k%Tl0yVmA>3SrV+q}sql@Dn2-iEE`? zPv+|{&LG6^`TvCS|B;X1Z!i(%Atjn8Jv#(~SF2`zbf#R>_Ga@*R&MhV#R^~I{vPUr z)&0KE_fd=$vfHSl)jm%lV;@C7h*57i{O&A@MLPV!`N>2Zq02x@QV~I@%3g>Pw<=Su zvS*`>R`!k~dxwlRhAF~u$;}=6enOh00W=o4?7p89jW$LwNE5UF3M2_;5Q~WO8V+hV zJnEOLh8pUS1-}OTs!wZWrcTeDb>a`E%W{Gr+ENyz?3VHZLu4)lA$K>$?bVfuBuWS} z%B?qIg>kTg6&`Z~*?-Am#c}xY#0@2hDcvEm6GqhSLS&7i`C3C{>+G6SoRE62%F{%I z7UetE%J(If9F8G#Q)bkEgi*-iFqDeTDqpL7p8`)#KSC&C^ImH9pTS;2ktbJ-ca}Zt zBwN{gE)l|w^AQ1#+yo|OWuPQZTtK9Z*$Cn3L5jSdS3e#F%Fb zevLFaMMV7YD~n!Ya1ACX4MS#tDxjh7r?P~H6*DVl&nm-{Tlsgr>76W-^9E4&y@*1I z7?g-W5diCPhRsCqNnLD`xT)_!V=as%A~$E*+3-LjXwCd1iQp+p+X>an!JZ4TYb3gP z{3s3F4f;uLm26{W%*xotGWH~{wCl!k;F;+c7zB|U$qj$jl|CU?+5;i*0;YLjSsjV_ zh@V-o%V7)*YvUgY{2FO;iir5-k_k`Rc_aS2n)F7~aWR?gV%9&YXN}!}#F!ZyYQ2EN zamZ`{%Szqzle#z1#lABu96-4enah%aQU z>Ubj>qWIu_r|j;RBT48f3ghXoZDX4FzUv!3-`vn^+=V`L?Px1{R`m84y+*J6R4P!on9-C`V_^;h8pZ@1IyP;6 z@FU6NDT?0d```!#NrVC;_lu^fABSiuXsxnmeQ+y#$C155`rt``FfWELE@tz!=rw=1iyfgNbhrf-Qf2+@T++n=+&po zHKkbzhRBDKO->EbFDBX9uY9E0#JSA+lWZ4b=}7|z6c7mf)L70ZF2Kw+mh&xMSiIOu zI$Fv(-}NTk)Q9w7h+N3(7PXbPXDe?fC|cI7 ze?4wJirkbWa?P^>LV$S*qOy6m1tAMU&oWT(Y5^$DCiypx#KIR;o1Em%CXq;WGavQk zFN5rci^M?qiI*4VOuZUzdA&U1yY3l4#Q7yooj2T4{_))ois^|fUj&o_WLU?Pp#)(p zQh%&sdI5^*)d<`{ci%*i$%Zm(<8u*)aRhAdnaT)GH$I0Liy4IiS88dGkw>UmZ>x!e zAahY=i()nHv39viIaY@(BDNsJTCCHveS%omY->eVU;c={gg-mKw_06dS_pDee^K=I zw)FHOl?SL>(+oT1C7zCaXe8wb=eP4PttwerK#_KcT zueAulunQ990iGH{H06)&APi3%@Pgbw=e%1N2FM5tV$`W_yM@7ORx2Rqagj}(Q89C} zKl7QxU+vr%15UekArU{+&5K!*47O=y7!MHUqr|ixJro6DD6X}!sS}D#VH9A>nE0S- z?kfms92wc+TW*I36fu9Xq23maJUBeG!r|$br&trg>T))8)ZzpuMf9lH!Df2eE-+~n z5&(<@Wr8SWfimTGg`I{Fg@v6X!OkfP6D0I?!pI4QCm=~-oJ1=r2$aRHFKxHojT$$J z7G{w|7k$X0i$$09=yD424mVAsI3`AS2h3oE;&=n;YOms>OZHTy%U1ER(zTxkt4C0} zbbF;*+o|Es>=6P-Fb+8~5Fx)+t;_9sPnh5O0XA@SBIS(Sm?VK`M7=?jL;-=z?0_9? zEZc3w296F6fQuMWGMY__@pnhI8r;G3deX27322A{Y6zX1CTSQ%lA(8YYyvM`Rsy#| zXHBo|1z(>Nl6FYC?>3jo=xJhu%MSc%#%RB$R~e_cPoIHrb-fe`o} zPB#el+p@n_#*QOnJ7-sjAJ@ZGR)=8pNV**{%U>Wby0l1?@hj5&U%v>zc3f;{W9n_>WP{E1=YvC$(j*;xhSn zM-Avd|IJ}vSokrLLtEUp^AM+*pzthf9c3CI601jO?iv*rlcKmWI1acQ&Q-@#TE>`- z2DRaJP|f+*KmSKGQ<*xw(ZGo=FQ(3PJ{ElyS5p5=c1cD;RcL0>47JMt)Qb>tsgW2; zBIZThRI2ko#evsYO09lIbvUP(fR0jXB5J}BTnqhZey=Xdhu?EEp=r4KDR@SFp^Gm}zzoehfzXFMssRxK*vM2@*^CuQK??mcOv5qXoA$?*<5&#~H(*G{wMADcHb=uCvq{ z`yQm&MXF@^BiQ%31Xy9)|MWvpV)(N(f(;KXQnWN&v=cP`kMP}f-Rpejy1YT@NO9;8 zJc+Q!6+CViML11`h;=}$6}%TLc#Q;mZPM86#0c4pvuS^lt48tdGAgyCe9~e*TV-Mq z(5)KKAPvI+8%grkl-b6VnS99d+dE-7%Q?Wx{CplZ&Yo*>48&9>K2<|LZt64D?PpVl zdww8nqnj@}x|u}rC3AkyCizX?-=~4@zNXAx@`c=xMND#OHF^=VG$BN6AULjkJ>-Mp zAu2@Hz#^2S$s|7VQfQ?(X+87VJTv&moMWVb!jIC#sh(U)YVU@FAEznSXRIW?d`YYc z-a|d`%LqtxtB4c(_Lczjn~O6D@q7M1q5Oa38q*LlM<48tUl8QsS99T zQ4o6d{8YPGXN`eJ1phCWOlBLs5&vCHdZVdG$KIv(_>q zfIU|MtJ9>K(tUzb_XfJycV>kHXt|5^N7fyxrUyN=mEfOuN76^qW-0^XbJA_?d24do+wbq2YzLi7AIO}sAsvERt zs%JY96a4w(<&|@J;iv}Q=+F~!{?4foIlCVZ3sJqHd~GLX83n*S!1q56am54%E^{WF z$i;o9wsol&xwT$#Yp0RhM32OyTK>3g$BlER&mpapMQ#^5(~R?w0GB{$zc|sGe!suZ zW)mG;T1xG^?sgW?#Z+}l+W{md*?-NmY3oc#P$MXW!B#Kml)~)?yd@XzHt6P;^c-%q z=lAn_hpWr$Y$B)zpf4?I@q4C=NFJC%HxthA;uXJ*H52rPPBQwIPm0k!f9GR-y2D@X zWWD~K)9($3?`p4n->6oJ=V25?<}PFcV$V0+fX7v@CzJA-`MFGeG-YXo8l4&jgBS5EoGoK_q| z?nM-!4jv9imcOz|k^iN!jHdM-+6VrHOH-=lG=O0rZukbSGoy&z*zH4feR-ZjZYZBA=#4U7}6O7pw`UEqBQu!XDRe*a}U!kjS;8LdNU3Zr36+ zC=1SM$rV4R`E75YU8)H|aRSq> z82MGx?|jxI7S1>{PRlP5!`ArdNc>QcIUn`rv%6x#;cB4YX9CtX^xa4;Qjf9-7&zpn zkp}{AgQ_^EibK-TUcn(fvaNCG|1Oo>dMuK4M4G7uF^yP^H^CwpLWmoqIl4;S5wWOJ z2X7lJ(&8k{4}~BK6U3hrS$D1H+{{PHn-%h@gr?VoDN@1~FeZ^iJ#C3(!|zI1o9@mf zpp1*rG#8;u;QOZS`3$5y{J%%7ow}-+nv*FE|;Q96CKvfXFnbJ54u^$5?MGt!}L=meSCNTgoZQLb; zLzFHT^i;nHk0$JJkfPtPIm6G+(~lRI4#4gilo766Sfdqdl4E~qc25^mDUN2NsaPKs zmkJB_c9PG&*EP>l#}tzZw>L+^zSLLL4gFG&_J-miJ)t566V1o(oXdh6!sU6P2jvj? zBS(W=2Yb|zv;jR5uKG~fyj}W;r38=zxYyPAWT|kw-mAG|8wv^i-M0MJ^z40EqDAql zX%@DDC_F1%0%6q1T4LAA{+QiyOJ%A8{O_ENG&Mo7moQ^J5KLN=N3 zw{cLNsqu^oM|@u{VyD`YEaM3qg$p4Bsppy6kOrQg#_m!^w-(#y$r&|oP}JTQ%L+ooV>PAZ>b}^*Z5?QxX4SI6n{4gfUUWmEhPBq`9B=QaK z3i@6E0=cMhNG#Q!`y*kg-KqAX_se`-1bVx%@fix0>j9r2DiV4sLWM%#_kj#??JQI} zXi*iaRRhJ=zOv%CxA=Ydl|^TlAJ|z<@*e7o0AWa}TicUxGT#pg-P#_bG4?%kO{B>l z^I}Mt>l?-KY-DI3d(1tcJ=PL3`u1x!xn0cqB$F$LkEvKd!Xl9dQ0E)!!H9)MBe!l| zTv06b%dNF$)y3wYCQ$O1QSmTx_{&9J(2fRMOXz6U4~q$x=cyciF`E_lM#@c zO#k}n2bn;nSJmW$ssdPwRpnWaR0uT&Ac~N&`vQj`_57qB8*Y@@_C>7*nO$AfvNCIB zwnb)Ha_RiSuADcOI!Y?fqWn{)nmg0{uk3GPd)1jNSa3YE2&6ua1DUI5&7$Q9Uxrzv z818Y*AjqO5AZyI$Cf@5tPaEskd}IRPYu4Xx;seIaLgt?5LKYhB&9-7TtEyX=?R2&6 z+0W6h&r9QC8k2y?O$k=xE=OoJu9=>hG90I&z!$4=t;Rhrvq1#CFiFjfPd|Y{=+;|@ zGy+|Hk;JND>oFfnhhI(d@i04!w{x87(bYJNXn;^;Gfk};??hINy##@E6|1cpw`%+l z^?7|P$_^Q7oVy#)bJOMiomQZ0-{)f&tE?K|LyfmJ6^uoP524nV6?vBho8C8<>3!!! zbAJ2Z9N8Ys=y!Zr9q+Oj!O%!5vO3=CcmsABh;af1l35*Zb^LLeO_Wj&X=v=JCfG|M zmg!B_Rku3+NnCZ2zo@kNB9jrkbr!!90FSwl4MT<_sSm8KUXIY}YExIcG2zPEE@WF> z{Rq065*m;dT^+k1fI+3W<*3@~UH%nzsQ0nrWmPHMrN#<3flHR2m}y}^6c zP206IR@Xm{uAdd-@=Y%y=`FyaheM%|E1ZVB6o;bmYzL>UQ}hk&XBE9w^cySs%MV)7 z>lnKD!QFB7%SLf@@uR6fEoT}xN+Q8I6`sc)0!aeut4CXv_NPE|`uV(lU!>^D4BHpB7r|Axnn zNGP(=_IvmFK+XT#ws#%&qeLGk-ELz(HY-DCe`fu;ERQ~06b-J`hwhpW5`ZY!uA%I^ zuIHu5t8%WI27R#W12=eP$L&|kdda%FbiWwgHso37ag$n z8=t7Nz1JApD&*ICAqbY(bDZ7Gvg6;}h%=|^uCU*5ufKCym@T@^ zWXm3$y`l51H_6v(+V#W_fBW+B^Us%;pZ*YiEB?4lKBa$LC6`x!q@UQ&{Me^t({DI` zD|$JJj%*LIf6g&xy3$+YX2zmdX{Ci0_fa!PXyk#S zg`5&~{lEVC|E9~-7;f8FkcGc*Zg!DuQmgyV(Hq&)L%y%phEX&vb9((rF`ZWWPGy}9 zO}8i9`H!23%kenjuvWvBm`d|idp}jO(Bpi-e#1ZS-(~%;x`B80r|f#yZ{^|x8*HKr zZ}yF|X}j(-x^_$|W}E1W!J%`XkI!f7n_DGhXVdqsY6-e(dpLQwI0pPp$pPlJ!Gu5L-%H#qrCEeeOhJ1^2+$t7ls%>0lTlpD zqqmPF((0pTqA3j@y^w*1J|@naU)YsyvR&h_AElVcrZxM>26q>_2#YWQ(XuF)ngD%p zf9`Gi-uwAf5=VE|RIydAxc|;?dLPNoWzKImH+f&^J?`Kv8>Fe8I;s;-Q|ln@4vFqT z{6wdnQ_0rabRx5RL8G!2I^ot2U9DS`8>_Zep#h2{)w}1N>MbX2t16 zi<7Qhm3?p)nD+#VvMFQ0$DdTG7_pfpT@+|5_rTDqLhd#$#;>4o0$}abhXN-Ul#*hR;Osz4p9O0`nMleHR46(qQ3JPPvs* z-yOFMu_KIY0s$Yga7*He~bEqmswxtH3IMsy>q@~|25CW zMpA9}MDKu+e%@sHh#yVm4!HFK5QfH zSJ=OPMzTLwM}DYbtPXJcVsS>=%6t+sF3lIc+bo=9y|0pi)ncSvi|kj{BA2<% z3L{2rB)`Mc{Uk=*}t6)c~8#xB<0+D9CbX%>)JkA2Kru3?bs| zT3J$RAh2TWt*EXKRj97NZ?}yLmB(%J95G8*%WQhReT_>E7Za67f3GGvb9%Qu0me>G z&9L)um-p|a2p01hAAroJpNWm!{bDTtSnhe>M69qIBn&{KAywm2{n`m$oy}(3srQct z+o@zi$FP`c7cVU)ad>Gl)hr~KcsP`HuDm$XPC#Gib{XD~hcEAX1OA{eHH|6MU`&D8a-`JgxIXHpGv!&+1W{jJ;#vmQTXJ*^f68Ak+1D9_6?&GJ0R&kdLyNHibS)+` zb3Wyx`Jc{1G5IQXor!sQ$hn~?wAFHN*Q_XpQ=tMUrC+(GK#`w9PmgkTem&2J11U@W z;(jc)c8jMgz1sDVuE|nQZr)vHPzP{h`v0@{t-Ea_+nTRJG!ABW&xvia$l~P;x(|3w zf}M0cwv#;r9H2o-w9Orf)FG)PK9|9Mhxs+Y%**X3nOapOMN*VS(Q+)uD?c1bycMff zed}A7T4i~i*cGt@P1W>=jZW*xmeFa?!*`6Ocbq|kk(gFqulkCeBY#iV-Nc1NPRYH7 zTXPh*6<^9EHk}x|{CV4r#IrYxt;C(Vd0Q0A{GZOwSi?^8>Ee{h%GoUan#|L1b~Xno z9V~Etg&j9ImFMb;O*@WyU3WB}@?3(gVsXC&lvDONC7?Ym!#vWpR}xci^H)-S8xpGL zt9#eI4-km0a?t6V;&mV!e*3^V+kGl6 zoTOi(Qk~s~xipC)W+6`sX1_tLuQ<ZdHGqs znk?d?h-PQhqAD@0voOt~VVE(^! z+xh*PG|9@Z#~~8`<)-*=(*N2$mfO^a-s!h zWz&emAXqQJ2+scTEHVr;qQu46&H7`1Q*FA6I{p{zDS=QX*@ZPNEql7=Egx8*vEmUZ@;48Wr zxP}KK+Yo%!lkGt7goYm5plJ+Pfx)U6yAeOpFT*bIPK8CWYbU;a;+z|8|U z>38&W$Gh2jiy@3%IS_|9c~n`UL?NAo3F;V*uNiGOb9wJxJnQMM_UWk0_SI!CO-%_c z#OrlSC#%|xQ~7W_$Bb`~XH@~BuXPxIRWqDm~EFth|y>Y$>E#0y1rtEkRb31kDW!(gjC z%4X4Ibu&O>b=R;xkGon>Vo_qhkHju`iTGrIcxtjqWoiy7Fpc7g;&~|X>M*hUb~O zqIdFw&(EG41A;UmW|hT*If0 z`b(R=_gMY9SJ;DCDsddUv-+i1W?h5&qMB8=^%%rQY~2T2|H1yTt(e2PbTR~QbxM3MkcYVKP$-$wJf^v?U^-CO6vzWASioZDA#e(lJ5SN4T2 zi1X`s*;kylI}fzLHBH;-WG7SV*-+T8H4i#=hUl=pjE_e0*CR%RWY@Q-YYs7(J6a8= zHcss$v`A!CHUeb~O+$f3fqwpGie~vVP-Fyjl>cXKyBx-HAqKH5O$Kh(^b8xSV>*7D zu~Av^ysqW4y>=qbhKI}sv?=P8EXP+hmskI8NT_ZzOT%&RwJ8oByJ(L@Yw<~A8RXZP z^~o}elS2CY-~O-i_rLu=DZZBC0;)R3i4-_^bDf|5`R4cl^26vpfFP zDED3gGrn1Tm{^KTMiw8Aiizjh_8c$U&|yxV=G&?Y45vBAT~8*SyQWEd z&++4^#V?2@FP$1s8Z>s@SE8x7kL8AU-nUm3{JO{r1 zmRfX>sZqUcnFYcKcot@No$Y=OH3I8CuXjS=#Wh3roy(6DB}H~8EmL3`KYRZ9FXeU! zQIa!QgxVivv5;l@HOfv_%f^l+qT7IY03}_p&YSW|BVTW$q&b@G@nZ4r5aOYzHX{yv zcZ#O_SM#W8YF=wf__FRBTt{@LMEl5dgFVieHejz(I}aAak2zydAb+-hxkK#Ae%wdw zJ_ODy$qhtW68pcsgJ&-^@=8Sg(qOp6)QH{9leA4o4&*is?MOrG1qO=9`fU$^nj<=o zL0GtC@bjf4^RHmTpDeGyqMT2QRbKGzO;$w=D9Q(NSHJHgH^VFhow&?I=voK{F#^kK z+f=fmT54~ozJ27mO;m0iY)sVh>3el}b55STcHi%wH1tq#(6`ZCcdTXI2vm~;(=L0; z@~OVXwb?qt$GZIKP&3Y=s^_+f&JLMzFtes%-t2ynj`{YJbQ2||T_7!@;x?UuGJ`oO z<RC1KG$i;=&mtj2Mi|Ol*h7 zzp_4KL&rOik9nFv2UOsC_3jdwUy)AJIi$|!e1FDMBK^#BcjJ&Tq#~6rr%@7SaVjZr zpN1R8KBd2$N^RD)zLL|f-``$dmHR-RP_iyV9!=R$#`%I1(zeuX-sB>1B}z=Q^{f_M zi;F+yQeI^7v|wy3W*riR;94vnxXM9BL4Rb?G75`R=`R&wW6zGh-G(b*c%nf1w|KEy zNDMS5Oy*fn)mzeWVHbtpLg^;{!tRhW(hP0>9Nmct#P^z(nCunohv__KWD~Za;PRZk zg5G4Km9AiaNOnGd)p9#P_T)P$Vy_EFviRmEg2&uKuJUd88EV2yjE1t=7w5ocljv)6 z;8_E>muxysGqE*LqvtgJ6*S_S*$v$(dXM;*G+g|+k6d!Qq!#;+1yr`(K;g>j zSqrG33XP>7Ohg#c)%#gBs0AFYJrpr_a+KF_(!oCiPWE_K+WmYG@!4BEMz|^VHF*ZK zX`jan3+g+(=$0-9$|77cOiO&L(Q1u7Z$I7FI9DdB<~_U}+x<`D`gOdip=p-w5~Z`# z(-D{&4}SY|vAH)x;8%zD_LZEL(}|j0fXhyJ-(b5_rVChGij;2%C-`r^T5w*tT+xiyxm z1-$~$KJwiB3cTSPeuc7S`v~INuW*&c%XxI-`IjBh>v1hq!TUb%tfHxg+zq5_fvFip zZwD+an~@H_8DvAUZOd>C9;DfrvaQp_lodaXpR&Er-lzLOIdzN(_x-1HF^v`Vm2h>h z!wl=td`qXbV)DWO$l2&N28Ej}%(R)$xt5!hma4FjU_LcW{;jNS+iNmotFY(sO;WvU zzG98Zr|jv4kg1&=(Wz{DfW93;Ib4HU<^hy0L#Y9ed9d)@%dQ7L5t-U4xq`mEQVSLG2}yerEmf3uid9s0iaZ z#E$3Dm(mZ||1{V%;Y&PQh4bdq+ODZw_zAc{*AtND+)Kp6%g}2{=jQPONErOG_Q#dC zhDbV}BkRo*xrPC?!Wx^TFGYWFgT1Q?;~_n$U1tO-X#2YKG2nz4sx86z?UtV z4k_5u!Ifj@IIxllct^@zluRnQ?cI>x+WYWQgmt^d9No!-R98TK-|8AZs_Q9^;&%#{ z1iB(NT5mL~^J6pC-8%BztRX(T*4B__%9=q{a$g!4w?sA!sA|U}F(en4Hn)j=*JGdl z%y79g>OGc`(SBy*h`HTnB8F=Eq+4WWzS;m5BB#GU4@OatVZi zdo=*m=Fv?!y_1%!Y?%Ta#>sTP;z?VOLlqX_8dD0VliC*NMm8e=aGYs8)^6l)}U7~o@l&P~$h!OKc-%^XJedLf+zpX!HTTx3YvfuQAsUOYfOu@22 zn68*Oj06(CD7{-bql3MobV_#%vgo5x#kq5 z!K(8j<3Y9oLqb*CG>Fnkxs`QlDzeu}TM`}8HzWZKs0aiduKyc1-LLsyqTX%zSJ8~{IT#JUbRGN+QAOZf`w zr*3=84ruIm|BWW+4ObD@W8u~IRF6#5wMP%Ttk|1!#rWujjt!`A9vj|!QAhdZnEnK0VCzDad$mJjQ&_;>j)qB z@~6hQx2Nl&9mkE5pLNHS;aS#eJRl4k@rmRTz9J4XPtH?Db+_=`VlprPD<3nN|An>U z>#sjqGACE%?3#TG#n7@7-ts7t@-DnfS0Gj5&~^MRn$-tgMl#=r;-$rc zZFVn(BTDB^)vD_LxU$L zhEBm)yJ#=mVw(AG3?(e@Gdav0J`E3pGP-Z-9T*ONP zaG{)Y`88y>)C`nRdk9nNHXNzk<_;SGrFGJ#Q z;k5KOH@9K8%Eilnoz_DcL5^zKjeQh{!8fQ?W(23%8(=u_ph|o89^^cz_sBFa8b3Sn zjMF0aO8hSurm9^5|Hp?CE^&pRO~UEtn+)<@IVb7SOufVMtY40u^qW1IWYL#+b1ksY zhg_`hfjJJ@o6`ni?xn#T@u_U-gG%Qk%puHuZskKT!1wSZAECRD7LLB zFl$}{LO&5)Jp)8-;bOgp3dtWr&N%8P>x!X}jVg(R`nu8aAtSK76kw@+tryY1uHuZH z3{8O~6t`!IUtg)i{fU@PH7G~E!_|UB3{mk(iI}cfW}teV*b5RdBw~swpJ+(L5OT&5 zF->)S)6`(DBCsH^2w*A8z`hCd+d4!p{e1c6@|VMKE>pK$O-0Uy0C>!tiv+ep^j)R_ zLgP#1Tsm?tgq*RQi)z%gEdx0h0?Qg$y!a+A!nt%=uc}%zFYoeD%u5eE$LN+8L*|7r z_;@flf_bT~Wm>RP0RkifWSeiZ2@f*9k8)m{*Iuy;6WBV9^Dq~R%>4Z3z3m>z{blQxY&nA#eLgJ} zLuh;6Y)bbPqHJ!}hM@P7LGSJBM`BTk7SDkQX}YdzuH4zoQ@3r)B#oUL5EEV$CM=fo z2ol`|<9WS`MR|S5dgs>H`A4VRu&CN0t(^@2UR3J)B#OzwJIwP>WXkfXhD)kD! z1ys#}68@4KFJapNM#;p!0UxRw%>N`^-DVN6v@8yx-Rz(^8AM9DEFwnV*eLR~j*iRk za1j1xz*feZ22z0h4Z*Y=jw9r6)bl9^D}-5uSpl=_t$~rhA>@qXZ#q%EK-pF16M+T! z+YbKrI-I9*e&(htP-grT>F3w(`(LTKGnnTDb2BsegJls_ScY!I?W&m1QqI}hXRTo4>gHg0|1~2%#+q9YN5TidAKY?C|!srF@vR+diFxYeUWvT#p!BOV*}i zp$kNuvHQolZlIX%5HDIUu52f5h$}x5X=9g2S6RGdgXM)q*erozSKC`lKVNyi-M9X- zD|LDhP=lx-(x}Z)>V(ua9kqK?``!q-=GcmAVT2qN?NMhm5?Q8h*Kb07PxCdgq4K7b z4+BFCWIgu?xh11R79nSBgq--UPYiIqVuT!lMF2|=x4#IJ8I#1{SBpuMNw1@%42@S_ z*obK`cE30;;%RlV6BpH)X}16VT78~aUG{XMTZ2O7=!r$_d@4_@?7FIL?AzOo|oFZ&07 zlBS;*VfOj52s4rBu@m#!k!o^MR4RE#?(+Ewd<(vMwOa5Ln;F36DDr7+v0n)##Q0 z$^I*EJeijq&QgtDvvD$i%kRZbIqBmC{FHa$UAlrk5r?khZxI(>e$b8P^OC?cILb~6 zvT;|JYzzFH)WUPR9EiKlvWIdc&@g?Z!WwF4ehg+SAjPP=3JDO zE!^Q_fLH911SI?=DH%ifW!aG3QgZgD{Jk^t@hQLIF-@Sko&4xt-|LT%#&|Db``#>@ zy%PV+g{f*+!2j`~giBl@Xp?aI`6f$O$*j@__nQz;pBDM>m;1Wbnk^+MR3Vq>dk~JJ z_2!I0gnMZSrWrhg%ybx|}3Ty{C&gb~)btga<5USZ)CznXmY=vmvj%5jt zo=b%E^6=pM0DtlmL9gOds#x}pMF(wJ9tOSb(=o8$fyyIj4Pcq=Imp})JjQ{Crns=i zuGDXJ)kN8|OpV6^MuUeO7{1FRYzQ7l3?9iWOJnerPF6RPlf|=}!|cVRD8A(c%8oTg zkDld&6bVs|b%tfxsxNm!?mw(`dORrC+l|Kpef}l#CPb8x{w_~*bl(SlgNTBNQXp6;LYM-GniOz?Thy=WmfzA)<_|9^jgq zOL+JPZeWB6^5}N9UAx?N8^(q7XesCY$=cZP{H_rm2Az_)2?y z*~3G6h#tp>9{p97q)*{IE|-^;JZf*|)aR3ubqkihzz8C9LhLJtbFp=CSDY8gZoV@|qAUp;WGB9n=@w=6^0%BUO&wFZ9mN9boJQ-7fYw-{##)kbpqT0UQ!3n4U zDO(PonA>my3DXY&9^9)W1yR(_7XR8Vmv>x+D<|Ei9!a~x>F2{RNlmp4)%Dtw5}71w zh^NpHuBkE3SVrLM#4yjLa&yB5WRgFCGWhdrWRi#zBVBL0sVUU#-~_QPrp;7jl0QCp zr0J4x+43cN=ngJ@DPM-B`-a=~>>?*Zta}2ilU+j(v_bn?VS>gXv97lpj|BkVV+K7! z%J{qo)A3Dr$o}XEDK7?6cv`*mKAo{XeXL}9joPZI$XGQCVeklG(6b#v?2Z+QF!-`z z@B{KH1eB3(DT{hUcaT>hpmcdvwOsMT^>sXrvc1Vvz4c*J+ebOW1dksU zJRn&o8l?9Gz;5}Z`eG?|?rbYu%z5(3@#2Rg-)9a)#VE+>!J#O3v{ zdSrPR&|%iovjDn_-(O!LPeS+@xza`th-c9be8{e1+PVy;*J${_yr<`p_mmWIvPxIE zbP*;qCTzd27O=RmOn^!==_<0$d0nhQfS{Z}$B2M03jwb#kW(R|jI`3IAv-d6 zBO#(7qLhe|u3#sdlSMi^%+AZi^KC=6p~4zErV#SV;drWmUZ4|XrX%Zzxb79`QctohLFGY$5G;md3f(;oJ;$Jx&PsONA z+ck*X@sa8tRUKL9K(i^!!|)GNq@F{LgXd#Z55Z$Bd9rO;)t!z{TeqoAJzmdeGxlA&Zv(I{5QM36fQhD80q_I9oNL<{jnS%{vGTiGC@jHOMw zZ|j=cvAGaYUN)kHMaYQM6zUg%yXmqBlUbOxYqt*}RDCWdVrjBZY#2l&R0x0Na6HxW zW5*zt;ljeb^S2u3?6wzC!sI-forgD(lSScYA-}(QZ;(_Ws*KF9 z)K$&&c{%b1s;HVqEmcKd)Q|6rim$KZ=;Tc_pD)5>Z`Rc3hN7w`o1VI3(E_q2#JBH& zZ-%1z8YMgO@X%;{Sw`c9gZsK5q>NpZM;t$JybfhTNO{?i0?Y5%(Ks*SsZ`cIaN=TJ z^k8ppWg3cEr90K?jM|QGd*puEJ8EwA{{a91|Nrcr+j85umWE%2mCLE>3ULNg)2RXp zAW7}G+Y`CEZ+6ubEx|S?5~(4nB<`#I4)ccdB%3GOA|uNdziU3Pu;Jt{QC7Yn`e3Ty8feHy?*(^KG z5oe!gWtlC;pPwg}SEFzL`szd66xvufKM;DzBH-U1#6oUL956B42L!{x);PmhM|we~SEwV8fc4%8O+7sjeLF&A&aT{|I(3nx zS^i$7MN(hV#YL%#B;NStRsCY)H`AhA`#4NyN!Jj~onPPn@b<6$mZq|aw|X*ZjHCUu zEn#Oatr@p}cZW~^Y>iC>8_l)%(6oj>^6>?D90NQM7CxaC_u;`*U>IW-;PLF?kz6Ka zJohHaWg3^O+fdVqB=i*-UVLb$2V-C~S=TYent z`riQS2CUmyjRyii6M=XFpo{|wXS^C=Api;hWeq6vd9o~%sTZyCFYZZH6hcIELe+LV z0~H0(`w7s)fr$)4H97!#0KE=+Q3x^$h%$0qW+kP{KG3}ZQC^sga?>);(ppGmGv|d_ z_IYP9g&9>eYVGRQ+Bgd$8q~f`5L1A@t~vHKg5=aEK@+80Ge&NiQ~|$3TF;grhra&d zfW86x4ux_NxSs$XV*~%vP$K1bBQY$I37V&LEIfQGOhf=4kJ3$DWgQAp?sq>O4EDTl zi}}q{yv$wUs*=8X>qYtXvdkL$x!zgoA>WsB;5Q?h8Oxd=G)O(5b=MsGl6tBFML-7Q z4u%c$B}X^L*tg}!(Yk*)(E3oNo~Pe~*aLiw#D`HKLwp!(^aY{@*RC_b$MeQVPuF=m zxwuH&FYn!azKGME)zZc&qqV}fjn@Ix65y_Dj(tTLF``_Ufny9}0xvwus3!^}6fk8R zQ+#4D4`fXbU~bjW3#q!pe({&|8@(H$Rg(JA4*+-=;IMbADgVL zMSPjMMpR{sWn3ob$^5AVlrL};7+SX^2q<7+*BtwD%3GspBb4t73_yoSnCszGB&5ur^-gSzBnKSkkTQglU5(ns>Tj4#Pk>tE?KhRP@zOFg;<*o81qCOtD zPKnSQM?pWq0k)BNO7a~F-4Zf@&NZ^en5}sNRLJ$c_*$Y z;>&i%olDCu%-1acxwB&0=zR(zBM5k(fO&_I5{i{J;-O$Oj1^zjSn(886cA-><`fMW zjtDHH4n$caic6dD-svh|W`%1e~o6QAf%4x=fI1eP?b(2b@Cq@5oHJq9}I_ht3A ztSfwSU6gLIvtHWdfWp#PhSdWZC!m*rct0aq!LR-co27$cxCq0=7K860jt58?@6*xjcM***ae(qM*)gDgFSVnXVS~65?x-`^;uke_H34qShQ-Bj||zsgh=YX zIe{_)w(Ws!zE82l418oi8+aS5@lYuE4#W}wWn_*PmX=X65KBInS_YyYW(1(T7@#bc z^XiDSY@JN+R>>?Lvj*rUIVFN92$c^x??Au((+_jsP^2N}9q6}4zdt}u0Z>Mc&!Vc= z!t{ZJ8UV`60!o^cNjy*fYUR`)ZdztflkYAU*tZAvAw>eKSxu02V>Ff% zY3nWh?)AGv)b5AacOaPihk|r>fXCR7zYe8E!?o|YMBJzCgEB5m?Fk&qCWc$WfG8bN((G&MRmXpIxp(G@a%UyAaie1*2+{0;&I^C2IAHED zG57H!EG-W37`t=`#fVrr&`5qz4Wtb2Yos0F0UGHj;E^nn(#^b&NqnAEisZW4$u3T> zch*UpX00KC4GEd)TNmggK;0fthbTv(RrSTU7-Qd-ABQ@aV{)`}OkiIYAj)W>_{>Mh z>Id8aK$Mq7lqcNc#9AJZE(iN=%1{^?5kO`(5byvpE{!&Um35u0=OQtS0y1#1-`euy z2-rUy2zZ#o#}iFKJ^?&N!b1m2=w>IRb$AF88XolLuK_&%KKayD)}auklTSLibVcdK z^UEwx%BzKUqI;w{90qP7;61W#ldFtWx-L+#ECG=D5XelFB=(^(1`KRp*1%RX(0V|W zaYUgqh=hn9=-z-RFN-MmYrQR~*+Enx5>RY8%-aJ59zgt&&`1QqcX?WXz!!|b-(D*a zRX~)H3GTum%++8fFg7{}6z@CGfG979C|M6EYo)ErsyPY}I+U`OzuZ^W?7an39pAe3 z3&CB3y9ZgYaCevB65L&ayL)g5?(P=c2?Td{cXtSWSF-on=hS`w=L6ijZ&yLl3l>E+ zzd6Qup6)rPNX3_iiu%oZ_M6PUqkhW9g2);hEK3M`cpa$)0?%VXsY$hSCBD27Prc}yyXe}F^)5!`s;7rn8M93-!3Vx8M8g;nE68_ud0&F&U*RrxZWrI!8L<(; zW8M{Stos*zD2mKXwfLUv6iYb36-6)R`T;)WIxmG;W8J&5+1UVPq|H@jobOCJS$%^l z(J#{@o3>ArZ@sG$>j3bu-ZHy)m9kdF!9YY--z~}!14E;JXwtgBsLp5v(OYIe+l^DH z)c9ix-{^GZddCA-gLjuk{M^?|rREpjrjd1Cjp#JWkU~Kj31Y!%D3bnT>_J!z{=f$D zl2>Aqz0a9<E>K8l zH~kHj5G#+*cJkF$L_w-M+&<%yvV2#Th1e$wqw~A?)ESS9pR@d}`2(}Szq zn{i?D9rSu_oDe2@h!1`|VBH49FixCp2olUW%}cBw+9fCOz81rq0>OCuspKVtyw6d@ z6(z|6Yd7Sx7SV{fg$a5mk0-a{%#_tJznqt@z~xwSJKw|sn^x5HE^>k{D-AP4J~Tjf zuTWpsPe7p@w=ZVRWT0bx@-_m+1L#IV$`$@n3{-K@u+9i88_-7PxW8<<`eexy|I7*A zbNHn@UrxBJK|#@t+BR;l?O@yvG4HW63Nv)oJ!kdp6ZKch5HD^faRAOi`y*z6`2@5% z7S;;P=g4~?ewjNfY~EJblQ!F9M1G)oPDu0zqH|yMDjL4@y*nZ?gybZih+H`gxN?*r zAeu2I_%1R@KJ2sq#NyrSlBUj9cUjo_Al9i!Io>HCyF1mWUC-V%p9iX|v!$J4-m>V+zI z1Wk_@{2onX+d7>2zz?W8S4weFQ%?WjEEyj=Z2*Zgi&d6%Ui6~U6IVeob*PJl zHGZuWsX$wXt8plaE|6k>J(a#N@;YQ4->spmC@ zV}T=O;-swnAcSl@9d~s~4{xAE;Ad#fA72eeR#262m(q>|v2nTF1!;NcK0_{_GOfR-w408{X)LM66%hxuNXd#pNn ztdm?mJwgsOKCBLgN+|&TL-Q+W7iu+UW*4)(CS1r-+G7r3LITkVXj`g)N(nGbBcUyp z-j8JvMkia$pKE(gL#b^10uKiXL`~0&OtK1xW+Q&2-t^F~c+;tn5{@gClVFimp7*=uL}r1n@b?6a61~T zn1MAy&$vQBRy{-~J-mj!xLyyBj+SCMbDI5@Llz)qA=ujG3R@CsS6a&0c}};TTS}o= znZUkyy(0-@l|*osMrp=3Uiq=nT@tY{gg{zx1?|*(kMGxTrT7YoEcgOB27x4702_3N zhub>h=2PFMhhxyq6y2xU_l$`y4)$SDL3dUrc05hdL47*rQTv<_Pe$}%g}Sp7WgIO` zj;^wXi1*ZWFJ5Phqw6a1R*Z?d(;KpJ0riiu3o%+s0-R%1U>4fyyS~{b%KbFh8adp@7V)n&aCbM;AUeD`11-$9wazT z4jAaC|NniotJd1CFrltN+!8~cliE(xvI` ztIP9858NY#!%-EtHE~*RI_OeeV+6wn4Q;q=hnhRP zjJf=(RNvWxE-vItBHIO4@t+;aJP0^u6hXBGazWEgs8*&z_*?-p{Q4um+C%rmq%fi! z(O!o7G#I(iIxKR`;p4`sKE2RNFj?i9!;%tt;uQ}4(m2?ymKlbyESSZBsFrL*Dvu}P zj^)k_tkpF^!bHlo$Kh~Tp{`>R;=&eF?#^5bC_dRYHVpWosQvn!**=IzQ(Emp%Ke-< zONEe;tzba5c#ZH;9V=7s6Y12sr#`6A zYy@uD^3Siktf@~9Ia<(rD?0RPn=h0ce4J#?sPh8HI}7}zp07#KQ;>c9A# z+SxhT+Bumx{vm%ic_n(A6E);Qec83ffiD)rj4d(^xk9r|vjJ}(d^MbO{uj&=GVAlL z);PF%&p70hC7U*+p}KeJQ~7C1X!QlX2u~jCN3Y}GIuk-c17x{gJkFh!$(f)9Sby^V zOx-j-CJ1xs9QS!YGZ0vUHE3oMCD;GTw>08*T+lxlesau7iFg9YuSM6imgT@2{g{pv z72bwTYY#E;@J&xCJjEOd#jD3Fv_W}m`@yANbc>HuOMfCtxdPE$0Qizl>g{?OotCqS zjB1SYTTaD|#d34G1TSY@ha{{_=y*e-HGXxIUulv8>4H31Zu*d4DL+%A?q@Is0TqWZ z(0WtNMki$MLE8n4zBbp6HGdyW)=t5QX>a2q47NQQ5{rrhBLsi}H`G&56jqu*$6xxw zBjJnxRB&6}X^ApN^*&9BZa)soA+}#dhHFmR{JE63>Z=PQ64eaek7q@6o}@V!&!Z-7 zz1boXumshFI6o{>tx0`JRTo?;>E&j89Ip8?I z>P=)8B9-I@VR$Dv(^f-{7I3`viwirGS0C4EI%p~&_abyXC36AKd9EZ zgB^md?TNwjfEcLT90nbzyNj7$gMrV(UBN&95g9Nb({~+8D@mcmVL+`1L+H^``;YN30&_tiPmJqGnKgtr31G$ z4}4W4G`@srT_%jmSz{Xira(2T?$c@L#mpRrd1`kgC4AaOH*fV3aO=L<~p zog_i*3HHVFsI_oguj#_UhSP>uPR%YQQQwbU(s$uZ=N_SLX5*bHLI|3s?+sQ8M%&7? zE0>Nmd=maXET%)*6_2F&6_NVDFM*cH`+IdOPFrJyr4V5OSy~C9z3HH4D$7ba9;V+C zHzh1Gtb$a5IwU62#}ncuo35LPlxA41Jnpn9HA zY*Xh$XyY$-nef_7h1NyWJUAg7;P9srTy*^1XK;`FN!Lq!;~FGrPw1C-NX15~*DvoG zYlll+pke<0{{Qwt58L~&pbubR86Y1-`!69du{HjW4$LME{Sp0;3#cdL4;RRk?op^b zg4;!d43g6@`ZUW_WB`&+bUx3>m1C8wf@+`dgb;=vId2?IE7Dg`;-EZD>D3*=^U6`7 zWR(&fT6FUCs!{Tx;48?PDO2OE!;wexR^}e;IK+C4X%mgu!Gh|ga*xo@GG^fVlg?8} z?xnw4epkhJ6-(^4tlRp&C7g;mV1P-KU9b543&QgnMhi8TD(BNwOcI`wUoFgMrZu#k zMTwCxK#1%Wo34}46&R{0j)czaZ^Kzc&uZ?RAre%#Ia0aMxN%4heDQB>1&>VA%`%#Z zyCUMYN(>St|HqYn0miNk!p9MT*6l11>h88W9(~` zd^g#tFDjuNj*_K)Ry4ZMk(YixR?|x1ze=XE5_9}nz#|@wG$M#Vc@}+A)YGScCwp!= z_*O@9PgcJ0k^A@y;N4RGL}?gnao|L@BsE3{!r)ne?B*9|l7&&zYnXk~)v$iE2}d?eW}T{b-?5rG@v7cUD{Z+VhT} z*IoAGydM2@A;WzM4T(W$a@U?Nk<<>?4U!8}5D#(y<5Hb7u^XFEvmqN^D6Tm$WG>0V zFiaWxXRN?)MJMgzpAPZATO@EYf@h>|caZs|UT9bi4P_+E&8m2Ac0=b+mR`649A35*BQ?WQs9 z$&uVe4#VFOq8Dgi9HkW~36mddc{*PzrQJS%zq>s*Xm$H7Aj*ZmPW_=_!sQPCpOB5% zAH4vAki7*ZIn@6`*4)Iv*u(+&$GHlUR&2Nb5DRjyFfWwPJzQies!Qh%O_oh4o7^Fy zcT$a{m-jqya0ZFCA3tCNBX4}Oa3^pWiK7ENVN9)yj3WbbV|b}brI}kIrdF~KeiFFP zqotx&QAA9If4QxBdb3HDurTCRkip+e>!)%4EPKIU_47x-e@ZcVzq6IrniL| z4*9j4vCAT#rVcB~gX~(6zU=GmVpI}Nd|)$JG*B+w{&bNkAe|JWz59lp<`g^twl^mV zZ!I!yyQdt>d=&vww?Q(&r$9a+{hmD7X1apdVwP&`IZktrVi~H6HG!!`RU8#YUKI>{U)9*;$3UO#x0wqS!nKVq%fyE#sSQ>|zl1;47+|F3#2nO4G%fo42 zU8IspXInsK{@XcJLRBOIem^O;^fK#AGBUQe1ykyLY_GZy0c7>Yi1TEv&YLT5d}s>6V?7;8j)|)|JK#zXJy`nEb(U#fqM5lRuu#(~BN%wo!gVtEoCKWa?iy?z2(iMMDbZ zkA0>US?6+tWZMZO&aEpcMc;!a4mb7U}ewCIgT~oIPJs-vfREe^T+} z#}<$-d5uoKkuC7KKLWHUNSe)1R$F;${M*X+-f|v$4IXY(qI|tbicykw&F$kTL;CEm zW?x>R{t2(go)Q?Qf5waX-*`nY|G|syj*x645CgV2tVT1DsJYx_1?Ccj*GYo4$mSUj z9G60&PH?vv;?7I9SwBnvNpaogdN^+SC)|AfQ}P(8vUph{!`tVDrYZFQ;1&Gkw*K+O zBJ-c{()fedy{#+=uda!|cxCK2@=GieM4OO^qtGka@0OMtEGEV%Vo3dcg?-q2RPa4e=N8A9TUbfz6}N|it7 zX>Cfgz$JK^K-yo<5Y&+Dzm`aV&Hpm7!<|@#N_lJVkCpwSg(^rwvI%W)2=ppFzgbH^ z(TYou=SvG%-Ugpcsp=s$^xTHO(=O3^V9K^KJ6Pj{YSUQE$Z`+@LZ+R`XmLCvfKy(d6V}^-O4Fq@n3$L@DKqbe7)tmzmUQ~qL z8K!(Pt)|*_a94iUAx2ByDPN*$v8Nh6s!(E7M_luxTMJEMrd(_;4*G~M2`kEuZFzq3 z?~htZvl74sh_?l*gtXgV!deanGG7i8(qz@p=}tMBLo`7mB{6~UB0P0yzU)1i^YWLb zBdDpW0hFO=kT-`@Faob%_ipI5y=`Q*8mT4DZB3=0_D8BPtb~vss<{i6 zn5KOL(ox8Rb*2sfA{H9Qy+_gdSG-bb$-@G(O=F;d7chT}7T`PLem>rPdw>+Od+qHf zk<*I)i=rjHrdyaYQa(N;&(Mj9x$G{#ywi!V_3$KD5oEM_6!>B&0aEH>(MUV72$VKS zCsv^mxvVLpc!O7UB+&sJ7azF~mjJ|s^64_PTKdEfCoc#-S1*o+n-7a|==Q3&_FEfl z`0|h{25px)v#S&whwgr?el-v&Gwo(l9Fa2Yq(lnqU+LRWSge@t>6g_QZ{KPy9}Q-O zn(AMG%T;Huc`p#1fvW0jHq?s)8SZ0YA>=}n=1s}Nu^h-mLP+ik(7Fu}dl)W#bm_>I zTS+-TnWI>N#xQN|u+&<NuQZa;;TbvOvXBL%BX~=RT1WH+pjp}lBic;Z zXWjzh0u&1MOTliC)YPKMWA4mze`zVOcQ?wZX;?lrn>AC5aNl>Is|)Eupt>ElsH&V8 zt1PgqsS2Knlhl+6AG4D4ZD}{*4wc7yj7e6~mTp9u5uI0TzzrpSw*9KMK{axqIueC>Vk~bok-v8S@HXG>C$GP!>e`GkdlT8BwFMa+ zl=8bt20)P|p^r9;8o(@Q0X_QhN5E)No%kdr1=I9B2K^O-aSMyN+y^^UjUyU@n&rrQ zs__Cox5Y)C9a~(Jexhi|JpyLb$ z0^4>Er=n0t!rnsGI}lFcJr;;q-`m?Hbzju)&7{_ajGd;}>vm^}Dv9ld zXy)VUD%}bggBDr_uO}^OZ`+{MAIt!3flW|OG_dbTk9aO-%ZGxERoPNmAWHwl4iC=T zH=eq^{rVM{AWV;!_~Y4OsF;`6^|&j^q4xJw#9MFiL(%z#57rw3HorCox#z6*ZB?ND zF=BLD#LG?Oe%?&yxrtrhyEWjAqL0R(n4#~`6)Dc1{~(j}#e-FAf?Rykvji~oHR$c} z#LjIomrE>Om=UK64k>PP3Kz;_$pmSlu%IV+mJ$221+C%dp0tXaO`G6Bsh z|6?h8|F#spFkZAjmhu3ylwHuW$I7zGAWLcbXG_`opOzxf@6`78P2Wt&*cZH?W9lX!J0>48iSU_-fVE>Xb9`kHL_Glb=k1m!={9C(mzmt{o z`ex(&=5r|!)c)wL{o8Y_9|K%<5x`5s#xaECK}3Q?atgNp{ek`{M9~Ce8+;FG;Kwsl z9kdZ+p3R*$F;RJvoj9Sh%+CMFE3N;|D>DBhub6J4&Bnr*Y$oz3@EWMM=N(Pr*}~z` z&q!j3xYUf~cCC&#y_u!HZ&7Fwy0Ilv~x=6J$4^M>VR9g92**lw03gctsB%R&48qL3s6p@Dlrj*Sgp1 zkMZ7LxG1yJAuUB{(wQ@){Ygc#s61F1cqXdb{VH%3@j=QVjwXh@R}ft$$xH|IwGZlPQYo_E(SH4uckB*GiODAd*T5LqaPMCO#o@euRDb}q z8)R7sNzv6>5G59^=@M(zCt6_%^4@>N;jRBO4r@TSC`=b=|92do2;dB_@L^mKns9mC zxT^0c`T=!s-!>U}og_YWr$9=#4jL*ME5doh)(3ni@ z(Pqe*XKLvpxEK)<;EVlLAUn73(Jn8H_#cfw%0{lI_9OM@@0)C zahS^K{BoksvempzkyxO*W?ON*JZT=VW=D!8qnD^OS8ipVD7}YMjS?kYI6VBx6sm6} zR2yEtogDLXhk-KNOew5-cd#mQ;ogJ>F6FS*VgL7Jzo8Z z^WdX<&`0>b=LI2b+)83V$d6hYy?vg4S;m<$`xQ z=KiG@mqMsv6c5?$yyrx-KT{ zWhiSN_hG*4GE;nEvW{$>!RzpKhf%X${^UE)3}4RemJJ~NosjLjpZ;jfgY;a4x@y(W zrq}Z&xyp~F< z;g3H$+i(sN&fiWBb{vsxTpT_>++J@SSencswGjxrM&f-aB5>h4!SD$l6=9B>y|A2F zxT~b2KRYDM-sFRIzzo<0xy(sYf zq#|R`>2<5*!1g&d;!`Ta+1iD&RIso+;A$KmVV&9W9B_UVvVR}LOgT8o+UV4;+aZA` zwoci(c5=PuvoI#X8`COLus-n-RuoU3l;yyqf95qhSAgh_tk|noikWXnQK%cvpec6bLowBV&mo;+~ko8twD6%jDM4$_RS+14dvYpZCoyhJ>; zhBP+pielU=A=vKERX%HY#krup#iUfm(% z2O6M|TacG73LEis4O)?7NyRB^uC&>-k58C=CY@*lMqol<%nLuE@o(a&X>H^kF^H*Z zXp2Axr!nLs@EP#-q6^?+@2o|uNq!$=q?8JMWLfIl97E%LQCw1sJl{NN`*#a23^f_i=4yMNRCK({?@tQMIyG!8Cfp$LbP$7;a525T zgQ1eIBz$-`$FHOJv%anQj7EeJAB!qCHcUKDePAO$>EmAZCi!7jS=bBLB$>4VMdpMg zdzylcR4IRV8};tI`4!t}hv=?*sQ592T~rM??U7jcTKPO-VC-d%z0+nO zqVG2Q%tKe~9>Q)6YK@xpXxbbpXzLbB079e-0o4|(H4}4wK9-VN>=&*^X^mln&aFB( zk=9(`_6h57l!?Qio5f;7BeX4R;Z78FhhT5cYi^dR8@1}Zjf{VwG%S@BRrM_{$Jm=; z;Vi{FRWsDbw7M z^2VK_@ywO37)9_e)q@St3xNo7@a9>`Z8)2<1tD?N^86!sV z^z!XypgWj*R$;C#vBZA3ZN%s_xGD{BHToXbHw_Y`1Kec?`92>KY>`}*){M^j?l1=w zDMwqgj>EGZ7CY>@JBH`Xar!)U$;uy_^K3}xE^#9tv8x1f7OZOK&+Mg}&!%t4$l)#u)c_Nu~gFH zUk8DYK&>vZIC6zto|-m*RxtQGR=Qb1n|ORMR6;CCd}$n5B@bPJv1I$0dzoUz8Api_ zc_#Y>+^Ev^@aRCxJ`g*tCQ0k7PQbRh*75{LJ>ixiETmy*j++Cy!zVi3%kH-HgJ807 z5y2PXr=}2UZ>*@$T_&T#nfo9^@nx^GArTVi+sI$^Bxoix|v0+gEIzh*#7+L)JJ`~G|i4X7b+`S9c zs2BE*>Z6qshr<)P<9I{;0J%@OTDe~0JipiV^=mmTx|HS$>#qeG+De_K0gKMKH5dor zAil6~mwsj<#+*3I=iy8J_K%C=ahjE$R)Qo^}nb4MV4%A!O*c{2b=T6+Y?ZRM zraJ=_Di3_gyqaw;E)RA*$6^=tO$guG?)U-FbNEqb?_9e=4E7w2H}En&w<$i@fv7&f z%q8DigKC-a2xf14AkkjCrs>aoEM$#k1hM!d;?jYMh=o&^msmgu_mMbOUDr-q$M~z) zRtdife%*(ZC>EglIWyyadxeJV1@?+pcSlWuX0MilWDpvty_@Hu;gu{lZE`c+Zl@Xj@s4#jW$x zbFe4{MxQW6tlclwQdw~oWyK|{Jj8HFO$!U(cl)1*bs&G2|26k0-njd#135QS$NOT( z5Y=VziLq!K^G8M?AX=ftIm+hKgF}YAo&$2;HwlgH%mJvei(>$E9;sf^e30H}SNQfr zho^Yu$-c>E6|w_SL!|A-!j5$90Y28a)>DfzkQ`|8xM0SoJtf^%csV?f1I!q{_#^vY zVcQwUw??7f-^mf00g5CjRsr;dNhPS>IG$&3z=yC`A0b$4u|mF@8a~|jR2J0; zYxSFp=_;xl$Cqe;5J8eEJIgLFx)U1#?MSK4_tsozc%8@;x(6I=qZ#lf^}+_D7MwlR zsJL+4xNukW8KMMD3&aae-5EE)6*AZ9eBdgnnNY66ca>SFzSa7ha5BQd`zWsD6vdUv zV*=C%AAtB(PDE|O!sIOQ{7O2JwyWfu3L_cm&U948RKtX?*eg3T>5isHqb&cSbi1u3 zb+5Fh6Wc3XorC`^X(|Kbw{pJTYWiG6&UyaOn$VWMRCme(UWN)cYKyQZIcJ@b#1(n% z0LGbK@2Qj1#K-|Cn=`(h{sGD^JByRg9q+u`N>BM_)tJ&qF(^BRUL9-Pd*jOci51v| zdbWI09?k>d${*RH^5rdTE~qZxb|2Sj23l$h9Ys;-*$+n9>g|y`Uo2X2jEQ6leO??YfCV`xiRUc7O#xZo*wt2q~!= z-*nbqFUs(om1PEEB-;1!R~VW$P4<-hj|Uuppu};2w+vw3A-LnD#u{N=AAeqD>jy6N z@-bj4wz6J{@1r|fCcZs+1I`FL@FrT{D+aq4qgAe-y{l9k#z2_C25)Cadjf@U1B`56 zwxtL6npkckD_=X8Y~{qTSnDbG(h28pTs1BlP=-9e0KKS@TVUf}tz4IsVepw@R${ZU zaaUSGDcM=yuNAX1?pV95vyB#4w~`C0ZnJCJx*&? zi`F|eG~$`YD$3f$QJVX>Pmmlt5?MfSZm8i9Xty?2s}D6!$h+>6m3synePcEdv{va( zQWz{%5ki1%qO@+~s-+<~^oT+bizcc_H$!Vu18F~IF80b;*Vgz+&h@mS6O3N+s>+Xy ze;PYg6`0xaZ+_OzFf*3n4r2Ac?MjWxZi(91e)tN!hNq($i0bSCFJ>95)G_vIxD8h- zjSQ0~Cw!i3OfdF{;lH-_T5cz7)U&Nyx1Y5dd~bb!nR~b4zn*hBu^DJjKLoe5x}Z$> z%9Yp<;V}H)iH|_&7_1PW;MBitqe% z+LEt&3!o=W7ZbkG8yTysF7WpBExOFMRs8U|4KMg8Ky*KOXjmXHN*P0&8VlNFq|4Ua zQ}v!3w7PO(a#zwpirvM4G9N5`DWaY|Ey+_jy$m@`vwNKmgPtv*jEz_kJ zDPgsNJ0FZM_hV^4on&pvQ~jGtr@LEx!W&)Di-oUgH&dDv@f!B>Gmlh@TUQp5 zpO}&&?0@aiyT_UH>RuMs+G2a}ohxxu@A=-hpymqm4?Roh8g&wFxD9$&pxiU+s#X@} zI{<(NACu-fV_NVM?T#8p z8+m&3TlxAx!B3e0=PM~D$h#|q%+7yQ=SAI+7esT=w!|1Z*Y1&-m=E5eXWEgtL*z24 zdwx_I%9lJT#jU2vz3QvP>GV~PID60A2k8Cf`a;R^{6{9QQc{ZJAw_b<1#&Z}OhzKi zemtF9aN>>YXrEc%QpcKdHDI1vgw`hUURqwS+i8yZxw4R~wR};3ztX&sc=XjF&vS6k zRRNVvFQi6arlk2Gz`>^iLv^V2J^?V(~T8-hW za8q`SGgl;HzBI$Q?}H*m{_=X?nWcHQOy{LrmyN$mIW`hpb9N)>HjMa7C0+3Y#5erD z-Uu~`*|7}bWnD&fdBm(L?xaEW_k~Fh>i2uxpiNB8JbU%nD2Yr9vfv9$X>m}qRPWL) zV=~p=+1ciYwB^^ip1^JN?PugtDa`Z+$b57>j|t@qP2vyMZEgW=FfarZAaL54K%koW zE%2aoyiZzMGqFV1(-bFhBU7e6wI!UC_Tz#dw;@CN zb>Ck1Q|W;)#yzN>5We?||Y#oe^BpkKvGuPa^&|eG}9U-)Nnkfa5x?eA*A_QeFaW`ZoqB;P)=9A zvvcGdH2xvOK?Gp>vF6i5&3yIQMubjr*(>+=)=aVh(UtM^FWvSyuAaV}`c_=m7Osb9 zk@HT)AyDuM`L))XtOIH{S$pT;1Xy(Ud&xx4)lM~WRN z<=6Tc``q_ERIXBIcd!%uXX$Wzr##?QzF`3 zhWS-l=b))?-2{qfJ!7L=YCY!IfrxSj77THF1#0*YZE9UUX1K_Y&XTi8{c%7(_irsK z66zZ$p{u25w8mj;3QZv%D$5N#wwwU3RyYowo(hEvS zxSnUW)YDDg5P>tzm30H;^!{Id{=AOLn*0EB4Qay17%kkjn*;O7w_1*?|h>mP@;Nl_GltNc&#BS@xW>ZbB7#3OrK1rJx-xG6n@yC z4+^)SGHKFt;56kjZzbCOU^n^G08_YWeFTt+WcPO;KwoJ;ns#=_poeOrz;s6P6ZR8h zdiV&C;H~7iwD-TzttBxms{dgyAVu2(_E>X9?Ckvu9QVuP$WgUM6VVN+p~c}HPzUim zCj!m>lXpeBDgP(3vY0quQ0g|S+Ab6&Q)O0O;qMo76=*SEDK=O6D#0 zmG>SGO#zI#+Zn~`;k2KxXrkm?Fgh7B7sX%UJ1NjR$ZaVNkI)vr<_RCzHjUGjkrmI* zHB}d-Gfhl3mb(hdnDj6fv9yuibA=$cr>6-45I>NUx{d;glHp*?+OfmBJvr&3Ai>f{!LRm*1{_d7&5-jg(dHG{cg>5e0M8$ z^z}i4EbhD(#h`-Nvr8i?SDdvKN96_9@%%Wmoh|9UfS%0+!~XMfTX&F&E%s$l=g1}6 z0?t~UouIzui9BT~&_qveLJhgi^WE?AAYb?P8h5;xnsJB|y^jdp(=j)kuw}3a!j@bc zB~{yY2d(8dpEe@264LaFY>#3;Ms843Ze`qE=}kB;Uk8K;`%je?9FgDR#j#5xq7N$V z>Aos7@r&*fV=O;(j7P8GyYhTo6;6eCe*zKd#KA0C85!;2+j8~`)Nugy z!#?h7PfP}75tT*tR@>ja-B3C;nqHG6_`pVfmg;!mJ(@R)xun}5cG45X|B7(*s@BT@ z7cS}oAl)hMB?3VYY7Crt8GXo84!ftGF-qk!K_BC2T=5!wRc-m)<8Io5gW{;mkPoAq zAMum79z>g!lld%dA?sS|#M{{Dipq7%iv`7-%fH$gF;Hm!o`k|FnP>y6J)si6NInEh zt}=x34N;$&?5}D)ID|yxJvah&KPN;0f2%&~8?Y-djgZ|hh0e1zB84-x2-n(YBh*<@ zomfmATJ`I;NqB^pG&?4Rri-G6U?*}C@*3PIl;I1J(%Z@np8g4EAq0_1y6=ZmL!^WX8Mz1?{Yq7Wa zMhO8W_(A+9?A}Pn$xlwg0BBItoaank0~w1sIVq*~NT&APagyQ8AWMU6=G-v$9H}j% zaWagV>i+t(tII1o7bQ=%aWItKRxFN6*A{|k`aLJhcz}`MYFHxLMRxvfB}cBM<hy%iUSjPuX_n!_ek%NlU%S&wmn)N+zF4d0XHI+(sD^^d-xfA=+Qb;aqK4~ z|G2aC`?kHV3IcHzc*6zGr@xQns@HG>bo;?URahlT_$@c51rQmVZVFsnnK-sim~ z;5vNXPHg5?!X!kr#I?PfCfM%QS;AG=wKWcMx_+lcLf34&GURK~T1I|HJST3W{b2##pB~O(pU*$Lnv|hcE z_Wu69H=hvk37fp8w#6|h;tJI3-kx@Kfj~lpmG_XC8nUxnN=YN-N*6v>v?N zs=fQYSrMb0H!d0i;|#b;3qrLVgFkOv7Jp0VnL*bdJ0m3ga4jqpd3s${lnO5H@6+Gq zXwj4~yLdhAiIpjBYxxP?zuOro#IY*O$U-VpJk!_g&JlWa!>0CG$i7K@ya_*bwc8Ei z>FO3yPT}~}FqRxYorkszf9SHWn3uKj%7}=PWyKHei>72~0pDodefX14*9kOT@kK>O z6Y;}V=C{`)*pEm~Rk>%SH$xc5yRnPuqoz&S(H^P`>_-U^Q>*i@gf_(%uE0U?3gsz> z7HB;Mwn-}fE**UVvwmD$-3^-Zx=U=#e-Y3YJmoXXXGoOU_I)t^`nZ4VTADUdjKY}d zia*Nc1%IWr_4#+NjJplSjv>Ky7|HwDF+S=fE&zoqgdvB$-VtP8(atA_1w4_~T6TNC zL?3SX(nT4oP3^e$+2&hA+Vh6ll2n`~f^Dz0-D}(KhLAE~F?txQajL}5b>*eKR!jo}B zqS4QhGL!?u$ef0b=i#%{i+gSsA=a)22gB=G+2RPaOt(;Gm?MdBDG?SAJVxf+EQF>_ znPDjt+FUF$wt8Gmz_h2PiMLk-@avi<2ds5FU`Wj-nsAPH9eWxCno~^#@)p4o)e%#QI6u={-T7G&zG9c z*PO3sB!1b#5r}j2lrpOHv|T_wauiE2b7YuNoGGC+ugS#)^DByNBjdxi;|<+9^@e44 z%P!Px55_%zF;iuNbmsF9!>Gbn;bp$jPc+#IDpMS@0U=eyM;|pt##-PwSnm4!6lhhS z351dQwZeY>E|M8*KKk-Vo|l5CTMX3Oyu}8$yGL{c@?!+sC`G_r7XN$vqC|}mf~*;r zc&k{1$RuqVp!CS^ZM2WS49I!lF{c;Nqm0iEPjP~iC!^MFPraLCw_FH}i^}f5zz!C^ zBIU@NI158`glio3VS5-Iu~`BVeB)Awhd7$rky-rwdljia)HN=* zs|DOditls;Gi^DvH#%v`3|E`x+6WzPMnD>zbJ|sO54uyKgr?=X__-^>o`E6#=q6kK zcVx769#26sd_?&-X{!Nd!f{Gtrc@4kLg9MtP;CR2%m=elt^uCyZ^jy6n1rQPwtCXl z6<_T3K=qrTopz);B^&5&?LY%lif|UV)`fW#L{XAVutB=%vL>Puapw+kVpNMAmAUl4 zW=J#PCeAIojFQLGpjwiL-<2LOjNt{tC$<%okuuTlsqC_KIS!G30}0kZPK2mse9Q)@ zD5H44i;(qs%8Sg<&`@g&NHPZT@{olY+36q-chC7Kb!kmrG0s|YgUFifZL3S^^ zV;l9BltQDy!d+MDU%O`E;HSg}haDK3aTNqh%iTvBf&Ep8mhii(XuUF*gt^?+<T@ zvTXE)D`mOPodKYy6;?oZt7N(8#<G5 zdk#Fmg{&(t!v_`6dYyk_$URO+j1jyJ;vsWau6W*aWg7H!o;t&#eWSuazP7g=!q$?H{USlDtgTkg0q8$U z!3W)w0o|FIjYl$4Q`LzmIx14a)Y-c+)iy`ue{lSAE!7|#(pCCbJvRfV1xPqg9g-Bw zKmj^Yjon<`O4I!K&~)37;D%q|mW->suI(aB3$jkoDBGw+@OQKmY2L|cq0_Jk(7=Xo ze{GhTrf&~kto!j~6gineqQmk;OG0Je)@4guq-?p|m1`gCyOmuL7IvUYH^&RSqFUqx z$OwB>w5k-CmsAJ8oSVh70vgq0B+@oW-&$)QhpouX_POQzU}Rr^1$G>ozS<7lkFVqI8SZwK>B_otrlRm4B&7CR z+5<~A*c*JC7J_dl8h7}!iWw{G>#3VK37vJAM*Tx?sp#E2;l5+?4g-V~?*hp4aMs%u%gO@btNg6)k5cZcBa9^BpC-GjRYcXtTx z&c=fVx8UyXZ=G|$`)>b$HF~V>s;;UzXO&NWEg8yh_$W_MFduR7TyctN|9$gBs8|Yz z-*CIoZj0qPq^2lgZ?VAr+KGtye0U)#T%q*vWb5t@fn_dm2km$NA_u=QJ@#9~8`g$_ zlk;6_&4b$yS|JIiT`%>grdlJ)O}-_MX&0vd5bWN)^J3RnYQ5zQ zW;#6G>%)H#QD&`9FSkewP7XgTD%wTX{x%kqm>(D$$J)$gSVKvD-zyWR#zbOORmi6< zdxlGxNB69-bdHm#%xbl?C;1a!-p_@1s?V`=x3glwYbZ0Wzfnh?_~&w<7NVe`)I8uw z5e}-4=1*LxD60(-L(}gZ5!ZY|2mo+Id{|rQz=w>H^5kN&?7rB&@Qxrx%Sy0-7wve4 z!|eMikFR=5ijJq8QH$KRa?2*(fu{2Ewkt0OH=!XvLrOv48egc1cG;R$hZJ_R4RLskc2qI*EPZ1vvXLBv){PI7s()u!Bp3aMc@ z=O;RQD?h>ovIWZ{2m$2XEt5D?h-{(BGXqnRcz@x~5~~+Fi9)LBkTDcz|86VKI1FSK z==?+yCe_(xkqo6+vjI48u^7ekLOgOgb3jhObVa@}|8iYMuVxLwJX2HzuoGfK7wmhC z1ZCn6MW5o1Ipl1_1k(~HSlS++CA0f&)`hwlFa^rBOxwj4$gRM|{2A|z%>d6Zt+s`1 zPys219b60dv;Oh^al-{?S0FMGvv0`FRd4u|>URp|`QZc`0g-DGIZpSqU`(EVMg~CT7WYtth1WAh&79`DR z_sYeSeRS|!dr4kZX-8`=E9K3_Zop3>ZO-FSQ=+jC`L^K64Zg5YoOkfy=KK_)I ztiVM&N(&IpAm!us z@$_FGd^mR-;$<~@tb9Y8GkCXE%v>2inWJPe*M%;&I8N?V7zGNdC?@p-No$HX=^Mx2 zT^xH-9%lO85gsNe3DpV!t8n`h9p8UFh!AO23ML9}EH<=>oUM8+YFu5J*&Z3AAx*B; z`>5fWMT`WbXv8zY*UX7c3j@_vxz;H)L_B}N-`0nct_O-q)e`=cEvBbsFVqUwNvjK$*aI9G1M5;9+V2i*n1*tdKHvM4+BKcF94ng?qBf*j>T( z*^A%9l6O_N8bOX|gD4f17CN%gr!1Zep5EWM991`FK3lZicyVGP?qjc55-?1>M| z+^EPF1aGUpEjf5G9)zEecdePojBA)#flys7-O%54@(*1`k>03_C)>JACa;?C#7OcA z2CZ>#I~6tRPx`s7F347mr66w)ow;z)u^GQz6&sHJUO4SZcBu^*avnSRfW2-~G3Ip} zt`!xYZ{KZQAJM~abcM=Zz z!AfvSj%(nh&BBfUSm?iWH8s-2MupOxWvpnj5dYX9(~>PMdFxBY3R>@ z|IV}o`A(@^RKY(WtY$JUk&|B%%`I9O-Rj{=nW+By90fl;bgw-uk(PlSlW0GLP{*nUI1WC zuMv+}bDEAR0ysAss!A-*?s&BN?#ZOGiDmOKT+!3ovB)EAF9}cn&#Vp9dFyjW&t8XE z`W;sc(j~zc= z>9G*z92}#UQ-wEvv0?+c@jlLHs{-r!uvYLkdUa@dS|2)6eR!{LhCf~K`5z)(+UMi5xiA#xrgqR6fJ~pd(;w*K=mvlFS5k9)PSV3T`ujA!WX}? z!uwg2GCOU#A=%<2;e)bNuEq)<*8B3d$R}TJ}0K zrTngQ$zxiN0%w20xN4jZHf~)w7;kRdU~*d9=}IRW7_^#y3f^cv2~{=fJvm)tWWN65 zo{_2Q(MxL(2j{t8A>*kHAo>6b>okUxs;MU6O)XnpPB02FJK5*mb_$-#JF39dO`K;0 zotqfphVa!X9uW=z;KM=8Lu?OTPX-t;zV4?najFgLJJ@JUw zX&f(kkGY7Bc0IBr0>z{>`@6-E0+Zc4Bn0>zB`SbMlCpTu44FGH!e3Xw& znVbPAz-2cg;WUn#wi&jM>@cYhzo&-nD1Ave|AX9+(PhX)xXTg@B3_pTdCVS2ip5t| z_05H73&~nWu5-)a*>lvM2~%{ASR1jo?zz@ltRsb#5TUe)BRfhCCrzXvxF8i^xUuBL zlfE%U%}-NDX6+_N3`V^4cp0uN4|cf`&)f%| z&ODHw&(ddYM=%%}elh$Sbu3?^QTdqo=B<3e)juWrA-M}q>#eG?`Ay1Y{qFa*3&_1& z$@_PB+TgU(NBtoW|7AXyabFDfXMb#g(>N94 zabxiFGFq#B2JgkQhWd*gllR&>k=-kwwW`Z=!gcEjPJ@CgwPX?o_wCnLA%~q5kMJ=( zq`m?Lig3k&b}si-Q-2M*)NYs^RQc@*U{BFAZ)fTmZ&aL3GEdKntlXex-`pLd-dI~@ zsFQ?!mW_jkrNiAz-(JOtKi*OQ^t{NK|J*RQI(T+K(B*V@CDv~<87f$shkUw)@@YWp zKn9vam!ho9a@gbcP+r!4=g6d!pCmcviqY?rYMl7=+^m$W`_C(?uI93A`k&&3t<_p& z*y-k<9+E$~MUkUsQhp8#(V$JB4n|g__*o$DEQ99+6Yh99%H{bektiyz*dQtMM-Kpj z12LVquQt;jF&%!_RA3e=kbVx=T=J}Slp5+OsCT}d94r^}JtlckQJIasiEObdkL_$r z!xvM~oF)u!Qr9S8;$W`rfcg+5SX!t$+(BiLUShe6o~*)peTzVHX46NIM)LAuYF`EM zr7@Wv>`Jpw_}M9jad4;-=0nYZxo8>#i;M7sW&0HU%{GFv;m0x(nXezw(dT2y5(JI` zW@KkniJ;CIzVqWd-ED6&^UmCpzKo0H=h!I{#k_LYzasJ&%s@L?oF`aljUSD%kFgKB z06}D5{bFkm0#H&7JRB4nhv;wIxhfpoL93!nJwNlAE@S(|37DG3z11ali>>|`7JjD~ zVyP;%EX?jyeW)&zupacl9q<~%kYqBKm`TBUBB`!#s8by!AqSmpDQ?M160j0twDQ$? z#sJU9X9Q((!rpVa^r6Sf00psx4F;IY~a!^WZG{&#d{8g;lmX8C?O zi`0G9*E?nT?9n~1Z$7T}d?45=1qqlLRvhKBDhqYl`u$@Q-n}NTxiE25o08M4IE@v08BT5! z-mebycl3!T7z87q&~D(Kli`l{A~|rQeN~X^WyT<%mRbD2WNU5ska1qUu%Ct9Ox(-* z&ZV83MQ^uOYLsT2A75%#G}zPuRKU{G8}@(m&1{;68`^T$%UiBM7nhqnw(FlU#|D2o zZPuJ7y&dRa>u~$1S>!4H#3rcFVuT8IX8NZ}-bec?I4i%5uw_fxE?#leIqg?1erWOq zXs$)Mk`|P@9uunjmS64ep?vK!Ax0r7SE=1Qws}L@KNIg}N5U#6=7~WhXUr#pV6Edd5e>_os@e1Bg{(q?EUhAE4w5y>6YVR zhbj>s?*qtivsJ#5H#wzdA&}J^WEe;3naI(UTPV~wn+X39!OnYE_YbpzO)TEv&c7g2 zCkOKm9!mAl0?p2Jv{tt3K@SJ5{9#H>U^osQ^_YHREM3y zr*h=zL=AJhx1>&N(AQ79j2BIdeBcv}KWV)ct?~ohe4ShN;{<0$@pT82VJXE8gMUwb zKU$awCkqDy*cpTIY?Rc&c>%zd1E>6wb<4mJN(zM}-+s3Kwxxv_!Z)N#_9n@L7$oe~ zlQEH1_>>2m7l?u3$|r36Q=3&-K|zYajlgd2OLnNxAfH6MwUWYX@wNd)89`hwmZ=Pq zZ8U??3r>&|Rfr5>A_-pJF`;KAUGU3UVJULpV<^PMWd z&}NLe-kks;fHEDq8Kb>y&JCo#CgM-$q1QT!JM7%X=5SGM*IU}Ei{K5C7N@>ktRqp4 zmhK3ex)*fwpv`9UOsk-NS`SNzE_u{!2oatl2W`#DbpC#0^I6V(rSU{(GCpvawNUoN zO0+W0z?0Z+a_k3H@*0Bz&}*FZY!_5DUn2=|&J;eZ~az8IN_ znQY}BMS9K-kKGn&Z{CzZZ$CxSoqxyTabUm@rpL76B)x|Ce_~4D+K^Zzrh&jsZsA&p zP>Q!ptI@1CmDtIK6cz*s>~$t-aXoupWYMh3)EHf5i$zvLTXIx)v~lZsL$n(GZ_q~P z{ORmA^Zk2JaS?S7D--t_>PE-=zNTi~a|J8N^oLvRg z^~Rl&dGupaEEA)Q7CS|vMDx!udA$0Q*za9$r4gbC?OsC4_U1{!1x?y838UVl#E*wK z#-5O;Q9Z0us6A%9CX(;vc1gonPZ(0<03}T61DK?_Zl|~5g;KlbtSp*@{!TxI$ei0YB;*t|OM!ji*|2VllF6zOo zwf9JQ{DcX7$eBP+d_W|z^Af(BCQX6(;1VBUFr>aRvBR;qMq!*#?Wa*$;XCg75>kZ; zyT|N5x-J~YN3El!gj8Q%_@O~ik~UjjUZnD8xiL{gv+nG@V7!;Yew|XFMbG73&^{Fg9;#=A(=y9T=Sm z%0EtZhm{gQI$xTfy>Y)3&JKNssa8ai=IyBS$dLiJ>$oD(@OH__Clw{ZJ70d%kScKH zhQ`-5YvVP~dFnEj8!sDN)66BHgOy*()A4@-p`~Bp>r#x6XEUnOVtmhJ&OQFNvUu4p z)ddR*n8+dxUtl_QK>Xh(NqF9*r3u!=npM8}|VMUBrX?MFoDF3D^pTN3^U1CH}cX8q?xAzy< zboSl)#$7EJzD1Z`UV^6llNx%v3WJ9$+)FsSS6%HxqDHw)4n19PSquN)#|gNBAE~4g z3vwpC1)_44o|u$&_kGX}FSbVNJ)Bi^Q)dleBNeV^fhIF>+8CT|)b9vDL~%BbS>n zI*tv6$Qxc{EgoL+82hDYA>M30;xJ{wzOj59a}z&3Nz_aYJ@swbToQLX5>?BNd& zVqxArZ1&v)`vD2|mGPbTK-fIES%GzuGmL5|dvMxZU@)O)+&7UAp6thMM;g~8Ri_@~ z&rga@Ci!`rSsHBBlDb-m2OWwZ2Ki*%dL4Naia1MlHsMfor<~uD9+U4IFr@kkcXT0x z0@AFe5!tA05dQaL%K)mNj=4GC&ay-b)B4c(9JwUfJPin<8a>_(&i1;s-G;F7o=6lW zed^!fGe__gDDbJD!f6qQ*zTcOSL{%`7IzJ0XJ)%0{jBGIkp@NakP0d-&QoxAq@CS= zG*3$iU(bCi_1H8hAyJi67*;3Ctv~UtKJ?(JNxNDmof1tLo*I48LT?o)Oh3!Hqk}cP zdKgpv!;42fM*hD&_BMx*(!IVDV1yMiO!?Khyf;0&T75AW9*#)W(D>s>vqwy@%p-#I*Gq^5j?Mk^LstX@5 zuSZ>~`%nMdp`@ABDMS4&>pcVJz+`9q=sdy54)&Z<`J-l#KQ(!N5U*7#@%g>N>ij*N z9Mgd|y-CYcN@n+?uJJ0fMo(!$liT%NOwE>xn@|3sWttzAQfa?x%)w{#8~X6+YkNm! zAG2$qm7~-{Ue4@RwKZ0L=m*s@PAVtWo6TnJ0-J>88pz&n6=$V44=u#9;VNHM6+W+g zh5rPXyzuZr3RKCKG{Ob3>t)3+P{rRVkV8A{SJ)my=UblSbf^-`N;`P7=_NZ~NJwr) z%|%uxBX(w^$i4CJp({wt=mdr!!nPe61nY;QK57+Ns8Mz|G21KEqCLsMSFlI z^2`E^1%Ug=JU)U@4Tt-dvugi+TL;Wmx@|X1i>O}hz3~pijmausgX(^NwUB^rfWLgw zcDUfq^upcIC`NF$bw#{V<=ZZT)*J6bgRIM2rIkc)Ms_&(}deZpV{2K_E7PaYl~J%Z0oPUJC> zy(l5vm%7RaKAQk(6F}W7R(5__6?fFO4qDYlaH0Z z>dA{4Os%m0({TyztHa>qv~d3Uipz4r8ORF3P{nfK9XK*V3oAEr1Z<8`E#T$&iTn;g@YoiJnvxmhciL6Ic}ll7A~vk zHnC2c%FITpn>z%TiyuhR3)^${!zjgbkk4U-MRUb~!ZeP|x8=r2`VvZ%if@!&S6B@7 z-X;6!6UcCu?xSb}MlvAcM_KR?OUNQmOf@wV@|k-P#>w7y=PH@Xur)fuN@8Duhk=`!Et0So zy&F!p0pZG_wQZwj%8ciZoAvd#t5LX zcngxgL9`y8Fftiut6%k5X=`qm6%+a94J2t&dlph5A_Q)r`Ke!b}hWC|uqag1wi~J_mw*GlY zc8?#pT7iZf|Cz+F?g_a*XTVq6XqzPvMD7 z(zd<)(YD;I7BF|K*Wuy1skO@4qwHEh8!<1#-3Np@IpQ8h`DEkLgXqL~>}3$DQDh?-74ed9DpGdA zOHig%M&435O6wNsM~ZX}ur`__;#~NW%|B66)8NgWIOFTgsmUKC`P19LcGJSXddN4m@g2M{OO{532OFq}n=M*lNF(20awfxR=2X&M zr=8z2UKOxNl7n9!ur&RXIG}v0gm1wE_+Qud1kYN$Xt!iJ#H8x?_?4-Rra$^D9ZFOE zWzG&?E-NI70Dbn} zsp6+F(aBDwgI&F{V#ayve6_!gzq>|OtNj4#dO`N_ugRQGEtsN%-Llt`nkZ@%ELRdL zERONzx(dp)z1E->D1F^xYpmAQ~8QY;2f1hgGgj$4K)HVP+^oUSSe33I{*q$ zkzsPW{b8{An&)B=wX1@qP*SR6$2i%|mB<(+AXvVP8pEi^6Y|0Eq4YLW4i(I0-}u6j zts`c5gf_c4%cjH=CVYsIRUe376s00dd%{Bu>kT3gy&f)GjV_QZb6u7tOL6$qn-Cw~ zN-G99f`Jqf6Dd>Iu5g>53Z($*SpN{qRX04u`&E_-PZwP-;U5CRZ*_q&G%h5%0f5#Q zU@DSEP;0{;y=GN}m+2F*_+8tRrjZs_)gwE5XYdG=k?GPN7yY%7?8M zu-7=v1q{N$?A8*fJ(i8rSrzHuIP5QRD;TmvtnA@>=7+I&P4rlPmL2m@U+;X>2GHhn zHObD7JO@E3z|kH+Ta^CbxU+G|y;W2=j?Qo3a~!lkBK5~n@Jy0YDX z;^RH?tq1!Gz8N3BlF9GG($c|ZBX&$YQ#vxP6|=v(A8JLehi|!-Kc&OGO4W~9^SU-t zY?3!fL;uGGbI=6~R!O%!MIw6+>ohIbRJ7_}V{AJBV1Y^acak}X(|4-G54mdRw-sNG z-Ugi+jhI@LBolRgVn-W1F~{_`JI7W-WCUbTndyQD@JP2>!3B=^+_W0cbMPFSn2ZcMR`U_V zC@LCD^i6+H8c^a!jPi>@4BBoe9cJ7`UF5?89%~B9d|qrUrUp?JT?X=>r{+nRtuqse zQ=uY$FHGpFC`7RQIn0Y+GRABdG0E8Ba!+K%uI0zB`!E~@%<1&@O*s$>ZU&^Cr7+3Q zBWrA;RRIwKvW%PuZLvBtpW|W~IR_;jJ?|Qcb(BC@OCBORhP$(3E{sEts9?`NKMmBr zR3OJ#u^g4Be~)n{-1k!zolJ(wek&v@`l5w><8Sdba+L-3KfOuXqA@&t3QKUYI#eou z4m*xVnese~I_!jMl!7N9X34@h7L|Rtx%2ZQNe0befOlsBr|XeWNvi^58$G#2ZR{9V z))ggd%+zSOf9Wc+XpK~^H{?itj0s&a$zVta`deZ)*MRysweK5e?6P*-jae8+^3VQs_3#Vak4z}TIn45c zNh$VO9Ta%pk>WIPk+Qh~@k@Zb&l*f4n%1oEJqfUXL*?U=HX}oa~iWtAlu9 znQ0Z_l)ZM#VKsQ;?ra-0(lA&khzC_t@+PB<_*q&|td)FZXcbbQM?9+}sU|zogvmjD zTT;fO)c@WSDxVOwr%Ozx3c@30?S?*s9OKCVnaUnW97` zM0ow{e5$3H=L+$U2a?z3oa2aWxmeXk{2Ks4OAU<3Eux;8W!5|K_Q9Ika}wH}R_73x z0WkK8j`2G=D&2!mpsn4Gz4__7QZG`IjNc(En#-P|5;o4RXWes#YXxl-A`cAomzUN9 zkdze-#9&nnXX(!}(Zc=1XqfQ7hN!Cv$9P3UEY#Zxb{7fTnj7==xK- z=pjO9esUDn=@VidT4&@7Niwxd?T6H7res@Vq%)n%tCNrx%M@7b#W~g{lBwgLivM zQC&e3E=x8YTG+T3-}nH*8m@>yFHYqs~G5ISr-7v zWcx=_L_OFKx58K#&NJ!Q9QxlUT`#y940KR1`Q{^yI_E8`A34g8g#`6OJL4-=Oc9(V z(E12DT~Tbc_l`XfU?h7J;*IMilG0x)Jlgq7`b2lV>IK2Xz(bk$E;X+^S1W=?*+v5K znq8WRznlpF*afLt+A{)t)R^WV`hxjSxb_?~i>q=vk&D=>a0Idry1!ebgGY5=5m**RN7SvQ*r?WTZEa*vpdq8YJ0)D z()n`R6%0G|t~XOjQB%z`wNqt$a_!v$ucX4D1K0fLyhGr*ClPL{DKX-iTQq})a z_^B=2GX}KjcO7X^7b_#R)pq4sLLJo#ynTQ7Vfc9?2iD`Usii>QSuS_$Mh==6|SId8x zHptI!D@&S-X`8q7t^?mxen!WksTRf;aa=BTO`RHi3Yaf1?7eefJoXi{_U(>F&D2IT z_AKl^(bb5`U5xL4vAFnaAZULn;W6Kr5ART`_B28@v-Qt8Hx($1*N=ZEfo( z>CFSH_F-tr&C}^Jj1ch5AO5eOJMPvZ81*~`i?9@B&N^JbpP}AG8lfRhi?a|f?|F}J zeKy}6GiT;J8h=TZj6pJOU0BXTCloJ+9h1-FN=)uZT03BC`#fPDPK@zIE>y23~3EDO}hnJ@KD zdG(v4x>nI?Quuq(ZXO~iB~PVQ70@0^v@SFE!2toYBRtm+wW0;Gk=yt3-yuU(RWPfz zRwrB$*B=~*yK_zLyk6ougwQ}pcqCe_m(E;fqG}2~$UKt$1u0KMq^Pk5->+yDL9huO z9nsRiX;wTp!~PJD*NYKD z%WCa4_f&ii^Fg!83{HrR6nZoqc8QPsVMd5t!eA+`w8dM65i_ZD@A{bcSK!55sW4i) z&R3q)sL-0BbI!()NaMCt$$eR0G-+p_;|ZHMzlq_dWRTbP*VR|cjp-C=yaHCmXyhN; zE$m;x%R{3C->Pdql4;yl3Y!GeAKu z91?d#Cd+g5Ba$hFCPOu&pXdEvvLE!k*T?fav=}gdZch`XyRzlYnHI!tX3cjNJlxRvEi1)U^dr4WTOxrdHp*Y#daA0&F)k#i|BbtVkbRS**N^i!kSu5XZPM`T{?b zNI}5qDQ*6La&W0cMSXS{WsW;bz<*nd3VtoRGS~Z4*=1?wvag+~7NK(9y0$M3DZhWq z_i>46rU`y?=Ln3oi@h2XrrP#;Sp_)w(g1X*+7AbgF%Evegxy zI$(QWPE*=wX%*SdkWraNKw9)glg=wbw*{~Lz8on>{>*?!4oSan z$F&!cAAF~=Jk8O}y9rxT)>)}KX3jVtnfVm#BcuKPwX;GF`sDc`cjj-aQ7V@bW4G#s zI(>8~D~#h_C`5)628?#jVfKck=rBqaWr#xs+ic+MJxFT*;SX9`O0cWBa1Q~fUls{O z@VWeui^O^jLlg0xpkBBzguO6oJvh8)?;?LjQZ_UJqQgw6%H~wTDk^}n1tG(L`ZLMH zaN7@z2+6|R|I4A>rWv#Pr^5SG!|mB_9l8Ft9$8>!p!ihg%)=N7u7ARaUfwLnkFR^y zotrmdSSNQfe>z-Fa;TY%j-63=Q#G$S{30U01gu53KE$}40&AkHgxIex9x~ZX2{~Qv z(Z$Z=deMesPW&48C3TdbE|?Jg8gpiwO4v`ch;MV2{2Uv#Fq!QjvOB^-EE4NAB9xQX z6OL($qCRj-->0uUV$G!@XF>+@cXlv`j9*0B%1wsyNbbwn?K=+|E|nvJ;CaTL`UU8) z34KUezG(k_xaMvPZ#3*Q{g~~fDt7O~4&^6;hH%1^1C#qK(P4I}LGR)5MiGHSA*2P(Iz?yW1fa#+}Yy_!S)#CT20 zDfV|Dnc+(I3JY%~U|23jQ)eb{;_SF|1JwA4*z9U(TR16NpVL&@JE2K1%oZMh+&<@+ zzHKTWjVnhg+uMB{>{bdJ4&&hX(I;?g?l(bz`tSRiaX<@N*EDHfSt35|y_4*U$1;s@&Nhh4lNV4*9-O30vXW$Lh0DNL@$W20Ids>vM zjk@-F_x<(Q=J~#pyG%rl;n1ByUw8ycD6MutczuGX>1M|!Bw|qoM8Kar%~k?_1oP3U zJ|;E0nr()Ek)TwH+->B&cxmKo1m}1aTi}6{iObz9+-R|H5l9`WzIaL?D*5~&f+apq zGhh_!6i}$iLx+hpHoIN7Tdw`ilz6VeG`Ywnc%GFSCM;+S=GjqYWQQ1WG@|tLUABd< z>!J#(lzp*)9$B}S(&`@hf~Yj9{TgMW_}5ul+>?GGCX{#LoYNm4`~$<;^hP@)`lK8j zFZKB?wEuWPl<>v+ObJoAx;&}~%_qiXosjL%S?+&dfgYtu9FwYQ?AG06%Dye;-SLgH zJi_?H^w#+aU#->~qoQ^mI_9fbJY0b@7F+91 zh*Tv8;^GHiSR(^-{8grm3hE<0G`s{6T!rz%N{7F&g^lZ3sJjz<3E3N>FW2-vM^;9} zj4(V574Bqzoih-T{352`ojKn?UG7r{oFxAnFt+VNWMaLEo~F9mYt=(1Ptt4?Tf;Ys zua+90bfzw%EJ-K6q$&nia8Wbtba?A3e>YiP{oaH!S4S0JCgQawihr%V0lk%hiIn zjlO!GL97=VX%(v8#ZctwB9D{Kgib~zCg1D0x(NYb+$j6t6O)Nj`N~ zB2j>+#|I93!Q8}&V~XXC23)#&PV;%(X=?aQm}~SUHuT$|hlylDW(w>tSJ{^0eQ#gt zFWzxjULvyNKXW4T5^M0vz%0G*O@`$13cq}bsO_jN8_M@>qY94g>^|p-%6hL_l#Q&! z`1Rj)%MVe@&M&Al-EPlXwYSF&_mtx%UF2UY17A@O^nZ53$Zzs}4o)o>hETZqmw?qp zsvC0+-sP1CT{T^X!#HVYNTB1~)QcZtJcW?aVX^xe${zepUw-VtuuO0LqAUmnwQvs` z5}H{KCNlsWtlj}W-dzRDp?S@pOO_@%+T>*R=rcv3fDF+;#KcIIhN& z3Rd?kg~y_s1`d7L&kc;kVZHVnO5p#(b%t$*#(!(nu~!&2(ssPVAdc@RFKo?4I0os= zx=K>86@8M&#C4d)Tq+g_> z%LOdoA{6;+`P0H{MvQCgDj>G>iPA%M_srFl&dMA_tX5G}GbZXa76cmL+PAdzEI1q8 z1F5)CJ?J+I^0oK(b7wSv`@TbB%MHHLKg*{w1U$Qbu@((CW7iVu8*K+=?-t6u_a;@a@U(;{#qAx(r~eDPJ{2l3s>DH~c}23{eY`&`z-;_$ zytT9!cTgB__pTMJyVQnGaula{`FN~J6@eqh-e_iG^AJC!Iq_1zA{m#GFsjTr=kU{x zotwI;WGmG7{cT#<=uqHKJXu4{H+|*)ir1<_)2;Ni^xac&DjC-F4VjN;+^wccqLd}? z!_xgwGSal48K?%9rHU~#J;XF(N(}|$5x%v*tpV?Z1$C7bFHM%~_pnq&c4d4KT}?2f zIcYpek*U)sN)Gx$NieF@U5vJeU%$kI4wRzOY`Z$?0TymoiJWkxWxd_YCP!Mj?!!fH zf?7#0Y`>8d>oBF;6oovaO-hSPNA@>0Dt^+7iP1Png-Ln9jjnobwRhoT|5eGtDe<%U z)NZt&M3?1huv>M>GA#MdaL1%hDOd}CotOp?wLorGzT>{c7nFnj)Sb79PB$e@qTjoH z;(Bt`OiH4uzziD*UvSWT^(uMtiBlP zJ4bAM+ctv^?Y$xQFNPebvE2(;BRi)Yot&9nQL-)^}CT^uL!`(p_~SVXRgqSh=;11SDohGmWd7T#*#6#_MvJfjLESDMw@n*{o44Q(Q9_yOtT z@ps5O)#t?piOuGVx-X?2o@UDasWBdreA{e%wD@hr{G!;v__c<1of|Kova> z3x8j9X4zvDF=isuG&B4bs|iPZo@Zz7H7^{w#`K-AniOf$5Heu^F&~=sYfcoK38(D$a|J)<_(+u0d zf48Z9pg=kIJVBLFCCE!QZsr?vB|iq#hkuqqj54C%O07pX2}BTfH_Y>Es}Qc`4LTH(OgJ; zu$$Yy{-NpCDrPhQA4I1NiM8U?X}9PoII}~9tMZQ+rCC1zhOd;E^0Jx2342}&#INM_ zzf7Ir5^oePbC0zkdQ6LM*@1?e{PC`|+-XaXvCo;Cr+#nav^0af)QnDu)?VZnKxyT# zH=1o)3-;niSCq&TVaPj*GPCvqxpu4l*feU=!5>6ZJlVS{Olnrx0Szhx#k&Y2IB=bC zdyq%;&GvlLWO=pxPZdL&wJgd+pxpIsI_ z#iryEokv)4j9udIg+7*jKp^I=dxlOypj|P?6BL|_XrM#yFcZGa3atx)CfQafaiU{7 z974^TN}aeYr#s{deMzzUfx6Zyx`P1CQRu8^ogUXKMU~$32%Y@b&W+|cPLf9{`@>Cfyz2S$|Cb6(X?7A zvVD5K*y(&kFVtRTqH5Q9*#mF?MW)LyLBG`LK?NclG@n8-DkaE4xNQ&i*}D}&6;xyV zxN*yr%uTJ58Jv(D1A9kGKI$Qr7l4ROg-Rzk$rJrmNdN7lOA=B%f(m0k;w`hHQ@mWC zFGTVWMr|YJoOpi`vrzS@Dx(e{yzR3c?eF%b{6e-|oOan}9skfPrVcB$N% zqe!;uZ__e0mk=8lJ{jKLb?>XOZjf^$+ z82gW%wQkLMVa{)5p+sq~BHPa0=wTk(Ha0je(gc)foOY=(ltmj9NO-uJsvf8GS}dCz z2C{$U--jxDEX|N}tOv8^iA|EF@ebOrJ*6yg73Ggm9X{7o5?fN-_xugre(Eqj=Vr@` z5tzy>#^t5o7$)6ML2r)tZ_^tY(73jUsgeB+gz0HJA5ism-lEYqz8d@) zk410zOzP#OA>5?Sa*d`#9O&Tv6Ym7_^g{hhp$yTI&8!26ZJkMGfk6V@i0yw*{;D0W zdk~Qa?}jI$`MO=r7Z$c@`i|oab~)%U@3K}gOO9g#K%mzVtxPT2r@)_~;`m2ZI%>C? zmO$Tfl|pa!84_By{v01{AZ3`apZG}w1NG1K+X;v_jduLlXsbl5B>#p2 z8wvUgL^X7A$;BgRc8>?knyjg~^-QV%{fkG1k0_+GCJ6t8NPwrQK45lqtO`v3`HZj3 z7(b4%VDlSU=fHQim5=qhUN4YLFYWL@vCeDBH{(H6DPL4uovfn=V`aEN;dc9NM@Q!I zcbyZn36kg_s#9eZ{rgHk|m_ zyxUs~BK8W${*&WX0l6(IWrNtV!@&HqZxxXdtg@J?d*UIrDd*;~l0Ca&e&R1A7 z&wB}b9~0K_d7!GzPqtXo;xC^PlPAnTWqM4a5D09i+3f8ngjqj>i)#4on^cR{1Djv{ zd!C0O0`w>@7XG`xcOg{BHhb7A&SSs8)r-M!zH0)t`mJ7CyEGZBgN$BaxvkhU<~8(= zeM-&(d;X~4sNkQE9(otd>HW!Hjqn4yjfkw+CTX@u62>gX*GU$i_~ zW^{ml2sPV?_Ca<^C&a<~eV{a#oOVf9_al}}skNX^<*hug{m$y3<<-P$c*_(;*d>`!XZM5`T14EVNT=f;q;H$-{=%q|T{=n`H z^c!isFVhnK{5lR2ApDINLx14=n7UgcUuH*N zQTP%1G97K-Hobghy!}cgjfe~eTyFl6D*Y-WuxU0{dD=my4s?BPFb6g1X}#KHF}k^LATDPLv?( zL+auKa}1}R@SqBL3vY3}L+F$c|K`;@8gZ?=^oA%KdbcchURQXOkO^C>iz3BClE52w zS=lk`o!1^L)46u_ZYFX0EdqISM$G~?I_%w$5pl91^i~T|=2`^bG##NFX+M=V*__1L zdhHf*AjSCwo}BO{Qj(%SX7-P?=%Q!WnIZObFlApnf=i8W+%FKzp2J0`grF{aickVo zz9HeUj#ucrl;Pg51{%AZyrc>RP38C5(cJC4`WKoYMXKR%9zK$D`;WddxPxpp2lZF> z+^~C%sXBOqeXr_Isu3H`VS4;Y2Mvae!ROasT9BU*o9t7;1sEa6?MuE!(Tw{g?^p%A zAyG#APYdgNA!if|l4&@A-6PyP(-Pa7$<%O(=~7hDrAL|kc#}>Vgr_}b_uGz?q?%EZ zlr%7L&r&6;1g9NSMI#pZTUa|iX6Yox-792PzD!ekhT>jcjqU;-D4q@-{DC%BpGV8q zK2C`LE)y65-G5J7t}4Pss*qupTa-ggXz1<}Eh(859Cqc}koWTb-;hgKix?ALLfm|r z8&-!01_+VE6nPw^-7YM24it43P}4zAP~wIT?)VX4hf~wFF3#GYv%aLoxM_k4%NwyO zQ^&w)VavZT2BqIIXk{xN{zX3~w7S4gOUcwQ+2CemCFVD+b~Cizg6?UF!vK(wrm40y z4W<;?#!!(Evf#=0Bx8I{oho-AJZlOp+-NUXV3TBTgwFA977cDbG( zmLfwkussj|BS>YRo&g2guyk-LGl-Deh&<=3$G{hp$3Oe(Frka^Yxh65@Xh|TYLavL zYoBSj9QZjIxQC0lOFjvqUvd2*k>I{>3i}NKtld1(aKTpIg~14=SOJER-fQS4X2ncd z5p%KC1PuNDs|ga(XQ7u0EN1M~Pifa75pciT)UA#QIa}sSs2a#J>wC%Upxf;QCHD zn^t8Q7ijYt%AHarSDIysee@Xx{?h$0b|=cCouv`H{-Dy0F>WBsW$>R8oQb=H#a*Yw zOqJ93Vkctze2{hr&m*PKA4@3;4_(fR;Znqie~z%_{UNUw5ks51SJS{&{nmSsTRyF) z#1x}rmKzvEhRgrI1V2Op5g{Ct_Texb2060ACo9MbvL=fLXn+A1GR9xo@PR(yD0d3& z6WoI)hNRkjclFoRkAV2k@3e$%Oq&R+Btb&3r%D{cnEl+A~Le9g^0H1j?>%dSL= z@F$k-#*hiIoe8$@@K*ryI*xv17)=TZQoy6%Jp24*=KU#eP46w!G#`Gs0 zDH|!yZilBP!%{iyXe`I0QFppPSu8RLsCxwbD}{1SBzf>y9pU}ml{zD}*dStY3|OpF zQc4A1S(UA6D&S3~wg3Ex!}CCJ3;1QLCV3op{K2RvHU~LgSnCOcBpHTX3!@Gt_^#lP>@lTnjz%qB1OsV zH(?;JCnp2s;k`j#3GQQ+`y4TlORsZZ+c2=7dF_GmjGaOj38Bz(mqR{C}R1 zm*3Aa5Wa#jJFJF>s=|stPv%kolWK$t_hV_RYmVa7VFbzN;I~oPB^xHP)9{VB#sbFp zFZd9jNiRvboeQ^6s?qBw`)G#)9lraY-&d^06t6zJbDb58G51zo{4xq;y&#ZB`$TSe zh(C0I$>o=gjsDSH@d<~zx*H0EE~N2iE~cU1$PkF8-KH5Jj$INobE5qAnoOymW#&_a z-CkLi-@-q_;_bVPv5Yl_7f#LhzlejtW`--ml~mDw{a;`R#D@I`g+>l7yhWQu68{Vh z6Vm9Jgq;q?!EcBjQI@fH6lqEm)J`MuRm@LN!?Z>&`%_YWiRo-fD=GCi)=WFByO*-B z;Ogy#sC-bQns^D+;*Uu9r6|4UGPwN$wKr$rI_kfD;qhcf|LTOq)Fjj8Z*>|L;8k6x zgdy_#WyAAz(~RAJ?5M*~aVL|YHL=4x{^|MRPT+Uj;pC6!gR+_wM&H|s<8sgiWDut& zzW~}yu)FXpnm*PM&VONW01M~mz%n*8ImS`JF;!&hRI9mH_^Y;xxAbgVz4`@f z2Q1@OW6Qm+mYx`mR$oW{9<`fJ@0~p5Z0QN)el}sr{t>O~jMyU@zG{Y`K7f}aFvCCU z5>Dz^8~(>c>^5Q83>u-&EPdgk6aiB08 ztBQKBk26rFoQPc8Wv5Ys^$ySx(~@B*7HKJbnLhidE?UJJ(i47%ZKBb%dz7W7BP=z0 z%*vz2T`-h^ejsPLHSgK3{y8p9f}9br5VOM}%GrHFvpP*jDO}qz+4I+i=2nf^58(vh z9vlQBa*g~OncBM~uJ)dOt05An_l`HlUSvc4cR2uL^Mo{L^V&T+qc6I6g+@eIL8a)j zfc%)T?=U3=^AK! z!w5lNNs~0K21Qd2C)jIy8h8Ptyd@+)Y3ghKj$O{k4u=H2mL_=cmFNMQM+tWJ zTT75I(sz32xQjfN??ESiP<;(A4Y+vgluBxdWPNbbwQ~xZAk-1Rj%#N`k^e(-05E6! z20)Joyljll>z(@Vcq>CAebw8?GA~og58H-ucV?~_+5?W&$PxNzO_VgLpRbFjG!Qpt z+T4}i4UsZ#yPWjD#lH_<46ArQ!6y%72PE-)=uLiH->5PP zHvADrj~jsgZ}Jc5f&h5hroAr?K0&BA#)J}3;B2@WG_!3PQRL|g!yvuz$misROsLUg z88^c6Sq5^d_kN5}|5zIfXU0D2EZQp&eG0=X>n!++Ny47^K#_q}CSCV}e?_zG>WliS z!MgI%=kSEWGo#G7Uaa{|0UH1B_siwF)L0J7W(MG|v6CO=XI+delakvbpBM?h^+;bQ zuaMh&8zB}zgF0B6bg7f_yfJAHU`#qq8@Lm3WtD`1)0ll@hGfY8f%^YE1Q3w)nAA2f zb`B=?po$=vOTrn|a;{Jg-9WOwR3(lRLVjTN9VCQEDV5Ikd2ETmMx4%WF?lCWX-k zDrOzRZ}6Wxp?-$$S)15gH?XuC4}wnUl@ZP-MyXpIhv-Q!ja}2r_tt%2)^BOzuNW-P zpPTrFBs13c3vhxg=07-=Q!tRLF@C5&Ok9L&oXgj}MUL(VI97iI=@3K~8bKMLRUJTj z=_1$8e9kGwZ2(SXMXT)ZetpujE90mgQhDFIP$>gr)#;k8b>IK1%=kx~F(C{pEZNm#Axzt=;9>E%!lZA3iRF|) zA>h(5V(o&7Nj~I}Rw`vlzXG23#0{Osw{XT}kHmn8>=Bn~gTsCS2#5#^@ZY~q!go8k ziBRQ(1pp?}$XpW+hE_fB3khYVLv7&OE%Dl&K<&ys8+rpK>*&$Ns_svRPPbqU%-h7N z(|3R7g-u#lG>W9J0*YFn2Af0W%=u}HVE0s6{h5a>5iG(x%)dH5;m zg(fi0=IpQj`iNbg1W-y#M&1KfK>r6B{^usVq!w{i^2D=mC&9+}QfWk} z+~A0$fOF|Kd?RK<)A#Y3ncuV;N(b`}mhq~vrOTk(@W0pb&j&@&BK8(es1<(OyT?l? zb3O%EUL=F}QZqsx3A#hAEfDO{q|yxtwXSijw&I$Os6za!{`$ZB)l@OAI=zxaLU+b) zGle<6$DR|0a1%2{`c?*FVNKs$ zNM;_N9l)3GLh@7lX!#*nxn-!lt6*{zB@38Li6#tdU6~iQ?^QM${KR4%-Te%clhuni zF`jU?9dMF2^ejS!^H{JfKW7aZ8WWM{1n|4;qf;#dC4G2!kNhjMj)#I;0J4t#`Qio{|a5-EzO z^tDW!Cok^Y=A-UZV=vq#^v|KAz>ox^hQV`=FWdq2t871rVT+>VN9~fl=6A{PBd>BB z&q7t8aMc`%H=6F~+?VR>WyO>l3e9l(RKn{kI{cVO);teg7DngBDQoiFevjayK-8Cgs{j9*;m>D{*>_I!&{MdZ#f6-DH)3{?vvEGvy(b6aSYVw@>( z$zehT+C(FEv5?Rsywm)PNd0p^g|3yh#;6;169R4C_>eN6Yq{UvUzpS1fJ~1?jQ$d< zr3WMDjL_DfsVQIPZc&OT8(U|QkrNrdRN=S%flwJDwxj~Fv7S+q#-%!QniEOv-9Q~d z&jB(swoLZ{lLWTLJGS}Tk%dS;c|P$}D+OGgR$aG)rDMT7J%)YY3O5Gpo%vxjFrk zHra&ov=oDxkg~A2jw0=2ZLci9cNZ+5#?F5?#-~gkajj9o@ug**nc`QS)y6Gr{he9T zY#L_};X?PLs42-j?X)~W)}NW4CxaFVGi1~RF%VSoy9`q=QH}93lyn#!a`Ls2orzMI z(*}LAU!g`FC`x|2>|Pf@##>~I$IemYWNE@oQg)XnNY+=Z+bZ8PEp6~R{ef{X(D?q4 zK+$PvV|8BR{5vReqLRdO~}qh~6+sKb6qQm$?Zgd|m= zQQ*D(6aYxqLM}oNZEa;}>t|Po!%06gAT`Xe5dGim{GaG!4d$z{xcqnZN~Pfvqsu36L1`}Cr*Alu z3rXiW!1)z)-=i`U?x|_;3y}GMsr@+9h>&C`-LN_OMicq{6xT`+4z&W|6FB}yUcfIE zhtgRUY;29s+`o&pycoVI&(G}tscqfCPYGLQFFAb^vpoS;XnlJrk^vruNM^Id4W|1X z5`E9kr&~r}6e8gxL~0lWO!&3G#J7~j2PLUuAPN5-69LD_>Aq)M3&>_&3#**UNECy{ zmr->lPUgFKv?2blsniv3h%h75blP*%);^OelMy%#wm7$^(zNLX;yo5tCjup*bmcbM zU*rSD%}Z0-2+)2NEewfU8`iY|%lbmId18#g{&AIwaZdtrFkowFj5ldyuV7a-bGkQC zmE)o!jESeK{Ce@Nc;LMZH(1Tqp)<7h)!P+fYZ$8U0E*}%F|GvHfT=y|6Hd^UJ>q{@ zmVa*jm1Vdn8GVWBpp-v)iglO8_9w}du5i+2>$Wgr2j0wfi1>okI8ob|R68 z#_RMw)aj+Bt;2phXab=ujX|K=yk?JsVC!a%P6JVjs*%7E&$OuiYV7PS%t{7t*7;4Qrz-NY|7LmUi2A~!9cBy1&O!7>wzG*5ozEP{B(*RrS&^%45 z^{rx3mPn*rmt-FHuGsPriqO06#}K}gw3Q#LgY1xR%X?p1VP$+;N=kyT);oqQ_FxEZ zc{oZ8l>QPe*3Mme=Er)2a?mLmz*tX&TitJ?QEWReQp2#4t1zLipuX5Q+h_J{;Ql{z z610sjHn+U8tS6-wF*UR_1I(Zx`P;tQaO;U9bV5iKoaAD3?M_=PV^?21mmXSXXPL%L z|A%8kZ$MeG0MKEGfSb_G0Z9&HSU#~NtB zN?EvXpWZT%p9t5K&TIyG=u%jr(LR7Nfi%Ujj?w7;QwRI}JQnYyfLpF`q{$hG*X$i~ zvvZl~f!>s69-c~awkjNvjZEM3Rk0umMGBY}`U5MaK@R+0s|8Vcj5kc{aJm*kqkkCA<%{1OBwCeD60Qdq4x_uN^ol= z2t#{uIxT6;;0{S4b75ev^Js}Ks=8j*XO}R?_H0bFA=$$pq5FxlLT5nONiuC2LqQ8! zdW2S0C3sTe0ya=jDePODw@S4>-9OEvK1@&3$gbFA0-E z!OYNMcD0C>7NEW;{UGbTK;;4251oZc^D?giR55RQ0Iyp+&yGtqCd}sf5NT#DwTbq< zoCMNud%H8>N2-KFm^gXoZVQWE)>Lr+8(9l;#U>eejI6$umW)Udy;|z^nv%xl>oU7| z180I6T(_BXUmODXnlhVPU#r-P2S|W8@WW=eI2a{GM>Dp}NYPT(*=g4nAv*0jszZf| z-Pr3Np66S+1$SQP*_Tw+*Kah5IrccODTFQWycRL8;K=X}PQ#E&UJ&!q<4zj9F0pE(M^nUv@Se$%DmZN9<3Z>6XMhxk+ z@%a_O_v767O(gzCr!5!=x!2jU+w5m!P>XF(%EGTi9w22$sb(O58J}36po`_PJQVY7 z)|iUIiKb>#(#H;QVdd?xcyTjq2D30XD9$YF%nb7|H-xmo(&p5381xMz_z-nAQP}#l z_fAvK>cziyUld3zvX~Ux`a}{5cmEyfa1)NZZUCv|1z)YL>%;$Na%{)<96s8p>3MC1 zKO2m$MVvxd6SUEsEXQ8A`h1Ti@pwXXZS42oJ)zhIBr7AB`0*g{6*|E<2}(1fH=u5p zmAeg$9tbSqB?0?9252|P&0kVa1GCrwGq6{zh14+ErD3H3l=`Y-Lr*?89;%1o-R=}nTewox<@_- zPFsh#3>Z^Un@!MVmyB7bHNf>m)e_GfIu?;3NDsP*|eHqvzt;l8CqVn_5LyGc{%p!T-%7*hfqCn%i2} z@Fd|Q=%25(+}#s(93A%tSY7gpP51ZOIBtTaVM4~$4(nIkjh&HaJ}atBtOEIAJ(TVP zsd0_f#^7zzeBSl8CnO?hRB2SVEG;c{e|9hgmg<$iiHRoju^5_|qSuRf$LVk|dfEI(pw$B=KM z)Er!_;B;A_o~JIsxp#um(ANN6=CC*frNLoiAeHY`LAbbSvo%+-R5%+|1Tpd3;96fs zp$VNAdOQ3qoEXx;KQ|bTMu#&*RvJBunuVFeyIsVt0L<+fU!Oq8$}hwa?E4N64?kJE zG+@1(Kgfd|;5|Gw*X{u;kF(^me)(^}Oc^|9!wx!sYKTtn?B%5hyr>N8*>`v)&HA$7 zS(Z^S66M`4oAYKQoy0qIkzvbONt2p_^ZbRtJ9+SJ*M1fODe~1Ng5x3MOpw9WS--gt5~ic8Au4lT>}hJY)-K2 zz8^_1!%}d3qyB*9YjZZjaAK^+IbUgmE*k61qEn;a$JUtr#v5_=^I%~Jbu;YyRZG*T zt`7HZksAPfWX?3C$CY}zOPEg5;6@0119Dx zm0|Z|CBKKZn}Z8}f&3>~+C~lGp*uksdczfLz0C3~@-A%Slm#KB zf}b922O9~lorET+#ksj0QhdOi8KJaK1>p=LZZ6aPr=HwHck}ER;-UkDd?xLft2px6 z-VJzz)L6-7_=LwHs^`Kg8%171g<$1U%adup!3v8VP}&HT81kHyNgG5404W6R*Oo2= z{kyNbvsKUl?%1Xy+Sl z@lhcfY<#?p>uSUFu@X3T6X&2Qc8|9pkuJfXup;4GcNyrFY<5s%BT#i6E=~4F(n(H!}-dbIk|v@C-0v0C~(>bi|)_hHPN!P-_OO1bD~8--MUN; ze_|;P#~GAm3H!*z!8PRm9M$uMPF{hlB9^qJUjF6{B_6=SxQ2xrArV?j&$Ol(H>w#` z$HA%o-UTuLU0QxG)Qy5sv`e&PKkDC&1i-2N^UHAz{jlOyBDoe6OR|r78Ao3ggy()0~d1U09M@8gSn*y9J?Xu=Z zd9DTl2#3C_!kUV^ZgrmJKF5c#hhxj*=;R=<%9qJGQkr(XdJnRq!uA}97HsygXE<1E z_*vi{t*p$5zj1xEBNKOIYpbKjvjJdvu3v3h0p(XAfXq4-u0JBT>*%g^1#{HE+OGBj)eleUzATr^8}igfYATyX78s$4~s) zkg=^rpbAye#oP*D_6Ic^ZF2HazQwBQ-|WZGY==9ZclsQS40Kow0A6LoFp-@HA&?-t zodB&5L5C!U^+7yX<5%kqb~nU7Nw{4WhN^UY5A@Zv|G_f)DGQB6i<132W*{T7i1`K8 znQ9Pd{LIU1oUx2q_#Jc+s{<9iw$V~_v;Thfa`M!lnO~SC{ymb2ZWAtUy!b?+&*GpP zw-6Ls@|5+N`$>#X!(oMVsNPB(KEBW>;!GDHGLMF7M#PqT#-IS3HWDb(Y)3vQa<;_)oxoz&-Ky0B|7^!3GEvIYs8d z+u2xA6>1EpS*(1JEN{*QU6?u59hJAAUBIL%y3t=I9;N4#ryN{ao_how2-~F;Ek2ac zK*hS#&SudyQ>;F6va@1z065zlAYEvA+Cvf55+l)fhF{y7kjBA>eBrrwwnj^CV2FOa zPD>&UafUh%NOz985mWJOYyF=@0u8dUM^N!=f}~8NCN z!5r*PFp$mQc@Ypk`IV@|L(Qov;~z*^*I(B?Wd>n0Nj(Uv%s*_i zeMjK%CZaFf%ZDK2TK%zJ%rFI>c{=$z9auKeJrju|gFqrf*BJ1W{4*8**#x z%3zsMe_`?;Os{!=KLTyfhqs~!V^ya8WU7x2b805S%c#HpGz0X4WccZS+HL@tkCSJV z&G>q9ku`eI4Ng{TBpo9|y>{IN^*^T|1cV+aWQ>ZhK*Zt%UtJgCaZwGC-#`#qx+5AT zhG5suGO(0hzBM4usj~Taj9BfY7N6A~0o)))Mg8GoMPdFYC)np66URx8r>BA+8eg~% zlH1oWpGKC|tHoefjBf`JpoH-=LOU5CW|v3#7Z>?Ott?z8c`4#6B2C&*Oc~vFS@e~s zT%-}&gg}e)W{R`(EZ))xII+rPcPobpy?}}zUy&{OYN*A!kUr{NO1Z0GIu#k5x>SLe z$5UL9LXr$qkHeMXkvunok<-V_^-6*iorx-O5aYBkELKAwNU#CEFXCghrrh@Ysat{7 z6*(#BtpbQ}P?4{#N$>a21e%(!<2xa@wW|VJj3kc_2~6v_zUYfC8UT{+@nzc2s36i~ zT!aHScJq%N1n&r%f&SZ{{n$GR?ELRq)T&Ib){gvR6}%OZ$x!IM?gQ%cO<7aqgct-C z7TO*{2LD3RA#^3UrgLNd=p$k0PnM;)5JI}1M|3O;p+_FKr18wd0EnT_=9Y6h@B%|g z&->L=%q({n@}3f)JKaWgDa_YBnZRn#a56v#c}y$4*U#1i;~wM$2Ic%?RS+v{reS{~ z&mVW&TSTbP7vW6-$;}`aAl%zTz7If!9C^~bEOp^cpWBQ(w%PqahP9#mp#q0XYz-qQE0z~o-ZP_E zt7udN3!|^cGSA2pSa71%&{&W*&u5TvvA6KjF&UzBy&`tI(|WL7ALNk^ibtbNr^w8C z=Vv3NnS(o&2dacv2UOsD_3Y!5{QZ>dJbBrzd0r_uIghWNSb1$;n)51<-t9Qg1EZ^P ztqmO6fxui&)Y2_O4E@Y6jz!8{@fgxd*W5NC@U_$K@F&fH-90zeT@2^Pi4@%{=tWeD z6L2~kyWl^^{mZP`NP$u^^|6J#e)_xq8pXE;NvqlDr4~~*S_Yj7&K5k)$sWUM zfIwKUyH1NeaQlT!5pR2t>>{+0ljkNnKZ>2i@n^apJ9{AigoqIK*B9L6x-EeGqoJn4 zT176Hv!8^f_ykXbKVh*0$gxeQ!FSB0;b%ZkRf@ZHadgGF{=Tb>#9!tX{X`JEar0(m z3Mw-@$jNBq%Zqhb3sjhV72MvM9InSYdH0TF**7K4f1Hu2pZJq}R%_zR6KS>*X8#Hp zSoeOl`BWWkr-gyf2ZbdjSL#jf=PDr5S6MEFmqkZRyc!)l$zphE&K0&;E8_WjCbCNm zMZ-kx#5)`El{0K|-Ch4!K~lky>O@4czTi{-$*+I~X=r0~U)e%{>o)}VYv9iudH$YS z&urVnNNsGXIX?s| zG4;0&okH`q-S%qKuKW4x3yf58mzh7*sspvyWCl0Id~y{=ol9)66}5Dt7t{AEF;04= zT#+L5m>gUXYNX0dZhi*k;MARiS!atk-b2^6BLzBYP5+drI~ zRE%w>)Rhv`Gw*WKyKG?qdsDr1RYc*!q}3s6u3OKah}{_zv_YcuzLiu)L$ z+8~hpoGG#J>tI1<=h@%>(Ue4g@%v5$p{$qHax0b6VgS}>oU{Hk zUO5s%5XdNTww}jxbKa#Jp|KQ5Ea#k((AlB7JFh9oR=jm!+pn;)6k7{l4t_qME zDO(ONLy3|%U~v`3&$e4x<|{`O=m0oUK>C6>yH7IJ4mJpw-wjWfD&Dxt{;@BQb8Izh zf|_srIk~wI+=~BQy|vv32!wC(050X7o5|61e~{G4?uv*cGn)JwMfw>#v!*+Ubnh|f!3Q$=M1h*2=J zlswbpo@REO%O3-pX(tC@MmN*kN@F;c^s4JTxvq&DJK&OH_ryG6H7Y z`sjc7Ig`JwPV^5ZeqT2|>S!_v!@HJ^osH*_2hpoY@MQn!H4a-v#TjH30r$*J+325M z0Bl$jo|%`SVa1=JeSTt+D@P;lW_WH%bmOI(PY;W9^X{J^8F(3IGyKWzC1ID|w(h=r zjFXW8N_V2>$mPXmj`5wJ+zqZ59kK0HOaT8q@avA-PpXf=-%@Xa7azKfqU(xb(G$l6c zx&Yf7Avb;onxibj>1M!aj_>L)S5uy;mGIEy$HUsGPCEnm@V@O?_BbAVUd{2frY_5K z>_lbBg0t_{LlascFoEAfS1sEu0|0NWv}-E;>pyDY$I+U4QOMiJ){^kBg5=hQChNa5 zsVxN!wx1t;veFGcg^bPjJ#ExDXf#}RnjcwOeA&gzT<2iz*}0nkMDp5PZ{+OMKY2L2 z91QefefSj6mD0k`P`cDc?=P1P&;b8sKCLD!E?Zz42-~$(c4dqYitcF0y4zvryNB*8tn6}60tC^DR`*fsZg$u6dSsT z2|DM8HiekRfDx@$aWxJX|FL{kNAPbE67pO3?^5vM{hK#|BE~ZTj$9~k;7wmhJDSPq zqb0YX_mFt}bPO(Qg~paC%S5OAeQel^%pF#lzG}@3;JB#I4WF!ID6m=EBRGj_$&Ccb z%gIjwiPCD#t#aL!Qq6U%`C}&Tg%GXpdBDmU`DWR zoOKjaL(Don@Q*rg`yIdtPKw?fem~|VOtskoUxe|I4d|DuyG#$ZMZGJP-@p(N<^5MS zL(=F{nyrKK-?xVN)R@MPmzvy=eK#Ax&pC{XssYs_>2afb6=zi39@Y21N=(fBCb|(b z+)&mR?naj?v{lU*+L}@+L4Z&8s3q~{hPKR$*FLKy42>|$OBrDZw)}n(s2KC_juZCk zi5xBe!xd>_jBcbb@8^4fqr>RmL(J!uek23>Z^{Fd`}fUnaUa=9b9C*HNK${>Y_~eO zcFE9%{9rRnX)*C}yBo)a;Kimo4o^?fIiV9OGp8EhveO?7eU-ETqhH_2Ehz|4Z1%J8 z%uaE!@-&eo8`z}#MMO`yhP*IyHB@`OC``2tt!dY3ev2|OR&GqcvI!tIRs3f?->^*ch$)aw~X zoi$^jPM|XIW#Wv|3-i^EpSJlueon3OwT~Q8|~)UE3E|Z9?!uq z7)2>l^|#MpGy~dE=*Ynm@RGp6N!f5U5pFHeT@6^u{`qq+VV!z4T;FN*H1_{1g0)DmQpV< zJ285yWzi^%WKi70uEzufSxR;HFf$JmI@pm}#bHzHd@f6qO504|FOr)t_HhB7UUH-) z`c4T@=0i)}11NGB;4_K#W5qa46E;f}FmVf0XB)LATVm zW%_T081Ncfe>&6N8=T}XsIU@+iR~qZ={WKFo^v6rTy zL^kybyl^?-0l)!@hATg;-;=XKBxK^7c^5ds?dq#t)+xMZcB%B!v1g1;-m0AIBKG(r917aLE#11RJRg2n>OOk>73X?+C;5Q|36)|2sl`M9}e|rMw4+ zwx#howa?L2?urT_3UVMY>)XAu#tXn@L$m0e)n#umvsggZ1XDCCS8ha=93wsuj~Pd!5bFIjLdfSgih}Evb4Gm_Ny*&?NZy?Gb@&t z;F<%%Cw+Ec{mamaY}ZOe>s=<4TOW0poqj`OmbcicxAmzTIc|LxH#bYB!hBwRbu!AMV9S>uO>Q{jwk9u~hYx<2 z+2=k@$7{~_r#{DX72FS4cK# z#O;{Gg`Ph7lv)qRYOj@PG{rsnba>vq^BenG=G9pDFS5zvf6<+Gx$++5DiBZ&ySl#2 z(fa1|P0cg#)k4zZf+*g*KDb>l44nGkMsLlJ)G*0|9L@+luaTAb`M3&a)L$;<-`vR4 ztc_dW1gu zw7I;%;no-&8vDBA#2Hm`6phC%w^hVv3in_4jtnU(%80Y$sV#E^!5oc*uHoSHzZ*Lq zVvP_bnZEwp*b@v#04NBn``Y7wIYf$B?_Cjzq(GydbtQvNA20RZ)>?oo`)ZE(YEH7; zZ$FP>RAb`mdluT!Rj-|7hF#1q{?T#!oY;n~|3=F4WoQ0V3+B$;Iem$K)aRgM;g1v{ z+)^w`vm~VI*{UB7PDDGY2hcu6 z5mz~N7k9TM50XrsF<#G$M*3$O$Bd{V1mUIGdvjw7%zFXXrGjLb^?LVX2ydf+|A~$n9|-o+wf<3 znVjsw5B&odp%oh{JRd69^}X?ZHMpzMYXpSIRppf{T#Qcvi4z>!xU&SoMAx%d)^wwg zwDz)w(w4RdTen$XKD5QjZ+AzTxuGXcsW*-`-(6?p{CJ&P%_JH7gUymynNqtzn}tJ5 zSb7K9gY3TIDKTRiJ|L_^mn1LApj*V_R;W7^IlltlR4i!Uy&S7DPsMhNk5u&Hg~X ziEAdZ6SU!@yFI`v7~h2xv8Tb zs4%70{Jj~YnE?L-n@^@VMQplG<3$5bqFLr1V`Z)h;cpUFLpNj0t^L0)i_6lrgZI55 zC%oyRsNm{Bk>I|*04rfHp`k9OnN0=9ROcRIs7!R2v?R|CbAdL1))c>5f;u2#340#XR z2ID6ti*E)Eu0hYDN~bNfOyF3ev)o3R$X}h$q1ZQ(u9ol0ZT@r8AOCt2-bJrNuD8E3 zvARpKyth`I>ONWXOkp5fR5Hg~wDGa`ruxednE(3}WRa;nJg1P4BlgSv9xj>Xb-W)4 zD~t@D0(Xmb1rXrwE7FvCk+xwN?Ed>ZJYDMA`HRfdUPWlb>XYp^B1Y%%d)!_A0WCde zw|W-rKot~q(0*GeTfqtju%Y}v58Gc#5zWO{716|KXMIW$fR#fgWkQ8>fM0ui_OeXh z!c_?g?w;}C4yK{=ul2ydXm4N{+GMVNmc0?|*o+gy%e3Usau>FrwAYopB@}93Fv55y zzk|K6a=ULB%sBZ)G$M0QLTKG#I}4W*L)Q{Z=n?SuHU9O) zl~r!^f3AyxLV3jLBAVZG6&!$?4L*A8Ka>6N24~Wdum1d5wF8M>)p`{X1;>&3W~0-< z&fM#I*dzn*S(qxET;WWFV_R=SFWDdqZOlH;Gy8Veh8mg|XqQiMdgFI)r(YIb^`cFs zX}fHV&oEFI`Nqikz+FjGA0fSaWveX5pms zVPYZd^UW_}=C6BnT>dKa%->SfgrfRSBm1*Ew;&snQ4x$G(LZNj76X;G2EtSP8JtU% z?_~zdd)p?td1O!qjH)=cFGkF?Jcvnm3A8+pGYtTL>aP1mdsl988lggOCE;|>$pw2r z$KsT>j`>WzYIG=t^icci@0et5*3v(JUkHiEc&fO+q@Ej!MhM6X5Ujj`d)C#W!(c44 z4x&mh<9cZZed(b%{=(pFjhQBdbQf*IRi@xGxwNf-%Kg<5Y?@3~|IJ0Lnyadb-Fhg2 zqY`0##Kb|^GKOEjQsa`0M?Nti4~%XW@B^Q}|vn_1(1FvA&2XJ4t z$4PxU070B|P!R6pS+B3~CEQr4IQAaS5MJW1lv2drJj^+y0b@@D7srl*1l)!!8!7Pq zPh+AqVE%Q}z-8xQVtkuf!1yCzcxyT)xq-iUS%xz6G*xJo8}0ACuooye@#m>jC*#zN z??LqxaMXnQN}X_lx9RTPYipI(5%~1JtBtz%M9fTaJJ*53UKh{R626#XcTpi)TxEcW z+12H(+d3H^#y5LZ6z{#<%v5|#9P>(RZQbya^DXTea!vZ?xLJKYwC`|gSH8{iDYa{D z<%N<@db|4Mm2^ck{Io~5=9gQ|3m!PY_xNC@27>?SGa=w ztYyk_Yl9M0r_U<&@BMwBBe3nn$T)l+k^cD?Keb*%*HW&|8X2+|q|N} zwHGIn^k(xdRC`Z%A$bcaMYAfmSp|9d4vrRY!TQf%LmL(5Age_X!?@RDgE`N#gLJ_K z30&~`4KE?^)Yy@-3}GtDKg^7&;*=B@S20ufvEuhI(%z+LjxF+ou)<_Zp*}x*L6%GN z{GPpqUm2}-2~VR3TzKZ-_kvr0fgq1xbq{tkDS9?@BXbkHavbajQUD=bs2L16u4j|I z1{Hw|AgEo~n^1RLb@p8wGt?18l9vT}Zr zw}AHfZsI{AA)8j0lA3y1=XEe|T|)h%oNGj#Td;Zjcvx!Hv|+ER;YCnRQ<@RP{iGqi!4 z_rlt&6yKY~a$?mRw_wxFzrKb(w_i7g_899tc+qACvl-PaRGO6J!|g;kZwa&5yEsTifYWqB&kkQ3T|L3sYO#D>odCCqL#^&r%L@ zLg8Gra#+jOCvqpSO+?a7S9*ATiH$5-3KoCtWdu!czaE zB*@x%sge#yjj3H-bH4M2db#?dD(P5Ji=UukrsYxXy#1pFp+mIz#MAs%=RjkFhy615 zMVWpz)KrFP40-?gu5*=^wIO{YAM`f8+2L;bLq$~k&u5K4Nyyq$$h#{=iU6POzY}Jc z98*>CQQL{YEWMwbdns+mbq1z`9%dRoWAG98MuQCrPmj7Ik9IczFI0u$3IW# zH1C4*ff0v@fM|XLlW94AQ=FlFeYCe0!@Ppnazmx%2b$^4V0!V+*uG?AR7A<=-iy#F zYwN=TT=sYRMO;Gy&fZ970$mw_9-Xj{Do)gi;?lO+l&Fhm#^<@Xd9_P%kz$3-TmtYOI576Jo{6U$nE(a8!zOO?|$b zy6Z*@iggrOuJzcFdF;h~g1a2!LOLvqbDSf%$wjuT^%pX zs(qYvgBmpdzPhV0uOo2*u+kiYBVBicJYYYIyp6?-YT^c?|>_+)q|nPIG9DXO}-FVou#|^%)0B3Z*b3evpm{2@$dK@GY}*Y~m((?0;a4 ztM&1=TbDLuiV9*0z5F;KWpUydE0w~Kn4u7syy-@&i~l9&IXg&>Mqg~{Eld5%GUq>5 zXS=Et5pYm!Q&X9dy-N^wt}U(`1WE8N@!uy(NkoUw8K?E0=o+Rg1sxd}xbGH|{^BOn z`XGNM^(#4Wa-S+=>8(c9nC1rzC;|m$2XpkHDp|6QI?Hv)Cr32vBYX(>FgragfDDCm ziI)d}`?4n&3U`+jpnlWry&u)n^2_yi@sQmHN>Zasz0$qbH_@BROfNimr*|Scd=II; zTNqjp1@6x8A$Vv@cFPux6CmX+Uh;8Z9*AU8R-VmpwY2s=tb_04rqOC;0MZ2yfe5xv zd6)RfVE~>0VlN@g^QtEvNhZGv0*rnF4=lM~d)-s4aP0M2j(7V|QnS=1;0iJXiU^O) z(Zc~|qBUkVTK7hJuYofOXGmLB`xZlZKb;?Upied&<-9$EdYR*h5 zmlv-5UQ0gCwtER?2M#9zGI=9)pY4^1% z93Zu+qDOE0D0!aDLEQkK$DT5@Dbph9b3Tmw>V@GM>S=c2mG>md+*Q&rkv~S5Yp{|@ z^JbN2G}d||{%JOepa>!Yj8EIii1DuHgjK4Q5%pNIP2q z7=zWYR!eEsE)B(qgj#wb!pRpT?)@!ygG3!>E)uho75(eG5E7I{F83Z|+E;his@|5n5TJRRo#(H48-(bgazXfsq5XH*hu6PelPHScY4P7I zfx1^=kOODQMrd(}70jmTqGB1&LVLZfw&gr{VG)aM7X1`iiGVWM%|N8RlHXNZ1ye?| z=LTp!1`RKv3bELTd4%0UJl@KhvnpQGP>5O=8`xoZfnK`@^hMwNF<$mFZeMgzz^+@u zs`By5gwE@+lYKh6>cUf6u=Maqaz3AHCRRuM4ncC6h5vDk!K=WW(%7vER_#WtIi9u} z@9DJoG_?VKZ~k5+($Fp!`WEBt4x~aKd8AC8C#tgWfzoD^4W_1s@?xn`_~2b@jj)8K1(0^p;SDRnt(g_o&Fhl z7{!R0gZ}C~yxh3g>?n)mv68Yy*ML64r|zs90V3%GzX)sxuYp@%^|a;Fyo+*0Z+LyM zo_nppnetu9P$rD?G{?rV{6QVXcrr`)Jr7obQlP~Ljj+)L)`u1bJ}qmb9-CwXJOe){ z52YbVyOQLQraOIwb)Te$PQg!8XKy=v>`)DrFeybdF?@p?|joG4#dgKrip3wqSWou1_<)mf(Hd41Uz z5k|_{#@E#VmW&uIy!i@3s1lurnjeIsOLN*qisU6OGF>jradJFrbX~4(m3WVa4m+0lXogI!W9?Tca#BOLI_MaDsd^HM zO{tP2YgaaYQ5-h~eq9DP?W(YH zfolFLw7RNRtwqHMkHn=jP*6VHW+m$^H`xF?v)1k!X0k{mWBg#sX*nop!wgT*aykSX zbeEESPj48Fo1tKgx){t3Y@L(>$jeKDj)*5dsSJJ&_mN(D*oP$wSeek;%G<1-oVSQI z$aRv*1F+_jA_an;pzJ>iPR%Nv4nSd6^N5yh5`3ijvahrBciMU7y8d zqxv5Oi4Y9T8qI*o4J1uyPmGk*n4Ix^d9wQ6;u2^WMlvgrf&q*BR15cyy?rxCqwK=V z_}*50oTA~X8Agf|Mlusi1nL{Z0-B9&RWVq*9m*W4$ zV}hs4)%y5&BlBizo3pq0@)|Fkl=e)kNo@UmUm9uE44%H{Ygo7L?Duzcl)JbDXMiGH zE0q+CG!I zU-tub&niV+JlrWAeRz8kcn$8Ag{@GGm<_Bg2@04xVwy!3Q8@%wtZ>>?VBsm#nC83b za@fwu#)sMp#OtctY+_f}Uz;%eK3s%@v+8xwYRgO0RBmGWZiN<14VJz*<(5QKLLstp z(@9Dxzft-NW#xvn;VH;V~K$H}%wL zdmk&dRmiVpp&;8KR!6X1xDMV8f5~E;YzGC!Y_zkfUr&qju63uiiW{*Ke5 zC;e<@Xz8hM-XyQEM$tS_!t@7m^T}X*YNo*#AhDE5>K@VuW)*g3LqAlg^_qg_J(VL~ zvbO7&)yV}`GQE6F0OWd`t2R{!h@V5Xj&rM{A$V})EQJ_oVS`HNSRMW;PrsL*FM6`P zXRw4cv$A>Ltq1}n%a~fMy+!M^OL~e9pCO9@GfnGw2YS?CI&YVmax~y~;FB@P zcZ8Yun&Xgs;}w4hp1mOxhC^}1ySFCWYQr-S0L@a5GhitC6@dpJXmbn#3oLs5dnAS- zi5?nD&q|LO%4Zb^JBS!)L{Go|b%AEqt}m6))=?<`UQ>A~xQHe??%cvA8N*VK-yS0& zpF&L8ZP37703mr##-pZ>-up&wgn|~kM&zD+_Vk31|4~FNNn)gQs=|#kz z(^!T^7N@i_Nq&3I*(cI%tUiFRSf|GEJ?3T1&9w14Ne`7lzxY6^)`?5j2{X%ma7Md_ z?y-vh8p;E}V~x!)-6Y^pQMSqMPT+AjIRXId>uB*=+CmPSBRqF&IsDlB7T(~FTq-QS zs!L$2V!6D02@)sYVtGmFB~0!%#5yC~}M~^XD#OmO+)QoL(8g%b^A?!QiM4A{okXZw*ZC6x2iz~%@eh+$zmno4t~C!@D-PN zt_2~)`J;-*K=7(SJXq_gcSEafJXN%X)@?ScD)N)%u9UeB1$cqY`$Uw5Qt6)SnX@@y8A|3&1s#G`|mU&D-98Q_Yfgr%rrP)`A$`y z%`OufNz_4IH^t5a-p6KPYoVaG9K|WehjPbaey59iuu!U|1(Gk>rAiWWx**468J&)0 zGyP_=>UwPAtI(k+7b97v>5$U!CDtzW`GrVnMiPE5MK>T%W{+4nr_nSXRM*a4tfgpq zFG7oeNn4_|YHl0~Wv#Ln-p^fXvJn4q5i!T*O^ud1I9Oy>dmgpfY)#6g2c*^|-A9H> z;b$NOcV1B25j?5jIOt?Ly6a0d=MgDB;H;x{&XBi1m-xKQjg^>QtIy9suiNj-1E=9= zGr@t|=2=qAAF@X#=$mcKB%i{(rYrFZ!RJ!@F26&k@^(Z5_nr!+21Zv0oP8O-HO4rS|B=L0Z4>V&L7?3*&--e8~e zf1Khcyf{;Yc8BySDd6M3`&08XlpJV_6(a^3|72jdSmZQi4<1Ad7k+0ea4H2)cDF8r zEg|~Jvy?KCVE@Z9|IuCJM!Y?Gmf`Lw(k?yg`l|@OO48iPfSl{hxG2UqTZ#3LM&c*o zL*{#U@6v(J|0II7<+Y~DvKp^x-dF5E`wQ?2A5yinSx5r_?B^=7zmL%dY(+v>Y;hgk z=V7(KEiF6as^gu@>d>E3vDd^EyY3)4`WAJP4LyK5$&4GZ$5^e_DSC;Se2VoN2#%cd z@Vt_~Py(E+Z?Z?8uhh3OEONS{8`IZ}w^%}RtAQ$qZR)ppt3u@ClC=9xqjnJ72@f$7 z{_693N)aFrA6WCBtfeO^_^kF!0RbV*nHx#Ys_;H6>~Fi2k2=#Kt;$(Fw#Q19q`Iea z1zD!v8;;QeDujKKR5{bC&8FAsR7Bf9O|Rm!Zra!OqPB+gCkT8`;kg)o-3J~;8=Eg$oTx~_SwL{*aZR+lnK)tIREH`KML+_l{0O%uCZcaXw z1kBm;;|U%#2f(9dRzoRRLa!vf;tV2&mp`3`NYJV!8_|AQ6yC1ndE^M4^Gx=TYuR`P6@F^&= zccM5YRKiACI4&XiQc>Drb~WU7me+-KN-Mym|3xDy@e_PEk#kXo(ie~AfP=!($_P0k z1R*MG{Ye?GO{YbM_&nT+7lguKW zu+?k$JiLF5Z{@|zd~Q>)$(s)54cdCYel~~b-Y)D-!xqymH77gL+XNc~)mJb5(yDNT zJbTAd`tQ#boPzsVN}pGi@QyUyaz*ATd-q5m$pF2Ur?3`C` zLj(FY(q`Vx*$9ZF<~w|xTW`T#k~?_hEi|uwZCU6CtkrDi5p(<;8fT}s?Z0yn;5>UD zaa(tk&`bLOzcH?rq?$IfAYrBqSgyT*T5dWF&*5Tsv+=g!>;MpWo30lLwF$N=+_&=DM$DMNLiMv&jf;lUW+r7 z9erDJBNdvT>w?b@pvIw1e}i@Ssi~%KhSf@>d}izPB@iKsmS^uYprIcIMkA5(RMd#r zwFY&ZzV?Xt(MbljIvF*;6xg1g;%1|7ODtF`Ewedt3(DhnK>3{dI6HQqtOUbJW@=!f zaY{3@SkR<2PON?}>7kA&HArJ^R0*ZS>0vB?PX`G>9Rj@x_$7jc+ zflbYT?pTiLP)stHWjTg;*h@?2AY#7r-Yq#+?Y=rt?RX_VmLg=pL*!e=7JWk5-QWPf7!k)*F7S3Hm_u(QlEP+lsarS9Dlusb+1Q(lQiMT zXw zB@P*2lqZlx3ePYyZ-{EwFnKrl$=-x*m_~iBAoLdAwL+%8qQnB*kkHYUF*1yE@MPTF zc*{+_c%iTF)H7_-`D0@2(Q9iLv3>L8ohBk3Pi{T7iLNlW0EBUFw|%U8iBG6b$=oBJ z4W`U*NmFZCG&2W$6eb*oY23WaTcc4kH`mQ}r!kobiIX9`{3d)0dK0QrBfJUaSjfMz zKBuE|Pg@AX;E+f-BUYnT1)rvLFs-=Ux$BoQ`GwrDZt>C+e zvRehfqV#$Nhs73sPq0$x1ZxLLg~jPRbfx7sQd-wh%jA?cQcdv#B07zsXr3NoPDzrw zIclRSk#o`S0MdVm*>|0!dyx?<0ZTWsm)Fej!t`5~vS^jBT?<2e)%~fu8&r2AugTueK`WUY~ z-SmkWeLTs`4ouGjtun2qqWoQ=Z2SjTjj<-QVsZekVXXGL{yd_NvO5cYJv9q_3<$sE z2&80w7wIm~__n?vA&l#*Bo*BUa>%0too`s{Ux%bYrENB{cO-2yPuGZSBu2N-#4``W zV$MEp2e$oZZN#&Whm~;M{N~nnhkpE*N@QzfM5uO!mgn+MjuUUF3x1=YG&$c-^)u`4y%g@$r&3~jKQ}| z&hUMzuJQhC`pD2)Vi0rlMW%*{ijV;d4flga5ORQ0ZO-M}(YqNjEzz!~a12<)*6zP? zF3bt{+eGD@O~RVGN-zDW9duj8zjqM^=Id*719x+4{YSD$;;&eLvk2g%hVKkZgOcA2 z{&PMI%!=p#`V?jx?mrXupU*i+{#CmHFMi&_{6`!1=c6G+ai%}d|2%B@06E~lFTS3` zD*nBjf8I$$|9|?auXh-s!j4p_9h*`V7(1x{>$_PgW5gQ~s4mi8_^qAYzVMC3_BJJY z@jq9RmCvD_p=EZbm&vj4@iOhZZmf@`rwNFyBzAB$V_ax{F;~nq@%UhLc~|LwU5SMx z9ZvmaRNF~J4i&Zol;<`E_jdBoMTX}J?K`0U$j4Ew*k9jPV_W*a&f1m}6nOM<7=ulB zlAT{>{p7Xy?MF@Ht!$>>|BNq(Pi)w`A*ZlWZY~eF{|>}AF0ZK$7QQ1`Vr19}%+x_A z^g$pGbt3EftaboxFoW`VYnx2!hgJS7zk^v3G_2y#@sDe|N2yeofOg})N@)_Sb4ifH z?_Ec7N1z7M)<815<=)>1YboLsirO+{F&BVhSB~MsVu(6jMur|yGKZ&&w_C1{W6&@z zjgCV?-S`4a@!n_WD>SZqY7W9D5MsC{*_&5A`8c#G_h%MdBZ|{Z0K-#$F#}<%zvf1y zk|gl3FX0Z`Z{ohAR-LZjB;e<4;^AS6ZWP?@G1qEZ^p8vBzOPaPvge(R_Udc~H7S0w)x?@d*^zTe&Na5%A-&3^A_wc(lmGf$npB~c$65O{BQvl)gW~gaJ*sEXu3*%VeicX9ah+rIlaY9# z)s6^jGaQpBiI9$_!db~m?d9RUD&H{Chu2b)`NT#aXB&qE@_x`=IGE^n@H$ka@Nk;ugK!m_RXXWjt-V`yErs^O*W|* z`F6UE@?K(4C%kR6=RQ6V-7+_x61YT@f$2S;bo=ibDR)FO)}^1`D?EPxLJFG z9}C0VELSJFKb1M+&Nn$y+poz5StH2$qUGUv7(_(zZUz;Z0#dI&JTvgX8zG=^BxGEJ zG*mkwD9=E+L7(MDGIQ23C^7EO?7Z6oOiRTA_) z9osZN)iE`By8{8UCT49X9;WB`%pyHU6o4n;zYTJWyFx3gWxLD8Y-T!)ICRT6dAvR>5B-vmW;j6}Q85v&I+QwxJi z!T2|#9ncmZZ98&cmYR-SP)OEMorb8x4$*@>a|1z^2Le9Yy4j2MXQyGm6R{y@mKNOb z-UZ<NsfB%A6|6^~fHJz6${TEkO^^_SmUkoRE z1W&hV;zq~Y7QdABm5$ ztHD`$8Avy;^6*TbDacsqnQKwNVvU=-x2(KLUx1te=xo8_sjjWMIW_dFq#j2#Qb#Cr z?so8ZMS5WzAbKO2j~#8&fs6CFN2%e{th?S}9ejL;79TR9c)L7bQT|8OAp%L%2lXA1 z?smk5k40zY61>Y~p$u63L>WcY^`U}GfWpFxq!GNAtg7BtTOI9=Qr6rwymOFgiz>NG zlIk^Hk0@5Xf3;;L!Q(gD?Q zrR8@%w(s7a-$GELsee$3;x`3?t&WNtuL?s&?3_z8Ac)DyaqV9EZGrws$tbKUL z6>OdCI^!-HTo8{OJzdjbSY0n23Tt-@;6pT)i$Y^08i0wZV!K2ZFQ-xwW3osA%uI&E z3D70G@WMVwP==406VUkrcx~ru^E=_>oooSlp^rBv^cTwxf!hy&`j{GdgqLvIOwEN|Ydk(YTZ&qKu+XW18Ce zyfvri$iwl+5{_RReop9N0erh8ZQ;G{a#@+Fv^fESm}%Q&M*;R!=9ox!UzeKWDVr`6 z0IVS|GqbUMycL71@4`;;OrqMF$Qn>IPl}SEe=0oIRGbI3dAr*0q6z^WAEvmyu1Wt> zB>|Jh&vI^AIEE(0p!&hz<5<%@TAB{8F{lYXKh4#}%=0LPG`ki2`R-mSKw&ae~=n`jKMRJJ_Nj@4eI-^K?R)iCzYsPN3e3sv#4` z=wQaH5St~;$72vkv|e>IUbh|zckVPJ>iOz4SE417kE>ci(9o5qX6sfk$X3H zPH&O{2V{;A&3J+~@R3}&m#qovaT1vyE@rl+b?oALjJ0kmHTFHsO+7vzPa0=C9?S6f ztK0ZYM`X&7{0@7JI97_PbH`7a$pt2W0daL z&V_r5isC6yj{qw&Y=&!tGc8PF-?Mi(1U{7^~xr(BdpFCykNE_RrtsXHoDHT(H|nc_R@8 zS5H+$+2?CSF^>~Na+94og4rKA+hhkasw$!6nFbBF)YS=*Wh?e>g&3_SD{S>O3|_`y zL$P7bncpg#r6h{GftP9*It3~ee1+%$e@CM3Hee9gUVH`Uc>t8ol#?4^(HEF69noc# zoQ{^ryFM=m?nH#qa&dIwTO>`_5zl`U!U%UQK;X^(!>2c^Vp|Wy?%{ubkR(Xe8l~}| zEX#T-_MJaiYb<5}bMK9fh5``lfAXL^v7En# z6j!CL51Bt(-YDetFT{d=e&0W;pvp2IdF|GRI7uF%F&SR6Swe>Np>_nwS}zhI6iRH! zLR*pSn$@m&)eoBvP}8FhC<}`|EIV2G&|?Ckg_{fJ;@<=NjhVBzeKcSr3u~a6c74^| z(RDAQ{AGAz??G|JhGIliYh@(mdB&a;uC3mx2C@ zD*hdAs2frO7c6`nmqkJ_;g=>~5ol8594sltM(zp=^I7x;dw;YIeJEJbAo#A{B`!r<(SUWNJRwWmbDh2XlBR8>9hAkJodVpE2~Zyw*7j?|?DzwreS^ zt8UK66p~1kW7?ZX1ST!oy(Qvs&j`TMb9uU6$$_AzyDiO)lu}GJgdYkGrk%11H5~~* zB$n&%*DSh7GqG);$tx>PdUy0b5)d7%Eh2 zqTqT*5Z8<$DCq6K+5XpMM24j8ja0LM*PBF(MZfsd2Hua8(+ROT2smpD_~W*w&R1Am z{^-mpaK`G|C9s!D_4!DF(gth~wZ~PP?yowntD+iLJy56_$6J(FZL?MmU({T_-?{P( z?Yi6tdVuX#AdlX5IROd|;7{(pLH7l8hqMSP?PD(WF6i>J$JiN^BCv=#^UtPeC^ z^D0IpiLG0k&3oKpgYyctQ4#y)5XuvYV}J;CZTc5%Vyxrx9B#r+0lN^+r#FS>^?*mK z4l9M(xvJElE`2(c?kkD&`cYo=oLFQkBekp*y#{<^aGkd$!Mx4x*t99m|Cn01I$e?3 zUQ4l$`mY?a$gVBE%B!+O+F=|u_T%KYJ=r1-Yg_1HDuYX>BqV zgz?O~B2%ug%vZU%YHt#Pq#Ujb$M6}9M;Lab>%`2u9klp8Z8hBthi5k0`{%Zv_|_rn z7)g5f35nWaqkOIm-3Dee_uStwH$1i+kCO}tua@>nOt#c$Q|~_!!5wM3_8sxJE5;J5 z$H}=3?H~b@_52patZ!NpmVd_)ixVCjkPb{-BI`oIHGJ^6MRxx?GzVq#pzOHc+C5yj^ax z#3-Zt0Du}TPhH6qkLIT;dmRA!^)rBD2P8XpZ!dv`Y21O^XKdFu34oCB?%dEGrSKYN+;#8VwaN|)*Zpuo zRDz6G)rVC_)I%X3HzPIqMN+WH4uaTt#}gBFCM% zzI1kpop?L5bL&IJiGq&HV91+Pja}UI@LUQaLe#b-Q=zaclmYRfA~%ce3XbZah!(X7 zc&6g49GP*@7f<)o&ZgZ!)cW5Nl#@hl>Lh$TB20+-*^)X8b7n_)PY+NBW2K6k{#69y&99$jt$>=N z0IwH_at#TX0bB0cqKRaB`66518fBm<3eYwcU${XGDm(l5M}MU+u`1dZGRxB}nDQpd`S}m6Dn|^y&b_xS;}e@L}`<6^<8jo+W{&dHK(C zSpI##5b^-w$LE%0y~(Fr%$}6QCox7(O#5PN5{K}+G{{NTf=fCsP*v9rMO`2*V%%a`PqQ&2}N0cz--tdMzY2_YAS0rMQ)VtgZ1eF*G<^>6@Hm)LPT|K+V9M zI*U~=Ae1OOjB7(*Udr`AC@{uh?>`dK&{%HGTO~|ZAmw`E!BT#v-k#Q(?C>c#rU8n$ zGJzmW%Jd`eC^k@c7!n^Fm|M`1Qy)aV)i&0B161rtp1E?gOZHVvyP(|kg`6;T8;E18 zxOhS~V^!4|v5@72>F*IE*7jtTCkN)9%l`;aCujNHY=82cQluQV_&06keJ`b%4aXdp z0w5vJTzh$QF9Tz?)afx^P2FjF52D8r-cOg2Y>9Y@Zfi6cp5<67Hsk#|uN$KD|ScWHt5wfLwtyfeV1j%)AtaC~BnQC(8;uECs3{t8=Ey;n%& z(n+Wtj`kQx!`7NQ*3YB$Zgg4SE3;)>z4=xIP0*ujRwzr=nkv0vC?2um$!Q($!W3e` zUXJW5Z_L|0%Wb7C&eX$&_tWzRg08i7-4hip~5+%(FBK%RwgI(xz(yg{o(2f z@KW834(~^T2s3pS=Qx?U_?AamQogI@u6}0fL||+y7Y`IvPICDt)mpNSt|oZ3`=y7ca|9cdGh;aV{K%|%3EX~liLSZa%_lL=SpJ&3F4G~O(%|U zGjfr07qwJ*TGW+ammTlNrF0!4mbe7KDQDQVpFczll#3R0%+XS{HP_mhSr~b?Hdan^ z(`-i-naT^sJm3W{Wha-oyRt<00_^>-QT&?Clr3GWFJVwES3n2J3fh_m1^^7K*qQte zXQBO~VslfxVXq}g1C43;1hI)gAfEm3?IG(4$F5m05Wke~td7ayeXwBPIKGmvSh;WUH*@V!lPTyaV~&vsQg_#_de&_n5Je>E5%Cym2S2f3&$TXyJy z@$w8|NZi}NR9j~2HE;-~#`%=)KQfwL>Z)c2AQsW!zA?G%y~PPuI+~Uj*d=GIoO6Qi z3LQ!w&w8a^qZYvWY+}87n*gT6F?H6LA;4U?9#Yf|_YeH@kLjBwY&9zAb zq#2y`q9nLLyZW-3Od#{RTB-z!N97J5Mwb+%ej}~M6dCW=5ZyXkk2oJR8-Ns`gxDZa zN$>QambQcPm)Y_SKLlS((2Y4Gdz#3N+9G=%y~#QjgivAiiQ!cgTl?AqRfV|U9y*86 zos#km-|sOPdKLmo+28HOYYD*a9>D!Q3-Js{0m}(!i9S1BM3q?Ynv!Hj34g#qmHDmZ zD!f#GAv!qXh&EjES>4VrlS0shX2cS*bNXW;*~f$Z4!p;#W ziyZeWk)KcmQz?9mn9rGf3`8P7DO-8=B!_9II6V&kH!7)gnfu$+=??N5)o$k9h2>%;6 zzZ=#PJH!|YqrelAt+<8*3=CT5p94057VS^p2z*Bobw?!| z6Gs<)dt(>@BO3$b_Y!};R?%4B$jz?Lm3i`Z212CZS*1Np@0GkKgl;E{gv)p%s%Z9E5s1g+d-2hlgf5ky0g@BU#`;>|6FT1 zU7VsUDEI=yj;|Sv6T;B`$$X50hGuU8>fog8GWj7Lj)Iz6$i9~@wx_ELnvZBE1uGi{ z^SRCYu|{TBl#tW@?f5;8I>*2;+-Bgp~E4LKO2HHE@RK^B4ha|CEN9g(yT zZ*i@W&ex;)$>3{XJt=Y?UMf4=7M|3#n;rY5y@z6mQkTh|-Q2jwND|^@T0pwox_<}GwaRZ66+s0?31RZHsC*AN<)P_z24YoKpy9OX+E z4%8GB6iiH&Q?4Iq#5)xg1+A4EQOXM$1AGe>MD%U{4`FW^Rae+_2?D|0A-KD1aCdii zcXtbLad!z$2<~oy;K3nSaCdj7Pu`w2{q^*GGd~V2xEIzv@>K2Gd)HGq$VUxqb4MKz zMI=Rtpf=eva!xq%H0z8AGQ=Vh7aIx46jrR6q$+az$P7zv^^z zfi>LYOWTrIP{E@VZG0UbF%U-}pp#cq;uU)Z4&5`TE@{GQs{*6*8oUJ+@m--fxIcked zN-qWn2dA4v0bIP|t0sRjX-Y(hf}jy;hP1?-90mmHGU84)xgS_z>P3ApHv)P*4y64s z6z7i89Pu&C7nEL6VZ1qbD@HEn|Sybs>CbGy*z=BpaY(`Th zEusgeY&V7Zhe=6G7bdGzf92{EXqteiJK}3bitSurlF2E~mzi`Ix;WE}D_RI~rk}!D zU{Fe!MTN@lgy$O8SY<>*yo+R<)3O^@SXu~0i;NL5ut2BZ=V$DdVb`h>^+^yR`Wt7_ z#8rijOFGh|FRKnkavYM-3_7D@pwovLRk0u(e$39Bv;L{~Mizxf+BBMn30GAqlX3WU zCW;w`$lD+u(RK+^AHmF1RW*p=OVqbC8o`^V5(y*FeNz%7_>Qd&7V%Hh$RC9c< z;)uMITqP8<&!@7WnoYb$ylmkk(Z< z0-8C9I81HGG0>}&|FK!fjrmu+g#Aa^-2l_xgAHsSBW!cXOCD_B*s1D&qB02zT*$uz z2-p9P|2<^?|Gwyq?zKR14LsfO2nae+kl+K_ThK�)FS~eisOc$0J-MT?F~&POaJu z=Q9yt(zs}7la|1*sFg5X0;N&+p?#!LcS%M59f=W;|2c@zAw_@#cmb4gdAV5_!jy}2 zwY)a*jr)Y@ie9VcCzl+1h7uwJ#U(wu!o`W0Z4y|T-6^ZfjadB0R=(1;b zjh$sOax(?X{r!p|I$oD+{rbVI#G|7NZtEo$D=o(F1LdbMR^rS`PX#JiPb3(eo z{8h-)LpnNoZ*QM$1t~tx&wu3ddetNsdB3;Q&d1nQR=qb+va`9GYmmoB$Gcw7Z+X}W zA)e1P>NNg9!sBpOcw3TyJS4zO4@tgK0+0;k8P?@vX#NorzS1pVjP3e?7*`Q z6dHf)>*L-?1x~Plq3knf&fWRj@WKPkTQ(e9Zh6A7<;zX&93+y)@4ZK z%@me(25^)~(W8-?ojx}U74t_*2}H$}l*)U18J1-HrXH|}Ad~?!7K_0@PVAkg98HvW?R^Jcl{`VL{K81 z9(#jMmxM@b5J9~5zgKUMs|Ey33XMr1`eC$CQG}9k0s@%`y35knqY>fkBC{6*`TUqvMj|ls@%t5uGwh6JZqIH>>tfNNrs>AWQ6g4;Kwz>|85K@wo%M0kr zruD0Ts%Xi`&|PDrzjwn73(uW(iCL5pj zlJfR%by>3LUFkYmk8OYWvS4Z{fq>&(8FkD)ipe~3&DHn>A<+oWFWYf9LvS&6f_q<*BEwJobfDMsyc`S95S%fiMae~>NQ%faK9z0 zrYzRIinyrlJ8U@PV0-^d71JA8bf?o{Ucba5m7vj(riQO&`3mf3o`wxM`ikSoq1IqS z=@sZwQiOR*28<(Jvca7cmcE3C=sym3c-ngpjafH1mdDnuC`dQ1;*HnSfD5v?MaFxa z8D5DRlD#MR_-VKU@yscVD0xoW?>|breWnQ4t7H2?dscPws-uS_-ON$ob|4b$;| zu?p=LVPvcNd3HrGN5T)46{KaGPTn-x$h{s9&ffLqjNKW|4%JlPJ%eS%2+8EFwTWN5 zJWkS6Pp;D{mpzyX6QMfT5FsnG>U69O%tA`z^u*wr7Z@Pqcp3Ft&_A=S8^u+mTe{{{ z)vyf4d8)f~)m8NItk9gNfq^i?gB$8|{M%$Az>AGYddv77+7CLbLJ^UZjgFU&k53N= zCyNY$CgKqUsrP3@v&REK?PZ5;ZD>$vXm6ph?i7?e9MN!;pHfcGxN&TWiR8b%lkuiI z{`&0*@0mvDZ@NPzs{>1jnX72B|ZEGxr6w_iRFD(SQhnS?ke3}N4_Jn z<1%*jIrtN9`>K0#&EZTTC&QO}2dk+(gZaop&C9o0UYNs(EBth#%Dy<^w_>d0NKjsv zp)MMMdWnghPUoy#+Yk0b7N2W#a-0Ew{sH^p8p7>Z7g29qx?{v2pU!|R{NHBaz+jua zosABUlil*#56}JEr<(%>^&TMASkDygeL~^iyx55Dj$>g(sWp6iFHR8DeLd%M{;*jE zDdu)^*e^{p-1$9qI^8@3COt0Gcl&+R8-0Mky*yNYj9FTQ0I00+Q)5FzGWPh%qEqjF zkNMph#_`F@NNltJd*7hP3HOg`?Vq+5$ES-MhwEoT-F1~F{N2xQ4>jYgbz*+kb=cVs zSDm!O3B+DpEH`0ME*R)mQ=hp#ZyVL}iG>1lTCbdedaDjWKWpdv zZ?&CmQw0?sXoFH(S{@-T%iE9V38(A(Q&v7Wtb%bh>~5sNca?>O`O1w4(X>dLK?g1H zzl=sLkC#b3$r1D1QaDu9cc*uo6=^op6hsR+Qi%8+rY2kyCzs^Tcb@{R+RV0pHHv4%}rN9 zd>36ejX4Gs^10bWa_QBP`K;aFclmv^p)4NvGM+G~VjsepAi{*+2D2(>H4_;Z_V`eB_$>JtuM<<;PRSJhanvB$W?jdeDQ%_d^vyVe)T^%Yh^O% zXmeciy`H9hy&KsQ361bp^7<7S>T<9hhG4FEwq2Un_uAEmSH0J$t;|?)GBEO5|G4iBZ18_s;Kn8jWEgtBJd6+IptWq#wwk ziPTKOed9PGez*SI7HB@whchi_L0<&FMwLm7=jCdvyZgUA-|doK(Q|a1FlmO2p#m4R z`EM;XW2V>j+#&$w+K^a_r3APgp2u-Y@sC-Da_w>Z)L0$6-X^d=-Znl0ZuaAV&uFJ~ zN``U*nVx(zmd+S-GGX3E>}Rj6>gsx+DAK`lcRarW4AQ-b@QvEp9+V?C|88aFWQD@T zciwsNAeYYLE3&=uezs9#)T0=neLz7l-SbgaDoHG$3HiJimz$$mN%vOHk07wKn-Uh@eCc}U5dh%bhTWh`kgQj!jA>+84Uim~>=amCvv4_@o}W)O3j!C^dgs!le{YNu1b+4E1`Ii9(gxnn z!&6C(5*PD3g}SulX9OJSp_Z;Dv;!4ruk(5 z)7S8*N>K2<xuxDIcDfTXi1A-wqNY7__%LJGGE@6UH9D1>azmx-6) z34#mVD?z*;SFWEIjeC|<(HftT@E2slmIPrW^~x%Z-N&`{jePbfWAo-B^1==BFR;%# z{Irn64?662^jaN(btS~)DSEp@e)UHm#!Ors^l*H)d7sdjm-{*%+U;AV+dTT4yTXDi zv(e6r)AH_w+i@YFU0og*V;+Bl*#rAesX$B*@5J`;{DqsV>-($8P>I}Ly2j1^M1Mc| zF%7eJ0(a$m5n!SzrANY8Ej|eT^fK6O?gIbbJ8nWw_HkDm#1jw8`+FLL#}&6mf?6@E zXGiBPXYn8)F$viNo+`9;v6k;nQhlZ6BRGjnP%w|5BG4ja-~ayTrBcgQK(EEVnT@e| zw(aT32-XP+VH!Qi*sSwDKK6;aNb>Q~9=e$uYdW!Vya%p&#i7_rW8JE`YQBRAj7 z2LCgq;rj)70IwIk>)t)W?VJ?M?QniolBpup)ETiAPRq1QkpL5;U-13&MA_{-;Smfggg$lWXq9w=|6goZ6 znrqXNBMc#_i7_xZNw>bfzg=`x&HyVKSJf!+PGfu?V|z!h$)5J5&^&^>DvjMrksK^G zRr2Rgg#9TXkVFEpB9|us&#j$2f__fDoA@})xQ-o7-qUgk>3%!*5oNJT1nkwq;SC`$ znb8C0P65LwO+8QOmwhlC`AeZY3a-g_kd*icLfLNNH z9Wv7{66&kxby>ZH|jfyp(cpV>W!| z1Bj6Mh%;`5$^4!+KdtyzhA-a2TqY;jL&7Q`aj?vCCuUvyjw4Irb2`?H&u(J#!8*yLC&cz0)0Yx{L< zBVeUKzQQ2Bz_K5;EJ0{o(nVwZSR)nnGHx#}w4rTMUvu}{vNU=vU$Oc89_OpLcDEuafk8uQT*q#X z=ie$9wT4+&zjPC7pLyI2iFrBt^z-vcyTT%rqullr`pmziRu1cc665~60W0S-Iz;GCrJK{aa-p|djIzi5l^97x0C>zB zXnMX?w{D=J`xZ+0zCC+{GV}!mJR|yO^8l#sW2nogQnQ+fhyS(R=1-|o&`*sqY|D$V z!;spE?7O?gQq9t!&D@Rq)tq*;pt-;wTZP82k1htp-XsBcbRU|GM!9K^5kl|vK^uZU zDz|TNn9e8H8qHpY4?}jS2L`FTc5{ueVKeu+xywzch*QLmMdm!o*3Dnse&?^WqZyWC} z=_$ht0HLP+^2L9*)^+Z0#>@3zeAw%0fu)QdEdn|0($$J*o_T8oceUKFv z7k}(W5gHc+$iJGA)cTl1o#P9P1^=dS^bcRzFbn)^t>4CeEkY`Pwmt@nac-6INyuzhXvDY5)*6dGCyxz z42&J{>g0?JEmhT!hPm%Va2TYNlqCT#_l;Il`>%;4tD&*6u?-CkoOTPT>FLQ4kXu|t z#{~ZXEoN9)nBV=W$^tF09M7{p(|O6r$QT+D0Y5Q8QGr%k92)J4|NQ~kSCEB;g)Z?< z)k0!~;3pWQ&)kCdd454t6_?P(?gNo%ZJs9!j1&|DUm6Ga{_?Y1b@j?#dShZ^KR-QT z;o#^oqysfOP`aU}h*?XAUQRUnws8oov)B(4H?q>8rKK264|D)$bY)t z-5HBKB27UGJGEQreha8oxw2K5ENWgl;4tn#aO)r8xF5+))@5{NYYd(oH_e8X#HA8M zarL*-J6&8{Ou_m|fjJP0ii+vCgKEhdn)UEh(Ym71z%Y7|%-D#-?P|T&@V?;tP`y&R znWHVEq;)>4umlemL`jAkSd>rb&o{46F_%gKPCBatzxOb@9v=aYa8XvyC5}MnXCBu> zoDXbzN=j%X8$1cw>g6wc)K1=x|`#O^L0T46HHqEGbPk-5nY<`+M&r;Y$fIslHoy})_$ zhvG`a+acr|mxHKha_y=ravEC=?2kTrrLJtG;34~}YfK_N|3d-)%uIe9pY;TNwPb$eO%1@(Xx9hp1{J`h(fX&`}0Gg@r_DUR#w);gtQZC%hdbAmsT1W6ICF1 zjQAX!g&i}foS#8ih9Y1@oSv2@@bP*BgF-Z*^d+81;P^8&6zXoF%`_k!19fum)l|^C znw;W)B2lyK+&dx)%0ZISzX&ESE^fV1Sg0bK7~%LeKRitY(VdVS#=UY zHT;2s1rLu5Kzb?dmzKx;kEi@74C)4=5wS)2z)>L%Ar4bqeBl@%Ex!OW$#zM74tbmG z=WR#7f8qLy4TFsRHKGb;5+IH)sRE=?9YufucN3ASOpGr61Wvuy>BYS~ljPd;V*!v- z@(_9WcBSZ>hMjnR)F3D>t43%qEZC&)lA7ojWQ?ITxsE2XtIU}k?L+uTU9(hh++NNQ{EL0`y-@+IfOKIlx4WuO$&E#Nk^N zicx9(vm(0IDm=(<^-?c-vXe$#-f&+1&-@Ku8}B%I`Ojw?%m(y~gm-g?PflHh6POgK zkoZfvB3y#2Lq6>0$hf=9Dxl6%ajkJFjZ(6iNwaB{yKy~bj8g*>O-EbYNh_N$$m=zU2H=BJQHxplJ6 z1g?;=D{Lcb3P-)D2v%WM!W}IXqNt8CT5dVAoR-yh^5<=@jlpVc#%#Mk8Tq_QV4s5( zBg5KI!Hz~CHD11m`wewgBjymJ6IsOftv8M-Wqpo*?)$Fd$Nd|=dAztA>W_N2OfiA3 z66eOBy-K}+dIfRne|M%W98?q9aNRW(hP%wvoSKu*dUHU{4p19{p06O*y;K-A-YKMS zEy9+`rP$ynn34s!W%G*PtEx^n3;U^+a;Z>qDgR5=zyf9%csD0fjbH3bEuUxqS^5V`BZ!U0f#?g+|Sb zxn6-CaxY&;EMPC4I8F2se~V>)iy*deKsdRHG(ccE&yqP?ZXPDC(!5HDC!)k=P$zz+ zMC71*FCu2vlD($GV9*1B@U`k)3mMan=$-gwjIYGqDQLX3Y9L0No>a=-5y z8lVu83sM)HR!_|gma_%V{(}B%9(p$%?D9ciGHm;L`S{1uy{OE3m^z=#H(%J&c#Lwx6rQhQrR@A6>=bhT@bd238ymx;#vOkDoA+mrDYiZkc?;e z=u)_!oO1O%3p}kCF>MnRutXdQ75d`7@c{|}a4?}-sp9?3-5?f!1WG1>pnaS8OvMJR zS}C%BQ%@VUAo~#tiV*DZZ#AQsgf)HRFtR;>15AoxQiF}vgS{x_F^ndW@9ke|i)!x_ zYW0)zWv^kLjGS6-ad@a9XeM)gdsfnzC{ro!v=^WxwAN)o6`vO{t&n7bG?67z%;W!D z0iD8>2;TUG23z05#5jfwF?KdE;3X2JjQ&p_Q2c?*1qAw-KnN;lI;^zlb$NfD{e|WD z`1K5yR%dC}&=C22o*h?L>%{4soJ68Lu=hs5?=ax>F;Mut;CX$k4rfbZ9$+51?{E6Q zS2i`tKVT={x;n#AugptSDw1MS{!tX@8FacyExPF$ zk;_oNd~{p@q$9Z&Mpy11xbP9{k%%W?J-G9k4{V~5V+Q8k9?yq1^i4s@AberMsELT$ zU=B-r+#ZKqYjj;%JRmgNEPk8sD7z`MWrEzQ=Wp6eu=^=z(_3qVu3t(DsPa{mOKa?f zU-dd_ebN5m__|K3B3bbNDc4WqD!)*e`+?5I>X!phU;$k4W6eIP`Hr~-x}uuL_w+F; z_!A7izmaS8qV1ici}mdHDF2P}^9B+Wq-cO!FrsHP=y7p7eXQ?58LS9EkxIbIrJ>8_ zb_(`vlqfb@?_Kztzns760AR#^$=I%d7tf9NPv{jd^|F5oee+3U;^NYrc;^kUi9RX4 z2r2-C>8pQ0ek2~++heUDCjAT1LbVYBagXB9VzZ&qpW-Z<>rrCjYww79n7Lm(_Q!2l z2!c3D=)#^2F@8OnP}X(+?PD!aX})OlA>H2I-W`cJU+Wyx5|{_Kab*LYYqPCIp}C@l z6~?QQqZokJQSN+!Wzlc}e$#=%Hha(|sN~Sno4;&7Q)yKd;BU{RV3#VL$)U!H=%2qZ`&c_JIR+>T%KZM_a8U?I zLES|DhXDOmIf4D@`2i?&!XQJlp6`nWgS;O_l;?&mKR}*01HZ(e442GyckZvFPUhz3 z0I)4`v;|L(DcAzTKN5uoOKSu^q%l{Fn#q6L`&77~-1Mew4^Z5|#UIRv|1?@sqa82w z1ZNp-_S|H3r6uV1N?9j6!G*>QdbT&=RD6Ym+XEcqjiETyWhiicXvW&3^%!7?a%Ep; z;@JK+=3XBu#-c*ODzWEb%L16iFf%DF4ag^DZsfaFN>3FRfW2*YcGjNw(G6p#+ zlzjN7EeEk#CQ3w5Pk`I~N>4^mGC4Ez)Sym8csOs}Jyc6+d6^qkFSoP2;9Vuzv0`kU zKvjw!V5leG&RTNWhDAVd+aXx-5pIuqgX_dx#0zx&#!rD5ywxwY-r-?)FnOAoh^hw5 zV5>YnW}7b{NrXPsw@a&LoE;KT(<)a9b7o^D&e`jM_fPgB-x^6GzwXQKYSirXBWWuK z3@AB!TL6j!z&qnbm4t-E{4+;#8UV&7i(Gbwfa;}s=!6aMhRprg9vvT7XLhJuL!VB( z7A^OsRA?Uz2D@%El2@kDZnGc`2Pw(PVf@hwONxY@9)K?ancyyVh*ANmS~!V;f|eSd>NgCM2255y7d0Jw>?@(!@5tX)4D%Lk~89>=C$W4DQ#3ZImy#LBbGH1 zHQMKn3~if2r2wMXhO=XzgfCNY(683};Sc)>U6$pMoY&ttdpYjVY)y-jFTC3pCVa)a zjmM4reMCSEe6=xP3g3VFJYD%lcx}PYL4Pm&6IEIDkXzyrC;fK!zMl8_uF1#y+vRYe z(jk}|<}&)Y`f~D(Sco&HdDa|)mwlT$F>wD+oHlYSoZO%rP?lCUo4;}CkM`&CHC{=@ zqk&dVXMtJ_|EBj=A_n{OL6bY-lE`l{ClOiMQNS?7fQ?WIJQ8c6K(x4D>6_mIzZ`*{s-v` zHJkY{MEN%oM#jWoxS_=ZOIDbE6pcpM+fH7^uMeRgj4fkka2ar-s+DqY3pO$Nc&0% zuogNzWw6Mr$EziFqW-UgF&WMe4-cF@n!3Elp4$-8 zrrg&u{C!CgrZ1!+Yckq}o8fBEQ7pJDqjPF1y|T<>9P>Lk*72qvh(=dKLUg&DM2 zupL!0Rd<^-jxyot^wdwn$%8fm)4rqv`ynOUhP7E>Dz{XMkJpP*e-i0zQtfQYyPWQN zK`aQ$=CBDNx^SQ-L!B2hG&I!K#`P5guNN$&E`&N}z3A znDtVR|y%Y!8D=Y0zy-pcHR;YHErkcVpn9c^=->)YM(@{rw#c4NaXe5B^ZBS|ZvGQ0Wk_ zcUS#Sp7388he$HX)?fW>^p^G_ni0e9QW-LUz61* z)PYx@n=e8Xuo(ZRZ~XtwA5mx7=5u2yIh0)}2JLmUdeyAch)hIR7NZ}nn8UASkH+m< z{u_Kp8lF~IccjZq%99fkU=;h4ocCitXD|nG3)z@V*8DTJ#S#j6dN~?aTXE3w$_C8W zsvS)BbavX@&9=Ml(ItoEBx199!6H_LgF*UOGniXtoTNNHJ_07NiEK_n4(rWVC)IwtZQ@_PY0mPZDo9<&FjQ<-f$Dqq z{!XGp-jN(lf^q`y)7}oSiwn8r_C@(8~Jr-=q>TLYf_Kf)dvXNW~nW z>KH>XvEwx=|L8rvpdb*h7KjAEF{q;Lnh-+dUbNnw*aZ|=RqbzJJ$=T&2z87DHVi*x zHO9jn>}V#Il$0c0>J9#cW^e^gfyo(0U(^d8emb^MIV&!?Jq>u|Qp=jB1rtd2TrJPv z34Efc&yV}Wl0x!Lt)d&?k&w{B!s)#$!?AEz_8894sxW#*(8$Q8`q%-lS0x|1BPA9< zZIc!Vyt|yFJ3?5VwN0q^;J{eAPp4?rrf-}rawBrBh@sriv1wj?PDTB8`Og+8t06Hu zx_sV@{(zQa)}21tXyxMrj+urvs${HS~T; zxKj8lRY^ny98svOcx_=FE>ywy0A<4n%7zkgd?dWbT_-m>v?YpAhzn3s{Y4>QqiA(B zBt*|U3V$()>yW-J9!w&^A%*(dFV$_O6z5_4^lCizZ-)gvY#L)q;TULvI<&Kk1SxW$ z5E~J2Cdb?nvYm(H?P-9hY@`m(#>Tdp(8(fea{X)k6TZ;zb(el#;!anMo^Y2jSyJVP ze|E9IgiBCVe2x38{^Atj(4YZSFnkR!9DW!p!0EpVb!9#aTh1bfh;%~!iy}6DolLky z0$4a&pDK*!kKL`4GcYXs)amJXe|ok1jCM1)pz zxjaS%9@hCRMlnm4esN?Wh4kV=phBBY8PzGL7HWd6kXbX%Mz4ZW$_~ul4E64QuItnq z3ItNiB9vij2LN?TJEd2BL}7j*eg>nFq0MF%yQQ#!9g=+!)&J$#s`M=|EyKzo_Jydj zyo`z$5gANJPh{a>7XaQM1sfX=XpnfBMa~n78btSIrztAL!)DiwJzxcOkB%Ty~l~B*t~;+ zvcCSQ+WUOg?FtdNk@``Ew>EA|}ct91wt?0I66C@Jw_E9o*3KaS(k`w>dfzz{U zLfP>ebctZ#^UgiOs(bX;Xk9AniR8_Aow?4QTCjHdF1CafhQIJ3YKzRS@4ppwY6fQ- zbe{}Ksi7p{in#aTmoj+amR@Kcn@K{MdZt<1b!D|OWTM&*ONo^~@FC8+sE7br&7i~m z*A#FTnHdp)CZkO9^XJd4t*u8M<6f{fz|1yYwmu^@<7JUXEEF0NGA+5UalsZ+AmJ>b zgaFX;irnmwC^Jhj*o>k|cQ^DwO?Vg>YWn&FsHnzeSd0hwe5|Z!7Ds@F5_o?+kKlM~ z#*R#1_7NEg8_QsgMttIC+or=ke~uLWRzK=hDIxxIA{P2E!rZEBr_q2M?w zuv@9Ic1=0H$E7z&2vyeOpHc|0SZ80i`P$mAq?d|_8?*F~_ea2f`Tig0XM_1Q& zNC4h*Y`b@3q^#^+p~Gw79Gg0{DTdTLGdUR@4Xw~&4N$EB*^AxrZN0@o4`71tElk@~ zu-UIs*-kvW3*wY{*?%6#{RA~wb1U^xQ&CwiH`z#{&75uAhk}ts_4M>4csOP1PrO8l zXheISEpHtIFkm)8#8&US&&|FnN9s(hMG|4*!>U`tEeA(*0=OVF?S=veB#MTgoymHw z#b}KVW9&`y_;G-WCc-VgS`hF}IcbCW4aTY!)mI<;52=bK{#O+ z>0yX=jBx0*^O4r?W&(D+py@0QyjC(_&x?K{yFSBRN=gGPGPd9N9!JQZw}3&~Tnc|XUQS|cHh`JX#%%Qchu zpA#3dBI+4pV!$QUU)m+^dcHk=+jzaODpmA5+*%*1EjS#O(!{d_+(ar$0uHYYRc|*D zlaP8nF6?95vi|MNJybB)3x_WyUK?v1fKQS*K{)jJPC*5G`yccw{0Q&Lj4XoUu;$<2`ZdNG7hi0G8j zw!#xc=xPoJWHdnk8UlJNzFr17EHF5DV`Ah1rfm(uPPd!Q&j{7#`eB5`Uicdv&mw+Ud((y}ZWa~o08aitoe#thr%&^!2*ilO z+u`sKD*gQt2Hn2%7PF!wn?wSnbrqiV%+pYVg_uf1peGCBg9+G>d%75?$D3BoVd z&Y{pq_D*krG|s`O>npea17K09@In!g3DqHrVXfZ*qE)QF@0w%fpnzY+*;y&J7ia^? zBe=T-GTe!*3aR-hpHnbVG?p@9TQsGrBR@4|R3Atqxx=*mxS2SxjtXG8AN06)Q1IB) zAxcYoJ{o`Lrq0!whmEP)sG1Xhw;jNf)6)Ooyzf zh`g8x#~~{5FJFtCc%t)kL9l6cBzF(HJSw|>-ac$khK4g>jp=rUy9lm#G=%^fAz5 z3kI>}0Gbj=+V!`_J|Tg&0&rDgC~ZECT_blVi#U{j0b3=omk67UJ0%%8ISeuZ>=|Sh z>#i7=hn!{9=z*6Pw}i-Csz^CrnMgGnQ$1)(mmQ{?I7peH#woRUIGSS{OI@9YvIW^% zs!VDQWsX*oX=*N_UrO9m*wwWK?Ch%lp-1<)7c^>pBQ_0(y`R^mUqWDf{5Aj4&qK55 zFc^Q~n#+D#ICVGvjJTL++73{NkA3OLjOu2F_kl+1iEOw(yVSNsceO@GIt{o~hZ!#@ zrqgpn4GzkPZ8SgULSNgkGSKw;JzdfC?MP54|&$ zFEj4>6(TA?wq(>|9)9mL@KqO0a``vVU+_|xHR#%(Ux#ebWx)xK$5ECL{8imX?-3JT_6#`wG1JFnqxpMAk?Vj|n(Y{8TeUO}4ZS|0-W(UPn#6fxkWe2b*m74*9>|#Gy$Q=dAR#-6Gd| zb7(@hs@;$3Je!%db&2z|-%dIDN5ggLQGnG`0&-2p5N&H7T(sj+AlaOZ6Z z468AG`9YrGxfy8j^`EYzz9jHEQtX}jw=+nx#18Oq^}~%T;3g!2m{7*d;^Re}6O$hPdq|}p4aOALEpJg+@Zpl`& zRn2YnJbQPPFosN;rKTuGNSfM7U%3oKrevMAX^B*R3+?i~+TJTZU?zThzrNbZNC-5j z>1Oo$Ole|xKB2VndUGpxaIq2Sf3vH{XSjP+8}xL1M;!E?;cGMfeE#?3V9GE6c*2E* z>U%p02=}*OD2Dpl;}dfA7{ZZsv3nz4-zbpD#IMoUC@^V6WQRhCMn;5cE*NEy(Q$SrlN~mamI)KSwW(h@7W@*`1F3A%Dmg z^@|w+U*xjYBxf$v=JJ6#mK{ot44M`;N!AH+ucTOeiU%Bjb6kDt zOZP}xH)t~kkitH+5w3f!NOpZ^KmwB~#&623<;2d&dj5u~A0nXbtTc9+BL4g6OwmZP z1F95F^l^UD3Y0)$nZnKsRQtA>y zHyc}*r1=q22O@E7ehPAmS%PU9*vDz{X5*EoI(t~3Q8-2}Eg2Oqd_!aFlf4TQFvMBC z+~~|BPvXM60nAgS+ZbU;Ss#2$gz2NOv%k!vL}Z4<&!8J3BesCLD;nYMJKal#Z} zm08yXcbF4=AFd22=<~koS3|gWKPKe6q)1a#Vf$O<6z%*?L!tLE)BjmQfp{Y28}2z8 z!fn+Lo=Thd2Tp|1~(gQy}FIW*p25c!PV` zFE2Ylu8YUk6*AA3nAT^q+7yjg(>HzAA5BD_1j%GFIJdu!! z>)B|j70+9m7h9hEr8IV|xk08}nzoe^tR^8B%BbOddKgTdnz33t>#jgGdiGjZdt*sQs*_pKflk!*w`)JYqi%Lrhj<~ODs-jv{Y7$Wt?kJNm-`FhHT$k zDAaM6%DH!_``mmSqCKD1(Rye4jc`45bwGF3OQ)$sT^u$%X?GA*$79yOM%xb3*q4rOat(12lM<>ac` z>*1SfTz7a$$xg~!E141dh$BGF4|xU-?M$$n%LV|U!?c)sn72?YtTbkdH)~n zeRWh`IoB`J;_h19-Cc{jySuwXvEuIT?oM$i?pE9#iWhgdPdoG8ndv*_T&jy}(}xqV@tHhh9UGHB~sqF&eHm6|!*fAr{b`_8uZ z+NQr?3)zl0Ak8*CdC_}Qgw4l$R)yAUvLIdFHs`^@qYFJSwpW@C$YQ6tgTvXrQJrQ$ zpKn#xF+P3k)w}V#>|2Ir#0KM8t@sDD=yY!`T#@zB2_OGST(S zk- z8yIT9rX72pj`K5{VtvtQucHurDw!YKx!7&}v(Zg$HUi;kL8r`c$5)P{TXek%Vx=M) zSBBxidu~rtr;lDIZg00wTPA!P?2!#!_f9i!62#Y|b3ziGnlx-{)wZJhSS)pAlWe+p=-egFe|Ncw=Cw-p z@m`gsI=axaeT7GPrUH39<-VLGu0PLq{dC%P7+bIfk9C4?=iIT}p&7YD|Jtk_$Nr}O zx$^A%DHcr4S@A83*q#MW7M%BO%2m=q$7iZJ`swxjnm!fgA*ai+oFvL%xhxV zZhFGD07T3h+`XXv8H_;0@>|DoJIN6VDnofw|Y6t1j7AZxWbJF+MWk`3YPI9eHc0J9QJNr15E^bAWH_Pb0IB+dQl~db9Ju|Vs+9OW zl3h_;1;*`!f<-uqyu>$a@(TsTHUjtpLcCRe=D}&OL$Q#U1tY!CA7Fy}b$&*E6jMT= zMPD&Ua_1$fSSGF^LKl-`lCPu-7|mRbYN)rBLyXF6PKcrObFW9JIig~X=D)EmH+Urx z)0EOf#RT?%QWGRLe>T-%NkxxPGXNEwZ7;J!MX3+{xQt>73o!cxTjNjYRc}PfAPq;< zCMnVw5h1NA5MNxNijzB;PRu1oi#AmMdaI$XgOU}U$kKfyKkpXoZcQWE%r@BI=TU|u zY$qp}fZW2*qnw2vx$=(4-qq z?nzPESYK^j%!j%Gg-HRsLp`{jRk}qekcouYlpH(_GApNpv=5wJah$k!Jp!g>ur|Di ze_e0+-6Z6ZKiaM@{retf?)apNRe2Dm@KW#6P;2qY+PS&}T-L8(HkDWoT={&BmV0ptIz!+MOOW zfw*1!iAmrp#1xAHr|&8hg-4*0En##s6FlBcI^~O0Ea<*~3Y?~oV#A1jEeHt z>7ddilK_NKH}M#*042E6FA0*HJV`C{VU}=?xEP{MDpPm~I)aQ7nUx5L3+l})J3B%s|4HD1=6LATGL{(Ev&Y((E&r!0nmsQdoH)CxTnC&*m*vIG6 zvXg{;MIj%z+ubBLhLk(VNPS@vq8=tsutZntzy12YlDh$%R^hvEX_hN01ALx=8n(6p z(n5e15~eCWxprtX+;Ny$A9xj1cx6|4Wy!!~DO$lYQ3qY?G2)y_S!pBD!7j|B+}FW{=0^7JX%l`%yH*T+3$F%ZEP;JMWu+T&#@ z%tBMZQ9@Y;LX(WSXWY@@By9<^;hdvle9O0ZEtk{+dpM%9AQ<2jwTH|NFlmzBk6DI+ z*;kxUm|DomS@)xbYT4DqaQPK|W?}!al&U9$h7&wxAX)+KXZe|k0ICV9s_Q)kQE)jf zF%898WCV1TKT;fE40KbGll@$Ws+vI|+~n4j@h#5(hS_ZN0y0l8p?97UL%Ws^a)8*X z-#=FkLP9yG23eKJKOYBSW}kfD{}H*}A_EL6i*Z&2JH4h5!cV*cnjpmLf?dEAXD&c2 zJh&x3!LowY-4y33ScrgQUuM1~S6zrHiUMM~c^@|n>Anw$ATo1KZaBtpnUW(%1UsJI zmGEVYop^%GEr%yWOWaByQhc#zU@5AqlIzg~_0*o`s-n ze~uU;a2WXv?D-Mm%39^2yY+Uj$ngwrbO|y3lSKU$nClOu#3oXjUvQo_)tU#Ki6t~? zl8)65J_$#B4{=V9DPs^VZ*2aOg#qt&PQ*Y^Yg62U2BYd16E=xQJOY9|8%XSC*u?;e z`6INE7-f(pmzbrH34;Oc+=(Qt%q~k7mq1*s8&k3_NplR;l8Kii4yTDdN;YfGw`C`AB9c{M%fkR_bt`iSrC^{K zM!^VEH3K;mwQ3*nTZt-39T(V<)`;My1Q7wSswT2}a*&qkO3gw5u~n?X7N7x@tiKlD zGAe=`n54?106ipeP%Ro7O$Y~;XSPJRsWLz-U!?7uI5UoNSaydXEUFlrW4Vi~RBSd| z(5h}($QN;Atl$b_u{>8O_sPQ&K&occZ+$qpSrYqve6d6xTJI|8_1T}pxW~HUx*0BA z{P^Nk%SB=bf{#n_VqGbVs#p!KJqk@Sk1eu3J^;n*lFbwQM~g3xNe=@d<^;L}iu|U1 z-mu$2`f4_!nhUwgz$^2l1h}=>6HS~}LJtEqfwI98#j-(pM)=%4GaCV#DMy082hKT) z2~<=F^g(3&SYUXFY`UCUe{CW8l|8Q+JQVOfPbgu8f*TG6?rnpxqH79BC2~}A$lS7F z-wzSkIyFpt7qyBJwW@Grm~37u8CDCeeyTuOCzKJEi*#m^u|W8UsQ~)9Snx`XdpAQzimxuo3%=q<`EnIcS+bph5J}>u*ZS_Pt zNBE5!R~O-0*Rf06PWrqn-hKM$%~5Y}-$8Od*<<6$Ky)ykD_$QYGPo2@ZEv&Dj zuXg(?@_}bI58341?kJCQXR*%N;T6w|!(_&J>ce{PRTbVs`RO2Aa+mhR-Ffhhhucvy zU;C!+8Ykn{55yp!yKV3;dxPC@WYkGtJ zw^ezUs_Dl;z-pWkux3XFA_p>bc673}RU7(s0N1Eq*C-GLm3H;%(B@5HFE~E|)Jpi0djD5W_JwG8WjvXV5JI7YITp&# z3LlF-_Fy`1weOTJpF_f*zinT}p*QC?0Je?VX?*))UcZekr?BEgN}pn&B@^(DgMz4M zf@Y*>YqK4ZAr~(c8;l0k)q!P1B+e9*#6jBQ%EY9kiMwlM(gNbHSy;2K?~%D; zbIghsbPk^43IVcPS4%EmoMWCF5AIo`3A4>dDffTuV3b>SEiT(WkZR^)7h} ze*R|8gDH(Kswmvu&F6(jOZV-0X5;O4XJzf#_!glm54t*!cmKGpY485^(Y;=M9Tx2P z!jT=j($+No!lG8kYi%_Oy}o<{oj^0!H2CdTN|ypCClm@L@mi|LHY!7e4dq-S%2|0Q z)xa#L+AN7aOaq?M{w%55tOf(wBsJOhu4$;aUbQd>({x?5D)rN(j|WHQ^w^cJZtAZH z&h0qXr10^FMpryXiVQAm5u{gq@6O0A5^v~dKD2n!gV*;Pvd?{R?VvuZ)>XM`vwp&> zyS=E~C_HWAbD>d@zAl!2?!Pxin_vsQ?54~R`Jy(qFd1)*w#78Po~O%u&gpI(>Xs?( zy3j!*-fLHymi0WFaE{B`@>2O?I&(d-#Di4W9nz<5M3c7Kv*mhrW`yRx^@I+cYBJee zu=TF)n4iW;FMnFZR3aal>%+s z>~+I88gCfK>&Bbb7csS_w$zPm(NQyrl*n^lo^kZ@>0aj6{Gs3~LbhfJ5&TzMW=d82 zDeX6u+Me(F9qN$->AJcms^D*rD6k%VIP#-y${2nFl&|#tPzT4PS}o;v*P>qHtD|1H zckXwbX(HJOpOL6Abl|r)#&n9(hYxXIZEnICRqzMxCMO+sEW_Egj4) zCNW;tI%tToEb2bqX(|xy@|u!LWBC$F(R3HLq?qqNBns8S84uJ&Qz#w_?VrLX%9wMy zJLO#8iX5Ox9_B6zy)euj;g)rDFzg~*IZ@r;lBVi3Giyr7I9df5TCj30czIsE%EgO( zafVuIV*3I!0uCO4++@5BkJy7Zb4`wGa|7aIfs1fYgkiXf`2HFA70AbzuQ1JzZ*BOD z?6pMjerLH=oSXEO+s8*u`h$-?KLTV>)akK|NuyOeQodEvjQw?&QZ1^m`3O8b-HdrN zi<`~j>*JMA`%b(l*mwzM=ClWQ>Z!;hA6jJHTAscYK9}bG^NE(;o>>ClR@e4H^ z>I~HNo3|^^yQ{PG>)XaGkgBR(LAIXr!=E^H(CK!CYuo3pcQj9{`QAn?*%C1fT%Kf| zoZHFU*Xx(JOxqEX+2oGQL|GABzm}>*9m?R@D~*JNpWr+96<(0&_Q^}zLGiitVaADM zR6)q>4TiHTj)crecegwWA)1O~*@K~G^sI>DkUb9Q3`BQk;hJUb6g>(v`grHGx){Xu z0w)q*sd8z(Og`gk5;FP>J+n-p+l347!>4xLro}!S%ee3{`CQ<&uHJtvslv?aY9v78 zwZuh$&h}>*z?J`sw+a6P{9dsP^L{4t#CuydgJx$Cj|)P|;GvY>=x4((;dNu|M3MhW z2Kr1f2lIRgAbCNi6TLr(w=s=6eygBA^g7FlU&r_F6x$CX@O*-ld%O7pPA-FR2`^h~q#(@M!BzHT7x@*|e5PNs`4Pt^ zua;c3z=4XAn+02Zc}27{araB?^@;&&S~AtQ5tK?&*-37Br~87E?UcOeP;rAtoV^bO z%BBa0WqNx?GR0THu_No6n!?1z4xFDi4w<>wSePAJJH{uqIWvcO1ZNRa(Qa9(T~D3R znus&&Hc(0g0~I+k$IqR>hNWRqWd?_VYE5jwAnClw~1aLV~?H#lOC&Zmm*`5=0VneyoOc_$C$(Japk2ulSXH?={lSeFS>)x2mqWgFGJ z^8|7qEn<)62C>}CLr@et9#am&cG@4s0>XUCi_VdG%u<1_Kn5?UDeXZjs?@&jnS8xm zL5l&lG-_&H21CyVE-z28Yr(AX>UeMT6>F)oss@x%kHwgfmK9WmoYfCTjj2uDU-ABs zNl&nFLwRy4L>fuj?J6I!2WqG%9nbA*Cqm+4f3S9Tdpz1C?P6b)tq$O^yg|%)tA1L@ z?=w$*cBJm7_xkkoI`ry09QWLN)&w=!f5vv=eN4Dn^HkYGzxYCmX219{?{Ikc4l#Jm zcJaj}X;t^c?fC>-F8({Q7%aZl{l-j&zAzX)U)4b>Muig__#&GrdY+|0P>a*8vNJ=Q zHq6uVehZO|%57s|6ubFSGL*~~dT*zY9p&4P6HCa6x#Wq?)=d;|k6TpEAAR9mWU|&gZnuhHFn_Bkm8P-}|7)Sy9K8o|RI~&Z0S4 z8*vwg$C6+%<~ugJDQqDtJQp-!kJlSflGzY`l8AIZcWu*_I)gu6M-A$3y#v?1lQ9AF zzIA30+Wf*u%@6kzr0=?z3z=pLG6Y z(LDb&mJO@Ma2H(WS{NpGWAnMpH55mw1E7;G@c@J=QzSx{coak7KIJ^Lir}KW@*}+y zkI5er0{lTB7KnK#fV4X+9&>Li0Q`Cp6eO)lDxfr))5+_^SZ@rfBITc9>a6CLKPkEa zOwt~I@XeJ!)aHkI7pIpQzPc+vr0w;?cdncO*GsK?IPxu6-a$a4{!DWH@I%>0_*Zbr z_wyf)!Z>u#P`K{7u!*_3>MMNaf#vHDod&ShY3gj)s_L7n{^LW&KRh2p`ESPu>w2n~ z)1!?8wINyYMj_kkYSx|+A>9|H5n_xlharq0YH? z&Sw_(Ot$!dL)AF%f;n9c5Et?}T?I|GyfikzMQ!C?{5NAErwmOPa*{*bK%_xE}CIfAR;E8iyG5BU3HC8qmguBDe=XVD90ec=_%rA$U`}}j%qg+}e$4>PN8CeV+N9Plb-RR=$9Frh#_hvRN^Jkxlii~8RfFr)+&Motx)1ncfN#5z8uw2TKUmeT< z6>weA1fQYZy?Efk_K$cG7e(iFqAmr|k~D;d)>y(zhVOk7_vV>xgAb3_9<* zTH44MjKbs|oG#F+c!Sf;s7FvsSHqx?Es4Yfjj-%j#2&2~u*XMH&5grU02fPJhzITj z3~%MRU4z0Y4scAuDtT<#vY?e04}Z_E_0|xi!H=AxzCF$O{-r4%nR{~2*Y?50|MxhfRbh_0Fs><-6i-0lm(`L z*|y}x1n}kEC^?pM#_7oJ)=vSY()X8uf+}arG7DAmOF*H*|0SSMNB+G-)h1)|$T%I(MAP7kkaz&xxLWHE(SY?KdB z>o0W3lR+P^vmh+SDpYum;$s}IYnu(U-lZm@KbU6OO>*yLUJG~u3AAYz4x@03(b6p9UTn$J=8R1IqNx7(Z7JvZN$vDo2xSwrr0!8% z;pufIbV6f2=0-BNGUakC3iT-V*)4k#tC1T_J#Md|8HlYiEGBKQ(vTfykubf)J@&C6n8E23EcJL; zDh%bI1A6OTJDi_n2IbXfYDNI>=1NIBHQX|W>~O~Kg9jXNlI)p-cIa0ao<)o$jK+WB zyYzXOndbv~t%iQ2H!QmTc zW~*4ruGXWVvUiF5Q5Rx_hJSJ&I!I4K$5nU%jzT!hEy9@X?^+LhYOzcGkG?{QF$=7#@jl`H6$O!X~8f|7+itOb8xY{q|c z1!k3xGt1jR%5EdGRR~6ij`mM+2$MRtX4=o4ceO_^%UyD0VfLvClF2U5?RR8xy48a1 z@Tv-WH>SvnLPFpk69kbCT%yemW+}9T5dj-%SVO`b)vYwe4kpRJgMoq@X*gxb93>!) z$j$*PrBOohG?sIE+Pr2MfNOIXqZhow1G2c~!sW%aYV&3jymC5mYS-4$glp4OKd>_* zH|jY$Mm-F!xfJw`JD20a;gTL_Toxl~XlZrxLLj<8hSS`?G`QSNwOC}oTNd+vd-0Z` zBWuTVqMke2rd`^}RZRVe@47|&GO~{v^6r`5$PEryF%C}w^rMv%HwkuJ95FsE>KZQj zBuvL{jV71eLx;}+OgM3_;Vo*2OomYD6m|Bx19m75`OO5p0_XE|$@v&hdwAVe`!@di z9zj$nQ3bq>l9V3oBFYLQ#cpWN5xc~fB-K= zv#9%`si3P<))B+4?NbT&(Ui-)r_Dh%Vb{>ffw!&vNJ_vVHP5qMk}ogwJHkgMYL%nk zU1-hkzpu4oe3Kwn)$g2&AvtzVzzJe%@ZTT#BEc;>ue{AsSB+%b9N1wh&lo+q-Yjmb z670NgRFCX8J8Gut?G&x*C#G_Ek!=q zwVY29p;`p-$f6-sK26C2!JsP!-WOR9c;M49U!RJzMcS!%M@nomea)47PikHh-}P#* zfgf>Dz;%&ePSf&gk@HnmuXsz(Ef2W+z2Kw6Sr=mx#QvXX~(B zhVjB+a8vXiMZzTZhV|BAN(!u{o9gLk%2NGp5Foso zK!r1tCS%tx5rb0EwS-Ji0~urF9j7BO(O(`i>!VaL2~t?8O1-eTv7- zYl>(5nA3rZgJ`!7^=+pewV>%j1)+aH6E*|{khB+=>D{s%0lWCZx)F1UG5K8whqmY@|x@cTW9tbPy+dMvQ)`tx0 zp58P+L=e8>)gS`FvAUni0u0qD3$fRG?%ZUdkxEinu(BG*V_a zI7R;mH6Agg>R}SlX~0aBvuhsE4LuJNm{fx~A~QQRR+IOIO^FFaWfq}ZVissXXBJ^Z z1K&I-u7!iz4jR{4g#{^KWow`C&`4#LkOkgSttuIC>EVP;ysQ>X8!?BWSSVDh!%j+EJ zfczszlQe|?cAry3U$1s~q4y(hQv!cJ;au{U@n&RWKk%0z>&D6%vT_piw>Mba8al?8gXucn&r zSvKu>9BKi^lD!W`#GY^rB%eSZr*875tp1?f*er^x>4;N5S!h8N9pRx{p6nf@bo}XcD#q4=fHuG882xl z(AM@?h`~<>CSi_`osO3oUp{3-o=HWv=4&|RbIp8cRb=TQQz`adR=W3lW3)~y1Inoj z&t+$mOE(d*RtV=>HJdpZoGt3n>0+}^TOF&O=p$40Fq^@gC2f2z%9Gw+<+o15ZWM3) zE|R{_SHub#{>a-v5%)%C9313PW>X27^7Wbj)9?&}TPfXTa&HHbt~1uzno%`F#@>kiZh6?7NzY>}(l?kqsT9tyTT)8#JS zkc95sb+)IUjW-P#^-4!+XGRpVmFnn@+9F~fD#kWo0n3!Z6Tz?C2-(OKs3>BAI%TD@ z)M!$l;*K0~El+*EeX)pSnRT+7?#>(BG-@6&F7r$x*@Rf$0&vY4|_ z`G^|cOquGnymSt3aDz;LbF`qxWEXnUHw!f9x5tGX_U<(n#1MXuV=N|99?;=1WLpMb zLm#Y%ecUz;L!BLnsj(_rl@?W{VHPguL>!m0DpY-(otipkCDWISFtfQ6eC&ZN8CKO6 zht?FDxgk$-naeewg4vj)#XM680# z&24im#@B}*qmS1LWpc&wFL6Q}VrlNhgzQ|DKdc*wQt$j$J+lud&=c7TN0gzeCT~1h z#wU<`d?fpkV#{PpA?^&ieU2V^lpD9gywPtAlF!tvqZHAbmXR7HzuhSL7gUA@L<*22 z)-}r~;4PhR^X|ngZDpCX7rZH4sJ4l|Q`)1cHo1)C`M^%WU5?l}Rk4+&ZK$FB?(&=5 zM%C^L0V48K?XnY5lW(P~@F`6AG-+so`OKSh(a5eyW^8iMQAAvxV`evou)38kBlH7r zIp`NzH=he%I zPhlpDlDu(h4g1|6d=$k$ePQo#F9eIYt(!+akf%AiWsO?uSF#f7Z_@ViHO%%7Urf8m z9drm>HLio{o3qYl!d7r zIDJgECx&1bd>@1NtoCV48#%L{T$eVy#4$JIvN$TwYi{Lji`-|(KiJ`06-rjh=bb_t ze2$h*SuKmWG~O;#1o7Hl;5;X@*x(ISQXo3>5fB_q{7^{V>9Vrg%c!@39`p-v*Mu?> zf)8sKrH6b}%MKP(VXZ0b4TMoCSV6nv^p`%%u~*;a4ZFA-F3Kczsa@YaVw7BIN6j{9 z7<{h-$4HH|wlmD}~QHyMz|V znrot=9r9o*SnA5v!zGdfmR2FF9`^{6<3dolGSmalT6ss)>m4`}_Mwj^U zwuv@`@xrE_hpozQe{vrkRxT>f-X6Ab*NRW5uk8@tI<~Tj-;ld2I}SB8e(P@5QNPkQ zb&sW-#3>vpqrW679_iY#uqhDR>#>X%JBSi0d%XG_dfk$&bVqX%h7{D|O9qYqkvx_T3bgsrfQXq05#s3CrLg?)oELjw?qP% zipfJJpnIrH8EeJ-nM0Z~C(ah-OgIpHDrZq3!^)_a+ybn7YJsJ}SdYXecI}~i#Us=t ziXy<}?19r1bHdbLs$js`wsk*yi{C)brf$AzT;rM{?tJ3bPOg(A+~c`&YNZXPbxtae zp>4F%Y@NU-?S!do@UI(8M(sN}y0NOo(M>?Gh+!|w6`)uc1D0N&x@OBwlneA|@?qNJ zvpzMf-(QKAoauT0l76VrTL!A^T$o-v1#60Az5a|nIk;0e5}L5pgMJrg%&9!;@{~0^ zNRnYUX->cS8AwkVJj^)L3S{TCpfzgEAJnb|{lGWu)CUJn>7cmS_+dDThTAGXJ^lMx z4AOnx=a4(@)(h4nFijm;wYSc8PE9mV;FQmT-0-b&X_8pHg6D)7gtX4Jc{GNpG|=jt zu#Wn#h|$NLTl2%ug3L#^m)Y@qlz%f5to zY1timgrIY(Q=bs8VsQ-(IiYYR<%*a^VUCd6x|Xch!@RQYVW5T4CfRaW8uj3}5R zfrr?CFBQ(Q5};Slero`l_JpWGpFllr{$a@ZSk3XSuF({vaZg}hVOVZ(hd8zN!%pYN z?z#jJ74k1wQf4=`pu$4T-b9rfGiB#flum)p}jY8m@9zu$SQ^LtvX*{ z!%-i1)azqE*S{)@ z;nsEia6o~8vH_an|GjU|#MZ`1N#DTA_~*X8T~%${WqOoP*$r<9dmWMSLD6~NER2QA z8gBFpm+QrGYWAatSPP$@v{xVl5h(>1RAzAe;tZb_c{4m6Tbez#sojVr6e)uAy~28Y zL!|bV#)7tbjl90WgId=NF~s}B^rB90&Fvk?qK^s?1Wp5wp?iF-*Jo!d!V!v{*bgxL zL@7y_Qy&v%2pVmHW?$h=GZHU#iG}_amBW6(ReRX zj{_m4w*+!e2;9{O^En0wnk}bK&;qG9MRY8PKw|SKk7-tb!V9TcvUdn>Y+udXVECDT zcMHUEM1`dcr}~(@baqa|mBF8Yd*bHMGKOipsg8f>I8%EUk`Z4nuO8i8l zDpPf62}=NN7$@2@f=71WZQf9Ce2A(xf9NGlmc$Yz4^%axBHROC3`DlWgdnbqsBb^E z9pQrYl3FN|8ESe%1P;Z37(EQhc)WHHji;ukr9QY3aDO72*1izSu>2HR9G*?s^$CyE z1@dL|c$-Hwor?yv?q*=@TO192zM}A*n!!nhUNy>CY(rgujzZ;%aahAJiukf;vXndp zqE~)>%Tjr;^48nb4zyJ{hdt?cEF=>Rimh2UP27`Gz7yC>{F2ILf0@Bhztk4c_VpVU zed>E&bNg3AWT8wp2XgGPlJB;omgwBK-5@9YP994;&vm(TAePDf9 zwGzbOl!)0)%spy|4$*-==ItW@P2CUw)MT_aGA42V;1$xzhoS2R*xbX7^;ginHSmIx z^oFK~@cY}K+|*nDSQHM#v|a3nC%Yvq4d^A-a6E!>A(|m0zqW%y<~KPq-|?|{j3fB;GU-+m(Ev}HfjqXeBxKf@Q?Rn(*k zL-qqA+jwm1R|#e zT{_Qn+1?IMC%zd&(d|&FCqikr%gMzj*&^QjrKV=tR~VA^2k{<~jfv4`Gb9Pz4gT)c zA*ux1ssjO321&&3`Pymk2A=_z!YxL%$n(JK;0C(a=wD1JMvP| z8t*il<3Xhl((7W>Fxe?i(>grPjp(RH9h79SO1pfdbPwQV#}z-8T2!;gP@{4SgmM^B z@C5NXtlYtGE+#$o4X%QGw5}fvE7fb6UT+bZnX??^%cX2YosflRq(k0pP6T`Tpn03K zImhA1eiyDSj=(neBW2^%qo+q^{*AEB4CT}EG@1(KyV%Hldz1lt_D;0{RdHtVyziBO zYsjx_Qg3Slfd@Z5hhtQ|^I z{VpJ87r?Lxe`i>IJG-Al|NrOLKl*8gVzu~Av{8a@7xaKyl)=IO!I4j-M>pT(M|Ut6H;q_-D(^->^d*Llca?TN!UX2&dxnaF zkQLoqUO`j0ORXCYH@djrbbG)S&n>=gN0_M&V_NV@J>z$M`P_cQJRUkYoo2($a%V=4 zKr6byAR1ObS3z*SYqstW`~|@00TO7k_KqN!m301(endJk+vyN78mjT}KO|Db2I?3v zYFr3B)=Ns{J;T6LlK0et6!LANbkdm*=Kd)xYbQZf%rz~S@f#$?V;90u^p zG*`IvYx*=&*hg!7I=L7O@J;RBQ!=nfA@yP+b;{%{) z{ADep>tJl<_?OKL?a!b8zn}ckPa-C3!vKasV4E+S>)mFy8LM(5h{ci=PFxajtyrSs zQih{y7UmnB`$bev-^oMYp5)s)0)@31>Wj^CN-g9taAA36z`UPcEI`Bh2fArdroZB1 zepx#Z_3Z1HfV?)UQ)i{zBpdmS?}rYXI_v zvo#?5f6F(wox{2VP;hKO!Eye=0^ZQZ|AhaM`QM5BYe5(xrtOyi&9e;m#|q&uVyIJp zQZli%b+WN_`eT2|?-lW|xeW;b)II}HlAp)H{Pld8{S$9&WAs15!}rI|836EWz!7T* ze_;V{)AN7A&5ZSpj2(ViXZ@b}Lr)1f{lB8=m;Qlf{I^E@%-OB*@93zNzg7Kz$U8r@ zB7YFja7X~g`De*b*8YM1*Sw2QAqf7x-dkJ$C^^%=m3*9HMeE;7&cFMQy#Iy`(gX z{z+nV4)_oD{Tm6!zexPm_kKT3@2`S@p@RHD;`g)le*gTxA4T*R2^gF|N&Nj_qTk{F zw3+-13;k9bno&Yw-_DyWjD@ZwUJf zAHnyZR`}oB!+r<Mt}9(0g?d zp#NHA{SN=9ko$M|7tO!H{}g$DNB>h0_&a(^=kH(e-^2nr$@hSDA`lQJ;GZ<$ZC(#B H5&``$whfL( literal 0 HcmV?d00001 From 41a14304d7e0cfcb8afa82ee8735f0bd6763e415 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 2 Dec 2020 12:00:42 -0500 Subject: [PATCH 341/399] draft-ietf-tls-certificate-compression is now RFC 8879. Change-Id: I55ef8c4987c1205de9eb16243ffd4efc6aa1c5bd Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44344 Reviewed-by: Adam Langley Commit-Queue: Adam Langley --- include/openssl/ssl.h | 12 +++++------- include/openssl/tls1.h | 5 ++--- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 68d0b08715..d22c1e2638 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2823,13 +2823,11 @@ OPENSSL_EXPORT int SSL_has_application_settings(const SSL *ssl); // Certificate compression. // -// Certificates in TLS 1.3 can be compressed[1]. BoringSSL supports this as both -// a client and a server, but does not link against any specific compression -// libraries in order to keep dependencies to a minimum. Instead, hooks for -// compression and decompression can be installed in an |SSL_CTX| to enable -// support. -// -// [1] https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03. +// Certificates in TLS 1.3 can be compressed (RFC 8879). BoringSSL supports this +// as both a client and a server, but does not link against any specific +// compression libraries in order to keep dependencies to a minimum. Instead, +// hooks for compression and decompression can be installed in an |SSL_CTX| to +// enable support. // ssl_cert_compression_func_t is a pointer to a function that performs // compression. It must write the compressed representation of |in| to |out|, diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 1514eca866..0ab10c9a4d 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -211,8 +211,7 @@ extern "C" { // shouldn't be a problem in practice. #define TLSEXT_TYPE_quic_transport_parameters 0xffa5 -// ExtensionType value assigned to -// https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03 +// ExtensionType value from RFC8879 #define TLSEXT_TYPE_cert_compression 27 // ExtensionType value from RFC4507 @@ -271,7 +270,7 @@ extern "C" { #define TLSEXT_hash_sha384 5 #define TLSEXT_hash_sha512 6 -// From https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03#section-3 +// From https://www.rfc-editor.org/rfc/rfc8879.html#section-3 #define TLSEXT_cert_compression_zlib 1 #define TLSEXT_cert_compression_brotli 2 From 3094902fcdc2db2cc832fa854b9a6a8be383926c Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 2 Dec 2020 15:40:47 -0500 Subject: [PATCH 342/399] Get closer to Ed25519 boundary conditions. If I perturb kOrder in the malleability check, our and Wycheproof's tests don't easily notice. This adds some tests with s above and below the order. EdDSA hashes the public key with the message, which frustrates constructing actual boundary cases. Instead, these inputs were found by generating many signatures. This isn't ideal, but it is sensitive to the most significant 32 bits. Change-Id: I7fc03758ab97650d0e94478f355ea7085ae0559a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44346 Commit-Queue: David Benjamin Commit-Queue: Adam Langley Reviewed-by: Adam Langley --- crypto/curve25519/ed25519_test.cc | 42 +++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/crypto/curve25519/ed25519_test.cc b/crypto/curve25519/ed25519_test.cc index 4f34675b81..d56abe686c 100644 --- a/crypto/curve25519/ed25519_test.cc +++ b/crypto/curve25519/ed25519_test.cc @@ -64,6 +64,48 @@ TEST(Ed25519Test, Malleability) { }; EXPECT_FALSE(ED25519_verify(kMsg, sizeof(kMsg), kSig, kPub)); + + // The following inputs try to exercise the boundaries of the order check, + // where s is near the order above and below. EdDSA hashes the public key with + // the message, which frustrates constructing actual boundary cases. Instead, + // these inputs were found by randomly generating signatures. kSigValid had + // the highest s value. kSigInvalid had the lowest s value, and then the order + // was added. + // + // This isn't ideal, but it is sensitive to the most significant 32 bits. + // + // The private key seed for kPub2 is + // a59a4130fcfd293c9737db8f14177ce034305cf34bdc4346f24b4d262e07b5c2. + static const uint8_t kPub2[] = { + 0x10, 0x0f, 0xdf, 0x47, 0xfb, 0x94, 0xf1, 0x53, 0x6a, 0x4f, 0x7c, + 0x3f, 0xda, 0x27, 0x38, 0x3f, 0xa0, 0x33, 0x75, 0xa8, 0xf5, 0x27, + 0xc5, 0x37, 0xe6, 0xf1, 0x70, 0x3c, 0x47, 0xf9, 0x4f, 0x86}; + static const uint8_t kMsgValid[] = { + 0x12, 0x4e, 0x58, 0x3f, 0x8b, 0x8e, 0xca, 0x58, 0xbb, 0x29, 0xc2, + 0x71, 0xb4, 0x1d, 0x36, 0x98, 0x6b, 0xbc, 0x45, 0x54, 0x1f, 0x8e, + 0x51, 0xf9, 0xcb, 0x01, 0x33, 0xec, 0xa4, 0x47, 0x60, 0x1e}; + static const uint8_t kSigValid[] = { + 0xda, 0xc1, 0x19, 0xd6, 0xca, 0x87, 0xfc, 0x59, 0xae, 0x61, 0x1c, + 0x15, 0x70, 0x48, 0xf4, 0xd4, 0xfc, 0x93, 0x2a, 0x14, 0x9d, 0xbe, + 0x20, 0xec, 0x6e, 0xff, 0xd1, 0x43, 0x6a, 0xbf, 0x83, 0xea, 0x05, + 0xc7, 0xdf, 0x0f, 0xef, 0x06, 0x14, 0x72, 0x41, 0x25, 0x91, 0x13, + 0x90, 0x9b, 0xc7, 0x1b, 0xd3, 0xc5, 0x3b, 0xa4, 0x46, 0x4f, 0xfc, + 0xad, 0x3c, 0x09, 0x68, 0xf2, 0xff, 0xff, 0xff, 0x0f}; + static const uint8_t kMsgInvalid[] = { + 0x6a, 0x0b, 0xc2, 0xb0, 0x05, 0x7c, 0xed, 0xfc, 0x0f, 0xa2, 0xe3, + 0xf7, 0xf7, 0xd3, 0x92, 0x79, 0xb3, 0x0f, 0x45, 0x4a, 0x69, 0xdf, + 0xd1, 0x11, 0x7c, 0x75, 0x8d, 0x86, 0xb1, 0x9d, 0x85, 0xe0}; + static const uint8_t kSigInvalid[] = { + 0x09, 0x71, 0xf8, 0x6d, 0x2c, 0x9c, 0x78, 0x58, 0x25, 0x24, 0xa1, + 0x03, 0xcb, 0x9c, 0xf9, 0x49, 0x52, 0x2a, 0xe5, 0x28, 0xf8, 0x05, + 0x4d, 0xc2, 0x01, 0x07, 0xd9, 0x99, 0xbe, 0x67, 0x3f, 0xf4, 0xe2, + 0x5e, 0xbf, 0x2f, 0x29, 0x28, 0x76, 0x6b, 0x12, 0x48, 0xbe, 0xc6, + 0xe9, 0x16, 0x97, 0x77, 0x5f, 0x84, 0x46, 0x63, 0x9e, 0xde, 0x46, + 0xad, 0x4d, 0xf4, 0x05, 0x30, 0x00, 0x00, 0x00, 0x10}; + + EXPECT_TRUE(ED25519_verify(kMsgValid, sizeof(kMsgValid), kSigValid, kPub2)); + EXPECT_FALSE( + ED25519_verify(kMsgInvalid, sizeof(kMsgInvalid), kSigInvalid, kPub2)); } TEST(Ed25519Test, KeypairFromSeed) { From e1f08cb97080f2f71fe7f71269355f39237e5571 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 3 Dec 2020 16:03:50 -0800 Subject: [PATCH 343/399] AES: Tell clippy to allow a pattern we can't avoid w/o increasing MSRV. --- src/aead/aes.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/aead/aes.rs b/src/aead/aes.rs index 5f474c6698..5028e242c2 100644 --- a/src/aead/aes.rs +++ b/src/aead/aes.rs @@ -300,6 +300,10 @@ impl Key { out } + // TODO: use `matches!` when MSRV increases to 1.42.0 and remove this + // `#[allow(...)]` + #[allow(clippy::unknown_clippy_lints)] + #[allow(clippy::match_like_matches_macro)] #[cfg(target_arch = "x86_64")] #[must_use] pub fn is_aes_hw(&self) -> bool { From 3d14e19f08a49b38c9ef05433c89d6afaea7a731 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 3 Dec 2020 16:04:51 -0800 Subject: [PATCH 344/399] Minimize the scope in which we allow "useless" conversions. --- src/arithmetic/bigint.rs | 5 +++++ src/lib.rs | 1 - 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/arithmetic/bigint.rs b/src/arithmetic/bigint.rs index d5e4b4d84c..10c5130399 100644 --- a/src/arithmetic/bigint.rs +++ b/src/arithmetic/bigint.rs @@ -263,6 +263,11 @@ impl Modulus { // n_mod_r = n % r. As explained in the documentation for `n0`, this is // done by taking the lowest `N0_LIMBS_USED` limbs of `n`. + // + // TODO: When we stop requiring clippy 1.37.0 to accept the code, clean + // up these `#[allow(...)]`s. + #[allow(renamed_and_removed_lints, clippy::unknown_clippy_lints)] + #[allow(clippy::identity_conversion, clippy::useless_conversion)] let n0 = { extern "C" { fn GFp_bn_neg_inv_mod_r_u64(n: u64) -> u64; diff --git a/src/lib.rs b/src/lib.rs index 86a609960e..48a22672e0 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -48,7 +48,6 @@ #![doc(html_root_url = "https://briansmith.org/rustdoc/")] #![allow( clippy::collapsible_if, - clippy::identity_conversion, clippy::identity_op, clippy::len_without_is_empty, clippy::len_zero, From a2fec64d1002c164987a074f2c5652c7a04bb10c Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 3 Dec 2020 16:05:45 -0800 Subject: [PATCH 345/399] AEAD tests: Use `Vec::resize()` to make Clippy happy. --- tests/aead_tests.rs | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tests/aead_tests.rs b/tests/aead_tests.rs index 7289ec70db..ccc52ff42b 100644 --- a/tests/aead_tests.rs +++ b/tests/aead_tests.rs @@ -219,11 +219,9 @@ fn test_aead( }; let mut o_in_out = vec![123u8; 4096]; - for in_prefix_len in in_prefix_lengths.iter() { + for &in_prefix_len in in_prefix_lengths.iter() { o_in_out.truncate(0); - for _ in 0..*in_prefix_len { - o_in_out.push(123); - } + o_in_out.resize(in_prefix_len, 123); o_in_out.extend_from_slice(&ct[..]); let nonce = aead::Nonce::try_assume_unique_for_key(&nonce_bytes).unwrap(); @@ -233,7 +231,7 @@ fn test_aead( nonce, aead::Aad::from(&aad[..]), &mut o_in_out, - *in_prefix_len.., + in_prefix_len.., ); match error { None => { From d58e2dadde3dcc58679af7c2ca0f7c0505be6e15 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 3 Dec 2020 16:06:25 -0800 Subject: [PATCH 346/399] Agreement tests: Make clippy happy about an assertion. --- tests/agreement_tests.rs | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tests/agreement_tests.rs b/tests/agreement_tests.rs index 0cd06f3a37..fcdcbb72b5 100644 --- a/tests/agreement_tests.rs +++ b/tests/agreement_tests.rs @@ -77,7 +77,6 @@ fn agreement_traits() { ); } -#[allow(clippy::block_in_if_condition_stmt)] #[test] fn agreement_agree_ephemeral() { let rng = rand::SystemRandom::new(); @@ -106,13 +105,12 @@ fn agreement_agree_ephemeral() { assert_eq!(my_private.algorithm(), alg); - assert!( + let result = agreement::agree_ephemeral(my_private, &peer_public, (), |key_material| { assert_eq!(key_material, &output[..]); Ok(()) - }) - .is_ok() - ); + }); + assert_eq!(result, Ok(())); } Some(_) => { From d57c8d56a20f84616a07b9f9c99673403f91ea71 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 3 Dec 2020 16:06:58 -0800 Subject: [PATCH 347/399] Signature tests: Remove redundant clones found by Clippy. --- tests/ecdsa_tests.rs | 2 +- tests/ed25519_tests.rs | 7 ++----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/tests/ecdsa_tests.rs b/tests/ecdsa_tests.rs index 4e47aadb73..6a935d0ef4 100644 --- a/tests/ecdsa_tests.rs +++ b/tests/ecdsa_tests.rs @@ -86,7 +86,7 @@ fn ecdsa_from_pkcs8_test() { match ( signature::EcdsaKeyPair::from_pkcs8(this_asn1, &input), - error.clone(), + error, ) { (Ok(_), None) => (), (Err(e), None) => panic!("Failed with error \"{}\", but expected to succeed", e), diff --git a/tests/ed25519_tests.rs b/tests/ed25519_tests.rs index 8e0b31ba4e..ff97497b19 100644 --- a/tests/ed25519_tests.rs +++ b/tests/ed25519_tests.rs @@ -114,10 +114,7 @@ fn test_ed25519_from_pkcs8_unchecked() { let input = test_case.consume_bytes("Input"); let error = test_case.consume_optional_string("Error"); - match ( - Ed25519KeyPair::from_pkcs8_maybe_unchecked(&input), - error.clone(), - ) { + match (Ed25519KeyPair::from_pkcs8_maybe_unchecked(&input), error) { (Ok(_), None) => (), (Err(e), None) => panic!("Failed with error \"{}\", but expected to succeed", e), (Ok(_), Some(e)) => panic!("Succeeded, but expected error \"{}\"", e), @@ -139,7 +136,7 @@ fn test_ed25519_from_pkcs8() { let input = test_case.consume_bytes("Input"); let error = test_case.consume_optional_string("Error"); - match (Ed25519KeyPair::from_pkcs8(&input), error.clone()) { + match (Ed25519KeyPair::from_pkcs8(&input), error) { (Ok(_), None) => (), (Err(e), None) => panic!("Failed with error \"{}\", but expected to succeed", e), (Ok(_), Some(e)) => panic!("Succeeded, but expected error \"{}\"", e), From 1cfafdcab7041e67c583f5ef4dae3ea97a56a6a4 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 3 Dec 2020 16:07:45 -0800 Subject: [PATCH 348/399] ECDSA tests: Tell clippy to allow an intetionally redundant clone. --- tests/ecdsa_tests.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ecdsa_tests.rs b/tests/ecdsa_tests.rs index 6a935d0ef4..4cd9ef4eac 100644 --- a/tests/ecdsa_tests.rs +++ b/tests/ecdsa_tests.rs @@ -209,7 +209,7 @@ fn ecdsa_test_public_key_coverage() { assert_eq!(key_pair.public_key().as_ref(), PUBLIC_KEY); // Test `Clone`. - #[allow(clippy::clone_on_copy)] + #[allow(clippy::clone_on_copy, clippy::redundant_clone)] let _: ::PublicKey = key_pair.public_key().clone(); // Test `Copy`. From b9d7d089d98bf63a7b7400d00f46db7f10f7a8b5 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 3 Dec 2020 16:09:20 -0800 Subject: [PATCH 349/399] Remove `#![forbid(warnings)]`; reply on Clippy in CI/CD instead. The newest Rust Nightly is getting stricter about `forbid(warnings)` which breaks the build. Use "deny" instead of "forbid". And only deny when running Clippy in CI/CD, so that when hacking on *ring* we don't have to deal with warnings right away; we now only have to deal with them when we're ready to submit a change to be merged. --- build.rs | 18 ------------------ src/lib.rs | 11 +---------- tests/aead_tests.rs | 17 ----------------- tests/agreement_tests.rs | 18 ------------------ tests/digest_tests.rs | 18 ------------------ tests/ecdsa_tests.rs | 18 ------------------ tests/ed25519_tests.rs | 18 ------------------ tests/hkdf_tests.rs | 17 ----------------- tests/hmac_tests.rs | 18 ------------------ tests/pbkdf2_tests.rs | 18 ------------------ tests/quic_tests.rs | 18 ------------------ tests/rsa_tests.rs | 18 ------------------ 12 files changed, 1 insertion(+), 206 deletions(-) diff --git a/build.rs b/build.rs index 9ca8d86699..f2db9a8415 100644 --- a/build.rs +++ b/build.rs @@ -19,24 +19,6 @@ // another for the concrete logging implementation). Instead we use `eprintln!` // to log everything to stderr. -#![forbid( - anonymous_parameters, - box_pointers, - missing_copy_implementations, - missing_debug_implementations, - missing_docs, - trivial_casts, - trivial_numeric_casts, - unsafe_code, - unstable_features, - unused_extern_crates, - unused_import_braces, - unused_qualifications, - unused_results, - variant_size_differences, - warnings -)] - // In the `pregenerate_asm_main()` case we don't want to access (Cargo) // environment variables at all, so avoid `use std::env` here. diff --git a/src/lib.rs b/src/lib.rs index 48a22672e0..f099fff03d 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -70,16 +70,7 @@ // `#[derive(...)]` uses `trivial_numeric_casts` and `unused_qualifications` // internally. #![deny(missing_docs, unused_qualifications, variant_size_differences)] -#![forbid( - anonymous_parameters, - trivial_casts, - trivial_numeric_casts, - unstable_features, - unused_extern_crates, - unused_import_braces, - unused_results, - warnings -)] +#![forbid(unused_results)] #![no_std] #[cfg(feature = "alloc")] diff --git a/tests/aead_tests.rs b/tests/aead_tests.rs index ccc52ff42b..75e0e9e92d 100644 --- a/tests/aead_tests.rs +++ b/tests/aead_tests.rs @@ -13,23 +13,6 @@ // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. #![cfg(any(not(target_arch = "wasm32"), feature = "wasm32_c"))] -#![forbid( - anonymous_parameters, - box_pointers, - missing_copy_implementations, - missing_debug_implementations, - missing_docs, - trivial_casts, - trivial_numeric_casts, - unsafe_code, - unstable_features, - unused_extern_crates, - unused_import_braces, - unused_qualifications, - unused_results, - variant_size_differences, - warnings -)] #[cfg(target_arch = "wasm32")] use wasm_bindgen_test::{wasm_bindgen_test, wasm_bindgen_test_configure}; diff --git a/tests/agreement_tests.rs b/tests/agreement_tests.rs index fcdcbb72b5..4162015378 100644 --- a/tests/agreement_tests.rs +++ b/tests/agreement_tests.rs @@ -12,24 +12,6 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -#![forbid( - anonymous_parameters, - box_pointers, - missing_copy_implementations, - missing_debug_implementations, - missing_docs, - trivial_casts, - trivial_numeric_casts, - unsafe_code, - unstable_features, - unused_extern_crates, - unused_import_braces, - unused_qualifications, - unused_results, - variant_size_differences, - warnings -)] - extern crate alloc; use ring::{agreement, error, rand, test, test_file}; diff --git a/tests/digest_tests.rs b/tests/digest_tests.rs index 1b16bb66e0..c275de7054 100644 --- a/tests/digest_tests.rs +++ b/tests/digest_tests.rs @@ -12,24 +12,6 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -#![forbid( - anonymous_parameters, - box_pointers, - missing_copy_implementations, - missing_debug_implementations, - missing_docs, - trivial_casts, - trivial_numeric_casts, - unsafe_code, - unstable_features, - unused_extern_crates, - unused_import_braces, - unused_qualifications, - unused_results, - variant_size_differences, - warnings -)] - use ring::{digest, test, test_file}; #[cfg(target_arch = "wasm32")] diff --git a/tests/ecdsa_tests.rs b/tests/ecdsa_tests.rs index 4cd9ef4eac..317fdbc938 100644 --- a/tests/ecdsa_tests.rs +++ b/tests/ecdsa_tests.rs @@ -12,24 +12,6 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -#![forbid( - anonymous_parameters, - box_pointers, - missing_copy_implementations, - missing_debug_implementations, - missing_docs, - trivial_casts, - trivial_numeric_casts, - unsafe_code, - unstable_features, - unused_extern_crates, - unused_import_braces, - unused_qualifications, - unused_results, - variant_size_differences, - warnings -)] - use ring::{ rand, signature::{self, KeyPair}, diff --git a/tests/ed25519_tests.rs b/tests/ed25519_tests.rs index ff97497b19..059ecdb044 100644 --- a/tests/ed25519_tests.rs +++ b/tests/ed25519_tests.rs @@ -12,24 +12,6 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -#![forbid( - anonymous_parameters, - box_pointers, - missing_copy_implementations, - missing_debug_implementations, - missing_docs, - trivial_casts, - trivial_numeric_casts, - unsafe_code, - unstable_features, - unused_extern_crates, - unused_import_braces, - unused_qualifications, - unused_results, - variant_size_differences, - warnings -)] - use ring::{ signature::{self, Ed25519KeyPair, KeyPair}, test, test_file, diff --git a/tests/hkdf_tests.rs b/tests/hkdf_tests.rs index e17968c456..88435a845e 100644 --- a/tests/hkdf_tests.rs +++ b/tests/hkdf_tests.rs @@ -12,23 +12,6 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -#![forbid( - anonymous_parameters, - box_pointers, - missing_copy_implementations, - missing_debug_implementations, - missing_docs, - trivial_casts, - trivial_numeric_casts, - unsafe_code, - unstable_features, - unused_extern_crates, - unused_import_braces, - unused_results, - variant_size_differences, - warnings -)] - use ring::{digest, error, hkdf, test, test_file}; #[cfg(target_arch = "wasm32")] diff --git a/tests/hmac_tests.rs b/tests/hmac_tests.rs index 9e01714eb6..486a90a530 100644 --- a/tests/hmac_tests.rs +++ b/tests/hmac_tests.rs @@ -12,24 +12,6 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -#![forbid( - anonymous_parameters, - box_pointers, - missing_copy_implementations, - missing_debug_implementations, - missing_docs, - trivial_casts, - trivial_numeric_casts, - unsafe_code, - unstable_features, - unused_extern_crates, - unused_import_braces, - unused_qualifications, - unused_results, - variant_size_differences, - warnings -)] - use ring::{digest, error, hmac, test, test_file}; #[cfg(target_arch = "wasm32")] diff --git a/tests/pbkdf2_tests.rs b/tests/pbkdf2_tests.rs index 0b0cf94b3b..13300fa46e 100644 --- a/tests/pbkdf2_tests.rs +++ b/tests/pbkdf2_tests.rs @@ -12,24 +12,6 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -#![forbid( - anonymous_parameters, - box_pointers, - missing_copy_implementations, - missing_debug_implementations, - missing_docs, - trivial_casts, - trivial_numeric_casts, - unsafe_code, - unstable_features, - unused_extern_crates, - unused_import_braces, - unused_qualifications, - unused_results, - variant_size_differences, - warnings -)] - use core::num::NonZeroU32; use ring::{digest, error, pbkdf2, test, test_file}; diff --git a/tests/quic_tests.rs b/tests/quic_tests.rs index 3e9689cd59..545d7a76fb 100644 --- a/tests/quic_tests.rs +++ b/tests/quic_tests.rs @@ -12,24 +12,6 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -#![forbid( - anonymous_parameters, - box_pointers, - missing_copy_implementations, - missing_debug_implementations, - missing_docs, - trivial_casts, - trivial_numeric_casts, - unsafe_code, - unstable_features, - unused_extern_crates, - unused_import_braces, - unused_qualifications, - unused_results, - variant_size_differences, - warnings -)] - use ring::{aead::quic, test, test_file}; #[test] diff --git a/tests/rsa_tests.rs b/tests/rsa_tests.rs index 03e062e29f..2b29b26150 100644 --- a/tests/rsa_tests.rs +++ b/tests/rsa_tests.rs @@ -12,24 +12,6 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -#![forbid( - anonymous_parameters, - box_pointers, - missing_copy_implementations, - missing_debug_implementations, - missing_docs, - trivial_casts, - trivial_numeric_casts, - unsafe_code, - unstable_features, - unused_extern_crates, - unused_import_braces, - unused_qualifications, - unused_results, - variant_size_differences, - warnings -)] - #[cfg(feature = "alloc")] use ring::{ error, From ad4f6c9153082ccb3da30cd8824563e71f2458d4 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 3 Dec 2020 16:13:15 -0800 Subject: [PATCH 350/399] CI/CD: Also lint with the stable channel's clippy. --- .github/workflows/ci.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f3625508f4..4623c6a3ba 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,16 +24,23 @@ jobs: runs-on: ubuntu-18.04 + strategy: + matrix: + rust_channel: + # MSRV + - 1.37.0 + - stable + steps: - uses: actions-rs/toolchain@v1 with: - toolchain: 1.37.0 + toolchain: ${{ matrix.rust_channel }} profile: minimal components: clippy - uses: actions/checkout@v2 - - run: cargo +1.37.0 clippy --all-features ---all-targets -- --deny warnings + - run: cargo +${{ matrix.rust_channel }} clippy --all-features ---all-targets -- --deny warnings audit: # Don't run duplicate `push` jobs for the repo owner's PRs. From 455b78d5f958081f80f212e201e8a1037af308a3 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 1 Dec 2020 12:53:54 -0800 Subject: [PATCH 351/399] PWCT failures should clear the generated key. It's insufficient to signal an error when the PWCT fails. We additionally need to ensure that the invalid key material is not returned. Change-Id: Ic5ff719a688985a61c52540ce6d1ed279a493d27 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44306 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- crypto/fipsmodule/ec/ec_key.c | 10 +++- crypto/fipsmodule/rsa/rsa_impl.c | 83 ++++++++++++++++++++------------ 2 files changed, 60 insertions(+), 33 deletions(-) diff --git a/crypto/fipsmodule/ec/ec_key.c b/crypto/fipsmodule/ec/ec_key.c index cd48c60bee..bc09e0e874 100644 --- a/crypto/fipsmodule/ec/ec_key.c +++ b/crypto/fipsmodule/ec/ec_key.c @@ -440,7 +440,15 @@ int EC_KEY_generate_key(EC_KEY *key) { } int EC_KEY_generate_key_fips(EC_KEY *eckey) { - return EC_KEY_generate_key(eckey) && EC_KEY_check_fips(eckey); + if (EC_KEY_generate_key(eckey) && EC_KEY_check_fips(eckey)) { + return 1; + } + + EC_POINT_free(eckey->pub_key); + ec_wrapped_scalar_free(eckey->priv_key); + eckey->pub_key = NULL; + eckey->priv_key = NULL; + return 0; } int EC_KEY_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused, diff --git a/crypto/fipsmodule/rsa/rsa_impl.c b/crypto/fipsmodule/rsa/rsa_impl.c index 7343b75cec..2f76e9e2e0 100644 --- a/crypto/fipsmodule/rsa/rsa_impl.c +++ b/crypto/fipsmodule/rsa/rsa_impl.c @@ -1316,52 +1316,72 @@ static void replace_bn_mont_ctx(BN_MONT_CTX **out, BN_MONT_CTX **in) { *in = NULL; } -int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e_value, - BN_GENCB *cb) { +static int RSA_generate_key_ex_maybe_fips(RSA *rsa, int bits, + const BIGNUM *e_value, BN_GENCB *cb, + int check_fips) { + RSA *tmp = NULL; + uint32_t err; + int ret = 0; + // |rsa_generate_key_impl|'s 2^-20 failure probability is too high at scale, // so we run the FIPS algorithm four times, bringing it down to 2^-80. We // should just adjust the retry limit, but FIPS 186-4 prescribes that value // and thus results in unnecessary complexity. - for (int i = 0; i < 4; i++) { + int failures = 0; + do { ERR_clear_error(); // Generate into scratch space, to avoid leaving partial work on failure. - RSA *tmp = RSA_new(); + tmp = RSA_new(); if (tmp == NULL) { - return 0; + goto out; } + if (rsa_generate_key_impl(tmp, bits, e_value, cb)) { - replace_bignum(&rsa->n, &tmp->n); - replace_bignum(&rsa->e, &tmp->e); - replace_bignum(&rsa->d, &tmp->d); - replace_bignum(&rsa->p, &tmp->p); - replace_bignum(&rsa->q, &tmp->q); - replace_bignum(&rsa->dmp1, &tmp->dmp1); - replace_bignum(&rsa->dmq1, &tmp->dmq1); - replace_bignum(&rsa->iqmp, &tmp->iqmp); - replace_bn_mont_ctx(&rsa->mont_n, &tmp->mont_n); - replace_bn_mont_ctx(&rsa->mont_p, &tmp->mont_p); - replace_bn_mont_ctx(&rsa->mont_q, &tmp->mont_q); - replace_bignum(&rsa->d_fixed, &tmp->d_fixed); - replace_bignum(&rsa->dmp1_fixed, &tmp->dmp1_fixed); - replace_bignum(&rsa->dmq1_fixed, &tmp->dmq1_fixed); - replace_bignum(&rsa->inv_small_mod_large_mont, - &tmp->inv_small_mod_large_mont); - rsa->private_key_frozen = tmp->private_key_frozen; - RSA_free(tmp); - return 1; + break; } - uint32_t err = ERR_peek_error(); + + err = ERR_peek_error(); RSA_free(tmp); tmp = NULL; + failures++; + // Only retry on |RSA_R_TOO_MANY_ITERATIONS|. This is so a caller-induced // failure in |BN_GENCB_call| is still fatal. - if (ERR_GET_LIB(err) != ERR_LIB_RSA || - ERR_GET_REASON(err) != RSA_R_TOO_MANY_ITERATIONS) { - return 0; - } + } while (failures < 4 && ERR_GET_LIB(err) == ERR_LIB_RSA && + ERR_GET_REASON(err) == RSA_R_TOO_MANY_ITERATIONS); + + if (tmp == NULL || (check_fips && !RSA_check_fips(tmp))) { + goto out; } - return 0; + replace_bignum(&rsa->n, &tmp->n); + replace_bignum(&rsa->e, &tmp->e); + replace_bignum(&rsa->d, &tmp->d); + replace_bignum(&rsa->p, &tmp->p); + replace_bignum(&rsa->q, &tmp->q); + replace_bignum(&rsa->dmp1, &tmp->dmp1); + replace_bignum(&rsa->dmq1, &tmp->dmq1); + replace_bignum(&rsa->iqmp, &tmp->iqmp); + replace_bn_mont_ctx(&rsa->mont_n, &tmp->mont_n); + replace_bn_mont_ctx(&rsa->mont_p, &tmp->mont_p); + replace_bn_mont_ctx(&rsa->mont_q, &tmp->mont_q); + replace_bignum(&rsa->d_fixed, &tmp->d_fixed); + replace_bignum(&rsa->dmp1_fixed, &tmp->dmp1_fixed); + replace_bignum(&rsa->dmq1_fixed, &tmp->dmq1_fixed); + replace_bignum(&rsa->inv_small_mod_large_mont, + &tmp->inv_small_mod_large_mont); + rsa->private_key_frozen = tmp->private_key_frozen; + ret = 1; + +out: + RSA_free(tmp); + return ret; +} + +int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e_value, + BN_GENCB *cb) { + return RSA_generate_key_ex_maybe_fips(rsa, bits, e_value, cb, + /*check_fips=*/0); } int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb) { @@ -1377,8 +1397,7 @@ int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb) { BIGNUM *e = BN_new(); int ret = e != NULL && BN_set_word(e, RSA_F4) && - RSA_generate_key_ex(rsa, bits, e, cb) && - RSA_check_fips(rsa); + RSA_generate_key_ex_maybe_fips(rsa, bits, e, cb, /*check_fips=*/1); BN_free(e); return ret; } From 45a43db9879b1aa566e8750d892893311043478a Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 7 Dec 2020 19:10:55 -0800 Subject: [PATCH 352/399] CI/CD: Only use the latest stable version of Clippy. It's too tedious to keep the code compatible with older clippy and newer clippy, especially if/when we enable pedantic lints. --- .github/workflows/ci.yml | 11 ++--------- src/arithmetic/bigint.rs | 6 +----- 2 files changed, 3 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4623c6a3ba..4acbf15d2c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,23 +24,16 @@ jobs: runs-on: ubuntu-18.04 - strategy: - matrix: - rust_channel: - # MSRV - - 1.37.0 - - stable - steps: - uses: actions-rs/toolchain@v1 with: - toolchain: ${{ matrix.rust_channel }} + toolchain: stable profile: minimal components: clippy - uses: actions/checkout@v2 - - run: cargo +${{ matrix.rust_channel }} clippy --all-features ---all-targets -- --deny warnings + - run: cargo clippy --all-features ---all-targets -- --deny warnings audit: # Don't run duplicate `push` jobs for the repo owner's PRs. diff --git a/src/arithmetic/bigint.rs b/src/arithmetic/bigint.rs index 10c5130399..620595effd 100644 --- a/src/arithmetic/bigint.rs +++ b/src/arithmetic/bigint.rs @@ -263,11 +263,7 @@ impl Modulus { // n_mod_r = n % r. As explained in the documentation for `n0`, this is // done by taking the lowest `N0_LIMBS_USED` limbs of `n`. - // - // TODO: When we stop requiring clippy 1.37.0 to accept the code, clean - // up these `#[allow(...)]`s. - #[allow(renamed_and_removed_lints, clippy::unknown_clippy_lints)] - #[allow(clippy::identity_conversion, clippy::useless_conversion)] + #[allow(clippy::useless_conversion)] let n0 = { extern "C" { fn GFp_bn_neg_inv_mod_r_u64(n: u64) -> u64; From 20c947947458a95180699c96253e88a70f0805bd Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 7 Dec 2020 19:15:40 -0800 Subject: [PATCH 353/399] CI/CD: Run release-mode tests using MSRV. Also reorder the channels according in some priority order. --- .github/workflows/ci.yml | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4acbf15d2c..a9261f441f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -172,14 +172,43 @@ jobs: rust_channel: - stable - - beta - nightly + - 1.37.0 # MSRV + - beta exclude: # The stable channel doesn't have aarch64-apple-darwin support yet. - target: aarch64-apple-darwin rust_channel: stable + # The MSRV channel doesn't have aarch64-apple-darwin support yet. + - target: aarch64-apple-darwin + rust_channel: 1.37.0 + + # Only do MSRV testing on release builds. + - mode: # debug + rust_channel: 1.37.0 + + # 1.37.0 doesn't support `-Clink-self-contained`. + - target: aarch64-unknown-linux-musl + rust_channel: 1.37.0 + + # 1.37.0 doesn't support `-Clink-self-contained`. + - target: armv7-unknown-linux-musleabihf + rust_channel: 1.37.0 + + # 1.37.0 doesn't support `-Clink-self-contained`. + - target: i686-unknown-linux-musl + rust_channel: 1.37.0 + + # 1.37.0 doesn't support `-Clink-self-contained`. + - target: x86_64-unknown-linux-musl + rust_channel: 1.37.0 + + # https://github.com/rust-lang/rust/pull/67429 + - target: x86_64-pc-windows-gnu + rust_channel: 1.37.0 + include: - target: aarch64-apple-darwin # macos-latest didn't work. From aa4ecb49269666c75919bc068028097c3b9cd42f Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 29 Oct 2020 18:28:45 -0400 Subject: [PATCH 354/399] Fix EDIPartyName parsing and GENERAL_NAME_cmp. See also CVE-2020-1971, f960d81215ebf3f65e03d4d5d857fb9b666d6920, and aa0ad2011d3e7ad8a611da274ef7d9c7706e289b from upstream OpenSSL. Unlike upstream's version, this CL opts for a simpler edipartyname_cmp. GENERAL_NAME_cmp is already unsuitable for ordering, just equality, which means there's no need to preserve return values from ASN1_STRING_cmp. Additionally, the ASN.1 structure implies most fields cannot be NULL. (The change from other to x400Address is a no-op. They're the same type. Just x400Address is a little clearer. Historical quirks of the GENERAL_NAME structure.) Change-Id: I4b0ffe8e931c8ef916794a486e6a0d6d684c0cc1 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44404 Reviewed-by: Adam Langley --- crypto/x509/x509_test.cc | 179 +++++++++++++++++++++++++++++++++++++++ crypto/x509v3/v3_genn.c | 37 ++++++-- include/openssl/x509v3.h | 6 ++ 3 files changed, 217 insertions(+), 5 deletions(-) diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index 56d800cbc2..4020665d67 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -2813,3 +2813,182 @@ TEST(X509Test, AlgorithmParameters) { EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err)); } + +TEST(X509Test, GeneralName) { + const std::vector kNames[] = { + // [0] { + // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + // [0] { + // SEQUENCE {} + // } + // } + {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00}, + // [0] { + // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + // [0] { + // [APPLICATION 0] {} + // } + // } + {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00}, + // [0] { + // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + // [0] { + // UTF8String { "a" } + // } + // } + {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61}, + // [0] { + // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 } + // [0] { + // UTF8String { "a" } + // } + // } + {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61}, + // [0] { + // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + // [0] { + // UTF8String { "b" } + // } + // } + {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62}, + // [0] { + // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + // [0] { + // BOOLEAN { TRUE } + // } + // } + {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff}, + // [0] { + // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + // [0] { + // BOOLEAN { FALSE } + // } + // } + {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00}, + // [1 PRIMITIVE] { "a" } + {0x81, 0x01, 0x61}, + // [1 PRIMITIVE] { "b" } + {0x81, 0x01, 0x62}, + // [2 PRIMITIVE] { "a" } + {0x82, 0x01, 0x61}, + // [2 PRIMITIVE] { "b" } + {0x82, 0x01, 0x62}, + // [4] { + // SEQUENCE { + // SET { + // SEQUENCE { + // # commonName + // OBJECT_IDENTIFIER { 2.5.4.3 } + // UTF8String { "a" } + // } + // } + // } + // } + {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x01, 0x61}, + // [4] { + // SEQUENCE { + // SET { + // SEQUENCE { + // # commonName + // OBJECT_IDENTIFIER { 2.5.4.3 } + // UTF8String { "b" } + // } + // } + // } + // } + {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x01, 0x62}, + // [5] { + // [1] { + // UTF8String { "a" } + // } + // } + {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61}, + // [5] { + // [1] { + // UTF8String { "b" } + // } + // } + {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62}, + // [5] { + // [0] { + // UTF8String {} + // } + // [1] { + // UTF8String { "a" } + // } + // } + {0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61}, + // [5] { + // [0] { + // UTF8String { "a" } + // } + // [1] { + // UTF8String { "a" } + // } + // } + {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, 0x61}, + // [5] { + // [0] { + // UTF8String { "b" } + // } + // [1] { + // UTF8String { "a" } + // } + // } + {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, 0x61}, + // [6 PRIMITIVE] { "a" } + {0x86, 0x01, 0x61}, + // [6 PRIMITIVE] { "b" } + {0x86, 0x01, 0x62}, + // [7 PRIMITIVE] { `11111111` } + {0x87, 0x04, 0x11, 0x11, 0x11, 0x11}, + // [7 PRIMITIVE] { `22222222`} + {0x87, 0x04, 0x22, 0x22, 0x22, 0x22}, + // [7 PRIMITIVE] { `11111111111111111111111111111111` } + {0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + // [7 PRIMITIVE] { `22222222222222222222222222222222` } + {0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22}, + // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } + {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, + 0x09, 0x02, 0x01}, + // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } + {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, + 0x09, 0x02, 0x02}, + }; + + // Every name should be equal to itself and not equal to any others. + for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kNames); i++) { + SCOPED_TRACE(Bytes(kNames[i])); + + const uint8_t *ptr = kNames[i].data(); + bssl::UniquePtr a( + d2i_GENERAL_NAME(nullptr, &ptr, kNames[i].size())); + ASSERT_TRUE(a); + + for (size_t j = 0; j < OPENSSL_ARRAY_SIZE(kNames); j++) { + SCOPED_TRACE(Bytes(kNames[j])); + + ptr = kNames[j].data(); + bssl::UniquePtr b( + d2i_GENERAL_NAME(nullptr, &ptr, kNames[j].size())); + ASSERT_TRUE(b); + + if (i == j) { + EXPECT_EQ(GENERAL_NAME_cmp(a.get(), b.get()), 0); + } else { + EXPECT_NE(GENERAL_NAME_cmp(a.get(), b.get()), 0); + } + } + } +} diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c index 57223b4a4e..af7e4e12f0 100644 --- a/crypto/x509v3/v3_genn.c +++ b/crypto/x509v3/v3_genn.c @@ -72,8 +72,9 @@ ASN1_SEQUENCE(OTHERNAME) = { IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME) ASN1_SEQUENCE(EDIPARTYNAME) = { - ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), - ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) + /* DirectoryString is a CHOICE type, so use explicit tagging. */ + ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), + ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) } ASN1_SEQUENCE_END(EDIPARTYNAME) IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME) @@ -102,6 +103,24 @@ IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES) IMPLEMENT_ASN1_DUP_FUNCTION(GENERAL_NAME) +static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b) +{ + /* nameAssigner is optional and may be NULL. */ + if (a->nameAssigner == NULL) { + if (b->nameAssigner != NULL) { + return -1; + } + } else { + if (b->nameAssigner == NULL || + ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner) != 0) { + return -1; + } + } + + /* partyName may not be NULL. */ + return ASN1_STRING_cmp(a->partyName, b->partyName); +} + /* Returns 0 if they are equal, != 0 otherwise. */ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) { @@ -111,8 +130,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) return -1; switch (a->type) { case GEN_X400: + result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); + break; + case GEN_EDIPARTY: - result = ASN1_TYPE_cmp(a->d.other, b->d.other); + result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName); break; case GEN_OTHERNAME: @@ -159,8 +181,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value) { switch (type) { case GEN_X400: + a->d.x400Address = value; + break; + case GEN_EDIPARTY: - a->d.other = value; + a->d.ediPartyName = value; break; case GEN_OTHERNAME: @@ -194,8 +219,10 @@ void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype) *ptype = a->type; switch (a->type) { case GEN_X400: + return a->d.x400Address; + case GEN_EDIPARTY: - return a->d.other; + return a->d.ediPartyName; case GEN_OTHERNAME: return a->d.otherName; diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index a0b6bd839c..09fc4ea8b9 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -474,6 +474,12 @@ DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) OPENSSL_EXPORT GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); + +// GENERAL_NAME_cmp returns zero if |a| and |b| are equal and a non-zero +// value otherwise. Note this function does not provide a comparison suitable +// for sorting. +// +// TODO(davidben): Const-correct this function. OPENSSL_EXPORT int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); From 225961dc49e631f17da62545955e95b0e256c6ab Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 8 Dec 2020 12:22:13 -0500 Subject: [PATCH 355/399] Const-correct GENERAL_NAME_cmp. Also make it a little shorter. Change-Id: I6ee9d7666e9cf622509c54966a88f899a1974f9f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44405 Reviewed-by: Adam Langley --- crypto/x509v3/v3_genn.c | 29 +++++++++++------------------ include/openssl/x509v3.h | 5 ++--- 2 files changed, 13 insertions(+), 21 deletions(-) diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c index af7e4e12f0..ae79374a8c 100644 --- a/crypto/x509v3/v3_genn.c +++ b/crypto/x509v3/v3_genn.c @@ -122,44 +122,37 @@ static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b) } /* Returns 0 if they are equal, != 0 otherwise. */ -int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) +int GENERAL_NAME_cmp(const GENERAL_NAME *a, const GENERAL_NAME *b) { - int result = -1; - if (!a || !b || a->type != b->type) return -1; + switch (a->type) { case GEN_X400: - result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); - break; + return ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); case GEN_EDIPARTY: - result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName); - break; + return edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName); case GEN_OTHERNAME: - result = OTHERNAME_cmp(a->d.otherName, b->d.otherName); - break; + return OTHERNAME_cmp(a->d.otherName, b->d.otherName); case GEN_EMAIL: case GEN_DNS: case GEN_URI: - result = ASN1_STRING_cmp(a->d.ia5, b->d.ia5); - break; + return ASN1_STRING_cmp(a->d.ia5, b->d.ia5); case GEN_DIRNAME: - result = X509_NAME_cmp(a->d.dirn, b->d.dirn); - break; + return X509_NAME_cmp(a->d.dirn, b->d.dirn); case GEN_IPADD: - result = ASN1_OCTET_STRING_cmp(a->d.ip, b->d.ip); - break; + return ASN1_OCTET_STRING_cmp(a->d.ip, b->d.ip); case GEN_RID: - result = OBJ_cmp(a->d.rid, b->d.rid); - break; + return OBJ_cmp(a->d.rid, b->d.rid); } - return result; + + return -1; } /* Returns 0 if they are equal, != 0 otherwise. */ diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 09fc4ea8b9..2c9ba732d0 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -478,9 +478,8 @@ OPENSSL_EXPORT GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); // GENERAL_NAME_cmp returns zero if |a| and |b| are equal and a non-zero // value otherwise. Note this function does not provide a comparison suitable // for sorting. -// -// TODO(davidben): Const-correct this function. -OPENSSL_EXPORT int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); +OPENSSL_EXPORT int GENERAL_NAME_cmp(const GENERAL_NAME *a, + const GENERAL_NAME *b); From 329c0cbb2f974bb1dec2b9db9653803d993c6b45 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 7 Dec 2020 15:10:47 -0800 Subject: [PATCH 356/399] acvp: fix subprocess_test.go Change-Id: Ia3d98b00365ed92cbf7d02cdb55a1a16e431c4f4 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44384 Reviewed-by: David Benjamin --- .../fipstools/acvp/acvptool/subprocess/subprocess_test.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go b/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go index 2249aa367e..2815361542 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess_test.go @@ -208,13 +208,15 @@ var invalidACVPAESECB = []byte(`{ }`) var callsACVPAESECB = []fakeTransactCall{ - fakeTransactCall{cmd: "AES/encrypt", expectedNumResults: 1, args: [][]byte{ + fakeTransactCall{cmd: "AES/encrypt", expectedNumResults: 2, args: [][]byte{ fromHex("00000000000000000000000000000000"), fromHex("F34481EC3CC627BACD5DC3FB08F273E6"), + fromHex("01000000"), }}, - fakeTransactCall{cmd: "AES/encrypt", expectedNumResults: 1, args: [][]byte{ + fakeTransactCall{cmd: "AES/encrypt", expectedNumResults: 2, args: [][]byte{ fromHex("00000000000000000000000000000000"), fromHex("9798C4640BAD75C7C3227DB910174E72"), + fromHex("01000000"), }}, } @@ -438,7 +440,7 @@ func TestPrimitives(t *testing.T) { }, { algo: "ACVP-AES-ECB", - p: &blockCipher{"AES", 16, true, false, iterateAES}, + p: &blockCipher{"AES", 16, 2, true, false, iterateAES}, validJSON: validACVPAESECB, invalidJSON: invalidACVPAESECB, expectedCalls: callsACVPAESECB, From 9ac743e0b4823e51ed664517b58f7602e473da5e Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 7 Dec 2020 15:05:53 -0800 Subject: [PATCH 357/399] acvp: tweak config This change tweaks our ACVP config to better match what BoringCrypto has previously tested with CAVP. Change-Id: I7d7ce5153a3eb7355ae1516f06ff591ee2c9d902 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44385 Reviewed-by: David Benjamin --- util/fipstools/acvp/modulewrapper/modulewrapper.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index ac791c0f98..12aa2f8f9c 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -210,9 +210,9 @@ static bool GetConfig(const Span args[]) { "min": 0, "max": 256, "increment": 8 }], "aadLen": [{ - "min": 0, "max": 256, "increment": 8 + "min": 0, "max": 320, "increment": 8 }], - "tagLen": [128], + "tagLen": [32, 64, 96, 104, 112, 120, 128], "ivLen": [96], "ivGen": "external" }, @@ -244,7 +244,7 @@ static bool GetConfig(const Span args[]) { "keyLen": [ 128, 192, 256 ], - "payloadLen": [{"min": 8, "max": 1024, "increment": 8}] + "payloadLen": [{"min": 8, "max": 4096, "increment": 8}] }, { "algorithm": "ACVP-AES-CCM", From f0400014b383dbad63e4dacac1ffdc54502806fc Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 7 Dec 2020 15:06:13 -0800 Subject: [PATCH 358/399] acvp: add TLS KDF support Change-Id: I4f4a89f97e2513d8b5b740620989b187a7b44a58 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44386 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- .../acvp/acvptool/subprocess/subprocess.go | 51 +++--- .../acvp/acvptool/subprocess/tlskdf.go | 165 ++++++++++++++++++ .../acvp/modulewrapper/modulewrapper.cc | 45 +++++ 3 files changed, 236 insertions(+), 25 deletions(-) create mode 100644 util/fipstools/acvp/acvptool/subprocess/tlskdf.go diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index c297c8eab0..e5c1d1a653 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -71,31 +71,32 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess } m.primitives = map[string]primitive{ - "SHA-1": &hashPrimitive{"SHA-1", 20}, - "SHA2-224": &hashPrimitive{"SHA2-224", 28}, - "SHA2-256": &hashPrimitive{"SHA2-256", 32}, - "SHA2-384": &hashPrimitive{"SHA2-384", 48}, - "SHA2-512": &hashPrimitive{"SHA2-512", 64}, - "SHA2-512/256": &hashPrimitive{"SHA2-512/256", 32}, - "ACVP-AES-ECB": &blockCipher{"AES", 16, 2, true, false, iterateAES}, - "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, 2, true, true, iterateAESCBC}, - "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, 1, false, true, nil}, - "ACVP-TDES-ECB": &blockCipher{"3DES-ECB", 8, 3, true, false, iterate3DES}, - "ACVP-TDES-CBC": &blockCipher{"3DES-CBC", 8, 3, true, true, iterate3DESCBC}, - "ACVP-AES-GCM": &aead{"AES-GCM", false}, - "ACVP-AES-CCM": &aead{"AES-CCM", true}, - "ACVP-AES-KW": &aead{"AES-KW", false}, - "ACVP-AES-KWP": &aead{"AES-KWP", false}, - "HMAC-SHA-1": &hmacPrimitive{"HMAC-SHA-1", 20}, - "HMAC-SHA2-224": &hmacPrimitive{"HMAC-SHA2-224", 28}, - "HMAC-SHA2-256": &hmacPrimitive{"HMAC-SHA2-256", 32}, - "HMAC-SHA2-384": &hmacPrimitive{"HMAC-SHA2-384", 48}, - "HMAC-SHA2-512": &hmacPrimitive{"HMAC-SHA2-512", 64}, - "ctrDRBG": &drbg{"ctrDRBG", map[string]bool{"AES-128": true, "AES-192": true, "AES-256": true}}, - "hmacDRBG": &drbg{"hmacDRBG", map[string]bool{"SHA-1": true, "SHA2-224": true, "SHA2-256": true, "SHA2-384": true, "SHA2-512": true}}, - "KDF": &kdfPrimitive{}, - "CMAC-AES": &keyedMACPrimitive{"CMAC-AES"}, - "RSA": &rsa{}, + "SHA-1": &hashPrimitive{"SHA-1", 20}, + "SHA2-224": &hashPrimitive{"SHA2-224", 28}, + "SHA2-256": &hashPrimitive{"SHA2-256", 32}, + "SHA2-384": &hashPrimitive{"SHA2-384", 48}, + "SHA2-512": &hashPrimitive{"SHA2-512", 64}, + "SHA2-512/256": &hashPrimitive{"SHA2-512/256", 32}, + "ACVP-AES-ECB": &blockCipher{"AES", 16, 2, true, false, iterateAES}, + "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, 2, true, true, iterateAESCBC}, + "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, 1, false, true, nil}, + "ACVP-TDES-ECB": &blockCipher{"3DES-ECB", 8, 3, true, false, iterate3DES}, + "ACVP-TDES-CBC": &blockCipher{"3DES-CBC", 8, 3, true, true, iterate3DESCBC}, + "ACVP-AES-GCM": &aead{"AES-GCM", false}, + "ACVP-AES-CCM": &aead{"AES-CCM", true}, + "ACVP-AES-KW": &aead{"AES-KW", false}, + "ACVP-AES-KWP": &aead{"AES-KWP", false}, + "HMAC-SHA-1": &hmacPrimitive{"HMAC-SHA-1", 20}, + "HMAC-SHA2-224": &hmacPrimitive{"HMAC-SHA2-224", 28}, + "HMAC-SHA2-256": &hmacPrimitive{"HMAC-SHA2-256", 32}, + "HMAC-SHA2-384": &hmacPrimitive{"HMAC-SHA2-384", 48}, + "HMAC-SHA2-512": &hmacPrimitive{"HMAC-SHA2-512", 64}, + "ctrDRBG": &drbg{"ctrDRBG", map[string]bool{"AES-128": true, "AES-192": true, "AES-256": true}}, + "hmacDRBG": &drbg{"hmacDRBG", map[string]bool{"SHA-1": true, "SHA2-224": true, "SHA2-256": true, "SHA2-384": true, "SHA2-512": true}}, + "KDF": &kdfPrimitive{}, + "CMAC-AES": &keyedMACPrimitive{"CMAC-AES"}, + "RSA": &rsa{}, + "kdf-components": &tlsKDF{}, } m.primitives["ECDSA"] = &ecdsa{"ECDSA", map[string]bool{"P-224": true, "P-256": true, "P-384": true, "P-521": true}, m.primitives} diff --git a/util/fipstools/acvp/acvptool/subprocess/tlskdf.go b/util/fipstools/acvp/acvptool/subprocess/tlskdf.go new file mode 100644 index 0000000000..96a0a5c102 --- /dev/null +++ b/util/fipstools/acvp/acvptool/subprocess/tlskdf.go @@ -0,0 +1,165 @@ +// Copyright (c) 2020, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +package subprocess + +import ( + "encoding/binary" + "encoding/hex" + "encoding/json" + "fmt" +) + +type tlsKDFVectorSet struct { + Groups []tlsKDFTestGroup `json:"testGroups"` +} + +type tlsKDFTestGroup struct { + ID uint64 `json:"tgId"` + Hash string `json:"hashAlg"` + TLSVersion string `json:"tlsVersion"` + KeyBlockBits uint64 `json:"keyBlockLength"` + PMSLength uint64 `json:"preMasterSecretLength"` + Tests []tlsKDFTest `json:"tests"` +} + +type tlsKDFTest struct { + ID uint64 `json:"tcId"` + PMSHex string `json:"preMasterSecret"` + // ClientHelloRandomHex and ServerHelloRandomHex are used for deriving the + // master secret. ClientRandomHex and ServerRandomHex are used for deriving the + // key block. Having different values for these is not possible in a TLS + // handshake unless you squint at a resumption handshake and somehow rederive + // the master secret from the session information during resumption. + ClientHelloRandomHex string `json:"clientHelloRandom"` + ServerHelloRandomHex string `json:"serverHelloRandom"` + ClientRandomHex string `json:"clientRandom"` + ServerRandomHex string `json:"serverRandom"` +} + +type tlsKDFTestGroupResponse struct { + ID uint64 `json:"tgId"` + Tests []tlsKDFTestResponse `json:"tests"` +} + +type tlsKDFTestResponse struct { + ID uint64 `json:"tcId"` + MasterSecretHex string `json:"masterSecret"` + KeyBlockHex string `json:"keyBlock"` +} + +type tlsKDF struct{} + +func (k *tlsKDF) Process(vectorSet []byte, m Transactable) (interface{}, error) { + var parsed tlsKDFVectorSet + if err := json.Unmarshal(vectorSet, &parsed); err != nil { + return nil, err + } + + // See https://usnistgov.github.io/ACVP/draft-celi-acvp-kdf-tls.html + var ret []tlsKDFTestGroupResponse + for _, group := range parsed.Groups { + response := tlsKDFTestGroupResponse{ + ID: group.ID, + } + + var tlsVer string + switch group.TLSVersion { + case "v1.0/1.1": + tlsVer = "1.0" + case "v1.2": + tlsVer = "1.2" + default: + return nil, fmt.Errorf("unknown TLS version %q", group.TLSVersion) + } + + hashIsTLS10 := false + switch group.Hash { + case "SHA-1": + hashIsTLS10 = true + case "SHA2-256", "SHA2-384", "SHA2-512": + break + default: + return nil, fmt.Errorf("unknown hash %q", group.Hash) + } + + if (tlsVer == "1.0") != hashIsTLS10 { + return nil, fmt.Errorf("hash %q not permitted with TLS version %q", group.Hash, group.TLSVersion) + } + + if group.KeyBlockBits%8 != 0 { + return nil, fmt.Errorf("requested key-block length (%d bits) is not a whole number of bytes", group.KeyBlockBits) + } + + method := "TLSKDF/" + tlsVer + "/" + group.Hash + + for _, test := range group.Tests { + pms, err := hex.DecodeString(test.PMSHex) + if err != nil { + return nil, err + } + + clientHelloRandom, err := hex.DecodeString(test.ClientHelloRandomHex) + if err != nil { + return nil, err + } + + serverHelloRandom, err := hex.DecodeString(test.ServerHelloRandomHex) + if err != nil { + return nil, err + } + + clientRandom, err := hex.DecodeString(test.ClientRandomHex) + if err != nil { + return nil, err + } + + serverRandom, err := hex.DecodeString(test.ServerRandomHex) + if err != nil { + return nil, err + } + + const ( + masterSecretLength = 48 + masterSecretLabel = "master secret" + keyBlockLabel = "key expansion" + ) + + var outLenBytes [4]byte + binary.LittleEndian.PutUint32(outLenBytes[:], uint32(masterSecretLength)) + result, err := m.Transact(method, 1, outLenBytes[:], pms, []byte(masterSecretLabel), clientHelloRandom, serverHelloRandom) + if err != nil { + return nil, err + } + + binary.LittleEndian.PutUint32(outLenBytes[:], uint32(group.KeyBlockBits/8)) + // TLS 1.0, 1.1, and 1.2 use a different order for the client and server + // randoms when computing the key block. + result2, err := m.Transact(method, 1, outLenBytes[:], result[0], []byte(keyBlockLabel), serverRandom, clientRandom) + if err != nil { + return nil, err + } + + response.Tests = append(response.Tests, tlsKDFTestResponse{ + ID: test.ID, + MasterSecretHex: hex.EncodeToString(result[0]), + KeyBlockHex: hex.EncodeToString(result2[0]), + }) + } + + ret = append(ret, response) + } + + return ret, nil +} diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index 12aa2f8f9c..9d915ab6d7 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -41,6 +41,7 @@ #include #include "../../../../crypto/fipsmodule/rand/internal.h" +#include "../../../../crypto/fipsmodule/tls/internal.h" static constexpr size_t kMaxArgs = 8; static constexpr size_t kMaxArgLength = (1 << 20); @@ -702,6 +703,20 @@ static bool GetConfig(const Span args[]) { "increment": 8 }] }] + }, + { + "algorithm": "kdf-components", + "revision": "1.0", + "mode": "tls", + "tlsVersion": [ + "v1.0/1.1", + "v1.2" + ], + "hashAlg": [ + "SHA2-256", + "SHA2-384", + "SHA2-512" + ] } ])"; return WriteReply( @@ -1553,6 +1568,32 @@ static bool RSASigVer(const Span args[]) { return WriteReply(STDOUT_FILENO, Span(&ok, 1)); } +template +static bool TLSKDF(const Span args[]) { + const Span out_len_bytes = args[0]; + const Span secret = args[1]; + const Span label = args[2]; + const Span seed1 = args[3]; + const Span seed2 = args[4]; + const EVP_MD *md = MDFunc(); + + uint32_t out_len; + if (out_len_bytes.size() != sizeof(out_len)) { + return 0; + } + memcpy(&out_len, out_len_bytes.data(), sizeof(out_len)); + + std::vector out(static_cast(out_len)); + if (!CRYPTO_tls1_prf(md, out.data(), out.size(), secret.data(), secret.size(), + reinterpret_cast(label.data()), + label.size(), seed1.data(), seed1.size(), seed2.data(), + seed2.size())) { + return 0; + } + + return WriteReply(STDOUT_FILENO, out); +} + static constexpr struct { const char name[kMaxNameLength + 1]; uint8_t expected_args; @@ -1615,6 +1656,10 @@ static constexpr struct { {"RSA/sigVer/SHA2-384/pss", 4, RSASigVer}, {"RSA/sigVer/SHA2-512/pss", 4, RSASigVer}, {"RSA/sigVer/SHA-1/pss", 4, RSASigVer}, + {"TLSKDF/1.0/SHA-1", 5, TLSKDF}, + {"TLSKDF/1.2/SHA2-256", 5, TLSKDF}, + {"TLSKDF/1.2/SHA2-384", 5, TLSKDF}, + {"TLSKDF/1.2/SHA2-512", 5, TLSKDF}, }; int main() { From 1920c6f2caf37eb624086a55db4f0609f52f6f73 Mon Sep 17 00:00:00 2001 From: Dan McArdle Date: Wed, 11 Mar 2020 17:29:40 -0400 Subject: [PATCH 359/399] Implement GREASE for ECH (draft-ietf-tls-esni-08). Bug: 275 Change-Id: I4927c0886e3acf5b39104e3d89ed51d67520a343 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/40204 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- crypto/hpke/hpke.c | 14 +-- crypto/hpke/internal.h | 13 +- include/openssl/ssl.h | 15 +++ include/openssl/tls1.h | 4 + ssl/internal.h | 8 ++ ssl/ssl_lib.cc | 8 ++ ssl/t1_lib.cc | 166 ++++++++++++++++++++++++++ ssl/test/runner/common.go | 9 ++ ssl/test/runner/handshake_messages.go | 97 +++++++++++++++ ssl/test/runner/handshake_server.go | 8 ++ ssl/test/runner/runner.go | 110 +++++++++++++++++ ssl/test/test_config.cc | 4 + ssl/test/test_config.h | 1 + 13 files changed, 448 insertions(+), 9 deletions(-) diff --git a/crypto/hpke/hpke.c b/crypto/hpke/hpke.c index 2e0a58192e..cbd6e09822 100644 --- a/crypto/hpke/hpke.c +++ b/crypto/hpke/hpke.c @@ -125,7 +125,7 @@ static int hpke_extract_and_expand(const EVP_MD *hkdf_md, uint8_t *out_key, return 1; } -static const EVP_AEAD *hpke_get_aead(uint16_t aead_id) { +const EVP_AEAD *EVP_HPKE_get_aead(uint16_t aead_id) { switch (aead_id) { case EVP_HPKE_AEAD_AES_GCM_128: return EVP_aead_aes_128_gcm(); @@ -138,7 +138,7 @@ static const EVP_AEAD *hpke_get_aead(uint16_t aead_id) { return NULL; } -static const EVP_MD *hpke_get_kdf(uint16_t kdf_id) { +const EVP_MD *EVP_HPKE_get_hkdf_md(uint16_t kdf_id) { switch (kdf_id) { case EVP_HPKE_HKDF_SHA256: return EVP_sha256(); @@ -174,7 +174,7 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, uint8_t mode, } // Attempt to get an EVP_AEAD*. - const EVP_AEAD *aead = hpke_get_aead(hpke->aead_id); + const EVP_AEAD *aead = EVP_HPKE_get_aead(hpke->aead_id); if (aead == NULL) { return 0; } @@ -351,7 +351,7 @@ int EVP_HPKE_CTX_setup_base_s_x25519_for_test( hpke->is_sender = 1; hpke->kdf_id = kdf_id; hpke->aead_id = aead_id; - hpke->hkdf_md = hpke_get_kdf(kdf_id); + hpke->hkdf_md = EVP_HPKE_get_hkdf_md(kdf_id); if (hpke->hkdf_md == NULL) { return 0; } @@ -375,7 +375,7 @@ int EVP_HPKE_CTX_setup_base_r_x25519( hpke->is_sender = 0; hpke->kdf_id = kdf_id; hpke->aead_id = aead_id; - hpke->hkdf_md = hpke_get_kdf(kdf_id); + hpke->hkdf_md = EVP_HPKE_get_hkdf_md(kdf_id); if (hpke->hkdf_md == NULL) { return 0; } @@ -415,7 +415,7 @@ int EVP_HPKE_CTX_setup_psk_s_x25519_for_test( hpke->is_sender = 1; hpke->kdf_id = kdf_id; hpke->aead_id = aead_id; - hpke->hkdf_md = hpke_get_kdf(kdf_id); + hpke->hkdf_md = EVP_HPKE_get_hkdf_md(kdf_id); if (hpke->hkdf_md == NULL) { return 0; } @@ -440,7 +440,7 @@ int EVP_HPKE_CTX_setup_psk_r_x25519( hpke->is_sender = 0; hpke->kdf_id = kdf_id; hpke->aead_id = aead_id; - hpke->hkdf_md = hpke_get_kdf(kdf_id); + hpke->hkdf_md = EVP_HPKE_get_hkdf_md(kdf_id); if (hpke->hkdf_md == NULL) { return 0; } diff --git a/crypto/hpke/internal.h b/crypto/hpke/internal.h index 87c049a509..d07888720e 100644 --- a/crypto/hpke/internal.h +++ b/crypto/hpke/internal.h @@ -18,6 +18,7 @@ #include #include #include +#include #if defined(__cplusplus) extern "C" { @@ -77,8 +78,8 @@ OPENSSL_EXPORT void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx); // In each of the following functions, |hpke| must have been initialized with // |EVP_HPKE_CTX_init|. |kdf_id| selects the KDF for non-KEM HPKE operations and // must be one of the |EVP_HPKE_HKDF_*| constants. |aead_id| selects the AEAD -// for the "open" and "seal" operations and must be one of the |EVP_HPKE_AEAD_*" -// constants." +// for the "open" and "seal" operations and must be one of the |EVP_HPKE_AEAD_*| +// constants. // EVP_HPKE_CTX_setup_base_s_x25519 sets up |hpke| as a sender context that can // encrypt for the private key corresponding to |peer_public_value| (the @@ -215,6 +216,14 @@ OPENSSL_EXPORT int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *hpke, uint8_t *out, // set up as a sender. OPENSSL_EXPORT size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *hpke); +// EVP_HPKE_get_aead returns the AEAD corresponding to |aead_id|, or NULL if +// |aead_id| is not a known AEAD identifier. +OPENSSL_EXPORT const EVP_AEAD *EVP_HPKE_get_aead(uint16_t aead_id); + +// EVP_HPKE_get_hkdf_md returns the hash function associated with |kdf_id|, or +// NULL if |kdf_id| is not a known KDF identifier that uses HKDF. +OPENSSL_EXPORT const EVP_MD *EVP_HPKE_get_hkdf_md(uint16_t kdf_id); + #if defined(__cplusplus) } // extern C diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index d22c1e2638..e40e2b2905 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -3553,6 +3553,21 @@ OPENSSL_EXPORT const char *SSL_early_data_reason_string( enum ssl_early_data_reason_t reason); +// Encrypted Client Hello. +// +// ECH is a mechanism for encrypting the entire ClientHello message in TLS 1.3. +// This can prevent observers from seeing cleartext information about the +// connection, such as the server_name extension. +// +// ECH support in BoringSSL is still experimental and under development. +// +// See https://tools.ietf.org/html/draft-ietf-tls-esni-08. + +// SSL_set_enable_ech_grease configures whether the client may send ECH GREASE +// as part of this connection. +OPENSSL_EXPORT void SSL_set_enable_ech_grease(SSL *ssl, int enable); + + // Alerts. // // TLS uses alerts to signal error conditions. Alerts have a type (warning or diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 0ab10c9a4d..22689a26f2 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -238,6 +238,10 @@ extern "C" { // extension number. #define TLSEXT_TYPE_application_settings 17513 +// ExtensionType value from draft-ietf-tls-esni-08. This is not an IANA defined +// extension number. +#define TLSEXT_TYPE_encrypted_client_hello 0xfe08 + // ExtensionType value from RFC6962 #define TLSEXT_TYPE_certificate_timestamp 18 diff --git a/ssl/internal.h b/ssl/internal.h index 61cbefe843..5545bec09a 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -1638,6 +1638,10 @@ struct SSL_HANDSHAKE { // cookie is the value of the cookie received from the server, if any. Array cookie; + // ech_grease contains the bytes of the GREASE ECH extension that was sent in + // the first ClientHello. + Array ech_grease; + // key_share_bytes is the value of the previously sent KeyShare extension by // the client in TLS 1.3. Array key_share_bytes; @@ -2729,6 +2733,10 @@ struct SSL_CONFIG { // verify_mode is a bitmask of |SSL_VERIFY_*| values. uint8_t verify_mode = SSL_VERIFY_NONE; + // ech_grease_enabled controls whether ECH GREASE may be sent in the + // ClientHello. + bool ech_grease_enabled : 1; + // Enable signed certificate time stamps. Currently client only. bool signed_cert_timestamps_enabled : 1; diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc index 79eaacbb38..8c31871ca5 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc @@ -722,6 +722,7 @@ SSL *SSL_new(SSL_CTX *ctx) { SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg) : ssl(ssl_arg), + ech_grease_enabled(false), signed_cert_timestamps_enabled(false), ocsp_stapling_enabled(false), channel_id_enabled(false), @@ -1466,6 +1467,13 @@ const char *SSL_error_description(int err) { } } +void SSL_set_enable_ech_grease(SSL *ssl, int enable) { + if (!ssl->config) { + return; + } + ssl->config->ech_grease_enabled = !!enable; +} + uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) { ctx->options |= options; return ctx->options; diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc index e48f1a101f..955eae7283 100644 --- a/ssl/t1_lib.cc +++ b/ssl/t1_lib.cc @@ -113,10 +113,13 @@ #include #include +#include #include +#include #include #include +#include #include #include #include @@ -125,6 +128,7 @@ #include #include +#include "../crypto/hpke/internal.h" #include "../crypto/internal.h" #include "internal.h" @@ -587,6 +591,160 @@ static bool ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { } +// Encrypted Client Hello (ECH) +// +// https://tools.ietf.org/html/draft-ietf-tls-esni-08 + +// random_size returns a random value between |min| and |max|, inclusive. +static size_t random_size(size_t min, size_t max) { + assert(min < max); + size_t value; + RAND_bytes(reinterpret_cast(&value), sizeof(value)); + return value % (max - min + 1) + min; +} + +static bool ext_ech_add_clienthello_grease(SSL_HANDSHAKE *hs, CBB *out) { + // If we are responding to the server's HelloRetryRequest, we repeat the bytes + // of the first ECH GREASE extension. + if (hs->ssl->s3->used_hello_retry_request) { + CBB ech_body; + if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) || + !CBB_add_u16_length_prefixed(out, &ech_body) || + !CBB_add_bytes(&ech_body, hs->ech_grease.data(), + hs->ech_grease.size()) || + !CBB_flush(out)) { + return false; + } + return true; + } + + constexpr uint16_t kdf_id = EVP_HPKE_HKDF_SHA256; + const EVP_MD *kdf = EVP_HPKE_get_hkdf_md(kdf_id); + assert(kdf != nullptr); + + const uint16_t aead_id = EVP_has_aes_hardware() + ? EVP_HPKE_AEAD_AES_GCM_128 + : EVP_HPKE_AEAD_CHACHA20POLY1305; + const EVP_AEAD *aead = EVP_HPKE_get_aead(aead_id); + assert(aead != nullptr); + + uint8_t ech_config_id_buf[EVP_MAX_MD_SIZE]; + Span ech_config_id(ech_config_id_buf, EVP_MD_size(kdf)); + RAND_bytes(ech_config_id.data(), ech_config_id.size()); + + uint8_t ech_enc[X25519_PUBLIC_VALUE_LEN]; + uint8_t private_key_unused[X25519_PRIVATE_KEY_LEN]; + X25519_keypair(ech_enc, private_key_unused); + + // To determine a plausible length for the payload, we first estimate the size + // of a typical EncodedClientHelloInner, with an expected use of + // outer_extensions. To limit the size, we only consider initial ClientHellos + // that do not offer resumption. + // + // Field/Extension Size + // --------------------------------------------------------------------- + // version 2 + // random 32 + // legacy_session_id 1 + // - Has a U8 length prefix, but body is + // always empty string in inner CH. + // cipher_suites 2 (length prefix) + // - Only includes TLS 1.3 ciphers (3). 6 + // - Maybe also include a GREASE suite. 2 + // legacy_compression_methods 2 (length prefix) + // - Always has "null" compression method. 1 + // extensions: 2 (length prefix) + // - encrypted_client_hello (empty). 4 (id + length prefix) + // - supported_versions. 4 (id + length prefix) + // - U8 length prefix 1 + // - U16 protocol version (TLS 1.3) 2 + // - outer_extensions. 4 (id + length prefix) + // - U8 length prefix 1 + // - N extension IDs (2 bytes each): + // - key_share 2 + // - sigalgs 2 + // - sct 2 + // - alpn 2 + // - supported_groups. 2 + // - status_request. 2 + // - psk_key_exchange_modes. 2 + // - compress_certificate. 2 + // + // The server_name extension has an overhead of 9 bytes, plus up to an + // estimated 100 bytes of hostname. Rounding up to a multiple of 32 yields a + // range of 96 to 192. Note that this estimate does not fully capture + // optional extensions like GREASE, but the rounding gives some leeway. + + uint8_t payload[EVP_AEAD_MAX_OVERHEAD + 192]; + const size_t payload_len = + EVP_AEAD_max_overhead(aead) + 32 * random_size(96 / 32, 192 / 32); + assert(payload_len <= sizeof(payload)); + RAND_bytes(payload, payload_len); + + // Inside the TLS extension contents, write a serialized ClientEncryptedCH. + CBB ech_body, config_id_cbb, enc_cbb, payload_cbb; + if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) || + !CBB_add_u16_length_prefixed(out, &ech_body) || + !CBB_add_u16(&ech_body, kdf_id) || // + !CBB_add_u16(&ech_body, aead_id) || + !CBB_add_u8_length_prefixed(&ech_body, &config_id_cbb) || + !CBB_add_bytes(&config_id_cbb, ech_config_id.data(), + ech_config_id.size()) || + !CBB_add_u16_length_prefixed(&ech_body, &enc_cbb) || + !CBB_add_bytes(&enc_cbb, ech_enc, OPENSSL_ARRAY_SIZE(ech_enc)) || + !CBB_add_u16_length_prefixed(&ech_body, &payload_cbb) || + !CBB_add_bytes(&payload_cbb, payload, payload_len) || // + !CBB_flush(&ech_body)) { + return false; + } + // Save the bytes of the newly-generated extension in case the server sends + // a HelloRetryRequest. + if (!hs->ech_grease.CopyFrom( + MakeConstSpan(CBB_data(&ech_body), CBB_len(&ech_body)))) { + return false; + } + return CBB_flush(out); +} + +static bool ext_ech_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { + if (hs->max_version < TLS1_3_VERSION) { + return true; + } + if (hs->config->ech_grease_enabled) { + return ext_ech_add_clienthello_grease(hs, out); + } + // Nothing to do, since we don't yet implement the non-GREASE parts of ECH. + return true; +} + +static bool ext_ech_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert, + CBS *contents) { + if (contents == NULL) { + return true; + } + + // If the client only sent GREASE, we must check the extension syntactically. + CBS ech_configs; + if (!CBS_get_u16_length_prefixed(contents, &ech_configs) || + CBS_len(&ech_configs) == 0 || // + CBS_len(contents) > 0) { + *out_alert = SSL_AD_DECODE_ERROR; + return false; + } + while (CBS_len(&ech_configs) > 0) { + // Do a top-level parse of the ECHConfig, stopping before ECHConfigContents. + uint16_t version; + CBS ech_config_contents; + if (!CBS_get_u16(&ech_configs, &version) || + !CBS_get_u16_length_prefixed(&ech_configs, &ech_config_contents)) { + *out_alert = SSL_AD_DECODE_ERROR; + return false; + } + } + return true; +} + + // Renegotiation indication. // // https://tools.ietf.org/html/rfc5746 @@ -2970,6 +3128,14 @@ static const struct tls_extension kExtensions[] = { ext_sni_parse_clienthello, ext_sni_add_serverhello, }, + { + TLSEXT_TYPE_encrypted_client_hello, + NULL, + ext_ech_add_clienthello, + ext_ech_parse_serverhello, + ignore_parse_clienthello, + dont_add_serverhello, + }, { TLSEXT_TYPE_extended_master_secret, NULL, diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go index 8a934b31f6..522f458f77 100644 --- a/ssl/test/runner/common.go +++ b/ssl/test/runner/common.go @@ -127,6 +127,7 @@ const ( extensionChannelID uint16 = 30032 // not IANA assigned extensionDelegatedCredentials uint16 = 0x22 // draft-ietf-tls-subcerts-06 extensionDuplicate uint16 = 0xffff // not IANA assigned + extensionEncryptedClientHello uint16 = 0xfe08 // not IANA assigned ) // TLS signaling cipher suite values @@ -794,6 +795,14 @@ type ProtocolBugs struct { // must specify in the server_name extension. ExpectServerName string + // ExpectClientECH causes the server to expect the peer to send an + // encrypted_client_hello extension containing a ClientECH structure. + ExpectClientECH bool + + // SendECHRetryConfigs, if not empty, contains the ECH server's serialized + // retry configs. + SendECHRetryConfigs []byte + // SwapNPNAndALPN switches the relative order between NPN and ALPN in // both ClientHello and ServerHello. SwapNPNAndALPN bool diff --git a/ssl/test/runner/handshake_messages.go b/ssl/test/runner/handshake_messages.go index 9164819b7a..b175a93618 100644 --- a/ssl/test/runner/handshake_messages.go +++ b/ssl/test/runner/handshake_messages.go @@ -249,6 +249,48 @@ type pskIdentity struct { obfuscatedTicketAge uint32 } +type HPKECipherSuite struct { + KDF uint16 + AEAD uint16 +} + +type ECHConfig struct { + PublicName string + PublicKey []byte + KEM uint16 + CipherSuites []HPKECipherSuite + MaxNameLen uint16 +} + +func MarshalECHConfig(e *ECHConfig) []byte { + bb := newByteBuilder() + // ECHConfig's wire format reuses the encrypted_client_hello extension + // codepoint as a version identifier. + bb.addU16(extensionEncryptedClientHello) + contents := bb.addU16LengthPrefixed() + contents.addU16LengthPrefixed().addBytes([]byte(e.PublicName)) + contents.addU16LengthPrefixed().addBytes(e.PublicKey) + contents.addU16(e.KEM) + cipherSuites := contents.addU16LengthPrefixed() + for _, suite := range e.CipherSuites { + cipherSuites.addU16(suite.KDF) + cipherSuites.addU16(suite.AEAD) + } + contents.addU16(e.MaxNameLen) + contents.addU16(0) // Empty extensions field + return bb.finish() +} + +// The contents of a CH "encrypted_client_hello" extension. +// https://tools.ietf.org/html/draft-ietf-tls-esni-08 +type clientECH struct { + hpkeKDF uint16 + hpkeAEAD uint16 + configID []byte + enc []byte + payload []byte +} + type clientHelloMsg struct { raw []byte isDTLS bool @@ -260,6 +302,7 @@ type clientHelloMsg struct { compressionMethods []uint8 nextProtoNeg bool serverName string + clientECH *clientECH ocspStapling bool supportedCurves []CurveID supportedPoints []uint8 @@ -378,6 +421,20 @@ func (m *clientHelloMsg) marshal() []byte { body: serverNameList.finish(), }) } + if m.clientECH != nil { + // https://tools.ietf.org/html/draft-ietf-tls-esni-08 + body := newByteBuilder() + body.addU16(m.clientECH.hpkeKDF) + body.addU16(m.clientECH.hpkeAEAD) + body.addU8LengthPrefixed().addBytes(m.clientECH.configID) + body.addU16LengthPrefixed().addBytes(m.clientECH.enc) + body.addU16LengthPrefixed().addBytes(m.clientECH.payload) + + extensions = append(extensions, extension{ + id: extensionEncryptedClientHello, + body: body.finish(), + }) + } if m.ocspStapling { certificateStatusRequest := newByteBuilder() // RFC 4366, section 3.6 @@ -778,6 +835,19 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool { m.serverName = string(name) } } + case extensionEncryptedClientHello: + var ech clientECH + if !body.readU16(&ech.hpkeKDF) || + !body.readU16(&ech.hpkeAEAD) || + !body.readU8LengthPrefixedBytes(&ech.configID) || + !body.readU16LengthPrefixedBytes(&ech.enc) || + len(ech.enc) == 0 || + !body.readU16LengthPrefixedBytes(&ech.payload) || + len(ech.payload) == 0 || + len(body) > 0 { + return false + } + m.clientECH = &ech case extensionNextProtoNeg: if len(body) != 0 { return false @@ -1260,6 +1330,7 @@ type serverExtensions struct { serverNameAck bool applicationSettings []byte hasApplicationSettings bool + echRetryConfigs []byte } func (m *serverExtensions) marshal(extensions *byteBuilder) { @@ -1398,6 +1469,12 @@ func (m *serverExtensions) marshal(extensions *byteBuilder) { extensions.addU16(extensionApplicationSettings) extensions.addU16LengthPrefixed().addBytes(m.applicationSettings) } + if len(m.echRetryConfigs) > 0 { + extensions.addU16(extensionEncryptedClientHello) + body := extensions.addU16LengthPrefixed() + echConfigs := body.addU16LengthPrefixed() + echConfigs.addBytes(m.echRetryConfigs) + } } func (m *serverExtensions) unmarshal(data byteReader, version uint16) bool { @@ -1509,6 +1586,26 @@ func (m *serverExtensions) unmarshal(data byteReader, version uint16) bool { case extensionApplicationSettings: m.hasApplicationSettings = true m.applicationSettings = body + case extensionEncryptedClientHello: + var echConfigs byteReader + if !body.readU16LengthPrefixed(&echConfigs) { + return false + } + for len(echConfigs) > 0 { + // Validate the ECHConfig with a top-level parse. + echConfigReader := echConfigs + var version uint16 + var contents byteReader + if !echConfigReader.readU16(&version) || + !echConfigReader.readU16LengthPrefixed(&contents) { + return false + } + + m.echRetryConfigs = contents + } + if len(body) > 0 { + return false + } default: // Unknown extensions are illegal from the server. return false diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go index 1a4beefb83..e1bc2e8665 100644 --- a/ssl/test/runner/handshake_server.go +++ b/ssl/test/runner/handshake_server.go @@ -403,6 +403,14 @@ func (hs *serverHandshakeState) doTLS13Handshake() error { return err } + if config.Bugs.ExpectClientECH && hs.clientHello.clientECH == nil { + return errors.New("tls: expected client to send ClientECH") + } + + if hs.clientHello.clientECH != nil && len(config.Bugs.SendECHRetryConfigs) > 0 { + encryptedExtensions.extensions.echRetryConfigs = config.Bugs.SendECHRetryConfigs + } + // Select the cipher suite. var preferenceList, supportedList []uint16 if config.PreferServerCipherSuites { diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 1bbec86415..3b0bd8598d 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -46,6 +46,7 @@ import ( "syscall" "time" + "boringssl.googlesource.com/boringssl/ssl/test/runner/hpke" "boringssl.googlesource.com/boringssl/util/testresult" ) @@ -16139,6 +16140,114 @@ func addDelegatedCredentialTests() { }) } +func addEncryptedClientHelloTests() { + // Test ECH GREASE. + + // Test the client's behavior when the server ignores ECH GREASE. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ECH-GREASE-Client-TLS13", + config: Config{ + MinVersion: VersionTLS13, + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + ExpectClientECH: true, + }, + }, + flags: []string{"-enable-ech-grease"}, + }) + + // Test the client's ECH GREASE behavior when responding to server's + // HelloRetryRequest. This test implicitly checks that the first and second + // ClientHello messages have identical ECH extensions. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ECH-GREASE-Client-TLS13-HelloRetryRequest", + config: Config{ + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, + // P-384 requires a HelloRetryRequest against BoringSSL's default + // configuration. Assert this with ExpectMissingKeyShare. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + ExpectMissingKeyShare: true, + ExpectClientECH: true, + }, + }, + flags: []string{"-enable-ech-grease", "-expect-hrr"}, + }) + + retryConfigValid := ECHConfig{ + PublicName: "example.com", + // A real X25519 public key obtained from hpke.GenerateKeyPair(). + PublicKey: []byte{ + 0x23, 0x1a, 0x96, 0x53, 0x52, 0x81, 0x1d, 0x7a, + 0x36, 0x76, 0xaa, 0x5e, 0xad, 0xdb, 0x66, 0x1c, + 0x92, 0x45, 0x8a, 0x60, 0xc7, 0x81, 0x93, 0xb0, + 0x47, 0x7b, 0x54, 0x18, 0x6b, 0x9a, 0x1d, 0x6d}, + KEM: hpke.X25519WithHKDFSHA256, + CipherSuites: []HPKECipherSuite{ + { + KDF: hpke.HKDFSHA256, + AEAD: hpke.AES256GCM, + }, + }, + MaxNameLen: 42, + } + + retryConfigUnsupportedVersion := []byte{ + // version + 0xba, 0xdd, + // length + 0x00, 0x05, + // contents + 0x05, 0x04, 0x03, 0x02, 0x01, + } + + var validAndInvalidConfigs []byte + validAndInvalidConfigs = append(validAndInvalidConfigs, MarshalECHConfig(&retryConfigValid)...) + validAndInvalidConfigs = append(validAndInvalidConfigs, retryConfigUnsupportedVersion...) + + // Test that the client accepts a well-formed encrypted_client_hello + // extension in response to ECH GREASE. The response includes one ECHConfig + // with a supported version and one with an unsupported version. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ECH-GREASE-Client-TLS13-Retry-Configs", + config: Config{ + MinVersion: VersionTLS13, + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + ExpectClientECH: true, + // Include an additional well-formed ECHConfig with an invalid + // version. This ensures the client can iterate over the retry + // configs. + SendECHRetryConfigs: validAndInvalidConfigs, + }, + }, + flags: []string{"-enable-ech-grease"}, + }) + + // Test that the client aborts with a decode_error alert when it receives a + // syntactically-invalid encrypted_client_hello extension from the server. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ECH-GREASE-Client-TLS13-Invalid-Retry-Configs", + config: Config{ + MinVersion: VersionTLS13, + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + ExpectClientECH: true, + SendECHRetryConfigs: []byte{0xba, 0xdd, 0xec, 0xcc}, + }, + }, + flags: []string{"-enable-ech-grease"}, + shouldFail: true, + expectedLocalError: "remote error: error decoding message", + expectedError: ":ERROR_PARSING_EXTENSION:", + }) +} + func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) { defer wg.Done() @@ -16316,6 +16425,7 @@ func main() { addCertCompressionTests() addJDK11WorkaroundTests() addDelegatedCredentialTests() + addEncryptedClientHelloTests() testCases = append(testCases, convertToSplitHandshakeTests(testCases)...) diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc index 3c49b94464..e321ff3a7f 100644 --- a/ssl/test/test_config.cc +++ b/ssl/test/test_config.cc @@ -55,6 +55,7 @@ const Flag kBoolFlags[] = { {"-dtls", &TestConfig::is_dtls}, {"-quic", &TestConfig::is_quic}, {"-fallback-scsv", &TestConfig::fallback_scsv}, + {"-enable-ech-grease", &TestConfig::enable_ech_grease}, {"-require-any-client-certificate", &TestConfig::require_any_client_certificate}, {"-false-start", &TestConfig::false_start}, @@ -1576,6 +1577,9 @@ bssl::UniquePtr TestConfig::NewSSL( if (!expect_channel_id.empty() || enable_channel_id) { SSL_set_tls_channel_id_enabled(ssl.get(), 1); } + if (enable_ech_grease) { + SSL_set_enable_ech_grease(ssl.get(), 1); + } if (!send_channel_id.empty()) { SSL_set_tls_channel_id_enabled(ssl.get(), 1); if (!async) { diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h index 35007b68d1..93aab24506 100644 --- a/ssl/test/test_config.h +++ b/ssl/test/test_config.h @@ -39,6 +39,7 @@ struct TestConfig { std::string key_file; std::string cert_file; std::string expect_server_name; + bool enable_ech_grease = false; std::string expect_certificate_types; bool require_any_client_certificate = false; std::string advertise_npn; From 92de0b53a799a8724865fe816200c1421381d128 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 8 Dec 2020 14:54:24 -0500 Subject: [PATCH 360/399] Reject bad ASN.1 templates with implicitly-tagged CHOICEs. This imports 1ecc76f6746cefd502c7e9000bdfa4e5d7911386 and 41d62636fd996c031c0c7cef746476278583dc9e from upstream. These would have rejected the mistake in OpenSSL's EDIPartyName sturcture. Change-Id: I4eb218f9372bea0f7ff302321b9dc1992ef0c13a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44424 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- .clang-format | 13 +++++++++++++ crypto/asn1/asn1_test.cc | 37 +++++++++++++++++++++++++++++++++++++ crypto/asn1/tasn_dec.c | 18 ++++++++++++++++++ crypto/asn1/tasn_enc.c | 16 ++++++++++++++++ crypto/err/asn1.errordata | 1 + include/openssl/asn1.h | 1 + 6 files changed, 86 insertions(+) diff --git a/.clang-format b/.clang-format index eee2a9ca94..6de1483eb3 100644 --- a/.clang-format +++ b/.clang-format @@ -35,6 +35,19 @@ StatementMacros: - "DECLARE_PEM_write_const" - "DECLARE_PEM_write_fp" - "DECLARE_PEM_write_fp_const" + - "IMPLEMENT_ASN1_ALLOC_FUNCTIONS" + - "IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname" + - "IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname" + - "IMPLEMENT_ASN1_DUP_FUNCTION" + - "IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname" + - "IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname" + - "IMPLEMENT_ASN1_FUNCTIONS" + - "IMPLEMENT_ASN1_FUNCTIONS_const" + - "IMPLEMENT_ASN1_FUNCTIONS_const_fname" + - "IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name" + - "IMPLEMENT_ASN1_FUNCTIONS_fname" + - "IMPLEMENT_ASN1_FUNCTIONS_name" + - "IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS" - "IMPLEMENT_PEM_read" - "IMPLEMENT_PEM_read_bio" - "IMPLEMENT_PEM_read_fp" diff --git a/crypto/asn1/asn1_test.cc b/crypto/asn1/asn1_test.cc index 54d6ee8d1a..68a062b9be 100644 --- a/crypto/asn1/asn1_test.cc +++ b/crypto/asn1/asn1_test.cc @@ -184,3 +184,40 @@ TEST(ASN1Test, SerializeBoolean) { static const uint8_t kFalse[] = {0x01, 0x01, 0x00}; TestSerialize(0x00, i2d_ASN1_BOOLEAN, kFalse); } + +struct IMPLICIT_CHOICE { + ASN1_STRING *string; +}; + +// clang-format off +DECLARE_ASN1_FUNCTIONS(IMPLICIT_CHOICE) + +ASN1_SEQUENCE(IMPLICIT_CHOICE) = { + ASN1_IMP(IMPLICIT_CHOICE, string, DIRECTORYSTRING, 0) +} ASN1_SEQUENCE_END(IMPLICIT_CHOICE) + +IMPLEMENT_ASN1_FUNCTIONS(IMPLICIT_CHOICE) +// clang-format on + +// Test that the ASN.1 templates reject types with implicitly-tagged CHOICE +// types. +TEST(ASN1Test, ImplicitChoice) { + // Serializing a type with an implicitly tagged CHOICE should fail. + std::unique_ptr obj( + IMPLICIT_CHOICE_new(), IMPLICIT_CHOICE_free); + EXPECT_EQ(-1, i2d_IMPLICIT_CHOICE(obj.get(), nullptr)); + + // An implicitly-tagged CHOICE is an error. Depending on the implementation, + // it may be misinterpreted as without the tag, or as clobbering the CHOICE + // tag. Test both inputs and ensure they fail. + + // SEQUENCE { UTF8String {} } + static const uint8_t kInput1[] = {0x30, 0x02, 0x0c, 0x00}; + const uint8_t *ptr = kInput1; + EXPECT_EQ(nullptr, d2i_IMPLICIT_CHOICE(nullptr, &ptr, sizeof(kInput1))); + + // SEQUENCE { [0 PRIMITIVE] {} } + static const uint8_t kInput2[] = {0x30, 0x02, 0x80, 0x00}; + ptr = kInput2; + EXPECT_EQ(nullptr, d2i_IMPLICIT_CHOICE(nullptr, &ptr, sizeof(kInput2))); +} diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 531bc66f7e..99a9714bd5 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -223,6 +223,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, break; case ASN1_ITYPE_MSTRING: + /* + * It never makes sense for multi-strings to have implicit tagging, so + * if tag != -1, then this looks like an error in the template. + */ + if (tag != -1) { + OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE); + goto err; + } + p = *in; /* Just read in tag and class */ ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, @@ -256,6 +265,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); case ASN1_ITYPE_CHOICE: + /* + * It never makes sense for CHOICE types to have implicit tagging, so if + * tag != -1, then this looks like an error in the template. + */ + if (tag != -1) { + OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE); + goto err; + } + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index d0aa0c5daf..13234390dc 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -145,9 +145,25 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, break; case ASN1_ITYPE_MSTRING: + /* + * It never makes sense for multi-strings to have implicit tagging, so + * if tag != -1, then this looks like an error in the template. + */ + if (tag != -1) { + OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE); + return -1; + } return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); case ASN1_ITYPE_CHOICE: + /* + * It never makes sense for CHOICE types to have implicit tagging, so if + * tag != -1, then this looks like an error in the template. + */ + if (tag != -1) { + OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE); + return -1; + } if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) return 0; i = asn1_get_choice_selector(pval, it); diff --git a/crypto/err/asn1.errordata b/crypto/err/asn1.errordata index 271561bcec..5674bda23a 100644 --- a/crypto/err/asn1.errordata +++ b/crypto/err/asn1.errordata @@ -2,6 +2,7 @@ ASN1,100,ASN1_LENGTH_MISMATCH ASN1,101,AUX_ERROR ASN1,102,BAD_GET_ASN1_OBJECT_CALL ASN1,103,BAD_OBJECT_HEADER +ASN1,193,BAD_TEMPLATE ASN1,104,BMPSTRING_IS_WRONG_LENGTH ASN1,105,BN_LIB ASN1,106,BOOLEAN_IS_WRONG_LENGTH diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 70a23c5717..9269553e46 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -1012,5 +1012,6 @@ BSSL_NAMESPACE_END #define ASN1_R_WRONG_TAG 190 #define ASN1_R_WRONG_TYPE 191 #define ASN1_R_NESTED_TOO_DEEP 192 +#define ASN1_R_BAD_TEMPLATE 193 #endif From a6b6b804a05d7ece17efe700854ead9e0a0b2835 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 8 Dec 2020 17:31:35 -0500 Subject: [PATCH 361/399] Align armv8.pl references to OPENSSL_armcap_P. This imports d741debb320bf54e8575d35603a44d4eb40fa1f9 from upstream. We've been managing the shared libraries already because our arm-xlate.pl automatically adds .hidden to .extern lines, but nice to reduce the diff. (This does result in some duplicate .hidden lines in the generated output, but we still want the arm-xlate.pl patch to automatically hide .globl.) Removing .comm lines does change the generated output, but having each asm file define its own copy of OPENSSL_armcap_P as a common symbol always seemed odd. I recall some weird issue where the armv4.pl files subtly rely on it for iOS's strange .indirect_symbol machinery. (Not actually because iOS wants a common symbol but because arm-xlate.pl repurposes .comm to trigger .indirect_symbol.) Fortunately, aarch64 is much better about PC-relative addressing, so it should be a no-op. The .comm lines have also previously caused weird issues (https://boringssl-review.googlesource.com/c/boringssl/+/32324), so it's generally nice to get rid of them. Update-Note: If aarch64 builds get some weird error about relocations, it's this CL's fault. Change-Id: I763ffa6cda750d99694ded8a5b68d7b27b09cfc9 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44464 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/chacha/asm/chacha-armv8.pl | 1 + crypto/fipsmodule/sha/asm/sha1-armv8.pl | 3 +-- crypto/fipsmodule/sha/asm/sha512-armv8.pl | 8 +------- util/diff_asm.go | 15 +++++++++++++-- 4 files changed, 16 insertions(+), 11 deletions(-) diff --git a/crypto/chacha/asm/chacha-armv8.pl b/crypto/chacha/asm/chacha-armv8.pl index 05958c8323..9c1c2d4f6d 100755 --- a/crypto/chacha/asm/chacha-armv8.pl +++ b/crypto/chacha/asm/chacha-armv8.pl @@ -123,6 +123,7 @@ sub ROUND { #include .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .section .rodata diff --git a/crypto/fipsmodule/sha/asm/sha1-armv8.pl b/crypto/fipsmodule/sha/asm/sha1-armv8.pl index dfde8c9adc..0a3acaccc0 100644 --- a/crypto/fipsmodule/sha/asm/sha1-armv8.pl +++ b/crypto/fipsmodule/sha/asm/sha1-armv8.pl @@ -176,6 +176,7 @@ sub BODY_20_39 { .text .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .globl sha1_block_data_order .type sha1_block_data_order,%function .align 6 @@ -327,8 +328,6 @@ sub BODY_20_39 { .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 //K_60_79 .asciz "SHA1 block transform for ARMv8, CRYPTOGAMS by " .align 2 -.comm OPENSSL_armcap_P,4,4 -.hidden OPENSSL_armcap_P ___ }}} diff --git a/crypto/fipsmodule/sha/asm/sha512-armv8.pl b/crypto/fipsmodule/sha/asm/sha512-armv8.pl index aff41cee62..8b671e2eb2 100644 --- a/crypto/fipsmodule/sha/asm/sha512-armv8.pl +++ b/crypto/fipsmodule/sha/asm/sha512-armv8.pl @@ -179,6 +179,7 @@ sub BODY_00_xx { .text .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .globl $func .type $func,%function .align 6 @@ -423,13 +424,6 @@ sub BODY_00_xx { ___ } -$code.=<<___; -#ifndef __KERNEL__ -.comm OPENSSL_armcap_P,4,4 -.hidden OPENSSL_armcap_P -#endif -___ - { my %opcode = ( "sha256h" => 0x5e004000, "sha256h2" => 0x5e005000, "sha256su0" => 0x5e282800, "sha256su1" => 0x5e006000 ); diff --git a/util/diff_asm.go b/util/diff_asm.go index 7b9b45441a..710a42cb69 100644 --- a/util/diff_asm.go +++ b/util/diff_asm.go @@ -31,8 +31,19 @@ var ( func mapName(path string) string { path = strings.Replace(path, filepath.FromSlash("/fipsmodule/"), string(filepath.Separator), 1) - switch filepath.ToSlash(path) { - case "crypto/cipher_extra/asm/aes128gcmsiv-x86_64.pl", "crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl", "crypto/rand/asm/rdrand-x86_64.pl": + pathSlash := filepath.ToSlash(path) + if strings.HasPrefix(pathSlash, "crypto/test/") { + return "" + } + switch pathSlash { + case "crypto/aes/asm/vpaes-armv7.pl", + "crypto/cipher_extra/asm/aes128gcmsiv-x86_64.pl", + "crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl", + "crypto/ec/asm/p256_beeu-x86_64-asm.pl", + "crypto/modes/asm/ghash-neon-armv8.pl", + "crypto/modes/asm/ghash-ssse3-x86.pl", + "crypto/modes/asm/ghash-ssse3-x86_64.pl", + "crypto/rand/asm/rdrand-x86_64.pl": return "" case "crypto/ec/asm/p256-x86_64-asm.pl": return filepath.FromSlash("crypto/ec/asm/ecp_nistz256-x86_64.pl") From 0898b077a34974bb594d1366d6edf93c0821b19f Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 8 Dec 2020 13:44:02 -0800 Subject: [PATCH 362/399] acvp: add support for KAS Change-Id: Ida3ec65e81398881a71828dc1d51cf80be41bdbb Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44444 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- .../fipstools/acvp/acvptool/subprocess/kas.go | 162 ++++++++++++++++++ .../acvp/acvptool/subprocess/subprocess.go | 1 + .../acvp/modulewrapper/modulewrapper.cc | 88 ++++++++++ 3 files changed, 251 insertions(+) create mode 100644 util/fipstools/acvp/acvptool/subprocess/kas.go diff --git a/util/fipstools/acvp/acvptool/subprocess/kas.go b/util/fipstools/acvp/acvptool/subprocess/kas.go new file mode 100644 index 0000000000..b95e48afaa --- /dev/null +++ b/util/fipstools/acvp/acvptool/subprocess/kas.go @@ -0,0 +1,162 @@ +// Copyright (c) 2020, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +package subprocess + +import ( + "bytes" + "encoding/hex" + "encoding/json" + "fmt" +) + +type kasVectorSet struct { + Groups []kasTestGroup `json:"testGroups"` +} + +type kasTestGroup struct { + ID uint64 `json:"tgId"` + Type string `json:"testType"` + Curve string `json:"domainParameterGenerationMode"` + Role string `json:"kasRole"` + Scheme string `json:"scheme"` + Tests []kasTest `json:"tests"` +} + +type kasTest struct { + ID uint64 `json:"tcId"` + XHex string `json:"ephemeralPublicServerX"` + YHex string `json:"ephemeralPublicServerY"` + PrivateKeyHex string `json:"ephemeralPrivateIut"` + ResultHex string `json:"z"` +} + +type kasTestGroupResponse struct { + ID uint64 `json:"tgId"` + Tests []kasTestResponse `json:"tests"` +} + +type kasTestResponse struct { + ID uint64 `json:"tcId"` + XHex string `json:"ephemeralPublicIutX,omitempty"` + YHex string `json:"ephemeralPublicIutY,omitempty"` + ResultHex string `json:"z,omitempty"` + Passed *bool `json:"testPassed,omitempty"` +} + +type kas struct{} + +func (k *kas) Process(vectorSet []byte, m Transactable) (interface{}, error) { + var parsed kasVectorSet + if err := json.Unmarshal(vectorSet, &parsed); err != nil { + return nil, err + } + + // See https://usnistgov.github.io/ACVP/draft-hammett-acvp-kas-ssc-ecc.html + var ret []kasTestGroupResponse + for _, group := range parsed.Groups { + response := kasTestGroupResponse{ + ID: group.ID, + } + + var privateKeyGiven bool + switch group.Type { + case "AFT": + privateKeyGiven = false + case "VAL": + privateKeyGiven = true + default: + return nil, fmt.Errorf("unknown test type %q", group.Type) + } + + switch group.Curve { + case "P-224", "P-256", "P-384", "P-521": + break + default: + return nil, fmt.Errorf("unknown curve %q", group.Curve) + } + + switch group.Role { + case "initiator", "responder": + break + default: + return nil, fmt.Errorf("unknown role %q", group.Role) + } + + if group.Scheme != "ephemeralUnified" { + return nil, fmt.Errorf("unknown scheme %q", group.Scheme) + } + + method := "ECDH/" + group.Curve + + for _, test := range group.Tests { + if len(test.XHex) == 0 || len(test.YHex) == 0 { + return nil, fmt.Errorf("%d/%d is missing peer's point", group.ID, test.ID) + } + + peerX, err := hex.DecodeString(test.XHex) + if err != nil { + return nil, err + } + + peerY, err := hex.DecodeString(test.YHex) + if err != nil { + return nil, err + } + + if (len(test.PrivateKeyHex) != 0) != privateKeyGiven { + return nil, fmt.Errorf("%d/%d incorrect private key presence", group.ID, test.ID) + } + + if privateKeyGiven { + privateKey, err := hex.DecodeString(test.PrivateKeyHex) + if err != nil { + return nil, err + } + + expectedOutput, err := hex.DecodeString(test.ResultHex) + if err != nil { + return nil, err + } + + result, err := m.Transact(method, 3, peerX, peerY, privateKey) + if err != nil { + return nil, err + } + + ok := bytes.Equal(result[2], expectedOutput) + response.Tests = append(response.Tests, kasTestResponse{ + ID: test.ID, + Passed: &ok, + }) + } else { + result, err := m.Transact(method, 3, peerX, peerY, nil) + if err != nil { + return nil, err + } + + response.Tests = append(response.Tests, kasTestResponse{ + ID: test.ID, + XHex: hex.EncodeToString(result[0]), + YHex: hex.EncodeToString(result[1]), + ResultHex: hex.EncodeToString(result[2]), + }) + } + } + + ret = append(ret, response) + } + + return ret, nil +} diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index e5c1d1a653..e3f11cc9cd 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -97,6 +97,7 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess "CMAC-AES": &keyedMACPrimitive{"CMAC-AES"}, "RSA": &rsa{}, "kdf-components": &tlsKDF{}, + "KAS-ECC-SSC": &kas{}, } m.primitives["ECDSA"] = &ecdsa{"ECDSA", map[string]bool{"P-224": true, "P-256": true, "P-384": true, "P-521": true}, m.primitives} diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index 9d915ab6d7..37db2814a1 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -32,6 +32,7 @@ #include #include #include +#include #include #include #include @@ -40,6 +41,7 @@ #include #include +#include "../../../../crypto/fipsmodule/ec/internal.h" #include "../../../../crypto/fipsmodule/rand/internal.h" #include "../../../../crypto/fipsmodule/tls/internal.h" @@ -717,6 +719,24 @@ static bool GetConfig(const Span args[]) { "SHA2-384", "SHA2-512" ] + }, + { + "algorithm": "KAS-ECC-SSC", + "revision": "Sp800-56Ar3", + "scheme": { + "ephemeralUnified": { + "kasRole": [ + "initiator", + "responder" + ] + } + }, + "domainParameterGenerationMethods": [ + "P-224", + "P-256", + "P-384", + "P-521" + ] } ])"; return WriteReply( @@ -1594,6 +1614,70 @@ static bool TLSKDF(const Span args[]) { return WriteReply(STDOUT_FILENO, out); } +template +static bool ECDH(const Span args[]) { + bssl::UniquePtr their_x(BytesToBIGNUM(args[0])); + bssl::UniquePtr their_y(BytesToBIGNUM(args[1])); + const Span private_key = args[2]; + + bssl::UniquePtr ec_key(EC_KEY_new_by_curve_name(Nid)); + bssl::UniquePtr ctx(BN_CTX_new()); + + const EC_GROUP *const group = EC_KEY_get0_group(ec_key.get()); + bssl::UniquePtr their_point(EC_POINT_new(group)); + if (!EC_POINT_set_affine_coordinates_GFp( + group, their_point.get(), their_x.get(), their_y.get(), ctx.get())) { + fprintf(stderr, "Invalid peer point for ECDH.\n"); + return false; + } + + if (!private_key.empty()) { + bssl::UniquePtr our_k(BytesToBIGNUM(private_key)); + if (!EC_KEY_set_private_key(ec_key.get(), our_k.get())) { + fprintf(stderr, "EC_KEY_set_private_key failed.\n"); + return false; + } + + bssl::UniquePtr our_pub(EC_POINT_new(group)); + if (!EC_POINT_mul(group, our_pub.get(), our_k.get(), nullptr, nullptr, + ctx.get()) || + !EC_KEY_set_public_key(ec_key.get(), our_pub.get())) { + fprintf(stderr, "Calculating public key failed.\n"); + return false; + } + } else if (!EC_KEY_generate_key_fips(ec_key.get())) { + fprintf(stderr, "EC_KEY_generate_key_fips failed.\n"); + return false; + } + + // The output buffer is one larger than |EC_MAX_BYTES| so that truncation + // can be detected. + std::vector output(EC_MAX_BYTES + 1); + const int out_len = + ECDH_compute_key(output.data(), output.size(), their_point.get(), + ec_key.get(), /*kdf=*/nullptr); + if (out_len < 0) { + fprintf(stderr, "ECDH_compute_key failed.\n"); + return false; + } else if (static_cast(out_len) == output.size()) { + fprintf(stderr, "ECDH_compute_key output may have been truncated.\n"); + return false; + } + output.resize(static_cast(out_len)); + + const EC_POINT *pub = EC_KEY_get0_public_key(ec_key.get()); + bssl::UniquePtr x(BN_new()); + bssl::UniquePtr y(BN_new()); + if (!EC_POINT_get_affine_coordinates_GFp(group, pub, x.get(), y.get(), + ctx.get())) { + fprintf(stderr, "EC_POINT_get_affine_coordinates_GFp failed.\n"); + return false; + } + + return WriteReply(STDOUT_FILENO, BIGNUMBytes(x.get()), BIGNUMBytes(y.get()), + output); +} + static constexpr struct { const char name[kMaxNameLength + 1]; uint8_t expected_args; @@ -1660,6 +1744,10 @@ static constexpr struct { {"TLSKDF/1.2/SHA2-256", 5, TLSKDF}, {"TLSKDF/1.2/SHA2-384", 5, TLSKDF}, {"TLSKDF/1.2/SHA2-512", 5, TLSKDF}, + {"ECDH/P-224", 3, ECDH}, + {"ECDH/P-256", 3, ECDH}, + {"ECDH/P-384", 3, ECDH}, + {"ECDH/P-521", 3, ECDH}, }; int main() { From 66feb2c552cd9e09f0d7cfff291ce4842cc1a5a7 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Thu, 10 Dec 2020 07:17:36 -0800 Subject: [PATCH 363/399] Add TLS_KDF to documented break tests. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 8846533744 added a “power-on” test for the TLS KDF, but omitted to add it to the documented list of these tests. Change-Id: I13dbad4b9359e7dae0938d02ac53e5e011f50824 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44505 Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- crypto/fipsmodule/FIPS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/fipsmodule/FIPS.md b/crypto/fipsmodule/FIPS.md index f967a2d604..d3b3890fc0 100644 --- a/crypto/fipsmodule/FIPS.md +++ b/crypto/fipsmodule/FIPS.md @@ -35,6 +35,7 @@ In order to demonstrate failures of the various FIPS 140 tests, BoringSSL can be 1. DRBG 1. RSA\_PWCT 1. ECDSA\_PWCT +1. TLS\_KDF ## Breaking the integrity test From 4ae71a4c7aea7287b7090dfa664bf9a1f30ea787 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 9 Dec 2020 16:42:03 -0500 Subject: [PATCH 364/399] Skip ASN.1 template tests in Windows shared library builds. This should fix the Chromium roll. Windows shared library builds are fussy about dllexport vs. dllimport in a way that's incompatible with external uses of the asn1t.h macros. The issue is the DECLARE_* macros will add dllexport vs. dllimport on the assumption the symbols are defined in libcrypto, but external definitions need a different selector. Rather than add more complex macros for this, just exclude those tests. Ideally we wouldn't supoport asn1t.h outside the library at all, if we can manage it, so no sense in trying to make it work. This excludes both the new and the old tests. Although this has been working thus far, it only works because we've been setting the BORINGSSL_IMPLEMENTATION symbol for test targets wrong in Chromium. I'm confused how that's been working at all (maybe dllexport vs. dllimport is more lax when it comes to functions rather than variables?), but when I do it correctly, the ASN1_LINKED_LIST template breaks too. Change-Id: I391edba1748f66c383ed55a9d23053674bbb876e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44484 Commit-Queue: Adam Langley Reviewed-by: Adam Langley --- crypto/asn1/asn1_test.cc | 74 ++++++++++++++++++++++------------------ 1 file changed, 40 insertions(+), 34 deletions(-) diff --git a/crypto/asn1/asn1_test.cc b/crypto/asn1/asn1_test.cc index 68a062b9be..7b09ba5c49 100644 --- a/crypto/asn1/asn1_test.cc +++ b/crypto/asn1/asn1_test.cc @@ -96,6 +96,44 @@ TEST(ASN1Test, IntegerSetting) { } } +template +void TestSerialize(T obj, int (*i2d_func)(T a, uint8_t **pp), + bssl::Span expected) { + int len = static_cast(expected.size()); + ASSERT_EQ(i2d_func(obj, nullptr), len); + + std::vector buf(expected.size()); + uint8_t *ptr = buf.data(); + ASSERT_EQ(i2d_func(obj, &ptr), len); + EXPECT_EQ(ptr, buf.data() + buf.size()); + EXPECT_EQ(Bytes(expected), Bytes(buf)); + + // Test the allocating version. + ptr = nullptr; + ASSERT_EQ(i2d_func(obj, &ptr), len); + EXPECT_EQ(Bytes(expected), Bytes(ptr, expected.size())); + OPENSSL_free(ptr); +} + +TEST(ASN1Test, SerializeObject) { + static const uint8_t kDER[] = {0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01}; + const ASN1_OBJECT *obj = OBJ_nid2obj(NID_rsaEncryption); + TestSerialize(obj, i2d_ASN1_OBJECT, kDER); +} + +TEST(ASN1Test, SerializeBoolean) { + static const uint8_t kTrue[] = {0x01, 0x01, 0xff}; + TestSerialize(0xff, i2d_ASN1_BOOLEAN, kTrue); + + static const uint8_t kFalse[] = {0x01, 0x01, 0x00}; + TestSerialize(0x00, i2d_ASN1_BOOLEAN, kFalse); +} + +// The ASN.1 macros do not work on Windows shared library builds, where usage of +// |OPENSSL_EXPORT| is a bit stricter. +#if !defined(OPENSSL_WINDOWS) || !defined(BORINGSSL_SHARED_LIBRARY) + typedef struct asn1_linked_list_st { struct asn1_linked_list_st *next; } ASN1_LINKED_LIST; @@ -151,40 +189,6 @@ TEST(ASN1Test, Recursive) { ASN1_LINKED_LIST_free(list); } -template -void TestSerialize(T obj, int (*i2d_func)(T a, uint8_t **pp), - bssl::Span expected) { - int len = static_cast(expected.size()); - ASSERT_EQ(i2d_func(obj, nullptr), len); - - std::vector buf(expected.size()); - uint8_t *ptr = buf.data(); - ASSERT_EQ(i2d_func(obj, &ptr), len); - EXPECT_EQ(ptr, buf.data() + buf.size()); - EXPECT_EQ(Bytes(expected), Bytes(buf)); - - // Test the allocating version. - ptr = nullptr; - ASSERT_EQ(i2d_func(obj, &ptr), len); - EXPECT_EQ(Bytes(expected), Bytes(ptr, expected.size())); - OPENSSL_free(ptr); -} - -TEST(ASN1Test, SerializeObject) { - static const uint8_t kDER[] = {0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01}; - const ASN1_OBJECT *obj = OBJ_nid2obj(NID_rsaEncryption); - TestSerialize(obj, i2d_ASN1_OBJECT, kDER); -} - -TEST(ASN1Test, SerializeBoolean) { - static const uint8_t kTrue[] = {0x01, 0x01, 0xff}; - TestSerialize(0xff, i2d_ASN1_BOOLEAN, kTrue); - - static const uint8_t kFalse[] = {0x01, 0x01, 0x00}; - TestSerialize(0x00, i2d_ASN1_BOOLEAN, kFalse); -} - struct IMPLICIT_CHOICE { ASN1_STRING *string; }; @@ -221,3 +225,5 @@ TEST(ASN1Test, ImplicitChoice) { ptr = kInput2; EXPECT_EQ(nullptr, d2i_IMPLICIT_CHOICE(nullptr, &ptr, sizeof(kInput2))); } + +#endif // !WINDOWS || !SHARED_LIBRARY From a3a98944f43cf0cdd5135e53fcd6da224ad6184c Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 1 Dec 2020 10:38:15 -0800 Subject: [PATCH 365/399] Switch to passive entropy collection for Android FIPS. Rather than the FIPS module actively collecting entropy from the CPU or OS, this change configures Android FIPS to passively receive entropy. See FIPS IG 7.14 section two. Change-Id: Ibfc5c5042e560718474b89970199d35b67c21296 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44305 Commit-Queue: Adam Langley Reviewed-by: David Benjamin --- crypto/CMakeLists.txt | 1 + crypto/fipsmodule/rand/internal.h | 28 +++++ crypto/fipsmodule/rand/rand.c | 166 +++++++++++++++++++++++------- crypto/fipsmodule/rand/urandom.c | 7 -- crypto/rand_extra/passive.c | 34 ++++++ include/openssl/base.h | 4 + 6 files changed, 195 insertions(+), 45 deletions(-) create mode 100644 crypto/rand_extra/passive.c diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 2771768f43..8368a21836 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -325,6 +325,7 @@ add_library( rand_extra/deterministic.c rand_extra/forkunsafe.c rand_extra/fuchsia.c + rand_extra/passive.c rand_extra/rand_extra.c rand_extra/windows.c rc4/rc4.c diff --git a/crypto/fipsmodule/rand/internal.h b/crypto/fipsmodule/rand/internal.h index db81c3378e..598a17bc84 100644 --- a/crypto/fipsmodule/rand/internal.h +++ b/crypto/fipsmodule/rand/internal.h @@ -36,6 +36,34 @@ extern "C" { void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len, const uint8_t user_additional_data[32]); +#if defined(BORINGSSL_FIPS) + +// We overread from /dev/urandom or RDRAND by a factor of 10 and XOR to whiten. +#define BORINGSSL_FIPS_OVERREAD 10 + +// CRYPTO_get_seed_entropy writes |out_entropy_len| bytes of entropy, suitable +// for seeding a DRBG, to |out_entropy|. It sets |*out_used_cpu| to one if the +// entropy came directly from the CPU and zero if it came from the OS. It +// actively obtains entropy from the CPU/OS and so should not be called from +// within the FIPS module if |BORINGSSL_FIPS_PASSIVE_ENTROPY| is defined. +void CRYPTO_get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len, + int *out_used_cpu); + +#if defined(BORINGSSL_FIPS_PASSIVE_ENTROPY) + +// RAND_load_entropy supplies |entropy_len| bytes of entropy to the module. The +// |from_cpu| parameter is true iff the entropy was obtained directly from the +// CPU. +void RAND_load_entropy(const uint8_t *entropy, size_t entropy_len, + int from_cpu); + +// RAND_need_entropy is implemented outside of the FIPS module and is called +// when the module has stopped because it has run out of entropy. +void RAND_need_entropy(size_t bytes_needed); + +#endif // BORINGSSL_FIPS_PASSIVE_ENTROPY +#endif // BORINGSSL_FIPS + // CRYPTO_sysrand fills |len| bytes at |buf| with entropy from the operating // system. void CRYPTO_sysrand(uint8_t *buf, size_t len); diff --git a/crypto/fipsmodule/rand/rand.c b/crypto/fipsmodule/rand/rand.c index 05d6a29be4..aa0f05b619 100644 --- a/crypto/fipsmodule/rand/rand.c +++ b/crypto/fipsmodule/rand/rand.c @@ -25,6 +25,7 @@ #include #include #include +#include #include "internal.h" #include "fork_detect.h" @@ -63,11 +64,11 @@ struct rand_thread_state { // (re)seeded. This is bound by |kReseedInterval|. unsigned calls; // last_block_valid is non-zero iff |last_block| contains data from - // |CRYPTO_sysrand_for_seed|. + // |get_seed_entropy|. int last_block_valid; #if defined(BORINGSSL_FIPS) - // last_block contains the previous block from |CRYPTO_sysrand_for_seed|. + // last_block contains the previous block from |get_seed_entropy|. uint8_t last_block[CRNGT_BLOCK_SIZE]; // next and prev form a NULL-terminated, double-linked list of all states in // a process. @@ -146,12 +147,6 @@ static int rdrand(uint8_t *buf, const size_t len) { OPENSSL_memcpy(buf + len_multiple8, rand_buf, remainder); } -#if defined(BORINGSSL_FIPS_BREAK_CRNG) - // This breaks the "continuous random number generator test" defined in FIPS - // 140-2, section 4.9.2, and implemented in rand_get_seed(). - OPENSSL_memset(buf, 0, len); -#endif - return 1; } @@ -165,25 +160,110 @@ static int rdrand(uint8_t *buf, size_t len) { #if defined(BORINGSSL_FIPS) +void CRYPTO_get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len, + int *out_used_cpu) { + *out_used_cpu = 0; + if (have_rdrand() && rdrand(out_entropy, out_entropy_len)) { + *out_used_cpu = 1; + } else { + CRYPTO_sysrand_for_seed(out_entropy, out_entropy_len); + } + +#if defined(BORINGSSL_FIPS_BREAK_CRNG) + // This breaks the "continuous random number generator test" defined in FIPS + // 140-2, section 4.9.2, and implemented in |rand_get_seed|. + OPENSSL_memset(out_entropy, 0, out_entropy_len); +#endif +} + +#if defined(BORINGSSL_FIPS_PASSIVE_ENTROPY) + +// In passive entropy mode, entropy is supplied from outside of the module via +// |RAND_load_entropy| and is stored in global instance of the following +// structure. + +struct entropy_buffer { + // bytes contains entropy suitable for seeding a DRBG. + uint8_t bytes[CTR_DRBG_ENTROPY_LEN * BORINGSSL_FIPS_OVERREAD]; + // bytes_valid indicates the number of bytes of |bytes| that contain valid + // data. + size_t bytes_valid; + // from_cpu is true if any of the contents of |bytes| were obtained directly + // from the CPU. + int from_cpu; +}; + +DEFINE_BSS_GET(struct entropy_buffer, entropy_buffer); +DEFINE_STATIC_MUTEX(entropy_buffer_lock); + +void RAND_load_entropy(const uint8_t *entropy, size_t entropy_len, + int from_cpu) { + struct entropy_buffer *const buffer = entropy_buffer_bss_get(); + + CRYPTO_STATIC_MUTEX_lock_write(entropy_buffer_lock_bss_get()); + const size_t space = sizeof(buffer->bytes) - buffer->bytes_valid; + if (entropy_len > space) { + entropy_len = space; + } + + OPENSSL_memcpy(&buffer->bytes[buffer->bytes_valid], entropy, entropy_len); + buffer->bytes_valid += entropy_len; + buffer->from_cpu |= from_cpu && (entropy_len != 0); + CRYPTO_STATIC_MUTEX_unlock_write(entropy_buffer_lock_bss_get()); +} + +// get_seed_entropy fills |out_entropy_len| bytes of |out_entropy| from the +// global |entropy_buffer|. +static void get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len, + int *out_used_cpu) { + struct entropy_buffer *const buffer = entropy_buffer_bss_get(); + if (out_entropy_len > sizeof(buffer->bytes)) { + abort(); + } + + CRYPTO_STATIC_MUTEX_lock_write(entropy_buffer_lock_bss_get()); + while (buffer->bytes_valid < out_entropy_len) { + CRYPTO_STATIC_MUTEX_unlock_write(entropy_buffer_lock_bss_get()); + RAND_need_entropy(out_entropy_len - buffer->bytes_valid); + CRYPTO_STATIC_MUTEX_lock_write(entropy_buffer_lock_bss_get()); + } + + *out_used_cpu = buffer->from_cpu; + OPENSSL_memcpy(out_entropy, buffer->bytes, out_entropy_len); + OPENSSL_memmove(buffer->bytes, &buffer->bytes[out_entropy_len], + buffer->bytes_valid - out_entropy_len); + buffer->bytes_valid -= out_entropy_len; + if (buffer->bytes_valid == 0) { + buffer->from_cpu = 0; + } + + CRYPTO_STATIC_MUTEX_unlock_write(entropy_buffer_lock_bss_get()); +} + +#else + +// In the active case, |get_seed_entropy| simply calls |CRYPTO_get_seed_entropy| +// in order to obtain entropy from the CPU or OS. +static void get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len, + int *out_used_cpu) { + CRYPTO_get_seed_entropy(out_entropy, out_entropy_len, out_used_cpu); +} + +#endif // !BORINGSSL_FIPS_PASSIVE_ENTROPY + +// rand_get_seed fills |seed| with entropy and sets |*out_used_cpu| to one if +// that entropy came directly from the CPU and zero otherwise. static void rand_get_seed(struct rand_thread_state *state, - uint8_t seed[CTR_DRBG_ENTROPY_LEN]) { + uint8_t seed[CTR_DRBG_ENTROPY_LEN], + int *out_used_cpu) { if (!state->last_block_valid) { - if (!have_rdrand() || - !rdrand(state->last_block, sizeof(state->last_block))) { - CRYPTO_sysrand_for_seed(state->last_block, sizeof(state->last_block)); - } + int unused; + get_seed_entropy(state->last_block, sizeof(state->last_block), &unused); state->last_block_valid = 1; } - // We overread from /dev/urandom or RDRAND by a factor of 10 and XOR to - // whiten. -#define FIPS_OVERREAD 10 - uint8_t entropy[CTR_DRBG_ENTROPY_LEN * FIPS_OVERREAD]; - - int used_rdrand = have_rdrand() && rdrand(entropy, sizeof(entropy)); - if (!used_rdrand) { - CRYPTO_sysrand_for_seed(entropy, sizeof(entropy)); - } + uint8_t entropy[CTR_DRBG_ENTROPY_LEN * BORINGSSL_FIPS_OVERREAD]; + get_seed_entropy(entropy, sizeof(entropy), out_used_cpu); // See FIPS 140-2, section 4.9.2. This is the “continuous random number // generator test” which causes the program to randomly abort. Hopefully the @@ -193,6 +273,7 @@ static void rand_get_seed(struct rand_thread_state *state, BORINGSSL_FIPS_abort(); } + OPENSSL_STATIC_ASSERT(sizeof(entropy) % CRNGT_BLOCK_SIZE == 0, ""); for (size_t i = CRNGT_BLOCK_SIZE; i < sizeof(entropy); i += CRNGT_BLOCK_SIZE) { if (CRYPTO_memcmp(entropy + i - CRNGT_BLOCK_SIZE, entropy + i, @@ -207,31 +288,24 @@ static void rand_get_seed(struct rand_thread_state *state, OPENSSL_memcpy(seed, entropy, CTR_DRBG_ENTROPY_LEN); - for (size_t i = 1; i < FIPS_OVERREAD; i++) { + for (size_t i = 1; i < BORINGSSL_FIPS_OVERREAD; i++) { for (size_t j = 0; j < CTR_DRBG_ENTROPY_LEN; j++) { seed[j] ^= entropy[CTR_DRBG_ENTROPY_LEN * i + j]; } } - -#if defined(OPENSSL_URANDOM) - // If we used RDRAND, also opportunistically read from the system. This avoids - // solely relying on the hardware once the entropy pool has been initialized. - if (used_rdrand) { - CRYPTO_sysrand_if_available(entropy, CTR_DRBG_ENTROPY_LEN); - for (size_t i = 0; i < CTR_DRBG_ENTROPY_LEN; i++) { - seed[i] ^= entropy[i]; - } - } -#endif } #else +// rand_get_seed fills |seed| with entropy and sets |*out_used_cpu| to one if +// that entropy came directly from the CPU and zero otherwise. static void rand_get_seed(struct rand_thread_state *state, - uint8_t seed[CTR_DRBG_ENTROPY_LEN]) { + uint8_t seed[CTR_DRBG_ENTROPY_LEN], + int *out_used_cpu) { // If not in FIPS mode, we don't overread from the system entropy source and // we don't depend only on the hardware RDRAND. CRYPTO_sysrand(seed, CTR_DRBG_ENTROPY_LEN); + *out_used_cpu = 0; } #endif @@ -290,8 +364,23 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len, state->last_block_valid = 0; uint8_t seed[CTR_DRBG_ENTROPY_LEN]; - rand_get_seed(state, seed); - if (!CTR_DRBG_init(&state->drbg, seed, NULL, 0)) { + int used_cpu; + rand_get_seed(state, seed, &used_cpu); + + uint8_t personalization[CTR_DRBG_ENTROPY_LEN]; + size_t personalization_len = 0; +#if defined(OPENSSL_URANDOM) + // If we used RDRAND, also opportunistically read from the system. This + // avoids solely relying on the hardware once the entropy pool has been + // initialized. + if (used_cpu && + CRYPTO_sysrand_if_available(personalization, sizeof(personalization))) { + personalization_len = sizeof(personalization); + } +#endif + + if (!CTR_DRBG_init(&state->drbg, seed, personalization, + personalization_len)) { abort(); } state->calls = 0; @@ -315,7 +404,8 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len, if (state->calls >= kReseedInterval || state->fork_generation != fork_generation) { uint8_t seed[CTR_DRBG_ENTROPY_LEN]; - rand_get_seed(state, seed); + int used_cpu; + rand_get_seed(state, seed, &used_cpu); #if defined(BORINGSSL_FIPS) // Take a read lock around accesses to |state->drbg|. This is needed to // avoid returning bad entropy if we race with diff --git a/crypto/fipsmodule/rand/urandom.c b/crypto/fipsmodule/rand/urandom.c index bae3fc3573..3def3aa6f0 100644 --- a/crypto/fipsmodule/rand/urandom.c +++ b/crypto/fipsmodule/rand/urandom.c @@ -366,14 +366,7 @@ void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) { perror("entropy fill failed"); abort(); } - -#if defined(BORINGSSL_FIPS_BREAK_CRNG) - // This breaks the "continuous random number generator test" defined in FIPS - // 140-2, section 4.9.2, and implemented in rand_get_seed(). - OPENSSL_memset(out, 0, requested); -#endif } - #endif // BORINGSSL_FIPS int CRYPTO_sysrand_if_available(uint8_t *out, size_t requested) { diff --git a/crypto/rand_extra/passive.c b/crypto/rand_extra/passive.c new file mode 100644 index 0000000000..a8c2487ca8 --- /dev/null +++ b/crypto/rand_extra/passive.c @@ -0,0 +1,34 @@ +/* Copyright (c) 2020, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include "../fipsmodule/rand/internal.h" + +#if defined(BORINGSSL_FIPS_PASSIVE_ENTROPY) + +// RAND_need_entropy is called by the FIPS module when it has blocked because of +// a lack of entropy. This signal is used as an indication to feed it more. +void RAND_need_entropy(size_t bytes_needed) { + uint8_t buf[CTR_DRBG_ENTROPY_LEN * BORINGSSL_FIPS_OVERREAD]; + size_t todo = sizeof(buf); + if (todo > bytes_needed) { + todo = bytes_needed; + } + + int used_cpu; + CRYPTO_get_seed_entropy(buf, todo, &used_cpu); + RAND_load_entropy(buf, todo, used_cpu); +} + +#endif // BORINGSSL_FIPS_PASSIVE_ENTROPY diff --git a/include/openssl/base.h b/include/openssl/base.h index 8e8cc15a93..60c7e870bf 100644 --- a/include/openssl/base.h +++ b/include/openssl/base.h @@ -156,6 +156,10 @@ extern "C" { #if defined(__ANDROID_API__) #define OPENSSL_ANDROID +#if defined(BORINGSSL_FIPS) +// The FIPS module on Android passively receives entropy. +#define BORINGSSL_FIPS_PASSIVE_ENTROPY +#endif #endif // BoringSSL requires platform's locking APIs to make internal global state From a929e327463bfa71b065111c0245c1599d39f99b Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 11 Dec 2020 11:16:56 -0500 Subject: [PATCH 366/399] Finish switching to NASM. As of https://chromium-review.googlesource.com/c/chromium/tools/build/+/2586225, we no longer test on Yasm. Yasm hasn't seen a release for over six years now and is missing support for newer x86 instructions. This removes the remnants of support for Yasm on the CI. It also removes the Yasm support we patched into x86nasm.pl, which removes a now unnecessary divergence from upstream. Update-Note: If a x86 Windows asm build breaks, switch from Yasm to NASM. We're also no longer testing NASM on x86_64 Windows, but there wasn't any patch to revert. Change-Id: I016bad8757fcc13240db9f56dd622be518e649d7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44564 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- .gitignore | 1 - BUILDING.md | 8 -------- crypto/CMakeLists.txt | 2 +- crypto/perlasm/x86nasm.pl | 8 -------- util/bot/DEPS | 12 ------------ util/bot/UPDATING | 8 -------- util/bot/yasm-win32.exe.sha1 | 1 - 7 files changed, 1 insertion(+), 39 deletions(-) delete mode 100644 util/bot/yasm-win32.exe.sha1 diff --git a/.gitignore b/.gitignore index 83a64740d4..07d80839a9 100644 --- a/.gitignore +++ b/.gitignore @@ -28,4 +28,3 @@ util/bot/sde-linux64.tar.bz2 util/bot/sde-win32 util/bot/sde-win32.tar.bz2 util/bot/win_toolchain.json -util/bot/yasm-win32.exe diff --git a/BUILDING.md b/BUILDING.md index e3a3570797..2d156ec711 100644 --- a/BUILDING.md +++ b/BUILDING.md @@ -157,14 +157,6 @@ BoringSSL maintainers if making use of it. ## Known Limitations on Windows - * Versions of CMake since 3.0.2 have a bug in its Ninja generator that causes - yasm to output warnings - - yasm: warning: can open only one input file, only the last file will be processed - - These warnings can be safely ignored. The cmake bug is - http://www.cmake.org/Bug/view.php?id=15253. - * CMake can generate Visual Studio projects, but the generated project files don't have steps for assembling the assembly language source files, so they currently cannot be used to build BoringSSL. diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 8368a21836..108887c698 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -55,7 +55,7 @@ if(NOT OPENSSL_NO_ASM) endif() set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -gcv8") - # On Windows, we use the NASM output, specifically built with Yasm. + # On Windows, we use the NASM output. set(ASM_EXT asm) enable_language(ASM_NASM) endif() diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl index 7bb3347817..454f3cfed4 100644 --- a/crypto/perlasm/x86nasm.pl +++ b/crypto/perlasm/x86nasm.pl @@ -90,15 +90,7 @@ sub ::file %ifidn __OUTPUT_FORMAT__,obj section code use32 class=code align=64 %elifidn __OUTPUT_FORMAT__,win32 -%ifdef __YASM_VERSION_ID__ -%if __YASM_VERSION_ID__ < 01010000h -%error yasm version 1.1.0 or later needed. -%endif -; Yasm automatically includes @feat.00 and complains about redefining it. -; https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.html -%else \$\@feat.00 equ 1 -%endif section .text code align=64 %else section .text code diff --git a/util/bot/DEPS b/util/bot/DEPS index 8544fe9c3a..c87de229db 100644 --- a/util/bot/DEPS +++ b/util/bot/DEPS @@ -152,18 +152,6 @@ hooks = [ 'boringssl/util/bot/perl-win32/', ], }, - { - 'name': 'yasm_win32', - 'pattern': '.', - 'condition': 'host_os == "win" and not checkout_nasm', - 'action': [ 'download_from_google_storage', - '--no_resume', - '--platform=win32', - '--no_auth', - '--bucket', 'chromium-tools', - '-s', 'boringssl/util/bot/yasm-win32.exe.sha1', - ], - }, { 'name': 'nasm_win32', 'pattern': '.', diff --git a/util/bot/UPDATING b/util/bot/UPDATING index aa636e815d..9ea123b937 100644 --- a/util/bot/UPDATING +++ b/util/bot/UPDATING @@ -64,14 +64,6 @@ perl-win32.zip: Update to the latest 64-bit prebuilt "Portable" edition of The current revision is strawberry-perl-5.26.2.1-64bit-portable.zip. -yasm-win32.exe: Update to the appropriate release of Yasm. Use the same version - as Chromium, found at - https://chromium.googlesource.com/chromium/src/+/master/third_party/yasm/README.chromium - Use the release at http://yasm.tortall.net/Download.html labeled - "Win32 .exe". The download will be named yasm-VERSION-win32.exe. - - The current revision is yasm-1.3.0-win32.exe. - Finally, update sde-linux64.tar.bz2 and sde-win32.tar.bz2 by downloading the latet release from Intel at https://software.intel.com/en-us/articles/intel-software-development-emulator, diff --git a/util/bot/yasm-win32.exe.sha1 b/util/bot/yasm-win32.exe.sha1 deleted file mode 100644 index 542a6c95bb..0000000000 --- a/util/bot/yasm-win32.exe.sha1 +++ /dev/null @@ -1 +0,0 @@ -8374a6a1d6a240a3baa771ffd61b3bc096ccd11f \ No newline at end of file From 49587b2c10482d8f949b616ed4f42f130c9ebbaf Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 11 Dec 2020 11:36:54 -0500 Subject: [PATCH 367/399] Remove unused Netware codepaths in x86 perlasm. Imported from upstream's 617b49db14fa4c1211bfc5d0e88294d0f159c9a9. Change-Id: I64349b7cbbda8fbacf1e20ca609081ed42f10550 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44565 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/perlasm/x86asm.pl | 15 +++++---------- crypto/perlasm/x86nasm.pl | 4 ++-- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/crypto/perlasm/x86asm.pl b/crypto/perlasm/x86asm.pl index 2d19425ff9..51f37664c6 100644 --- a/crypto/perlasm/x86asm.pl +++ b/crypto/perlasm/x86asm.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -276,13 +276,13 @@ sub ::asciz sub ::asm_finish { &file_end(); my $comment = "#"; - $comment = ";" if ($win32 || $netware); + $comment = ";" if ($win32); print <<___; $comment This file is generated from a similarly-named Perl script in the BoringSSL $comment source tree. Do not edit by hand. ___ - if ($win32 || $netware) { + if ($win32) { print <<___ unless $masm; %ifdef BORINGSSL_PREFIX %include "boringssl_prefix_symbols_nasm.inc" @@ -297,7 +297,7 @@ sub ::asm_finish ___ } print @out; - print "#endif\n" unless ($win32 || $netware); + print "#endif\n" unless ($win32); # See https://www.airs.com/blog/archives/518. print ".section\t.note.GNU-stack,\"\",\@progbits\n" if ($elf); } @@ -307,7 +307,7 @@ sub ::asm_init $i386=$cpu; - $elf=$cpp=$coff=$aout=$macosx=$win32=$netware=$mwerks=$android=0; + $elf=$cpp=$coff=$aout=$macosx=$win32=$mwerks=$android=0; if (($type eq "elf")) { $elf=1; require "x86gas.pl"; } elsif (($type eq "elf-1")) @@ -318,10 +318,6 @@ sub ::asm_init { $coff=1; require "x86gas.pl"; } elsif (($type eq "win32n")) { $win32=1; require "x86nasm.pl"; } - elsif (($type eq "nw-nasm")) - { $netware=1; require "x86nasm.pl"; } - #elsif (($type eq "nw-mwasm")) - #{ $netware=1; $mwerks=1; require "x86nasm.pl"; } elsif (($type eq "win32")) { $win32=1; $masm=1; require "x86masm.pl"; } elsif (($type eq "macosx")) @@ -335,7 +331,6 @@ sub ::asm_init a.out - DJGPP, elder OpenBSD, etc. coff - GAS/COFF such as Win32 targets win32n - Windows 95/Windows NT NASM format - nw-nasm - NetWare NASM format macosx - Mac OS X EOF exit(1); diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl index 454f3cfed4..96883ffe4a 100644 --- a/crypto/perlasm/x86nasm.pl +++ b/crypto/perlasm/x86nasm.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ package x86nasm; *out=\@::out; $::lbdecor="L\$"; # local label decoration -$nmdecor=$::netware?"":"_"; # external name decoration +$nmdecor="_"; # external name decoration $drdecor=$::mwerks?".":""; # directive decoration $initseg=""; From ce7f08827d291a138b68d962fd81704ce76c68d5 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Thu, 10 Dec 2020 13:13:44 -0800 Subject: [PATCH 368/399] Move DH code into the FIPS module. This change also drops ex_data from DH objects. The global would need special handling in the FIPS module, which isn't hard, but just dropping it saves some of the code-size costs of this change and I cannot find any signs of use of this functionality. Change-Id: I984bd70698c2ec329f340d294b3b9ec169cd0c4e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44524 Reviewed-by: David Benjamin --- crypto/CMakeLists.txt | 8 +++----- crypto/{dh => dh_extra}/dh_asn1.c | 0 crypto/{dh => dh_extra}/dh_test.cc | 0 crypto/{dh => dh_extra}/params.c | 0 crypto/fipsmodule/bcm.c | 2 ++ crypto/{ => fipsmodule}/dh/check.c | 0 crypto/{ => fipsmodule}/dh/dh.c | 26 +------------------------- include/openssl/dh.h | 14 -------------- 8 files changed, 6 insertions(+), 44 deletions(-) rename crypto/{dh => dh_extra}/dh_asn1.c (100%) rename crypto/{dh => dh_extra}/dh_test.cc (100%) rename crypto/{dh => dh_extra}/params.c (100%) rename crypto/{ => fipsmodule}/dh/check.c (100%) rename crypto/{ => fipsmodule}/dh/dh.c (94%) diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 108887c698..d23c02eee4 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -265,10 +265,8 @@ add_library( crypto.c curve25519/curve25519.c curve25519/spake25519.c - dh/dh.c - dh/params.c - dh/check.c - dh/dh_asn1.c + dh_extra/params.c + dh_extra/dh_asn1.c digest_extra/digest_extra.c dsa/dsa.c dsa/dsa_asn1.c @@ -502,7 +500,7 @@ add_executable( curve25519/spake25519_test.cc curve25519/x25519_test.cc ecdh_extra/ecdh_test.cc - dh/dh_test.cc + dh_extra/dh_test.cc digest_extra/digest_test.cc dsa/dsa_test.cc err/err_test.cc diff --git a/crypto/dh/dh_asn1.c b/crypto/dh_extra/dh_asn1.c similarity index 100% rename from crypto/dh/dh_asn1.c rename to crypto/dh_extra/dh_asn1.c diff --git a/crypto/dh/dh_test.cc b/crypto/dh_extra/dh_test.cc similarity index 100% rename from crypto/dh/dh_test.cc rename to crypto/dh_extra/dh_test.cc diff --git a/crypto/dh/params.c b/crypto/dh_extra/params.c similarity index 100% rename from crypto/dh/params.c rename to crypto/dh_extra/params.c diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c index 1d9a919254..083e2df210 100644 --- a/crypto/fipsmodule/bcm.c +++ b/crypto/fipsmodule/bcm.c @@ -60,6 +60,8 @@ #include "cipher/e_aes.c" #include "cipher/e_des.c" #include "des/des.c" +#include "dh/check.c" +#include "dh/dh.c" #include "digest/digest.c" #include "digest/digests.c" #include "ecdh/ecdh.c" diff --git a/crypto/dh/check.c b/crypto/fipsmodule/dh/check.c similarity index 100% rename from crypto/dh/check.c rename to crypto/fipsmodule/dh/check.c diff --git a/crypto/dh/dh.c b/crypto/fipsmodule/dh/dh.c similarity index 94% rename from crypto/dh/dh.c rename to crypto/fipsmodule/dh/dh.c index 3df9a80c14..8194caae29 100644 --- a/crypto/dh/dh.c +++ b/crypto/fipsmodule/dh/dh.c @@ -60,17 +60,14 @@ #include #include -#include #include #include -#include "../internal.h" +#include "../../internal.h" #define OPENSSL_DH_MAX_MODULUS_BITS 10000 -static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT; - DH *DH_new(void) { DH *dh = OPENSSL_malloc(sizeof(DH)); if (dh == NULL) { @@ -83,7 +80,6 @@ DH *DH_new(void) { CRYPTO_MUTEX_init(&dh->method_mont_p_lock); dh->references = 1; - CRYPTO_new_ex_data(&dh->ex_data); return dh; } @@ -97,8 +93,6 @@ void DH_free(DH *dh) { return; } - CRYPTO_free_ex_data(&g_ex_data_class, dh, &dh->ex_data); - BN_MONT_CTX_free(dh->method_mont_p); BN_clear_free(dh->p); BN_clear_free(dh->g); @@ -513,21 +507,3 @@ DH *DHparams_dup(const DH *dh) { return ret; } - -int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused, - CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) { - int index; - if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, - free_func)) { - return -1; - } - return index; -} - -int DH_set_ex_data(DH *d, int idx, void *arg) { - return CRYPTO_set_ex_data(&d->ex_data, idx, arg); -} - -void *DH_get_ex_data(DH *d, int idx) { - return CRYPTO_get_ex_data(&d->ex_data, idx); -} diff --git a/include/openssl/dh.h b/include/openssl/dh.h index 34e70c94ff..ef3c48177a 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -59,7 +59,6 @@ #include -#include #include #if defined(__cplusplus) @@ -237,18 +236,6 @@ OPENSSL_EXPORT DH *DH_parse_parameters(CBS *cbs); OPENSSL_EXPORT int DH_marshal_parameters(CBB *cbb, const DH *dh); -// ex_data functions. -// -// See |ex_data.h| for details. - -OPENSSL_EXPORT int DH_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_unused *unused, - CRYPTO_EX_dup *dup_unused, - CRYPTO_EX_free *free_func); -OPENSSL_EXPORT int DH_set_ex_data(DH *d, int idx, void *arg); -OPENSSL_EXPORT void *DH_get_ex_data(DH *d, int idx); - - // Deprecated functions. // DH_generate_parameters behaves like |DH_generate_parameters_ex|, which is @@ -301,7 +288,6 @@ struct dh_st { int flags; CRYPTO_refcount_t references; - CRYPTO_EX_DATA ex_data; }; From 28cab640d15a94b19f4c99b28da96e6af4944ba2 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Thu, 10 Dec 2020 06:59:26 -0800 Subject: [PATCH 369/399] =?UTF-8?q?acvp:=20add=20support=20for=20finite-fi?= =?UTF-8?q?eld=20Diffie=E2=80=93Hellman.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This involves adding a new function |DH_compute_key_hashed| that combines the FFDH with the output hashing inside the FIPS module. This new function uses the padded FFDH output, as newly specified in SP 800-56Ar3. Change-Id: Iafcb7e276f16d39bf7d25d3b2f163b5cd6f67883 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44504 Reviewed-by: David Benjamin --- crypto/fipsmodule/dh/dh.c | 119 +++++++++--- include/openssl/dh.h | 13 ++ .../acvp/acvptool/subprocess/kasdh.go | 179 ++++++++++++++++++ .../acvp/acvptool/subprocess/subprocess.go | 1 + .../acvp/acvptool/subprocess/tlskdf.go | 4 +- .../acvp/modulewrapper/modulewrapper.cc | 80 ++++++++ 6 files changed, 366 insertions(+), 30 deletions(-) create mode 100644 util/fipstools/acvp/acvptool/subprocess/kasdh.go diff --git a/crypto/fipsmodule/dh/dh.c b/crypto/fipsmodule/dh/dh.c index 8194caae29..6bc1e5315c 100644 --- a/crypto/fipsmodule/dh/dh.c +++ b/crypto/fipsmodule/dh/dh.c @@ -60,6 +60,7 @@ #include #include +#include #include #include @@ -384,56 +385,118 @@ int DH_generate_key(DH *dh) { return ok; } -int DH_compute_key(unsigned char *out, const BIGNUM *peers_key, DH *dh) { - BN_CTX *ctx = NULL; - BIGNUM *shared_key; - int ret = -1; - int check_result; - +static int dh_compute_key(DH *dh, BIGNUM *out_shared_key, + const BIGNUM *peers_key, BN_CTX *ctx) { if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { OPENSSL_PUT_ERROR(DH, DH_R_MODULUS_TOO_LARGE); - goto err; + return 0; } - ctx = BN_CTX_new(); - if (ctx == NULL) { - goto err; + if (dh->priv_key == NULL) { + OPENSSL_PUT_ERROR(DH, DH_R_NO_PRIVATE_VALUE); + return 0; } - BN_CTX_start(ctx); - shared_key = BN_CTX_get(ctx); - if (shared_key == NULL) { - goto err; + + int check_result; + if (!DH_check_pub_key(dh, peers_key, &check_result) || check_result) { + OPENSSL_PUT_ERROR(DH, DH_R_INVALID_PUBKEY); + return 0; } - if (dh->priv_key == NULL) { - OPENSSL_PUT_ERROR(DH, DH_R_NO_PRIVATE_VALUE); + int ret = 0; + BN_CTX_start(ctx); + BIGNUM *p_minus_1 = BN_CTX_get(ctx); + + if (!p_minus_1 || + !BN_MONT_CTX_set_locked(&dh->method_mont_p, &dh->method_mont_p_lock, + dh->p, ctx)) { goto err; } - if (!BN_MONT_CTX_set_locked(&dh->method_mont_p, &dh->method_mont_p_lock, - dh->p, ctx)) { + if (!BN_mod_exp_mont_consttime(out_shared_key, peers_key, dh->priv_key, dh->p, + ctx, dh->method_mont_p) || + !BN_copy(p_minus_1, dh->p) || + !BN_sub_word(p_minus_1, 1)) { + OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB); goto err; } - if (!DH_check_pub_key(dh, peers_key, &check_result) || check_result) { + // This performs the check required by SP 800-56Ar3 section 5.7.1.1 step two. + if (BN_cmp_word(out_shared_key, 1) <= 0 || + BN_cmp(out_shared_key, p_minus_1) == 0) { OPENSSL_PUT_ERROR(DH, DH_R_INVALID_PUBKEY); goto err; } - if (!BN_mod_exp_mont_consttime(shared_key, peers_key, dh->priv_key, dh->p, - ctx, dh->method_mont_p)) { - OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB); - goto err; + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; +} + +int DH_compute_key(unsigned char *out, const BIGNUM *peers_key, DH *dh) { + BN_CTX *ctx = BN_CTX_new(); + if (ctx == NULL) { + return -1; } + BN_CTX_start(ctx); - ret = BN_bn2bin(shared_key, out); + int ret = -1; + BIGNUM *shared_key = BN_CTX_get(ctx); + if (shared_key && dh_compute_key(dh, shared_key, peers_key, ctx)) { + ret = BN_bn2bin(shared_key, out); + } -err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return ret; +} + +int DH_compute_key_hashed(DH *dh, uint8_t *out, size_t *out_len, + size_t max_out_len, const BIGNUM *peers_key, + const EVP_MD *digest) { + *out_len = (size_t)-1; + + const size_t digest_len = EVP_MD_size(digest); + if (digest_len > max_out_len) { + return 0; } + BN_CTX *ctx = BN_CTX_new(); + if (ctx == NULL) { + return 0; + } + BN_CTX_start(ctx); + + int ret = 0; + BIGNUM *shared_key = BN_CTX_get(ctx); + const size_t p_len = BN_num_bytes(dh->p); + uint8_t *shared_bytes = OPENSSL_malloc(p_len); + unsigned out_len_unsigned; + if (!shared_key || + !shared_bytes || + !dh_compute_key(dh, shared_key, peers_key, ctx) || + // |DH_compute_key| doesn't pad the output. SP 800-56A is ambiguous about + // whether the output should be padded prior to revision three. But + // revision three, section C.1, awkwardly specifies padding to the length + // of p. + // + // Also, padded output avoids side-channels, so is always strongly + // advisable. + !BN_bn2bin_padded(shared_bytes, p_len, shared_key) || + !EVP_Digest(shared_bytes, p_len, out, &out_len_unsigned, digest, NULL) || + out_len_unsigned != digest_len) { + goto err; + } + + *out_len = digest_len; + ret = 1; + + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + OPENSSL_free(shared_bytes); return ret; } diff --git a/include/openssl/dh.h b/include/openssl/dh.h index ef3c48177a..52d831dbc9 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -178,6 +178,19 @@ OPENSSL_EXPORT int DH_generate_key(DH *dh); OPENSSL_EXPORT int DH_compute_key(uint8_t *out, const BIGNUM *peers_key, DH *dh); +// DH_compute_key_hashed calculates the shared key between |dh| and |peers_key| +// and hashes it with the given |digest|. If the hash output is less than +// |max_out_len| bytes then it writes the hash output to |out| and sets +// |*out_len| to the number of bytes written. Otherwise it signals an error. It +// returns one on success or zero on error. +// +// NOTE: this follows the usual BoringSSL return-value convention, but that's +// different from |DH_compute_key|, above. +OPENSSL_EXPORT int DH_compute_key_hashed(DH *dh, uint8_t *out, size_t *out_len, + size_t max_out_len, + const BIGNUM *peers_key, + const EVP_MD *digest); + // Utility functions. diff --git a/util/fipstools/acvp/acvptool/subprocess/kasdh.go b/util/fipstools/acvp/acvptool/subprocess/kasdh.go new file mode 100644 index 0000000000..8251b7fa43 --- /dev/null +++ b/util/fipstools/acvp/acvptool/subprocess/kasdh.go @@ -0,0 +1,179 @@ +// Copyright (c) 2020, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +package subprocess + +import ( + "bytes" + "encoding/hex" + "encoding/json" + "fmt" +) + +type kasDHVectorSet struct { + Groups []kasDHTestGroup `json:"testGroups"` +} + +type kasDHTestGroup struct { + ID uint64 `json:"tgId"` + Type string `json:"testType"` + Role string `json:"kasRole"` + Mode string `json:"kasMode"` + Hash string `json:"hashAlg"` + Scheme string `json:"scheme"` + PHex string `json:"p"` + QHex string `json:"q"` + GHex string `json:"g"` + Tests []kasDHTest `json:"tests"` +} + +type kasDHTest struct { + ID uint64 `json:"tcId"` + PeerPublicHex string `json:"ephemeralPublicServer"` + PrivateKeyHex string `json:"ephemeralPrivateIut"` + PublicKeyHex string `json:"ephemeralPublicIut"` + ResultHex string `json:"hashZIut"` +} + +type kasDHTestGroupResponse struct { + ID uint64 `json:"tgId"` + Tests []kasDHTestResponse `json:"tests"` +} + +type kasDHTestResponse struct { + ID uint64 `json:"tcId"` + LocalPublicHex string `json:"ephemeralPublicIut,omitempty"` + ResultHex string `json:"hashZIut,omitempty"` + Passed *bool `json:"testPassed,omitempty"` +} + +type kasDH struct{} + +func (k *kasDH) Process(vectorSet []byte, m Transactable) (interface{}, error) { + var parsed kasDHVectorSet + if err := json.Unmarshal(vectorSet, &parsed); err != nil { + return nil, err + } + + // See https://usnistgov.github.io/ACVP/draft-fussell-acvp-kas-ffc.html + var ret []kasDHTestGroupResponse + for _, group := range parsed.Groups { + response := kasDHTestGroupResponse{ + ID: group.ID, + } + + var privateKeyGiven bool + switch group.Type { + case "AFT": + privateKeyGiven = false + case "VAL": + privateKeyGiven = true + default: + return nil, fmt.Errorf("unknown test type %q", group.Type) + } + + switch group.Hash { + case "SHA2-224", "SHA2-256", "SHA2-384", "SHA2-512": + break + default: + return nil, fmt.Errorf("unknown hash function %q", group.Hash) + } + + switch group.Role { + case "initiator", "responder": + break + default: + return nil, fmt.Errorf("unknown role %q", group.Role) + } + + if group.Scheme != "dhEphem" { + return nil, fmt.Errorf("unknown scheme %q", group.Scheme) + } + + p, err := hex.DecodeString(group.PHex) + if err != nil { + return nil, err + } + + q, err := hex.DecodeString(group.QHex) + if err != nil { + return nil, err + } + + g, err := hex.DecodeString(group.GHex) + if err != nil { + return nil, err + } + + method := "FFDH/" + group.Hash + + for _, test := range group.Tests { + if len(test.PeerPublicHex) == 0 { + return nil, fmt.Errorf("%d/%d is missing peer's key", group.ID, test.ID) + } + + peerPublic, err := hex.DecodeString(test.PeerPublicHex) + if err != nil { + return nil, err + } + + if (len(test.PrivateKeyHex) != 0) != privateKeyGiven { + return nil, fmt.Errorf("%d/%d incorrect private key presence", group.ID, test.ID) + } + + if privateKeyGiven { + privateKey, err := hex.DecodeString(test.PrivateKeyHex) + if err != nil { + return nil, err + } + + publicKey, err := hex.DecodeString(test.PublicKeyHex) + if err != nil { + return nil, err + } + + expectedOutput, err := hex.DecodeString(test.ResultHex) + if err != nil { + return nil, err + } + + result, err := m.Transact(method, 2, p, q, g, peerPublic, privateKey, publicKey) + if err != nil { + return nil, err + } + + ok := bytes.Equal(result[1], expectedOutput) + response.Tests = append(response.Tests, kasDHTestResponse{ + ID: test.ID, + Passed: &ok, + }) + } else { + result, err := m.Transact(method, 2, p, q, g, peerPublic, nil, nil) + if err != nil { + return nil, err + } + + response.Tests = append(response.Tests, kasDHTestResponse{ + ID: test.ID, + LocalPublicHex: hex.EncodeToString(result[0]), + ResultHex: hex.EncodeToString(result[1]), + }) + } + } + + ret = append(ret, response) + } + + return ret, nil +} diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go index e3f11cc9cd..c0d48b7da7 100644 --- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go +++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go @@ -98,6 +98,7 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess "RSA": &rsa{}, "kdf-components": &tlsKDF{}, "KAS-ECC-SSC": &kas{}, + "KAS-FFC": &kasDH{}, } m.primitives["ECDSA"] = &ecdsa{"ECDSA", map[string]bool{"P-224": true, "P-256": true, "P-384": true, "P-521": true}, m.primitives} diff --git a/util/fipstools/acvp/acvptool/subprocess/tlskdf.go b/util/fipstools/acvp/acvptool/subprocess/tlskdf.go index 96a0a5c102..4a8f7ee161 100644 --- a/util/fipstools/acvp/acvptool/subprocess/tlskdf.go +++ b/util/fipstools/acvp/acvptool/subprocess/tlskdf.go @@ -35,8 +35,8 @@ type tlsKDFTestGroup struct { } type tlsKDFTest struct { - ID uint64 `json:"tcId"` - PMSHex string `json:"preMasterSecret"` + ID uint64 `json:"tcId"` + PMSHex string `json:"preMasterSecret"` // ClientHelloRandomHex and ServerHelloRandomHex are used for deriving the // master secret. ClientRandomHex and ServerRandomHex are used for deriving the // key block. Having different values for these is not possible in a TLS diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index 37db2814a1..2c9fd36a27 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -29,6 +29,7 @@ #include #include #include +#include #include #include #include @@ -737,6 +738,35 @@ static bool GetConfig(const Span args[]) { "P-384", "P-521" ] + }, + { + "algorithm": "KAS-FFC", + "revision": "1.0", + "mode": "Component", + "function": [ + "keyPairGen" + ], + "scheme": { + "dhEphem": { + "kasRole": [ + "initiator" + ], + "noKdfNoKc": { + "parameterSet": { + "fb": { + "hashAlg": [ + "SHA2-256" + ] + }, + "fc": { + "hashAlg": [ + "SHA2-256" + ] + } + } + } + } + } } ])"; return WriteReply( @@ -1678,6 +1708,55 @@ static bool ECDH(const Span args[]) { output); } +template +static bool FFDH(const Span args[]) { + bssl::UniquePtr p(BytesToBIGNUM(args[0])); + bssl::UniquePtr q(BytesToBIGNUM(args[1])); + bssl::UniquePtr g(BytesToBIGNUM(args[2])); + bssl::UniquePtr their_pub(BytesToBIGNUM(args[3])); + const Span private_key_span = args[4]; + const Span public_key_span = args[5]; + + bssl::UniquePtr dh(DH_new()); + if (!DH_set0_pqg(dh.get(), p.get(), q.get(), g.get())) { + fprintf(stderr, "DH_set0_pqg failed.\n"); + return 0; + } + + // DH_set0_pqg took ownership of these values. + p.release(); + q.release(); + g.release(); + + if (!private_key_span.empty()) { + bssl::UniquePtr private_key(BytesToBIGNUM(private_key_span)); + bssl::UniquePtr public_key(BytesToBIGNUM(public_key_span)); + + if (!DH_set0_key(dh.get(), public_key.get(), private_key.get())) { + fprintf(stderr, "DH_set0_key failed.\n"); + return 0; + } + + // DH_set0_key took ownership of these values. + public_key.release(); + private_key.release(); + } else if (!DH_generate_key(dh.get())) { + fprintf(stderr, "DH_generate_key failed.\n"); + return false; + } + + uint8_t digest[EVP_MAX_MD_SIZE]; + size_t digest_len; + if (!DH_compute_key_hashed(dh.get(), digest, &digest_len, sizeof(digest), + their_pub.get(), HashFunc())) { + fprintf(stderr, "DH_compute_key_hashed failed.\n"); + return false; + } + + return WriteReply(STDOUT_FILENO, BIGNUMBytes(DH_get0_pub_key(dh.get())), + Span(digest, digest_len)); +} + static constexpr struct { const char name[kMaxNameLength + 1]; uint8_t expected_args; @@ -1748,6 +1827,7 @@ static constexpr struct { {"ECDH/P-256", 3, ECDH}, {"ECDH/P-384", 3, ECDH}, {"ECDH/P-521", 3, ECDH}, + {"FFDH/SHA2-256", 6, FFDH}, }; int main() { From cd204d8e1542c0ef85117492f4642c1a47080540 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 14 Dec 2020 13:02:08 -0800 Subject: [PATCH 370/399] Include bn.h from bn/internal.h If using precompiled headers then this is needed otherwise bn/internal.h doesn't have a definition for BN_ULONG etc. Change-Id: I41b331465abae7108f255722a156d2ffb3016ba3 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44604 Commit-Queue: Adam Langley Commit-Queue: David Benjamin Reviewed-by: David Benjamin --- crypto/fipsmodule/bn/internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/fipsmodule/bn/internal.h b/crypto/fipsmodule/bn/internal.h index c3aa21bc4c..e11ee45940 100644 --- a/crypto/fipsmodule/bn/internal.h +++ b/crypto/fipsmodule/bn/internal.h @@ -123,7 +123,7 @@ #ifndef OPENSSL_HEADER_BN_INTERNAL_H #define OPENSSL_HEADER_BN_INTERNAL_H -#include +#include #if defined(OPENSSL_X86_64) && defined(_MSC_VER) OPENSSL_MSVC_PRAGMA(warning(push, 3)) From f2adafe7378875fc5f1dc61d9eb92030c46d4136 Mon Sep 17 00:00:00 2001 From: Vlad Krasnov Date: Wed, 2 Dec 2020 16:05:56 -0500 Subject: [PATCH 371/399] Fix ChaCha20-Poly1305 x86-64 asm on Windows Current: Did 2916000 ChaCha20-Poly1305 (16 bytes) seal operations in 1015000us (2872906.4 ops/sec): 46.0 MB/s Did 1604750 ChaCha20-Poly1305 (256 bytes) seal operations in 1016000us (1579478.3 ops/sec): 404.3 MB/s Did 516750 ChaCha20-Poly1305 (1350 bytes) seal operations in 1015000us (509113.3 ops/sec): 687.3 MB/s Did 99750 ChaCha20-Poly1305 (8192 bytes) seal operations in 1016000us (98179.1 ops/sec): 804.3 MB/s Did 50500 ChaCha20-Poly1305 (16384 bytes) seal operations in 1016000us (49704.7 ops/sec): 814.4 MB/s With fix: Did 6366750 ChaCha20-Poly1305 (16 bytes) seal operations in 1016000us (6266486.2 ops/sec): 100.3 MB/s Did 3938000 ChaCha20-Poly1305 (256 bytes) seal operations in 1016000us (3875984.3 ops/sec): 992.3 MB/s Did 1207750 ChaCha20-Poly1305 (1350 bytes) seal operations in 1015000us (1189901.5 ops/sec): 1606.4 MB/s Did 258500 ChaCha20-Poly1305 (8192 bytes) seal operations in 1016000us (254429.1 ops/sec): 2084.3 MB/s Did 131500 ChaCha20-Poly1305 (16384 bytes) seal operations in 1016000us (129429.1 ops/sec): 2120.6 MB/s Change-Id: Iec6417b9855b9d3d1d5154c93a370f80f219c65f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44347 Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- crypto/cipher_extra/aead_test.cc | 22 + .../asm/chacha20_poly1305_x86_64.pl | 1138 +++++++++-------- crypto/cipher_extra/e_chacha20poly1305.c | 87 +- crypto/cipher_extra/internal.h | 87 ++ 4 files changed, 719 insertions(+), 615 deletions(-) diff --git a/crypto/cipher_extra/aead_test.cc b/crypto/cipher_extra/aead_test.cc index d0c266aacf..bf02e78506 100644 --- a/crypto/cipher_extra/aead_test.cc +++ b/crypto/cipher_extra/aead_test.cc @@ -24,6 +24,7 @@ #include #include "../fipsmodule/cipher/internal.h" +#include "internal.h" #include "../internal.h" #include "../test/abi_test.h" #include "../test/file_test.h" @@ -827,6 +828,27 @@ TEST_P(PerAEADTest, ABI) { EXPECT_EQ(Bytes(plaintext + 1, sizeof(plaintext) - 1), Bytes(plaintext2 + 1, plaintext2_len)); } + +TEST(ChaChaPoly1305Test, ABI) { + if (!chacha20_poly1305_asm_capable()) { + return; + } + + std::unique_ptr buf(new uint8_t[1024]); + for (size_t len = 0; len <= 1024; len += 5) { + SCOPED_TRACE(len); + union chacha20_poly1305_open_data open_ctx = {}; + CHECK_ABI(chacha20_poly1305_open, buf.get(), buf.get(), len, buf.get(), + len % 128, &open_ctx); + } + + for (size_t len = 0; len <= 1024; len += 5) { + SCOPED_TRACE(len); + union chacha20_poly1305_seal_data seal_ctx = {}; + CHECK_ABI(chacha20_poly1305_seal, buf.get(), buf.get(), len, buf.get(), + len % 128, &seal_ctx); + } +} #endif // SUPPORTS_ABI_TEST TEST(AEADTest, AESCCMLargeAD) { diff --git a/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl b/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl index b748c23e31..3826cb7768 100644 --- a/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl +++ b/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl @@ -43,26 +43,26 @@ chacha20_poly1305_constants: .align 64 -.chacha20_consts: +.Lchacha20_consts: .byte 'e','x','p','a','n','d',' ','3','2','-','b','y','t','e',' ','k' .byte 'e','x','p','a','n','d',' ','3','2','-','b','y','t','e',' ','k' -.rol8: +.Lrol8: .byte 3,0,1,2, 7,4,5,6, 11,8,9,10, 15,12,13,14 .byte 3,0,1,2, 7,4,5,6, 11,8,9,10, 15,12,13,14 -.rol16: +.Lrol16: .byte 2,3,0,1, 6,7,4,5, 10,11,8,9, 14,15,12,13 .byte 2,3,0,1, 6,7,4,5, 10,11,8,9, 14,15,12,13 -.avx2_init: +.Lavx2_init: .long 0,0,0,0 -.sse_inc: +.Lsse_inc: .long 1,0,0,0 -.avx2_inc: +.Lavx2_inc: .long 2,0,0,0,2,0,0,0 -.clamp: +.Lclamp: .quad 0x0FFFFFFC0FFFFFFF, 0x0FFFFFFC0FFFFFFC .quad 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF .align 16 -.and_masks: +.Land_masks: .byte 0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 .byte 0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 .byte 0xff,0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 @@ -81,28 +81,33 @@ .byte 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff ___ -my ($oup,$inp,$inl,$adp,$keyp,$itr1,$itr2)=("%rdi","%rsi","%rbx","%rcx","%r9","%rcx","%r8"); +my ($oup,$inp,$inl,$adp,$keyp,$itr1,$itr2,$adl)=("%rdi","%rsi","%rbx","%rcx","%r9","%rcx","%r8","%r8"); my ($acc0,$acc1,$acc2)=map("%r$_",(10..12)); my ($t0,$t1,$t2,$t3)=("%r13","%r14","%r15","%r9"); my ($A0,$A1,$A2,$A3,$B0,$B1,$B2,$B3,$C0,$C1,$C2,$C3,$D0,$D1,$D2,$D3)=map("%xmm$_",(0..15)); my ($T0,$T1,$T2,$T3)=($A3,$B3,$C3,$D3); -my $r_store="0*16(%rbp)"; -my $s_store="1*16(%rbp)"; -my $len_store="2*16(%rbp)"; -my $state1_store="3*16(%rbp)"; -my $state2_store="4*16(%rbp)"; -my $tmp_store="5*16(%rbp)"; -my $ctr0_store="6*16(%rbp)"; -my $ctr1_store="7*16(%rbp)"; -my $ctr2_store="8*16(%rbp)"; -my $ctr3_store="9*16(%rbp)"; +my $xmm_storage = 0; +if ($win64) { + $xmm_storage = 10*16; +} +my $xmm_store="0*16(%rbp)"; +my $r_store="$xmm_storage+0*16(%rbp)"; +my $s_store="$xmm_storage+1*16(%rbp)"; +my $len_store="$xmm_storage+2*16(%rbp)"; +my $state1_store="$xmm_storage+3*16(%rbp)"; +my $state2_store="$xmm_storage+4*16(%rbp)"; +my $tmp_store="$xmm_storage+5*16(%rbp)"; +my $ctr0_store="$xmm_storage+6*16(%rbp)"; +my $ctr1_store="$xmm_storage+7*16(%rbp)"; +my $ctr2_store="$xmm_storage+8*16(%rbp)"; +my $ctr3_store="$xmm_storage+9*16(%rbp)"; sub chacha_qr { my ($a,$b,$c,$d,$t,$dir)=@_; $code.="movdqa $t, $tmp_store\n" if ($dir =~ /store/); $code.="paddd $b, $a pxor $a, $d - pshufb .rol16(%rip), $d + pshufb .Lrol16(%rip), $d paddd $d, $c pxor $c, $b movdqa $b, $t @@ -111,7 +116,7 @@ sub chacha_qr { pxor $t, $b paddd $b, $a pxor $a, $d - pshufb .rol8(%rip), $d + pshufb .Lrol8(%rip), $d paddd $d, $c pxor $c, $b movdqa $b, $t @@ -129,7 +134,7 @@ sub chacha_qr { sub poly_add { my ($src)=@_; -$code.="add $src, $acc0 +$code.="add 0+$src, $acc0 adc 8+$src, $acc1 adc \$1, $acc2\n"; } @@ -166,22 +171,26 @@ sub poly_stage3 { adc %rdx, $t3\n"; } +# At the beginning of the reduce stage t = [t3:t2:t1:t0] is a product of +# r = [r1:r0] and acc = [acc2:acc1:acc0] +# r is 124 bits at most (due to clamping) and acc is 131 bits at most +# (acc2 is at most 4 before the addition and can be at most 6 when we add in +# the next block) therefore t is at most 255 bits big, and t3 is 63 bits. sub poly_reduce_stage { $code.="mov $t0, $acc0 mov $t1, $acc1 mov $t2, $acc2 - and \$3, $acc2 + and \$3, $acc2 # At this point acc2 is 2 bits at most (value of 3) mov $t2, $t0 and \$-4, $t0 mov $t3, $t1 shrd \$2, $t3, $t2 shr \$2, $t3 - add $t0, $acc0 - adc $t1, $acc1 - adc \$0, $acc2 + add $t0, $t2 + adc $t1, $t3 # No carry out since t3 is 61 bits and t1 is 63 bits add $t2, $acc0 adc $t3, $acc1 - adc \$0, $acc2\n"; + adc \$0, $acc2\n"; # At this point acc2 has the value of 4 at most } sub poly_mul { @@ -193,7 +202,7 @@ sub poly_mul { sub prep_state { my ($n)=@_; -$code.="movdqa .chacha20_consts(%rip), $A0 +$code.="movdqa .Lchacha20_consts(%rip), $A0 movdqa $state1_store, $B0 movdqa $state2_store, $C0\n"; $code.="movdqa $A0, $A1 @@ -206,31 +215,31 @@ sub prep_state { movdqa $B0, $B3 movdqa $C0, $C3\n" if ($n ge 4); $code.="movdqa $ctr0_store, $D0 - paddd .sse_inc(%rip), $D0 + paddd .Lsse_inc(%rip), $D0 movdqa $D0, $ctr0_store\n" if ($n eq 1); $code.="movdqa $ctr0_store, $D1 - paddd .sse_inc(%rip), $D1 + paddd .Lsse_inc(%rip), $D1 movdqa $D1, $D0 - paddd .sse_inc(%rip), $D0 + paddd .Lsse_inc(%rip), $D0 movdqa $D0, $ctr0_store movdqa $D1, $ctr1_store\n" if ($n eq 2); $code.="movdqa $ctr0_store, $D2 - paddd .sse_inc(%rip), $D2 + paddd .Lsse_inc(%rip), $D2 movdqa $D2, $D1 - paddd .sse_inc(%rip), $D1 + paddd .Lsse_inc(%rip), $D1 movdqa $D1, $D0 - paddd .sse_inc(%rip), $D0 + paddd .Lsse_inc(%rip), $D0 movdqa $D0, $ctr0_store movdqa $D1, $ctr1_store movdqa $D2, $ctr2_store\n" if ($n eq 3); $code.="movdqa $ctr0_store, $D3 - paddd .sse_inc(%rip), $D3 + paddd .Lsse_inc(%rip), $D3 movdqa $D3, $D2 - paddd .sse_inc(%rip), $D2 + paddd .Lsse_inc(%rip), $D2 movdqa $D2, $D1 - paddd .sse_inc(%rip), $D1 + paddd .Lsse_inc(%rip), $D1 movdqa $D1, $D0 - paddd .sse_inc(%rip), $D0 + paddd .Lsse_inc(%rip), $D0 movdqa $D0, $ctr0_store movdqa $D1, $ctr1_store movdqa $D2, $ctr2_store @@ -239,19 +248,19 @@ sub prep_state { sub finalize_state { my ($n)=@_; -$code.="paddd .chacha20_consts(%rip), $A3 +$code.="paddd .Lchacha20_consts(%rip), $A3 paddd $state1_store, $B3 paddd $state2_store, $C3 paddd $ctr3_store, $D3\n" if ($n eq 4); -$code.="paddd .chacha20_consts(%rip), $A2 +$code.="paddd .Lchacha20_consts(%rip), $A2 paddd $state1_store, $B2 paddd $state2_store, $C2 paddd $ctr2_store, $D2\n" if ($n ge 3); -$code.="paddd .chacha20_consts(%rip), $A1 +$code.="paddd .Lchacha20_consts(%rip), $A1 paddd $state1_store, $B1 paddd $state2_store, $C1 paddd $ctr1_store, $D1\n" if ($n ge 2); -$code.="paddd .chacha20_consts(%rip), $A0 +$code.="paddd .Lchacha20_consts(%rip), $A0 paddd $state1_store, $B0 paddd $state2_store, $C0 paddd $ctr0_store, $D0\n"; @@ -352,10 +361,10 @@ sub gen_chacha_round { return $round; }; -$chacha_body = &gen_chacha_round(20, ".rol16(%rip)") . - &gen_chacha_round(25, ".rol8(%rip)", "left") . - &gen_chacha_round(20, ".rol16(%rip)") . - &gen_chacha_round(25, ".rol8(%rip)", "right"); +$chacha_body = &gen_chacha_round(20, ".Lrol16(%rip)") . + &gen_chacha_round(25, ".Lrol8(%rip)", "left") . + &gen_chacha_round(20, ".Lrol16(%rip)") . + &gen_chacha_round(25, ".Lrol8(%rip)", "right"); my @loop_body = split /\n/, $chacha_body; @@ -370,16 +379,17 @@ sub emit_body { ################################################################################ # void poly_hash_ad_internal(); $code.=" -.type poly_hash_ad_internal,\@function,2 +.type poly_hash_ad_internal,\@abi-omnipotent .align 64 poly_hash_ad_internal: .cfi_startproc +.cfi_def_cfa rsp, 8 xor $acc0, $acc0 xor $acc1, $acc1 xor $acc2, $acc2 cmp \$13, $itr2 - jne hash_ad_loop -poly_fast_tls_ad: + jne .Lhash_ad_loop +.Lpoly_fast_tls_ad: # Special treatment for the TLS case of 13 bytes mov ($adp), $acc0 mov 5($adp), $acc1 @@ -387,38 +397,38 @@ sub emit_body { mov \$1, $acc2\n"; &poly_mul(); $code.=" ret -hash_ad_loop: +.Lhash_ad_loop: # Hash in 16 byte chunk cmp \$16, $itr2 - jb hash_ad_tail\n"; + jb .Lhash_ad_tail\n"; &poly_add("0($adp)"); &poly_mul(); $code.=" lea 1*16($adp), $adp sub \$16, $itr2 - jmp hash_ad_loop -hash_ad_tail: + jmp .Lhash_ad_loop +.Lhash_ad_tail: cmp \$0, $itr2 - je 1f + je .Lhash_ad_done # Hash last < 16 byte tail xor $t0, $t0 xor $t1, $t1 xor $t2, $t2 add $itr2, $adp -hash_ad_tail_loop: +.Lhash_ad_tail_loop: shld \$8, $t0, $t1 shl \$8, $t0 movzxb -1($adp), $t2 xor $t2, $t0 dec $adp dec $itr2 - jne hash_ad_tail_loop + jne .Lhash_ad_tail_loop add $t0, $acc0 adc $t1, $acc1 adc \$1, $acc2\n"; &poly_mul(); $code.=" # Finished AD -1: +.Lhash_ad_done: ret .cfi_endproc .size poly_hash_ad_internal, .-poly_hash_ad_internal\n"; @@ -426,86 +436,98 @@ sub emit_body { { ################################################################################ -# void chacha20_poly1305_open(uint8_t *pt, uint8_t *ct, size_t len_in, uint8_t *ad, size_t len_ad, uint8_t *keyp); +# extern void chacha20_poly1305_open(uint8_t *out_plaintext, +# const uint8_t *ciphertext, +# size_t plaintext_len, const uint8_t *ad, +# size_t ad_len, union open_data *aead_data) +# $code.=" .globl chacha20_poly1305_open -.type chacha20_poly1305_open,\@function,2 +.type chacha20_poly1305_open,\@function,6 .align 64 chacha20_poly1305_open: .cfi_startproc push %rbp -.cfi_adjust_cfa_offset 8 +.cfi_push %rbp push %rbx -.cfi_adjust_cfa_offset 8 +.cfi_push %rbx push %r12 -.cfi_adjust_cfa_offset 8 +.cfi_push %r12 push %r13 -.cfi_adjust_cfa_offset 8 +.cfi_push %r13 push %r14 -.cfi_adjust_cfa_offset 8 +.cfi_push %r14 push %r15 -.cfi_adjust_cfa_offset 8 +.cfi_push %r15 # We write the calculated authenticator back to keyp at the end, so save # the pointer on the stack too. push $keyp -.cfi_adjust_cfa_offset 8 - sub \$288 + 32, %rsp +.cfi_push $keyp + sub \$288 + $xmm_storage + 32, %rsp .cfi_adjust_cfa_offset 288 + 32 -.cfi_offset rbp, -16 -.cfi_offset rbx, -24 -.cfi_offset r12, -32 -.cfi_offset r13, -40 -.cfi_offset r14, -48 -.cfi_offset r15, -56 + lea 32(%rsp), %rbp - and \$-32, %rbp - mov %rdx, 8+$len_store - mov %r8, 0+$len_store - mov %rdx, $inl\n"; $code.=" + and \$-32, %rbp\n"; +$code.=" + movaps %xmm6,16*0+$xmm_store + movaps %xmm7,16*1+$xmm_store + movaps %xmm8,16*2+$xmm_store + movaps %xmm9,16*3+$xmm_store + movaps %xmm10,16*4+$xmm_store + movaps %xmm11,16*5+$xmm_store + movaps %xmm12,16*6+$xmm_store + movaps %xmm13,16*7+$xmm_store + movaps %xmm14,16*8+$xmm_store + movaps %xmm15,16*9+$xmm_store\n" if ($win64); +$code.=" + mov %rdx, $inl + mov $adl, 0+$len_store + mov $inl, 8+$len_store\n"; +$code.=" mov OPENSSL_ia32cap_P+8(%rip), %eax and \$`(1<<5) + (1<<8)`, %eax # Check both BMI2 and AVX2 are present xor \$`(1<<5) + (1<<8)`, %eax - jz chacha20_poly1305_open_avx2\n" if ($avx>1); + jz chacha20_poly1305_open_avx2\n" if ($avx>1); $code.=" -1: cmp \$128, $inl - jbe open_sse_128 + jbe .Lopen_sse_128 # For long buffers, prepare the poly key first - movdqa .chacha20_consts(%rip), $A0 + movdqa .Lchacha20_consts(%rip), $A0 movdqu 0*16($keyp), $B0 movdqu 1*16($keyp), $C0 movdqu 2*16($keyp), $D0 + movdqa $D0, $T1 # Store on stack, to free keyp movdqa $B0, $state1_store movdqa $C0, $state2_store movdqa $D0, $ctr0_store mov \$10, $acc0 -1: \n"; +.Lopen_sse_init_rounds:\n"; &chacha_qr($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr($A0,$B0,$C0,$D0,$T0,"right"); $code.=" dec $acc0 - jne 1b + jne .Lopen_sse_init_rounds # A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded - paddd .chacha20_consts(%rip), $A0 + paddd .Lchacha20_consts(%rip), $A0 paddd $state1_store, $B0 # Clamp and store the key - pand .clamp(%rip), $A0 + pand .Lclamp(%rip), $A0 movdqa $A0, $r_store movdqa $B0, $s_store # Hash - mov %r8, $itr2 + mov $adl, $itr2 call poly_hash_ad_internal -open_sse_main_loop: +.Lopen_sse_main_loop: cmp \$16*16, $inl - jb 2f + jb .Lopen_sse_tail # Load state, increment counter blocks\n"; &prep_state(4); $code.=" # There are 10 ChaCha20 iterations of 2QR each, so for 6 iterations we # hash 2 blocks, and for the remaining 4 only 1 block - for a total of 16 mov \$4, $itr1 mov $inp, $itr2 -1: \n"; +.Lopen_sse_main_loop_rounds:\n"; &emit_body(20); &poly_add("0($itr2)"); $code.=" lea 2*8($itr2), $itr2\n"; @@ -520,12 +542,12 @@ sub emit_body { foreach $l (@loop_body) {$code.=$l."\n";} @loop_body = split /\n/, $chacha_body; $code.=" dec $itr1 - jge 1b\n"; + jge .Lopen_sse_main_loop_rounds\n"; &poly_add("0($itr2)"); &poly_mul(); $code.=" lea 2*8($itr2), $itr2 cmp \$-6, $itr1 - jg 1b\n"; + jg .Lopen_sse_main_loop_rounds\n"; &finalize_state(4); &xor_stream_using_temp($A3, $B3, $C3, $D3, "0*16", $D0); &xor_stream($A2, $B2, $C2, $D2, "4*16"); @@ -534,66 +556,66 @@ sub emit_body { lea 16*16($inp), $inp lea 16*16($oup), $oup sub \$16*16, $inl - jmp open_sse_main_loop -2: + jmp .Lopen_sse_main_loop +.Lopen_sse_tail: # Handle the various tail sizes efficiently test $inl, $inl - jz open_sse_finalize + jz .Lopen_sse_finalize + cmp \$12*16, $inl + ja .Lopen_sse_tail_256 + cmp \$8*16, $inl + ja .Lopen_sse_tail_192 cmp \$4*16, $inl - ja 3f\n"; + ja .Lopen_sse_tail_128\n"; ############################################################################### # At most 64 bytes are left &prep_state(1); $code.=" xor $itr2, $itr2 mov $inl, $itr1 cmp \$16, $itr1 - jb 2f -1: \n"; - &poly_add("0($inp, $itr2)"); + jb .Lopen_sse_tail_64_rounds +.Lopen_sse_tail_64_rounds_and_x1hash: \n"; + &poly_add("0($inp,$itr2)"); &poly_mul(); $code.=" sub \$16, $itr1 -2: +.Lopen_sse_tail_64_rounds: add \$16, $itr2\n"; &chacha_qr($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr($A0,$B0,$C0,$D0,$T0,"right"); $code.=" cmp \$16, $itr1 - jae 1b + jae .Lopen_sse_tail_64_rounds_and_x1hash cmp \$10*16, $itr2 - jne 2b\n"; + jne .Lopen_sse_tail_64_rounds\n"; &finalize_state(1); $code.=" - jmp open_sse_tail_64_dec_loop -3: - cmp \$8*16, $inl - ja 3f\n"; + jmp .Lopen_sse_tail_64_dec_loop ############################################################################### +.Lopen_sse_tail_128:\n"; # 65 - 128 bytes are left &prep_state(2); $code.=" mov $inl, $itr1 and \$-16, $itr1 xor $itr2, $itr2 -1: \n"; - &poly_add("0($inp, $itr2)"); +.Lopen_sse_tail_128_rounds_and_x1hash: \n"; + &poly_add("0($inp,$itr2)"); &poly_mul(); $code.=" -2: +.Lopen_sse_tail_128_rounds: add \$16, $itr2\n"; &chacha_qr($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr($A1,$B1,$C1,$D1,$T0,"left"); &chacha_qr($A0,$B0,$C0,$D0,$T0,"right"); &chacha_qr($A1,$B1,$C1,$D1,$T0,"right");$code.=" cmp $itr1, $itr2 - jb 1b + jb .Lopen_sse_tail_128_rounds_and_x1hash cmp \$10*16, $itr2 - jne 2b\n"; + jne .Lopen_sse_tail_128_rounds\n"; &finalize_state(2); &xor_stream($A1, $B1, $C1, $D1, "0*16"); $code.=" sub \$4*16, $inl lea 4*16($inp), $inp lea 4*16($oup), $oup - jmp open_sse_tail_64_dec_loop -3: - cmp \$12*16, $inl - ja 3f\n"; + jmp .Lopen_sse_tail_64_dec_loop ############################################################################### +.Lopen_sse_tail_192:\n"; # 129 - 192 bytes are left &prep_state(3); $code.=" mov $inl, $itr1 @@ -602,10 +624,10 @@ sub emit_body { cmovg $itr2, $itr1 and \$-16, $itr1 xor $itr2, $itr2 -1: \n"; - &poly_add("0($inp, $itr2)"); +.Lopen_sse_tail_192_rounds_and_x1hash: \n"; + &poly_add("0($inp,$itr2)"); &poly_mul(); $code.=" -2: +.Lopen_sse_tail_192_rounds: add \$16, $itr2\n"; &chacha_qr($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr($A1,$B1,$C1,$D1,$T0,"left"); @@ -614,32 +636,32 @@ sub emit_body { &chacha_qr($A1,$B1,$C1,$D1,$T0,"right"); &chacha_qr($A2,$B2,$C2,$D2,$T0,"right"); $code.=" cmp $itr1, $itr2 - jb 1b + jb .Lopen_sse_tail_192_rounds_and_x1hash cmp \$10*16, $itr2 - jne 2b + jne .Lopen_sse_tail_192_rounds cmp \$11*16, $inl - jb 1f\n"; + jb .Lopen_sse_tail_192_finish\n"; &poly_add("10*16($inp)"); &poly_mul(); $code.=" cmp \$12*16, $inl - jb 1f\n"; + jb .Lopen_sse_tail_192_finish\n"; &poly_add("11*16($inp)"); &poly_mul(); $code.=" -1: \n"; +.Lopen_sse_tail_192_finish: \n"; &finalize_state(3); &xor_stream($A2, $B2, $C2, $D2, "0*16"); &xor_stream($A1, $B1, $C1, $D1, "4*16"); $code.=" sub \$8*16, $inl lea 8*16($inp), $inp lea 8*16($oup), $oup - jmp open_sse_tail_64_dec_loop -3: -###############################################################################\n"; + jmp .Lopen_sse_tail_64_dec_loop +############################################################################### +.Lopen_sse_tail_256:\n"; # 193 - 255 bytes are left &prep_state(4); $code.=" xor $itr2, $itr2 -1: \n"; - &poly_add("0($inp, $itr2)"); +.Lopen_sse_tail_256_rounds_and_x1hash: \n"; + &poly_add("0($inp,$itr2)"); &chacha_qr($A0,$B0,$C0,$D0,$C3,"store_left"); &chacha_qr($A1,$B1,$C1,$D1,$C3,"left"); &chacha_qr($A2,$B2,$C2,$D2,$C3,"left_load"); @@ -654,15 +676,16 @@ sub emit_body { &chacha_qr($A3,$B3,$C3,$D3,$C1,"store_right_load"); $code.=" add \$16, $itr2 cmp \$10*16, $itr2 - jb 1b + jb .Lopen_sse_tail_256_rounds_and_x1hash + mov $inl, $itr1 and \$-16, $itr1 -1: \n"; - &poly_add("0($inp, $itr2)"); +.Lopen_sse_tail_256_hash: \n"; + &poly_add("0($inp,$itr2)"); &poly_mul(); $code.=" add \$16, $itr2 cmp $itr1, $itr2 - jb 1b\n"; + jb .Lopen_sse_tail_256_hash\n"; &finalize_state(4); &xor_stream_using_temp($A3, $B3, $C3, $D3, "0*16", $D0); &xor_stream($A2, $B2, $C2, $D2, "4*16"); @@ -673,9 +696,9 @@ sub emit_body { lea 12*16($oup), $oup ############################################################################### # Decrypt the remaining data, 16B at a time, using existing stream -open_sse_tail_64_dec_loop: +.Lopen_sse_tail_64_dec_loop: cmp \$16, $inl - jb 1f + jb .Lopen_sse_tail_16_init sub \$16, $inl movdqu ($inp), $T0 pxor $T0, $A0 @@ -685,47 +708,46 @@ sub emit_body { movdqa $B0, $A0 movdqa $C0, $B0 movdqa $D0, $C0 - jmp open_sse_tail_64_dec_loop -1: + jmp .Lopen_sse_tail_64_dec_loop +.Lopen_sse_tail_16_init: movdqa $A0, $A1 # Decrypt up to 16 bytes at the end. -open_sse_tail_16: +.Lopen_sse_tail_16: test $inl, $inl - jz open_sse_finalize + jz .Lopen_sse_finalize # Read the final bytes into $T0. They need to be read in reverse order so # that they end up in the correct order in $T0. pxor $T0, $T0 - lea -1($inp, $inl), $inp + lea -1($inp,$inl), $inp movq $inl, $itr2 -2: +.Lopen_sse_tail_16_compose: pslldq \$1, $T0 pinsrb \$0, ($inp), $T0 sub \$1, $inp sub \$1, $itr2 - jnz 2b + jnz .Lopen_sse_tail_16_compose -3: movq $T0, $t0 pextrq \$1, $T0, $t1 # The final bytes of keystream are in $A1. pxor $A1, $T0 # Copy the plaintext bytes out. -2: +.Lopen_sse_tail_16_extract: pextrb \$0, $T0, ($oup) psrldq \$1, $T0 add \$1, $oup sub \$1, $inl - jne 2b + jne .Lopen_sse_tail_16_extract add $t0, $acc0 adc $t1, $acc1 adc \$1, $acc2\n"; &poly_mul(); $code.=" -open_sse_finalize:\n"; +.Lopen_sse_finalize:\n"; &poly_add($len_store); &poly_mul(); $code.=" # Final reduce @@ -740,40 +762,54 @@ sub emit_body { cmovc $t2, $acc2 # Add in s part of the key add 0+$s_store, $acc0 - adc 8+$s_store, $acc1 + adc 8+$s_store, $acc1\n"; - add \$288 + 32, %rsp +$code.=" + movaps 16*0+$xmm_store, %xmm6 + movaps 16*1+$xmm_store, %xmm7 + movaps 16*2+$xmm_store, %xmm8 + movaps 16*3+$xmm_store, %xmm9 + movaps 16*4+$xmm_store, %xmm10 + movaps 16*5+$xmm_store, %xmm11 + movaps 16*6+$xmm_store, %xmm12 + movaps 16*7+$xmm_store, %xmm13 + movaps 16*8+$xmm_store, %xmm14 + movaps 16*9+$xmm_store, %xmm15\n" if ($win64); +$code.=" +.cfi_remember_state + add \$288 + $xmm_storage + 32, %rsp .cfi_adjust_cfa_offset -(288 + 32) + # The tag replaces the key on return pop $keyp -.cfi_adjust_cfa_offset -8 - movq $acc0, ($keyp) - movq $acc1, 8($keyp) - +.cfi_pop $keyp + mov $acc0, ($keyp) + mov $acc1, 8($keyp) pop %r15 -.cfi_adjust_cfa_offset -8 +.cfi_pop %r15 pop %r14 -.cfi_adjust_cfa_offset -8 +.cfi_pop %r14 pop %r13 -.cfi_adjust_cfa_offset -8 +.cfi_pop %r13 pop %r12 -.cfi_adjust_cfa_offset -8 +.cfi_pop %r12 pop %rbx -.cfi_adjust_cfa_offset -8 +.cfi_pop %rbx pop %rbp -.cfi_adjust_cfa_offset -8 +.cfi_pop %rbp ret -.cfi_adjust_cfa_offset (8 * 6) + 288 + 32 ############################################################################### -open_sse_128: - movdqu .chacha20_consts(%rip), $A0\nmovdqa $A0, $A1\nmovdqa $A0, $A2 +.Lopen_sse_128: +.cfi_restore_state + movdqu .Lchacha20_consts(%rip), $A0\nmovdqa $A0, $A1\nmovdqa $A0, $A2 movdqu 0*16($keyp), $B0\nmovdqa $B0, $B1\nmovdqa $B0, $B2 movdqu 1*16($keyp), $C0\nmovdqa $C0, $C1\nmovdqa $C0, $C2 movdqu 2*16($keyp), $D0 - movdqa $D0, $D1\npaddd .sse_inc(%rip), $D1 - movdqa $D1, $D2\npaddd .sse_inc(%rip), $D2 + movdqa $D0, $D1\npaddd .Lsse_inc(%rip), $D1 + movdqa $D1, $D2\npaddd .Lsse_inc(%rip), $D2 movdqa $B0, $T1\nmovdqa $C0, $T2\nmovdqa $D1, $T3 mov \$10, $acc0 -1: \n"; + +.Lopen_sse_128_rounds: \n"; &chacha_qr($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr($A1,$B1,$C1,$D1,$T0,"left"); &chacha_qr($A2,$B2,$C2,$D2,$T0,"left"); @@ -781,25 +817,25 @@ sub emit_body { &chacha_qr($A1,$B1,$C1,$D1,$T0,"right"); &chacha_qr($A2,$B2,$C2,$D2,$T0,"right"); $code.=" dec $acc0 - jnz 1b - paddd .chacha20_consts(%rip), $A0 - paddd .chacha20_consts(%rip), $A1 - paddd .chacha20_consts(%rip), $A2 + jnz .Lopen_sse_128_rounds + paddd .Lchacha20_consts(%rip), $A0 + paddd .Lchacha20_consts(%rip), $A1 + paddd .Lchacha20_consts(%rip), $A2 paddd $T1, $B0\npaddd $T1, $B1\npaddd $T1, $B2 paddd $T2, $C1\npaddd $T2, $C2 paddd $T3, $D1 - paddd .sse_inc(%rip), $T3 + paddd .Lsse_inc(%rip), $T3 paddd $T3, $D2 # Clamp and store the key - pand .clamp(%rip), $A0 + pand .Lclamp(%rip), $A0 movdqa $A0, $r_store movdqa $B0, $s_store # Hash - mov %r8, $itr2 + mov $adl, $itr2 call poly_hash_ad_internal -1: +.Lopen_sse_128_xor_hash: cmp \$16, $inl - jb open_sse_tail_16 + jb .Lopen_sse_tail_16 sub \$16, $inl\n"; # Load for hashing &poly_add("0*8($inp)"); $code.=" @@ -818,62 +854,69 @@ sub emit_body { movdqa $B2, $A2 movdqa $C2, $B2 movdqa $D2, $C2 - jmp 1b - jmp open_sse_tail_16 + jmp .Lopen_sse_128_xor_hash .size chacha20_poly1305_open, .-chacha20_poly1305_open .cfi_endproc ################################################################################ ################################################################################ -# void chacha20_poly1305_seal(uint8_t *pt, uint8_t *ct, size_t len_in, uint8_t *ad, size_t len_ad, uint8_t *keyp); +# void chacha20_poly1305_seal(uint8_t *in_out, size_t len_in, uint8_t *ad, size_t len_ad, uint8_t keyp[48]); .globl chacha20_poly1305_seal -.type chacha20_poly1305_seal,\@function,2 +.type chacha20_poly1305_seal,\@function,6 .align 64 chacha20_poly1305_seal: .cfi_startproc push %rbp -.cfi_adjust_cfa_offset 8 +.cfi_push %rbp push %rbx -.cfi_adjust_cfa_offset 8 +.cfi_push %rbx push %r12 -.cfi_adjust_cfa_offset 8 +.cfi_push %r12 push %r13 -.cfi_adjust_cfa_offset 8 +.cfi_push %r13 push %r14 -.cfi_adjust_cfa_offset 8 +.cfi_push %r14 push %r15 -.cfi_adjust_cfa_offset 8 - # We write the calculated authenticator back to keyp at the end, so save - # the pointer on the stack too. +.cfi_push %r15 +# We write the calculated authenticator back to keyp at the end, so save +# the pointer on the stack too. push $keyp -.cfi_adjust_cfa_offset 8 - sub \$288 + 32, %rsp +.cfi_push $keyp + sub \$288 + $xmm_storage + 32, %rsp .cfi_adjust_cfa_offset 288 + 32 -.cfi_offset rbp, -16 -.cfi_offset rbx, -24 -.cfi_offset r12, -32 -.cfi_offset r13, -40 -.cfi_offset r14, -48 -.cfi_offset r15, -56 lea 32(%rsp), %rbp - and \$-32, %rbp + and \$-32, %rbp\n"; +$code.=" + movaps %xmm6,16*0+$xmm_store + movaps %xmm7,16*1+$xmm_store + movaps %xmm8,16*2+$xmm_store + movaps %xmm9,16*3+$xmm_store + movaps %xmm10,16*4+$xmm_store + movaps %xmm11,16*5+$xmm_store + movaps %xmm12,16*6+$xmm_store + movaps %xmm13,16*7+$xmm_store + movaps %xmm14,16*8+$xmm_store + movaps %xmm15,16*9+$xmm_store\n" if ($win64); +$code.=" mov 56($keyp), $inl # extra_in_len addq %rdx, $inl + mov $adl, 0+$len_store mov $inl, 8+$len_store - mov %r8, 0+$len_store - mov %rdx, $inl\n"; $code.=" + mov %rdx, $inl\n"; +$code.=" mov OPENSSL_ia32cap_P+8(%rip), %eax and \$`(1<<5) + (1<<8)`, %eax # Check both BMI2 and AVX2 are present xor \$`(1<<5) + (1<<8)`, %eax - jz chacha20_poly1305_seal_avx2\n" if ($avx>1); + jz chacha20_poly1305_seal_avx2\n" if ($avx>1); $code.=" cmp \$128, $inl - jbe seal_sse_128 + jbe .Lseal_sse_128 # For longer buffers, prepare the poly key + some stream - movdqa .chacha20_consts(%rip), $A0 + movdqa .Lchacha20_consts(%rip), $A0 movdqu 0*16($keyp), $B0 movdqu 1*16($keyp), $C0 movdqu 2*16($keyp), $D0 + movdqa $A0, $A1 movdqa $A0, $A2 movdqa $A0, $A3 @@ -884,11 +927,11 @@ sub emit_body { movdqa $C0, $C2 movdqa $C0, $C3 movdqa $D0, $D3 - paddd .sse_inc(%rip), $D0 + paddd .Lsse_inc(%rip), $D0 movdqa $D0, $D2 - paddd .sse_inc(%rip), $D0 + paddd .Lsse_inc(%rip), $D0 movdqa $D0, $D1 - paddd .sse_inc(%rip), $D0 + paddd .Lsse_inc(%rip), $D0 # Store on stack movdqa $B0, $state1_store movdqa $C0, $state2_store @@ -897,28 +940,28 @@ sub emit_body { movdqa $D2, $ctr2_store movdqa $D3, $ctr3_store mov \$10, $acc0 -1: \n"; +.Lseal_sse_init_rounds: \n"; foreach $l (@loop_body) {$code.=$l."\n";} @loop_body = split /\n/, $chacha_body; $code.=" dec $acc0 - jnz 1b\n"; + jnz .Lseal_sse_init_rounds\n"; &finalize_state(4); $code.=" # Clamp and store the key - pand .clamp(%rip), $A3 + pand .Lclamp(%rip), $A3 movdqa $A3, $r_store movdqa $B3, $s_store # Hash - mov %r8, $itr2 + mov $adl, $itr2 call poly_hash_ad_internal\n"; &xor_stream($A2,$B2,$C2,$D2,"0*16"); &xor_stream($A1,$B1,$C1,$D1,"4*16"); $code.=" cmp \$12*16, $inl - ja 1f + ja .Lseal_sse_main_init mov \$8*16, $itr1 sub \$8*16, $inl lea 8*16($inp), $inp - jmp seal_sse_128_seal_hash -1: \n"; + jmp .Lseal_sse_128_tail_hash +.Lseal_sse_main_init:\n"; &xor_stream($A0, $B0, $C0, $D0, "8*16"); $code.=" mov \$12*16, $itr1 sub \$12*16, $inl @@ -926,16 +969,17 @@ sub emit_body { mov \$2, $itr1 mov \$8, $itr2 cmp \$4*16, $inl - jbe seal_sse_tail_64 + jbe .Lseal_sse_tail_64 cmp \$8*16, $inl - jbe seal_sse_tail_128 + jbe .Lseal_sse_tail_128 cmp \$12*16, $inl - jbe seal_sse_tail_192 + jbe .Lseal_sse_tail_192 -1: \n"; +.Lseal_sse_main_loop: \n"; # The main loop &prep_state(4); $code.=" -2: \n"; +.align 32 +.Lseal_sse_main_rounds: \n"; &emit_body(20); &poly_add("0($oup)"); &emit_body(20); @@ -950,12 +994,12 @@ sub emit_body { @loop_body = split /\n/, $chacha_body; $code.=" lea 16($oup), $oup dec $itr2 - jge 2b\n"; + jge .Lseal_sse_main_rounds\n"; &poly_add("0*8($oup)"); &poly_mul(); $code.=" lea 16($oup), $oup dec $itr1 - jg 2b\n"; + jg .Lseal_sse_main_rounds\n"; &finalize_state(4);$code.=" movdqa $D2, $tmp_store\n"; @@ -964,56 +1008,55 @@ sub emit_body { &xor_stream($A2,$B2,$C2,$D2, 4*16); &xor_stream($A1,$B1,$C1,$D1, 8*16); $code.=" cmp \$16*16, $inl - ja 3f + ja .Lseal_sse_main_loop_xor mov \$12*16, $itr1 sub \$12*16, $inl lea 12*16($inp), $inp - jmp seal_sse_128_seal_hash -3: \n"; + jmp .Lseal_sse_128_tail_hash +.Lseal_sse_main_loop_xor: \n"; &xor_stream($A0,$B0,$C0,$D0,"12*16"); $code.=" lea 16*16($inp), $inp sub \$16*16, $inl mov \$6, $itr1 mov \$4, $itr2 cmp \$12*16, $inl - jg 1b + jg .Lseal_sse_main_loop mov $inl, $itr1 test $inl, $inl - je seal_sse_128_seal_hash + je .Lseal_sse_128_tail_hash mov \$6, $itr1 + cmp \$8*16, $inl + ja .Lseal_sse_tail_192 cmp \$4*16, $inl - jg 3f + ja .Lseal_sse_tail_128 ############################################################################### -seal_sse_tail_64:\n"; +.Lseal_sse_tail_64: \n"; &prep_state(1); $code.=" -1: \n"; +.Lseal_sse_tail_64_rounds_and_x2hash: \n"; &poly_add("0($oup)"); &poly_mul(); $code.=" lea 16($oup), $oup -2: \n"; +.Lseal_sse_tail_64_rounds_and_x1hash: \n"; &chacha_qr($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr($A0,$B0,$C0,$D0,$T0,"right"); &poly_add("0($oup)"); &poly_mul(); $code.=" lea 16($oup), $oup dec $itr1 - jg 1b + jg .Lseal_sse_tail_64_rounds_and_x2hash dec $itr2 - jge 2b\n"; + jge .Lseal_sse_tail_64_rounds_and_x1hash\n"; &finalize_state(1); $code.=" - jmp seal_sse_128_seal -3: - cmp \$8*16, $inl - jg 3f + jmp .Lseal_sse_128_tail_xor ############################################################################### -seal_sse_tail_128:\n"; +.Lseal_sse_tail_128:\n"; &prep_state(2); $code.=" -1: \n"; +.Lseal_sse_tail_128_rounds_and_x2hash: \n"; &poly_add("0($oup)"); &poly_mul(); $code.=" lea 16($oup), $oup -2: \n"; +.Lseal_sse_tail_128_rounds_and_x1hash: \n"; &chacha_qr($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr($A1,$B1,$C1,$D1,$T0,"left"); &poly_add("0($oup)"); @@ -1022,24 +1065,23 @@ sub emit_body { &chacha_qr($A1,$B1,$C1,$D1,$T0,"right"); $code.=" lea 16($oup), $oup dec $itr1 - jg 1b + jg .Lseal_sse_tail_128_rounds_and_x2hash dec $itr2 - jge 2b\n"; + jge .Lseal_sse_tail_128_rounds_and_x1hash\n"; &finalize_state(2); &xor_stream($A1,$B1,$C1,$D1,0*16); $code.=" mov \$4*16, $itr1 sub \$4*16, $inl lea 4*16($inp), $inp - jmp seal_sse_128_seal_hash -3: + jmp .Lseal_sse_128_tail_hash ############################################################################### -seal_sse_tail_192:\n"; +.Lseal_sse_tail_192:\n"; &prep_state(3); $code.=" -1: \n"; +.Lseal_sse_tail_192_rounds_and_x2hash: \n"; &poly_add("0($oup)"); &poly_mul(); $code.=" lea 16($oup), $oup -2: \n"; +.Lseal_sse_tail_192_rounds_and_x1hash: \n"; &chacha_qr($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr($A1,$B1,$C1,$D1,$T0,"left"); &chacha_qr($A2,$B2,$C2,$D2,$T0,"left"); @@ -1050,9 +1092,9 @@ sub emit_body { &chacha_qr($A2,$B2,$C2,$D2,$T0,"right"); $code.=" lea 16($oup), $oup dec $itr1 - jg 1b + jg .Lseal_sse_tail_192_rounds_and_x2hash dec $itr2 - jge 2b\n"; + jge .Lseal_sse_tail_192_rounds_and_x1hash\n"; &finalize_state(3); &xor_stream($A2,$B2,$C2,$D2,0*16); &xor_stream($A1,$B1,$C1,$D1,4*16); $code.=" @@ -1060,18 +1102,18 @@ sub emit_body { sub \$8*16, $inl lea 8*16($inp), $inp ############################################################################### -seal_sse_128_seal_hash: +.Lseal_sse_128_tail_hash: cmp \$16, $itr1 - jb seal_sse_128_seal\n"; + jb .Lseal_sse_128_tail_xor\n"; &poly_add("0($oup)"); &poly_mul(); $code.=" sub \$16, $itr1 lea 16($oup), $oup - jmp seal_sse_128_seal_hash + jmp .Lseal_sse_128_tail_hash -seal_sse_128_seal: +.Lseal_sse_128_tail_xor: cmp \$16, $inl - jb seal_sse_tail_16 + jb .Lseal_sse_tail_16 sub \$16, $inl # Load for decryption movdqu 0*16($inp), $T0 @@ -1092,22 +1134,22 @@ sub emit_body { movdqa $B1, $A1 movdqa $C1, $B1 movdqa $D1, $C1 - jmp seal_sse_128_seal + jmp .Lseal_sse_128_tail_xor -seal_sse_tail_16: +.Lseal_sse_tail_16: test $inl, $inl - jz process_blocks_of_extra_in + jz .Lprocess_blocks_of_extra_in # We can only load the PT one byte at a time to avoid buffer overread mov $inl, $itr2 mov $inl, $itr1 - lea -1($inp, $inl), $inp + lea -1($inp,$inl), $inp pxor $T3, $T3 -1: +.Lseal_sse_tail_16_compose: pslldq \$1, $T3 pinsrb \$0, ($inp), $T3 lea -1($inp), $inp dec $itr1 - jne 1b + jne .Lseal_sse_tail_16_compose # XOR the keystream with the plaintext. pxor $A0, $T3 @@ -1115,12 +1157,12 @@ sub emit_body { # Write ciphertext out, byte-by-byte. movq $inl, $itr1 movdqu $T3, $A0 -2: +.Lseal_sse_tail_16_extract: pextrb \$0, $A0, ($oup) psrldq \$1, $A0 add \$1, $oup sub \$1, $itr1 - jnz 2b + jnz .Lseal_sse_tail_16_extract # $T3 contains the final (partial, non-empty) block of ciphertext which # needs to be fed into the Poly1305 state. The right-most $inl bytes of it @@ -1129,23 +1171,23 @@ sub emit_body { # # $keyp points to the tag output, which is actually a struct with the # extra_in pointer and length at offset 48. - movq 288+32(%rsp), $keyp + movq 288 + $xmm_storage + 32(%rsp), $keyp movq 56($keyp), $t1 # extra_in_len movq 48($keyp), $t0 # extra_in test $t1, $t1 - jz process_partial_block # Common case: no bytes of extra_in + jz .Lprocess_partial_block # Common case: no bytes of extra_in movq \$16, $t2 subq $inl, $t2 # 16-$inl is the number of bytes that fit into $T3. cmpq $t2, $t1 # if extra_in_len < 16-$inl, only copy extra_in_len # (note that AT&T syntax reverses the arguments) - jge load_extra_in + jge .Lload_extra_in movq $t1, $t2 -load_extra_in: +.Lload_extra_in: # $t2 contains the number of bytes of extra_in (pointed to by $t0) to load # into $T3. They are loaded in reverse order. - leaq -1($t0, $t2), $inp + leaq -1($t0,$t2), $inp # Update extra_in and extra_in_len to reflect the bytes that are about to # be read. addq $t2, $t0 @@ -1159,29 +1201,29 @@ sub emit_body { # Load $t2 bytes of extra_in into $T2. pxor $T2, $T2 -3: +.Lload_extra_load_loop: pslldq \$1, $T2 pinsrb \$0, ($inp), $T2 lea -1($inp), $inp sub \$1, $t2 - jnz 3b + jnz .Lload_extra_load_loop # Shift $T2 up the length of the remainder from the main encryption. Sadly, # the shift for an XMM register has to be a constant, thus we loop to do # this. movq $inl, $t2 -4: +.Lload_extra_shift_loop: pslldq \$1, $T2 sub \$1, $t2 - jnz 4b + jnz .Lload_extra_shift_loop # Mask $T3 (the remainder from the main encryption) so that superfluous # bytes are zero. This means that the non-zero bytes in $T2 and $T3 are # disjoint and so we can merge them with an OR. - lea .and_masks(%rip), $t2 + lea .Land_masks(%rip), $t2 shl \$4, $inl - pand -16($t2, $inl), $T3 + pand -16($t2,$inl), $T3 # Merge $T2 into $T3, forming the remainder block. por $T2, $T3 @@ -1195,40 +1237,39 @@ sub emit_body { adc \$1, $acc2\n"; &poly_mul(); $code.=" -process_blocks_of_extra_in: +.Lprocess_blocks_of_extra_in: # There may be additional bytes of extra_in to process. - movq 288+32(%rsp), $keyp + movq 288+32+$xmm_storage (%rsp), $keyp movq 48($keyp), $inp # extra_in movq 56($keyp), $itr2 # extra_in_len movq $itr2, $itr1 shr \$4, $itr2 # number of blocks -5: +.Lprocess_extra_hash_loop: jz process_extra_in_trailer\n"; &poly_add("0($inp)"); &poly_mul(); $code.=" leaq 16($inp), $inp subq \$1, $itr2 - jmp 5b - + jmp .Lprocess_extra_hash_loop process_extra_in_trailer: andq \$15, $itr1 # remaining num bytes (<16) of extra_in movq $itr1, $inl - jz do_length_block - leaq -1($inp, $itr1), $inp + jz .Ldo_length_block + leaq -1($inp,$itr1), $inp -6: +.Lprocess_extra_in_trailer_load: pslldq \$1, $T3 pinsrb \$0, ($inp), $T3 lea -1($inp), $inp sub \$1, $itr1 - jnz 6b + jnz .Lprocess_extra_in_trailer_load -process_partial_block: +.Lprocess_partial_block: # $T3 contains $inl bytes of data to be fed into Poly1305. $inl != 0 - lea .and_masks(%rip), $t2 + lea .Land_masks(%rip), $t2 shl \$4, $inl - pand -16($t2, $inl), $T3 + pand -16($t2,$inl), $T3 movq $T3, $t0 pextrq \$1, $T3, $t1 add $t0, $acc0 @@ -1236,7 +1277,7 @@ sub emit_body { adc \$1, $acc2\n"; &poly_mul(); $code.=" -do_length_block:\n"; +.Ldo_length_block:\n"; &poly_add($len_store); &poly_mul(); $code.=" # Final reduce @@ -1251,40 +1292,54 @@ sub emit_body { cmovc $t2, $acc2 # Add in s part of the key add 0+$s_store, $acc0 - adc 8+$s_store, $acc1 + adc 8+$s_store, $acc1\n"; - add \$288 + 32, %rsp +$code.=" + movaps 16*0+$xmm_store, %xmm6 + movaps 16*1+$xmm_store, %xmm7 + movaps 16*2+$xmm_store, %xmm8 + movaps 16*3+$xmm_store, %xmm9 + movaps 16*4+$xmm_store, %xmm10 + movaps 16*5+$xmm_store, %xmm11 + movaps 16*6+$xmm_store, %xmm12 + movaps 16*7+$xmm_store, %xmm13 + movaps 16*8+$xmm_store, %xmm14 + movaps 16*9+$xmm_store, %xmm15\n" if ($win64); +$code.=" +.cfi_remember_state + add \$288 + $xmm_storage + 32, %rsp .cfi_adjust_cfa_offset -(288 + 32) + # The tag replaces the key on return pop $keyp -.cfi_adjust_cfa_offset -8 - mov $acc0, 0*8($keyp) - mov $acc1, 1*8($keyp) - +.cfi_pop $keyp + mov $acc0, ($keyp) + mov $acc1, 8($keyp) pop %r15 -.cfi_adjust_cfa_offset -8 +.cfi_pop %r15 pop %r14 -.cfi_adjust_cfa_offset -8 +.cfi_pop %r14 pop %r13 -.cfi_adjust_cfa_offset -8 +.cfi_pop %r13 pop %r12 -.cfi_adjust_cfa_offset -8 +.cfi_pop %r12 pop %rbx -.cfi_adjust_cfa_offset -8 +.cfi_pop %rbx pop %rbp -.cfi_adjust_cfa_offset -8 +.cfi_pop %rbp ret -.cfi_adjust_cfa_offset (8 * 7) + 288 + 32 ################################################################################ -seal_sse_128: - movdqu .chacha20_consts(%rip), $A0\nmovdqa $A0, $A1\nmovdqa $A0, $A2 +.Lseal_sse_128: +.cfi_restore_state + movdqu .Lchacha20_consts(%rip), $A0\nmovdqa $A0, $A1\nmovdqa $A0, $A2 movdqu 0*16($keyp), $B0\nmovdqa $B0, $B1\nmovdqa $B0, $B2 movdqu 1*16($keyp), $C0\nmovdqa $C0, $C1\nmovdqa $C0, $C2 movdqu 2*16($keyp), $D2 - movdqa $D2, $D0\npaddd .sse_inc(%rip), $D0 - movdqa $D0, $D1\npaddd .sse_inc(%rip), $D1 + movdqa $D2, $D0\npaddd .Lsse_inc(%rip), $D0 + movdqa $D0, $D1\npaddd .Lsse_inc(%rip), $D1 movdqa $B0, $T1\nmovdqa $C0, $T2\nmovdqa $D0, $T3 mov \$10, $acc0 -1:\n"; + +.Lseal_sse_128_rounds:\n"; &chacha_qr($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr($A1,$B1,$C1,$D1,$T0,"left"); &chacha_qr($A2,$B2,$C2,$D2,$T0,"left"); @@ -1292,43 +1347,39 @@ sub emit_body { &chacha_qr($A1,$B1,$C1,$D1,$T0,"right"); &chacha_qr($A2,$B2,$C2,$D2,$T0,"right"); $code.=" dec $acc0 - jnz 1b - paddd .chacha20_consts(%rip), $A0 - paddd .chacha20_consts(%rip), $A1 - paddd .chacha20_consts(%rip), $A2 + jnz .Lseal_sse_128_rounds + paddd .Lchacha20_consts(%rip), $A0 + paddd .Lchacha20_consts(%rip), $A1 + paddd .Lchacha20_consts(%rip), $A2 paddd $T1, $B0\npaddd $T1, $B1\npaddd $T1, $B2 paddd $T2, $C0\npaddd $T2, $C1 paddd $T3, $D0 - paddd .sse_inc(%rip), $T3 + paddd .Lsse_inc(%rip), $T3 paddd $T3, $D1 # Clamp and store the key - pand .clamp(%rip), $A2 + pand .Lclamp(%rip), $A2 movdqa $A2, $r_store movdqa $B2, $s_store # Hash mov %r8, $itr2 call poly_hash_ad_internal - jmp seal_sse_128_seal -.size chacha20_poly1305_seal, .-chacha20_poly1305_seal\n"; + jmp .Lseal_sse_128_tail_xor +.size chacha20_poly1305_seal, .-chacha20_poly1305_seal +.cfi_endproc\n"; } -# There should have been a cfi_endproc at the end of that function, but the two -# following blocks of code are jumped to without a stack frame and the CFI -# context which they are used in happens to match the CFI context at the end of -# the previous function. So the CFI table is just extended to the end of them. - if ($avx>1) { ($A0,$A1,$A2,$A3,$B0,$B1,$B2,$B3,$C0,$C1,$C2,$C3,$D0,$D1,$D2,$D3)=map("%ymm$_",(0..15)); my ($A0x,$A1x,$A2x,$A3x,$B0x,$B1x,$B2x,$B3x,$C0x,$C1x,$C2x,$C3x,$D0x,$D1x,$D2x,$D3x)=map("%xmm$_",(0..15)); ($T0,$T1,$T2,$T3)=($A3,$B3,$C3,$D3); -$state1_store="2*32(%rbp)"; -$state2_store="3*32(%rbp)"; -$tmp_store="4*32(%rbp)"; -$ctr0_store="5*32(%rbp)"; -$ctr1_store="6*32(%rbp)"; -$ctr2_store="7*32(%rbp)"; -$ctr3_store="8*32(%rbp)"; +$state1_store="$xmm_storage+2*32(%rbp)"; +$state2_store="$xmm_storage+3*32(%rbp)"; +$tmp_store="$xmm_storage+4*32(%rbp)"; +$ctr0_store="$xmm_storage+5*32(%rbp)"; +$ctr1_store="$xmm_storage+6*32(%rbp)"; +$ctr2_store="$xmm_storage+7*32(%rbp)"; +$ctr3_store="$xmm_storage+8*32(%rbp)"; sub chacha_qr_avx2 { my ($a,$b,$c,$d,$t,$dir)=@_; @@ -1338,7 +1389,7 @@ sub chacha_qr_avx2 { $code.=<<___; vpaddd $b, $a, $a vpxor $a, $d, $d - vpshufb .rol16(%rip), $d, $d + vpshufb .Lrol16(%rip), $d, $d vpaddd $d, $c, $c vpxor $c, $b, $b vpsrld \$20, $b, $t @@ -1346,7 +1397,7 @@ sub chacha_qr_avx2 { vpxor $t, $b, $b vpaddd $b, $a, $a vpxor $a, $d, $d - vpshufb .rol8(%rip), $d, $d + vpshufb .Lrol8(%rip), $d, $d vpaddd $d, $c, $c vpxor $c, $b, $b vpslld \$7, $b, $t @@ -1371,7 +1422,7 @@ sub chacha_qr_avx2 { sub prep_state_avx2 { my ($n)=@_; $code.=<<___; - vmovdqa .chacha20_consts(%rip), $A0 + vmovdqa .Lchacha20_consts(%rip), $A0 vmovdqa $state1_store, $B0 vmovdqa $state2_store, $C0 ___ @@ -1391,19 +1442,19 @@ sub prep_state_avx2 { vmovdqa $C0, $C3 ___ $code.=<<___ if ($n eq 1); - vmovdqa .avx2_inc(%rip), $D0 + vmovdqa .Lavx2_inc(%rip), $D0 vpaddd $ctr0_store, $D0, $D0 vmovdqa $D0, $ctr0_store ___ $code.=<<___ if ($n eq 2); - vmovdqa .avx2_inc(%rip), $D0 + vmovdqa .Lavx2_inc(%rip), $D0 vpaddd $ctr0_store, $D0, $D1 vpaddd $D1, $D0, $D0 vmovdqa $D0, $ctr0_store vmovdqa $D1, $ctr1_store ___ $code.=<<___ if ($n eq 3); - vmovdqa .avx2_inc(%rip), $D0 + vmovdqa .Lavx2_inc(%rip), $D0 vpaddd $ctr0_store, $D0, $D2 vpaddd $D2, $D0, $D1 vpaddd $D1, $D0, $D0 @@ -1412,7 +1463,7 @@ sub prep_state_avx2 { vmovdqa $D2, $ctr2_store ___ $code.=<<___ if ($n eq 4); - vmovdqa .avx2_inc(%rip), $D0 + vmovdqa .Lavx2_inc(%rip), $D0 vpaddd $ctr0_store, $D0, $D3 vpaddd $D3, $D0, $D2 vpaddd $D2, $D0, $D1 @@ -1427,25 +1478,25 @@ sub prep_state_avx2 { sub finalize_state_avx2 { my ($n)=@_; $code.=<<___ if ($n eq 4); - vpaddd .chacha20_consts(%rip), $A3, $A3 + vpaddd .Lchacha20_consts(%rip), $A3, $A3 vpaddd $state1_store, $B3, $B3 vpaddd $state2_store, $C3, $C3 vpaddd $ctr3_store, $D3, $D3 ___ $code.=<<___ if ($n ge 3); - vpaddd .chacha20_consts(%rip), $A2, $A2 + vpaddd .Lchacha20_consts(%rip), $A2, $A2 vpaddd $state1_store, $B2, $B2 vpaddd $state2_store, $C2, $C2 vpaddd $ctr2_store, $D2, $D2 ___ $code.=<<___ if ($n ge 2); - vpaddd .chacha20_consts(%rip), $A1, $A1 + vpaddd .Lchacha20_consts(%rip), $A1, $A1 vpaddd $state1_store, $B1, $B1 vpaddd $state2_store, $C1, $C1 vpaddd $ctr1_store, $D1, $D1 ___ $code.=<<___; - vpaddd .chacha20_consts(%rip), $A0, $A0 + vpaddd .Lchacha20_consts(%rip), $A0, $A0 vpaddd $state1_store, $B0, $B0 vpaddd $state2_store, $C0, $C0 vpaddd $ctr0_store, $D0, $D0 @@ -1536,11 +1587,10 @@ sub gen_chacha_round_avx2 { vpshufb $C0, $D2, $D2 vpshufb $C0, $D1, $D1 vpshufb $C0, $D0, $D0 - vmovdqa $tmp_store, $C0 vpaddd $D3, $C3, $C3 vpaddd $D2, $C2, $C2 vpaddd $D1, $C1, $C1 - vpaddd $D0, $C0, $C0 + vpaddd $tmp_store, $D0, $C0 vpxor $C3, $B3, $B3 vpxor $C2, $B2, $B2 vpxor $C1, $B1, $B1 @@ -1577,77 +1627,90 @@ sub gen_chacha_round_avx2 { return $round; }; -$chacha_body = &gen_chacha_round_avx2(20, ".rol16(%rip)") . - &gen_chacha_round_avx2(25, ".rol8(%rip)", "left") . - &gen_chacha_round_avx2(20, ".rol16(%rip)") . - &gen_chacha_round_avx2(25, ".rol8(%rip)", "right"); +$chacha_body = &gen_chacha_round_avx2(20, ".Lrol16(%rip)") . + &gen_chacha_round_avx2(25, ".Lrol8(%rip)", "left") . + &gen_chacha_round_avx2(20, ".Lrol16(%rip)") . + &gen_chacha_round_avx2(25, ".Lrol8(%rip)", "right"); @loop_body = split /\n/, $chacha_body; $code.=" ############################################################################### -.type chacha20_poly1305_open_avx2,\@function,2 +.type chacha20_poly1305_open_avx2,\@abi-omnipotent .align 64 chacha20_poly1305_open_avx2: +.cfi_startproc + +# Since the AVX2 function operates in the frame of the SSE function, we just copy the frame state to over here +.cfi_push %rbp +.cfi_push %rbx +.cfi_push %r12 +.cfi_push %r13 +.cfi_push %r14 +.cfi_push %r15 +.cfi_push $keyp +.cfi_adjust_cfa_offset 288 + 32 + vzeroupper - vmovdqa .chacha20_consts(%rip), $A0 + vmovdqa .Lchacha20_consts(%rip), $A0 vbroadcasti128 0*16($keyp), $B0 vbroadcasti128 1*16($keyp), $C0 vbroadcasti128 2*16($keyp), $D0 - vpaddd .avx2_init(%rip), $D0, $D0 + vpaddd .Lavx2_init(%rip), $D0, $D0 cmp \$6*32, $inl - jbe open_avx2_192 + jbe .Lopen_avx2_192 cmp \$10*32, $inl - jbe open_avx2_320 + jbe .Lopen_avx2_320 vmovdqa $B0, $state1_store vmovdqa $C0, $state2_store vmovdqa $D0, $ctr0_store mov \$10, $acc0 -1: \n"; +.Lopen_avx2_init_rounds: \n"; &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"right"); $code.=" dec $acc0 - jne 1b - vpaddd .chacha20_consts(%rip), $A0, $A0 + jne .Lopen_avx2_init_rounds + vpaddd .Lchacha20_consts(%rip), $A0, $A0 vpaddd $state1_store, $B0, $B0 vpaddd $state2_store, $C0, $C0 vpaddd $ctr0_store, $D0, $D0 vperm2i128 \$0x02, $A0, $B0, $T0 # Clamp and store key - vpand .clamp(%rip), $T0, $T0 + vpand .Lclamp(%rip), $T0, $T0 vmovdqa $T0, $r_store # Stream for the first 64 bytes vperm2i128 \$0x13, $A0, $B0, $A0 vperm2i128 \$0x13, $C0, $D0, $B0 # Hash AD + first 64 bytes - mov %r8, $itr2 + mov $adl, $itr2 call poly_hash_ad_internal - xor $itr1, $itr1 # Hash first 64 bytes -1: \n"; - &poly_add("0($inp, $itr1)"); + xor $itr1, $itr1 +.Lopen_avx2_init_hash: \n"; + &poly_add("0($inp,$itr1)"); &poly_mul(); $code.=" add \$16, $itr1 cmp \$2*32, $itr1 - jne 1b + jne .Lopen_avx2_init_hash # Decrypt first 64 bytes vpxor 0*32($inp), $A0, $A0 vpxor 1*32($inp), $B0, $B0 + # Store first 64 bytes of decrypted data vmovdqu $A0, 0*32($oup) vmovdqu $B0, 1*32($oup) lea 2*32($inp), $inp lea 2*32($oup), $oup sub \$2*32, $inl -1: +.Lopen_avx2_main_loop: # Hash and decrypt 512 bytes each iteration cmp \$16*32, $inl - jb 3f\n"; - &prep_state_avx2(4); $code.=" + jb .Lopen_avx2_main_loop_done\n"; + &prep_state_avx2(4); $code.=" xor $itr1, $itr1 -2: \n"; - &poly_add("0*8($inp, $itr1)"); +.Lopen_avx2_main_loop_rounds: \n"; + &poly_add("0*8($inp,$itr1)"); &emit_body(10); &poly_stage1_mulx(); &emit_body(9); @@ -1657,7 +1720,7 @@ sub gen_chacha_round_avx2 { &emit_body(10); &poly_reduce_stage(); &emit_body(9); - &poly_add("2*8($inp, $itr1)"); + &poly_add("2*8($inp,$itr1)"); &emit_body(8); &poly_stage1_mulx(); &emit_body(18); @@ -1667,7 +1730,7 @@ sub gen_chacha_round_avx2 { &emit_body(9); &poly_reduce_stage(); &emit_body(8); - &poly_add("4*8($inp, $itr1)"); $code.=" + &poly_add("4*8($inp,$itr1)"); $code.=" lea 6*8($itr1), $itr1\n"; &emit_body(18); &poly_stage1_mulx(); @@ -1680,7 +1743,7 @@ sub gen_chacha_round_avx2 { foreach $l (@loop_body) {$code.=$l."\n";} @loop_body = split /\n/, $chacha_body; $code.=" cmp \$10*6*8, $itr1 - jne 2b\n"; + jne .Lopen_avx2_main_loop_rounds\n"; &finalize_state_avx2(4); $code.=" vmovdqa $A0, $tmp_store\n"; &poly_add("10*6*8($inp)"); @@ -1695,14 +1758,18 @@ sub gen_chacha_round_avx2 { lea 16*32($inp), $inp lea 16*32($oup), $oup sub \$16*32, $inl - jmp 1b -3: + jmp .Lopen_avx2_main_loop +.Lopen_avx2_main_loop_done: test $inl, $inl vzeroupper - je open_sse_finalize -3: + je .Lopen_sse_finalize + + cmp \$12*32, $inl + ja .Lopen_avx2_tail_512 + cmp \$8*32, $inl + ja .Lopen_avx2_tail_384 cmp \$4*32, $inl - ja 3f\n"; + ja .Lopen_avx2_tail_256\n"; ############################################################################### # 1-128 bytes left &prep_state_avx2(1); $code.=" @@ -1710,25 +1777,23 @@ sub gen_chacha_round_avx2 { mov $inl, $itr1 and \$-16, $itr1 test $itr1, $itr1 - je 2f -1: \n"; - &poly_add("0*8($inp, $itr2)"); + je .Lopen_avx2_tail_128_rounds # Have nothing to hash +.Lopen_avx2_tail_128_rounds_and_x1hash: \n"; + &poly_add("0*8($inp,$itr2)"); &poly_mul(); $code.=" -2: +.Lopen_avx2_tail_128_rounds: add \$16, $itr2\n"; &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"right"); $code.=" cmp $itr1, $itr2 - jb 1b + jb .Lopen_avx2_tail_128_rounds_and_x1hash cmp \$160, $itr2 - jne 2b\n"; + jne .Lopen_avx2_tail_128_rounds\n"; &finalize_state_avx2(1); &finish_stream_avx2($A0,$B0,$C0,$D0,$T0); $code.=" - jmp open_avx2_tail_loop -3: - cmp \$8*32, $inl - ja 3f\n"; + jmp .Lopen_avx2_tail_128_xor ############################################################################### +.Lopen_avx2_tail_256: \n"; # 129-256 bytes left &prep_state_avx2(2); $code.=" mov $inl, $tmp_store @@ -1740,11 +1805,11 @@ sub gen_chacha_round_avx2 { cmovg $itr2, $itr1 mov $inp, $inl xor $itr2, $itr2 -1: \n"; +.Lopen_avx2_tail_256_rounds_and_x1hash: \n"; &poly_add("0*8($inl)"); &poly_mul_mulx(); $code.=" lea 16($inl), $inl -2: \n"; +.Lopen_avx2_tail_256_rounds: \n"; &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr_avx2($A1,$B1,$C1,$D1,$T0,"left"); $code.=" inc $itr2\n"; @@ -1752,33 +1817,31 @@ sub gen_chacha_round_avx2 { &chacha_qr_avx2($A1,$B1,$C1,$D1,$T0,"right"); &chacha_qr_avx2($A2,$B2,$C2,$D2,$T0,"right"); $code.=" cmp $itr1, $itr2 - jb 1b + jb .Lopen_avx2_tail_256_rounds_and_x1hash cmp \$10, $itr2 - jne 2b + jne .Lopen_avx2_tail_256_rounds mov $inl, $itr2 sub $inp, $inl mov $inl, $itr1 mov $tmp_store, $inl -1: +.Lopen_avx2_tail_256_hash: add \$16, $itr1 cmp $inl, $itr1 - jg 1f\n"; + jg .Lopen_avx2_tail_256_done\n"; &poly_add("0*8($itr2)"); &poly_mul_mulx(); $code.=" lea 16($itr2), $itr2 - jmp 1b -1: \n"; + jmp .Lopen_avx2_tail_256_hash +.Lopen_avx2_tail_256_done: \n"; &finalize_state_avx2(2); &xor_stream_avx2($A1, $B1, $C1, $D1, 0*32, $T0); &finish_stream_avx2($A0, $B0, $C0, $D0, $T0); $code.=" lea 4*32($inp), $inp lea 4*32($oup), $oup sub \$4*32, $inl - jmp open_avx2_tail_loop -3: - cmp \$12*32, $inl - ja 3f\n"; + jmp .Lopen_avx2_tail_128_xor ############################################################################### +.Lopen_avx2_tail_384: \n"; # 257-383 bytes left &prep_state_avx2(3); $code.=" mov $inl, $tmp_store @@ -1791,11 +1854,11 @@ sub gen_chacha_round_avx2 { cmovg $itr2, $itr1 mov $inp, $inl xor $itr2, $itr2 -1: \n"; +.Lopen_avx2_tail_384_rounds_and_x2hash: \n"; &poly_add("0*8($inl)"); &poly_mul_mulx(); $code.=" lea 16($inl), $inl -2: \n"; +.Lopen_avx2_tail_384_rounds_and_x1hash: \n"; &chacha_qr_avx2($A2,$B2,$C2,$D2,$T0,"left"); &chacha_qr_avx2($A1,$B1,$C1,$D1,$T0,"left"); &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"left"); @@ -1807,22 +1870,22 @@ sub gen_chacha_round_avx2 { &chacha_qr_avx2($A1,$B1,$C1,$D1,$T0,"right"); &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"right"); $code.=" cmp $itr1, $itr2 - jb 1b + jb .Lopen_avx2_tail_384_rounds_and_x2hash cmp \$10, $itr2 - jne 2b + jne .Lopen_avx2_tail_384_rounds_and_x1hash mov $inl, $itr2 sub $inp, $inl mov $inl, $itr1 mov $tmp_store, $inl -1: +.Lopen_avx2_384_tail_hash: add \$16, $itr1 cmp $inl, $itr1 - jg 1f\n"; + jg .Lopen_avx2_384_tail_done\n"; &poly_add("0*8($itr2)"); &poly_mul_mulx(); $code.=" lea 16($itr2), $itr2 - jmp 1b -1: \n"; + jmp .Lopen_avx2_384_tail_hash +.Lopen_avx2_384_tail_done: \n"; &finalize_state_avx2(3); &xor_stream_avx2($A2, $B2, $C2, $D2, 0*32, $T0); &xor_stream_avx2($A1, $B1, $C1, $D1, 4*32, $T0); @@ -1830,18 +1893,18 @@ sub gen_chacha_round_avx2 { lea 8*32($inp), $inp lea 8*32($oup), $oup sub \$8*32, $inl - jmp open_avx2_tail_loop -3: \n"; + jmp .Lopen_avx2_tail_128_xor ############################################################################### +.Lopen_avx2_tail_512: \n"; # 384-512 bytes left &prep_state_avx2(4); $code.=" xor $itr1, $itr1 mov $inp, $itr2 -1: \n"; +.Lopen_avx2_tail_512_rounds_and_x2hash: \n"; &poly_add("0*8($itr2)"); &poly_mul(); $code.=" lea 2*8($itr2), $itr2 -2: \n"; +.Lopen_avx2_tail_512_rounds_and_x1hash: \n"; &emit_body(37); &poly_add("0*8($itr2)"); &poly_mul_mulx(); @@ -1853,21 +1916,21 @@ sub gen_chacha_round_avx2 { @loop_body = split /\n/, $chacha_body; $code.=" inc $itr1 cmp \$4, $itr1 - jl 1b + jl .Lopen_avx2_tail_512_rounds_and_x2hash cmp \$10, $itr1 - jne 2b + jne .Lopen_avx2_tail_512_rounds_and_x1hash mov $inl, $itr1 sub \$12*32, $itr1 and \$-16, $itr1 -1: +.Lopen_avx2_tail_512_hash: test $itr1, $itr1 - je 1f\n"; + je .Lopen_avx2_tail_512_done\n"; &poly_add("0*8($itr2)"); &poly_mul_mulx(); $code.=" lea 2*8($itr2), $itr2 sub \$2*8, $itr1 - jmp 1b -1: \n"; + jmp .Lopen_avx2_tail_512_hash +.Lopen_avx2_tail_512_done: \n"; &finalize_state_avx2(4); $code.=" vmovdqa $A0, $tmp_store\n"; &xor_stream_avx2($A3, $B3, $C3, $D3, 0*32, $A0); $code.=" @@ -1878,9 +1941,9 @@ sub gen_chacha_round_avx2 { lea 12*32($inp), $inp lea 12*32($oup), $oup sub \$12*32, $inl -open_avx2_tail_loop: +.Lopen_avx2_tail_128_xor: cmp \$32, $inl - jb open_avx2_tail + jb .Lopen_avx2_tail_32_xor sub \$32, $inl vpxor ($inp), $A0, $A0 vmovdqu $A0, ($oup) @@ -1889,11 +1952,11 @@ sub gen_chacha_round_avx2 { vmovdqa $B0, $A0 vmovdqa $C0, $B0 vmovdqa $D0, $C0 - jmp open_avx2_tail_loop -open_avx2_tail: + jmp .Lopen_avx2_tail_128_xor +.Lopen_avx2_tail_32_xor: cmp \$16, $inl vmovdqa $A0x, $A1x - jb 1f + jb .Lopen_avx2_exit sub \$16, $inl #load for decryption vpxor ($inp), $A0x, $A1x @@ -1902,28 +1965,28 @@ sub gen_chacha_round_avx2 { lea 1*16($oup), $oup vperm2i128 \$0x11, $A0, $A0, $A0 vmovdqa $A0x, $A1x -1: +.Lopen_avx2_exit: vzeroupper - jmp open_sse_tail_16 + jmp .Lopen_sse_tail_16 ############################################################################### -open_avx2_192: +.Lopen_avx2_192: vmovdqa $A0, $A1 vmovdqa $A0, $A2 vmovdqa $B0, $B1 vmovdqa $B0, $B2 vmovdqa $C0, $C1 vmovdqa $C0, $C2 - vpaddd .avx2_inc(%rip), $D0, $D1 + vpaddd .Lavx2_inc(%rip), $D0, $D1 vmovdqa $D0, $T2 vmovdqa $D1, $T3 mov \$10, $acc0 -1: \n"; +.Lopen_avx2_192_rounds: \n"; &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr_avx2($A1,$B1,$C1,$D1,$T0,"left"); &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"right"); &chacha_qr_avx2($A1,$B1,$C1,$D1,$T0,"right"); $code.=" dec $acc0 - jne 1b + jne .Lopen_avx2_192_rounds vpaddd $A2, $A0, $A0 vpaddd $A2, $A1, $A1 vpaddd $B2, $B0, $B0 @@ -1934,7 +1997,7 @@ sub gen_chacha_round_avx2 { vpaddd $T3, $D1, $D1 vperm2i128 \$0x02, $A0, $B0, $T0 # Clamp and store the key - vpand .clamp(%rip), $T0, $T0 + vpand .Lclamp(%rip), $T0, $T0 vmovdqa $T0, $r_store # Stream for up to 192 bytes vperm2i128 \$0x13, $A0, $B0, $A0 @@ -1943,12 +2006,12 @@ sub gen_chacha_round_avx2 { vperm2i128 \$0x02, $C1, $D1, $D0 vperm2i128 \$0x13, $A1, $B1, $A1 vperm2i128 \$0x13, $C1, $D1, $B1 -open_avx2_short: - mov %r8, $itr2 +.Lopen_avx2_short: + mov $adl, $itr2 call poly_hash_ad_internal -open_avx2_hash_and_xor_loop: +.Lopen_avx2_short_hash_and_xor_loop: cmp \$32, $inl - jb open_avx2_short_tail_32 + jb .Lopen_avx2_short_tail_32 sub \$32, $inl\n"; # Load + hash &poly_add("0*8($inp)"); @@ -1970,11 +2033,11 @@ sub gen_chacha_round_avx2 { vmovdqa $D1, $C1 vmovdqa $A2, $D1 vmovdqa $B2, $A2 - jmp open_avx2_hash_and_xor_loop -open_avx2_short_tail_32: + jmp .Lopen_avx2_short_hash_and_xor_loop +.Lopen_avx2_short_tail_32: cmp \$16, $inl vmovdqa $A0x, $A1x - jb 1f + jb .Lopen_avx2_short_tail_32_exit sub \$16, $inl\n"; &poly_add("0*8($inp)"); &poly_mul(); $code.=" @@ -1983,26 +2046,26 @@ sub gen_chacha_round_avx2 { lea 1*16($inp), $inp lea 1*16($oup), $oup vextracti128 \$1, $A0, $A1x -1: +.Lopen_avx2_short_tail_32_exit: vzeroupper - jmp open_sse_tail_16 + jmp .Lopen_sse_tail_16 ############################################################################### -open_avx2_320: +.Lopen_avx2_320: vmovdqa $A0, $A1 vmovdqa $A0, $A2 vmovdqa $B0, $B1 vmovdqa $B0, $B2 vmovdqa $C0, $C1 vmovdqa $C0, $C2 - vpaddd .avx2_inc(%rip), $D0, $D1 - vpaddd .avx2_inc(%rip), $D1, $D2 + vpaddd .Lavx2_inc(%rip), $D0, $D1 + vpaddd .Lavx2_inc(%rip), $D1, $D2 vmovdqa $B0, $T1 vmovdqa $C0, $T2 vmovdqa $D0, $ctr0_store vmovdqa $D1, $ctr1_store vmovdqa $D2, $ctr2_store mov \$10, $acc0 -1: \n"; +.Lopen_avx2_320_rounds: \n"; &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr_avx2($A1,$B1,$C1,$D1,$T0,"left"); &chacha_qr_avx2($A2,$B2,$C2,$D2,$T0,"left"); @@ -2010,10 +2073,10 @@ sub gen_chacha_round_avx2 { &chacha_qr_avx2($A1,$B1,$C1,$D1,$T0,"right"); &chacha_qr_avx2($A2,$B2,$C2,$D2,$T0,"right"); $code.=" dec $acc0 - jne 1b - vpaddd .chacha20_consts(%rip), $A0, $A0 - vpaddd .chacha20_consts(%rip), $A1, $A1 - vpaddd .chacha20_consts(%rip), $A2, $A2 + jne .Lopen_avx2_320_rounds + vpaddd .Lchacha20_consts(%rip), $A0, $A0 + vpaddd .Lchacha20_consts(%rip), $A1, $A1 + vpaddd .Lchacha20_consts(%rip), $A2, $A2 vpaddd $T1, $B0, $B0 vpaddd $T1, $B1, $B1 vpaddd $T1, $B2, $B2 @@ -2025,7 +2088,7 @@ sub gen_chacha_round_avx2 { vpaddd $ctr2_store, $D2, $D2 vperm2i128 \$0x02, $A0, $B0, $T0 # Clamp and store the key - vpand .clamp(%rip), $T0, $T0 + vpand .Lclamp(%rip), $T0, $T0 vmovdqa $T0, $r_store # Stream for up to 320 bytes vperm2i128 \$0x13, $A0, $B0, $A0 @@ -2038,23 +2101,36 @@ sub gen_chacha_round_avx2 { vperm2i128 \$0x02, $C2, $D2, $D1 vperm2i128 \$0x13, $A2, $B2, $A2 vperm2i128 \$0x13, $C2, $D2, $B2 - jmp open_avx2_short + jmp .Lopen_avx2_short .size chacha20_poly1305_open_avx2, .-chacha20_poly1305_open_avx2 +.cfi_endproc ############################################################################### ############################################################################### -.type chacha20_poly1305_seal_avx2,\@function,2 +.type chacha20_poly1305_seal_avx2,\@abi-omnipotent .align 64 chacha20_poly1305_seal_avx2: +.cfi_startproc + +# Since the AVX2 function operates in the frame of the SSE function, we just copy the frame state to over here +.cfi_push %rbp +.cfi_push %rbx +.cfi_push %r12 +.cfi_push %r13 +.cfi_push %r14 +.cfi_push %r15 +.cfi_push $keyp +.cfi_adjust_cfa_offset 288 + 32 + vzeroupper - vmovdqa .chacha20_consts(%rip), $A0 + vmovdqa .Lchacha20_consts(%rip), $A0 vbroadcasti128 0*16($keyp), $B0 vbroadcasti128 1*16($keyp), $C0 vbroadcasti128 2*16($keyp), $D0 - vpaddd .avx2_init(%rip), $D0, $D0 + vpaddd .Lavx2_init(%rip), $D0, $D0 cmp \$6*32, $inl - jbe seal_avx2_192 + jbe .Lseal_avx2_192 cmp \$10*32, $inl - jbe seal_avx2_320 + jbe .Lseal_avx2_320 vmovdqa $A0, $A1 vmovdqa $A0, $A2 vmovdqa $A0, $A3 @@ -2067,26 +2143,26 @@ sub gen_chacha_round_avx2 { vmovdqa $C0, $C3 vmovdqa $C0, $state2_store vmovdqa $D0, $D3 - vpaddd .avx2_inc(%rip), $D3, $D2 - vpaddd .avx2_inc(%rip), $D2, $D1 - vpaddd .avx2_inc(%rip), $D1, $D0 + vpaddd .Lavx2_inc(%rip), $D3, $D2 + vpaddd .Lavx2_inc(%rip), $D2, $D1 + vpaddd .Lavx2_inc(%rip), $D1, $D0 vmovdqa $D0, $ctr0_store vmovdqa $D1, $ctr1_store vmovdqa $D2, $ctr2_store vmovdqa $D3, $ctr3_store mov \$10, $acc0 -1: \n"; +.Lseal_avx2_init_rounds: \n"; foreach $l (@loop_body) {$code.=$l."\n";} @loop_body = split /\n/, $chacha_body; $code.=" dec $acc0 - jnz 1b\n"; + jnz .Lseal_avx2_init_rounds\n"; &finalize_state_avx2(4); $code.=" vperm2i128 \$0x13, $C3, $D3, $C3 vperm2i128 \$0x02, $A3, $B3, $D3 vperm2i128 \$0x13, $A3, $B3, $A3 - vpand .clamp(%rip), $D3, $D3 + vpand .Lclamp(%rip), $D3, $D3 vmovdqa $D3, $r_store - mov %r8, $itr2 + mov $adl, $itr2 call poly_hash_ad_internal # Safely store 320 bytes (otherwise would handle with optimized call) vpxor 0*32($inp), $A3, $A3 @@ -2100,7 +2176,7 @@ sub gen_chacha_round_avx2 { sub \$10*32, $inl mov \$10*32, $itr1 cmp \$4*32, $inl - jbe seal_avx2_hash + jbe .Lseal_avx2_short_hash_remainder vpxor 0*32($inp), $A0, $A0 vpxor 1*32($inp), $B0, $B0 vpxor 2*32($inp), $C0, $C0 @@ -2114,13 +2190,13 @@ sub gen_chacha_round_avx2 { mov \$8, $itr1 mov \$2, $itr2 cmp \$4*32, $inl - jbe seal_avx2_tail_128 + jbe .Lseal_avx2_tail_128 cmp \$8*32, $inl - jbe seal_avx2_tail_256 + jbe .Lseal_avx2_tail_256 cmp \$12*32, $inl - jbe seal_avx2_tail_384 + jbe .Lseal_avx2_tail_384 cmp \$16*32, $inl - jbe seal_avx2_tail_512\n"; + jbe .Lseal_avx2_tail_512\n"; # We have 448 bytes to hash, but main loop hashes 512 bytes at a time - perform some rounds, before the main loop &prep_state_avx2(4); foreach $l (@loop_body) {$code.=$l."\n";} @@ -2129,11 +2205,13 @@ sub gen_chacha_round_avx2 { @loop_body = split /\n/, $chacha_body; $code.=" sub \$16, $oup mov \$9, $itr1 - jmp 4f -1: \n"; + jmp .Lseal_avx2_main_loop_rounds_entry +.align 32 +.Lseal_avx2_main_loop: \n"; &prep_state_avx2(4); $code.=" mov \$10, $itr1 -2: \n"; +.align 32 +.Lseal_avx2_main_loop_rounds: \n"; &poly_add("0*8($oup)"); &emit_body(10); &poly_stage1_mulx(); @@ -2143,7 +2221,7 @@ sub gen_chacha_round_avx2 { &poly_stage3_mulx(); &emit_body(10); &poly_reduce_stage(); $code.=" -4: \n"; +.Lseal_avx2_main_loop_rounds_entry: \n"; &emit_body(9); &poly_add("2*8($oup)"); &emit_body(8); @@ -2168,65 +2246,68 @@ sub gen_chacha_round_avx2 { foreach $l (@loop_body) {$code.=$l."\n";} @loop_body = split /\n/, $chacha_body; $code.=" dec $itr1 - jne 2b\n"; + jne .Lseal_avx2_main_loop_rounds\n"; &finalize_state_avx2(4); $code.=" - lea 4*8($oup), $oup vmovdqa $A0, $tmp_store\n"; - &poly_add("-4*8($oup)"); + &poly_add("0*8($oup)"); + &poly_mul_mulx(); + &poly_add("2*8($oup)"); + &poly_mul_mulx(); $code.=" + lea 4*8($oup), $oup\n"; &xor_stream_avx2($A3, $B3, $C3, $D3, 0*32, $A0); $code.=" vmovdqa $tmp_store, $A0\n"; - &poly_mul(); &xor_stream_avx2($A2, $B2, $C2, $D2, 4*32, $A3); - &poly_add("-2*8($oup)"); &xor_stream_avx2($A1, $B1, $C1, $D1, 8*32, $A3); - &poly_mul(); &xor_stream_avx2($A0, $B0, $C0, $D0, 12*32, $A3); $code.=" lea 16*32($inp), $inp sub \$16*32, $inl cmp \$16*32, $inl - jg 1b\n"; + jg .Lseal_avx2_main_loop +\n"; &poly_add("0*8($oup)"); - &poly_mul(); + &poly_mul_mulx(); &poly_add("2*8($oup)"); - &poly_mul(); $code.=" + &poly_mul_mulx(); $code.=" lea 4*8($oup), $oup mov \$10, $itr1 xor $itr2, $itr2 + + cmp \$12*32, $inl + ja .Lseal_avx2_tail_512 + cmp \$8*32, $inl + ja .Lseal_avx2_tail_384 cmp \$4*32, $inl - ja 3f + ja .Lseal_avx2_tail_256 ############################################################################### -seal_avx2_tail_128:\n"; +.Lseal_avx2_tail_128:\n"; &prep_state_avx2(1); $code.=" -1: \n"; +.Lseal_avx2_tail_128_rounds_and_3xhash: \n"; &poly_add("0($oup)"); - &poly_mul(); $code.=" + &poly_mul_mulx(); $code.=" lea 2*8($oup), $oup -2: \n"; +.Lseal_avx2_tail_128_rounds_and_2xhash: \n"; &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"left"); &poly_add("0*8($oup)"); - &poly_mul(); + &poly_mul_mulx(); &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"right"); &poly_add("2*8($oup)"); - &poly_mul(); $code.=" + &poly_mul_mulx(); $code.=" lea 4*8($oup), $oup dec $itr1 - jg 1b + jg .Lseal_avx2_tail_128_rounds_and_3xhash dec $itr2 - jge 2b\n"; + jge .Lseal_avx2_tail_128_rounds_and_2xhash\n"; &finalize_state_avx2(1); &finish_stream_avx2($A0,$B0,$C0,$D0,$T0); $code.=" - jmp seal_avx2_short_loop -3: - cmp \$8*32, $inl - ja 3f + jmp .Lseal_avx2_short_loop ############################################################################### -seal_avx2_tail_256:\n"; +.Lseal_avx2_tail_256:\n"; &prep_state_avx2(2); $code.=" -1: \n"; +.Lseal_avx2_tail_256_rounds_and_3xhash: \n"; &poly_add("0($oup)"); &poly_mul(); $code.=" lea 2*8($oup), $oup -2: \n"; +.Lseal_avx2_tail_256_rounds_and_2xhash: \n"; &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr_avx2($A1,$B1,$C1,$D1,$T0,"left"); &poly_add("0*8($oup)"); @@ -2237,27 +2318,24 @@ sub gen_chacha_round_avx2 { &poly_mul(); $code.=" lea 4*8($oup), $oup dec $itr1 - jg 1b + jg .Lseal_avx2_tail_256_rounds_and_3xhash dec $itr2 - jge 2b\n"; + jge .Lseal_avx2_tail_256_rounds_and_2xhash\n"; &finalize_state_avx2(2); &xor_stream_avx2($A1,$B1,$C1,$D1,0*32,$T0); &finish_stream_avx2($A0,$B0,$C0,$D0,$T0); $code.=" mov \$4*32, $itr1 lea 4*32($inp), $inp sub \$4*32, $inl - jmp seal_avx2_hash -3: - cmp \$12*32, $inl - ja seal_avx2_tail_512 + jmp .Lseal_avx2_short_hash_remainder ############################################################################### -seal_avx2_tail_384:\n"; +.Lseal_avx2_tail_384:\n"; &prep_state_avx2(3); $code.=" -1: \n"; +.Lseal_avx2_tail_384_rounds_and_3xhash: \n"; &poly_add("0($oup)"); &poly_mul(); $code.=" lea 2*8($oup), $oup -2: \n"; +.Lseal_avx2_tail_384_rounds_and_2xhash: \n"; &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr_avx2($A1,$B1,$C1,$D1,$T0,"left"); &poly_add("0*8($oup)"); @@ -2270,9 +2348,9 @@ sub gen_chacha_round_avx2 { &chacha_qr_avx2($A2,$B2,$C2,$D2,$T0,"right"); $code.=" lea 4*8($oup), $oup dec $itr1 - jg 1b + jg .Lseal_avx2_tail_384_rounds_and_3xhash dec $itr2 - jge 2b\n"; + jge .Lseal_avx2_tail_384_rounds_and_2xhash\n"; &finalize_state_avx2(3); &xor_stream_avx2($A2,$B2,$C2,$D2,0*32,$T0); &xor_stream_avx2($A1,$B1,$C1,$D1,4*32,$T0); @@ -2280,15 +2358,15 @@ sub gen_chacha_round_avx2 { mov \$8*32, $itr1 lea 8*32($inp), $inp sub \$8*32, $inl - jmp seal_avx2_hash + jmp .Lseal_avx2_short_hash_remainder ############################################################################### -seal_avx2_tail_512:\n"; +.Lseal_avx2_tail_512:\n"; &prep_state_avx2(4); $code.=" -1: \n"; +.Lseal_avx2_tail_512_rounds_and_3xhash: \n"; &poly_add("0($oup)"); &poly_mul_mulx(); $code.=" lea 2*8($oup), $oup -2: \n"; +.Lseal_avx2_tail_512_rounds_and_2xhash: \n"; &emit_body(20); &poly_add("0*8($oup)"); &emit_body(20); @@ -2313,9 +2391,9 @@ sub gen_chacha_round_avx2 { @loop_body = split /\n/, $chacha_body; $code.=" lea 4*8($oup), $oup dec $itr1 - jg 1b + jg .Lseal_avx2_tail_512_rounds_and_3xhash dec $itr2 - jge 2b\n"; + jge .Lseal_avx2_tail_512_rounds_and_2xhash\n"; &finalize_state_avx2(4); $code.=" vmovdqa $A0, $tmp_store\n"; &xor_stream_avx2($A3, $B3, $C3, $D3, 0*32, $A0); $code.=" @@ -2326,24 +2404,24 @@ sub gen_chacha_round_avx2 { mov \$12*32, $itr1 lea 12*32($inp), $inp sub \$12*32, $inl - jmp seal_avx2_hash + jmp .Lseal_avx2_short_hash_remainder ################################################################################ -seal_avx2_320: +.Lseal_avx2_320: vmovdqa $A0, $A1 vmovdqa $A0, $A2 vmovdqa $B0, $B1 vmovdqa $B0, $B2 vmovdqa $C0, $C1 vmovdqa $C0, $C2 - vpaddd .avx2_inc(%rip), $D0, $D1 - vpaddd .avx2_inc(%rip), $D1, $D2 + vpaddd .Lavx2_inc(%rip), $D0, $D1 + vpaddd .Lavx2_inc(%rip), $D1, $D2 vmovdqa $B0, $T1 vmovdqa $C0, $T2 vmovdqa $D0, $ctr0_store vmovdqa $D1, $ctr1_store vmovdqa $D2, $ctr2_store mov \$10, $acc0 -1: \n"; +.Lseal_avx2_320_rounds: \n"; &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr_avx2($A1,$B1,$C1,$D1,$T0,"left"); &chacha_qr_avx2($A2,$B2,$C2,$D2,$T0,"left"); @@ -2351,10 +2429,10 @@ sub gen_chacha_round_avx2 { &chacha_qr_avx2($A1,$B1,$C1,$D1,$T0,"right"); &chacha_qr_avx2($A2,$B2,$C2,$D2,$T0,"right"); $code.=" dec $acc0 - jne 1b - vpaddd .chacha20_consts(%rip), $A0, $A0 - vpaddd .chacha20_consts(%rip), $A1, $A1 - vpaddd .chacha20_consts(%rip), $A2, $A2 + jne .Lseal_avx2_320_rounds + vpaddd .Lchacha20_consts(%rip), $A0, $A0 + vpaddd .Lchacha20_consts(%rip), $A1, $A1 + vpaddd .Lchacha20_consts(%rip), $A2, $A2 vpaddd $T1, $B0, $B0 vpaddd $T1, $B1, $B1 vpaddd $T1, $B2, $B2 @@ -2366,7 +2444,7 @@ sub gen_chacha_round_avx2 { vpaddd $ctr2_store, $D2, $D2 vperm2i128 \$0x02, $A0, $B0, $T0 # Clamp and store the key - vpand .clamp(%rip), $T0, $T0 + vpand .Lclamp(%rip), $T0, $T0 vmovdqa $T0, $r_store # Stream for up to 320 bytes vperm2i128 \$0x13, $A0, $B0, $A0 @@ -2379,26 +2457,26 @@ sub gen_chacha_round_avx2 { vperm2i128 \$0x02, $C2, $D2, $D1 vperm2i128 \$0x13, $A2, $B2, $A2 vperm2i128 \$0x13, $C2, $D2, $B2 - jmp seal_avx2_short + jmp .Lseal_avx2_short ################################################################################ -seal_avx2_192: +.Lseal_avx2_192: vmovdqa $A0, $A1 vmovdqa $A0, $A2 vmovdqa $B0, $B1 vmovdqa $B0, $B2 vmovdqa $C0, $C1 vmovdqa $C0, $C2 - vpaddd .avx2_inc(%rip), $D0, $D1 + vpaddd .Lavx2_inc(%rip), $D0, $D1 vmovdqa $D0, $T2 vmovdqa $D1, $T3 mov \$10, $acc0 -1: \n"; +.Lseal_avx2_192_rounds: \n"; &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"left"); &chacha_qr_avx2($A1,$B1,$C1,$D1,$T0,"left"); &chacha_qr_avx2($A0,$B0,$C0,$D0,$T0,"right"); &chacha_qr_avx2($A1,$B1,$C1,$D1,$T0,"right"); $code.=" dec $acc0 - jne 1b + jne .Lseal_avx2_192_rounds vpaddd $A2, $A0, $A0 vpaddd $A2, $A1, $A1 vpaddd $B2, $B0, $B0 @@ -2409,7 +2487,7 @@ sub gen_chacha_round_avx2 { vpaddd $T3, $D1, $D1 vperm2i128 \$0x02, $A0, $B0, $T0 # Clamp and store the key - vpand .clamp(%rip), $T0, $T0 + vpand .Lclamp(%rip), $T0, $T0 vmovdqa $T0, $r_store # Stream for up to 192 bytes vperm2i128 \$0x13, $A0, $B0, $A0 @@ -2418,21 +2496,21 @@ sub gen_chacha_round_avx2 { vperm2i128 \$0x02, $C1, $D1, $D0 vperm2i128 \$0x13, $A1, $B1, $A1 vperm2i128 \$0x13, $C1, $D1, $B1 -seal_avx2_short: - mov %r8, $itr2 +.Lseal_avx2_short: + mov $adl, $itr2 call poly_hash_ad_internal xor $itr1, $itr1 -seal_avx2_hash: +.Lseal_avx2_short_hash_remainder: cmp \$16, $itr1 - jb seal_avx2_short_loop\n"; + jb .Lseal_avx2_short_loop\n"; &poly_add("0($oup)"); &poly_mul(); $code.=" sub \$16, $itr1 add \$16, $oup - jmp seal_avx2_hash -seal_avx2_short_loop: + jmp .Lseal_avx2_short_hash_remainder +.Lseal_avx2_short_loop: cmp \$32, $inl - jb seal_avx2_short_tail + jb .Lseal_avx2_short_tail sub \$32, $inl # Encrypt vpxor ($inp), $A0, $A0 @@ -2454,10 +2532,10 @@ sub gen_chacha_round_avx2 { vmovdqa $D1, $C1 vmovdqa $A2, $D1 vmovdqa $B2, $A2 - jmp seal_avx2_short_loop -seal_avx2_short_tail: + jmp .Lseal_avx2_short_loop +.Lseal_avx2_short_tail: cmp \$16, $inl - jb 1f + jb .Lseal_avx2_exit sub \$16, $inl vpxor ($inp), $A0x, $A3x vmovdqu $A3x, ($oup) @@ -2466,24 +2544,16 @@ sub gen_chacha_round_avx2 { &poly_mul(); $code.=" lea 1*16($oup), $oup vextracti128 \$1, $A0, $A0x -1: +.Lseal_avx2_exit: vzeroupper - jmp seal_sse_tail_16 + jmp .Lseal_sse_tail_16 .cfi_endproc +.size chacha20_poly1305_seal_avx2, .-chacha20_poly1305_seal_avx2 "; } -if (!$win64) { - $code =~ s/\`([^\`]*)\`/eval $1/gem; - print $code; -} else { - print <<___; -.text -.globl dummy_chacha20_poly1305_asm -.type dummy_chacha20_poly1305_asm,\@abi-omnipotent -dummy_chacha20_poly1305_asm: - ret -___ -} +$code =~ s/\`([^\`]*)\`/eval $1/gem; + +print $code; close STDOUT or die "error closing STDOUT"; diff --git a/crypto/cipher_extra/e_chacha20poly1305.c b/crypto/cipher_extra/e_chacha20poly1305.c index 1c175e9aa0..1650188958 100644 --- a/crypto/cipher_extra/e_chacha20poly1305.c +++ b/crypto/cipher_extra/e_chacha20poly1305.c @@ -18,18 +18,15 @@ #include #include -#include #include #include #include #include +#include "internal.h" +#include "../chacha/internal.h" #include "../fipsmodule/cipher/internal.h" #include "../internal.h" -#include "../chacha/internal.h" - - -#define POLY1305_TAG_LEN 16 struct aead_chacha20_poly1305_ctx { uint8_t key[32]; @@ -44,78 +41,6 @@ OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >= "AEAD state has insufficient alignment"); #endif -// For convenience (the x86_64 calling convention allows only six parameters in -// registers), the final parameter for the assembly functions is both an input -// and output parameter. -union open_data { - struct { - alignas(16) uint8_t key[32]; - uint32_t counter; - uint8_t nonce[12]; - } in; - struct { - uint8_t tag[POLY1305_TAG_LEN]; - } out; -}; - -union seal_data { - struct { - alignas(16) uint8_t key[32]; - uint32_t counter; - uint8_t nonce[12]; - const uint8_t *extra_ciphertext; - size_t extra_ciphertext_len; - } in; - struct { - uint8_t tag[POLY1305_TAG_LEN]; - } out; -}; - -#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) && \ - !defined(OPENSSL_WINDOWS) -static int asm_capable(void) { - const int sse41_capable = (OPENSSL_ia32cap_P[1] & (1 << 19)) != 0; - return sse41_capable; -} - -OPENSSL_STATIC_ASSERT(sizeof(union open_data) == 48, "wrong open_data size"); -OPENSSL_STATIC_ASSERT(sizeof(union seal_data) == 48 + 8 + 8, - "wrong seal_data size"); - -// chacha20_poly1305_open is defined in chacha20_poly1305_x86_64.pl. It decrypts -// |plaintext_len| bytes from |ciphertext| and writes them to |out_plaintext|. -// Additional input parameters are passed in |aead_data->in|. On exit, it will -// write calculated tag value to |aead_data->out.tag|, which the caller must -// check. -extern void chacha20_poly1305_open(uint8_t *out_plaintext, - const uint8_t *ciphertext, - size_t plaintext_len, const uint8_t *ad, - size_t ad_len, union open_data *aead_data); - -// chacha20_poly1305_open is defined in chacha20_poly1305_x86_64.pl. It encrypts -// |plaintext_len| bytes from |plaintext| and writes them to |out_ciphertext|. -// Additional input parameters are passed in |aead_data->in|. The calculated tag -// value is over the computed ciphertext concatenated with |extra_ciphertext| -// and written to |aead_data->out.tag|. -extern void chacha20_poly1305_seal(uint8_t *out_ciphertext, - const uint8_t *plaintext, - size_t plaintext_len, const uint8_t *ad, - size_t ad_len, union seal_data *aead_data); -#else -static int asm_capable(void) { return 0; } - - -static void chacha20_poly1305_open(uint8_t *out_plaintext, - const uint8_t *ciphertext, - size_t plaintext_len, const uint8_t *ad, - size_t ad_len, union open_data *aead_data) {} - -static void chacha20_poly1305_seal(uint8_t *out_ciphertext, - const uint8_t *plaintext, - size_t plaintext_len, const uint8_t *ad, - size_t ad_len, union seal_data *aead_data) {} -#endif - static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t tag_len) { struct aead_chacha20_poly1305_ctx *c20_ctx = @@ -238,8 +163,8 @@ static int chacha20_poly1305_seal_scatter( } } - union seal_data data; - if (asm_capable()) { + union chacha20_poly1305_seal_data data; + if (chacha20_poly1305_asm_capable()) { OPENSSL_memcpy(data.in.key, key, 32); data.in.counter = 0; OPENSSL_memcpy(data.in.nonce, nonce, 12); @@ -321,8 +246,8 @@ static int chacha20_poly1305_open_gather( return 0; } - union open_data data; - if (asm_capable()) { + union chacha20_poly1305_open_data data; + if (chacha20_poly1305_asm_capable()) { OPENSSL_memcpy(data.in.key, key, 32); data.in.counter = 0; OPENSSL_memcpy(data.in.nonce, nonce, 12); diff --git a/crypto/cipher_extra/internal.h b/crypto/cipher_extra/internal.h index 1d2c4e1f4b..c2af48e226 100644 --- a/crypto/cipher_extra/internal.h +++ b/crypto/cipher_extra/internal.h @@ -57,7 +57,11 @@ #ifndef OPENSSL_HEADER_CIPHER_EXTRA_INTERNAL_H #define OPENSSL_HEADER_CIPHER_EXTRA_INTERNAL_H +#include + #include +#include +#include #include "../internal.h" @@ -120,6 +124,89 @@ int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out, const uint8_t *mac_secret, unsigned mac_secret_length); +#define POLY1305_TAG_LEN 16 + +// For convenience (the x86_64 calling convention allows only six parameters in +// registers), the final parameter for the assembly functions is both an input +// and output parameter. +union chacha20_poly1305_open_data { + struct { + alignas(16) uint8_t key[32]; + uint32_t counter; + uint8_t nonce[12]; + } in; + struct { + uint8_t tag[POLY1305_TAG_LEN]; + } out; +}; + +union chacha20_poly1305_seal_data { + struct { + alignas(16) uint8_t key[32]; + uint32_t counter; + uint8_t nonce[12]; + const uint8_t *extra_ciphertext; + size_t extra_ciphertext_len; + } in; + struct { + uint8_t tag[POLY1305_TAG_LEN]; + } out; +}; + +#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) + +OPENSSL_STATIC_ASSERT(sizeof(union chacha20_poly1305_open_data) == 48, + "wrong chacha20_poly1305_open_data size"); +OPENSSL_STATIC_ASSERT(sizeof(union chacha20_poly1305_seal_data) == 48 + 8 + 8, + "wrong chacha20_poly1305_seal_data size"); + +OPENSSL_INLINE int chacha20_poly1305_asm_capable(void) { + const int sse41_capable = (OPENSSL_ia32cap_P[1] & (1 << 19)) != 0; + return sse41_capable; +} + +// chacha20_poly1305_open is defined in chacha20_poly1305_x86_64.pl. It decrypts +// |plaintext_len| bytes from |ciphertext| and writes them to |out_plaintext|. +// Additional input parameters are passed in |aead_data->in|. On exit, it will +// write calculated tag value to |aead_data->out.tag|, which the caller must +// check. +extern void chacha20_poly1305_open(uint8_t *out_plaintext, + const uint8_t *ciphertext, + size_t plaintext_len, const uint8_t *ad, + size_t ad_len, + union chacha20_poly1305_open_data *data); + +// chacha20_poly1305_open is defined in chacha20_poly1305_x86_64.pl. It encrypts +// |plaintext_len| bytes from |plaintext| and writes them to |out_ciphertext|. +// Additional input parameters are passed in |aead_data->in|. The calculated tag +// value is over the computed ciphertext concatenated with |extra_ciphertext| +// and written to |aead_data->out.tag|. +extern void chacha20_poly1305_seal(uint8_t *out_ciphertext, + const uint8_t *plaintext, + size_t plaintext_len, const uint8_t *ad, + size_t ad_len, + union chacha20_poly1305_seal_data *data); +#else + +OPENSSL_INLINE int chacha20_poly1305_asm_capable(void) { return 0; } + +OPENSSL_INLINE void chacha20_poly1305_open(uint8_t *out_plaintext, + const uint8_t *ciphertext, + size_t plaintext_len, const uint8_t *ad, + size_t ad_len, + union chacha20_poly1305_open_data *data) { + abort(); +} + +OPENSSL_INLINE void chacha20_poly1305_seal(uint8_t *out_ciphertext, + const uint8_t *plaintext, + size_t plaintext_len, const uint8_t *ad, + size_t ad_len, + union chacha20_poly1305_seal_data *data) { + abort(); +} +#endif + #if defined(__cplusplus) } // extern C From 47dfb4814f51c6894544f0b26a6872eafad29318 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 17 Dec 2020 18:42:44 -0800 Subject: [PATCH 372/399] Ed25519 Tests: Refactor tests to prepare for more complete testing of invalid signatures. --- tests/ed25519_tests.rs | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/tests/ed25519_tests.rs b/tests/ed25519_tests.rs index 059ecdb044..f38c52bbbd 100644 --- a/tests/ed25519_tests.rs +++ b/tests/ed25519_tests.rs @@ -13,6 +13,7 @@ // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. use ring::{ + error, signature::{self, Ed25519KeyPair, KeyPair}, test, test_file, }; @@ -49,26 +50,29 @@ fn test_signature_ed25519() { assert_eq!(&expected_sig[..], actual_sig.as_ref()); // Test Signature verification. - - assert!( - signature::UnparsedPublicKey::new(&signature::ED25519, &public_key) - .verify(&msg, &expected_sig) - .is_ok() - ); + test_signature_verification(&public_key, &msg, &expected_sig, Ok(())); let mut tampered_sig = expected_sig; tampered_sig[0] ^= 1; - assert!( - signature::UnparsedPublicKey::new(&signature::ED25519, &public_key) - .verify(&msg, &tampered_sig) - .is_err() - ); + test_signature_verification(&public_key, &msg, &tampered_sig, Err(error::Unspecified)); Ok(()) }); } +fn test_signature_verification( + public_key: &[u8], + msg: &[u8], + sig: &[u8], + expected_result: Result<(), error::Unspecified>, +) { + assert_eq!( + expected_result, + signature::UnparsedPublicKey::new(&signature::ED25519, public_key).verify(msg, sig) + ); +} + #[test] fn test_ed25519_from_seed_and_public_key_misuse() { const PRIVATE_KEY: &[u8] = include_bytes!("ed25519_test_private_key.bin"); From 6e3c8a331ea04e773359c4462f91df7e7637265d Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 17 Dec 2020 18:49:07 -0800 Subject: [PATCH 373/399] Ed25519 Tests: Import Ed25519 malleability test case from BoringSSL. --- tests/ed25519_tests.rs | 22 ++++++++++++++++++++++ tests/ed25519_verify_tests.txt | 6 ++++++ 2 files changed, 28 insertions(+) create mode 100644 tests/ed25519_verify_tests.txt diff --git a/tests/ed25519_tests.rs b/tests/ed25519_tests.rs index f38c52bbbd..d800112c90 100644 --- a/tests/ed25519_tests.rs +++ b/tests/ed25519_tests.rs @@ -61,6 +61,28 @@ fn test_signature_ed25519() { }); } +/// Test vectors from BoringSSL. +#[test] +fn test_signature_ed25519_verify() { + test::run( + test_file!("ed25519_verify_tests.txt"), + |section, test_case| { + assert_eq!(section, ""); + + let public_key = test_case.consume_bytes("PUB"); + let msg = test_case.consume_bytes("MESSAGE"); + let sig = test_case.consume_bytes("SIG"); + let expected_result = match test_case.consume_string("Result").as_str() { + "P" => Ok(()), + "F" => Err(error::Unspecified), + s => panic!("{:?} is not a valid result", s), + }; + test_signature_verification(&public_key, &msg, &sig, expected_result); + Ok(()) + }, + ); +} + fn test_signature_verification( public_key: &[u8], msg: &[u8], diff --git a/tests/ed25519_verify_tests.txt b/tests/ed25519_verify_tests.txt new file mode 100644 index 0000000000..ce893e42a1 --- /dev/null +++ b/tests/ed25519_verify_tests.txt @@ -0,0 +1,6 @@ +# BoringSSL TEST(Ed25519Test Malleability) commit 472ba2c2dd52d06a657a63b7fbf02732a6649d21 + +MESSAGE = 54657374 +SIG = 7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab067654bce3832c2d76f8f6f5dafc08d9339d4eef676573336a5c51eb6f946b31d +PUB = 7d4d0e7f6153a69b6242b522abbee685fda4420f8834b108c3bdae369ef549fa +Result = F From a25271beb0fb5ff168280c35bf51240a53c1e2c8 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 17 Dec 2020 19:18:53 -0800 Subject: [PATCH 374/399] Ed25519 malleability test: Add control case. --- tests/ed25519_verify_tests.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/ed25519_verify_tests.txt b/tests/ed25519_verify_tests.txt index ce893e42a1..6508fc6bf9 100644 --- a/tests/ed25519_verify_tests.txt +++ b/tests/ed25519_verify_tests.txt @@ -1,5 +1,12 @@ # BoringSSL TEST(Ed25519Test Malleability) commit 472ba2c2dd52d06a657a63b7fbf02732a6649d21 +# Control; S is in range. +MESSAGE = 54657374 +SIG = 7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab07a9155711ecfaf7f99f277bad0c6ae7e39d4eef676573336a5c51eb6f946b30d +PUB = 7d4d0e7f6153a69b6242b522abbee685fda4420f8834b108c3bdae369ef549fa +Result = P + +# Same as above, but with the order L added to S so it is out of range. MESSAGE = 54657374 SIG = 7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab067654bce3832c2d76f8f6f5dafc08d9339d4eef676573336a5c51eb6f946b31d PUB = 7d4d0e7f6153a69b6242b522abbee685fda4420f8834b108c3bdae369ef549fa From 01a2e429ae1bc8c5257c858452f09e508c82e71b Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 17 Dec 2020 19:26:49 -0800 Subject: [PATCH 375/399] Merge BoringSSL 3094902: Get closer to Ed25519 boundary conditions. --- tests/ed25519_verify_tests.txt | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/tests/ed25519_verify_tests.txt b/tests/ed25519_verify_tests.txt index 6508fc6bf9..8dffea97ce 100644 --- a/tests/ed25519_verify_tests.txt +++ b/tests/ed25519_verify_tests.txt @@ -1,4 +1,4 @@ -# BoringSSL TEST(Ed25519Test Malleability) commit 472ba2c2dd52d06a657a63b7fbf02732a6649d21 +# BoringSSL TEST(Ed25519Test Malleability) # Control; S is in range. MESSAGE = 54657374 @@ -7,7 +7,22 @@ PUB = 7d4d0e7f6153a69b6242b522abbee685fda4420f8834b108c3bdae369ef549fa Result = P # Same as above, but with the order L added to S so it is out of range. +# BoringSSL commit 472ba2c2dd52d06a657a63b7fbf02732a6649d21 MESSAGE = 54657374 SIG = 7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab067654bce3832c2d76f8f6f5dafc08d9339d4eef676573336a5c51eb6f946b31d PUB = 7d4d0e7f6153a69b6242b522abbee685fda4420f8834b108c3bdae369ef549fa Result = F + +# BoringSSL commit 3094902fcdc2db2cc832fa854b9a6a8be383926c: Get closer to Ed25519 boundary conditions. + +# Control +MESSAGE = 124e583f8b8eca58bb29c271b41d36986bbc45541f8e51f9cb0133eca447601e +SIG = dac119d6ca87fc59ae611c157048f4d4fc932a149dbe20ec6effd1436abf83ea05c7df0fef06147241259113909bc71bd3c53ba4464ffcad3c0968f2ffffff0f +PUB = 100fdf47fb94f1536a4f7c3fda27383fa03375a8f527c537e6f1703c47f94f86 +Result = P + +# Same key as above, but S is out of range. +PUB = 100fdf47fb94f1536a4f7c3fda27383fa03375a8f527c537e6f1703c47f94f86 +MESSAGE = 6a0bc2b0057cedfc0fa2e3f7f7d39279b30f454a69dfd1117c758d86b19d85e0 +SIG = 0971f86d2c9c78582524a103cb9cf949522ae528f8054dc20107d999be673ff4e25ebf2f2928766b1248bec6e91697775f8446639ede46ad4df4053000000010 +Result = F From 27200d459659918d7ca698043c1ab5cd3020b2af Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 17 Dec 2020 19:49:55 -0800 Subject: [PATCH 376/399] Ed25519 malleability tests: Add control test case. --- tests/ed25519_verify_tests.txt | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/ed25519_verify_tests.txt b/tests/ed25519_verify_tests.txt index 8dffea97ce..74c94b36b6 100644 --- a/tests/ed25519_verify_tests.txt +++ b/tests/ed25519_verify_tests.txt @@ -13,15 +13,21 @@ SIG = 7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab067654bce38 PUB = 7d4d0e7f6153a69b6242b522abbee685fda4420f8834b108c3bdae369ef549fa Result = F -# BoringSSL commit 3094902fcdc2db2cc832fa854b9a6a8be383926c: Get closer to Ed25519 boundary conditions. -# Control +# BoringSSL commit 3094902fcdc2db2cc832fa854b9a6a8be383926c MESSAGE = 124e583f8b8eca58bb29c271b41d36986bbc45541f8e51f9cb0133eca447601e SIG = dac119d6ca87fc59ae611c157048f4d4fc932a149dbe20ec6effd1436abf83ea05c7df0fef06147241259113909bc71bd3c53ba4464ffcad3c0968f2ffffff0f PUB = 100fdf47fb94f1536a4f7c3fda27383fa03375a8f527c537e6f1703c47f94f86 Result = P +# Control. Same key as above; same message and signature as below, except S is in range. +PUB = 100fdf47fb94f1536a4f7c3fda27383fa03375a8f527c537e6f1703c47f94f86 +MESSAGE = 6a0bc2b0057cedfc0fa2e3f7f7d39279b30f454a69dfd1117c758d86b19d85e0 +SIG = 0971f86d2c9c78582524a103cb9cf949522ae528f8054dc20107d999be673ff4f58ac9d20ec563133cabc6230b1db8625f8446639ede46ad4df4053000000000 +Result = P + # Same key as above, but S is out of range. +# BoringSSL commit 472ba2c2dd52d06a657a63b7fbf02732a6649d21 PUB = 100fdf47fb94f1536a4f7c3fda27383fa03375a8f527c537e6f1703c47f94f86 MESSAGE = 6a0bc2b0057cedfc0fa2e3f7f7d39279b30f454a69dfd1117c758d86b19d85e0 SIG = 0971f86d2c9c78582524a103cb9cf949522ae528f8054dc20107d999be673ff4e25ebf2f2928766b1248bec6e91697775f8446639ede46ad4df4053000000010 From 52428a574526e37409adcd980e921f1b300466a7 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 22 Dec 2020 13:21:31 -0800 Subject: [PATCH 377/399] Remove trailing whitespace in chacha20_poly1305_x86_64.pl. --- crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl b/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl index 3826cb7768..f1d0c26797 100644 --- a/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl +++ b/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl @@ -877,7 +877,7 @@ sub emit_body { push %r14 .cfi_push %r14 push %r15 -.cfi_push %r15 +.cfi_push %r15 # We write the calculated authenticator back to keyp at the end, so save # the pointer on the stack too. push $keyp @@ -1707,7 +1707,7 @@ sub gen_chacha_round_avx2 { # Hash and decrypt 512 bytes each iteration cmp \$16*32, $inl jb .Lopen_avx2_main_loop_done\n"; - &prep_state_avx2(4); $code.=" + &prep_state_avx2(4); $code.=" xor $itr1, $itr1 .Lopen_avx2_main_loop_rounds: \n"; &poly_add("0*8($inp,$itr1)"); From 2a849b32afa6a720d0aa3b8dc42c0ab3f77ac478 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 6 Jan 2021 23:22:55 -0800 Subject: [PATCH 378/399] test: Rewrite `from_hex_digit()` to avoid `clippy::manual_range_contains`. --- src/test.rs | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/test.rs b/src/test.rs index 69d0e8fc82..304968840c 100644 --- a/src/test.rs +++ b/src/test.rs @@ -380,15 +380,16 @@ pub fn from_hex(hex_str: &str) -> Result, String> { #[cfg(feature = "alloc")] fn from_hex_digit(d: u8) -> Result { - if d >= b'0' && d <= b'9' { - Ok(d - b'0') - } else if d >= b'a' && d <= b'f' { - Ok(d - b'a' + 10u8) - } else if d >= b'A' && d <= b'F' { - Ok(d - b'A' + 10u8) - } else { - Err(format!("Invalid hex digit '{}'", d as char)) + use core::ops::RangeInclusive; + const DECIMAL: (u8, RangeInclusive) = (0, b'0'..=b'9'); + const HEX_LOWER: (u8, RangeInclusive) = (10, b'a'..=b'f'); + const HEX_UPPER: (u8, RangeInclusive) = (10, b'A'..=b'F'); + for (offset, range) in &[DECIMAL, HEX_LOWER, HEX_UPPER] { + if range.contains(&d) { + return Ok(d - range.start() + offset); + } } + Err(format!("Invalid hex digit '{}'", d as char)) } #[cfg(feature = "alloc")] From f8dab2c9095b224475ac723e147f59b5bb9db084 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 7 Jan 2021 00:34:50 -0800 Subject: [PATCH 379/399] Tests: Take Clippy's advice for `clippy::unusual_byte_grouping`. --- src/limb.rs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/limb.rs b/src/limb.rs index 64fb536c8c..eb5aed5fa4 100644 --- a/src/limb.rs +++ b/src/limb.rs @@ -539,10 +539,10 @@ mod tests { #[cfg(target_pointer_width = "64")] let limbs = [ - 0x89900aab_bccddeef, - 0x01122334_45566778, - 0x99aabbcc_ddeeff00, - 0x11223344_55667788, + 0x8990_0aab_bccd_deef, + 0x0112_2334_4556_6778, + 0x99aa_bbcc_ddee_ff00, + 0x1122_3344_5566_7788, ]; let expected = [ @@ -568,9 +568,9 @@ mod tests { // One fewer limb. #[cfg(target_pointer_width = "64")] let limbs = [ - 0x89900aab_bccddeef, - 0x01122334_45566778, - 0x99aabbcc_ddeeff00, + 0x8990_0aab_bccd_deef, + 0x0112_2334_4556_6778, + 0x99aa_bbcc_ddee_ff00, ]; let mut out = [0xabu8; 32]; From 628acbeff5b071b7b41b2b76bc2e7da168e0d979 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 6 Jan 2021 23:35:24 -0800 Subject: [PATCH 380/399] Document all features in docs.rs. --- Cargo.toml | 3 +++ src/lib.rs | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index e847097769..6f2bc44781 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -293,6 +293,9 @@ include = [ "third_party/NIST/SHAVS/SHA512ShortMsg.rsp", ] +[package.metadata.docs.rs] +all-features = true + [lib] name = "ring" diff --git a/src/lib.rs b/src/lib.rs index f099fff03d..cc66d73c3f 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -32,7 +32,7 @@ //! rand::SystemRandom for more details. //! std //! Enable features that use libstd, in particular -//! std::error::Error integration. +//! std::error::Error integration. Implies `alloc`. //! wasm32_c //! Enables features that require a C compiler on wasm32 targets, such as //! the constant_time module, HMAC verification, and PBKDF2 From f3a2c36c571e619c3355ceeeacec4c2261b18b61 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 25 Jan 2021 14:23:05 -0800 Subject: [PATCH 381/399] Endian: Allow `ArrayEncoding` to be implemented for larger arrays. The original version avoided `unsafe` but doesn't work for older versions of Rust that we're still trying to support. Switch to the `unsafe` implementation that works everywhere. --- src/endian.rs | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/endian.rs b/src/endian.rs index 962397c561..94979e1b23 100644 --- a/src/endian.rs +++ b/src/endian.rs @@ -1,4 +1,4 @@ -use core::{convert::TryInto, num::Wrapping}; +use core::num::Wrapping; /// An `Encoding` of a type `T` can be converted to/from its byte /// representation without any byte swapping or other computation. @@ -73,7 +73,12 @@ macro_rules! impl_array_encoding { for [$endian<$base>; $elems] { fn as_byte_array(&self) -> &[u8; $elems * core::mem::size_of::<$base>()] { - as_byte_slice(self).try_into().unwrap() + // TODO: When we can require Rust 1.47.0 or later we could avoid + // `as` and `unsafe` here using + // `as_byte_slice(self).try_into().unwrap()`. + let as_bytes_ptr = + self.as_ptr() as *const [u8; $elems * core::mem::size_of::<$base>()]; + unsafe { &*as_bytes_ptr } } } @@ -126,7 +131,7 @@ macro_rules! impl_endian { impl_array_encoding!($endian, $base, 2); impl_array_encoding!($endian, $base, 3); impl_array_encoding!($endian, $base, 4); - impl_from_byte_array!($endian, $base, 8); + impl_array_encoding!($endian, $base, 8); }; } From 34424d829d1ffa3f3f05a8f8cdf8c4ecba42cee0 Mon Sep 17 00:00:00 2001 From: Vlad Krasnov Date: Tue, 22 Dec 2020 21:49:33 -0500 Subject: [PATCH 382/399] Enable the integrated assembly x86-64 ChaCha20-Poly1305 implementation from BoringSSL --- Cargo.toml | 1 + build.rs | 1 + .../asm/chacha20_poly1305_x86_64.pl | 39 +++--- src/aead/chacha.rs | 6 + src/aead/chacha20_poly1305.rs | 132 +++++++++++++++++- src/cpu.rs | 6 + 6 files changed, 165 insertions(+), 20 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index e847097769..373d770a30 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -91,6 +91,7 @@ include = [ "crypto/poly1305/poly1305_arm.c", "crypto/poly1305/poly1305_arm_asm.S", "crypto/poly1305/poly1305_vec.c", + "crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl", "doc/link-to-readme.md", "examples/checkdigest.rs", "include/GFp/aes.h", diff --git a/build.rs b/build.rs index f2db9a8415..a5a8e1995d 100644 --- a/build.rs +++ b/build.rs @@ -69,6 +69,7 @@ const RING_SRCS: &[(&[&str], &str)] = &[ (&[X86_64], "crypto/fipsmodule/modes/asm/ghash-x86_64.pl"), (&[X86_64], "crypto/poly1305/poly1305_vec.c"), (&[X86_64], SHA512_X86_64), + (&[X86_64], "crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl"), (&[AARCH64, ARM], "crypto/fipsmodule/aes/asm/aesv8-armx.pl"), (&[AARCH64, ARM], "crypto/fipsmodule/modes/asm/ghashv8-armx.pl"), diff --git a/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl b/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl index f1d0c26797..27a90d0d57 100644 --- a/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl +++ b/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl @@ -38,9 +38,7 @@ $code.=<<___; .text -.extern OPENSSL_ia32cap_P - -chacha20_poly1305_constants: +.extern GFp_ia32cap_P .align 64 .Lchacha20_consts: @@ -436,16 +434,16 @@ sub emit_body { { ################################################################################ -# extern void chacha20_poly1305_open(uint8_t *out_plaintext, -# const uint8_t *ciphertext, -# size_t plaintext_len, const uint8_t *ad, -# size_t ad_len, union open_data *aead_data) +# extern void GFp_chacha20_poly1305_open(uint8_t *out_plaintext, +# const uint8_t *ciphertext, +# size_t plaintext_len, const uint8_t *ad, +# size_t ad_len, union open_data *data) # $code.=" -.globl chacha20_poly1305_open -.type chacha20_poly1305_open,\@function,6 +.globl GFp_chacha20_poly1305_open +.type GFp_chacha20_poly1305_open,\@function,6 .align 64 -chacha20_poly1305_open: +GFp_chacha20_poly1305_open: .cfi_startproc push %rbp .cfi_push %rbp @@ -484,7 +482,7 @@ sub emit_body { mov $adl, 0+$len_store mov $inl, 8+$len_store\n"; $code.=" - mov OPENSSL_ia32cap_P+8(%rip), %eax + mov GFp_ia32cap_P+8(%rip), %eax and \$`(1<<5) + (1<<8)`, %eax # Check both BMI2 and AVX2 are present xor \$`(1<<5) + (1<<8)`, %eax jz chacha20_poly1305_open_avx2\n" if ($avx>1); @@ -855,16 +853,19 @@ sub emit_body { movdqa $C2, $B2 movdqa $D2, $C2 jmp .Lopen_sse_128_xor_hash -.size chacha20_poly1305_open, .-chacha20_poly1305_open +.size GFp_chacha20_poly1305_open, .-GFp_chacha20_poly1305_open .cfi_endproc ################################################################################ -################################################################################ -# void chacha20_poly1305_seal(uint8_t *in_out, size_t len_in, uint8_t *ad, size_t len_ad, uint8_t keyp[48]); -.globl chacha20_poly1305_seal -.type chacha20_poly1305_seal,\@function,6 +# extern void GFp_chacha20_poly1305_seal(uint8_t *out_ciphertext, +# const uint8_t *plaintext, +# size_t plaintext_len, const uint8_t *ad, +# size_t ad_len, union seal_data *data) +# +.globl GFp_chacha20_poly1305_seal +.type GFp_chacha20_poly1305_seal,\@function,6 .align 64 -chacha20_poly1305_seal: +GFp_chacha20_poly1305_seal: .cfi_startproc push %rbp .cfi_push %rbp @@ -904,7 +905,7 @@ sub emit_body { mov $inl, 8+$len_store mov %rdx, $inl\n"; $code.=" - mov OPENSSL_ia32cap_P+8(%rip), %eax + mov GFp_ia32cap_P+8(%rip), %eax and \$`(1<<5) + (1<<8)`, %eax # Check both BMI2 and AVX2 are present xor \$`(1<<5) + (1<<8)`, %eax jz chacha20_poly1305_seal_avx2\n" if ($avx>1); @@ -1364,7 +1365,7 @@ sub emit_body { mov %r8, $itr2 call poly_hash_ad_internal jmp .Lseal_sse_128_tail_xor -.size chacha20_poly1305_seal, .-chacha20_poly1305_seal +.size GFp_chacha20_poly1305_seal, .-GFp_chacha20_poly1305_seal .cfi_endproc\n"; } diff --git a/src/aead/chacha.rs b/src/aead/chacha.rs index 5e015083b1..81c68b2d6c 100644 --- a/src/aead/chacha.rs +++ b/src/aead/chacha.rs @@ -26,6 +26,12 @@ impl From<[u8; KEY_LEN]> for Key { } } +impl AsRef<[LittleEndian; KEY_LEN / 4]> for Key { + fn as_ref(&self) -> &[LittleEndian; KEY_LEN / 4] { + &self.0 + } +} + impl Key { #[inline] // Optimize away match on `counter`. pub fn encrypt_in_place(&self, counter: Counter, in_out: &mut [u8]) { diff --git a/src/aead/chacha20_poly1305.rs b/src/aead/chacha20_poly1305.rs index 1890648449..3dd48a7f69 100644 --- a/src/aead/chacha20_poly1305.rs +++ b/src/aead/chacha20_poly1305.rs @@ -15,7 +15,7 @@ use super::{ chacha::{self, Counter}, iv::Iv, - poly1305, Aad, Block, Direction, Nonce, Tag, BLOCK_LEN, + poly1305, Aad, Block, Direction, Nonce, Tag, BLOCK_LEN, TAG_LEN, }; use crate::{aead, cpu, endian::*, error, polyfill}; use core::convert::TryInto; @@ -50,6 +50,66 @@ fn chacha20_poly1305_seal( in_out: &mut [u8], cpu_features: cpu::Features, ) -> Tag { + #[cfg(target_arch = "x86_64")] + { + if has_sse41(cpu_features) { + #[repr(C)] + #[repr(align(16))] + #[derive(Clone, Copy)] + // On input `key_block` contains the ChaCha20 initial state (key||ctr||nonce). + // `extra_ciphertext` is an optional pointer to extra ciphertext which is concatenated with + // `ciphertext` for the purpose of calculating the tag. + // `extra_ciphertext_len` is the length of `extra_ciphertext` in bytes. + // If `extra_ciphertext_len` is 0, `extra_ciphertext` may be NULL. + struct seal_data_in { + key_block: [u32; 12], + extra_ciphertext: *const u8, + extra_ciphertext_len: usize, + } + + #[repr(C)] + // On input data_in contains valid data. + // On output tag contains the calculated Poly1305 tag, which the caller must check. + union seal_data { + data_in: seal_data_in, + tag: [u8; TAG_LEN], + } + + let mut data = seal_data { + data_in: seal_data_in { + key_block: combine_key_and_nonce(key, nonce), + extra_ciphertext: core::ptr::null(), + extra_ciphertext_len: 0, + }, + }; + + // Encrypts `plaintext_len` bytes from `plaintext` and writes them to `out_ciphertext`. + extern "C" { + fn GFp_chacha20_poly1305_seal<'ctx>( + out_ciphertext: *mut u8, + plaintext: *const u8, + plaintext_len: usize, + ad: *const u8, + ad_len: usize, + data: &'ctx mut seal_data, + ); + } + + unsafe { + GFp_chacha20_poly1305_seal( + in_out.as_mut_ptr(), + in_out.as_ptr(), + in_out.len(), + aad.as_ref().as_ptr(), + aad.as_ref().len(), + &mut data, + ) + }; + + return Tag(unsafe { data.tag }); + } + } + aead(key, nonce, aad, in_out, Direction::Sealing, cpu_features) } @@ -61,6 +121,49 @@ fn chacha20_poly1305_open( in_out: &mut [u8], cpu_features: cpu::Features, ) -> Tag { + #[cfg(target_arch = "x86_64")] + { + if has_sse41(cpu_features) { + #[repr(C)] + #[repr(align(16))] + // On input key_block contains the ChaCha20 initial state (key||ctr||nonce). + // On output tag contains the calculated Poly1305 tag, which the caller must check. + union open_data { + key_block: [u32; 12], + tag: [u8; TAG_LEN], + } + + let mut data = open_data { + key_block: combine_key_and_nonce(key, nonce), + }; + + // Decrypts `plaintext_len` bytes from `ciphertext` and writes them to `out_plaintext`. + extern "C" { + fn GFp_chacha20_poly1305_open<'ctx>( + out_plaintext: *mut u8, + ciphertext: *const u8, + plaintext_len: usize, + ad: *const u8, + ad_len: usize, + data: &'ctx mut open_data, + ); + } + + unsafe { + GFp_chacha20_poly1305_open( + in_out.as_mut_ptr(), + in_out.as_ptr().add(in_prefix_len), + in_out.len() - in_prefix_len, + aad.as_ref().as_ptr(), + aad.as_ref().len(), + &mut data, + ) + }; + + return Tag(unsafe { data.tag }); + } + } + aead( key, nonce, @@ -73,6 +176,28 @@ fn chacha20_poly1305_open( pub type Key = chacha::Key; +#[cfg(target_arch = "x86_64")] +#[inline(always)] +fn combine_key_and_nonce(key: &aead::KeyInner, nonce: Nonce) -> [u32; 12] { + let chacha20_key = match key { + aead::KeyInner::ChaCha20Poly1305(key) => key, + _ => unreachable!(), + }; + + // Internally the asm version expects the key and nonce values as a consecutive array + let mut key_block = [0u32; 12]; + + for (i, k) in chacha20_key.as_ref().iter().enumerate() { + key_block[i] = (*k).into(); + } + let nonce = nonce.as_ref(); + key_block[9] = u32::from_le_bytes([nonce[0], nonce[1], nonce[2], nonce[3]]); + key_block[10] = u32::from_le_bytes([nonce[4], nonce[5], nonce[6], nonce[7]]); + key_block[11] = u32::from_le_bytes([nonce[8], nonce[9], nonce[10], nonce[11]]); + + key_block +} + #[inline(always)] // Statically eliminate branches on `direction`. fn aead( key: &aead::KeyInner, @@ -143,6 +268,11 @@ pub(super) fn derive_poly1305_key( poly1305::Key::new(key_bytes, cpu_features) } +#[cfg(target_arch = "x86_64")] +fn has_sse41(cpu_features: cpu::Features) -> bool { + cpu::intel::SSE41.available(cpu_features) +} + #[cfg(test)] mod tests { #[test] diff --git a/src/cpu.rs b/src/cpu.rs index 691b78be1a..e0895ae809 100644 --- a/src/cpu.rs +++ b/src/cpu.rs @@ -342,6 +342,12 @@ pub(crate) mod intel { mask: 1 << 9, }; + #[cfg(target_arch = "x86_64")] + pub(crate) const SSE41: Feature = Feature { + word: 1, + mask: 1 << 19, + }; + #[cfg(target_arch = "x86_64")] pub(crate) const MOVBE: Feature = Feature { word: 1, From da1a5ec4739e3dcee975e3ac35b89f374e33c1fc Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 25 Jan 2021 11:45:22 -0800 Subject: [PATCH 383/399] Limit visibility of function that exposes a ChaCha20 key's value. In the future we may exposes the `chacha` module publicly and then it would be wrong for the `Key` type to implement `as_ref()` as that would then expose the key material outside the module. --- src/aead/chacha.rs | 12 ++++++------ src/aead/chacha20_poly1305.rs | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/aead/chacha.rs b/src/aead/chacha.rs index 81c68b2d6c..668c41d854 100644 --- a/src/aead/chacha.rs +++ b/src/aead/chacha.rs @@ -26,12 +26,6 @@ impl From<[u8; KEY_LEN]> for Key { } } -impl AsRef<[LittleEndian; KEY_LEN / 4]> for Key { - fn as_ref(&self) -> &[LittleEndian; KEY_LEN / 4] { - &self.0 - } -} - impl Key { #[inline] // Optimize away match on `counter`. pub fn encrypt_in_place(&self, counter: Counter, in_out: &mut [u8]) { @@ -127,6 +121,12 @@ impl Key { GFp_ChaCha20_ctr32(output, input, in_out_len, self, &iv); } + + #[cfg(target_arch = "x86_64")] + #[inline] + pub(super) fn words_less_safe(&self) -> &[LittleEndian; KEY_LEN / 4] { + &self.0 + } } pub type Counter = counter::Counter>; diff --git a/src/aead/chacha20_poly1305.rs b/src/aead/chacha20_poly1305.rs index 3dd48a7f69..e6471a37ab 100644 --- a/src/aead/chacha20_poly1305.rs +++ b/src/aead/chacha20_poly1305.rs @@ -187,7 +187,7 @@ fn combine_key_and_nonce(key: &aead::KeyInner, nonce: Nonce) -> [u32; 12] { // Internally the asm version expects the key and nonce values as a consecutive array let mut key_block = [0u32; 12]; - for (i, k) in chacha20_key.as_ref().iter().enumerate() { + for (i, k) in chacha20_key.words_less_safe().iter().enumerate() { key_block[i] = (*k).into(); } let nonce = nonce.as_ref(); From cce0b6afdb7ec98d0695ae4853ea74a4c9889943 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 25 Jan 2021 14:23:05 -0800 Subject: [PATCH 384/399] Endian: Allow `ArrayEncoding` to be implemented for larger arrays. The original version avoided `unsafe` but doesn't work for older versions of Rust that we're still trying to support. Switch to the `unsafe` implementation that works everywhere. --- src/endian.rs | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/endian.rs b/src/endian.rs index 962397c561..94979e1b23 100644 --- a/src/endian.rs +++ b/src/endian.rs @@ -1,4 +1,4 @@ -use core::{convert::TryInto, num::Wrapping}; +use core::num::Wrapping; /// An `Encoding` of a type `T` can be converted to/from its byte /// representation without any byte swapping or other computation. @@ -73,7 +73,12 @@ macro_rules! impl_array_encoding { for [$endian<$base>; $elems] { fn as_byte_array(&self) -> &[u8; $elems * core::mem::size_of::<$base>()] { - as_byte_slice(self).try_into().unwrap() + // TODO: When we can require Rust 1.47.0 or later we could avoid + // `as` and `unsafe` here using + // `as_byte_slice(self).try_into().unwrap()`. + let as_bytes_ptr = + self.as_ptr() as *const [u8; $elems * core::mem::size_of::<$base>()]; + unsafe { &*as_bytes_ptr } } } @@ -126,7 +131,7 @@ macro_rules! impl_endian { impl_array_encoding!($endian, $base, 2); impl_array_encoding!($endian, $base, 3); impl_array_encoding!($endian, $base, 4); - impl_from_byte_array!($endian, $base, 8); + impl_array_encoding!($endian, $base, 8); }; } From 8d5b0f2059fa505ecaccd3846b5337c4c096736e Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 25 Jan 2021 14:30:20 -0800 Subject: [PATCH 385/399] ChaCha20-Poly1305: Rearrange the unwrapping of the key. Unwrap the ChaCha20 key earlier so we can use stronger types in the code that calls into the integrated assembly. Either way we do the unwrapping in two places, but this way we do it earlier. --- src/aead/chacha20_poly1305.rs | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/src/aead/chacha20_poly1305.rs b/src/aead/chacha20_poly1305.rs index e6471a37ab..1308697b63 100644 --- a/src/aead/chacha20_poly1305.rs +++ b/src/aead/chacha20_poly1305.rs @@ -50,6 +50,11 @@ fn chacha20_poly1305_seal( in_out: &mut [u8], cpu_features: cpu::Features, ) -> Tag { + let key = match key { + aead::KeyInner::ChaCha20Poly1305(key) => key, + _ => unreachable!(), + }; + #[cfg(target_arch = "x86_64")] { if has_sse41(cpu_features) { @@ -121,6 +126,11 @@ fn chacha20_poly1305_open( in_out: &mut [u8], cpu_features: cpu::Features, ) -> Tag { + let key = match key { + aead::KeyInner::ChaCha20Poly1305(key) => key, + _ => unreachable!(), + }; + #[cfg(target_arch = "x86_64")] { if has_sse41(cpu_features) { @@ -178,16 +188,11 @@ pub type Key = chacha::Key; #[cfg(target_arch = "x86_64")] #[inline(always)] -fn combine_key_and_nonce(key: &aead::KeyInner, nonce: Nonce) -> [u32; 12] { - let chacha20_key = match key { - aead::KeyInner::ChaCha20Poly1305(key) => key, - _ => unreachable!(), - }; - +fn combine_key_and_nonce(key: &Key, nonce: Nonce) -> [u32; 12] { // Internally the asm version expects the key and nonce values as a consecutive array let mut key_block = [0u32; 12]; - for (i, k) in chacha20_key.words_less_safe().iter().enumerate() { + for (i, k) in key.words_less_safe().iter().enumerate() { key_block[i] = (*k).into(); } let nonce = nonce.as_ref(); @@ -200,18 +205,13 @@ fn combine_key_and_nonce(key: &aead::KeyInner, nonce: Nonce) -> [u32; 12] { #[inline(always)] // Statically eliminate branches on `direction`. fn aead( - key: &aead::KeyInner, + chacha20_key: &Key, nonce: Nonce, Aad(aad): Aad<&[u8]>, in_out: &mut [u8], direction: Direction, cpu_features: cpu::Features, ) -> Tag { - let chacha20_key = match key { - aead::KeyInner::ChaCha20Poly1305(key) => key, - _ => unreachable!(), - }; - let mut counter = Counter::zero(nonce); let mut ctx = { let key = derive_poly1305_key(chacha20_key, counter.increment(), cpu_features); From 45b034905d9f8a4bb9893048c98a4453baf0dbbd Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 25 Jan 2021 12:04:26 -0800 Subject: [PATCH 386/399] ChaCha20-Poly1305: Define integrated assembly types more like BoringSSL. Define the input data structures for the integrated assembly almost exactly like BoringSSL does, except for the caveat mentioned in the comments. Similarly, define the output type as a structure containing a byte array, like BoringSSL, again with the caveats mentioned in the comments. Abstract the union types into a single parameterized type. --- src/aead/chacha20_poly1305.rs | 99 +++++++++++++++++++---------------- 1 file changed, 53 insertions(+), 46 deletions(-) diff --git a/src/aead/chacha20_poly1305.rs b/src/aead/chacha20_poly1305.rs index 1308697b63..4cdafcf9ff 100644 --- a/src/aead/chacha20_poly1305.rs +++ b/src/aead/chacha20_poly1305.rs @@ -15,7 +15,7 @@ use super::{ chacha::{self, Counter}, iv::Iv, - poly1305, Aad, Block, Direction, Nonce, Tag, BLOCK_LEN, TAG_LEN, + poly1305, Aad, Block, Direction, Nonce, Tag, BLOCK_LEN, }; use crate::{aead, cpu, endian::*, error, polyfill}; use core::convert::TryInto; @@ -58,31 +58,27 @@ fn chacha20_poly1305_seal( #[cfg(target_arch = "x86_64")] { if has_sse41(cpu_features) { - #[repr(C)] - #[repr(align(16))] + // XXX: BoringSSL uses `alignas(16)` on `key` instead of on the + // structure, but Rust can't do that yet; see + // https://github.com/rust-lang/rust/issues/73557. + // + // Keep in sync with the anonymous struct of BoringSSL's + // `chacha20_poly1305_seal_data`. + #[repr(align(16), C)] #[derive(Clone, Copy)] - // On input `key_block` contains the ChaCha20 initial state (key||ctr||nonce). - // `extra_ciphertext` is an optional pointer to extra ciphertext which is concatenated with - // `ciphertext` for the purpose of calculating the tag. - // `extra_ciphertext_len` is the length of `extra_ciphertext` in bytes. - // If `extra_ciphertext_len` is 0, `extra_ciphertext` may be NULL. struct seal_data_in { - key_block: [u32; 12], + key: [u8; chacha::KEY_LEN], + counter: u32, + nonce: [u8; super::NONCE_LEN], extra_ciphertext: *const u8, extra_ciphertext_len: usize, } - #[repr(C)] - // On input data_in contains valid data. - // On output tag contains the calculated Poly1305 tag, which the caller must check. - union seal_data { - data_in: seal_data_in, - tag: [u8; TAG_LEN], - } - - let mut data = seal_data { - data_in: seal_data_in { - key_block: combine_key_and_nonce(key, nonce), + let mut data = InOut { + input: seal_data_in { + key: *key.words_less_safe().as_byte_array(), + counter: 0, + nonce: *nonce.as_ref(), extra_ciphertext: core::ptr::null(), extra_ciphertext_len: 0, }, @@ -96,7 +92,7 @@ fn chacha20_poly1305_seal( plaintext_len: usize, ad: *const u8, ad_len: usize, - data: &'ctx mut seal_data, + data: &'ctx mut InOut, ); } @@ -111,7 +107,7 @@ fn chacha20_poly1305_seal( ) }; - return Tag(unsafe { data.tag }); + return Tag(unsafe { data.out.tag }); } } @@ -134,17 +130,26 @@ fn chacha20_poly1305_open( #[cfg(target_arch = "x86_64")] { if has_sse41(cpu_features) { - #[repr(C)] - #[repr(align(16))] - // On input key_block contains the ChaCha20 initial state (key||ctr||nonce). - // On output tag contains the calculated Poly1305 tag, which the caller must check. - union open_data { - key_block: [u32; 12], - tag: [u8; TAG_LEN], + // XXX: BoringSSL uses `alignas(16)` on `key` instead of on the + // structure, but Rust can't do that yet; see + // https://github.com/rust-lang/rust/issues/73557. + // + // Keep in sync with the anonymous struct of BoringSSL's + // `chacha20_poly1305_open_data`. + #[derive(Copy, Clone)] + #[repr(align(16), C)] + struct open_data_in { + key: [u8; chacha::KEY_LEN], + counter: u32, + nonce: [u8; super::NONCE_LEN], } - let mut data = open_data { - key_block: combine_key_and_nonce(key, nonce), + let mut data = InOut { + input: open_data_in { + key: *key.words_less_safe().as_byte_array(), + counter: 0, + nonce: *nonce.as_ref(), + }, }; // Decrypts `plaintext_len` bytes from `ciphertext` and writes them to `out_plaintext`. @@ -155,7 +160,7 @@ fn chacha20_poly1305_open( plaintext_len: usize, ad: *const u8, ad_len: usize, - data: &'ctx mut open_data, + data: &'ctx mut InOut, ); } @@ -170,7 +175,7 @@ fn chacha20_poly1305_open( ) }; - return Tag(unsafe { data.tag }); + return Tag(unsafe { data.out.tag }); } } @@ -186,21 +191,23 @@ fn chacha20_poly1305_open( pub type Key = chacha::Key; +// Keep in sync with BoringSSL's `chacha20_poly1305_open_data` and +// `chacha20_poly1305_seal_data`. +#[repr(C)] #[cfg(target_arch = "x86_64")] -#[inline(always)] -fn combine_key_and_nonce(key: &Key, nonce: Nonce) -> [u32; 12] { - // Internally the asm version expects the key and nonce values as a consecutive array - let mut key_block = [0u32; 12]; - - for (i, k) in key.words_less_safe().iter().enumerate() { - key_block[i] = (*k).into(); - } - let nonce = nonce.as_ref(); - key_block[9] = u32::from_le_bytes([nonce[0], nonce[1], nonce[2], nonce[3]]); - key_block[10] = u32::from_le_bytes([nonce[4], nonce[5], nonce[6], nonce[7]]); - key_block[11] = u32::from_le_bytes([nonce[8], nonce[9], nonce[10], nonce[11]]); +union InOut +where + T: Copy, +{ + input: T, + out: Out, +} - key_block +#[cfg(target_arch = "x86_64")] +#[derive(Clone, Copy)] +#[repr(C)] +struct Out { + tag: [u8; super::TAG_LEN], } #[inline(always)] // Statically eliminate branches on `direction`. From 1ebb1e93b6f6a9e4aadee15023b2e374d1f4ff50 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 25 Jan 2021 14:39:44 -0800 Subject: [PATCH 387/399] ChaCha20-Poly1305: Elide lifetimes in integrated version. --- src/aead/chacha20_poly1305.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/aead/chacha20_poly1305.rs b/src/aead/chacha20_poly1305.rs index 4cdafcf9ff..656f632c54 100644 --- a/src/aead/chacha20_poly1305.rs +++ b/src/aead/chacha20_poly1305.rs @@ -86,13 +86,13 @@ fn chacha20_poly1305_seal( // Encrypts `plaintext_len` bytes from `plaintext` and writes them to `out_ciphertext`. extern "C" { - fn GFp_chacha20_poly1305_seal<'ctx>( + fn GFp_chacha20_poly1305_seal( out_ciphertext: *mut u8, plaintext: *const u8, plaintext_len: usize, ad: *const u8, ad_len: usize, - data: &'ctx mut InOut, + data: &mut InOut, ); } @@ -154,13 +154,13 @@ fn chacha20_poly1305_open( // Decrypts `plaintext_len` bytes from `ciphertext` and writes them to `out_plaintext`. extern "C" { - fn GFp_chacha20_poly1305_open<'ctx>( + fn GFp_chacha20_poly1305_open( out_plaintext: *mut u8, ciphertext: *const u8, plaintext_len: usize, ad: *const u8, ad_len: usize, - data: &'ctx mut InOut, + data: &mut InOut, ); } From 47437a3d5795625d78b1ec7efcd3f06072587086 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 25 Jan 2021 14:58:23 -0800 Subject: [PATCH 388/399] ChaCha20-Poly1305: Combine `unsafe` blocks in integrated version. --- src/aead/chacha20_poly1305.rs | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/aead/chacha20_poly1305.rs b/src/aead/chacha20_poly1305.rs index 656f632c54..4172580761 100644 --- a/src/aead/chacha20_poly1305.rs +++ b/src/aead/chacha20_poly1305.rs @@ -96,7 +96,7 @@ fn chacha20_poly1305_seal( ); } - unsafe { + let out = unsafe { GFp_chacha20_poly1305_seal( in_out.as_mut_ptr(), in_out.as_ptr(), @@ -104,10 +104,11 @@ fn chacha20_poly1305_seal( aad.as_ref().as_ptr(), aad.as_ref().len(), &mut data, - ) + ); + &data.out }; - return Tag(unsafe { data.out.tag }); + return Tag(out.tag); } } @@ -164,7 +165,7 @@ fn chacha20_poly1305_open( ); } - unsafe { + let out = unsafe { GFp_chacha20_poly1305_open( in_out.as_mut_ptr(), in_out.as_ptr().add(in_prefix_len), @@ -172,10 +173,11 @@ fn chacha20_poly1305_open( aad.as_ref().as_ptr(), aad.as_ref().len(), &mut data, - ) + ); + &data.out }; - return Tag(unsafe { data.out.tag }); + return Tag(out.tag); } } From 5e38e04857727b94a195cbd8cf96cd9b7a2781fb Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 25 Jan 2021 15:38:19 -0800 Subject: [PATCH 389/399] ChaCha20-Poly1305: Revert unneeded changes to BoringSSL assembly code. `chacha20_poly1305_constants` is unused but if we want to remove it, we should remove it upstream too (first). --- .../asm/chacha20_poly1305_x86_64.pl | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl b/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl index 27a90d0d57..017570b856 100644 --- a/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl +++ b/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl @@ -40,6 +40,8 @@ .text .extern GFp_ia32cap_P +chacha20_poly1305_constants: + .align 64 .Lchacha20_consts: .byte 'e','x','p','a','n','d',' ','3','2','-','b','y','t','e',' ','k' @@ -434,10 +436,10 @@ sub emit_body { { ################################################################################ -# extern void GFp_chacha20_poly1305_open(uint8_t *out_plaintext, -# const uint8_t *ciphertext, -# size_t plaintext_len, const uint8_t *ad, -# size_t ad_len, union open_data *data) +# void GFp_chacha20_poly1305_open(uint8_t *out_plaintext, const uint8_t *ciphertext, +# size_t plaintext_len, const uint8_t *ad, +# size_t ad_len, +# union chacha20_poly1305_open_data *aead_data) # $code.=" .globl GFp_chacha20_poly1305_open @@ -857,11 +859,10 @@ sub emit_body { .cfi_endproc ################################################################################ -# extern void GFp_chacha20_poly1305_seal(uint8_t *out_ciphertext, -# const uint8_t *plaintext, -# size_t plaintext_len, const uint8_t *ad, -# size_t ad_len, union seal_data *data) -# +# void GFp_chacha20_poly1305_seal(uint8_t *out_ciphertext, const uint8_t *plaintext, +# size_t plaintext_len, const uint8_t *ad, +# size_t ad_len, +# union chacha20_poly1305_seal_data *data); .globl GFp_chacha20_poly1305_seal .type GFp_chacha20_poly1305_seal,\@function,6 .align 64 From 45e2ed5cf7099876a2daa91fc57651ec195dca94 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 26 Jan 2021 14:28:12 -0800 Subject: [PATCH 390/399] ChaCha20-Poly1305: Remove `has_sse41`. It isn't significantly simpler to use than the direct use of `cpu`. --- src/aead/chacha20_poly1305.rs | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/src/aead/chacha20_poly1305.rs b/src/aead/chacha20_poly1305.rs index 4172580761..3422c20002 100644 --- a/src/aead/chacha20_poly1305.rs +++ b/src/aead/chacha20_poly1305.rs @@ -57,7 +57,7 @@ fn chacha20_poly1305_seal( #[cfg(target_arch = "x86_64")] { - if has_sse41(cpu_features) { + if cpu::intel::SSE41.available(cpu_features) { // XXX: BoringSSL uses `alignas(16)` on `key` instead of on the // structure, but Rust can't do that yet; see // https://github.com/rust-lang/rust/issues/73557. @@ -130,7 +130,7 @@ fn chacha20_poly1305_open( #[cfg(target_arch = "x86_64")] { - if has_sse41(cpu_features) { + if cpu::intel::SSE41.available(cpu_features) { // XXX: BoringSSL uses `alignas(16)` on `key` instead of on the // structure, but Rust can't do that yet; see // https://github.com/rust-lang/rust/issues/73557. @@ -277,11 +277,6 @@ pub(super) fn derive_poly1305_key( poly1305::Key::new(key_bytes, cpu_features) } -#[cfg(target_arch = "x86_64")] -fn has_sse41(cpu_features: cpu::Features) -> bool { - cpu::intel::SSE41.available(cpu_features) -} - #[cfg(test)] mod tests { #[test] From af3fa46f2906f7961c96092a32c0ab529aa5d8c7 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 26 Jan 2021 15:37:20 -0800 Subject: [PATCH 391/399] ChaCha20-Poly1305: Clarify alignment of the output tag in the integrated x86-64 code. --- src/aead/chacha20_poly1305.rs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/aead/chacha20_poly1305.rs b/src/aead/chacha20_poly1305.rs index 3422c20002..497d760032 100644 --- a/src/aead/chacha20_poly1305.rs +++ b/src/aead/chacha20_poly1305.rs @@ -205,9 +205,13 @@ where out: Out, } +// It isn't obvious whether the assembly code works for tags that aren't +// 16-byte aligned. In practice it will always be 16-byte aligned because it +// is embedded in a union where the other member of the union is 16-byte +// aligned. #[cfg(target_arch = "x86_64")] #[derive(Clone, Copy)] -#[repr(C)] +#[repr(align(16), C)] struct Out { tag: [u8; super::TAG_LEN], } From a822206929bc0592e0dc12b270655a31647099c7 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 26 Jan 2021 10:08:28 -0800 Subject: [PATCH 392/399] Remove currently-unused test vectors for AES-GCM-SIV. We'll add them back when we add the actual AES-GCM-SIV code. --- .../test/aes_128_gcm_siv_tests.txt | 574 ----------------- .../test/aes_256_gcm_siv_tests.txt | 579 ------------------ 2 files changed, 1153 deletions(-) delete mode 100644 crypto/cipher_extra/test/aes_128_gcm_siv_tests.txt delete mode 100644 crypto/cipher_extra/test/aes_256_gcm_siv_tests.txt diff --git a/crypto/cipher_extra/test/aes_128_gcm_siv_tests.txt b/crypto/cipher_extra/test/aes_128_gcm_siv_tests.txt deleted file mode 100644 index 8587eea1fc..0000000000 --- a/crypto/cipher_extra/test/aes_128_gcm_siv_tests.txt +++ /dev/null @@ -1,574 +0,0 @@ -# This is the example from -# https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-04#section-8 - -KEY: ee8e1ed9ff2540ae8f2ba9f50bc2f27c -NONCE: 752abad3e0afb5f434dc4310 -IN: "Hello world" -AD: "example" -CT: 5d349ead175ef6b1def6fd -TAG: 4fbcdeb7e4793f4a1d7e4faa70100af1 - -# Test vectors from -# https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-04#appendix-C - -KEY: 01000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: -AD: -CT: -TAG: dc20e2d83f25705bb49e439eca56de25 - -KEY: 01000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 0100000000000000 -AD: -CT: b5d839330ac7b786 -TAG: 578782fff6013b815b287c22493a364c - -KEY: 01000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 010000000000000000000000 -AD: -CT: 7323ea61d05932260047d942 -TAG: a4978db357391a0bc4fdec8b0d106639 - -KEY: 01000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 01000000000000000000000000000000 -AD: -CT: 743f7c8077ab25f8624e2e948579cf77 -TAG: 303aaf90f6fe21199c6068577437a0c4 - -KEY: 01000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 0100000000000000000000000000000002000000000000000000000000000000 -AD: -CT: 84e07e62ba83a6585417245d7ec413a9fe427d6315c09b57ce45f2e3936a9445 -TAG: 1a8e45dcd4578c667cd86847bf6155ff - -KEY: 01000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 010000000000000000000000000000000200000000000000000000000000000003000000000000000000000000000000 -AD: -CT: 3fd24ce1f5a67b75bf2351f181a475c7b800a5b4d3dcf70106b1eea82fa1d64df42bf7226122fa92e17a40eeaac1201b -TAG: 5e6e311dbf395d35b0fe39c2714388f8 - -KEY: 01000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 01000000000000000000000000000000020000000000000000000000000000000300000000000000000000000000000004000000000000000000000000000000 -AD: -CT: 2433668f1058190f6d43e360f4f35cd8e475127cfca7028ea8ab5c20f7ab2af02516a2bdcbc08d521be37ff28c152bba36697f25b4cd169c6590d1dd39566d3f -TAG: 8a263dd317aa88d56bdf3936dba75bb8 - -KEY: 01000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 0200000000000000 -AD: 01 -CT: 1e6daba35669f427 -TAG: 3b0a1a2560969cdf790d99759abd1508 - -KEY: 01000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 020000000000000000000000 -AD: 01 -CT: 296c7889fd99f41917f44620 -TAG: 08299c5102745aaa3a0c469fad9e075a - -KEY: 01000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 02000000000000000000000000000000 -AD: 01 -CT: e2b0c5da79a901c1745f700525cb335b -TAG: 8f8936ec039e4e4bb97ebd8c4457441f - -KEY: 01000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 0200000000000000000000000000000003000000000000000000000000000000 -AD: 01 -CT: 620048ef3c1e73e57e02bb8562c416a319e73e4caac8e96a1ecb2933145a1d71 -TAG: e6af6a7f87287da059a71684ed3498e1 - -KEY: 01000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 020000000000000000000000000000000300000000000000000000000000000004000000000000000000000000000000 -AD: 01 -CT: 50c8303ea93925d64090d07bd109dfd9515a5a33431019c17d93465999a8b0053201d723120a8562b838cdff25bf9d1e -TAG: 6a8cc3865f76897c2e4b245cf31c51f2 - -KEY: 01000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 02000000000000000000000000000000030000000000000000000000000000000400000000000000000000000000000005000000000000000000000000000000 -AD: 01 -CT: 2f5c64059db55ee0fb847ed513003746aca4e61c711b5de2e7a77ffd02da42feec601910d3467bb8b36ebbaebce5fba30d36c95f48a3e7980f0e7ac299332a80 -TAG: cdc46ae475563de037001ef84ae21744 - -KEY: 01000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 02000000 -AD: 010000000000000000000000 -CT: a8fe3e87 -TAG: 07eb1f84fb28f8cb73de8e99e2f48a14 - -KEY: 01000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 0300000000000000000000000000000004000000 -AD: 010000000000000000000000000000000200 -CT: 6bb0fecf5ded9b77f902c7d5da236a4391dd0297 -TAG: 24afc9805e976f451e6d87f6fe106514 - -KEY: 01000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 030000000000000000000000000000000400 -AD: 0100000000000000000000000000000002000000 -CT: 44d0aaf6fb2f1f34add5e8064e83e12a2ada -TAG: bff9b2ef00fb47920cc72a0c0f13b9fd - -# Random vectors generated by the reference code. - -KEY: e66021d5eb8e4f4066d4adb9c33560e4 -NONCE: f46e44bb3da0015c94f70887 -IN: -AD: -CT: -TAG: a4194b79071b01a87d65f706e3949578 - -KEY: 36864200e0eaf5284d884a0e77d31646 -NONCE: bae8e37fc83441b16034566b -IN: 7a806c46bb91c3c5aedb64a6c590bc84d1 -AD: a5e269e4b47801afc0 -CT: 8092e6d6d729f5ee7e808d77f3b7a89647 -TAG: dec23ae31e3e97bb364fa18ad85cae0b - -KEY: 577e34699b9e671fdd4fbdc66f146545 -NONCE: fc880c94a95198874296d5cc -IN: 1fd161320b6920ce07787f86743b275d1ab32f6d1f0434d8848c1177441f19549586 -AD: 0f046787f3ea22c127aaf195d1894728b3fe -CT: 7520668ef1b845aabf245e66ca687ca7c5b4f00de71afea392cda124893746ddd4e6 -TAG: db5ad3b398513fe5c8d868e68becd5a8 - -KEY: d1473c528b8426a582995929a1499e9a -NONCE: d8780c8d63d0ab4149c09f57 -IN: 2c614b4745914474e7c7c9882e5386fd9f92ec489c8fde2be2cf97e74e932d4ed87da44102952ef94b02b805249bac80e6f614 -AD: 55bfac8308a2d40d8c8451178082355c9e940fea2f582950a70d5a -CT: bdbec524ca37355074899f01b7247b1abc24565b997e000f231f0664be655d8cb75f18112cfaa722e1b2e261710036ff919014 -TAG: 45b9ece29df0dd93941f9454404c8d87 - -KEY: 1db2316fd568378da107b52b0da55210 -NONCE: cc1c1b0abde3b2f204d1e9f8 -IN: b06bc47f9745b3d1ae06556fb6aa7890bebc18fe6b3db4da3d57aa94842b9803a96e07fb6de71860f762ebfbd08284e421702de0de18baa9c9596291b08466f37de21c7f -AD: f901cfe8a69615a93fdf7a98cad481796245709fb18853f68d833640e42a3c02c25b6486 -CT: d75a5a40ae0ac4343f1a52ee16108332b3563616c207c2b22be277a219e497b7e5bbd5bdecaed87a5216e3e49149ac50a7959957264c222577a07c73fc81f0e579a0fa93 -TAG: b70c26c56e34c7740824f9dfcb8ae6e4 - -KEY: 9e146d7b233987bddfc240871d7576f7 -NONCE: 028ec6eb5ea7e298342a94d4 -IN: b202b370ef9768ec6561c4fe6b7e7296fa859c2159058b1f0fe91433a5bdc20e214eab7fecef4454a10ef0657df21ac73c535de192eaed3822a2fbbe2ca9dfc88255e14a661b8aa82cc54236093bbc23688089e555 -AD: 40db1872504e1cced532ce4159b035277d4dfbb7db62968b13cd4eec734320ccc9d9bbbb19cb81b2af4ecbc3e7 -CT: 23dea4fb871ab1df6cfb674d2e7efbc969033a11d694c6580aa3e780e4d1db5f1145924b974ce98ea041ecca53c36207fa644b0ae789965084d1ef845cae33aff734113b3eb4d9f1863b780b0f97fb5e3c5ea991cf -TAG: 81da1dfc98517d4cee3ee885a266e814 - -KEY: 2834321f7aa0f70b7282b4f33df23f16 -NONCE: 7541ac15c8417abaf17a282a -IN: c7a57252ff224ae7911a905b8c699b20e40c1e9569a6b2aa0232d4b10bb6f20406135861c19795b95f9597f9b72c20931c41164f1b469b0901f2b5da3a956a6e278c940e82593eb58f56f6d3681fb00dedf7f612c4cb3193b73ab35f9a5a9cc8d13aa27ff1de -AD: a3b2a7d832ed8ab959d82ee795df8e1ef530cc6fd9a1f10543b44c49383921d74fe0c71d50da4adb9e9c7e5491a488ceb5c384ebafad -CT: 06d3e558b2f7f8e225d76a41a11122aa29eef02c226616f5264c9c1b821748a8115dd4868dfeacc5d167ceedc824f1f7136e7d7fae783bad83dec468c98747524fc2fcd7b86cbfd1c07078fd1b4b9caaae970c729ee3f2ecfebf048c5aba174fc4eab117bacf -TAG: 5ece142ce1074a09ab8ce810222a471d - -KEY: f0f484fae982019a8ea22efd1358adf7 -NONCE: ad4f5fa0d2acd2f1ee095cdf -IN: c13310241243fa53b8c2610d1924b1d55cb6d9cb6a5b98a72127255967b8ff23623c5453e61cecf9e624e5c803250c382481d3c10febfa54d03894ba8f9ed72637fcf5631f7b7312cc74e6ff63ecb240349a575f2cd817f2afbaaf21815bf08ac1e8f87520244b4a3fc492c7120296607ef64d0adb4c74 -AD: b73839e13455fd91ddf7f81d460034b9c41eaf0cc6040a84e17e6108372f1ca50656793554ea1d05181310711d0e60d4d556b2bedb24d7b622c01fe8025119 -CT: 90046c5ca4a6db850c5cddb14227b5902257e7ed8bc55f85ca24f51558f95037a0567d485b7606d2ec1802de069926e4f69e5ade9453080f84c045438d890290ed69b5e140788d07ed3d38b067900c222ad55b298e240590cb816d90a43ec52203f11ff9496b3dc32d7ac316ac8465496e41b4be5200dd -TAG: 76ae0503f7b43b1d2db24817f2b61ee7 - -KEY: ae0c8a20b679dc40c9908f88fecfafd6 -NONCE: 88b0ebec6a2ac13421012874 -IN: c80685c481b41323a1724ea96c1df644a595e8cc73955e6f661e0fa30737d78e7cec11629b8f1fa4bbd8e8e655f50019859514dbc4cbcf944f95084e45337d9d9d8972bd8da92b4eb5a75c0b284305601de859f8d1fac6d6b3fdd42210fdcf696119e436006a5a863859d5b70806197fdb9f0da3e4c31b0c7545809808bf7683757cd11b9d0f8621 -AD: 664df31eb95b5e17567d680b1a26980772e8ad3e9b2e2de537414368c4f97adff1408d36c1dfee65b78375c7361c91452e7d463338474a400ef9efcaa648e93f -CT: f729ca77733cca181ba8801e001924e20a1d164cc4440a6217a1178dd6b1210837367cf84aa41f92f4123d6740910586f819389d5c750ab15768aed1b163bde5b1fe8862d1621b11485b47182d32bd304ddbf275524c4ece4cfb1361db53dd63e21ac62bb54a77bb5063c869b5f5de1f1b4356845aac79ee6f66d21ff271e02e8bbbae1372b4b8ff -TAG: 52856b3369ecbb7201b1b0f75872e5e2 - -KEY: 38f8784a1598bca461211195d7844de5 -NONCE: 6b91cccc96d89e6471bca6b7 -IN: 374aa5ec4b2f5fba66c17a435970411f2af3d6e33c0d094f74fcb77beb6cbbac1f3a8a19f69ca087f94a5b80d5e3692e0d10ec34aa67269c824b382d6238bcfaaed586177b852f816c31e9966744188f02647d881990d98c3eabd477557a739262bb3f682f64d2208faf98097586053a32cbf37e78413a2d89613a81966e8d654cac0aa34107947a036f403bda53e74bc524e7bc2d2c51dc42 -AD: 6b38c308cc574839129e5e6251f41dec9cff7ccf256c38e4994e15ca976d3185ae17030ad3751e56367f86886acc32e27fe04d0b89cc89b0206f281aa2d80f9be19928dabf07417e76 -CT: 350bc8baf35cad823df06eadbb0e30e1e4b5bb8171d14c330e8c488f1076d94b8cb7baa3268a5bf164e23563180b9793ed06bb80079288cd348eeaa8eb33cf31ccf89dec998408baae4c3a7b3d3bd14aa76e99d645da0fba0c29a7ea4baeed741de3a5df5ff4044d9b057c4f3ef1825dd0a47aa0b5e92cfe0321c07333479dc86bed7b7b91e6ef368401392d973404e2914b7d2cb49448c55e -TAG: c974e989ae2b86e92c5da9b0c9b068e0 - -KEY: 59b17f09c56d170ed1ef10d2fadf01e0 -NONCE: c78473d06a1685ef0bb112e4 -IN: ec7e6ce0cbc601fc8a2dd64045c8fada4a28c0c6f0ec98542e365279d00ffdf5e2eae3b663c4b79342f2f265db30a86d6e1b325318d7f7a622b36e746875b71165defd5ca1afc0a92db6ef4fb9e20b81018a5293899f1e0d06b18a2e65f7616638f79a0db3f2cfdcc0eac2ee1e2e454958e2e6d214a20ad13156f97d0f2cf4276b09f5945c11f6b20b7bede26d6c2f0e5cf2786eea66e18d6ece02156f9233bdfc57c75b1a8a8b1f4ab8 -AD: 5be5a4a089f0ac762060a336aa502f5a1df1e0a647fb9d5d932dc0654e0725122f6a567681a7d1cb7625ed0404d540d8b3145c911280d2a0ff9d1c53e27677be0436faeb39009fe5751c0b37c7a5f1137a26 -CT: 6b07754b096556462756de94e5941610f1bfd93e6222899516e00eb1830f557d6f629bc61abe0c247ab6aa0f4f816f79544ceb034b5d9e86ab8679ad67f6dbef521f6180a07b0bbbcf174cd9234848f18b8ebba7d6ae3d607e027cb220c7582eb6d496a980ae3883fab88a1dd9e5312842450fcf68640546b49c24a3ffc0c8c4f539e8f9a34a3bbff44b1bb4cdb339d8879fa4e0c2145954e34fbede7483d25a0494c1b9e5b1f70aee7e -TAG: 064c9d25f8795d8151b33f9d32d3ac6d - -KEY: 995577faa109071bee1c87d5e6772ca5 -NONCE: 5fdec02348a625b49c3c881a -IN: ab162f20ba0b834e8159d9bf20ee0c5d14da0221961c4fc7d9b44c7822f32298d30775cf974172ebfdb36cfb2881ccb15e5f69ed27880b920f4a092815357e03d982f75590af08b447f0f8466b031ed2409e9f5eb479affd9e18017a369486914c63a7494168d91df157f5e56fbc4ab6ee5a8f3af1fbe1bf9324338a1f4acad45fc7137676797c89620b15feb8512544771f280f322cbaac9c4d7cfb4c326824825ba5b5f5190fcde0d399ef1f52b82abb5a8b1e5f2eea2c79702d -AD: ec4cfbee3d1f5cc11e085d2254f8b37f8030bd285d6aa1cc53868d18ecfdd963153485dce5a3e3e8cb0a3cf8074571f7a2e9e841229466463f506a2bc90f2d6413128efee043e01eccb930fbc002563510e499457161083ed7997e -CT: 0610980d938c2f2619bb8b4408156fb53f595d857feae649a6700af296d0411cbb80a6c0b7e2447cc54c3bd3bcfae38b7bb10fa5b91e25686d4482b14a2b62d386175f9f247e48fc3b2215b2da1c065bb00f9f59e8afafc9ef205f5245d27085021f41b9e40c00abaea48286fd914e558f822659207e965855eabf52723148d84b0a2692c48d76f30f3cb530b1beb58ffc4824517cb6772e957bd56394c1d8b70c9fa2b70a670f3fe36d8802b2043905e469b558575c75012901dc -TAG: cb51baaa4672b8ae9745ecee08784d3b - -KEY: 58ebf03ce7ed2f8d5487936311922884 -NONCE: bfd31cf828f3d0ce78f3c698 -IN: 1932268108a369048cdc0a75c062c0ed02e27bbd11754e621ff67c511ed98c6fadc3e95e7100644ebe1aa147a7e99f25ce5c2edb8ab6446749441027a211b8d04a6247299dfea9d75eab257a625aeb51f74e0b47b302fb5c0475ab23e99f4d93ecf07694497ff6b27c9848805af93a5615bc71486b26fc9da67cf60c8d3a396bc0164985fab2c64bbaa4dd0fdc22c9d9e433e8c70dcdeeebf230c7a3cb3e5d0d48573a64b068daf90f56b15579767ecdd420c0858fabe23abc0b313b97a9c1ceddcb59d5322e47a85cc58e75 -AD: 3f00d6f0d032d4c5110c8f22e98895279a30a86da0ef71cea6ef2738fe3e747ee54d2e96e3afb8916281f6369ab1a397ca0a18c6c0e9a0c4edeaa4190ce6422bd116ac254a12235eb66fb5cc7ef55b721d3d2db4c67c38bbbb0bcac9234ea7d733f200e6 -CT: b741fd48fa7634435db2cb05392004d0b588bc7e9ddf79526706e575415c8b3d48a606c5f155130deb77ec7aff93719396797bf6628531d9d061727bcea2b348060b64122cd1a94f999ad1f681847e57c05da0deabd2fe010212dc60ec980ed0ba78ee9160b3776ae9174c6f8b7231d6754a4143c8af129411063315c6517134ca26d5a94a2e8c6e8b7ad9b8e78b694d5251deb34dabc455dd9f2a2b3fb6f67222de61e917a645d366462d6d94cd265f919f237f06f1986fac17bfaf3a97c24b99af884d0fca5d3307caf9bd -TAG: 35777ae50d32c572cb0cd778cbaf55e1 - -KEY: b86fc55f4abb9b65ee1897c262533ccc -NONCE: d118b0f493c849a7aa7f35d2 -IN: 43f9438f1858da62bdd03fd5a8c7b01d8097d7ce319a41f80104968a46599e9a3289a29a16b245877898f345f92fa70d3e613c38e6e4ebbf0bcb64c1c41f8b83ec8e9f159d4b830d9a1b79f2ad90db067856eb8621e52ab3060e8d72dfe782b62364c163fa00b49aa6fbe4210fb7208c642b7a6735b1a8b2f1dbc4b3d4952985ef207a3eb0a07b1341700762e9f9d1c3438fc6633da2fbade15844cb1813d258aa5bfa4ac129d693792a89622a0c686f05d87019a266f91387d96bf2baae0262782b9c23162f5271cfa3144265deefe2c569e82911e842e5c9ae8fb79b -AD: ecf42c3afe389acfdc9a34bec7b45705ba68e205b83b33f50b7852fbb7f4ae5dfdfdfb3cfee8a03c96a036388aa8f7809bd47eaa073f92905d0d5f199d466cc0ebd9bceb207f4209bf9925c6109973194742dc8d813f3cb212bbd8d92d7eef645fb0f8245811876dee5f241763 -CT: 87454e6cefc24ba38f01bb791333dd0006cfce165a4247833b182efcdb484b0818aa80f70f29d0ec093455344b8f169262f17be2d1635293bdcca90e21f2c210146f90398f44b35e3f2203c7b5bfecdbd973b568d8ed8444d43cba08d44984a295f62c174ca9ca69c173bb7c43f103ff53a886284af46fde5cbe07b391f9c0b82eec218faecb43dc75372478f2ee1bb267602672a4ff5989ec7251034dd2cfb49677fc82c8b209820be1ed2c429a0491beedbe8c1fc78bd62590ba71fd5da363d6da000e8b7e5bae223c0cf8397d3b5ce7141e8b301ea5a737ae480dc9 -TAG: ad696ab700dd5b71d79f4f6f69034185 - -KEY: edaf7d79c1b83d973f9ba3b29a9b9408 -NONCE: 418f73743ff0546f0d929001 -IN: 0cf3a665c443b85255759ec6248021e4b6eb825c398b5af7b5257efb7afc481abc20d90249bed5b30d44f725c78ad0ce2821f86838874dceb6b6207ad6fa34579126de720ce34bdfd2058d92b8bbbb3f1bec607de3f0a028d8f6e13d0d4d2d3861e1a26d79cb68d3fef68127e8458eb599915022da751e271cd047cc712fae5b0459ae7815a24f4edf806889fc462c83181111f4de5bbb7e66a701460f508eaf73798c3ca9c08cc1a046472f4b18c69b7ed249a96f9bfa05a276499a5f499c586027c64ad6a68dcb52a50aa6d1b1d4d202e6f184f01daa08fbd643523f4f73ae6b8d764a7f567087a5fec5ad1ee3 -AD: e4be5b677b87109e69eae9a635ac2ea185ba08ebce3ba4be06d53b2da081c5030f5a746fea7bbdda340e10eccd47238340b9244b9442c0efae7644cff53c7abd8445163e891cf30bc8e26eea01f0c461b4796c2106e1ffdfdd1bac29f7d3c72c8ca7f625008d8d333d2a2092c08ef83c8002ed90e2ad -CT: 9372586624f9a52a91e7ce12f380ca13840f11fad8d9edf10c869042c29514515673b3dfcfe956e8d3550baae1815bb4cd41ed27c7485c723354e557d18119b27431d7527f0d84c6e76baf9afa35a215624c339ad888f27c338240e603b232cd247e77eb1475adcb87d0443265ac0de45b16c67fdab07a0c0dd203d97ac2e19248492c561912e9087cd5fb73445695b43b8dd8c7515f9c958dc64068e31d3cb615038f5eea84a74b5d0c3415b6b1309ea8092614f2bd944a6c3a9e002a95e524efa497c9d3cbdaa764f8cf8aa9fcc7f7d68a623930bebb74e5c234322651edda21e20eb12c16a76839f31f3b30d6 -TAG: 33a31cae0292d0185aa10ba1c2288cda - -KEY: 01dadfe4cc0681384b489f38d25e83c2 -NONCE: c563485fb361f81d44aea205 -IN: e5bb4c1912d00d8f99f8d7a931e55ae72f749147fbd97699ec730bfb01b8261f1f94696278fc703263cc789b283460af9d74647a8c039ad2184674e78f6a355a26eefc6fcd4cd32d96d245d583836312652fd9e6694ac5644eeb4c2bd667b52e5af14bcb108c8e277728d6d6116e8ed1981993771b8bb783bb351982f9f8c2a0e7c20a5a863c6d71b7145b73d7e6d84d47780d66847244d0b8ef559f2297f39e26501d8a2aae8c36189580292da842c4d0d06a21d21ab175e34589e3b814d8a00ac1d8a3b2eca2a91b21e36c55fc6dad8c0a1b2cc7bcb2108b2e21fafeaa26a2d4881b183b899210b474bdc43a8f0b8464075d86a2ba1e9cd195a8ecadd315 -AD: 870d5740c4e22eab0783de87d541fa834647c3fc6543c60d5df31c19c6ca38707649fa8dcfc3c0ccc16b1bb60283d7ae2778a8f83ba07b905e23cb06d5656f614f1efcb346f34e190bcc636cdca229b64af9ae4b1f05b58f1ffd1a077a51bbf9ede69ac3954de7daf569cc8de12282cac09b9a49dfb92dcc409b8c63f2ae4a -CT: 119f74936eaffdc3e5e7e072ce81e0e1ca91054cbfca127b8c4a94ada042a2452b39cdd02ab897da765cc0f8d84089a8cc5af662c1c96aefafeead785ad042b506fc72556182566263e90009a86503595dca0924d87ea6ac61d4e931025420436a8716d0ce379c5e3437b26a12531c0a1abb3a693f3202f5770f1dd7ec1eada8c2d6c747a7161d19ffbb897710a17e7740fc232fcc244f456e962ebe71f7ded8ca73e07dd44f00fbd023b8a72f9005f9bd4d0d44135294258ec14665309e9edcc82d98227474a9202552d31f1d2e7374d49929c2885696e5e3edc1983432f1dbad351f9cae3cd56855878d9a076c6d3a27f2718e32658f2392215915c020db -TAG: 5689d9a73d52266977bfe5c1bb1bca09 - -KEY: 34091633f4aaf225aa02ba9c57b910a7 -NONCE: 6535f0cba67fbab0e6fa0bc8 -IN: 76217fc9a546a97dabc9be41209bdb582d8d8a62865df7398d4f7e9ac681bcd102e31bfd40cfb8e9352b1e8ff7a7b81cfe2a62849e8b77dcfb645d2046404a83442133e245bd1df35d69dba9ee097dbc867cde7b431565c72fec31719318dd27c3e47dc5f8729ea794668d8724a1d4115adcee0725e4c1e3ce16ed9e31bd5a409cd074c0277e21a0b431d3b30ddd361ecd176a8d86927c2f6693105d7d3c47d9be8bd90d0b2fb20587623b2e838624b590a5c9f0e6d519b35eb5332b16bd2c2f9534e376ba68316efdb963d63e2c87cb0716973297d986bbd885a7306e2bdca0855447b57817285801341c10baf67bb5f71b75a11856d2551eb47e60025a0021 -AD: b9948afd8818888585a6957eb59680a55a5c42458f2d0e0f39bcbada0ba0b6e72340193500e22d243e32be0e7d7bc5c632ef3dc7e79ad5acc895cbba3111d8d1faa69bfe2ce634fc0d7b12242dd8bb105c6ce54cc9718921378c906ff5e61f48fa259b25bd10fee96856a206a928b450a0098089d5cb7378c2935c4537172076 -CT: 3260de6acddb17f93ff06dc7a8955f5d363bcee255bfd40fe5e92e13c7a1c682c6385736284c5cd858ce6ed251b92f5eb10f83970525f56a1ba0b8edba790ddb015307cce877c53a831aaf56f375fb20e58199f6ddb91efdf9983f263c9a746fa2d66bd4790531f85e7ad9a07cbcc00e9c122ddba77b1cc2b37b734a0ffbc29188685227ff42bf33c2e912eb592de1a45381cf6c5c9a36af93af26168c376e8902299e810e07a8ba2e23670c5221110ad4296a581151185553fe366bb4057e61b7a788f12cdfa635d9d6b8ca47a5596a765d58bb7f877242c2e0145d47c300175d7af62a29846830922308b6b69cce8413810184b27a8184bca2d8ef16316f13 -TAG: 7dc47ef9283971e1745fa3ff698c6a04 - -KEY: d829975798d4f24ad243e4aad474fd5e -NONCE: 59e25a6dd133944918709e33 -IN: f84b4daf4bc6d3ba1e0b9e364dcad5834024066ab5c8e672a999bbf23a83956623943e0011e3a2883d23a767b280ad84e2d7fe5811099395edd269077162310481ff304128271d4ce5c84ea738fde318cb2528bc5cd448c67837cb7dedb632d47e8f90e351b0a8942da2f78e2065cdf827a85f510e22156bfd971ab3f123e9774bf3ff7c224af19bc79e812839eeb3f1c14f89e5666c16c44a5483efbe449237508ab2436939098640931fe3b928cb3a9378b6b9fc2a54c6bf59f34b16f06d5ef132ae2a7161034f26a6e07badc61ea51a94a20e4692a0a0525726f3de9bd1d6151fa6a0ea3acef3634847cfbc98d2e0bb9ae89e4f91a78c56558ac92b4f33fb1d96b1ade26cf4b2fec779bfbf6709e531 -AD: ce0e6219f75c4c31873d4915b1af3a51c2ef5e89218ac4060dd12be216654eff2991e8d7bce6f6a437966f80c59c527679b8983e75c617c917fa9b63bc60748f5ca179645afdfe6a126a73d3fbcd41a9df6d734e8783aff3a5134ecacbb289f93febbd8eb493693264026f8678e9fdb779038ac13199459caf9c4e86f4cf8306af6dc04d9dbb678d3c -CT: 98bfa05d1dc27d721378bcc25af4899c9c88fcd54d56662282f9b820e540444dbdc57bdc63b60680262aaeb8387e149fc2a759c0246f771dd9a13209c4eaae9f8c7e43439535afd85c9b12fbfc10f8f9f417079857b9e061cd24b7099726528f4ef529d14097239bafdce4d9b51860ad091c8a7d1faf39d44523973cd1df0377339485a89036d62cad090ffb9d05c7c7d79b01a22b7ee5e485e76ca9be9f037a94366968003b73915b027b161ab90fbc6ab78f6ef261ec5789d668fa2b28b1b1937da1d2337507997fd0d80387495d6953b08ac0a3fcd24f1fbea3df9218a9f0f1112d7bd4bb03ffb9dc790306db5e03d67201ab904df0e4ae283ab3d62bf48a6d79a5faac2ab33aa0599c0a6de5677ca0 -TAG: 767e68b063ed300e63df9933d6e10f2e - -KEY: e9e41d154c4c1bca018bbc4d744655af -NONCE: 04ee2cd524db41170f0946df -IN: 225d156dcdca3e52139561b61c26bfc56bc90c21cffa69468863afb66c3e1524303f8f42103e435fa2fe2c2956feffe5b06ed20bdba730d675166f13118a193b06d7985d54d46e4150468df1252d7cd144afc99ce99b93ce9526ea4dec2cde1d0d72fb82f55db65ec2035e387e7923d98490cacc793046afaa2e49bed34cd7e4eaa52e75bac5e86f9e9eb81028cbe8a515870edb9a151334e1f961949855565abc51af9a1bbac0222e9bd217d3e3a642b0f3df8e7c47c2c9d5a801cc8028c425b3becbe31df39d30637c38f981d268017da818010189c93d2d135024f239407623496c5435f04f9cae86e63ef46fcf9787c946b400249d8476f82dee274cc0cd3714973f1b6e0ebc443d681af25ee26a8ed475136ed8bfaeaa8315a4cd198961518c -AD: 7bc7b15c68437005a4973a06818738adcaa250949af910aeb807096595b3af54bacbedd966f83f784f651f7a2044461a94f1a6925e6d2064e72319dae75d3883a50afb6be1395d429f24029dc9b8cc021f15e305e5418d844aa4a89ddd299bf2e8c698a8f6a6cf0165c37bcf2e5885d73bb81ca15a33ea75da5946678dfcd546d475149dd1a2dab0e11cc8b07c0b06105a49 -CT: e3a3521e3e99ec595a3d9d0839d8d0cb4c0929e44f693df016da34e0d8a1f3f6aae28fa0ac0f38d46ef06a683adb04df301ebcd6ef0abf9ae3cc220cfdbf36ce8c023714d203ba785e9abb05095c4bf7f07a13f9409a5759428e6c97cd4a8b2e1a471676807cf76131ae471fa4e8d15225e9996ce4c7630c4b0a5ebd85db4bcbd79bdcb641a626773560b591adae5bf582f3e92299a60d081aacac117235d6d8094e97b034d120c6759394ede2a8b67e47864e1f50669e8e926ab6fc5cc696e70bb016de92707d4800b25ad14f9c457baa1e21b4bfef0dfa6d849e0951c81583a711242ba2383efc85381ec7228b8e7950a375df405f820ab5dec8b37572897c6af443667e09d48a18c9bca0322efa409e04f57741305ea7d51ed9018cb5d0f00b5d -TAG: 8aa9505e89a01281f033e9658ddb35c1 - -KEY: 7b1fdb1a720b9510d7d8819b6d946dd8 -NONCE: 5c73be515c6ec00a10a69661 -IN: c59fcd7a005dd08f3cad722bf3560f356c624404f3be55a02b3301ed756f557a51593ba90d18a1c13e227c8d5180fefdde4957484dcb81d08ee3331a6fa74c9c549ae13b2dc2a80ca0435710eb9f0dc2c908d896957b87325180d397c37ea7cf65db45960c4d791bf8cf798bd7626b13bc5e6b45b45be1a8ff687572ece86d1f5361abaedc1a7f9d9ff8003bca97af7dcc42b4399f9da4a0e7e829c0e12f4d41607303f60d1df5949fca0dd9ef171678e013b88789ac1f51a8160687d842c273a2dda93c5fba1eb5bed7476ba96a12e70cabba43d509b311e9d000212c81c483b7e9e7bae1d9869a125558b2c7ef8f838bdfe97af413b460bd9dc5e372afcb105832ee4c406d74781d3e9f2aa581ba4fe458989a03679744edb73ba31c7d9d37920d4d57a766104afc9c96650e5a602ba885d2 -AD: 078f1c67d44d6e86eff0c96a146bad3420c7dd0c64d800ea5ab7ff472d0f61bdf2e5634e06cb4f3c022dff8c4b46f2a47fdca2d04572b67f24125c66a551a1f150a02f635e1e99895807efa8001f46388365c48e4afe49c04f6681510f7e4cdfa02deb3e60eed745cf6d7ca6b773e1537d057a043cf517e5388dbbc44ff4bd68d2a7243587f8929ef07df5d001a6099bebedf8f26f49323209496d -CT: db79e91f4458befa47953312aeaf6aad01c3fb6e2cfa19b0ba21ce6698896e62e7ad2cef344cd324b3f0d317d9fe7ce713d4cf1743adcbfefb65e61ab6b323c5f16762ac527882f214539e034719047f9d3c0bc80480b7f76481e2fa26262b0bf426f1599d3d0947492769ccd65433fe70340d8f74fe31540b48c053eab97984f5f670651746b68617f603ef23117e9a8df0266851ef895b58b847e911508dcdc590f6188aabf37be430bbc72746ed7f5f47f45c90e2400d5be0e323824c5b86a2a0ea7c2156f482f7e0ff42923d6f7efc7f4f2cc77915bf85091216bb0f8c35f5274c0c8469ef03ee78b82cb6a5b510e16793f38fa2582ce249370ddf480e212f1cbcd77f89810b41effc9c87b0a80e5a22059b36e1dad294cd158f03d80ef3ed31b5f3b095cacbe5782986a69d5ff7621609 -TAG: 221274b4be8a4fcc765c2ac319b5186e - -KEY: 50109c383071e4a61ce18f495d98b6c4 -NONCE: bcffd0fc2496b7eb0ba612e2 -IN: a4cca8eee2a3daa0c21d854d49ca73cf5b24b38940dc2b44a2a6623e8404fc30c4e3aaf759425ebff85cb1c661744adf34c6c5d538f3210dcd0270a3d12784effc48734b53c1a228db291e2e5573b6ba2aed0a7296c1bbfdd1f4a86d6057d5534675a3f4897fe3a1200c54af7e09b97b0a2ab9f25d5ed375e7bac921f28f7b6983a41580362dcf0820a2dfe82989ccf0a998286623617453722bea0b6e8fba504b93cd043c7e6c7cccfbccea43f7e87502026f94cc7035c5e84cc14a5fef9bf2be53dc379053725a9a29c4e86252369bf6dfd3cf2801af7447fd0529e94beba961ed65dcfd492398123faa55346edfc3ecff720966b74fd0ff28f443ca67f88b8f5a4a73007f79ef782bef601a0827888c4c74f7777279c625de8a4b51db94f94f846474f8563001339afb3db339ab997cd1eb1eb7b03b228162a480e129c66ad47dbd18 -AD: b4c98f6d51fee205805a50c163beb176b754366e13c57c18433228a81089be18b534ee5f9567d529c802d34bbca36807bf845a9d14dd141c5de85607a4b4c5521e5aa717f78fe78612b770a4677cacd77a425e2496ae50ab2e559526c37ea723f2b8d14bd8314e4cc3727bfb835ea4062e87870b13d94d52c25f0c631668292f184fc048dfeed7a9d1a88cc5c4662030700cd8c257784009b4da9039909f73840b600eaf -CT: e7a4a201f58f66ddc0b8dfdf95c859879144dfa896406f43cbdc6adc148e0ea8f9a82170c5ab54c77dd0fa6dc209b623f0f5cd4ae358af96ec27c78e7245855e94ed1a1182f9d26d45e0872da3fab9fa9ee3e58aa168925d7f779feb77608067ff45b7ec7f2ef7a48a06ee22747ab96e1b485ce144bb3cf97d1e3cd28823628a2f8e3785d9af28b76c53c3d4c741d1ec56f2bd10939f6c79578c308c5e509ba8b13c820f5912d4ae169da4e04f86ff9b1cb9faa432545f7999ca1014f77c08ae9033712dbbc0e99db6eb604e774d5df8f6b928a0bb59e4c662d778d195aa95194a0cdf7688b309abe223048937691440e5a78cfe0cb75d229634aa49ee54a81fc9a6478c8fa310d524bb15ee8f54f572dee30e44eeb9603c8593f8a7007a1b0dcf2e301becf300f20d2e868b104154651446316414b5b5e9432134c0eba97b4cefb90c32 -TAG: f304266924eef673246b3c14389a82a9 - -KEY: 670cd4d988845b1d41cfeeb1ea740db1 -NONCE: 29c12f66a74e6234ebccf4df -IN: 706ed30fc736cb5cc0db17ed108229e87d6b039da5c4f0568a4cbef9d513dfbc0af9313f02d5129cf616487934f741a0a60bf11fdc8d29ec81eb37577726f54f3e35bb10ef98b1d15bd5726fe501a9249e409eccae128df61762447962ba2a63f30b59ea25e18895d2fd11431606caf6b45b908b08cf2e150c031e20e6cc649699fed5785cfc6a0e22bd8bd8c6d25221e9c9a8d2869d236388fdcdcff990cc940ddefd06da0524a351ae6113b29db9822adf9cb548d92f23e3951ae8522ab113579232e58578e80bd2fe3e1d06414a27ce0ae2e40d87745a8991dd5bd2e8ecbcad8b903195c15ac2eaf9bfe0104bae32f772a7d7416c5671350524419a6df6ed5e1df32b961ea39b164eb7e1353b046100998ba6853674ebd5ba011691a270c046096143daa84752f872e1ae32ac07c4f0d2a048362d12b108943a7007bb6cc117135b165cbf42b92df2f191f06085518ebd1a9a2e -AD: fffbc936ddfedc527b2c9cb69345e0c497cc4951aae5be2748209607a51a1380fd389a14ede9cd4cbacbf822597b1c500cb0549f08a35bb0b1a00c5e25c175318dc771b03501bbe45fc52b2ceb4c04b8213fdce3882e0967ba268cf786ea0acdfca0a7f3f2f4f9ed5f499ff70230158adeb5a741da266573742c527bcc8de42747df891f58632f92a110a981a29052bd17979be21e53067de3baf4c34bfbaf56ef5b3171efa1ae60a1a51f51e0 -CT: cc573518606d6416256cb233c66352086706f7f321fb5d69dc75dc6e11b9f7d053bd722b8d74f6edb023e283ac048570dc23dc34e1d344619dc648199b6bd3627590c7acfc738f10d896c0e3fbc3d3b9ef75c20c616d1dc96a6c3661b4f245ace3083590b1d97b936ede9994b08bf19189f573919eceeff80c25ba1584a1a8744efc1b2efcc264afa045dad460d4a97553d33aadbf6dde24790853a342349446741d65d3551ed343e9dce6b6cf6131c9bb3524597d0ce95e6971c01581fa140caf86ee4b53d17befeeeda4f5ce5b255a429c27a169aa075153bd4f1924df1750332aecbd365d8f65a2fd17f6abe9a054b3a2abf02a5b2031282715386c166dcce653bf3f3fb67aa119459bd5ef3bad4ea97aef40335884175d7fb9bbb3bb7f3114cd68c8136e8d02aa204d282403a34a89305725e2e022a9db9857112350e965d51b7b3de7339cfd3f202d18a07155b5bbd11fd64b -TAG: e3c4a624a012f660f21be3776f20b440 - -KEY: fc5b726bbc23a67015c35a1be5dd125a -NONCE: f812b7661106827f31a1e4c7 -IN: e0bc265efe59c9d6620387755a0bc17a11527fe136b765895e6386b9939c548bbe6d3b35eb92a90c05d0931e5dabad4d42ebee5af45be0106aa68888375a2619f7418a14570d1dedb76e8ab52a0a87eda2570d2c1d903ed9ecfdc62c23c47cb7e234dc617af0843a9f375a58f930337a88379b2b0553c4db974ad74eb46d637ea4e7c7aaafce16971682b772e1d85bb4a7272bc56be9bbb55625a5085e601a5dd60701bb07f69c755a57808d022ca0a407bc3d35c848d6fbfa6bf816d470d9a82d43511c13fd0f496e59646e65c84d7652589c542ae2e73c5b7aee83b9ee8381af1ea1f930444676d8e3335b271cb354e9cd3b17e7f1511787fb618aae930c14cd302bdf3a55b2bb12a61e7b930dc39aeef36447bbb2f4d9f5fb55797627fe1d0b94c04c6817de6cf1e7d6e2660c6f49c0ab4b31cd5b367b912933d3d1f0a6b8b9556fc6f8e9ab310482ee241fc221634b5094481ea232931d696c889d3d37e1c53cf74a3d5b -AD: dc41779816b352803f282410580b0c03e861f4f7fc98f8a4cd9a4fec0c0b27d92023c081c7927e7599cdf59031444e74fc15dfc12d3c144762b8e448b7ef6772612a2e7bc34a048bc33dc56e99949d569df7e296b66cbb37c66dfd2ad8e7aadc350f8350cd68e8c4e2461290e30f9449dbaf4fdc89221cd75493d33f903d365ec418b327e3dd6fc381a8e06c48868823a42bcd082ab16b2c666b71038273427ba1ceaa57905c655f0ec4d25401c07c679ff5367a9755 -CT: d64bf4eddf29f08aff3db1225ccc9df5fa92315d70bec762a001a21f564483c43d9fc25e26ef1cd8426f215f4fba46a4fdf5ea96e6ebafddfbbe15ec5a7f8aa6058f8f3b5c48339fae17738b374bda2ae9f0b95d721342d968ccaf1ded6cc9e0d25e4074b722c876565c73a80f9ac25c8ab7c9967b79e5f924697b65ac4f6cd8f1dd6adb5a3c943c5b43d0563ce8656dbe39dacf220e600b82af2b5ef9de009b51fe6ac5707d3b0a15e87ac4c27501e88e9fa4fb84d10cc489b2738fcc751ee5aef230d4b9e4529cd3c580e2c248ce92184fdcccf8d94a5da4ac34acb13156dbc3e676bd26c68e1065990a73adefaa4a58db57dfab709af8539f449d3c49e7172c6ae686e494a92386ab28caf37ebd026d0e670ea85a010a6fe8312fe5a71fe6f0c7c52dc80b2dc39489ccc39c10a7d3d64ad66ccd44638c8c9d83e1b88930d8da56e978090dffb1e04a08303fccf1dbdb1bb160e0f80d4493eccebd984f898ce877454f84b0 -TAG: d69dab4de29ca8e91f2e74888f80b841 - -KEY: e63611c19ca5deb1db80f97a3f5149a8 -NONCE: ad2cd6491caceee3e19782e6 -IN: 6354b76422dd47ba1e715dbd271a07fcdf69b5240e58186b82b1ac443000cca1b0c79dede1cf998643565650e998bf4760dafa08afde120368ff9fdcc2311f78d803c8324e385ade4ccd2eb2ef51aa1884a496ec024221566c8c882992fbb830d4923a5c5d7b99c7e6e7a8aae5926d143e19bed7faeaf7c77bfe7c9f05fdddf75df3df2425bb94a63f54bfb1320bd32e7fc2774be67a22f2410ff3c295cbc3fe566b8c9710807722198f03f56f0abb02ca55de5174d7f9ffa61c0bffb88730886c028451062d6220586bdbf5ff91ad6b1033f2c9d6cf3c3c7bb58a070e8bb1c3a39e3d04952961849cf55e64033ec929f30b9ead497d14b6c89ff6a4c008dab0104e7e20df6d6f11474ab680e5bec789623b2b693950a5d17dbc5b49cf80ab033b1910a9afc4231254f88ca13f37f1214753f32547ee0decad4bb93fe229b6c8a14564081d8ce5d47cd45022bb74475a709d84dc5fb0fd2e46ebc9940ccebcce3b674a6934d4dd57ce0fba9a1407beb06af6d1f6d70275 -AD: fa9f177cd36c990d4b22ff63aca475feb17de03d3a52b4119f9b277649f6f53f223e29e03493c938688be81151e268928380b407039fb38494cf235ddc823e8cb12f42b50b2feb52be05a38893d154b37cd1cf2f635413d7819354e29e195bd01517992b51efcc91e10932dd6f8a859c5bfd77f2e3efda25caf034a91053da8936e1975fcbecf2ee9784bfae7f903df4ad32e088a869aade322c7d14fc4143c50c59112c8178d00a0424f4003748d28956c9d3a6c57a8e0405d6509147b50e -CT: c22ffa587dd3b6425b81890f8eff36af3c64549c5a5f3e1deb44a7f14c6a179b1f76dd01d546a4273fd6d47b6f9e3ac5e9b641982d1002fda49af071d1dcd88ae5d0ad778d846d3db243ee067f17a91bfd808ddca26bfb67ad28303be8f582de507fb89bfc79c10513327c883bb4c6b97729c1d4aa32ce50703636b2fda0f592174f2ea36b26691e6355ad20bd116619dc728895bbc0cd281f58aff68d39e16087d3cc02ef04dcc93e9bf7695cb15a8f2db51df2e22a2f04be96021b4008f50c94cef256995207ef1dd9c0137d4cf63aba4a0d28aa5ff7240bf20895f8e9585c8c16437edb41e51f6ce5a4f965f0abae8bdb7c7abba2ba82eb5ba1dffe56411e51aa87617c62f7f6af3189647340865f92a16987ab784b1d6549099b1a02b369198ae9f8339e9e197f41e2798076b5b5fa61aa7fd7620bbcb8828b2332829d554f21b83d018b59f785e3a2db359b36fea9a8f085cfb668b3a7d80ad38b85e24472e72916bfa2887036d480f6ca48acfcc7c0f471a9501e -TAG: bd674531985fa355e1ef3b3dbf8f70b3 - -KEY: bd7d9a251a127a4dd736d0f74e68755c -NONCE: 4226110c276cb7870cf1c7b8 -IN: 6617944662737762aa77bb255d24ef951b69adc74314c72f37f32dc091ccfff067a89b834b1cf0b58cc22f7dd6970104dffa1f60b2ba837ca6ff834d07c71ac4eb40416f0f50303dbf6d0b4b0b9d9afa8da46c6753008f093a188cefe67f051c8bb3b6121841e2ba25b8b801db329b8da7d0bfffc29a3810d2d165e854a9eb34b6fcfc7c05bcdecf8f20b12c69f5641441156dd85b910557d1355e9d07030278b494691433bd5de2858d8bbe2e3071ff450f113ca78f385cf77e6dc0a6c3888e3144be91404deed2afe438240270e9493811343c62c2ef0e785921f1ccb2d2d029c5f0365f46bd55bfa8f89d1d4c30c5f6598fe3f9111df847b27a06f7641494e4eb7dba8a5296f90bcee8cf11c1f1fc16c52868e8f2db2dea75b91dbfa023d5555371e1461283e3f1695e028ea00bb35b6e81bff8f128af2d81df6fd2c7f6f42bbe9dab30a59ea4788a53cf9d6a2b1e9cdcc9f1883b37c91eb8bea7659fab41d47f6fb5e453777b589188805e883e9e15ae1de4e80860bffaef45a1e0a01f88b5d7d948e63eabbd -AD: d2f357cff8c172e6652cd3b420533b8527a6ef26c8ed75d349dca2106050d80cb22835c15861a22d8c7cf8c2c2df9407eccb0c21dc7078de4b8b91e82d94a9916c9a284c7e49c8c7d001721a9031530474452588e09411c66023c9c81b7891ed271d371d60dc70f0c04ac93bc694e5b638f7ce901011e1a17059892a98d596666d102d9f7e0de426449906081651f88157063729176f4608f2d506c9637086f8a56821538a6241d8ba5e0f37ad3ebfd0b9f3b3bf0ce18c095c4533cfe33f6a98 -CT: 7db6315e1ce8ae23774c2e8826811bc31b2d17c869691248a5b49398465319576c56c2a64e22ab0108c92b52d9a6096f33841643099cf47aa1defed63b7855f3a4586dfb8691c982eaf102aa87888d09b6dade960bf166e48d58999dd08a0802e109186495833a8d8bc5d6d3159824d1b89d4084cb831b8526dfd1c620b4fb6000e45bfc1a101984f3cc51d54c793ab8f034066922905c532dd60c7d96f06989d10c82844f4b20e872538f27333e6d8656b46fd819936124617cddddac8a64d2a81a0cbf21fe91293c8ad6af63536d10c11a63297b620350a6f76e76afbbf2d8c63428d46c9ca123b5022e6d67fccba1011b57aceb10da0878bd873422438cd949df47533eebacee697f9856222344bc9c4876f8435e0b999676d141135a6f42ace8f99b16d86e427f1ea4d4ef524835385ee1cda9f4049c3f6f9226a69b08528bc3970166f6f9067ac30f9d24b7da6bbec4e58286b3b1c5a7711ea7965ecabd02375b38a603d49c12131019a9b2affb801c91d54896c8c29e09f62a5fc0b100b80ed54b70f568d7 -TAG: 9fb615a8c354e10560c3cd37ceb3c3d7 - -KEY: 71bd6158a17dbba101f840c6638ca058 -NONCE: 9434c5b842d5dc501c774114 -IN: 2982cde70d98014e925eb46493b0bf91a569139be22c42cd33ba1f8c2bc884b2501a0f49d6309344874325345a98481287ccc6d29978d1e5be73740fdf2f3a3fdd0d7c0642be7a22e0c98f0886ed51bac87ceb0f2caa79cf702ffe880daea115b8af6546a7bc18469e07a3f8d8b8a825648684e2b4e9412cfa0f895cfa162ae0fbc11f8cc4a3252b2acf89e8ac67de0adb91e36dd510f9d8ed4eef92047d015b2ebaed1f3f0412d81fb5bc82f548dca18d5205995c22beae86894c88aa7b50cc82029abff7c8a56d0a6a594fb502ac9f11cf10f8ba9967497e0b70551a6440e15285d53befaaeea2dd2e743cc056bbee79e47350bfb49178454aee0c78372db372d99ddb910dfa8db6556b61d64e8ec833fe4737b13269583459a39bba6a1202fc709595fc0161f537bd825b3245bfc238a6c7d3b2295d1857129df86db0891e022199c793b319ae965cff94b078e467343796992992d388aa210d50599a3b2bbea36250ace162989e3c21249115a402c544aa82c0bf7b2cdf2d0ee20653b1e07cb42f9d1d0575ea7220ec01bb31deed93fafd126cc8d0d268 -AD: 16561102778d04ba7d68de3d942d313a63f1ee6c3a37397348f01bc83fb878bb1035748038047cca0c07710b9d76e129f9b881037786907560e4ae9592c02967df22af893b3ad409a3b9587454afe0375846cc8ad94963c7dc61849ee4ec1406dc7915ee5477bb73a43035d67e822e45d3169db88b269824228149abd333af8e41d2be455bfa449bc2ef48f0fbcaeade0f6b62d99e318a2ca44506670fb1397c47d1931136cffc72ea33a0e1e97745e938ce654b9b961fd4680117388dabdbfa134c9dec8206797e72 -CT: 6da55c8a9c5a29eaf8dd627d7048f0e6cf1d52063bd0a7f8d073e66fc406f37fb397f789e4bea1da21a94ef944a2a0fb9a35a7acee3d3687d8d713090a1f2dc3d118ca10c85f5542f9f6f40a4a79bd8816efc75cddd4a7adc9ba91483ca70daea0c65e975be46f690a2182602b29d7c04991d2fb61f154f8bedc194ffec5983b12c4f4d9abc0a415a517f4b8923a2ccf1d5213952133b82621dfd4a8379cca916f6ed9e58dc94baaa1c1c7d8491c3341e0751d90d131f20722bf2c44d097dfcb6eb49385dfb8c86dc47a7dce3ffc3eb89f32b4f106bf48c0d69aab448ba315145dd7ebadeff3798bfd004369595f48c9e7be596fc181bac4573d994f6d7a778f353e3aff64c3bd5169e8525edb96f1e97a5617345fbac9f58c0885d52ba25a019a4e01deb3ac14c4739c0bc73f28d4a05bc5b0be11477395f706d45ca0f7fd92697e6a8c5eae587dc9cadf62c4e8c283041211c3e51a23b84bf00d3bd4be490cbe9277268fff3f652ac9eea2734fcb016639f3b673b0eddb2691b10713fd5bd606deda19d9429ab17539dfac05b5ef87c018564cea21fcce7a -TAG: 9f64a1a1ec8b09b1e64b258744ac5f7e - -KEY: bb5e6c7b672e7c5d720c2035dfe8d42e -NONCE: daa56f54bd2dab11ce5ebc2f -IN: 95ef01bf080ee82e8ebda43598dca58db3acabd7b3cfbf5183d07bbdae49004f5154d6bafbe1114baaf4c624688178234a6176756718e79bde83422752e7a9ee87648b182f8ebdd96213b640b76118b577064f871d627d2a7218ad19d45499ed3d4d9bddefdc282e66d1d708daaa558ced4edf38ee6f3a9add0f2126e94a707261234932d0e3674fa085a7e2688b854bbb9bedb328940b5d35fd0eb85f5a56f1406d7a8eb7316a17eafdd7b87ee85d812a740041c8ff6057a462ea51bd07df0a0b0374f5b4ff65ba48587cb83d20010e67f36106e99a5b733b8627d541ddc084ad0374432ac165b4e81c8601e7c180850e54d8db89c092d356dd617439f36d65422a45d116914390320eb1ed0736e47afd5131b7422234a36c5efc5fd578fd6674176a7ac0f73b63a3f5188aa9a7773a27f50e103c2faf3e0488acd1265055999bab1150ebf49bf03728bce3ceb49307e2af7bd5f9ac307a8d249f55514325a6ab58fd2daa5194b07fab933db72806ff4159075e140d89fc3e5d6b684be014b5f0ea1c857a97196f184755c637c4f3b8bdeac41fe1bb892b86047e88facc04e2d88532b6f584f4ab378a -AD: 3dc7d6102a17877db95465015e3122681258437f11d14b83f1159a52486b4c3bc6037ed33de9e856d3c89fc5838aee587c606cc0dbed9a58faad042d51042e086545fd9639b18650bd531065684076cd188f11508d48e2a7ee585e8c8e9061970a2d381374e0bb5ccfc8972a01d9587872ff0c925315d10ccd8b9cc6b1450c5400cee4e2edf25ad952f31da22c7f241f97d966bf491ff2b8f889dc798a24e184c64290656711a826290917db99e2c2bc679c92d309a1856867d9428ca2fe5ed2a3d0476810cca53b18526de0e88508a67c67 -CT: d5c7b4282f37776c03c6efe2af410b10caef49943001460800fdb6408f3c7a9f7f32d8db36dcdd0694170975536447d84c56f84c966c28decdd607237bc7ddb15176ca20be0993f309d2749db68666b2efbeb4c68cb3982a68f67114c0dab61eb9d4cf4c23f1847fc36bd561b0469ace73c80b0347af5e88f051ec6cb19ff8335dc56cd3bc6cc81893c9234457c0d8189cf1234a6c8a262926402eef262c4c5149fb68053480ab2b1512a91d50c48dabe637aa410d6a164dbe4f8c1e1c0efce8687dc858386c92ed7fd8b8692d67ddf453558d28998ca1b57a6c178f12f4b64479b3367e8dfe53f809fa7baaf8d1efbe3c9e2d83b0377cffd8d8dc172a1eb260762c873af724248011d9e0cef6971ec12e81d70aec923664ff7f7cda9d60b3464ab14488b243930845e38e93a8683787641b85476816dc73d17a593b68935e4cf71d81ed7dcc9202db65e235dd69c1f2ad4fde4d566970923a24bdee799258a3198ff2e126870252584a1949439b7e32318af204ba164f9f3488a669800703f988fe56ea6b0b2cf662c43e103e2e63b377a85fd8024d3b40ff47f30fd3dd6a0e07e751d07d5b0e4afea2 -TAG: ab140e2a4dfe81a064944610e0cda2cb - -KEY: 97b507a2e09cbf5c31f7be6dffc78d88 -NONCE: 3f607f0ec3ddbaaae6b087e8 -IN: 731cebc792dc840ba136374a9b654b5d61735d2d85a70646be9c470918201b9c8f756e971cfc12e0a93acf386809f769ed64a19f47f266f3504d47725672b2aafa611456987fd1db71d16a4d1289ad442f0877da4f192d814f9302a1207a8e8e48ed90f6b5434b35d47dac6a0446156781ca1fa41f7bb772d1eee48919b4e8371cf49fbf452187245a16b51daf82e35b77e80869eb84ee9ecd90312dd3e6e6023ebec1a21b4279bdf21402969101cd1dfefd0a730d3341571bdcfd36abc675744f96bc7445f77f90f261b1ae207f93d17828d39eafae394ecc2e65bca79562a706c279bcc6d038edb9d7a344ab1a5021f9a597b223d7a1a99e1268dceab20c23e0208b9a898e99d83b2e788c1b7faaff2aa6145f8918f53cba3168db274d65f2e419fc233927599f7ad96890bc1cd4f983276b126f7d10b894a67237c7b67e8d633d62b39d788cc43b2f8a05d87e656ba86feaa3a729b0be2abec99bb40d177900f20b559c4e0ae2034409bc9b86c54644cab932e997fe0554e7eaef7b247aa00f9e1ec07aa9af3a86470075324d02c32425309bbcf5462aa20caa950ec9653939b043c2e94f0ede1b91df0068fdc903431008fe16670d77b08988 -AD: 0c962e558fa573b2052d3106dafe00e3acca3df673fa559f950bdf9972e20b9612b5c4c96d50997261be7f2fa978b793d5b61e74b82541c8c02305431a6b7495f948622075b5d18992d976737e1f6f38aadf90bfb46f7bb9a7871620218564360729844329f4cd2f0c77bbbf17661529f88c80d1e000eafdbb937411cbd4295ae697baaa6c9a31206c5711bcf31f2dcb50cddb4619d48388a57475df684f4a00d432560540ea4d4d337ce0284467851e86447b1f04246fb2167625a0b3cc16873841d23551653aa1678ba76689664e16c7354c87d5fb7d40287894 -CT: ff28b33337262980b3adc761b8713f01770dabbc1f458516c721c6a19317ed1f1d6520fa7b2859cc577fd92fa3525273f4a87c99575940e941914ed586e7aa5637c4fd2d98e7d198b52924619dd68a214389cd486fbf006ed9c72e6066d92d2278abf1fbf4b4ea1f3d945bb1653eb3c217d7201d5aa40d34c8488532d9818b06e4c0e97c4cca7c9e2ef19ab5a397db27d4465f41585ab60342a3102837cf43c95db008f0689ae7a7970c2ce9fd685e2811393931a4d169701068b6575b47e88bbfba48281ad4b297fc3b265c0590be6b0208f6a27594b0454e55893c68203233b60d08e25fa66d63e76a869a4b84d153c81f1faf46f9a3130f7ba4718a75366af23e4377d60901b960a4926b850f4d4052d6ef1a5c54ffb388acbabecf069a5841a76cf15ced838239a8392149ab2d904b482bc661b3cbf4c74b711778cd61bc38499120b87f0f45f8a5aad51c84595b991d7fe37582b1ff963063770cd0ec9d98d78ef323c8bc939cf3b6035a5e1f5d54cf9af44d49f9cb01b7d1e91c2e0da110a33e372b07402605ae81bb4ef5505ef51b3dc23ef5e48f3f16711d2d72bea5ac90e85a37c97ba2d1a4f5117a616b3865d97a65a08265ea0c8fbf -TAG: fd76a9ef5ce12640f3e782a40c6d0fa4 - -KEY: f46e56f5394bacb222b30fcb3f5d5547 -NONCE: 6fc37c122d6865751212d4f5 -IN: 7651092066aa20eb70114f269b08e4ece1b804fa3f2c5e4b94981d41b3503fd127fb21c1ba24cb871dc6f19c2a674561900f73e292f618e1b3a285ec79bc7784e3481cfe36e1117fc620aabeb088585aef6632a7228a5f901c62f248b9ae12c7a6e7e5052d9739bfe303758989af254b78d5a42c74b13def0516611a1c0323e18070147f67cf0613cb22d83dc29c176b6823166c35202c46e85484640221fea9441b1e9f4ddfa4c0a2f4b2599c6fc73856e3c18a5905f85dc919883f3fe9dbbffc50e89e8b71b9a36c74290718e0b89aef1ec21fae49d280d3776d3ef79368634716cafc8f2eefb3f449c438c14deebb705a42e85274cecd11932c9a84f0dee48e8a2175b57820c1042adcfc42ac9a39341af5ff6edab2d25eba8f0219d3737bd4e7ebcfb3883877130c85e5be6a7b87cdaf4d37075eb2f0bd0d1a61567a362e8f66302e56668590b49b5c76eef962d1c310f8bbfdf8f57f3f82b9b2f72ef49cf487a4e8618476db71c6e0813e908126f9958ed5453067c6797eadb432d07de49dc2e50a266eaf6174cd1b18ab707a53dd47b564518b7bda452bc451a25ad2aaed6f2e7a3509f704954bff2b50f5cabd420148967ff830b0c4804ad5081b42f842276c6addae1c3199da8877 -AD: 8d920a6c79114e667faf28fce2f7924c4288399e5b4968c711f03d721e885fea0668574ae965e9996aab6b30b6eac785cdebc45a305b806ea90663927b8dbe8116292ddcc56938c0b1b1639e8068db1e4cfd101af5478dd63fe0209125ce92e3f7f7fa43dffecc07ae1621f32af975dcbe3f34f1dc75c75fcbc4c23ee8b8900c2719f4a9f50e57b1f9a9d9172fc746112f12b17b85b0371d0472d3c193c37e837d8201fe7d3ce588ab7e27e8457c34d399edfe3af2142a2baae6c6ec74863f6415ce30b17c17599860bf9a59be41a6011104b9cd0b8241ca52d1f7910cd3a3ae8693e47f -CT: 4877203ae9162588de263a70fd978343e6e2c7efc107064c1a314e210e01633eab9cc234a86f0815e515eb2148fe67023dc7c67616a575c0c1adff2ca1bd7867ca351963728cbcb6a41b5928e83b6ad97e458773e543138f87698c86e6a84725cc6330e3550d40dd3103d0aca5139b2e7f7f7060e34c383280a9276aa44d915460cb664d132056955b2df063a03fe4f844122bc02455ff1558377d8c15419e34417e3c0d5d69b69943027fe32384cd53e121f885293f17cb3f2637261f3c9bf6321406f3f4e59dcd37972e3073573aa5d9f78e021d07b7036405f193c65a2f8d47f9a2193623d403706364f514b1beda6930925c1afa9f294ae625673e41647a94830dbfc45a4d9029d5e028e8997d9f251aa7da65b48e1abe8bca5453482aa6d1dc1168bf4a6ab5644d623ba15dbf10b0f46536b35e30fcc5086184d0eda2af5016f370c9931f1634331458c51b575553686b511f073a2650a1ae9cd2a64d8ccb14194a659bd533e91cac42690d661c5038d0182cd8e52bc751662508d2253460fcfcc4428ba7a55f1db80bc11af7576e6b9ac2a35929bed35ca82fe497a65c24d04c96e6d9fb3bd66fb54f01483b766b614a97e370ff406713d4b811e1327fa52692355e1d307fd2ac67a4 -TAG: e7208823f0abf2571f81c015eac317d9 - -KEY: 4675ade296a8c507fba35f62c82d9230 -NONCE: 51fa718d52a0279ba9971490 -IN: 32b3a91b1dae9cddd5a89400de90ffad1e1a126c41459c512c261f089787fcc18c4583abd4c9e8b7844389db3d13e8bd5fdb68bd76c3878344241eca6916049795716b257636f1d25230db71bb10725fe4b9217d5643ea14754a69739cb62c7e99c5157bfb8c153cd754a2ed10bbd574c718b8dad2a556793e00d8d5a59bdd486e768f2e61ea822822532f8b4d77b3446eff2cdfb7d88d37b3e7ab0686679e02497abc04ef7a240d456bf999cff4268bfa6e366831559de7775ed6a6d4f02d489d4c305f25cd96f2239f2725961d5cd823d72dea41a1c1f1611fbab63d339a8dd47a3a31b7790a605d3bbddfdfb66ca6277a9a3e4036e8662d6560d05a7ee8a674e33d6433aed82fa26e5a1f5a2f47c28092ced2d182eabb9962aa8b10a567ec3705be6889e1415713b9ef08731393cee91370cb1d3bcbadf5710eb841d37992a7aa3573facad94e806d0019194b2cf9c41db281f6ea462e2ab7364b8660b956e145a13b77962c3191b2e46ab764392910cb7410d740aec3ff2ab8b643ae7e65d34f895189bb41902fbf2c5476301600932728008ce33380845f22b7db3a7b9accc8cf0793bf6ba37d405a6bcc8cc622f1cb205cd0b6e7fcbf3a6eb1d3bf2fb91e98593959077e8bb76adecdee2fcb008cfc335d5465e4e10e9cedaa39 -AD: db35fdd7b9533c5b8f2e5bdb427d8bf42c5b83cc11d2ac5ac96f6cf95090c5f439bc5d4828238a86c5d444ba0aad7b6c5917f673010f0717007a77064bc4d29dca0ae96b381cc89d04d5731a0f985a1e8071a0fff733889d0f2475ae9277b0ac5f7b68a0533f16f904ca15969cb24c24faf7a155ad51917187c5ec8cfc95352481f0e9002eee9467035b3d618b7f6cf9faae1de33af239e6ed4038706b735431195f355a27d1e7098ddd1f34fbb0bd3449b8c7a069b486984d09d50a90a099934eecec7372fc137b5274afe57bc0cd6f49b1e17638fdc8602d31fa975c4f0223349d40a86c36fcbf43124a4726 -CT: e1e44ceef4e08b85ca5fddf58c4d6eeb9785e0ed50be7856e74dc1cfcfcfe92f0e59a4fa62db0ca641b0be4da12a70fb443ffc46c8f5f28ce467cb484a7a302dde2d459da83d8ca6707fb0c6eda6312e37c095276f9e65b44fc9a0ed7546e0224d639a7ae396403b0db8be55276fbc380181cfb32c357e99a4ce0c33e464d1feab4a409651752a05f2dacaf85125005b92a195628bd314205b8d2aa1aba19d32c789d91e565944478e90cd1d4e10c475b79ee5e7f7aa22456773febc5d0684ee0a26ab27cd391fbfa1168ad28f46b114d31c7a3794cc216626eb41655990ecdd93f97a7594330a78426da7f2e8aa21871a1207f769dad7db7dd794382a0f50dd8dc76ec3245576b99a32314d3b6a4046a56fbe178fc4cdf8bf39c86a6ef320f4cc63e5abb6ac53f6b336fff96a22dbe2e836c3ea9f4b39ed58d01d45937c8b5af0df6a44bb78bdd59c1f1ac6643fc710e27a4fcfca031b6435ec2850289605e29db5911cd2b930a4fc28bce98b30cb2b6b9504ebd561e65efa52759e64b435b99ad26b7653c6bdd21c964d20c5761bc3eac9e2986cee13068c627721a90862fe387382af2895efde343e3c9f13a3ed019a144533af765424c7c80795cb30ec132e7aeb9a0c0c75f2b885a4024325a491eabbd30f81592377e040cb9034 -TAG: 5100a3a60ed7d5837ed8adaf78c625b3 - -KEY: e198729362ba96f79d5e0d89fc404b38 -NONCE: 36737445756c6060d9e95d16 -IN: 38a030ee5fd954f5a9cc662014ce7420fcddd9f2ab800823246ad30ff0d0f7789fe11807703a731675ceaa31b5835ae039fc0d111f5725ce4df0b9a075a8bd1c1112f90bd64c668d1d9e794228aaec7c17dc664ac88668cd06ef9c425f2815891ee4b737b18b138001eb6c353bd5fb7ec26b2d26a12ad2fa707adafd884be4251bfcf5e5e8f3979e46d90a57107e7e4d04c658f6224d1a288bdafe8e34df1541c702f29a1db2af2279380d49109f17abc4161a6052f4ef0f6657c7322eee44f4cae949dbca447cbbceb9f10c5be6de1d8886766794a3eddd736ac7acd3bb87cf11e88f246fcec505f595902d1121f68557657f81340261684fde901c079dd73f7c9e1d4bdf90613e7790f334884b668ee04c29750d2baa21ba94f2407a512dbd8450ad4dfc0de22dcbb291045e0fe43fde0cf1396cd3bb959f2dcc1f7ea681d0e7cbcc73e7fffdea35f6dbde8ba0079ad97c8767bf76aa008864375aa0b02b89d8bf2ce7aecb2403648e6069e209f7283f1cc180c166786d02d984afdc4f8eb9479522362fce0633996c758d99049b25c89a79f7257627e2a9557363a290a0a3673407a298ac1cc034793cb7ff44833c569780bb8be9e937a3a758f1c570ec1c4865efe85940c08a09430a9fd36376e28e127f81789e8a605405de9c452cf8c7131cbe37597c9a73eb47abcd2aec -AD: 1b2a8522f154e672ae25f8494ff35d2573b343213a2fbb07a417d8a60510e7eb1ac5ecf229429f330809c84b0c1ac8f7e28c7f7414db905be8f5fdb5a2f818ba8440b8c9c20f8951b8e9b75eccee79b096ab09f4ec99ec394c7295b30d29060790d3dfc17d1321b8288f3be38b17901a48470784d00c5b53f895fecd4053de78d074fffc16c302a4f2718327bd96445318ad247c99c0ad4d06405b6509ba8f6bf47755f0b297c4616790b25edbac2fddc89b8d509d6955cdf66d30f2bdccac6f856a3206c53c550a9970ec450097ae4cb6f5606e64c750042060c477203479aa4da10edd4d28ad3df96d613194646abde78eee871638 -CT: 500fd0ba2adea1fc2ced2dce635c5296edc590f961c26c6fe285f4ad84f6e85719ea6bbefff398991c03a423931ff493ea47f97a8aafcb1ec7a34101ee8a378dac29f027c312306f74b6f92a6eabc829c3117ff77b6859e67b37d05d48b2c12bd30251d32ef30ddaa17894373063e2a593ad5139fba87d38a045e2e4e0470dd4c5555ffe6fc70e564502be523737bcd392d0c41e70a594b29f949838f9bfdb6e87fba327c430b75164555d7a01d7bccc33f2736864a2200e4b2c4d7b7192cd22f7549a9dc3ddda269d78a4d98a344cec44508bd930a14edffafbd1f25cfab8a29b75d07d705c3291de774af867e2e595ca8fa2bfb9fb3cf2511552f1c872fcc8b0878c4eec0fd079c7b17bcac2931181897ad50c03880102109a42c34c70d64ae942c73693f85a6d1230a734fb35f70c02c93813700e21b2abc304631ea9d5392c67864eeb47948b7e377bb51e3a5070524aa0abcbe0a624038f6e1b3c062b7661e1471d6cc3dd18143d6237c0e32e80791d39becf94974bd765bcf6bc5a3d764584b025317f64a67d13234399e8e9d10dfee9a77ba887cce119e09c812661b487561acbc718bd200ef97f76a4664fffe64b367bc36f7d03930f020e0b1db0d8d36103da1dc8dc6e0df00b2276d25c8312222c13d8a070b108a1b3a83247d41940681c59e08243a12c623c2f2d2a -TAG: 7c3eba9d36b26d27a7a0325d8c23923b - -KEY: 2167ee6f77730766fe8b4ca6c8f02708 -NONCE: 96bcf14cca5d7c2184dc6eef -IN: 47bf9fffa3f4815f8fd7838c0fec7e9c08bca51970460bc013145f2d651bac1cbceda192014a5f27c991ed3e7127903fd49a5b3a4dea1194ccc10eb62f911586314ada3aab0f8a5d53c90560da3681bd9157892ffb1a381ed33afe203e3c09748487a0b71b8703f6e5f84d9195db08e4c4338343fb8e968d9f5a5b1606b6b20fe60cec3b54b49ef7bfc81bdbb2926ccc79697d916c3b622871dfe9344699c509f9b2775abc12c486e71a008cd525d8610f51948f75bf96bb94c59c98f2e9f35e8513e43898754f7338d7fffb87e538fe6512832e5c2b08cfe952985fac27b0e81a4edf9fe8b9f2eb79758a99fed7907343e6be072bc93fbfb5a539142a18af4e4710283deeeba4e0c1c1cdde7e886e7d04f817a5efbe89d12cabb34153856af1cc98c4df21cbc1da3e34f0ab74842a8757a189336487d3ec77f842b10e2efe3e1e232fc1dc89d16dec865cf6e9f422e7b9d7a4e421d79657eafec5451e04174b3372340d6fa8cbd23fc0215e9b6d70a9781ff3b8ae049bd31a363d3fd465f235ce463f720e4bca114d21d3dc407a66f28df01549d168544478404256715161cacaf06d955f525546d384a44ee0570d8c70319bd33aa07b5ce0a891c467957d5ca4d2523d9958a8b4b3e5d3b0dbd1f6a1df3acd38888d8383ca76d177685ea6d2d65bd717203ccf794d613b2f4d50894cb12754bc95fc19c449bfc10443c5c1 -AD: 6388d98f7a8343cc89faa48882e8a60f83e817f17f68eb338289e2deeacc6bb5ab6d25635b9e0d29fa87ab97e5f29ecc47641e5a4e0d5f11d04bb25c7dcf21e7a93de1880ad022c838b5c957616764bcd2a66f1098ae4926a93e1726384171cbd9503e03b72c77a2721003d3b391f2aadcb32bd62e492528ea3ef5e85761cec47b846d32988468391db2f23fbfeee39cd89a45e71e4d4b29c6fdd8abd1399faef491211e902b0a99b451c58211c56b1a63dc2e8a57e6efab94ca95818a78fdbdb533f286b83725980b9bbac766d3b3ebfde01532e7ab1414eb6d52ad3b1908cf58ba67449cff1d605708d5fe6b21c769f99874249d98ecbb3c62956ebf6f47 -CT: 73c6a7d5e4fe14e991680acff32d660639e46cd0ec231ad155750e53d6597bec3070f5e828e420cc2044d5bdaea5acfb48cba1e9dc52258fcc5e937861e9a970cbd04f10fec4bebd6d8cf81a8925e5ae48d8024f7c62e35aa370994760c827a534e0a309655b3085a2ed8619dd0dfe0560c7dd5e175fc5a5971cdd50aeffa073e206d81d1932f350d9b3f40d4eb6929bf7957d25b1b12d6eeade7aae4b7277b6a1896aa0983ad5a5e5cb5e8e86b1eff15ed0b48149872ee4439acfc6fd6381f3d9527f1d1a1452927beaa3e3ff188681408041aea39f28bea779ac28b83a4eaff7406b08df2e60d66121c853800e56b3659329503bc122e6c47c1e1dab53986b2058685409c4a81b057fb6655de0f84ca770ed5600db097efbadc14f07d80cb892ef3ab12ff72e9d60718dfab82625a79168ac262b4069c0ff14bc5ea3baaa4c0559ef23f2535ab273e3bee0b2d1b4049f20e708fac2430af82a1a5d148164c19a956a3db8e44c8fc7c51af9458c066719884f0a192464c668d37372d5ffa4e2a4eff429cd57eff1b374d501e06b9d3cbf8480642bbd141b208ead6fe46d436507099ce460000aa033528a8d813f3cda11c8c03b427228c5b24b1f0fd15f704d7958aebc580bd5d3034667853a67fa51eef18d102d65507047b12a939f8a2cac8bedc027db855f89ffdad34bc726f6c6641e3c8ac8041003f65cce96cac54d -TAG: d93bb140c5ad0362ef819fe04daf051f - -KEY: 1b63e84a8114f73f918aba186239947b -NONCE: bbe2973181d9b48e801e3a55 -IN: 97b01d166bd2ec933b48bb7376ef131fb792f2a26edd267a713570c1dcac5a223646f6b52b0774ce323efe526b12f1ae59ec70bf6ff62f857374299cf4ae182015cc0cc2545b68d483689c82f4356dd8a06cae383848cbe75f08c5deb198c7effb10973b21fcb72cd53f6baeea5e23b7bf4508825111ab94535ed5ab9b51266d6eee98faf47b6a3acfee64c4a6598baacf1831a0549105d47b72434f498d54ca59041f07d22f3d6b177fe53b5bd874548daff7acab799c3253435551d963110d49fe1d2212b7e17df5b98a0884d9b7153253ebb73c0fe44485d78821a07b5e69bd446eae170e8aa718709f258a2a2476886757fc36fda2cd5230288b9a47d4a94b96c8cce880d1d06466aa1b331c0b893504fb8d6047b82549bfe807401d795d784584d608e419a7be990bf099694c788f11c29cb9655057ff12b4ee4b579bf7a52a36e9be42f06fd3ea2a8774cf70c946407db105cc88bd95f5b1f347bb8b4467e08058153edc70fe78bc8fc06f462ba5b16c5a56ce8a357700b43ce1fc8210c17af00f0ac8a19f8a73fb47815113c960138b2238031a74b610a1c45e3769155f6cdb7749d801b8f90ab5cd658f8f28443de9bd2e92098ad7915a6c68342255cc5f1abd5bba34316a297246dd2bc0f3975bf0037c3d17ceb9d9c9262b0797a6b5a90c72d4af4e662935bc7de08739ed8340397b78f0f7dd4f96a2fe50579a1e -AD: 7754de0ce06145d6b247742ab582584c3b9c868cb0311b02273fe15f7a87403140b7b3bb49342cf26a5e68226a2927457c0f6b06f429c6cf5746b91ce5220e3b20cfca713664f5ec98b972fc3bb098f52c973a917f3b68dffe955a4fc670fa9c2ce686ceda47e060b291fc5a39fafc9489d18c3c3c08e580e492e35f058682e75e06c4141c38fd94b23eaf1048557c668f26da84f08718d850d65f8ab7a4e94c66fca8bf5ca345e8a966dff970fefbbcb88f3cc6b791ac03cad7708492675a2b4c54198b3f5f8906f3bcf2a56ba04666698c820309745aac83b45fa89e794d56a16fb3d00c923632c1d68fce42296729aba6ca2fdb2155a8000baf146e461c9c -CT: c1e60f8dbda68c60024730deae746fe9fdcbfb9a3c1f26301a87a3c6bea9f8807ae294b62cb48ebacb01943818bbec06f1c842a3d42aed5a75c8103e07180d76f7e17377afdc4ed56905522be60c9dc5eabd5bd8b9a720b661f631dc214ec1a387016f57085ee3472df5a0d0366210aabfdb1ce23ed9480f8f1eead8780e33af36f9a49b8050749507a8b34b0695606b2cb78788c3da4ef316ecbf9500c257e8acfd36bf600a7ec4f8d2c690db5af0809c5799dc7b7788199601573d8d1a91a7c08cd4bee88885d73998c554ce520fdfe4153af13bcaa485477bcb5f55fffa54a4c71c5e61e1c3551ff7fa39cacafffc5cb00608be2b2d803bdfe43bfc256a7c04f536f4a9c383e6b4a3a0695d7e386f6ca8c8a35a77fc9b1d14e202bab53bfe6bd1d1efe3a4715bd150369403b6696374b4498186fed144f5a6edb9e3a863cdb4de5a6a404a0fc3702192cacfb36538e832b4aebba8c3726224f781c51c1529722d905286a1e01a9bebc54001980acfb9922d91122c9b125d4f6376599f0280651fe9efefad310e97fb06670f4b42df4b3ab1a078df2bf9b880fb91b292984416b70809c09e001e30d285a027f9b370e0764715187b797cb4965e7639a9bbaf915456cc4cc45505853ddfc54a38dc46743adf92afe7f37b174f0108468d772fb2b7ea00e8276663f6c29d3d83f3bf47ed8b1cc86bbe8639a564d936a3b065c4 -TAG: 0a6307fd5192f65b8786f7bef96c17b4 - -KEY: c1ead957027a7303f01622d129eeb876 -NONCE: 04daa5b792d6d2cc4ba08cab -IN: 47c3a0209195dc19edd01f1a4b54fbeec73c422b1c06558f3d70a2f96651db1e0364b7aab14d496a81b169e244f0f0657254faea172e9409bee2934fc622a7b2079f8368f53313790e1c06144f7f140468266fd6269b4f442a06606bdc9097d4547665f7fa192f67f0a14ff3a9f04092386d705a0a7d3a566b7c2e2b6ec9b6e6caa258ed2bef1ea747c6c80c0b494a5fc66906f5bec5da4aa884d38a6dc74af82aa94083106f6b8e182b529f94f4c389d6730b313ee8e656637ac064fed06561ea32b4dd3a3a128f3458c6e9b500cf3e578011e6b1ece6ed3fbd896119511f89db1e1719ca22a30b779c26803b278dadb4446fe28b5f96d3c91d0280dfb3976508eda8e803de1205ef65b3f7e4a41005165c5f3267b60a679095c25deb7c229ae7631c9df61ed198a9e7d9f6267bf288ecb88ab82dc3f210867490cf9c248828c73db475a757979894c16382fa1a9e5a06c081fec99aba123f6ebda65e07378026986b97a75e0f3bb74cc26f4b813d73c4c7fbdbfd5fdc4903a51d3064783309e497d14db09564a75551adc83197a30e3584a258722dc95fc187964f3207579f5d0caaa98d9dbd547cf2b854c4e820ee2fb4c4a1c83ef814e6bc48ad7cef6efb11b7dfdd41de49f1ba2317849f153115457b6dd839b6b5c84e8bd11419c553d51cb00bfc28e7c82718db654b4f8cc7f37b4ba96d09513c60bebaa087fefe7934112ead9e90d8599e184692ce235fbf5327 -AD: dacc20b8d41590570fd882012b1207ef4f33e3526fa3c64c4cb725091dd621bd6f2ce69c29ca39aaf172f05400ddc7af2af0fdab161af935409e3d5b9a8fb915a4ff8b7c0d4baf8f0a103be99ee7d21eed37e258bf79e18a81cd42fef0dfa465e04cb70fd8165f16203e8ed49bc2c3e88476aec77b466debaa6d888cf8cf013e8672d781fc5a8bbcddadf023d7208ed5f6f0ee2e3418158b653431fef54f821f38a69202897126f9a24a5793cb38fe5e8b3f77034e080dd8e4acc7fd22a12ab64a47f98f588e756fe691ab4c7f4557dd9b77e28f997d687a068925d18fab49f3acc072b33fb4d8c7a60f9a639b4b1d785c062e5d386261ff9e7066ed81cebf6f483466c0747dc22126 -CT: 1f2614433c137c7579ff19ed5be8e7897eca62f05797266174d4edb5fa4a22c11466b17d97d961564dbf9d1c45d9b6568d330761b9bc04dfdd31da08d3ddd4e5efd3924f53128ed541a6aab87912af60615da6dfc925b67b1aa3f1d285e25514f502eb5e92c7521da3492043fb06172ca74796b811ca42b349e337615f898233944644d229d05f133e35f879471a04efc3321094716c10b6f81ac7d0604096f287655362439e47641307ef49338a70bc87402b1c5ebd931300be51980ae8dec0345beefc59bd250bc53d39b7eed62f93087f3ba83b29ab094ab8d3143b63e905d209150c544e433d5ce41f00b65e0a976f5138db6ba5193245056734c7209ffb256a2f1ac9840f1bbe2e82c04120f591da86e253acf25b3876ab9e6f434489c43f606f264d1672cfd8a43282b41c34357497aa4f3a8c318f93694b4a04f1a0773ed064d4f426350dc7bdf4a59be0fd4154097c09841ec0df9c0e8f2dd31abd8513925d5d3da72624567a609975a815e9ba51df408bee244b4619f8ce981a6be726da484513cac67c2a4f597f6ac8ab0e96d86394cfcb5b6ccf2440a53a7181788a3de730c2e84e64a4131d0e02b8db2ec11f2af61218ce1255310756d98a0d594f09bd1440adea74720ff2745db30741e8f4f7bae0701443f55a078ee3c3bb63411fac0d7c7c0d0cb05ea56f40cf4137de20d9c5224fd4e6c4c6e8a5868116dc850ab713b001713d13e6ae5098c379b72e -TAG: f1271cba346522f88ce93726cfde016f - -KEY: 2a7e7959ff156f3e69dcf4c3db8ccc25 -NONCE: 6d666d3700475874d600d6e7 -IN: f69a2d094c9c55669bb4b1f72583d23aeea9b858372c61516fb3f096736cccc3ecd74b98606a404a5a6195fe0899916c463092a749274e91831ef63b254a4c70b737bd8bc070b805ee42e5714b07dd4fa39da758de787340c0109e55ff4aaa19b05eb8e2b2ce171e4f9854d6aa56536b35359a7163557056ccca870012954737810bcc6ba226f6f38b774da0edd4c3e2d64ba4d6415d6528d7227a5a0ab222092c7035a8fabd3897bf9f59eca8692373b676b817d57f83aeb4f866c553b2ae1def7d7760cd152d18d43178b351ab4e23272bf157ec2832fd92b4d4e9085cf51da487779d82011745d0982ddc348613d55143bfecafa431a4b7cca9db82856c297682e62ecd1794a6ffe02a9e9b69814a6cebe50418e9bfc9e494b04afb9c0d6db479a8bf1c5d88be4c6b81246d8f4ecde7e3d4c6aa777277f705ef81962ff56d8174255519c00ccca0098e9370b675f736c86816dab838d7887b1d9bd638613a07b7122a9d55b4a7cedddda3b2337d3ec7bd20e499daa467c04a9d52ca1a02d119a62c6dade203a0bba45d3f9366e3f59a4abcaa62b6c08255d60798b9b0bd6205f2e24253dc75e8aedcc1bb3a525548479fa5363bc8176075ab004e7e73d0ac5f5e8717d3389f3287eea904f91fe63b5cd860091a42a101c1a1e6b13b31e2a7382f718dde735feba88ecb1ab41d042c4ce0106fc78b2397eeab842a8e0e5eb83b31d212501f265508ce73dddb94729433f2388d1925992f4cc6ce78d9be734466b6 -AD: 6d3a702bcf31e90cd2ff6a350a94689aad4381aa79708817b7e8110cb9a8fc8cfb42a277210526da057e93d32c609be4efb1fa4254c1cba3cb3c2bcb5dcd23d1acfe671c4fbc2b632dcb8ebaa952d7f6ee68e52a59d4933e27a54363c24f4cdb4c4f7ad2cb7c666f9afb811c06df7bfdc93f25edabc314a9a1118c2e0a7cfd219c10a28b5de83dfc3114dda3fd31a3256fc3c915714f1b7e83c6e66273b28944f7e9668de94b8e2536701ead59f9f7f7043070ffad0ff6fddea1d9f92a7af2ce3fb8d130203d0e9550d29785063562c59fe2a699172f32126f6176e9313376203cc1ed15812dce9e304582533a212b3eaf209ea16c8f83db448686c0fcdf5dcfd957fface636fc31ecf5be0072e19e93250e -CT: bce5fbc1719b18299c54d224c2a0212cc904f9f58e7c0d8bbf1b09df0c2c08347cb36f2c8d145b5ebc4896a398b6aeeb2db0ba5aa3df6624a64bce91db2ce843a7549714a20404e869497e593990a1a6e62edaa9827288464bd7b37d2d2f8ecb6d67137f2113982d4ea3c23cb0f4609f04bfd73efddd2e4f05c4561fdd3615d82ccef83c940d39f4f7d548cac2ed181e4a60d1f280e25ef8b617796580069ab2fe8caa3ae4e3722eae649e390d9375b6f1b153e6c542a84eb70241e2272f2530940fa3e0df70528ba07747866fe51c3f844c050cc110cbba10d1f8d3321958e1e833c3f4543d4f8b3d20c8fbb7eb1fec4de7e99464c52d97e7bae8608419f1920c27ea0f479bcbbc61cd5cea10971ae2aac0a73daf4e90c47a023d620c2cb246d5e35908535bb5a0fcad54250a29fe53c1a0090794091fb5b3704c6ed52c8fef11271836250f39d8fd9ac5977cc91175e285192f07fd163d62216fd5530da9a048ea458c47efce109723029992b155809eb73a34b8bd24fa647b006a17e1e315b8a6fcb0e5af6871b4bc6f5d690b3edd10fdcc5391648a64d05f3355bc2a13cbb74d1892eafaad1611c23ff96e7e80f0df0819999977f9a2097617cfd13e8fbef089bedb532b331146d793d224d8f12bf8fa63b3b3d9fa8414d63a7618ce7a4f9c52d8c1b2ccd019e4510dbb3bf71f14c2e13452dc7cf859d18f54d6edad075c37a6ed2f05ce6dfa48421670b757d6a138813503a6ea964707560658861a5b95330e -TAG: 85713c984bb8b5acea392525719dc9c1 - -KEY: 5de639113d920e239a0d1581e179f9e9 -NONCE: 0b5bc077c27b08427f0ec327 -IN: 545c1a235b88be7e8451a5bf405d0dd66664a3bd284f74e4393f969380bb63010081457effe00a972bc6e4895ff82dd4a50e302261734da0efd66b0db1dee74601aa414cd9e2a4c149956bfd63fe0fd1f63f3dabbb6aaa2c651405e36286d00bd0a3c9bcdb8932c6e01300f453ec1ec28724b8934d26c1405f311b67fb8e97ee14624e2d6837bdd38a491a019592526095ca9169b4657d65486470ec12dbc793a42df7d7d9cae29135bbc499425775996633ea60ca5c6711e3aafdbef89ff1bc41d20550c219c82a8841ebbb8e152fdcc55dd689c7768a97720e23a7f9a80b173e679c0e2986e4dc00970fad5f8706a674bfc71901952b7b02189e95dc7207902abc673d09046fe2326168dd702a76328ca26fc1abffef071f58f968c165700845a997a2013b71c5d83cf6b6ed8d76a1b6d1417d22fe63691e88d3774ddf4ee205f352b765dce99ca0a996d33f95f853ba54f2f9ac3e6d1c068567695d06ee8f3c9865f034dc4b397a15cda23a872a075257c10ad8e2c6d3017ca9183ac2d8b80068a88ffa995045b96df11faeaceb7b41ad716122f08cdf72f9d4970e5315a8bdbe6e93316fb0dd8d1b805ea4861e99cf67a5c8cd3d24eeff142cae3c53eae387b4f51a45bbd808b7ca1c3b69042c33c8a4dfc93246e07dd93bd12c40dc532f3738084e47d38983f6b529e3f61ab8b17e0b588da524d0ca67092112be6868d5ae35102478ebd35213e7b545c859effd6a8240e0428bd480abeda17764af5b6ed4902977f21fd06e53061ed8b5bf49ea381cc5 -AD: 846f6eb4aa086447f4a7e5e8eef4997366a2f8f827238ed0cb5b691154f345b4586e1911469c0c81df93859ff0a39ffaf4930bd39aad2bdeed92d4580523e5244640b9e6d3609b022e4b4d0c631669e00571f8d602938eca0b3bf874c0706966e3d07902e392a6721b7dc57028b0bae7d93c40c803a03968b2142965ff03f92d6e729a0e079a9dde3bb30c9c10ce6a5627bb476cf1f879a51104f3ea6d0599bb288d2ba5e0103352372db8ad379cb629c82d212c1d1c6543a8070fb01f61f509c597e92a05f83ed49f2a1c1b3ecc64ad0a7d5884320f481dee5211716fc1c6ef96f34926cb5ea86eae04e934c6c0214eca8369928f2b0bc93c0865cc4e165f2eb1c381642560ade7956e5d69381537b796a11786e8f20d264f0dab -CT: 04c79662edd08ad017cd48a6dc415f564a67d3d9eb48f1c7910074e6c3ae2d253a5acfa661377ec6ca3ba6693e77f2c97a9484bfbbc3bd261fdd25512a9c1e0d2058b0cd365fdab9c14f602945e142025009f87c13dd1dda03b0c49f76cbc3a93d928eee67627efcd146ab2fbc19d26955a646201800366fb17efa420b7c148399b262164c598cf1b011308989b7dcb699110338649603b58af4cdb5e7c2a306164d7e588fe115b4751ba0a83cf849c869b0155b3f934ebe5382e46db1d2d977769caa63dcbbee9f33568261c6c89856f75d597973d3b2a48508f2773d19252e04350b3c88a6696c3af860f9dc7cfc35e6e96279c92591c09dee7c23c02078e3a51af668ece6c870b7f0f65f6b0f38018be91876011b616fc5630d12ce936b6ab725b808108a472ffe55a5ddce340e5de8a279974c39c64a7f5986ec1e48116bec1b6d040e4e291f429c522ff61dfe74f2f4a075e0a6912bb6a6aa945db933eaa90d9165dfacf087a58245b54c2814086ad5f54795f1c9125988dcf15f906671bdf25da87d145dfb22c0683636c61c44ea9b3120d894e02b0d6f8d021ed8423b0c533a043f263ea3b1b06b5d5d7dba17bcccb1485cc5830e7e5b8520f9a1943a3560083e65806f9a633baa6aa7d5b99e5c5d69db446cb39716c415dde4ba0be14108ce32fbe50ec0605b0845e9469aca76dff75ae1f847dc5e14ce8b5455af8c2f6bbabf889efe1dd6ab408d983f51b143558c73fafd09132e22113b36426535b53ff2294acefa9258a58893d7b3a252f5a7d4 -TAG: 07153351dc975adbfb8b30d77c1be155 - -KEY: f0f31be89acf8d7fcdb2a063de5a9812 -NONCE: a3d6aca502708d448a869bcb -IN: bd3449eb7e893e3c96cd76039ca41036c8fa9e365709afa301c30b5430e004dd08900d75815936deaf9e7753d8efdbebe09c27426b55161bc0ab3fb00973d093ff6088ab6f309cdb1e40cd40d3f933e0023f0c210cc7ddeef2d29d82e0955019e482782462542e186467bdf9b866998a731583b0906ffb0174cb44499d2d5e3d1fa3577f7344c21362f77e94cfa981913d6592ad1f537c13067f8e7af921db28e93673ee38de0dfcd497d77162fcefc7868ee3f27c07b0d818eb553fdf7acae2db4eaf657853a26b0a760954331b8c91e763f568d65e658c6eb53a69ac6bc582c33f8146f6c8ad66d8a454be952425f3c0130e658bc1934db754d70774d73b40512e7a9782c4478e1f9bece80281dd6d8eed2cbca8d4bb08df65feaf79e9a35d075b18e69dd39ba1f47cbb694173432f5f0ef125a9b1902ca97820b6024ae5b49a880ee9e12ecf561ab5abdef81366019a8be495af1d664970178df68f38cd83b416d0076a522a9f3f795e2d2c19c75ada025cb1ef41513cf2c29df9a01e16379c101197da782066f9318d4fa0325bd584b04b1f9597070cc551693c964b2100191e1ed949c426fd2befebe5914cb567adf7518aa4574921516576bc33673e6ffe422c831e616bf6d03476af169d9c4208d7975460873e2792c209c089af7014768c0ae9fa8011c533fc890e366b04d1b79ee7d7aeec0fe89ddc7400d6fb8878ada40a76f65df17bf34919fb5ff7711ed698bbcd3ee4aa8dce8f879959011612a3661c5bee1a9d7db69fa33107543f111a1c416c92bb873bee9f01564b44922beb1c8158 -AD: 2c9c6974f2442b87c02cb723f5f3c05c78a22b7ba6c3387fea2d07ff58ad55c67aa9ada12563fb296812d087ef3b2d47ea1adb6a7dab646bfd1aa9288c85685c7b41c14eed3c5a34e0642b20888c8d51a65a1c332f1cb5779296051065211e5ec624930f1a2bfb6c10d479059063a2a4614999b0327d00f875162440c29627f817057f5151ba9c9364f0a6a9be85fe7fb911efdfd5cbfd741bfc63564f0d73eaa7bbf4fa16de77fd807bb27a9afd9e62c86e7033b8a969cb0ba9a2240de1a8e8a3463c2fae49c89b3cbc97e59eb30c2ae35834c36c22bc056a34cbd339ea469f3d8f032b5ae10eb00003025e55d42c12d9738ea74703308633f2772e8cd3421d8fc9d334c2845870a2c68c553f4dacdbada3af4ea8f20df3891aab8db9510c299db2bfcc -CT: 57e32933293f67159efa04c375a4d7b8c8a050b0cc39031a3df3bd4bc82839ae1210da5f10b0723e111ce7d1699c78143671d7986f83fff90992ccfe9fa4367ef9c944cd571a3057a65cc1ae7fd7ccf2c722f11a9ae6756ef0a422ba7cb15a02e27aac6faf78fa2c2b08b228b1be5d3e62a5e995f9d3c5f1cbda1a6ed3f551581cf6693d678f2323e2ca7437715dad965024c8d5eabf68e7ee3ec090f56deadb47dff68e93fd8a38ec2b34d0e774f07793cb03d38921632e42b4a092175f6d602ec637aeb1f134067fb54594f33be2d9dbbae16ec25ea7b86a1a88346e0335d7bd2822a3d209a6561ea396c6128a86307da1c14d25b45e593504fbe38bae1a42689b2b53cf17bca92b4896c2fbdb4625d960bc03da9072910eae59aa17070a368a30e69d072cccc53fca2824fcd83ebf6d65e78c44dcf3333a00cf7eea5b3d311a674be8f46b696376f1fc5d70b727773582bd4a59111cdc41d69d58c52505e51e08e46d75372999f27628631c5d7497607adf4a1c27caf618a6dde1039dd33aa7834eb5164e67a208d473f558b97c3442ab23d22081ce024fe616e00e09a7d14386ec3e0089a0feedac7e6c841da57a13358712b75280f72afd0a28a3f5555e024b59d14ed108ea4fb77510c031fb438e6cdc7b4b6125a387e76081ab8568216a6776b7b52d311f48e882d62abc81453d65c0f5effc4abacec68dda303ecd225ed8afcd5638a9c4f5488d9f8963624934c1abb56ba0071bf11d64a52443aa0f3b607557ff340937a53fa50031775550925b2e8f40c744c36317797a952d70207cff0646 -TAG: 429a50441cf373d8d1cc4b37e15266df - -KEY: e4ffeb5ff128eb3c798dcdec4c665a4e -NONCE: 7b30ac120aace497d03de3d7 -IN: 26638db82034a19df83e60cedacfdd511a937ed73adeb1565661a201197eaa7fe817bcd9b83a19052461f56c3480c0e0d3314c57aad4f02a9e10afb967f752fb144bb1ecce66ea05608ddc7c876ba95698b04e79a429d36739d31b52e47fb032b18e7686923700e735750628ac0effa74298bdf7b75c115c6ea30634a9636c7ec5a02aa467fd53292d8991fd2cd45078471ac3bd8dbe47ad901047522e82cadde3b4f9d0a1e2b8c6faec2da532a09c58acaf7207fa49c1de10f377bcadc903a3df381a10ebf7556465096a0506e7ea0e7f11e00411f226bf2897f85791d6e34641d8cd049d95d996bae9dee6b2417f558f102a04d758897c484e930cc97d13f540c00f950a1b384ae5139dfaad258e1315fe76b22a601f7a11d852a080c228065f423c380393ae13ba817f18afaf48f7df08ae376d62e770b0c98e49298bc1f6f1cd07b586128c42d2196d26bc6752fdb375a0edef255d139b35841f426f090f270d5153efe6dcbcc2f4d4fe19258284b98cf70483996003889958a7c993fce98ada15a8bf16137624a2e078fe16060b640155615ed55df21d9bd736df51970f11b06775760116ed1a624588052787f6e95c93cde1c4661c9efafa2d2f217e86dc941263c176bc9e15af02b922e23a1839cb4148f82e8d8888de16e17db10f659112ae0f28cee8c062f34f44304e32fd3713cfbc830699e6aab24aa1c829bd582d39c4262c625c45bcc81b5e07289eec77fdd1613a7e4955aa96ba05c45676e973b609aa6136f5e516e338d183db9523c3e2fa6d7f603bab7b77e7acaf5f144e9a301a221111ae8a3130b0a77f638dee2e05d4ebf3 -AD: 14fd627004e9a78d1334822040ceb4863196a75e5c5ee70861381d6cdf1363a893db2bdb201357c908284b91d690770205be495f788afec67f205edbcf47b78fdfb6e1ca53dfea501ef7fd48008ab05a58b65ef8e3b25cd3617dbe7482d0e846d04d00508192373abad114b6e5713f84de6928339d5c57e4abe88f0c0f0913324bdcc661fc85f391aaec28772df8faed4069573ab9ce2868039b7971b510e8b9239eeb066ddce13e2fc2579b159b08ca564de01fcc32abf19f388f0a8e810fb4de96e19d02010b75ca55d4d6db6c1a0d83d36a9d30a980f51e8263bbdf18cb768c5d912cb1ee8394763dbc7e9276830eecd1c92541ec53e9fcb5be036e8fc2da7c51e9b7978a7fb8e24182825d8a219167bb925dbf639edf4a25c42ab08a7ac8013696f7e10cf0efb57ce49107 -CT: 7ef2888ba3ecb4c9e0b96414504cd46365885b6fca375534e3dc43d4fe31b61acff2cf2d0b698061ecc1addc1519e00b1f3e59756cf70380e9d83352ebde4fd680fd995157fc12054376c690ee01a11875b3e833de136a8e16ae08e80101caac4e7a43042abd81cae91d2d0f98ec0b6fd7e6232fe351df92aa847cc11044a3e07f3f4d8b8b64f039fac77c95f9057cfefa11cc795fec334051a81dfb7e08cc09496934508423cb75f8b051b811179e37ee63346ff3ce1f1012117b0ad3c03fd113f7f932da558244d5809e6af429084e70b206f4dcddcdfd549246a548d51df1fa68274416b27cc2c12b3a6a86d9bb80184d41a3971c9dc0ed906aec4ec85e9eaf4e8dab1704f6ac3f7602b0aadd1ae4ad91755ef9a08e231535eeab932524b2c228d10b9cca1f88215ab56bf776183b9c14b2888dc7dca590f48ba6fc7e974352da98077d0d3f5de4159025270eae300fba5457611cfc4b52846ea1fdfb29ebe4c260ef2d0d61de644cf8c7390a66d15f806299ecfdac0d6ca83def3873f960bd5b41d05e9a718fa0329e2304dd210f20228d7da87f08bf477deabeb93304133eb38439f49e821ca66474ba065c8c6ceff51717b36297eb17bc739feb166455b79d83ef6b12506c5a877f9e7237ace4e451a17969de2ccefb65af407a1df71ac99856d485aebc6492441366fbabdd11c9ca559bade381672c8497cdc86175d2f186272c9b675cecb365f97dd547d14ebb2bd306d80d83b40e3d4a5ec37812b787b31b2464917aca278bc5c3ac7e78ba6ea0bf3744b70012ba4cb5f1b91703504ab5b0134d5c8071ce1f16218c51207448c894cc1b -TAG: d338cecd6bdd210923d8ed507612ff85 - -KEY: 58ac0726e0bca5d30bf4d0a231fd1242 -NONCE: 0b9b60c3a690e0ce0106c1bc -IN: fc47121253347bde0b02845afe64a46c74a401fea9f81cfa02d47f3c6008be65031e26b07d05253d0fbabed865397284b44ce2c38b2117f90f7d3bc60a0d9b04c6ec4b5108da61ff7f6d30083a33528281bf2b543bbb2eec909bc8706c892844e0702f224cafa9f2070adba7e3942023645427abbef47ffdb9ebf43b24aa7367deb7d05241cc5ffc0d1e07554545ddf0f6bdfad4657222fa561f3f92c83fbdcd5b0b93921842d2545b386eaced2fe37d0e5601bdb969125b006b21a8283d8cb5264ca2d8765d2bfe24fc04f8feac32293d88bf6a3bd7764847c72b07a9c3caadb47b96eea17199713eb48d03a8b37897defce70b258328f0547392e7e82e2a1be53c8e40d58235f610ced56019a0696b77b16ed8bcacde1c142bc3afee168755db6b8d81754dea34e20f6a0e35ed9da60bca3957a054916e0072e3c5329ebbe2bf8f224efe6d501e0105614f72c8e37f2cb7cef644baaf7bf32975cba8e519034427b49bd589d076e3a79b2a9c90170d1e503256389ea444036523d36486bc2d3a94c73afff7bb2b48d0d74b7607c3db43186b9f85102a49d4c0e3cfff1dcf8b5c0cba5ab2f28e1dcbfc858f57f585d5e7d4ee92eec6ebe152e4b160db923cb8d9c154b631e3340b61272e0726cbd88298a4a6dd1d01fabf67d9c66c4681019e13a0e0280e91dbc3cf20e583b4a401dfc57cd3bed42d7e889182a0b75072fb08f1be187b3c7990f9f17bd29d61b8d2bc93f1a78e84fc8c38c4184afac57f3c6915dfefb3e194afa3919fddb1efc685931e49129e3afa230681fa6e7c1d6a69be66d0317d0497a937c827b1591931dd17e83207cdbd56f1ec1270b14d9a7b1e2bed3e10628630 -AD: 0bfdb282f9e2db0a43c18132b08093892211a8f7b210bcf36120851314cbd8a56f80f26dbfdcdf944fca9148c1d013844e897b034843fc0c8701120062102ae6a00aab0063a1651e0aa36aaf8acbc221ee7575748562288c08050a9a562ec43be7fb3e54dae418ae89476a1d5f81debb13eb6c5e0b4796abc8310e70a5e4a6619923dd6230a7b2a8dd36fbe3a29aff8a2ef35820ca68b07e00f63623db10a648014028d314e01cb537973d03420938dac988e7af001d571fdd7b1606a06430b5fa1770b2f30f53cb439a02771140e44356c3bdb7ebd5e7af10c344396bb3bacd58d32f07a26768afa741a2dae4e91cd8dec01505edf362f38b0fb06c40b8441746a8ec31d9aca6437d1b75b5afa120856e3d87d79ea5b71352edfb56a873d206e8fdc5d5f0bcf91c0ef1beb06718006bceb35f71dc0b -CT: b03db471a65de5cf871ac198ddfedd14e66b6fcb6c42c782a4d3c156beb2024a1dd2cf5efbd87884b029f42c94067a42a165c1e00018f11cbd79f65da02c62fb443ea8a345c34b6411112844eff3572427e45e061913bd578624100e33908ab9737140ae0fea83069fd008af952c776459c6cbd4ab9b02156b3992c0691614567056865b9f39b526f28d11b7707f35ad09d1eb0d2f6adc7c66f8832d8783478166036d082af1a44025a733781cb389612e3c124c31c35ea2a7833bddd053625d96d2ac3fdc69dbb64b9b7fcbcff6c6fb891d974184734d3bb4081d7609d7206067157954b4c6ab68e4a450f01f5941e1702830a58667b947352f1931ef721739be452aa083ea17344cc0a3b5820a90b35bf45ea00fc06df7229080b82b79c3930067f6045c619624958f77096f304d9f31effe42ef405ee4745f1b6c101225062a5bb38665efc428313038a3db8863dcc72de12c8ae41eb1a7b8eb02bd5bfb1f1ccdb1db877ecff08606963d97958ee7cb85b99c5f2ac4f91a922e180d7f3a3b265168d02829b98b7a72c2a2910c0c8c654e354f2e19a53618e4e46501ba8c13e8ee0081901108a75d6b7f601385cf6dbe3f74b3634331aed8eb903119ee96877f90d491dd5d38abd5f002c3cdbd57b04a7ed13fa09c9e2058744e1fa24d3fd87a863a7dd73cca389e40b7aad29a95d6f7eb705827f7308aa4ec9b07b1c98c225f366cc33586bd08e20773bbe0878711b6210392900b8fc933a6a661b8d6fd1a8338d06ec364f9025f1a79ff94bf448b998908c22be5cd6c1aff929037af9b642ff228865137dbe2f3f3813923245c3edc8edd76eefa02d40e7850e502e92e9511571f85fb17 -TAG: 34213558263a230e66e80c4095fbab97 - -KEY: 7b9f65509a00841930c4087093c0e049 -NONCE: 45003751c40e59eeb10f62ec -IN: 33f7a6d16717804519e930bccfce78c316cb720e109a75b30e11415fc5b398b76cebcdd758535798465a8662486745b6ee098f9008d0cccbf8ce2066b12ceed80cfac806178068d2ccdc00ab32d73faac0cba72b5ae75150c13dd0c16d85332d934e56c8f96bfa942fec689e9847283a307ab775ae09cdcdf1c0635f749186868537dcf0123baa295e29601052297aa4b3fbf16b31620aeacc12d08345df8d879343c098372a04d32fcd2470f4bdb3aeeac7afcdd8f95695796c64cd41bb0052905c8b95edbd0bca3e9115f119d29e109198e91b9a024c8a4d67ee864b71eab16d4545862403bdd0720346c43e94793b1ad3f02946989c6e30c978e4c62660c4b1120bd49017203c86f5b9f02bea17a249d6396e390df1abcb508388c735565ae471a3d24293cc33aeb1cfb05025fd4f17b9382a391d73a2611784358a9a003c1ba16f493f020b1f1545555ca165c00e3bb4a2b855d99a91d4f95534424d3b8b32ba66fbf3de63694b18efb4e0aa62e438eb3a7f50b0551ccb19eba8b63e19bef0e6468ea84b2fa62d0deb181e8c3b00a55198eb69ab7eee2352989013fbadbb26d1c1f5033b26f1ea886a0d1af6c76a78cd09a8b1f247d6f81d7d4e521f6649de7fa5b32b45be2cd803a1adc6fa89eea3a9d876ed1df0534890c9b41627556103964aba36e277d1cbe56bc14458e75c365a58646b7e498325bbe815e645a19bb33d2765a36a61e74eefc32ee9fef4162eb77574638dea2cbb9753e50b85eef07284ff84996a5969af62090ea20c6af307c1b2e56486f50c13d5c4087ed471dc737c4e40b7bdbe9d74ecbd6c8dd0892449496d0cba16e97c864307a55f341121b5e35c47530a9c3059db7000688bb568f4a87be8eb8ff9 -AD: 7b4f599c829e412edfae60ec1dc53e15d608021b6afa827f48869b9c9ca017a394d10f814c3172b38ff27ffce750085c288e257b6a2d7ffbbcce9e7acfb12cfcb630c84448329483739be37ecc1ad122603a4f286a48474134550b12ed8dfff73419494a8d251a98fdcf7c329b0e31b0f9379faa6bba2e4adbd429b199b7cc31d2805250082a88f94d3a120a3b07d0229d4a49e45f2729885e55cbb9ae08c88b65576fcb8a96ef23b629422ddbe7497fc2d4baf812bd03a7d5c03e79cf522938337ebd1c9cf3a61d331aba6b436c21ef47b030447e839b94b23e6ab10ac09a1243081544081a09cf35f6c7da3149fe3c8e41f90da05d88e31b32744214ac3a8a0a9098b11a38abbf01da170d3115fd4243f2be6eb8295b921e687755d0baa3fdddc1fd9e8d78992f08c50ea9caef49989872bf00b7f86c78293896dbe25eff -CT: 5ba4306c0fc5cbc0028d54a82d2ec3039f78ecefbf3ed98f5b4f83d1b562be3c5ae66756dcd2027a515360274837682ed07c5f1a0dedcfe3d1e63457f9d4020d2b3d57d63401284eac89ef0cd16bef79aa949a5b3c76dab5342e8042e2e0d411816d311aaabd8aa10bd6c18f72620f824156bc71add704e0ac4bc1d4761f9bd1e31f800d0487f3bec7a788b0cea75cc0bb4ebb927e824bbc718236b089c752de68b4fb5b4bc1ca67e166c23274de9992fd30e0752ca561a4c5f469dd123ad45870dc013a47247396afa45ca5b02fbda0fa1c2a89180214814c5bce704ac4dda5be49af225f3a745391d669d7877d1ce173058433b02b714b7f9b43095820b73069e8c3fe621c45e00e41152a413e15bc750fdc517568f021645b6ccc541a9d61237090cfa6e374942adaa1f18d073e627195164fe981853e324d2e97c35819a00cc4d668ab1b8dc86188ba2f5fa76b3ba2303bcad2ce06195d6e853f7e0d257e386764067f244020d9660ce04bea8d61c5a940f502bb68ab6a62fe2e7492c3aaf355d313f4e2e2ca148fa46673848e59d744567bbbf38ab0ec0c799712053d0bc25532ff00f02a3149e6bd9df268ef8e1fa31762efab8102f6fed5768b9abd9bbbac89b40000394158c4c5d2bfe5f3dcbcb5126afb0f753e2a60c8aecc67782fe64f2f35fcc45e6ca4b6751c40adea4998140048456944bb8e2345daa95e989ce48378f8c607182d76b25d12f731b5029c245e804ae19d170a27f35634c64a1bcdd48a6b573959521d388e023650f427cd1839c77e0d56b4511d1986dbafda63cf43b6fe929129602a5314d6216e662cd1659d8d7bc6c271589aa4e01ce45970efd85297f00eb2470567e69a67bdd20fa4ed8b497879fb -TAG: 15966db2d710d52510c55082f0c3cdb9 - -KEY: b4cba7822382ec3aa42a95221eda5980 -NONCE: c488bf7ad0031e1ed9870968 -IN: 19cd01ddbd03500b348a15fda2f9cb9a870df388e2e7f84386fa33fffd5287f1cb795fcce3a24fe371ce42f2f34dd8db9d1826b6a454082ecd0dc684bdf35d3d7e7a9606cb5336c67238509f0386275d58cc3ce7fc98fd20c77ecd1bdd463ee40e612cc5b9082f3c12b83f16c32072834a64552549289ca767acb23c61b4030227277e0df6ee9acebddb0c3bd538040398ae57767c850066b40ac0c1d7f5de22747051d237f898306beee05273a99b20165c2d7267f65b5451605ad4301a82bc80268b49e3084957d8ea8fab59a6b31f47f76405f5575df8a16a5811a976a84ec23479daf4d1d2c1ef428a9ed39faeb5a625ecd25e04d37736230cf144eeab686180cc71aa713d522c9f2007aae4eab486171ab3a9c338265193d093fecd6feb1cc1d91d10a5f2dca9243d12747b5fd3ed809c06f52872136814aed50d61ac932fdfcac2e9ceef817034647b2f4d61f5a0bde8ef9bef2789a49da799ad1b9bba440a29e3e15e4d97b99c0fa2abcf5cf0e05acc89da732eb79585cf1d6c11a6c65c2087f902ce230208b5f1ce6cde34711646b9db725858cecd3716906853acb06c30c7dcc3901eb407efe6c3a8e1e9f9aebfb1d7217cfc6571fdc4b86d17d66d6e392ebf03be924c0076b8d1f8bff15e192cc5e351351fdb6b26364d883581c3f8e769e9a5689d0ab2f308a1dc47d7032de91124b1ca3d42aa3a8d57ed92a97a2aedba2409b38023c55954d4d5d2630c4dcd5ac7277fabc3408f0265560d3de4114eeb0b10db4d5270725f4454dcb1c7fcc1e36013a155b03181e1a315aaa251e9ab00dfca8e9ef787799a23529fbe8f0f993dbc2338b9f300ed18a67bf92c600f22d8039a5b03db114ff04aef285642be0d552cca24b615bc1467ccf9818929c06e96599fe335e0 -AD: 6fff534915999ba3c3e7ee9f964ff4c3774c1c63ceddf8674c9c43cd4874f34e22c5912e6f8eac3e889779e7b4ecb2af711665489274c3201a68d8bfe7c61e6e8134aa08d71ac2a23289eea43d1dee5b4fc4caa3cfb666d59b09c554bd924b6522cfaed157519de12d9bfa37b55fe8158d763e3c79b7b10db45bdae4ba18af925bc8528fc19e9af54ac81588682299cf0997eb9710fcc3597564d8f0b71e3249089673b3771ca110a28c1aad49f32301e0921286fe0cfdaed8f64956a4e2c0b22011bbeef46ecc6bfc29ce023b361b2db0488a2cdab32bb94024e757abccebcfa0a672acd77f9ba622a665314c4b520746ba4fa07488e9dc662f755311535f1f98558dfb2be88a86119850c49d4a0bc92e70994ab5d7f410ad20d61fdc93a08e460ff9628a5b242038a1d2905137d4729fa77ac0f74bf1d32fa7b025cc16f800 -CT: 0fd6ce7a1a51060fd105fc1e5d7c8fcaf4550de865dc0f990217c9e32d354a951bee16f53be1f9768f48d7f76c9f2ece7fc56b9e8c27ede94b5a3250ef27874eeb2dd09d2e50810afb7b9a50985fe28b7aee74303b178a0b74c5422d4f46a59e55bf55d7eb0d16314668b13952998205eb422daedb9f99dc7e04e11e8e077289d1402a1d12608e096afc6283643ca77813730bcee2321cf769c5cdbe5c80836db9814843a0ec72d49ea89ddf5e48e27f1e172423412b78fd91da54b776a132df29fffc5c8b41615fc491c43ffa4596430e55806bacb7e88abde1e20ae43260a1258e7d89ba46fecd08b7330409a08449ade364fb84ad1dff4e71434a3369a1d20158d02949edb9716b021271f73517bd985949d2dd62474a36e57b2682218ffa2d5a982c668a52776343d06ec4bd122d5a1bd5ab5b691e4462d8c52226f834290258a83ecf0847246c92d4339ada867f107589bd8af55cb96461aae47a879f5d81c3931fd653d68cd5139be7ea9b98ad8feb9b453f617cf7b8a4c9def78335d009d4139e66e10f642030b5a66fb44d2c07c8c689383136d580b399f685137b3054e40fd7c90f37ea30d52e09832b66251cc9c31156729e9cc5fa37463d89bf3b61a8f8657f6501ddc3cf1505fad36d4d9075f7a366050de98eeeae0c407b31a5ade0b29b1a7a3cc251ec8a918cc8239c3208b377f2e9a7df8aba3e086c33390bbdb4498ee5d194e43a67206e797d22a7c64849d1eb3921a8323d8a0c7d242f3ad65e52b992007c996dc642b858fb7ea7b1d8d6cb10ed3e9af7595367c26d4b01d6c178a15179ed45d44d83d7709503c85985bc1e2cf6200f4d0ff02e57ae4c53c012633935871028e3c7bf0f5035140290f4cc02afce10718198dac233a6dd7ab4065f07242e173b -TAG: 8ba94213b2a8696d7e203e6bfefc1c99 - -KEY: 4233eba54fe7537d0127b1a062526d33 -NONCE: fed44fbd3475daf5c046123b -IN: efcb6ee574ffb9620fec7644a10643908a2d3e283864e3011704c4b16dab7c5333545c60ec83b0f7c3e2dc8022ee5d1b8124f766bbd8fc95ae1a5bbbd2ba7eb5c41780627553b8ad99643d8abd43c56a32bc159ab97f1fa4622cba34b283317cabf0bc98931980f207efcfe6d4c4312cd9daff8d46b1f9eca45e0af42bb8b8ab25a9fe0caf1c61b40b1a8a3b35680abf456de109f42d87ef277ca178b4471936748f3232f9075b58c64c89614dde8a75dea86d3b9c2a6c4a71ccebf388becb7a2cbedd92b4ef95d2b72357b4d2ec099a3ff9fa9ebdfd1d9adff3329b0a4ab854f84e8c729538b0e65773a116a3e50685c96e52162e1b98367114d84e5476291fea3173ac3a846529d5af6ddd0d2272b54f534d4430179ce5bee98c3a9d3f6e9cd4d7cef5c79560674ed0b5418e21e9cf7ced787a9db3427d6153ed69d84ee4ca06c515d3822c6338868dbd97d0a21406275c003f493475d4350660a4f3afe49deacd9f299fc05aeab4029f57d05e21cff132cabf6de6ccb3082e0d8811dbe5188749a2ec8ad6b1c1efffc4031605c407e0c2ce57478b37a4834bff670b4dcfe8a32e6d09a0c80c7c99f7cc41378efdc0231901c7643bc8e0575040d1ac1bf4a79ba4c10bae1c0135ec4469bc8b6413a068ff97e88c4be959f8e426abf3cafa2bef9925aec0c1ee69eb60c7427dbf79656fb3846ae4ff059852e7686311b2778d06b5a7eab71ef92bd086ab0de7dc2a3d4c6070436991a68d81ef5b1c6eb024ccc6b2668c98e9b2ce452ab4751dbd57c2794798f5d9262e2df48788d92045b23a455a135c112e3baf06f2938a485f874a7d5a251770160dd9bf9c93c4e2a789edd07b8a7a4262adb303ff6ce9c551be29dc69f99dc75a4cdd53afbef565031529cbce2ebbc5f98b71315ea7dcdea17c88e7c8b3c20da68ee6ee -AD: 4e0126b67d2a31e1755e532178b048b572f806ab4bfb398247b393dff9c653a452a5ff88cec05ba1ee8ebf23e91b61b1f9adaaf771f448a57f4572d460b8304f8a2d6ba8a8b89e55d13e474233cc8da704c244c6862adba31219d994f302ac7161604d324100241fe6762ac262a5f7b5a07c67cf3f647d2d60846ade2dd33f886ebb59c50d95a4a0ae103438a65bc192d03f351e3e56b6da169480def2db510c83b6ca91534683cf334134afb2491026f7aa45978aa38b38d6a8d193e9609d3d0b3526a14f7b131f9371f56818247ce4fc6e1b17ec6e99b67123e7e34faaa8a8c63c1fb9004604e5ddb32702f9be2246ed7496dd27fa90ba90d90575c0cc45c0b9fcc945f21bfefbfbc82c53dba1feac88db291f74b6512d45cd7a4c5c886a458947f0a30ee04a6866ff5472f6c921d1949b8ddfd623f744bbe5f47950dc0c7c213545f7ab63e88124 -CT: 4b9b468ed1b1b3ff8242f0d2f204e94b0312443ffce789fa9be7c56054c2392868d8826129462bba1b715d87d58eb5521a258af3e9e06d90e26702106242ad01ac6b64908f747306dc4ca142597d3021df591b60cfc2d260d9883f01078ce4db4b11eca4b7b4329962a6e5445857423776b22b802bd0eea8d7ce7d1d47d49a805d9f557b8d67926848668d8bd04cd2a9eaa0b118b9e680e23266785f3641630d2649d952501972d92f2c6e5e7ff9e8805ab3fea94e4d069487ab6767da42a6312c74a7191310cbf58995a94158987a0d3e6778f3f44f21c9e6c1b08029d368daaada4fbefbccca7f49e2f8c6d754286287ea93f69c72f3234acb2e4059aee4ff341730c9deccdda06fb67ab67b81cf5e5213b7c86b03c00ad8e447915284d5fe4e30ee2fe0fb2ac2e5a58c0623c80b40e6ebc2b96a2d5e045419fad0dbd611fc136ca032e71ba2523b5cc45f115389a9c9ef0a28d9b949b84ba637a32fcd3a8687c70c7d0bc4f27949b37d20ed349ad0bf1985e33f74b6974dff70ff72205085c766469b4c32bbd93365e207110b55d477347db18fd003c925b64aa4366212585e882fb5a5643d79cb6a9057e977b554948bf8129ae67ab02ca57d5052cfec2949e86f3c6fbf7fe0e1aeee3ccba5752bac7abce9a396fb6e5ea3af059ecb15937f34aba7fc8edb267ad1ee18c49e5e6f057ea5b0156093c6b042d2e7b2b29bfc9548f91515a6272aa8b2bebc5a0b0d9d610b6c911a69c38d15c2ab3b1d774d68c6d5515012a083dd0cc2fbb420456b8aa174be28502c2bf22c7af3a89686e2997f2015eeb7c33ba40b676b61c84702a3c5c51120dc290e58724d082281b496881a54839e6f0d622dfafec125b381da4823240cd960d63a6890c11fdb9f56a9fc8dc172c98a3764eedf804d1f5f56d4d9fad2d414bc4c58466f -TAG: cd1e49972dc4c4e0ad3bcdcf16e692e8 - -KEY: f79000afa6ad2a10b0dbfa4f34e47542 -NONCE: 0437dd10d487f42d2cc40041 -IN: af9ef3a4f52f80c9cb25970a4a4af8bc7dbd8fa566fa588d57bcb446b399336fe43ebac2a913d74d0a9f7d97044213390372d4272317fa41a62c50bc2b4d736a759c85124562323d86f1de14fbc3899472a0686a5dae4a3e429efb05681a1d7a36d397741270b2d97aefcc3d90309365a64a0e244d62a4fd3f288f706fb60557d9ba2bc8e29b4d68a299f13ee93d3c4ce0efb7fb26a3d2f828c1268a04d48e5ed520c5334ccad9df4799cb58ebe15284a41aec4c2b9157bd2851f968a279653b3c9a522df5e2752f75a3819d4610ceb4da666d19b347f09dde571ccf14b435569b9624d3f3207ba49b05f40bd818c7ffa733103f9210cb821ae8ce1fd5bb80a6d3d8dba865015b52ad9af765a8190713d13890440ef64474b61a840618759160c4c692b5bfae7cab08f941d633a22b92d8be39a614903ce0f96d05e83596b9ab4cbfae18e4e8bf4ed0cc481ac402f27fc81a0b62b7843ed4387f2e994799e0c9532a1187fa6706d3179cd8e3bbde209f85836a176e43caa2dae384f0331092292872474d24fcdbe72be3067f542e7b099d31a0b09e0f2c31bd16caad1fe1af0f25845084268431b930685f6a16fab6a401a80590895a3422b94d056038935b1182ca3e6f4ededc86813d651efb0fa80e40700a0ceb602f3a67784b60b8d5c8522e42519c83e6f788d8133044061095806506cbd0bf3a7fb94e1d59435d3a5cd9a5a24db98f20035f0feed9b12b6cb4cc3e18c97aa890d61acfa167338b1cf79868f2a14711fcc241290709e800babf3ba7a868a528d44be867cca23f4f80b1f914ebc6abd630b4254c1b8e01241fcd817171e2d9969d2ba7c3f410a9d5b157ae0069b97ba1c973d944f11208777cdab373131ab5ebaa1304e394770c1d277913c54e7cf00c13e877fa5e8e0572f237b646f783db2f30274ba46c51d72d751c3bd4ef9ea32b0a22b260ad -AD: 3ffa73ff1c5c481d15ea2246b6da59e6271801edcbe277591b188386946abead76ac40d6f2f08a26129895e97ef25b59ac345f8d060d4d21819d78402279238541534d8734ca66427ecc2baa6741fd093a5895446979e30ca15eda06addb67bec10cf809081ce8a70af92b03f72536a8a11a1e9e3d257352cc284f41e2fc4a91d1bd1774512e09bdd150d1830be260ea418fd384be30f9da23fafdc2c0b5c632ea7fc7a6ea87d69139e9d104d634530a02c4ddae3a2e6854118369e5304202206c4d8fc963a61bb4f42ba6f937ce8281429db4103ef222c3a015f08fef15eb5b407b56165260dcdad08f1196e3d698ac5b7ddd403c28593329db77fad8ab7aacc450636a4f7f6714bbc6dbe10c421d151a7c135926c5388a56d2b66ffeae0508706ee55899aeceb3525367234e29c25dd5bb8b187ca4dd14f68ad317ee5ab3027b68b5b405880528bd35eda7f9c65eef9b37 -CT: 47d6bd87f0ed8dd258b32f01e5c72457dd1d17982f1671310cb329e18fef89f25826f7a6a9abb54d4d216ba214503aed4d7fe36daba69482e4ace4b7c7a91de5a93774732e0bfa001947d8c403165473d77b6b0d53bece68a76cf544583980084ea5ad532b599206b2d618be4e56cc22be645a727a93fd73c434239bc9c0b2d1621e3ba63e625327cdbfb8f7b13997c3d981c340182aa59a4e8cd204c5c86e8c531019f4900410c6870a1bce9c5e4f81bd8134c983f203f7644577da19117a7432c9a7713cf1bfd3bcb055b8601f4f44d33b1191ae1e32ae868bb37ff5efb1a7f67d94d993c0c50074346a6b41da521633be46e299916425fd46bbf4593b1c02df98f68debfcb43fff6a1d7ad6c4b48296207d74a9504670b50368f2f6a2d89f6fa98b39e13cd46fcfa746dc533c8327a0b07cc89b654ff8ceee471eb42f1f07b0abde3ab49478563501e076622c0248bf8e82576e968657fb0efa23a03c3e3013098e86e44a40d21fe0e640cae3da3a461038907f9610d6dce7a1242417bd43d26ba6aeb1e6e3d0e54c1b9839d019ed409eaf801ebb6fb25949a4961b35fbdcac81c9f87ba8e4f7103984ca6d8fbd3d3aa7b13a9ef1bcdfbe4f6d4e6cc48e5cddcb057027f98ffad2a90a7d4fae9427be8e77fb6c30ac38cae71a36b28fb47045fda28a027b1301fa5071a262c5d1e0a695d3244218a88c7182590698b690c42a3cae97ece7b7266aca88dd8fa8f56ef08c28d806e7398691c31f292caf1443508c494007f5de45a95643534f3f0fdd20790f0aff8d9bb432cce36bc857884a28d2dfca0667a2d7a0b0255fe68a2f9cbc28cacfa489fad9d3101a5a6bac3c39fab9a8223bf5de787fc3d9849626cc50466355df2da389c5ed8301e24d2fb6ce3e8081d32340739326b706466897cd40265cbc347121b6e12e04c218420ab7ee760e9eb6b43fb4e4c530 -TAG: a2d58dfc6f1a7aabcc28cdcda713735a - -KEY: 5dacb5173b30a28c99e00eb11181879c -NONCE: bf1fb59bee4e3964b300ce57 -IN: b597b958c63a056758714d69c241da18b480acab2bddaf692f4a57abf2265a0fb09b3352eceb6b26a667668363a615b5d078a4962c48658e3c92e43ca83dd0f71ada43a48d52b793a48e17b66097d06f9e3804202e3a8e832409d45f8b33762edb9982e79948fcbf7213118121cdfe834931feb8d6d5e3a677e3c35d6bdd1a0a51c9c0141dab8dc0ca83c7606f7a31084b9a9a985da6b93e23b215fe4373e597574357435cf7aae309c11ddef6b0f24437df2149ec8e8861e3546f2a950f900d74a8d736a96ca82b35bdf9548d6eb6c6235ec2d98ff0f196fd389234bb44de0a2718302a3c7110ffbad0451f4dce3eb2a189f63d52683509003cd6e0574b94c3db904f9b3113eb44725a5aae93aaf299d05b8aa942bb635cf5e68107a3277b8a70534e90976275809428e77e5163c18edb02334d739095da33d32502fc5b12c6b14acd316404d7c70f81cd5a035472154e92e8a8831a22c5b34ff4b40e2648df0e6b411ec8bbdd985da9992e3df5d1ebf2b912a1b250fd08553322b7f894cfde69cc37bc794b7de6b5136afb01f8377e0b293b57a50eca913320a0eb324a6009d41dfee2a416e6b9be33b55a2e85d59a88dac4d587e95e7352f004637bb3a798dda6d3a7164597a73e13819dd2be988c698bc7eafe6d7d32dd416e2cb252e21a7eb26ac4baea46a5ceb7b19db842b20d5998c5bc4b78836d0c6dcbf3ac8e2399b82d097232c553b837774960fade6bec8d0f452ba20bf72916117045596f4b83422b026c6b187c16e560ecb2d5dba5b6b0d7709c7b8e8b4d199d19fa0bbff8319dca9b308a836d0c1eb0c6f2a14c13c820d3b7213104491e6df75a1e61621a5c7be94f388afb47d7c5c211621fbabedda16ea22c837903b1088e6cc8751dece86bd749ea66126c1139d98d489dbdb93e6d8ae9061ab6dffc716e27c3dec83e2bc2dce5192f3fcd3fc5f3b394885164f501afe5fd42bdf685c73f9c -AD: 31abdf1d28419a911203ca879905ce7d0edf1c29f3874d02cf2b799163c9204149b96a19f7c0eecd64b6ba2bb686eb1d6f79e420d130fce85edc6bd6b07257427a9107bda792de711025d05962dca533c52a2a379ab8516010107bc7879bdb2447973f6d356cd3905e253023a863a3175f65e1988b3f8b92af2ee9b5717d87705649127dfc9c7388c9ddfff5e0dd7564fa76f9b3272000ab7722becf46c1c2d99a51db96dd32fc5fcadd683fb4f7d57eceaf332910e8d275c5f955f27e899eba77b87784968e889dfffd77367c3a4c2711a87e1aa5dce4025ec7aa3908b96cc5fe05de319ba6de6d57b170561b32d0fe4217b0739393fe730f4f62058fd3f950bc5ef151732e06fb92987302c684557befbfca5d15b72a22dc0a3a16bc128698a6fef64511d7945cb1ec973d66e81e2f6481316640afb0344d605cde7280e9e6107131d1b2fdcdb93c29673d0822b8fd1ae0f22fdd17b6f654a651 -CT: 173cedc6203b5de9f4950c055399328756c886ba5f8eb4d3dc4cfb5e7681aec1c9ae238d0dbff2af21fdcfc244d20fc310ab0f53894d0f9d7204de4c3fe8d366b3fe075d7c7bddc79a256d54125d493426f56c0f56b0688921a0f9c6128ea6ccb405e7551750780d03f1e4c5d9ed1daa253a35178e85f5214684ed17614dfa8cbbc17c3620b080531dcf8434b7b38d1d45b45759f2f0e1c694d39e9387479aed05dfdada1672b8fb01935ea13a057884341ea164f1e59f8069aa5578845ce60775e4a6166b99eae120212cfaa30de04ed140759dd071c15a3536421b0e0dde31e6cb7d8e7e71aef462db4564803d1f8301f0cd5befffc1c0afd74ee5957d76c0a6bf85e2e57711c0ecde9427cbae0c214a09b69fe55ec49857df822ceee98d3d2cc2194b48fff88d5c4209b8a5aaedaf5c289884f442db3e5a8e441a4da134c3453665e8309b61dfb007cd48fe7f2c1bc612853917a06370cfbf3cff5c6c4d745f134cd5952986ab100dc17436cef8daf917096adb9a0d49889b75cf0306d31b6d6902817e747918ff92f479bee78bf2070a0011aab7c0e734395430604e6c8c2a73c17c4bf10a1146ebde04b04bb12fc6a189faf983e6cab5553ffb92f34a89e8166ecd024d89115e6b77395eec93d62aa3daa2f5b6db3723d25ac747f0833ba89350b23c2f874181a6e64fd3ecf4c07396c8d90be0cc78139d20891eb729e5f22f99d07758fdc00e76e9b082cb456c1e5a7b7704153e16b564f0bddd142d47b51e63a3c540dff5f32eeb786c48b3256b9d655f3098e649af178dcca88413ba50f0f332001d4d686f566250fcec1eaa4b3615604c9f3e8fb1704018d609904af5d2558117f43ffa74171722974053fd468e02f047703224cad8f7eeca77f8aabf9adcdb2e3e6df4f805b2a900591977b7180a029c8b359fe41b31cdce8a748f6967872355688e932bc64a43a12222001bbb4d83fab619db8f933e -TAG: 5609b0874958433df52176247da18dac - -KEY: 87b8cd45737c8446b21301be1d5d02ca -NONCE: 6af5432cffee125756ae7bbe -IN: 2993033150f6ef19022bc5bd11c9ff9ac8ca8b17c594151ecb5ddadf8465c73969c432f4c273596d9cf7c53187932d3be41a145fbd6485ceb80b196079d89e3b5528c61946ba503844ce538a1892e62457abf4b6f90efde91d1747fb5bca839149814f757d418b9787822c76ad2ec6e5c84a07b0d7eab9f918b71e075cceab5d6ae5dccf54d4a15db9e415e44963c8ba68101df5894fc1664844c7ec11c300ae11cccb4ecee60431e36a2c4516db234378579638b758f10d80ed372da218123449a66aeafbb41bb8ff6564cbbc9c9f734daa1a9e409fa89decdd619ec8d1fa5918d3ffa0c780c0521eb514b2f23a4e95704f6a22657e7203bd1cc15332340414d02f7265023e0c9906147240d0495739bd33f7dee280e2cf905a706dcc838bc2fcea7e4afd823ae2dd3e2a98ff55f3ccc2b0f789e4d5019b93f213722ffe27aa583f6b9f77cabc4ee5358324f765547daecb7e2d4b371e1f77debc01b18be41313387181537b360f1090bcd9647ac7694907ca521f84f7865c3c82388c6aa80627ca9e4de08a163391b228be2a642df333374ec7182604bb80770f4a839aad778dceda56764f5888a95e88afbea46cd9eb4f506882cda4407461b1ea2f31a88bc7529fa923ed9387ff03dfaec545dd796243b7578640e0b8025aea75ce1b9ba918ab04572ef65463699d32125f71966242fbab007730e7f490338c60ed9ddefa539cc88d39b254e300b56da3c832065a35d961f74982fc895021fbee01e03e9534e54686376d8f9061cd4d033491b081f15639cb2056047d79f0dd7447c899b2aefc7d6bd03e57a1d7cd996fa282ad7493201920130df3007d13782f197b26ae0cf7d62cbc642d10b4202e1887b43faa4b71694b05d19daab60cf37b6a9b50c7d32b04138efc84414e87f6caca8626c2f764a945a26fca57907486c0db54ba1d898e2bea16e6d8c1f25bae57962529532ce48be6c1cdf0451deb047a1d27faa680f972148e9a0bc6c897d4fd -AD: c82bf439bae425cbebcf21c29c3cdfccd82245ccfae0524e2dc0b7164682891c85c9d6814c80fce1a63d588928b38dcc987d9df32f2a42ae4a1f9e8ac6bcf285bb08d164afef3ebfe6b299332f207409d271460847e9279d2f0b5c4638cdd989f868b4f0dab1f324e9b18c35e3bc5f798962b7d4f3b6bed6fc1c57055c489032a600951f8d06c14f5ce852d29be001592ff5c3678c0bd8251c883b333d5c670e52072fd68fd8d53e1a2f48dfd2880394541f4df82a9b6adf525c527550161e0d7dcd5d0bafaa4abdf1cc7ae189ada0a61890831eca952cd6e505d4df44650ed533591fc72a9cda1fdb1c4be99a31ac10d8f011ebbcbd8d83caf5d8c33a659d032d4e454ef069b2dd414fe19706681f83a479078f01d6330e2f57c2a3720e5caf67e44ffdbe461d967060e29f11d4661f23b27e90d521c1a9f4f03413ffe794cd9e39dc4c81f43d38778fac476585975b72e26dec8658f9cf6e4e028bc87c8d5d1fe47bd3 -CT: cfc53c8980c557908f7d3a2c15e7f65da940cd319594b7d8baed9ad7edba0a46987775b004b5fd0c10306677eefeb8105cf124d0c64a2dac05364138fa2c4e49dfccb963a89956f97bb0340a14573e559d9f937b51fda46206f7ec3361ce566ac2ccb418290e070ff2655cbe89e762466c1559fba756c62de1c963afa1ad18ea47a1cf3d021f46bae6c060b19aaebabc900229086dc26fae9fc9da70af5af3acb02b6d5a570e95ba0d2f789fa077fe06553670ddd0c4e8965a3f5532e93e7fb0ab7e0b9f90cc9b483f1fb79ffa67d0cf53596eac25679ab4f8ea75b93f3bd84d8b8270d6d5ae62a5fe8995e9b0384365ad813edbe7fd9743665338cde61f8d0bf82481b9da29f6682795e7178fc79e676c8e3ff641ae25c667f92c849a642abe974d97718f0aca305b57ce7974172477e90e16d804c450b332339c61c327d78abccdba272b85f4da54154f59ce8dd5bd89e38a515bbca07d1526eac34437c66496f05e8582ce654ced3ee07d4e770da1799aa9b6fd42402a47c6d5e0c61592f11e798cfa3bfc20dd601e86e05fe6ed45a475a1b54261f368877e1207029f50b6d54e19c132c5732ec34552c2c559c135ebbebc7be00233126d5e0dc5e20b7bb37f6b25df2ae5ff44ab390ddfa91435c6d8ec09c4916ce8dd3e10509094cb4fab2ee9f67c3eb351ef221f3e67b7ff3dd7292ce01eab7e298343de449a2d4a0a168860bedfa0754717bf6fa0f5e37930db0e70c66976d34c0afd3ed623df2a10b9c02b2e9220534688e640de5d53f3707c2c9ea3de7d339e5530504b3a821cd3097784f325ababae463e9e1b34ab0830d5411c9e04bd48a321be1f8b973fbbc6dc03dc7ca2c31b3d9a800ec9d425881468dd9d8ca7f67ba2ed500d1674118d42ccaa6bb18f0a2c4e5ead86234255d850f58f9ee7ef7f70e2eacba6a053ec2e78c27a45faeb4c90e28687ce0d7cd7f8146a6ce8ab3887408e85563889373b606cd5c968437bddb632d69e8e8fdb -TAG: dce7df76d7d0c0be7f560dcb5a4a00cb - -KEY: ad3ff84d1442224006550f6006be543f -NONCE: 7712c5edceaaeb3360ac7ae2 -IN: e3618e093a797223283e0b9c36a841308146c122e3df15a43417bec5dc4224a10ab962fb11c53e3331f0a9967c008541bfd7d1beeed4b80c2371d5ab62cd098fcbed6f96f01fe9cb9f9f7b039bb010551e504252d0752afacdec2f2984d4ceaff99dfef99d57b4d4b1fa969a4e70aa0d868993474f7d4bdea01b9178feea95ce30c0f6b78f22c70da57d26677549e9284bb4a6717596c2c3b1a513ee888915b910c93cf1d94aa4013e891e1da11c41254af3c76a1f63d67f74a07f3176744f7e558f03a3525b4a385fc64e6ae48e5d96779d64b5f557ff453fd44cbe46a2ad96fb2f79ee6720e08bc8e463abe2a9f662540b5105e1252917d7ff63011106cb7a47829c86d374aba8536d1bdac2250045e098987f185ac00faa0b81630d94a41ac935088bd5829e46ea17bd0e19001fbd25208fb312b86349a9c60540dc2b5091c3b0902eda0254b9e8a447d4983ce8e1f58832d2e9591c5b15a96f1fdbe23b608ca5ef909a656877d36f16ce276e38744ef11768030b479a4b2bec453dcdce933c78e3d4e7bd7e7a906eb74bf321fa75f307861ddc1be310289dedc87a8e325a3e4c6dceb1bdc6a02d1df4598f343ae8a06729502f5abe458be2325ff985b3cea0a166ab7530a560d1971c57c566197b5e004d9d38d831abec067235c0d2ead91b9319d6ed20e6bced57d71dd2dea6a2ec22efd29b146bd31617c9c08cbd26e9dd53e045d6f29a7dce57c61b3a5f6410dfea52c30baedd587cc15993be3ca8e125f61272150a02138c8c3b46922be9ae2d31ab7f25526b86cc0c73cdc400b5506dcd94bb783a97f39d37db162519549e642f9f087c3f41c8234fe01dc1cc8fb0ab3099fe2b8efc1017049d79b5b6ab9f57ba86d2ef73e2c694c180d2860766a4010d76407b15afe28a3866e48b6b688228d2f1fdbbfdfac9de426186e9f7121d1a98b11caa6193f9445939403cc960f2df0ce5d7d4a30afa6fe8b9ed0add15bc78ca371cf34d6feaf94bb7f6520b4379e7bfbf836acfa3e2adfcb7f880 -AD: c53c1a8b8fdfbf5272fc29b2be7d69ff0741df1ebba02e0525e29cf45063e5da740f6c33b1deffea0eb2323035a21b18fa010c6c3ca7cc0c8194627d828fd5a9898e2b55266d4377233badeaffa7c703fd710441e250d9a5d94d954911d66caa836e2413b190917c1802c3e587d514184498ff2e6e3df5405829262b36fa8971cf8595bd1cd87801ac4c99357da70e2e55ffc012a30cca44e4f5538ba92f17aed8c8a48f85c501df2f0639ac88a39cc024fdb6d29aac368728865db1a30ddb36d366927f04f00f8dd2229e1fe76db8e7ded1fd886a9342308ba99d80f86704c974da156d96c272b806aec6c0268378652c26bad18ab249e117f8643d234b965d45067f42b857f0888ec68aab64b3ebde8a55ee38464e5f35f8653c7f0ba7598ad26f9772b574d7e060377a4174922b1f8ce6b72a83f3a20d20625132ad7cb1429e26865ecce2a47e29740cef1a3d85bdb3e800d46692d6ef926395aefba588294ff410dd523db596a7c17bf7d4 -CT: f59b5a5d01cf45a8d91c8c53b3d8feb5440b6cb9537d9feb0da69c33827d1a5542e1d2db34f25c399714324b7d31476022778a82a10668a281bcf6e5ef368a2c525a7bc59f46fb9e747424741e8894f86fc157dd748370212f848d23b13dd658c1e2ac1bf99abdf93b53a35b5bcd89cc4406953376187af45ab811e99db9ac2a367f8a55b0fb4acac9a9bcbc1858061860230508de9a777bbfb0f74b2c69a79dc332a4f03d156596576792f43dac2099b1d4af11fa6088a086a25364f62c24969a515e74f29661cc4764842a47cbeda7ff9ef515c7510c16566536273d62109397626a3c2b601bf272e31462ada51a01a69e6fe174082966fc25b6b8b034add7d394717f08df992771696bd51c25c8feb47ce637e23e89feac9679dc753eae62c0ffe7b62d9855ec470904df6bf7b6fb246cd6ca77bf2848f1074f146652461307c5d51b46977ac39c42ac5857b64f9b347a45062500de41a19f2bb03fdb241b309a5b685f408aa4e38e60c667fd4bad4fc3ab9d8b4f2a8735b50d2fb7d7177d2ef9e5c783ccdbbc8e923832117d3ea8cabf40891e8c912d703f37649096ed0e41e0e53cdb19da6467bb1ace8064c7862b6c4829959f7a0780860a598f3c725f3f956259ffd20e9088dcc639a0c947d85a51f6c77e911355ba77fe43e49a1137fccf2d951d4083c7232d095f2e2d003bce91ef9cc9aaeeb046a35bf1b548c78719c553e6ebac55a77509a3f02d71a9fb84ee16a8fdc6b8b1c917f800e053e655860ab17c0254327cfc3dcc9267e2b78dc2082e54895faea0349d9df3eab4b0bd62f5d6114903d8851aa3cc9068f6b03d7924dd6c4fcc08237f05551d528c01f33720c53867cdd375fec867f71fb3b4688eb18ac3647baaa94d2a72391f47e819b4f41e98904322d1b57d4a485fe9c966d4e0967eb415feff49d1baa38ed2505dee1b76bf1fad013918bc282761f9431b1ea4b3ae826470ef72399c86643a308043a2206df7eb354671846962693183df96ba170898fbf304b0ed34b1fd -TAG: 90f99dbe53f5a8531b2a0e8dca2b7492 - -KEY: 39ef8200a13e35000b40e9b0b392c982 -NONCE: a4377557abca18c1f3bf774f -IN: 4bf8ab0b9080dceb2323953aa0e621954d87737bba6f562dbb0de271d6f1b88d7c1a712f613b099d2bbe0784a8304467cb168ffde2625edd9f38be5660020ed3e95b49e0a0ca9dc2bd0de2e40fb275b4813289327de0926df3c73865e7689fbad0a6c79ea615fc84345529cf2ef68b37b7e9fa5d538f4dd848ba66adb4745079acabac63de8d2ce9a2b19cc718162e9fdce49de7fa4b820043ae234d8afd23a45ee3a5db124e0f9252111c367beebfab55b2c784581b63a1caf4ab24bf5af45b986f457ddafbe87791788e7c7536595d965d5fcf21e3b13873b00357dfd7851f9e0f198ff950d69979157089be26b22800c3dfc713a5147b0ca4905793a2817281fb112deac286c41ffeb2bfb3fe1ddc9aaf4fb41fd5faf1df2e6e809f54b09f99bb8b61b555efdf4d8cb559fbe57a905d30184c2de6e154d501bc91f6033eb97295d96c1085b510cd57631e40e9ea3225e175162629b4c44ede0ab5643af425a8f8614e621a581b559f0e7fb63f0c8ca09cc58c244ab2e0f750c6135fc26e433710351802c329edbe97877f912bdad914a051d859c588af925674f1f455a322671793887420bc79a11541589082ef12c975dfd0528294ccb086ecca86ca940ba05f937fb2eb91b4b925713e8ef7d10305bc937aa976c5eefb4142b0c18c1ecc6be979621c437c64e1bcfe6ae86d28a29fc894120da6ddba1e56181b6f54a9e9810a83c3b44b6fba10959139787a491f367658ede40e1289148f66d4677d0281ea3615ab399c7dd9e6e05b8a68fc8724089825fd5f6a38406b3eaf01b8dcb62afe181ed963a0d940f1521f4f501d3349e6aec453edee70f1cc640ba3bedf78ec91acabe75f7de38ab98253dcd18c6a866f4c2b8a94072b1f141c9ee3c43beed8a08d09c2f35f142b8352cf776c57d6684898fdf6653997dbcb2cfcdcc43d63b1d287beb8a17ebc74eb3c3875af2ee0446b2d75052ef95d37315fd55e346c3e8dff45f17cb28f523592ba049b5de3963baaf0eac3cd75f0f0543e0dab651061bac4e3ea3679bb9a78d035bd8ea9e8 -AD: ad709f6c13ae2d4638dbebe6b4cc0ff606af9720c708c20dc2d6f0e4ba002a0b41e136d2b10dd6a2f8d9fe8cbe91943339fad0c52a2881b188611955771d3f9a621af08b95dbb77879bf508963fe294c8b8807fb9d8458a56d7fa2a4c5d995113ea8a86da07c28dab43c997e9277f98009d67fcf2ba171016cdb7e6c449f6996d21563b4ab22e933ddfad5c50e9036db19adf88761150b2226e73043a49a8e9934094eb4363d61bfddb791f4c5bca194d451023aeb879092eb2d8c8c3a2a5b8a832db6d73804c0c078c50a1414b684184780278cc90ac42618bb4144d5a415f582a77b247e4e8236bcb0692620757960f5103887683fd54f78095e8b098506c81008a7b443a533a0a71fae3f08bb4c28c7142576f459b1a2ccb5f65425515e691852e0da343291ca414c28c90426f7d5f9d7c78f84ad6eedc600137c4d86fa7db53b1d3fe9b16874b31275a740b5f640fffcb4351e4e32cd6bb7b6fc11f104b2513c0814c370b6a7558d7fc07c355da505a1777a2176 -CT: c1545634e7b0db1afb8a166c9f0d81a561841a583d04fec4f1994c7764582f7b11f832ec2de523e4f6ea3a7c1608e1d1a037b7975bea51524bc8f001ea34a2387f7510967cd57be0436529c08144c232ba1f532863255a55b2ea6f860b7db366ec8ea366e62187837ee8aa47cd9a8d687fafc31680c4af60493da7adb7ccb8f751ce6a6e30ec1f78bd169571fcc0f208d3966cd90660b8f7c2969bcaa8368172cff0d0fd27d732d9f7869d764efb36e55ffb96a1f3d8f1e6e5916e3e97e1f5a12f8dd965466a26274804f19dcbc7ec872cf662854501f37ef5fe348c543511feb61dfd96c5d429c83c7ed70a1d5beafc241c697a564897c9fa9819fe91dce3234d7632ffe73dd1f7c3cf0bf6d170334d2c4104a6ff5dd92038ad91e69f2685ccc380a9fdbdfe7f9f47c3a05ed97be25e299b8e71905f71c68b492be8545433c99b64f2d53a9239dde92359cfadb7fed301b8d8162baea533be9c9ea11964ca6f34e4d81b968546988afba059fa4b4e6d9e436137a9d991cfb867949c1bf87b1d61a5429d4bf549e66ca88b309cc65963baccc5449361dcab294d8c817717f848b942dd11fb1a8015a89e9bed4cdf51b4ff3ace0ab474fcfe16ba2da81b59a5dd7958913c92b4f6f067d2d350111c23c477138ebb40a99e0e55e6f609d74565c77bf8460e6360f4bb54220176baffdc96e4c37529ca3a38b3ef959d3ddb3b2759141032e54aaa8e6b2bdc928f01974f1311fdb15ace49d7d5a026e77fcdb5e9d7442f7bfd04584078804fb3aff740af89401771047af2483153b4c79923980cbc5695ebcfebc32ddc522f9da5b1220961555aeeaa2d578538691ef8b9f12b5833cc4f3b18d7c0d8b068e294c82efb95badbf590a3b4094c38f334d7ed32934f7012b87ec4a49bc0c2b7fb98365f22962d1e45d99e190655ce4213275b1e422976bbe36104027b96ce3e52ff931548e10e006c75747c59e3f7136db301eada16585ef15f4589180b368babe64b114e36686282d195d622e89f04d56f17c718d72bc6c577796a639e634a97e7877258 -TAG: 9563db087214b10c64e7cbbb9dd21a83 - -KEY: abbe5e520c0ee79153c976d71e5c6dd5 -NONCE: 76f4857ba2d63e04d6b69a2d -IN: 5a3ad1a3cb88733fdbca5b027ae04137f917a650b4a556b5fff90f17bc12a890aaa8d61029f0c6663eba8326c1bfba5d9221876ce3365bfddb714e884bced0f1675b6ffee2b1e22929f23893f3dadf967b006e9cb7a9a0972422c74a0393a29f9c4e06c2586f393786ba078cc52499ca6e911e323915ebca1d1dd203189cda3af76f785538d9f1cf5e5dc5758a490cea8710a9610790f426a0c76e262eeb9facfcd7730b72802084152f71adcc2cd6a2bcdd0fec76ee3228947d2f9b1b6f614a7e609c8f250fd02e19a487365b0db8f2d53cc6843d0d2a2abf3cd2ce33125558046fe9ea2eadca7dcb9d0a20fb3ee274fd92360f8772a53937625b5aaf9f10e9c9452426cb42dce78cdfa2628aeb58c295b01e12b12ece1fc5f66e33cec966b52d6593e1d1e93ba3abbe0c917dda7c2b6b5d45fb4cf6588908208e9b264f7e8ff87cc5090f4ea9b1a5205c852c308783a6c5ba0629cacfdd38b50706097f3496b4171a3199a485cfb32fae763dd77234dd9e2c6544f057c9885e914325efa4ccc25099f81c95a4e968e5e031747422cbd48ebfed3236f878a2832b7fc6aad4db734868ba2623899e9e0689e618bac700ce17e6d0114a0f5b94d6a0c3373f803ba2337d530fb706b8afbe482eeb9e0f5582b2f502d3c774b2ba98ce5400a20cb7d9a32a351401bffc2214392166208de9fc8a6d329b7dccf10734b5b74ce122f2454fa551b586dea96fcad2c45b1bf562bd5751b757da829d57cfdfd8ecbcc410c00aff69764a4e532545838b38011f92e464d192ba315ef239dcd5041448f165a14d503a865a85dfe81c5d4dfd37fa6c316c09eb403bfdc2a8c1a0618477a5fede92cbb2abb71b425e201c6361b5509288675a4541f44b7fe052acb25d1d87660eecef0beed7851a2966947dbfb8714038621b6f34ca2874751aebe9e8084f6ed854ed5f151f81533614cb1fdc08d2f51e47537f6229e0b64d10b498f773fb67bde258cb74a78843256913cad2727f9dbc3a8bd51daac9ed308ed0d77d86aa657a6ea7f9c35e120553d26b2d3fad1bc256f1f71c7550220b0b5f3c6fa8db73 -AD: 16337934937b996d7a501a3d1fa7f6321369747329fa6bce98f68c769dfb3df84b2b1e14f1a58c3f6b65e03377b7058fda3c26adbc370ec72e58ccc953ff157d4863057e0df89328efb5023c1b79f0e29be2d7cac9f903bb782c4c8720e2ccffe83710871642e2acae2071ba2a0af880f14f41ebdf61a3e5449dec6e61e103385971b8300a31b652053496e9b3a2db7a7bfb03a054fcd912e3e1791f84cf484370e553d67cf99c6b1c9b93bbe6ad4a93c47ba9ef73d9f8506400a49a5609e7eae5e3ee9efc657729d1e615a592a8c9f14ba37f5d91649a8c59ade56769c3bcef0c004c7444c3dd24223ef7bc6a2ba2e5927608692d1fbbd3868d7fee0fd11ee40312ae06d20704e29a97ecd4265556432173d6248e9f273363211b5d505de9861eaf402a001ac18b485c7ad0e442bb5e648e20e0884ffcbbd2dda9b3aece535d964d2cfcd6f99a31a4f24d878575fc3ad7a7c19e76771929c45d0965702625cbdd2e99371147e41e950ef70a7393084682a2ee6ca9b611f3c7b38ca4f5fdf2 -CT: 76e3480cee9d48b31d5b1e9a01e79e713cfeb73d742f1fc1e8f99c8e0cd82e267c45f4270077e86996a7e5440a781861dbfdb9759a6ce3991fbe6006d0de04658423f54154c8e5945dad96addb8bee044308cdf062ef21fcab25eb9a91f100945f347c865211a1087c01f245448322e77b826a22287df3434af7bee91d7a278fa59689656f7d93270898fc68594a4bea223d365aae03f0dd18a2e525f0c142b28776bd9f66fa2c046e57394488d5526fda62704e90f50e9752bf9d7652b010f8407de91eeb3068b830d0cc9294bee9629161df4cc7a1a216e55dae077864999ae72020346e813ca8fcdf99e417f26b82653908d0d6eb50ec65814f61b1825cc29c4679a9097e9afe294775e498489ca6839096f7bf0b60d3ebd016d83076184b272db1775f5eb3205015fd45fabf0bba9a990518c8d6d0c478221768fd83776253dc843eea8bfb66fbd2b9977632ca0aac7efc9528115fe4394f460d91c1b74fceed2952c6abc46b61fed85eb7414410731106e1a7be792eeac86fd4bf2b1ff2e496417fd8c0c2865e80837b2b73a690a6d9b7fea83687adb3a004a0d9fc9791c572d916a1b72f3ff5485f7d24e08c65a86079dc2bea698c43a3b2f2e5a8f335da4376aeae4d7fcb509bedbfa0e8fd25a711af45225d764534edcee4bca8e1470cc7d187b0bd9c26866baf8169289653aeae9b36277ca22c2a0ce3f69b3a40dd55e745b0b7467c2ef6a8a10151297eac1365ee475239d8f254806c8d92354757df8cb12d3dcfba83e05c303bc157c7be49da40ee072774ea7e4ac7044768418e64d965eb76d14bbd73be18d14701cdb6f8ee32cc1fef468047ef0ac649fb77843f0bb751f543339922bf34eeddb8140220e6b45ef1cd180697c651a352d05c77b705436f61ec9d35f185c5ce83b210c4a4336483f49ecd538dcc42a22b4f77ecdbb8cc36b8a499ed5c39de1fb6e03b0769639670fb2517c57f183eaf56148e1625adea1efb9b888e8fc3d83ba05c35f8509bd4e16285911462d77d9b270ae278cb902f6ff7970211cd53f1c310cd14a1787009cfd041c29933edb6e672d1d5 -TAG: 8954449b3f6a09e92ef2e33cb57c695d - -KEY: 100c6c8d1e88b842aed09cd16a5d78d4 -NONCE: e2d7712e40234292dd1aa27e -IN: cbe63c433804b0111a2cc469e4f012d55e95e251139f5d6dbfc6dc8e8fb6bf5ecdd8dc89fcb6b2964755d1de9d8a0dc9d648619e185169ae5ccd61a6c2266c5177d8569ba4a09d4c231d48b8f8017365a411714be669fd31f5d17738739c75ba5abfc19d1eca16558cd69bf33f63f50417c92c29dd44ced6e9d9509057ce53a37cfd956bc33c6128fcaaa441fe3016389cf69bb589d323f18fce0a6cc7e77d9e33868ae21ecf8e491019f175f10013392c8fce3e6de3dbe9bb20ab69c2996967d171ea48b46abd36b9f4015723ec99ab940156e6b13ac06ec0f4a8ef74ee304e3072d9e14e844d2fef1e6fff116fbe9a74a7d90e79958a2f14c364418b7cc0d135e0fb8e68600f2e7aa26f9e15431ac9e5cf380b5fae8d715d1dbce4c0225e5c61e747029f62f4ea5de277bccb75580d6f5e5eff710ac8bed37e98b15677462946b2fb3fc0ffe720ea7c6bb70baa0e998fad6b747d5493506ffe69133608f2819d3fd9c8ef903de215b72677076dabb98cb1059d7d1b352f95a2d2c2903dff63743ec314e0313e46095197f6aeb2967c5a60f7f043b5167de03ffd320b64291bb7162b495f8379c883f17d642bd8bcad4caec8ac05150a5d449a22185058fd5c3a87a9f39b8a76afa529bb9e22641c8811c78fe3d3aaf2acbb88c47a1ac40dd686b80828fcbef0937e57a6272dc2e3ee18fb99410ac33a96d0800bf07dfea59e707cdc633c938feaa179a8d46940d1182fede7e1b9a3687548a0ca19bf53a641082da37082f257fe2fc83188c46cc58ff44a111ad32b6745dcacc4720dd960d2325443cb70615a4437eea2a409ee70c7fa3967a2fe97915ae852cbecd21d44b8db03d3d631c90e834a83428568e8250f5b8e2422007e8cefc12cfc28fc7f9a73f93afc1c3d2083e4c5cf6204753ef7fc4199c0d877859a90a1d3b16ddec6de134689accdca001fb1dbaca4fd492854446c4897afeeb68181890914744a387c198674d37ad98c4ff3fbb34ed656add39879af2e336e529c362d15399e40d2eedd9fca1f07c117304024e03ccb6e4e35d4c2508014742ed3639e8d0d0a73b4e99c -AD: 0e2825fa3a69b798030cadfb168a1f88dbe56896bfb9a41e901a1bb61b8a95cfbb343266e894f101767efe874d9d45b4540d2d77e701e1d42fb03c32ca4b965d836b3fd34ea3ca2e958aa54f1b71e8c442783924c023c1b9fe0a45c88f4b66453fd335db8102e1de765ccfd7fd415ab7a08fe4e0b3d2a14f1564ffa3157a7da7cc9981029a45edf19bac8dc0f97286038b38fca85f280ff9a98eba85e328be65a657291692413319e0f045c07c657c903e51c0bf72093c615cdfa18368992cbfd4e11bd64054d34405d00bbfbdce63e315e3e99fccde073823c17d9790cced43408ba71e48b06f9bed959818d939f7c84b2d6c3861dd17e424dee0cd7942320c50ce637dd1349173b13b972d0808d24d5ebee528343bb0f0415aa123ba63206de27257b11ab15aa1a3d23d97bcde30cfc2c8f9bf0fc3cfa4a6fd61871744823d7a1f8fa7dfdabbe82e73e491045c9df0f23d9cb83ac7d1118b4653cf4961cdb7256b073571962b1956338d684bcbe4aa05aec761e0a14cdbae6d42897dbbb1c0 -CT: 4b7337e4cacd72909775b7b8b77e3a73dca810b4642310f33a58f5548f4876d20b828a303cd85241581372f94d2582f79030e13ce68835836fe194bf8e68c22a39feb10825b80b4e2c69ce430b9b56536334616ea3f4610ed7a8136102fc22e634d5fae28cf518630c5f159ec3bda66fab0896f789c7431c9f6033c52e7082b4b65caf82df07266b39a4f0b93867f0e94e3f5065fa626b4ae90dc70cb3cb5d9225bebdf7de553d364efec3eed41c15481d2ab7f8453af13ee769c6a0af2c0a04b61f74302211e1d201ba91eb73ab2a199c4929b903e91172e4c7256d6b138903a4707f2840952c07f9ed10597d023efabc587d2753b28cb809d678b8306ab50bce2f80b9c5758e8d3bb3be07e7645ee858288eac7072272390dbd2915742ebe44de3e56caa0a9c7ef8d42df94173657a4bcbd183fc3a8ad1764606a8bc98793e240fc5e18f3f86cd082dc4eb11576fd29097ee7109d444aac300dbc930bd1d6d2b7f3c69cc02ccc54a86a627603f3e1f11859efef34bf5d11b16d11f9e5b6e985bbfd3e4e3bdb94a48cc0af7eb6c212c3fd621ea6203a5c2192fe1c25ddafa33ea774da1445191f5bb266683cd150cecbe6e820ce3c8a210bdfe407d203a8d9445c216adf892a0999a026bd8d958589f3a6aefcb5ddacca2285f2dc20ea31f43d6759ed5f46c988587f93d6b90d335bb51c76a3fea6f7513385cb3c1b8087e88dde0cc6ce55e7464e6b0b32e777a4e34416c4ecbe1610658ec0a05550d1dd5cb51b15fc3365f32b948dc28342b2b7ffefe63f4842399d6df28b966510e4aaaf5b5f7e4c470ff065fd30d56d085429f89093a291fd7e516b8e962b0fd2faccb0be3e4c62dcb7e75fa5514f79a07a8f4044cb253074b8085bb925dc8302ad9f7fd0d41e960a55f25f31f4bebe6a04775906b59f124a64f5d55caa55e1b858d1383ac7e4b39fb959cfd61acbf0d64ec6733d15e96137821417829c999ad93fa735f543fc73a94d942384aae4e330cca4a7d694627684267d3a6d74d6c140f84a3e10cf58158ccb3ee9c7ad700b08bdc46698707957e523a81f9e683527bd16ebea1 -TAG: 9ee21a6ce2424d9ab143ceb318e16819 - -KEY: a646ee4b0e0dd43479849864311c3f74 -NONCE: 3f2a6cf9d0dad34111493f0e -IN: 55461aa1daba988af83842804de0707b69bb27ad64f66247eca2701b9e697bd6d3ba32fd30c7948a1782f3d308387b3d66a8da9c412d4e17d8d7c8b3344f33a79e0aa40ac27ac3659eba14e951947fc2f2302953bc766ebbfdc41d1f4c26afe5fb41412aa776608d37d8addd0d7f0c82c61961024579d828aad7fc89493de8002620fc3d638cef981d8a843b658ec3ee27b01da0df91c0874edc83587a70f3dd5d6f7028cff83c107a72c4505ec4623b35ddc5fe3f758434a14685e74976693d8c67ec2f6dbb62f199c7eb3ae344c05b43985f6e5639f6f9bc321bcc436044b8f5b89dce923e85384e16e6eed7ea5f3e49abcc010655a3a29cf9fa60791cf7262671ce0fb2044383944d415a8acee77e88697a96d4af5f7794e1cc8960ec31a8727276ebaaa5fc44b1a240be8679d2d0c8d3ed8d950f8bea0daa64693d4e8e5e5be0567c0d878e4f9a830ab4c6153ebfd5b1019c659c8f456a636dfebd24dfcb7b3d50be807a14440f7aeb52c280b3dedfd7ced9a6ecab35e7b603dd8253a5046e139e2cb9cb5d70ec87f9468915e24847576c1b4a529fbc4f2d84706c1be86b81436ecc4bbe4ec15ced347ccc68744a9275ecc9cc71a62b0f77391e2d37c7f36683d902a0f9ee37df8306427de4ddb01618f62629ad8deab26ede6af11b2409810b4963a1b752c7f6c71acb3c6c2f5f5fda91dd54410ac1637e55e547b25cdf5730ed4aeac8c0fc59a365376d84a35440aa2830cf614bb1012bdb644841e22329bb5798bf971b370dede894cc4f9395a54fe7936381b7281e60767bb2f8a17492ea63063882d29ead140e197d2647656ab981caf919583e869b844e61fe19e94518ce7ee5aec100b9acc2cb8de3dfd5cd3a776ff2f23319721b05e194b6acc9db40b280592e50b8b5d7d43a7065898f5af4ad8afa6d8b6559c81a9e8e923f6548b3f59c8ba30620d22865117e8a9856f66df128d82c7e15dd9f3ab3ccae9d2e30061224c7a606f87f9dc5d40c689cda06e5ae21e47563378b50c1ee7c664bd814c329036858bf9d3abfae22deef8b74d2fe6a566e2aedf8329f42697cd7ae88fbdac408b1b8a6efe377670b244110cce9 -AD: 7d000237e72e6de6176fec75f5baa6d75d0652ef7d1eb495797993afbb364cd663dba38c266d3721f0c522238bab60a95261445092ea645ebc25b6f2fe177297a0aecfc9fdc621fec0290b266c8ceeb3945376c4f9ad961b97b32b176bc1e806eb2d2e410e8ff7af12ef545493b1a61ab84e634ad86ca15fb9773765ec0271c204fd951621fb8ad69601c06c6ff6d151a156295371f7b207ce6d09ef47d106a9466fda667b7e0e2b9b2ef6caabd297dc82ebf2b03146c988790311ad7f4b8e41c1e04c1b9f40d4e3d8eb611f3ab06d12b97b75d3b490a4fe30b1c565243eb77d24c06b539e3d335b651e95ad957450c027698dcaa3ee3ff43de18fa735ecf7f404352c9406bb8358b9d3e47b7dc4f6a813d4f4f37225baee2c3c028b3974f4c0e8b1f0beff79fb0b04ccc5824b6ef8108bd9ead21729a9a9cb3ba8705bf77ec3c974a34b2d838784b243176b2c6e7a2010a785a96ca2ecec4fe57bf7f6dec0c9b72c52b8c53157d4f9fd259344cd556c637f921170135fbbc86d68af452dc575eebffee445f8f755c1 -CT: 796320131f438a93c019b4caa40e9f183ab467d30ac181aa5f2a0e07295f1d07946c4f2994a3ed2ad8522d5ef3fcdaf6d58e1eb03f479859b262ca1cb6e950c24b70a5da75b13055022602f39370a48337464ee1100fa9f6a45bbf793226c358fd91ae1b71eefbece73420bfc804a8d6499f044cf250a9c680445aa54639308c10631644ec3367cef458ab24d0dbcea8168563c062af8f282eed1ac778670400c03d30dc4e1a8f3172555ef633adc99b197f16bcdea6c24b2634fc189b8dcd3a52b56b2aa5099c10a830aff238d1bffba89603352946048fb8e9ee72ce2c13e4fb717d83a31ebb67d99049ed49e58d36513fc399f0e05e3693857e00df98707c66c67b87a2a6aa63fa68fc829cc3813f831f06933ed182e103bff8fdb16a6ab5b9ea8f390a2248c9923756f3536f0e699e3af05e7a3483169cb19fbed3f86335a2fc071af6ddcda9c702a584493294d37bfbf1c2d35a3db8b4b905a3f08dc0e691e6d5264446978fa6d85d37bfa0f7c57630afb61e9c67bc130fbadff95cf8d25fdb00e10f4ac451f6780fb763eb5fe9c34abbdfa44e72346a4ba258180c134e9fc5e336e0aed9a0bc7ec3dc22fd0a38b245a512ab7cf0aa888e2b36f02ce8952a0eb69dc28afd70fe9f1bd20b12586d839cd86ea95cb03c8cebb0af0a6d8ca82d6fe853e5664d30db557e28faa695a903e12efb6b6bcaa9c30584121a662ff4a1a6850e9b005dcd194bfc418df2a8919749d8a82fc33ee741ba855caa9f60402bcb9896549ae11131730d7a7bd1011633f759b302cfd8a51afcb29ddd9600927867776e961d8c2a7ce403e1723d11fa92d587c9ceff9f4920bb4ec52ada70ff98d7c1d4b7f84cefba39031f757a86d78c04433b7085a9cbd44ee1cc8c4dc2dec2a938871bf40b2ed113e4234dc5331d536331c5f8552ee39f288028d8d7036d9acf9ff96e385a099a44f51e46cb73a4e9aad3e5b40573018a2023d683f4ee886236d9b3a50edeb69549462a4a496845d08f01e1de332bb2e3d5ab3e9a2adad675fab9eab0205462a097f4ca75bf59363ffa1e2f9dbd2831fa3ccf8b540de72eb613a549129e8d40b8f672b200420afdfb -TAG: 7d11d1e35aa29774756505f036a0c857 - -KEY: 9c73a26fa433bd4437c1018263e7db4b -NONCE: 580a120d1d29775d9d5ced67 -IN: 10ae2abed148d4008bade4539728768b1ed315de117a81fa0978c1ed9079188454c852652e8ccc4904ccf233458b19d0f17ba6525f3096d369fda3dcc84e092ea1236bb57a8bfbfa9ebde780843bcd967708ea20c61b60a11ac24b808029676a30dda9f5f6cd69aa6d7aa3b08cee0e89456bc4561dfbd751f9abd3ecbc161256a26084e5ae1d94dcd3f74ca30b4ff1857ab9e68cecf2f384da7d271c1d8b167250d901a2272551020c30bb9e9f9a8f9adb299956fb060a17522efb26363393885b4aec2c02b0a8c40835fa058166c7c3013908c1513e4bf9c71671798537cf05c994d2090fc768a12dce93a80d0a4cf1614d0101851ea6f87b528047f07d07ed78cd4e54fdcdd26bb4f83d297c402ab5e328c404118f52bcd5b6f36a18bd3186a19fdc522ec9838eb363818a48ff88651a2359447876d139c6b0b7d35e30dc0a3ebd3132e5e2a0c3916ea7e3667fa266a91d5906d1bfc005f166bd14f298856e85022c8274ef5160f87d989271d2eeff544501635f4f071089e0746027a29d52264520a6ff2f2ede11e8d196c706c8a06d87c5e3679be87b0c36026e38fd53da6bad38f9abefe48b56db84a445f223ee0ceb1fb1b797d2b589dff9b26bbfeaa1b21d662edc6f4e48c8d91025220a9f3e7f1965e0e6f7232e84348190e1b66f918b896e778d58a40c47439b2007b8574cb56a18f72677227f1aa09e36ee41aed2692b28b3244e9f54a7d317b1e5b1e7b7fc59506744a25e5087d273203aaa1dd0b9d627b240e518a866d531a90d4b3c44cc1ed9d9d1350f57e03c3f841017b46a68d6f1f8a6125f4b622a0132e64a85fb47883389dbbe1e3d26eca7ac8676a22b4bc79ad30eacc91b6d06603e916ed87bef76ae3627416af104d2794a7b86b561ef91deb0e3f97e07a37a3ae11073945f75933a5dd66b14aa98e826aa4180bf222a201f5ffd860be8a4b73d3b7353fee03be602e52440c7077fe0afb1dd5f3e823c170a4927c241a09b83e5da81c1fb748452701250896547e34e647470f5af70a23af895d71ba21904e1c6fab41f5af486d448b57eb5a3656089d39ea31ea9fe6c88bc40fba584198cf82944ca5c806d3856240c4336fc1b451f44f31a97a978b3de -AD: 874a859c5637b754a4e7c1ddc3f34dd6231ff71f13e6a5b4e182e62331f3ed1d4692e35f6959b17ef4cc7f29859a67b60527aef9d08a333bb51c6e163e016858a4da2103df237e16acb93421859c83ba348faafa3eb31d0addec9c90f61a4382be25a85daf829e5b2751c9b7378cb9e840c92e174b1e9a32f3a5b48bf70b6de1637158a09714b473e1b3e339f9f915d27b310af2fa13c05edf4eb9b114c80ec2677fbde6b5c351b61fc0527c9206357bc1d1de800d8e6dbbd3f97d5b1220006280a42f51b7b4b4c67c56aac1483a5357a7a26528a1ad1ec39e0828117be1c6da36a60a7052f0dbc26846e4bee96a7cb6dd5a3dceb6a11d356e0177be9fca68d0f4b00a8db8afe8441abfd80be2d7d25ac10620dafbd92c0956c2b3ee4da7f3db8d028cd60036f78badd42e0e9767a6c8bf8bc3ed869a9954fb4db389e2f6e44667ec26fec930e6a687e3fbf10686c00539628bf50390fc167b1c31c1bd061e975a60affd238a229a0551214f20bb9e17f097462629d04a9ca6ba98cf3020f1fce170b9ce20440fd25c2cc143018aefa1748f -CT: 26e09e3c1c694166c798b8eb3f290e8709de7cacafadef90be45e751ec6f0477f6f72e19bc0343258babd08efb5ff4f82a3aa8e8b50f93c4bed2d1c0bbc07443606487a54f4eae3dd09b3b02232276c8de51b05ac31c64bc960c8d14b953db9e84c05fa9d2c3a286413fadb00f1812ff0a9f49b91de3660fa87e8aa73f11e0bbbecb8ca9be494919631431e29bcadf6883af673149c038a820549883e5d63ec5ddbb5d49817643f29c9665a3b416f67d28c4dbfcfce80132b3e120816c156947a003e36dddf1ac9652f196944c176d6369c25dd136c7880b20e13611dfe52971eafa0055f25cb8969ec688078cc8e7c2395ec27d7d38f0db653b6ab4c987dc9ba33d5cf5d1c05f7fbe19e639ae6baf87792bbd0adb236e4dbf302e93f26ccb2d7a47c8bcacb8f6ca4ed5302a2f461cbb0312d3bff43149a70b8271572797b52bf30cf5ae808b225829e4638fd9f2368021c6205b505406145632a9842ee338a796c435608ad5a92361a19d52b7f8b348d7fa16b3d7775c58e94069aa01bf470338dc28411563e610563ee8a8fc01fff824f63500599a7490f74a59e3ee4612b76871830066c4e3eafcd448822b4c08acf4935f59942bc3cc83e497ee8ad641bf329f6f0d9cf18d40794fe7146987dd6e29c3c862f5252a8767d966e0141b6cf0d166f18b658d8343b698d0a91f5fdba3ac2c32ac24935968959b67f06b985605bff2fc4afc2fb86d6b4e70bb606bc8009f9ab59fe6f6720fdef5f530eede5ee0cc48071fb9d5eb0ac468c820d161a6d09f7d319e3c0da450a9bc6a6bcd37c1f59b3817fc85dbe85ce050d72758f3e01b3e0fe62dd55447b479fb7a09b29122bdeb315589b568ff9a20850b0bfd20f220c05222d784dab107691974e426c83aa12dfdb5693f6c05c423a7c88b72104c0aba00939f9b7d0f92920f8b166512f7ca4d437082011b38fcc3596a125363eb5872722eca03132c8a141227fdf679b8f323ebfe227dded8a2871c1945e0bcfdd8b6c631e293858fa44ea16499144e72797cf82ec32c966c60de4aa921f3b754075a4956c00540cb5800dc97fd0de66936458022ba2498dbee43a99cd8e7c6ca2aadd1f63209d2a24c84a27c13b9d5dff7cd27 -TAG: 68ef1df2583bc3743bd612442589dc24 - -KEY: 6269b478e1d79f3727831086620e79dd -NONCE: 357fea1c84ec4de0bf7d6afa -IN: 2f702a466807c0d2b8e4c81c402d566a0af16c065941b5f9b689a085ef4980131bb979a0b4300ca32f92d902516c3c9d799220e786d281d64f3a7b5cdc4721b5245444fa9291d4c58f9024387c4c4e4dac5ec5d7542986a2b97619a7db38720f392dc7539fdcc5bde53d2a4809b9223663d8876543a02431eaead9588ef68cc50e707e925f09eb53c7117fb2c8bfd07b578191b3af028d480a6f90fd891e03290d0d180bfa44953ac9388d08dbcdb238790bbe07df067a26acf6621b809a154242496baf4f7a07044c04dc02b5042c5365a71cc5ab9ee82630d97d1ed9b55be1711ac6b1b2a497eb1645c69ad15617a45751807a0e4cad1d0d965988752c65847bff53527bbd087f7d0f1b756563f38bf5905391836ddd47f57d84742c07a8000d4ad3fed2dc91f19e6226e7c3fc260e0ed4b23715cd01bf2c2fa59445d8a695bc759d5328c85db7cc6e2566ed0c5758ba2d12c1d285311208e1d4f66caf32afd1619a46e5296f435ff5bb24dd30d060aa462185b4e05afecb2ad221ce615b6867f5fa46599e0a9f3c03555569f4ed86b73a35db18c622b4089ebf31da474873637e4b97aa71ba883368691ed48f8600098b05cbd218c1d4aee55a0e6ac862518a6602328e5dc9f193b0941797e863d6534de6013555f35ad8c32e9264fdee17e927db412e76f06922b36b4c1f5f0d4b998d9c10dc88f3ac0b8ee01b1a88e0b031562510395b9b5a063ae968fe3f87a3bffa2e55a7aab152c50ea8bd0c61682c0f9c0c186c3dd0287c7c5a8f50c2f0c796ad7afe3fb9b45d90e8d2443291947067f982f070643289a117c404124245273fe17aef4c48c1b9377f54e6ecfb43aafae2fe52eea2f2b8aa4fa5a7412c3380723dc99e63c0455736ceb0fdcf1caf6714937c75de252723a7a1b5c7bc5ab1430a8fc44d78467526be8b722e0a49c54e85b6da58e44ab4db4b7d1bd33e28c1aefa462f17caee6b45a6d5df43478f36ee54b1158399a861124a95cc759fbb5bd4572adcabd5073758e0f40d6e733a87cc9a3653dce1b59936d57beddf6b980bb7cdeabaf58d50eea9ad55dcc7af8369bb9ee8af923d4dba981d25efafc2d2352315e367a98e21c6a4065bd95d14ac24cdaca55fa220b37dbf7d201b289178db041df9c3 -AD: 0377ed6ab683ea82545de480b5f15d0f948b50dac3b7233676de10bc93f529d5955ac70db7ce9b3f684283275898e74dc028b10623bd0cdaa6ebacc2b0bbb8aaf2e32b4d7d84ced724383443f493ec24948ef43a40bf94c1b97e0036e547eee4c59cc336d4205419d66374ac29cee8b274e1453299611c491f8303d00e0e445337a176f263462d0ea16c297effbc98a0790ace75c3c4965d09a32e38d0ee62c6277131f55abbf9d5c733910eccb8703634720f11429302c772c54ae4e0e2bebde2c251786f67fba677a6d9beba08d3d9436e28ec7d5cf016ba69cf20247ba4443c12ca056d3a11d1065b18a037add77642cb8aedab88117a1bf686b17efb241092ab2a17bc9562247c501479d77d0bb752dc5fbe2a4694d0309e68b885a434bbf2aa87ee6e97aa8fc715d9667977a75b37a42a1f4f27096887498ce460301d9ed2a32146a2000b1878654c85b5ebf2828161e3828e87319b838647f9973b860c6ce9f43cca21933ed4526fbcbe38d0169f60a85f9d84ad662b62bcb1088ffe9350382ba8c2748c79fd76bbf863f9a60b971fb6fa9446a3d0340473 -CT: 096e0130b0e57de1c25d51c748ac53ab8eb5f834ca5efcbfb9f9f950393a6bdc9475bc98a224ea22fefa19fb1d9dd5cb06f0bbcc266c78f169dcde51a7864c5a5c5996175b511dd11c6faee4f7afce3c499bea2188dd443c654486ac5a1b4d113e38cc5c2bd730c3ed87696caa6feef8f466a3323679fde56da63048433d78321388125a9a59d8728c40485299fb0a8012dccecfeabbb7a0343d03fcd770c1b5ff13116ba845b90c715403b5b7588094dd554cdcc1a166ed872c75a7719c83e71b9703ee90e4909e18822d5d2e64a851bdc30b2915371903d6748b89af3da42d041d4752fa1b1947ee12c5106404bb6a7a3d47629841da3ca1652666fe15b9ac2ebeba651baed43e6991139f90cd7ad9abbdc89222086da0b9ca7f4e7838fdea61fb815c534a878d7cccae9fc07aba48ba6fa7bd3a3b448e99267eaff2834a2db3084f28685052d2973eb7c74bb319a232eb0e1bef7d2827081310aaf1368656f7c64b1ab1ef3d4197b350154e18595aba352dfcbb7c0187d8ce67a78cdef6af01b3cc7f0f76d8a9de741c87823f1e6e734dc60cae88078e233e4e8a525148a56572d67ddfbbeb9409ac01076b84d9998e2d10ed62e2288f440f5b54fd7a5a1812bca2ffb9319e56b674ea4804ba0f6d92d7aa7a5e1a9f403c3c6fa8dca86ca4149f2d0348150395ffdd382698d0efb7421fe0ef930b5522ffbf122149a5ccb8bb6c3bcaaf935d839b9b820e0f199043105cebb966a6a4e588a99d20d89c61166c257cd6bfa545f0af914416f8fdd53cffc1d99b27b6c3160205c8b71af69cb398b5cf8f72154f612ee0778fca187a574babfcb6a9dd61624f8d6ae247b7c15be83d6cedad267f847a63f58e4ed7136de31126ba114e5bb94e932e3a10be4da821f091ac27b0c3c73d7fa6215bc5b85bf8227f10dc99706644f11c3a0d5ae282477513304c2cbdc1b5dfc6d6314da4b20eaa43a784fb8435c0be578c409291866073c31bb6a210b587ac009ccfc9fcd342e07854fb664b6cab7506d5248f8377314e5fd6dd17ed871ceb5336a5ff7137aa45d211b06a4cb0170ed25838ba8fc1041f516a127c245ccfbed4ccbbff11c0bd557551f86dea82db1f01ab97b9b19a6cf94e405834161421ef056d96f3482b2bda2e -TAG: 143dbbcbbcb66c7ef3ac9e730360669d - -KEY: 58cdc99ac30e78d6238b5478982a2b4c -NONCE: e58537a34e5ebc37ea72f321 -IN: f9e466031515c45461e66cc0550ac1b38ebd92d448d0745fb0be37eabb926f61facdc5bf3ae52caa0f923bd73c43a22b89902c0a4c43e12364d0286f328e125b8f5c9229fd955b5ccfbbc672275051df701e981e3208cdf832af70fb02325844120b5fc82f4f8981ed70989d78c69ab0ff75ab96c1ed69919859822ff20ab698e25f855cab4f01174c4feacd3b94003fdb1479150f0a9ed35de9dabe3b7c24a56685aafc396fddc9e6f1b35955b485c61f2659039b7254173364a57bc80418e2f6b7ae28dc8cc5402098b79c28806d135ad3d5a5d0503f32338334c9f6e63f29c61000ffa87668239ee2e1b0cd654c78d610509c5b83610b1fa85cec31a533fb329cbf0c543bed9ca26b97df5bb12ef4e6d252dbd955a2693d4903878b569bac70c4562712ee16a7da269d6bba8dd57b54246598e50453f47788a2038e206b4e34ccfd275c6f5f1de5687fce97d5707d8b697278a3e7c1f07ccfb11f23b343c5d8c7c08b1122b36f3286decc760474b6a27646f432e740420981b480ecc2e50bcec71691da9ff95d4351c1637f5348c5fabce63137ba3c82b93e7a187619ce9c2aef21b0e696becb4539fd581481c35255090bcd08de83c0c4d35065208f2d4c0efb7903757d5408d49703dc5e8c94cdb9623741468ec982231849c1423bfa1dfcaf6633afb5997b3353cb42c7e8f99906331322da4c579a43d663ad4f7bf9d9d7bd7c54b65273f08a76181fec9b20fa5b4dab9ef00e0f6660446140d3b07226976843998e94a69e1cfdeec41d7fbf1c1fb576ab99ccedc4f2fbd6d6bcf6227f8a93916c859b37ded15cb9bdd13d399a51784da099dab63a4c0ba22d27aae6177372c05c1e5a833f459caeceb28743db88fd2807f605f7448d9220b79e56a312f06994a0132e43bd47b82e0e858e8d2773a7a518746b094df8a6cc851e6ed7b98ea657188c6936fb4bf0911ccd09a67ae539626b4573e0da5a64a75b0cbc995aa664f4cef75baf574e03cb7b1cd4efb301974fa1270be36a64f55f19890bd21824fd44099c384b45903d5a85fbc785c2bf10542eeccd3ff9004a157396a126516049e26f579e32e51c1e9d8ce32dfefa3e2558f6706d31757161b9c17c8f8365b9ac257071132f8c05cf95b6b8d9b650328b561a08728a8903631efb21a94e7bee60d132 -AD: 7840ceed28a572c5186f25462a64b5a93aa35c427594bb5a77d6fd2d8c40d614f5e0bb495a909f3fa2323c248c94715fa52017a2d51c866e81aacf2efd74f40b7457fdf93af32c1211e675a08eb4330f6e24c35f626da6692bd9a13bb18c42e6b2f5c978c431d25be0f38352cdfb5933e9581834c33b70b590fbbe3122a9076e619142e8c698c78f532ad369447843c58df0cb105f8f35d4ed7909ff94a3a2b0ec99be03c29c33372a1b9d8a6ec7c38ddcf4dde9bdcf8f0d63064a5072195002b953b16d2228e71af3938f5402c24e4f34e344c26624519898e0ed1f20980e36bf568b33e332887610d8da5a941a7a1bd8b8fa8795014ffc9688a53b4b9a60f527ce4a737e99624e600de8cefacc246473c9641a1166d6894d71b9552ef3342cd0a7e3b0b65df836c6d8786f34c851ac4c72dadca8e9753a4e6a14deba129f4e442a13e3c82d405f84e281b95afe2cb066a2f49c126ecf9fa440d6f9860fd450f7cdbf5c2fbcb5aa2023755bba1705de94305e5b304af4ae8bbc937c6f477d421f5d72784f9b3c331a1f850c4201c6459270c6271b8bdf00f23389acc7bf4082e7453c9c -CT: 9662e1becc3ba86c8edcfb3ee94d3ccf2cd37f7aa1988bd4cb374cb5f3cf4373cbda8c71832fcced0531c35d035fe6de0f0086740a62b07e81b3a0f98fd89f22243a4e2e81263c3d4846a3e54977ce7617702e43adf44783e279b174591fd1fb231f2d5e460a866568c867c8e762716959fdada879c77b7aa613ff15ddae4727cb3a2abf192fb74cd6b1eb5b632953422cae683ec87d6eb69a57c2021232181e8f74883355447643d9fdbf23b00f7ce602bcb1ac3144387610e045049c7cb1bf1babfc18b21ee05da3173bf2a0d8833698e7b3ba5e72996f6dc43db0228c81ce3f1c644090b922bfd72dfc81b60a8378cecd2ce14b9a53a16867476e08bb99f0708477e1c6af6d262f543ba4b3cd5f3309940fb31691b9e50ed2f3159afbe8f3c95a8447af98a76ddf5a531939232273c669231091f15e8f819183d8d13624bbfd6cfb9bf781bc74a9b4ad631de4694e8db879e38508a3b3e26158ae3a897ef6c9ecdc5f64d870964f1d0bd924f2e919e4a3c7ff5beabf589ca4be4093b2a95eddca2f7e09a02d639ba872060d7db147476cc83153f7a5227a1ef58f08dcdf9f821110512424c7e84d62931a73010576f898974cf24f9361d1abb0ea3e84c79925c87544cb11140481fad00dd75581526c0b9d49d74a05398e58d8e94c6c86976dfba9d00440c2bc61aa2de1cb9569bb9c4226c05cf31ecbd4854c2ccc99c1ed9f31a270c0ac57bd43e6c5194f8b2efe49d34095baab0bfe8c3c372b9bb77b974deafa462b08f9e05e027c3ad53a24206eeb5bd4973cad46c0a8157c47ed9ab9d6b0abc571223d4e3c34675f89dc0374da151e2dd6e4dda27479499910a7836a4b638dd32ef7ab1c5712db101aea462c6ea2447f39d38efbf64794c466165723063eec9566f874cff9d6d2e96e51f5c6e0f7349bf4e667e4b3bde503a412a165c8d1381d7024772a273911ddc4186a7c1e9818519d9935cb22452468938fa0321c1bdad488dfa0601680e06404b0533ef7a8bdd0c00fea49fda059f2deb7504fcbf980e13d6c67b0bc3960ede0fde107fc571304a87fb19ceab00ec6cf4e0087b5365e8d43cb08c256de2300b565474076826f381182e6d2e0e9d77be0bcf58ca80f4faa685435604637cd6fc65366dc46d92ca0fb569a5a9b6440e089cd1d8522b20a42 -TAG: 6def2aab9f94f8ceed77295e25f81309 - -KEY: 283d86e8371cf7b34cc9988005575c8e -NONCE: 98ad34184dac039f04f84e5e -IN: 8ffea351a3e1a51221abcabf06f7aeb97525b07dd8cdc21b71c97132f3f6f41e5e01c97955f4d67793e8f1cc5910a264efa8384696969680de914bd1acc9c7e9a278ccadcf8c6a49877acf2ea3f7e5066285672bca4dca1583e0a60b82b18fa564c5a7b08a2a0dccb9170602c9f7cfef98024267553955cfea077cb646f2b564caf529a5b34b83d8a16f30e2ff3905106e224444287f3ef98a9e12cf2e3e04a7a42ca30e6116834c169f0778cfad274d43d969dc100b9e1a810346d8ab715670fac2e647829bf3b56f2b7e26bbf025e74a3e9af4930e182205fc09e9fdf1a2ea0da9aa5cdc21a41d191b8fc189ee5ba00a744acb351cd869cebac760b315e60756112bd20239203ace94bc29b232ac9cb361e5b7aea891b5827869112cde2b0e2493fc0c88fa72e92532ff7ba77d5ffa865e47893a7452f0a4b44092caf70e02d344447b7dfede0aeffda018f898a8872c6ce3102ebca9e933fcaf22b5c855f620b240c31acdabfb7fbf109d2e9604b465abf43d64b6a010ab928722119625bc046c4489a95628612995957c75510d896ad2365603e6682558c185eec6749c983be4ae29a8a66728cb39eb5e95e7f7a459bae5cab7e75c587689a223f2533c28d44134b87f22e964e73c030782c8ac4ecb2a62e3890d0d96116a4a3d3aa340783e10a46d099d601a8ece1938a640c1d12b88ca4ff89f1ecc75f46a736b7a4143b671f3fc531b5cb08c3ee7c02e606097b0191605d9ca3099c6707c590c678c8ed7a3471aea52fefc7f56a736cb6675e004298903b43a357c28ea4f59ae0894a8ee0876f347682403eb4d45881e04258eefa1cae28f5a646e3f91cc08a935cd464f7edc1721f5b4e389f94d141ca4231573886c40b7df4e5779fc52daff710ce9cd40fb4dd32e92250592199696a13e742ce90aa6280275ee8c0eaf40c884bd846697c43fcd7221cba4f98b03a6584f4792e8bc16c2029cee9b4e80c5f1c91eb798345b10def038cef2f1246fd148cfd2e39042228726cb18029b2e38e570611aa75c72e6cdd5110a7ed6f5e5bcf1d1ca5e1b67462b36cebebcf6e21df8168177afcd1a31a9e498bf7da8586717ca491292b0df81bdeea3a1789bfe70b489b1d4e1ce52dff5cb7e71c009d6888b152c644b959036b0667e8a6471d9f4eb559d0fa3854fa6f80288a03ac298a31f69168eceb6fa8434 -AD: 73cea023d2c6afdb625b6411ff8fdd9cf47bae5c529c6022638e9bf385cac0b72a046efe306c3463df27276fd63c88b771f84cc9a8bd3be7ea05df941502d7a437ef4a3ea22b2e4ab8509904f352b83cc3865c489bddc6340bba4f2b4c382744467a3ce3896bfa9a0a6a4f8d6beba39613df508c29b074f9f68e8723f2c2fe02a5dcf68965227059e2b1dd75bbe2b80f963cf501d5c73663204490fb843a3793c585769ee10b764077b70654dcc7b9b3fbe7f4b146ca8c6b8e164774ac3421fc2969445f77b77cf63ff50f04e2439895121f1b9c4941b7cadf3a92101cd9d4ec6a07d70d2742e6b3b87981e992c549691a82e250c0fab11bdc287ec357f182a6c2244db8b39a0cae9cccfd1fb32de73901ba3e695574477c37b66d170ecf64130df3cd94049bf9b3cb388907f3dd9389c71c344058b30091eee2fe06f6be3eb7ab6b7e269d2f33431a51d30a39ea8b280571565701dc1c048f07f4b5f9e04a8dc4555e28919acfca9caf597a394120794b6a09aedf866271998401397a4e8e11a25a061878f624f78c321bbe8149bb60887735fb3c0d96dd7f022cef066afda0ec9cf4e41a82c4beb6cb29715e -CT: e8df4f21bb8d95211c75b194c30b1f3816715a063b202f8db645da8b826fb45e9af541ca9cbdc7c383d4b5179707f6665f8b2a74c5026243c3c5d9c32e6d309892323440ac0d945875c2665a60be211981d5dcf46a211a4e7b58e0062dc43b87ad3a9c52751f649c2fec404b9f858f4cb3ac9b534c850a8994f26136eb70e90ac44f623aa3bd362069d32a85c65292455946df893376868cfe3b06ef638e56c7defb9b4f0a162bdc8aed6a023836ecc08ed826ae9b818f3db6501ebbf3035159b6341ae703512a8fb8fc3ac0140c3ccfb1ced1ea4b7ff545ef63f76010acd708778d0424b770ffd36f2ddb6009ce5dcc498a9bb8eaec3fbbefc39da3da2f7f07470d051837398160c1c85ac695a519358feb3af9274fd3f6b1d936eb400e0bc5ffcf44ee9c78c730e4f449a008dcc912b6f9fd5d17f5d6dac025be318d5aae77b8858c1effcade42dd360e13b13f35baa64d37535a0ec8cd3a73d0c175be0246da3722db1b64f750c51d6e8da7db1ba8891fb688294124c989cf7d14108ab90a968f0729b6d7c6cc777e470e946b0fdc7b6dabfc6dd7be52b51ba1849cfce2ef2ca70c4a51523a1b0410e8a1a8e1cbfe7f1eb3fe456da81b4de6fb15ae13a39fb5b1c2b4aa9857543c3fb240965578f6b27ab7c69f74af7ec068e8c9238dd4848bf2345ab153730dfa9d1f57060e3e5f88a351f83cc78bab6149bc093ce2b29c706cbf85d35ad1c036d2103c89f1401f4f383d9345759a7be3f72da2eeab56564d98e2514d99192d82ba37ff5ef49a8770712c41e74c08227e3a2f9b516904ecc23c8368e3b46133094121209d57be76dbfee3ea7dc3240bbf1bace4369b09ed97a9080a3dfd93887152d1c03aa267ddbd97568b0538879c8970a62a4cb016e7e80b47bb21645d6a57f9ddb080551a9ca9cdd4fd0cc575bdeaa013150a8a04d05f3ccd19ab0979c9fda569e362f6bdd4b67268a88d88d0fcb9d68c47a0df0bb64048baa0554cf2b0cb4c27bfc0ce8d4a35113aa30ba03f88c73695a5d6c3495b5a15ba407ad75bab597a46170594beb34b7966d6bc7dc4ec2611cc15dd60c475c7d7b1f0922931d00dc93bce697dd4a4f72066d64b1aba029129d3a26c5ed44d19df383802733ca71de86e0a2f8d0ab04307d1a8da7c6f3dbe509fe29935bfc2c09712cd35c229e495ab3b80a447a168d044d163ae -TAG: 05b8694f3ab53f8a0763d0c0a1c5a64a - -KEY: 6611562d15bc2b910f4edcc981c457c0 -NONCE: c20bd2710668b59242f7547d -IN: 2202864ae65d2cafe5775f3025eda387030e910075e3664006c28969808975b9a72c905c86415833a1d1d86b8297aab682420a036208839f9e811a6a68b5bfcd01c7310e4b05f5f77ba1dc08f18e57a2044b20ce84acba0450b9b8ddb378d0135f779b1286948985ddf57a7954cc1f21252a06270ae34adb052c124787ed72511f4dde5ab0a708df4b307a9cd392160ce24119be4eef4af0025ca4047b07593293fc17889932588fbb67e72382f8ae826eb9f0e4b866f683814adb2407353c851f64475da9f740f71ccd7176d3d970d8618febf5ade20dcf51918e8a08e57cc4c4278565f6c2780c68e43970968ad018f3d04fa375aaaa5cf10f1cf11cf203ab299fc270ac41a19929f831beb3a3221a429059dbd4a00bcf55768a9f89fb35c8c911698edcf59ba3c2398801401e0e0949dbf587509d9bbfcce3a8bf5023bd751811d25de25693a43f14b01011d6030fc0d3017bdf8be8c84a7c088e0c09048b88cf0ec74181eb904b91919947c57933e5e5ed9b46550c951113e8e2a0e06efe5fd5b4d182e33738ffd16f571cb126cadf79dbab4f307e86eed9d3e2f3edda6b76234b7b80f7dd2815963274fb85d776bce13fbc60f1db9199c3e1158815c15b4d1858dc66053fdd4c128397972cb9ec05c87d16f53ce5bddede8ee959b5af5f8955b9cc11a26e53b9b42855cd11b570ae35d85e1877264c949e27c6ca797f77c0e5afa40d0f2a08881820b88f85bcc59edd24963771e9357f66f874c11a684f7987d876412f3cdbd7b9b3a26008d551732d9964deaef66cf4692507fde97239f15e2caf990f59a62693d0e723a50286e20cd347e6b98774805615100f599f6f85a5370af468b41633b85cdd8bcc7236296c50a530bd238ca0ce520e8a29f8ebbe27760eefa1ec14f91d6b751b30bf67cdc762486550793b4663dc38f378bc36eaaf157ed6846641a7fdd07ea45fb1342fe04d700ccb0bc9acda5eb00fbfb4aa3540fd675364c0f8f119df2de15ec2a816e76248c11b9c3e7769f98ee8d4cba3a525168e187df2f548a940e097805d735109d8ccb6119fc366caa17cb46be148d406a770a24067cc9c8c40bca0b544458b47d0ce451e4a4eb9c23716666a965ff26287823a699739e5a6ea844cbb5dbc111473d88d611b906fdbf51e86c5a90a68f97e334b7b8c13178f9678888cf894bbae601f4d3869d6fe444db9b35aed803549b72fa399 -AD: 26a47e0b75a771783631e6ba553a0aaeedb236216bff95050ad4b259ed60c071e1db318c1df201f2eefd8e73d66aae5835fe869503783504d803ad07f2989abec14a443e3e935684336a437c83d0c95ce9759d995e2cc454706d24b810fee5e32f4120aab927911f7bf11a7d0f2150b1ca4ce7f216403f3a7d622887675278a748d2523af6305c9979deac0da24f4397f57f38c8a860413d6ab4581d48e70b4113aa1a963b3a97b4c4a599be2afebab197e5e41d148b65ad2488af0fb9cdc59222a52ebe6a0ada339bd8b8c0195fba21d46c12d57eb7b98ba85fc494863645b0b32d9b8b4391436e887f6b481d849c2c5f6afe5496626c267a3982daba9af1a16400cf81bad5c1398d605308427340118734e476d808338de39e08549482a24729190041a303f61c4928ffd7a3bb2b46c92aab059c8ac1dc4affe52c6e2d3d55ce623716855934e80d3d401bf4532505c21ac85b738797d08d69e424e521b479f407c7822e5e408247251538a6c31bcc7fa0484dd8a40ad34f0fb66666e143193c9cad455012c3345953ef63b13b3b2469322b7094e8140487c76761733025bac8d71c3f406b0cebc28c499bddaa34ee6c03a82a52e4 -CT: 57d4e97b3ec3681ea9dd4fc9ad0aac302b477f081ea56e613c53b9cb9cc467a2042657905b7a5b308bbff6803d33c1e4671d126ecbbcf6739842ec4d552d377dcd25b9089d96d284118ebafd0cf8fc097c35124d900cd69a2fc1f97fe3cb69c6648aa069eec68893ef2d4d8820ffae86677fcaefc50b64c4b53c9f591a0f6a3320afc569b6eb7637e5ca07c2aabc26f85521837f0e3a6435ef5cf9d2ccf4edecc5e0984601f88023f6199456e965457e638c1d6ea87f5041d10c187eaf4dbcd0cbd6e6ecd6043629819af18635caaefe6b0535d8fbacb59a00f4c0bfa8711d32131003a051eabc95c0e7119e0ba819022cd01590edcfaa7543dfd2809768b1e03ba070db5f1cf726d425a6f623d83c454c78118a6dc32ee47528979f6d478a58ee75bedc95e9e74fcbb96fae77353e6f9c8be5727250748627d3187f9408eb131efd62a90a19bb2b19b3b3a478518e49d98609116bdb9b7de7777c8f0bbfdb2d1a9c4788d81fcb548ed51d1be85a603c1744792163bd18aac3d7f20e97e32f806e7a049d3f51384e324055bfd57c5116e48007077e295e0f3d3edbc6f4be1b08d42533327ae6c7464cc45ed184912c1624caec44a0958fbdab3a2a9eb13a6e6e4ac98e40979f4ae4fd7a8560b623bfcc326435df878d643f394d177013f737fbd4971f734876d515a4f2c71fee5a36a632c93095674310a60809240fe03d7c1584a446d536fb6316c9354bd007a4de1b12e155ea6216790ab5694268081f0df280f6402373a50e2d2da82d7399ab88fc9020109e93716fd3b7d83b14bac73e37a60ea805aabc557774c26c3ff906d5946514e222747fe6962500f90765702fa16d7490d9255d74dcc2c097dfac75e9f7f8c090f4d8e8cdcf4449bf5f7d45988f363e4751ffc24cca95d120714c2db59277837ea38e3b385d7d3811bc4fb755e6cd29919654bf3dea7bbe3375bef1a20cc55170ff514522886fa4716d6f99bfbe5801d1f93ce5bf82fee322e54ae1a2342659dbbdea49ff1b20274ce3dd2220945e5142f3152b4c9fc88dec89762b773ea1c87643ebf52b6f6f5f26bc1b8fbd459ef011033f3611646b50ed0b43bcfe2716dc780b8b5757d199e26657aa870fb149bd3f44db61f07a2692ab06ad8e30d40e8f6eaf4daf6a637c38a9e415b73b0bec06eba1a7e5b34d141244eaac717339b6ab052286bfc083ddbfd4ed0a70942bdf73f81b08ac -TAG: a7bf4e198482bf1ddb65779e97c2fd2e - -KEY: 8a7302e5e5e5a3f660bd83aedbf1e2a8 -NONCE: 8ca05db202082d8a59d11b14 -IN: f6accb8d8d24709709210cea12a34265c3ce7efd84dc8ca309f44016d13ff653f253d33d180cdeeaab7370808e1b8b9138172fd96dac39588ceda91c4208a3707f90f2f336a2cdc1ff3fa7aabf010776833fcfe43c3bf19e9a480495064ad435d3072ce131283d38937301b29d0a063c3bf04ad6664f063462aaa39f1123a010d6f20487a6b12ea1500abfb655a21a4b3eccea51368722f105f94f642765e7765e71199ec5b59c2db6eca6ba9d6150c2e7efb8635493d19953f9485c7e49f24efd2c68d18b1302da88d8bdd26fc7eb6a1abdea09907c02bcd80fd1da76800f18673f88922ddc6eb0740bca0b70f7d1e6ffcaf017421322c2945b155f582cac5d6ae6d4e5411ab895b953a2eadc3224c4dfa1d8f9fa592c123c2d5e1d449c92276dc21711b101bd40865822bb622dd90d6c66becaea70fe9f914032ffa17dbbe16c0681c9359a9b156314618f887486974951cedc90dfe9c04aa845d3f4b4dbb60b2e3271c456487045133c240b9c415124dcbb57671374eb27625e2697021c71f5f51237def9d88fc2181b6bac76eeeaec365ce443fcee15650150e57f92116bf9c3b52f03b09fe4827b876bfa3c3d7b84afd90972dcabaa971b625fe750cc04188436bc374689249454a4e54a70f2f8adc56af2be48217575460fad76faa4ed3b74f1cb6d3fdf8ca28723057c75ff1e8a74f9da266e9c594fb6c921b9995c926bca308124494c868fa6739f4a6ac663db6312ae34ef43ba21a122deef296cd77452843649ed67a99103e1aa77aa23a3e41ddce3b9fc80e13b1875f31eab3f75f89ded007be22d438d4564fdbced99cd49b372b81b49914595d1ac5d531b0dfc38c6ee18206e44d1c1e25fbc1c027a152ebcd22a6f909178fead243083b4f885ac2af83863c0ad73921098519b56c81e29dbabb7647818aad5a8bd0e09793d6aee040bc9cecccb7e69712e5317ab75a68085ffa0411f82e385377bf1486d5d61dd543ffb20758d3f9bf04a5f97131079ee01a13878ef0c7f466e8f91e9bdea970eccd28d552f8a5f110fec1ff3749e282cd45c1caa6d06e8c426bc28b2a5797407f885b176534ada9720f0d8ff65d40b4f4589bbec0a1620172941e5f0f42d44283358f2cbd0a4abebeb346d01178f46be79a1551e0dfe1dfcaa0c305cf5daef3090c2321dafb6de0481c00df6937590165bb817fa26696ef7a8128ca03a7eb4a199edccfd4bc1d653ea8501d1f9f9dd6c92252e2eebc2 -AD: 343a402e3efdf91f7d63416068044d204c941276faa61238721f7049662f3721f8d04c908cbb612fbfed2b050efdd69e018be0f463c3e089a063d7b5d9a2ac4eb3bf63599597e714c917c004804a689b2c2ec187b73a38d60d9edb3be9f99d3b452813a3fcad782ccad3bb63c89d4abd18450f61bc94314d9395415503724791a22d1af865d3d5f5296411b6d54bdc0e7ae878447228b2f21cc7ad624a69d56a3694e1a383e7049ab75bdd479ab122d2a50e595fe370041e8a5d9e28dc3b266bcc40b9d54cda53d4049b62feced54620ae0d6cc3c74de3a5bad614f1d8d0c6a74674c9071b8c0b96352c774c034ed7fdc3b8790c43e6b7be8c227fc2b78a381215d97bfa3274e3b52187fbbdf68efee0aa66d2f2da263a0dde580ff19cdeb2c29a6392502f589ca7739e8f8f585791a3f77c1968bed4a713fc5b94e8d3c6830c19291f9cd846ecca2bc05bf262aac54bc45409c2a064c3de28e79831c32f5ec4bcce979b885c9facb99d0c54484154d545ae67d4afaeb545b5aa5541dd0af3416381cbe075cceb49820ad0d52f68c31875169c126b6b1047d63fea674a0420ac808e2ac64adbb8412f8d03a6a5cea014c835b57267cc4ceeb10191df466423 -CT: 18e79588195948d25b9beea1b2d1f990e7b87368d4af8c88e6f928f375d98bff2ce973c1e5ac525e1f08fe6e7c29a976181cb5a2a0cf40e3bb24881bcc5391f9c129daeb6c85c5cd8bc1f47f9f92bd25f4b5fb474f7c0b49828dbace32f5f9bfd968cf3871cc4072252f5b600d88a857b4c86c85ace62e56aade90109a118e9813e984dd3027fa4ff6162421e3abd22eb6246c1f9328d85ea7004ea3259fa355031c660c0880893705aa7d672996107fd46c7e6f7ea2d455fd8183a40d41ccb0d50ba627b483f8ec6fc3713010a73dd52053e033a26e5a0daf7bfe3fce8858e63e18ef1201644dc0cea8e723a24e7558ee33e904a0489c3daceac911d2aa83a63f893aa6516f343aec8a9e46c869b38f10d4ba7c4875ad3b092be565669ccdf8370ffaf7c1efddc33f67e5751668f3d75b619369c863c7d3f24b052a46af2fe66a9dea52e2c36dcdc7ed8093d0244179ab7af3c73942e63827e4b301cbc0bc2c1bec14d690e8af1f5c72270f71693d0fd9c065d9267be22d647728d39737761fc46b0a01f98b5a304325ea8967f6983dcfdf9ae87c224fc71bd9a1aec353b28208786124269dd56519e4b0cb058975ebc9803e35cf6d38824b93c78db05f2fd2797af1acbef3c2a74737e15f9d2c8f3b8e6e964043ef53f4ae5a58825fcfb1b525e38ba542836090c5a663a370e9762c89893028572b08fb0005529d44936763486307267e4095a05ea8895de7c20965974b20784c57a175dc71ea738121b24e96e3ff1e7d583894324e17207bd0a72b0baa89987b6884c6133bb3320c35ea3033dbb7051f89000977f055f3a7f1c38ddd0808ce5eccf615532f1fa4fcedf772bc7423209b3eb98de47371b382c72fd8aae5005f42a31126e14317703083b5f83dbe9d61778e221da54899e81f936a9973f0f5cc6aad85aa831071959b307278d085fc830cc6085f5701879aef6736df39a6555fe3546779284f618860924fb02567bda44dc97a4f1277e40171218fd1569ddaf68c4f58697232abcdfa6cde9bf44dc39b0a3e000dc89c7cf8298a5576a57c7047f2103a1dc31ce8267d879d15c41f23addf662f8fa49661669edc1ec06ab426591b406def208ca2854210e9647d9ea5d4bca84c5a687e9f3238fbd7288774f72d947e85ee26094ddbeaca7e135379f678a13aa866a14fd4e9d63de6d33f01e9a668bc3e4a238b9920df22db04ebd5447857422dbc16200144fd306062f605bf9138f817 -TAG: 0b8c9441aae6ac2cea3cbb71a0ac7683 - -KEY: 44f4f7c9ef9a5fae05c10b2e7ac41afd -NONCE: 55e84c213e1d5f58f4c7aae4 -IN: f0b16170b11b798e138354821fae367a2c17638f1c7d96e343014410c4b4c47a620f79624dd7f3a8de28fccfa365ea904e2aa625a7f3453bdcc990c5bb2d6b0b972bf3349e15497d71349e495c1116f2dfd9adcba45b1a4473566d8eefb1b68054aa7274d4e0ee81f8e61be7adf3c0409176f0b566d8631425835d1f4dba59e7c0d14bbec2ba93c6413fcbc3649b8886cfa6efdd27b8187f1912d17776c7508a54999718de52351352194a81b2b0cd83a5d16348f2e39f22d833985882cd9fd27c1ace4f75a28bc48ac2da52dddfcc4fe428e3f46908d68accd60a17f65e678fa55537afd06fbabddd56ea1574b50d93dc76d56b04e05629e2bc98021ef9107ed8770ae00f1ff294f57edb583b4b361bcc6afe3c545c14adf343f2d019a283e9ecee5505ce2c70206924d63c8b574c798ae0970547c1114f2f82af5a6bd4c1a33c9cb49fb126117d06a63375ff67f7091e6128eebb98cd43a698e3f441e80203262b47c82a65d9d35826794b6f647badcbfff169c53fb70c151dd0c57234dc522d47b4b8470652a86ac09b7dbc44ce8a90a0a2a9fce1b70c1a54cdf59015b89de2331253f682257a0db5c6ed9e12ed5a54101524647847ad87fa961ca6276eb05a355fb14a77735c930fa47cc66887bb687b20c7518dbd9af90e13cfe622e9b0036979b9cd9336da11e88a189ac81581e7d85c2fb1fe3aeb32629e23deb168db993fadaa37b1fec1224188d4f50ee3b8f9ab567b8baf1e3a3d8bf807edba9045338ca14d26fcbabbe7d8a5a1ac02d7c407c17a541fb41004f199262ffd72c3d0deea8296a08af1fd7506e7b72f18a7d322e4116021bfd44dfdd4f6dff5b772ee32f49e098445e68b3a2cb58832d20486d5aeee424752b237d46f1cf8194f7a46459767d1a104f6d35a9616eb47208b8894d998a51519d514b689ac3ca19fdb1efabd1dd33cd4298ae4d0ff819e78480ab7867b2f4868db26c9604323edd258c4f6c977fc4d1398e3ba6300c37a9a13838ea9c5eb18ee193c3566ddf3853fffc0ac665cb952bf76cd2d35106b934f5f8da9aa6672e8f9559777ca7a56592fa536e8cb7be5821961e740483563e6ae2de1b98749752314cebc390beebd4d269f0deb0ca3156bfbf6973da50b8e4dc4eb2a03ee0bfe73f21b3b0f2716a4662a71e8cb04ab44f52ac930eef1895b57151175727f81fa074a8e5366d5b7449185e4829f32487920261a84a5458cde6565e41daec0b05d1e46a6a34858d546eea8258a399ed89a5168b8e6 -AD: c75f25ac1087b315ab57ea5e8e39f743a826b70e584c4bfb2bec961b6769e2b92151cc1a0d8bfc27a9d5d9c7b43c51019418bb19fa882e53fa0f59d6761ff7ca75cf098f613086f9403a8a66b07bd1fde46c5316403de21d4f839a2e67bfecc2f3bc9c8f28b455f0fdb75f28a18852e6e44184e5c104a2dd2e21f429b46004a595ee8e2b008c2e0c31c12a05bb9de15011003d43c342330f5852bd3ebfb7bc4adec6fd7e3d77c1534e0eec7e2fade24d89fe42dd9d8b5bff5ad4f5f8f010ec0903b42048e8ba6f4b9274c6364d0119c718e6d038ed716b21b7f2297317e3869767a2b841505ae4aea6dca5e2b2813868faabd7a299061148f69b0ccaf4a555cb728b562bed9f66fc8d60be4c48c60504afadb1593078c36d54bc878a6a981ef283bab6f4ef6128f78a594b3caa6774a8e6246ca32e84a95ea5774b7c76599e1cf25b68210c2c52f465e3ecbcb91d609f211c12a737936d84551ceb0eaf37f92152f6e93918f4a19bfd09f16518004897d9f0728e9c1bc901fa85f8fcf77bc59c2f96ada344fb9a20890b74520a99e9241d9091742def14a46c524e2c494aa57c1dbafb8feec5d71247a6ac10db9ee768bd2f7cfe1f6da9fca9aab42da2b8e0db -CT: 4e009626a3c4e6ee3a4b55ba06416193a63584551b8d4ed1e88f2b83f549129f329780515703fd0ef24a1039ade05d2dc4a25eb47a3e134579bfd6087b5c0feb9aa9d82e89706658eb54170c992411875bbe176dd0d25c06c2e58cee97e5444a1328b927a3616c32bae60cd8a28a58c35f7aeafc891ae5285759b24fa4b2cb59aa4263a864b89f14316181a5b8e654408eaf85f87b71ac0d14fa023a12cf4c18bbbbed4c0dcd5a93669183a56e3947b9cb72019cdc810af9df3ea68ce836f8a2a80074de9e8e444ac0e7982e0c029926c3ae96fa84711ee5c42ac6528648664deed439d7d7de9c6b207d9ad0f434c59f69690ee14b21c9e1827fd873d51cd2e377fac049d8d59219945de18e262f389709a291fcbcc491b2146ee372882efc0b48fb47c767bf0709cd5450c79948c2f35d1ac0c92ecdf9c338c1d80e5a7e7c9a2cabc78edc331fab75feaeb2e91be109bad562f2d7262be42fcb5bdad42736b9c94a1d5bb2f2d0a3e347b565ff59325a67bf074874639270ee8ea7260bbb7ffb018b88cb61c0f4b476111a6f317dfd7d0f8b9347227b9a260474a448abe10ca0a9615b2eb1708d07b3157f0cb641768ef759512b9d52c86b49925720335ab843db61b9a020cf95afadfd48bc739966d7b13148cd1bd426914700486568dfc1942c6bfcaec6eb4a47ff1531f4a3efdc57ef5c6945f009851925acc31551afad8dbde7d349e43101043af62aafaeb5cf67b6642c9c928a6feb55390a49e019af97b137375245794d794d72a2657f0400954676212428a10c8b75d9d0d64b0d23dec4c7efe5ba1e599f4ef051a050943ba517cf6b6ec438aea973509d1919b903cbcf551f4f2e328cba5b55dd9a5d03eb9e471d63e5ac422c47941d9fd7a27d00c6779ca609ba3dd58c0412e7e4b0740ac9064a6ed4d024918debd342acd03c7be1a6e7c49fea94f0069b19c363095b9ec9b7fbafeae5ff1fa68ae47db3641dd98b7a6d921843707f1795e610198df9b86ea45efdb5ba3fcd37737a06881300733a0a4f1558d562577dcefa0a9e76d17fb3d80385b442f1c07a381bbda05b5854c9c76c10d2c4ffe6e8c808309474ec30d88632a794be4e7002ab9d16eac7e5155b3944089bd482009722150e0e06ed0ec3df814b5fa516bfa019f3064b78ee714a03608167374ab4a290bccc10c76b247086c31f9b4de06d001fcc7158fba4569b71b6774a46a3c1f7f80d00ea315433156fa587ae49204be74d06a949e60867b3d5d38c93eabc1fbf -TAG: a6f01e3b9b29802f017892ef0080642e - -KEY: c3e4bd36e2de49d855196d82175ac395 -NONCE: 16571d209cd5a8579b05fbb0 -IN: bee133dc3379bf7894511cf88ca955f3ba1f794ed7abb0771d9d319b4f4db940963fdab1e831ae6d5c6daa96c44f3c2ce6fe2772d665a212d3203a593f412a557613d4e465b5eef977a2b62490e28aafdb716e7be6d040f731409c54e4bb38989349d842984116baf0502d21c910ac86e3046e6753b9f8771fec297eba18ed382b17fb1ef0eb20052d36080ae162e9b8dcf67e7e3d2add03d752f612b94ebf4c5b0f242a39acb092e32fd044b8e9ddc6abd0d10985c3b25ca4c9ba476d4fa55766f416d5d1cca614bd1d153432ce59e82a3a86b6fe830e1c0f9e64dbdcbe0457ce90464dbe56d2cf66a7eb6f43760e04a784466dbf7b153b2b96439db92180103df8f4fabb5734bfd661bf8faef2b400102229a9895fbeb1f89e6da6c82b5201055264fed0089eec72892c10fb2ffb4928cfa8df0d2c6680a5299899d521d43972ab8ddd613e074d60fd27a061ff821e8c410cc6a019cc0279f602582b752df3877915fbf14de225bdc2ab1fb177fa1724883b523faabe7e7da1d697f081447c406ee8a2c1a9f23cfcdba8fc0be440f2aae9f6fa5c35c54e7003254734947fb7e1abe7f8040289307d31bd6fe8e862a2d9dd3febe9073e1a183a740755059b92b0e8d8a66f5904f1470d3b04d98ed4a62b90245767507e54ca11afcd113960568c916381caf4c963c1d8e9aa4c7ea0ea5aff12af63caa8a5e1f128e70f3c1387b50757e43ebd3e7ef2de43809f781cd733193daa2eaa5dfa0c8b161e9e4480d92df163c2619b571f42ebd706d48a6693d4a5071733544d2d4fc771d7fd97941f83c920673f0b8d82dff24402a14ae971000c5c8747b9a10d32d622b2b1c3aac7cf9804be165d3d8c46d2b69bbd059bfcbc1f23dcac4bf5eb5fa92dc93a7f3b2199cee31bf2c0414fa2ffef1ea34ef109cf4e171460aec158118e3bb3a0a8a18ba60e48f890add45f3fd3193a47611baa3abd36f1069ad52ea464c10f5cb49ba753e43f9a0d1d9bb038e8d450c41491cb350be288aa2f95a479ea3868a4ce1f3265e186fb6c4f54e57f285576c6f700d9cf035d296d4519c6e31693f5e0b6437383c77bb2d235c0d5404a82515115cd260cabef6f2f020bfd20d2ee21566def190d0a6a76bfa14874565f99738fb0863054b4f0c3624b68447358da5bc47f195bb468703da3ead51cf02ea001c57608ca98328068212406b9f3821e98b7481860dc5d9533f2afb7f74b9144363e6f54032c98345399a0547e21cf8509a0214ff0e5cb956130d03617e50f59e300a0ef211b4150e3e040d46d24 -AD: 29ff2b38d4e35a3c0035f9d3eb509dcce14170381d68de8fb8f0d6463a2cd293ce08c958e186031a942315977a1ec5ff66e47bec07bfdaacf844fd2c4fa939c5a8b1f3fb489f25ca7b10d87a7cb6d5ff299a57a1b8c6c78b429dae9e9b1c1cec8e14cc3bc2119df31d75e9e5e3df7b368cf4a6ec4b324500d428ddfda32e2f330fe089494502251392e554599451e4ffca96fcfa6ccbcb50828840c98266a10de53f0f8bbdbe21dee0861224aac7713d8a93979043d1550895e06e1848565f5f6bcfac2faa3eb21b423215cb39564b8138b00a15be5392ef1ff451da000186d9807c48a98e2ec6b7e045a139902b920c5ce782b111b8bd44596a7ac8f468a6b718cb7679d5d420f28510505a52004c412e6489f586d302939f3e007e320a0de6cf9d4ad38cdc3c852907cf7a1a083117bdf3e1bc4300befa1180f4c019faa73bf31c43bea814990cdd01b17b167f21b5de9541aecf6bead4bdcaca96fa390aaf6850a54a4293ac4460de361b3d58d5eadeecc6b5dfb57a36215d03c85a4805ee8af03df7627d42479357724349343862c960061c33abf5a9a8dbc2d562f3738f2ce34d68340707da09f78ba191e230521c0ff28c3c285075832c00e326c842296e6a4ac56946f42483 -CT: 9debc22195c3c01c571b369ac186ea10068cf99ae63fcc98c40ec69b3a04503c783cde85be74648786d5a7fe51c74f821992c0a0cdae23f4ed7318a42a6230f7c31045faeb40e880046d6e6bec6857a1e618fb360363872047781c05c38ddd8363c923762e4591f6a906d47e6d74ce365d36e41a3a6efe6e9dcba165a0c081fda577c01eafb1f83d116270c5e467dc7346647b9c0bb1e3b1da43b9cfd5a0f4cb0d3deaab5f3fe8401665fcfe742e686de8c050e8fdf7f594ee4b6c74ed0b210d92ef26e45da5a390f9290643a77b57af4800b25eb4f3ecd45e5eae5aa0dd37097bf24dfc0d1b7315d1787356e84e819de3e099f6bcdd3a269b2001d1da51681f14069ce8375d2f6b543e6fe0e9ceef03119ad96683ac884ca852fb0f88d41102f275d5040bd7f237a123d7a7b7d186d77b2a64b54568b11e70be4cd22324fcb072bd6f59d2a1da48a720feca38f8c164b9f6fc187c0a7bef39e4243aeb8c5d87d460dd9288e3de113250738faa5e82b2b4e672fce93f5294f81716aa8a5fcd43565db4b580ed18e41577fe2bf2c62518c1d4d4c324ae26a65a4bab6e5edfbb98a8eca18b34206705bfb7377c06dce7fed8e76b17c0cd2f061a77900d970594d36bcb15a92d2a09d54806d031c98942cecc0ed7f72c92df73b14740e661de31fdcfbc36f8fc89164b7614c505ce3b909376e827c857cf2b0ef3df86683aadad3112ba20126b36c5bc2c121737fbbbaa14165d511d50612c8d3946c5fd8e1a257a5c7f684dbd3b160d849b7172f4648c935c08d38733792a171cf20ed4b2bcaf98e39d09675b5918e5fe12b4e2be36e4b8463bfe708669c1d01a625d4f572e9f30a5c88d05494711e673c3d23b1003e94d4a75b9477395e8a16944ef0a1726d0388fdbbbed94faa5e78deb16ec471ed75d92772a4e437fa49af393ceaff5606aca86769c860864f62eb9c5801eae1d1fdc79654ed09f2b858718c48f05968a7a09b834c1ab0f31231795d0efe8394b3302fc0f75ac9e7c18e21abbaf6054f7442dd235451d3b884cfa25f6b7018fb18c2bfd5bb0e6d0075c2eb4f9002e30fc7d420268bad52dd916be28663a8ea3b2a0bbe653256314acebec85c7e5d2c1c163b0a15aba1cb8da585c83016d4c3f1c0aed13c20a9539438eef3a426565cd8040b2918d154e689d871a55f19b505ff94f3042b3e7466e21585800952004906abb3d13414134008c7ce1def619eea9cb22f3a44ba7070035d4cfc1d5bffa9e31b6390b4d1da2c76bf687b9bdf899fd23ce6921fa93a47e4156a514 -TAG: 232db78e53f788a11aac05af1041dfc0 - -KEY: 64f49aea2a19ccab66841c438df5ff78 -NONCE: 34ccad859bfdd89fa9af0b99 -IN: 214eddb37dbfdefd2a3127354843f6b545f729391e0d19089255c9e0aa9bc0da87d001445c7d80393d1885f759fa8211231a50d1840e7d145899937ea7af1a3b963493fecd40448383706a33337ded7c51b4fc118a1ac975a4071f26a9a30a0976f369ae3a9724b05cbe75fedf84fd1bb6e77e07a76ceca71d5c035e61181c50e2dc976fbc64e1f4f9e6e12856bd3597b475f0b6a94e559477599a51bef1fb3a45106fcf0ca0468117274ee4e3f3f489e3a4ff9f6279e18c38928a00976464431227ade20b45c509675619ccedb4f0b24c2ffefd72b3fdbb3ccfffc26da5945a3906c8824d17a930633f8208d6d1564d5a69c4887812d91ebfd18d482470220a338de30b9cd7945a93460ffaaf686a31621c86b4620bd24776a54db32bed6809270ee19460c34bfe99c7fd18c5d7e9616efb6a156d4b28a0823df5a858a096ec388e2fde49a2c8c071fea73a23dc4dfddf751d100fdc57e346c9e690d2ab620a0dab87e3c1fc02f5f727eec6a1853067e7bec923dfb3c988c3e8f108adf1ddcb9b8804e7f3e9fc8191d059af53c95836314f0c933676044b85dbb950c953603589762c10fd76dfe2b301986468b3f65415badfa5d1f0c0816c6376b96c76c847741396adfed41fc14ff53c3d1745b70ce64f18fc2fe2ca445a7fba83780e265b390c4058856bf8befb36437abcdc25a758e77e0fc90971fab13c77d76751e19280e43851e7d39aaa0aed21bc32f7aaf25756111cd6ddc6b6f9b8d15acb4a25493f247b5bf134b2bcc2e5c2f91c78bad248357f18fb3278811e045a59170c9f0ed7f58707ea78c42e69a912a8321238ee63eb079aadf9030c4f718decddee4077183a2e5bf59a2a1eba07b8c4ec35cf9fa3a37a5c332a14c3711198f2bc9bc686b5dc6d3d7b6de1a8ab00b1fefeb107157f85aa8974c04edf757974a757090f4cadabe2283a29b317a831d8ae999173f07be4b4f665eaaa26093fcdda81fee6e170ed09f2944fd40f9f3ef47b406db52a55cc9350e78364e64220c9741f8e41745bfc1be8c6244c57f15b1912e55c6711ebaecbdae4c08c70768bda7750f142cdda19b298607e75688eaa8fa8f47f7746ab67442da283b1b9b9d12ddff796306cd690c0c32615007ee840844c7da285fdf56f004de5b7965450d48fc97a2cd2b774993a2bb28868fb241b051341a727fc12778baf3869fabd208aa3c55f81c247554d11eb5d847123a6ad3b177dd6ef950ef4371a6c0c294ecaab63beff193aa751ab480ec6e78bc1358c72bbae8fd8dc84038806efbfbca520a9bf9ea1df8ac365a0a95a9865ab3b3556 -AD: ad8da691b07926db63a9d188d3f237aec1f8558702b0942b209f7e6096b79154d2eb844b05dea8c81bd041962e0c9e8d1c64cadc5a46c2d8768f57ffc27a1d5003776acfb5f51d372510d26eca840dddc3fe79e9414bb76aabe249c7f89a43050b85dc6b5b9e13aebaa98aed4cd0816685b20619fd22c860317b1ffec8f7e78c36224bb3922208dc25d23f023139fafb2264f9546bf57767d3117b483807cc5a1e0fc2c691f3891f54897b46c01b6f55f4bcb86af20764bdb9c7631faa5aaccd555e68a86a9491fa87718d5a9112e4ee3c2364b5f339efbae59db73eace1dffe4439a64d1baee99e6aa0fe380cf686aef739a456ad66dcd149ba8ff6767e54b1a3cc645b245c2b2ab3607334af0cbd8847c3931b02acf12209ea79af189fd9c6c01871650a009274762d07a4ca60fb9a31adf4c877c73d0819f4a97c0cad91ea5bd7d5c8ef59b35f2b24060fd8c6b4afee8c4758034aac99519757ffeb6fcbe40b2783f4aedffc9d0da49f3f98dc25a66f2c6695b864bc40c2fd5511c7fe681d98304be4c3e9bd7289c9caaf6282f7c5c7ee4efab267d7d746673049ff79ccd7bd019ba994417e22a67f856310d8abad147ce68fea094e52969f9738ed6cf9cc9eaad35612400b622da255c9758d42f52dfc -CT: 2873303a8c1b9d3230e38c46f680a7ba273e654fee766beb451f311b3192f16a385ff3c70f124e20f6ebba3bcc288ecaddb2243d3c707b0cf50d09d3c89e67d2a2beebd0ca0be6efebf9dfc519f5149e7c4f0c5fa8ef05cac1d2246f2616c179b4cdb02bfe3d7f394d885dd30f429da8041cbe79fc35dea5d90b903ec27cd09861422d3f185b887ce5e1b1d42d77c254fa003f90d62d980ddb63593e8700a20eb0b7bd930d38ae937ec326116f0b9983c69c322589e79778707856eac07ec42f3497767860d4e072ed28a79e263297896797ace5d32595c8b039ea3684b763a297b30eda2a63e178a713a03ebed0e0bb54c3eeaf41d8940edd2e448533a0258036e41211c835ebde50e9b7fef5c189834dc89cb7aa566c40ec7265c068aa50939e9976d1dfc4cddeb630a4a1f78a9134e10be1868ecd92628d3f8d827f432123dabeb9f45ba4576ae932ed42c6447a7b9f3c9b252719735898c76db75ee8f0fa655fa023cc33fb1ac8974774ce6f23409cfa7a4e936b57b0beffbc6895731a450eed1b4cc795813bb5517997037169af20da701d42d0c9b169e4155a92b4ecee3df6ca6c4a22474c01fc0aad8866e5fc33a8b3ec5a002ada29dd4d284ccd8141e4180df300eed91ab9063bf331cb476d6bbad14fd7b6ec10a3e72833595579d134a642cc556b4e9613499627f0af51f6b22c0f963e4063838809510bcfb801880e455d7b4df9db1841cc2168d659d1997a251368f1c15673ce127033602bd0fd9988eb1bd63e47e8ea863bfce945cd077e486dafa43c7f5e35232c0ee1d00d040dcda1ded51a06ecea68ac635a8faa35361f32d19586450e7a7b7ab1a8861d9f0f4d9508cd2df522dcf04a00ef2dab9ad5ce9dfcd6b018d0f072e9a17cdfbf3772d38da7b799feef2b6bf7cb4f8cfa53a49cbbda15128a17e77f8f7b4d14e64e358a11cd01d5d2137d8719f8b9f66ecb62d97faa3d2f56ba50bf4b9a28bc896c36260748d803fef6e5a6d6f24a00550ed66a2ce672b8d1daa10097c88f81669d09da72a5e62b29494681b7d2389063605e1de349a83ef50b8d57c024b2d558d206a73e49ca7fccf2b1ca685156e63bb591125910e9f72ab2e8d3ed50883ef0bf6d6571cea0f5acaa11e393d15607373f25fc340b9ed6b58322187d6c8fe4ec47666e1ca34526992e7056cc7567397e7ba0c26e1a049eecc356158827f3867171b4c77d408aa24c51513b0dcade9fe2bdf6ec856d4a44112fce5b4c55300c24aa2e9cb7d289744562dd44afa68dc2f14dd25c65d3af78d4bbb781aad5f9fa05367e02327b644563dbd992 -TAG: cebb4182450367713b8f5b047314d8c6 - -KEY: d12cbb53bab8c9884eb83f1d2dec7fae -NONCE: cbb6af3402bf462f965e2c22 -IN: 81c74421411edd762ea8b7b6bc4a44132c51c2db09f47a03ad2a1a17d73ad2a395e6762cb077a8be977f3925ec333dd56ecda27d4d228b1832196da7755e48517fa0582abad802b62cf231e0a2748b61855970912e1fe92435efcbaf5fe34ff2c0f90113966704701337ec6c0434fe2c36e3300a4387cd0514ee01e31628b9879fc666284150489282c1083079f8abde0a2e500737dad91b3a7c4ec1f4eac35dcacf971283825a37b65464e7a8fd66e2ee6721d4a118854f674edf89d376c0006fea01d278b7985237e78965f0987404efcc6576d1fb28db9f7fc1eeaa6b42949e11dbb0c137d501ff08b34f0dabb7edb6900c48e647ea0cdfb4c4ef3178548a592ae28eb119f1dc7b2f6dbabfa2ee4cd7b7b117f1f90af318e121084cd6b93ace98ee7750dabda5ce2b883f582e7c5d91ad42e7ea1fe8454a5da83a169c32d73a4c1c185a02275b4ba921b071ace5fd34a2076b226d71c229d8be6c58270a3ddb04a554e4d395df00604dba7882d89d9048b3e16c692e636c724580da376f8212a6b9c443ec303fa70cbb1994d12a1574bd93b946c1a005df40a3722fe2c2e7fdf51ce2b895c6cf07d893a41a33a6906af87af0abf948bae5ad258e80a0fc0afbcd770a8a32c90e0949a1151e20e81cbd163b7d1ed843008c813ec3bf44d363e37ec41c094458ab8f7457339a51810fad8d63611ec1a93282c301eadcb4bcfe4d0b370d6f8670516cbeaf9b361c92252d14e062bfe2e63b439c7d4b1d65dc8a62263374d718831fcb4bdcc0bc59a18530f7dffbecc96bffae9e0214ea7f2a319e5c07dc0c8232e7863df7d081a3486a1378240a9966a632c5e73fe4800481c4f430126c4b5ec71963c08d471e01b6296b64a593cf78f108d2ee866af38028e3a4571f5582207706932019646a1476115cad80d0b20695c84131e11cb9689a6bfc40f820e96bdb151adacfe447f06516dabb2f766b8ff5619a15efed41650211e4f4e114ba0b071ae0a6b635bf0e1cdaff2a2a1517e7427f8f1c25ad5d7cbdcb433987a25a2962130299f1de3b68503fed81c3c98dd774402bd83809367ceff45958e7627ee8dabf50f6ff6aae34a8c7ce471c705255099f602c2792468b5e8527b74948f4871ad5296c5c50b8d4ccb6ff8c2f44917baa7b70aed81302624fc405d3c550791ceadd2aef796a0db59c01a5496ad0b72f7a90ebb1eb2fbb2cd8d8f09a2fae46937f27a7a9c3cca3360b08143043d378c450de9676a94ea5b9371cff1fa3b067069393331324c7d283bdd750ca521cade6526c970a82fffd925ff945be16639864e4189c3269838d3268264b1aa58697121394f11a1b -AD: 1d9caf4e3eb2d855d51392454b7f4f2b6f29f422d111cc378262c986e3117e81f6eb6340323427389ba2d174f4edcf5de47be0b3fa820783b8dcd35f18451f8256d6f703bc16e666367c93f8db0be18c98d4e93dd6db2f4eef2447cbde251fa226ef4b6c4183d06cd1090e46cee182743c1573b3fc885e9da0262d715dec1d66954ef49c3a7d54f935156a51cbb1b837229eb5619658db860835fa5c926e0b87c9ac50ac76fa6696e149127aed1b91bb623d232da5df30b9ef43b4ed018f59a803b995748e941adb785535d69b8eb9e4ebad17c4e2bfbe6d2706eaf90e29867133b4a58c3e42cb51b494dcb197dd55862ca0f274883686b1e492b35cc20e2cc6e531c15bea94af9040702513d7d929195ca34266c38ca79f3f5b0c06a1002bf40770fc223be269945e56f11a608276bc4b82cc228248ab46acafe801d330c28039f7614e59cae505931ae9fa387768c2fd9ffd537a0704fb30aef78b1be4aaaa6f7574da1274d3e84dab83297acd00885acfd32300a36d0e8e5ad2777e4c0f718f91564c60ff117e17a8c57d2a8310fb1fc62729720728f2991b4d05317537883f016711e07ae1b3e6d876d52a44bd246c427587fb91d1456711ef0c7970eaa33db3347397cb76b95713919c73188ce13a6a292d798844067c0302 -CT: 7f22ef21a372702a9fead4339e38ecfa2abe757d8ff986e7287a479a864bc1012d4621203289c8731b189937d50fd6ee79db7ee84a157acbe801bb56e1225dabf13a25b26703ec364f98fac1243ab4a4cada7080a4acb8509969ed8a2e9f309e7e465c43f55d2dc829e2ecd63b8eeb6bb01a621f86b4cd32c9c243c200670e0d9bf71b221de296e3364ca2ed5c73751b74db151176626a69010f136a32a14d47612488f90750316ea7088578bcb84805d331c77d3041af756f2ebfcc4c95c328ab03cd3424f689e410706df8b2e87ffbe24f8025c1ce48e2ff6a0a240f23b09a0378155c2fab57db5d8c0daa296b813ad148e94c8d627715cd2fe8f861e414b3c7f482eaa5ae1eefc6ff86ee30109e27bd75557d70598d7c65bf9bffbecf44a44339b09ffb88a722fd8c19f196b9822ae79cb66fa1c712cbef821d996fec59f5a95c197f70fd34db9e2349a372f43bec0dea764fcd71ff931d34fcdc8d9c9321e6d8984211db1c1987032ad85e1b03519f433ef9db8811fcb24940a320697c739136a77f66e97332b75b33b9097cfa9e224b262c19053ca32afa76a96524861a8aceaa98771efab10c0665533619befac9bca499ad88c9d0f089a7026583e132ccf3a542adffd56996331ded9917d363659562a6b7e45231667b8b3069f327d829489279058b9b89bb7902c1127d7e8d150634b580274b47354edcde999922654def16ed4378f313115f4013d8ffadbde1c8f8c918ff7257175f14ead903c03d5190aeedb2dc9e762e34b3f80d7ee460bbd14ae9c3182660608f033ea073548956b72275f74f704a349a87edb015e6154fba7c0ef4a32a4dc206dc42d5d261ecae22a9f455c409304131859477435b30ba3fad46bd5f69971ba74f1fe82a6d5604e5d7eeae0dc8ff5a170865134c5fbac13bf6cd007a16af86c42dcc887b90664ee5e48edffea8ba46fd84c844cbade00906c36d84373178369fcfb9226654233d2c5339099ae4e723a0c0516742e42e3c40994bd06086e6f030acef01727e7f600f7109000bddbdbba16b9543174c98810d5ef0c95598ededb7ab628323faef1ea4028c0ca414a7cc33239c84de86d53a242b4e8c3f9a20e3a826f0ade00c440b2f792b946a97758a073fbc811f3e22de8acfc9ef1b1a946f6c3cf9eaf4add2ba403941b446686d9bc0524590e2bef8f552dd54d9f69053f647ff0e2371b244d15cf1a5302680ece820df552b374bcd23f784a9c4bd486a71fcdaaf3812efa5a39366542b163294da6a2887796b6d863529dfe76ad88e2b47931de5194a63b9f07f6ec63081c3f97e9c0379c5f44e7496dd23b4c186e3613fdf0d -TAG: dcb7fd2d779be6e82ba1ad90bc79ca3f - -KEY: b243593177cd099dbacd5f8efb412a95 -NONCE: 132b8ab31815dfb463451fbf -IN: f63388d8dc46c29d2c1fd937c668025c833d7d96b021035d530fc404e1c6a3677b8a318c9a81e295c12c88fba75f1e17973732275846ed9103287714236edd60bd9cda0d4cd2695234bc69cd09e1b4db3cc73461e524e0934ab0cbd730a46a67b3614ff4973bb8643ac7d555a8b764bcf87f0bcc8d19cc9ddd3fe27a376b5a6affbc95cc6ba966f8ca697c5727dd3f942c4a3b6215c00bf37c50bc95b1e35dc762d8db2f0f5d30d9b35ddf005d8a89d2b106fa4e921ead057158c3fce0bf1e6e10085619777bbcb643b5fd86b9b39c1f11a68cce6115d2db8c01e6746c81da9dbea30559b1bbc2457c258955f2d37862fc492b4f590fdb8cf648707b17a2b613c5f08dc457a1443bd56399e34254c92b91093ea0208a98189429147771d1bc49296a070e052af3fa195f612fd2487eb49ded95f2c670b3ef23464684f12ae66f02d886ba14a360a852b9b84f9b5590a514701fbe42299b54b9e8c1e7b83c7ace9badd9beeb0f88707b79da375aa7c2eb9623c7a1c553c521a9c7a6a3e73f0d7cae3f95362d25f6ba2313a505a90442012f58f6d9cc55563a1e1026cc1ef0e69c119dcc4577eb775f5d1dd60cd60ff5b35dce6eedee48f80d33227f6354a128f9cff56fe1340067c9eb20e24e143b9881f8d646947b121df798b4917bc19a76e96babe9554d9617b4f092471baab93ea7ebcd8a05cb2d267be93b4dadb29d4ca937238910180ae497ab4c7c4b234661293c8cf7f2b6ed3e0a738ca8ba0b558fb24ccebdf3b3e9714e6d7b50c847b72ed81e3893bdca85bf46767335b41d68b62961f3304003247ed25b15e3e54d6942d35fa24b7320355d4e8e038ddcc295bbd6ef3b24e9332a710dd7ef673d3cddce10f683d0ba14dea984f61ecd580a684f3bc97cd50e14b86fcb2024367ea4e21a8d01f1aa6993a458bcbf1279fb45ec4510a9295b20e82cad0c79a5f61356509be41525bc938fbfa09306a94610fb9b9c8bae1e051bd6fc6533b8b47bcee4a9b81b492e1295c25ca91b9b5898487e468d64d275f52a6700fed0d7b593234b3e0010480e12fd8f5d7999c1b8b05c7b9dde7bada3cc6926095a8fa8747da64db55ebb3efa167b7663f1cb5883593955a2252586f942c8aa3a1e12ecbcc73e1aa5831c00e5e211c7461120f84d4482033a238b80016d71e51dc297043f67877102f69d7bbdacd03c1896bc24cffb24d4529aa7d8d4d5e5ad3a990a36e1fc84c7f8e91fdf2119a36f5b521125976ac9ede1d1b74e3a31a9428cc36c94e6b3a34ca1ddafda11ab46cb4501dfe4b58cdf384576d651b9aac532fdb97a8841d0bf58207131e0c55361d7f87aa4c8eca24c999b7a74ec23f9fdcacdf99a3852e9ca -AD: 9516be08987911d111d30398b1d730d6c7d0bbfcac487e9a810a9a17ebf0bde09b3dd7a9a430a3bbfe41b3b3a146fd7960870b1b28db45111c71c6c9ba731de849382d679ac46be434e2e95fef2b04ccaf21afa763bbc15e23ff44aaff7ee793941a8954e42917f759ffb0745c34e9cd324e9c527b6560e52007e46ce0d46aa8165a0e6885e96ff7d6d84d186b313cf7b726213bf9c3fcc3535be589d336f84925fabe762d14ad033dff5b7f39f5948f5f939bc345c4db77d9cea9cce1220ccfac396d1e4201780f8d37c6167600a17c18cccbec04f605d86dcbc3125dc3cf5b40039c3dec4355beeffd72ff221a4de57f0aef322369c1755468b5748541049f3f1d790adbb460d78cbf5e3d2787d5921f598f3d9a92ac289b58c46edbe1c64a6cb2a796aeb17259a2569af4c19bd69da1018352b63b2b3a901bbf0c754ed3b0609227644fffa7a997762aae36ffcd700089d74cf3b9ec2f5c9a3908ace5a7048c90ed8d775a88693742f5738cf2a791e67ec747e31a1387f0c0da3a77b28b720bebeb7a9f6e76d0454f79225514a9d0d8e488a7cced170b4b89b1b39091bb470832e3d3fcd144fe86c661ed6d290c4e73fda61c708004561dc71493c9dd4a66134308577fb7cce84891458e2dc4581603898bcf74cf5da7cb1f3590ff570ec6e559d6f0 -CT: 3497d7dab267c401f6754a95b885561c8dbce6c1bdeb8c6877810d6e77afe8e2071ee088890dfa18d8b4de635ebd88188bd1ff3539c7da99905bc955e64fbac216a0776d6ee45169e9959f4aebc6ef987f7d5fefe73aadfc2c6da56155d53b795df61504680886b9ea8bc59558160d9d63e2dec0c5d7795073c04b6191c725d5a881f71cd049b9ba42333f1082ab9733fef2230cfed44c7d827a7e6a8cb07ea58cd8ce96baf00df43ac95e35eb585ba99165b9cc6649b306c3399da8a03134dd45a1b9f1e4ab3aa0399c577104316af55587d5eeb0348271d2467b920a083b4bef6a21033f8428ea816718880da3c29f4332b19030d4270d20a4271169f179df4dcb07e15db1b3d4acb2d9cc9ac90e9877ddc09ee0bdc202e9fe23a844be123fc5b08068c9a6428988de1f2f26f06beaa020f725c072c842c97fa8069d944f80518ad2276cb4aabfea20db3256d35f9533d70c6723e5696cc159127ca671db02bcda89aa17dbf47c33eb863923c0a88f3bba8f79bdfb6eb2d15fcfa9acb68018d4d33417585299e92fe3e4a131dfd123a4edb72c988796c6dec3169cba26ac712cbcd92abc4e1f327f05838abf03bcfdb218d56e2d795eab3d08d5beba1b3492e72626d86b9990e777ffd91ccb30f99713d89d0532a032bf12192a1ac2368dda2c131febae2c11bffd83311fce6d20521e92d458a285fb548ef27158e593f306d99f2e5e521522192037e94aaab02713e3242bb412b362508ff0d4823ca0ff6190c71e31f4ff06f40f8d467182ad43848ee8b8c39280d535c7cde50571f40c366d97f5de703b808aacb5a7369df763518424137d42c59d91fdd365d025f1a747b95eba9f0ff580926891e39ffa2943e28e4cb3981d2cc62e9b975048df0d0708bb7067a67bf1ef6d03692fc5501bb09d562ea9ff3078e454227ae4d6084d21e08cf6c147b205d74fa81b72c1684f60923bc024c072608ea21ce48fa46c41495761d68744953c87c6e064b33d8d43135e43fd5f67322a1d2d9ab0e07e9f8862d6d252197a4fba914aaf4092a4d499a5996d40f143b8f3eae95a5a64b23a17495834e3246f3d0a06756d80bdfee94f2c03c8e5ce0043e9094465f6a3307f8b6f098edd85f863d2de3867b644fb0ff335b83d26958c88960f9913ca3159b61391fb67dd6770321a6971e1fff607c9ab6a2765f4795f53fb8aeb26944f728dc6f66de97136b50d722affbe78e59f00cdeda54e23f46647d024f384ca01f46a39e660df4cf9a2576fa353c7b243c401b429262b14112866fad6e802ad42fa2e509ddeb1ddc70d24e4eff5f7e94b4e9772cfb52b88d81272462087a446b770db1aeeddcf81cf9075b419acf4a3c3cc -TAG: a4b1933381318aee1af76925720ffbdb - -KEY: 5d44b6e557031ed28b60f3a9e73293d0 -NONCE: 3f57c9c636ff9336cee08635 -IN: 8c15ae3d5af075f8d9ecb494b00aff1dbe9703c80bb669b522a00cfb1c400598c6b494b40c87041a99d461017ef4381d3db7df5a017564ca988018c4f36282213de60c841944b6d213d8fe2015cd535184b1619866106c39a09f71a70f78f2cb8fff2f377d87390eb31b73db093000006239a8a3494a563618af189ab3af3556050b68c4abf48cf4d02013f9ed69b52d8c6bfd5188a56f4699b03f60f218539a1638c9890c7a77f5bb18d7c4ffe27314461a29c91526cff0f713a9be95b608a2ff36783474cc9db1454df62fc7efe08ca97418d982d74555c0c15fa671f99fa73559ff54ebd092756e7d9477ffdf2de14e1c9d4900fe401d1fead7fde27cd37d016cdc56464f76193af1c252d4efd60f6f3c0644ccd1ac67d968140ae08db759aa7af205563d4402927cb791f8cd845777043b975ddb1ebc66be4333b7b60293952368767aab30e1a52e1691a35f684c8587bdacc8b374963c1864619ff4a204753b44860f595ecfb275dd0b94153a065f3cc3235a7525921d16684524794cf45a9902364c80ba5649b90c1b42ecf2f17c4e3b7a888c6a2cb30240c6baec3170b309714aae3005846a19c6292e5b7d2772af24f14bd7f6cc7eb89e0489400b4c18b9372aeacd92918e4b2d11165f2de062de882f42ee7c4b5ed2fa54f66d0b4dae63db4d9a777b404b1befa704a48a3be7b8511fe716f77c890fea23fdd05a9d4a57eb0f130d7383a023ec6668e6714f84337dce5f8a9f46b9ba17480288fe89752961c6e7cd6d32d435c5930d5228be9aa002f01f0ddc79bde0abd76e4294563d5410c81c56644620a002a7facc871ee7b5fc73ed03ae0cd253439688cac4e6147fff75fad37ddd52971895702dc280273b8e7e99f8d1e93a2712bd9a6515c9b1dffcf7800ec13e08cc732a15ed3c51ab8177b3b1b1dc25e387ee2d0a69d7e2f7f77555bdd75a75400bee511dc5c30aa7eca46b05c9af4e94adee1c0bd84085af86a85a15e81d607ffcd6f7670bc11705b46e43b6beea7e1eba5804e24229185b15fc1fcafaa7de15ab336fa2ba7d94852f20de7543b4acb4e75f523863649578527752050bebaba444fe6b57c0304cc4820f0034f66b778d907264e5b8c8c0357648875dea1506c00413109ff2f25d9f1c3aea724a5b7f39ea1b08b9329c07dd8b0efa2e0e6fbf3f04708b833c2e14b6f5400b4b3d6463bc256e42c8a427f7a0d8b71aee9825169b9613dcbcf7cc364a87ba64e60501bb01d8f55eb5141ed945666f69b536662705d12f3839c45917ab7c932b8609a97ebbdf042fafda951753abc765002ae60eb1c9dcb2f95175ddae0d5b344a78b60c327676e4ca2ac1ab5333899dedfc91f66f4f8ed83130f197a6f35def3e8e2c6598e6c0a8ee -AD: 6b0da01dcf6d8aa5fab8310cae71d02d2ebbbff4fbbada8a7db0725cb2e20723d2a3e5471d05b2319f571ae68ec953f26ddc167b8fe8bd801d6c58730f4dddc6c94bdb1e6d1e0f11b6d59e28f145e75a3b4d7aea2f78eec4677c8be45307910c67ecc10fed65ce585c6addf789ce485033d82e745f91472b7103370b162bc60504dab311ddc428b141c105e9343c2cd7527e43baf01b9bfb4e1b85918bd596696b2353425d03941d9a5aa6d72c57f1c42175b4120269551db41dec9b893d24d76a503f13ac1095ff824b0c3f7836e8b934b112440fb8157d35cf92c196de10fed9046722f83ad58546c9b27b9cb6e853dfffd89ab7724e140c0f1326302cb2224f587e6c7f27111e97ecc0dcc7d89a88e133970a22e4aacb12ce388393bed30d263ed1c080c1d56b0777e7ce2ce19a6b8db174aced748f71fbd52dfd415ef6fecba1e4ca7f207757967b3a6ad1c2e9f7c6a58ddae8555205e5c6bf64b209bee6372f196682db52dfbb37440be658d1398659a3b779843c381c5673c4eb97ce0133597c5667fd183a78e5daf15c56ad726f6d368dcf37ea737af668ca7131d4027b6260c748822e7a387b611ccb6edc4860fc4302493e66651772a39f5c98f46da64a9b1219babdc1cf6ef4c6557ced9b85ff3b918053dac001fbdcceef7485953527e1181670e62886f46371d2 -CT: 68b1872409e4d6bcc2d218c7a844ec2a78969d25b766a5272ee09a3f0dfe20abba0ea4cf75437e4b759e8586be4defc5146b303b162c4209406c93884c06a163a5743fa6ebb8f649ad8de37194633d18fc4d0bbbb1c74e8297f48e1f532e5ef9ee7c15f07b2e96cfdbce6f583e267658a795ec9c4dcd9916d5dcc08fb5c28277e56dd366a26f92f9680930d63493e2995ce350e6286c2d597273b7ecdd27d2c05b725e32d6c48f7f577ed4098d318fb822cd6413437c44a9ec8feb54959a2e6403484a8aed34e0527cee6838844dc987d933af12b370cc888b6f6ff2a25754caefc1c665751321ab9b9f19bfc17e6903c99dd87fd502065a8ecfc1c29950dd0007ee2f9c3fc752cbe7e661f06ff22a266f564e351a7137a1b96616e31be24c7a13e62b04646ce0a68791e0e1a099b862435065cf7d3203fb32d7d7d8ac4a77642d69f7c27a46973b6bedd5e840f887209d19cbe50504c0a251056c8a83100092a627f73edb421a3f1aa12edfc78d3fc474cd2583808e38d63baf1c5b4b5cb34665e10d4af806bf3abbcf4432df6c9caa76cf0e17a5e0e9af7c8868daff22d84b7b6eb4f299b750ff18b9b17d7412ccafe3e55e5b02af9ad87c03799c2282a9c6377ba42e840440d8c1b19bcd1c8fc35f02fc505a3ce97562b9e660fd488b53c30edb98b91949188903ba2078193c2de05e61c9da7bc056624104471a8231b7fcfdfda4d804b8819888a2c9bde680bae59e438d89778c5a04dff214e9b14ac5b031c378c8beee5ba9b1f91dba760d7621c24c30aee28c4b49e183632d8b450ee6895a47b96cc3c1917af685905691d1ca588db5a21674391238d76ae101c3e83d94dfee4a0656baf4d6cf277e0c7b0512e4ec13d12a5af44c7d19820fe7a74f5d5875321d528976f35a5634e15dcb35a54836370569d5609de0360ea4d2f1937dcb2d68b20cc5a04c13c04d5379a7dcbcb6b711712d7b3b20d255156b7e61e99803a4d767f0438c4fcb166920744c20a08e48dcf5de4ec325439485b51e4c0f08cd22ecf60ace34b93844c2c12bc7b46a8f6b8dbf4de311f1039504a46d9616b41fd58388f458bdb8bb9821a33379cba4f36b416c2eae02f42b736c1cb6e673b9b9dbd230b6a23d944124469bbd2c545f5ab72fa4b3a47b4d0bb0271d615de6c7f182cc92165a84032f59c14f181c093b017a1c7e5887db249b5ea2db39faf7a3cfba08538b91520fc1f3af697c5f4dea7274cd86dc073920280b488a3f66969cfea020a312be1fd111c7847296ec5f5cc91f00188c07c05e4e49cd0667ee16345f794219ed3a80602cc11940aaf9a927805a040419abd20ad8ba0a05c7ca9936997549ed5a3c7e7d9f582c735a424895c5f1aed9a3a2ad3cf7d9f32d3e -TAG: aa69fb97b939fb73703ad4cec6c24fd6 - -KEY: 714f39851c1fe09297c8c69dff0e62be -NONCE: 3383bb6aceea0cbc71cc7783 -IN: cd1fac364236fecd9fd8aaf59de7680afcf90de01e9adeae58c034c25c8ed25b58e82e4fdcdcc2e69d1054dc753425e98cd50644eb74b1b6d62c769b61bf74d41a319eb35878bc837bac60af425c0a36b150655ac82f8e8fd61121790a3bb9389e121ed0fbb061cd593603a763e0b8ecb357b5c453b20239ad2e44ee0ef0e4cb717db95613c3be18aab77c708f5e91af8006e11b6ddebb8b0ef98c06dc3c97d008e058bf3e534582c24a1485f68214cdd88167814802c89d5c07a7453aff1010d6db0b778d9d8fc64b5bf3bb84cb97cef38a4b30a7deee12f0af806833c8c6d35a7f995b414eb0d9a900e3e56afaf2dd0d162063c4dd52bc6ffa56cfece2ed90bc7c9f4276459c9bd128ee40a5aa514de786ec15d04a16adddd64c7613ec9eed738fd36e24fbcbdcd0d3318fab948f47314a5400d71c5ee07a8c1fa17e4a4c08f4a467291cec1e8266342a42646d138331b08498f2dc3fda0374ef736d05c2a363fe08dc71ec799f0256ac9114743f40641ed8d9a039c57cd409bff29bde518657cb305a875cc6c0a58fe9ea3452df3e3802cf316a0c1f477179f6cdcb39c7c9424c07997500989a600887dd9f04c92226df10e9a8301818a5ec2f0b7b06b6d1443dec46f478a9271498b956b72060dd2b3021b004358b7eb6a083ff2facc3e9500278352790ccb6f9df67dccf7a03c33a34c6f33c1b4dc4ced2d5f69e5f68e79c582bf0db7751b774019d9399329f1a6692c5c527a646c9bb866e69d4f1ba4e6065cf0c5b09e941c5bb6e96d7edcb19a5cc02411507701b65987dc206ffbfaba4f06cf394976bdde1ac343e368ec1083813417cd0a325aa0e88913958974fcc911478a460b79b9978e33b21064ffdc1fc4df1e314948df71af9a6e0a40907e6b35ec6304bcaada85b456298637b6fa582ef331e2815fef135dcb66870107b2149c5aaa790f7127c0f0819b83bec46c0f6d30edb61b6fdf4f35f4b5345f1c684f41eed8088aa2f1d42c920a06092058e7c225d10fe1e5befb4dc593badee754fa12b843a6e9f67ea0e0616eaca697b22f526fb79a2ec259076971185678aaebc6449ba3bd284230ee621bc02ef1f5ff23651a6116cbb7770ec7385a44f4d54e7cb04aecd59a99660a1021eb6abb5d2cffd76e6e7380c22d0224e499e0c7b69aa0e7dd6deb47b22b1f1fb882dc35eb944a495fc3f6345b08da8f7185c3be95952bd7c982d9c8b2410a1cf1f5164961f6d1db6160d252e631f77b02d4e23dcd655e7e875b9b703fd27c57008184772c73fb5dc626ba43f54cbdc2937de7b4c470235098cb0a3e699baaa8e2adc09f8182ae1f168aa86a790688795003c3598293ca269a94494f159c5d19a22469924c5fbfd198b8add28b37cf7bc3258fb4b906f2ecd672f4fe1fd1359a433240225 -AD: 1d90b2e081fc4457b3387c1033affd15747b79dad1d6d3b69c076d4dc5c209ba1cdd383a5196fc21fbc49fc65c69b85ec299b1daa26a4bd2e5ec2559cb230b21c3bb62e2831830a2b86da2abaa289d98eb04eaf3cf8d583ffc7291c3201df2c09b7d900a4bce0972e390fc980eb67cfe654ba3b9c579f997e319496b57819b36dd2b4484b88ea3cc1ba777b10ecaf526a08afd9e2b3b32b2bc02932af5d09c2ee3fdcfa18d6261808e418c4bb80be4315a5581d405841341bf2775d8d0adc21c10b9ffdc0ea4b22e22f61b46f844d8caeda0aeb7e1c3f84d337898af24fa68d60e2f19ff815713e1587e0d6e68d64cd088ed432c45637e1767913343d899b2f8c01bdb83253219878a5b3a4e6166e02387124e711a56e49da1893b4f72198c6339943262cdfccba33428009dff70a0c8c79af248d081ca04edb2ad4f35ed1819f0846dfade107c7e9f4094c014087c719517d943e524b86047d24aef8b901a7b1ec4e839400b717e758520cfc7a2dbced0ef491eef6aa2695b2ab9a92296b6e75251f124168c36a6555c4a465cf84a7b36f3277859dd5bb0f10f84cbc944b87e37b6b8ff6958bf1f0546839effd30995853c734a11c062414fe841113d0ae62597cd12ef80dbd4dc4f72e065171c8394e45dc6f87c86154e9846c1eb58f560b8c503848eacf05107c445a6a06420e67e2297a9975d23 -CT: cc11a071e11cf36750fad572fdfefa377b8f0ed6cc47bb8015cb51f0eeb531e5779d233ed224022c5f7ff3181ad1d6a9f7564f41ee919f0435fe49b4266157a68061a1c5d06d8a8075b55efab8c9530266955c179f0a57684459835931cfb2eb1244a730797dcfcd31e7a414ed42990e9a55d439fbb803f2828f92cffb247f8d96896f9b37ce2d029aa15873bf13144cf35eb70d8e27a013513774ede1d37e4aa007a48a12f37385842cb716f60401f638efd2841db6165819eb3c2c58708d92a454344fa64c2d740cb34d4b7dbbc1d86d9e0083432e0e90c074b617402b68e3199d6fc43c454a842da725b49eabf8459b4db90e6553e17f979fc8d6bd03ac382f3a85eb40b64e21787e8e8170372eb0202fd4d78b39fb940829e11270bf6ccce0fb28adcfa8b60659e54a03c7b22491c62982e5673d66791bf6db75edf3836449e918b0c9059de644039063d78b66769d8358349acbaa7f1bef02fbfe49be375f652952f66665df26964b8b8b327683731cf825ad45118fb98f119db977828d96618a4a2fe82105eba7d1c3bca35775dc57a207b5b07c24305829d911bd7d30e3c19b030f6d34f6858593f3a0dbd928fca4b1ca21ce9ea8b63b149aa444bc696864fe2bdcbfdfca33a656db422cd007649d3a3e895b909fac7f9f0d9b15920b1d9dbcb343a2a0fd9382154430f818a9b347dda83e1c1038eb5259ca8714e2f8d3ec13c8c7a96c537fe599b30fe8780c82242f674817e815d56c92e765f3c67bb9591e27640d4880e04fc6afe5f1482422b0de4282df77df798ab7d32372f22dd3dfb0035182fdfd524dc315b0c7607639fcee3b1e12421025964a27bb5926f28c97cd7d74cdb26a779b656491f057eeb3be3eea0097b787ca5d1b1d5abf42fe76b16e565b2c1d15579e761efdcaf04fb18e7a97215e4dd53a164b336921390fed9c4fc1cd0cb0825d4b5c7061db0f4f1cdd950f13646c662bc6837ce2e455bee1758a59fec54d758eb49f040384f27ab6abfbeb7ec52a1a1b3ce63f6b4ded32a41a64b8cade579db95b7d90dcb875e83424d03e9f3bcc2dc45952860f1845632c7550802c957657c9342dc32c64c558944fbaf5f2b6a04b5d48794d140bf4f9de2fcdb1b77a0602f1c97fabb0f2b92b05b6894e665a8fad01dfb2764f673f61b9c6cae68272a5b12a9a8347782c69f5f9c3d4ff932cd713a1e2a49759114563d94261ebd7c0a723a5837a1912cbcc98b6481f6d7bebaf29276bbbd6d0a83bdefe2a0f3d4d60d88d4575e3cff73eba09aa290c2060434f85955597a3431c376f64489f50dd9d1be65b72158b1d6875649da95579b5c88e3d445c7bb95a4ed9452e18ef33bd7dbcd25c5ad6c769a651204e082026742b15b49554133e1539fc516089ce27940c89eb1a68846f13f3 -TAG: 26c14eb5587ec540185a067635e64c29 - -KEY: a406f8b8ee46d958d10d8724d90bb26e -NONCE: 2b38be1c0e8258de3a095418 -IN: 26486ad28af8f2fa8c7befc95510589baf81a88f3823e87eaa8e40759cf0853547301de1e87b2eeccd76967bb364278174823c1cb1963f34fab537915031cead844dbb1c614eda56e9952b1eb4cb153d06c59c8da3b10af499b1c15ab0f03559fea13b81bd35fa5eb9a5431e12ab87c3c094861154d3d8eda448af7e15017103ad3dc7e9991b10cbe61cb33d2ff90121f4e40bd5d9e9c34b89679b6e1b54e38f00b128093af3e4ca9830a1a4d7a5e9db067c9c51fa26232945fa3e1e31e28c5000e1965cc7aa11a051305e68be9d60fb92f46eb2b701b3f959819f525ebefd5339bebfb64636d680a2a4f32afce85e287f8936bf62676c37ba810754186e30b812b1196e8661e345fb5b09b8dbe5f96e0010c5e3dd0a4e983149f4a058437cd46e3b32ca04c51ae3a4a39a7e15768a8fc379563450c616a5c7d7d98c46c0b934c894727532a9e713d330d294a2753f0f46049c88eed68711e9c49632144d5cb14d76848a6f7741d36c969edecdde52cbfb57a628678d31befa7ae3198343deae760d5c92c31f3c045b3e932e9051cd201d2dae66ca0368b94445d662acd6442c39eb945c8a4b46129a8cf5bbb2b27927729406f9b081695ce148a10226bc345c648fe557b7f8db4604fd0704831e5bdef6694afe716ddc3a8d69ccad4113ebe1684346b493db264417cde9c0e48db46aed1984f72903e94b72cc2b2f151fec80b32523f96f61485f026d63734ff80015a1cad4b21ed1ba057627b387eaecdfc6d7a195b7d46e485bc137726d96c4ba51e1656c3f234174759ad922f3493077d65c149d1e871855490b6fa5924f6270cf15920838b66e3250a99ff7a55ecc9944cf3fd204081a61ce05bb989e5abeae4b2f24801e7f2223d5ce05c2b61f32344a0370c22751293bb898061ff50d6364ea0275bece795be21c9dc0b2749ff68a6d15896d4692474bd46fb256d1d012e45e7a58d880fba240ac6b89d2087da1ff7d41df44c768fee5bdf51f36b090bbf85e7ecb69f61312463eb0b4b1a04a153f593f8d43f62ac96f76e13ab5928147c5e63788bba4f076d12eb6dd15842e2c40fc9f1ad5dcb80bd95d9d41222953776b3304badd650afc783b7342196ab551a474579d95f826f53d15b96ac98a10c2c6d50a7b9b947cda9fb8d8d7dc7def72c5283a93112d2b58487a25debc9ca06946bb0a52a1e4ed3bcf0fb8decae49fa6607c55501f01b7441671f08c814023f7d46f4bc596d709d305ce320b1b0160bf35c8f17622c65b8e5c97b3fe7327e8e22384f6c400e551dd438d6d3d0f9ba6101abd1bc2486ba249b4cc83c47982c1210328968f2b28e4a7c4880d598d5b47aca2093965622ba7b4e4062c86d81070ecaad93d5e47ece22480e24a29b2910b227930344f6a00916bb215e57e1f3155fa9437603fabc6a4c6732e0887f40b5017de -AD: 54e46035c45b6ebf14c5088c5f15f552a4d233de7d3750d7736838a5cd4a7b41df1b71e6c5e6a7dc63519ec43bcb4fc603168352b8b8e261c15e76e73556aaffa32193c1f5641b2eab29497c80eb06543c1b0f1787bc616a4e6618f751dd0a2b28a87fcabf405e97efa91becc8ac1b036a2ca244e13dcbae589f0d6bf8e19bf91caff673f2a80de93a6fd5da1e63516e2760ca12a64c8175071de22b26ce72ff9e15e5c55fb253cae55a3f48c0b507bfd423f66ebdecd0b6227d0e67c4347f2a4819a6825dfc2651e97c1da629e92bed3827a15dec0f0c8743731baef8035fb0a790f49e5b2a7339485df313a9633496fd9e7a9904ec566bf20b8dbc0e3c1e4572411da7835b5eb5cd51313b78a1d6ed96bd9aff2fba37e86d475d95fd7e14c6fe8ab23645b15e7823b7bc9d0a02fbd9a43c05a6c660b6690891c4d055af21b50a5500d72c91695536eb1a3852caceae05803486c64535747df691ebc62e888bce8a5c820569b3d80edb4e29027e737fcdc4f49f6eae43b4bf68a5731fbd09778d6b205bd8b3ab4cf251ff31dd94f2033118ff0c4154c78af27570d12def873fcf4de7ccb6b6cc8924dc63f8104e9a3323ddd32006d8ec3aa530818e299490dfa0a9d811fb3bbb5f624f26dd7d0d7a87a7e7748af5ee4f4bbeb150ea4078b504aadaf92b8f9edfb701c6df7ca615416f61bd770d5fc6675db01394a26f585f -CT: 4f90cb1e30d5c2c97f46ec00cd8203ca8dc808dc0e862cfdb35b1e92a24f0093fb6b68eea43f04ff1332f942b03aa2dcbe03aafd18b292cbec3cd66d7ab26af3f274a97e599f520a6bb59f5c56fbe858821eaecc297e0cca632addaa5aee071a6cf84910006f158cd1e8a38f185e95dd7f6ad09303636bb6356e400ae70338a8eeae7c22440babe6d9595b2ca008c2e7a471e70e66c49548bab632e87ed36894c6eb97c7de858382cb060277edc91e19b288870b2a472df769393accb07f34a8cd94922582ce351da199a8c5c426b2884bba07fe38da6289ee55537952d53ffced29cf053a9e1b9b37d2e0e3c219f48fe885410e6bf78fea15719f20091e654d44c786f9494e4a71b20f968bbab6f5305af7b8668867cae10eb93904a0e3ec3478fca8d6a231c9b4b84cfc3394716b366c0b1a1bbb8012a298e3a00831791e489b7a2dac6c26ca9e5ad4ab58c4cd71215cdfa2422f49a7b30698ece44972a6dc7dcf9ac40f241085599e71957bc719dc51555312fff4e963832017371980b5087d0f6373e5b52d66d7003525cabcd56bfcc00041bb9f0522a4dc86ecb444497b97d882d122dd8ca1806f1e0c8ed3b1b4810dcfee9b2803d08f43151f5a968c18266d0b956ce26005628780a1c4fe0e25b7dd55e6d4cb6b1427fc56afb278a8cf91d83b952908c295947a5cbfa183816a9fc4400db94a5990e53d99da1694de5941364e7828515544b1074de41c253a3b7bc4b72a3a0173138a025fe758f8d834c7c814f1440407cd1a98aaf15f7f8d5055aa8237c6d93beb53dc84cd4712d0535fd90c180a40ba6cf9880d5104480c18cd9734354c9321eb3ad583caa5eb05edcf288ca5793e288436c175e56c001b473c1486bf36f9d75d71461339f1e063035ded3246166644761816559ba9cc9c26f61f6d02adaa3b4b398fb80906ddbfca2fdfbe57df724adf1f76f995ef7d52468ee2f89785d59c0c8557ab45f07e0da644c0fa9b5a9e1a2280d34a0f65b463e53d09146bd629134b12262f18471eda27ebb5ace095864abe17b95f238c0823dbd11245d89c195eb9ee65f6f97819def971189e43354d4fd811fce3c430cbd4686e50e562ab1e8de214832db1a09a64f9339b8f6dcfd53280a33071e89616148914de8b456408fc18a9f46f61a782857b1e11dfb5f956a5889d60c53dc826ab92153cdad4d935ccd978516c383371352f63edb7211c3da54cf2eafb7ee65f6aa98aa7813de42ec43a4e3c91bc2eac8cbd27fd0a39f109dcc94365bb223f9be11120a9767cfc73e2c315846b675f5e1eabad4e7a970aada798993fb2b11248be37b451a6f8be3ab93dbb0b3a181c49f0b43b402f05221bc97a6c2b5ba9d1e5860a234cbd2c7dcac97ff395ea8ad34229c3b0624eef42f611f90449476d76e816fe391edb539f9adbccd9628dac1e8925 -TAG: d4c3aab4d275dca02cd7912eb71daca0 diff --git a/crypto/cipher_extra/test/aes_256_gcm_siv_tests.txt b/crypto/cipher_extra/test/aes_256_gcm_siv_tests.txt deleted file mode 100644 index 057b7587a0..0000000000 --- a/crypto/cipher_extra/test/aes_256_gcm_siv_tests.txt +++ /dev/null @@ -1,579 +0,0 @@ -# Test vectors from -# https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-04#appendix-C - -KEY: 0100000000000000000000000000000000000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: -AD: -CT: -TAG: 07f5f4169bbf55a8400cd47ea6fd400f - -KEY: 0100000000000000000000000000000000000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 0100000000000000 -AD: -CT: c2ef328e5c71c83b -TAG: 843122130f7364b761e0b97427e3df28 - -KEY: 0100000000000000000000000000000000000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 010000000000000000000000 -AD: -CT: 9aab2aeb3faa0a34aea8e2b1 -TAG: 8ca50da9ae6559e48fd10f6e5c9ca17e - -KEY: 0100000000000000000000000000000000000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 01000000000000000000000000000000 -AD: -CT: 85a01b63025ba19b7fd3ddfc033b3e76 -TAG: c9eac6fa700942702e90862383c6c366 - -KEY: 0100000000000000000000000000000000000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 0100000000000000000000000000000002000000000000000000000000000000 -AD: -CT: 4a6a9db4c8c6549201b9edb53006cba821ec9cf850948a7c86c68ac7539d027f -TAG: e819e63abcd020b006a976397632eb5d - -KEY: 0100000000000000000000000000000000000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 010000000000000000000000000000000200000000000000000000000000000003000000000000000000000000000000 -AD: -CT: c00d121893a9fa603f48ccc1ca3c57ce7499245ea0046db16c53c7c66fe717e39cf6c748837b61f6ee3adcee17534ed5 -TAG: 790bc96880a99ba804bd12c0e6a22cc4 - -KEY: 0100000000000000000000000000000000000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 01000000000000000000000000000000020000000000000000000000000000000300000000000000000000000000000004000000000000000000000000000000 -AD: -CT: c2d5160a1f8683834910acdafc41fbb1632d4a353e8b905ec9a5499ac34f96c7e1049eb080883891a4db8caaa1f99dd004d80487540735234e3744512c6f90ce -TAG: 112864c269fc0d9d88c61fa47e39aa08 - -KEY: 0100000000000000000000000000000000000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 0200000000000000 -AD: 01 -CT: 1de22967237a8132 -TAG: 91213f267e3b452f02d01ae33e4ec854 - -KEY: 0100000000000000000000000000000000000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 020000000000000000000000 -AD: 01 -CT: 163d6f9cc1b346cd453a2e4c -TAG: c1a4a19ae800941ccdc57cc8413c277f - -KEY: 0100000000000000000000000000000000000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 02000000000000000000000000000000 -AD: 01 -CT: c91545823cc24f17dbb0e9e807d5ec17 -TAG: b292d28ff61189e8e49f3875ef91aff7 - -KEY: 0100000000000000000000000000000000000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 0200000000000000000000000000000003000000000000000000000000000000 -AD: 01 -CT: 07dad364bfc2b9da89116d7bef6daaaf6f255510aa654f920ac81b94e8bad365 -TAG: aea1bad12702e1965604374aab96dbbc - -KEY: 0100000000000000000000000000000000000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 020000000000000000000000000000000300000000000000000000000000000004000000000000000000000000000000 -AD: 01 -CT: c67a1f0f567a5198aa1fcc8e3f21314336f7f51ca8b1af61feac35a86416fa47fbca3b5f749cdf564527f2314f42fe25 -TAG: 03332742b228c647173616cfd44c54eb - -KEY: 0100000000000000000000000000000000000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 02000000000000000000000000000000030000000000000000000000000000000400000000000000000000000000000005000000000000000000000000000000 -AD: 01 -CT: 67fd45e126bfb9a79930c43aad2d36967d3f0e4d217c1e551f59727870beefc98cb933a8fce9de887b1e40799988db1fc3f91880ed405b2dd298318858467c89 -TAG: 5bde0285037c5de81e5b570a049b62a0 - -KEY: 0100000000000000000000000000000000000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 02000000 -AD: 010000000000000000000000 -CT: 22b3f4cd -TAG: 1835e517741dfddccfa07fa4661b74cf - -KEY: 0100000000000000000000000000000000000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 0300000000000000000000000000000004000000 -AD: 010000000000000000000000000000000200 -CT: 43dd0163cdb48f9fe3212bf61b201976067f342b -TAG: b879ad976d8242acc188ab59cabfe307 - -KEY: 0100000000000000000000000000000000000000000000000000000000000000 -NONCE: 030000000000000000000000 -IN: 030000000000000000000000000000000400 -AD: 0100000000000000000000000000000002000000 -CT: 462401724b5ce6588d5a54aae5375513a075 -TAG: cfcdf5042112aa29685c912fc2056543 - -# Random vectors generated by the reference code. - -KEY: e66021d5eb8e4f4066d4adb9c33560e4f46e44bb3da0015c94f7088736864200 -NONCE: e0eaf5284d884a0e77d31646 -IN: -AD: -CT: -TAG: 169fbb2fbf389a995f6390af22228a62 - -KEY: bae8e37fc83441b16034566b7a806c46bb91c3c5aedb64a6c590bc84d1a5e269 -NONCE: e4b47801afc0577e34699b9e -IN: 671fdd4fbdc66f146545fc880c94a95198 -AD: 874296d5cc1fd16132 -CT: 9209cfae7372e0a3ec2e5d072d5e26b7b9 -TAG: f3acb73908e54cddf7be1864914e13cf - -KEY: 0b6920ce07787f86743b275d1ab32f6d1f0434d8848c1177441f195495860f04 -NONCE: 6787f3ea22c127aaf195d189 -IN: 4728b3fed1473c528b8426a582995929a1499e9ad8780c8d63d0ab4149c09f572c61 -AD: 4b4745914474e7c7c9882e5386fd9f92ec48 -CT: 8ad7deb4be91cdc4e75c77de1c746d816212b109c5a485c6cb79e3005d2e94355104 -TAG: d71002b6a9de0addb173f49e34edab61 - -KEY: 9c8fde2be2cf97e74e932d4ed87da44102952ef94b02b805249bac80e6f61455 -NONCE: bfac8308a2d40d8c84511780 -IN: 82355c9e940fea2f582950a70d5a1db2316fd568378da107b52b0da55210cc1c1b0abde3b2f204d1e9f8b06bc47f9745b3d1ae -AD: 06556fb6aa7890bebc18fe6b3db4da3d57aa94842b9803a96e07fb -CT: ced477a00135f16006e100b9d7521f9e1bddbc7d339cc41333abe3cc79dd8e3a18e310dd1dd53ac664673ab9090d5dc07b4859 -TAG: fdfb01ef873060efc7c3c32adf3b46cc - -KEY: 6de71860f762ebfbd08284e421702de0de18baa9c9596291b08466f37de21c7f -NONCE: f901cfe8a69615a93fdf7a98 -IN: cad481796245709fb18853f68d833640e42a3c02c25b64869e146d7b233987bddfc240871d7576f7028ec6eb5ea7e298342a94d4b202b370ef9768ec6561c4fe6b7e7296 -AD: fa859c2159058b1f0fe91433a5bdc20e214eab7fecef4454a10ef0657df21ac73c535de1 -CT: 01fcded8e89997d446236c8e3a77ba755b85b9b5ab8fa8f355be587a3954c4a4231a7c8c198b72525ce4304125a4dabd1574453437f6584790d8cd90d5957b0d5c804a6e -TAG: ecb5e6b6e75d241c221a2f4dbd7d0448 - -KEY: 92eaed3822a2fbbe2ca9dfc88255e14a661b8aa82cc54236093bbc23688089e5 -NONCE: 5540db1872504e1cced532ce -IN: 4159b035277d4dfbb7db62968b13cd4eec734320ccc9d9bbbb19cb81b2af4ecbc3e72834321f7aa0f70b7282b4f33df23f167541ac15c8417abaf17a282ac7a57252ff224ae7911a905b8c699b20e40c1e9569a6b2 -AD: aa0232d4b10bb6f20406135861c19795b95f9597f9b72c20931c41164f1b469b0901f2b5da3a956a6e278c940e -CT: c49082d9a1bb49356f1a9b75b443832a56387066b617b939b60381db47711bfd174324e8d20c9713d562fb8f5c698dab02b5c00ecb652c182ac5544648599fd7fdd042009ed44961efd975972ae3c9aed8a4f58ddb -TAG: 75639e5472bec58e96b358cbe429c4ac - -KEY: 82593eb58f56f6d3681fb00dedf7f612c4cb3193b73ab35f9a5a9cc8d13aa27f -NONCE: f1dea3b2a7d832ed8ab959d8 -IN: 2ee795df8e1ef530cc6fd9a1f10543b44c49383921d74fe0c71d50da4adb9e9c7e5491a488ceb5c384ebafadf0f484fae982019a8ea22efd1358adf7ad4f5fa0d2acd2f1ee095cdfc13310241243fa53b8c2610d1924b1d55cb6d9cb6a5b98a72127255967b8 -AD: ff23623c5453e61cecf9e624e5c803250c382481d3c10febfa54d03894ba8f9ed72637fcf5631f7b7312cc74e6ff63ecb240349a575f -CT: 6841f9ffed11d165b18917ed0aeed507bfdbea3a57beac2f2e08625e9929d3f2d84373ac3b21813f7dde1b25c93129b541fc640e09f5233cd9f0587edad70b73c423011cccae55a9deff9f29308fbdfc9a73f5fff4a7b0ad308ca9b545223adcf724d3d8b127 -TAG: 479bf5015121d25bf2346429a5c569b4 - -KEY: 2cd817f2afbaaf21815bf08ac1e8f87520244b4a3fc492c7120296607ef64d0a -NONCE: db4c74b73839e13455fd91dd -IN: f7f81d460034b9c41eaf0cc6040a84e17e6108372f1ca50656793554ea1d05181310711d0e60d4d556b2bedb24d7b622c01fe8025119ae0c8a20b679dc40c9908f88fecfafd688b0ebec6a2ac13421012874c80685c481b41323a1724ea96c1df644a595e8cc73955e6f661e0fa30737d78e7cec11629b -AD: 8f1fa4bbd8e8e655f50019859514dbc4cbcf944f95084e45337d9d9d8972bd8da92b4eb5a75c0b284305601de859f8d1fac6d6b3fdd42210fdcf696119e436 -CT: 97d729cde56ec1f95bfbc16ca5dec6a208543c3255f7a2b97fbf5fcbbb34908ace9ce13bd9e90474ed620715a5e9e43c34802b85feebc4d4a23d1bc8b4b5a6c11da7158765c40d2c863185c5551cb2b10eb0b45c61b939f8274ad84fe0a74e163bfd6afc5759946362adc74b4a7f705827323f8291ec38 -TAG: ea1c9094241c5b75ea880723ccb17ca7 - -KEY: 006a5a863859d5b70806197fdb9f0da3e4c31b0c7545809808bf7683757cd11b -NONCE: 9d0f8621664df31eb95b5e17 -IN: 567d680b1a26980772e8ad3e9b2e2de537414368c4f97adff1408d36c1dfee65b78375c7361c91452e7d463338474a400ef9efcaa648e93f38f8784a1598bca461211195d7844de56b91cccc96d89e6471bca6b7374aa5ec4b2f5fba66c17a435970411f2af3d6e33c0d094f74fcb77beb6cbbac1f3a8a19f69ca087f94a5b80d5e3692e0d10ec34 -AD: aa67269c824b382d6238bcfaaed586177b852f816c31e9966744188f02647d881990d98c3eabd477557a739262bb3f682f64d2208faf98097586053a32cbf37e -CT: 85f7411a7f8ab505a7c10c5c1fb9bdabcd9a7826465de96e3b7c762830ce133b33d8956756ec29c00b429d30047040043cd5b3bd87dff60e09e4d7c3a95bcbfa2603ac964be32a82250741e19b6786638be28709ddeae496cba7558b7acbc5545b259e6a1b2ac1f5135f5719987dc547f97f68ffb7b9eac892527a4bf0ffbf59f77327ee763c54d6 -TAG: 3a8cb8fdab2c79aceaef6680daaf3ecc - -KEY: 78413a2d89613a81966e8d654cac0aa34107947a036f403bda53e74bc524e7bc -NONCE: 2d2c51dc426b38c308cc5748 -IN: 39129e5e6251f41dec9cff7ccf256c38e4994e15ca976d3185ae17030ad3751e56367f86886acc32e27fe04d0b89cc89b0206f281aa2d80f9be19928dabf07417e7659b17f09c56d170ed1ef10d2fadf01e0c78473d06a1685ef0bb112e4ec7e6ce0cbc601fc8a2dd64045c8fada4a28c0c6f0ec98542e365279d00ffdf5e2eae3b663c4b79342f2f265db30a86d6e1b325318d7f7a622b36e -AD: 746875b71165defd5ca1afc0a92db6ef4fb9e20b81018a5293899f1e0d06b18a2e65f7616638f79a0db3f2cfdcc0eac2ee1e2e454958e2e6d214a20ad13156f97d0f2cf4276b09f594 -CT: 142722bf554b8c70e8e76e52b9c0e0bb19b618f7bbc7ffbc91a66031f418d031d3c111eddb9f1ff7c2e64191be8dad4f8cd175079d2ada20c8880d0565c56afe5c9742753cbd50b93620b081f0877f045d0be91ff05a603fdc87e1940ac1e1f0c9aa96d5aaf4a58e0393ced4fad8e83171fa71c397817cd48ce6991e3b73d3356ef0448be1bd8114feff5f23db3b9cacdcfb4d25fd4dbfcae7 -TAG: e489f6c52120c8cfdc0f164b3440de99 - -KEY: 5c11f6b20b7bede26d6c2f0e5cf2786eea66e18d6ece02156f9233bdfc57c75b -NONCE: 1a8a8b1f4ab85be5a4a089f0 -IN: ac762060a336aa502f5a1df1e0a647fb9d5d932dc0654e0725122f6a567681a7d1cb7625ed0404d540d8b3145c911280d2a0ff9d1c53e27677be0436faeb39009fe5751c0b37c7a5f1137a26995577faa109071bee1c87d5e6772ca55fdec02348a625b49c3c881aab162f20ba0b834e8159d9bf20ee0c5d14da0221961c4fc7d9b44c7822f32298d30775cf974172ebfdb36cfb2881ccb15e5f69ed27880b920f4a092815357e03d982 -AD: f75590af08b447f0f8466b031ed2409e9f5eb479affd9e18017a369486914c63a7494168d91df157f5e56fbc4ab6ee5a8f3af1fbe1bf9324338a1f4acad45fc7137676797c89620b15feb8512544771f280f -CT: d8355d51bcd69356ec74b9b8657cec57335731cebfe83202c1557fd208480a2c25747625bcc70533d1ef75d2bfbeb9354066a8650f59a575e836339dd45d0d8a5cac221954b77cabba5e95da7437665fe9b48257148b7e8a88cb2cc4e0912f511aba0a013aaaf09255ec13b27cd9cd05ea11fe2ff21c9ab8a3fe86090dfe13166b172ba08e76d30ad48bef0e2325da08835ecc468cc40222db0552834ae94458366f28f6ba63b3e656bf -TAG: 0c7f16d3294d5ef185c2d06ed719ed8d - -KEY: 322cbaac9c4d7cfb4c326824825ba5b5f5190fcde0d399ef1f52b82abb5a8b1e -NONCE: 5f2eea2c79702dec4cfbee3d -IN: 1f5cc11e085d2254f8b37f8030bd285d6aa1cc53868d18ecfdd963153485dce5a3e3e8cb0a3cf8074571f7a2e9e841229466463f506a2bc90f2d6413128efee043e01eccb930fbc002563510e499457161083ed7997e58ebf03ce7ed2f8d5487936311922884bfd31cf828f3d0ce78f3c6981932268108a369048cdc0a75c062c0ed02e27bbd11754e621ff67c511ed98c6fadc3e95e7100644ebe1aa147a7e99f25ce5c2edb8ab6446749441027a211b8d04a6247299dfea9d75e -AD: ab257a625aeb51f74e0b47b302fb5c0475ab23e99f4d93ecf07694497ff6b27c9848805af93a5615bc71486b26fc9da67cf60c8d3a396bc0164985fab2c64bbaa4dd0fdc22c9d9e433e8c70dcdeeebf230c7a3cb3e5d0d48573a64 -CT: e8d083e25f9332d30bfe60ac071f502909b26393440a848d1f81c3f5fd521de98cd9ad1fc3e806724f5b3732582853cf280f1b99cffdc6b46874d42adb8784cf9ab8e158531b4dbbd76391d48727b585fca0610777fa8ec6a2a7f070627f1ed254e430e55472622289f44089ff22f02b7f3c5e45e228b7b03a5d1e1abdc18b154124f8cdd3b2229e4720cbc1bd3cc3f86f3a6a745de0bffa2536027ee03d447b306ae69b1232e964ca27a6d252c1582422c99373ca2b9541a27081 -TAG: f6b8a72d4235589f7811ee1c6f8d2167 - -KEY: b068daf90f56b15579767ecdd420c0858fabe23abc0b313b97a9c1ceddcb59d5 -NONCE: 322e47a85cc58e753f00d6f0 -IN: d032d4c5110c8f22e98895279a30a86da0ef71cea6ef2738fe3e747ee54d2e96e3afb8916281f6369ab1a397ca0a18c6c0e9a0c4edeaa4190ce6422bd116ac254a12235eb66fb5cc7ef55b721d3d2db4c67c38bbbb0bcac9234ea7d733f200e6b86fc55f4abb9b65ee1897c262533cccd118b0f493c849a7aa7f35d243f9438f1858da62bdd03fd5a8c7b01d8097d7ce319a41f80104968a46599e9a3289a29a16b245877898f345f92fa70d3e613c38e6e4ebbf0bcb64c1c41f8b83ec8e9f159d4b830d9a1b79f2ad90db06 -AD: 7856eb8621e52ab3060e8d72dfe782b62364c163fa00b49aa6fbe4210fb7208c642b7a6735b1a8b2f1dbc4b3d4952985ef207a3eb0a07b1341700762e9f9d1c3438fc6633da2fbade15844cb1813d258aa5bfa4ac129d693792a89622a0c686f05d87019 -CT: 00d34f899f0a8b40fdfe9fcec98a96c5995b4524b144545026aaa55f629c3befbb8ff794b726e759e18b7198bb2fd2a866379418e6dc4f9fa9e4edc84d21454a5cd212f68a7df321b18e9eb2c537e0cf2e0bf65e80218b841ae8a994ea3f6832d667430dc314567267d7f31519fd856d73eaa1d3bfca419abc5001b25cc1fdf860812b077fda4b01abbe8f8a81a16ad2ab5d9299ea9a0d81aa26e1a573504d5fbdf29e6b2098ce975f2f3c8c212939569c8ea8ed63c4847f2d0fd16f47bcb30bd7e00956ab8a9deddc54e009 -TAG: 6152a0401a33257c8148e65440601d5c - -KEY: a266f91387d96bf2baae0262782b9c23162f5271cfa3144265deefe2c569e829 -NONCE: 11e842e5c9ae8fb79becf42c -IN: 3afe389acfdc9a34bec7b45705ba68e205b83b33f50b7852fbb7f4ae5dfdfdfb3cfee8a03c96a036388aa8f7809bd47eaa073f92905d0d5f199d466cc0ebd9bceb207f4209bf9925c6109973194742dc8d813f3cb212bbd8d92d7eef645fb0f8245811876dee5f241763edaf7d79c1b83d973f9ba3b29a9b9408418f73743ff0546f0d9290010cf3a665c443b85255759ec6248021e4b6eb825c398b5af7b5257efb7afc481abc20d90249bed5b30d44f725c78ad0ce2821f86838874dceb6b6207ad6fa34579126de720ce34bdfd2058d92b8bbbb3f1bec607de3f0a0 -AD: 28d8f6e13d0d4d2d3861e1a26d79cb68d3fef68127e8458eb599915022da751e271cd047cc712fae5b0459ae7815a24f4edf806889fc462c83181111f4de5bbb7e66a701460f508eaf73798c3ca9c08cc1a046472f4b18c69b7ed249a96f9bfa05a276499a5f499c586027c64a -CT: 11bd92445b4e43dca339491c8100cf933795ef7cf4c3c4d6c42ae5b729ca22869d443505fbb49ccd29b44046569da104f7ddaf325e71e7f30487e83acd012bd492cb4e98342ac7d64843eb499744b3d17db402d51b5bf8cbcb8995fad4a81dad4221ca30ceb3590df41e124c327fd31aa53c86514a12e22c477489871bfeb38cf71cb3a959f4167402576f142bd88b1221281a94661c8d643f89fc92dffef322ce97f8c19b133e55f8020232dbdf42e4527d9f133b8a5934bf0a2df3754d6455a9d765182691ab94ec7a2e68f3ff59805c7457428ee4af8388f91e88b3 -TAG: 8f1bd0ef9d08299f494054ab9409f663 - -KEY: d6a68dcb52a50aa6d1b1d4d202e6f184f01daa08fbd643523f4f73ae6b8d764a -NONCE: 7f567087a5fec5ad1ee3e4be -IN: 5b677b87109e69eae9a635ac2ea185ba08ebce3ba4be06d53b2da081c5030f5a746fea7bbdda340e10eccd47238340b9244b9442c0efae7644cff53c7abd8445163e891cf30bc8e26eea01f0c461b4796c2106e1ffdfdd1bac29f7d3c72c8ca7f625008d8d333d2a2092c08ef83c8002ed90e2ad01dadfe4cc0681384b489f38d25e83c2c563485fb361f81d44aea205e5bb4c1912d00d8f99f8d7a931e55ae72f749147fbd97699ec730bfb01b8261f1f94696278fc703263cc789b283460af9d74647a8c039ad2184674e78f6a355a26eefc6fcd4cd32d96d245d583836312652fd9e6694ac5644eeb4c2bd667 -AD: b52e5af14bcb108c8e277728d6d6116e8ed1981993771b8bb783bb351982f9f8c2a0e7c20a5a863c6d71b7145b73d7e6d84d47780d66847244d0b8ef559f2297f39e26501d8a2aae8c36189580292da842c4d0d06a21d21ab175e34589e3b814d8a00ac1d8a3b2eca2a91b21e36c55fc6dad8c0a1b2c -CT: ddc900dd582d322c567e3fd7eb23069b9e559bb16639cc79ffc6f3deb6e92cbf71ee66c839b4115e883390646245a42480ae6c638fe7fa04b575b4a8341050e2f3de075f2f19ad9b24d9cc1c39a659b0ffc362d46354da6bee0e41319221cf7cb160017d589413e5c1f07e5f626c2a1f8ae9e8b9ba0320a2de9e1b5f7baa4d551c090521d8ee0b30c8c709fbc00f1fdce999f1f96883e3b83b363cc47665e5a21fcf25afb6aa2bbcd0a374618c3dd8b8f97f21037946dde9bfdc7e907ac39e64f1a5ec8dda60a47148bd066f907a25b9caeb3804c0423836a8d9c35bc58c57882c5b23e00c7f4e3b1743cb14f102 -TAG: 8ac7e104a0165df543c7454223a01f90 - -KEY: c7bcb2108b2e21fafeaa26a2d4881b183b899210b474bdc43a8f0b8464075d86 -NONCE: a2ba1e9cd195a8ecadd31587 -IN: 0d5740c4e22eab0783de87d541fa834647c3fc6543c60d5df31c19c6ca38707649fa8dcfc3c0ccc16b1bb60283d7ae2778a8f83ba07b905e23cb06d5656f614f1efcb346f34e190bcc636cdca229b64af9ae4b1f05b58f1ffd1a077a51bbf9ede69ac3954de7daf569cc8de12282cac09b9a49dfb92dcc409b8c63f2ae4a34091633f4aaf225aa02ba9c57b910a76535f0cba67fbab0e6fa0bc876217fc9a546a97dabc9be41209bdb582d8d8a62865df7398d4f7e9ac681bcd102e31bfd40cfb8e9352b1e8ff7a7b81cfe2a62849e8b77dcfb645d2046404a83442133e245bd1df35d69dba9ee097dbc867cde7b431565c72fec31719318dd27c3e47dc5f8 -AD: 729ea794668d8724a1d4115adcee0725e4c1e3ce16ed9e31bd5a409cd074c0277e21a0b431d3b30ddd361ecd176a8d86927c2f6693105d7d3c47d9be8bd90d0b2fb20587623b2e838624b590a5c9f0e6d519b35eb5332b16bd2c2f9534e376ba68316efdb963d63e2c87cb0716973297d986bbd885a7306e2bdca0855447b5 -CT: d0e58d936c8b83c253ae9bd29f45afaaba9712647b3da6c6ffd40a9390a4476a0e74a2f2d458c88056bcc0a57fb64597a7c8a5e2be39669dec53c6bf0f7b4a2bacaff9aef36b43fe37b80cccc7d42cc283ba1c1eca739167c07754edec14375d86e88668b156d04c989bcf3fdc70e8a25aa3e6052d6befe3072ec0993d6b520c722dda62b6879324eb4ae016e54d139d816be7fb1bf9c0168d8f7225bc8ed9b7509b45cdb2c8a1db4b3619120c824d0bad7deb7fd0dfdb3674ab15a712f6196a5a840ee8895670cf3b20b8a5e43caa41c5524bf47c2ed4ae7027c2b566dc3e2548244057b880da2a3f1abe5e4eff090f9358970da6568bdb5f8288f9d25829 -TAG: 057ab8d811b5c3819781752230badd5c - -KEY: 7817285801341c10baf67bb5f71b75a11856d2551eb47e60025a0021b9948afd -NONCE: 8818888585a6957eb59680a5 -IN: 5a5c42458f2d0e0f39bcbada0ba0b6e72340193500e22d243e32be0e7d7bc5c632ef3dc7e79ad5acc895cbba3111d8d1faa69bfe2ce634fc0d7b12242dd8bb105c6ce54cc9718921378c906ff5e61f48fa259b25bd10fee96856a206a928b450a0098089d5cb7378c2935c4537172076d829975798d4f24ad243e4aad474fd5e59e25a6dd133944918709e33f84b4daf4bc6d3ba1e0b9e364dcad5834024066ab5c8e672a999bbf23a83956623943e0011e3a2883d23a767b280ad84e2d7fe5811099395edd269077162310481ff304128271d4ce5c84ea738fde318cb2528bc5cd448c67837cb7dedb632d47e8f90e351b0a8942da2f78e2065cdf827a85f51 -AD: 0e22156bfd971ab3f123e9774bf3ff7c224af19bc79e812839eeb3f1c14f89e5666c16c44a5483efbe449237508ab2436939098640931fe3b928cb3a9378b6b9fc2a54c6bf59f34b16f06d5ef132ae2a7161034f26a6e07badc61ea51a94a20e4692a0a0525726f3de9bd1d6151fa6a0ea3acef3634847cfbc98d2e0bb9ae89e -CT: 5eb6120cae6df4766b40ffb4d204ade5ae08aa2cda263b39ec7b47756ed7e6b7837fdcde8d01a2bf01367e9398e25991f9da11bc9f8de8e6c1b4e922af05d20d683edb4a245e22eb6cc4fec2375e8d81f9f27af5f118a16fde654b4ceabe770fb3a00bc7a88763b670b5e3a6ca06aea1824e20b9c1a304c4bdb62643fea73030ef6d18ee2e22095b4c73abc51abc4883f2bcce14033608ff7e1ce72ab3382c29069eb75426d283a4a71348123be19f480dba1d1677055de9e82d683c2d6413a6a4e0c6d58f7f2188ca5c8b916aa49975b80630d27a89ac284b971478376ad6e55dc64098951bec2ca7d77ebe790b1ed7fe7f33fe571d8613f143e3d3ab6bc613 -TAG: 6f3f79c6231d7e45ebc1ccbe5d110a0b - -KEY: 4f91a78c56558ac92b4f33fb1d96b1ade26cf4b2fec779bfbf6709e531ce0e62 -NONCE: 19f75c4c31873d4915b1af3a -IN: 51c2ef5e89218ac4060dd12be216654eff2991e8d7bce6f6a437966f80c59c527679b8983e75c617c917fa9b63bc60748f5ca179645afdfe6a126a73d3fbcd41a9df6d734e8783aff3a5134ecacbb289f93febbd8eb493693264026f8678e9fdb779038ac13199459caf9c4e86f4cf8306af6dc04d9dbb678d3ce9e41d154c4c1bca018bbc4d744655af04ee2cd524db41170f0946df225d156dcdca3e52139561b61c26bfc56bc90c21cffa69468863afb66c3e1524303f8f42103e435fa2fe2c2956feffe5b06ed20bdba730d675166f13118a193b06d7985d54d46e4150468df1252d7cd144afc99ce99b93ce9526ea4dec2cde1d0d72fb82f55db65ec2035e387e7923d98490cacc793046afaa2e49 -AD: bed34cd7e4eaa52e75bac5e86f9e9eb81028cbe8a515870edb9a151334e1f961949855565abc51af9a1bbac0222e9bd217d3e3a642b0f3df8e7c47c2c9d5a801cc8028c425b3becbe31df39d30637c38f981d268017da818010189c93d2d135024f239407623496c5435f04f9cae86e63ef46fcf9787c946b400249d8476f82dee274cc0cd3714973f -CT: 27bf7ffbf2c9733c3da8947db11ac8801475451b0a65c96a2a3934bf45ff54fd5fb21ff0d51c83ddf0f49b005d424620b04d0c731cb214f4beb6d353a6d6b7bf1a706b070faf5146b562c9f4e6c0ba5dc9ef9ccde79cd162bcdd887dc02bc95e29dd606d22845f35d0cd6d5eb1f1b154607c0c5c2e8c7dac005eeb17c238e3d4d1e1caab72b20a9d7b2676e6491eb84e9cab903bb0c05751a33642e145de8391ca9e598ffe2e579486ce32d5d76a35d440836ede088267e8cecf4b660fc5eaf05f68872b6cd9427607b146e15fae406ae7089ae446cc2172b8ac9e42cbc27d4e5ee38c21d3fd6d4d52b2d43462756d93995b9333a079dc1f2bea9ac4248c448d932c5c0f6b76da4698d15a64f761a7380b -TAG: 7efb02056e18e98960cc5718edd07cb2 - -KEY: 1b6e0ebc443d681af25ee26a8ed475136ed8bfaeaa8315a4cd198961518c7bc7 -NONCE: b15c68437005a4973a068187 -IN: 38adcaa250949af910aeb807096595b3af54bacbedd966f83f784f651f7a2044461a94f1a6925e6d2064e72319dae75d3883a50afb6be1395d429f24029dc9b8cc021f15e305e5418d844aa4a89ddd299bf2e8c698a8f6a6cf0165c37bcf2e5885d73bb81ca15a33ea75da5946678dfcd546d475149dd1a2dab0e11cc8b07c0b06105a497b1fdb1a720b9510d7d8819b6d946dd85c73be515c6ec00a10a69661c59fcd7a005dd08f3cad722bf3560f356c624404f3be55a02b3301ed756f557a51593ba90d18a1c13e227c8d5180fefdde4957484dcb81d08ee3331a6fa74c9c549ae13b2dc2a80ca0435710eb9f0dc2c908d896957b87325180d397c37ea7cf65db45960c4d791bf8cf798bd7626b13bc5e6b45b45be1a8ff687572ece86d1f5361 -AD: abaedc1a7f9d9ff8003bca97af7dcc42b4399f9da4a0e7e829c0e12f4d41607303f60d1df5949fca0dd9ef171678e013b88789ac1f51a8160687d842c273a2dda93c5fba1eb5bed7476ba96a12e70cabba43d509b311e9d000212c81c483b7e9e7bae1d9869a125558b2c7ef8f838bdfe97af413b460bd9dc5e372afcb105832ee4c406d74781d3e9f2aa581ba4fe458989a -CT: 92aa5661d04af60245f6f56153cd86c6a61d5584473979eef596d6d0c205db9e4d928ba4827dbb08d5b34946b8f3e58ff62a976461ea5639fe2ee79839f99f83cde00e3fa3258e21754fa91a17e0d1fa22cc76fbce0bebb7adad09f99bd12e70e519048d96c1f97a183d8ae66445e63a4a1f936821fa7b58f569a16e25a0d0b202231a79eca0e8a2ed21755f496d8b7a9f59f6bfcf47ee4bf35788935cfb1b5ec2af2ce11c002b2843090e2267d5fc5e26f927e8836d6a97dea2a7e508f82a4cb7df375110217f88f4376782626039af166b080e181d8a310ea7fbb4fb11d5b24367f63ae83475269281aa09b7bd259a348fca28f2e1d7938127c888c68bad2608f89a2440add0c644de2b5f08d3477641675cdb428393758317c273536942caad42 -TAG: 4a43c15d469378383e9a9a26dca7083a - -KEY: 03679744edb73ba31c7d9d37920d4d57a766104afc9c96650e5a602ba885d207 -NONCE: 8f1c67d44d6e86eff0c96a14 -IN: 6bad3420c7dd0c64d800ea5ab7ff472d0f61bdf2e5634e06cb4f3c022dff8c4b46f2a47fdca2d04572b67f24125c66a551a1f150a02f635e1e99895807efa8001f46388365c48e4afe49c04f6681510f7e4cdfa02deb3e60eed745cf6d7ca6b773e1537d057a043cf517e5388dbbc44ff4bd68d2a7243587f8929ef07df5d001a6099bebedf8f26f49323209496d50109c383071e4a61ce18f495d98b6c4bcffd0fc2496b7eb0ba612e2a4cca8eee2a3daa0c21d854d49ca73cf5b24b38940dc2b44a2a6623e8404fc30c4e3aaf759425ebff85cb1c661744adf34c6c5d538f3210dcd0270a3d12784effc48734b53c1a228db291e2e5573b6ba2aed0a7296c1bbfdd1f4a86d6057d5534675a3f4897fe3a1200c54af7e09b97b0a2ab9f25d5ed375e7bac921f28f7b6983a41580362dcf0820 -AD: a2dfe82989ccf0a998286623617453722bea0b6e8fba504b93cd043c7e6c7cccfbccea43f7e87502026f94cc7035c5e84cc14a5fef9bf2be53dc379053725a9a29c4e86252369bf6dfd3cf2801af7447fd0529e94beba961ed65dcfd492398123faa55346edfc3ecff720966b74fd0ff28f443ca67f88b8f5a4a73007f79ef782bef601a0827888c4c74f7777279c625de8a4b51db94f94f846474 -CT: d64a6980718a5fe833da2e6c1a119f2f16a5bf3cc5089168520603d37998d5fab07a9e18ebdc0b8417cb6a4d34357f8d598753affd51e93b451269dc24354d197885ce9a3b2f575fdc9c572b05bd7bc8df091a6675185ac15bd1c4f2cc0a8a412ff72baa6fbe95065bf2111910f4f004f6c39cd8e7ff5bab5f86abdb231406763233354734807fe0346ff6ad23a1c9c81b9942b370e02bd79eacf703ebcd53a54a5782f13ad3591801d1ece15c6deb56bb5e32d959ed1363875c57cd9d42881dc1799e652bd554059ce059a9d00a126de35f0285d5d82bfdc383b1b37d77cc1180184b2180aa35d46f816fcf125c9e8e3bbdd67c8770da26b89c7e406f02ec515edca3910de72fc76ddad8344ae36fec1d72315e1a568ee69a08154696e4545ec5ca53b3c0f5ec9cfe82792380c1b9a151a8d6 -TAG: a258557d32e1924b3eafceb7b73e43d2 - -KEY: f8563001339afb3db339ab997cd1eb1eb7b03b228162a480e129c66ad47dbd18 -NONCE: b4c98f6d51fee205805a50c1 -IN: 63beb176b754366e13c57c18433228a81089be18b534ee5f9567d529c802d34bbca36807bf845a9d14dd141c5de85607a4b4c5521e5aa717f78fe78612b770a4677cacd77a425e2496ae50ab2e559526c37ea723f2b8d14bd8314e4cc3727bfb835ea4062e87870b13d94d52c25f0c631668292f184fc048dfeed7a9d1a88cc5c4662030700cd8c257784009b4da9039909f73840b600eaf670cd4d988845b1d41cfeeb1ea740db129c12f66a74e6234ebccf4df706ed30fc736cb5cc0db17ed108229e87d6b039da5c4f0568a4cbef9d513dfbc0af9313f02d5129cf616487934f741a0a60bf11fdc8d29ec81eb37577726f54f3e35bb10ef98b1d15bd5726fe501a9249e409eccae128df61762447962ba2a63f30b59ea25e18895d2fd11431606caf6b45b908b08cf2e150c031e20e6cc649699fed5785cfc6a0e22bd8bd8c6d25221 -AD: e9c9a8d2869d236388fdcdcff990cc940ddefd06da0524a351ae6113b29db9822adf9cb548d92f23e3951ae8522ab113579232e58578e80bd2fe3e1d06414a27ce0ae2e40d87745a8991dd5bd2e8ecbcad8b903195c15ac2eaf9bfe0104bae32f772a7d7416c5671350524419a6df6ed5e1df32b961ea39b164eb7e1353b046100998ba6853674ebd5ba011691a270c046096143daa84752f872e1ae32ac07c4f0d2a048 -CT: 2ac34bf9d0d909a32322cbfb765875297c50110ad859857c641ffba8efd60ca003b8f32d157b6fd8fcfb1c6037b13285be884ae2dbcbc9194e8757560807a14b2219b9f2dac11af7dbbb2f504e3d8ad47ff73657a4d1283c78bcd410acc1399a529f239440db4b72a48bb3ed984565d180015fa7ca9c0ff0281a2e14807cb90631c75506585c18cefa5cba7e0c943e44e85f60d47927339e3685c1fbf1bf497684a6075e0984ddce22e9c130d3cae99ab35394c315bf8e1040a830344c63d3719cd250ce04d818df0e20650f66613439c0c5153b2fad41e10b296e6fb0feb8977532079ceba9361227f69005c9e696f9b04d724074f4aae59dca55c74e87049c8f6bf1b8642e7c4dc73688260c540be50e8d4997d4b68346a0ea7749747dc72e26ac3bff58802cd60e63b3d8c509d0ce0d9886c50ae7f3a1621a077db155ceceba926919 -TAG: 67a891187fe42bd1bc7a6037513760a2 - -KEY: 362d12b108943a7007bb6cc117135b165cbf42b92df2f191f06085518ebd1a9a -NONCE: 2efffbc936ddfedc527b2c9c -IN: b69345e0c497cc4951aae5be2748209607a51a1380fd389a14ede9cd4cbacbf822597b1c500cb0549f08a35bb0b1a00c5e25c175318dc771b03501bbe45fc52b2ceb4c04b8213fdce3882e0967ba268cf786ea0acdfca0a7f3f2f4f9ed5f499ff70230158adeb5a741da266573742c527bcc8de42747df891f58632f92a110a981a29052bd17979be21e53067de3baf4c34bfbaf56ef5b3171efa1ae60a1a51f51e0fc5b726bbc23a67015c35a1be5dd125af812b7661106827f31a1e4c7e0bc265efe59c9d6620387755a0bc17a11527fe136b765895e6386b9939c548bbe6d3b35eb92a90c05d0931e5dabad4d42ebee5af45be0106aa68888375a2619f7418a14570d1dedb76e8ab52a0a87eda2570d2c1d903ed9ecfdc62c23c47cb7e234dc617af0843a9f375a58f930337a88379b2b0553c4db974ad74eb46d637ea4e7c7aaafce16971682b772e1d85bb4a7272bc56be9bb -AD: b55625a5085e601a5dd60701bb07f69c755a57808d022ca0a407bc3d35c848d6fbfa6bf816d470d9a82d43511c13fd0f496e59646e65c84d7652589c542ae2e73c5b7aee83b9ee8381af1ea1f930444676d8e3335b271cb354e9cd3b17e7f1511787fb618aae930c14cd302bdf3a55b2bb12a61e7b930dc39aeef36447bbb2f4d9f5fb55797627fe1d0b94c04c6817de6cf1e7d6e2660c6f49c0ab4b31cd5b367b912933d3d1f0a6b8b9556fc6 -CT: ae05b44cd3cd86c828e53930c4a80e01c59a8c1c9ff4b327122cfd325cc4ea0ef4f70e3ac48ede66f4ba7fae9024dd5d78dba260d06f8888aa236e7de50f57ef48ee4b553d42b41ccb8716c59f69f30afad97778f3e48df1d5a57aab3d471fd5079633b3972e2703a86c4e24d0a035b3625a5c7380b963496f9439542b15f4013002445fba9a9f4e9f1a15c5a6bd2894c0f540d264481bd3fb6b8b63d503866edf178d8d6cf007f9c6337bfd900f5c4712d82049a2f82e43fba589a372d44f57c3d260df6f5393d3b182eecdb503e4e35018667e91c4d4362122de3d88971691e7ed05ba7341cb9cd39cc12e12ea114abb6f7cf1bdb9906d3086147a1c22c67a74fb712ba6aba1ae12167a9d77a4e5fc0c19312d20080cb2d39a3a9a8cef7cd286739d5387e1728a2c8450ccca03d0c89332120555f97652d122192374bb4e05bc5839c4c2761de9e2f732a803171a97445f3d70fd -TAG: 7e339b51b4e6395ea01ddd2272e5b185 - -KEY: f8e9ab310482ee241fc221634b5094481ea232931d696c889d3d37e1c53cf74a -NONCE: 3d5bdc41779816b352803f28 -IN: 2410580b0c03e861f4f7fc98f8a4cd9a4fec0c0b27d92023c081c7927e7599cdf59031444e74fc15dfc12d3c144762b8e448b7ef6772612a2e7bc34a048bc33dc56e99949d569df7e296b66cbb37c66dfd2ad8e7aadc350f8350cd68e8c4e2461290e30f9449dbaf4fdc89221cd75493d33f903d365ec418b327e3dd6fc381a8e06c48868823a42bcd082ab16b2c666b71038273427ba1ceaa57905c655f0ec4d25401c07c679ff5367a9755e63611c19ca5deb1db80f97a3f5149a8ad2cd6491caceee3e19782e66354b76422dd47ba1e715dbd271a07fcdf69b5240e58186b82b1ac443000cca1b0c79dede1cf998643565650e998bf4760dafa08afde120368ff9fdcc2311f78d803c8324e385ade4ccd2eb2ef51aa1884a496ec024221566c8c882992fbb830d4923a5c5d7b99c7e6e7a8aae5926d143e19bed7faeaf7c77bfe7c9f05fdddf75df3df2425bb94a63f54bfb1320bd32e7fc2774be67a22f2410ff3c295cb -AD: c3fe566b8c9710807722198f03f56f0abb02ca55de5174d7f9ffa61c0bffb88730886c028451062d6220586bdbf5ff91ad6b1033f2c9d6cf3c3c7bb58a070e8bb1c3a39e3d04952961849cf55e64033ec929f30b9ead497d14b6c89ff6a4c008dab0104e7e20df6d6f11474ab680e5bec789623b2b693950a5d17dbc5b49cf80ab033b1910a9afc4231254f88ca13f37f1214753f32547ee0decad4bb93fe229b6c8a14564081d8ce5d47cd45022bb74475a709d84dc -CT: 98ce773c72c6d7d40fb8aaafcda02ed688644ac8e9ac868315cfd9db521870b40ef9decb01673aaae0c8f6403f61389c9454784f007bde6a50c3c69cce30efa5d851cde2f019bc9a9bebb79c19b29304ed908db6e45445ca7f785433abfdca7c553e8f6aa4e6670e839b5a9204648fdad4a35c0a6e44151afeff135e7e080626854e68c0afb5bc6be9aeff91d71b33d294ff1c04fda6291ef535972f3020ec70cd31b156a1468c105655561d8755a4a88c380f6c56ec1e1f49c2670454f1493262a753da4d40343b04f91aaa3e69fa4abdc625869f72839623ed8764692c23e1131f6567a1936cb43c238e0dcc2aa093a728fadd5b0e7d04505b9fedb9212218f1b5452183e8cfb366e7583dedc590f16d713948a85bc4462134eff25eb9703b34b5bdbdc63299575cb0e076f3cc7afe35ff3021658d83b526f7b8018cec38d3da93a0ed388ade0941c740da975dc433b74b1b528ff92bf5484149166f97b44e81d083bc40e5 -TAG: fb61d2ad676a0e8961aa9f00a164f294 - -KEY: 5fb0fd2e46ebc9940ccebcce3b674a6934d4dd57ce0fba9a1407beb06af6d1f6 -NONCE: d70275fa9f177cd36c990d4b -IN: 22ff63aca475feb17de03d3a52b4119f9b277649f6f53f223e29e03493c938688be81151e268928380b407039fb38494cf235ddc823e8cb12f42b50b2feb52be05a38893d154b37cd1cf2f635413d7819354e29e195bd01517992b51efcc91e10932dd6f8a859c5bfd77f2e3efda25caf034a91053da8936e1975fcbecf2ee9784bfae7f903df4ad32e088a869aade322c7d14fc4143c50c59112c8178d00a0424f4003748d28956c9d3a6c57a8e0405d6509147b50ebd7d9a251a127a4dd736d0f74e68755c4226110c276cb7870cf1c7b86617944662737762aa77bb255d24ef951b69adc74314c72f37f32dc091ccfff067a89b834b1cf0b58cc22f7dd6970104dffa1f60b2ba837ca6ff834d07c71ac4eb40416f0f50303dbf6d0b4b0b9d9afa8da46c6753008f093a188cefe67f051c8bb3b6121841e2ba25b8b801db329b8da7d0bfffc29a3810d2d165e854a9eb34b6fcfc7c05bcdecf8f20b12c69f5641441156dd85b910557d1355e9d07030278b494691433 -AD: bd5de2858d8bbe2e3071ff450f113ca78f385cf77e6dc0a6c3888e3144be91404deed2afe438240270e9493811343c62c2ef0e785921f1ccb2d2d029c5f0365f46bd55bfa8f89d1d4c30c5f6598fe3f9111df847b27a06f7641494e4eb7dba8a5296f90bcee8cf11c1f1fc16c52868e8f2db2dea75b91dbfa023d5555371e1461283e3f1695e028ea00bb35b6e81bff8f128af2d81df6fd2c7f6f42bbe9dab30a59ea4788a53cf9d6a2b1e9cdcc9f1883b37c91eb8bea7659fab41d47f6fb5 -CT: e919008704bfbe7657974c9e499a3cbcedaee7b813752ddf49a69cfe3ef39a8d6e1ffb1f3bee7065e8b74b28b25b5054d9a0e86ba50d9e6aa4babd075dac7b7a8a0141f0adf9c274eebbd381a3a5f89c287019db217f5b644862319f799ec3f1ffe71e26c1b501eaa56c97a0d679f2c85158531ea41080b4c690ebf7a02ec2016ba260dd6c5fe1cc5084c94ddfb2b897cf597ff36adc11957ee4e4e3f7f7fee3b15df6930ee9bd7a1c1d6a74316194cc4b9e2483acb675def10dbdafc7093c18f46ee3ae155a385a2bf4dfd33db9eb33202d82070cbbf9df7bd6e679f2ef866eb37654c82669434b25764ab8ecf1cbab63ba7b1fdbd5e53bf24f679e321708cae599664a4e5585723df96638bbccc0db568ca8aac82c072e6548cfca1fd978ee1d732f46c6723340625d3a5ae89cb098a35a5ddfea382f1efc3c4b0528af42007c47c76e9baba69833e0219baaf4448308e9bb1eef5512ea41b8c774cbd044b2cd69c6f1c13fa6ae950e48d14cd05d8c5a97cfe4334f7f -TAG: ed970cb4c8e9493e2b5b16c99aa6932f - -KEY: e453777b589188805e883e9e15ae1de4e80860bffaef45a1e0a01f88b5d7d948 -NONCE: e63eabbdd2f357cff8c172e6 -IN: 652cd3b420533b8527a6ef26c8ed75d349dca2106050d80cb22835c15861a22d8c7cf8c2c2df9407eccb0c21dc7078de4b8b91e82d94a9916c9a284c7e49c8c7d001721a9031530474452588e09411c66023c9c81b7891ed271d371d60dc70f0c04ac93bc694e5b638f7ce901011e1a17059892a98d596666d102d9f7e0de426449906081651f88157063729176f4608f2d506c9637086f8a56821538a6241d8ba5e0f37ad3ebfd0b9f3b3bf0ce18c095c4533cfe33f6a9871bd6158a17dbba101f840c6638ca0589434c5b842d5dc501c7741142982cde70d98014e925eb46493b0bf91a569139be22c42cd33ba1f8c2bc884b2501a0f49d6309344874325345a98481287ccc6d29978d1e5be73740fdf2f3a3fdd0d7c0642be7a22e0c98f0886ed51bac87ceb0f2caa79cf702ffe880daea115b8af6546a7bc18469e07a3f8d8b8a825648684e2b4e9412cfa0f895cfa162ae0fbc11f8cc4a3252b2acf89e8ac67de0adb91e36dd510f9d8ed4eef92047d015b2ebaed1f3f0412d81fb5bc82f548dca18d520599 -AD: 5c22beae86894c88aa7b50cc82029abff7c8a56d0a6a594fb502ac9f11cf10f8ba9967497e0b70551a6440e15285d53befaaeea2dd2e743cc056bbee79e47350bfb49178454aee0c78372db372d99ddb910dfa8db6556b61d64e8ec833fe4737b13269583459a39bba6a1202fc709595fc0161f537bd825b3245bfc238a6c7d3b2295d1857129df86db0891e022199c793b319ae965cff94b078e467343796992992d388aa210d50599a3b2bbea36250ace162989e3c21249115a402c544aa82 -CT: 5fb2516faf226ba7767500f7bb3fbb0750b535b2e4e61f4b1a8f8ac58fd0bfc20d6c83b6d646de135d151ca50d10b7816bc0086e0e45021b3e5ef2560be8a8dd5efad693a7a15192614e2c977d9c7c21792c8226d89171b3020dec505a38162ecd1fb3dbffede31ec80875b5a5c84038fa33895e9f10242885a6a59fe07be083c7d7f904ca636f1d8d812e33d3776fc705d5a658984544a6554176b2cacb0aeca55d3c53cb065769e8bd13096aa7bc86ff923a856d9b6dca7146efc39ab1eb41a3f84bc3240ca7b4882ff937bbb21f3242e98bbc6858a1aaa21f5a603dffaf680d21c9c32e383d4a56c6cbda51dda0db76498c2d3e8dd746662c804f968476f5600c4dc32a2bbd966659b097679a9d604e93b0a0de11935a9945b92821f985a25d065242fa120048d4760d58acf930ad57091bcbca236fcfa1bc6cd5f84dc7d19197a2c349138679a6bb13727a207c46bf733a3a86e52907886cbf6bfccf82fda3dad1b94ae819bdd847f5860b9e9711fb7de0d50868ddf792b3383efb1a2002ac57648af7bcd48b -TAG: 2205942e6c43fcc24e7a8e0e80c3d494 - -KEY: c0bf7b2cdf2d0ee20653b1e07cb42f9d1d0575ea7220ec01bb31deed93fafd12 -NONCE: 6cc8d0d26816561102778d04 -IN: ba7d68de3d942d313a63f1ee6c3a37397348f01bc83fb878bb1035748038047cca0c07710b9d76e129f9b881037786907560e4ae9592c02967df22af893b3ad409a3b9587454afe0375846cc8ad94963c7dc61849ee4ec1406dc7915ee5477bb73a43035d67e822e45d3169db88b269824228149abd333af8e41d2be455bfa449bc2ef48f0fbcaeade0f6b62d99e318a2ca44506670fb1397c47d1931136cffc72ea33a0e1e97745e938ce654b9b961fd4680117388dabdbfa134c9dec8206797e72bb5e6c7b672e7c5d720c2035dfe8d42edaa56f54bd2dab11ce5ebc2f95ef01bf080ee82e8ebda43598dca58db3acabd7b3cfbf5183d07bbdae49004f5154d6bafbe1114baaf4c624688178234a6176756718e79bde83422752e7a9ee87648b182f8ebdd96213b640b76118b577064f871d627d2a7218ad19d45499ed3d4d9bddefdc282e66d1d708daaa558ced4edf38ee6f3a9add0f2126e94a707261234932d0e3674fa085a7e2688b854bbb9bedb328940b5d35fd0eb85f5a56f1406d7a8eb7316a17eafdd7b87ee85d812a740041c8ff6057a462ea -AD: 51bd07df0a0b0374f5b4ff65ba48587cb83d20010e67f36106e99a5b733b8627d541ddc084ad0374432ac165b4e81c8601e7c180850e54d8db89c092d356dd617439f36d65422a45d116914390320eb1ed0736e47afd5131b7422234a36c5efc5fd578fd6674176a7ac0f73b63a3f5188aa9a7773a27f50e103c2faf3e0488acd1265055999bab1150ebf49bf03728bce3ceb49307e2af7bd5f9ac307a8d249f55514325a6ab58fd2daa5194b07fab933db72806ff4159075e140d89fc3e5d6b684be014b5f0ea1c85 -CT: d02e8bb096fe307bfb5d5f359e8895f775c126e43289fd30f631559a2edf6d5000974faac0b24b7aec5e6633f862009c0f3e17aeed6fc86154a365a99200d5855a39743f219cccfeaa317b7c9866831e2f61ac7a9553e6b6ab5e5c16ef2711cb0ea9a46a483c057316e4c82b62a895e6d4ed5dd9d3d43576443ffc769630f93b37cef9fe9a79dea94b84ffd991e4429ae6de76fa6d6a9f65479842070271cde06c6e49d21acf98f4ea3e2c28eb67275446e3bcd797bd610cb9aa302430993ef3453c4ae6133f66f766cefbfa5c566bcd43a357fbc502819224352ec68c6da3d596935dfd0dc79655373a588ba08beb1ae21cf222a00e53495946f9ffa7a3edc6dc20559b401c2c5a35ff461bc12bf656b7ab86bb63fd72e7828f3915156a93c4718eb5164e359ae22086f43bb1ac868ab6a3d0631baf4ecb8688a48fa802571606ddc8215af784b04f6823439f0d5cc409c1622ae2a586fe413e4492eae627eee9578e5ef9c891a23341561a9c0f342d824a0347eaae52da91827f55269ffda3ec959613cfe9fbe022f7a8f8f8ba2dd39833ffba261746cca9 -TAG: 7380475e9d2ff3d9df01b6c895d00dbd - -KEY: 7a97196f184755c637c4f3b8bdeac41fe1bb892b86047e88facc04e2d88532b6 -NONCE: f584f4ab378a3dc7d6102a17 -IN: 877db95465015e3122681258437f11d14b83f1159a52486b4c3bc6037ed33de9e856d3c89fc5838aee587c606cc0dbed9a58faad042d51042e086545fd9639b18650bd531065684076cd188f11508d48e2a7ee585e8c8e9061970a2d381374e0bb5ccfc8972a01d9587872ff0c925315d10ccd8b9cc6b1450c5400cee4e2edf25ad952f31da22c7f241f97d966bf491ff2b8f889dc798a24e184c64290656711a826290917db99e2c2bc679c92d309a1856867d9428ca2fe5ed2a3d0476810cca53b18526de0e88508a67c6797b507a2e09cbf5c31f7be6dffc78d883f607f0ec3ddbaaae6b087e8731cebc792dc840ba136374a9b654b5d61735d2d85a70646be9c470918201b9c8f756e971cfc12e0a93acf386809f769ed64a19f47f266f3504d47725672b2aafa611456987fd1db71d16a4d1289ad442f0877da4f192d814f9302a1207a8e8e48ed90f6b5434b35d47dac6a0446156781ca1fa41f7bb772d1eee48919b4e8371cf49fbf452187245a16b51daf82e35b77e80869eb84ee9ecd90312dd3e6e6023ebec1a21b4279bdf21402969101cd1dfefd0a730d3341571bdcfd36abc675744f96 -AD: bc7445f77f90f261b1ae207f93d17828d39eafae394ecc2e65bca79562a706c279bcc6d038edb9d7a344ab1a5021f9a597b223d7a1a99e1268dceab20c23e0208b9a898e99d83b2e788c1b7faaff2aa6145f8918f53cba3168db274d65f2e419fc233927599f7ad96890bc1cd4f983276b126f7d10b894a67237c7b67e8d633d62b39d788cc43b2f8a05d87e656ba86feaa3a729b0be2abec99bb40d177900f20b559c4e0ae2034409bc9b86c54644cab932e997fe0554e7eaef7b247aa00f9e1ec07aa9af3a86470075324d02c32425309b -CT: 7a0f153b5f7976c608206d8791dce0f90cebdc0250b484d7e4669334e8f034165bf4a794dfb989206217c13d4de15e75e7e01a24d2c988212adca2056fa7bdf33a1ff69f6ffff29b78d1560ec21cb4cc96deb9b41437dfe044600724d8ea124f741a5605233143e54d8a58f68d5a7900ed57b734c61d264e71eee4477ffe4d833756c3f65c64ae8fd832296f61a2a7dae5a8cc2c7b3f0cb87900c8c1d885d42420e2a65c414bff138594d00250e8dc451ea319893fdd63f55cad85f9f76ab9806e687fa5e2c1096f13a09ca7febd28cdafc7d0a0592865e568a58b3622876aabdc9a0c0f7924c3173aa0b218e28ad98384ebf5baf7448f316ffd82c5d7b7a51125e65aa78291a342dd30d767e19fb996e961c78d171263e0bc8529c2e3ec6d9430454705a05bd841237a68dc4b7b3039bb3a0a1c22213c9fe6c11d41d39d3cfece07527e0ebacb593add061207c5b1fd221bce69cb5121050f805e2c759423c97a5952962f625c528ff8c11f6550d435d7fbaeffe4155d266f9d0e138ae25cae2030e31fceef9e39666da4fb7e196ab3859532bdcfc10f7ecbcbb8863e7a0c005e9bd7fd9f52dfe03c94 -TAG: d6de820a9b85168257da829272d6271b - -KEY: bcf5462aa20caa950ec9653939b043c2e94f0ede1b91df0068fdc903431008fe -NONCE: 16670d77b089880c962e558f -IN: a573b2052d3106dafe00e3acca3df673fa559f950bdf9972e20b9612b5c4c96d50997261be7f2fa978b793d5b61e74b82541c8c02305431a6b7495f948622075b5d18992d976737e1f6f38aadf90bfb46f7bb9a7871620218564360729844329f4cd2f0c77bbbf17661529f88c80d1e000eafdbb937411cbd4295ae697baaa6c9a31206c5711bcf31f2dcb50cddb4619d48388a57475df684f4a00d432560540ea4d4d337ce0284467851e86447b1f04246fb2167625a0b3cc16873841d23551653aa1678ba76689664e16c7354c87d5fb7d40287894f46e56f5394bacb222b30fcb3f5d55476fc37c122d6865751212d4f57651092066aa20eb70114f269b08e4ece1b804fa3f2c5e4b94981d41b3503fd127fb21c1ba24cb871dc6f19c2a674561900f73e292f618e1b3a285ec79bc7784e3481cfe36e1117fc620aabeb088585aef6632a7228a5f901c62f248b9ae12c7a6e7e5052d9739bfe303758989af254b78d5a42c74b13def0516611a1c0323e18070147f67cf0613cb22d83dc29c176b6823166c35202c46e85484640221fea9441b1e9f4ddfa4c0a2f4b2599c6fc73856e3c18a5905f85dc919883f3fe9dbbffc50e89e8b71b9a36c -AD: 74290718e0b89aef1ec21fae49d280d3776d3ef79368634716cafc8f2eefb3f449c438c14deebb705a42e85274cecd11932c9a84f0dee48e8a2175b57820c1042adcfc42ac9a39341af5ff6edab2d25eba8f0219d3737bd4e7ebcfb3883877130c85e5be6a7b87cdaf4d37075eb2f0bd0d1a61567a362e8f66302e56668590b49b5c76eef962d1c310f8bbfdf8f57f3f82b9b2f72ef49cf487a4e8618476db71c6e0813e908126f9958ed5453067c6797eadb432d07de49dc2e50a266eaf6174cd1b18ab707a53dd47b564518b7bda452bc451a25ad2aaed6f2e7a -CT: e62cb3363816bdbd4153221411b5599b453820d675b5824ea1ef57c2a1bee7563a092976ce33c918a33c67e4628d5661acf2ea7e353bd4cce6a87557593e0ebcece6510b63b9a4a2d2c055e28b464a752b919c593623ee4c2a6bbc2b2a95f884513e446b10e2f0ea6ec98c10d893088084f7519f912afa35a693bd312335cbe2a95e4bb4cff6dfb6c2b632ef01b48d102f244bd0df83d54cda5060a01f3c3c3c8b4dd7077d0f3eeb89cddcddd23ed391697996bfa741dda4462efd006be7bf15c3b2d63aadc3cdcd862e3d09d0ca675e397055307fca30641f62fdba74ccef65682701b9551814139f4ee4eaba2f1739966925b56cbd6c3b16e94980484d32f51a216e17f07deaf70694745829564e486f53bf5cdd38ee660be09a8860be35873f14ce269adc17ce7c2ceb7941810b978a0db7e7d472f23e8ee80c9faef243cafd019d689aafaf0dab91e4b7afd5808f30753b46061057f302b8ca383c6dd7fb35b3282ffcc98487c9616a451386c1204d75337b28390e9968b24800c5a66449831da8ea3bf3aeacf2e6608b96c3291752cd049b168b1ed1f812a6f4901f30363a09b90b4b7f8af22468708c550cf77c30ca4385441d3c74e5f78c -TAG: dfa7cc77acedf8de5a7a0375472f3c07 - -KEY: 3509f704954bff2b50f5cabd420148967ff830b0c4804ad5081b42f842276c6a -NONCE: ddae1c3199da88778d920a6c -IN: 79114e667faf28fce2f7924c4288399e5b4968c711f03d721e885fea0668574ae965e9996aab6b30b6eac785cdebc45a305b806ea90663927b8dbe8116292ddcc56938c0b1b1639e8068db1e4cfd101af5478dd63fe0209125ce92e3f7f7fa43dffecc07ae1621f32af975dcbe3f34f1dc75c75fcbc4c23ee8b8900c2719f4a9f50e57b1f9a9d9172fc746112f12b17b85b0371d0472d3c193c37e837d8201fe7d3ce588ab7e27e8457c34d399edfe3af2142a2baae6c6ec74863f6415ce30b17c17599860bf9a59be41a6011104b9cd0b8241ca52d1f7910cd3a3ae8693e47f4675ade296a8c507fba35f62c82d923051fa718d52a0279ba997149032b3a91b1dae9cddd5a89400de90ffad1e1a126c41459c512c261f089787fcc18c4583abd4c9e8b7844389db3d13e8bd5fdb68bd76c3878344241eca6916049795716b257636f1d25230db71bb10725fe4b9217d5643ea14754a69739cb62c7e99c5157bfb8c153cd754a2ed10bbd574c718b8dad2a556793e00d8d5a59bdd486e768f2e61ea822822532f8b4d77b3446eff2cdfb7d88d37b3e7ab0686679e02497abc04ef7a240d456bf999cff4268bfa6e366831559de7775ed6a6d4f02d489d4c305f25cd96f2239f2725961d5cd8 -AD: 23d72dea41a1c1f1611fbab63d339a8dd47a3a31b7790a605d3bbddfdfb66ca6277a9a3e4036e8662d6560d05a7ee8a674e33d6433aed82fa26e5a1f5a2f47c28092ced2d182eabb9962aa8b10a567ec3705be6889e1415713b9ef08731393cee91370cb1d3bcbadf5710eb841d37992a7aa3573facad94e806d0019194b2cf9c41db281f6ea462e2ab7364b8660b956e145a13b77962c3191b2e46ab764392910cb7410d740aec3ff2ab8b643ae7e65d34f895189bb41902fbf2c5476301600932728008ce33380845f22b7db3a7b9accc8cf0793bf6ba37d405a6bcc8cc622f1cb205c -CT: 44234f12f5df525e7f45d785a5503ef1a78398d9e756eec0b97c426af4661471c57baba5b76a19da18984c8824b0e6573ed324758918543618ece2163e969b07fdb6c1a65164e09f1382653b5cc4823deba6ba403046860421529013e79c703e2b467fc15e4a39b5e9caf9f521a0428b1e68fa51b60492cb6c021bab35107c452c94747b59034da681b1f253d594494983df44e7b394e3c9fa190802fef8fb178a2828ea7ef2aa41cd56779036565da68642da9456079fd3bc8718b218725f657db994a19a0a01ebc51f7bb1dea2c7d476417876a7ccf8b517b968b2243e327eb6288f02858c3d679e599c2d603c80b33fc3603f689b91ce117a8481074f11540f6d75c2bbb5d3c8a3a9d7b5699acef00ce981d6c5fda7a8fcf5ea77a365873d185de9f302be3ccc4567b98b74cb695a323cc6ac162a06556f8c0a9b218407a909d7b173b2f1ad4a497fec9f8ffbb2436a4101f57746cdc24ceeb234fd8dc6f04e488227d4a2a42142bb6122b1b59087dc902e8d11e81852aae897227dbcfe872b537e57849d51968d1aa2dcaa63d6de8faeeb5753cfd8af808c69a2a7e831b34ad8e78c97b6a162401cb85247e9d89bcd593242e8c93f9378c1880a4b3c45aa434a5f6d16182035dea99a4c -TAG: f53384a5ef6edc2cbcfda00cb7456d78 - -KEY: d0b6e7fcbf3a6eb1d3bf2fb91e98593959077e8bb76adecdee2fcb008cfc335d -NONCE: 5465e4e10e9cedaa39db35fd -IN: d7b9533c5b8f2e5bdb427d8bf42c5b83cc11d2ac5ac96f6cf95090c5f439bc5d4828238a86c5d444ba0aad7b6c5917f673010f0717007a77064bc4d29dca0ae96b381cc89d04d5731a0f985a1e8071a0fff733889d0f2475ae9277b0ac5f7b68a0533f16f904ca15969cb24c24faf7a155ad51917187c5ec8cfc95352481f0e9002eee9467035b3d618b7f6cf9faae1de33af239e6ed4038706b735431195f355a27d1e7098ddd1f34fbb0bd3449b8c7a069b486984d09d50a90a099934eecec7372fc137b5274afe57bc0cd6f49b1e17638fdc8602d31fa975c4f0223349d40a86c36fcbf43124a4726e198729362ba96f79d5e0d89fc404b3836737445756c6060d9e95d1638a030ee5fd954f5a9cc662014ce7420fcddd9f2ab800823246ad30ff0d0f7789fe11807703a731675ceaa31b5835ae039fc0d111f5725ce4df0b9a075a8bd1c1112f90bd64c668d1d9e794228aaec7c17dc664ac88668cd06ef9c425f2815891ee4b737b18b138001eb6c353bd5fb7ec26b2d26a12ad2fa707adafd884be4251bfcf5e5e8f3979e46d90a57107e7e4d04c658f6224d1a288bdafe8e34df1541c702f29a1db2af2279380d49109f17abc4161a6052f4ef0f6657c7322eee44f4cae949dbca447cbbceb9f10c5be6de1d8886766794a3ed -AD: dd736ac7acd3bb87cf11e88f246fcec505f595902d1121f68557657f81340261684fde901c079dd73f7c9e1d4bdf90613e7790f334884b668ee04c29750d2baa21ba94f2407a512dbd8450ad4dfc0de22dcbb291045e0fe43fde0cf1396cd3bb959f2dcc1f7ea681d0e7cbcc73e7fffdea35f6dbde8ba0079ad97c8767bf76aa008864375aa0b02b89d8bf2ce7aecb2403648e6069e209f7283f1cc180c166786d02d984afdc4f8eb9479522362fce0633996c758d99049b25c89a79f7257627e2a9557363a290a0a3673407a298ac1cc034793cb7ff44833c569780bb8be9e937a3a758f1c570ec1c4865efe8 -CT: 90ccaad48bdd13c3df79d9679465dd0d794b0a0ce4ded4add7f3e2952bf8593c295d17fc43b4c44e56971e0fdb116bae0e7e3203bd02647e8feddbee667ca469ba3b0351a968d746ffe033a60a26b12b525d280353605b71f46cfe3758d9efee4fbb8333945dd794eedca6279fcf5a31003cbce29d748e39ff654bbdf1bed5e7516212dd1ac27e0ac5a121bb5f95c124dc92520b25b8de80874d5d230214c30a8a17196fd23fd91b00e64bb0fb78ea22f15363bc532549252e0f2fc90944ceef75f7c320e3ec75fd148cd130cdf48f88f85cfacde2b6b80ec0f45d0defa941fa89350429da61aea18d25a2d9dd156197dedbc7f736208390274143f63a4f8d2f1dc557c544e364dd3923e54eb79cada64c69c7deffd3ad75f8660b90ea15a2a818d6c5f0d6bd43519eec6cd43618c35b468e10d17b79865e591a0bf1324941a5066c7d1c12dadb77d4993685ac8dcbd2c284f62273888c453808ef40c5d09b054f8459a43c0fbf5c714e8c7b8985ea932ace7a79987b0a9be926335b87d37bc182400a38a847362b3e74b08a952c8c64ca72f1b79d6e0b52cfbe28012c1aa424da95c5a2e8b8c49dc2f305cef00e50b92d320cbec992ca1656848860e0bd790bac5298b7a09b7586c866fed3dcb53afd2f7b313272f1c4b458e1b1bee6 -TAG: 1139d5d9f7e52a51d258d95a9a51b5a3 - -KEY: 5940c08a09430a9fd36376e28e127f81789e8a605405de9c452cf8c7131cbe37 -NONCE: 597c9a73eb47abcd2aec1b2a -IN: 8522f154e672ae25f8494ff35d2573b343213a2fbb07a417d8a60510e7eb1ac5ecf229429f330809c84b0c1ac8f7e28c7f7414db905be8f5fdb5a2f818ba8440b8c9c20f8951b8e9b75eccee79b096ab09f4ec99ec394c7295b30d29060790d3dfc17d1321b8288f3be38b17901a48470784d00c5b53f895fecd4053de78d074fffc16c302a4f2718327bd96445318ad247c99c0ad4d06405b6509ba8f6bf47755f0b297c4616790b25edbac2fddc89b8d509d6955cdf66d30f2bdccac6f856a3206c53c550a9970ec450097ae4cb6f5606e64c750042060c477203479aa4da10edd4d28ad3df96d613194646abde78eee8716382167ee6f77730766fe8b4ca6c8f0270896bcf14cca5d7c2184dc6eef47bf9fffa3f4815f8fd7838c0fec7e9c08bca51970460bc013145f2d651bac1cbceda192014a5f27c991ed3e7127903fd49a5b3a4dea1194ccc10eb62f911586314ada3aab0f8a5d53c90560da3681bd9157892ffb1a381ed33afe203e3c09748487a0b71b8703f6e5f84d9195db08e4c4338343fb8e968d9f5a5b1606b6b20fe60cec3b54b49ef7bfc81bdbb2926ccc79697d916c3b622871dfe9344699c509f9b2775abc12c486e71a008cd525d8610f51948f75bf96bb94c59c98f2e9f35e8513e43898754f7338d7fffb87e538fe6512832e5c2b08cfe952985fac27 -AD: b0e81a4edf9fe8b9f2eb79758a99fed7907343e6be072bc93fbfb5a539142a18af4e4710283deeeba4e0c1c1cdde7e886e7d04f817a5efbe89d12cabb34153856af1cc98c4df21cbc1da3e34f0ab74842a8757a189336487d3ec77f842b10e2efe3e1e232fc1dc89d16dec865cf6e9f422e7b9d7a4e421d79657eafec5451e04174b3372340d6fa8cbd23fc0215e9b6d70a9781ff3b8ae049bd31a363d3fd465f235ce463f720e4bca114d21d3dc407a66f28df01549d168544478404256715161cacaf06d955f525546d384a44ee0570d8c70319bd33aa07b5ce0a891c467957d5ca4d2523d9958a8b4b3e5d3b0dbd1f6a1df3acd38 -CT: af56537eae418deb9f7da2500111c077ca99da5e835705385924845547a592cd3910dd419e6fa4b9b2d7c21d42ce2797873a494a735cfbb4277143dd25592a1f70ad8d29a42b55f697807994a1c0338543bb56543609e052e52e1b7ac473ce717711fd7ce4c269291764c11615637b29bee0a8001ce82003ac91f410153fed863f7aa1071a76b5583852f6e8bb7b565eac8042e0ed76704ddcb2c03504b9c79b1e66c179a9e91d2cd890380421d84e05a70e05c4aae13fa600e57a78d7668e94f87d7bef00b055118480e4944131a39c7b6066161a3815137a3b0e89cc0db03775507b4d3325ee4449946b33892e064954294c6ce83c97fbd7f11f203fd1af49a478cd3eed3cca766ca3b9d3402dcaa4ab9729f209ad46daf17a584d6187659b039176deb9e08a0cc78db16e4122dc5f81ae4f5ee23a7140d2041cc81c8c43568fdd45c9ce4aaefdf7bf2f650f478f7581202b548164c4c160d3e2d5762569341170304e965e09474130e397bda5326b2aa07067a4fc8275a1cbcc43777414185b243ff67f8947b16db687a5b15bd5f685ce250be6ff21355ada2e125b64b57d57b94d6461ed19e77bba9234ba891d8da2008493a07d4f8c76e71973bb9ef87eb048c453cf66bce0e820966d9f62d39deb43c7a2c25335184e0e5ddc1b191138e71b155d39271becbdf097bdfaf1 -TAG: febaae3a1e94e47bf92a1171c91aff8e - -KEY: 888d8383ca76d177685ea6d2d65bd717203ccf794d613b2f4d50894cb12754bc -NONCE: 95fc19c449bfc10443c5c163 -IN: 88d98f7a8343cc89faa48882e8a60f83e817f17f68eb338289e2deeacc6bb5ab6d25635b9e0d29fa87ab97e5f29ecc47641e5a4e0d5f11d04bb25c7dcf21e7a93de1880ad022c838b5c957616764bcd2a66f1098ae4926a93e1726384171cbd9503e03b72c77a2721003d3b391f2aadcb32bd62e492528ea3ef5e85761cec47b846d32988468391db2f23fbfeee39cd89a45e71e4d4b29c6fdd8abd1399faef491211e902b0a99b451c58211c56b1a63dc2e8a57e6efab94ca95818a78fdbdb533f286b83725980b9bbac766d3b3ebfde01532e7ab1414eb6d52ad3b1908cf58ba67449cff1d605708d5fe6b21c769f99874249d98ecbb3c62956ebf6f471b63e84a8114f73f918aba186239947bbbe2973181d9b48e801e3a5597b01d166bd2ec933b48bb7376ef131fb792f2a26edd267a713570c1dcac5a223646f6b52b0774ce323efe526b12f1ae59ec70bf6ff62f857374299cf4ae182015cc0cc2545b68d483689c82f4356dd8a06cae383848cbe75f08c5deb198c7effb10973b21fcb72cd53f6baeea5e23b7bf4508825111ab94535ed5ab9b51266d6eee98faf47b6a3acfee64c4a6598baacf1831a0549105d47b72434f498d54ca59041f07d22f3d6b177fe53b5bd874548daff7acab799c3253435551d963110d49fe1d2212b7e17df5b98a0884d9b7153253ebb73c0fe44485d78821a07b5e69bd446eae17 -AD: 0e8aa718709f258a2a2476886757fc36fda2cd5230288b9a47d4a94b96c8cce880d1d06466aa1b331c0b893504fb8d6047b82549bfe807401d795d784584d608e419a7be990bf099694c788f11c29cb9655057ff12b4ee4b579bf7a52a36e9be42f06fd3ea2a8774cf70c946407db105cc88bd95f5b1f347bb8b4467e08058153edc70fe78bc8fc06f462ba5b16c5a56ce8a357700b43ce1fc8210c17af00f0ac8a19f8a73fb47815113c960138b2238031a74b610a1c45e3769155f6cdb7749d801b8f90ab5cd658f8f28443de9bd2e92098ad7915a6c68342255cc5f1abd5bba34316a297246dd2bc0f3975bf0037c3d17ceb9d9c9262b0797a6b5a90c72 -CT: fcc54b58b1330cc5e87305ad574eb3ddc760f12a0dbc5075d8b7e825cb52237f48845a1099527fcd5e483f2d99a06a413eaaab04e641bf7ee3e6f08575658da3e48af76b849ca68443b61f260118bf7730d9a4b965c4d55d391c66c87ac9a065f32e784758be031f9f24901737da41fb0b800e61c5d3e75024ce3cbc03c9b0a318b90821623cb50e487fc15ffe6e3b1ba69b98ab10564bb72f868faa2e4f446e5331065f36d30942022038d11dd040d872aecd22163affa37003302cee8da8b02fc1ece3c3b6a29bc515609faaa460032a09adc496bbcc70ae7d35b78c8f97f4b5a55b9fc03a00561bdbdf883edac8761a8c31275c4833ca06a212dcc4fdabaa022c7e7daaaa7435b5c7014fa3866bb77890ef0955afb267417706ccaf3ccd9e633ed9892fb5049600597e9b85f73f7fb065bcc748237f33a0c300298dc4cf37781fe632adac9fdc0f3388d315a1816f315c96b8d75c7143795f56e0e51f09443396dd7e291828cdb0bb70125e90211c68530f33e0b2ef8bceb42905b908fb3f64dcf48ba8ec4abbcfc3da2bc6f04dc8bd993a438cf3e64efafbdad932e01ab3000b6bc819e1c205242220ea72ecd4cb38e54ab7c483a58956f992304512bbeaf7fc0f987098c25797d734cdf74a3bf06a5ec90cbe1e12e59fc47e8ddc4ec0ffcd90e0db824e44bebe661a88a94b335bfd2d957186723d9e0d50544e68547c -TAG: 9c7a7696965ac3b4d1b175a1136fff97 - -KEY: d4af4e662935bc7de08739ed8340397b78f0f7dd4f96a2fe50579a1e7754de0c -NONCE: e06145d6b247742ab582584c -IN: 3b9c868cb0311b02273fe15f7a87403140b7b3bb49342cf26a5e68226a2927457c0f6b06f429c6cf5746b91ce5220e3b20cfca713664f5ec98b972fc3bb098f52c973a917f3b68dffe955a4fc670fa9c2ce686ceda47e060b291fc5a39fafc9489d18c3c3c08e580e492e35f058682e75e06c4141c38fd94b23eaf1048557c668f26da84f08718d850d65f8ab7a4e94c66fca8bf5ca345e8a966dff970fefbbcb88f3cc6b791ac03cad7708492675a2b4c54198b3f5f8906f3bcf2a56ba04666698c820309745aac83b45fa89e794d56a16fb3d00c923632c1d68fce42296729aba6ca2fdb2155a8000baf146e461c9cc1ead957027a7303f01622d129eeb87604daa5b792d6d2cc4ba08cab47c3a0209195dc19edd01f1a4b54fbeec73c422b1c06558f3d70a2f96651db1e0364b7aab14d496a81b169e244f0f0657254faea172e9409bee2934fc622a7b2079f8368f53313790e1c06144f7f140468266fd6269b4f442a06606bdc9097d4547665f7fa192f67f0a14ff3a9f04092386d705a0a7d3a566b7c2e2b6ec9b6e6caa258ed2bef1ea747c6c80c0b494a5fc66906f5bec5da4aa884d38a6dc74af82aa94083106f6b8e182b529f94f4c389d6730b313ee8e656637ac064fed06561ea32b4dd3a3a128f3458c6e9b500cf3e578011e6b1ece6ed3fbd896119511f89db1e1719ca22a30b779c26803b278dadb4446fe2 -AD: 8b5f96d3c91d0280dfb3976508eda8e803de1205ef65b3f7e4a41005165c5f3267b60a679095c25deb7c229ae7631c9df61ed198a9e7d9f6267bf288ecb88ab82dc3f210867490cf9c248828c73db475a757979894c16382fa1a9e5a06c081fec99aba123f6ebda65e07378026986b97a75e0f3bb74cc26f4b813d73c4c7fbdbfd5fdc4903a51d3064783309e497d14db09564a75551adc83197a30e3584a258722dc95fc187964f3207579f5d0caaa98d9dbd547cf2b854c4e820ee2fb4c4a1c83ef814e6bc48ad7cef6efb11b7dfdd41de49f1ba2317849f153115457b6dd839b6b5c84e8bd11419c553d51cb00bfc28e7c82718db654b4f8cc7f37b4ba96d -CT: 3fe29eb90fe4d85b070d118e2ee7b5820ba5aa019b5aa64c04485305771ab03b7dbfbf9cefc1f1d4ac7b91e82e460e1e4bff9d6ec7cb61138fd3521a9a13aebaf082907b6bd82fb0cddd4c6d2af72b054c2742ded0241e2db9573ea7cb76b56b14c7bbb2a983b9032bb701a83f7328da550e6fe2c07026a81989d030610afa859b1622c8743e957d3441f044339d5936921104f0d98c427fee9430dc1689261c63f0a02beb9095623480ba798fd13ec536d678550f10f71f2dced90edef6e3db5699a27f20d2382b06adf5df7108d44b5610bd49a7270d1021b93cb167b15cfbafc875c9188211fa31aac4dd9f4abff49cf18c466731d3d343aa04851abf731137c83e8815a04cb48957b7514f5b8d27d1bcfb3f8bb805603062fa4f2a1e50734b2e52ca9e99bf834001dc6f57fca600bc49d0e95c2ca80581a66176f182cbf9602e683b2480492d1e6b0f6119930a85e09f4e56b861c8c287da0b4028c055e3f325802260b7666b38da47960acbf10f9206e68ef247a78b0f9b7b5bc50aa6f5a47684d1e64c79ff28f1bb21bf3e67f7d6ea5c2074b45bfa7d905b989fd262afb2253b172415c16706b9c88a322787a3001460848391863b71aba1d23dda76adb560e7a03c81271330bbf36b6b21d1c8965f8973afa9772b7590b9de18a9c961bac11590825abb5a7fbe78f4d120e6eff290b8b3e4b36222a0fa1de8a5ba2501 -TAG: 0948cf55a922d9ca8061356f5a829236 - -KEY: 09513c60bebaa087fefe7934112ead9e90d8599e184692ce235fbf5327dacc20 -NONCE: b8d41590570fd882012b1207 -IN: ef4f33e3526fa3c64c4cb725091dd621bd6f2ce69c29ca39aaf172f05400ddc7af2af0fdab161af935409e3d5b9a8fb915a4ff8b7c0d4baf8f0a103be99ee7d21eed37e258bf79e18a81cd42fef0dfa465e04cb70fd8165f16203e8ed49bc2c3e88476aec77b466debaa6d888cf8cf013e8672d781fc5a8bbcddadf023d7208ed5f6f0ee2e3418158b653431fef54f821f38a69202897126f9a24a5793cb38fe5e8b3f77034e080dd8e4acc7fd22a12ab64a47f98f588e756fe691ab4c7f4557dd9b77e28f997d687a068925d18fab49f3acc072b33fb4d8c7a60f9a639b4b1d785c062e5d386261ff9e7066ed81cebf6f483466c0747dc221262a7e7959ff156f3e69dcf4c3db8ccc256d666d3700475874d600d6e7f69a2d094c9c55669bb4b1f72583d23aeea9b858372c61516fb3f096736cccc3ecd74b98606a404a5a6195fe0899916c463092a749274e91831ef63b254a4c70b737bd8bc070b805ee42e5714b07dd4fa39da758de787340c0109e55ff4aaa19b05eb8e2b2ce171e4f9854d6aa56536b35359a7163557056ccca870012954737810bcc6ba226f6f38b774da0edd4c3e2d64ba4d6415d6528d7227a5a0ab222092c7035a8fabd3897bf9f59eca8692373b676b817d57f83aeb4f866c553b2ae1def7d7760cd152d18d43178b351ab4e23272bf157ec2832fd92b4d4e9085cf51da487779d82011745d0982ddc348613d55143bfecafa431a4b7cca9 -AD: db82856c297682e62ecd1794a6ffe02a9e9b69814a6cebe50418e9bfc9e494b04afb9c0d6db479a8bf1c5d88be4c6b81246d8f4ecde7e3d4c6aa777277f705ef81962ff56d8174255519c00ccca0098e9370b675f736c86816dab838d7887b1d9bd638613a07b7122a9d55b4a7cedddda3b2337d3ec7bd20e499daa467c04a9d52ca1a02d119a62c6dade203a0bba45d3f9366e3f59a4abcaa62b6c08255d60798b9b0bd6205f2e24253dc75e8aedcc1bb3a525548479fa5363bc8176075ab004e7e73d0ac5f5e8717d3389f3287eea904f91fe63b5cd860091a42a101c1a1e6b13b31e2a7382f718dde735feba88ecb1ab41d042c4ce0106fc78b2397eeab842a8e0e5eb83b31d212 -CT: d412afdcb77bfba94aa9a2a3a3a016369706fa4ab1efb2bdbf4c657fee4ca85b1c497a4a85e1330854fbff098c2f8450b7a95c4642b970518293a8d6e3f66ea0467cb05b7f2eb5b406e3ba36e153d97c9bf9bf45780e6576840888355f6084adc7ef517ec42e11271d2b72f2675553e21521e4a6b8f92f15fdaee335a4b8141e42a7204e35a96a3bbad2b955e1d9fbf02f735cd1c31f1fbc069b89361a9e0e18c75a587f7f5279a9005f8338412e71eb6e7e644586b9e6aeb6397744cbac0f60b086f7e36b7147c27c077d7038797c6da35bd3812b68dde48917b6695537490992c847a544092c9e16f3715abb930080c10dd8bfc26d51e7fa4b8cbb785d3ca64a2a5e21a10312dc4b55710d7b2dbb727b285b087c542c0e4d9055e16cdbc90954a91dc417ab19eddf8084c765ad1a2636b542411c15f36953f9e6a177089fcb9bc45f0f2256f7b461ff5551a5518c5c33f8fffb282d4698d1ad630cef7bd6c0577624a642eabe3ac0f78386d8dd1429f02a9c206037bdd6ef066ec15fdcf52aaedc1771f3f424e417751b3ee9f8a71ca47a45bb1b8608f68aa1cb29afac84fedb11f579b848e76a5664a8978d5ef26bd087bc28822216454a193a9c4f19126a108cc00b25f9cbe0bfbe704834153bc6dca55f32c4ea87ea6774768c5a36e5e39be927c2e1d4055fd279d99d1b3a8741a4320436791de823c96cba601c0ba9f36f65eec9d3117c6d73bdfecd4a3556f84c -TAG: 8ab0f495275a56e3a0d77f255a615fbf - -KEY: 501f265508ce73dddb94729433f2388d1925992f4cc6ce78d9be734466b66d3a -NONCE: 702bcf31e90cd2ff6a350a94 -IN: 689aad4381aa79708817b7e8110cb9a8fc8cfb42a277210526da057e93d32c609be4efb1fa4254c1cba3cb3c2bcb5dcd23d1acfe671c4fbc2b632dcb8ebaa952d7f6ee68e52a59d4933e27a54363c24f4cdb4c4f7ad2cb7c666f9afb811c06df7bfdc93f25edabc314a9a1118c2e0a7cfd219c10a28b5de83dfc3114dda3fd31a3256fc3c915714f1b7e83c6e66273b28944f7e9668de94b8e2536701ead59f9f7f7043070ffad0ff6fddea1d9f92a7af2ce3fb8d130203d0e9550d29785063562c59fe2a699172f32126f6176e9313376203cc1ed15812dce9e304582533a212b3eaf209ea16c8f83db448686c0fcdf5dcfd957fface636fc31ecf5be0072e19e93250e5de639113d920e239a0d1581e179f9e90b5bc077c27b08427f0ec327545c1a235b88be7e8451a5bf405d0dd66664a3bd284f74e4393f969380bb63010081457effe00a972bc6e4895ff82dd4a50e302261734da0efd66b0db1dee74601aa414cd9e2a4c149956bfd63fe0fd1f63f3dabbb6aaa2c651405e36286d00bd0a3c9bcdb8932c6e01300f453ec1ec28724b8934d26c1405f311b67fb8e97ee14624e2d6837bdd38a491a019592526095ca9169b4657d65486470ec12dbc793a42df7d7d9cae29135bbc499425775996633ea60ca5c6711e3aafdbef89ff1bc41d20550c219c82a8841ebbb8e152fdcc55dd689c7768a97720e23a7f9a80b173e679c0e2986e4dc00970fad5f8706a674bfc71901952b7b02189e95dc7207902abc -AD: 673d09046fe2326168dd702a76328ca26fc1abffef071f58f968c165700845a997a2013b71c5d83cf6b6ed8d76a1b6d1417d22fe63691e88d3774ddf4ee205f352b765dce99ca0a996d33f95f853ba54f2f9ac3e6d1c068567695d06ee8f3c9865f034dc4b397a15cda23a872a075257c10ad8e2c6d3017ca9183ac2d8b80068a88ffa995045b96df11faeaceb7b41ad716122f08cdf72f9d4970e5315a8bdbe6e93316fb0dd8d1b805ea4861e99cf67a5c8cd3d24eeff142cae3c53eae387b4f51a45bbd808b7ca1c3b69042c33c8a4dfc93246e07dd93bd12c40dc532f3738084e47d38983f6b529e3f61ab8b17e0b588da524d0ca67092112be6868d5ae35102478ebd35213e7b545c859effd6a8240e0 -CT: d0bace68d76a5be6b31bd038b921b6377f8022e09bfd90a8a94d55c9147b07e9857891b8f4f43ef410378fc0a54966918bae5fde49658e1f6d307908b5346b9d776c1a6dffe52213286fcb298c741d04e9280a4b108419fe9dc938fc5b3810183bb7004a3eb05cd1fa81646e7e64e76e69ddba6d086a020f7c89ceaa7ad53b13b01c5c1addb818eca6d4e060b60e31320267e199af494739f67544542baafb577d2bfc36d7f92b8236dfc6dd5613c9b81681f10ebdc97e49432309d8d46ee1770bfa256b871f9bf76afd426fda88b91fa9a407d6364c181a1f04f17083751944a6925292fb42defb24c215b0128c6f500a642cfd230c89ae2ce117a29adc5c09f7dd4d97a34b9fb4e55802d325a1a13d0f6e664fd5f5a35f22c96c5b567d2297c5832f928ea7041b11f7ee546dfa03bc03385b231c0503657f0119b545faec4010fb67469f2b9bf69f4ab89abd70c339893fd145758b3ae47b44fcd36c20d361e597ca573317b04a5d00997755c97ab20f9b0592aaa8d10a940be50f33c9fab16bb0fbec7d92d21c378a3badc8c2137fb989c9b6111ab8228c427338e0685ccf979afa9e887f06cd840c2795a9e08ed641990f0c29d061c4f93ce6a15836b34dd428d5906714315cd9bd2f636bf9deb8a6371ead07502a46500f987f2ac124428256044948fc4a2cf778012d349ff5f9e3847c8b71793e8acdb96b68eb034d08f6b06db00c72e10bb6574fdccdf39a775628bc387b9ee026866854f52d91cc62659c -TAG: 54c66aab6e2939029293205527852b9f - -KEY: 428bd480abeda17764af5b6ed4902977f21fd06e53061ed8b5bf49ea381cc584 -NONCE: 6f6eb4aa086447f4a7e5e8ee -IN: f4997366a2f8f827238ed0cb5b691154f345b4586e1911469c0c81df93859ff0a39ffaf4930bd39aad2bdeed92d4580523e5244640b9e6d3609b022e4b4d0c631669e00571f8d602938eca0b3bf874c0706966e3d07902e392a6721b7dc57028b0bae7d93c40c803a03968b2142965ff03f92d6e729a0e079a9dde3bb30c9c10ce6a5627bb476cf1f879a51104f3ea6d0599bb288d2ba5e0103352372db8ad379cb629c82d212c1d1c6543a8070fb01f61f509c597e92a05f83ed49f2a1c1b3ecc64ad0a7d5884320f481dee5211716fc1c6ef96f34926cb5ea86eae04e934c6c0214eca8369928f2b0bc93c0865cc4e165f2eb1c381642560ade7956e5d69381537b796a11786e8f20d264f0dabf0f31be89acf8d7fcdb2a063de5a9812a3d6aca502708d448a869bcbbd3449eb7e893e3c96cd76039ca41036c8fa9e365709afa301c30b5430e004dd08900d75815936deaf9e7753d8efdbebe09c27426b55161bc0ab3fb00973d093ff6088ab6f309cdb1e40cd40d3f933e0023f0c210cc7ddeef2d29d82e0955019e482782462542e186467bdf9b866998a731583b0906ffb0174cb44499d2d5e3d1fa3577f7344c21362f77e94cfa981913d6592ad1f537c13067f8e7af921db28e93673ee38de0dfcd497d77162fcefc7868ee3f27c07b0d818eb553fdf7acae2db4eaf657853a26b0a760954331b8c91e763f568d65e658c6eb53a69ac6bc582c33f8146f6c8ad66d8a454be952425f3c0130e658bc1934db754d70774d73b40512e7a9782c4478e1f -AD: 9bece80281dd6d8eed2cbca8d4bb08df65feaf79e9a35d075b18e69dd39ba1f47cbb694173432f5f0ef125a9b1902ca97820b6024ae5b49a880ee9e12ecf561ab5abdef81366019a8be495af1d664970178df68f38cd83b416d0076a522a9f3f795e2d2c19c75ada025cb1ef41513cf2c29df9a01e16379c101197da782066f9318d4fa0325bd584b04b1f9597070cc551693c964b2100191e1ed949c426fd2befebe5914cb567adf7518aa4574921516576bc33673e6ffe422c831e616bf6d03476af169d9c4208d7975460873e2792c209c089af7014768c0ae9fa8011c533fc890e366b04d1b79ee7d7aeec0fe89ddc7400d6fb8878ada40a76f65df17bf34919fb5ff7711ed698bbcd3ee4aa8dce8f879959011612a3661c5b -CT: abc04db39ba31976883d21f55078e5e4f5ead60c56b232124dd035215a124a489249ba560da193cc3152352f241070313d8e8b693bdc7f72e91c34a5713688a6a8ed1d3a3fdd0c5f118fc83df42b8ae307e39b35021b4479fe240be8e161407bd82950dee7d9a13d397cfc10d38ff3736f47a4da0ddf2cba1501c18674a71d1a1c948e038632d65ab51fa41347c583bcf2d13b2d22201957f607e57dab80e8a1bdd2b9cfe95b204976c1fd5f5e9fa304d3f9761b63d0f5dbc7a129bbcfd97c437b7d3bfbaca571a50192cf309a209dc29d51a18cee2ea9790309795ace41ce20c12eebfc6db620c398d3229e773f44048d596bdfacad90e277518ad0b2f8841eba71551f79fd891cd1aa84c6c87224bccac2c95d9ec27d3d0278b274dfa30a3fa8684f7cf50bbb80c49ab4b4ead2943e87a31dcf29df040f1dde7e2bdb097d230bdefa5d541572b9e759edcf498d0db993f5904e838d53230e231cfb57266fe0128c2d8ed81d6be4b0a14c286e9ed109fffd1cd4d5d5b8b280c238e7e276095659da7db5bb400c157901b111036ca13af2c7763fc33fb45f857d4250ac1145678dfa99960c03327cd39f521d71b582a85da13fbf2905faadd0c4b7bdc818761947a5fc42215657959c335d0dd01c8562bcc6338dd183d51e8b3261b90e0642853912da5a19e3c74a6c109e845fb700ca20c5c9c4a185b1060a830c7ddda040de695df1ac085d7a0b0d433a5530e5a5fce1bced424383520ad85c40d709389a4b3e151e4e8b3c68bc5f62bc9acd0885fedf11fe -TAG: d340ff2101c55bc874a152a64dbfbe91 - -KEY: ee1a9d7db69fa33107543f111a1c416c92bb873bee9f01564b44922beb1c8158 -NONCE: 2c9c6974f2442b87c02cb723 -IN: f5f3c05c78a22b7ba6c3387fea2d07ff58ad55c67aa9ada12563fb296812d087ef3b2d47ea1adb6a7dab646bfd1aa9288c85685c7b41c14eed3c5a34e0642b20888c8d51a65a1c332f1cb5779296051065211e5ec624930f1a2bfb6c10d479059063a2a4614999b0327d00f875162440c29627f817057f5151ba9c9364f0a6a9be85fe7fb911efdfd5cbfd741bfc63564f0d73eaa7bbf4fa16de77fd807bb27a9afd9e62c86e7033b8a969cb0ba9a2240de1a8e8a3463c2fae49c89b3cbc97e59eb30c2ae35834c36c22bc056a34cbd339ea469f3d8f032b5ae10eb00003025e55d42c12d9738ea74703308633f2772e8cd3421d8fc9d334c2845870a2c68c553f4dacdbada3af4ea8f20df3891aab8db9510c299db2bfcce4ffeb5ff128eb3c798dcdec4c665a4e7b30ac120aace497d03de3d726638db82034a19df83e60cedacfdd511a937ed73adeb1565661a201197eaa7fe817bcd9b83a19052461f56c3480c0e0d3314c57aad4f02a9e10afb967f752fb144bb1ecce66ea05608ddc7c876ba95698b04e79a429d36739d31b52e47fb032b18e7686923700e735750628ac0effa74298bdf7b75c115c6ea30634a9636c7ec5a02aa467fd53292d8991fd2cd45078471ac3bd8dbe47ad901047522e82cadde3b4f9d0a1e2b8c6faec2da532a09c58acaf7207fa49c1de10f377bcadc903a3df381a10ebf7556465096a0506e7ea0e7f11e00411f226bf2897f85791d6e34641d8cd049d95d996bae9dee6b2417f558f102a04d758897c484e930cc97d13f540c00f950a1b384ae5139dfaad258e13 -AD: 15fe76b22a601f7a11d852a080c228065f423c380393ae13ba817f18afaf48f7df08ae376d62e770b0c98e49298bc1f6f1cd07b586128c42d2196d26bc6752fdb375a0edef255d139b35841f426f090f270d5153efe6dcbcc2f4d4fe19258284b98cf70483996003889958a7c993fce98ada15a8bf16137624a2e078fe16060b640155615ed55df21d9bd736df51970f11b06775760116ed1a624588052787f6e95c93cde1c4661c9efafa2d2f217e86dc941263c176bc9e15af02b922e23a1839cb4148f82e8d8888de16e17db10f659112ae0f28cee8c062f34f44304e32fd3713cfbc830699e6aab24aa1c829bd582d39c4262c625c45bcc81b5e07289eec77fdd1613a7e4955aa96ba05c45676e973b609aa6136f5e516e338d183db9523c3e2fa6d -CT: 829f34b0c9a9dd142c05e45001836bd524075423cd40507819ffc9db5f5149cfd97cb6584c280f936c8fa3c0237673ff858aeab5f678be466c8b0f9356cd48d0a4bf55f5826115100316d5b11dac5cbe21b817f8e5b2587971d4a1f47695f1f917a87fd64356336481b92922244639cb2455c3bd0b338b24727f14c3b68a92ced6a6a58fd2c07aae4b5206f5fe355de532b996e6348d357906ed4736734b62bd27f8e832690b2e63a2fac998b7af27cc98aa64386594eabf12d5989716e8c36169ac8f548433c6cecc114279cef1a62906bb69233a3d74462f4a35528a98651a0325c06c3667ec31f7b66bb9941b843c6faf6ee56a813b03f3bc8775bcaf1efa10cb4ce784c99ea79d49ae57e4a77d7b069f8456b66ddd04a8addfcc441fc3577b5ce2e38eecebe4963e78dd5728e347654403ea249f70817e545528780668c69bd5186cbfa73e9e7cf3813952377f748c6736988a0faf9f06112dad90733847dae8ea272ac49f1290a417f4eb09f6960e0bbd90c098b3d6bd1f49802325e255ad104cd18a90189aa486eedfad8ca999f533ccfc30e63b31809a2f0dd6bacf29e7a4de79813dac86e3b324e7cc89abfe98e91e02a37e3a5d224207958fe4627aa5861cc1d58515e2da73eaa171e29bd436786a8c54c449bf620b0d91a0c001272b5d047a93289e2d6a31ccb14347b019473214c9dc066d867fd3cc9fbec4c1ea887c6e009bbda41f5e888bbb14587c04c406566abe1a7f473f052a17c3604e837d1358255c70098a4993fb0cc25cf89326044f11a7f4e6e320afc5c8ae457425427d5a08 -TAG: ef86f2b8d839c403d817a7a4b73b727e - -KEY: 7f603bab7b77e7acaf5f144e9a301a221111ae8a3130b0a77f638dee2e05d4eb -NONCE: f314fd627004e9a78d133482 -IN: 2040ceb4863196a75e5c5ee70861381d6cdf1363a893db2bdb201357c908284b91d690770205be495f788afec67f205edbcf47b78fdfb6e1ca53dfea501ef7fd48008ab05a58b65ef8e3b25cd3617dbe7482d0e846d04d00508192373abad114b6e5713f84de6928339d5c57e4abe88f0c0f0913324bdcc661fc85f391aaec28772df8faed4069573ab9ce2868039b7971b510e8b9239eeb066ddce13e2fc2579b159b08ca564de01fcc32abf19f388f0a8e810fb4de96e19d02010b75ca55d4d6db6c1a0d83d36a9d30a980f51e8263bbdf18cb768c5d912cb1ee8394763dbc7e9276830eecd1c92541ec53e9fcb5be036e8fc2da7c51e9b7978a7fb8e24182825d8a219167bb925dbf639edf4a25c42ab08a7ac8013696f7e10cf0efb57ce4910758ac0726e0bca5d30bf4d0a231fd12420b9b60c3a690e0ce0106c1bcfc47121253347bde0b02845afe64a46c74a401fea9f81cfa02d47f3c6008be65031e26b07d05253d0fbabed865397284b44ce2c38b2117f90f7d3bc60a0d9b04c6ec4b5108da61ff7f6d30083a33528281bf2b543bbb2eec909bc8706c892844e0702f224cafa9f2070adba7e3942023645427abbef47ffdb9ebf43b24aa7367deb7d05241cc5ffc0d1e07554545ddf0f6bdfad4657222fa561f3f92c83fbdcd5b0b93921842d2545b386eaced2fe37d0e5601bdb969125b006b21a8283d8cb5264ca2d8765d2bfe24fc04f8feac32293d88bf6a3bd7764847c72b07a9c3caadb47b96eea17199713eb48d03a8b37897defce70b258328f0547392e7e82e2a1be53c8e40d58235f610ced56019a0696b77b16ed8bcacde -AD: 1c142bc3afee168755db6b8d81754dea34e20f6a0e35ed9da60bca3957a054916e0072e3c5329ebbe2bf8f224efe6d501e0105614f72c8e37f2cb7cef644baaf7bf32975cba8e519034427b49bd589d076e3a79b2a9c90170d1e503256389ea444036523d36486bc2d3a94c73afff7bb2b48d0d74b7607c3db43186b9f85102a49d4c0e3cfff1dcf8b5c0cba5ab2f28e1dcbfc858f57f585d5e7d4ee92eec6ebe152e4b160db923cb8d9c154b631e3340b61272e0726cbd88298a4a6dd1d01fabf67d9c66c4681019e13a0e0280e91dbc3cf20e583b4a401dfc57cd3bed42d7e889182a0b75072fb08f1be187b3c7990f9f17bd29d61b8d2bc93f1a78e84fc8c38c4184afac57f3c6915dfefb3e194afa3919fddb1efc685931e49129e3afa230681fa6e7c1d6a69be66d0317d -CT: 93ebed6f7254c65c204278a9acae0b123dc19d8e226e41511f349961b1939ca83970b9696f31a7fcac5f5e3d4931b0a592ac27fec71b4e5679a56ad1bc3be37d4bdaa50bfdd0d00545d4b77e757ce7a0c8abfedc9585199ecab1226763a81f9a8c6853462c483f29798a9b28073a57689c5514e356f9fdc3f7bf8ee0688e8cb781af3a365ba940f7ed36ca68f6622fc6b6310a4dd7f8587853f58ef485c82359840e2784460109b4921e4b7ab014b28571938e18b4525bb4d5de35e77cf44573b167883feb3c730945e9ab71a2b755cc315ba99ab96f8d4a8f46589f2e8906b269519da3a2dad2a7075629c82096f028ba47c33e264f55b8898ac5681d396b8e6d23616c1f8db24ece718c2938f88c82da1fa940ecfb402fb300041f9d30e5d47e2d74a4d9822d35aeb6223a4457d621286444f732bed704d529df95627e153246e0688fa97399d96033a06091e77db420c8007ccc33386c28fb76a697dd99ffab76705a7f55797357e563cb607e531938380dfa64800391f06e5cfdd3dad5f91eb7f2138d54cefe9edc0dd3f4d674f5f5aa315f0e1b7922a37821c6cabcc9d81fd002d159d73b0598ddd21b66d3db416b789a40fe886027f1a13d802e54a6bcf691ab029560b67307ecd373f2f9ef2ea2c334fef7d25799088106bbee9fe2b88d06bb23ed0510284c5e1289c1b65a27e4f0fe33f18a0065411ea9e09e65b589a2372f37d0f8f4e07d95f6e8f30fa882726d29f41782b3d5abbd4a9f2dc62419c684a4c8aa92c4adc71c4db805c29b0e561760ea3deadb7d41e7a07a67fed68b8a0f4460e5535e9e0b9f7a754d6f2398fcf399a277 -TAG: 7ec06820957f6a0e0f4a8f7ae0be696b - -KEY: 0497a937c827b1591931dd17e83207cdbd56f1ec1270b14d9a7b1e2bed3e1062 -NONCE: 86300bfdb282f9e2db0a43c1 -IN: 8132b08093892211a8f7b210bcf36120851314cbd8a56f80f26dbfdcdf944fca9148c1d013844e897b034843fc0c8701120062102ae6a00aab0063a1651e0aa36aaf8acbc221ee7575748562288c08050a9a562ec43be7fb3e54dae418ae89476a1d5f81debb13eb6c5e0b4796abc8310e70a5e4a6619923dd6230a7b2a8dd36fbe3a29aff8a2ef35820ca68b07e00f63623db10a648014028d314e01cb537973d03420938dac988e7af001d571fdd7b1606a06430b5fa1770b2f30f53cb439a02771140e44356c3bdb7ebd5e7af10c344396bb3bacd58d32f07a26768afa741a2dae4e91cd8dec01505edf362f38b0fb06c40b8441746a8ec31d9aca6437d1b75b5afa120856e3d87d79ea5b71352edfb56a873d206e8fdc5d5f0bcf91c0ef1beb06718006bceb35f71dc0b7b9f65509a00841930c4087093c0e04945003751c40e59eeb10f62ec33f7a6d16717804519e930bccfce78c316cb720e109a75b30e11415fc5b398b76cebcdd758535798465a8662486745b6ee098f9008d0cccbf8ce2066b12ceed80cfac806178068d2ccdc00ab32d73faac0cba72b5ae75150c13dd0c16d85332d934e56c8f96bfa942fec689e9847283a307ab775ae09cdcdf1c0635f749186868537dcf0123baa295e29601052297aa4b3fbf16b31620aeacc12d08345df8d879343c098372a04d32fcd2470f4bdb3aeeac7afcdd8f95695796c64cd41bb0052905c8b95edbd0bca3e9115f119d29e109198e91b9a024c8a4d67ee864b71eab16d4545862403bdd0720346c43e94793b1ad3f02946989c6e30c978e4c62660c4b1120bd49017203c86f5b9f02bea17a249d6396e390df1abcb508388c735 -AD: 565ae471a3d24293cc33aeb1cfb05025fd4f17b9382a391d73a2611784358a9a003c1ba16f493f020b1f1545555ca165c00e3bb4a2b855d99a91d4f95534424d3b8b32ba66fbf3de63694b18efb4e0aa62e438eb3a7f50b0551ccb19eba8b63e19bef0e6468ea84b2fa62d0deb181e8c3b00a55198eb69ab7eee2352989013fbadbb26d1c1f5033b26f1ea886a0d1af6c76a78cd09a8b1f247d6f81d7d4e521f6649de7fa5b32b45be2cd803a1adc6fa89eea3a9d876ed1df0534890c9b41627556103964aba36e277d1cbe56bc14458e75c365a58646b7e498325bbe815e645a19bb33d2765a36a61e74eefc32ee9fef4162eb77574638dea2cbb9753e50b85eef07284ff84996a5969af62090ea20c6af307c1b2e56486f50c13d5c4087ed471dc737c4e40b7bdbe9d74ecbd6c8dd0892449496d0c -CT: 84cdf98efa641c2c008e2b2f6a8b59e20e95aab15c276a21569a1ccf8b7494b6c9585220620944517f167e38db24bce3c81fba1743bc6a51abe0ba858d763420ddb06a9a36eb417fdbce903c9528f1db76a70f73e50e22154e8807aff8e05fe6d3d28e3f09135486b33e59ef353e30a294be4870a79664d86ea84dc581ae58ba8aa6355ac8289855e7aca0940669cf5e7b00eeb5a5e9c7ca1dd483c6664def93e76244636eec70296965eca0f6c34f1d9923295e343ff9affdfd51492066cc4d5d762db2864db889441dfaf9c2354acd97c823071098b8b9da9b2a91ea98d6391e40ee4e13b7c5773ad7124c1dc22d4e2dd6142eb665be2e936a20edcba8badec6081a07e54649ed2c371a7f22d4898fcf8cd9916c7033925908c2a03c02000a456ce2beec2b2f94c0f92b9a7885c9231886993600e734948b34fa025b733ccef10a8b66d52dc53b850d2632e1d1573256430661d1aa716fb32dc525e80c96afc19808449391dad1165de6668f9743ae1da522c9a953374fdfe214329c00cf359b40bf9f3edc4144da66e3eb9ded0885a1d3b441cdea692ce0e324686e7b2128bb28f6e4256b4ca1463f93f67743a53509deee18be4f9f0604c3491559612b4052370e4fca33482aa0d2370baad1b7e64a1e6088ba87fda91c83f274ef9501385a96b4df53d0ade464abbc8022498f9df1b2608e42b1905d1dc08c3e4bbc7e3b830145a8ea9d7bbf64cec752ea11195947b587cb5abc811307a66b24df8c95756ca4ec7e7bdce47679a2327f08b94849a7760c702ce07072ad7621e0bbb0fb78e3f6a7739de57c29d49057a7ffece9c013384df796ac954f61590c472eebc27a7adfcebe3ffe -TAG: 18d8a0469f1ba110dbf77ecae36e63c0 - -KEY: ba16e97c864307a55f341121b5e35c47530a9c3059db7000688bb568f4a87be8 -NONCE: eb8ff97b4f599c829e412edf -IN: ae60ec1dc53e15d608021b6afa827f48869b9c9ca017a394d10f814c3172b38ff27ffce750085c288e257b6a2d7ffbbcce9e7acfb12cfcb630c84448329483739be37ecc1ad122603a4f286a48474134550b12ed8dfff73419494a8d251a98fdcf7c329b0e31b0f9379faa6bba2e4adbd429b199b7cc31d2805250082a88f94d3a120a3b07d0229d4a49e45f2729885e55cbb9ae08c88b65576fcb8a96ef23b629422ddbe7497fc2d4baf812bd03a7d5c03e79cf522938337ebd1c9cf3a61d331aba6b436c21ef47b030447e839b94b23e6ab10ac09a1243081544081a09cf35f6c7da3149fe3c8e41f90da05d88e31b32744214ac3a8a0a9098b11a38abbf01da170d3115fd4243f2be6eb8295b921e687755d0baa3fdddc1fd9e8d78992f08c50ea9caef49989872bf00b7f86c78293896dbe25effb4cba7822382ec3aa42a95221eda5980c488bf7ad0031e1ed987096819cd01ddbd03500b348a15fda2f9cb9a870df388e2e7f84386fa33fffd5287f1cb795fcce3a24fe371ce42f2f34dd8db9d1826b6a454082ecd0dc684bdf35d3d7e7a9606cb5336c67238509f0386275d58cc3ce7fc98fd20c77ecd1bdd463ee40e612cc5b9082f3c12b83f16c32072834a64552549289ca767acb23c61b4030227277e0df6ee9acebddb0c3bd538040398ae57767c850066b40ac0c1d7f5de22747051d237f898306beee05273a99b20165c2d7267f65b5451605ad4301a82bc80268b49e3084957d8ea8fab59a6b31f47f76405f5575df8a16a5811a976a84ec23479daf4d1d2c1ef428a9ed39faeb5a625ecd25e04d37736230cf144eeab686180cc71aa713d522c9f2007aae4eab486171ab3a9c338265193d093fecd6feb1cc1d91d10 -AD: a5f2dca9243d12747b5fd3ed809c06f52872136814aed50d61ac932fdfcac2e9ceef817034647b2f4d61f5a0bde8ef9bef2789a49da799ad1b9bba440a29e3e15e4d97b99c0fa2abcf5cf0e05acc89da732eb79585cf1d6c11a6c65c2087f902ce230208b5f1ce6cde34711646b9db725858cecd3716906853acb06c30c7dcc3901eb407efe6c3a8e1e9f9aebfb1d7217cfc6571fdc4b86d17d66d6e392ebf03be924c0076b8d1f8bff15e192cc5e351351fdb6b26364d883581c3f8e769e9a5689d0ab2f308a1dc47d7032de91124b1ca3d42aa3a8d57ed92a97a2aedba2409b38023c55954d4d5d2630c4dcd5ac7277fabc3408f0265560d3de4114eeb0b10db4d5270725f4454dcb1c7fcc1e36013a155b03181e1a315aaa251e9ab00dfca8e9ef787799a23529fbe8f0f993dbc2338b9f300ed18a67bf92c600f22d803 -CT: 5d0cafef15ec06bb165c248fe447bfbdb89207ec1331c65a5d88d419576ad9d423d20d660c95b48bc437fe243a6f860f260894e0230b702af0aaa4260746008ad679676a92003a10ccc12654251de9d2cb09f7294c2fe8c2f4764efbe3984e7265abcffc2cb3e30c5611c3f9eaba13e847fd73fb3aef12c8512b44283935c51d48032865bd6efba3ee4e1f07dea2e26022958f6a966fc4059c81fbec916bf4486429f55732fe3e927bd4109a8bc9ecb820d2c137790b0e296df28f2701ef5cba2c5ef0c7732849c75f59f81460333255f139fcbb30376c21ca317db1f849f79b1826c8f3cc0852e00b0dfb94bf3601afa09c27c130b5088c05619dacf00f36e7c01a9f4a2f24d8be1ae778fef1d367b04313f8cec89c708a57bb332b63e60d15d5b4abb2d5b0bd0dca886e0014051053a5e946750be4a9553549d9102b0d8c08bf9f850a6e06aee7030536ecfba48aa577c7d3614056d790c9130544c172bb4cb386fd3988f149cd77ee8275b0fe434e589b64c13885e9ef4047627dc192a6ad646ac6d62f482eca0183d23f65a29937e9e53a1235f66436897da1213607cd850c32cda9828010e6fc3a93f5f9c709ff259921ce890435b6454c046fb01c76513cc99f66a5c2da8f16525b68e3cc66cd6a7674e674bb0cd8487953ea9048a170ac8e81b616e78d0b8460b729d885f4716b741c04e6236d2171017a5d433754aedba3aa7a39675402337db7081f45ea37374a8f86ce8898ea837583a300c0f74c6292d37e7c6d19c190394dbe777e454c344d7e16bc51c0d93465f05327ff29303d80177b9098b4a4d809fcb103a8c199e3e8f827b237408a242a80ab388d29ea12ee8a0fc313367ad213f7e696f90331c7ab9a5730cfa1 -TAG: 359febfe67037a485d7ccaa4f1b6286e - -KEY: 9a5b03db114ff04aef285642be0d552cca24b615bc1467ccf9818929c06e9659 -NONCE: 9fe335e06fff534915999ba3 -IN: c3e7ee9f964ff4c3774c1c63ceddf8674c9c43cd4874f34e22c5912e6f8eac3e889779e7b4ecb2af711665489274c3201a68d8bfe7c61e6e8134aa08d71ac2a23289eea43d1dee5b4fc4caa3cfb666d59b09c554bd924b6522cfaed157519de12d9bfa37b55fe8158d763e3c79b7b10db45bdae4ba18af925bc8528fc19e9af54ac81588682299cf0997eb9710fcc3597564d8f0b71e3249089673b3771ca110a28c1aad49f32301e0921286fe0cfdaed8f64956a4e2c0b22011bbeef46ecc6bfc29ce023b361b2db0488a2cdab32bb94024e757abccebcfa0a672acd77f9ba622a665314c4b520746ba4fa07488e9dc662f755311535f1f98558dfb2be88a86119850c49d4a0bc92e70994ab5d7f410ad20d61fdc93a08e460ff9628a5b242038a1d2905137d4729fa77ac0f74bf1d32fa7b025cc16f8004233eba54fe7537d0127b1a062526d33fed44fbd3475daf5c046123befcb6ee574ffb9620fec7644a10643908a2d3e283864e3011704c4b16dab7c5333545c60ec83b0f7c3e2dc8022ee5d1b8124f766bbd8fc95ae1a5bbbd2ba7eb5c41780627553b8ad99643d8abd43c56a32bc159ab97f1fa4622cba34b283317cabf0bc98931980f207efcfe6d4c4312cd9daff8d46b1f9eca45e0af42bb8b8ab25a9fe0caf1c61b40b1a8a3b35680abf456de109f42d87ef277ca178b4471936748f3232f9075b58c64c89614dde8a75dea86d3b9c2a6c4a71ccebf388becb7a2cbedd92b4ef95d2b72357b4d2ec099a3ff9fa9ebdfd1d9adff3329b0a4ab854f84e8c729538b0e65773a116a3e50685c96e52162e1b98367114d84e5476291fea3173ac3a846529d5af6ddd0d2272b54f534d4430179ce5bee98c3a9d3f6e9cd4d7cef5c79560674ed0b5418e21e9cf7ced787a -AD: 9db3427d6153ed69d84ee4ca06c515d3822c6338868dbd97d0a21406275c003f493475d4350660a4f3afe49deacd9f299fc05aeab4029f57d05e21cff132cabf6de6ccb3082e0d8811dbe5188749a2ec8ad6b1c1efffc4031605c407e0c2ce57478b37a4834bff670b4dcfe8a32e6d09a0c80c7c99f7cc41378efdc0231901c7643bc8e0575040d1ac1bf4a79ba4c10bae1c0135ec4469bc8b6413a068ff97e88c4be959f8e426abf3cafa2bef9925aec0c1ee69eb60c7427dbf79656fb3846ae4ff059852e7686311b2778d06b5a7eab71ef92bd086ab0de7dc2a3d4c6070436991a68d81ef5b1c6eb024ccc6b2668c98e9b2ce452ab4751dbd57c2794798f5d9262e2df48788d92045b23a455a135c112e3baf06f2938a485f874a7d5a251770160dd9bf9c93c4e2a789edd07b8a7a4262adb303ff6ce9c551be29dc69f99d -CT: 28c9024090abbe09b35c4e289dc1b9574ff5172edb28f34e9133539dc98b4557168bcedb11a94c1ea84eb4b803661e405eb007c17cec80afb3121f27f185a197b4ea3f0ba231e538ae3c312e2522218ca2a73402ea7cffd3c1413c0ca2206caa91722cb048e1ec15e63f6c55e563dfcb4c3404a9c380608da0e903bf8037ee1d740275d568a2a3f9ee232d88950b233287b2bdcbace62efd1425c43efbaa8d12f66852cb5f1b665e7f4cb6fb5e3746cd5e8d612bbda8c031fe5ed7f4f3b5741b2aff9bdb150f637fece13ea1f2f5d32718560a49c841f3923d993b1f5f65715aae6b651e7d8f75ff34a9d1737b9e3f9a0375861458faba779ef9f4b72ebf42097e1e0fab5b925fe85f54d40f940f7ace96125273da94c9e394fa9a80680f6567207ee40ffabc8c152bc6956dadba45eff644213178a7a24882ab59ccfec9fc525ea9e37064ff5566e9ef2c56a9d634f59cfbb0b593d3fb19262436b68f57029d83205ed6c466885d7ce9a33046bda7dad9e2ca92691b3d5f1e48348b17aecc311479c4b147f4d61ac14640006a7c0d83b45372073752f9abdb5d1908dc3ec05f85e70324088e360003dc774bb68347c2acd4322fc1733d36e68cadfa95030dfcb9f73165786a30a7e841717ed8b20bcce47ac9b4900fb6d35c917b291a9b5dfc4ec2679846447a1dd140f48699b792a2969384c7e8914522286765a3013e229d3f3e30b130efd498a1cb56cdd493a5fc8bd9726a8784956ee379f907cf2280745379784bf1f177318cac159ce656c4321eac7ae00adea35e209b38c0ce622a1d4451a2dc6e0c3d2679543cdbed19310976d0748db13e341c396089d977546e956c96199828a8cb72ace556a2ece3edd3efec2493a13d61701a1bd525841933e8398ddbe16cd96a2c -TAG: a1cefe9bdf19616e49e6dae07c8a73fa - -KEY: c75a4cdd53afbef565031529cbce2ebbc5f98b71315ea7dcdea17c88e7c8b3c2 -NONCE: 0da68ee6ee4e0126b67d2a31 -IN: e1755e532178b048b572f806ab4bfb398247b393dff9c653a452a5ff88cec05ba1ee8ebf23e91b61b1f9adaaf771f448a57f4572d460b8304f8a2d6ba8a8b89e55d13e474233cc8da704c244c6862adba31219d994f302ac7161604d324100241fe6762ac262a5f7b5a07c67cf3f647d2d60846ade2dd33f886ebb59c50d95a4a0ae103438a65bc192d03f351e3e56b6da169480def2db510c83b6ca91534683cf334134afb2491026f7aa45978aa38b38d6a8d193e9609d3d0b3526a14f7b131f9371f56818247ce4fc6e1b17ec6e99b67123e7e34faaa8a8c63c1fb9004604e5ddb32702f9be2246ed7496dd27fa90ba90d90575c0cc45c0b9fcc945f21bfefbfbc82c53dba1feac88db291f74b6512d45cd7a4c5c886a458947f0a30ee04a6866ff5472f6c921d1949b8ddfd623f744bbe5f47950dc0c7c213545f7ab63e88124f79000afa6ad2a10b0dbfa4f34e475420437dd10d487f42d2cc40041af9ef3a4f52f80c9cb25970a4a4af8bc7dbd8fa566fa588d57bcb446b399336fe43ebac2a913d74d0a9f7d97044213390372d4272317fa41a62c50bc2b4d736a759c85124562323d86f1de14fbc3899472a0686a5dae4a3e429efb05681a1d7a36d397741270b2d97aefcc3d90309365a64a0e244d62a4fd3f288f706fb60557d9ba2bc8e29b4d68a299f13ee93d3c4ce0efb7fb26a3d2f828c1268a04d48e5ed520c5334ccad9df4799cb58ebe15284a41aec4c2b9157bd2851f968a279653b3c9a522df5e2752f75a3819d4610ceb4da666d19b347f09dde571ccf14b435569b9624d3f3207ba49b05f40bd818c7ffa733103f9210cb821ae8ce1fd5bb80a6d3d8dba865015b52ad9af765a8190713d13890440ef64474b61a840618759160c4c692b5bfae7cab08f941d633a22b92d8be39a614903ce0f96d05 -AD: e83596b9ab4cbfae18e4e8bf4ed0cc481ac402f27fc81a0b62b7843ed4387f2e994799e0c9532a1187fa6706d3179cd8e3bbde209f85836a176e43caa2dae384f0331092292872474d24fcdbe72be3067f542e7b099d31a0b09e0f2c31bd16caad1fe1af0f25845084268431b930685f6a16fab6a401a80590895a3422b94d056038935b1182ca3e6f4ededc86813d651efb0fa80e40700a0ceb602f3a67784b60b8d5c8522e42519c83e6f788d8133044061095806506cbd0bf3a7fb94e1d59435d3a5cd9a5a24db98f20035f0feed9b12b6cb4cc3e18c97aa890d61acfa167338b1cf79868f2a14711fcc241290709e800babf3ba7a868a528d44be867cca23f4f80b1f914ebc6abd630b4254c1b8e01241fcd817171e2d9969d2ba7c3f410a9d5b157ae0069b97ba1c973d944f11208777cdab373131ab5ebaa1304e394770c1d277913c54e7cf0 -CT: 2a59d868291bda6113708e551c89d1d4fd3fbc81017975fc0b99d8dcffd757f19fa4acd4acd47c90100e27eb228ee59ff1910911f8129b8a2cdc59ec38b73cd096271e55fd097329768d102f4398c4f70c52d7b15fcd66a94d0e910a5b6b8bdbb857592ee42871055be1b957013695288e52ad934c6f802677aa89c08654fd932039417bdbe062a5242d5d38b79ac834c7e7fc920bc3981dfb780c9f10f5f761a49a3b95693ee764a97d4de73077838b5ee04ac09e10c72669f7c151446497c9e2c3153938efcc62feeb9b82e605b4bd76ad97b7401ada9bad71718539d47e6edd058c23b5c4f3bdf69d74ee58b7d1c94ef660e4e6b1d43b97cf9e8d191178160bdf0e4fb6db2e9aaa2563322e4413f3b5d57d0f1082d160ae2bb2d3cf6ac17d75f73ca1c80365648a394edcf62f520d2bb648d7c963b1d7deb6eece9583ebd2b2bc2cccc5415c774d9f25c00d221e1f0c2829e288721a9e416df098392f67643d52a9fb0f2f47ca97664aacfa837105e5da4b86774223bbd238a060648f689c59aea623cc688c1aecdffb13d9471fa07352ec02ffaddf080733f07d10ba61eaaa9f8e0d89b6144af9d4a0094bf9fbdfa6b35e9f342a7140ee4c931ffc0126eb8b4cf6e227fc6bfe386e81a32593acafc6d44925f1cf21924720972729e2e9daae0e74f55045d17c25c4c3b8454f912a0f6f6ffd43119ec4f3046d921d20f24662d25d0aa34d95c3a5aeff05ef1a8905ffcdb1b9e55ea22e59a3f5d60106db64b998f0e9683a16c5d82c53b424220690794bdedef384d91bc9a58563fadac76b50e80b64dbf695a38540a9167cf025ee64d28e26fb3dc7e9f33979b33eb887e55d996741d9569642769ddf6332e369674296d510181023a1a3e4ea7327af5838048458ac90a71732fe29e2edc9c477fb6d8827ab4f83ef8626 -TAG: ddeec4a2536869f8f89ac38951bba13d - -KEY: 0c13e877fa5e8e0572f237b646f783db2f30274ba46c51d72d751c3bd4ef9ea3 -NONCE: 2b0a22b260ad3ffa73ff1c5c -IN: 481d15ea2246b6da59e6271801edcbe277591b188386946abead76ac40d6f2f08a26129895e97ef25b59ac345f8d060d4d21819d78402279238541534d8734ca66427ecc2baa6741fd093a5895446979e30ca15eda06addb67bec10cf809081ce8a70af92b03f72536a8a11a1e9e3d257352cc284f41e2fc4a91d1bd1774512e09bdd150d1830be260ea418fd384be30f9da23fafdc2c0b5c632ea7fc7a6ea87d69139e9d104d634530a02c4ddae3a2e6854118369e5304202206c4d8fc963a61bb4f42ba6f937ce8281429db4103ef222c3a015f08fef15eb5b407b56165260dcdad08f1196e3d698ac5b7ddd403c28593329db77fad8ab7aacc450636a4f7f6714bbc6dbe10c421d151a7c135926c5388a56d2b66ffeae0508706ee55899aeceb3525367234e29c25dd5bb8b187ca4dd14f68ad317ee5ab3027b68b5b405880528bd35eda7f9c65eef9b375dacb5173b30a28c99e00eb11181879cbf1fb59bee4e3964b300ce57b597b958c63a056758714d69c241da18b480acab2bddaf692f4a57abf2265a0fb09b3352eceb6b26a667668363a615b5d078a4962c48658e3c92e43ca83dd0f71ada43a48d52b793a48e17b66097d06f9e3804202e3a8e832409d45f8b33762edb9982e79948fcbf7213118121cdfe834931feb8d6d5e3a677e3c35d6bdd1a0a51c9c0141dab8dc0ca83c7606f7a31084b9a9a985da6b93e23b215fe4373e597574357435cf7aae309c11ddef6b0f24437df2149ec8e8861e3546f2a950f900d74a8d736a96ca82b35bdf9548d6eb6c6235ec2d98ff0f196fd389234bb44de0a2718302a3c7110ffbad0451f4dce3eb2a189f63d52683509003cd6e0574b94c3db904f9b3113eb44725a5aae93aaf299d05b8aa942bb635cf5e68107a3277b8a70534e90976275809428e77e5163c18edb02334d739095da33d32502fc5b12c6b14a -AD: cd316404d7c70f81cd5a035472154e92e8a8831a22c5b34ff4b40e2648df0e6b411ec8bbdd985da9992e3df5d1ebf2b912a1b250fd08553322b7f894cfde69cc37bc794b7de6b5136afb01f8377e0b293b57a50eca913320a0eb324a6009d41dfee2a416e6b9be33b55a2e85d59a88dac4d587e95e7352f004637bb3a798dda6d3a7164597a73e13819dd2be988c698bc7eafe6d7d32dd416e2cb252e21a7eb26ac4baea46a5ceb7b19db842b20d5998c5bc4b78836d0c6dcbf3ac8e2399b82d097232c553b837774960fade6bec8d0f452ba20bf72916117045596f4b83422b026c6b187c16e560ecb2d5dba5b6b0d7709c7b8e8b4d199d19fa0bbff8319dca9b308a836d0c1eb0c6f2a14c13c820d3b7213104491e6df75a1e61621a5c7be94f388afb47d7c5c211621fbabedda16ea22c837903b1088e6cc8751dece86bd749ea66126c1139d98d489dbdb93e6d8ae906 -CT: a56a09a3c7cac593f40fd3af345c1c84d29a7905a05087553640f0727283d1fd270773b6af7537bea2eae40f603567132c199e7f74b7eb98f1d7e73a7b6474d1b0b0eec43dbc33ef6e17e07afbb94848fb78d53729f358c2eefaeae4b92724fe0d6fe97075644ad5b12d1ed93f8c07aeabe373b5bca66b52117018955edf01c238a937c4d5e7993fda05799533a5a15889637628e158604a99b2a21b24dfc2af7ec0013390e6e7259b7ac92f232bdd375fa99a4f6c45f54ab231f6d60fc36809efd3d213813be1f3e1b91ff3091469590f6cc439ff359b0706ec0d0667f58c34ba549e9727d9045adffd0481fdd13c4069160eb871afb2d408e4dfcf6b70a7c2e21e4e54f44b2daa3676ee998515dfc4c8518288b46d92ea835d5e9a0c8c391020aa6efb8b30a580601178e486957918ed9f11fbd2021ed7830c3019c935ce19dfbe95c525c8498803eed097d565b94d047112d494518f7af094705f3fb83b22d9064450701ddbd8cfb209a4c68fbc1667099e605b7cf853d5a78b92df4f6194a7644017434f2658a7529941d3cf71865f8e29238709b373e68fe1e800ee858d8286d80acf4f1d8cdc2668f40338f48dcf5774e5da72644bd9513018688509c444f821c0c648802cefc572c6821005db0fdba6f4eed0f122ac57a213750632ad2eee0018f9f240f2bcd1cdc03d4c8a6585d955dcee93cab5d7041148385a77533a41eb9eb55d7be87432e5508e798aa4e4fd4a06e83bfe355cc698bd16f9b5ebfd17145edb7bfb3c57a0faff18df6075d98ce7a53eb4de7563768e3257ac225de47b8a52ad65699f8c7efa64676a268f9dc97c46bb23dbb335e79be532e0419583e0f8753a38d2de790a3160d0fd63ad5840601a78057708655cde8dfb08060cc0f233688227eeb4a0f20d5e9d58bd858ca3e338ab402011ad975503cd5c86ba3f12a05a26f0b0f79c9a -TAG: ca40f0179157bae889d49b5697a0e26e - -KEY: 1ab6dffc716e27c3dec83e2bc2dce5192f3fcd3fc5f3b394885164f501afe5fd -NONCE: 42bdf685c73f9c31abdf1d28 -IN: 419a911203ca879905ce7d0edf1c29f3874d02cf2b799163c9204149b96a19f7c0eecd64b6ba2bb686eb1d6f79e420d130fce85edc6bd6b07257427a9107bda792de711025d05962dca533c52a2a379ab8516010107bc7879bdb2447973f6d356cd3905e253023a863a3175f65e1988b3f8b92af2ee9b5717d87705649127dfc9c7388c9ddfff5e0dd7564fa76f9b3272000ab7722becf46c1c2d99a51db96dd32fc5fcadd683fb4f7d57eceaf332910e8d275c5f955f27e899eba77b87784968e889dfffd77367c3a4c2711a87e1aa5dce4025ec7aa3908b96cc5fe05de319ba6de6d57b170561b32d0fe4217b0739393fe730f4f62058fd3f950bc5ef151732e06fb92987302c684557befbfca5d15b72a22dc0a3a16bc128698a6fef64511d7945cb1ec973d66e81e2f6481316640afb0344d605cde7280e9e6107131d1b2fdcdb93c29673d0822b8fd1ae0f22fdd17b6f654a65187b8cd45737c8446b21301be1d5d02ca6af5432cffee125756ae7bbe2993033150f6ef19022bc5bd11c9ff9ac8ca8b17c594151ecb5ddadf8465c73969c432f4c273596d9cf7c53187932d3be41a145fbd6485ceb80b196079d89e3b5528c61946ba503844ce538a1892e62457abf4b6f90efde91d1747fb5bca839149814f757d418b9787822c76ad2ec6e5c84a07b0d7eab9f918b71e075cceab5d6ae5dccf54d4a15db9e415e44963c8ba68101df5894fc1664844c7ec11c300ae11cccb4ecee60431e36a2c4516db234378579638b758f10d80ed372da218123449a66aeafbb41bb8ff6564cbbc9c9f734daa1a9e409fa89decdd619ec8d1fa5918d3ffa0c780c0521eb514b2f23a4e95704f6a22657e7203bd1cc15332340414d02f7265023e0c9906147240d0495739bd33f7dee280e2cf905a706dcc838bc2fcea7e4afd823ae2dd3e2a98ff55f3ccc2b0f789e4d5019b93f213722ffe27aa583f6b9f77cabc4ee5 -AD: 358324f765547daecb7e2d4b371e1f77debc01b18be41313387181537b360f1090bcd9647ac7694907ca521f84f7865c3c82388c6aa80627ca9e4de08a163391b228be2a642df333374ec7182604bb80770f4a839aad778dceda56764f5888a95e88afbea46cd9eb4f506882cda4407461b1ea2f31a88bc7529fa923ed9387ff03dfaec545dd796243b7578640e0b8025aea75ce1b9ba918ab04572ef65463699d32125f71966242fbab007730e7f490338c60ed9ddefa539cc88d39b254e300b56da3c832065a35d961f74982fc895021fbee01e03e9534e54686376d8f9061cd4d033491b081f15639cb2056047d79f0dd7447c899b2aefc7d6bd03e57a1d7cd996fa282ad7493201920130df3007d13782f197b26ae0cf7d62cbc642d10b4202e1887b43faa4b71694b05d19daab60cf37b6a9b50c7d32b04138efc84414e87f6caca8626c2f764a945a26fca57907486c0db54ba1d898e2bea -CT: 2422ea9d13895921401f84f25a5b011eccf2670b1f12985d4e2c4106829a7ec3c7c75f11e348829a8285b34c745d8892bd1efd02c27a6764311962302524f787866520a562ffc9f0a644c242107a7ff868e20ee2f2da9d41e2e85ef00815e6dc2f242a2fe8986d40e37a59f53c88a168d230745a57714c3e313f8be3f4b780c61c0638c3637add213b1cfd5d07255116d9fe58dad2941f8bd7aa7c37ff7a041419e02b8575b46be6dcb23bd5594c713c93f8415e5da427dccb6f3b6d649ebde09f4f627beff5647bcceb10413f0a58f04d3a03d3a59b4d9f578508a21bdb609a7291bd8863e091907f83eba365e5df61991836fbc8df69fb7d6ecc15c85c8dcf99f771b19c995ea85578ff39ad5e1eeca002dcf843f471198d1d4359845944fdcbeedefd158ba9dfc2045910a911905579a35a4d7749361b8197fd69ee1c988cb7c1a6f5a5db2e926b4b2a0cc8c5a6c01fe1d04ece3bd7d2707c00e001aa097e6fea51bf87654f389fa4caebebd513527c186125fdebb3672316b57d12be3619e125d642719ac96ca97dfb7d2380800e48d8fc29b4e50c81e6238ffed2a3e788182cb6ac51023c587a66b3617734d18f6c2e4c959b84f04609eb81eec83ce7f8589683682c683762355f9a8c72d1423d67da7b654c00fadac8fd2dc4ba22017228acb6b287101719726d0b1d97e9ca2fa67235e768732756cf2662a078c5ca753275d1261011127ba47265e7565422a9da627085f40fe22b680286408004ee5db318b0869f8f8ead0e3d1b4a564e250b6ce61304bdaddd2686041c505b91a8e3dfe411e932549ee9956adabba04add4808a2ebbf0ed92394fbb00c1466ab06f964a325a877bccbc47e0d2ab4e24243164ab4166aee41b9222b8b42ce81668ae8d1ee8ca5a0c2698616183cd4c025b6210a33aa7b72dff37ec40f749fdc0e879a5135967f47ac95bb65c411f0306335afe6d7a2247823decb050578 -TAG: c867f21b1b4c62500ab27499d11eff4a - -KEY: 16e6d8c1f25bae57962529532ce48be6c1cdf0451deb047a1d27faa680f97214 -NONCE: 8e9a0bc6c897d4fdc82bf439 -IN: bae425cbebcf21c29c3cdfccd82245ccfae0524e2dc0b7164682891c85c9d6814c80fce1a63d588928b38dcc987d9df32f2a42ae4a1f9e8ac6bcf285bb08d164afef3ebfe6b299332f207409d271460847e9279d2f0b5c4638cdd989f868b4f0dab1f324e9b18c35e3bc5f798962b7d4f3b6bed6fc1c57055c489032a600951f8d06c14f5ce852d29be001592ff5c3678c0bd8251c883b333d5c670e52072fd68fd8d53e1a2f48dfd2880394541f4df82a9b6adf525c527550161e0d7dcd5d0bafaa4abdf1cc7ae189ada0a61890831eca952cd6e505d4df44650ed533591fc72a9cda1fdb1c4be99a31ac10d8f011ebbcbd8d83caf5d8c33a659d032d4e454ef069b2dd414fe19706681f83a479078f01d6330e2f57c2a3720e5caf67e44ffdbe461d967060e29f11d4661f23b27e90d521c1a9f4f03413ffe794cd9e39dc4c81f43d38778fac476585975b72e26dec8658f9cf6e4e028bc87c8d5d1fe47bd3ad3ff84d1442224006550f6006be543f7712c5edceaaeb3360ac7ae2e3618e093a797223283e0b9c36a841308146c122e3df15a43417bec5dc4224a10ab962fb11c53e3331f0a9967c008541bfd7d1beeed4b80c2371d5ab62cd098fcbed6f96f01fe9cb9f9f7b039bb010551e504252d0752afacdec2f2984d4ceaff99dfef99d57b4d4b1fa969a4e70aa0d868993474f7d4bdea01b9178feea95ce30c0f6b78f22c70da57d26677549e9284bb4a6717596c2c3b1a513ee888915b910c93cf1d94aa4013e891e1da11c41254af3c76a1f63d67f74a07f3176744f7e558f03a3525b4a385fc64e6ae48e5d96779d64b5f557ff453fd44cbe46a2ad96fb2f79ee6720e08bc8e463abe2a9f662540b5105e1252917d7ff63011106cb7a47829c86d374aba8536d1bdac2250045e098987f185ac00faa0b81630d94a41ac935088bd5829e46ea17bd0e19001fbd25208fb312b86349a9c60540dc2b5091c3b0902eda0254b9e8a447d4983ce8e1 -AD: f58832d2e9591c5b15a96f1fdbe23b608ca5ef909a656877d36f16ce276e38744ef11768030b479a4b2bec453dcdce933c78e3d4e7bd7e7a906eb74bf321fa75f307861ddc1be310289dedc87a8e325a3e4c6dceb1bdc6a02d1df4598f343ae8a06729502f5abe458be2325ff985b3cea0a166ab7530a560d1971c57c566197b5e004d9d38d831abec067235c0d2ead91b9319d6ed20e6bced57d71dd2dea6a2ec22efd29b146bd31617c9c08cbd26e9dd53e045d6f29a7dce57c61b3a5f6410dfea52c30baedd587cc15993be3ca8e125f61272150a02138c8c3b46922be9ae2d31ab7f25526b86cc0c73cdc400b5506dcd94bb783a97f39d37db162519549e642f9f087c3f41c8234fe01dc1cc8fb0ab3099fe2b8efc1017049d79b5b6ab9f57ba86d2ef73e2c694c180d2860766a4010d76407b15afe28a3866e48b6b688228d2f1fdbbfdfac9de426186e9f7121d1a98b11caa6193f9445939403cc960f2df0ce5d7 -CT: c43a2c260b2421b4f4d0016112a6a90d09f5505f982a66355ba55284f15e24734afdf58bffda6878ed052c5c97c01ef9214e19057b87db04ecb9e8a72dcdd04e6c8194283edbdec0b3182f73a009b5b7ee42edaf82d827bbd49b21f9b33b013fa934d710d38d156f35491004a9f29b7fb11fa60be85179d970a95f6a4321c2250d3300186c186adbc9151f94a916531107237c9f51f1ca4a16067111b3357d26c9caee90656bfd4317c2d52e97b87f7adccd296a295b45a173780db1011d3dc010b8b951a14e0057451cde7984a62b3e29dada4cba1cd5bbdb32acdfdd6160fd41ae42c40a3f294057ba27737f815592ee1ca89a57db35ada5077be4ce805555bfe57293552296a15a9be89473af043f193217ca228afc044e6e9a8ad57fbab59ec12c8358361f38eb9c00b33aa97c90f51a5014fa497c102b7f6dc0e0678e99e7ab7b98cd2521ea98ba31ede92cf621e36addf622adc7b0f77d8df828dd511b9e74f0925c8c7df1ce56cc2e5ad79feb27de705d780c2b77c931aba6a032d99f658f73fd9b9872959cac0137e9af2a565ceb6f73b011ab3aa14132422c14692f7bb3255cc96a3d63dd167028d4221fe4a66f0a010f35ee42d97326f3638fd15cad7d9afa2208efc4e2f0203d1254d93bf532961ab24df78a6a33eedb0d250869244c17074a283ea083c211528e91a13e0c585a85cf5887b09734a5aee9a01a0de3ffaefbf3791d1b1e478ac1c369e9e0e4ba825ac6590aa011cfa0ed15f9fdcb0f386fe1a796dc243862a292844b90d32db05ad0eb8f2839fb386085b7aebe12e7477d5eb5ef9b6603004b3c2ecc6e961059b11495d07ab2a164c64cb0d6f3c94555a5c3fe5cc687601c03861eec326b63b614cfef131a89058d0b320f1076023884882aeda8f28daa0a3dc96ff9ee982925db55fef48586f407f576c5e5b9a723f1f10427304c19aa1d39b70a12a9c9f07ae6b76faeb66f4b26cc00febae63ecfc629968268acceb5aadaca -TAG: 59e3b0e92ae4aa57a2fc4a19b74e06ce - -KEY: d4a30afa6fe8b9ed0add15bc78ca371cf34d6feaf94bb7f6520b4379e7bfbf83 -NONCE: 6acfa3e2adfcb7f880c53c1a -IN: 8b8fdfbf5272fc29b2be7d69ff0741df1ebba02e0525e29cf45063e5da740f6c33b1deffea0eb2323035a21b18fa010c6c3ca7cc0c8194627d828fd5a9898e2b55266d4377233badeaffa7c703fd710441e250d9a5d94d954911d66caa836e2413b190917c1802c3e587d514184498ff2e6e3df5405829262b36fa8971cf8595bd1cd87801ac4c99357da70e2e55ffc012a30cca44e4f5538ba92f17aed8c8a48f85c501df2f0639ac88a39cc024fdb6d29aac368728865db1a30ddb36d366927f04f00f8dd2229e1fe76db8e7ded1fd886a9342308ba99d80f86704c974da156d96c272b806aec6c0268378652c26bad18ab249e117f8643d234b965d45067f42b857f0888ec68aab64b3ebde8a55ee38464e5f35f8653c7f0ba7598ad26f9772b574d7e060377a4174922b1f8ce6b72a83f3a20d20625132ad7cb1429e26865ecce2a47e29740cef1a3d85bdb3e800d46692d6ef926395aefba588294ff410dd523db596a7c17bf7d439ef8200a13e35000b40e9b0b392c982a4377557abca18c1f3bf774f4bf8ab0b9080dceb2323953aa0e621954d87737bba6f562dbb0de271d6f1b88d7c1a712f613b099d2bbe0784a8304467cb168ffde2625edd9f38be5660020ed3e95b49e0a0ca9dc2bd0de2e40fb275b4813289327de0926df3c73865e7689fbad0a6c79ea615fc84345529cf2ef68b37b7e9fa5d538f4dd848ba66adb4745079acabac63de8d2ce9a2b19cc718162e9fdce49de7fa4b820043ae234d8afd23a45ee3a5db124e0f9252111c367beebfab55b2c784581b63a1caf4ab24bf5af45b986f457ddafbe87791788e7c7536595d965d5fcf21e3b13873b00357dfd7851f9e0f198ff950d69979157089be26b22800c3dfc713a5147b0ca4905793a2817281fb112deac286c41ffeb2bfb3fe1ddc9aaf4fb41fd5faf1df2e6e809f54b09f99bb8b61b555efdf4d8cb559fbe57a905d30184c2de6e154d501bc91f6033eb97295d96c1085b510cd57631e40e9ea3225e175162629b4 -AD: c44ede0ab5643af425a8f8614e621a581b559f0e7fb63f0c8ca09cc58c244ab2e0f750c6135fc26e433710351802c329edbe97877f912bdad914a051d859c588af925674f1f455a322671793887420bc79a11541589082ef12c975dfd0528294ccb086ecca86ca940ba05f937fb2eb91b4b925713e8ef7d10305bc937aa976c5eefb4142b0c18c1ecc6be979621c437c64e1bcfe6ae86d28a29fc894120da6ddba1e56181b6f54a9e9810a83c3b44b6fba10959139787a491f367658ede40e1289148f66d4677d0281ea3615ab399c7dd9e6e05b8a68fc8724089825fd5f6a38406b3eaf01b8dcb62afe181ed963a0d940f1521f4f501d3349e6aec453edee70f1cc640ba3bedf78ec91acabe75f7de38ab98253dcd18c6a866f4c2b8a94072b1f141c9ee3c43beed8a08d09c2f35f142b8352cf776c57d6684898fdf6653997dbcb2cfcdcc43d63b1d287beb8a17ebc74eb3c3875af2ee0446b2d75052ef95d37315fd55e346c3e8dff45f17c -CT: 9d4764aa97244b3506582c24cf82947430e6749bbf3a907a941d398b39950dea9c21aa637a6d5030d9b070ff6c810a0f63cbeb107bfe1d91a2b3a71c2683c2d2716759a74f9c022b88afe5f36182153e5378c12f94174e5014743da44601908df428d105362d6299f2989ffbb67d45b65cb2a35e888d823605d2215f325ee59332a066b8139e01ac2ad5165d858fa809343fedaad3ceff19c50b218da9c1ececd713bdd657b02955afa4a90dc2f426cfee4de4b1e097fad3c5183fdc84725db9263bbc207579175ca3171e7cde14b652fa50c2032d59f2832196750731c2268c6f807625e8bce39faed8f85dfe5fe1cfd5d60434a753159b7196cc69c2eed5f50907299a53092d3f3d41bf7c8e4213d9d543bc235e50ec2f569840abb26490f1b0167ac423ee0a680a70797821fbfe7dee33d9ed120a95c6a75596e04eff2263c1c635da44322d18cf720bc90a113790b9e9d5141dfda46fa2c9eeec5afdd43ca5c0ded8a5abae0d3243ab2f81f3ace681a07a59afe8949061e21f8ad0a9d50e3c8d36a6270dfe9eb08451323f71793a5942ee7484cb1eb033037b209bc8c61b38ea28e9f9c2a4cdb629331a1517606feeaa0eb45c69958df6a5e48204489730fa83aeed0b2fa3e555437fe460980e8813e0521d88100088bdf6192257be14eb151d6f4b5c6b0bc9ca6a0ca2e2944d6d51e3bf4fed6cb7722971768da931c1f1e50872f25ca12e72bc984f48010481924fdaf3c744bd098d2153487617e321e665ec9a1346209695ef6b1e0e79f0c4fce7d33f57087512559a8290d8679555ea7f1554ac6374468f3865a2bfec31f27cbbc6adac1d484ca6da48119d88295cacf38b427f792f25f7d3c341a904dd9d3774e355edc0db3748d65506f2a0bef5d8abd37c31daba869dedbf19e3aff557b0466352db1f5820f3b494304604fb6fe42df9dae1c21429ea37258cc087cf72675a15a8159e33855dce7a09a77ba8ff296ccdfbcfacc7adb6b7b020de0bc302a7fbd1e3b8d51c5b1f520d384aba -TAG: c22896658ca6cede859de01b80632d9e - -KEY: b28f523592ba049b5de3963baaf0eac3cd75f0f0543e0dab651061bac4e3ea36 -NONCE: 79bb9a78d035bd8ea9e8ad70 -IN: 9f6c13ae2d4638dbebe6b4cc0ff606af9720c708c20dc2d6f0e4ba002a0b41e136d2b10dd6a2f8d9fe8cbe91943339fad0c52a2881b188611955771d3f9a621af08b95dbb77879bf508963fe294c8b8807fb9d8458a56d7fa2a4c5d995113ea8a86da07c28dab43c997e9277f98009d67fcf2ba171016cdb7e6c449f6996d21563b4ab22e933ddfad5c50e9036db19adf88761150b2226e73043a49a8e9934094eb4363d61bfddb791f4c5bca194d451023aeb879092eb2d8c8c3a2a5b8a832db6d73804c0c078c50a1414b684184780278cc90ac42618bb4144d5a415f582a77b247e4e8236bcb0692620757960f5103887683fd54f78095e8b098506c81008a7b443a533a0a71fae3f08bb4c28c7142576f459b1a2ccb5f65425515e691852e0da343291ca414c28c90426f7d5f9d7c78f84ad6eedc600137c4d86fa7db53b1d3fe9b16874b31275a740b5f640fffcb4351e4e32cd6bb7b6fc11f104b2513c0814c370b6a7558d7fc07c355da505a1777a2176abbe5e520c0ee79153c976d71e5c6dd576f4857ba2d63e04d6b69a2d5a3ad1a3cb88733fdbca5b027ae04137f917a650b4a556b5fff90f17bc12a890aaa8d61029f0c6663eba8326c1bfba5d9221876ce3365bfddb714e884bced0f1675b6ffee2b1e22929f23893f3dadf967b006e9cb7a9a0972422c74a0393a29f9c4e06c2586f393786ba078cc52499ca6e911e323915ebca1d1dd203189cda3af76f785538d9f1cf5e5dc5758a490cea8710a9610790f426a0c76e262eeb9facfcd7730b72802084152f71adcc2cd6a2bcdd0fec76ee3228947d2f9b1b6f614a7e609c8f250fd02e19a487365b0db8f2d53cc6843d0d2a2abf3cd2ce33125558046fe9ea2eadca7dcb9d0a20fb3ee274fd92360f8772a53937625b5aaf9f10e9c9452426cb42dce78cdfa2628aeb58c295b01e12b12ece1fc5f66e33cec966b52d6593e1d1e93ba3abbe0c917dda7c2b6b5d45fb4cf6588908208e9b264f7e8ff87cc5090f4ea9b1a5205c852c308783a6c5ba0629cacfdd38b50706097f -AD: 3496b4171a3199a485cfb32fae763dd77234dd9e2c6544f057c9885e914325efa4ccc25099f81c95a4e968e5e031747422cbd48ebfed3236f878a2832b7fc6aad4db734868ba2623899e9e0689e618bac700ce17e6d0114a0f5b94d6a0c3373f803ba2337d530fb706b8afbe482eeb9e0f5582b2f502d3c774b2ba98ce5400a20cb7d9a32a351401bffc2214392166208de9fc8a6d329b7dccf10734b5b74ce122f2454fa551b586dea96fcad2c45b1bf562bd5751b757da829d57cfdfd8ecbcc410c00aff69764a4e532545838b38011f92e464d192ba315ef239dcd5041448f165a14d503a865a85dfe81c5d4dfd37fa6c316c09eb403bfdc2a8c1a0618477a5fede92cbb2abb71b425e201c6361b5509288675a4541f44b7fe052acb25d1d87660eecef0beed7851a2966947dbfb8714038621b6f34ca2874751aebe9e8084f6ed854ed5f151f81533614cb1fdc08d2f51e47537f6229e0b64d10b498f773fb67bde258cb74a78843256913cad2727f9dbc3a8bd5 -CT: 8cf78ff0f64a19abecbf693d8575602631303858623968c8c4522c5351ac552dd3694b0a04fa270eb9652dbe58c07cacc2bfbc927f22bf561bd4cd2d639a00b240f41d6af836ec3f93dc0610f08d59514c49351e25cfbbe1ad05e8cb21e25f144d926b5752f96ed7dd05c816cc95f5c3a008716c8a18ada661ecc497c6e34540b8924ab0560c57e7190ab567762bc5ece63883ab5522c8e84efa3dbbf71179d6f286127f01e8b909b61a16fb2433798613fae1ba08524d734662bca15dc70a550740d1b741c0cb46528d061c786f129cd49a7f5b9c1f742c906fe7592e70a5185b6b1ab669498bac981f846dfd2401be46c0972f8945adaedbc7c54cd40c8dfa781c0faeb6b2c0150bfef21ecab2995da3426be508f21278a668e81b25938dfe2f8e1f85c8e69468e38ba924ffae71c1e1c990656d42c8069d120c75e840a2df0ddcc88a77fac1a4ee56d3bb00cd53daebc0c981571d0e3f467d2940b4b92c359afdfcecaaa4331ac45f0afd902e8c5815266d195e303eb16960fcc21162f025d5258786963250aad37610c6b191e479bd5ed29b8cfba9df43131feff2571fc87209b69d15b6c380a8623428f01944d6d5e56422fbec4f7720b607901f06f4433fb252ecc251660e6f9160fefff8af8b866c2edb11f6419a6bf91c5fd557851d469c256f511b9acc8e71750587e4ec0482bf4ddb0b73ed82cce239a4d9c6b330527cd8d529675c2c556456b10ebceec05e7971580b553b8a5f720f8ed38123f56869753624f4a6cf9036c3566cb4f6ca8e0f36d914758f07e7f447c67c8b40d703270d035d1cd39b22c291333ac1f628d2ce4697f82ff6c043ede6dba39c03e250efbdab3ed5e73c28e194269d8657862829f7b43192f95766f77a7b9b4c154a787d0050cf11099d372c3f97add6c9cf4a467df0922f7d9e1b17e552b453e80aa050d8a3e4fbf9aaa4c01a463b796cadf65b492f301ef03476bcffdf96a4f5bc933d0d4286bd9e2ac9822957ac9a69fe34b3701d913cabe970dbfa5830e083add43682f261c3aa80fa2beff7942c -TAG: dc5369a6b0814d58060d033aba87a030 - -KEY: 1daac9ed308ed0d77d86aa657a6ea7f9c35e120553d26b2d3fad1bc256f1f71c -NONCE: 7550220b0b5f3c6fa8db7316 -IN: 337934937b996d7a501a3d1fa7f6321369747329fa6bce98f68c769dfb3df84b2b1e14f1a58c3f6b65e03377b7058fda3c26adbc370ec72e58ccc953ff157d4863057e0df89328efb5023c1b79f0e29be2d7cac9f903bb782c4c8720e2ccffe83710871642e2acae2071ba2a0af880f14f41ebdf61a3e5449dec6e61e103385971b8300a31b652053496e9b3a2db7a7bfb03a054fcd912e3e1791f84cf484370e553d67cf99c6b1c9b93bbe6ad4a93c47ba9ef73d9f8506400a49a5609e7eae5e3ee9efc657729d1e615a592a8c9f14ba37f5d91649a8c59ade56769c3bcef0c004c7444c3dd24223ef7bc6a2ba2e5927608692d1fbbd3868d7fee0fd11ee40312ae06d20704e29a97ecd4265556432173d6248e9f273363211b5d505de9861eaf402a001ac18b485c7ad0e442bb5e648e20e0884ffcbbd2dda9b3aece535d964d2cfcd6f99a31a4f24d878575fc3ad7a7c19e76771929c45d0965702625cbdd2e99371147e41e950ef70a7393084682a2ee6ca9b611f3c7b38ca4f5fdf2100c6c8d1e88b842aed09cd16a5d78d4e2d7712e40234292dd1aa27ecbe63c433804b0111a2cc469e4f012d55e95e251139f5d6dbfc6dc8e8fb6bf5ecdd8dc89fcb6b2964755d1de9d8a0dc9d648619e185169ae5ccd61a6c2266c5177d8569ba4a09d4c231d48b8f8017365a411714be669fd31f5d17738739c75ba5abfc19d1eca16558cd69bf33f63f50417c92c29dd44ced6e9d9509057ce53a37cfd956bc33c6128fcaaa441fe3016389cf69bb589d323f18fce0a6cc7e77d9e33868ae21ecf8e491019f175f10013392c8fce3e6de3dbe9bb20ab69c2996967d171ea48b46abd36b9f4015723ec99ab940156e6b13ac06ec0f4a8ef74ee304e3072d9e14e844d2fef1e6fff116fbe9a74a7d90e79958a2f14c364418b7cc0d135e0fb8e68600f2e7aa26f9e15431ac9e5cf380b5fae8d715d1dbce4c0225e5c61e747029f62f4ea5de277bccb75580d6f5e5eff710ac8bed37e98b15677462946b2fb3fc0ffe720ea7c6bb70baa0e998fad6b747d5493506ffe69133608f2819d3fd9c8ef -AD: 903de215b72677076dabb98cb1059d7d1b352f95a2d2c2903dff63743ec314e0313e46095197f6aeb2967c5a60f7f043b5167de03ffd320b64291bb7162b495f8379c883f17d642bd8bcad4caec8ac05150a5d449a22185058fd5c3a87a9f39b8a76afa529bb9e22641c8811c78fe3d3aaf2acbb88c47a1ac40dd686b80828fcbef0937e57a6272dc2e3ee18fb99410ac33a96d0800bf07dfea59e707cdc633c938feaa179a8d46940d1182fede7e1b9a3687548a0ca19bf53a641082da37082f257fe2fc83188c46cc58ff44a111ad32b6745dcacc4720dd960d2325443cb70615a4437eea2a409ee70c7fa3967a2fe97915ae852cbecd21d44b8db03d3d631c90e834a83428568e8250f5b8e2422007e8cefc12cfc28fc7f9a73f93afc1c3d2083e4c5cf6204753ef7fc4199c0d877859a90a1d3b16ddec6de134689accdca001fb1dbaca4fd492854446c4897afeeb68181890914744a387c198674d37ad98c4ff3fbb34ed656add39879af2e336e529c362d15399e40d2eedd9fca1f07 -CT: c6610234579809d78c1caa28765c5b05f33a0c5d99660ef94296ba00937522ff4efd86f760d3398a9029877192dee574ee7b882c5ba28d1c388444137c2ac96c6eb4cace7ffe3916bf196afc67b68e4daf0e191450b04284f930f6ebe924cec498e0cf2925bce9d25bb08e872352bbb9aee31a9ca45e41dedd3e931e3ca1ec79aad5390c7f81e8b9473aeb2fc6553bd0ef87a42dd15ae2edeacc148aad6615f3bda730e50f5ae8e44f3639c94242252c2b4b44441f6974652cf783cebfaa2f69e795609a94db16948bb30ab58377c9509ea682a21c408e3b057becf82dc73f1addbdc9b98d659e26092d4f5bc1ef819f9079e0c66bfb684839c0cf1c2e9503afd1ca7de025d4a3a86ac9578bae2d2f6452c2952b57452157d88794a4a872786794a29acb6e4cb511f8cca95cfbd33aebfdd224ba7ace8c12fee32eae1ce60ae0ab6e39766fed2c385ab3888780601cc18a3361468e057d19f97e94ca3bf814bad74f93b8c18364774435a83de1fa867b684a1f2ba8baba24583f8e3808ea7bf238409110959a90c93ae68d8e3fddd8951019e9d6699e868e8f1d156e57eb1d4e8688ef064f18bb8bda91f961d1dca461220f88646bafb0c0bb3e65be33c445f265c0c4e843eb155b5040ddda3a5d104a6d89dd0523e89bf3cc7125774562b5d7a9a386f8e227e6ad71ea9c0361a4e83d9509478a14e9ed8614ce0c39bc9d1ea361cff583ce5bea53cd84083b45ee18e6d4bf3ffec402657c01d54c6db3533ae6ce428317cc3c0a2b2621ca7f82d83cbbbe6571ea87686e20b0d24eaf8489c573353ea3b879b4e7a1f6d87370ff8437c9767d4f99f244d15ee3eab3a1ded233a26c1abf8f010a89d7da628f350cc93529b130ec1085abb62a857bcd8859f738b511f5dde072e723d8fa88fc21dd6d464358df9f972e55a659c5794e7eceda8b780af6ab65ce18814d5c3b38085be841df3b52b8cda8efb8a33fc52d6952fc3c70c42da59aa4eeb61e11ad4b1ba20568da6ddb31a8f1bde37e8c63c440ee90688186b9f222bd4cb369d9e077d0071dd9d6557f5b901829af6a3cb4825c76f05c -TAG: 78ea2271c0bccf96f0d64594820543cc - -KEY: c117304024e03ccb6e4e35d4c2508014742ed3639e8d0d0a73b4e99c0e2825fa -NONCE: 3a69b798030cadfb168a1f88 -IN: dbe56896bfb9a41e901a1bb61b8a95cfbb343266e894f101767efe874d9d45b4540d2d77e701e1d42fb03c32ca4b965d836b3fd34ea3ca2e958aa54f1b71e8c442783924c023c1b9fe0a45c88f4b66453fd335db8102e1de765ccfd7fd415ab7a08fe4e0b3d2a14f1564ffa3157a7da7cc9981029a45edf19bac8dc0f97286038b38fca85f280ff9a98eba85e328be65a657291692413319e0f045c07c657c903e51c0bf72093c615cdfa18368992cbfd4e11bd64054d34405d00bbfbdce63e315e3e99fccde073823c17d9790cced43408ba71e48b06f9bed959818d939f7c84b2d6c3861dd17e424dee0cd7942320c50ce637dd1349173b13b972d0808d24d5ebee528343bb0f0415aa123ba63206de27257b11ab15aa1a3d23d97bcde30cfc2c8f9bf0fc3cfa4a6fd61871744823d7a1f8fa7dfdabbe82e73e491045c9df0f23d9cb83ac7d1118b4653cf4961cdb7256b073571962b1956338d684bcbe4aa05aec761e0a14cdbae6d42897dbbb1c0a646ee4b0e0dd43479849864311c3f743f2a6cf9d0dad34111493f0e55461aa1daba988af83842804de0707b69bb27ad64f66247eca2701b9e697bd6d3ba32fd30c7948a1782f3d308387b3d66a8da9c412d4e17d8d7c8b3344f33a79e0aa40ac27ac3659eba14e951947fc2f2302953bc766ebbfdc41d1f4c26afe5fb41412aa776608d37d8addd0d7f0c82c61961024579d828aad7fc89493de8002620fc3d638cef981d8a843b658ec3ee27b01da0df91c0874edc83587a70f3dd5d6f7028cff83c107a72c4505ec4623b35ddc5fe3f758434a14685e74976693d8c67ec2f6dbb62f199c7eb3ae344c05b43985f6e5639f6f9bc321bcc436044b8f5b89dce923e85384e16e6eed7ea5f3e49abcc010655a3a29cf9fa60791cf7262671ce0fb2044383944d415a8acee77e88697a96d4af5f7794e1cc8960ec31a8727276ebaaa5fc44b1a240be8679d2d0c8d3ed8d950f8bea0daa64693d4e8e5e5be0567c0d878e4f9a830ab4c6153ebfd5b1019c659c8f456a636dfebd24dfcb7b3d50be807a14440f7aeb52c280b3dedfd7ced9 -AD: a6ecab35e7b603dd8253a5046e139e2cb9cb5d70ec87f9468915e24847576c1b4a529fbc4f2d84706c1be86b81436ecc4bbe4ec15ced347ccc68744a9275ecc9cc71a62b0f77391e2d37c7f36683d902a0f9ee37df8306427de4ddb01618f62629ad8deab26ede6af11b2409810b4963a1b752c7f6c71acb3c6c2f5f5fda91dd54410ac1637e55e547b25cdf5730ed4aeac8c0fc59a365376d84a35440aa2830cf614bb1012bdb644841e22329bb5798bf971b370dede894cc4f9395a54fe7936381b7281e60767bb2f8a17492ea63063882d29ead140e197d2647656ab981caf919583e869b844e61fe19e94518ce7ee5aec100b9acc2cb8de3dfd5cd3a776ff2f23319721b05e194b6acc9db40b280592e50b8b5d7d43a7065898f5af4ad8afa6d8b6559c81a9e8e923f6548b3f59c8ba30620d22865117e8a9856f66df128d82c7e15dd9f3ab3ccae9d2e30061224c7a606f87f9dc5d40c689cda06e5ae21e47563378b50c1ee7c664bd814c329036858bf9d3abfae22deef8b74d2fe6a56 -CT: a6c4079486af388ff129e360fef12e039e54e4900d091be16df1d3712dea1578f11cb12716431f5c6d26a0719012bb89d1a3515e0821258b65157b8e5a8ab7354ad6efe2530337c8974f3f89f674f5dbfd3e8b34d6d425031e4591b37991b5e76acf5c5c13bd47c28c6a55a81bc2f2297fe42e1500f03ac1d97a348cb9c39da8a95b1a5c4b3bd47c56988c19c1d8c6a10a35322acb4338027d2a32cb32f5ce70d4d967fb30052b86f538f1e756bc10492931b40bdb6a579885b94de17cbe917b454db89536a021c4fb230037a4d808ef71159630f48855b47fa90ead1c54903dd925e88516f0cc0968827acd6e57df044c485ed9872e57308e8c5a8992d5d7bba05f7ce949f83dffde903ad093f8fed3ee11a1c6ab031089d77a965e5a89f877b7c4b23c3118ae50e7e21d75e133ac98fba316019b4c2866257d02e6dc8ae5b476517daf7df313093c176a2ca6bd8312bcc96e4fd78fa94313a6ac1b053e72bb622dabc5fa216ebb3a99c4e760737a29d5f452176efd9720197432cf17e8182bf1af60608359195341fb0246baa0087a7af0a5155f32895a06adf69fd01e6f86fb46377e50dc67d5115dda5b0322eeadc8d7b3bc5d0658eaac577725b2656d4cb7803f28df819df0eabfb4d8a7de150887d168f1ab7e5fe0ecd71cb98e35918c8b739059eafdd254f9bc03064d3e27c4b41ae04c2ccb13042a839f82fe9335df59c6991b7e8f6c821026a0d39accd5ca8007aac60ea324eaba577eceea25b4f31504cd64929576513da857f6c9551347457530fca38b173a6e7fbb7219fe861397e0bb50cacf6368929a5a429f1bcc47f6db2517ec62a40bb8310486612d6362870c3980ebf3223216d9df538649b25a704bbf12374442cb489af02020e6886092b0410f922c7680d5fa89effa7780e31f9222348467acdf049ff39ce3df27006406642c01669b819ab61ad05b096270fa75bbad04e8b09b1c4f75b12761b2e2129559625f46bd1005ce39a4b543f34960f0e7c67cae9074b29ba86867a9b35f0a94d716fc7103266b7d14164473b1d4e19a7cb157fe5e04e83dea1bc886947c -TAG: c3bb19a713afccf40080a1923350cf11 - -KEY: 6e2aedf8329f42697cd7ae88fbdac408b1b8a6efe377670b244110cce97d0002 -NONCE: 37e72e6de6176fec75f5baa6 -IN: d75d0652ef7d1eb495797993afbb364cd663dba38c266d3721f0c522238bab60a95261445092ea645ebc25b6f2fe177297a0aecfc9fdc621fec0290b266c8ceeb3945376c4f9ad961b97b32b176bc1e806eb2d2e410e8ff7af12ef545493b1a61ab84e634ad86ca15fb9773765ec0271c204fd951621fb8ad69601c06c6ff6d151a156295371f7b207ce6d09ef47d106a9466fda667b7e0e2b9b2ef6caabd297dc82ebf2b03146c988790311ad7f4b8e41c1e04c1b9f40d4e3d8eb611f3ab06d12b97b75d3b490a4fe30b1c565243eb77d24c06b539e3d335b651e95ad957450c027698dcaa3ee3ff43de18fa735ecf7f404352c9406bb8358b9d3e47b7dc4f6a813d4f4f37225baee2c3c028b3974f4c0e8b1f0beff79fb0b04ccc5824b6ef8108bd9ead21729a9a9cb3ba8705bf77ec3c974a34b2d838784b243176b2c6e7a2010a785a96ca2ecec4fe57bf7f6dec0c9b72c52b8c53157d4f9fd259344cd556c637f921170135fbbc86d68af452dc575eebffee445f8f755c19c73a26fa433bd4437c1018263e7db4b580a120d1d29775d9d5ced6710ae2abed148d4008bade4539728768b1ed315de117a81fa0978c1ed9079188454c852652e8ccc4904ccf233458b19d0f17ba6525f3096d369fda3dcc84e092ea1236bb57a8bfbfa9ebde780843bcd967708ea20c61b60a11ac24b808029676a30dda9f5f6cd69aa6d7aa3b08cee0e89456bc4561dfbd751f9abd3ecbc161256a26084e5ae1d94dcd3f74ca30b4ff1857ab9e68cecf2f384da7d271c1d8b167250d901a2272551020c30bb9e9f9a8f9adb299956fb060a17522efb26363393885b4aec2c02b0a8c40835fa058166c7c3013908c1513e4bf9c71671798537cf05c994d2090fc768a12dce93a80d0a4cf1614d0101851ea6f87b528047f07d07ed78cd4e54fdcdd26bb4f83d297c402ab5e328c404118f52bcd5b6f36a18bd3186a19fdc522ec9838eb363818a48ff88651a2359447876d139c6b0b7d35e30dc0a3ebd3132e5e2a0c3916ea7e3667fa266a91d5906d1bfc005f166bd14f298856e85022c8274ef5160f87d989271d2eeff544501635f4f071089e074 -AD: 6027a29d52264520a6ff2f2ede11e8d196c706c8a06d87c5e3679be87b0c36026e38fd53da6bad38f9abefe48b56db84a445f223ee0ceb1fb1b797d2b589dff9b26bbfeaa1b21d662edc6f4e48c8d91025220a9f3e7f1965e0e6f7232e84348190e1b66f918b896e778d58a40c47439b2007b8574cb56a18f72677227f1aa09e36ee41aed2692b28b3244e9f54a7d317b1e5b1e7b7fc59506744a25e5087d273203aaa1dd0b9d627b240e518a866d531a90d4b3c44cc1ed9d9d1350f57e03c3f841017b46a68d6f1f8a6125f4b622a0132e64a85fb47883389dbbe1e3d26eca7ac8676a22b4bc79ad30eacc91b6d06603e916ed87bef76ae3627416af104d2794a7b86b561ef91deb0e3f97e07a37a3ae11073945f75933a5dd66b14aa98e826aa4180bf222a201f5ffd860be8a4b73d3b7353fee03be602e52440c7077fe0afb1dd5f3e823c170a4927c241a09b83e5da81c1fb748452701250896547e34e647470f5af70a23af895d71ba21904e1c6fab41f5af486d448b57eb5a3656089d39ea31ea9fe6c88bc40 -CT: 10327cff240fa05d2aa15a7b299b925a0ad1740957c4fd23ebe24e8a1f36cff5c19007d4fda60dd9d3231258021cf2d11d9ffd32bb221a620d68f2b0077a64a6d575c3802844500b2e6d08ee659006018b6512651a5b903b6d438eaabbd41d0366529788a33dd43a0144637b4a66371a7e58898c4b6d1205a239928c3c3e00907f50a79e2a99f2f675cfffe191f0c584b0e93d72f2a2aa8a400226852fb97ff0cb6d361342185500e3a0db1c9836bb8981d7b4152a399f84a047e5dcbe7c0dde2a85496d4fafd8990f70f28025519dc56ab2fdc150c215bac333af39a981ce5ec484d3cfb06ceeb68471d730e9a6a82d03a4b29dc8ba5ade90c55f6431109bd8c8be337033ca49c4f75fcc2b93a3103638d8516622625749dc4ab0dca45e02abbb2931895f3720bf0d915a6f2802b9a402a5a9c1f47419df6ac9fbe2356cc6c51924bc7c6d9399a92688fc6d75a41f69e4f91fd375df325a75dfdbea2084ee9dbead62754b4b97cd7fa075f6c016678053a8d6cc4de4dddc2c2689efcab3281f1b7f353b3e8710fe396e874784fa54c034aedf078524ecbb18f5bed06a88887797afb0442670224c3bc3e0b347480b7d84268ecd792641b697cc7ed431ff0db957252ee3ce4ab0dbbd47638c15fd0ea8a25d3f3ea75a81dc9986b240ef3189f323a342857ac59900bb8e3bc429435b4c00cce3aa6c516d0c68456a12929359b0bb9b02b349e63c4dc8bf2ed107d94af97af04c14ed454f3920e1f354378c20b3be5c12adaac6d96eed1df0496172a71b585e3f5e39484578475e6c257868b3d0bb45cf229c0752697ab66106a675311318733b02335ce46b1e035a92557d2ddc9536634cbc516800fddfe358d8848198045d746a5b6e00db3d2d0b22f7e4c4d5cde136f62db48968eb360a6d8b645022066ec54f2f2f05b3b8c9af2097986464ab60ad9f05cb63cd194e501507babb6103b96daee90c70efa78c609f95a20e85b26f2d9bb503274dc40aa0aeadc485a2859b3497f4688df1b2eeae81787375dbe3f9fc6ac8b4bfa339b92495d175ad6bc67856b58c1233ee1b0c2b524668750a48c0704e56da23fcb015be58239cdbe228 -TAG: d5bc1db867fb362965c9ec4e686d95e4 - -KEY: fba584198cf82944ca5c806d3856240c4336fc1b451f44f31a97a978b3de874a -NONCE: 859c5637b754a4e7c1ddc3f3 -IN: 4dd6231ff71f13e6a5b4e182e62331f3ed1d4692e35f6959b17ef4cc7f29859a67b60527aef9d08a333bb51c6e163e016858a4da2103df237e16acb93421859c83ba348faafa3eb31d0addec9c90f61a4382be25a85daf829e5b2751c9b7378cb9e840c92e174b1e9a32f3a5b48bf70b6de1637158a09714b473e1b3e339f9f915d27b310af2fa13c05edf4eb9b114c80ec2677fbde6b5c351b61fc0527c9206357bc1d1de800d8e6dbbd3f97d5b1220006280a42f51b7b4b4c67c56aac1483a5357a7a26528a1ad1ec39e0828117be1c6da36a60a7052f0dbc26846e4bee96a7cb6dd5a3dceb6a11d356e0177be9fca68d0f4b00a8db8afe8441abfd80be2d7d25ac10620dafbd92c0956c2b3ee4da7f3db8d028cd60036f78badd42e0e9767a6c8bf8bc3ed869a9954fb4db389e2f6e44667ec26fec930e6a687e3fbf10686c00539628bf50390fc167b1c31c1bd061e975a60affd238a229a0551214f20bb9e17f097462629d04a9ca6ba98cf3020f1fce170b9ce20440fd25c2cc143018aefa1748f6269b478e1d79f3727831086620e79dd357fea1c84ec4de0bf7d6afa2f702a466807c0d2b8e4c81c402d566a0af16c065941b5f9b689a085ef4980131bb979a0b4300ca32f92d902516c3c9d799220e786d281d64f3a7b5cdc4721b5245444fa9291d4c58f9024387c4c4e4dac5ec5d7542986a2b97619a7db38720f392dc7539fdcc5bde53d2a4809b9223663d8876543a02431eaead9588ef68cc50e707e925f09eb53c7117fb2c8bfd07b578191b3af028d480a6f90fd891e03290d0d180bfa44953ac9388d08dbcdb238790bbe07df067a26acf6621b809a154242496baf4f7a07044c04dc02b5042c5365a71cc5ab9ee82630d97d1ed9b55be1711ac6b1b2a497eb1645c69ad15617a45751807a0e4cad1d0d965988752c65847bff53527bbd087f7d0f1b756563f38bf5905391836ddd47f57d84742c07a8000d4ad3fed2dc91f19e6226e7c3fc260e0ed4b23715cd01bf2c2fa59445d8a695bc759d5328c85db7cc6e2566ed0c5758ba2d12c1d285311208e1d4f66caf32afd1619a46e5296f435ff5bb24dd30d060aa462185b4e05afecb2ad221ce615b6867f5 -AD: fa46599e0a9f3c03555569f4ed86b73a35db18c622b4089ebf31da474873637e4b97aa71ba883368691ed48f8600098b05cbd218c1d4aee55a0e6ac862518a6602328e5dc9f193b0941797e863d6534de6013555f35ad8c32e9264fdee17e927db412e76f06922b36b4c1f5f0d4b998d9c10dc88f3ac0b8ee01b1a88e0b031562510395b9b5a063ae968fe3f87a3bffa2e55a7aab152c50ea8bd0c61682c0f9c0c186c3dd0287c7c5a8f50c2f0c796ad7afe3fb9b45d90e8d2443291947067f982f070643289a117c404124245273fe17aef4c48c1b9377f54e6ecfb43aafae2fe52eea2f2b8aa4fa5a7412c3380723dc99e63c0455736ceb0fdcf1caf6714937c75de252723a7a1b5c7bc5ab1430a8fc44d78467526be8b722e0a49c54e85b6da58e44ab4db4b7d1bd33e28c1aefa462f17caee6b45a6d5df43478f36ee54b1158399a861124a95cc759fbb5bd4572adcabd5073758e0f40d6e733a87cc9a3653dce1b59936d57beddf6b980bb7cdeabaf58d50eea9ad55dcc7af8369bb9ee8af923d4dba981d25efafc2d2352315e367a9 -CT: 29e739b7162cd3504c7a70f3efea5d6c2282bbf1fdd75224729aab622d59b2f680c92de483a46d2e8c45460c8f3efca1fb374ae8a04ab84aeee0c083a09ddae6cbdd1803e19b27fc1bbc4ea58ded24f9f630c16c04b605d107a5fbf640ff1225c919dce7b6f73b1a18aaa37e3d0c757e0062c0de6c516302f246f246051e1a0462db91e5ed5e1d178c3b384ff9d1ab3244b861b4c34e21a7ab194cc3d48d11588f53604609af8029a6ffd166c08a8f669da73f465efa2f0f54dc0e09916fe8903d0ceaab4e55494a043160e6962ca21ec86e1c159532691b34d507024a345aff411b46a1a32f7844ae3e1e250bc17c0c3edf4516231bc574d742b0b2411ceaa3c4cba1d910843534e34e3d405be0f51a304c80a858664142d285e84b8e008fa7247fc0583dc7b8de3dc9015f4d8e24505d1eadf4e7c598e628ca6b5c70dc6fa5c1734cefb418d62cb08b7d5fe81543d3d1b438ecac5359a0f1052e2efea3107b2da554ff669360db0062052917abc854ccae73623175f7e5ad37484609bda0b6ee3cc87667fac9d1d3de9fcd104b190c62e544be71e9badc2440e8b451532781dff81b5a7ec4f80d3686bed8f7747714e994adbb4612406499a6bc3925ab62d566660265ccf2d635c875ac6fec640b515b86ec5a7eeecd34b86d1f2eb6ecc5858cdaedc552175c707d12b677cad0a4b12bb4e717163002607eefddf63ba2581a2b1afca4865b97816e61813bc7ea99f8f69fa5bb8e306d5e6db15293ec2f7a9c4d8ba2d4ff6e258270c9ac7bf4887171434d034875b590fe20b959e0955034687679ddf98a5c777dfc06f11137b52121249ceac90f5eeeb6f1ac59ccc26198388eb8b5deb918cacaccf1e48145486c37bb2a11d371e095a250c86efacb85921129c2e19c9dc09c66173f394f568c47fe4ef0cd3a98a138b1750f3aca91f7677604613b6b0ccc92d6ba8a0c3cae6b7b22be761ce2922ab273debcbe3f68b662038e232430b3e7d3e4142617fea44c0683f0b7eb03950060ced6325409293422d058d88f0b81118183a05a13db7af89429731c8a37aa83328019626a6f2d87ee49f9b4cb39021093e4886d373a292fcf711945f9d572d734f422c92d8fa6e01c4dd778 -TAG: 73f6e44d8a2f3cc357707de856d2ce9f - -KEY: 8e21c6a4065bd95d14ac24cdaca55fa220b37dbf7d201b289178db041df9c303 -NONCE: 77ed6ab683ea82545de480b5 -IN: f15d0f948b50dac3b7233676de10bc93f529d5955ac70db7ce9b3f684283275898e74dc028b10623bd0cdaa6ebacc2b0bbb8aaf2e32b4d7d84ced724383443f493ec24948ef43a40bf94c1b97e0036e547eee4c59cc336d4205419d66374ac29cee8b274e1453299611c491f8303d00e0e445337a176f263462d0ea16c297effbc98a0790ace75c3c4965d09a32e38d0ee62c6277131f55abbf9d5c733910eccb8703634720f11429302c772c54ae4e0e2bebde2c251786f67fba677a6d9beba08d3d9436e28ec7d5cf016ba69cf20247ba4443c12ca056d3a11d1065b18a037add77642cb8aedab88117a1bf686b17efb241092ab2a17bc9562247c501479d77d0bb752dc5fbe2a4694d0309e68b885a434bbf2aa87ee6e97aa8fc715d9667977a75b37a42a1f4f27096887498ce460301d9ed2a32146a2000b1878654c85b5ebf2828161e3828e87319b838647f9973b860c6ce9f43cca21933ed4526fbcbe38d0169f60a85f9d84ad662b62bcb1088ffe9350382ba8c2748c79fd76bbf863f9a60b971fb6fa9446a3d034047358cdc99ac30e78d6238b5478982a2b4ce58537a34e5ebc37ea72f321f9e466031515c45461e66cc0550ac1b38ebd92d448d0745fb0be37eabb926f61facdc5bf3ae52caa0f923bd73c43a22b89902c0a4c43e12364d0286f328e125b8f5c9229fd955b5ccfbbc672275051df701e981e3208cdf832af70fb02325844120b5fc82f4f8981ed70989d78c69ab0ff75ab96c1ed69919859822ff20ab698e25f855cab4f01174c4feacd3b94003fdb1479150f0a9ed35de9dabe3b7c24a56685aafc396fddc9e6f1b35955b485c61f2659039b7254173364a57bc80418e2f6b7ae28dc8cc5402098b79c28806d135ad3d5a5d0503f32338334c9f6e63f29c61000ffa87668239ee2e1b0cd654c78d610509c5b83610b1fa85cec31a533fb329cbf0c543bed9ca26b97df5bb12ef4e6d252dbd955a2693d4903878b569bac70c4562712ee16a7da269d6bba8dd57b54246598e50453f47788a2038e206b4e34ccfd275c6f5f1de5687fce97d5707d8b697278a3e7c1f07ccfb11f23b343c5d8c7c08b1122b36f3286decc760474b6a27646f432e740420981b480ecc2e50bcec71691da9ff95d43 -AD: 51c1637f5348c5fabce63137ba3c82b93e7a187619ce9c2aef21b0e696becb4539fd581481c35255090bcd08de83c0c4d35065208f2d4c0efb7903757d5408d49703dc5e8c94cdb9623741468ec982231849c1423bfa1dfcaf6633afb5997b3353cb42c7e8f99906331322da4c579a43d663ad4f7bf9d9d7bd7c54b65273f08a76181fec9b20fa5b4dab9ef00e0f6660446140d3b07226976843998e94a69e1cfdeec41d7fbf1c1fb576ab99ccedc4f2fbd6d6bcf6227f8a93916c859b37ded15cb9bdd13d399a51784da099dab63a4c0ba22d27aae6177372c05c1e5a833f459caeceb28743db88fd2807f605f7448d9220b79e56a312f06994a0132e43bd47b82e0e858e8d2773a7a518746b094df8a6cc851e6ed7b98ea657188c6936fb4bf0911ccd09a67ae539626b4573e0da5a64a75b0cbc995aa664f4cef75baf574e03cb7b1cd4efb301974fa1270be36a64f55f19890bd21824fd44099c384b45903d5a85fbc785c2bf10542eeccd3ff9004a157396a126516049e26f579e32e51c1e9d8ce32dfefa3e2558f6706d31757161b9c17c8f8365b9ac2570 -CT: 441def04eda7baf0e6edf24863166860ed05c9c3cd0d0c71a383b4dffdd6b5a59a18936779e63c8ce5a3ebcadef82c75d3f241f62d66125b4b4be0b8ae58e42d45421cc68b42ee062d1f6c12a75a80e854a1e44af9813e9be4ee85ea3a9f34534930cb4c51108160e4df6874b900cd293815a1d5bf2b064fef51d0fdce0e077cc26c4d405231b50a1c26ec03a8e956c9605cbb9b4ae68143342f6fa46a651cb39aa783abd0f6359365815aa8084102d856d860f7f6d9344f3d1e65b0af8c7d50f83afd151139808f651e23897331b58dbef7d301dad4ced88feb5db48b6b2e05e1c8cfb58610ac3c58cffcb411dce628c1975d5718631c1c1230ebdd40e6fbb6c2442937f95bd3d6578189fa72cbc963b922d17399439bad035a64f39e78c4aa7f0c4793173131d11c7693aca45c04e0f255daf0b1ab45c3e0d90dbe38ac08782f19325039127454e589953859ef87cb2e4edf1522f946b59b8251a1c154acfb50f0a7b0a349537e17e5de09037e385f51ec4f388517bb1ed1cdf891cf4fb39ecfef69eb553929c82941e078e0f4527614a002a8b8093e1c1ffc8882ece4e7f23951df6347d13b0e4ebdfa76b4fbc6baeda7411883fa74c8e0f567065e4bca86570fe31fc3738fce1469c9539a398a182756d26829b42e7d2f4b48fd35aa2738144a8df7e08678768cfa2e6ddf887558215bb44437939dc911af50cfddd936346155a3e543fbbabdf571cfbf34fe781e5db5b85791ddc465966c001b06efa95e5050f0a422d3026d48604f074f900ec66ae3b8f7b9faa7f438d28e6233428d74dcccebea033f2b57e8a9e77abd8f4fc7f35680062027a20a88c3fe2de501dac972f0296222e6f4ba0943a9d562771d757a8fd002fb032a8bd30f05b6aa0926e4a86c6f7555d3f1816c68db915d71ab2ef9492b97f0741be24e07108fa3e02167b72b5976c83faa4450b52de247f7c54ba7d0e65e44575a5a53bfc37e807983fad7ca5bba4331abb1aa30c1444e131b83af8d72e51dd248feca5e025f6ff0852f929c672c18b47d9e057def886f852ae26d137492d24f8a2c903b84d88b92a3f6679d4039aa4e4292374b66edef378a7410ac091ec61561cbabd788f090d418333794dca3f9744b25b9b8c2b065ec71e9297c0b -TAG: 4a780eb826dde2371feaef229222cd73 - -KEY: 71132f8c05cf95b6b8d9b650328b561a08728a8903631efb21a94e7bee60d132 -NONCE: 7840ceed28a572c5186f2546 -IN: 2a64b5a93aa35c427594bb5a77d6fd2d8c40d614f5e0bb495a909f3fa2323c248c94715fa52017a2d51c866e81aacf2efd74f40b7457fdf93af32c1211e675a08eb4330f6e24c35f626da6692bd9a13bb18c42e6b2f5c978c431d25be0f38352cdfb5933e9581834c33b70b590fbbe3122a9076e619142e8c698c78f532ad369447843c58df0cb105f8f35d4ed7909ff94a3a2b0ec99be03c29c33372a1b9d8a6ec7c38ddcf4dde9bdcf8f0d63064a5072195002b953b16d2228e71af3938f5402c24e4f34e344c26624519898e0ed1f20980e36bf568b33e332887610d8da5a941a7a1bd8b8fa8795014ffc9688a53b4b9a60f527ce4a737e99624e600de8cefacc246473c9641a1166d6894d71b9552ef3342cd0a7e3b0b65df836c6d8786f34c851ac4c72dadca8e9753a4e6a14deba129f4e442a13e3c82d405f84e281b95afe2cb066a2f49c126ecf9fa440d6f9860fd450f7cdbf5c2fbcb5aa2023755bba1705de94305e5b304af4ae8bbc937c6f477d421f5d72784f9b3c331a1f850c4201c6459270c6271b8bdf00f23389acc7bf4082e7453c9c283d86e8371cf7b34cc9988005575c8e98ad34184dac039f04f84e5e8ffea351a3e1a51221abcabf06f7aeb97525b07dd8cdc21b71c97132f3f6f41e5e01c97955f4d67793e8f1cc5910a264efa8384696969680de914bd1acc9c7e9a278ccadcf8c6a49877acf2ea3f7e5066285672bca4dca1583e0a60b82b18fa564c5a7b08a2a0dccb9170602c9f7cfef98024267553955cfea077cb646f2b564caf529a5b34b83d8a16f30e2ff3905106e224444287f3ef98a9e12cf2e3e04a7a42ca30e6116834c169f0778cfad274d43d969dc100b9e1a810346d8ab715670fac2e647829bf3b56f2b7e26bbf025e74a3e9af4930e182205fc09e9fdf1a2ea0da9aa5cdc21a41d191b8fc189ee5ba00a744acb351cd869cebac760b315e60756112bd20239203ace94bc29b232ac9cb361e5b7aea891b5827869112cde2b0e2493fc0c88fa72e92532ff7ba77d5ffa865e47893a7452f0a4b44092caf70e02d344447b7dfede0aeffda018f898a8872c6ce3102ebca9e933fcaf22b5c855f620b240c31acdabfb7fbf109d2e9604b465abf43d64b6a010ab928722119625bc046c4489a95628612995957c75510d89 -AD: 6ad2365603e6682558c185eec6749c983be4ae29a8a66728cb39eb5e95e7f7a459bae5cab7e75c587689a223f2533c28d44134b87f22e964e73c030782c8ac4ecb2a62e3890d0d96116a4a3d3aa340783e10a46d099d601a8ece1938a640c1d12b88ca4ff89f1ecc75f46a736b7a4143b671f3fc531b5cb08c3ee7c02e606097b0191605d9ca3099c6707c590c678c8ed7a3471aea52fefc7f56a736cb6675e004298903b43a357c28ea4f59ae0894a8ee0876f347682403eb4d45881e04258eefa1cae28f5a646e3f91cc08a935cd464f7edc1721f5b4e389f94d141ca4231573886c40b7df4e5779fc52daff710ce9cd40fb4dd32e92250592199696a13e742ce90aa6280275ee8c0eaf40c884bd846697c43fcd7221cba4f98b03a6584f4792e8bc16c2029cee9b4e80c5f1c91eb798345b10def038cef2f1246fd148cfd2e39042228726cb18029b2e38e570611aa75c72e6cdd5110a7ed6f5e5bcf1d1ca5e1b67462b36cebebcf6e21df8168177afcd1a31a9e498bf7da8586717ca491292b0df81bdeea3a1789bfe70b489b1d4e1ce52dff5cb7e71c009d6888b152c644b959036 -CT: 5493a45a3f9edc2fd6c8bf53d3f11be1262ce77f5845c1d47b306e486e6316abbc78fabfdc7ee8da152ded9f36b7ef3ca0ba8e55fcfd865d449fd6d44c99f16ff0280cc8e596889d737d0fcd4211e1e5ea7974698985ead5b8def15a8779674a6cea0715525269d2cae64ecdd8870b9f1ec78d6377edb9c975565eeda60448eb1c871bef0d951514640cbcac4e663942594f0bcf4da56fc56b961464d1777a177b3355ef3b5618f247035761f2cb7dec1fe2bc2ba3f825ce545e51b610613bea6c125a347aea55f8f4f5cd5400e689cba199105170bfecc8f0edce6a9d521cd1707cfb5d12f8f5a9dd2debc5907d05513a949e102e7f29d5ff7ad22eb57d429eaeddcaa2915333f88193f668067a695085853f7be8c0af38d774b3d6cb4ab415d70df8aa02e7461803f597108b27d4838d58b1476c10b570c4f8fd71ed9baef88c140163d5ba69a3c10df451c12a5c5cf66c2ee546c6da004dd5d671946df34987a19650ed8ce9e7ada14f3213d642a9b28d0e376e5e37907b7cceb86d0403b19fdb48b3b732633d498d847c2fd24e0260ab74dce88818941c6f8d9e73daeb7652c55c729c3eee7137a5b80899b036eef89aa02bb730ec277d26bd6498e7d4a2b8208d035498b8e0ff403b2ccd0ce6e9899e984a062b5bed1508f23d485642843ce34b5a8322efb9af3e5c0797c2f519d7ac054304b59461866413b0db05791fa9f16661fcd3d9d86291a48cd61d4696ee685a9aca33b93eef112e2dc772d6e304f150042fb49fa95edee661617d7ffc5624b346a82847249c06ca6174d8a408ad46d3c3073e7815c5e86ce31a82587695b2b6c89ef52c20a0ee8adb24263df1a52b4b3bb68b6bf775ba0029b36edf2406c2509ff633fb4e7b28e0a4d5260d48c364cf99ba662b65e3ac150fb3039f1d267e152f569d708c100121565d72e0f728823abad3a1969a4ca856e9f0f4cb0315f973471a4464ecb348950f95f8efc5700d5f2f0bfa9e4c951a9f37b576695d93a8ae5f2d59f0842f3ea895fb38f0f34f56dc498fc0a5d8816e8346f90215d68e86e69d656b1283d349200ee4935ce5acab7eb08b2e1af57a603a42ba3ce811d8b8c6d6af9796dccf549276ad7183f16a99c61e0208cccc2c80507ece9c3c44419e01a2e23abe2513ec13187d54fd422efbfe17 -TAG: 975dfc03c9b1ef9a854d62ed2a0b628a - -KEY: b0667e8a6471d9f4eb559d0fa3854fa6f80288a03ac298a31f69168eceb6fa84 -NONCE: 3473cea023d2c6afdb625b64 -IN: 11ff8fdd9cf47bae5c529c6022638e9bf385cac0b72a046efe306c3463df27276fd63c88b771f84cc9a8bd3be7ea05df941502d7a437ef4a3ea22b2e4ab8509904f352b83cc3865c489bddc6340bba4f2b4c382744467a3ce3896bfa9a0a6a4f8d6beba39613df508c29b074f9f68e8723f2c2fe02a5dcf68965227059e2b1dd75bbe2b80f963cf501d5c73663204490fb843a3793c585769ee10b764077b70654dcc7b9b3fbe7f4b146ca8c6b8e164774ac3421fc2969445f77b77cf63ff50f04e2439895121f1b9c4941b7cadf3a92101cd9d4ec6a07d70d2742e6b3b87981e992c549691a82e250c0fab11bdc287ec357f182a6c2244db8b39a0cae9cccfd1fb32de73901ba3e695574477c37b66d170ecf64130df3cd94049bf9b3cb388907f3dd9389c71c344058b30091eee2fe06f6be3eb7ab6b7e269d2f33431a51d30a39ea8b280571565701dc1c048f07f4b5f9e04a8dc4555e28919acfca9caf597a394120794b6a09aedf866271998401397a4e8e11a25a061878f624f78c321bbe8149bb60887735fb3c0d96dd7f022cef066afda0ec9cf4e41a82c4beb6cb29715e6611562d15bc2b910f4edcc981c457c0c20bd2710668b59242f7547d2202864ae65d2cafe5775f3025eda387030e910075e3664006c28969808975b9a72c905c86415833a1d1d86b8297aab682420a036208839f9e811a6a68b5bfcd01c7310e4b05f5f77ba1dc08f18e57a2044b20ce84acba0450b9b8ddb378d0135f779b1286948985ddf57a7954cc1f21252a06270ae34adb052c124787ed72511f4dde5ab0a708df4b307a9cd392160ce24119be4eef4af0025ca4047b07593293fc17889932588fbb67e72382f8ae826eb9f0e4b866f683814adb2407353c851f64475da9f740f71ccd7176d3d970d8618febf5ade20dcf51918e8a08e57cc4c4278565f6c2780c68e43970968ad018f3d04fa375aaaa5cf10f1cf11cf203ab299fc270ac41a19929f831beb3a3221a429059dbd4a00bcf55768a9f89fb35c8c911698edcf59ba3c2398801401e0e0949dbf587509d9bbfcce3a8bf5023bd751811d25de25693a43f14b01011d6030fc0d3017bdf8be8c84a7c088e0c09048b88cf0ec74181eb904b91919947c57933e5e5ed9b46550c951113e8e2a0e06efe5fd5b4d182e33738ffd16f571cb126cadf79dbab4f307e -AD: 86eed9d3e2f3edda6b76234b7b80f7dd2815963274fb85d776bce13fbc60f1db9199c3e1158815c15b4d1858dc66053fdd4c128397972cb9ec05c87d16f53ce5bddede8ee959b5af5f8955b9cc11a26e53b9b42855cd11b570ae35d85e1877264c949e27c6ca797f77c0e5afa40d0f2a08881820b88f85bcc59edd24963771e9357f66f874c11a684f7987d876412f3cdbd7b9b3a26008d551732d9964deaef66cf4692507fde97239f15e2caf990f59a62693d0e723a50286e20cd347e6b98774805615100f599f6f85a5370af468b41633b85cdd8bcc7236296c50a530bd238ca0ce520e8a29f8ebbe27760eefa1ec14f91d6b751b30bf67cdc762486550793b4663dc38f378bc36eaaf157ed6846641a7fdd07ea45fb1342fe04d700ccb0bc9acda5eb00fbfb4aa3540fd675364c0f8f119df2de15ec2a816e76248c11b9c3e7769f98ee8d4cba3a525168e187df2f548a940e097805d735109d8ccb6119fc366caa17cb46be148d406a770a24067cc9c8c40bca0b544458b47d0ce451e4a4eb9c23716666a965ff26287823a699739e5a6ea844cbb5dbc111473d88d611b906fdbf51e86c5a90a68f97e33 -CT: 0353acae65a2b86f88795b91e2feb614ab78a508c57854ce78e70667db42d0e8d1288b7e5b55ae50e95a1e3362b0ac3e592ac497791cabcc70f68bde6cb9830323bdb3d7c47d35684ae9a81dcf551698258d0d132eab80cd8926b71dd784f7d87f18158eee49bbc220e57f77c65258a5191ed15d10cf306c4fd22ca91d92f28bb0c602baee0bfe31de77350ad2637d3ea7f7ec04f4708a64c55bf0674dbbb4e9ec7e5ea2db16e3aae57cb3611d46ecc06d4796a109a14a0f714753e979a4b0090c99622c28b62680d437a9f4133dd20ffbbeff73e3a9b47b7c788abf42eaadd7b7284bce8b6ea4cd3bfdb2320f7f3016ebf3f06fe255555c44f95693db7de6470e27165e5ab0640e674c321591d4fbc941b2560a62a42535274d3a7f635c922416f7d9a5b9d22843fe601b296aba676802eb55ece3dc9315d27f56433821c18e760ed64d47b1ad6590abc0d75e7d078aba97d697358112347e39b15c3d21248cb839b23b6fe4957dec22b1e25efb4d537bb0cc8b23894436990583627acf4def3a293a4b9f03a3e8beae184f9d11b79d632797b45e972cb9812b91beb1d861c27728b5cfdf9e370f363a6d85120aa1c21f39e5d52f24430bcb019d328855d7d77082a9a331b788a3bf9dabb65f70c20b64aa3ad3625dcf5cc3153380ac7e61cba17698c387650c8c73db3e9988c10d093bbf5e0695a75772805fd5b2fb8eb7b0aa91b453ca2413e36b285800873339311b63a67bb541d7002d5db39b016c03522023ee6551195aed5154ffbcf126a3618c0431d707104438f2b8964a3e0602a8e22f509e390ecba15c999b14a677e49ca95251d0b5980bdcc7e95714fe28a99023af2c564defd802e1f24e544a040ea295af20e9bbe89df72169265cf183961e78b21020b863f3012c6e4087634bf720884e001ec183711ee6ce14f653fd483c0c1a2719b9dc9b5c64955ba8ff8d5755b0f1dad0d949800b1cca343276efcf6e7633dee3675c8812790fdacecb8ad1e458002ce0396a9d7a4fe030da5582b8ebfe390498407abfa4d1d6fd109ef6811d00f7cf422580f63b8de9dcf66d760bd2c925c82e521c9edfaaa6539e78be6acfcbc6a3183dd29009ea6b51f84528056061b010dc59789cfeff60c15bef4de847e6c3c4cc1e127d6d1176aff9f7e208a1bb70d85ae3a1a581ef08dd6197149abe068fcc5482 -TAG: dc652a0e99481d728e090f5b4c9a70b7 - -KEY: 4b7b8c13178f9678888cf894bbae601f4d3869d6fe444db9b35aed803549b72f -NONCE: a39926a47e0b75a771783631 -IN: e6ba553a0aaeedb236216bff95050ad4b259ed60c071e1db318c1df201f2eefd8e73d66aae5835fe869503783504d803ad07f2989abec14a443e3e935684336a437c83d0c95ce9759d995e2cc454706d24b810fee5e32f4120aab927911f7bf11a7d0f2150b1ca4ce7f216403f3a7d622887675278a748d2523af6305c9979deac0da24f4397f57f38c8a860413d6ab4581d48e70b4113aa1a963b3a97b4c4a599be2afebab197e5e41d148b65ad2488af0fb9cdc59222a52ebe6a0ada339bd8b8c0195fba21d46c12d57eb7b98ba85fc494863645b0b32d9b8b4391436e887f6b481d849c2c5f6afe5496626c267a3982daba9af1a16400cf81bad5c1398d605308427340118734e476d808338de39e08549482a24729190041a303f61c4928ffd7a3bb2b46c92aab059c8ac1dc4affe52c6e2d3d55ce623716855934e80d3d401bf4532505c21ac85b738797d08d69e424e521b479f407c7822e5e408247251538a6c31bcc7fa0484dd8a40ad34f0fb66666e143193c9cad455012c3345953ef63b13b3b2469322b7094e8140487c76761733025bac8d71c3f406b0cebc28c499bddaa34ee6c03a82a52e48a7302e5e5e5a3f660bd83aedbf1e2a88ca05db202082d8a59d11b14f6accb8d8d24709709210cea12a34265c3ce7efd84dc8ca309f44016d13ff653f253d33d180cdeeaab7370808e1b8b9138172fd96dac39588ceda91c4208a3707f90f2f336a2cdc1ff3fa7aabf010776833fcfe43c3bf19e9a480495064ad435d3072ce131283d38937301b29d0a063c3bf04ad6664f063462aaa39f1123a010d6f20487a6b12ea1500abfb655a21a4b3eccea51368722f105f94f642765e7765e71199ec5b59c2db6eca6ba9d6150c2e7efb8635493d19953f9485c7e49f24efd2c68d18b1302da88d8bdd26fc7eb6a1abdea09907c02bcd80fd1da76800f18673f88922ddc6eb0740bca0b70f7d1e6ffcaf017421322c2945b155f582cac5d6ae6d4e5411ab895b953a2eadc3224c4dfa1d8f9fa592c123c2d5e1d449c92276dc21711b101bd40865822bb622dd90d6c66becaea70fe9f914032ffa17dbbe16c0681c9359a9b156314618f887486974951cedc90dfe9c04aa845d3f4b4dbb60b2e3271c456487045133c240b9c415124dcbb57671374eb27625e2697021c71f5f51237def9d88fc2181b6bac76eeeaec365ce443fcee15650150e57f92 -AD: 116bf9c3b52f03b09fe4827b876bfa3c3d7b84afd90972dcabaa971b625fe750cc04188436bc374689249454a4e54a70f2f8adc56af2be48217575460fad76faa4ed3b74f1cb6d3fdf8ca28723057c75ff1e8a74f9da266e9c594fb6c921b9995c926bca308124494c868fa6739f4a6ac663db6312ae34ef43ba21a122deef296cd77452843649ed67a99103e1aa77aa23a3e41ddce3b9fc80e13b1875f31eab3f75f89ded007be22d438d4564fdbced99cd49b372b81b49914595d1ac5d531b0dfc38c6ee18206e44d1c1e25fbc1c027a152ebcd22a6f909178fead243083b4f885ac2af83863c0ad73921098519b56c81e29dbabb7647818aad5a8bd0e09793d6aee040bc9cecccb7e69712e5317ab75a68085ffa0411f82e385377bf1486d5d61dd543ffb20758d3f9bf04a5f97131079ee01a13878ef0c7f466e8f91e9bdea970eccd28d552f8a5f110fec1ff3749e282cd45c1caa6d06e8c426bc28b2a5797407f885b176534ada9720f0d8ff65d40b4f4589bbec0a1620172941e5f0f42d44283358f2cbd0a4abebeb346d01178f46be79a1551e0dfe1dfcaa0c305cf5daef3090c2321dafb6de0481c00df6937590165bb817 -CT: a8afc66ca05ccec231d39098ce3f8982dd55b80226a821f1a97919ff7389b464d8cfff1c65f784eda92bf2cb963e41ff5997ed60d23a80401a2a73a54ce880fd8c56284eacdafbad1ae72c4be9ccb761dba1a0dfb0983656b9749e05dad17c99fe2786fc21d3159f378db39dc227d2379f3851e94183df5c4cb858223a7cb43b68651cb3689b886a4ef24fe879205d0ccfd81872b6dbb0e7c9c5fdc0313130254f86e80d7cb044649051fe74425fe55e7472d396d8e15380386de6f8ccd303a9899fcaa63641f0e6bdba3ca3361566a2f89dac8ac9410032eadcc2d82123eecc677c7b16c100d54d8a297dbf30c6e9479278e513b500e74beba4b4a04038fdd68c96d5939a4041def41a6fb35510b86328cb2b8f6e80d9acfb555631acf856975464b770ded81661558b150b0896ac28f2946c63c9823c4efdf9595e867490e638ef495ffdd3045e0ffabfa669732f6fb3a4869b290006259bb4e19d49c5e88b02440dcac361b7bf6c60b09b5b597e9abde536b4ed29b1b01f386a5e18260d707d6ed9b67be012d0485fc6830c24bf4b384d2eff6de8b38b88603aaff7cb61b0812b4472a63758883bf5efd35680c85e4443b56e6f3097037ac92857ed2ce434cf5f28213539be251b28d3c8c5ee7c04dc6f4a3bf12ca24ce79a022bef0f4de9789c8dfbd8df1c7faf10f8379113bba9a3cc4f48e7d984f37c5626705c5f04c72e85902db3ee40dcdeed4156f68149b8b54722b93a926dd2bd546d1dbfedd4ea34847166fa4b6b325534d88e66e48aad81758dc45e461fe001a6e400b68d2974852950a0fe218933fb601c95ef818a85130c434e559997d5d534105441d0eaa142dad3e4ee686554c83128a1266c68c6186ae2a7935eb5a7dee455fc41025741a539fd84d5acaa60c9151987031f61cb3951c96b646ad3f9027f63768053e7a7fde524dc7bafbcca2819ecfb802cfa9367cfe54a1f0be9f949a471801b81d7b5d72be9d377c97cf452eaeeb243006f9dd1381c0e77f4215a8f4d62f959b83fa9e8012c121906f0bd2b688444da3e2377855976b5c68c888e0a244ccebc9f22f4051d030bc95e256fa95cf1e7a958a88d6fe5ce111b287c24e0e71e4928f7572b34d2f6bfce3a2c6fc89be7d54a1a7c222d5cb8fc3a108c20a1e1e55e6a2f3018c6bb2baae63c3cfbece1fe0959456c1506987fdb5b83acb5e4cd2112a0b18c8d0c0afe438917 -TAG: 21d5eb52605d2ac429b971fe32cc050c - -KEY: fa26696ef7a8128ca03a7eb4a199edccfd4bc1d653ea8501d1f9f9dd6c92252e -NONCE: 2eebc2343a402e3efdf91f7d -IN: 63416068044d204c941276faa61238721f7049662f3721f8d04c908cbb612fbfed2b050efdd69e018be0f463c3e089a063d7b5d9a2ac4eb3bf63599597e714c917c004804a689b2c2ec187b73a38d60d9edb3be9f99d3b452813a3fcad782ccad3bb63c89d4abd18450f61bc94314d9395415503724791a22d1af865d3d5f5296411b6d54bdc0e7ae878447228b2f21cc7ad624a69d56a3694e1a383e7049ab75bdd479ab122d2a50e595fe370041e8a5d9e28dc3b266bcc40b9d54cda53d4049b62feced54620ae0d6cc3c74de3a5bad614f1d8d0c6a74674c9071b8c0b96352c774c034ed7fdc3b8790c43e6b7be8c227fc2b78a381215d97bfa3274e3b52187fbbdf68efee0aa66d2f2da263a0dde580ff19cdeb2c29a6392502f589ca7739e8f8f585791a3f77c1968bed4a713fc5b94e8d3c6830c19291f9cd846ecca2bc05bf262aac54bc45409c2a064c3de28e79831c32f5ec4bcce979b885c9facb99d0c54484154d545ae67d4afaeb545b5aa5541dd0af3416381cbe075cceb49820ad0d52f68c31875169c126b6b1047d63fea674a0420ac808e2ac64adbb8412f8d03a6a5cea014c835b57267cc4ceeb10191df46642344f4f7c9ef9a5fae05c10b2e7ac41afd55e84c213e1d5f58f4c7aae4f0b16170b11b798e138354821fae367a2c17638f1c7d96e343014410c4b4c47a620f79624dd7f3a8de28fccfa365ea904e2aa625a7f3453bdcc990c5bb2d6b0b972bf3349e15497d71349e495c1116f2dfd9adcba45b1a4473566d8eefb1b68054aa7274d4e0ee81f8e61be7adf3c0409176f0b566d8631425835d1f4dba59e7c0d14bbec2ba93c6413fcbc3649b8886cfa6efdd27b8187f1912d17776c7508a54999718de52351352194a81b2b0cd83a5d16348f2e39f22d833985882cd9fd27c1ace4f75a28bc48ac2da52dddfcc4fe428e3f46908d68accd60a17f65e678fa55537afd06fbabddd56ea1574b50d93dc76d56b04e05629e2bc98021ef9107ed8770ae00f1ff294f57edb583b4b361bcc6afe3c545c14adf343f2d019a283e9ecee5505ce2c70206924d63c8b574c798ae0970547c1114f2f82af5a6bd4c1a33c9cb49fb126117d06a63375ff67f7091e6128eebb98cd43a698e3f441e80203262b47c82a65d9d35826794b6f647badcbfff169c53fb70c151dd0c57234dc522d47b4b8470652a86ac09b7dbc44ce8a90a0a2a9fce1b70c1a54cdf59015b89de2331253f6 -AD: 82257a0db5c6ed9e12ed5a54101524647847ad87fa961ca6276eb05a355fb14a77735c930fa47cc66887bb687b20c7518dbd9af90e13cfe622e9b0036979b9cd9336da11e88a189ac81581e7d85c2fb1fe3aeb32629e23deb168db993fadaa37b1fec1224188d4f50ee3b8f9ab567b8baf1e3a3d8bf807edba9045338ca14d26fcbabbe7d8a5a1ac02d7c407c17a541fb41004f199262ffd72c3d0deea8296a08af1fd7506e7b72f18a7d322e4116021bfd44dfdd4f6dff5b772ee32f49e098445e68b3a2cb58832d20486d5aeee424752b237d46f1cf8194f7a46459767d1a104f6d35a9616eb47208b8894d998a51519d514b689ac3ca19fdb1efabd1dd33cd4298ae4d0ff819e78480ab7867b2f4868db26c9604323edd258c4f6c977fc4d1398e3ba6300c37a9a13838ea9c5eb18ee193c3566ddf3853fffc0ac665cb952bf76cd2d35106b934f5f8da9aa6672e8f9559777ca7a56592fa536e8cb7be5821961e740483563e6ae2de1b98749752314cebc390beebd4d269f0deb0ca3156bfbf6973da50b8e4dc4eb2a03ee0bfe73f21b3b0f2716a4662a71e8cb04ab44f52ac930eef1895b57151175727f81fa074a8e5366d5b7449185e4829f324879 -CT: 90cc04db6cb6754eb81e088d126829648e5b3ac91b89162b3046635f95d19586eb89646d9412ff3c28321504696d8d8bd7567214345c1e694eeed1ab5e3648300eef27739ba0c286e5f6fe389ac4b05f13e92dcf747aff418c97726e7f0820ea4e93121cc2152d92f2711f64e7a4c66e74c21ad58f80218c292e6d152fe5364fd2b186ddc811f8418d5ee5f7a03ecf98e69dbef146af1fc4d7eda7c261bc1d4d3781ef2ad9a9b316eac55758f97a73c67031886e867d98e1f7c126f19e0aae251d92781ba3ad6c949e677f6f71a0d26e45a8bfbd9c7a8b8fe4d63e687a2a476683f72203f24827a0ebd3162305f4c6e180eb3a7bf5ece592af7831b52479021ab76223e7d0714e0a08d5a621756b84d977ac5a13124e9206caae9c6a2cba1257a81903045414fd6e2403b2d68f07becc2e7a130366c0397a406ba261dd800c647fd087f50702d25177d1cf0097552365cb9a729e27ad9c1e4a61031374d362e309c29f649c7774756c46befc17a7c403a821ed254fe7f16542af8060c5743ce91f6cce0ebc68072c305a1f6d0d97db2541aeb87759804e15308e2955a0e6110c3613495115d1066e3701102531e04c1128ef2dd4434850a6c808cc827c27caf9d2d33ce1646228c26f6d9e7a0d05363694198bddf4f1603dab87e5b01363b3cb4daeb0eecedefe2614bf6d09b01813bb0995615d06efa5172b11d08a46a577fa99aecb30e310e84bc3049205534e836a44fa2de79134e6e7d7fc6e19f841e3f31fd5a8c91c7251b7c14960e2efecb2945dd64926a3d7052574a9f8ffc0f9a6c62025f58275a4ce3a084e73c1094834c65f59e09d4dd16bc75e26810506f0df6e59ac486439ebae613356bc5d8245e15a2c0d8997d80235e7475f6841b6e28cff61d9f5ab11a718b7b60c125118d3f77559aa539c1f15abfb32126ef7a9104c6902b5f872663539f78b002aa11f2224f2b724e346e9fef6b84deec427a05576a51aad885e0fa15e083ff25a1f97b7968dcbbced7b5f3da137e0b48c5bbf783c7125f6a1c7f2e707212bd608bd09d12104ee593838842b127a5b8050a0d411417a5b88ffcbaccd32d1642ff00ba22e42e8827b5be97318bd0a69b06839dce80ef50ca43778a60dcd7193af7ba5da86149f7fc716c22fbcb0b1671b968da755f527dd2ae05ef2b6b8809ce38c9cb8b7095d7b3a9afd16284334da5f0d85b70068646f4ca3c6c39a2ea1d146b84662219827f756b2d1ec641f -TAG: 8c7269eae0df5ed6c8f452fd89c09707 - -KEY: 20261a84a5458cde6565e41daec0b05d1e46a6a34858d546eea8258a399ed89a -NONCE: 5168b8e6c75f25ac1087b315 -IN: ab57ea5e8e39f743a826b70e584c4bfb2bec961b6769e2b92151cc1a0d8bfc27a9d5d9c7b43c51019418bb19fa882e53fa0f59d6761ff7ca75cf098f613086f9403a8a66b07bd1fde46c5316403de21d4f839a2e67bfecc2f3bc9c8f28b455f0fdb75f28a18852e6e44184e5c104a2dd2e21f429b46004a595ee8e2b008c2e0c31c12a05bb9de15011003d43c342330f5852bd3ebfb7bc4adec6fd7e3d77c1534e0eec7e2fade24d89fe42dd9d8b5bff5ad4f5f8f010ec0903b42048e8ba6f4b9274c6364d0119c718e6d038ed716b21b7f2297317e3869767a2b841505ae4aea6dca5e2b2813868faabd7a299061148f69b0ccaf4a555cb728b562bed9f66fc8d60be4c48c60504afadb1593078c36d54bc878a6a981ef283bab6f4ef6128f78a594b3caa6774a8e6246ca32e84a95ea5774b7c76599e1cf25b68210c2c52f465e3ecbcb91d609f211c12a737936d84551ceb0eaf37f92152f6e93918f4a19bfd09f16518004897d9f0728e9c1bc901fa85f8fcf77bc59c2f96ada344fb9a20890b74520a99e9241d9091742def14a46c524e2c494aa57c1dbafb8feec5d71247a6ac10db9ee768bd2f7cfe1f6da9fca9aab42da2b8e0dbc3e4bd36e2de49d855196d82175ac39516571d209cd5a8579b05fbb0bee133dc3379bf7894511cf88ca955f3ba1f794ed7abb0771d9d319b4f4db940963fdab1e831ae6d5c6daa96c44f3c2ce6fe2772d665a212d3203a593f412a557613d4e465b5eef977a2b62490e28aafdb716e7be6d040f731409c54e4bb38989349d842984116baf0502d21c910ac86e3046e6753b9f8771fec297eba18ed382b17fb1ef0eb20052d36080ae162e9b8dcf67e7e3d2add03d752f612b94ebf4c5b0f242a39acb092e32fd044b8e9ddc6abd0d10985c3b25ca4c9ba476d4fa55766f416d5d1cca614bd1d153432ce59e82a3a86b6fe830e1c0f9e64dbdcbe0457ce90464dbe56d2cf66a7eb6f43760e04a784466dbf7b153b2b96439db92180103df8f4fabb5734bfd661bf8faef2b400102229a9895fbeb1f89e6da6c82b5201055264fed0089eec72892c10fb2ffb4928cfa8df0d2c6680a5299899d521d43972ab8ddd613e074d60fd27a061ff821e8c410cc6a019cc0279f602582b752df3877915fbf14de225bdc2ab1fb177fa1724883b523faabe7e7da1d697f081447c406ee8a2c1a9f23cfcdba8fc0be440f2aae9f6fa5c35c54e7003254734947fb7e1abe7f8040289307d31bd6fe8e862a2d9dd3feb -AD: e9073e1a183a740755059b92b0e8d8a66f5904f1470d3b04d98ed4a62b90245767507e54ca11afcd113960568c916381caf4c963c1d8e9aa4c7ea0ea5aff12af63caa8a5e1f128e70f3c1387b50757e43ebd3e7ef2de43809f781cd733193daa2eaa5dfa0c8b161e9e4480d92df163c2619b571f42ebd706d48a6693d4a5071733544d2d4fc771d7fd97941f83c920673f0b8d82dff24402a14ae971000c5c8747b9a10d32d622b2b1c3aac7cf9804be165d3d8c46d2b69bbd059bfcbc1f23dcac4bf5eb5fa92dc93a7f3b2199cee31bf2c0414fa2ffef1ea34ef109cf4e171460aec158118e3bb3a0a8a18ba60e48f890add45f3fd3193a47611baa3abd36f1069ad52ea464c10f5cb49ba753e43f9a0d1d9bb038e8d450c41491cb350be288aa2f95a479ea3868a4ce1f3265e186fb6c4f54e57f285576c6f700d9cf035d296d4519c6e31693f5e0b6437383c77bb2d235c0d5404a82515115cd260cabef6f2f020bfd20d2ee21566def190d0a6a76bfa14874565f99738fb0863054b4f0c3624b68447358da5bc47f195bb468703da3ead51cf02ea001c57608ca98328068212406b9f3821e98b7481860dc5d9533f2afb7f74b9144363e6f54032c983453 -CT: ac56114a0ed27060f87c7698d659d16b05219d9e013ff22dc90ad469646177feeda9b41531c83ba781c641c740c273a43cac138450eca6c9ff42a2d715de22e0c0e1954842230a0dcc887a42acf1fe75d204ef881af3de7733ebd84a3bed530b34b737a35394097db372f19953b5f9ce288ff8785da5926be93ab67de884d8ace761393c2d3c4d308964a90cc49d9a5a31e55fd20230dd71498d1875476ce257f175135a22e1df34cfec1f31dc788e7c00a483692f1fab826f92ff497253f9e56efc70244346e7fb32180cdb689c6a404c64e391419ccebd9034cab1431be1bb2bd4defe4770d1d9b0cae785592a28ecd3e9dc8993512088186cbea448c8b26ca1c64d623c2535cca60d92a3840a01a9b2b0a7f359d1c597a550b62eb6ffd3d454df319c6c5846c26ccb5ed59e0d3e58aa63615bbcdf4861d85c1635fac7756818a3bd47f5e2bf2b3d14e13ba409379cb62a1b2bb420870879fa522f573eb9b1624d5efbf67f92e50892de2ae454950f97e2b181bae56498585f3b19cd9ea603b6131dfd3995ea29d0bb99f5e6eb6bbb35571d6ac9e52fe02750b97f024b9328ec1dec6aa3a21e391804bf7aba5d3b7bff48760f4fed880259c43ad007208a04a20ca0864c47f9e56b0c969b8a84fb7eabbd58e0d91c44bf8a6ff12225d2c0768c078cb0bf6f0dd67977d801634dd8162500d6440ceee0bfa8750e9411d5a579efb30c34842438105ae2eae6430ae6a98cfba882c974f0f6c870718e4700dd9fe27b98599918896a600b3ee48ec41da20079efff705861c245d31a5d827ad148d0a75cd02b5b7df3484317ff0c2a0a600b22b13bb3b96f2d1c95a5884210e486763cf8d96af48c5bcda8c3ce650d2968981fb003ed3afbd43fbb06502b547f3961e6ec636a12a551a9863b9b89f21dc9485e62a43fc1059d65e1ccab12620ec3a98f2237294567239882c5183c596050b88c38f8be62b364e937ac92ce5f7f8e540af6507f04452ffffb67b51d0e336f57ba71c771c35febbece8e7b0d4eebf2dc0c43df1f42433a3c83a38941d6bbe12e7110f7f266cacbb6fb07d52618e4992a5930e1d416d6e4d1b41a0ddc4ab4a592096bba9437050e2064e0c17d1572c44ea52bd071a8dea305a9d633b0ee963245474fdbb3f274e119e59eb50b63b58fb05ba74242d3ef63cb3e3c98576d2986bcee85d094bd5528d8f43415f627365b08316c11abc433661b83a36129da0550507dd62051a8f5e01c043a04f849899668b3ebd468404811 -TAG: 1dc7ba2dcd3727f14ebee62ecdf66429 - -KEY: 99a0547e21cf8509a0214ff0e5cb956130d03617e50f59e300a0ef211b4150e3 -NONCE: e040d46d2429ff2b38d4e35a -IN: 3c0035f9d3eb509dcce14170381d68de8fb8f0d6463a2cd293ce08c958e186031a942315977a1ec5ff66e47bec07bfdaacf844fd2c4fa939c5a8b1f3fb489f25ca7b10d87a7cb6d5ff299a57a1b8c6c78b429dae9e9b1c1cec8e14cc3bc2119df31d75e9e5e3df7b368cf4a6ec4b324500d428ddfda32e2f330fe089494502251392e554599451e4ffca96fcfa6ccbcb50828840c98266a10de53f0f8bbdbe21dee0861224aac7713d8a93979043d1550895e06e1848565f5f6bcfac2faa3eb21b423215cb39564b8138b00a15be5392ef1ff451da000186d9807c48a98e2ec6b7e045a139902b920c5ce782b111b8bd44596a7ac8f468a6b718cb7679d5d420f28510505a52004c412e6489f586d302939f3e007e320a0de6cf9d4ad38cdc3c852907cf7a1a083117bdf3e1bc4300befa1180f4c019faa73bf31c43bea814990cdd01b17b167f21b5de9541aecf6bead4bdcaca96fa390aaf6850a54a4293ac4460de361b3d58d5eadeecc6b5dfb57a36215d03c85a4805ee8af03df7627d42479357724349343862c960061c33abf5a9a8dbc2d562f3738f2ce34d68340707da09f78ba191e230521c0ff28c3c285075832c00e326c842296e6a4ac56946f4248364f49aea2a19ccab66841c438df5ff7834ccad859bfdd89fa9af0b99214eddb37dbfdefd2a3127354843f6b545f729391e0d19089255c9e0aa9bc0da87d001445c7d80393d1885f759fa8211231a50d1840e7d145899937ea7af1a3b963493fecd40448383706a33337ded7c51b4fc118a1ac975a4071f26a9a30a0976f369ae3a9724b05cbe75fedf84fd1bb6e77e07a76ceca71d5c035e61181c50e2dc976fbc64e1f4f9e6e12856bd3597b475f0b6a94e559477599a51bef1fb3a45106fcf0ca0468117274ee4e3f3f489e3a4ff9f6279e18c38928a00976464431227ade20b45c509675619ccedb4f0b24c2ffefd72b3fdbb3ccfffc26da5945a3906c8824d17a930633f8208d6d1564d5a69c4887812d91ebfd18d482470220a338de30b9cd7945a93460ffaaf686a31621c86b4620bd24776a54db32bed6809270ee19460c34bfe99c7fd18c5d7e9616efb6a156d4b28a0823df5a858a096ec388e2fde49a2c8c071fea73a23dc4dfddf751d100fdc57e346c9e690d2ab620a0dab87e3c1fc02f5f727eec6a1853067e7bec923dfb3c988c3e8f108adf1ddcb9b8804e7f3e9fc8191d059af53c95836314f0c933676044b85dbb950c953603589762c10fd76dfe2b301986468b3f65415badfa5d1f0c0816c6376 -AD: b96c76c847741396adfed41fc14ff53c3d1745b70ce64f18fc2fe2ca445a7fba83780e265b390c4058856bf8befb36437abcdc25a758e77e0fc90971fab13c77d76751e19280e43851e7d39aaa0aed21bc32f7aaf25756111cd6ddc6b6f9b8d15acb4a25493f247b5bf134b2bcc2e5c2f91c78bad248357f18fb3278811e045a59170c9f0ed7f58707ea78c42e69a912a8321238ee63eb079aadf9030c4f718decddee4077183a2e5bf59a2a1eba07b8c4ec35cf9fa3a37a5c332a14c3711198f2bc9bc686b5dc6d3d7b6de1a8ab00b1fefeb107157f85aa8974c04edf757974a757090f4cadabe2283a29b317a831d8ae999173f07be4b4f665eaaa26093fcdda81fee6e170ed09f2944fd40f9f3ef47b406db52a55cc9350e78364e64220c9741f8e41745bfc1be8c6244c57f15b1912e55c6711ebaecbdae4c08c70768bda7750f142cdda19b298607e75688eaa8fa8f47f7746ab67442da283b1b9b9d12ddff796306cd690c0c32615007ee840844c7da285fdf56f004de5b7965450d48fc97a2cd2b774993a2bb28868fb241b051341a727fc12778baf3869fabd208aa3c55f81c247554d11eb5d847123a6ad3b177dd6ef950ef4371a6c0c294ecaab63beff193aa751ab480e -CT: d560de73e9674b561fbb54c6e4267d3101479c2fc269745be89c470109068cb01c6e3a4a7a9ec284606db6e735df2269ea16863673fc35c911fdd6201a1baf9e0b562a847274c2defcc0fb5c165662d0bcbe6b01fe595217d482ddb616ee87138424f5438069abda9dcedd48b29125937e3266cc9d468ca38fec9920ecc81952101c8aff3d3ad2ba4953bdcf26642311ec8c4a880870bc81ac647351a49183e182acd38585cafad3a37a0171c0a0545bb3ee6a67a2da41cdf2397c529064b09dfe0105917e1da7c3df24d2dac6bf06f58efcb38752ffb79e93031cbef73e6c0ad68fb7a192900aa8a23bbb7c6bc15fba8d80058bcf9656323da4c10f19198d9db3b42499621e1d60de8a16046853fa03b783dbd076d0f51fe40e9ce60f4e22aee657246d3ac80913bd495cbcbbaeb778a485bcc6c596af305429afa5f09736e7a78b335f484bbd70a3359a7aa2f4c336f5780f3186fd1753e4673e5234e3f8b803f4199bd859d65267857f8e0391b4e8253fa644a10bf9f68a664bf7573628490b1baa17c23aef5f0414067d2186c08e27eb9d1034aae6361054f2f9bdcb877e72837c70816fabf38e6976c8a5b20ef3a150a5d1ffc997a248ae199d598a01b5bf7da1d6f7a57f982026527e950f33ae33cea9d64e56a3a2d26ed2f2cf0a5d08e6a03db5c483aaa0049514e013b915056c4570c4606e6baefe7c6a74ae301d7b9b6b980d85bb500c8a61c05b38e79db47d2d3b88db098737def0d995267c931a2ef21bfc0d970652a3be8de5f42c20fa43e1f7bbdc34b3b5d2fbe3c396037fa885ec6213748de5a6b64634757aa519573aff1cb78a3191dda039a3c64940b816fd010a584a463cc17789c732d7a099fb423dcc9c20fa1c0f10436bf67f9796c1bab8c85ed76c2cae84ae599f7519991367d69948b757a312cdef01c535f1172ccee7be47fbab14362dc0f3fc89c7a71ec9138b40eec235f585e39b008d1f29a1be9332b2882f6d053acec077ebcb6393ed1dc46d069134d2c37c7f14c0fc9f9e280a6e2598ed8a070edcf9b79a042561dbf3666bc49863c29712d45c41d434172649baca0c2b43e3364cdee11f9da14eaccf8a853998a2a9637b268b6dbbb342575481c37014631180737f970fcb8b8fd5050ebbff873b5bf124b315799c94da41b8b5a4d57210c4edc26ce74738b2fda9c02b3fdac251b2b317d8edd345ce4a3e074255e8c49d8bd02376ee2aa194513963a220529e6c14611288b788b68e74f6dc206ad094e322fa3002d62101dc4d572ef00c1567f0e7a4 -TAG: 799c10bc86be84658d0b03751a29c71b - -KEY: c6e78bc1358c72bbae8fd8dc84038806efbfbca520a9bf9ea1df8ac365a0a95a -NONCE: 9865ab3b3556ad8da691b079 -IN: 26db63a9d188d3f237aec1f8558702b0942b209f7e6096b79154d2eb844b05dea8c81bd041962e0c9e8d1c64cadc5a46c2d8768f57ffc27a1d5003776acfb5f51d372510d26eca840dddc3fe79e9414bb76aabe249c7f89a43050b85dc6b5b9e13aebaa98aed4cd0816685b20619fd22c860317b1ffec8f7e78c36224bb3922208dc25d23f023139fafb2264f9546bf57767d3117b483807cc5a1e0fc2c691f3891f54897b46c01b6f55f4bcb86af20764bdb9c7631faa5aaccd555e68a86a9491fa87718d5a9112e4ee3c2364b5f339efbae59db73eace1dffe4439a64d1baee99e6aa0fe380cf686aef739a456ad66dcd149ba8ff6767e54b1a3cc645b245c2b2ab3607334af0cbd8847c3931b02acf12209ea79af189fd9c6c01871650a009274762d07a4ca60fb9a31adf4c877c73d0819f4a97c0cad91ea5bd7d5c8ef59b35f2b24060fd8c6b4afee8c4758034aac99519757ffeb6fcbe40b2783f4aedffc9d0da49f3f98dc25a66f2c6695b864bc40c2fd5511c7fe681d98304be4c3e9bd7289c9caaf6282f7c5c7ee4efab267d7d746673049ff79ccd7bd019ba994417e22a67f856310d8abad147ce68fea094e52969f9738ed6cf9cc9eaad35612400b622da255c9758d42f52dfcd12cbb53bab8c9884eb83f1d2dec7faecbb6af3402bf462f965e2c2281c74421411edd762ea8b7b6bc4a44132c51c2db09f47a03ad2a1a17d73ad2a395e6762cb077a8be977f3925ec333dd56ecda27d4d228b1832196da7755e48517fa0582abad802b62cf231e0a2748b61855970912e1fe92435efcbaf5fe34ff2c0f90113966704701337ec6c0434fe2c36e3300a4387cd0514ee01e31628b9879fc666284150489282c1083079f8abde0a2e500737dad91b3a7c4ec1f4eac35dcacf971283825a37b65464e7a8fd66e2ee6721d4a118854f674edf89d376c0006fea01d278b7985237e78965f0987404efcc6576d1fb28db9f7fc1eeaa6b42949e11dbb0c137d501ff08b34f0dabb7edb6900c48e647ea0cdfb4c4ef3178548a592ae28eb119f1dc7b2f6dbabfa2ee4cd7b7b117f1f90af318e121084cd6b93ace98ee7750dabda5ce2b883f582e7c5d91ad42e7ea1fe8454a5da83a169c32d73a4c1c185a02275b4ba921b071ace5fd34a2076b226d71c229d8be6c58270a3ddb04a554e4d395df00604dba7882d89d9048b3e16c692e636c724580da376f8212a6b9c443ec303fa70cbb1994d12a1574bd93b946c1a005df40a3722fe2c2e7fdf51ce2b895c6cf07d893a41a33a6906af87af0abf948bae5ad258e80a0fc0afbcd -AD: 770a8a32c90e0949a1151e20e81cbd163b7d1ed843008c813ec3bf44d363e37ec41c094458ab8f7457339a51810fad8d63611ec1a93282c301eadcb4bcfe4d0b370d6f8670516cbeaf9b361c92252d14e062bfe2e63b439c7d4b1d65dc8a62263374d718831fcb4bdcc0bc59a18530f7dffbecc96bffae9e0214ea7f2a319e5c07dc0c8232e7863df7d081a3486a1378240a9966a632c5e73fe4800481c4f430126c4b5ec71963c08d471e01b6296b64a593cf78f108d2ee866af38028e3a4571f5582207706932019646a1476115cad80d0b20695c84131e11cb9689a6bfc40f820e96bdb151adacfe447f06516dabb2f766b8ff5619a15efed41650211e4f4e114ba0b071ae0a6b635bf0e1cdaff2a2a1517e7427f8f1c25ad5d7cbdcb433987a25a2962130299f1de3b68503fed81c3c98dd774402bd83809367ceff45958e7627ee8dabf50f6ff6aae34a8c7ce471c705255099f602c2792468b5e8527b74948f4871ad5296c5c50b8d4ccb6ff8c2f44917baa7b70aed81302624fc405d3c550791ceadd2aef796a0db59c01a5496ad0b72f7a90ebb1eb2fbb2cd8d8f09a2fae46937f27a7a9c3cca3360b08143043d378c450de9676a94ea5b9371cff1fa3b067069393331324c7d283bdd750ca521c -CT: e6ae771db203f1e58b0336c9c655013940053c2a40cc7a6a27e707860b179d7895a16f7a754c2cbf2e0fcf610a3ce97be5e7459cff4684b6b2848f2a39e6c4572c1d7a41f23646eed5909228adf1052adb34b9c44e5ca8b2bfc18a80675e29749e72410851eecaf261868b6b69e7d9dacd5f019de1580549fda721e383b86eb0c51c2eac4600a4a27b5f663a7c89c81401fd452027819b93281b559153c74e5354c320cbad932cab5d261308e241e85c0967a189de09eeced69c834b4c64dadb9447a824bb38d8b8a3fa4128bd8392cd34b0999b4ff0511bfb9fd434a1a0bb3c507c2828d98ecaa9f2dd5a020320f6f31324fd8ba8c175db5284628d1cfc4816054587a6cdd5f9e6d6de2cbce9396e874df36bcc347ef48ee9e6ef7e6cbe976e4361651cf8f92866cc3a54701af59ba03fb8d23024d6be73e1938836c31b303c687c28b1785c5f9b97f3b09b7ec3d83d8e38dcd18c3409db665bf74b85abc540f678bae40157eabb69332abb9c47995f4c412a04f9b99214581f1d18e0662e77a2ef6520a23b5a031153d5586f169923dbcf08d403e37184c5f7977320cb33b8a0d5d7bbb25d7a8477054874a14e3d34b92f7877aed42f595dba8830757f8e92f21d5feab414ecc9e3933f082bf46fcebee2ce5246c2fe839fabd94d4f6bdf875cfa67867f9376281b1e5385d1677a595b018617f44c6113f6178e5446cd28facc9a53bad29cb5b3a3b0cd29186c24339ea008ead440041c6bd0e93b92ab37e3692ed13769d147a1be8335feca11a533156a3e416908d044a5a74454f10d3e59e5f9868c56c517ba1d9642c41c6a764e74540611545ca90219ef4a0db0d25e92196d700f4e57a6778d20b6acf7d1db8060ab534ef409fe35c30c300418641368f0a3ed2407027c126e967406809524860cd88906f046a069a22245d9b2065cc5fc313a7ad79bc7035cb681a39387493b6be51c813748c008269f0681e88616ecec8a01416e4ee8b7a6e4fae2af9648ebb89523434eeae6e5713eb8037bf173e467a6da7d6cd3d357e3962aaca14c03b04046a4f893106e199062360217afe40f40214d28e87eaadc175ccc11d172f6cd42e97c1f331e246f7660fe22717d7f1e24752b1b01398e4c8bead71d8f6aa2d230c6392ae21d43bd88258c1219d491b8de12d53bb9fb917eecb0c254a4e9007f789699de1dc90d35250c6ec4631ced06cef9dc0b0416148835be0be3dc4749d4c2edaff37d7607c9a3e872f723583a1566ee1fa7be77b848fbc4d741ccef311fa5ccb7c18f19295e53cd1da935d663f0b26f776db6d479b4cf3d -TAG: 4fb43763c09a6af54ef7103ea40de1ba - -KEY: ade6526c970a82fffd925ff945be16639864e4189c3269838d3268264b1aa586 -NONCE: 97121394f11a1b1d9caf4e3e -IN: b2d855d51392454b7f4f2b6f29f422d111cc378262c986e3117e81f6eb6340323427389ba2d174f4edcf5de47be0b3fa820783b8dcd35f18451f8256d6f703bc16e666367c93f8db0be18c98d4e93dd6db2f4eef2447cbde251fa226ef4b6c4183d06cd1090e46cee182743c1573b3fc885e9da0262d715dec1d66954ef49c3a7d54f935156a51cbb1b837229eb5619658db860835fa5c926e0b87c9ac50ac76fa6696e149127aed1b91bb623d232da5df30b9ef43b4ed018f59a803b995748e941adb785535d69b8eb9e4ebad17c4e2bfbe6d2706eaf90e29867133b4a58c3e42cb51b494dcb197dd55862ca0f274883686b1e492b35cc20e2cc6e531c15bea94af9040702513d7d929195ca34266c38ca79f3f5b0c06a1002bf40770fc223be269945e56f11a608276bc4b82cc228248ab46acafe801d330c28039f7614e59cae505931ae9fa387768c2fd9ffd537a0704fb30aef78b1be4aaaa6f7574da1274d3e84dab83297acd00885acfd32300a36d0e8e5ad2777e4c0f718f91564c60ff117e17a8c57d2a8310fb1fc62729720728f2991b4d05317537883f016711e07ae1b3e6d876d52a44bd246c427587fb91d1456711ef0c7970eaa33db3347397cb76b95713919c73188ce13a6a292d798844067c0302b243593177cd099dbacd5f8efb412a95132b8ab31815dfb463451fbff63388d8dc46c29d2c1fd937c668025c833d7d96b021035d530fc404e1c6a3677b8a318c9a81e295c12c88fba75f1e17973732275846ed9103287714236edd60bd9cda0d4cd2695234bc69cd09e1b4db3cc73461e524e0934ab0cbd730a46a67b3614ff4973bb8643ac7d555a8b764bcf87f0bcc8d19cc9ddd3fe27a376b5a6affbc95cc6ba966f8ca697c5727dd3f942c4a3b6215c00bf37c50bc95b1e35dc762d8db2f0f5d30d9b35ddf005d8a89d2b106fa4e921ead057158c3fce0bf1e6e10085619777bbcb643b5fd86b9b39c1f11a68cce6115d2db8c01e6746c81da9dbea30559b1bbc2457c258955f2d37862fc492b4f590fdb8cf648707b17a2b613c5f08dc457a1443bd56399e34254c92b91093ea0208a98189429147771d1bc49296a070e052af3fa195f612fd2487eb49ded95f2c670b3ef23464684f12ae66f02d886ba14a360a852b9b84f9b5590a514701fbe42299b54b9e8c1e7b83c7ace9badd9beeb0f88707b79da375aa7c2eb9623c7a1c553c521a9c7a6a3e73f0d7cae3f95362d25f6ba2313a505a90442012f58f6d9cc55563a1e1026cc1ef0e69c119dcc4577eb775f5d1dd60cd60ff5b35dce6eedee48f80d33227f6354a128f9cff56fe1340067c9eb -AD: 20e24e143b9881f8d646947b121df798b4917bc19a76e96babe9554d9617b4f092471baab93ea7ebcd8a05cb2d267be93b4dadb29d4ca937238910180ae497ab4c7c4b234661293c8cf7f2b6ed3e0a738ca8ba0b558fb24ccebdf3b3e9714e6d7b50c847b72ed81e3893bdca85bf46767335b41d68b62961f3304003247ed25b15e3e54d6942d35fa24b7320355d4e8e038ddcc295bbd6ef3b24e9332a710dd7ef673d3cddce10f683d0ba14dea984f61ecd580a684f3bc97cd50e14b86fcb2024367ea4e21a8d01f1aa6993a458bcbf1279fb45ec4510a9295b20e82cad0c79a5f61356509be41525bc938fbfa09306a94610fb9b9c8bae1e051bd6fc6533b8b47bcee4a9b81b492e1295c25ca91b9b5898487e468d64d275f52a6700fed0d7b593234b3e0010480e12fd8f5d7999c1b8b05c7b9dde7bada3cc6926095a8fa8747da64db55ebb3efa167b7663f1cb5883593955a2252586f942c8aa3a1e12ecbcc73e1aa5831c00e5e211c7461120f84d4482033a238b80016d71e51dc297043f67877102f69d7bbdacd03c1896bc24cffb24d4529aa7d8d4d5e5ad3a990a36e1fc84c7f8e91fdf2119a36f5b521125976ac9ede1d1b74e3a31a9428cc36c94e6b3a34ca1ddafda11ab46cb4501dfe4b58cdf384576d651b9aac5 -CT: 0d8f126c444afe37e40d85b6f0c9f02b2232faf975d238cdb227a17ef28e18afa6d88d7d23b99826de9f6e7390f67c2ab722e1be3e5d9f3a2abe41e508abbd22897ec36a70d02fa54db8004fa3dcdfc729d58ee12ec5b1c85346289f2112c059ecfcfeb6e4723904ef1c5e3bd123d302f6e4cc393cf62513cb3e2df3ea822692edd0d8533d6103f22940cc82116c4ff1e5121f0ceb08ee581f40ac68e23c7e9a168661e6d93259e614a3f962fa2ebcfa3a4736f3490d401afc9e6aaa8a8d00ad6926b3a99c6cd2b3b05767cc5b45901d0c4301a68c0783bf1611e2cb95d6859293b615975be7e1d829f13eb4fe601b4d66af3f28171b02d09f820dc77ffdd22537ee2ef0cc291f785c466ea45a0dab45e782e7ec3d4bf0622680791883f89f9926009f6b6bc3fda4276b79d5d9070914e75488c033d47c58defe6b538c58b106fdcc8957619e008f6b508a87d85d4a46364535e76a890716a215fe5f2ecf50d8fc0d8f68d2ee0345497f94525c588eb3d21d66caf1cebec2685020523998cf6e24b5fbc384c32cad31a2345fd88c8b820276d5917d71e69d54b44ff96c8411f1a7b6267e20d67e35cf274cd9031dc157d5638f5fb8faebab2f5fc976fc928bffd8b60ac8d8932b8ac076a000675cc05aeb4d8306d65c6060a46bc200193d56249e605a7b10fa28f7a04a72055cdfc6ced9a220ac50d3c36ceb4ba5405945307f2d332a9a14487d7a74ed0c379623e2fdb04324e515e1d5ede3af27fc5f06baf8d354f6b68621e372347817cd3acb05df1817511c978537722f9a4967db31d24336704d8d7f974afedb487ffc6e877bb948f0c30fd64be7608723eb732a6be38394891e8cb789cc9ec2e09b8cc2ca76b56ee7e1d5e4c0bf76f28d705c61104b508b1c4c7c1a1cfec10f25676ea55f73c95af3fd34bcde939652fa91f5fb9d8b783dcacca1332230e2104cdbb905511e8479da129ad64acbb569809ae2a19e71bf7fd6acc18e7087bd49997e3d57eb19f30afd1a76c42ebadcc7f8d231c0c28c7a0850ae5463d1730def54c24a803bc1e889c0719e364492cb737378f7390e5ae506d36a7f42bd86a6184cd6cf0300331d0f54cd6f5b53200d59eeb8cbec25830eb74b0e1d931073dbd991c8a818d9d7f2b8691fa2b523bf73d9c7f101cb1d83699b9f5e1b3545f8efbb8eea286728045202ec8f81c71bbbb6e888698c69b92563615ee7d07f66c2495cbeeaf15825fdb3a3dbaff7347f5b52f6f886d80464aeca6e35cef31b6909bac29079ee1403f53a6ec45204694e967bcb318f91f4af5e868be46df4082f4e77c627bb34b017c0f9d9889184f8e88d62613335 -TAG: 3350bc1b6fa4c20bc1c0a28bc766778f - -KEY: 32fdb97a8841d0bf58207131e0c55361d7f87aa4c8eca24c999b7a74ec23f9fd -NONCE: cacdf99a3852e9ca9516be08 -IN: 987911d111d30398b1d730d6c7d0bbfcac487e9a810a9a17ebf0bde09b3dd7a9a430a3bbfe41b3b3a146fd7960870b1b28db45111c71c6c9ba731de849382d679ac46be434e2e95fef2b04ccaf21afa763bbc15e23ff44aaff7ee793941a8954e42917f759ffb0745c34e9cd324e9c527b6560e52007e46ce0d46aa8165a0e6885e96ff7d6d84d186b313cf7b726213bf9c3fcc3535be589d336f84925fabe762d14ad033dff5b7f39f5948f5f939bc345c4db77d9cea9cce1220ccfac396d1e4201780f8d37c6167600a17c18cccbec04f605d86dcbc3125dc3cf5b40039c3dec4355beeffd72ff221a4de57f0aef322369c1755468b5748541049f3f1d790adbb460d78cbf5e3d2787d5921f598f3d9a92ac289b58c46edbe1c64a6cb2a796aeb17259a2569af4c19bd69da1018352b63b2b3a901bbf0c754ed3b0609227644fffa7a997762aae36ffcd700089d74cf3b9ec2f5c9a3908ace5a7048c90ed8d775a88693742f5738cf2a791e67ec747e31a1387f0c0da3a77b28b720bebeb7a9f6e76d0454f79225514a9d0d8e488a7cced170b4b89b1b39091bb470832e3d3fcd144fe86c661ed6d290c4e73fda61c708004561dc71493c9dd4a66134308577fb7cce84891458e2dc4581603898bcf74cf5da7cb1f3590ff570ec6e559d6f05d44b6e557031ed28b60f3a9e73293d03f57c9c636ff9336cee086358c15ae3d5af075f8d9ecb494b00aff1dbe9703c80bb669b522a00cfb1c400598c6b494b40c87041a99d461017ef4381d3db7df5a017564ca988018c4f36282213de60c841944b6d213d8fe2015cd535184b1619866106c39a09f71a70f78f2cb8fff2f377d87390eb31b73db093000006239a8a3494a563618af189ab3af3556050b68c4abf48cf4d02013f9ed69b52d8c6bfd5188a56f4699b03f60f218539a1638c9890c7a77f5bb18d7c4ffe27314461a29c91526cff0f713a9be95b608a2ff36783474cc9db1454df62fc7efe08ca97418d982d74555c0c15fa671f99fa73559ff54ebd092756e7d9477ffdf2de14e1c9d4900fe401d1fead7fde27cd37d016cdc56464f76193af1c252d4efd60f6f3c0644ccd1ac67d968140ae08db759aa7af205563d4402927cb791f8cd845777043b975ddb1ebc66be4333b7b60293952368767aab30e1a52e1691a35f684c8587bdacc8b374963c1864619ff4a204753b44860f595ecfb275dd0b94153a065f3cc3235a7525921d16684524794cf45a9902364c80ba5649b90c1b42ecf2f17c4e3b7a888c6a2cb30240c6baec3170b309714aae3005846a19c6292e5b7d2772af24f14bd7f6cc7eb89e0489400b4c18b9372aeacd92918e4b2d11165f2de0 -AD: 62de882f42ee7c4b5ed2fa54f66d0b4dae63db4d9a777b404b1befa704a48a3be7b8511fe716f77c890fea23fdd05a9d4a57eb0f130d7383a023ec6668e6714f84337dce5f8a9f46b9ba17480288fe89752961c6e7cd6d32d435c5930d5228be9aa002f01f0ddc79bde0abd76e4294563d5410c81c56644620a002a7facc871ee7b5fc73ed03ae0cd253439688cac4e6147fff75fad37ddd52971895702dc280273b8e7e99f8d1e93a2712bd9a6515c9b1dffcf7800ec13e08cc732a15ed3c51ab8177b3b1b1dc25e387ee2d0a69d7e2f7f77555bdd75a75400bee511dc5c30aa7eca46b05c9af4e94adee1c0bd84085af86a85a15e81d607ffcd6f7670bc11705b46e43b6beea7e1eba5804e24229185b15fc1fcafaa7de15ab336fa2ba7d94852f20de7543b4acb4e75f523863649578527752050bebaba444fe6b57c0304cc4820f0034f66b778d907264e5b8c8c0357648875dea1506c00413109ff2f25d9f1c3aea724a5b7f39ea1b08b9329c07dd8b0efa2e0e6fbf3f04708b833c2e14b6f5400b4b3d6463bc256e42c8a427f7a0d8b71aee9825169b9613dcbcf7cc364a87ba64e60501bb01d8f55eb5141ed945666f69b536662705d12f3839c45917ab7c932b8609a97ebbdf042fafda951753abc765002ae60eb1c9dcb2f95175ddae0d5b34 -CT: df417e819076b3a8ae2fa8f0ca968d5be1f31c4c44d02f29f9f1f69c8d2c269835426ea9735aaf95da0cf92b45d512ee8e4b073b40504cfbe9efc62770a0000706f16f7cc350080e52da3501675907b2f657091c1b5980d22bd7dc519203a80c674418500224900d74a11ef87d9f60296ff5074674552263b7b6b249c8adde311b98b4181a3730c101c4ab9bd29c044272751197498e8baff4a8f2558de20d4920ce21f4dbecb64e258d078974dc6c2d574ebc8c8ff32505db2ccd349e82808c44eca7f4ade2ffe9ab1ff2815fd282985a8de28147e547023f0254105d2d35aedc5e2083bad31e05ba905c1b3c53f354aec095add4c5cb40c51adb6a2c290a867ed58b05b14170f8cbaea863ec74a3abb66baf60608721b96c63da4b4d966d1291a3293539ead11167ce4e45f0f62cfef30962d2c979073cd7d0e89899397cc0ecbd858da7de3975fce6ca3bd6759581787c5559bd41dcdc177f6ff4a5cfe5b82236d467f93abf5b2abbd30a90cb25b4ae6723c92621820704542f9d5215258962c67ce9e9e2427c58b5819a709488236f12c1f2a7f5c915a4cf2f8eb3c103a4ab9769f76102a8f8fd73aad7c7b6146768f3a3f53b8e276a8634fc50446d5e0cfaa589a4a7fba9a8095f9567506dd6d2fed0c1e3146dbdb74cd116c13bc5a7ace595a2b42e0e3d46c5232cd92799d6ebfbc06c9d0536db35295cc4f7a7a28bf8ef3c649833d5f330196de4826462dd418f95450cd431454cef7afa6f2f4294ab69bb3e588d3b9300a593ea80890e9d678869e963e75bbf281b61f9f7cb9a3f9a773f2343ea306bea4609b03df78e57d5b9f682e0c0b10b57f360e1b0b9058c12f653b3e1fce60579b7c2ebdbedf0090fac36e72099ccf58d1bd5d7c26701f29f656261e8c2e7d5ae97b224293ac133b2cbee65401f8d256d5106c14da8c837ff48f2479432d5addda274e72ef5810fc3a42ef9b27e75c89bc4d72d6670f855f228609eadf8dda76ade9804c642b140117fce06bc441cf92429d2d3b03bee775c1a52dc409fa4e7a5d3e39f9d9a250a288a29c9de6abfd0303f676a98025a7954fcaf6406d765a260e08ae5948326173f44f2d7cfb5ca9777221f0c984699a9cd1d20c9dedda95b8f066736b372d23116fffd55f7b03d4c7f63a8be3e7806718fa6a961a68db681edbdeb4281c0901c2ecc895f9da0cb04cbb03b5f1323e00c827dafd4d42ff767ffb7531e412d5ce11e0dc469f7bd87549ecab2ed21ee8deb164f67e64bfcd85d858f79c20c8bd4c37d7be76ad6d3c040a3a27c13f70f14b895178ccb02858764e315158ef6cdb827b69dcb24a3f54c2816a75be64496c139d541302b0b71849fdd92e0b83d -TAG: d8f838951f98deb27747a870cf55713f - -KEY: 4a78b60c327676e4ca2ac1ab5333899dedfc91f66f4f8ed83130f197a6f35def -NONCE: 3e8e2c6598e6c0a8ee6b0da0 -IN: 1dcf6d8aa5fab8310cae71d02d2ebbbff4fbbada8a7db0725cb2e20723d2a3e5471d05b2319f571ae68ec953f26ddc167b8fe8bd801d6c58730f4dddc6c94bdb1e6d1e0f11b6d59e28f145e75a3b4d7aea2f78eec4677c8be45307910c67ecc10fed65ce585c6addf789ce485033d82e745f91472b7103370b162bc60504dab311ddc428b141c105e9343c2cd7527e43baf01b9bfb4e1b85918bd596696b2353425d03941d9a5aa6d72c57f1c42175b4120269551db41dec9b893d24d76a503f13ac1095ff824b0c3f7836e8b934b112440fb8157d35cf92c196de10fed9046722f83ad58546c9b27b9cb6e853dfffd89ab7724e140c0f1326302cb2224f587e6c7f27111e97ecc0dcc7d89a88e133970a22e4aacb12ce388393bed30d263ed1c080c1d56b0777e7ce2ce19a6b8db174aced748f71fbd52dfd415ef6fecba1e4ca7f207757967b3a6ad1c2e9f7c6a58ddae8555205e5c6bf64b209bee6372f196682db52dfbb37440be658d1398659a3b779843c381c5673c4eb97ce0133597c5667fd183a78e5daf15c56ad726f6d368dcf37ea737af668ca7131d4027b6260c748822e7a387b611ccb6edc4860fc4302493e66651772a39f5c98f46da64a9b1219babdc1cf6ef4c6557ced9b85ff3b918053dac001fbdcceef7485953527e1181670e62886f46371d2714f39851c1fe09297c8c69dff0e62be3383bb6aceea0cbc71cc7783cd1fac364236fecd9fd8aaf59de7680afcf90de01e9adeae58c034c25c8ed25b58e82e4fdcdcc2e69d1054dc753425e98cd50644eb74b1b6d62c769b61bf74d41a319eb35878bc837bac60af425c0a36b150655ac82f8e8fd61121790a3bb9389e121ed0fbb061cd593603a763e0b8ecb357b5c453b20239ad2e44ee0ef0e4cb717db95613c3be18aab77c708f5e91af8006e11b6ddebb8b0ef98c06dc3c97d008e058bf3e534582c24a1485f68214cdd88167814802c89d5c07a7453aff1010d6db0b778d9d8fc64b5bf3bb84cb97cef38a4b30a7deee12f0af806833c8c6d35a7f995b414eb0d9a900e3e56afaf2dd0d162063c4dd52bc6ffa56cfece2ed90bc7c9f4276459c9bd128ee40a5aa514de786ec15d04a16adddd64c7613ec9eed738fd36e24fbcbdcd0d3318fab948f47314a5400d71c5ee07a8c1fa17e4a4c08f4a467291cec1e8266342a42646d138331b08498f2dc3fda0374ef736d05c2a363fe08dc71ec799f0256ac9114743f40641ed8d9a039c57cd409bff29bde518657cb305a875cc6c0a58fe9ea3452df3e3802cf316a0c1f477179f6cdcb39c7c9424c07997500989a600887dd9f04c92226df10e9a8301818a5ec2f0b7b06b6d1443dec46f478a9271498b956b72060dd2b3021b004358b -AD: 7eb6a083ff2facc3e9500278352790ccb6f9df67dccf7a03c33a34c6f33c1b4dc4ced2d5f69e5f68e79c582bf0db7751b774019d9399329f1a6692c5c527a646c9bb866e69d4f1ba4e6065cf0c5b09e941c5bb6e96d7edcb19a5cc02411507701b65987dc206ffbfaba4f06cf394976bdde1ac343e368ec1083813417cd0a325aa0e88913958974fcc911478a460b79b9978e33b21064ffdc1fc4df1e314948df71af9a6e0a40907e6b35ec6304bcaada85b456298637b6fa582ef331e2815fef135dcb66870107b2149c5aaa790f7127c0f0819b83bec46c0f6d30edb61b6fdf4f35f4b5345f1c684f41eed8088aa2f1d42c920a06092058e7c225d10fe1e5befb4dc593badee754fa12b843a6e9f67ea0e0616eaca697b22f526fb79a2ec259076971185678aaebc6449ba3bd284230ee621bc02ef1f5ff23651a6116cbb7770ec7385a44f4d54e7cb04aecd59a99660a1021eb6abb5d2cffd76e6e7380c22d0224e499e0c7b69aa0e7dd6deb47b22b1f1fb882dc35eb944a495fc3f6345b08da8f7185c3be95952bd7c982d9c8b2410a1cf1f5164961f6d1db6160d252e631f77b02d4e23dcd655e7e875b9b703fd27c57008184772c73fb5dc626ba43f54cbdc2937de7b4c470235098cb0a3e699baaa8e2adc09f8182ae1f168aa86a790688795003c3598293ca269a944 -CT: ac837bdf77bb97a1bac4cdde49ef8d6c7024f5f25a7bdcf924fa87b0c77ddd66bdb67c9b8798922f5378c0405be67d5da47f7c245c5f7330accaf74d5bec6a8667c911384d9c77e9d3ca38d88bf87deaca62b58d092bbabe64895b944fa9f6bca0aa17a55031fa19ab0c324948816c57f67adf84077b277e71a7db9a6ac537a95e54d3cd4c9517bcdb7e9e1ccc8e7dc252c27c89b9c20c9876ce7c01b17b80a05c6f75006cdd1e081ade6f9353c66f7113613a5f72d82dd28a65efb74d0d1c92793d652edf23bf7c70f6dcfd5d40b2799b60c2a6fb53beb02571c78001381fc97d4a9292a0eb7a4a0a67cdf20b4810aebe5aa4a6d20fc30e2971924a09f106d0b5b7fcf181321b6f8442f91fb7ff3b5610353500b9d6f8a36301e7cb12d94d1aab6ec0f797fdb57232c02d5fb4b2ffc7d0cd2336ff96a4a811cd1aa02248f4a48c7646591507f9e02f8f441cacee92b5bb3cfcb7a5dbb02993d0fb1818e0ec4cb719a6b43d82e15ce576f95912ebeac7a7aa377a50d1190799b00a6da2fe7cd7231c3fecfd4e6913df0b46887ae8412cd2c9de49ad7a4e8f55e7f53239649b566c4940db50e0ba9a915acbdf0ed97905b0c70930d49c5c31cb398fa4f52222d3cdbd9374ae9d7d979991fa50a2cefeee88b3943578f99b9a46e58900378ef22880c862103ab7e0c2066685571b28c3407cfef5bc0c9b176be8dacf6130bbc44389aac32cd0011aaedcb752e16a1f99838030f7364c17441de87d5ec670a25a2b55a77a57f2304233b3d9d1f4c7b145e7e145eb8607f2d9b6159e954f14b02609830fe54ce1a7dab775b49d77a0ed503773c81e3c53f50e0cb676387dec6e506494ea7843fe533aa7f09dd1d4c960dca585a1590035a9c36cc9f821b4a8aaff6548fddce5250efc4211b0ad0ad4dbc3dc5038218e58851da4848f399f8d7938da211484139000dbf8b6c6314312586311ca1d8639fcdbb20b6a6a608c23027eb46938cd6bb869ea2d3b327728f31012de124a9b57dc96d5d98154b98045943a24e4f788e48bbcf0dc20598fb91627f09495c8fd5bce762b1193fdcf9c45174005d589ba6ad971b5d7ee13e1aab89447a14f9d750621184cdf55ef4ac2f7fedd7b8fe89e0fefb4382ea18cc4feb62e9650e9ba5a12f9366584ec774f5aa09793293b558293991de7fd1793bc44341a5b59cdb45095d5b53a4b847512dd2ea621f9778b4c0f33cb7bdbee1061505f08f1f2919cafc5d6e45206cc35e89e1d366b7abfff3da64f6cfc0d0b855bf5d425a85d93ecb01186697f60a7a47870ee2a6a50cdf134a67a51565d28974dbaa9c62ffc960b70fcdadf79dc489741095ef3052df69c55b99c95a44728d30e267a02922c7a6ef2523ec379239a5148eef6 -TAG: 09a43ea9d67cec2b3f35d401141af9a8 - -KEY: 94f159c5d19a22469924c5fbfd198b8add28b37cf7bc3258fb4b906f2ecd672f -NONCE: 4fe1fd1359a4332402251d90 -IN: b2e081fc4457b3387c1033affd15747b79dad1d6d3b69c076d4dc5c209ba1cdd383a5196fc21fbc49fc65c69b85ec299b1daa26a4bd2e5ec2559cb230b21c3bb62e2831830a2b86da2abaa289d98eb04eaf3cf8d583ffc7291c3201df2c09b7d900a4bce0972e390fc980eb67cfe654ba3b9c579f997e319496b57819b36dd2b4484b88ea3cc1ba777b10ecaf526a08afd9e2b3b32b2bc02932af5d09c2ee3fdcfa18d6261808e418c4bb80be4315a5581d405841341bf2775d8d0adc21c10b9ffdc0ea4b22e22f61b46f844d8caeda0aeb7e1c3f84d337898af24fa68d60e2f19ff815713e1587e0d6e68d64cd088ed432c45637e1767913343d899b2f8c01bdb83253219878a5b3a4e6166e02387124e711a56e49da1893b4f72198c6339943262cdfccba33428009dff70a0c8c79af248d081ca04edb2ad4f35ed1819f0846dfade107c7e9f4094c014087c719517d943e524b86047d24aef8b901a7b1ec4e839400b717e758520cfc7a2dbced0ef491eef6aa2695b2ab9a92296b6e75251f124168c36a6555c4a465cf84a7b36f3277859dd5bb0f10f84cbc944b87e37b6b8ff6958bf1f0546839effd30995853c734a11c062414fe841113d0ae62597cd12ef80dbd4dc4f72e065171c8394e45dc6f87c86154e9846c1eb58f560b8c503848eacf05107c445a6a06420e67e2297a9975d23a406f8b8ee46d958d10d8724d90bb26e2b38be1c0e8258de3a09541826486ad28af8f2fa8c7befc95510589baf81a88f3823e87eaa8e40759cf0853547301de1e87b2eeccd76967bb364278174823c1cb1963f34fab537915031cead844dbb1c614eda56e9952b1eb4cb153d06c59c8da3b10af499b1c15ab0f03559fea13b81bd35fa5eb9a5431e12ab87c3c094861154d3d8eda448af7e15017103ad3dc7e9991b10cbe61cb33d2ff90121f4e40bd5d9e9c34b89679b6e1b54e38f00b128093af3e4ca9830a1a4d7a5e9db067c9c51fa26232945fa3e1e31e28c5000e1965cc7aa11a051305e68be9d60fb92f46eb2b701b3f959819f525ebefd5339bebfb64636d680a2a4f32afce85e287f8936bf62676c37ba810754186e30b812b1196e8661e345fb5b09b8dbe5f96e0010c5e3dd0a4e983149f4a058437cd46e3b32ca04c51ae3a4a39a7e15768a8fc379563450c616a5c7d7d98c46c0b934c894727532a9e713d330d294a2753f0f46049c88eed68711e9c49632144d5cb14d76848a6f7741d36c969edecdde52cbfb57a628678d31befa7ae3198343deae760d5c92c31f3c045b3e932e9051cd201d2dae66ca0368b94445d662acd6442c39eb945c8a4b46129a8cf5bbb2b27927729406f9b081695ce148a10226bc345c648fe557b7f8db4604fd0704831e5bdef6694afe716ddc3a8d69ccad4113 -AD: ebe1684346b493db264417cde9c0e48db46aed1984f72903e94b72cc2b2f151fec80b32523f96f61485f026d63734ff80015a1cad4b21ed1ba057627b387eaecdfc6d7a195b7d46e485bc137726d96c4ba51e1656c3f234174759ad922f3493077d65c149d1e871855490b6fa5924f6270cf15920838b66e3250a99ff7a55ecc9944cf3fd204081a61ce05bb989e5abeae4b2f24801e7f2223d5ce05c2b61f32344a0370c22751293bb898061ff50d6364ea0275bece795be21c9dc0b2749ff68a6d15896d4692474bd46fb256d1d012e45e7a58d880fba240ac6b89d2087da1ff7d41df44c768fee5bdf51f36b090bbf85e7ecb69f61312463eb0b4b1a04a153f593f8d43f62ac96f76e13ab5928147c5e63788bba4f076d12eb6dd15842e2c40fc9f1ad5dcb80bd95d9d41222953776b3304badd650afc783b7342196ab551a474579d95f826f53d15b96ac98a10c2c6d50a7b9b947cda9fb8d8d7dc7def72c5283a93112d2b58487a25debc9ca06946bb0a52a1e4ed3bcf0fb8decae49fa6607c55501f01b7441671f08c814023f7d46f4bc596d709d305ce320b1b0160bf35c8f17622c65b8e5c97b3fe7327e8e22384f6c400e551dd438d6d3d0f9ba6101abd1bc2486ba249b4cc83c47982c1210328968f2b28e4a7c4880d598d5b47aca2093965622ba7b4e4062c86d81070ecaad93d5e47ec -CT: c5311b1a6e3d93da070ee0fc2c1007558db64bfdabdc23c832d151472513482314e7d9385918abe772970c7d8b3ae4eb0d12965e6d7f6d01f6c97d06b51d3be812dfb290592578713ed6342a690ac115c29d471826f37f7f7b46936ab9f431cc0e4029579036bc6311574205810fecd3a17ebccd0f15752152276d5169b48b0a4fa93613fde13997517956f84500edd7eac1082ab6b69bf43f56fb9046cefe8425140db5f6bd3bb201b3345b2138c7f42120a3009ccc19e2d95ddb2b4384205d2aecb47c89cb43fab6c353f781caafae280e93dff5bd213640c41cfcd81b9dfd1be05ce21758c5474c38bd24819e5d085241dd54c8d2cbb5b21a616e47c05d4c64c0f397fc16d52d008fe4e83c040a6304c41a448784fb0c54f8a66fb00b240b9d66e8db234d14534dcdd6b3ba78db0403cf0219406ca858fef6bcb259fb69c53c6f964f450bcd12997955d0190ccbb2d9ae6b3562d85dc7de2bf1bd5a8d49651fe5de73243d7f89ac8796387e0a04c74d5834e47afb6b7444df7d27592fbfdeca72428582703ae52aab48c1b587b12fad6c887e451a54ef81481e3d8b4da1e3fc09404a7c209db8c880c40b3fedc579fdf19f956bfb36d5b2d1affa0a3631681084ae4e41e3a0fed84e056bc72b6c0eb1f5449935f7c2d3de07a2a5fb65af65f91d2c1d730edb80b437cba66fea779449b68c557c5f8bc6a2581b6808a98a1acb9e6de414377f5b08fd5cfeb4806e8699e50236dc8100a88f4f55d887caaa6ae8ca09c23019126b62b5c3186b459c39ee397076c825b6e28ab62d8286743f9d07182cfc634eb4512ec3beb04ba81bc20294b16fb6d42301a74fa95f95510155a15eb953eaa51d82fc363c0c63d1cf401a3ccc0c577474f99f7c4f187316fb85e1db38dac1df4b5e7c710be5b5949dbb1925723d042944eac09dbfd74d7e876f5931f619bfba1ea9580bf4e6c2540fd68d5aa9cd21203ba207f0f62e325c1e054271933563063acb4d932eef201bf3312763dddf6992fbd128cb8fc8b7936acbe8712ad398c5a8719b9efbe0927b9f637f323c4bea80901091608ab76e483b5ef666560937705bff96d430e6e17b0b24c755de19bb88aa81077852c92a96e902d538b4e11b78a4b5d1f5669aacdfe5125d806a21c06ccf4980edee24e41b7e17672fed0ace9b19e4d55415d097f0b5874d60dbe311871abaf47220893c398d5595ee16275eecc6d15f39aa5e2181ad1448345406a4c77a34c3fac77b4c506cf393791d69e113270adf0393cad689a07056e388ea3bbd00ee5878e1120c869531a8b4745ca2debc1e008493d17bb3777992cfcaa165188b4801122af5422acfa0a1807a2a35e793ebdd95aa9e025edc065cf9ae85972a5f42da193cd9b653373a6e15d647b8d26207f3230e50bb49 -TAG: e2df8917d70683fb6e6ea67db55367b0 - -KEY: e22480e24a29b2910b227930344f6a00916bb215e57e1f3155fa9437603fabc6 -NONCE: a4c6732e0887f40b5017de54 -IN: e46035c45b6ebf14c5088c5f15f552a4d233de7d3750d7736838a5cd4a7b41df1b71e6c5e6a7dc63519ec43bcb4fc603168352b8b8e261c15e76e73556aaffa32193c1f5641b2eab29497c80eb06543c1b0f1787bc616a4e6618f751dd0a2b28a87fcabf405e97efa91becc8ac1b036a2ca244e13dcbae589f0d6bf8e19bf91caff673f2a80de93a6fd5da1e63516e2760ca12a64c8175071de22b26ce72ff9e15e5c55fb253cae55a3f48c0b507bfd423f66ebdecd0b6227d0e67c4347f2a4819a6825dfc2651e97c1da629e92bed3827a15dec0f0c8743731baef8035fb0a790f49e5b2a7339485df313a9633496fd9e7a9904ec566bf20b8dbc0e3c1e4572411da7835b5eb5cd51313b78a1d6ed96bd9aff2fba37e86d475d95fd7e14c6fe8ab23645b15e7823b7bc9d0a02fbd9a43c05a6c660b6690891c4d055af21b50a5500d72c91695536eb1a3852caceae05803486c64535747df691ebc62e888bce8a5c820569b3d80edb4e29027e737fcdc4f49f6eae43b4bf68a5731fbd09778d6b205bd8b3ab4cf251ff31dd94f2033118ff0c4154c78af27570d12def873fcf4de7ccb6b6cc8924dc63f8104e9a3323ddd32006d8ec3aa530818e299490dfa0a9d811fb3bbb5f624f26dd7d0d7a87a7e7748af5ee4f4bbeb150ea4078b504aadaf92b8f9edfb701c6df7ca615416f61bd770d5fc6675db01394a26f585ffb8f86b254d0e08d0a0f5a499ef1b2bb0216e486229f5deb16d1e95332b8673652a86a6e3fa0e479987b2bdb1909fb772c6836d15cc57d97f29acf335ec1873c1bc6e714b689db855c8ba59289fe792d93774dd83313e3fdf11bfd6a40d6c8b57a5989e844cdf2fb38c239f6116c1c3aafb9356ad4b07ab37f7fb089cd424a8c1f19e5a13f085ec8cd74c3c9f0aefccd6fe5340eb1e419d15285b6b0d3b57a5545f6e28b75bf4795d995a20dc7a618f0f77a174e3eaafe221f8da0cb071473c507054243a7f9eee7d5c77b071602936fd5bc411e9923fc82016cf5345454285e9c1396696e05d984649a2955d7446a1d3966adda11bddbf3dbc11e093c15b7d4fa2a7a0c33fa28dd3242738d7a77775cbeb8176a6e9a4e4e58e03f631a67c3229d57302fe5967c7e3362ff926fd584edc32905a350b390391f7fc3343f22498bd198ad56cc2827926b0c4700cc352bb990876db7c17e2d32b5b0af617554a1f76c32b94cf7728e89bc208f22e986e7d2faef190f820918afa4e08cc46adf0704aab761cbb9791aa12eb31a7785d7716c3f0a46afbe2a44a52e5d0944fbe207ac78d54c407679814cc03d9c9ea28f1e518a10e0cf034d1ffa27b67c9f027d738e0a96a381571bb52afe2e983b34f9159f05d4ac9973d996c4612b7c60407a66925068fd98ba6b7742a219d8bed4ceb720a8541f4cd9eb990384f8f8698515ed3692 -AD: 8eb26d00d61388ca0f06d45cd697e36f11e25f618eaee0562dbba21d10abfd0bbfe232e6efca4947adfa7fc59de529652d11847d3cca84ad147f8905bfd0743be43cd21a9ece92d2d7397f74b1632ec2b1e398565e3f37039f1e147c061b51d59eb31bd16bf830b7824d1ec5e79441e5c5e5131062171467a037c350fd16f58854e3dfd9c1224d26fd600b006d4bcae123a7a9d4e98c47b9e9e3fdbc22abce09b3c24a5a060e371ee70110227c9a8b6049f194dc4f74cc97d01247d76b460774acf7c5d4a8fb4f01888e29ffc517839c234836cf513951435f226e635ff8b02b18225402b026566e951449023fcf7f6bc2285dac1b7dd83028697dac70927db01c22921f6a7a6304052e58c8e87819bbb75de9cbe6239cb1ae8fd4849eb4f48759aed59d5a0ec3108b3131b0b74a4f860e37d02e04b9501e5e3c306cb25820abc50cdfbb05f8e5e2d2b94c58190c5d950f804786fb2ef97eb013f6f049b38fc57561b9cdfce5ae30516050d13d0ad8c1d750b51a552520785a9dd03c68203d91e72e3bab17cd67989bd103532071676718e889b94ee12856547a6d0a6c88c236d7fc7b0d8f222592d00aad4e813f8c738bc10c0b1fbf23bdb2baa56b1047348ed172a15dffd0bab088e2b406f040ef81d3362d0f86d129fde70ffaf87ef3c4554fa43850d1816407b4d5b0459bc622414a2d9cf2809e60e467fde6ecb7f4d9 -CT: 98763c2423882eb5a1e9075920b2245f2243341f6dd2dceae7780aa738fab65c7d86f41dd4a64283752db5e86cecaed0ac1afe966171e94f2c30d63a93ff11343ce15ff3bf464d88a6912fbba42c08e6225cfaa63c6da17a6354a34362fda3d993920050dfb99c84a235726aa4cbd66260b0e5675bfe89078e33e76ef537d2071d5801758c6cf07557c0e8bfe0a49aa6e212d69617d1a22ff15a26ae28f4d724d6b537ed34af62672cc9d48836f284cbc7eaae8cd15b46b8e233c94bf3036713f2679e23e0bd829dde5b3a5d7a2d65193f55a45def3d52830cfb1ce3f8208c1425d8171a053ab076c2377f7c26b37970bc3c937db75181a47467b9735be331a0f30a7f3ae135a533153ecd0a5e0cc1568e303a6ba6065c0dca8162a33df7c5b69542938c88e2141e2aa697c48e72ec0573065e9d9a9945cfd070d45218f646e5cf0c0ba145ed1fc7b7cf96c64e3a4671eb6b51ac8eb79bf0b4abd56fffa2ad8a93c001e2baf0b65e257782d7b7e3a837cbae16d40183a8b629467f77f2c7f8640da57904ab75a642e99fe4b45ba7ee488f889b07ce7a4e74540c3e0e0e67f88d473509295a66e27d4ebda1d4d3313add2555477aebf7fb84edbfdba18afc6f04c4af6a90730518a8ce28c12ab90921c413bb822e63cae113e5254039cdcad2dbfecfd97c183679c6c4691c99ba771b1389384259b966f358f871343b4bc5f9a92d8f27588202ae1269658ed91bae33deec6a6a35b9fbc523cc11cbc15024f4dd386b8f41c3fc7097d717099e722e6243a13bc475d5f2b1b2569f14cae6710c8650bfd78520caeceb035f58adae811c0fe9857c8cec59a01123e5eb2774190943c2cc7d535af77ea1f79cdce94e23de21004c73fb8469c230e25fe245c8a5a6314736166a7fe4e1bb0f91ee8d60daa0e576b9b7c6b5957d4bd8d8b928d36aa46fbdf742dd602f9cda2ed1608255d6dc962cc6d3f270d6a42f5185b38e6f0085f39dd17260f0580b62d49cdb668e3e5f76d47dd1deaba0db5b315ed6deb62e6e4388a74ff21903d7bed3c3e87585675a608668bc031aa83e7546cee77bacf9d3f5cbcf00ca71d6f6c86751a5db0d7f7065324d33458b7fe66e2b63bf9d8b514006d14da70f0d64f171a7bc11b2fa5955b85090701260a13cb52b930681e10e9daf89bdffacb9c13b9b60319e3be0ed29f7b7d4723ac5af888375c9e23bc97d3b189ec778eaefb3e4649d1b1ea96979c8f004064abefdfb3479e924dd974ff6478beb1034124b1cf27fc739872bd24bf257df2068475f0b144e61411481a48739e2691e535b64066acce2e0fee9c239c4015014dd38570b01646bbe97a389a3604312f06bcf7ae288790b73434288ba0c90d7015bc1bbcd5a0fe84564cd6a692df04d53716bb96d769074d758bf1199f716cfe5c4c542f9852435fc9675a80b4d -TAG: 9f62d794a54433e79c71a5a5cc8d282e - -# Counter wrapping tests -KEY: 0000000000000000000000000000000000000000000000000000000000000000 -NONCE: 000000000000000000000000 -IN: 000000000000000000000000000000004db923dc793ee6497c76dcc03a98e108 -AD: -CT: f3f80f2cf0cb2dd9c5984fcda908456cc537703b5ba70324a6793a7bf218d3ea -TAG: ffffffff000000000000000000000000 - -KEY: 0000000000000000000000000000000000000000000000000000000000000000 -NONCE: 000000000000000000000000 -IN: eb3640277c7ffd1303c7a542d02d3e4c0000000000000000 -AD: -CT: 18ce4f0b8cb4d0cac65fea8f79257b20888e53e72299e56d -TAG: ffffffff000000000000000000000000 From 9cc0d45f4d8521f467bb3a621e74b1535e118188 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Mon, 1 Feb 2021 11:15:42 -0800 Subject: [PATCH 393/399] 0.16.20. --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 89b10cd939..c9daac82e5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,7 @@ license-file = "LICENSE" name = "ring" readme = "doc/link-to-readme.md" repository = "https://github.com/briansmith/ring" -version = "0.16.19" +version = "0.16.20" # Prevent multiple versions of *ring* from being linked into the same program. links = "ring-asm" From 9b5eaee8239c2c74ad4bed73ff631d7b9ce7fb69 Mon Sep 17 00:00:00 2001 From: jugeeya Date: Fri, 10 Sep 2021 18:55:54 +0000 Subject: [PATCH 394/399] test --- Cargo.toml | 3 +++ build.rs | 4 ++-- src/rand.rs | 16 ++++++++++++++++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index c9daac82e5..d988abc99a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -325,6 +325,9 @@ wasm-bindgen-test = { version = "0.3.18", default-features = false } [target.'cfg(any(unix, windows))'.dev-dependencies] libc = { version = "0.2.80", default-features = false } +[target.'cfg(target_os = "switch")'.dependencies] +nnsdk = "0.1" + # Keep this in sync with `[dependencies]` in pregenerate_asm/Cargo.toml. [build-dependencies] cc = { version = "1.0.62", default-features = false } diff --git a/build.rs b/build.rs index a5a8e1995d..706ccce910 100644 --- a/build.rs +++ b/build.rs @@ -476,7 +476,7 @@ fn build_library( // Handled below. let _ = c.cargo_metadata(false); - c.compile( + c.compiler("aarch64-none-elf-gcc").compile( lib_path .file_name() .and_then(|f| f.to_str()) @@ -608,7 +608,7 @@ fn cc( let _ = c.flag("-U_FORTIFY_SOURCE"); } - let mut c = c.get_compiler().to_command(); + let mut c = c.compiler("aarch64-none-elf-gcc").get_compiler().to_command(); let _ = c .arg("-c") .arg(format!( diff --git a/src/rand.rs b/src/rand.rs index 9d1864fa14..a6667e0f1d 100644 --- a/src/rand.rs +++ b/src/rand.rs @@ -431,3 +431,19 @@ mod fuchsia { fn zx_cprng_draw(buffer: *mut u8, length: usize); } } + +#[cfg(target_os = "switch")] +use self::switch::fill as fill_impl; + +#[cfg(target_os = "switch")] +mod switch { + use crate::error; + + pub fn fill(dest: &mut [u8]) -> Result<(), error::Unspecified> { + // Prevent overflow of u32 + for chunk in dest.chunks_mut(u32::max_value() as usize) { + unsafe { nnsdk::os::GenerateRandomBytes(chunk.as_mut_ptr() as _, chunk.len() as _); } + } + Ok(()) + } +} \ No newline at end of file From 63e3fb6e04d50fe6c0b8dc7e4f2c6f75adc2894a Mon Sep 17 00:00:00 2001 From: jugeeya Date: Mon, 13 Sep 2021 00:18:14 -0700 Subject: [PATCH 395/399] Update Cargo.toml --- Cargo.toml | 3 --- 1 file changed, 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 183939ecf0..d988abc99a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -328,9 +328,6 @@ libc = { version = "0.2.80", default-features = false } [target.'cfg(target_os = "switch")'.dependencies] nnsdk = "0.1" -[target.'cfg(target_os = "switch")'.dependencies] -nnsdk = "0.1" - # Keep this in sync with `[dependencies]` in pregenerate_asm/Cargo.toml. [build-dependencies] cc = { version = "1.0.62", default-features = false } From d435dc8bc7e635ee439b0d59899e700de987394a Mon Sep 17 00:00:00 2001 From: jugeeya Date: Mon, 13 Sep 2021 00:18:58 -0700 Subject: [PATCH 396/399] Update rand.rs --- src/rand.rs | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/rand.rs b/src/rand.rs index 297b5ac64d..467f822e2f 100644 --- a/src/rand.rs +++ b/src/rand.rs @@ -195,9 +195,6 @@ use self::darwin::fill as fill_impl; #[cfg(any(target_os = "fuchsia"))] use self::fuchsia::fill as fill_impl; -#[cfg(target_os = "switch")] -use self::switch::fill as fill_impl; - #[cfg(any(target_os = "android", target_os = "linux"))] mod sysrand_chunk { use crate::{c, error}; @@ -438,6 +435,7 @@ mod fuchsia { #[cfg(target_os = "switch")] use self::switch::fill as fill_impl; +#[cfg(target_os = "switch")] mod switch { use crate::error; @@ -448,4 +446,4 @@ mod switch { } Ok(()) } -} \ No newline at end of file +} From 5c51d6da73af5fef1fa9988926f2f9773de36e6b Mon Sep 17 00:00:00 2001 From: jugeeya Date: Tue, 14 Sep 2021 10:39:46 -0700 Subject: [PATCH 397/399] Update build.rs --- build.rs | 62 +++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 43 insertions(+), 19 deletions(-) diff --git a/build.rs b/build.rs index 4138ca851f..1739e66da5 100644 --- a/build.rs +++ b/build.rs @@ -476,15 +476,26 @@ fn build_library( // Handled below. let _ = c.cargo_metadata(false); - c - .compiler("aarch64-none-elf-gcc") - .compile( - lib_path - .file_name() - .and_then(|f| f.to_str() - ) - .expect("No filename"), - ); + if env::var("CARGO_CFG_TARGET_OS").unwrap() == "switch" { + c + .compiler("aarch64-none-elf-gcc") + .compile( + lib_path + .file_name() + .and_then(|f| f.to_str() + ) + .expect("No filename"), + ); + } else { + c + .compile( + lib_path + .file_name() + .and_then(|f| f.to_str() + ) + .expect("No filename"), + ); + } } // Link the library. This works even when the library doesn't need to be @@ -611,16 +622,29 @@ fn cc( let _ = c.flag("-U_FORTIFY_SOURCE"); } - let mut c = c.compiler("aarch64-none-elf-gcc").get_compiler().to_command(); - let _ = c - .arg("-c") - .arg(format!( - "{}{}", - target.obj_opt, - out_dir.to_str().expect("Invalid path") - )) - .arg(file); - c + if env::var("CARGO_CFG_TARGET_OS").unwrap() == "switch" { + let mut c = c.compiler("aarch64-none-elf-gcc").get_compiler().to_command(); + let _ = c + .arg("-c") + .arg(format!( + "{}{}", + target.obj_opt, + out_dir.to_str().expect("Invalid path") + )) + .arg(file); + c + } else { + let mut c = c.get_compiler().to_command(); + let _ = c + .arg("-c") + .arg(format!( + "{}{}", + target.obj_opt, + out_dir.to_str().expect("Invalid path") + )) + .arg(file); + c + } } fn nasm(file: &Path, arch: &str, out_file: &Path) -> Command { From f566f0c5ec41e62fd6c4f304bcb5f20225908100 Mon Sep 17 00:00:00 2001 From: jugeeya Date: Tue, 14 Sep 2021 10:45:25 -0700 Subject: [PATCH 398/399] Update build.rs --- build.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.rs b/build.rs index 1739e66da5..96e30c6cc5 100644 --- a/build.rs +++ b/build.rs @@ -476,7 +476,7 @@ fn build_library( // Handled below. let _ = c.cargo_metadata(false); - if env::var("CARGO_CFG_TARGET_OS").unwrap() == "switch" { + if std::env::var("CARGO_CFG_TARGET_OS").unwrap() == "switch" { c .compiler("aarch64-none-elf-gcc") .compile( @@ -622,7 +622,7 @@ fn cc( let _ = c.flag("-U_FORTIFY_SOURCE"); } - if env::var("CARGO_CFG_TARGET_OS").unwrap() == "switch" { + if std::env::var("CARGO_CFG_TARGET_OS").unwrap() == "switch" { let mut c = c.compiler("aarch64-none-elf-gcc").get_compiler().to_command(); let _ = c .arg("-c") From 59cb1fbabfe4e723ba63f9368ccd10e347969641 Mon Sep 17 00:00:00 2001 From: Raytwo Date: Thu, 1 Sep 2022 02:30:59 +0200 Subject: [PATCH 399/399] Update Cargo.toml --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index d988abc99a..a5f1e83417 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -326,7 +326,7 @@ wasm-bindgen-test = { version = "0.3.18", default-features = false } libc = { version = "0.2.80", default-features = false } [target.'cfg(target_os = "switch")'.dependencies] -nnsdk = "0.1" +nnsdk = "0.2" # Keep this in sync with `[dependencies]` in pregenerate_asm/Cargo.toml. [build-dependencies]